Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Android Binder clearing caller identity

Recently I read Android source codes and find that a pair of methods are always called when doing some Binder IPC call. I read the comment, but I can't clearly know the root reason. The pair of method is as follow:

final long origId = Binder.clearCallingIdentity();

//other local method.

Binder.restoreCallingIdentity(origId);

Does anyone know what's the function of that pair of method? It seems to relate to permission.

like image 427
Crystal Jake Avatar asked Apr 15 '13 00:04

Crystal Jake


2 Answers

Although the question is old, it's worth putting more details in addition to the official method description.


Apart from (or along with) IPC the key role of the Binder framework in Android is security.

Each Binder transaction runs under the identity (PID and UID) of the calling process (caller) so that the called process (callee) could inspect the calling process' permissions and decide whether the requested method can be executed.

If such a transaction needs to be (temporary) running under the callee's identity, the caller's one can be cleared and later restored with the calls to Binder.clearCallingIdentity() and Binder.restoreCallingIdentity(long) respectively. Between the calls the callee's permissions will be checked.

As an example consider the system services (AOSP location: /frameworks/base/services/java/com/android/server). Running in the system_server process, UID=1000, the services can temporarily clear the caller's identity in order to pass the permission checks.

like image 94
Onik Avatar answered Sep 21 '22 12:09

Onik


I don't think I can answer better than the description in the official APIs: http://developer.android.com/reference/android/os/Binder.html

public static final long clearCallingIdentity ()

Reset the identity of the incoming IPC on the current thread. This can be useful if, while handling an incoming call, you will be calling on interfaces of other objects that may be local to your process and need to do permission checks on the calls coming into them (so they will check the permission of your own local process, and not whatever process originally called you).

like image 28
Adrian Taylor Avatar answered Sep 19 '22 12:09

Adrian Taylor