1 /* 2 * Copyright (C) 2020 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 #pragma once 17 18 #include <binder/Common.h> 19 #include <binder/IBinder.h> 20 #include <binder/RpcThreads.h> 21 #include <binder/RpcTransport.h> 22 #include <binder/unique_fd.h> 23 #include <utils/Errors.h> 24 #include <utils/RefBase.h> 25 26 #include <map> 27 #include <optional> 28 #include <vector> 29 30 namespace android { 31 32 class Parcel; 33 class RpcServer; 34 class RpcServerTrusty; 35 class RpcSocketAddress; 36 class RpcState; 37 class RpcTransport; 38 class FdTrigger; 39 40 constexpr uint32_t RPC_WIRE_PROTOCOL_VERSION_NEXT = 2; 41 constexpr uint32_t RPC_WIRE_PROTOCOL_VERSION_EXPERIMENTAL = 0xF0000000; 42 constexpr uint32_t RPC_WIRE_PROTOCOL_VERSION = 1; 43 44 // Starting with this version: 45 // 46 // * RpcWireReply is larger (4 bytes -> 20). 47 // * RpcWireTransaction and RpcWireReplyV1 include the parcel data size. 48 constexpr uint32_t RPC_WIRE_PROTOCOL_VERSION_RPC_HEADER_FEATURE_EXPLICIT_PARCEL_SIZE = 1; 49 50 /** 51 * This represents a session (group of connections) between a client 52 * and a server. Multiple connections are needed for multiple parallel "binder" 53 * calls which may also have nested calls. 54 * 55 * Once a binder exists in the session, if all references to all binders are dropped, 56 * the session shuts down. 57 */ 58 class RpcSession final : public virtual RefBase { 59 public: 60 // Create an RpcSession with default configuration (raw sockets). 61 LIBBINDER_EXPORTED static sp<RpcSession> make(); 62 63 // Create an RpcSession with the given configuration. |serverRpcCertificateFormat| and 64 // |serverCertificate| must have values or be nullopt simultaneously. If they have values, set 65 // server certificate. 66 LIBBINDER_EXPORTED static sp<RpcSession> make( 67 std::unique_ptr<RpcTransportCtxFactory> rpcTransportCtxFactory); 68 69 /** 70 * Set the maximum number of incoming threads allowed to be made (for things like callbacks). 71 * By default, this is 0. This must be called before setting up this connection as a client. 72 * Server sessions will inherits this value from RpcServer. Each thread will serve a 73 * connection to the remote RpcSession. 74 * 75 * If this is called, 'shutdown' on this session must also be called. 76 * Otherwise, a threadpool will leak. 77 * 78 * TODO(b/189955605): start these lazily - currently all are started 79 */ 80 LIBBINDER_EXPORTED void setMaxIncomingThreads(size_t threads); 81 LIBBINDER_EXPORTED size_t getMaxIncomingThreads(); 82 83 /** 84 * Set the maximum number of outgoing connections allowed to be made. 85 * By default, this is |kDefaultMaxOutgoingConnections|. This must be called before setting up 86 * this connection as a client. 87 * 88 * For an RpcSession client, if you are connecting to a server which starts N threads, 89 * then this must be set to >= N. If you set the maximum number of outgoing connections 90 * to 1, but the server requests 10, then it would be considered an error. If you set a 91 * maximum number of connections to 10, and the server requests 1, then only 1 will be 92 * created. This API is used to limit the amount of resources a server can request you 93 * create. 94 */ 95 LIBBINDER_EXPORTED void setMaxOutgoingConnections(size_t connections); 96 LIBBINDER_EXPORTED size_t getMaxOutgoingThreads(); 97 98 /** 99 * By default, the minimum of the supported versions of the client and the 100 * server will be used. Usually, this API should only be used for debugging. 101 */ 102 [[nodiscard]] LIBBINDER_EXPORTED bool setProtocolVersion(uint32_t version); 103 LIBBINDER_EXPORTED std::optional<uint32_t> getProtocolVersion(); 104 105 enum class FileDescriptorTransportMode : uint8_t { 106 NONE = 0, 107 // Send file descriptors via unix domain socket ancillary data. 108 UNIX = 1, 109 // Send file descriptors as Trusty IPC handles. 