Bug 926746 - Part 1: Merge fakeperm into b2g. r=mwu
☠☠ backed out by d4577f8235d9 ☠ ☠
authorSteven Lee <slee@mozilla.com>
Mon, 02 Dec 2013 10:21:07 -0500
changeset 172927 c24da899172a9a5bee7cdfb3e0109a695da49be0
parent 172926 808b91cff7796aa82b2c8d8b0f8ee402dbe90ddc
child 172928 720a36d92d374edc22e000cae49aebf92a805b3c
push id3224
push userlsblakk@mozilla.com
push dateTue, 04 Feb 2014 01:06:49 +0000
treeherdermozilla-beta@60c04d0987f1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmwu
bugs926746
milestone28.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 926746 - Part 1: Merge fakeperm into b2g. r=mwu
widget/gonk/GonkPermission.cpp
widget/gonk/GonkPermission.h
widget/gonk/moz.build
widget/gonk/nsAppShell.cpp
new file mode 100644
--- /dev/null
+++ b/widget/gonk/GonkPermission.cpp
@@ -0,0 +1,126 @@
+/*
+ * Copyright (C) 2012 Mozilla Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <binder/IPCThreadState.h>
+#include <binder/ProcessState.h>
+#include <binder/IServiceManager.h>
+#include <binder/IPermissionController.h>
+#include <private/android_filesystem_config.h>
+#include "GonkPermission.h"
+
+#undef LOG
+#include <android/log.h>
+#define ALOGE(args...)  __android_log_print(ANDROID_LOG_ERROR, "gonkperm" , ## args)
+
+using namespace android;
+using namespace mozilla;
+
+bool
+GonkPermissionService::checkPermission(const String16& permission, int32_t pid,
+                                     int32_t uid)
+{
+  if (0 == uid)
+    return true;
+
+  // Camera/audio record permissions are only for apps with the
+  // "camera" permission.  These apps are also the only apps granted
+  // the AID_SDCARD_RW supplemental group (bug 785592)
+
+  if (uid < AID_APP) {
+    ALOGE("%s for pid=%d,uid=%d denied: not an app",
+      String8(permission).string(), pid, uid);
+    return false;
+  }
+
+  String8 perm8(permission);
+
+  if (perm8 != "android.permission.CAMERA" &&
+    perm8 != "android.permission.RECORD_AUDIO") {
+    ALOGE("%s for pid=%d,uid=%d denied: unsupported permission",
+      String8(permission).string(), pid, uid);
+    return false;
+  }
+
+  // Users granted the permission through a prompt dialog.
+  // Before permission managment of gUM is done, app cannot remember the
+  // permission.
+  PermissionGrant permGrant(perm8.string(), pid);
+  if (nsTArray<PermissionGrant>::NoIndex != mGrantArray.IndexOf(permGrant)) {
+    mGrantArray.RemoveElement(permGrant);
+    return true;
+  }
+
+  char filename[32];
+  snprintf(filename, sizeof(filename), "/proc/%d/status", pid);
+  FILE *f = fopen(filename, "r");
+  if (!f) {
+    ALOGE("%s for pid=%d,uid=%d denied: unable to open %s",
+      String8(permission).string(), pid, uid, filename);
+    return false;
+  }
+
+  char line[80];
+  while (fgets(line, sizeof(line), f)) {
+    char *save;
+    char *name = strtok_r(line, "\t", &save);
+    if (!name)
+      continue;
+
+    if (strcmp(name, "Groups:"))
+      continue;
+    char *group;
+    while ((group = strtok_r(NULL, " \n", &save))) {
+      #define _STR(x) #x
+      #define STR(x) _STR(x)
+      if (!strcmp(group, STR(AID_SDCARD_RW))) {
+        fclose(f);
+        return true;
+      }
+    }
+    break;
+  }
+  fclose(f);
+
+  ALOGE("%s for pid=%d,uid=%d denied: missing group",
+    String8(permission).string(), pid, uid);
+  return false;
+}
+
+static GonkPermissionService* gGonkPermissionService = NULL;
+
+/* static */
+void
+GonkPermissionService::instantiate()
+{
+  defaultServiceManager()->addService(String16(getServiceName()),
+    GetInstance());
+}
+
+/* static */
+GonkPermissionService*
+GonkPermissionService::GetInstance()
+{
+  if (!gGonkPermissionService) {
+    gGonkPermissionService = new GonkPermissionService();
+  }
+  return gGonkPermissionService;
+}
+
+void
+GonkPermissionService::addGrantInfo(const char* permission, int32_t pid)
+{
+  mGrantArray.AppendElement(PermissionGrant(permission, pid));
+}
new file mode 100644
--- /dev/null
+++ b/widget/gonk/GonkPermission.h
@@ -0,0 +1,84 @@
+/*
+ * Copyright (C) 2012 Mozilla Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef GONKPERMISSION_H
+#define GONKPERMISSION_H
+
+#include <binder/BinderService.h>
+#include "nsString.h"
+#include "nsTArray.h"
+
+namespace mozilla {
+class PermissionGrant
+{
+public:
+  PermissionGrant(const char* perm, int32_t p) : mPid(p)
+  {
+    mPermission.Assign(perm);
+  }
+
+  PermissionGrant(const nsACString& permission, int32_t pid) : mPid(pid),
+    mPermission(permission)
+  {
+  }
+
+  bool operator==(const PermissionGrant& other) const
+  {
+    return (mPid == other.pid() && mPermission.Equals(other.permission()));
+  }
+
+  int32_t pid() const
+  {
+    return mPid;
+  }
+
+  const nsACString& permission() const
+  {
+    return mPermission;
+  }
+
+private:
+  int32_t mPid;
+  nsCString mPermission;
+};
+
+class PermissionGrant;
+
+class GonkPermissionService :
+  public android::BinderService<GonkPermissionService>,
+  public android::BnPermissionController
+{
+public:
+  virtual ~GonkPermissionService() {}
+  static GonkPermissionService* GetInstance();
+  static const char *getServiceName() {
+    return "permission";
+  }
+
+  static void instantiate();
+
+  virtual android::status_t dump(int fd, const android::Vector<android::String16>& args) {
+    return android::NO_ERROR;
+  }
+  virtual bool checkPermission(const android::String16& permission, int32_t pid,
+      int32_t uid);
+
+  void addGrantInfo(const char* permission, int32_t pid);
+private:
+  GonkPermissionService(): android::BnPermissionController() {}
+  nsTArray<PermissionGrant> mGrantArray;
+};
+} // namespace mozilla
+#endif // GONKPERMISSION_H
--- a/widget/gonk/moz.build
+++ b/widget/gonk/moz.build
@@ -10,16 +10,17 @@
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
 EXPORTS += [
+    'GonkPermission.h',
     'OrientationObserver.h',
 ]
 
