• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* Copyright 2008 The Android Open Source Project
2  */
3 
4 #include <stdio.h>
5 #include <stdlib.h>
6 #include <errno.h>
7 #include <unistd.h>
8 #include <fcntl.h>
9 #include <sys/mman.h>
10 
11 #include "binder.h"
12 
13 #define MAX_BIO_SIZE (1 << 30)
14 
15 #define TRACE 0
16 
17 #define LOG_TAG "Binder"
18 #include <cutils/log.h>
19 
20 void bio_init_from_txn(struct binder_io *io, struct binder_txn *txn);
21 
22 #if TRACE
hexdump(void * _data,unsigned len)23 void hexdump(void *_data, unsigned len)
24 {
25     unsigned char *data = _data;
26     unsigned count;
27 
28     for (count = 0; count < len; count++) {
29         if ((count & 15) == 0)
30             fprintf(stderr,"%04x:", count);
31         fprintf(stderr," %02x %c", *data,
32                 (*data < 32) || (*data > 126) ? '.' : *data);
33         data++;
34         if ((count & 15) == 15)
35             fprintf(stderr,"\n");
36     }
37     if ((count & 15) != 0)
38         fprintf(stderr,"\n");
39 }
40 
binder_dump_txn(struct binder_txn * txn)41 void binder_dump_txn(struct binder_txn *txn)
42 {
43     struct binder_object *obj;
44     unsigned *offs = txn->offs;
45     unsigned count = txn->offs_size / 4;
46 
47     fprintf(stderr,"  target %p  cookie %p  code %08x  flags %08x\n",
48             txn->target, txn->cookie, txn->code, txn->flags);
49     fprintf(stderr,"  pid %8d  uid %8d  data %8d  offs %8d\n",
50             txn->sender_pid, txn->sender_euid, txn->data_size, txn->offs_size);
51     hexdump(txn->data, txn->data_size);
52     while (count--) {
53         obj = (void*) (((char*) txn->data) + *offs++);
54         fprintf(stderr,"  - type %08x  flags %08x  ptr %p  cookie %p\n",
55                 obj->type, obj->flags, obj->pointer, obj->cookie);
56     }
57 }
58 
59 #define NAME(n) case n: return #n
cmd_name(uint32_t cmd)60 const char *cmd_name(uint32_t cmd)
61 {
62     switch(cmd) {
63         NAME(BR_NOOP);
64         NAME(BR_TRANSACTION_COMPLETE);
65         NAME(BR_INCREFS);
66         NAME(BR_ACQUIRE);
67         NAME(BR_RELEASE);
68         NAME(BR_DECREFS);
69         NAME(BR_TRANSACTION);
70         NAME(BR_REPLY);
71         NAME(BR_FAILED_REPLY);
72         NAME(BR_DEAD_REPLY);
73         NAME(BR_DEAD_BINDER);
74     default: return "???";
75     }
76 }
77 #else
78 #define hexdump(a,b) do{} while (0)
79 #define binder_dump_txn(txn)  do{} while (0)
80 #endif
81 
82 #define BIO_F_SHARED    0x01  /* needs to be buffer freed */
83 #define BIO_F_OVERFLOW  0x02  /* ran out of space */
84 #define BIO_F_IOERROR   0x04
85 #define BIO_F_MALLOCED  0x08  /* needs to be free()'d */
86 
87 struct binder_state
88 {
89     int fd;
90     void *mapped;
91     unsigned mapsize;
92 };
93 
binder_open(unsigned mapsize)94 struct binder_state *binder_open(unsigned mapsize)
95 {
96     struct binder_state *bs;
97 
98     bs = malloc(sizeof(*bs));
99     if (!bs) {
100         errno = ENOMEM;
101         return 0;
102     }
103 
104     bs->fd = open("/dev/binder", O_RDWR);
105     if (bs->fd < 0) {
106         fprintf(stderr,"binder: cannot open device (%s)\n",
107                 strerror(errno));
108         goto fail_open;
109     }
110 
111     bs->mapsize = mapsize;
112     bs->mapped = mmap(NULL, mapsize, PROT_READ, MAP_PRIVATE, bs->fd, 0);
113     if (bs->mapped == MAP_FAILED) {
114         fprintf(stderr,"binder: cannot map device (%s)\n",
115                 strerror(errno));
116         goto fail_map;
117     }
118 
119         /* TODO: check version */
120 
121     return bs;
122 
123 fail_map:
124     close(bs->fd);
125 fail_open:
126     free(bs);
127     return 0;
128 }
129 
binder_close(struct binder_state * bs)130 void binder_close(struct binder_state *bs)
131 {
132     munmap(bs->mapped, bs->mapsize);