110 TRUSTY = 2, 111 }; 112 113 /** 114 * Set the transport for sending and receiving file descriptors. 115 */ 116 LIBBINDER_EXPORTED void setFileDescriptorTransportMode(FileDescriptorTransportMode mode); 117 LIBBINDER_EXPORTED FileDescriptorTransportMode getFileDescriptorTransportMode(); 118 119 /** 120 * This should be called once per thread, matching 'join' in the remote 121 * process. 122 */ 123 [[nodiscard]] LIBBINDER_EXPORTED status_t setupUnixDomainClient(const char* path); 124 125 /** 126 * Connects to an RPC server over a nameless Unix domain socket pair. 127 */ 128 [[nodiscard]] LIBBINDER_EXPORTED status_t 129 setupUnixDomainSocketBootstrapClient(binder::unique_fd bootstrap); 130 131 /** 132 * Connects to an RPC server at the CID & port. 133 */ 134 [[nodiscard]] LIBBINDER_EXPORTED status_t setupVsockClient(unsigned int cid, unsigned int port); 135 136 /** 137 * Connects to an RPC server at the given address and port. 138 */ 139 [[nodiscard]] LIBBINDER_EXPORTED status_t setupInetClient(const char* addr, unsigned int port); 140 141 /** 142 * Starts talking to an RPC server which has already been connected to. This 143 * is expected to be used when another process has permission to connect to 144 * a binder RPC service, but this process only has permission to talk to 145 * that service. 146 * 147 * For convenience, if 'fd' is -1, 'request' will be called. 148 * 149 * For future compatibility, 'request' should not reference any stack data. 150 */ 151 [[nodiscard]] LIBBINDER_EXPORTED status_t 152 setupPreconnectedClient(binder::unique_fd fd, std::function<binder::unique_fd()>&& request); 153 154 /** 155 * For debugging! 156 * 157 * Sets up an empty connection. All queries to this connection which require a 158 * response will never be satisfied. All data sent here will be 159 * unceremoniously cast down the bottomless pit, /dev/null. 160 */ 161 [[nodiscard]] LIBBINDER_EXPORTED status_t addNullDebuggingClient(); 162 163 /** 164 * Query the other side of the session for the root object hosted by that 165 * process's RpcServer (if one exists) 166 */ 167 LIBBINDER_EXPORTED sp<IBinder> getRootObject(); 168 169 /** 170 * Query the other side of the session for the maximum number of threads 171 * it supports (maximum number of concurrent non-nested synchronous transactions) 172 */ 173 [[nodiscard]] LIBBINDER_EXPORTED status_t getRemoteMaxThreads(size_t* maxThreads); 174 175 /** 176 * See RpcTransportCtx::getCertificate 177 */ 178 LIBBINDER_EXPORTED std::vector<uint8_t> getCertificate(RpcCertificateFormat); 179 180 /** 181 * Shuts down the service. 182 * 183 * For client sessions, wait can be true or false. For server sessions, 184 * waiting is not currently supported (will abort). 185 * 186 * Warning: this is currently not active/nice (the server isn't told we're 187 * shutting down). Being nicer to the server could potentially make it 188 * reclaim resources faster. 189 * 190 * If this is called w/ 'wait' true, then this will wait for shutdown to 191 * complete before returning. This will hang if it is called from the 192 * session threadpool (when processing received calls). 193 */ 194 [[nodiscard]] LIBBINDER_EXPORTED bool shutdownAndWait(bool wait); 195 196 [[nodiscard]] LIBBINDER_EXPORTED status_t transact(const sp<IBinder>& binder, uint32_t code, 197 const Parcel& data, Parcel* reply, 198 uint32_t flags); 199 200 /** 201 * Generally, you should not call this, unless you are testing error 202 * conditions, as this is called automatically by BpBinders when they are 203 * deleted (this is also why a raw pointer is used here) 204 */ 205 [[nodiscard]] LIBBINDER_EXPORTED status_t sendDecStrong(const BpBinder* binder); 206 207 /** 208 * Whether any requests are currently being processed. 