1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248 |
- #define LOG_TAG "hw-Parcel"
- #include <errno.h>
- #include <fcntl.h>
- #include <inttypes.h>
- #include <pthread.h>
- #include <stdint.h>
- #include <stdio.h>
- #include <stdlib.h>
- #include <sys/mman.h>
- #include <sys/stat.h>
- #include <sys/types.h>
- #include <sys/resource.h>
- #include <unistd.h>
- #include <hwbinder/Binder.h>
- #include <hwbinder/BpHwBinder.h>
- #include <hwbinder/IPCThreadState.h>
- #include <hwbinder/Parcel.h>
- #include <hwbinder/ProcessState.h>
- #include <hwbinder/TextOutput.h>
- #include <hwbinder/binder_kernel.h>
- #include <cutils/ashmem.h>
- #include <utils/Debug.h>
- #include <utils/Log.h>
- #include <utils/misc.h>
- #include <utils/String8.h>
- #include <utils/String16.h>
- #include <private/binder/binder_module.h>
- #include <hwbinder/Static.h>
- #ifndef INT32_MAX
- #define INT32_MAX ((int32_t)(2147483647))
- #endif
- #define LOG_REFS(...)
- #define LOG_ALLOC(...)
- #define LOG_BUFFER(...)
- #define PAD_SIZE_UNSAFE(s) (((s)+3)&~3)
- static size_t pad_size(size_t s) {
- if (s > (SIZE_T_MAX - 3)) {
- abort();
- }
- return PAD_SIZE_UNSAFE(s);
- }
- #define STRICT_MODE_PENALTY_GATHER (0x40 << 16)
- namespace android {
- namespace hardware {
- static pthread_mutex_t gParcelGlobalAllocSizeLock = PTHREAD_MUTEX_INITIALIZER;
- static size_t gParcelGlobalAllocSize = 0;
- static size_t gParcelGlobalAllocCount = 0;
- static size_t gMaxFds = 0;
- static const size_t PARCEL_REF_CAP = 1024;
- void acquire_binder_object(const sp<ProcessState>& proc,
- const flat_binder_object& obj, const void* who)
- {
- switch (obj.hdr.type) {
- case BINDER_TYPE_BINDER:
- if (obj.binder) {
- LOG_REFS("Parcel %p acquiring reference on local %p", who, obj.cookie);
- reinterpret_cast<IBinder*>(obj.cookie)->incStrong(who);
- }
- return;
- case BINDER_TYPE_WEAK_BINDER:
- if (obj.binder)
- reinterpret_cast<RefBase::weakref_type*>(obj.binder)->incWeak(who);
- return;
- case BINDER_TYPE_HANDLE: {
- const sp<IBinder> b = proc->getStrongProxyForHandle(obj.handle);
- if (b != nullptr) {
- LOG_REFS("Parcel %p acquiring reference on remote %p", who, b.get());
- b->incStrong(who);
- }
- return;
- }
- case BINDER_TYPE_WEAK_HANDLE: {
- const wp<IBinder> b = proc->getWeakProxyForHandle(obj.handle);
- if (b != nullptr) b.get_refs()->incWeak(who);
- return;
- }
- }
- ALOGD("Invalid object type 0x%08x", obj.hdr.type);
- }
- void acquire_object(const sp<ProcessState>& proc, const binder_object_header& obj,
- const void *who) {
- switch (obj.type) {
- case BINDER_TYPE_BINDER:
- case BINDER_TYPE_WEAK_BINDER:
- case BINDER_TYPE_HANDLE:
- case BINDER_TYPE_WEAK_HANDLE: {
- const flat_binder_object& fbo = reinterpret_cast<const flat_binder_object&>(obj);
- acquire_binder_object(proc, fbo, who);
- break;
- }
- }
- }
- void release_object(const sp<ProcessState>& proc,
- const flat_binder_object& obj, const void* who)
- {
- switch (obj.hdr.type) {
- case BINDER_TYPE_BINDER:
- if (obj.binder) {
- LOG_REFS("Parcel %p releasing reference on local %p", who, obj.cookie);
- reinterpret_cast<IBinder*>(obj.cookie)->decStrong(who);
- }
- return;
- case BINDER_TYPE_WEAK_BINDER:
- if (obj.binder)
- reinterpret_cast<RefBase::weakref_type*>(obj.binder)->decWeak(who);
- return;
- case BINDER_TYPE_HANDLE: {
- const sp<IBinder> b = proc->getStrongProxyForHandle(obj.handle);
- if (b != nullptr) {
- LOG_REFS("Parcel %p releasing reference on remote %p", who, b.get());
- b->decStrong(who);
- }
- return;
- }
- case BINDER_TYPE_WEAK_HANDLE: {
- const wp<IBinder> b = proc->getWeakProxyForHandle(obj.handle);
- if (b != nullptr) b.get_refs()->decWeak(who);
- return;
- }
- case BINDER_TYPE_FD: {
- if (obj.cookie != 0) {
- close(obj.handle);
- }
- return;
- }
- case BINDER_TYPE_PTR: {
-
- return;
- }
- case BINDER_TYPE_FDA: {
-
- return;
- }
- }
- ALOGE("Invalid object type 0x%08x", obj.hdr.type);
- }
- inline static status_t finish_flatten_binder(
- const sp<IBinder>& , const flat_binder_object& flat, Parcel* out)
- {
- return out->writeObject(flat);
- }
- status_t flatten_binder(const sp<ProcessState>& ,
- const sp<IBinder>& binder, Parcel* out)
- {
- flat_binder_object obj = {};
- if (binder != nullptr) {
- BHwBinder *local = binder->localBinder();
- if (!local) {
- BpHwBinder *proxy = binder->remoteBinder();
- if (proxy == nullptr) {
- ALOGE("null proxy");
- }
- const int32_t handle = proxy ? proxy->handle() : 0;
- obj.hdr.type = BINDER_TYPE_HANDLE;
- obj.flags = FLAT_BINDER_FLAG_ACCEPTS_FDS;
- obj.binder = 0;
- obj.handle = handle;
- obj.cookie = 0;
- } else {
-
- int policy = local->getMinSchedulingPolicy();
- int priority = local->getMinSchedulingPriority();
- obj.flags = priority & FLAT_BINDER_FLAG_PRIORITY_MASK;
- obj.flags |= FLAT_BINDER_FLAG_ACCEPTS_FDS | FLAT_BINDER_FLAG_INHERIT_RT;
- obj.flags |= (policy & 3) << FLAT_BINDER_FLAG_SCHEDPOLICY_SHIFT;
- if (local->isRequestingSid()) {
- obj.flags |= FLAT_BINDER_FLAG_TXN_SECURITY_CTX;
- }
- obj.hdr.type = BINDER_TYPE_BINDER;
- obj.binder = reinterpret_cast<uintptr_t>(local->getWeakRefs());
- obj.cookie = reinterpret_cast<uintptr_t>(local);
- }
- } else {
- obj.hdr.type = BINDER_TYPE_BINDER;
- obj.binder = 0;
- obj.cookie = 0;
- }
- return finish_flatten_binder(binder, obj, out);
- }
- status_t flatten_binder(const sp<ProcessState>& ,
- const wp<IBinder>& binder, Parcel* out)
- {
- flat_binder_object obj = {};
- obj.flags = 0x7f | FLAT_BINDER_FLAG_ACCEPTS_FDS;
- if (binder != nullptr) {
- sp<IBinder> real = binder.promote();
- if (real != nullptr) {
- IBinder *local = real->localBinder();
- if (!local) {
- BpHwBinder *proxy = real->remoteBinder();
- if (proxy == nullptr) {
- ALOGE("null proxy");
- }
- const int32_t handle = proxy ? proxy->handle() : 0;
- obj.hdr.type = BINDER_TYPE_WEAK_HANDLE;
- obj.binder = 0;
- obj.handle = handle;
- obj.cookie = 0;
- } else {
- obj.hdr.type = BINDER_TYPE_WEAK_BINDER;
- obj.binder = reinterpret_cast<uintptr_t>(binder.get_refs());
- obj.cookie = reinterpret_cast<uintptr_t>(binder.unsafe_get());
- }
- return finish_flatten_binder(real, obj, out);
- }
-
-
-
-
-
-
-
- ALOGE("Unable to unflatten Binder weak reference!");
- obj.hdr.type = BINDER_TYPE_BINDER;
- obj.binder = 0;
- obj.cookie = 0;
- return finish_flatten_binder(nullptr, obj, out);
- } else {
- obj.hdr.type = BINDER_TYPE_BINDER;
- obj.binder = 0;
- obj.cookie = 0;
- return finish_flatten_binder(nullptr, obj, out);
- }
- }
- inline static status_t finish_unflatten_binder(
- BpHwBinder* , const flat_binder_object& ,
- const Parcel& )
- {
