1 /*
2 * Copyright (C) 2013 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <mutex>
18 #include <binder/AppOpsManager.h>
19 #include <binder/Binder.h>
20 #include <binder/IServiceManager.h>
21
22 #include <utils/SystemClock.h>
23
24 namespace android {
25
26 namespace {
27
28 #if defined(__BRILLO__)
29 // Because Brillo has no application model, security policy is managed
30 // statically (at build time) with SELinux controls.
31 // As a consequence, it also never runs the AppOpsManager service.
32 const int APP_OPS_MANAGER_UNAVAILABLE_MODE = AppOpsManager::MODE_ALLOWED;
33 #else
34 const int APP_OPS_MANAGER_UNAVAILABLE_MODE = AppOpsManager::MODE_IGNORED;
35 #endif // defined(__BRILLO__)
36
37 } // namespace
38
39 static String16 _appops("appops");
40 static pthread_mutex_t gTokenMutex = PTHREAD_MUTEX_INITIALIZER;
41 static sp<IBinder> gToken;
42
getToken(const sp<IAppOpsService> & service)43 static const sp<IBinder>& getToken(const sp<IAppOpsService>& service) {
44 pthread_mutex_lock(&gTokenMutex);
45 if (gToken == nullptr || gToken->pingBinder() != NO_ERROR) {
46 gToken = service->getToken(new BBinder());
47 }
48 pthread_mutex_unlock(&gTokenMutex);
49 return gToken;
50 }
51
AppOpsManager()52 AppOpsManager::AppOpsManager()
53 {
54 }
55
56 #if defined(__BRILLO__)
57 // There is no AppOpsService on Brillo
getService()58 sp<IAppOpsService> AppOpsManager::getService() { return NULL; }
59 #else
getService()60 sp<IAppOpsService> AppOpsManager::getService()
61 {
62
63 std::lock_guard<Mutex> scoped_lock(mLock);
64 int64_t startTime = 0;
65 sp<IAppOpsService> service = mService;
66 while (service == nullptr || !IInterface::asBinder(service)->isBinderAlive()) {
67 sp<IBinder> binder = defaultServiceManager()->checkService(_appops);
68 if (binder == nullptr) {
69 // Wait for the app ops service to come back...
70 if (startTime == 0) {
71 startTime = uptimeMillis();
72 ALOGI("Waiting for app ops service");
73 } else if ((uptimeMillis()-startTime) > 10000) {
74 ALOGW("Waiting too long for app ops service, giving up");
75 service = nullptr;
76 break;
77 }
78 sleep(1);
79 } else {
80 service = interface_cast<IAppOpsService>(binder);
81 mService = service;
82 }
83 }
84 return service;
85 }
86 #endif // defined(__BRILLO__)
87
checkOp(int32_t op,int32_t uid,const String16 & callingPackage)88 int32_t AppOpsManager::checkOp(int32_t op, int32_t uid, const String16& callingPackage)
89 {
90 sp<IAppOpsService> service = getService();
91 return service != nullptr
92 ? service->checkOperation(op, uid, callingPackage)
93 : APP_OPS_MANAGER_UNAVAILABLE_MODE;
94 }
95
checkAudioOpNoThrow(int32_t op,int32_t usage,int32_t uid,const String16 & callingPackage)96 int32_t AppOpsManager::checkAudioOpNoThrow(int32_t op, int32_t usage, int32_t uid,
97 const String16& callingPackage) {
98 sp<IAppOpsService> service = getService();
99 return service != nullptr
100 ? service->checkAudioOperation(op, usage, uid, callingPackage)
101 : APP_OPS_MANAGER_UNAVAILABLE_MODE;
102 }
103
noteOp(int32_t op,int32_t uid,const String16 & callingPackage)104 int32_t AppOpsManager::noteOp(int32_t op, int32_t uid, const String16& callingPackage) {
105 sp<IAppOpsService> service = getService();
106 return service != nullptr
107 ? service->noteOperation(op, uid, callingPackage)
108 : APP_OPS_MANAGER_UNAVAILABLE_MODE;
109 }
110
startOpNoThrow(int32_t op,int32_t uid,const String16 & callingPackage,bool startIfModeDefault)111 int32_t AppOpsManager::startOpNoThrow(int32_t op, int32_t uid, const String16& callingPackage,
112 bool startIfModeDefault) {
113 sp<IAppOpsService> service = getService();
114 return service != nullptr
115 ? service->startOperation(getToken(service), op, uid, callingPackage,
116 startIfModeDefault) : APP_OPS_MANAGER_UNAVAILABLE_MODE;
117 }
118
finishOp(int32_t op,int32_t uid,const String16 & callingPackage)119 void AppOpsManager::finishOp(int32_t op, int32_t uid, const String16& callingPackage) {
120 sp<IAppOpsService> service = getService();
121 if (service != nullptr) {
122 service->finishOperation(getToken(service), op, uid, callingPackage);
123 }
124 }
125
startWatchingMode(int32_t op,const String16 & packageName,const sp<IAppOpsCallback> & callback)126 void AppOpsManager::startWatchingMode(int32_t op, const String16& packageName,
127 const sp<IAppOpsCallback>& callback) {
128 sp<IAppOpsService> service = getService();
129 if (service != nullptr) {
130 service->startWatchingMode(op, packageName, callback);
131 }
132 }
133
stopWatchingMode(const sp<IAppOpsCallback> & callback)134 void AppOpsManager::stopWatchingMode(const sp<IAppOpsCallback>& callback) {
135 sp<IAppOpsService> service = getService();
136 if (service != nullptr) {
137 service->stopWatchingMode(callback);
138 }
139 }
140
permissionToOpCode(const String16 & permission)141 int32_t AppOpsManager::permissionToOpCode(const String16& permission) {
142 sp<IAppOpsService> service = getService();
143 if (service != nullptr) {
144 return service->permissionToOpCode(permission);
145 }
146 return -1;
147 }
148
149
150 }; // namespace android
151