209 */ 210 LIBBINDER_EXPORTED bool hasActiveRequests(); 211 212 LIBBINDER_EXPORTED ~RpcSession(); 213 214 /** 215 * Server if this session is created as part of a server (symmetrical to 216 * client servers). Otherwise, nullptr. 217 */ 218 LIBBINDER_EXPORTED sp<RpcServer> server(); 219 220 // internal only state()221 LIBBINDER_EXPORTED const std::unique_ptr<RpcState>& state() { return mRpcBinderState; } 222 223 private: 224 friend sp<RpcSession>; 225 friend RpcServer; 226 friend RpcServerTrusty; 227 friend RpcState; 228 explicit RpcSession(std::unique_ptr<RpcTransportCtx> ctx); 229 230 static constexpr size_t kDefaultMaxOutgoingConnections = 10; 231 232 // internal version of setProtocolVersion that 233 // optionally skips the mStartedSetup check 234 [[nodiscard]] bool setProtocolVersionInternal(uint32_t version, bool checkStarted); 235 236 // for 'target', see RpcState::sendDecStrongToTarget 237 [[nodiscard]] status_t sendDecStrongToTarget(uint64_t address, size_t target); 238 239 class EventListener : public virtual RefBase { 240 public: 241 virtual void onSessionAllIncomingThreadsEnded(const sp<RpcSession>& session) = 0; 242 virtual void onSessionIncomingThreadEnded() = 0; 243 }; 244 245 class WaitForShutdownListener : public EventListener { 246 public: 247 void onSessionAllIncomingThreadsEnded(const sp<RpcSession>& session) override; 248 void onSessionIncomingThreadEnded() override; 249 void waitForShutdown(RpcMutexUniqueLock& lock, const sp<RpcSession>& session); 250 251 private: 252 RpcConditionVariable mCv; 253 std::atomic<size_t> mShutdownCount = 0; 254 }; 255 friend WaitForShutdownListener; 256 257 struct RpcConnection : public RefBase { 258 std::unique_ptr<RpcTransport> rpcTransport; 259 260 // whether this or another thread is currently using this fd to make 261 // or receive transactions. 262 std::optional<uint64_t> exclusiveTid; 263 264 bool allowNested = false; 265 }; 266 267 [[nodiscard]] status_t readId(); 268 269 // A thread joining a server must always call these functions in order, and 270 // cleanup is only programmed once into join. These are in separate 271 // functions in order to allow for different locks to be taken during 272 // different parts of setup. 273 // 274 // transfer ownership of thread (usually done while a lock is taken on the 275 // structure which originally owns the thread) 276 void preJoinThreadOwnership(RpcMaybeThread thread); 277 // pass FD to thread and read initial connection information 278 struct PreJoinSetupResult { 279 // Server connection object associated with this 280 sp<RpcConnection> connection; 281 // Status of setup 282 status_t status; 283 }; 284 PreJoinSetupResult preJoinSetup(std::unique_ptr<RpcTransport> rpcTransport); 285 // join on thread passed to preJoinThreadOwnership 286 static void join(sp<RpcSession>&& session, PreJoinSetupResult&& result); 287 288 [[nodiscard]] status_t setupClient( 289 const std::function<status_t(const std::vector<uint8_t>& sessionId, bool incoming)>& 290 connectAndInit); 291 [[nodiscard]] status_t setupSocketClient(const RpcSocketAddress& address); 292 [[nodiscard]] status_t setupOneSocketConnection(const RpcSocketAddress& address, 293 const std::vector<uint8_t>& sessionId, 294 bool incoming); 295 [[nodiscard]] status_t initAndAddConnection(RpcTransportFd fd, 296 const std::vector<uint8_t>& sessionId, 297 bool incoming); 298 [[nodiscard]] status_t addIncomingConnection(std::unique_ptr<RpcTransport> rpcTransport); 299 [[nodiscard]] status_t addOutgoingConnection(std::unique_ptr<RpcTransport> rpcTransport, 300 bool init); 301 [[nodiscard]] bool setForServer(const wp<RpcServer>& server, 302 const wp<RpcSession::EventListener>& eventListener, 303 const std::vector<uint8_t>& sessionId, 