SecureSocketHandler.java

/*
 * Copyright (c) 2014-present, Facebook, Inc.
 * All rights reserved.
 *
 * This source code is licensed under the BSD-style license found in the
 * LICENSE file in the root directory of this source tree. An additional grant
 * of patent rights can be found in the PATENTS file in the same directory.
 */

package com.facebook.stetho.server;

import android.Manifest;
import android.content.Context;
import android.content.pm.PackageManager;
import android.net.Credentials;
import android.net.LocalSocket;
import android.util.Log;
import com.facebook.stetho.common.LogUtil;

import java.io.IOException;

public abstract class SecureSocketHandler implements SocketHandler {
  private final Context mContext;

  public SecureSocketHandler(Context context) {
    mContext = context;
  }

  @Override
  public final void onAccepted(LocalSocket socket) throws IOException {
    try {
      enforcePermission(mContext, socket);
      onSecured(socket);
    } catch (PeerAuthorizationException e) {
      LogUtil.e("Unauthorized request: " + e.getMessage());
    }
  }

  protected abstract void onSecured(LocalSocket socket) throws IOException;

  private static void enforcePermission(Context context, LocalSocket peer)
      throws IOException, PeerAuthorizationException {
    Credentials credentials = peer.getPeerCredentials();

    int uid = credentials.getUid();
    int pid = credentials.getPid();

    if (LogUtil.isLoggable(Log.VERBOSE)) {
      LogUtil.v("Got request from uid=%d, pid=%d", uid, pid);
    }

    String requiredPermission = Manifest.permission.DUMP;
    int checkResult = context.checkPermission(requiredPermission, pid, uid);
    if (checkResult != PackageManager.PERMISSION_GRANTED) {
      throw new PeerAuthorizationException(
          "Peer pid=" + pid + ", uid=" + uid + " does not have " + requiredPermission);
    }
  }
}