1 /*
2 * Copyright (C) 2018 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <android/binder_ibinder.h>
18 #include "ibinder_internal.h"
19
20 #include <android/binder_stability.h>
21 #include <android/binder_status.h>
22 #include "parcel_internal.h"
23 #include "status_internal.h"
24
25 #include <android-base/logging.h>
26 #include <binder/IPCThreadState.h>
27 #include <binder/IResultReceiver.h>
28 #include <private/android_filesystem_config.h>
29
30 using DeathRecipient = ::android::IBinder::DeathRecipient;
31
32 using ::android::IBinder;
33 using ::android::IResultReceiver;
34 using ::android::Parcel;
35 using ::android::sp;
36 using ::android::status_t;
37 using ::android::String16;
38 using ::android::String8;
39 using ::android::wp;
40
41 namespace ABBinderTag {
42
43 static const void* kId = "ABBinder";
44 static void* kValue = static_cast<void*>(new bool{true});
clean(const void *,void *,void *)45 void clean(const void* /*id*/, void* /*obj*/, void* /*cookie*/){/* do nothing */};
46
attach(const sp<IBinder> & binder)47 static void attach(const sp<IBinder>& binder) {
48 binder->attachObject(kId, kValue, nullptr /*cookie*/, clean);
49 }
has(const sp<IBinder> & binder)50 static bool has(const sp<IBinder>& binder) {
51 return binder != nullptr && binder->findObject(kId) == kValue;
52 }
53
54 } // namespace ABBinderTag
55
56 namespace ABpBinderTag {
57
58 static std::mutex gLock;
59 static const void* kId = "ABpBinder";
60 struct Value {
61 wp<ABpBinder> binder;
62 };
clean(const void * id,void * obj,void * cookie)63 void clean(const void* id, void* obj, void* cookie) {
64 CHECK(id == kId) << id << " " << obj << " " << cookie;
65
66 delete static_cast<Value*>(obj);
67 };
68
69 } // namespace ABpBinderTag
70
AIBinder(const AIBinder_Class * clazz)71 AIBinder::AIBinder(const AIBinder_Class* clazz) : mClazz(clazz) {}
~AIBinder()72 AIBinder::~AIBinder() {}
73
associateClass(const AIBinder_Class * clazz)74 bool AIBinder::associateClass(const AIBinder_Class* clazz) {
75 if (clazz == nullptr) return false;
76 if (mClazz == clazz) return true;
77
78 String8 newDescriptor(clazz->getInterfaceDescriptor());
79
80 if (mClazz != nullptr) {
81 String8 currentDescriptor(mClazz->getInterfaceDescriptor());
82 if (newDescriptor == currentDescriptor) {
83 LOG(ERROR) << __func__ << ": Class descriptors '" << currentDescriptor
84 << "' match during associateClass, but they are different class objects. "
85 "Class descriptor collision?";
86 } else {
87 LOG(ERROR) << __func__
88 << ": Class cannot be associated on object which already has a class. "
89 "Trying to associate to '"
90 << newDescriptor.c_str() << "' but already set to '"
91 << currentDescriptor.c_str() << "'.";
92 }
93
94 // always a failure because we know mClazz != clazz
95 return false;
96 }
97
98 CHECK(asABpBinder() != nullptr); // ABBinder always has a descriptor
99
100 String8 descriptor(getBinder()->getInterfaceDescriptor());
101 if (descriptor != newDescriptor) {
102 LOG(ERROR) << __func__ << ": Expecting binder to have class '" << newDescriptor.c_str()
103 << "' but descriptor is actually '" << descriptor.c_str() << "'.";
104 return false;
105 }
106
107 // if this is a local object, it's not one known to libbinder_ndk
108 mClazz = clazz;
109
110 return true;
111 }
112
ABBinder(const AIBinder_Class * clazz,void * userData)113 ABBinder::ABBinder(const AIBinder_Class* clazz, void* userData)
114 : AIBinder(clazz), BBinder(), mUserData(userData) {
115 CHECK(clazz != nullptr);
116 }
~ABBinder()117 ABBinder::~ABBinder() {
118 getClass()->onDestroy(mUserData);
119 }
120
getInterfaceDescriptor() const121 const String16& ABBinder::getInterfaceDescriptor() const {
122 return getClass()->getInterfaceDescriptor();
123 }
124
