1 /*
2 * Copyright (C) 2005 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define LOG_TAG "Parcel"
18 //#define LOG_NDEBUG 0
19
20 #include <errno.h>
21 #include <fcntl.h>
22 #include <inttypes.h>
23 #include <linux/sched.h>
24 #include <pthread.h>
25 #include <stdint.h>
26 #include <stdio.h>
27 #include <stdlib.h>
28 #include <sys/mman.h>
29 #include <sys/stat.h>
30 #include <sys/types.h>
31 #include <sys/resource.h>
32 #include <unistd.h>
33
34 #include <binder/Binder.h>
35 #include <binder/BpBinder.h>
36 #include <binder/IPCThreadState.h>
37 #include <binder/Parcel.h>
38 #include <binder/ProcessState.h>
39 #include <binder/Stability.h>
40 #include <binder/Status.h>
41 #include <binder/TextOutput.h>
42
43 #include <cutils/ashmem.h>
44 #include <cutils/compiler.h>
45 #include <utils/Flattenable.h>
46 #include <utils/Log.h>
47 #include <utils/String16.h>
48 #include <utils/String8.h>
49 #include <utils/misc.h>
50
51 #include "RpcState.h"
52 #include "Static.h"
53 #include "Utils.h"
54 #include "binder_module.h"
55
56 #define LOG_REFS(...)
57 //#define LOG_REFS(...) ALOG(LOG_DEBUG, LOG_TAG, __VA_ARGS__)
58 #define LOG_ALLOC(...)
59 //#define LOG_ALLOC(...) ALOG(LOG_DEBUG, LOG_TAG, __VA_ARGS__)
60
61 // ---------------------------------------------------------------------------
62
63 // This macro should never be used at runtime, as a too large value
64 // of s could cause an integer overflow. Instead, you should always
65 // use the wrapper function pad_size()
66 #define PAD_SIZE_UNSAFE(s) (((s)+3)&~3)
67
pad_size(size_t s)68 static size_t pad_size(size_t s) {
69 if (s > (std::numeric_limits<size_t>::max() - 3)) {
70 LOG_ALWAYS_FATAL("pad size too big %zu", s);
71 }
72 return PAD_SIZE_UNSAFE(s);
73 }
74
75 // Note: must be kept in sync with android/os/StrictMode.java's PENALTY_GATHER
76 #define STRICT_MODE_PENALTY_GATHER (1 << 31)
77
78 namespace android {
79
80 // many things compile this into prebuilts on the stack
81 #ifdef __LP64__
82 static_assert(sizeof(Parcel) == 120);
83 #else
84 static_assert(sizeof(Parcel) == 60);
85 #endif
86
87 static std::atomic<size_t> gParcelGlobalAllocCount;
88 static std::atomic<size_t> gParcelGlobalAllocSize;
89
90 static size_t gMaxFds = 0;
91
92 // Maximum size of a blob to transfer in-place.
93 static const size_t BLOB_INPLACE_LIMIT = 16 * 1024;
94
95 enum {
96 BLOB_INPLACE = 0,
97 BLOB_ASHMEM_IMMUTABLE = 1,
98 BLOB_ASHMEM_MUTABLE = 2,
99 };
100
acquire_object(const sp<ProcessState> & proc,const flat_binder_object & obj,const void * who,size_t * outAshmemSize)101 static void acquire_object(const sp<ProcessState>& proc,
102 const flat_binder_object& obj, const void* who, size_t* outAshmemSize)
103 {
104 switch (obj.hdr.type) {
105 case BINDER_TYPE_BINDER:
106 if (obj.binder) {
107 LOG_REFS("Parcel %p acquiring reference on local %p", who, obj.cookie);
108 reinterpret_cast<IBinder*>(obj.cookie)->incStrong(who);
109 }
110 return;
111 case BINDER_TYPE_HANDLE: {
112 const sp<IBinder> b = proc->getStrongProxyForHandle(obj.handle);
113 if (b != nullptr) {
114 LOG_REFS("Parcel %p acquiring reference on remote %p", who, b.get());
115 b->incStrong(who);
116 }
117 return;
118 }
119 case BINDER_TYPE_FD: {
120 if ((obj.cookie != 0) && (outAshmemSize != nullptr) && ashmem_valid(obj.handle)) {
121 // If we own an ashmem fd, keep track of how much memory it refers to.
122 int size = ashmem_get_size_region(obj.handle);
123 if (size > 0) {
124 *outAshmemSize += size;
125 }
126 }
127 return;
128 }
129 }
130
131 ALOGD("Invalid object type 0x%08x", obj.hdr.type);
132 }
133
release_object(const sp<ProcessState> & proc,const flat_binder_object & obj,const void * who,size_t * outAshmemSize)134 static void release_object(const sp<ProcessState>& proc,
135 const flat_binder_object& obj, const void* who, size_t* outAshmemSize)
136 {
137 switch (obj.hdr.type) {
138 case BINDER_TYPE_BINDER:
139 if (obj.binder) {
140 LOG_REFS("Parcel %p releasing reference on local %p", who, obj.cookie);
141 reinterpret_cast<IBinder*>(obj.cookie)->decStrong(who);
142 }
143 return;
144 case BINDER_TYPE_HANDLE: {
145 const sp<IBinder> b = proc->getStrongProxyForHandle(obj.handle);
146 if (b != nullptr) {
147 LOG_REFS("Parcel %p releasing reference on remote %p", who, b.get());
148 b->decStrong(who);
149 }
150 return;
151 }
152 case BINDER_TYPE_FD: {
153 if (obj.cookie != 0) { // owned
154 if ((outAshmemSize != nullptr) && ashmem_valid(obj.handle)) {
155 int size = ashmem_get_size_region(obj.handle);
156 if (size > 0) {
157 // ashmem size might have changed since last time it was accounted for, e.g.
158 // in acquire_object(). Value of *outAshmemSize is not critical since we are
159 // releasing the object anyway. Check for integer overflow condition.
160 *outAshmemSize -= std::min(*outAshmemSize, static_cast<size_t>(size));
161 }
162 }
163
164 close(obj.handle);
165 }
166 return;
167 }
168 }
169
170 ALOGE("Invalid object type 0x%08x", obj.hdr.type);
171 }
172
finishFlattenBinder(const sp<IBinder> & binder)173 status_t Parcel::finishFlattenBinder(const sp<IBinder>& binder)
174 {
175 internal::Stability::tryMarkCompilationUnit(binder.get());
176 auto category = internal::Stability::getCategory(binder.get());
177 return writeInt32(category.repr());
178 }
179
finishUnflattenBinder(const sp<IBinder> & binder,sp<IBinder> * out) const180 status_t Parcel::finishUnflattenBinder(
181 const sp<IBinder>& binder, sp<IBinder>* out) const
182 {
183 int32_t stability;
184 status_t status = readInt32(&stability);
185 if (status != OK) return status;
186
187 status = internal::Stability::setRepr(binder.get(), stability, true /*log*/);
188 if (status != OK) return status;
189
190 *out = binder;
191 return OK;
192 }
193
schedPolicyMask(int policy,int priority)194 static constexpr inline int schedPolicyMask(int policy, int priority) {
195 return (priority & FLAT_BINDER_FLAG_PRIORITY_MASK) | ((policy & 3) << FLAT_BINDER_FLAG_SCHED_POLICY_SHIFT);
196 }
197
flattenBinder(const sp<IBinder> & binder)198 status_t Parcel::flattenBinder(const sp<IBinder>& binder)
199 {
200 if (isForRpc()) {
201 if (binder) {
202 status_t status = writeInt32(1); // non-null
203 if (status != OK) return status;
204 RpcAddress address = RpcAddress::zero();
205 status = mSession->state()->onBinderLeaving(mSession, binder, &address);
206 if (status != OK) return status;
207 status = address.writeToParcel(this);
208 if (status != OK) return status;
209 } else {
210 status_t status = writeInt32(0); // null
211 if (status != OK) return status;
212 }
213 return finishFlattenBinder(binder);
214 }
215
216 flat_binder_object obj;
217 obj.flags = FLAT_BINDER_FLAG_ACCEPTS_FDS;
218
219 int schedBits = 0;
220 if (!IPCThreadState::self()->backgroundSchedulingDisabled()) {
221 schedBits = schedPolicyMask(SCHED_NORMAL, 19);
222 }
223
224 if (binder != nullptr) {
225 BBinder *local = binder->localBinder();
226 if (!local) {
227 BpBinder *proxy = binder->remoteBinder();
228 if (proxy == nullptr) {
229 ALOGE("null proxy");
230 } else {
231 if (proxy->isRpcBinder()) {
232 ALOGE("Sending a socket binder over RPC is prohibited");
233 return INVALID_OPERATION;
234 }
235 }
236 const int32_t handle = proxy ? proxy->getPrivateAccessorForId().binderHandle() : 0;
237 obj.hdr.type = BINDER_TYPE_HANDLE;
238 obj.binder = 0; /* Don't pass uninitialized stack data to a remote process */
239 obj.handle = handle;
240 obj.cookie = 0;
241 } else {
242 int policy = local->getMinSchedulerPolicy();
243 int priority = local->getMinSchedulerPriority();
244
245 if (policy != 0 || priority != 0) {
246 // override value, since it is set explicitly
247 schedBits = schedPolicyMask(policy, priority);
248 }
249 if (local->isRequestingSid()) {
250 obj.flags |= FLAT_BINDER_FLAG_TXN_SECURITY_CTX;
251 }
252 if (local->isInheritRt()) {
253 obj.flags |= FLAT_BINDER_FLAG_INHERIT_RT;
254 }
255 obj.hdr.type = BINDER_TYPE_BINDER;
256 obj.binder = reinterpret_cast<uintptr_t>(local->getWeakRefs());
257 obj.cookie = reinterpret_cast<uintptr_t>(local);
258 }
259 } else {
260 obj.hdr.type = BINDER_TYPE_BINDER;
261 obj.binder = 0;
262 obj.cookie = 0;
263 }
264
265 obj.flags |= schedBits;
266
267 status_t status = writeObject(obj, false);
268 if (status != OK) return status;
269
270 return finishFlattenBinder(binder);
271 }
272
unflattenBinder(sp<IBinder> * out) const273 status_t Parcel::unflattenBinder(sp<IBinder>* out) const
274 {
275 if (isForRpc()) {
276 LOG_ALWAYS_FATAL_IF(mSession == nullptr, "RpcSession required to read from remote parcel");
277
278 int32_t isNull;
279 status_t status = readInt32(&isNull);
280 if (status != OK) return status;
281
282 sp<IBinder> binder;
283
284 if (isNull & 1) {
285 auto addr = RpcAddress::zero();
286 status_t status = addr.readFromParcel(*this);
287 if (status != OK) return status;
288 binder = mSession->state()->onBinderEntering(mSession, addr);
289 }
290
291 return finishUnflattenBinder(binder, out);
292 }
293
294 const flat_binder_object* flat = readObject(false);
295
296 if (flat) {
297 switch (flat->hdr.type) {
298 case BINDER_TYPE_BINDER: {
299 sp<IBinder> binder =
300 sp<IBinder>::fromExisting(reinterpret_cast<IBinder*>(flat->cookie));
301 return finishUnflattenBinder(binder, out);
302 }
303 case BINDER_TYPE_HANDLE: {
304 sp<IBinder> binder =
305 ProcessState::self()->getStrongProxyForHandle(flat->handle);
306 return finishUnflattenBinder(binder, out);
307 }
308 }
309 }
310 return BAD_TYPE;
311 }
312
313 // ---------------------------------------------------------------------------
314
Parcel()315 Parcel::Parcel()
316 {
317 LOG_ALLOC("Parcel %p: constructing", this);
318 initState();
319 }
320
~Parcel()321 Parcel::~Parcel()
322 {
323 freeDataNoInit();
324 LOG_ALLOC("Parcel %p: destroyed", this);
325 }
326
getGlobalAllocSize()327 size_t Parcel::getGlobalAllocSize() {
328 return gParcelGlobalAllocSize.load();
329 }
330
getGlobalAllocCount()331 size_t Parcel::getGlobalAllocCount() {
332 return gParcelGlobalAllocCount.load();
333 }
334
data() const335 const uint8_t* Parcel::data() const
336 {
337 return mData;
338 }
339
dataSize() const340 size_t Parcel::dataSize() const
341 {
342 return (mDataSize > mDataPos ? mDataSize : mDataPos);
343 }
344
dataAvail() const345 size_t Parcel::dataAvail() const
346 {
347 size_t result = dataSize() - dataPosition();
348 if (result > INT32_MAX) {
349 LOG_ALWAYS_FATAL("result too big: %zu", result);
350 }
351 return result;
352 }
353
dataPosition() const354 size_t Parcel::dataPosition() const
355 {
356 return mDataPos;
357 }
358
dataCapacity() const359 size_t Parcel::dataCapacity() const
360 {
361 return mDataCapacity;
362 }
363
setDataSize(size_t size)364 status_t Parcel::setDataSize(size_t size)
365 {
366 if (size > INT32_MAX) {
367 // don't accept size_t values which may have come from an
368 // inadvertent conversion from a negative int.
