blob: f3b86ae3113290b1fdee263e5dbcf9e4bb4234be [file] [log] [blame] [edit]
/*
* Copyright (C) 2013 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <mutex>
#include <binder/AppOpsManager.h>
#include <binder/Binder.h>
#include <binder/IServiceManager.h>
#include <utils/SystemClock.h>
namespace android {
namespace {
#if defined(__BRILLO__)
// Because Brillo has no application model, security policy is managed
// statically (at build time) with SELinux controls.
// As a consequence, it also never runs the AppOpsManager service.
const int APP_OPS_MANAGER_UNAVAILABLE_MODE = AppOpsManager::MODE_ALLOWED;
#else
const int APP_OPS_MANAGER_UNAVAILABLE_MODE = AppOpsManager::MODE_IGNORED;
#endif // defined(__BRILLO__)
} // namespace
static String16 _appops("appops");
static pthread_mutex_t gTokenMutex = PTHREAD_MUTEX_INITIALIZER;
static sp<IBinder> gToken;
static const sp<IBinder>& getToken(const sp<IAppOpsService>& service) {
pthread_mutex_lock(&gTokenMutex);
if (gToken == NULL || gToken->pingBinder() != NO_ERROR) {
gToken = service->getToken(new BBinder());
}
pthread_mutex_unlock(&gTokenMutex);
return gToken;
}
AppOpsManager::AppOpsManager()
{
}
#if defined(__BRILLO__)
// There is no AppOpsService on Brillo
sp<IAppOpsService> AppOpsManager::getService() { return NULL; }
#else
sp<IAppOpsService> AppOpsManager::getService()
{
std::lock_guard<Mutex> scoped_lock(mLock);
int64_t startTime = 0;
sp<IAppOpsService> service = mService;
while (service == NULL || !IInterface::asBinder(service)->isBinderAlive()) {
sp<IBinder> binder = defaultServiceManager()->checkService(_appops);
if (binder == NULL) {
// Wait for the app ops service to come back...
if (startTime == 0) {
startTime = uptimeMillis();
ALOGI("Waiting for app ops service");
} else if ((uptimeMillis()-startTime) > 10000) {
ALOGW("Waiting too long for app ops service, giving up");
service = NULL;
break;
}
sleep(1);
} else {
service = interface_cast<IAppOpsService>(binder);
mService = service;
}
}
return service;
}
#endif // defined(__BRILLO__)
int32_t AppOpsManager::checkOp(int32_t op, int32_t uid, const String16& callingPackage)
{
sp<IAppOpsService> service = getService();
return service != NULL
? service->checkOperation(op, uid, callingPackage)
: APP_OPS_MANAGER_UNAVAILABLE_MODE;
}
int32_t AppOpsManager::noteOp(int32_t op, int32_t uid, const String16& callingPackage) {
sp<IAppOpsService> service = getService();
return service != NULL
? service->noteOperation(op, uid, callingPackage)
: APP_OPS_MANAGER_UNAVAILABLE_MODE;
}
int32_t AppOpsManager::startOp(int32_t op, int32_t uid, const String16& callingPackage) {
sp<IAppOpsService> service = getService();
return service != NULL
? service->startOperation(getToken(service), op, uid, callingPackage)
: APP_OPS_MANAGER_UNAVAILABLE_MODE;
}
void AppOpsManager::finishOp(int32_t op, int32_t uid, const String16& callingPackage) {
sp<IAppOpsService> service = getService();
if (service != NULL) {
service->finishOperation(getToken(service), op, uid, callingPackage);
}
}
void AppOpsManager::startWatchingMode(int32_t op, const String16& packageName,
const sp<IAppOpsCallback>& callback) {
sp<IAppOpsService> service = getService();
if (service != NULL) {
service->startWatchingMode(op, packageName, callback);
}
}
void AppOpsManager::stopWatchingMode(const sp<IAppOpsCallback>& callback) {
sp<IAppOpsService> service = getService();
if (service != NULL) {
service->stopWatchingMode(callback);
}
}
int32_t AppOpsManager::permissionToOpCode(const String16& permission) {
sp<IAppOpsService> service = getService();
if (service != NULL) {
return service->permissionToOpCode(permission);
}
return -1;
}
}; // namespace android