diff options
Diffstat (limited to 'include/binder')
| -rw-r--r-- | include/binder/IMemory.h | 1 | ||||
| -rw-r--r-- | include/binder/MemoryHeapBase.h | 14 | ||||
| -rw-r--r-- | include/binder/Permission.h | 68 | ||||
| -rw-r--r-- | include/binder/PermissionCache.h | 79 | ||||
| -rw-r--r-- | include/binder/ProcessState.h | 4 |
5 files changed, 88 insertions, 78 deletions
diff --git a/include/binder/IMemory.h b/include/binder/IMemory.h index 74d2cc7..2d0db00 100644 --- a/include/binder/IMemory.h +++ b/include/binder/IMemory.h @@ -43,6 +43,7 @@ public: virtual void* getBase() const = 0; virtual size_t getSize() const = 0; virtual uint32_t getFlags() const = 0; + virtual uint32_t getOffset() const = 0; // these are there just for backward source compatibility int32_t heapID() const { return getHeapID(); } diff --git a/include/binder/MemoryHeapBase.h b/include/binder/MemoryHeapBase.h index 2f2e31b..bbbda9c 100644 --- a/include/binder/MemoryHeapBase.h +++ b/include/binder/MemoryHeapBase.h @@ -27,7 +27,7 @@ namespace android { // --------------------------------------------------------------------------- -class MemoryHeapBase : public virtual BnMemoryHeap +class MemoryHeapBase : public virtual BnMemoryHeap { public: enum { @@ -38,12 +38,12 @@ public: NO_CACHING = 0x00000200 }; - /* + /* * maps the memory referenced by fd. but DOESN'T take ownership * of the filedescriptor (it makes a copy with dup() */ MemoryHeapBase(int fd, size_t size, uint32_t flags = 0, uint32_t offset = 0); - + /* * maps memory from the given device */ @@ -61,9 +61,10 @@ public: virtual void* getBase() const; virtual size_t getSize() const; virtual uint32_t getFlags() const; + virtual uint32_t getOffset() const; const char* getDevice() const; - + /* this closes this heap -- use carefully */ void dispose(); @@ -74,12 +75,12 @@ public: mDevice = device; return mDevice ? NO_ERROR : ALREADY_EXISTS; } - + protected: MemoryHeapBase(); // init() takes ownership of fd status_t init(int fd, void *base, int size, - int flags = 0, const char* device = NULL); + int flags = 0, const char* device = NULL); private: status_t mapfd(int fd, size_t size, uint32_t offset = 0); @@ -90,6 +91,7 @@ private: uint32_t mFlags; const char* mDevice; bool mNeedUnmap; + uint32_t mOffset; }; // --------------------------------------------------------------------------- diff --git a/include/binder/Permission.h b/include/binder/Permission.h deleted file mode 100644 index 9542d50..0000000 --- a/include/binder/Permission.h +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright (C) 2009 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef BINDER_PERMISSION_H -#define BINDER_PERMISSION_H - -#include <stdint.h> -#include <unistd.h> - -#include <utils/SortedVector.h> -#include <utils/String16.h> -#include <utils/threads.h> - -namespace android { -// --------------------------------------------------------------------------- - -/* - * Permission caches the result of the permission check for the given - * permission name and the provided uid/pid. It also handles a few - * known cases efficiently (caller is in the same process or is root). - * The package manager does something similar but lives in dalvik world - * and is therefore extremely slow to access. - */ - -class Permission -{ -public: - Permission(char const* name); - Permission(const String16& name); - Permission(const Permission& rhs); - virtual ~Permission(); - - bool operator < (const Permission& rhs) const; - - // checks the current binder call's caller has access to this permission - bool checkCalling() const; - - // checks the specified pid/uid has access to this permission - bool check(pid_t pid, uid_t uid) const; - -protected: - virtual bool doCheckPermission(pid_t pid, uid_t uid) const; - -private: - Permission& operator = (const Permission& rhs) const; - const String16 mPermissionName; - mutable SortedVector<uid_t> mGranted; - const pid_t mPid; - mutable Mutex mLock; -}; - -// --------------------------------------------------------------------------- -}; // namespace android - -#endif /* BINDER_PERMISSION_H */ diff --git a/include/binder/PermissionCache.h b/include/binder/PermissionCache.h new file mode 100644 index 0000000..1171d48 --- /dev/null +++ b/include/binder/PermissionCache.h @@ -0,0 +1,79 @@ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef BINDER_PERMISSION_H +#define BINDER_PERMISSION_H + +#include <stdint.h> +#include <unistd.h> + +#include <utils/String16.h> +#include <utils/Singleton.h> + +namespace android { +// --------------------------------------------------------------------------- + +/* + * PermissionCache caches permission checks for a given uid. + * + * Currently the cache is not updated when there is a permission change, + * for instance when an application is uninstalled. + * + * IMPORTANT: for the reason stated above, only system permissions are safe + * to cache. This restriction may be lifted at a later time. + * + */ + +class PermissionCache : Singleton<PermissionCache> { + struct Entry { + String16 name; + uid_t uid; + bool granted; + inline bool operator < (const Entry& e) const { + return (uid == e.uid) ? (name < e.name) : (uid < e.uid); + } + }; + mutable Mutex mLock; + // we pool all the permission names we see, as many permissions checks + // will have identical names + SortedVector< String16 > mPermissionNamesPool; + // this is our cache per say. it stores pooled names. + SortedVector< Entry > mCache; + + // free the whole cache, but keep the permission name pool + void purge(); + + status_t check(bool* granted, + const String16& permission, uid_t uid) const; + + void cache(const String16& permission, uid_t uid, bool granted); + +public: + PermissionCache(); + + static bool checkCallingPermission(const String16& permission); + + static bool checkCallingPermission(const String16& permission, + int32_t* outPid, int32_t* outUid); + + static bool checkPermission(const String16& permission, + pid_t pid, uid_t uid); +}; + +// --------------------------------------------------------------------------- +}; // namespace android + +#endif /* BINDER_PERMISSION_H */ diff --git a/include/binder/ProcessState.h b/include/binder/ProcessState.h index feeb3c3..9725822 100644 --- a/include/binder/ProcessState.h +++ b/include/binder/ProcessState.h @@ -39,8 +39,6 @@ class ProcessState : public virtual RefBase public: static sp<ProcessState> self(); - static void setSingleProcess(bool singleProcess); - void setContextObject(const sp<IBinder>& object); sp<IBinder> getContextObject(const sp<IBinder>& caller); @@ -48,8 +46,6 @@ public: const String16& name); sp<IBinder> getContextObject(const String16& name, const sp<IBinder>& caller); - - bool supportsProcesses() const; void startThreadPool(); |