1 /*
2 * Copyright (C) 2018 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <android/binder_ibinder.h>
18 #include <android/binder_ibinder_platform.h>
19 #include <android/binder_libbinder.h>
20 #include "ibinder_internal.h"
21
22 #include <android/binder_stability.h>
23 #include <android/binder_status.h>
24 #include "parcel_internal.h"
25 #include "status_internal.h"
26
27 #include <android-base/logging.h>
28 #include <binder/IPCThreadState.h>
29 #include <binder/IResultReceiver.h>
30 #include <private/android_filesystem_config.h>
31
32 using DeathRecipient = ::android::IBinder::DeathRecipient;
33
34 using ::android::IBinder;
35 using ::android::IResultReceiver;
36 using ::android::Parcel;
37 using ::android::sp;
38 using ::android::status_t;
39 using ::android::String16;
40 using ::android::String8;
41 using ::android::wp;
42
43 namespace ABBinderTag {
44
45 static const void* kId = "ABBinder";
46 static void* kValue = static_cast<void*>(new bool{true});
clean(const void *,void *,void *)47 void clean(const void* /*id*/, void* /*obj*/, void* /*cookie*/){/* do nothing */};
48
attach(const sp<IBinder> & binder)49 static void attach(const sp<IBinder>& binder) {
50 binder->attachObject(kId, kValue, nullptr /*cookie*/, clean);
51 }
has(const sp<IBinder> & binder)52 static bool has(const sp<IBinder>& binder) {
53 return binder != nullptr && binder->findObject(kId) == kValue;
54 }
55
56 } // namespace ABBinderTag
57
58 namespace ABpBinderTag {
59
60 static std::mutex gLock;
61 static const void* kId = "ABpBinder";
62 struct Value {
63 wp<ABpBinder> binder;
64 };
clean(const void * id,void * obj,void * cookie)65 void clean(const void* id, void* obj, void* cookie) {
66 CHECK(id == kId) << id << " " << obj << " " << cookie;
67
68 delete static_cast<Value*>(obj);
69 };
70
71 } // namespace ABpBinderTag
72
AIBinder(const AIBinder_Class * clazz)73 AIBinder::AIBinder(const AIBinder_Class* clazz) : mClazz(clazz) {}
~AIBinder()74 AIBinder::~AIBinder() {}
75
associateClassInternal(const AIBinder_Class * clazz,const String16 & newDescriptor,bool set)76 std::optional<bool> AIBinder::associateClassInternal(const AIBinder_Class* clazz,
77 const String16& newDescriptor, bool set) {
78 std::lock_guard<std::mutex> lock(mClazzMutex);
79 if (mClazz == clazz) return true;
80
81 if (mClazz != nullptr) {
82 const String16& currentDescriptor = mClazz->getInterfaceDescriptor();
83 if (newDescriptor == currentDescriptor) {
84 LOG(ERROR) << __func__ << ": Class descriptors '" << currentDescriptor
85 << "' match during associateClass, but they are different class objects. "
86 "Class descriptor collision?";
87 } else {
88 LOG(ERROR) << __func__
89 << ": Class cannot be associated on object which already has a class. "
90 "Trying to associate to '"
91 << newDescriptor << "' but already set to '" << currentDescriptor << "'.";
92 }
93
94 // always a failure because we know mClazz != clazz
95 return false;
96 }
97
98 if (set) {
99 // if this is a local object, it's not one known to libbinder_ndk
100 mClazz = clazz;
101 return true;
102 }
103
104 return {};
105 }
106
associateClass(const AIBinder_Class * clazz)107 bool AIBinder::associateClass(const AIBinder_Class* clazz) {
108 if (clazz == nullptr) return false;
109
110 const String16& newDescriptor = clazz->getInterfaceDescriptor();
111
112 auto result = associateClassInternal(clazz, newDescriptor, false);
113 if (result.has_value()) return *result;
114
115 CHECK(asABpBinder() != nullptr); // ABBinder always has a descriptor
116