- return NO_ERROR;
- }
- status_t unflatten_binder(const sp<ProcessState>& proc,
- const Parcel& in, sp<IBinder>* out)
- {
- const flat_binder_object* flat = in.readObject<flat_binder_object>();
- if (flat) {
- switch (flat->hdr.type) {
- case BINDER_TYPE_BINDER:
- *out = reinterpret_cast<IBinder*>(flat->cookie);
- return finish_unflatten_binder(nullptr, *flat, in);
- case BINDER_TYPE_HANDLE:
- *out = proc->getStrongProxyForHandle(flat->handle);
- return finish_unflatten_binder(
- static_cast<BpHwBinder*>(out->get()), *flat, in);
- }
- }
- return BAD_TYPE;
- }
- status_t unflatten_binder(const sp<ProcessState>& proc,
- const Parcel& in, wp<IBinder>* out)
- {
- const flat_binder_object* flat = in.readObject<flat_binder_object>();
- if (flat) {
- switch (flat->hdr.type) {
- case BINDER_TYPE_BINDER:
- *out = reinterpret_cast<IBinder*>(flat->cookie);
- return finish_unflatten_binder(nullptr, *flat, in);
- case BINDER_TYPE_WEAK_BINDER:
- if (flat->binder != 0) {
- out->set_object_and_refs(
- reinterpret_cast<IBinder*>(flat->cookie),
- reinterpret_cast<RefBase::weakref_type*>(flat->binder));
- } else {
- *out = nullptr;
- }
- return finish_unflatten_binder(nullptr, *flat, in);
- case BINDER_TYPE_HANDLE:
- case BINDER_TYPE_WEAK_HANDLE:
- *out = proc->getWeakProxyForHandle(flat->handle);
- return finish_unflatten_binder(
- static_cast<BpHwBinder*>(out->unsafe_get()), *flat, in);
- }
- }
- return BAD_TYPE;
- }
- static inline bool isBuffer(const binder_buffer_object& obj) {
- return obj.hdr.type == BINDER_TYPE_PTR
- && (obj.flags & BINDER_BUFFER_FLAG_REF) == 0;
- }
- Parcel::Parcel()
- {
- LOG_ALLOC("Parcel %p: constructing", this);
- initState();
- }
- Parcel::~Parcel()
- {
- freeDataNoInit();
- LOG_ALLOC("Parcel %p: destroyed", this);
- }
- size_t Parcel::getGlobalAllocSize() {
- pthread_mutex_lock(&gParcelGlobalAllocSizeLock);
- size_t size = gParcelGlobalAllocSize;
- pthread_mutex_unlock(&gParcelGlobalAllocSizeLock);
- return size;
- }
- size_t Parcel::getGlobalAllocCount() {
- pthread_mutex_lock(&gParcelGlobalAllocSizeLock);
- size_t count = gParcelGlobalAllocCount;
- pthread_mutex_unlock(&gParcelGlobalAllocSizeLock);
- return count;
- }
- const uint8_t* Parcel::data() const
- {
- return mData;
- }
- size_t Parcel::dataSize() const
- {
- return (mDataSize > mDataPos ? mDataSize : mDataPos);
- }
- size_t Parcel::dataAvail() const
- {
- size_t result = dataSize() - dataPosition();
- if (result > INT32_MAX) {
- abort();
- }
- return result;
- }
- size_t Parcel::dataPosition() const
- {
- return mDataPos;
- }
- size_t Parcel::dataCapacity() const
- {
- return mDataCapacity;
- }
- status_t Parcel::setDataSize(size_t size)
- {
- if (size > INT32_MAX) {
-
-
- return BAD_VALUE;
- }
- status_t err;
- err = continueWrite(size);
- if (err == NO_ERROR) {
- mDataSize = size;
- ALOGV("setDataSize Setting data size of %p to %zu", this, mDataSize);
- }
- return err;
- }
- void Parcel::setDataPosition(size_t pos) const
- {
- if (pos > INT32_MAX) {
-
-
- abort();
- }
- mDataPos = pos;
- mNextObjectHint = 0;
- }
- status_t Parcel::setDataCapacity(size_t size)
- {
- if (size > INT32_MAX) {
-
-
- return BAD_VALUE;
- }
- if (size > mDataCapacity) return continueWrite(size);
- return NO_ERROR;
- }
- status_t Parcel::setData(const uint8_t* buffer, size_t len)
- {
- if (len > INT32_MAX) {
-
-
- return BAD_VALUE;
- }
- status_t err = restartWrite(len);
- if (err == NO_ERROR) {
- memcpy(const_cast<uint8_t*>(data()), buffer, len);
- mDataSize = len;
- mFdsKnown = false;
- }
- return err;
- }
- status_t Parcel::writeInterfaceToken(const char* interface)
- {
-
- return writeCString(interface);
- }
- bool Parcel::enforceInterface(const char* interface) const
- {
- const char* str = readCString();
- if (str != nullptr && strcmp(str, interface) == 0) {
- return true;
- } else {
- ALOGW("**** enforceInterface() expected '%s' but read '%s'",
- interface, (str ? str : "<empty string>"));
- return false;
- }
- }
- const binder_size_t* Parcel::objects() const
- {
- return mObjects;
- }
- size_t Parcel::objectsCount() const
- {
- return mObjectsSize;
- }
- status_t Parcel::errorCheck() const
- {
- return mError;
- }
- void Parcel::setError(status_t err)
- {
- mError = err;
- }
- status_t Parcel::finishWrite(size_t len)
- {
- if (len > INT32_MAX) {
-
-
- return BAD_VALUE;
- }
-
- mDataPos += len;
- ALOGV("finishWrite Setting data pos of %p to %zu", this, mDataPos);
- if (mDataPos > mDataSize) {
- mDataSize = mDataPos;
- ALOGV("finishWrite Setting data size of %p to %zu", this, mDataSize);
- }
-
- return NO_ERROR;
- }
- status_t Parcel::writeUnpadded(const void* data, size_t len)
- {
- if (len > INT32_MAX) {
-
-
- return BAD_VALUE;
- }
- size_t end = mDataPos + len;
- if (end < mDataPos) {
-
- return BAD_VALUE;
- }
- if (end <= mDataCapacity) {
- restart_write:
- memcpy(mData+mDataPos, data, len);
- return finishWrite(len);
- }
- status_t err = growData(len);
- if (err == NO_ERROR) goto restart_write;
- return err;
- }
- status_t Parcel::write(const void* data, size_t len)
- {
- if (len > INT32_MAX) {
-
-
- return BAD_VALUE;
- }
- void* const d = writeInplace(len);
- if (d) {
- memcpy(d, data, len);
- return NO_ERROR;
- }
- return mError;
- }
- void* Parcel::writeInplace(size_t len)
- {
- if (len > INT32_MAX) {
-
-
- return nullptr;
- }
- const size_t padded = pad_size(len);
-
- if (mDataPos+padded < mDataPos) {
- return nullptr;
- }
- if ((mDataPos+padded) <= mDataCapacity) {
- restart_write:
-
- uint8_t* const data = mData+mDataPos;
-
- if (padded != len) {
- #if BYTE_ORDER == BIG_ENDIAN
- static const uint32_t mask[4] = {
- 0x00000000, 0xffffff00, 0xffff0000, 0xff000000
- };
- #endif
- #if BYTE_ORDER == LITTLE_ENDIAN
- static const uint32_t mask[4] = {
- 0x00000000, 0x00ffffff, 0x0000ffff, 0x000000ff
- };
- #endif
-
-
- *reinterpret_cast<uint32_t*>(data+padded-4) &= mask[padded-len];
- }
- finishWrite(padded);
- return data;
- }
- status_t err = growData(padded);
- if (err == NO_ERROR) goto restart_write;
- return nullptr;
- }
- status_t Parcel::writeInt8(int8_t val)
- {
- return write(&val, sizeof(val));
- }
- status_t Parcel::writeUint8(uint8_t val)
- {
- return write(&val, sizeof(val));
- }
- status_t Parcel::writeInt16(int16_t val)
- {
- return write(&val, sizeof(val));
- }
- status_t Parcel::writeUint16(uint16_t val)
- {
- return write(&val, sizeof(val));
- }
- status_t Parcel::writeInt32(int32_t val)
- {
- return writeAligned(val);
- }
- status_t Parcel::writeUint32(uint32_t val)
- {
- return writeAligned(val);
- }
