Loading libs/binder/Android.bp +1 −0 Original line number Diff line number Diff line Loading @@ -63,6 +63,7 @@ cc_library { "MemoryHeapBase.cpp", "Parcel.cpp", "PermissionCache.cpp", "PermissionController.cpp", "PersistableBundle.cpp", "ProcessInfoService.cpp", "ProcessState.cpp", Loading libs/binder/IPermissionController.cpp +22 −0 Original line number Diff line number Diff line Loading @@ -78,6 +78,18 @@ public: if (reply.readExceptionCode() != 0) return false; return reply.readInt32() != 0; } virtual int getPackageUid(const String16& package, int flags) { Parcel data, reply; data.writeInterfaceToken(IPermissionController::getInterfaceDescriptor()); data.writeString16(package); data.writeInt32(flags); remote()->transact(GET_PACKAGE_UID_TRANSACTION, data, &reply); // fail on exception if (reply.readExceptionCode() != 0) return false; return reply.readInt32(); } }; IMPLEMENT_META_INTERFACE(PermissionController, "android.os.IPermissionController"); Loading Loading @@ -122,6 +134,16 @@ status_t BnPermissionController::onTransact( return NO_ERROR; } break; case GET_PACKAGE_UID_TRANSACTION: { CHECK_INTERFACE(IPermissionController, data, reply); String16 package = data.readString16(); int flags = data.readInt32(); const int uid = getPackageUid(package, flags); reply->writeNoException(); reply->writeInt32(uid); return NO_ERROR; } break; default: return BBinder::onTransact(code, data, reply, flags); } Loading libs/binder/PermissionController.cpp 0 → 100644 +82 −0 Original line number Diff line number Diff line /* * Copyright (C) 2018 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include <mutex> #include <binder/PermissionController.h> #include <binder/Binder.h> #include <binder/IServiceManager.h> #include <utils/SystemClock.h> namespace android { PermissionController::PermissionController() { } sp<IPermissionController> PermissionController::getService() { std::lock_guard<Mutex> scoped_lock(mLock); int64_t startTime = 0; sp<IPermissionController> service = mService; while (service == nullptr || !IInterface::asBinder(service)->isBinderAlive()) { sp<IBinder> binder = defaultServiceManager()->checkService(String16("permission")); if (binder == nullptr) { // Wait for the activity service to come back... if (startTime == 0) { startTime = uptimeMillis(); ALOGI("Waiting for permission service"); } else if ((uptimeMillis() - startTime) > 10000) { ALOGW("Waiting too long for permission service, giving up"); service = NULL; break; } sleep(1); } else { service = interface_cast<IPermissionController>(binder); mService = service; } } return service; } bool PermissionController::checkPermission(const String16& permission, int32_t pid, int32_t uid) { sp<IPermissionController> service = getService(); return service != NULL ? service->checkPermission(permission, pid, uid) : false; } void PermissionController::getPackagesForUid(const uid_t uid, Vector<String16> &packages) { sp<IPermissionController> service = getService(); if (service != nullptr) { service->getPackagesForUid(uid, packages); } } bool PermissionController::isRuntimePermission(const String16& permission) { sp<IPermissionController> service = getService(); return service != nullptr ? service->isRuntimePermission(permission) : false; } int PermissionController::getPackageUid(const String16& package, int flags) { sp<IPermissionController> service = getService(); return service != nullptr ? service->getPackageUid(package, flags) : -1; } }; // namespace android libs/binder/include/binder/IPermissionController.h +4 −1 Original line number Diff line number Diff line Loading @@ -36,10 +36,13 @@ public: virtual bool isRuntimePermission(const String16& permission) = 0; virtual int getPackageUid(const String16& package, int flags) = 0; enum { CHECK_PERMISSION_TRANSACTION = IBinder::FIRST_CALL_TRANSACTION, GET_PACKAGES_FOR_UID_TRANSACTION = IBinder::FIRST_CALL_TRANSACTION + 1, IS_RUNTIME_PERMISSION_TRANSACTION = IBinder::FIRST_CALL_TRANSACTION + 2 IS_RUNTIME_PERMISSION_TRANSACTION = IBinder::FIRST_CALL_TRANSACTION + 2, GET_PACKAGE_UID_TRANSACTION = IBinder::FIRST_CALL_TRANSACTION + 3 }; }; Loading libs/binder/include/binder/PermissionController.h 0 → 100644 +55 −0 Original line number Diff line number Diff line /* * Copyright (C) 2018 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #ifndef ANDROID_PERMISSION_CONTROLLER_H #define ANDROID_PERMISSION_CONTROLLER_H #include <binder/IPermissionController.h> #include <utils/threads.h> // --------------------------------------------------------------------------- namespace android { class PermissionController { public: enum { MATCH_SYSTEM_ONLY = 1<<16, MATCH_UNINSTALLED_PACKAGES = 1<<13, MATCH_FACTORY_ONLY = 1<<21, MATCH_INSTANT = 1<<23 }; PermissionController(); bool checkPermission(const String16& permission, int32_t pid, int32_t uid); void getPackagesForUid(const uid_t uid, Vector<String16>& packages); bool isRuntimePermission(const String16& permission); int getPackageUid(const String16& package, int flags); private: Mutex mLock; sp<IPermissionController> mService; sp<IPermissionController> getService(); }; }; // namespace android // --------------------------------------------------------------------------- #endif // ANDROID_PERMISSION_CONTROLLER_H Loading