117 const String16& descriptor = getBinder()->getInterfaceDescriptor();
118 if (descriptor != newDescriptor) {
119 if (getBinder()->isBinderAlive()) {
120 LOG(ERROR) << __func__ << ": Expecting binder to have class '" << newDescriptor
121 << "' but descriptor is actually '" << descriptor << "'.";
122 } else {
123 // b/155793159
124 LOG(ERROR) << __func__ << ": Cannot associate class '" << newDescriptor
125 << "' to dead binder.";
126 }
127 return false;
128 }
129
130 return associateClassInternal(clazz, newDescriptor, true).value();
131 }
132
ABBinder(const AIBinder_Class * clazz,void * userData)133 ABBinder::ABBinder(const AIBinder_Class* clazz, void* userData)
134 : AIBinder(clazz), BBinder(), mUserData(userData) {
135 CHECK(clazz != nullptr);
136 }
~ABBinder()137 ABBinder::~ABBinder() {
138 getClass()->onDestroy(mUserData);
139 }
140
getInterfaceDescriptor() const141 const String16& ABBinder::getInterfaceDescriptor() const {
142 return getClass()->getInterfaceDescriptor();
143 }
144
dump(int fd,const::android::Vector<String16> & args)145 status_t ABBinder::dump(int fd, const ::android::Vector<String16>& args) {
146 AIBinder_onDump onDump = getClass()->onDump;
147
148 if (onDump == nullptr) {
149 return STATUS_OK;
150 }
151
152 // technically UINT32_MAX would be okay here, but INT32_MAX is expected since this may be
153 // null in Java
154 if (args.size() > INT32_MAX) {
155 LOG(ERROR) << "ABBinder::dump received too many arguments: " << args.size();
156 return STATUS_BAD_VALUE;
157 }
158
159 std::vector<String8> utf8Args; // owns memory of utf8s
160 utf8Args.reserve(args.size());
161 std::vector<const char*> utf8Pointers; // what can be passed over NDK API
162 utf8Pointers.reserve(args.size());
163
164 for (size_t i = 0; i < args.size(); i++) {
165 utf8Args.push_back(String8(args[i]));
166 utf8Pointers.push_back(utf8Args[i].c_str());
167 }
168
169 return onDump(this, fd, utf8Pointers.data(), utf8Pointers.size());
170 }
171
onTransact(transaction_code_t code,const Parcel & data,Parcel * reply,binder_flags_t flags)172 status_t ABBinder::onTransact(transaction_code_t code, const Parcel& data, Parcel* reply,
173 binder_flags_t flags) {
174 if (isUserCommand(code)) {
175 if (!data.checkInterface(this)) {
176 return STATUS_BAD_TYPE;
177 }
178
179 const AParcel in = AParcel::readOnly(this, &data);
180 AParcel out = AParcel(this, reply, false /*owns*/);
181
182 binder_status_t status = getClass()->onTransact(this, code, &in, &out);
183 return PruneStatusT(status);
184 } else if (code == SHELL_COMMAND_TRANSACTION && getClass()->handleShellCommand != nullptr) {
185 int in = data.readFileDescriptor();
186 int out = data.readFileDescriptor();
187 int err = data.readFileDescriptor();
188
189 int argc = data.readInt32();
190 std::vector<String8> utf8Args; // owns memory of utf8s
191 std::vector<const char*> utf8Pointers; // what can be passed over NDK API
192 for (int i = 0; i < argc && data.dataAvail() > 0; i++) {
193 utf8Args.push_back(String8(data.readString16()));
194 utf8Pointers.push_back(utf8Args[i].c_str());
195 }
196
197 data.readStrongBinder(); // skip over the IShellCallback
198 sp<IResultReceiver> resultReceiver = IResultReceiver::asInterface(data.readStrongBinder());
199
200 // Shell commands should only be callable by ADB.
201 uid_t uid = AIBinder_getCallingUid();
202 if (uid != AID_ROOT && uid != AID_SHELL) {
203 if (resultReceiver != nullptr) {
204 resultReceiver->send(-1);
205 }
206 return STATUS_PERMISSION_DENIED;
207 }
208
209 // Check that the file descriptors are valid.