- status_t Parcel::writeBool(bool val)
- {
- return writeInt8(int8_t(val));
- }
- status_t Parcel::writeInt64(int64_t val)
- {
- return writeAligned(val);
- }
- status_t Parcel::writeUint64(uint64_t val)
- {
- return writeAligned(val);
- }
- status_t Parcel::writePointer(uintptr_t val)
- {
- return writeAligned<binder_uintptr_t>(val);
- }
- status_t Parcel::writeFloat(float val)
- {
- return writeAligned(val);
- }
- #if defined(__mips__) && defined(__mips_hard_float)
- status_t Parcel::writeDouble(double val)
- {
- union {
- double d;
- unsigned long long ll;
- } u;
- u.d = val;
- return writeAligned(u.ll);
- }
- #else
- status_t Parcel::writeDouble(double val)
- {
- return writeAligned(val);
- }
- #endif
- status_t Parcel::writeCString(const char* str)
- {
- return write(str, strlen(str)+1);
- }
- status_t Parcel::writeString16(const std::unique_ptr<String16>& str)
- {
- if (!str) {
- return writeInt32(-1);
- }
- return writeString16(*str);
- }
- status_t Parcel::writeString16(const String16& str)
- {
- return writeString16(str.string(), str.size());
- }
- status_t Parcel::writeString16(const char16_t* str, size_t len)
- {
- if (str == nullptr) return writeInt32(-1);
- status_t err = writeInt32(len);
- if (err == NO_ERROR) {
- len *= sizeof(char16_t);
- uint8_t* data = (uint8_t*)writeInplace(len+sizeof(char16_t));
- if (data) {
- memcpy(data, str, len);
- *reinterpret_cast<char16_t*>(data+len) = 0;
- return NO_ERROR;
- }
- err = mError;
- }
- return err;
- }
- status_t Parcel::writeStrongBinder(const sp<IBinder>& val)
- {
- return flatten_binder(ProcessState::self(), val, this);
- }
- status_t Parcel::writeWeakBinder(const wp<IBinder>& val)
- {
- return flatten_binder(ProcessState::self(), val, this);
- }
- template <typename T>
- status_t Parcel::writeObject(const T& val)
- {
- const bool enoughData = (mDataPos+sizeof(val)) <= mDataCapacity;
- const bool enoughObjects = mObjectsSize < mObjectsCapacity;
- if (enoughData && enoughObjects) {
- restart_write:
- *reinterpret_cast<T*>(mData+mDataPos) = val;
- const binder_object_header* hdr = reinterpret_cast<binder_object_header*>(mData+mDataPos);
- switch (hdr->type) {
- case BINDER_TYPE_BINDER:
- case BINDER_TYPE_WEAK_BINDER:
- case BINDER_TYPE_HANDLE:
- case BINDER_TYPE_WEAK_HANDLE: {
- const flat_binder_object *fbo = reinterpret_cast<const flat_binder_object*>(hdr);
- if (fbo->binder != 0) {
- mObjects[mObjectsSize++] = mDataPos;
- acquire_binder_object(ProcessState::self(), *fbo, this);
- }
- break;
- }
- case BINDER_TYPE_FD: {
-
- if (!mAllowFds) {
-
- return FDS_NOT_ALLOWED;
- }
- mHasFds = mFdsKnown = true;
- mObjects[mObjectsSize++] = mDataPos;
- break;
- }
- case BINDER_TYPE_FDA:
- mObjects[mObjectsSize++] = mDataPos;
- break;
- case BINDER_TYPE_PTR: {
- const binder_buffer_object *buffer_obj = reinterpret_cast<
- const binder_buffer_object*>(hdr);
- if ((void *)buffer_obj->buffer != nullptr) {
- mObjects[mObjectsSize++] = mDataPos;
- }
- break;
- }
- default: {
- ALOGE("writeObject: unknown type %d", hdr->type);
- break;
- }
- }
- return finishWrite(sizeof(val));
- }
- if (!enoughData) {
- const status_t err = growData(sizeof(val));
- if (err != NO_ERROR) return err;
- }
- if (!enoughObjects) {
- size_t newSize = ((mObjectsSize+2)*3)/2;
- if (newSize * sizeof(binder_size_t) < mObjectsSize) return NO_MEMORY;
- binder_size_t* objects = (binder_size_t*)realloc(mObjects, newSize*sizeof(binder_size_t));
- if (objects == nullptr) return NO_MEMORY;
- mObjects = objects;
- mObjectsCapacity = newSize;
- }
- goto restart_write;
- }
- template status_t Parcel::writeObject<flat_binder_object>(const flat_binder_object& val);
- template status_t Parcel::writeObject<binder_fd_object>(const binder_fd_object& val);
- template status_t Parcel::writeObject<binder_buffer_object>(const binder_buffer_object& val);
- template status_t Parcel::writeObject<binder_fd_array_object>(const binder_fd_array_object& val);
- bool Parcel::validateBufferChild(size_t child_buffer_handle,
- size_t child_offset) const {
- if (child_buffer_handle >= mObjectsSize)
- return false;
- binder_buffer_object *child = reinterpret_cast<binder_buffer_object*>
- (mData + mObjects[child_buffer_handle]);
- if (!isBuffer(*child) || child_offset > child->length) {
-
- LOG_BUFFER("writeEmbeddedReference found wierd child. "
- "child_offset = %zu, child->length = %zu",
- child_offset, (size_t)child->length);
- return false;
- }
- return true;
- }
- bool Parcel::validateBufferParent(size_t parent_buffer_handle,
- size_t parent_offset) const {
- if (parent_buffer_handle >= mObjectsSize)
- return false;
- binder_buffer_object *parent = reinterpret_cast<binder_buffer_object*>
- (mData + mObjects[parent_buffer_handle]);
- if (!isBuffer(*parent) ||
- sizeof(binder_uintptr_t) > parent->length ||
- parent_offset > parent->length - sizeof(binder_uintptr_t)) {
-
- return false;
- }
- return true;
- }
- status_t Parcel::writeEmbeddedBuffer(
- const void *buffer, size_t length, size_t *handle,
- size_t parent_buffer_handle, size_t parent_offset) {
- LOG_BUFFER("writeEmbeddedBuffer(%p, %zu, parent = (%zu, %zu)) -> %zu",
- buffer, length, parent_buffer_handle,
- parent_offset, mObjectsSize);
- if(!validateBufferParent(parent_buffer_handle, parent_offset))
- return BAD_VALUE;
- binder_buffer_object obj = {
- .hdr = { .type = BINDER_TYPE_PTR },
- .buffer = reinterpret_cast<binder_uintptr_t>(buffer),
- .length = length,
- .flags = BINDER_BUFFER_FLAG_HAS_PARENT,
- .parent = parent_buffer_handle,
- .parent_offset = parent_offset,
- };
- if (handle != nullptr) {
-
- *handle = mObjectsSize;
- }
- return writeObject(obj);
- }
- status_t Parcel::writeBuffer(const void *buffer, size_t length, size_t *handle)
- {
- LOG_BUFFER("writeBuffer(%p, %zu) -> %zu",
- buffer, length, mObjectsSize);
- binder_buffer_object obj {
- .hdr = { .type = BINDER_TYPE_PTR },
- .buffer = reinterpret_cast<binder_uintptr_t>(buffer),
- .length = length,
- .flags = 0,
- };
- if (handle != nullptr) {
-
- *handle = mObjectsSize;
- }
- return writeObject(obj);
- }
- status_t Parcel::incrementNumReferences() {
- ++mNumRef;
- LOG_BUFFER("incrementNumReferences: %zu", mNumRef);
- return mNumRef <= PARCEL_REF_CAP ? OK : NO_MEMORY;
- }
- status_t Parcel::writeReference(size_t *handle,
- size_t child_buffer_handle, size_t child_offset) {
- LOG_BUFFER("writeReference(child = (%zu, %zu)) -> %zu",
- child_buffer_handle, child_offset,
- mObjectsSize);
- status_t status = incrementNumReferences();
- if (status != OK)
- return status;
- if (!validateBufferChild(child_buffer_handle, child_offset))