 DIRS += ['libdisplay', 'nativewindow']
 
 # libui files
 SOURCES += ['libui/' + src for src in [
     'EventHub.cpp',
@@ -41,16 +42,17 @@ SOURCES += ['libui/' + src for src in [
     'VelocityTracker.cpp',
     'VirtualKeyMap.cpp',
 ]]
 
 SOURCES += [
     'Framebuffer.cpp',
     'GfxInfo.cpp',
     'GonkMemoryPressureMonitoring.cpp',
+    'GonkPermission.cpp',
     'HwcComposer2D.cpp',
     'HwcUtils.cpp',
     'nsAppShell.cpp',
     'nsIdleServiceGonk.cpp',
     'nsLookAndFeel.cpp',
     'nsWidgetFactory.cpp',
     'nsWindow.cpp',
     'OrientationObserver.cpp',
--- a/widget/gonk/nsAppShell.cpp
+++ b/widget/gonk/nsAppShell.cpp
@@ -24,16 +24,17 @@
 #include <sys/epoll.h>
 #include <sys/ioctl.h>
 #include <sys/param.h>
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <unistd.h>
 
 #include "base/basictypes.h"
+#include "GonkPermission.h"
 #include "nscore.h"
 #ifdef MOZ_OMX_DECODER
 #include "MediaResourceManagerService.h"
 #endif
 #include "mozilla/TouchEvents.h"
 #include "mozilla/FileUtils.h"
 #include "mozilla/Hal.h"
 #include "mozilla/MouseEvents.h"
@@ -753,16 +754,17 @@ nsAppShell::Init()
 
     if (XRE_GetProcessType() == GeckoProcessType_Default) {
 #ifdef MOZ_OMX_DECODER
         android::MediaResourceManagerService::instantiate();
 #endif
 #if ANDROID_VERSION >= 18
         android::FakeSurfaceComposer::instantiate();
 #endif
+        GonkPermissionService::instantiate();
     }
 
     nsCOMPtr<nsIObserverService> obsServ = GetObserverService();
     if (obsServ) {
         obsServ->AddObserver(this, "browser-ui-startup-complete", false);
     }
 
 #ifdef MOZ_NUWA_PROCESS