210 if (in == STATUS_BAD_TYPE || out == STATUS_BAD_TYPE || err == STATUS_BAD_TYPE) {
211 if (resultReceiver != nullptr) {
212 resultReceiver->send(-1);
213 }
214 return STATUS_BAD_VALUE;
215 }
216
217 binder_status_t status = getClass()->handleShellCommand(
218 this, in, out, err, utf8Pointers.data(), utf8Pointers.size());
219 if (resultReceiver != nullptr) {
220 resultReceiver->send(status);
221 }
222 return status;
223 } else {
224 return BBinder::onTransact(code, data, reply, flags);
225 }
226 }
227
ABpBinder(const::android::sp<::android::IBinder> & binder)228 ABpBinder::ABpBinder(const ::android::sp<::android::IBinder>& binder)
229 : AIBinder(nullptr /*clazz*/), BpRefBase(binder) {
230 CHECK(binder != nullptr);
231 }
~ABpBinder()232 ABpBinder::~ABpBinder() {}
233
onLastStrongRef(const void * id)234 void ABpBinder::onLastStrongRef(const void* id) {
235 {
236 std::lock_guard<std::mutex> lock(ABpBinderTag::gLock);
237 // Since ABpBinder is OBJECT_LIFETIME_WEAK, we must remove this weak reference in order for
238 // the ABpBinder to be deleted. Since a strong reference to this ABpBinder object should no
239 // longer be able to exist at the time of this method call, there is no longer a need to
240 // recover it.
241
242 ABpBinderTag::Value* value =
243 static_cast<ABpBinderTag::Value*>(remote()->findObject(ABpBinderTag::kId));
244 if (value != nullptr) {
245 value->binder = nullptr;
246 }
247 }
248
249 BpRefBase::onLastStrongRef(id);
250 }
251
lookupOrCreateFromBinder(const::android::sp<::android::IBinder> & binder)252 sp<AIBinder> ABpBinder::lookupOrCreateFromBinder(const ::android::sp<::android::IBinder>& binder) {
253 if (binder == nullptr) {
254 return nullptr;
255 }
256 if (ABBinderTag::has(binder)) {
257 return static_cast<ABBinder*>(binder.get());
258 }
259
260 // The following code ensures that for a given binder object (remote or local), if it is not an
261 // ABBinder then at most one ABpBinder object exists in a given process representing it.
262 std::lock_guard<std::mutex> lock(ABpBinderTag::gLock);
263
264 ABpBinderTag::Value* value =
265 static_cast<ABpBinderTag::Value*>(binder->findObject(ABpBinderTag::kId));
266 if (value == nullptr) {
267 value = new ABpBinderTag::Value;
268 binder->attachObject(ABpBinderTag::kId, static_cast<void*>(value), nullptr /*cookie*/,
269 ABpBinderTag::clean);
270 }
271
272 sp<ABpBinder> ret = value->binder.promote();
273 if (ret == nullptr) {
274 ret = new ABpBinder(binder);
275 value->binder = ret;
276 }
277
278 return ret;
279 }
280
281 struct AIBinder_Weak {
282 wp<AIBinder> binder;
283 };
AIBinder_Weak_new(AIBinder * binder)284 AIBinder_Weak* AIBinder_Weak_new(AIBinder* binder) {
285 if (binder == nullptr) {
286 return nullptr;
287 }
288
289 return new AIBinder_Weak{wp<AIBinder>(binder)};
290 }
AIBinder_Weak_delete(AIBinder_Weak * weakBinder)291 void AIBinder_Weak_delete(AIBinder_Weak* weakBinder) {
292 delete weakBinder;
293 }
AIBinder_Weak_promote(AIBinder_Weak * weakBinder)294 AIBinder* AIBinder_Weak_promote(AIBinder_Weak* weakBinder) {