- return BAD_VALUE;
- binder_buffer_object obj {
- .hdr = { .type = BINDER_TYPE_PTR },
- .flags = BINDER_BUFFER_FLAG_REF,
-
-
- .buffer = child_buffer_handle,
- .length = child_offset,
- };
- if (handle != nullptr)
-
- *handle = mObjectsSize;
- return writeObject(obj);
- }
- status_t Parcel::writeEmbeddedReference(size_t *handle,
- size_t child_buffer_handle, size_t child_offset,
- size_t parent_buffer_handle, size_t parent_offset) {
- LOG_BUFFER("writeEmbeddedReference(child = (%zu, %zu), parent = (%zu, %zu)) -> %zu",
- child_buffer_handle, child_offset,
- parent_buffer_handle, parent_offset,
- mObjectsSize);
- status_t status = incrementNumReferences();
- if (status != OK)
- return status;
-
-
- if (!validateBufferChild(child_buffer_handle, child_offset))
- return BAD_VALUE;
- if(!validateBufferParent(parent_buffer_handle, parent_offset))
- return BAD_VALUE;
- binder_buffer_object obj {
- .hdr = { .type = BINDER_TYPE_PTR },
- .flags = BINDER_BUFFER_FLAG_REF | BINDER_BUFFER_FLAG_HAS_PARENT,
- .buffer = child_buffer_handle,
- .length = child_offset,
- .parent = parent_buffer_handle,
- .parent_offset = parent_offset,
- };
- if (handle != nullptr) {
-
- *handle = mObjectsSize;
- }
- return writeObject(obj);
- }
- status_t Parcel::writeNullReference(size_t * handle) {
- LOG_BUFFER("writeNullReference -> %zu", mObjectsSize);
- status_t status = incrementNumReferences();
- if (status != OK)
- return status;
- binder_buffer_object obj {
- .hdr = { .type = BINDER_TYPE_PTR },
- .flags = BINDER_BUFFER_FLAG_REF,
- };
- if (handle != nullptr)
-
- *handle = mObjectsSize;
- return writeObject(obj);
- }
- status_t Parcel::writeEmbeddedNullReference(size_t * handle,
- size_t parent_buffer_handle, size_t parent_offset) {
- LOG_BUFFER("writeEmbeddedNullReference(parent = (%zu, %zu)) -> %zu",
- parent_buffer_handle,
- parent_offset,
- mObjectsSize);
- status_t status = incrementNumReferences();
- if (status != OK)
- return status;
- if(!validateBufferParent(parent_buffer_handle, parent_offset))
- return BAD_VALUE;
- binder_buffer_object obj {
- .hdr = { .type = BINDER_TYPE_PTR, },
- .flags = BINDER_BUFFER_FLAG_REF | BINDER_BUFFER_FLAG_HAS_PARENT,
- .parent = parent_buffer_handle,
- .parent_offset = parent_offset,
- };
- if (handle != nullptr) {
-
- *handle = mObjectsSize;
- }
- return writeObject(obj);
- }
- void Parcel::clearCache() const {
- LOG_BUFFER("clearing cache.");
- mBufCachePos = 0;
- mBufCache.clear();
- }
- void Parcel::updateCache() const {
- if(mBufCachePos == mObjectsSize)
- return;
- LOG_BUFFER("updating cache from %zu to %zu", mBufCachePos, mObjectsSize);
- for(size_t i = mBufCachePos; i < mObjectsSize; i++) {
- binder_size_t dataPos = mObjects[i];
- binder_buffer_object *obj =
- reinterpret_cast<binder_buffer_object*>(mData+dataPos);
- if(!isBuffer(*obj))
- continue;
- BufferInfo ifo;
- ifo.index = i;
- ifo.buffer = obj->buffer;
- ifo.bufend = obj->buffer + obj->length;
- mBufCache.push_back(ifo);
- }
- mBufCachePos = mObjectsSize;
- }
- status_t Parcel::findBuffer(const void *ptr, size_t length, bool *found,
- size_t *handle, size_t *offset) const {
- if(found == nullptr)
- return UNKNOWN_ERROR;
- updateCache();
- binder_uintptr_t ptrVal = reinterpret_cast<binder_uintptr_t>(ptr);
-
-
- bool suspectRejectBadPointer = false;
- LOG_BUFFER("findBuffer examining %zu objects.", mObjectsSize);
- for(auto entry = mBufCache.rbegin(); entry != mBufCache.rend(); ++entry ) {
- if(entry->buffer <= ptrVal && ptrVal < entry->bufend) {
-
- if(ptrVal + length <= entry->bufend) {
- *found = true;
- if(handle != nullptr) *handle = entry->index;
- if(offset != nullptr) *offset = ptrVal - entry->buffer;
- LOG_BUFFER(" findBuffer has a match at %zu!", entry->index);
- return OK;
- } else {
- suspectRejectBadPointer = true;
- }
- }
- }
- LOG_BUFFER("findBuffer did not find for ptr = %p.", ptr);
- *found = false;
- return suspectRejectBadPointer ? BAD_VALUE : OK;
- }
- status_t Parcel::quickFindBuffer(const void *ptr, size_t *handle) const {
- updateCache();
- binder_uintptr_t ptrVal = reinterpret_cast<binder_uintptr_t>(ptr);
- LOG_BUFFER("quickFindBuffer examining %zu objects.", mObjectsSize);
- for(auto entry = mBufCache.rbegin(); entry != mBufCache.rend(); ++entry ) {
- if(entry->buffer == ptrVal) {
- if(handle != nullptr) *handle = entry->index;
- return OK;
- }
- }
- LOG_BUFFER("quickFindBuffer did not find for ptr = %p.", ptr);
- return NO_INIT;
- }
- status_t Parcel::writeNativeHandleNoDup(const native_handle_t *handle,
- bool embedded,
- size_t parent_buffer_handle,
- size_t parent_offset)
- {
- size_t buffer_handle;
- status_t status = OK;
- if (handle == nullptr) {
- status = writeUint64(0);
- return status;
- }
- size_t native_handle_size = sizeof(native_handle_t)
- + handle->numFds * sizeof(int) + handle->numInts * sizeof(int);
- writeUint64(native_handle_size);
- if (embedded) {
- status = writeEmbeddedBuffer((void*) handle,
- native_handle_size, &buffer_handle,
- parent_buffer_handle, parent_offset);
- } else {
- status = writeBuffer((void*) handle, native_handle_size, &buffer_handle);
- }
- if (status != OK) {
- return status;
- }
- struct binder_fd_array_object fd_array {
- .hdr = { .type = BINDER_TYPE_FDA },
- .num_fds = static_cast<binder_size_t>(handle->numFds),
- .parent = buffer_handle,
- .parent_offset = offsetof(native_handle_t, data),
- };
- return writeObject(fd_array);
- }
- status_t Parcel::writeNativeHandleNoDup(const native_handle_t *handle)
- {
- return writeNativeHandleNoDup(handle, false );
- }
- status_t Parcel::writeEmbeddedNativeHandle(const native_handle_t *handle,
- size_t parent_buffer_handle,
- size_t parent_offset)
- {
- return writeNativeHandleNoDup(handle, true ,
- parent_buffer_handle, parent_offset);
- }
- void Parcel::remove(size_t , size_t )
- {
- LOG_ALWAYS_FATAL("Parcel::remove() not yet implemented!");
- }
- status_t Parcel::read(void* outData, size_t len) const
- {
- if (len > INT32_MAX) {
-
-
- return BAD_VALUE;
- }
- if ((mDataPos+pad_size(len)) >= mDataPos && (mDataPos+pad_size(len)) <= mDataSize
- && len <= pad_size(len)) {
- memcpy(outData, mData+mDataPos, len);
- mDataPos += pad_size(len);
- ALOGV("read Setting data pos of %p to %zu", this, mDataPos);
- return NO_ERROR;
- }
- return NOT_ENOUGH_DATA;
- }
- const void* Parcel::readInplace(size_t len) const
- {
- if (len > INT32_MAX) {
-
-
- return nullptr;
- }
- if ((mDataPos+pad_size(len)) >= mDataPos && (mDataPos+pad_size(len)) <= mDataSize
- && len <= pad_size(len)) {
- const void* data = mData+mDataPos;