133     close(bs->fd);
134     free(bs);
135 }
136 
binder_become_context_manager(struct binder_state * bs)137 int binder_become_context_manager(struct binder_state *bs)
138 {
139     return ioctl(bs->fd, BINDER_SET_CONTEXT_MGR, 0);
140 }
141 
binder_write(struct binder_state * bs,void * data,unsigned len)142 int binder_write(struct binder_state *bs, void *data, unsigned len)
143 {
144     struct binder_write_read bwr;
145     int res;
146     bwr.write_size = len;
147     bwr.write_consumed = 0;
148     bwr.write_buffer = (unsigned) data;
149     bwr.read_size = 0;
150     bwr.read_consumed = 0;
151     bwr.read_buffer = 0;
152     res = ioctl(bs->fd, BINDER_WRITE_READ, &bwr);
153     if (res < 0) {
154         fprintf(stderr,"binder_write: ioctl failed (%s)\n",
155                 strerror(errno));
156     }
157     return res;
158 }
159 
binder_send_reply(struct binder_state * bs,struct binder_io * reply,void * buffer_to_free,int status)160 void binder_send_reply(struct binder_state *bs,
161                        struct binder_io *reply,
162                        void *buffer_to_free,
163                        int status)
164 {
165     struct {
166         uint32_t cmd_free;
167         void *buffer;
168         uint32_t cmd_reply;
169         struct binder_txn txn;
170     } __attribute__((packed)) data;
171 
172     data.cmd_free = BC_FREE_BUFFER;
173     data.buffer = buffer_to_free;
174     data.cmd_reply = BC_REPLY;
175     data.txn.target = 0;
176     data.txn.cookie = 0;
177     data.txn.code = 0;
178     if (status) {
179         data.txn.flags = TF_STATUS_CODE;
180         data.txn.data_size = sizeof(int);
181         data.txn.offs_size = 0;
182         data.txn.data = &status;
183         data.txn.offs = 0;
184     } else {
185         data.txn.flags = 0;
186         data.txn.data_size = reply->data - reply->data0;
187         data.txn.offs_size = ((char*) reply->offs) - ((char*) reply->offs0);
188         data.txn.data = reply->data0;
189         data.txn.offs = reply->offs0;
190     }
191     binder_write(bs, &data, sizeof(data));
192 }
193 
binder_parse(struct binder_state * bs,struct binder_io * bio,uint32_t * ptr,uint32_t size,binder_handler func)194 int binder_parse(struct binder_state *bs, struct binder_io *bio,
195                  uint32_t *ptr, uint32_t size, binder_handler func)
196 {
197     int r = 1;
198     uint32_t *end = ptr + (size / 4);
199 
200     while (ptr < end) {
201         uint32_t cmd = *ptr++;
202 #if TRACE
203         fprintf(stderr,"%s:\n", cmd_name(cmd));
204 #endif
205         switch(cmd) {
206         case BR_NOOP:
207             break;
208         case BR_TRANSACTION_COMPLETE:
209             break;
210         case BR_INCREFS:
211         case BR_ACQUIRE:
212         case BR_RELEASE:
213         case BR_DECREFS:
214 #if TRACE
215             fprintf(stderr,"  %08x %08x\n", ptr[0], ptr[1]);
216 #endif
217             ptr += 2;
218             break;
219         case BR_TRANSACTION: {
220             struct binder_txn *txn = (void *) ptr;
221             if ((end - ptr) * sizeof(uint32_t) < sizeof(struct binder_txn)) {
222                 LOGE("parse: txn too small!\n");
223                 return -1;
224             }
225             binder_dump_txn(txn);
226             if (func) {
227                 unsigned rdata[256/4];
228                 struct binder_io msg;
229                 struct binder_io reply;
230                 int res;
231 
232                 bio_init(&reply, rdata, sizeof(rdata), 4);
233                 bio_init_from_txn(&msg, txn);
234                 res = func(bs, txn, &msg, &reply);
235                 binder_send_reply(bs, &reply, txn->data, res);
236             }
237             ptr += sizeof(*txn) / sizeof(uint32_t);
238             break;
239         }
240         case BR_REPLY: {
