diff options
Diffstat (limited to 'include/kdbinder/binder/PermissionCache.h')
| -rw-r--r-- | include/kdbinder/binder/PermissionCache.h | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/include/kdbinder/binder/PermissionCache.h b/include/kdbinder/binder/PermissionCache.h new file mode 100644 index 0000000..ad6c1f0 --- /dev/null +++ b/include/kdbinder/binder/PermissionCache.h @@ -0,0 +1,77 @@ +/* + * Copyright (C) 2015 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef INCLUDE_KDBINDER_BINDER_PERMISSIONCACHE_H_ +#define INCLUDE_KDBINDER_BINDER_PERMISSIONCACHE_H_ + +#include <stdint.h> +#include <unistd.h> + +#include <utils/String16.h> +#include <utils/Singleton.h> +#include <utils/SortedVector.h> + +namespace android { + +/* + * PermissionCache caches permission checks for a given uid. + * + * Currently the cache is not updated when there is a permission change, + * for instance when an application is uninstalled. + * + * IMPORTANT: for the reason stated above, only system permissions are safe + * to cache. This restriction may be lifted at a later time. + * + */ + +class PermissionCache : Singleton<PermissionCache> { + struct Entry { + String16 name; + uid_t uid; + bool granted; + inline bool operator < (const Entry& e) const { + return (uid == e.uid) ? (name < e.name) : (uid < e.uid); + } + }; + + mutable Mutex mLock; + // we pool all the permission names we see, as many permissions checks + // will have identical names + SortedVector< String16 > mPermissionNamesPool; + // this is our cache per say. it stores pooled names. + SortedVector< Entry > mCache; + + // free the whole cache, but keep the permission name pool + void purge(); + + status_t check(bool* granted, const String16& permission, uid_t uid) const; + + void cache(const String16& permission, uid_t uid, bool granted); + + public: + PermissionCache(); + + static bool checkCallingPermission(const String16& permission); + + static bool checkCallingPermission(const String16& permission, + int32_t* outPid, int32_t* outUid); + + static bool checkPermission(const String16& permission, pid_t pid, uid_t uid); +}; + +} // namespace android + +#endif // INCLUDE_KDBINDER_BINDER_PERMISSIONCACHE_H_ |