- mDataPos += pad_size(len);
- ALOGV("readInplace Setting data pos of %p to %zu", this, mDataPos);
- return data;
- }
- return nullptr;
- }
- template<class T>
- status_t Parcel::readAligned(T *pArg) const {
- COMPILE_TIME_ASSERT_FUNCTION_SCOPE(PAD_SIZE_UNSAFE(sizeof(T)) == sizeof(T));
- if ((mDataPos+sizeof(T)) <= mDataSize) {
- const void* data = mData+mDataPos;
- mDataPos += sizeof(T);
- *pArg = *reinterpret_cast<const T*>(data);
- return NO_ERROR;
- } else {
- return NOT_ENOUGH_DATA;
- }
- }
- template<class T>
- T Parcel::readAligned() const {
- T result;
- if (readAligned(&result) != NO_ERROR) {
- result = 0;
- }
- return result;
- }
- template<class T>
- status_t Parcel::writeAligned(T val) {
- COMPILE_TIME_ASSERT_FUNCTION_SCOPE(PAD_SIZE_UNSAFE(sizeof(T)) == sizeof(T));
- if ((mDataPos+sizeof(val)) <= mDataCapacity) {
- restart_write:
- *reinterpret_cast<T*>(mData+mDataPos) = val;
- return finishWrite(sizeof(val));
- }
- status_t err = growData(sizeof(val));
- if (err == NO_ERROR) goto restart_write;
- return err;
- }
- status_t Parcel::readInt8(int8_t *pArg) const
- {
- return read(pArg, sizeof(*pArg));
- }
- status_t Parcel::readUint8(uint8_t *pArg) const
- {
- return read(pArg, sizeof(*pArg));
- }
- status_t Parcel::readInt16(int16_t *pArg) const
- {
- return read(pArg, sizeof(*pArg));
- }
- status_t Parcel::readUint16(uint16_t *pArg) const
- {
- return read(pArg, sizeof(*pArg));
- }
- status_t Parcel::readInt32(int32_t *pArg) const
- {
- return readAligned(pArg);
- }
- int32_t Parcel::readInt32() const
- {
- return readAligned<int32_t>();
- }
- status_t Parcel::readUint32(uint32_t *pArg) const
- {
- return readAligned(pArg);
- }
- uint32_t Parcel::readUint32() const
- {
- return readAligned<uint32_t>();
- }
- status_t Parcel::readInt64(int64_t *pArg) const
- {
- return readAligned(pArg);
- }
- int64_t Parcel::readInt64() const
- {
- return readAligned<int64_t>();
- }
- status_t Parcel::readUint64(uint64_t *pArg) const
- {
- return readAligned(pArg);
- }
- uint64_t Parcel::readUint64() const
- {
- return readAligned<uint64_t>();
- }
- status_t Parcel::readPointer(uintptr_t *pArg) const
- {
- status_t ret;
- binder_uintptr_t ptr;
- ret = readAligned(&ptr);
- if (!ret)
- *pArg = ptr;
- return ret;
- }
- uintptr_t Parcel::readPointer() const
- {
- return readAligned<binder_uintptr_t>();
- }
- status_t Parcel::readFloat(float *pArg) const
- {
- return readAligned(pArg);
- }
- float Parcel::readFloat() const
- {
- return readAligned<float>();
- }
- #if defined(__mips__) && defined(__mips_hard_float)
- status_t Parcel::readDouble(double *pArg) const
- {
- union {
- double d;
- unsigned long long ll;
- } u;
- u.d = 0;
- status_t status;
- status = readAligned(&u.ll);
- *pArg = u.d;
- return status;
- }
- double Parcel::readDouble() const
- {
- union {
- double d;
- unsigned long long ll;
- } u;
- u.ll = readAligned<unsigned long long>();
- return u.d;
- }
- #else
- status_t Parcel::readDouble(double *pArg) const
- {
- return readAligned(pArg);
- }
- double Parcel::readDouble() const
- {
- return readAligned<double>();
- }
- #endif
- status_t Parcel::readBool(bool *pArg) const
- {
- int8_t tmp;
- status_t ret = readInt8(&tmp);
- *pArg = (tmp != 0);
- return ret;
- }
- bool Parcel::readBool() const
- {
- int8_t tmp;
- status_t err = readInt8(&tmp);
- if (err != OK) {
- return 0;
- }
- return tmp != 0;
- }
- const char* Parcel::readCString() const
- {
- if (mDataPos < mDataSize) {
- const size_t avail = mDataSize-mDataPos;
- const char* str = reinterpret_cast<const char*>(mData+mDataPos);
-
- const char* eos = reinterpret_cast<const char*>(memchr(str, 0, avail));
- if (eos) {
- const size_t len = eos - str;
- mDataPos += pad_size(len+1);
- ALOGV("readCString Setting data pos of %p to %zu", this, mDataPos);
- return str;
- }
- }
- return nullptr;
- }
- String16 Parcel::readString16() const
- {
- size_t len;
- const char16_t* str = readString16Inplace(&len);
- if (str) return String16(str, len);
- ALOGE("Reading a NULL string not supported here.");
- return String16();
- }
- status_t Parcel::readString16(std::unique_ptr<String16>* pArg) const
- {
- const int32_t start = dataPosition();
- int32_t size;
- status_t status = readInt32(&size);
- pArg->reset();
- if (status != OK || size < 0) {
- return status;
- }
- setDataPosition(start);
- pArg->reset(new (std::nothrow) String16());
- status = readString16(pArg->get());
- if (status != OK) {
- pArg->reset();
- }
- return status;
- }
- status_t Parcel::readString16(String16* pArg) const
- {
- size_t len;
- const char16_t* str = readString16Inplace(&len);
- if (str) {
- pArg->setTo(str, len);
- return 0;
- } else {
- *pArg = String16();
- return UNEXPECTED_NULL;
- }
- }
- const char16_t* Parcel::readString16Inplace(size_t* outLen) const
- {
- int32_t size = readInt32();
-
- if (size >= 0 && size < INT32_MAX) {
- *outLen = size;
- const char16_t* str = (const char16_t*)readInplace((size+1)*sizeof(char16_t));
- if (str != nullptr) {
- return str;
- }
- }
- *outLen = 0;
- return nullptr;
- }
- status_t Parcel::readStrongBinder(sp<IBinder>* val) const
- {
- status_t status = readNullableStrongBinder(val);
- if (status == OK && !val->get()) {
- status = UNEXPECTED_NULL;
- }
- return status;
- }
- status_t Parcel::readNullableStrongBinder(sp<IBinder>* val) const
- {
- return unflatten_binder(ProcessState::self(), *this, val);
- }
- sp<IBinder> Parcel::readStrongBinder() const
- {
- sp<IBinder> val;
-
-
-
- readNullableStrongBinder(&val);
- return val;
- }
- wp<IBinder> Parcel::readWeakBinder() const
- {
- wp<IBinder> val;
- unflatten_binder(ProcessState::self(), *this, &val);
- return val;
- }
- template<typename T>
- const T* Parcel::readObject(size_t *objects_offset) const
- {
- const size_t DPOS = mDataPos;
- if (objects_offset != nullptr) {
- *objects_offset = 0;
- }
- if ((DPOS+sizeof(T)) <= mDataSize) {
- const T* obj = reinterpret_cast<const T*>(mData+DPOS);
- mDataPos = DPOS + sizeof(T);
- const binder_object_header *hdr = reinterpret_cast<const binder_object_header*>(obj);
- switch (hdr->type) {
- case BINDER_TYPE_BINDER:
- case BINDER_TYPE_WEAK_BINDER:
- case BINDER_TYPE_HANDLE:
- case BINDER_TYPE_WEAK_HANDLE: {
- const flat_binder_object *flat_obj =
- reinterpret_cast<const flat_binder_object*>(hdr);
- if (flat_obj->cookie == 0 && flat_obj->binder == 0) {
-
-
-
- ALOGV("readObject Setting data pos of %p to %zu", this, mDataPos);
- return obj;
- }
- break;
- }
- case BINDER_TYPE_FD:
- case BINDER_TYPE_FDA:
-
- break;
- case BINDER_TYPE_PTR: {