241             struct binder_txn *txn = (void*) ptr;
242             if ((end - ptr) * sizeof(uint32_t) < sizeof(struct binder_txn)) {
243                 LOGE("parse: reply too small!\n");
244                 return -1;
245             }
246             binder_dump_txn(txn);
247             if (bio) {
248                 bio_init_from_txn(bio, txn);
249                 bio = 0;
250             } else {
251                     /* todo FREE BUFFER */
252             }
253             ptr += (sizeof(*txn) / sizeof(uint32_t));
254             r = 0;
255             break;
256         }
257         case BR_DEAD_BINDER: {
258             struct binder_death *death = (void*) *ptr++;
259             death->func(bs, death->ptr);
260             break;
261         }
262         case BR_FAILED_REPLY:
263             r = -1;
264             break;
265         case BR_DEAD_REPLY:
266             r = -1;
267             break;
268         default:
269             LOGE("parse: OOPS %d\n", cmd);
270             return -1;
271         }
272     }
273 
274     return r;
275 }
276 
binder_acquire(struct binder_state * bs,void * ptr)277 void binder_acquire(struct binder_state *bs, void *ptr)
278 {
279     uint32_t cmd[2];
280     cmd[0] = BC_ACQUIRE;
281     cmd[1] = (uint32_t) ptr;
282     binder_write(bs, cmd, sizeof(cmd));
283 }
284 
binder_release(struct binder_state * bs,void * ptr)285 void binder_release(struct binder_state *bs, void *ptr)
286 {
287     uint32_t cmd[2];
288     cmd[0] = BC_RELEASE;
289     cmd[1] = (uint32_t) ptr;
290     binder_write(bs, cmd, sizeof(cmd));
291 }
292 
binder_link_to_death(struct binder_state * bs,void * ptr,struct binder_death * death)293 void binder_link_to_death(struct binder_state *bs, void *ptr, struct binder_death *death)
294 {
295     uint32_t cmd[3];
296     cmd[0] = BC_REQUEST_DEATH_NOTIFICATION;
297     cmd[1] = (uint32_t) ptr;
298     cmd[2] = (uint32_t) death;
299     binder_write(bs, cmd, sizeof(cmd));
300 }
301 
302 
binder_call(struct binder_state * bs,struct binder_io * msg,struct binder_io * reply,void * target,uint32_t code)303 int binder_call(struct binder_state *bs,
304                 struct binder_io *msg, struct binder_io *reply,
305                 void *target, uint32_t code)
306 {
307     int res;
308     struct binder_write_read bwr;
309     struct {
310         uint32_t cmd;
311         struct binder_txn txn;
312     } writebuf;
313     unsigned readbuf[32];
314 
315     if (msg->flags & BIO_F_OVERFLOW) {
316         fprintf(stderr,"binder: txn buffer overflow\n");
317         goto fail;
318     }
319 
320     writebuf.cmd = BC_TRANSACTION;
321     writebuf.txn.target = target;
322     writebuf.txn.code = code;
323     writebuf.txn.flags = 0;
324     writebuf.txn.data_size = msg->data - msg->data0;
325     writebuf.txn.offs_size = ((char*) msg->offs) - ((char*) msg->offs0);
326     writebuf.txn.data = msg->data0;
327     writebuf.txn.offs = msg->offs0;
328 
329     bwr.write_size = sizeof(writebuf);
330     bwr.write_consumed = 0;
331     bwr.write_buffer = (unsigned) &writebuf;
332 
333     hexdump(msg->data0, msg->data - msg->data0);
334     for (;;) {
335         bwr.read_size = sizeof(readbuf);
336         bwr.read_consumed = 0;
337         bwr.read_buffer = (unsigned) readbuf;
338 
339         res = ioctl(bs->fd, BINDER_WRITE_READ, &bwr);
340 
341         if (res < 0) {
342             fprintf(stderr,"binder: ioctl failed (%s)\n", strerror(errno));
343             goto fail;
344         }
345 
346         res = binder_parse(bs, reply, readbuf, bwr.read_consumed, 0);
347         if (res == 0) return 0;
348         if (res < 0) goto fail;
349     }
350 
351 fail:
352     memset(reply, 0, sizeof(*reply));
353     reply->flags |= BIO_F_IOERROR;
354     return -1;
355 }
356 