369 return BAD_VALUE;
370 }
371
372 status_t err;
373 err = continueWrite(size);
374 if (err == NO_ERROR) {
375 mDataSize = size;
376 ALOGV("setDataSize Setting data size of %p to %zu", this, mDataSize);
377 }
378 return err;
379 }
380
setDataPosition(size_t pos) const381 void Parcel::setDataPosition(size_t pos) const
382 {
383 if (pos > INT32_MAX) {
384 // don't accept size_t values which may have come from an
385 // inadvertent conversion from a negative int.
386 LOG_ALWAYS_FATAL("pos too big: %zu", pos);
387 }
388
389 mDataPos = pos;
390 mNextObjectHint = 0;
391 mObjectsSorted = false;
392 }
393
setDataCapacity(size_t size)394 status_t Parcel::setDataCapacity(size_t size)
395 {
396 if (size > INT32_MAX) {
397 // don't accept size_t values which may have come from an
398 // inadvertent conversion from a negative int.
399 return BAD_VALUE;
400 }
401
402 if (size > mDataCapacity) return continueWrite(size);
403 return NO_ERROR;
404 }
405
setData(const uint8_t * buffer,size_t len)406 status_t Parcel::setData(const uint8_t* buffer, size_t len)
407 {
408 if (len > INT32_MAX) {
409 // don't accept size_t values which may have come from an
410 // inadvertent conversion from a negative int.
411 return BAD_VALUE;
412 }
413
414 status_t err = restartWrite(len);
415 if (err == NO_ERROR) {
416 memcpy(const_cast<uint8_t*>(data()), buffer, len);
417 mDataSize = len;
418 mFdsKnown = false;
419 }
420 return err;
421 }
422
appendFrom(const Parcel * parcel,size_t offset,size_t len)423 status_t Parcel::appendFrom(const Parcel *parcel, size_t offset, size_t len)
424 {
425 if (parcel->isForRpc() != isForRpc()) {
426 ALOGE("Cannot append Parcel of one format to another.");
427 return BAD_TYPE;
428 }
429
430 status_t err;
431 const uint8_t *data = parcel->mData;
432 const binder_size_t *objects = parcel->mObjects;
433 size_t size = parcel->mObjectsSize;
434 int startPos = mDataPos;
435 int firstIndex = -1, lastIndex = -2;
436
437 if (len == 0) {
438 return NO_ERROR;
439 }
440
441 if (len > INT32_MAX) {
442 // don't accept size_t values which may have come from an
443 // inadvertent conversion from a negative int.
444 return BAD_VALUE;
445 }
446
447 // range checks against the source parcel size
448 if ((offset > parcel->mDataSize)
449 || (len > parcel->mDataSize)
450 || (offset + len > parcel->mDataSize)) {
451 return BAD_VALUE;
452 }
453
454 // Count objects in range
455 for (int i = 0; i < (int) size; i++) {
456 size_t off = objects[i];
457 if ((off >= offset) && (off + sizeof(flat_binder_object) <= offset + len)) {
458 if (firstIndex == -1) {
459 firstIndex = i;
460 }
461 lastIndex = i;
462 }
463 }
464 int numObjects = lastIndex - firstIndex + 1;
465
466 if ((mDataSize+len) > mDataCapacity) {
467 // grow data
468 err = growData(len);
469 if (err != NO_ERROR) {
470 return err;
471 }
472 }
473
474 // append data
475 memcpy(mData + mDataPos, data + offset, len);
476 mDataPos += len;
477 mDataSize += len;
478
479 err = NO_ERROR;
480
481 if (numObjects > 0) {
482 const sp<ProcessState> proc(ProcessState::self());
483 // grow objects
484 if (mObjectsCapacity < mObjectsSize + numObjects) {
485 if ((size_t) numObjects > SIZE_MAX - mObjectsSize) return NO_MEMORY; // overflow
486 if (mObjectsSize + numObjects > SIZE_MAX / 3) return NO_MEMORY; // overflow
487 size_t newSize = ((mObjectsSize + numObjects)*3)/2;
488 if (newSize > SIZE_MAX / sizeof(binder_size_t)) return NO_MEMORY; // overflow
489 binder_size_t *objects =
490 (binder_size_t*)realloc(mObjects, newSize*sizeof(binder_size_t));
491 if (objects == (binder_size_t*)nullptr) {
492 return NO_MEMORY;
493 }
494 mObjects = objects;
495 mObjectsCapacity = newSize;
496 }
497
498 // append and acquire objects
499 int idx = mObjectsSize;
500 for (int i = firstIndex; i <= lastIndex; i++) {
501 size_t off = objects[i] - offset + startPos;
502 mObjects[idx++] = off;
503 mObjectsSize++;
504
505 flat_binder_object* flat
506 = reinterpret_cast<flat_binder_object*>(mData + off);
507 acquire_object(proc, *flat, this, &mOpenAshmemSize);
508
509 if (flat->hdr.type == BINDER_TYPE_FD) {
510 // If this is a file descriptor, we need to dup it so the
511 // new Parcel now owns its own fd, and can declare that we
512 // officially know we have fds.
513 flat->handle = fcntl(flat->handle, F_DUPFD_CLOEXEC, 0);
514 flat->cookie = 1;
515 mHasFds = mFdsKnown = true;
516 if (!mAllowFds) {
517 err = FDS_NOT_ALLOWED;
518 }
519 }
520 }
521 }
522
523 return err;
524 }
525
compareData(const Parcel & other)526 int Parcel::compareData(const Parcel& other) {
527 size_t size = dataSize();
528 if (size != other.dataSize()) {
529 return size < other.dataSize() ? -1 : 1;
530 }
531 return memcmp(data(), other.data(), size);
532 }
533
allowFds() const534 bool Parcel::allowFds() const
535 {
536 return mAllowFds;
537 }
538
pushAllowFds(bool allowFds)539 bool Parcel::pushAllowFds(bool allowFds)
540 {
541 const bool origValue = mAllowFds;
542 if (!allowFds) {
543 mAllowFds = false;
544 }
545 return origValue;
546 }
547
restoreAllowFds(bool lastValue)548 void Parcel::restoreAllowFds(bool lastValue)
549 {
550 mAllowFds = lastValue;
551 }
552
hasFileDescriptors() const553 bool Parcel::hasFileDescriptors() const
554 {
555 if (!mFdsKnown) {
556 scanForFds();
557 }
558 return mHasFds;
559 }
560
markSensitive() const561 void Parcel::markSensitive() const
562 {
563 mDeallocZero = true;
564 }
565
markForBinder(const sp<IBinder> & binder)566 void Parcel::markForBinder(const sp<IBinder>& binder) {
567 LOG_ALWAYS_FATAL_IF(mData != nullptr, "format must be set before data is written");
568
569 if (binder && binder->remoteBinder() && binder->remoteBinder()->isRpcBinder()) {
570 markForRpc(binder->remoteBinder()->getPrivateAccessorForId().rpcSession());
571 }
572 }
573
markForRpc(const sp<RpcSession> & session)574 void Parcel::markForRpc(const sp<RpcSession>& session) {
575 LOG_ALWAYS_FATAL_IF(mData != nullptr && mOwner == nullptr,
576 "format must be set before data is written OR on IPC data");
577
578 LOG_ALWAYS_FATAL_IF(session == nullptr, "markForRpc requires session");
579 mSession = session;
580 }
581
isForRpc() const582 bool Parcel::isForRpc() const {
583 return mSession != nullptr;
584 }
585
updateWorkSourceRequestHeaderPosition() const586 void Parcel::updateWorkSourceRequestHeaderPosition() const {
587 // Only update the request headers once. We only want to point
588 // to the first headers read/written.
589 if (!mRequestHeaderPresent) {
590 mWorkSourceRequestHeaderPosition = dataPosition();
591 mRequestHeaderPresent = true;
592 }
593 }
594
595 #if defined(__ANDROID_VNDK__)
596 constexpr int32_t kHeader = B_PACK_CHARS('V', 'N', 'D', 'R');
597 #else
598 constexpr int32_t kHeader = B_PACK_CHARS('S', 'Y', 'S', 'T');
599 #endif
600
601 // Write RPC headers. (previously just the interface token)
writeInterfaceToken(const String16 & interface)602 status_t Parcel::writeInterfaceToken(const String16& interface)
603 {
604 return writeInterfaceToken(interface.string(), interface.size());
605 }
606
writeInterfaceToken(const char16_t * str,size_t len)607 status_t Parcel::writeInterfaceToken(const char16_t* str, size_t len) {
608 if (CC_LIKELY(!isForRpc())) {
609 const IPCThreadState* threadState = IPCThreadState::self();
610 writeInt32(threadState->getStrictModePolicy() | STRICT_MODE_PENALTY_GATHER);
611 updateWorkSourceRequestHeaderPosition();
612 writeInt32(threadState->shouldPropagateWorkSource() ? threadState->getCallingWorkSourceUid()
613 : IPCThreadState::kUnsetWorkSource);
614 writeInt32(kHeader);
615 }
616
617 // currently the interface identification token is just its name as a string
618 return writeString16(str, len);
619 }
620
replaceCallingWorkSourceUid(uid_t uid)621 bool Parcel::replaceCallingWorkSourceUid(uid_t uid)
622 {
623 if (!mRequestHeaderPresent) {
624 return false;
625 }
626
627 const size_t initialPosition = dataPosition();
628 setDataPosition(mWorkSourceRequestHeaderPosition);
629 status_t err = writeInt32(uid);
630 setDataPosition(initialPosition);
631 return err == NO_ERROR;
632 }
633
readCallingWorkSourceUid() const634 uid_t Parcel::readCallingWorkSourceUid() const
635 {
636 if (!mRequestHeaderPresent) {
637 return IPCThreadState::kUnsetWorkSource;
638 }
639
640 const size_t initialPosition = dataPosition();
641 setDataPosition(mWorkSourceRequestHeaderPosition);
642 uid_t uid = readInt32();
643 setDataPosition(initialPosition);
644 return uid;
645 }
646
checkInterface(IBinder * binder) const647 bool Parcel::checkInterface(IBinder* binder) const
648 {
649 return enforceInterface(binder->getInterfaceDescriptor());
650 }
651
enforceInterface(const String16 & interface,IPCThreadState * threadState) const652 bool Parcel::enforceInterface(const String16& interface,
653 IPCThreadState* threadState) const
654 {
655 return enforceInterface(interface.string(), interface.size(), threadState);
656 }
657
enforceInterface(const char16_t * interface,size_t len,IPCThreadState * threadState) const658 bool Parcel::enforceInterface(const char16_t* interface,
659 size_t len,
660 IPCThreadState* threadState) const
661 {
662 if (CC_LIKELY(!isForRpc())) {
663 // StrictModePolicy.
664 int32_t strictPolicy = readInt32();
665 if (threadState == nullptr) {
666 threadState = IPCThreadState::self();
667 }
668 if ((threadState->getLastTransactionBinderFlags() & IBinder::FLAG_ONEWAY) != 0) {
669 // For one-way calls, the callee is running entirely
670 // disconnected from the caller, so disable StrictMode entirely.
671 // Not only does disk/network usage not impact the caller, but
672 // there's no way to communicate back violations anyway.
673 threadState->setStrictModePolicy(0);
674 } else {
675 threadState->setStrictModePolicy(strictPolicy);
676 }
677 // WorkSource.
678 updateWorkSourceRequestHeaderPosition();
679 int32_t workSource = readInt32();
680 threadState->setCallingWorkSourceUidWithoutPropagation(workSource);
681 // vendor header
682 int32_t header = readInt32();
683 if (header != kHeader) {
684 ALOGE("Expecting header 0x%x but found 0x%x. Mixing copies of libbinder?", kHeader,
685 header);
686 return false;
687 }
688 }
689
690 // Interface descriptor.
691 size_t parcel_interface_len;
692 const char16_t* parcel_interface = readString16Inplace(&parcel_interface_len);
693 if (len == parcel_interface_len &&
694 (!len || !memcmp(parcel_interface, interface, len * sizeof (char16_t)))) {
695 return true;
696 } else {
697 ALOGW("**** enforceInterface() expected '%s' but read '%s'",
698 String8(interface, len).string(),
699 String8(parcel_interface, parcel_interface_len).string());
700 return false;
701 }
702 }
703
objectsCount() const704 size_t Parcel::objectsCount() const
705 {
706 return mObjectsSize;
707 }
708
errorCheck() const709 status_t Parcel::errorCheck() const
710 {
711 return mError;
712 }
713
setError(status_t err)714 void Parcel::setError(status_t err)
715 {
716 mError = err;
717 }
718
finishWrite(size_t len)719 status_t Parcel::finishWrite(size_t len)
720 {
721 if (len > INT32_MAX) {
722 // don't accept size_t values which may have come from an
723 // inadvertent conversion from a negative int.
724 return BAD_VALUE;
725 }
726
727 //printf("Finish write of %d\n", len);
728 mDataPos += len;
729 ALOGV("finishWrite Setting data pos of %p to %zu", this, mDataPos);
730 if (mDataPos > mDataSize) {
731 mDataSize = mDataPos;
732 ALOGV("finishWrite Setting data size of %p to %zu", this, mDataSize);
733 }
734 //printf("New pos=%d, size=%d\n", mDataPos, mDataSize);
735 return NO_ERROR;
736 }
737
writeUnpadded(const void * data,size_t len)738 status_t Parcel::writeUnpadded(const void* data, size_t len)
739 {
740 if (len > INT32_MAX) {
741 // don't accept size_t values which may have come from an
742 // inadvertent conversion from a negative int.