dump(int fd,const::android::Vector<String16> & args)125 status_t ABBinder::dump(int fd, const ::android::Vector<String16>& args) {
126 AIBinder_onDump onDump = getClass()->onDump;
127
128 if (onDump == nullptr) {
129 return STATUS_OK;
130 }
131
132 // technically UINT32_MAX would be okay here, but INT32_MAX is expected since this may be
133 // null in Java
134 if (args.size() > INT32_MAX) {
135 LOG(ERROR) << "ABBinder::dump received too many arguments: " << args.size();
136 return STATUS_BAD_VALUE;
137 }
138
139 std::vector<String8> utf8Args; // owns memory of utf8s
140 utf8Args.reserve(args.size());
141 std::vector<const char*> utf8Pointers; // what can be passed over NDK API
142 utf8Pointers.reserve(args.size());
143
144 for (size_t i = 0; i < args.size(); i++) {
145 utf8Args.push_back(String8(args[i]));
146 utf8Pointers.push_back(utf8Args[i].c_str());
147 }
148
149 return onDump(this, fd, utf8Pointers.data(), utf8Pointers.size());
150 }
151
onTransact(transaction_code_t code,const Parcel & data,Parcel * reply,binder_flags_t flags)152 status_t ABBinder::onTransact(transaction_code_t code, const Parcel& data, Parcel* reply,
153 binder_flags_t flags) {
154 if (isUserCommand(code)) {
155 if (!data.checkInterface(this)) {
156 return STATUS_BAD_TYPE;
157 }
158
159 const AParcel in = AParcel::readOnly(this, &data);
160 AParcel out = AParcel(this, reply, false /*owns*/);
161
162 binder_status_t status = getClass()->onTransact(this, code, &in, &out);
163 return PruneStatusT(status);
164 } else if (code == SHELL_COMMAND_TRANSACTION) {
165 int in = data.readFileDescriptor();
166 int out = data.readFileDescriptor();
167 int err = data.readFileDescriptor();
168
169 int argc = data.readInt32();
170 std::vector<String8> utf8Args; // owns memory of utf8s
171 std::vector<const char*> utf8Pointers; // what can be passed over NDK API
172 for (int i = 0; i < argc && data.dataAvail() > 0; i++) {
173 utf8Args.push_back(String8(data.readString16()));
174 utf8Pointers.push_back(utf8Args[i].c_str());
175 }
176
177 data.readStrongBinder(); // skip over the IShellCallback
178 sp<IResultReceiver> resultReceiver = IResultReceiver::asInterface(data.readStrongBinder());
179
180 // Shell commands should only be callable by ADB.
181 uid_t uid = AIBinder_getCallingUid();
182 if (uid != AID_ROOT && uid != AID_SHELL) {
183 if (resultReceiver != nullptr) {
184 resultReceiver->send(-1);
185 }
186 return STATUS_PERMISSION_DENIED;
187 }
188
189 // Check that the file descriptors are valid.
190 if (in == STATUS_BAD_TYPE || out == STATUS_BAD_TYPE || err == STATUS_BAD_TYPE) {
191 if (resultReceiver != nullptr) {
192 resultReceiver->send(-1);
193 }
194 return STATUS_BAD_VALUE;
195 }
196
197 binder_status_t status = getClass()->handleShellCommand(
198 this, in, out, err, utf8Pointers.data(), utf8Pointers.size());
199 if (resultReceiver != nullptr) {
200 resultReceiver->send(status);
201 }
202 return status;
203 } else {
204 return BBinder::onTransact(code, data, reply, flags);
205 }
206 }
207
ABpBinder(const::android::sp<::android::IBinder> & binder)208 ABpBinder::ABpBinder(const ::android::sp<::android::IBinder>& binder)
209 : AIBinder(nullptr /*clazz*/), BpRefBase(binder) {
210 CHECK(binder != nullptr);
211 }
~ABpBinder()212 ABpBinder::~ABpBinder() {}
213
onLastStrongRef(const void * id)214 void ABpBinder::onLastStrongRef(const void* id) {
215 {
216 std::lock_guard<std::mutex> lock(ABpBinderTag::gLock);
217 // Since ABpBinder is OBJECT_LIFETIME_WEAK, we must remove this weak reference in order for
218 // the ABpBinder to be deleted. Since a strong reference to this ABpBinder object should no
219 // longer be able to exist at the time of this method call, there is no longer a need to
220 // recover it.
