99b49840d3
This is intended to absorb the cost of the IPC to the permission controller. Cached permission checks cost about 3us, while full blown ones are two orders of magnitude slower. CAVEAT: PermissionCache can only handle system permissions safely for now, because the cache is not purged upon global permission changes. Change-Id: I8b8a5e71e191e3c01e8f792f253c379190eee62e
80 lines
2.4 KiB
C++
80 lines
2.4 KiB
C++
/*
|
|
* Copyright (C) 2009 The Android Open Source Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#ifndef BINDER_PERMISSION_H
|
|
#define BINDER_PERMISSION_H
|
|
|
|
#include <stdint.h>
|
|
#include <unistd.h>
|
|
|
|
#include <utils/String16.h>
|
|
#include <utils/Singleton.h>
|
|
|
|
namespace android {
|
|
// ---------------------------------------------------------------------------
|
|
|
|
/*
|
|
* PermissionCache caches permission checks for a given uid.
|
|
*
|
|
* Currently the cache is not updated when there is a permission change,
|
|
* for instance when an application is uninstalled.
|
|
*
|
|
* IMPORTANT: for the reason stated above, only system permissions are safe
|
|
* to cache. This restriction may be lifted at a later time.
|
|
*
|
|
*/
|
|
|
|
class PermissionCache : Singleton<PermissionCache> {
|
|
struct Entry {
|
|
String16 name;
|
|
uid_t uid;
|
|
bool granted;
|
|
inline bool operator < (const Entry& e) const {
|
|
return (uid == e.uid) ? (name < e.name) : (uid < e.uid);
|
|
}
|
|
};
|
|
mutable Mutex mLock;
|
|
// we pool all the permission names we see, as many permissions checks
|
|
// will have identical names
|
|
SortedVector< String16 > mPermissionNamesPool;
|
|
// this is our cache per say. it stores pooled names.
|
|
SortedVector< Entry > mCache;
|
|
|
|
// free the whole cache, but keep the permission name pool
|
|
void purge();
|
|
|
|
status_t check(bool* granted,
|
|
const String16& permission, uid_t uid) const;
|
|
|
|
void cache(const String16& permission, uid_t uid, bool granted);
|
|
|
|
public:
|
|
PermissionCache();
|
|
|
|
static bool checkCallingPermission(const String16& permission);
|
|
|
|
static bool checkCallingPermission(const String16& permission,
|
|
int32_t* outPid, int32_t* outUid);
|
|
|
|
static bool checkPermission(const String16& permission,
|
|
pid_t pid, uid_t uid);
|
|
};
|
|
|
|
// ---------------------------------------------------------------------------
|
|
}; // namespace android
|
|
|
|
#endif /* BINDER_PERMISSION_H */
|