304 const sp<IBinder>& sessionSpecificRoot); 305 sp<RpcConnection> assignIncomingConnectionToThisThread( 306 std::unique_ptr<RpcTransport> rpcTransport); 307 [[nodiscard]] bool removeIncomingConnection(const sp<RpcConnection>& connection); 308 void clearConnectionTid(const sp<RpcConnection>& connection); 309 310 [[nodiscard]] status_t initShutdownTrigger(); 311 312 /** 313 * Checks whether any connection is active (Not polling on fd) 314 */ 315 bool hasActiveConnection(const std::vector<sp<RpcConnection>>& connections); 316 317 enum class ConnectionUse { 318 CLIENT, 319 CLIENT_ASYNC, 320 CLIENT_REFCOUNT, 321 }; 322 323 // Object representing exclusive access to a connection. 324 class ExclusiveConnection { 325 public: 326 [[nodiscard]] static status_t find(const sp<RpcSession>& session, ConnectionUse use, 327 ExclusiveConnection* connection); 328 329 ~ExclusiveConnection(); get()330 const sp<RpcConnection>& get() { return mConnection; } 331 332 private: 333 static void findConnection(uint64_t tid, sp<RpcConnection>* exclusive, 334 sp<RpcConnection>* available, 335 std::vector<sp<RpcConnection>>& sockets, 336 size_t socketsIndexHint); 337 338 sp<RpcSession> mSession; // avoid deallocation 339 sp<RpcConnection> mConnection; 340 341 // whether this is being used for a nested transaction (being on the same 342 // thread guarantees we won't write in the middle of a message, the way 343 // the wire protocol is constructed guarantees this is safe). 344 bool mReentrant = false; 345 }; 346 347 const std::unique_ptr<RpcTransportCtx> mCtx; 348 349 // On the other side of a session, for each of mOutgoing here, there should 350 // be one of mIncoming on the other side (and vice versa). 351 // 352 // For the simplest session, a single server with one client, you would 353 // have: 354 // - the server has a single 'mIncoming' and a thread listening on this 355 // - the client has a single 'mOutgoing' and makes calls to this 356 // - here, when the client makes a call, the server can call back into it 357 // (nested calls), but outside of this, the client will only ever read 358 // calls from the server when it makes a call itself. 359 // 360 // For a more complicated case, the client might itself open up a thread to 361 // serve calls to the server at all times (e.g. if it hosts a callback) 362 363 wp<RpcServer> mForServer; // maybe null, for client sessions 364 sp<WaitForShutdownListener> mShutdownListener; // used for client sessions 365 wp<EventListener> mEventListener; // mForServer if server, mShutdownListener if client 366 367 // session-specific root object (if a different root is used for each 368 // session) 369 sp<IBinder> mSessionSpecificRootObject; 370 371 std::vector<uint8_t> mId; 372 373 std::unique_ptr<FdTrigger> mShutdownTrigger; 374 375 std::unique_ptr<RpcState> mRpcBinderState; 376 377 RpcMutex mMutex; // for all below 378 379 bool mStartedSetup = false; 380 size_t mMaxIncomingThreads = 0; 381 size_t mMaxOutgoingConnections = kDefaultMaxOutgoingConnections; 382 std::optional<uint32_t> mProtocolVersion; 383 FileDescriptorTransportMode mFileDescriptorTransportMode = FileDescriptorTransportMode::NONE; 384 385 RpcConditionVariable mAvailableConnectionCv; // for mWaitingThreads 386 387 std::unique_ptr<RpcTransport> mBootstrapTransport; 388 389 struct ThreadState { 390 size_t mWaitingThreads = 0; 391 // hint index into clients, ++ when sending an async transaction 392 size_t mOutgoingOffset = 0; 393 std::vector<sp<RpcConnection>> mOutgoing; 394 // max size of mIncoming. Once any thread starts down, no more can be started. 395 size_t mMaxIncoming = 0; 396 std::vector<sp<RpcConnection>> mIncoming; 397 std::map<RpcMaybeThread::id, RpcMaybeThread> mThreads; 398 } mConnections; 399 }; 400 401 } // namespace android 402