221
222 ABpBinderTag::Value* value =
223 static_cast<ABpBinderTag::Value*>(remote()->findObject(ABpBinderTag::kId));
224 if (value != nullptr) {
225 value->binder = nullptr;
226 }
227 }
228
229 BpRefBase::onLastStrongRef(id);
230 }
231
lookupOrCreateFromBinder(const::android::sp<::android::IBinder> & binder)232 sp<AIBinder> ABpBinder::lookupOrCreateFromBinder(const ::android::sp<::android::IBinder>& binder) {
233 if (binder == nullptr) {
234 return nullptr;
235 }
236 if (ABBinderTag::has(binder)) {
237 return static_cast<ABBinder*>(binder.get());
238 }
239
240 // The following code ensures that for a given binder object (remote or local), if it is not an
241 // ABBinder then at most one ABpBinder object exists in a given process representing it.
242 std::lock_guard<std::mutex> lock(ABpBinderTag::gLock);
243
244 ABpBinderTag::Value* value =
245 static_cast<ABpBinderTag::Value*>(binder->findObject(ABpBinderTag::kId));
246 if (value == nullptr) {
247 value = new ABpBinderTag::Value;
248 binder->attachObject(ABpBinderTag::kId, static_cast<void*>(value), nullptr /*cookie*/,
249 ABpBinderTag::clean);
250 }
251
252 sp<ABpBinder> ret = value->binder.promote();
253 if (ret == nullptr) {
254 ret = new ABpBinder(binder);
255 value->binder = ret;
256 }
257
258 return ret;
259 }
260
261 struct AIBinder_Weak {
262 wp<AIBinder> binder;
263 };
AIBinder_Weak_new(AIBinder * binder)264 AIBinder_Weak* AIBinder_Weak_new(AIBinder* binder) {
265 if (binder == nullptr) {
266 return nullptr;
267 }
268
269 return new AIBinder_Weak{wp<AIBinder>(binder)};
270 }
AIBinder_Weak_delete(AIBinder_Weak * weakBinder)271 void AIBinder_Weak_delete(AIBinder_Weak* weakBinder) {
272 delete weakBinder;
273 }
AIBinder_Weak_promote(AIBinder_Weak * weakBinder)274 AIBinder* AIBinder_Weak_promote(AIBinder_Weak* weakBinder) {
275 if (weakBinder == nullptr) {
276 return nullptr;
277 }
278
279 sp<AIBinder> binder = weakBinder->binder.promote();
280 AIBinder_incStrong(binder.get());
281 return binder.get();
282 }
283
AIBinder_Class(const char * interfaceDescriptor,AIBinder_Class_onCreate onCreate,AIBinder_Class_onDestroy onDestroy,AIBinder_Class_onTransact onTransact)284 AIBinder_Class::AIBinder_Class(const char* interfaceDescriptor, AIBinder_Class_onCreate onCreate,
285 AIBinder_Class_onDestroy onDestroy,
286 AIBinder_Class_onTransact onTransact)
287 : onCreate(onCreate),
288 onDestroy(onDestroy),
289 onTransact(onTransact),
290 mInterfaceDescriptor(interfaceDescriptor) {}
291
AIBinder_Class_define(const char * interfaceDescriptor,AIBinder_Class_onCreate onCreate,AIBinder_Class_onDestroy onDestroy,AIBinder_Class_onTransact onTransact)292 AIBinder_Class* AIBinder_Class_define(const char* interfaceDescriptor,
293 AIBinder_Class_onCreate onCreate,
294 AIBinder_Class_onDestroy onDestroy,
295 AIBinder_Class_onTransact onTransact) {
296 if (interfaceDescriptor == nullptr || onCreate == nullptr || onDestroy == nullptr ||
297 onTransact == nullptr) {
298 return nullptr;
299 }
300
301 return new AIBinder_Class(interfaceDescriptor, onCreate, onDestroy, onTransact);
302 }
303
AIBinder_Class_setOnDump(AIBinder_Class * clazz,AIBinder_onDump onDump)304 void AIBinder_Class_setOnDump(AIBinder_Class* clazz, AIBinder_onDump onDump) {
