• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2018 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #pragma once
18 
19 #include <android/binder_ibinder.h>
20 #include "ibinder_internal.h"
21 
22 #include <atomic>
23 #include <mutex>
24 #include <vector>
25 
26 #include <binder/Binder.h>
27 #include <binder/IBinder.h>
28 #include <utils/Vector.h>
29 
isUserCommand(transaction_code_t code)30 inline bool isUserCommand(transaction_code_t code) {
31     return code >= FIRST_CALL_TRANSACTION && code <= LAST_CALL_TRANSACTION;
32 }
33 
34 struct ABBinder;
35 struct ABpBinder;
36 
37 struct AIBinder : public virtual ::android::RefBase {
38     explicit AIBinder(const AIBinder_Class* clazz);
39     virtual ~AIBinder();
40 
41     bool associateClass(const AIBinder_Class* clazz);
getClassAIBinder42     const AIBinder_Class* getClass() const { return mClazz; }
43 
44     virtual ::android::sp<::android::IBinder> getBinder() = 0;
asABBinderAIBinder45     virtual ABBinder* asABBinder() { return nullptr; }
asABpBinderAIBinder46     virtual ABpBinder* asABpBinder() { return nullptr; }
47 
isRemoteAIBinder48     bool isRemote() const {
49         ::android::sp<::android::IBinder> binder = const_cast<AIBinder*>(this)->getBinder();
50         return binder->remoteBinder() != nullptr;
51     }
52 
53    private:
54     // AIBinder instance is instance of this class for a local object. In order to transact on a
55     // remote object, this also must be set for simplicity (although right now, only the
56     // interfaceDescriptor from it is used).
57     const AIBinder_Class* mClazz;
58 };
59 
60 // This is a local AIBinder object with a known class.
61 struct ABBinder : public AIBinder, public ::android::BBinder {
62     virtual ~ABBinder();
63 
getUserDataABBinder64     void* getUserData() { return mUserData; }
65 
getBinderABBinder66     ::android::sp<::android::IBinder> getBinder() override { return this; }
asABBinderABBinder67     ABBinder* asABBinder() override { return this; }
68 
69     const ::android::String16& getInterfaceDescriptor() const override;
70     ::android::status_t dump(int fd, const ::android::Vector<::android::String16>& args) override;
71     ::android::status_t onTransact(uint32_t code, const ::android::Parcel& data,
72                                    ::android::Parcel* reply, binder_flags_t flags) override;
73 
74    private:
75     ABBinder(const AIBinder_Class* clazz, void* userData);
76 
77     // only thing that should create an ABBinder
78     friend AIBinder* AIBinder_new(const AIBinder_Class*, void*);
79 
80     // Can contain implementation if this is a local binder. This can still be nullptr for a local
81     // binder. If it is nullptr, the implication is the implementation state is entirely external to
82     // this object and the functionality provided in the AIBinder_Class is sufficient.
83     void* mUserData;
84 };
85 
86 // This binder object may be remote or local (even though it is 'Bp'). The implication if it is
87 // local is that it is an IBinder object created outside of the domain of libbinder_ndk.
88 struct ABpBinder : public AIBinder, public ::android::BpRefBase {
89     // Looks up to see if this object has or is an existing ABBinder or ABpBinder object, otherwise
90     // it creates an ABpBinder object.
91     static ::android::sp<AIBinder> lookupOrCreateFromBinder(
92             const ::android::sp<::android::IBinder>& binder);
93 
94     virtual ~ABpBinder();
95 
96     void onLastStrongRef(const void* id) override;
97 
getBinderABpBinder98     ::android::sp<::android::IBinder> getBinder() override { return remote(); }
asABpBinderABpBinder99     ABpBinder* asABpBinder() override { return this; }
100 
101    private:
102     explicit ABpBinder(const ::android::sp<::android::IBinder>& binder);
103 };
104 
105 struct AIBinder_Class {
106     AIBinder_Class(const char* interfaceDescriptor, AIBinder_Class_onCreate onCreate,
107                    AIBinder_Class_onDestroy onDestroy, AIBinder_Class_onTransact onTransact);
108 
getInterfaceDescriptorAIBinder_Class109     const ::android::String16& getInterfaceDescriptor() const { return mInterfaceDescriptor; }
110 
111     // required to be non-null, implemented for every class
112     const AIBinder_Class_onCreate onCreate;
113     const AIBinder_Class_onDestroy onDestroy;
114     const AIBinder_Class_onTransact onTransact;
115 
116     // optional methods for a class
117     AIBinder_onDump onDump;
118 
119    private:
120     // This must be a String16 since BBinder virtual getInterfaceDescriptor returns a reference to
121     // one.
122     const ::android::String16 mInterfaceDescriptor;
123 };
124 
125 // Ownership is like this (when linked to death):
126 //
127 //   AIBinder_DeathRecipient -sp-> TransferDeathRecipient <-wp-> IBinder
128 //
129 // When the AIBinder_DeathRecipient is dropped, so are the actual underlying death recipients. When
130 // the IBinder dies, only a wp to it is kept.
131 struct AIBinder_DeathRecipient : ::android::RefBase {
132     // One of these is created for every linkToDeath. This is to be able to recover data when a
133     // binderDied receipt only gives us information about the IBinder.
134     struct TransferDeathRecipient : ::android::IBinder::DeathRecipient {
TransferDeathRecipientAIBinder_DeathRecipient::TransferDeathRecipient135         TransferDeathRecipient(const ::android::wp<::android::IBinder>& who, void* cookie,
136                                const ::android::wp<AIBinder_DeathRecipient>& parentRecipient,
137                                const AIBinder_DeathRecipient_onBinderDied onDied)
138             : mWho(who), mCookie(cookie), mParentRecipient(parentRecipient), mOnDied(onDied) {}
139 
140         void binderDied(const ::android::wp<::android::IBinder>& who) override;
141 
getWhoAIBinder_DeathRecipient::TransferDeathRecipient142         const ::android::wp<::android::IBinder>& getWho() { return mWho; }
getCookieAIBinder_DeathRecipient::TransferDeathRecipient143         void* getCookie() { return mCookie; }
144 
145        private:
146         ::android::wp<::android::IBinder> mWho;
147         void* mCookie;
148 
149         ::android::wp<AIBinder_DeathRecipient> mParentRecipient;
150 
151         // This is kept separately from AIBinder_DeathRecipient in case the death recipient is
152         // deleted while the death notification is fired
153         const AIBinder_DeathRecipient_onBinderDied mOnDied;
154     };
155 
156     explicit AIBinder_DeathRecipient(AIBinder_DeathRecipient_onBinderDied onDied);
157     binder_status_t linkToDeath(::android::sp<::android::IBinder>, void* cookie);
158     binder_status_t unlinkToDeath(::android::sp<::android::IBinder> binder, void* cookie);
159 
160    private:
161     // When the user of this API deletes a Bp object but not the death recipient, the
162     // TransferDeathRecipient object can't be cleaned up. This is called whenever a new
163     // TransferDeathRecipient is linked, and it ensures that mDeathRecipients can't grow unbounded.
164     void pruneDeadTransferEntriesLocked();
165 
166     std::mutex mDeathRecipientsMutex;
167     std::vector<::android::sp<TransferDeathRecipient>> mDeathRecipients;
168     AIBinder_DeathRecipient_onBinderDied mOnDied;
169 };
170