binder_loop(struct binder_state * bs,binder_handler func)357 void binder_loop(struct binder_state *bs, binder_handler func)
358 {
359     int res;
360     struct binder_write_read bwr;
361     unsigned readbuf[32];
362 
363     bwr.write_size = 0;
364     bwr.write_consumed = 0;
365     bwr.write_buffer = 0;
366 
367     readbuf[0] = BC_ENTER_LOOPER;
368     binder_write(bs, readbuf, sizeof(unsigned));
369 
370     for (;;) {
371         bwr.read_size = sizeof(readbuf);
372         bwr.read_consumed = 0;
373         bwr.read_buffer = (unsigned) readbuf;
374 
375         res = ioctl(bs->fd, BINDER_WRITE_READ, &bwr);
376 
377         if (res < 0) {
378             LOGE("binder_loop: ioctl failed (%s)\n", strerror(errno));
379             break;
380         }
381 
382         res = binder_parse(bs, 0, readbuf, bwr.read_consumed, func);
383         if (res == 0) {
384             LOGE("binder_loop: unexpected reply?!\n");
385             break;
386         }
387         if (res < 0) {
388             LOGE("binder_loop: io error %d %s\n", res, strerror(errno));
389             break;
390         }
391     }
392 }
393 
bio_init_from_txn(struct binder_io * bio,struct binder_txn * txn)394 void bio_init_from_txn(struct binder_io *bio, struct binder_txn *txn)
395 {
396     bio->data = bio->data0 = txn->data;
397     bio->offs = bio->offs0 = txn->offs;
398     bio->data_avail = txn->data_size;
399     bio->offs_avail = txn->offs_size / 4;
400     bio->flags = BIO_F_SHARED;
401 }
402 
bio_init(struct binder_io * bio,void * data,uint32_t maxdata,uint32_t maxoffs)403 void bio_init(struct binder_io *bio, void *data,
404               uint32_t maxdata, uint32_t maxoffs)
405 {
406     uint32_t n = maxoffs * sizeof(uint32_t);
407 
408     if (n > maxdata) {
409         bio->flags = BIO_F_OVERFLOW;
410         bio->data_avail = 0;
411         bio->offs_avail = 0;
412         return;
413     }
414 
415     bio->data = bio->data0 = data + n;
416     bio->offs = bio->offs0 = data;
417     bio->data_avail = maxdata - n;
418     bio->offs_avail = maxoffs;
419     bio->flags = 0;
420 }
421 
bio_alloc(struct binder_io * bio,uint32_t size)422 static void *bio_alloc(struct binder_io *bio, uint32_t size)
423 {
424     size = (size + 3) & (~3);
425     if (size > bio->data_avail) {
426         bio->flags |= BIO_F_OVERFLOW;
427         return 0;
428     } else {
429         void *ptr = bio->data;
430         bio->data += size;
431         bio->data_avail -= size;
432         return ptr;
433     }
434 }
435 
binder_done(struct binder_state * bs,struct binder_io * msg,struct binder_io * reply)436 void binder_done(struct binder_state *bs,
437                  struct binder_io *msg,
438                  struct binder_io *reply)
439 {
440     if (reply->flags & BIO_F_SHARED) {
441         uint32_t cmd[2];
442         cmd[0] = BC_FREE_BUFFER;
443         cmd[1] = (uint32_t) reply->data0;
444         binder_write(bs, cmd, sizeof(cmd));
445         reply->flags = 0;
446     }
447 }
448 
bio_alloc_obj(struct binder_io * bio)449 static struct binder_object *bio_alloc_obj(struct binder_io *bio)
450 {
451     struct binder_object *obj;
452 
453     obj = bio_alloc(bio, sizeof(*obj));
454 
455     if (obj && bio->offs_avail) {
456         bio->offs_avail--;
457         *bio->offs++ = ((char*) obj) - ((char*) bio->data0);
458         return obj;
459     }
460 
461     bio->flags |= BIO_F_OVERFLOW;
462     return 0;
463 }
464 
bio_put_uint32(struct binder_io * bio,uint32_t n)465 void bio_put_uint32(struct binder_io *bio, uint32_t n)
466 {
467     uint32_t *ptr = bio_alloc(bio, sizeof(n));
468     if (ptr)
469         *ptr = n;
470 }
471 
bio_put_obj(struct binder_io * bio,void * ptr)472 void bio_put_obj(struct binder_io *bio, void *ptr)
473 {
474     struct binder_object *obj;
475 
476     obj = bio_alloc_obj(bio);