305 CHECK(clazz != nullptr) << "setOnDump requires non-null clazz";
306
307 // this is required to be called before instances are instantiated
308 clazz->onDump = onDump;
309 }
310
AIBinder_Class_setHandleShellCommand(AIBinder_Class * clazz,AIBinder_handleShellCommand handleShellCommand)311 void AIBinder_Class_setHandleShellCommand(AIBinder_Class* clazz,
312 AIBinder_handleShellCommand handleShellCommand) {
313 CHECK(clazz != nullptr) << "setHandleShellCommand requires non-null clazz";
314
315 clazz->handleShellCommand = handleShellCommand;
316 }
317
binderDied(const wp<IBinder> & who)318 void AIBinder_DeathRecipient::TransferDeathRecipient::binderDied(const wp<IBinder>& who) {
319 CHECK(who == mWho);
320
321 mOnDied(mCookie);
322
323 sp<AIBinder_DeathRecipient> recipient = mParentRecipient.promote();
324 sp<IBinder> strongWho = who.promote();
325
326 // otherwise this will be cleaned up later with pruneDeadTransferEntriesLocked
327 if (recipient != nullptr && strongWho != nullptr) {
328 status_t result = recipient->unlinkToDeath(strongWho, mCookie);
329 if (result != ::android::DEAD_OBJECT) {
330 LOG(WARNING) << "Unlinking to dead binder resulted in: " << result;
331 }
332 }
333
334 mWho = nullptr;
335 }
336
AIBinder_DeathRecipient(AIBinder_DeathRecipient_onBinderDied onDied)337 AIBinder_DeathRecipient::AIBinder_DeathRecipient(AIBinder_DeathRecipient_onBinderDied onDied)
338 : mOnDied(onDied) {
339 CHECK(onDied != nullptr);
340 }
341
pruneDeadTransferEntriesLocked()342 void AIBinder_DeathRecipient::pruneDeadTransferEntriesLocked() {
343 mDeathRecipients.erase(std::remove_if(mDeathRecipients.begin(), mDeathRecipients.end(),
344 [](const sp<TransferDeathRecipient>& tdr) {
345 return tdr->getWho() == nullptr;
346 }),
347 mDeathRecipients.end());
348 }
349
linkToDeath(sp<IBinder> binder,void * cookie)350 binder_status_t AIBinder_DeathRecipient::linkToDeath(sp<IBinder> binder, void* cookie) {
351 CHECK(binder != nullptr);
352
353 std::lock_guard<std::mutex> l(mDeathRecipientsMutex);
354
355 sp<TransferDeathRecipient> recipient =
356 new TransferDeathRecipient(binder, cookie, this, mOnDied);
357
358 status_t status = binder->linkToDeath(recipient, cookie, 0 /*flags*/);
359 if (status != STATUS_OK) {
360 return PruneStatusT(status);
361 }
362
363 mDeathRecipients.push_back(recipient);
364
365 pruneDeadTransferEntriesLocked();
366 return STATUS_OK;
367 }
368
unlinkToDeath(sp<IBinder> binder,void * cookie)369 binder_status_t AIBinder_DeathRecipient::unlinkToDeath(sp<IBinder> binder, void* cookie) {
370 CHECK(binder != nullptr);
371
372 std::lock_guard<std::mutex> l(mDeathRecipientsMutex);
373
374 for (auto it = mDeathRecipients.rbegin(); it != mDeathRecipients.rend(); ++it) {
375 sp<TransferDeathRecipient> recipient = *it;
376
377 if (recipient->getCookie() == cookie && recipient->getWho() == binder) {
378 mDeathRecipients.erase(it.base() - 1);
379
380 status_t status = binder->unlinkToDeath(recipient, cookie, 0 /*flags*/);
381 if (status != ::android::OK) {
382 LOG(ERROR) << __func__
383 << ": removed reference to death recipient but unlink failed.";
384 }
385 return PruneStatusT(status);
386 }
387 }
388
389 return STATUS_NAME_NOT_FOUND;
390 }
391
392 // start of C-API methods