295 if (weakBinder == nullptr) {
296 return nullptr;
297 }
298
299 sp<AIBinder> binder = weakBinder->binder.promote();
300 AIBinder_incStrong(binder.get());
301 return binder.get();
302 }
303
AIBinder_Weak_clone(const AIBinder_Weak * weak)304 AIBinder_Weak* AIBinder_Weak_clone(const AIBinder_Weak* weak) {
305 if (weak == nullptr) {
306 return nullptr;
307 }
308
309 return new AIBinder_Weak{weak->binder};
310 }
311
AIBinder_lt(const AIBinder * lhs,const AIBinder * rhs)312 bool AIBinder_lt(const AIBinder* lhs, const AIBinder* rhs) {
313 if (lhs == nullptr || rhs == nullptr) return lhs < rhs;
314
315 return const_cast<AIBinder*>(lhs)->getBinder() < const_cast<AIBinder*>(rhs)->getBinder();
316 }
317
AIBinder_Weak_lt(const AIBinder_Weak * lhs,const AIBinder_Weak * rhs)318 bool AIBinder_Weak_lt(const AIBinder_Weak* lhs, const AIBinder_Weak* rhs) {
319 if (lhs == nullptr || rhs == nullptr) return lhs < rhs;
320
321 return lhs->binder < rhs->binder;
322 }
323
AIBinder_Class(const char * interfaceDescriptor,AIBinder_Class_onCreate onCreate,AIBinder_Class_onDestroy onDestroy,AIBinder_Class_onTransact onTransact)324 AIBinder_Class::AIBinder_Class(const char* interfaceDescriptor, AIBinder_Class_onCreate onCreate,
325 AIBinder_Class_onDestroy onDestroy,
326 AIBinder_Class_onTransact onTransact)
327 : onCreate(onCreate),
328 onDestroy(onDestroy),
329 onTransact(onTransact),
330 mInterfaceDescriptor(interfaceDescriptor),
331 mWideInterfaceDescriptor(interfaceDescriptor) {}
332
AIBinder_Class_define(const char * interfaceDescriptor,AIBinder_Class_onCreate onCreate,AIBinder_Class_onDestroy onDestroy,AIBinder_Class_onTransact onTransact)333 AIBinder_Class* AIBinder_Class_define(const char* interfaceDescriptor,
334 AIBinder_Class_onCreate onCreate,
335 AIBinder_Class_onDestroy onDestroy,
336 AIBinder_Class_onTransact onTransact) {
337 if (interfaceDescriptor == nullptr || onCreate == nullptr || onDestroy == nullptr ||
338 onTransact == nullptr) {
339 return nullptr;
340 }
341
342 return new AIBinder_Class(interfaceDescriptor, onCreate, onDestroy, onTransact);
343 }
344
AIBinder_Class_setOnDump(AIBinder_Class * clazz,AIBinder_onDump onDump)345 void AIBinder_Class_setOnDump(AIBinder_Class* clazz, AIBinder_onDump onDump) {
346 CHECK(clazz != nullptr) << "setOnDump requires non-null clazz";
347
348 // this is required to be called before instances are instantiated
349 clazz->onDump = onDump;
350 }
351
AIBinder_Class_setHandleShellCommand(AIBinder_Class * clazz,AIBinder_handleShellCommand handleShellCommand)352 void AIBinder_Class_setHandleShellCommand(AIBinder_Class* clazz,
353 AIBinder_handleShellCommand handleShellCommand) {
354 CHECK(clazz != nullptr) << "setHandleShellCommand requires non-null clazz";
355
356 clazz->handleShellCommand = handleShellCommand;
357 }
358
AIBinder_Class_getDescriptor(const AIBinder_Class * clazz)359 const char* AIBinder_Class_getDescriptor(const AIBinder_Class* clazz) {
360 CHECK(clazz != nullptr) << "getDescriptor requires non-null clazz";