- const binder_buffer_object *buffer_obj =
- reinterpret_cast<const binder_buffer_object*>(hdr);
- if ((void *)buffer_obj->buffer == nullptr) {
-
-
- return obj;
- }
- break;
- }
- }
-
- binder_size_t* const OBJS = mObjects;
- const size_t N = mObjectsSize;
- size_t opos = mNextObjectHint;
- if (N > 0) {
- ALOGV("Parcel %p looking for obj at %zu, hint=%zu",
- this, DPOS, opos);
-
-
- if (opos < N) {
- while (opos < (N-1) && OBJS[opos] < DPOS) {
- opos++;
- }
- } else {
- opos = N-1;
- }
- if (OBJS[opos] == DPOS) {
-
- ALOGV("Parcel %p found obj %zu at index %zu with forward search",
- this, DPOS, opos);
- mNextObjectHint = opos+1;
- ALOGV("readObject Setting data pos of %p to %zu", this, mDataPos);
- if (objects_offset != nullptr) {
- *objects_offset = opos;
- }
- return obj;
- }
-
- while (opos > 0 && OBJS[opos] > DPOS) {
- opos--;
- }
- if (OBJS[opos] == DPOS) {
-
- ALOGV("Parcel %p found obj %zu at index %zu with backward search",
- this, DPOS, opos);
- mNextObjectHint = opos+1;
- ALOGV("readObject Setting data pos of %p to %zu", this, mDataPos);
- if (objects_offset != nullptr) {
- *objects_offset = opos;
- }
- return obj;
- }
- }
- ALOGW("Attempt to read object from Parcel %p at offset %zu that is not in the object list",
- this, DPOS);
- }
- return nullptr;
- }
- template const flat_binder_object* Parcel::readObject<flat_binder_object>(size_t *objects_offset) const;
- template const binder_fd_object* Parcel::readObject<binder_fd_object>(size_t *objects_offset) const;
- template const binder_buffer_object* Parcel::readObject<binder_buffer_object>(size_t *objects_offset) const;
- template const binder_fd_array_object* Parcel::readObject<binder_fd_array_object>(size_t *objects_offset) const;
- bool Parcel::verifyBufferObject(const binder_buffer_object *buffer_obj,
- size_t size, uint32_t flags, size_t parent,
- size_t parentOffset) const {
- if (buffer_obj->length != size) {
- ALOGE("Buffer length %" PRIu64 " does not match expected size %zu.",
- static_cast<uint64_t>(buffer_obj->length), size);
- return false;
- }
- if (buffer_obj->flags != flags) {
- ALOGE("Buffer flags 0x%02X do not match expected flags 0x%02X.", buffer_obj->flags, flags);
- return false;
- }
- if (flags & BINDER_BUFFER_FLAG_HAS_PARENT) {
- if (buffer_obj->parent != parent) {
- ALOGE("Buffer parent %" PRIu64 " does not match expected parent %zu.",
- static_cast<uint64_t>(buffer_obj->parent), parent);
- return false;
- }
- if (buffer_obj->parent_offset != parentOffset) {
- ALOGE("Buffer parent offset %" PRIu64 " does not match expected offset %zu.",
- static_cast<uint64_t>(buffer_obj->parent_offset), parentOffset);
- return false;
- }
- }
- return true;
- }
- status_t Parcel::readBuffer(size_t buffer_size, size_t *buffer_handle,
- uint32_t flags, size_t parent, size_t parentOffset,
- const void **buffer_out) const {
- const binder_buffer_object* buffer_obj = readObject<binder_buffer_object>(buffer_handle);
- if (buffer_obj == nullptr || !isBuffer(*buffer_obj)) {
- return BAD_VALUE;
- }
- if (!verifyBufferObject(buffer_obj, buffer_size, flags, parent, parentOffset)) {
- return BAD_VALUE;
- }
-
- *buffer_out = reinterpret_cast<void*>(buffer_obj->buffer);
- return OK;
- }
- status_t Parcel::readNullableBuffer(size_t buffer_size, size_t *buffer_handle,
- const void **buffer_out) const
- {
- return readBuffer(buffer_size, buffer_handle,
- 0 , 0 , 0 ,
- buffer_out);
- }
- status_t Parcel::readBuffer(size_t buffer_size, size_t *buffer_handle,
- const void **buffer_out) const
- {
- status_t status = readNullableBuffer(buffer_size, buffer_handle, buffer_out);
- if (status == OK && *buffer_out == nullptr) {
- return UNEXPECTED_NULL;
- }
- return status;
- }
- status_t Parcel::readEmbeddedBuffer(size_t buffer_size,
- size_t *buffer_handle,
- size_t parent_buffer_handle,
- size_t parent_offset,
- const void **buffer_out) const
- {
- status_t status = readNullableEmbeddedBuffer(buffer_size, buffer_handle,
- parent_buffer_handle,
- parent_offset, buffer_out);
- if (status == OK && *buffer_out == nullptr) {
- return UNEXPECTED_NULL;
- }
- return status;
- }
- status_t Parcel::readNullableEmbeddedBuffer(size_t buffer_size,
- size_t *buffer_handle,
- size_t parent_buffer_handle,
- size_t parent_offset,
- const void **buffer_out) const
- {
- return readBuffer(buffer_size, buffer_handle, BINDER_BUFFER_FLAG_HAS_PARENT,
- parent_buffer_handle, parent_offset, buffer_out);
- }
- status_t Parcel::readReference(void const* *bufptr,
- size_t *buffer_handle, bool *isRef) const
- {
- LOG_BUFFER("readReference");
- const binder_buffer_object* buffer_obj = readObject<binder_buffer_object>();
- LOG_BUFFER(" readReference: buf = %p, len = %zu, flags = %x",
- (void*)buffer_obj->buffer, (size_t)buffer_obj->length,
- (int)buffer_obj->flags);
-
- if (buffer_obj && buffer_obj->hdr.type == BINDER_TYPE_PTR) {
- if (buffer_handle != nullptr) {
- *buffer_handle = 0;
- }
- if(isRef != nullptr) {
- *isRef = (buffer_obj->flags & BINDER_BUFFER_FLAG_REF) != 0;
- LOG_BUFFER(" readReference: isRef = %d", *isRef);
- }
-
- if(bufptr != nullptr) {
- *bufptr = (void*)buffer_obj->buffer;
- }
- return OK;
- }
- return BAD_VALUE;
- }
- status_t Parcel::readEmbeddedReference(void const* *bufptr,
- size_t *buffer_handle,
- size_t ,
- size_t ,
- bool *isRef) const
- {
-
- LOG_BUFFER("readEmbeddedReference");
- return (readReference(bufptr, buffer_handle, isRef));
- }
- status_t Parcel::readEmbeddedNativeHandle(size_t parent_buffer_handle,
- size_t parent_offset,
- const native_handle_t **handle) const
- {
- status_t status = readNullableEmbeddedNativeHandle(parent_buffer_handle, parent_offset, handle);
- if (status == OK && *handle == nullptr) {
- return UNEXPECTED_NULL;
- }
- return status;
- }
- status_t Parcel::readNullableNativeHandleNoDup(const native_handle_t **handle,
- bool embedded,
- size_t parent_buffer_handle,
- size_t parent_offset) const
- {
- status_t status;
- uint64_t nativeHandleSize;
- size_t fdaParent;
- status = readUint64(&nativeHandleSize);
- if (status != OK || nativeHandleSize == 0) {
- *handle = nullptr;
- return status;
- }
- if (nativeHandleSize < sizeof(native_handle_t)) {
- ALOGE("Received a native_handle_t size that was too small.");
- return BAD_VALUE;
- }
- if (embedded) {
- status = readNullableEmbeddedBuffer(nativeHandleSize, &fdaParent,
- parent_buffer_handle, parent_offset,
- reinterpret_cast<const void**>(handle));
- } else {
- status = readNullableBuffer(nativeHandleSize, &fdaParent,
- reinterpret_cast<const void**>(handle));
- }