393
AIBinder_new(const AIBinder_Class * clazz,void * args)394 AIBinder* AIBinder_new(const AIBinder_Class* clazz, void* args) {
395 if (clazz == nullptr) {
396 LOG(ERROR) << __func__ << ": Must provide class to construct local binder.";
397 return nullptr;
398 }
399
400 void* userData = clazz->onCreate(args);
401
402 sp<AIBinder> ret = new ABBinder(clazz, userData);
403 ABBinderTag::attach(ret->getBinder());
404
405 AIBinder_incStrong(ret.get());
406 return ret.get();
407 }
408
AIBinder_isRemote(const AIBinder * binder)409 bool AIBinder_isRemote(const AIBinder* binder) {
410 if (binder == nullptr) {
411 return false;
412 }
413
414 return binder->isRemote();
415 }
416
AIBinder_isAlive(const AIBinder * binder)417 bool AIBinder_isAlive(const AIBinder* binder) {
418 if (binder == nullptr) {
419 return false;
420 }
421
422 return const_cast<AIBinder*>(binder)->getBinder()->isBinderAlive();
423 }
424
AIBinder_ping(AIBinder * binder)425 binder_status_t AIBinder_ping(AIBinder* binder) {
426 if (binder == nullptr) {
427 return STATUS_UNEXPECTED_NULL;
428 }
429
430 return PruneStatusT(binder->getBinder()->pingBinder());
431 }
432
AIBinder_dump(AIBinder * binder,int fd,const char ** args,uint32_t numArgs)433 binder_status_t AIBinder_dump(AIBinder* binder, int fd, const char** args, uint32_t numArgs) {
434 if (binder == nullptr) {
435 return STATUS_UNEXPECTED_NULL;
436 }
437
438 ABBinder* bBinder = binder->asABBinder();
439 if (bBinder != nullptr) {
440 AIBinder_onDump onDump = binder->getClass()->onDump;
441 if (onDump == nullptr) {
442 return STATUS_OK;
443 }
444 return PruneStatusT(onDump(bBinder, fd, args, numArgs));
445 }
446
447 ::android::Vector<String16> utf16Args;
448 utf16Args.setCapacity(numArgs);
449 for (uint32_t i = 0; i < numArgs; i++) {
450 utf16Args.push(String16(String8(args[i])));
451 }
452
453 status_t status = binder->getBinder()->dump(fd, utf16Args);
454 return PruneStatusT(status);
455 }
456
AIBinder_linkToDeath(AIBinder * binder,AIBinder_DeathRecipient * recipient,void * cookie)457 binder_status_t AIBinder_linkToDeath(AIBinder* binder, AIBinder_DeathRecipient* recipient,
458 void* cookie) {
459 if (binder == nullptr || recipient == nullptr) {
460 LOG(ERROR) << __func__ << ": Must provide binder and recipient.";
461 return STATUS_UNEXPECTED_NULL;
462 }
463
464 // returns binder_status_t
465 return recipient->linkToDeath(binder->getBinder(), cookie);
466 }
467
AIBinder_unlinkToDeath(AIBinder * binder,AIBinder_DeathRecipient * recipient,void * cookie)468 binder_status_t AIBinder_unlinkToDeath(AIBinder* binder, AIBinder_DeathRecipient* recipient,
469 void* cookie) {
470 if (binder == nullptr || recipient == nullptr) {
471 LOG(ERROR) << __func__ << ": Must provide binder and recipient.";
472 return STATUS_UNEXPECTED_NULL;
473 }
474
475 // returns binder_status_t
476 return recipient->unlinkToDeath(binder->getBinder(), cookie);
477 }
478
AIBinder_getCallingUid()479 uid_t AIBinder_getCallingUid() {
480 return ::android::IPCThreadState::self()->getCallingUid();
481 }
482
AIBinder_getCallingPid()483 pid_t AIBinder_getCallingPid() {
484 return ::android::IPCThreadState::self()->getCallingPid();
485 }
486
AIBinder_incStrong(AIBinder * binder)487 void AIBinder_incStrong(AIBinder* binder) {