361
362 return clazz->getInterfaceDescriptorUtf8();
363 }
364
binderDied(const wp<IBinder> & who)365 void AIBinder_DeathRecipient::TransferDeathRecipient::binderDied(const wp<IBinder>& who) {
366 CHECK(who == mWho) << who.unsafe_get() << "(" << who.get_refs() << ") vs " << mWho.unsafe_get()
367 << " (" << mWho.get_refs() << ")";
368
369 mOnDied(mCookie);
370
371 sp<AIBinder_DeathRecipient> recipient = mParentRecipient.promote();
372 sp<IBinder> strongWho = who.promote();
373
374 // otherwise this will be cleaned up later with pruneDeadTransferEntriesLocked
375 if (recipient != nullptr && strongWho != nullptr) {
376 status_t result = recipient->unlinkToDeath(strongWho, mCookie);
377 if (result != ::android::DEAD_OBJECT) {
378 LOG(WARNING) << "Unlinking to dead binder resulted in: " << result;
379 }
380 }
381
382 mWho = nullptr;
383 }
384
AIBinder_DeathRecipient(AIBinder_DeathRecipient_onBinderDied onDied)385 AIBinder_DeathRecipient::AIBinder_DeathRecipient(AIBinder_DeathRecipient_onBinderDied onDied)
386 : mOnDied(onDied) {
387 CHECK(onDied != nullptr);
388 }
389
pruneDeadTransferEntriesLocked()390 void AIBinder_DeathRecipient::pruneDeadTransferEntriesLocked() {
391 mDeathRecipients.erase(std::remove_if(mDeathRecipients.begin(), mDeathRecipients.end(),
392 [](const sp<TransferDeathRecipient>& tdr) {
393 return tdr->getWho() == nullptr;
394 }),
395 mDeathRecipients.end());
396 }
397
linkToDeath(const sp<IBinder> & binder,void * cookie)398 binder_status_t AIBinder_DeathRecipient::linkToDeath(const sp<IBinder>& binder, void* cookie) {
399 CHECK(binder != nullptr);
400
401 std::lock_guard<std::mutex> l(mDeathRecipientsMutex);
402
403 sp<TransferDeathRecipient> recipient =
404 new TransferDeathRecipient(binder, cookie, this, mOnDied);
405
406 status_t status = binder->linkToDeath(recipient, cookie, 0 /*flags*/);
407 if (status != STATUS_OK) {
408 return PruneStatusT(status);
409 }
410
411 mDeathRecipients.push_back(recipient);
412
413 pruneDeadTransferEntriesLocked();
414 return STATUS_OK;
415 }
416
unlinkToDeath(const sp<IBinder> & binder,void * cookie)417 binder_status_t AIBinder_DeathRecipient::unlinkToDeath(const sp<IBinder>& binder, void* cookie) {
418 CHECK(binder != nullptr);
419
420 std::lock_guard<std::mutex> l(mDeathRecipientsMutex);
421
422 for (auto it = mDeathRecipients.rbegin(); it != mDeathRecipients.rend(); ++it) {
423 sp<TransferDeathRecipient> recipient = *it;
424
425 if (recipient->getCookie() == cookie && recipient->getWho() == binder) {
426 mDeathRecipients.erase(it.base() - 1);
427
428 status_t status = binder->unlinkToDeath(recipient, cookie, 0 /*flags*/);
429 if (status != ::android::OK) {
430 LOG(ERROR) << __func__
431 << ": removed reference to death recipient but unlink failed.";
432 }
433 return PruneStatusT(status);
434 }
435 }
436
437 return STATUS_NAME_NOT_FOUND;
438 }
439
440 // start of C-API methods
441
AIBinder_new(const AIBinder_Class * clazz,void * args)442 AIBinder* AIBinder_new(const AIBinder_Class* clazz, void* args) {
