1 /*
2 * Copyright (C) 2009 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define LOG_TAG "PermissionCache"
18
19 #include <stdint.h>
20 #include <utils/Log.h>
21 #include <binder/IPCThreadState.h>
22 #include <binder/IServiceManager.h>
23 #include <binder/PermissionCache.h>
24 #include <utils/String8.h>
25
26 namespace android {
27
28 // ----------------------------------------------------------------------------
29
ANDROID_SINGLETON_STATIC_INSTANCE(PermissionCache)30 ANDROID_SINGLETON_STATIC_INSTANCE(PermissionCache)
31
32 // ----------------------------------------------------------------------------
33
34 PermissionCache::PermissionCache() {
35 }
36
check(bool * granted,const String16 & permission,uid_t uid) const37 status_t PermissionCache::check(bool* granted,
38 const String16& permission, uid_t uid) const {
39 Mutex::Autolock _l(mLock);
40 Entry e;
41 e.name = permission;
42 e.uid = uid;
43 ssize_t index = mCache.indexOf(e);
44 if (index >= 0) {
45 *granted = mCache.itemAt(index).granted;
46 return NO_ERROR;
47 }
48 return NAME_NOT_FOUND;
49 }
50
cache(const String16 & permission,uid_t uid,bool granted)51 void PermissionCache::cache(const String16& permission,
52 uid_t uid, bool granted) {
53 Mutex::Autolock _l(mLock);
54 Entry e;
55 ssize_t index = mPermissionNamesPool.indexOf(permission);
56 if (index > 0) {
57 e.name = mPermissionNamesPool.itemAt(index);
58 } else {
59 mPermissionNamesPool.add(permission);
60 e.name = permission;
61 }
62 // note, we don't need to store the pid, which is not actually used in
63 // permission checks
64 e.uid = uid;
65 e.granted = granted;
66 index = mCache.indexOf(e);
67 if (index < 0) {
68 mCache.add(e);
69 }
70 }
71
purge()72 void PermissionCache::purge() {
73 Mutex::Autolock _l(mLock);
74 mCache.clear();
75 }
76
checkCallingPermission(const String16 & permission)77 bool PermissionCache::checkCallingPermission(const String16& permission) {
78 return PermissionCache::checkCallingPermission(permission, nullptr, nullptr);
79 }
80
checkCallingPermission(const String16 & permission,int32_t * outPid,int32_t * outUid)81 bool PermissionCache::checkCallingPermission(
82 const String16& permission, int32_t* outPid, int32_t* outUid) {
83 IPCThreadState* ipcState = IPCThreadState::self();
84 pid_t pid = ipcState->getCallingPid();
85 uid_t uid = ipcState->getCallingUid();
86 if (outPid) *outPid = pid;
87 if (outUid) *outUid = uid;
88 return PermissionCache::checkPermission(permission, pid, uid);
89 }
90
checkPermission(const String16 & permission,pid_t pid,uid_t uid)91 bool PermissionCache::checkPermission(
92 const String16& permission, pid_t pid, uid_t uid) {
93 if ((uid == 0) || (pid == getpid())) {
94 // root and ourselves is always okay
95 return true;
96 }
97
98 PermissionCache& pc(PermissionCache::getInstance());
99 bool granted = false;
100 if (pc.check(&granted, permission, uid) != NO_ERROR) {
101 nsecs_t t = -systemTime();
102 granted = android::checkPermission(permission, pid, uid);
103 t += systemTime();
104 ALOGD("checking %s for uid=%d => %s (%d us)",
105 String8(permission).string(), uid,
106 granted?"granted":"denied", (int)ns2us(t));
107 pc.cache(permission, uid, granted);
108 }
109 return granted;
110 }
111
purgeCache()112 void PermissionCache::purgeCache() {
113 PermissionCache& pc(PermissionCache::getInstance());
114 pc.purge();
115 }
116
117 // ---------------------------------------------------------------------------
118 } // namespace android
119