- if (status != OK) {
- return status;
- }
- int numFds = (*handle)->numFds;
- int numInts = (*handle)->numInts;
- if (numFds < 0 || numFds > NATIVE_HANDLE_MAX_FDS) {
- ALOGE("Received native_handle with invalid number of fds.");
- return BAD_VALUE;
- }
- if (numInts < 0 || numInts > NATIVE_HANDLE_MAX_INTS) {
- ALOGE("Received native_handle with invalid number of ints.");
- return BAD_VALUE;
- }
- if (nativeHandleSize != (sizeof(native_handle_t) + ((numFds + numInts) * sizeof(int)))) {
- ALOGE("Size of native_handle doesn't match.");
- return BAD_VALUE;
- }
- const binder_fd_array_object* fd_array_obj = readObject<binder_fd_array_object>();
- if (fd_array_obj == nullptr || fd_array_obj->hdr.type != BINDER_TYPE_FDA) {
- ALOGE("Can't find file-descriptor array object.");
- return BAD_VALUE;
- }
- if (static_cast<int>(fd_array_obj->num_fds) != numFds) {
- ALOGE("Number of native handles does not match.");
- return BAD_VALUE;
- }
- if (fd_array_obj->parent != fdaParent) {
- ALOGE("Parent handle of file-descriptor array not correct.");
- return BAD_VALUE;
- }
- if (fd_array_obj->parent_offset != offsetof(native_handle_t, data)) {
- ALOGE("FD array object not properly offset in parent.");
- return BAD_VALUE;
- }
- return OK;
- }
- status_t Parcel::readNullableEmbeddedNativeHandle(size_t parent_buffer_handle,
- size_t parent_offset,
- const native_handle_t **handle) const
- {
- return readNullableNativeHandleNoDup(handle, true , parent_buffer_handle,
- parent_offset);
- }
- status_t Parcel::readNativeHandleNoDup(const native_handle_t **handle) const
- {
- status_t status = readNullableNativeHandleNoDup(handle);
- if (status == OK && *handle == nullptr) {
- return UNEXPECTED_NULL;
- }
- return status;
- }
- status_t Parcel::readNullableNativeHandleNoDup(const native_handle_t **handle) const
- {
- return readNullableNativeHandleNoDup(handle, false );
- }
- void Parcel::closeFileDescriptors()
- {
- size_t i = mObjectsSize;
- if (i > 0) {
-
- }
- while (i > 0) {
- i--;
- const flat_binder_object* flat
- = reinterpret_cast<flat_binder_object*>(mData+mObjects[i]);
- if (flat->hdr.type == BINDER_TYPE_FD) {
-
- close(flat->handle);
- }
- }
- }
- uintptr_t Parcel::ipcData() const
- {
- return reinterpret_cast<uintptr_t>(mData);
- }
- size_t Parcel::ipcDataSize() const
- {
- return mDataSize > mDataPos ? mDataSize : mDataPos;
- }
- uintptr_t Parcel::ipcObjects() const
- {
- return reinterpret_cast<uintptr_t>(mObjects);
- }
- size_t Parcel::ipcObjectsCount() const
- {
- return mObjectsSize;
- }
- #define BUFFER_ALIGNMENT_BYTES 8
- size_t Parcel::ipcBufferSize() const
- {
- size_t totalBuffersSize = 0;
-
- size_t i = mObjectsSize;
- while (i > 0) {
- i--;
- const binder_buffer_object* buffer
- = reinterpret_cast<binder_buffer_object*>(mData+mObjects[i]);
- if (isBuffer(*buffer)) {
-
- size_t alignedSize = (buffer->length + (BUFFER_ALIGNMENT_BYTES - 1))
- & ~(BUFFER_ALIGNMENT_BYTES - 1);
- if (alignedSize > SIZE_MAX - totalBuffersSize) {
- ALOGE("ipcBuffersSize(): invalid buffer sizes.");
- return 0;
- }
- totalBuffersSize += alignedSize;
- }
- }
- return totalBuffersSize;
- }
- void Parcel::ipcSetDataReference(const uint8_t* data, size_t dataSize,
- const binder_size_t* objects, size_t objectsCount, release_func relFunc, void* relCookie)
- {
- binder_size_t minOffset = 0;
- freeDataNoInit();
- mError = NO_ERROR;
- mData = const_cast<uint8_t*>(data);
- mDataSize = mDataCapacity = dataSize;
-
- mDataPos = 0;
- ALOGV("setDataReference Setting data pos of %p to %zu", this, mDataPos);
- mObjects = const_cast<binder_size_t*>(objects);
- mObjectsSize = mObjectsCapacity = objectsCount;
- mNextObjectHint = 0;
- clearCache();
- mNumRef = 0;
- mOwner = relFunc;
- mOwnerCookie = relCookie;
- for (size_t i = 0; i < mObjectsSize; i++) {
- binder_size_t offset = mObjects[i];
- if (offset < minOffset) {
- ALOGE("%s: bad object offset %" PRIu64 " < %" PRIu64 "\n",
- __func__, (uint64_t)offset, (uint64_t)minOffset);
- mObjectsSize = 0;
- break;
- }
- minOffset = offset + sizeof(flat_binder_object);
- }
- scanForFds();
- }
- void Parcel::print(TextOutput& to, uint32_t ) const
- {
- to << "Parcel(";
- if (errorCheck() != NO_ERROR) {
- const status_t err = errorCheck();
- to << "Error: " << (void*)(intptr_t)err << " \"" << strerror(-err) << "\"";
- } else if (dataSize() > 0) {
- const uint8_t* DATA = data();
- to << indent << HexDump(DATA, dataSize()) << dedent;
- const binder_size_t* OBJS = objects();
- const size_t N = objectsCount();
- for (size_t i=0; i<N; i++) {
- const flat_binder_object* flat
- = reinterpret_cast<const flat_binder_object*>(DATA+OBJS[i]);
- if (flat->hdr.type == BINDER_TYPE_PTR) {
- const binder_buffer_object* buffer
- = reinterpret_cast<const binder_buffer_object*>(DATA+OBJS[i]);
- if(isBuffer(*buffer)) {
- HexDump bufferDump((const uint8_t*)buffer->buffer, (size_t)buffer->length);
- bufferDump.setSingleLineCutoff(0);
- to << endl << "Object #" << i << " @ " << (void*)OBJS[i] << " (buffer size " << buffer->length << "):";
- to << indent << bufferDump << dedent;
- } else {
- to << endl << "Object #" << i << " @ " << (void*)OBJS[i];
- }
- } else {
- to << endl << "Object #" << i << " @ " << (void*)OBJS[i] << ": "
- << TypeCode(flat->hdr.type & 0x7f7f7f00)
- << " = " << flat->binder;
- }
- }
- } else {
- to << "NULL";
- }
- to << ")";
- }
- void Parcel::releaseObjects()
- {
- const sp<ProcessState> proc(ProcessState::self());
- size_t i = mObjectsSize;
- uint8_t* const data = mData;
- binder_size_t* const objects = mObjects;
- while (i > 0) {
- i--;
- const flat_binder_object* flat
- = reinterpret_cast<flat_binder_object*>(data+objects[i]);
- release_object(proc, *flat, this);
- }
- }
- void Parcel::acquireObjects()
- {
- const sp<ProcessState> proc(ProcessState::self());
- size_t i = mObjectsSize;
- uint8_t* const data = mData;
- binder_size_t* const objects = mObjects;
- while (i > 0) {
- i--;
- const binder_object_header* flat
- = reinterpret_cast<binder_object_header*>(data+objects[i]);
- acquire_object(proc, *flat, this);
- }
- }
- void Parcel::freeData()
- {
- freeDataNoInit();
- initState();
- }
- void Parcel::freeDataNoInit()
- {
- if (mOwner) {
- LOG_ALLOC("Parcel %p: freeing other owner data", this);
-
- mOwner(this, mData, mDataSize, mObjects, mObjectsSize, mOwnerCookie);
- } else {
- LOG_ALLOC("Parcel %p: freeing allocated data", this);
- releaseObjects();
- if (mData) {
- LOG_ALLOC("Parcel %p: freeing with %zu capacity", this, mDataCapacity);
- pthread_mutex_lock(&gParcelGlobalAllocSizeLock);