443 if (clazz == nullptr) {
444 LOG(ERROR) << __func__ << ": Must provide class to construct local binder.";
445 return nullptr;
446 }
447
448 void* userData = clazz->onCreate(args);
449
450 sp<AIBinder> ret = new ABBinder(clazz, userData);
451 ABBinderTag::attach(ret->getBinder());
452
453 AIBinder_incStrong(ret.get());
454 return ret.get();
455 }
456
AIBinder_isRemote(const AIBinder * binder)457 bool AIBinder_isRemote(const AIBinder* binder) {
458 if (binder == nullptr) {
459 return false;
460 }
461
462 return binder->isRemote();
463 }
464
AIBinder_isAlive(const AIBinder * binder)465 bool AIBinder_isAlive(const AIBinder* binder) {
466 if (binder == nullptr) {
467 return false;
468 }
469
470 return const_cast<AIBinder*>(binder)->getBinder()->isBinderAlive();
471 }
472
AIBinder_ping(AIBinder * binder)473 binder_status_t AIBinder_ping(AIBinder* binder) {
474 if (binder == nullptr) {
475 return STATUS_UNEXPECTED_NULL;
476 }
477
478 return PruneStatusT(binder->getBinder()->pingBinder());
479 }
480
AIBinder_dump(AIBinder * binder,int fd,const char ** args,uint32_t numArgs)481 binder_status_t AIBinder_dump(AIBinder* binder, int fd, const char** args, uint32_t numArgs) {
482 if (binder == nullptr) {
483 return STATUS_UNEXPECTED_NULL;
484 }
485
486 ABBinder* bBinder = binder->asABBinder();
487 if (bBinder != nullptr) {
488 AIBinder_onDump onDump = binder->getClass()->onDump;
489 if (onDump == nullptr) {
490 return STATUS_OK;
491 }
492 return PruneStatusT(onDump(bBinder, fd, args, numArgs));
493 }
494
495 ::android::Vector<String16> utf16Args;
496 utf16Args.setCapacity(numArgs);
497 for (uint32_t i = 0; i < numArgs; i++) {
498 utf16Args.push(String16(String8(args[i])));
499 }
500
501 status_t status = binder->getBinder()->dump(fd, utf16Args);
502 return PruneStatusT(status);
503 }
504
AIBinder_linkToDeath(AIBinder * binder,AIBinder_DeathRecipient * recipient,void * cookie)505 binder_status_t AIBinder_linkToDeath(AIBinder* binder, AIBinder_DeathRecipient* recipient,
506 void* cookie) {
507 if (binder == nullptr || recipient == nullptr) {
508 LOG(ERROR) << __func__ << ": Must provide binder and recipient.";
509 return STATUS_UNEXPECTED_NULL;
510 }
511
512 // returns binder_status_t
513 return recipient->linkToDeath(binder->getBinder(), cookie);
514 }
515
AIBinder_unlinkToDeath(AIBinder * binder,AIBinder_DeathRecipient * recipient,void * cookie)516 binder_status_t AIBinder_unlinkToDeath(AIBinder* binder, AIBinder_DeathRecipient* recipient,
517 void* cookie) {
518 if (binder == nullptr || recipient == nullptr) {
519 LOG(ERROR) << __func__ << ": Must provide binder and recipient.";
520 return STATUS_UNEXPECTED_NULL;
521 }
522
523 // returns binder_status_t
524 return recipient->unlinkToDeath(binder->getBinder(), cookie);
525 }
526
AIBinder_getCallingUid()527 uid_t AIBinder_getCallingUid() {
528 return ::android::IPCThreadState::self()->getCallingUid();
529 }
530
AIBinder_getCallingPid()531 pid_t AIBinder_getCallingPid() {
532 return ::android::IPCThreadState::self()->getCallingPid();
