1 /* Copyright 2008 The Android Open Source Project
2 */
3
4 #include <stdio.h>
5 #include <stdlib.h>
6 #include <errno.h>
7 #include <fcntl.h>
8
9 #include <private/android_filesystem_config.h>
10
11 #include "binder.h"
12
13 #if 0
14 #define ALOGI(x...) fprintf(stderr, "svcmgr: " x)
15 #define ALOGE(x...) fprintf(stderr, "svcmgr: " x)
16 #else
17 #define LOG_TAG "ServiceManager"
18 #include <cutils/log.h>
19 #endif
20
21 /* TODO:
22 * These should come from a config file or perhaps be
23 * based on some namespace rules of some sort (media
24 * uid can register media.*, etc)
25 */
26 static struct {
27 unsigned uid;
28 const char *name;
29 } allowed[] = {
30 { AID_MEDIA, "media.audio_flinger" },
31 { AID_MEDIA, "media.log" },
32 { AID_MEDIA, "media.player" },
33 { AID_MEDIA, "media.camera" },
34 { AID_MEDIA, "media.audio_policy" },
35 { AID_DRM, "drm.drmManager" },
36 { AID_NFC, "nfc" },
37 { AID_BLUETOOTH, "bluetooth" },
38 { AID_RADIO, "radio.phone" },
39 { AID_RADIO, "radio.sms" },
40 { AID_RADIO, "radio.phonesubinfo" },
41 { AID_RADIO, "radio.simphonebook" },
42 /* TODO: remove after phone services are updated: */
43 { AID_RADIO, "phone" },
44 { AID_RADIO, "sip" },
45 { AID_RADIO, "isms" },
46 { AID_RADIO, "iphonesubinfo" },
47 { AID_RADIO, "simphonebook" },
48 { AID_MEDIA, "common_time.clock" },
49 { AID_MEDIA, "common_time.config" },
50 { AID_KEYSTORE, "android.security.keystore" },
51 };
52
53 void *svcmgr_handle;
54
str8(uint16_t * x)55 const char *str8(uint16_t *x)
56 {
57 static char buf[128];
58 unsigned max = 127;
59 char *p = buf;
60
61 if (x) {
62 while (*x && max--) {
63 *p++ = *x++;
64 }
65 }
66 *p++ = 0;
67 return buf;
68 }
69
str16eq(uint16_t * a,const char * b)70 int str16eq(uint16_t *a, const char *b)
71 {
72 while (*a && *b)
73 if (*a++ != *b++) return 0;
74 if (*a || *b)
75 return 0;
76 return 1;
77 }
78
svc_can_register(unsigned uid,uint16_t * name)79 int svc_can_register(unsigned uid, uint16_t *name)
80 {
81 unsigned n;
82
83 if ((uid == 0) || (uid == AID_SYSTEM))
84 return 1;
85
86 for (n = 0; n < sizeof(allowed) / sizeof(allowed[0]); n++)
87 if ((uid == allowed[n].uid) && str16eq(name, allowed[n].name))
88 return 1;
89
90 return 0;
91 }
92
93 struct svcinfo
94 {
95 struct svcinfo *next;
96 void *ptr;
97 struct binder_death death;
98 int allow_isolated;
99 unsigned len;
100 uint16_t name[0];
101 };
102
103 struct svcinfo *svclist = 0;
104
find_svc(uint16_t * s16,unsigned len)105 struct svcinfo *find_svc(uint16_t *s16, unsigned len)
106 {
107 struct svcinfo *si;
108
109 for (si = svclist; si; si = si->next) {
110 if ((len == si->len) &&
111 !memcmp(s16, si->name, len * sizeof(uint16_t))) {
112 return si;
113 }
114 }
115 return 0;
116 }
117
svcinfo_death(struct binder_state * bs,void * ptr)118 void svcinfo_death(struct binder_state *bs, void *ptr)
119 {
120 struct svcinfo *si = ptr;
121 ALOGI("service '%s' died\n", str8(si->name));
122 if (si->ptr) {
123 binder_release(bs, si->ptr);
124 si->ptr = 0;
125 }
126 }
127
128 uint16_t svcmgr_id[] = {
129 'a','n','d','r','o','i','d','.','o','s','.',
130 'I','S','e','r','v','i','c','e','M','a','n','a','g','e','r'
131 };
132
133
do_find_service(struct binder_state * bs,uint16_t * s,unsigned len,unsigned uid)134 void *do_find_service(struct binder_state *bs, uint16_t *s, unsigned len, unsigned uid)
135 {
136 struct svcinfo *si;
137 si = find_svc(s, len);
138
139 // ALOGI("check_service('%s') ptr = %p\n", str8(s), si ? si->ptr : 0);
140 if (si && si->ptr) {
141 if (!si->allow_isolated) {
142 // If this service doesn't allow access from isolated processes,
143 // then check the uid to see if it is isolated.