488 if (binder == nullptr) {
489 return;
490 }
491
492 binder->incStrong(nullptr);
493 }
AIBinder_decStrong(AIBinder * binder)494 void AIBinder_decStrong(AIBinder* binder) {
495 if (binder == nullptr) {
496 LOG(ERROR) << __func__ << ": on null binder";
497 return;
498 }
499
500 binder->decStrong(nullptr);
501 }
AIBinder_debugGetRefCount(AIBinder * binder)502 int32_t AIBinder_debugGetRefCount(AIBinder* binder) {
503 if (binder == nullptr) {
504 LOG(ERROR) << __func__ << ": on null binder";
505 return -1;
506 }
507
508 return binder->getStrongCount();
509 }
510
AIBinder_associateClass(AIBinder * binder,const AIBinder_Class * clazz)511 bool AIBinder_associateClass(AIBinder* binder, const AIBinder_Class* clazz) {
512 if (binder == nullptr) {
513 return false;
514 }
515
516 return binder->associateClass(clazz);
517 }
518
AIBinder_getClass(AIBinder * binder)519 const AIBinder_Class* AIBinder_getClass(AIBinder* binder) {
520 if (binder == nullptr) {
521 return nullptr;
522 }
523
524 return binder->getClass();
525 }
526
AIBinder_getUserData(AIBinder * binder)527 void* AIBinder_getUserData(AIBinder* binder) {
528 if (binder == nullptr) {
529 return nullptr;
530 }
531
532 ABBinder* bBinder = binder->asABBinder();
533 if (bBinder == nullptr) {
534 return nullptr;
535 }
536
537 return bBinder->getUserData();
538 }
539
AIBinder_prepareTransaction(AIBinder * binder,AParcel ** in)540 binder_status_t AIBinder_prepareTransaction(AIBinder* binder, AParcel** in) {
541 if (binder == nullptr || in == nullptr) {
542 LOG(ERROR) << __func__ << ": requires non-null parameters.";
543 return STATUS_UNEXPECTED_NULL;
544 }
545 const AIBinder_Class* clazz = binder->getClass();
546 if (clazz == nullptr) {
547 LOG(ERROR) << __func__
548 << ": Class must be defined for a remote binder transaction. See "
549 "AIBinder_associateClass.";
550 return STATUS_INVALID_OPERATION;
551 }
552
553 if (!binder->isRemote()) {
554 LOG(WARNING) << "A binder object at " << binder
555 << " is being transacted on, however, this object is in the same process as "
556 "its proxy. Transacting with this binder is expensive compared to just "
557 "calling the corresponding functionality in the same process.";
558 }
559
560 *in = new AParcel(binder);
561 status_t status = (*in)->get()->writeInterfaceToken(clazz->getInterfaceDescriptor());
562 binder_status_t ret = PruneStatusT(status);
563
564 if (ret != STATUS_OK) {
565 delete *in;
566 *in = nullptr;
567 }
568
569 return ret;
570 }
571
DestroyParcel(AParcel ** parcel)572 static void DestroyParcel(AParcel** parcel) {
573 delete *parcel;
574 *parcel = nullptr;
575 }
576
AIBinder_transact(AIBinder * binder,transaction_code_t code,AParcel ** in,AParcel ** out,binder_flags_t flags)577 binder_status_t AIBinder_transact(AIBinder* binder, transaction_code_t code, AParcel** in,
578 AParcel** out, binder_flags_t flags) {
579 if (in == nullptr) {
580 LOG(ERROR) << __func__ << ": requires non-null in parameter";
581 return STATUS_UNEXPECTED_NULL;
582 }
583
584 using AutoParcelDestroyer = std::unique_ptr<AParcel*, void (*)(AParcel**)>;
585 // This object is the input to the transaction. This function takes ownership of it and deletes
586 // it.