743 return BAD_VALUE;
744 }
745
746 size_t end = mDataPos + len;
747 if (end < mDataPos) {
748 // integer overflow
749 return BAD_VALUE;
750 }
751
752 if (end <= mDataCapacity) {
753 restart_write:
754 memcpy(mData+mDataPos, data, len);
755 return finishWrite(len);
756 }
757
758 status_t err = growData(len);
759 if (err == NO_ERROR) goto restart_write;
760 return err;
761 }
762
write(const void * data,size_t len)763 status_t Parcel::write(const void* data, size_t len)
764 {
765 if (len > INT32_MAX) {
766 // don't accept size_t values which may have come from an
767 // inadvertent conversion from a negative int.
768 return BAD_VALUE;
769 }
770
771 void* const d = writeInplace(len);
772 if (d) {
773 memcpy(d, data, len);
774 return NO_ERROR;
775 }
776 return mError;
777 }
778
writeInplace(size_t len)779 void* Parcel::writeInplace(size_t len)
780 {
781 if (len > INT32_MAX) {
782 // don't accept size_t values which may have come from an
783 // inadvertent conversion from a negative int.
784 return nullptr;
785 }
786
787 const size_t padded = pad_size(len);
788
789 // sanity check for integer overflow
790 if (mDataPos+padded < mDataPos) {
791 return nullptr;
792 }
793
794 if ((mDataPos+padded) <= mDataCapacity) {
795 restart_write:
796 //printf("Writing %ld bytes, padded to %ld\n", len, padded);
797 uint8_t* const data = mData+mDataPos;
798
799 // Need to pad at end?
800 if (padded != len) {
801 #if BYTE_ORDER == BIG_ENDIAN
802 static const uint32_t mask[4] = {
803 0x00000000, 0xffffff00, 0xffff0000, 0xff000000
804 };
805 #endif
806 #if BYTE_ORDER == LITTLE_ENDIAN
807 static const uint32_t mask[4] = {
808 0x00000000, 0x00ffffff, 0x0000ffff, 0x000000ff
809 };
810 #endif
811 //printf("Applying pad mask: %p to %p\n", (void*)mask[padded-len],
812 // *reinterpret_cast<void**>(data+padded-4));
813 *reinterpret_cast<uint32_t*>(data+padded-4) &= mask[padded-len];
814 }
815
816 finishWrite(padded);
817 return data;
818 }
819
820 status_t err = growData(padded);
821 if (err == NO_ERROR) goto restart_write;
822 return nullptr;
823 }
824
writeUtf8AsUtf16(const std::string & str)825 status_t Parcel::writeUtf8AsUtf16(const std::string& str) {
826 const uint8_t* strData = (uint8_t*)str.data();
827 const size_t strLen= str.length();
828 const ssize_t utf16Len = utf8_to_utf16_length(strData, strLen);
829 if (utf16Len < 0 || utf16Len > std::numeric_limits<int32_t>::max()) {
830 return BAD_VALUE;
831 }
832
833 status_t err = writeInt32(utf16Len);
834 if (err) {
835 return err;
836 }
837
838 // Allocate enough bytes to hold our converted string and its terminating NULL.
839 void* dst = writeInplace((utf16Len + 1) * sizeof(char16_t));
840 if (!dst) {
841 return NO_MEMORY;
842 }
843
844 utf8_to_utf16(strData, strLen, (char16_t*)dst, (size_t) utf16Len + 1);
845
846 return NO_ERROR;
847 }
848
849
writeUtf8AsUtf16(const std::optional<std::string> & str)850 status_t Parcel::writeUtf8AsUtf16(const std::optional<std::string>& str) { return writeData(str); }
writeUtf8AsUtf16(const std::unique_ptr<std::string> & str)851 status_t Parcel::writeUtf8AsUtf16(const std::unique_ptr<std::string>& str) { return writeData(str); }
852
writeString16(const std::optional<String16> & str)853 status_t Parcel::writeString16(const std::optional<String16>& str) { return writeData(str); }
writeString16(const std::unique_ptr<String16> & str)854 status_t Parcel::writeString16(const std::unique_ptr<String16>& str) { return writeData(str); }
855
writeByteVector(const std::vector<int8_t> & val)856 status_t Parcel::writeByteVector(const std::vector<int8_t>& val) { return writeData(val); }
writeByteVector(const std::optional<std::vector<int8_t>> & val)857 status_t Parcel::writeByteVector(const std::optional<std::vector<int8_t>>& val) { return writeData(val); }
writeByteVector(const std::unique_ptr<std::vector<int8_t>> & val)858 status_t Parcel::writeByteVector(const std::unique_ptr<std::vector<int8_t>>& val) { return writeData(val); }
writeByteVector(const std::vector<uint8_t> & val)859 status_t Parcel::writeByteVector(const std::vector<uint8_t>& val) { return writeData(val); }
writeByteVector(const std::optional<std::vector<uint8_t>> & val)860 status_t Parcel::writeByteVector(const std::optional<std::vector<uint8_t>>& val) { return writeData(val); }
writeByteVector(const std::unique_ptr<std::vector<uint8_t>> & val)861 status_t Parcel::writeByteVector(const std::unique_ptr<std::vector<uint8_t>>& val){ return writeData(val); }
writeInt32Vector(const std::vector<int32_t> & val)862 status_t Parcel::writeInt32Vector(const std::vector<int32_t>& val) { return writeData(val); }
writeInt32Vector(const std::optional<std::vector<int32_t>> & val)863 status_t Parcel::writeInt32Vector(const std::optional<std::vector<int32_t>>& val) { return writeData(val); }
writeInt32Vector(const std::unique_ptr<std::vector<int32_t>> & val)864 status_t Parcel::writeInt32Vector(const std::unique_ptr<std::vector<int32_t>>& val) { return writeData(val); }
writeInt64Vector(const std::vector<int64_t> & val)865 status_t Parcel::writeInt64Vector(const std::vector<int64_t>& val) { return writeData(val); }
writeInt64Vector(const std::optional<std::vector<int64_t>> & val)866 status_t Parcel::writeInt64Vector(const std::optional<std::vector<int64_t>>& val) { return writeData(val); }
writeInt64Vector(const std::unique_ptr<std::vector<int64_t>> & val)867 status_t Parcel::writeInt64Vector(const std::unique_ptr<std::vector<int64_t>>& val) { return writeData(val); }
writeUint64Vector(const std::vector<uint64_t> & val)868 status_t Parcel::writeUint64Vector(const std::vector<uint64_t>& val) { return writeData(val); }
writeUint64Vector(const std::optional<std::vector<uint64_t>> & val)869 status_t Parcel::writeUint64Vector(const std::optional<std::vector<uint64_t>>& val) { return writeData(val); }
writeUint64Vector(const std::unique_ptr<std::vector<uint64_t>> & val)870 status_t Parcel::writeUint64Vector(const std::unique_ptr<std::vector<uint64_t>>& val) { return writeData(val); }
writeFloatVector(const std::vector<float> & val)871 status_t Parcel::writeFloatVector(const std::vector<float>& val) { return writeData(val); }
writeFloatVector(const std::optional<std::vector<float>> & val)872 status_t Parcel::writeFloatVector(const std::optional<std::vector<float>>& val) { return writeData(val); }
writeFloatVector(const std::unique_ptr<std::vector<float>> & val)873 status_t Parcel::writeFloatVector(const std::unique_ptr<std::vector<float>>& val) { return writeData(val); }
writeDoubleVector(const std::vector<double> & val)874 status_t Parcel::writeDoubleVector(const std::vector<double>& val) { return writeData(val); }
writeDoubleVector(const std::optional<std::vector<double>> & val)875 status_t Parcel::writeDoubleVector(const std::optional<std::vector<double>>& val) { return writeData(val); }
writeDoubleVector(const std::unique_ptr<std::vector<double>> & val)876 status_t Parcel::writeDoubleVector(const std::unique_ptr<std::vector<double>>& val) { return writeData(val); }
writeBoolVector(const std::vector<bool> & val)877 status_t Parcel::writeBoolVector(const std::vector<bool>& val) { return writeData(val); }
writeBoolVector(const std::optional<std::vector<bool>> & val)878 status_t Parcel::writeBoolVector(const std::optional<std::vector<bool>>& val) { return writeData(val); }
writeBoolVector(const std::unique_ptr<std::vector<bool>> & val)879 status_t Parcel::writeBoolVector(const std::unique_ptr<std::vector<bool>>& val) { return writeData(val); }
writeCharVector(const std::vector<char16_t> & val)880 status_t Parcel::writeCharVector(const std::vector<char16_t>& val) { return writeData(val); }
writeCharVector(const std::optional<std::vector<char16_t>> & val)881 status_t Parcel::writeCharVector(const std::optional<std::vector<char16_t>>& val) { return writeData(val); }
writeCharVector(const std::unique_ptr<std::vector<char16_t>> & val)882 status_t Parcel::writeCharVector(const std::unique_ptr<std::vector<char16_t>>& val) { return writeData(val); }
883
writeString16Vector(const std::vector<String16> & val)884 status_t Parcel::writeString16Vector(const std::vector<String16>& val) { return writeData(val); }
writeString16Vector(const std::optional<std::vector<std::optional<String16>>> & val)885 status_t Parcel::writeString16Vector(
886 const std::optional<std::vector<std::optional<String16>>>& val) { return writeData(val); }
writeString16Vector(const std::unique_ptr<std::vector<std::unique_ptr<String16>>> & val)887 status_t Parcel::writeString16Vector(
888 const std::unique_ptr<std::vector<std::unique_ptr<String16>>>& val) { return writeData(val); }
writeUtf8VectorAsUtf16Vector(const std::optional<std::vector<std::optional<std::string>>> & val)889 status_t Parcel::writeUtf8VectorAsUtf16Vector(
890 const std::optional<std::vector<std::optional<std::string>>>& val) { return writeData(val); }
writeUtf8VectorAsUtf16Vector(const std::unique_ptr<std::vector<std::unique_ptr<std::string>>> & val)891 status_t Parcel::writeUtf8VectorAsUtf16Vector(
892 const std::unique_ptr<std::vector<std::unique_ptr<std::string>>>& val) { return writeData(val); }
writeUtf8VectorAsUtf16Vector(const std::vector<std::string> & val)893 status_t Parcel::writeUtf8VectorAsUtf16Vector(const std::vector<std::string>& val) { return writeData(val); }
894
writeUniqueFileDescriptorVector(const std::vector<base::unique_fd> & val)895 status_t Parcel::writeUniqueFileDescriptorVector(const std::vector<base::unique_fd>& val) { return writeData(val); }
writeUniqueFileDescriptorVector(const std::optional<std::vector<base::unique_fd>> & val)896 status_t Parcel::writeUniqueFileDescriptorVector(const std::optional<std::vector<base::unique_fd>>& val) { return writeData(val); }
writeUniqueFileDescriptorVector(const std::unique_ptr<std::vector<base::unique_fd>> & val)897 status_t Parcel::writeUniqueFileDescriptorVector(const std::unique_ptr<std::vector<base::unique_fd>>& val) { return writeData(val); }
898
writeStrongBinderVector(const std::vector<sp<IBinder>> & val)899 status_t Parcel::writeStrongBinderVector(const std::vector<sp<IBinder>>& val) { return writeData(val); }
writeStrongBinderVector(const std::optional<std::vector<sp<IBinder>>> & val)900 status_t Parcel::writeStrongBinderVector(const std::optional<std::vector<sp<IBinder>>>& val) { return writeData(val); }
writeStrongBinderVector(const std::unique_ptr<std::vector<sp<IBinder>>> & val)901 status_t Parcel::writeStrongBinderVector(const std::unique_ptr<std::vector<sp<IBinder>>>& val) { return writeData(val); }
902
writeParcelable(const Parcelable & parcelable)903 status_t Parcel::writeParcelable(const Parcelable& parcelable) { return writeData(parcelable); }
904
readUtf8FromUtf16(std::optional<std::string> * str) const905 status_t Parcel::readUtf8FromUtf16(std::optional<std::string>* str) const { return readData(str); }
readUtf8FromUtf16(std::unique_ptr<std::string> * str) const906 status_t Parcel::readUtf8FromUtf16(std::unique_ptr<std::string>* str) const { return readData(str); }
907
readString16(std::optional<String16> * pArg) const908 status_t Parcel::readString16(std::optional<String16>* pArg) const { return readData(pArg); }
readString16(std::unique_ptr<String16> * pArg) const909 status_t Parcel::readString16(std::unique_ptr<String16>* pArg) const { return readData(pArg); }
910
readByteVector(std::vector<int8_t> * val) const911 status_t Parcel::readByteVector(std::vector<int8_t>* val) const { return readData(val); }
readByteVector(std::vector<uint8_t> * val) const912 status_t Parcel::readByteVector(std::vector<uint8_t>* val) const { return readData(val); }
readByteVector(std::optional<std::vector<int8_t>> * val) const913 status_t Parcel::readByteVector(std::optional<std::vector<int8_t>>* val) const { return readData(val); }
readByteVector(std::unique_ptr<std::vector<int8_t>> * val) const914 status_t Parcel::readByteVector(std::unique_ptr<std::vector<int8_t>>* val) const { return readData(val); }
readByteVector(std::optional<std::vector<uint8_t>> * val) const915 status_t Parcel::readByteVector(std::optional<std::vector<uint8_t>>* val) const { return readData(val); }
readByteVector(std::unique_ptr<std::vector<uint8_t>> * val) const916 status_t Parcel::readByteVector(std::unique_ptr<std::vector<uint8_t>>* val) const { return readData(val); }
readInt32Vector(std::optional<std::vector<int32_t>> * val) const917 status_t Parcel::readInt32Vector(std::optional<std::vector<int32_t>>* val) const { return readData(val); }
readInt32Vector(std::unique_ptr<std::vector<int32_t>> * val) const918 status_t Parcel::readInt32Vector(std::unique_ptr<std::vector<int32_t>>* val) const { return readData(val); }
readInt32Vector(std::vector<int32_t> * val) const919 status_t Parcel::readInt32Vector(std::vector<int32_t>* val) const { return readData(val); }
