| #include "private/dvr/trusted_uids.h" |
| |
| #include <mutex> |
| #include <unordered_map> |
| |
| #include <binder/IPermissionController.h> |
| #include <binder/IServiceManager.h> |
| #include <private/android_filesystem_config.h> |
| #include <utils/String16.h> |
| #include <vr/vr_manager/vr_manager.h> |
| |
| namespace android { |
| namespace dvr { |
| |
| bool IsTrustedUid(uid_t uid, bool use_cache) { |
| static std::unordered_map<uid_t, bool> uid_cache; |
| static std::mutex uid_cache_mutex; |
| |
| // Whitelist requests from the system UID. |
| // These are already whitelisted by the permission service, but it might not |
| // be available if the ActivityManagerService is up during boot. |
| // This ensures the correct result for system services while booting up. |
| if (uid == AID_SYSTEM) |
| return true; |
| |
| std::lock_guard<std::mutex> lock(uid_cache_mutex); |
| |
| if (use_cache) { |
| auto it = uid_cache.find(uid); |
| if (it != uid_cache.end()) |
| return it->second; |
| } |
| |
| sp<IBinder> binder = defaultServiceManager()->getService(String16("permission")); |
| if (binder == 0) { |
| ALOGW("Could not access permission service"); |
| return false; |
| } |
| |
| // Note: we ignore the pid because it's only used to automatically reply |
| // true if the caller is the Activity Manager Service. |
| bool trusted = interface_cast<IPermissionController>(binder)->checkPermission( |
| String16("android.permission.RESTRICTED_VR_ACCESS"), -1, uid); |
| |
| // Cache the information for this uid to avoid future Java calls. |
| uid_cache[uid] = trusted; |
| return trusted; |
| } |
| |
| } // namespace dvr |
| } // namespace android |