477     if (!obj)
478         return;
479 
480     obj->flags = 0x7f | FLAT_BINDER_FLAG_ACCEPTS_FDS;
481     obj->type = BINDER_TYPE_BINDER;
482     obj->pointer = ptr;
483     obj->cookie = 0;
484 }
485 
bio_put_ref(struct binder_io * bio,void * ptr)486 void bio_put_ref(struct binder_io *bio, void *ptr)
487 {
488     struct binder_object *obj;
489 
490     if (ptr)
491         obj = bio_alloc_obj(bio);
492     else
493         obj = bio_alloc(bio, sizeof(*obj));
494 
495     if (!obj)
496         return;
497 
498     obj->flags = 0x7f | FLAT_BINDER_FLAG_ACCEPTS_FDS;
499     obj->type = BINDER_TYPE_HANDLE;
500     obj->pointer = ptr;
501     obj->cookie = 0;
502 }
503 
bio_put_string16(struct binder_io * bio,const uint16_t * str)504 void bio_put_string16(struct binder_io *bio, const uint16_t *str)
505 {
506     uint32_t len;
507     uint16_t *ptr;
508 
509     if (!str) {
510         bio_put_uint32(bio, 0xffffffff);
511         return;
512     }
513 
514     len = 0;
515     while (str[len]) len++;
516 
517     if (len >= (MAX_BIO_SIZE / sizeof(uint16_t))) {
518         bio_put_uint32(bio, 0xffffffff);
519         return;
520     }
521 
522     bio_put_uint32(bio, len);
523     len = (len + 1) * sizeof(uint16_t);
524     ptr = bio_alloc(bio, len);
525     if (ptr)
526         memcpy(ptr, str, len);
527 }
528 
bio_put_string16_x(struct binder_io * bio,const char * _str)529 void bio_put_string16_x(struct binder_io *bio, const char *_str)
530 {
531     unsigned char *str = (unsigned char*) _str;
532     uint32_t len;
533     uint16_t *ptr;
534 
535     if (!str) {
536         bio_put_uint32(bio, 0xffffffff);
537         return;
538     }
539 
540     len = strlen(_str);
541 
542     if (len >= (MAX_BIO_SIZE / sizeof(uint16_t))) {
543         bio_put_uint32(bio, 0xffffffff);
544         return;
545     }
546 
547     bio_put_uint32(bio, len);
548     ptr = bio_alloc(bio, (len + 1) * sizeof(uint16_t));
549     if (!ptr)
550         return;
551 
552     while (*str)
553         *ptr++ = *str++;
554     *ptr++ = 0;
555 }
556 
bio_get(struct binder_io * bio,uint32_t size)557 static void *bio_get(struct binder_io *bio, uint32_t size)
558 {
559     size = (size + 3) & (~3);
560 
561     if (bio->data_avail < size){
562         bio->data_avail = 0;
563         bio->flags |= BIO_F_OVERFLOW;
564         return 0;
565     }  else {
566         void *ptr = bio->data;
567         bio->data += size;
568         bio->data_avail -= size;
569         return ptr;
570     }
571 }
572 
bio_get_uint32(struct binder_io * bio)573 uint32_t bio_get_uint32(struct binder_io *bio)
574 {
575     uint32_t *ptr = bio_get(bio, sizeof(*ptr));
576     return ptr ? *ptr : 0;
577 }
578 
bio_get_string16(struct binder_io * bio,unsigned * sz)579 uint16_t *bio_get_string16(struct binder_io *bio, unsigned *sz)
580 {
581     unsigned len;
582     len = bio_get_uint32(bio);
583     if (sz)
584         *sz = len;
585     return bio_get(bio, (len + 1) * sizeof(uint16_t));
586 }
587 
_bio_get_obj(struct binder_io * bio)588 static struct binder_object *_bio_get_obj(struct binder_io *bio)
589 {
590     unsigned n;
591     unsigned off = bio->data - bio->data0;
592 
593         /* TODO: be smarter about this? */
594     for (n = 0; n < bio->offs_avail; n++) {
595         if (bio->offs[n] == off)
596             return bio_get(bio, sizeof(struct binder_object));
597     }
598 
599     bio->data_avail = 0;
600     bio->flags |= BIO_F_OVERFLOW;
601     return 0;
602 }
603 
bio_get_ref(struct binder_io * bio)604 void *bio_get_ref(struct binder_io *bio)
605 {
606     struct binder_object *obj;
607 
608     obj = _bio_get_obj(bio);
609     if (!obj)
610         return 0;
611 
612     if (obj->type == BINDER_TYPE_HANDLE)
613         return obj->pointer;
614 
615     return 0;
616 }
617