readInt64Vector(std::optional<std::vector<int64_t>> * val) const920 status_t Parcel::readInt64Vector(std::optional<std::vector<int64_t>>* val) const { return readData(val); }
readInt64Vector(std::unique_ptr<std::vector<int64_t>> * val) const921 status_t Parcel::readInt64Vector(std::unique_ptr<std::vector<int64_t>>* val) const { return readData(val); }
readInt64Vector(std::vector<int64_t> * val) const922 status_t Parcel::readInt64Vector(std::vector<int64_t>* val) const { return readData(val); }
readUint64Vector(std::optional<std::vector<uint64_t>> * val) const923 status_t Parcel::readUint64Vector(std::optional<std::vector<uint64_t>>* val) const { return readData(val); }
readUint64Vector(std::unique_ptr<std::vector<uint64_t>> * val) const924 status_t Parcel::readUint64Vector(std::unique_ptr<std::vector<uint64_t>>* val) const { return readData(val); }
readUint64Vector(std::vector<uint64_t> * val) const925 status_t Parcel::readUint64Vector(std::vector<uint64_t>* val) const { return readData(val); }
readFloatVector(std::optional<std::vector<float>> * val) const926 status_t Parcel::readFloatVector(std::optional<std::vector<float>>* val) const { return readData(val); }
readFloatVector(std::unique_ptr<std::vector<float>> * val) const927 status_t Parcel::readFloatVector(std::unique_ptr<std::vector<float>>* val) const { return readData(val); }
readFloatVector(std::vector<float> * val) const928 status_t Parcel::readFloatVector(std::vector<float>* val) const { return readData(val); }
readDoubleVector(std::optional<std::vector<double>> * val) const929 status_t Parcel::readDoubleVector(std::optional<std::vector<double>>* val) const { return readData(val); }
readDoubleVector(std::unique_ptr<std::vector<double>> * val) const930 status_t Parcel::readDoubleVector(std::unique_ptr<std::vector<double>>* val) const { return readData(val); }
readDoubleVector(std::vector<double> * val) const931 status_t Parcel::readDoubleVector(std::vector<double>* val) const { return readData(val); }
readBoolVector(std::optional<std::vector<bool>> * val) const932 status_t Parcel::readBoolVector(std::optional<std::vector<bool>>* val) const { return readData(val); }
readBoolVector(std::unique_ptr<std::vector<bool>> * val) const933 status_t Parcel::readBoolVector(std::unique_ptr<std::vector<bool>>* val) const { return readData(val); }
readBoolVector(std::vector<bool> * val) const934 status_t Parcel::readBoolVector(std::vector<bool>* val) const { return readData(val); }
readCharVector(std::optional<std::vector<char16_t>> * val) const935 status_t Parcel::readCharVector(std::optional<std::vector<char16_t>>* val) const { return readData(val); }
readCharVector(std::unique_ptr<std::vector<char16_t>> * val) const936 status_t Parcel::readCharVector(std::unique_ptr<std::vector<char16_t>>* val) const { return readData(val); }
readCharVector(std::vector<char16_t> * val) const937 status_t Parcel::readCharVector(std::vector<char16_t>* val) const { return readData(val); }
938
readString16Vector(std::optional<std::vector<std::optional<String16>>> * val) const939 status_t Parcel::readString16Vector(
940 std::optional<std::vector<std::optional<String16>>>* val) const { return readData(val); }
readString16Vector(std::unique_ptr<std::vector<std::unique_ptr<String16>>> * val) const941 status_t Parcel::readString16Vector(
942 std::unique_ptr<std::vector<std::unique_ptr<String16>>>* val) const { return readData(val); }
readString16Vector(std::vector<String16> * val) const943 status_t Parcel::readString16Vector(std::vector<String16>* val) const { return readData(val); }
readUtf8VectorFromUtf16Vector(std::optional<std::vector<std::optional<std::string>>> * val) const944 status_t Parcel::readUtf8VectorFromUtf16Vector(
945 std::optional<std::vector<std::optional<std::string>>>* val) const { return readData(val); }
readUtf8VectorFromUtf16Vector(std::unique_ptr<std::vector<std::unique_ptr<std::string>>> * val) const946 status_t Parcel::readUtf8VectorFromUtf16Vector(
947 std::unique_ptr<std::vector<std::unique_ptr<std::string>>>* val) const { return readData(val); }
readUtf8VectorFromUtf16Vector(std::vector<std::string> * val) const948 status_t Parcel::readUtf8VectorFromUtf16Vector(std::vector<std::string>* val) const { return readData(val); }
949
readUniqueFileDescriptorVector(std::optional<std::vector<base::unique_fd>> * val) const950 status_t Parcel::readUniqueFileDescriptorVector(std::optional<std::vector<base::unique_fd>>* val) const { return readData(val); }
readUniqueFileDescriptorVector(std::unique_ptr<std::vector<base::unique_fd>> * val) const951 status_t Parcel::readUniqueFileDescriptorVector(std::unique_ptr<std::vector<base::unique_fd>>* val) const { return readData(val); }
readUniqueFileDescriptorVector(std::vector<base::unique_fd> * val) const952 status_t Parcel::readUniqueFileDescriptorVector(std::vector<base::unique_fd>* val) const { return readData(val); }
953
readStrongBinderVector(std::optional<std::vector<sp<IBinder>>> * val) const954 status_t Parcel::readStrongBinderVector(std::optional<std::vector<sp<IBinder>>>* val) const { return readData(val); }
readStrongBinderVector(std::unique_ptr<std::vector<sp<IBinder>>> * val) const955 status_t Parcel::readStrongBinderVector(std::unique_ptr<std::vector<sp<IBinder>>>* val) const { return readData(val); }
readStrongBinderVector(std::vector<sp<IBinder>> * val) const956 status_t Parcel::readStrongBinderVector(std::vector<sp<IBinder>>* val) const { return readData(val); }
957
readParcelable(Parcelable * parcelable) const958 status_t Parcel::readParcelable(Parcelable* parcelable) const { return readData(parcelable); }
959
writeInt32(int32_t val)960 status_t Parcel::writeInt32(int32_t val)
961 {
962 return writeAligned(val);
963 }
964
writeUint32(uint32_t val)965 status_t Parcel::writeUint32(uint32_t val)
966 {
967 return writeAligned(val);
968 }
969
writeInt32Array(size_t len,const int32_t * val)970 status_t Parcel::writeInt32Array(size_t len, const int32_t *val) {
971 if (len > INT32_MAX) {
972 // don't accept size_t values which may have come from an
973 // inadvertent conversion from a negative int.
974 return BAD_VALUE;
975 }
976
977 if (!val) {
978 return writeInt32(-1);
979 }
980 status_t ret = writeInt32(static_cast<uint32_t>(len));
981 if (ret == NO_ERROR) {
982 ret = write(val, len * sizeof(*val));
983 }
984 return ret;
985 }
writeByteArray(size_t len,const uint8_t * val)986 status_t Parcel::writeByteArray(size_t len, const uint8_t *val) {
987 if (len > INT32_MAX) {
988 // don't accept size_t values which may have come from an
989 // inadvertent conversion from a negative int.
990 return BAD_VALUE;
991 }
992
993 if (!val) {
994 return writeInt32(-1);
995 }
996 status_t ret = writeInt32(static_cast<uint32_t>(len));
997 if (ret == NO_ERROR) {
998 ret = write(val, len * sizeof(*val));
999 }
1000 return ret;
1001 }
1002
writeBool(bool val)1003 status_t Parcel::writeBool(bool val)
1004 {
1005 return writeInt32(int32_t(val));
1006 }
1007
writeChar(char16_t val)1008 status_t Parcel::writeChar(char16_t val)
1009 {
1010 return writeInt32(int32_t(val));
1011 }
1012
writeByte(int8_t val)1013 status_t Parcel::writeByte(int8_t val)
1014 {
1015 return writeInt32(int32_t(val));
1016 }
1017
writeInt64(int64_t val)1018 status_t Parcel::writeInt64(int64_t val)
1019 {
1020 return writeAligned(val);
1021 }
1022
writeUint64(uint64_t val)1023 status_t Parcel::writeUint64(uint64_t val)
1024 {
1025 return writeAligned(val);
1026 }
1027
writePointer(uintptr_t val)1028 status_t Parcel::writePointer(uintptr_t val)
1029 {
1030 return writeAligned<binder_uintptr_t>(val);
1031 }
1032
writeFloat(float val)1033 status_t Parcel::writeFloat(float val)
1034 {
1035 return writeAligned(val);
1036 }
1037
1038 #if defined(__mips__) && defined(__mips_hard_float)
1039
writeDouble(double val)1040 status_t Parcel::writeDouble(double val)
1041 {
1042 union {
1043 double d;
1044 unsigned long long ll;
1045 } u;
1046 u.d = val;
1047 return writeAligned(u.ll);
1048 }
1049
1050 #else
1051
writeDouble(double val)1052 status_t Parcel::writeDouble(double val)
1053 {
1054 return writeAligned(val);
1055 }
1056
1057 #endif
1058
writeCString(const char * str)1059 status_t Parcel::writeCString(const char* str)
1060 {
1061 return write(str, strlen(str)+1);
1062 }
1063
writeString8(const String8 & str)1064 status_t Parcel::writeString8(const String8& str)
1065 {
1066 return writeString8(str.string(), str.size());
1067 }
1068
writeString8(const char * str,size_t len)1069 status_t Parcel::writeString8(const char* str, size_t len)
1070 {
1071 if (str == nullptr) return writeInt32(-1);
1072
1073 // NOTE: Keep this logic in sync with android_os_Parcel.cpp
1074 status_t err = writeInt32(len);
1075 if (err == NO_ERROR) {
1076 uint8_t* data = (uint8_t*)writeInplace(len+sizeof(char));
1077 if (data) {
1078 memcpy(data, str, len);
1079 *reinterpret_cast<char*>(data+len) = 0;
1080 return NO_ERROR;
1081 }
1082 err = mError;
1083 }
1084 return err;
1085 }
1086
writeString16(const String16 & str)1087 status_t Parcel::writeString16(const String16& str)
1088 {
1089 return writeString16(str.string(), str.size());
1090 }
1091
writeString16(const char16_t * str,size_t len)1092 status_t Parcel::writeString16(const char16_t* str, size_t len)
1093 {
1094 if (str == nullptr) return writeInt32(-1);
1095
1096 // NOTE: Keep this logic in sync with android_os_Parcel.cpp
1097 status_t err = writeInt32(len);
1098 if (err == NO_ERROR) {
1099 len *= sizeof(char16_t);
1100 uint8_t* data = (uint8_t*)writeInplace(len+sizeof(char16_t));
1101 if (data) {
1102 memcpy(data, str, len);
1103 *reinterpret_cast<char16_t*>(data+len) = 0;
1104 return NO_ERROR;
1105 }
1106 err = mError;
1107 }
1108 return err;
1109 }
1110
writeStrongBinder(const sp<IBinder> & val)1111 status_t Parcel::writeStrongBinder(const sp<IBinder>& val)
1112 {
1113 return flattenBinder(val);
1114 }
1115
1116
writeRawNullableParcelable(const Parcelable * parcelable)1117 status_t Parcel::writeRawNullableParcelable(const Parcelable* parcelable) {
1118 if (!parcelable) {
1119 return writeInt32(0);
1120 }
1121
1122 return writeParcelable(*parcelable);
1123 }
1124
writeNativeHandle(const native_handle * handle)1125 status_t Parcel::writeNativeHandle(const native_handle* handle)
1126 {
1127 if (!handle || handle->version != sizeof(native_handle))
1128 return BAD_TYPE;
1129
1130 status_t err;
1131 err = writeInt32(handle->numFds);
1132 if (err != NO_ERROR) return err;
1133
1134 err = writeInt32(handle->numInts);
1135 if (err != NO_ERROR) return err;
1136
1137 for (int i=0 ; err==NO_ERROR && i<handle->numFds ; i++)
1138 err = writeDupFileDescriptor(handle->data[i]);
1139
1140 if (err != NO_ERROR) {
1141 ALOGD("write native handle, write dup fd failed");
1142 return err;
1143 }
1144 err = write(handle->data + handle->numFds, sizeof(int)*handle->numInts);
1145 return err;
1146 }
1147
writeFileDescriptor(int fd,bool takeOwnership)1148 status_t Parcel::writeFileDescriptor(int fd, bool takeOwnership)
1149 {
1150 if (isForRpc()) {
1151 ALOGE("Cannot write file descriptor to remote binder.");
1152 return BAD_TYPE;
1153 }
1154
1155 flat_binder_object obj;
1156 obj.hdr.type = BINDER_TYPE_FD;
1157 obj.flags = 0x7f | FLAT_BINDER_FLAG_ACCEPTS_FDS;
1158 obj.binder = 0; /* Don't pass uninitialized stack data to a remote process */
1159 obj.handle = fd;
1160 obj.cookie = takeOwnership ? 1 : 0;
1161 return writeObject(obj, true);
1162 }
1163
writeDupFileDescriptor(int fd)1164 status_t Parcel::writeDupFileDescriptor(int fd)
1165 {
1166 int dupFd = fcntl(fd, F_DUPFD_CLOEXEC, 0);
1167 if (dupFd < 0) {
1168 return -errno;
1169 }
1170 status_t err = writeFileDescriptor(dupFd, true /*takeOwnership*/);
1171 if (err != OK) {
1172 close(dupFd);
1173 }
1174 return err;
1175 }
1176
writeParcelFileDescriptor(int fd,bool takeOwnership)1177 status_t Parcel::writeParcelFileDescriptor(int fd, bool takeOwnership)
1178 {
1179 writeInt32(0);
1180 return writeFileDescriptor(fd, takeOwnership);
1181 }
1182
writeDupParcelFileDescriptor(int fd)1183 status_t Parcel::writeDupParcelFileDescriptor(int fd)
1184 {
1185 int dupFd = fcntl(fd, F_DUPFD_CLOEXEC, 0);
1186 if (dupFd < 0) {
1187 return -errno;
1188 }
1189 status_t err = writeParcelFileDescriptor(dupFd, true /*takeOwnership*/);
1190 if (err != OK) {
1191 close(dupFd);
1192 }
1193 return err;
1194 }
1195
writeUniqueFileDescriptor(const base::unique_fd & fd)1196 status_t Parcel::writeUniqueFileDescriptor(const base::unique_fd& fd) {
1197 return writeDupFileDescriptor(fd.get());
1198 }
1199
writeBlob(size_t len,bool mutableCopy,WritableBlob * outBlob)1200 status_t Parcel::writeBlob(size_t len, bool mutableCopy, WritableBlob* outBlob)
1201 {
1202 if (len > INT32_MAX) {
1203 // don't accept size_t values which may have come from an
1204 // inadvertent conversion from a negative int.