144 unsigned appid = uid % AID_USER;
145 if (appid >= AID_ISOLATED_START && appid <= AID_ISOLATED_END) {
146 return 0;
147 }
148 }
149 return si->ptr;
150 } else {
151 return 0;
152 }
153 }
154
do_add_service(struct binder_state * bs,uint16_t * s,unsigned len,void * ptr,unsigned uid,int allow_isolated)155 int do_add_service(struct binder_state *bs,
156 uint16_t *s, unsigned len,
157 void *ptr, unsigned uid, int allow_isolated)
158 {
159 struct svcinfo *si;
160 //ALOGI("add_service('%s',%p,%s) uid=%d\n", str8(s), ptr,
161 // allow_isolated ? "allow_isolated" : "!allow_isolated", uid);
162
163 if (!ptr || (len == 0) || (len > 127))
164 return -1;
165
166 if (!svc_can_register(uid, s)) {
167 ALOGE("add_service('%s',%p) uid=%d - PERMISSION DENIED\n",
168 str8(s), ptr, uid);
169 return -1;
170 }
171
172 si = find_svc(s, len);
173 if (si) {
174 if (si->ptr) {
175 ALOGE("add_service('%s',%p) uid=%d - ALREADY REGISTERED, OVERRIDE\n",
176 str8(s), ptr, uid);
177 svcinfo_death(bs, si);
178 }
179 si->ptr = ptr;
180 } else {
181 si = malloc(sizeof(*si) + (len + 1) * sizeof(uint16_t));
182 if (!si) {
183 ALOGE("add_service('%s',%p) uid=%d - OUT OF MEMORY\n",
184 str8(s), ptr, uid);
185 return -1;
186 }
187 si->ptr = ptr;
188 si->len = len;
189 memcpy(si->name, s, (len + 1) * sizeof(uint16_t));
190 si->name[len] = '\0';
191 si->death.func = svcinfo_death;
192 si->death.ptr = si;
193 si->allow_isolated = allow_isolated;
194 si->next = svclist;
195 svclist = si;
196 }
197
198 binder_acquire(bs, ptr);
199 binder_link_to_death(bs, ptr, &si->death);
200 return 0;
201 }
202
svcmgr_handler(struct binder_state * bs,struct binder_txn * txn,struct binder_io * msg,struct binder_io * reply)203 int svcmgr_handler(struct binder_state *bs,
204 struct binder_txn *txn,
205 struct binder_io *msg,
206 struct binder_io *reply)
207 {
208 struct svcinfo *si;
209 uint16_t *s;
210 unsigned len;
211 void *ptr;
212 uint32_t strict_policy;
213 int allow_isolated;
214
215 // ALOGI("target=%p code=%d pid=%d uid=%d\n",
216 // txn->target, txn->code, txn->sender_pid, txn->sender_euid);
217
218 if (txn->target != svcmgr_handle)
219 return -1;
220
221 // Equivalent to Parcel::enforceInterface(), reading the RPC
222 // header with the strict mode policy mask and the interface name.
223 // Note that we ignore the strict_policy and don't propagate it
224 // further (since we do no outbound RPCs anyway).
225 strict_policy = bio_get_uint32(msg);
226 s = bio_get_string16(msg, &len);
227 if ((len != (sizeof(svcmgr_id) / 2)) ||
228 memcmp(svcmgr_id, s, sizeof(svcmgr_id))) {
229 fprintf(stderr,"invalid id %s\n", str8(s));
230 return -1;
231 }
232
233 switch(txn->code) {
234 case SVC_MGR_GET_SERVICE:
235 case SVC_MGR_CHECK_SERVICE:
236 s = bio_get_string16(msg, &len);
237 ptr = do_find_service(bs, s, len, txn->sender_euid);
238 if (!ptr)
239 break;
240 bio_put_ref(reply, ptr);
241 return 0;
242
243 case SVC_MGR_ADD_SERVICE:
244 s = bio_get_string16(msg, &len);
245 ptr = bio_get_ref(msg);
246 allow_isolated = bio_get_uint32(msg) ? 1 : 0;
247 if (do_add_service(bs, s, len, ptr, txn->sender_euid, allow_isolated))
248 return -1;
249 break;
250
251 case SVC_MGR_LIST_SERVICES: {
252 unsigned n = bio_get_uint32(msg);
253
254 si = svclist;
255 while ((n-- > 0) && si)
256 si = si->next;
257 if (si) {
258 bio_put_string16(reply, si->name);
259 return 0;
260 }
261 return -1;
262 }
263 default:
264 ALOGE("unknown code %d\n", txn->code);
265 return -1;
266 }
267
268 bio_put_uint32(reply, 0);
269 return 0;
270 }
271
main(int argc,char ** argv)272 int main(int argc, char **argv)
273 {
274 struct binder_state *bs;
275 void *svcmgr = BINDER_SERVICE_MANAGER;
276
277 bs = binder_open(128*1024);
278
279 if (binder_become_context_manager(bs)) {
280 ALOGE("cannot become context manager (%s)\n", strerror(errno));
281 return -1;
282 }
283
284 svcmgr_handle = svcmgr;
285 binder_loop(bs, svcmgr_handler);
286 return 0;
287 }
288