587 AutoParcelDestroyer forIn(in, DestroyParcel);
588
589 if (!isUserCommand(code)) {
590 LOG(ERROR) << __func__ << ": Only user-defined transactions can be made from the NDK.";
591 return STATUS_UNKNOWN_TRANSACTION;
592 }
593
594 constexpr binder_flags_t kAllFlags = FLAG_PRIVATE_VENDOR | FLAG_ONEWAY;
595 if ((flags & ~kAllFlags) != 0) {
596 LOG(ERROR) << __func__ << ": Unrecognized flags sent: " << flags;
597 return STATUS_BAD_VALUE;
598 }
599
600 if (binder == nullptr || *in == nullptr || out == nullptr) {
601 LOG(ERROR) << __func__ << ": requires non-null parameters.";
602 return STATUS_UNEXPECTED_NULL;
603 }
604
605 if ((*in)->getBinder() != binder) {
606 LOG(ERROR) << __func__ << ": parcel is associated with binder object " << binder
607 << " but called with " << (*in)->getBinder();
608 return STATUS_BAD_VALUE;
609 }
610
611 *out = new AParcel(binder);
612
613 status_t status = binder->getBinder()->transact(code, *(*in)->get(), (*out)->get(), flags);
614 binder_status_t ret = PruneStatusT(status);
615
616 if (ret != STATUS_OK) {
617 delete *out;
618 *out = nullptr;
619 }
620
621 return ret;
622 }
623
AIBinder_DeathRecipient_new(AIBinder_DeathRecipient_onBinderDied onBinderDied)624 AIBinder_DeathRecipient* AIBinder_DeathRecipient_new(
625 AIBinder_DeathRecipient_onBinderDied onBinderDied) {
626 if (onBinderDied == nullptr) {
627 LOG(ERROR) << __func__ << ": requires non-null onBinderDied parameter.";
628 return nullptr;
629 }
630 auto ret = new AIBinder_DeathRecipient(onBinderDied);
631 ret->incStrong(nullptr);
632 return ret;
633 }
634
AIBinder_DeathRecipient_delete(AIBinder_DeathRecipient * recipient)635 void AIBinder_DeathRecipient_delete(AIBinder_DeathRecipient* recipient) {
636 if (recipient == nullptr) {
637 return;
638 }
639
640 recipient->decStrong(nullptr);
641 }
642
AIBinder_getExtension(AIBinder * binder,AIBinder ** outExt)643 binder_status_t AIBinder_getExtension(AIBinder* binder, AIBinder** outExt) {
644 if (binder == nullptr || outExt == nullptr) {
645 if (outExt != nullptr) {
646 *outExt = nullptr;
647 }
648 return STATUS_UNEXPECTED_NULL;
649 }
650
651 sp<IBinder> ext;
652 status_t res = binder->getBinder()->getExtension(&ext);
653
654 if (res != android::OK) {
655 *outExt = nullptr;
656 return PruneStatusT(res);
657 }
658
659 sp<AIBinder> ret = ABpBinder::lookupOrCreateFromBinder(ext);
660 if (ret != nullptr) ret->incStrong(binder);
661
662 *outExt = ret.get();
663 return STATUS_OK;
664 }
665
AIBinder_setExtension(AIBinder * binder,AIBinder * ext)666 binder_status_t AIBinder_setExtension(AIBinder* binder, AIBinder* ext) {
667 if (binder == nullptr || ext == nullptr) {
668 return STATUS_UNEXPECTED_NULL;
669 }
670
671 ABBinder* rawBinder = binder->asABBinder();
672 if (rawBinder == nullptr) {
673 return STATUS_INVALID_OPERATION;
674 }
675
676 rawBinder->setExtension(ext->getBinder());
677 return STATUS_OK;
678 }
679