Add permission helpers for native Binder

        "com_android_bluetooth_pan.cpp",

        "com_android_bluetooth_gatt.cpp",

        "com_android_bluetooth_sdp.cpp",

        "IUserManager.cc",

        "permission_helpers.cc",

    ],

    header_libs: ["libbluetooth_headers"],

    include_dirs: [

    ],

    shared_libs: [

        "libandroid_runtime",

        "libbinder",

        "libchrome",

        "libnativehelper",

        "liblog",

    ],

    static_libs: [

        "libbluetooth-types",

        "libutils",

    ],

    cflags: [

        "-Wall",

/*

 * Copyright (C) 2015 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

#define LOG_TAG "IUserManager"

#include <binder/Parcel.h>

#include <stdint.h>

#include <sys/types.h>

#include <utils/Log.h>

#include "IUserManager.h"

namespace android {

class BpUserManager : public BpInterface<IUserManager> {

 public:

  explicit BpUserManager(const sp<IBinder>& impl)

      : BpInterface<IUserManager>(impl) {}

  virtual int32_t getCredentialOwnerProfile(int32_t user_id) {

    Parcel data, reply;

    data.writeInterfaceToken(IUserManager::getInterfaceDescriptor());

    data.writeInt32(user_id);

    status_t rc =

        remote()->transact(GET_CREDENTIAL_OWNER_PROFILE, data, &reply, 0);

    if (rc != NO_ERROR) {

      ALOGE("%s: failed (%d)\n", __func__, rc);

      return -1;

    }

    int32_t exception = reply.readExceptionCode();

    if (exception != 0) {

      ALOGE("%s: got exception (%d)\n", __func__, exception);

      return -1;

    }

    return reply.readInt32();

  }

};

IMPLEMENT_META_INTERFACE(UserManager, "android.os.IUserManager");

};  // namespace android

/*

 * Copyright (C) 2015 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

#ifndef IUSERMANAGER_H_

#define IUSERMANAGER_H_

#include <binder/IInterface.h>

#include <binder/Parcel.h>

#include <inttypes.h>

#include <utils/Errors.h>

#include <utils/Vector.h>

namespace android {

/*

 * Communication channel to UserManager

 */

class IUserManager : public IInterface {

 public:

  // must be kept in sync with IUserManager.aidl

  enum {

    GET_CREDENTIAL_OWNER_PROFILE = IBinder::FIRST_CALL_TRANSACTION + 0,

  };

  virtual int32_t getCredentialOwnerProfile(int32_t user_id) = 0;

  DECLARE_META_INTERFACE(UserManager);

};

};  // namespace android

#endif  // IUSERMANAGER_H_

#include "android_runtime/Log.h"

#include "com_android_bluetooth.h"

#include "hardware/bt_sock.h"

#include "permission_helpers.h"

#include "utils/Log.h"

#include "utils/misc.h"

  return socket_fd;

}

static void setSystemUiUidNative(JNIEnv* env, jobject obj, jint uid) {

  android::bluetooth::systemUiUid = uid;

}

static void setForegroundUserIdNative(JNIEnv* env, jclass clazz, jint id) {

  android::bluetooth::foregroundUserId = id;

}

static int readEnergyInfo() {

  ALOGV("%s", __func__);

    {"connectSocketNative", "([BI[BIII)I", (void*)connectSocketNative},

    {"createSocketChannelNative", "(ILjava/lang/String;[BIII)I",

     (void*)createSocketChannelNative},

    {"setSystemUiUidNative", "(I)V", (void*)setSystemUiUidNative},

    {"setForegroundUserIdNative", "(I)V", (void*)setForegroundUserIdNative},

    {"alarmFiredNative", "()V", (void*)alarmFiredNative},

    {"readEnergyInfo", "()I", (void*)readEnergyInfo},

    {"dumpNative", "(Ljava/io/FileDescriptor;[Ljava/lang/String;)V",

/*

 * Copyright 2017 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

#include "permission_helpers.h"

#include <base/logging.h>

#include <base/strings/stringprintf.h>

#include <binder/IPCThreadState.h>

#include <binder/IServiceManager.h>

#include <pwd.h>

#include <sys/types.h>

#include "IUserManager.h"

using ::android::binder::Status;

namespace android {

namespace bluetooth {

uid_t foregroundUserId;

uid_t systemUiUid;

static uid_t SYSTEM_UID = 1000;

constexpr int PER_USER_RANGE = 100000;

Status checkPermission(const char* permission) {

  int32_t pid;

  int32_t uid;

  if (android::checkCallingPermission(String16(permission), &pid, &uid)) {

    return Status::ok();

  }

  auto err = ::base::StringPrintf("UID %d / PID %d lacks permission %s", uid,

                                  pid, permission);

  return Status::fromExceptionCode(Status::EX_SECURITY, String8(err.c_str()));

}

bool isCallerActiveUser() {

  IPCThreadState* ipcState = IPCThreadState::self();

  uid_t callingUid = ipcState->getCallingUid();

  uid_t callingUser = callingUid / PER_USER_RANGE;

  if (!callingUid) return true;  // It's a local call

  return (foregroundUserId == callingUser) || (systemUiUid == callingUid) ||

         (SYSTEM_UID == callingUid);

}

bool isCallerActiveUserOrManagedProfile() {

  IPCThreadState* ipcState = IPCThreadState::self();

  uid_t callingUid = ipcState->getCallingUid();

  uid_t callingUser = callingUid / PER_USER_RANGE;

  // if (!callingUid) return true;  // It's a local call

  uid_t parentUser = callingUser;

  sp<IServiceManager> sm = defaultServiceManager();

  sp<IBinder> binder = sm->getService(String16("users"));

  sp<IUserManager> um = interface_cast<IUserManager>(binder);

  if (um != NULL) {

    // Must use Bluetooth process identity when making call to get parent user

    int64_t ident = ipcState->clearCallingIdentity();

    parentUser = um->getCredentialOwnerProfile(callingUser);

    ipcState->restoreCallingIdentity(ident);

  }

  return (foregroundUserId == callingUser) ||

         (foregroundUserId == parentUser) || (systemUiUid == callingUid) ||

         (SYSTEM_UID == callingUid);

}

}  // namespace bluetooth

}  // namespace android