Android Binder clearing caller identity

2019-04-08 20:56发布

问题:

Recently I read Android source codes and find that a pair of methods are always called when doing some Binder IPC call. I read the comment, but I can't clearly know the root reason. The pair of method is as follow:

final long origId = Binder.clearCallingIdentity();

//other local method.

Binder.restoreCallingIdentity(origId);

Does anyone know what's the function of that pair of method? It seems to relate to permission.

回答1:

I don't think I can answer better than the description in the official APIs: http://developer.android.com/reference/android/os/Binder.html

public static final long clearCallingIdentity ()

Reset the identity of the incoming IPC on the current thread. This can be useful if, while handling an incoming call, you will be calling on interfaces of other objects that may be local to your process and need to do permission checks on the calls coming into them (so they will check the permission of your own local process, and not whatever process originally called you).



回答2:

Although the question is old, it's worth putting more details in addition to the official method description.


Apart from (or along with) IPC the key role of the Binder framework in Android is security.

Each Binder transaction runs under the identity (PID and UID) of the calling process (caller) so that the called process (callee) could inspect the calling process' permissions and decide whether the requested method can be executed.

If such a transaction needs to be (temporary) running under the callee's identity, the caller's one can be cleared and later restored with the calls to Binder.clearCallingIdentity() and Binder.restoreCallingIdentity(long) respectively. Between the calls the callee's permissions will be checked.

As an example consider the system services (AOSP location: /frameworks/base/services/java/com/android/server). Running in the system_server process, UID=1000, the services can temporarily clear the caller's identity in order to pass the permission checks.