- if (mDataCapacity <= gParcelGlobalAllocSize) {
- gParcelGlobalAllocSize = gParcelGlobalAllocSize - mDataCapacity;
- } else {
- gParcelGlobalAllocSize = 0;
- }
- if (gParcelGlobalAllocCount > 0) {
- gParcelGlobalAllocCount--;
- }
- pthread_mutex_unlock(&gParcelGlobalAllocSizeLock);
- free(mData);
- }
- if (mObjects) free(mObjects);
- }
- }
- status_t Parcel::growData(size_t len)
- {
- if (len > INT32_MAX) {
-
-
- return BAD_VALUE;
- }
- size_t newSize = ((mDataSize+len)*3)/2;
- return (newSize <= mDataSize)
- ? (status_t) NO_MEMORY
- : continueWrite(newSize);
- }
- status_t Parcel::restartWrite(size_t desired)
- {
- if (desired > INT32_MAX) {
-
-
- return BAD_VALUE;
- }
- if (mOwner) {
- freeData();
- return continueWrite(desired);
- }
- uint8_t* data = (uint8_t*)realloc(mData, desired);
- if (!data && desired > mDataCapacity) {
- mError = NO_MEMORY;
- return NO_MEMORY;
- }
- releaseObjects();
- if (data) {
- LOG_ALLOC("Parcel %p: restart from %zu to %zu capacity", this, mDataCapacity, desired);
- pthread_mutex_lock(&gParcelGlobalAllocSizeLock);
- gParcelGlobalAllocSize += desired;
- gParcelGlobalAllocSize -= mDataCapacity;
- if (!mData) {
- gParcelGlobalAllocCount++;
- }
- pthread_mutex_unlock(&gParcelGlobalAllocSizeLock);
- mData = data;
- mDataCapacity = desired;
- }
- mDataSize = mDataPos = 0;
- ALOGV("restartWrite Setting data size of %p to %zu", this, mDataSize);
- ALOGV("restartWrite Setting data pos of %p to %zu", this, mDataPos);
- free(mObjects);
- mObjects = nullptr;
- mObjectsSize = mObjectsCapacity = 0;
- mNextObjectHint = 0;
- mHasFds = false;
- clearCache();
- mNumRef = 0;
- mFdsKnown = true;
- mAllowFds = true;
- return NO_ERROR;
- }
- status_t Parcel::continueWrite(size_t desired)
- {
- if (desired > INT32_MAX) {
-
-
- return BAD_VALUE;
- }
-
-
- size_t objectsSize = mObjectsSize;
- if (desired < mDataSize) {
- if (desired == 0) {
- objectsSize = 0;
- } else {
- while (objectsSize > 0) {
- if (mObjects[objectsSize-1] < desired)
- break;
- objectsSize--;
- }
- }
- }
- if (mOwner) {
-
- if (desired == 0) {
- freeData();
- return NO_ERROR;
- }
-
-
- uint8_t* data = (uint8_t*)malloc(desired);
- if (!data) {
- mError = NO_MEMORY;
- return NO_MEMORY;
- }
- binder_size_t* objects = nullptr;
- if (objectsSize) {
- objects = (binder_size_t*)calloc(objectsSize, sizeof(binder_size_t));
- if (!objects) {
- free(data);
- mError = NO_MEMORY;
- return NO_MEMORY;
- }
-
-
- size_t oldObjectsSize = mObjectsSize;
- mObjectsSize = objectsSize;
- acquireObjects();
- mObjectsSize = oldObjectsSize;
- }
- if (mData) {
- memcpy(data, mData, mDataSize < desired ? mDataSize : desired);
- }
- if (objects && mObjects) {
- memcpy(objects, mObjects, objectsSize*sizeof(binder_size_t));
- }
-
- mOwner(this, mData, mDataSize, mObjects, mObjectsSize, mOwnerCookie);
- mOwner = nullptr;
- LOG_ALLOC("Parcel %p: taking ownership of %zu capacity", this, desired);
- pthread_mutex_lock(&gParcelGlobalAllocSizeLock);
- gParcelGlobalAllocSize += desired;
- gParcelGlobalAllocCount++;
- pthread_mutex_unlock(&gParcelGlobalAllocSizeLock);
- mData = data;
- mObjects = objects;
- mDataSize = (mDataSize < desired) ? mDataSize : desired;
- ALOGV("continueWrite Setting data size of %p to %zu", this, mDataSize);
- mDataCapacity = desired;
- mObjectsSize = mObjectsCapacity = objectsSize;
- mNextObjectHint = 0;
- clearCache();
- } else if (mData) {
- if (objectsSize < mObjectsSize) {
-
- const sp<ProcessState> proc(ProcessState::self());
- for (size_t i=objectsSize; i<mObjectsSize; i++) {
- const flat_binder_object* flat
- = reinterpret_cast<flat_binder_object*>(mData+mObjects[i]);
- if (flat->hdr.type == BINDER_TYPE_FD) {
-
- mFdsKnown = false;
- }
- release_object(proc, *flat, this);
- }
- binder_size_t* objects =
- (binder_size_t*)realloc(mObjects, objectsSize*sizeof(binder_size_t));
- if (objects) {
- mObjects = objects;
- }
- mObjectsSize = objectsSize;
- mNextObjectHint = 0;
- clearCache();
- }
-
- if (desired > mDataCapacity) {
- uint8_t* data = (uint8_t*)realloc(mData, desired);
- if (data) {
- LOG_ALLOC("Parcel %p: continue from %zu to %zu capacity", this, mDataCapacity,
- desired);
- pthread_mutex_lock(&gParcelGlobalAllocSizeLock);
- gParcelGlobalAllocSize += desired;
- gParcelGlobalAllocSize -= mDataCapacity;
- pthread_mutex_unlock(&gParcelGlobalAllocSizeLock);
- mData = data;
- mDataCapacity = desired;
- } else {
- mError = NO_MEMORY;
- return NO_MEMORY;
- }
- } else {
- if (mDataSize > desired) {
- mDataSize = desired;
- ALOGV("continueWrite Setting data size of %p to %zu", this, mDataSize);
- }
- if (mDataPos > desired) {
- mDataPos = desired;
- ALOGV("continueWrite Setting data pos of %p to %zu", this, mDataPos);
- }
- }
- } else {
-
- uint8_t* data = (uint8_t*)malloc(desired);
- if (!data) {
- mError = NO_MEMORY;
- return NO_MEMORY;
- }
- if(!(mDataCapacity == 0 && mObjects == nullptr
- && mObjectsCapacity == 0)) {
- ALOGE("continueWrite: %zu/%p/%zu/%zu", mDataCapacity, mObjects, mObjectsCapacity, desired);
- }
- LOG_ALLOC("Parcel %p: allocating with %zu capacity", this, desired);
- pthread_mutex_lock(&gParcelGlobalAllocSizeLock);
- gParcelGlobalAllocSize += desired;
- gParcelGlobalAllocCount++;
- pthread_mutex_unlock(&gParcelGlobalAllocSizeLock);
- mData = data;
- mDataSize = mDataPos = 0;
- ALOGV("continueWrite Setting data size of %p to %zu", this, mDataSize);
- ALOGV("continueWrite Setting data pos of %p to %zu", this, mDataPos);
- mDataCapacity = desired;
- }
- return NO_ERROR;
- }
- void Parcel::initState()
- {
- LOG_ALLOC("Parcel %p: initState", this);
- mError = NO_ERROR;
- mData = nullptr;
- mDataSize = 0;
- mDataCapacity = 0;
- mDataPos = 0;
- ALOGV("initState Setting data size of %p to %zu", this, mDataSize);
- ALOGV("initState Setting data pos of %p to %zu", this, mDataPos);
- mObjects = nullptr;
- mObjectsSize = 0;
- mObjectsCapacity = 0;
- mNextObjectHint = 0;
- mHasFds = false;
- mFdsKnown = true;
- mAllowFds = true;
- mOwner = nullptr;
- clearCache();
- mNumRef = 0;
-
- if (gMaxFds == 0) {
- struct rlimit result;
- if (!getrlimit(RLIMIT_NOFILE, &result)) {
- gMaxFds = (size_t)result.rlim_cur;
-
- } else {
- ALOGW("Unable to getrlimit: %s", strerror(errno));
- gMaxFds = 1024;
- }
- }
- }
- void Parcel::scanForFds() const
- {
- bool hasFds = false;
- for (size_t i=0; i<mObjectsSize; i++) {
- const flat_binder_object* flat
- = reinterpret_cast<const flat_binder_object*>(mData + mObjects[i]);
- if (flat->hdr.type == BINDER_TYPE_FD) {
- hasFds = true;
- break;
- }
- }
- mHasFds = hasFds;
- mFdsKnown = true;
- }
- };
- };
|