libs/binder/Android.bp +1 −0 Original line number Diff line number Diff line Loading @@ -63,6 +63,7 @@ cc_library { "MemoryHeapBase.cpp", "Parcel.cpp", "PermissionCache.cpp", "PermissionController.cpp", "PersistableBundle.cpp", "ProcessInfoService.cpp", "ProcessState.cpp", Loading
libs/binder/IPermissionController.cpp +22 −0 Original line number Diff line number Diff line Loading @@ -78,6 +78,18 @@ public: if (reply.readExceptionCode() != 0) return false; return reply.readInt32() != 0; } virtual int getPackageUid(const String16& package, int flags) { Parcel data, reply; data.writeInterfaceToken(IPermissionController::getInterfaceDescriptor()); data.writeString16(package); data.writeInt32(flags); remote()->transact(GET_PACKAGE_UID_TRANSACTION, data, &reply); // fail on exception if (reply.readExceptionCode() != 0) return false; return reply.readInt32(); } }; IMPLEMENT_META_INTERFACE(PermissionController, "android.os.IPermissionController"); Loading Loading @@ -122,6 +134,16 @@ status_t BnPermissionController::onTransact( return NO_ERROR; } break; case GET_PACKAGE_UID_TRANSACTION: { CHECK_INTERFACE(IPermissionController, data, reply); String16 package = data.readString16(); int flags = data.readInt32(); const int uid = getPackageUid(package, flags); reply->writeNoException(); reply->writeInt32(uid); return NO_ERROR; } break; default: return BBinder::onTransact(code, data, reply, flags); } Loading
libs/binder/PermissionController.cpp 0 → 100644 +82 −0 Original line number Diff line number Diff line /* * Copyright (C) 2018 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include <mutex> #include <binder/PermissionController.h> #include <binder/Binder.h> #include <binder/IServiceManager.h> #include <utils/SystemClock.h> namespace android { PermissionController::PermissionController() { } sp<IPermissionController> PermissionController::getService() { std::lock_guard<Mutex> scoped_lock(mLock); int64_t startTime = 0; sp<IPermissionController> service = mService; while (service == nullptr || !IInterface::asBinder(service)->isBinderAlive()) { sp<IBinder> binder = defaultServiceManager()->checkService(String16("permission")); if (binder == nullptr) { // Wait for the activity service to come back... if (startTime == 0) { startTime = uptimeMillis(); ALOGI("Waiting for permission service"); } else if ((uptimeMillis() - startTime) > 10000) { ALOGW("Waiting too long for permission service, giving up"); service = NULL; break; } sleep(1); } else { service = interface_cast<IPermissionController>(binder); mService = service; } } return service; } bool PermissionController::checkPermission(const String16& permission, int32_t pid, int32_t uid) { sp<IPermissionController> service = getService(); return service != NULL ? service->checkPermission(permission, pid, uid) : false; } void PermissionController::getPackagesForUid(const uid_t uid, Vector<String16> &packages) { sp<IPermissionController> service = getService(); if (service != nullptr) { service->getPackagesForUid(uid, packages); } } bool PermissionController::isRuntimePermission(const String16& permission) { sp<IPermissionController> service = getService(); return service != nullptr ? service->isRuntimePermission(permission) : false; } int PermissionController::getPackageUid(const String16& package, int flags) { sp<IPermissionController> service = getService(); return service != nullptr ? service->getPackageUid(package, flags) : -1; } }; // namespace android
libs/binder/include/binder/IPermissionController.h +4 −1 Original line number Diff line number Diff line Loading @@ -36,10 +36,13 @@ public: virtual bool isRuntimePermission(const String16& permission) = 0; virtual int getPackageUid(const String16& package, int flags) = 0; enum { CHECK_PERMISSION_TRANSACTION = IBinder::FIRST_CALL_TRANSACTION, GET_PACKAGES_FOR_UID_TRANSACTION = IBinder::FIRST_CALL_TRANSACTION + 1, IS_RUNTIME_PERMISSION_TRANSACTION = IBinder::FIRST_CALL_TRANSACTION + 2 IS_RUNTIME_PERMISSION_TRANSACTION = IBinder::FIRST_CALL_TRANSACTION + 2, GET_PACKAGE_UID_TRANSACTION = IBinder::FIRST_CALL_TRANSACTION + 3 }; }; Loading
libs/binder/include/binder/PermissionController.h 0 → 100644 +55 −0 Original line number Diff line number Diff line /* * Copyright (C) 2018 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #ifndef ANDROID_PERMISSION_CONTROLLER_H #define ANDROID_PERMISSION_CONTROLLER_H #include <binder/IPermissionController.h> #include <utils/threads.h> // --------------------------------------------------------------------------- namespace android { class PermissionController { public: enum { MATCH_SYSTEM_ONLY = 1<<16, MATCH_UNINSTALLED_PACKAGES = 1<<13, MATCH_FACTORY_ONLY = 1<<21, MATCH_INSTANT = 1<<23 }; PermissionController(); bool checkPermission(const String16& permission, int32_t pid, int32_t uid); void getPackagesForUid(const uid_t uid, Vector<String16>& packages); bool isRuntimePermission(const String16& permission); int getPackageUid(const String16& package, int flags); private: Mutex mLock; sp<IPermissionController> mService; sp<IPermissionController> getService(); }; }; // namespace android // --------------------------------------------------------------------------- #endif // ANDROID_PERMISSION_CONTROLLER_H