533 }
534
AIBinder_incStrong(AIBinder * binder)535 void AIBinder_incStrong(AIBinder* binder) {
536 if (binder == nullptr) {
537 return;
538 }
539
540 binder->incStrong(nullptr);
541 }
AIBinder_decStrong(AIBinder * binder)542 void AIBinder_decStrong(AIBinder* binder) {
543 if (binder == nullptr) {
544 LOG(ERROR) << __func__ << ": on null binder";
545 return;
546 }
547
548 binder->decStrong(nullptr);
549 }
AIBinder_debugGetRefCount(AIBinder * binder)550 int32_t AIBinder_debugGetRefCount(AIBinder* binder) {
551 if (binder == nullptr) {
552 LOG(ERROR) << __func__ << ": on null binder";
553 return -1;
554 }
555
556 return binder->getStrongCount();
557 }
558
AIBinder_associateClass(AIBinder * binder,const AIBinder_Class * clazz)559 bool AIBinder_associateClass(AIBinder* binder, const AIBinder_Class* clazz) {
560 if (binder == nullptr) {
561 return false;
562 }
563
564 return binder->associateClass(clazz);
565 }
566
AIBinder_getClass(AIBinder * binder)567 const AIBinder_Class* AIBinder_getClass(AIBinder* binder) {
568 if (binder == nullptr) {
569 return nullptr;
570 }
571
572 return binder->getClass();
573 }
574
AIBinder_getUserData(AIBinder * binder)575 void* AIBinder_getUserData(AIBinder* binder) {
576 if (binder == nullptr) {
577 return nullptr;
578 }
579
580 ABBinder* bBinder = binder->asABBinder();
581 if (bBinder == nullptr) {
582 return nullptr;
583 }
584
585 return bBinder->getUserData();
586 }
587
AIBinder_prepareTransaction(AIBinder * binder,AParcel ** in)588 binder_status_t AIBinder_prepareTransaction(AIBinder* binder, AParcel** in) {
589 if (binder == nullptr || in == nullptr) {
590 LOG(ERROR) << __func__ << ": requires non-null parameters.";
591 return STATUS_UNEXPECTED_NULL;
592 }
593 const AIBinder_Class* clazz = binder->getClass();
594 if (clazz == nullptr) {
595 LOG(ERROR) << __func__
596 << ": Class must be defined for a remote binder transaction. See "
597 "AIBinder_associateClass.";
598 return STATUS_INVALID_OPERATION;
599 }
600
601 *in = new AParcel(binder);
602 (*in)->get()->markForBinder(binder->getBinder());
603
604 status_t status = (*in)->get()->writeInterfaceToken(clazz->getInterfaceDescriptor());
605 binder_status_t ret = PruneStatusT(status);
606
607 if (ret != STATUS_OK) {
608 delete *in;
609 *in = nullptr;
610 }
611
612 return ret;
613 }
614
DestroyParcel(AParcel ** parcel)615 static void DestroyParcel(AParcel** parcel) {
616 delete *parcel;
617 *parcel = nullptr;
618 }
619
AIBinder_transact(AIBinder * binder,transaction_code_t code,AParcel ** in,AParcel ** out,binder_flags_t flags)620 binder_status_t AIBinder_transact(AIBinder* binder, transaction_code_t code, AParcel** in,
621 AParcel** out, binder_flags_t flags) {
622 if (in == nullptr) {
623 LOG(ERROR) << __func__ << ": requires non-null in parameter";
624 return STATUS_UNEXPECTED_NULL;
625 }
626
627 using AutoParcelDestroyer = std::unique_ptr<AParcel*, void (*)(AParcel**)>;
628 // This object is the input to the transaction. This function takes ownership of it and deletes
629 // it.