1205 return BAD_VALUE;
1206 }
1207
1208 status_t status;
1209 if (!mAllowFds || len <= BLOB_INPLACE_LIMIT) {
1210 ALOGV("writeBlob: write in place");
1211 status = writeInt32(BLOB_INPLACE);
1212 if (status) return status;
1213
1214 void* ptr = writeInplace(len);
1215 if (!ptr) return NO_MEMORY;
1216
1217 outBlob->init(-1, ptr, len, false);
1218 return NO_ERROR;
1219 }
1220
1221 ALOGV("writeBlob: write to ashmem");
1222 int fd = ashmem_create_region("Parcel Blob", len);
1223 if (fd < 0) return NO_MEMORY;
1224
1225 int result = ashmem_set_prot_region(fd, PROT_READ | PROT_WRITE);
1226 if (result < 0) {
1227 status = result;
1228 } else {
1229 void* ptr = ::mmap(nullptr, len, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
1230 if (ptr == MAP_FAILED) {
1231 status = -errno;
1232 } else {
1233 if (!mutableCopy) {
1234 result = ashmem_set_prot_region(fd, PROT_READ);
1235 }
1236 if (result < 0) {
1237 status = result;
1238 } else {
1239 status = writeInt32(mutableCopy ? BLOB_ASHMEM_MUTABLE : BLOB_ASHMEM_IMMUTABLE);
1240 if (!status) {
1241 status = writeFileDescriptor(fd, true /*takeOwnership*/);
1242 if (!status) {
1243 outBlob->init(fd, ptr, len, mutableCopy);
1244 return NO_ERROR;
1245 }
1246 }
1247 }
1248 }
1249 ::munmap(ptr, len);
1250 }
1251 ::close(fd);
1252 return status;
1253 }
1254
writeDupImmutableBlobFileDescriptor(int fd)1255 status_t Parcel::writeDupImmutableBlobFileDescriptor(int fd)
1256 {
1257 // Must match up with what's done in writeBlob.
1258 if (!mAllowFds) return FDS_NOT_ALLOWED;
1259 status_t status = writeInt32(BLOB_ASHMEM_IMMUTABLE);
1260 if (status) return status;
1261 return writeDupFileDescriptor(fd);
1262 }
1263
write(const FlattenableHelperInterface & val)1264 status_t Parcel::write(const FlattenableHelperInterface& val)
1265 {
1266 status_t err;
1267
1268 // size if needed
1269 const size_t len = val.getFlattenedSize();
1270 const size_t fd_count = val.getFdCount();
1271
1272 if ((len > INT32_MAX) || (fd_count >= gMaxFds)) {
1273 // don't accept size_t values which may have come from an
1274 // inadvertent conversion from a negative int.
1275 return BAD_VALUE;
1276 }
1277
1278 err = this->writeInt32(len);
1279 if (err) return err;
1280
1281 err = this->writeInt32(fd_count);
1282 if (err) return err;
1283
1284 // payload
1285 void* const buf = this->writeInplace(len);
1286 if (buf == nullptr)
1287 return BAD_VALUE;
1288
1289 int* fds = nullptr;
1290 if (fd_count) {
1291 fds = new (std::nothrow) int[fd_count];
1292 if (fds == nullptr) {
1293 ALOGE("write: failed to allocate requested %zu fds", fd_count);
1294 return BAD_VALUE;
1295 }
1296 }
1297
1298 err = val.flatten(buf, len, fds, fd_count);
1299 for (size_t i=0 ; i<fd_count && err==NO_ERROR ; i++) {
1300 err = this->writeDupFileDescriptor( fds[i] );
1301 }
1302
1303 if (fd_count) {
1304 delete [] fds;
1305 }
1306
1307 return err;
1308 }
1309
writeObject(const flat_binder_object & val,bool nullMetaData)1310 status_t Parcel::writeObject(const flat_binder_object& val, bool nullMetaData)
1311 {
1312 const bool enoughData = (mDataPos+sizeof(val)) <= mDataCapacity;
1313 const bool enoughObjects = mObjectsSize < mObjectsCapacity;
1314 if (enoughData && enoughObjects) {
1315 restart_write:
1316 *reinterpret_cast<flat_binder_object*>(mData+mDataPos) = val;
1317
1318 // remember if it's a file descriptor
1319 if (val.hdr.type == BINDER_TYPE_FD) {
1320 if (!mAllowFds) {
1321 // fail before modifying our object index
1322 return FDS_NOT_ALLOWED;
1323 }
1324 mHasFds = mFdsKnown = true;
1325 }
1326
1327 // Need to write meta-data?
1328 if (nullMetaData || val.binder != 0) {
1329 mObjects[mObjectsSize] = mDataPos;
1330 acquire_object(ProcessState::self(), val, this, &mOpenAshmemSize);
1331 mObjectsSize++;
1332 }
1333
1334 return finishWrite(sizeof(flat_binder_object));
1335 }
1336
1337 if (!enoughData) {
1338 const status_t err = growData(sizeof(val));
1339 if (err != NO_ERROR) return err;
1340 }
1341 if (!enoughObjects) {
1342 if (mObjectsSize > SIZE_MAX - 2) return NO_MEMORY; // overflow
1343 if ((mObjectsSize + 2) > SIZE_MAX / 3) return NO_MEMORY; // overflow
1344 size_t newSize = ((mObjectsSize+2)*3)/2;
1345 if (newSize > SIZE_MAX / sizeof(binder_size_t)) return NO_MEMORY; // overflow
1346 binder_size_t* objects = (binder_size_t*)realloc(mObjects, newSize*sizeof(binder_size_t));
1347 if (objects == nullptr) return NO_MEMORY;
1348 mObjects = objects;
1349 mObjectsCapacity = newSize;
1350 }
1351
1352 goto restart_write;
1353 }
1354
writeNoException()1355 status_t Parcel::writeNoException()
1356 {
1357 binder::Status status;
1358 return status.writeToParcel(this);
1359 }
1360
validateReadData(size_t upperBound) const1361 status_t Parcel::validateReadData(size_t upperBound) const
1362 {
1363 // Don't allow non-object reads on object data
1364 if (mObjectsSorted || mObjectsSize <= 1) {
1365 data_sorted:
1366 // Expect to check only against the next object
1367 if (mNextObjectHint < mObjectsSize && upperBound > mObjects[mNextObjectHint]) {
1368 // For some reason the current read position is greater than the next object
1369 // hint. Iterate until we find the right object
1370 size_t nextObject = mNextObjectHint;
1371 do {
1372 if (mDataPos < mObjects[nextObject] + sizeof(flat_binder_object)) {
1373 // Requested info overlaps with an object
1374 ALOGE("Attempt to read from protected data in Parcel %p", this);
1375 return PERMISSION_DENIED;
1376 }
1377 nextObject++;
1378 } while (nextObject < mObjectsSize && upperBound > mObjects[nextObject]);
1379 mNextObjectHint = nextObject;
1380 }
1381 return NO_ERROR;
1382 }
1383 // Quickly determine if mObjects is sorted.
1384 binder_size_t* currObj = mObjects + mObjectsSize - 1;
1385 binder_size_t* prevObj = currObj;
1386 while (currObj > mObjects) {
1387 prevObj--;
1388 if(*prevObj > *currObj) {
1389 goto data_unsorted;
1390 }
1391 currObj--;
1392 }
1393 mObjectsSorted = true;
1394 goto data_sorted;
1395
1396 data_unsorted:
1397 // Insertion Sort mObjects
1398 // Great for mostly sorted lists. If randomly sorted or reverse ordered mObjects become common,
1399 // switch to std::sort(mObjects, mObjects + mObjectsSize);
1400 for (binder_size_t* iter0 = mObjects + 1; iter0 < mObjects + mObjectsSize; iter0++) {
1401 binder_size_t temp = *iter0;
1402 binder_size_t* iter1 = iter0 - 1;
1403 while (iter1 >= mObjects && *iter1 > temp) {
1404 *(iter1 + 1) = *iter1;
1405 iter1--;
1406 }
1407 *(iter1 + 1) = temp;
1408 }
1409 mNextObjectHint = 0;
1410 mObjectsSorted = true;
1411 goto data_sorted;
1412 }
1413
read(void * outData,size_t len) const1414 status_t Parcel::read(void* outData, size_t len) const
1415 {
1416 if (len > INT32_MAX) {
1417 // don't accept size_t values which may have come from an
1418 // inadvertent conversion from a negative int.
1419 return BAD_VALUE;
1420 }
1421
1422 if ((mDataPos+pad_size(len)) >= mDataPos && (mDataPos+pad_size(len)) <= mDataSize
1423 && len <= pad_size(len)) {
1424 if (mObjectsSize > 0) {
1425 status_t err = validateReadData(mDataPos + pad_size(len));
1426 if(err != NO_ERROR) {
1427 // Still increment the data position by the expected length
1428 mDataPos += pad_size(len);
1429 ALOGV("read Setting data pos of %p to %zu", this, mDataPos);
1430 return err;
1431 }
1432 }
1433 memcpy(outData, mData+mDataPos, len);
1434 mDataPos += pad_size(len);
1435 ALOGV("read Setting data pos of %p to %zu", this, mDataPos);
1436 return NO_ERROR;
1437 }
1438 return NOT_ENOUGH_DATA;
1439 }
1440
readInplace(size_t len) const1441 const void* Parcel::readInplace(size_t len) const
1442 {
1443 if (len > INT32_MAX) {
1444 // don't accept size_t values which may have come from an
1445 // inadvertent conversion from a negative int.
1446 return nullptr;
1447 }
1448
1449 if ((mDataPos+pad_size(len)) >= mDataPos && (mDataPos+pad_size(len)) <= mDataSize
1450 && len <= pad_size(len)) {
1451 if (mObjectsSize > 0) {
1452 status_t err = validateReadData(mDataPos + pad_size(len));
1453 if(err != NO_ERROR) {
1454 // Still increment the data position by the expected length
1455 mDataPos += pad_size(len);
1456 ALOGV("readInplace Setting data pos of %p to %zu", this, mDataPos);
1457 return nullptr;
1458 }
1459 }
1460
1461 const void* data = mData+mDataPos;
1462 mDataPos += pad_size(len);
1463 ALOGV("readInplace Setting data pos of %p to %zu", this, mDataPos);
1464 return data;
1465 }
1466 return nullptr;
1467 }
1468
1469 template<class T>
readAligned(T * pArg) const1470 status_t Parcel::readAligned(T *pArg) const {
1471 static_assert(PAD_SIZE_UNSAFE(sizeof(T)) == sizeof(T));
1472
1473 if ((mDataPos+sizeof(T)) <= mDataSize) {
1474 if (mObjectsSize > 0) {
1475 status_t err = validateReadData(mDataPos + sizeof(T));
1476 if(err != NO_ERROR) {
1477 // Still increment the data position by the expected length
1478 mDataPos += sizeof(T);
1479 return err;
1480 }
1481 }
1482
1483 const void* data = mData+mDataPos;
1484 mDataPos += sizeof(T);
1485 *pArg = *reinterpret_cast<const T*>(data);
1486 return NO_ERROR;
1487 } else {
1488 return NOT_ENOUGH_DATA;
1489 }
1490 }
1491
1492 template<class T>
readAligned() const1493 T Parcel::readAligned() const {
1494 T result;
1495 if (readAligned(&result) != NO_ERROR) {
1496 result = 0;
1497 }
1498
1499 return result;
1500 }
1501
1502 template<class T>
writeAligned(T val)1503 status_t Parcel::writeAligned(T val) {
1504 static_assert(PAD_SIZE_UNSAFE(sizeof(T)) == sizeof(T));
1505
1506 if ((mDataPos+sizeof(val)) <= mDataCapacity) {
1507 restart_write:
1508 *reinterpret_cast<T*>(mData+mDataPos) = val;
1509 return finishWrite(sizeof(val));
1510 }
1511
1512 status_t err = growData(sizeof(val));
1513 if (err == NO_ERROR) goto restart_write;
1514 return err;
1515 }
1516
readInt32(int32_t * pArg) const1517 status_t Parcel::readInt32(int32_t *pArg) const
1518 {
1519 return readAligned(pArg);
1520 }
1521
readInt32() const1522 int32_t Parcel::readInt32() const
1523 {
1524 return readAligned<int32_t>();
1525 }
1526
readUint32(uint32_t * pArg) const1527 status_t Parcel::readUint32(uint32_t *pArg) const
1528 {
1529 return readAligned(pArg);
1530 }
1531
readUint32() const1532 uint32_t Parcel::readUint32() const
1533 {
1534 return readAligned<uint32_t>();
1535 }
1536
readInt64(int64_t * pArg) const1537 status_t Parcel::readInt64(int64_t *pArg) const
1538 {
1539 return readAligned(pArg);
1540 }
1541
1542
readInt64() const1543 int64_t Parcel::readInt64() const
1544 {
1545 return readAligned<int64_t>();
1546 }
1547
readUint64(uint64_t * pArg) const1548 status_t Parcel::readUint64(uint64_t *pArg) const
1549 {
1550 return readAligned(pArg);
1551 }
1552
readUint64() const1553 uint64_t Parcel::readUint64() const
1554 {
1555 return readAligned<uint64_t>();
1556 }
1557
readPointer(uintptr_t * pArg) const1558 status_t Parcel::readPointer(uintptr_t *pArg) const
1559 {
1560 status_t ret;
1561 binder_uintptr_t ptr;
1562 ret = readAligned(&ptr);
1563 if (!ret)
1564 *pArg = ptr;
1565 return ret;
1566 }
1567
readPointer() const1568 uintptr_t Parcel::readPointer() const
1569 {
1570 return readAligned<binder_uintptr_t>();
1571 }
1572
1573
readFloat(float * pArg) const1574 status_t Parcel::readFloat(float *pArg) const
1575 {
1576 return readAligned(pArg);
1577 }
1578
1579
readFloat() const1580 float Parcel::readFloat() const
1581 {
1582 return readAligned<float>();
1583 }
1584
1585 #if defined(__mips__) && defined(__mips_hard_float)
1586
readDouble(double * pArg) const1587 status_t Parcel::readDouble(double *pArg) const
1588 {
1589 union {
1590 double d;
1591 unsigned long long ll;
1592 } u;
1593 u.d = 0;
1594 status_t status;
1595 status = readAligned(&u.ll);
1596 *pArg = u.d;
1597 return status;
1598 }
1599
readDouble() const1600 double Parcel::readDouble() const
1601 {
1602 union {
1603 double d;
1604 unsigned long long ll;
1605 } u;
1606 u.ll = readAligned<unsigned long long>();
1607 return u.d;
1608 }
1609
1610 #else
1611
readDouble(double * pArg) const1612 status_t Parcel::readDouble(double *pArg) const
1613 {
1614 return readAligned(pArg);
1615 }
1616
readDouble() const1617 double Parcel::readDouble() const
1618 {
1619 return readAligned<double>();
1620 }
1621
1622 #endif
1623
readBool(bool * pArg) const1624 status_t Parcel::readBool(bool *pArg) const
1625 {
1626 int32_t tmp = 0;
1627 status_t ret = readInt32(&tmp);
1628 *pArg = (tmp != 0);
1629 return ret;
1630 }
1631
readBool() const1632 bool Parcel::readBool() const
1633 {
1634 return readInt32() != 0;
1635 }
1636
readChar(char16_t * pArg) const1637 status_t Parcel::readChar(char16_t *pArg) const
1638 {
1639 int32_t tmp = 0;
1640 status_t ret = readInt32(&tmp);
1641 *pArg = char16_t(tmp);
1642 return ret;
1643 }
1644
readChar() const1645 char16_t Parcel::readChar() const
1646 {
1647 return char16_t(readInt32());
1648 }
1649
readByte(int8_t * pArg) const1650 status_t Parcel::readByte(int8_t *pArg) const
1651 {
1652 int32_t tmp = 0;
1653 status_t ret = readInt32(&tmp);
1654 *pArg = int8_t(tmp);
1655 return ret;
1656 }
1657
readByte() const1658 int8_t Parcel::readByte() const
1659 {
1660 return int8_t(readInt32());
1661 }
1662
readUtf8FromUtf16(std::string * str) const1663 status_t Parcel::readUtf8FromUtf16(std::string* str) const {
1664 size_t utf16Size = 0;
1665 const char16_t* src = readString16Inplace(&utf16Size);
1666 if (!src) {
1667 return UNEXPECTED_NULL;
1668 }
1669
1670 // Save ourselves the trouble, we're done.
1671 if (utf16Size == 0u) {
1672 str->clear();
1673 return NO_ERROR;
1674 }
1675
1676 // Allow for closing '\0'
1677 ssize_t utf8Size = utf16_to_utf8_length(src, utf16Size) + 1;
1678 if (utf8Size < 1) {
1679 return BAD_VALUE;
1680 }
1681 // Note that while it is probably safe to assume string::resize keeps a
1682 // spare byte around for the trailing null, we still pass the size including the trailing null
1683 str->resize(utf8Size);
1684 utf16_to_utf8(src, utf16Size, &((*str)[0]), utf8Size);
1685 str->resize(utf8Size - 1);
1686 return NO_ERROR;
1687 }
1688
readCString() const1689 const char* Parcel::readCString() const
1690 {
1691 if (mDataPos < mDataSize) {
1692 const size_t avail = mDataSize-mDataPos;
1693 const char* str = reinterpret_cast<const char*>(mData+mDataPos);
1694 // is the string's trailing NUL within the parcel's valid bounds?
1695 const char* eos = reinterpret_cast<const char*>(memchr(str, 0, avail));
1696 if (eos) {
1697 const size_t len = eos - str;
1698 mDataPos += pad_size(len+1);
1699 ALOGV("readCString Setting data pos of %p to %zu", this, mDataPos);
1700 return str;
1701 }
1702 }
1703 return nullptr;
1704 }
1705
readString8() const1706 String8 Parcel::readString8() const
1707 {
1708 size_t len;
1709 const char* str = readString8Inplace(&len);
1710 if (str) return String8(str, len);
1711 ALOGE("Reading a NULL string not supported here.");
1712 return String8();
1713 }
1714
readString8(String8 * pArg) const1715 status_t Parcel::readString8(String8* pArg) const
1716 {
1717 size_t len;
1718 const char* str = readString8Inplace(&len);
1719 if (str) {
1720 pArg->setTo(str, len);
1721 return 0;
1722 } else {
1723 *pArg = String8();
1724 return UNEXPECTED_NULL;
1725 }
1726 }
1727
readString8Inplace(size_t * outLen) const1728 const char* Parcel::readString8Inplace(size_t* outLen) const
1729 {
1730 int32_t size = readInt32();
1731 // watch for potential int overflow from size+1
1732 if (size >= 0 && size < INT32_MAX) {
1733 *outLen = size;
1734 const char* str = (const char*)readInplace(size+1);
1735 if (str != nullptr) {
1736 if (str[size] == '\0') {
1737 return str;
1738 }
1739 android_errorWriteLog(0x534e4554, "172655291");
1740 }
1741 }
1742 *outLen = 0;
1743 return nullptr;
1744 }
1745
readString16() const1746 String16 Parcel::readString16() const
1747 {
1748 size_t len;
1749 const char16_t* str = readString16Inplace(&len);
1750 if (str) return String16(str, len);
1751 ALOGE("Reading a NULL string not supported here.");
1752 return String16();
1753 }
1754
1755
readString16(String16 * pArg) const1756 status_t Parcel::readString16(String16* pArg) const
1757 {
1758 size_t len;
1759 const char16_t* str = readString16Inplace(&len);
1760 if (str) {
1761 pArg->setTo(str, len);
1762 return 0;
1763 } else {
1764 *pArg = String16();
1765 return UNEXPECTED_NULL;
1766 }
1767 }
1768
readString16Inplace(size_t * outLen) const1769 const char16_t* Parcel::readString16Inplace(size_t* outLen) const
1770 {
1771 int32_t size = readInt32();
1772 // watch for potential int overflow from size+1
1773 if (size >= 0 && size < INT32_MAX) {
1774 *outLen = size;
1775 const char16_t* str = (const char16_t*)readInplace((size+1)*sizeof(char16_t));
1776 if (str != nullptr) {
1777 if (str[size] == u'\0') {
1778 return str;
1779 }
1780 android_errorWriteLog(0x534e4554, "172655291");
1781 }
1782 }
1783 *outLen = 0;
1784 return nullptr;
1785 }
1786
readStrongBinder(sp<IBinder> * val) const1787 status_t Parcel::readStrongBinder(sp<IBinder>* val) const
1788 {
1789 status_t status = readNullableStrongBinder(val);
1790 if (status == OK && !val->get()) {
1791 status = UNEXPECTED_NULL;
1792 }
1793 return status;
1794 }
1795
readNullableStrongBinder(sp<IBinder> * val) const1796 status_t Parcel::readNullableStrongBinder(sp<IBinder>* val) const
1797 {
1798 return unflattenBinder(val);
1799 }
1800
readStrongBinder() const1801 sp<IBinder> Parcel::readStrongBinder() const
1802 {
1803 sp<IBinder> val;
1804 // Note that a lot of code in Android reads binders by hand with this
1805 // method, and that code has historically been ok with getting nullptr
1806 // back (while ignoring error codes).
1807 readNullableStrongBinder(&val);
1808 return val;
1809 }
1810
readExceptionCode() const1811 int32_t Parcel::readExceptionCode() const
1812 {
1813 binder::Status status;
1814 status.readFromParcel(*this);
1815 return status.exceptionCode();
1816 }
1817
readNativeHandle() const1818 native_handle* Parcel::readNativeHandle() const
1819 {
1820 int numFds, numInts;
1821 status_t err;
1822 err = readInt32(&numFds);
1823 if (err != NO_ERROR) return nullptr;
1824 err = readInt32(&numInts);
1825 if (err != NO_ERROR) return nullptr;
1826
1827 native_handle* h = native_handle_create(numFds, numInts);
1828 if (!h) {
1829 return nullptr;
1830 }
1831
1832 for (int i=0 ; err==NO_ERROR && i<numFds ; i++) {
1833 h->data[i] = fcntl(readFileDescriptor(), F_DUPFD_CLOEXEC, 0);
1834 if (h->data[i] < 0) {
1835 for (int j = 0; j < i; j++) {
1836 close(h->data[j]);
1837 }
1838 native_handle_delete(h);
1839 return nullptr;
1840 }
1841 }
1842 err = read(h->data + numFds, sizeof(int)*numInts);
1843 if (err != NO_ERROR) {
1844 native_handle_close(h);
1845 native_handle_delete(h);
1846 h = nullptr;
1847 }
1848 return h;
1849 }
1850
readFileDescriptor() const1851 int Parcel::readFileDescriptor() const
1852 {
1853 const flat_binder_object* flat = readObject(true);
1854
1855 if (flat && flat->hdr.type == BINDER_TYPE_FD) {
1856 return flat->handle;
1857 }
1858
1859 return BAD_TYPE;
1860 }
1861
readParcelFileDescriptor() const1862 int Parcel::readParcelFileDescriptor() const
1863 {
1864 int32_t hasComm = readInt32();
1865 int fd = readFileDescriptor();
1866 if (hasComm != 0) {
1867 // detach (owned by the binder driver)
1868 int comm = readFileDescriptor();
1869
1870 // warning: this must be kept in sync with:
1871 // frameworks/base/core/java/android/os/ParcelFileDescriptor.java
1872 enum ParcelFileDescriptorStatus {
1873 DETACHED = 2,
1874 };
1875
1876 #if BYTE_ORDER == BIG_ENDIAN
1877 const int32_t message = ParcelFileDescriptorStatus::DETACHED;
1878 #endif
1879 #if BYTE_ORDER == LITTLE_ENDIAN
1880 const int32_t message = __builtin_bswap32(ParcelFileDescriptorStatus::DETACHED);
1881 #endif
1882
1883 ssize_t written = TEMP_FAILURE_RETRY(
1884 ::write(comm, &message, sizeof(message)));
1885
1886 if (written != sizeof(message)) {
1887 ALOGW("Failed to detach ParcelFileDescriptor written: %zd err: %s",
1888 written, strerror(errno));
1889 return BAD_TYPE;
1890 }
1891 }
1892 return fd;
1893 }
1894
readUniqueFileDescriptor(base::unique_fd * val) const1895 status_t Parcel::readUniqueFileDescriptor(base::unique_fd* val) const
1896 {
1897 int got = readFileDescriptor();
1898
1899 if (got == BAD_TYPE) {
1900 return BAD_TYPE;
1901 }
1902
1903 val->reset(fcntl(got, F_DUPFD_CLOEXEC, 0));
1904
1905 if (val->get() < 0) {
1906 return BAD_VALUE;
1907 }
1908
1909 return OK;
1910 }
1911
readUniqueParcelFileDescriptor(base::unique_fd * val) const1912 status_t Parcel::readUniqueParcelFileDescriptor(base::unique_fd* val) const
1913 {
1914 int got = readParcelFileDescriptor();
1915
1916 if (got == BAD_TYPE) {
1917 return BAD_TYPE;
1918 }
1919
1920 val->reset(fcntl(got, F_DUPFD_CLOEXEC, 0));
1921
1922 if (val->get() < 0) {
1923 return BAD_VALUE;
1924 }
1925
1926 return OK;
1927 }
1928
readBlob(size_t len,ReadableBlob * outBlob) const1929 status_t Parcel::readBlob(size_t len, ReadableBlob* outBlob) const
1930 {
1931 int32_t blobType;
1932 status_t status = readInt32(&blobType);
1933 if (status) return status;
1934
1935 if (blobType == BLOB_INPLACE) {
1936 ALOGV("readBlob: read in place");
1937 const void* ptr = readInplace(len);
1938 if (!ptr) return BAD_VALUE;
1939
1940 outBlob->init(-1, const_cast<void*>(ptr), len, false);
1941 return NO_ERROR;
1942 }
1943
1944 ALOGV("readBlob: read from ashmem");
1945 bool isMutable = (blobType == BLOB_ASHMEM_MUTABLE);
1946 int fd = readFileDescriptor();
1947 if (fd == int(BAD_TYPE)) return BAD_VALUE;
1948
1949 if (!ashmem_valid(fd)) {
1950 ALOGE("invalid fd");
1951 return BAD_VALUE;
1952 }
1953 int size = ashmem_get_size_region(fd);
1954 if (size < 0 || size_t(size) < len) {
1955 ALOGE("request size %zu does not match fd size %d", len, size);
1956 return BAD_VALUE;
1957 }
1958 void* ptr = ::mmap(nullptr, len, isMutable ? PROT_READ | PROT_WRITE : PROT_READ,
1959 MAP_SHARED, fd, 0);
1960 if (ptr == MAP_FAILED) return NO_MEMORY;
1961
1962 outBlob->init(fd, ptr, len, isMutable);
1963 return NO_ERROR;
1964 }
1965
read(FlattenableHelperInterface & val) const1966 status_t Parcel::read(FlattenableHelperInterface& val) const
1967 {
1968 // size
1969 const size_t len = this->readInt32();
1970 const size_t fd_count = this->readInt32();
1971
1972 if ((len > INT32_MAX) || (fd_count >= gMaxFds)) {
1973 // don't accept size_t values which may have come from an
1974 // inadvertent conversion from a negative int.