630 AutoParcelDestroyer forIn(in, DestroyParcel);
631
632 if (!isUserCommand(code)) {
633 LOG(ERROR) << __func__ << ": Only user-defined transactions can be made from the NDK.";
634 return STATUS_UNKNOWN_TRANSACTION;
635 }
636
637 constexpr binder_flags_t kAllFlags = FLAG_PRIVATE_VENDOR | FLAG_ONEWAY | FLAG_CLEAR_BUF;
638 if ((flags & ~kAllFlags) != 0) {
639 LOG(ERROR) << __func__ << ": Unrecognized flags sent: " << flags;
640 return STATUS_BAD_VALUE;
641 }
642
643 if (binder == nullptr || *in == nullptr || out == nullptr) {
644 LOG(ERROR) << __func__ << ": requires non-null parameters.";
645 return STATUS_UNEXPECTED_NULL;
646 }
647
648 if ((*in)->getBinder() != binder) {
649 LOG(ERROR) << __func__ << ": parcel is associated with binder object " << binder
650 << " but called with " << (*in)->getBinder();
651 return STATUS_BAD_VALUE;
652 }
653
654 *out = new AParcel(binder);
655
656 status_t status = binder->getBinder()->transact(code, *(*in)->get(), (*out)->get(), flags);
657 binder_status_t ret = PruneStatusT(status);
658
659 if (ret != STATUS_OK) {
660 delete *out;
661 *out = nullptr;
662 }
663
664 return ret;
665 }
666
AIBinder_DeathRecipient_new(AIBinder_DeathRecipient_onBinderDied onBinderDied)667 AIBinder_DeathRecipient* AIBinder_DeathRecipient_new(
668 AIBinder_DeathRecipient_onBinderDied onBinderDied) {
669 if (onBinderDied == nullptr) {
670 LOG(ERROR) << __func__ << ": requires non-null onBinderDied parameter.";
671 return nullptr;
672 }
673 auto ret = new AIBinder_DeathRecipient(onBinderDied);
674 ret->incStrong(nullptr);
675 return ret;
676 }
677
AIBinder_DeathRecipient_delete(AIBinder_DeathRecipient * recipient)678 void AIBinder_DeathRecipient_delete(AIBinder_DeathRecipient* recipient) {
679 if (recipient == nullptr) {
680 return;
681 }
682
683 recipient->decStrong(nullptr);
684 }
685
AIBinder_getExtension(AIBinder * binder,AIBinder ** outExt)686 binder_status_t AIBinder_getExtension(AIBinder* binder, AIBinder** outExt) {
687 if (binder == nullptr || outExt == nullptr) {
688 if (outExt != nullptr) {
689 *outExt = nullptr;
690 }
691 return STATUS_UNEXPECTED_NULL;
692 }
693
694 sp<IBinder> ext;
695 status_t res = binder->getBinder()->getExtension(&ext);
696
697 if (res != android::OK) {
698 *outExt = nullptr;
699 return PruneStatusT(res);
700 }
701
702 sp<AIBinder> ret = ABpBinder::lookupOrCreateFromBinder(ext);
703 if (ret != nullptr) ret->incStrong(binder);
704
705 *outExt = ret.get();
706 return STATUS_OK;
707 }
708
AIBinder_setExtension(AIBinder * binder,AIBinder * ext)709 binder_status_t AIBinder_setExtension(AIBinder* binder, AIBinder* ext) {
710 if (binder == nullptr || ext == nullptr) {
711 return STATUS_UNEXPECTED_NULL;
712 }
713
714 ABBinder* rawBinder = binder->asABBinder();
715 if (rawBinder == nullptr) {
716 return STATUS_INVALID_OPERATION;
717 }
718
719 rawBinder->setExtension(ext->getBinder());
720 return STATUS_OK;
721 }
722
723 // platform methods follow
724
AIBinder_setRequestingSid(AIBinder * binder,bool requestingSid)725 void AIBinder_setRequestingSid(AIBinder* binder, bool requestingSid) {
726 ABBinder* localBinder = binder->asABBinder();
727 if (localBinder == nullptr) {
728 LOG(FATAL) << "AIBinder_setRequestingSid must be called on a local binder";
729 }
730
731 localBinder->setRequestingSid(requestingSid);
732 }
733
AIBinder_getCallingSid()734 const char* AIBinder_getCallingSid() {
735 return ::android::IPCThreadState::self()->getCallingSid();
736 }
737
AIBinder_toPlatformBinder(AIBinder * binder)738 android::sp<android::IBinder> AIBinder_toPlatformBinder(AIBinder* binder) {
739 if (binder == nullptr) return nullptr;
740 return binder->getBinder();
741 }
742
AIBinder_fromPlatformBinder(const android::sp<android::IBinder> & binder)743 AIBinder* AIBinder_fromPlatformBinder(const android::sp<android::IBinder>& binder) {
744 sp<AIBinder> ndkBinder = ABpBinder::lookupOrCreateFromBinder(binder);
745 AIBinder_incStrong(ndkBinder.get());
746 return ndkBinder.get();
747 }
748