1975 return BAD_VALUE;
1976 }
1977
1978 // payload
1979 void const* const buf = this->readInplace(pad_size(len));
1980 if (buf == nullptr)
1981 return BAD_VALUE;
1982
1983 int* fds = nullptr;
1984 if (fd_count) {
1985 fds = new (std::nothrow) int[fd_count];
1986 if (fds == nullptr) {
1987 ALOGE("read: failed to allocate requested %zu fds", fd_count);
1988 return BAD_VALUE;
1989 }
1990 }
1991
1992 status_t err = NO_ERROR;
1993 for (size_t i=0 ; i<fd_count && err==NO_ERROR ; i++) {
1994 int fd = this->readFileDescriptor();
1995 if (fd < 0 || ((fds[i] = fcntl(fd, F_DUPFD_CLOEXEC, 0)) < 0)) {
1996 err = BAD_VALUE;
1997 ALOGE("fcntl(F_DUPFD_CLOEXEC) failed in Parcel::read, i is %zu, fds[i] is %d, fd_count is %zu, error: %s",
1998 i, fds[i], fd_count, strerror(fd < 0 ? -fd : errno));
1999 // Close all the file descriptors that were dup-ed.
2000 for (size_t j=0; j<i ;j++) {
2001 close(fds[j]);
2002 }
2003 }
2004 }
2005
2006 if (err == NO_ERROR) {
2007 err = val.unflatten(buf, len, fds, fd_count);
2008 }
2009
2010 if (fd_count) {
2011 delete [] fds;
2012 }
2013
2014 return err;
2015 }
readObject(bool nullMetaData) const2016 const flat_binder_object* Parcel::readObject(bool nullMetaData) const
2017 {
2018 const size_t DPOS = mDataPos;
2019 if ((DPOS+sizeof(flat_binder_object)) <= mDataSize) {
2020 const flat_binder_object* obj
2021 = reinterpret_cast<const flat_binder_object*>(mData+DPOS);
2022 mDataPos = DPOS + sizeof(flat_binder_object);
2023 if (!nullMetaData && (obj->cookie == 0 && obj->binder == 0)) {
2024 // When transferring a NULL object, we don't write it into
2025 // the object list, so we don't want to check for it when
2026 // reading.
2027 ALOGV("readObject Setting data pos of %p to %zu", this, mDataPos);
2028 return obj;
2029 }
2030
2031 // Ensure that this object is valid...
2032 binder_size_t* const OBJS = mObjects;
2033 const size_t N = mObjectsSize;
2034 size_t opos = mNextObjectHint;
2035
2036 if (N > 0) {
2037 ALOGV("Parcel %p looking for obj at %zu, hint=%zu",
2038 this, DPOS, opos);
2039
2040 // Start at the current hint position, looking for an object at
2041 // the current data position.
2042 if (opos < N) {
2043 while (opos < (N-1) && OBJS[opos] < DPOS) {
2044 opos++;
2045 }
2046 } else {
2047 opos = N-1;
2048 }
2049 if (OBJS[opos] == DPOS) {
2050 // Found it!
2051 ALOGV("Parcel %p found obj %zu at index %zu with forward search",
2052 this, DPOS, opos);
2053 mNextObjectHint = opos+1;
2054 ALOGV("readObject Setting data pos of %p to %zu", this, mDataPos);
2055 return obj;
2056 }
2057
2058 // Look backwards for it...
2059 while (opos > 0 && OBJS[opos] > DPOS) {
2060 opos--;
2061 }
2062 if (OBJS[opos] == DPOS) {
2063 // Found it!
2064 ALOGV("Parcel %p found obj %zu at index %zu with backward search",
2065 this, DPOS, opos);
2066 mNextObjectHint = opos+1;
2067 ALOGV("readObject Setting data pos of %p to %zu", this, mDataPos);
2068 return obj;
2069 }
2070 }
2071 ALOGW("Attempt to read object from Parcel %p at offset %zu that is not in the object list",
2072 this, DPOS);
2073 }
2074 return nullptr;
2075 }
2076
closeFileDescriptors()2077 void Parcel::closeFileDescriptors()
2078 {
2079 size_t i = mObjectsSize;
2080 if (i > 0) {
2081 //ALOGI("Closing file descriptors for %zu objects...", i);
2082 }
2083 while (i > 0) {
2084 i--;
2085 const flat_binder_object* flat
2086 = reinterpret_cast<flat_binder_object*>(mData+mObjects[i]);
2087 if (flat->hdr.type == BINDER_TYPE_FD) {
2088 //ALOGI("Closing fd: %ld", flat->handle);
2089 close(flat->handle);
2090 }
2091 }
2092 }
2093
ipcData() const2094 uintptr_t Parcel::ipcData() const
2095 {
2096 return reinterpret_cast<uintptr_t>(mData);
2097 }
2098
ipcDataSize() const2099 size_t Parcel::ipcDataSize() const
2100 {
2101 return (mDataSize > mDataPos ? mDataSize : mDataPos);
2102 }
2103
ipcObjects() const2104 uintptr_t Parcel::ipcObjects() const
2105 {
2106 return reinterpret_cast<uintptr_t>(mObjects);
2107 }
2108
ipcObjectsCount() const2109 size_t Parcel::ipcObjectsCount() const
2110 {
2111 return mObjectsSize;
2112 }
2113
ipcSetDataReference(const uint8_t * data,size_t dataSize,const binder_size_t * objects,size_t objectsCount,release_func relFunc)2114 void Parcel::ipcSetDataReference(const uint8_t* data, size_t dataSize,
2115 const binder_size_t* objects, size_t objectsCount, release_func relFunc)
2116 {
2117 // this code uses 'mOwner == nullptr' to understand whether it owns memory
2118 LOG_ALWAYS_FATAL_IF(relFunc == nullptr, "must provide cleanup function");
2119
2120 freeData();
2121
2122 mData = const_cast<uint8_t*>(data);
2123 mDataSize = mDataCapacity = dataSize;
2124 mObjects = const_cast<binder_size_t*>(objects);
2125 mObjectsSize = mObjectsCapacity = objectsCount;
2126 mOwner = relFunc;
2127
2128 binder_size_t minOffset = 0;
2129 for (size_t i = 0; i < mObjectsSize; i++) {
2130 binder_size_t offset = mObjects[i];
2131 if (offset < minOffset) {
2132 ALOGE("%s: bad object offset %" PRIu64 " < %" PRIu64 "\n",
2133 __func__, (uint64_t)offset, (uint64_t)minOffset);
2134 mObjectsSize = 0;
2135 break;
2136 }
2137 const flat_binder_object* flat
2138 = reinterpret_cast<const flat_binder_object*>(mData + offset);
2139 uint32_t type = flat->hdr.type;
2140 if (!(type == BINDER_TYPE_BINDER || type == BINDER_TYPE_HANDLE ||
2141 type == BINDER_TYPE_FD)) {
2142 // We should never receive other types (eg BINDER_TYPE_FDA) as long as we don't support
2143 // them in libbinder. If we do receive them, it probably means a kernel bug; try to
2144 // recover gracefully by clearing out the objects, and releasing the objects we do
2145 // know about.
2146 android_errorWriteLog(0x534e4554, "135930648");
2147 ALOGE("%s: unsupported type object (%" PRIu32 ") at offset %" PRIu64 "\n",
2148 __func__, type, (uint64_t)offset);
2149 releaseObjects();
2150 mObjectsSize = 0;
2151 break;
2152 }
2153 minOffset = offset + sizeof(flat_binder_object);
2154 }
2155 scanForFds();
2156 }
2157
print(TextOutput & to,uint32_t) const2158 void Parcel::print(TextOutput& to, uint32_t /*flags*/) const
2159 {
2160 to << "Parcel(";
2161
2162 if (errorCheck() != NO_ERROR) {
2163 const status_t err = errorCheck();
2164 to << "Error: " << (void*)(intptr_t)err << " \"" << strerror(-err) << "\"";
2165 } else if (dataSize() > 0) {
2166 const uint8_t* DATA = data();
2167 to << indent << HexDump(DATA, dataSize()) << dedent;
2168 const binder_size_t* OBJS = mObjects;
2169 const size_t N = objectsCount();
2170 for (size_t i=0; i<N; i++) {
2171 const flat_binder_object* flat
2172 = reinterpret_cast<const flat_binder_object*>(DATA+OBJS[i]);
2173 to << endl << "Object #" << i << " @ " << (void*)OBJS[i] << ": "
2174 << TypeCode(flat->hdr.type & 0x7f7f7f00)
2175 << " = " << flat->binder;
2176 }
2177 } else {
2178 to << "NULL";
2179 }
2180
2181 to << ")";
2182 }
2183
releaseObjects()2184 void Parcel::releaseObjects()
2185 {
2186 size_t i = mObjectsSize;
2187 if (i == 0) {
2188 return;
2189 }
2190 sp<ProcessState> proc(ProcessState::self());
2191 uint8_t* const data = mData;
2192 binder_size_t* const objects = mObjects;
2193 while (i > 0) {
2194 i--;
2195 const flat_binder_object* flat
2196 = reinterpret_cast<flat_binder_object*>(data+objects[i]);
2197 release_object(proc, *flat, this, &mOpenAshmemSize);
2198 }
2199 }
2200
acquireObjects()2201 void Parcel::acquireObjects()
2202 {
2203 size_t i = mObjectsSize;
2204 if (i == 0) {
2205 return;
2206 }
2207 const sp<ProcessState> proc(ProcessState::self());
2208 uint8_t* const data = mData;
2209 binder_size_t* const objects = mObjects;
2210 while (i > 0) {
2211 i--;
2212 const flat_binder_object* flat
2213 = reinterpret_cast<flat_binder_object*>(data+objects[i]);
2214 acquire_object(proc, *flat, this, &mOpenAshmemSize);
2215 }
2216 }
2217
freeData()2218 void Parcel::freeData()
2219 {
2220 freeDataNoInit();
2221 initState();
2222 }
2223
freeDataNoInit()2224 void Parcel::freeDataNoInit()
2225 {
2226 if (mOwner) {
2227 LOG_ALLOC("Parcel %p: freeing other owner data", this);
2228 //ALOGI("Freeing data ref of %p (pid=%d)", this, getpid());
2229 mOwner(this, mData, mDataSize, mObjects, mObjectsSize);
2230 } else {
2231 LOG_ALLOC("Parcel %p: freeing allocated data", this);
2232 releaseObjects();
2233 if (mData) {
2234 LOG_ALLOC("Parcel %p: freeing with %zu capacity", this, mDataCapacity);
2235 gParcelGlobalAllocSize -= mDataCapacity;
2236 gParcelGlobalAllocCount--;
2237 if (mDeallocZero) {
2238 zeroMemory(mData, mDataSize);
2239 }
2240 free(mData);
2241 }
2242 if (mObjects) free(mObjects);
2243 }
2244 }
2245
growData(size_t len)2246 status_t Parcel::growData(size_t len)
2247 {
2248 if (len > INT32_MAX) {
2249 // don't accept size_t values which may have come from an
2250 // inadvertent conversion from a negative int.
2251 return BAD_VALUE;
2252 }
2253
2254 if (len > SIZE_MAX - mDataSize) return NO_MEMORY; // overflow
2255 if (mDataSize + len > SIZE_MAX / 3) return NO_MEMORY; // overflow
2256 size_t newSize = ((mDataSize+len)*3)/2;
2257 return (newSize <= mDataSize)
2258 ? (status_t) NO_MEMORY
2259 : continueWrite(std::max(newSize, (size_t) 128));
2260 }
2261
reallocZeroFree(uint8_t * data,size_t oldCapacity,size_t newCapacity,bool zero)2262 static uint8_t* reallocZeroFree(uint8_t* data, size_t oldCapacity, size_t newCapacity, bool zero) {
2263 if (!zero) {
2264 return (uint8_t*)realloc(data, newCapacity);
2265 }
2266 uint8_t* newData = (uint8_t*)malloc(newCapacity);
2267 if (!newData) {
2268 return nullptr;
2269 }
2270
2271 memcpy(newData, data, std::min(oldCapacity, newCapacity));
2272 zeroMemory(data, oldCapacity);
2273 free(data);
2274 return newData;
2275 }
2276
restartWrite(size_t desired)2277 status_t Parcel::restartWrite(size_t desired)
2278 {
2279 if (desired > INT32_MAX) {
2280 // don't accept size_t values which may have come from an
2281 // inadvertent conversion from a negative int.
2282 return BAD_VALUE;
2283 }
2284
2285 if (mOwner) {
2286 freeData();
2287 return continueWrite(desired);
2288 }
2289
2290 uint8_t* data = reallocZeroFree(mData, mDataCapacity, desired, mDeallocZero);
2291 if (!data && desired > mDataCapacity) {
2292 mError = NO_MEMORY;
2293 return NO_MEMORY;
2294 }
2295
2296 releaseObjects();
2297
2298 if (data || desired == 0) {
2299 LOG_ALLOC("Parcel %p: restart from %zu to %zu capacity", this, mDataCapacity, desired);
2300 if (mDataCapacity > desired) {
2301 gParcelGlobalAllocSize -= (mDataCapacity - desired);
2302 } else {
2303 gParcelGlobalAllocSize += (desired - mDataCapacity);
2304 }
2305
2306 if (!mData) {
2307 gParcelGlobalAllocCount++;
2308 }
2309 mData = data;
2310 mDataCapacity = desired;
2311 }
2312
2313 mDataSize = mDataPos = 0;
2314 ALOGV("restartWrite Setting data size of %p to %zu", this, mDataSize);
2315 ALOGV("restartWrite Setting data pos of %p to %zu", this, mDataPos);
2316
2317 free(mObjects);
2318 mObjects = nullptr;
2319 mObjectsSize = mObjectsCapacity = 0;
2320 mNextObjectHint = 0;
2321 mObjectsSorted = false;
2322 mHasFds = false;
2323 mFdsKnown = true;
2324 mAllowFds = true;
2325
2326 return NO_ERROR;
2327 }
2328
continueWrite(size_t desired)2329 status_t Parcel::continueWrite(size_t desired)
2330 {
2331 if (desired > INT32_MAX) {
2332 // don't accept size_t values which may have come from an
2333 // inadvertent conversion from a negative int.
2334 return BAD_VALUE;
2335 }
2336
2337 // If shrinking, first adjust for any objects that appear
2338 // after the new data size.
2339 size_t objectsSize = mObjectsSize;
2340 if (desired < mDataSize) {
2341 if (desired == 0) {
2342 objectsSize = 0;
2343 } else {
2344 while (objectsSize > 0) {
2345 if (mObjects[objectsSize-1] < desired)
2346 break;
2347 objectsSize--;
2348 }
2349 }
2350 }
2351
2352 if (mOwner) {
2353 // If the size is going to zero, just release the owner's data.
2354 if (desired == 0) {
2355 freeData();
2356 return NO_ERROR;
2357 }
2358
2359 // If there is a different owner, we need to take
2360 // posession.
2361 uint8_t* data = (uint8_t*)malloc(desired);
2362 if (!data) {
2363 mError = NO_MEMORY;
2364 return NO_MEMORY;
2365 }
2366 binder_size_t* objects = nullptr;
2367
2368 if (objectsSize) {
2369 objects = (binder_size_t*)calloc(objectsSize, sizeof(binder_size_t));
2370 if (!objects) {
2371 free(data);
2372
2373 mError = NO_MEMORY;
2374 return NO_MEMORY;
2375 }
2376
2377 // Little hack to only acquire references on objects
2378 // we will be keeping.
2379 size_t oldObjectsSize = mObjectsSize;
2380 mObjectsSize = objectsSize;
2381 acquireObjects();
2382 mObjectsSize = oldObjectsSize;
2383 }
2384
2385 if (mData) {
2386 memcpy(data, mData, mDataSize < desired ? mDataSize : desired);
2387 }
2388 if (objects && mObjects) {
2389 memcpy(objects, mObjects, objectsSize*sizeof(binder_size_t));
2390 }
2391 //ALOGI("Freeing data ref of %p (pid=%d)", this, getpid());
2392 mOwner(this, mData, mDataSize, mObjects, mObjectsSize);
2393 mOwner = nullptr;
2394
2395 LOG_ALLOC("Parcel %p: taking ownership of %zu capacity", this, desired);
2396 gParcelGlobalAllocSize += desired;
2397 gParcelGlobalAllocCount++;
2398
2399 mData = data;
2400 mObjects = objects;
2401 mDataSize = (mDataSize < desired) ? mDataSize : desired;
2402 ALOGV("continueWrite Setting data size of %p to %zu", this, mDataSize);
2403 mDataCapacity = desired;
2404 mObjectsSize = mObjectsCapacity = objectsSize;
2405 mNextObjectHint = 0;
2406 mObjectsSorted = false;
2407
2408 } else if (mData) {
2409 if (objectsSize < mObjectsSize) {
2410 // Need to release refs on any objects we are dropping.
2411 const sp<ProcessState> proc(ProcessState::self());
2412 for (size_t i=objectsSize; i<mObjectsSize; i++) {
2413 const flat_binder_object* flat
2414 = reinterpret_cast<flat_binder_object*>(mData+mObjects[i]);
2415 if (flat->hdr.type == BINDER_TYPE_FD) {
2416 // will need to rescan because we may have lopped off the only FDs
2417 mFdsKnown = false;
2418 }
2419 release_object(proc, *flat, this, &mOpenAshmemSize);
2420 }
2421
2422 if (objectsSize == 0) {
2423 free(mObjects);
2424 mObjects = nullptr;
2425 mObjectsCapacity = 0;
2426 } else {
2427 binder_size_t* objects =
2428 (binder_size_t*)realloc(mObjects, objectsSize*sizeof(binder_size_t));
2429 if (objects) {
2430 mObjects = objects;
2431 mObjectsCapacity = objectsSize;
2432 }
2433 }
2434 mObjectsSize = objectsSize;
2435 mNextObjectHint = 0;
2436 mObjectsSorted = false;
2437 }
2438
2439 // We own the data, so we can just do a realloc().
2440 if (desired > mDataCapacity) {
2441 uint8_t* data = reallocZeroFree(mData, mDataCapacity, desired, mDeallocZero);
2442 if (data) {
2443 LOG_ALLOC("Parcel %p: continue from %zu to %zu capacity", this, mDataCapacity,
2444 desired);
2445 gParcelGlobalAllocSize += desired;
2446 gParcelGlobalAllocSize -= mDataCapacity;
2447 mData = data;
2448 mDataCapacity = desired;
2449 } else {
2450 mError = NO_MEMORY;
2451 return NO_MEMORY;
2452 }
2453 } else {
2454 if (mDataSize > desired) {
2455 mDataSize = desired;
2456 ALOGV("continueWrite Setting data size of %p to %zu", this, mDataSize);
2457 }
2458 if (mDataPos > desired) {
2459 mDataPos = desired;
2460 ALOGV("continueWrite Setting data pos of %p to %zu", this, mDataPos);
2461 }
2462 }
2463
2464 } else {
2465 // This is the first data. Easy!
2466 uint8_t* data = (uint8_t*)malloc(desired);
2467 if (!data) {
2468 mError = NO_MEMORY;
2469 return NO_MEMORY;
2470 }
2471
2472 if(!(mDataCapacity == 0 && mObjects == nullptr
2473 && mObjectsCapacity == 0)) {
2474 ALOGE("continueWrite: %zu/%p/%zu/%zu", mDataCapacity, mObjects, mObjectsCapacity, desired);
2475 }
2476
2477 LOG_ALLOC("Parcel %p: allocating with %zu capacity", this, desired);
2478 gParcelGlobalAllocSize += desired;
2479 gParcelGlobalAllocCount++;
2480
2481 mData = data;
2482 mDataSize = mDataPos = 0;
2483 ALOGV("continueWrite Setting data size of %p to %zu", this, mDataSize);
2484 ALOGV("continueWrite Setting data pos of %p to %zu", this, mDataPos);
2485 mDataCapacity = desired;
2486 }
2487
2488 return NO_ERROR;
2489 }
2490
initState()2491 void Parcel::initState()
2492 {
2493 LOG_ALLOC("Parcel %p: initState", this);
2494 mError = NO_ERROR;
2495 mData = nullptr;
2496 mDataSize = 0;
2497 mDataCapacity = 0;
2498 mDataPos = 0;
2499 ALOGV("initState Setting data size of %p to %zu", this, mDataSize);
2500 ALOGV("initState Setting data pos of %p to %zu", this, mDataPos);
2501 mSession = nullptr;
2502 mObjects = nullptr;
2503 mObjectsSize = 0;
2504 mObjectsCapacity = 0;
2505 mNextObjectHint = 0;
2506 mObjectsSorted = false;
2507 mHasFds = false;
2508 mFdsKnown = true;
2509 mAllowFds = true;
2510 mDeallocZero = false;
2511 mOwner = nullptr;
2512 mOpenAshmemSize = 0;
2513 mWorkSourceRequestHeaderPosition = 0;
2514 mRequestHeaderPresent = false;
2515
2516 // racing multiple init leads only to multiple identical write
2517 if (gMaxFds == 0) {
2518 struct rlimit result;
2519 if (!getrlimit(RLIMIT_NOFILE, &result)) {
2520 gMaxFds = (size_t)result.rlim_cur;
2521 //ALOGI("parcel fd limit set to %zu", gMaxFds);
2522 } else {
2523 ALOGW("Unable to getrlimit: %s", strerror(errno));
2524 gMaxFds = 1024;
2525 }
2526 }
2527 }
2528
scanForFds() const2529 void Parcel::scanForFds() const
2530 {
2531 bool hasFds = false;
2532 for (size_t i=0; i<mObjectsSize; i++) {
2533 const flat_binder_object* flat
2534 = reinterpret_cast<const flat_binder_object*>(mData + mObjects[i]);
2535 if (flat->hdr.type == BINDER_TYPE_FD) {
2536 hasFds = true;
2537 break;
2538 }
2539 }
2540 mHasFds = hasFds;
2541 mFdsKnown = true;
2542 }
2543
getBlobAshmemSize() const2544 size_t Parcel::getBlobAshmemSize() const
2545 {
2546 // This used to return the size of all blobs that were written to ashmem, now we're returning
2547 // the ashmem currently referenced by this Parcel, which should be equivalent.
2548 // TODO: Remove method once ABI can be changed.
2549 return mOpenAshmemSize;
2550 }
2551
getOpenAshmemSize() const2552 size_t Parcel::getOpenAshmemSize() const
2553 {
2554 return mOpenAshmemSize;
2555 }
2556
2557 // --- Parcel::Blob ---
2558
Blob()2559 Parcel::Blob::Blob() :
2560 mFd(-1), mData(nullptr), mSize(0), mMutable(false) {
2561 }
2562
~Blob()2563 Parcel::Blob::~Blob() {
2564 release();
2565 }
2566
release()2567 void Parcel::Blob::release() {
2568 if (mFd != -1 && mData) {
2569 ::munmap(mData, mSize);
2570 }
2571 clear();
2572 }
2573
init(int fd,void * data,size_t size,bool isMutable)2574 void Parcel::Blob::init(int fd, void* data, size_t size, bool isMutable) {
2575 mFd = fd;
2576 mData = data;
2577 mSize = size;
2578 mMutable = isMutable;
2579 }
2580
clear()2581 void Parcel::Blob::clear() {
2582 mFd = -1;
2583 mData = nullptr;
2584 mSize = 0;
2585 mMutable = false;
2586 }
2587
2588 } // namespace android
2589