1 /* 2 * Copyright (C) 2020 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 //! Trait definitions for binder objects 18 19 use crate::error::{status_t, Result, StatusCode}; 20 use crate::parcel::{BorrowedParcel, Parcel}; 21 use crate::proxy::{DeathRecipient, SpIBinder, WpIBinder}; 22 use crate::sys; 23 24 use downcast_rs::{impl_downcast, DowncastSync}; 25 use std::borrow::Borrow; 26 use std::cmp::Ordering; 27 use std::convert::TryFrom; 28 use std::ffi::{c_void, CStr, CString}; 29 use std::fmt; 30 use std::io::Write; 31 use std::marker::PhantomData; 32 use std::ops::Deref; 33 use std::os::fd::AsRawFd; 34 use std::os::raw::c_char; 35 use std::ptr; 36 37 /// Binder action to perform. 38 /// 39 /// This must be a number between [`FIRST_CALL_TRANSACTION`] and 40 /// [`LAST_CALL_TRANSACTION`]. 41 pub type TransactionCode = u32; 42 43 /// Additional operation flags. 44 /// 45 /// `FLAG_*` values. 46 pub type TransactionFlags = u32; 47 48 /// Super-trait for Binder interfaces. 49 /// 50 /// This trait allows conversion of a Binder interface trait object into an 51 /// IBinder object for IPC calls. All Binder remotable interface (i.e. AIDL 52 /// interfaces) must implement this trait. 53 /// 54 /// This is equivalent `IInterface` in C++. 55 pub trait Interface: Send + Sync + DowncastSync { 56 /// Convert this binder object into a generic [`SpIBinder`] reference. as_binder(&self) -> SpIBinder57 fn as_binder(&self) -> SpIBinder { 58 panic!("This object was not a Binder object and cannot be converted into an SpIBinder.") 59 } 60 61 /// Dump transaction handler for this Binder object. 62 /// 63 /// This handler is a no-op by default and should be implemented for each 64 /// Binder service struct that wishes to respond to dump transactions. dump(&self, _writer: &mut dyn Write, _args: &[&CStr]) -> Result<()>65 fn dump(&self, _writer: &mut dyn Write, _args: &[&CStr]) -> Result<()> { 66 Ok(()) 67 } 68 } 69 70 impl_downcast!(sync Interface); 71 72 /// Implemented by sync interfaces to specify what the associated async interface is. 73 /// Generic to handle the fact that async interfaces are generic over a thread pool. 74 /// 75 /// The binder in any object implementing this trait should be compatible with the 76 /// `Target` associated type, and using `FromIBinder` to convert it to the target 77 /// should not fail. 78 pub trait ToAsyncInterface<P> 79 where 80 Self: Interface, 81 Self::Target: FromIBinder, 82 { 83 /// The async interface associated with this sync interface. 84 type Target: ?Sized; 85 } 86 87 /// Implemented by async interfaces to specify what the associated sync interface is. 88 /// 89 /// The binder in any object implementing this trait should be compatible with the 90 /// `Target` associated type, and using `FromIBinder` to convert it to the target 91 /// should not fail. 92 pub trait ToSyncInterface 93 where 94 Self: Interface, 95 Self::Target: FromIBinder, 96 { 97 /// The sync interface associated with this async interface. 98 type Target: ?Sized; 99 } 100 101 /// Interface stability promise 102 /// 103 /// An interface can promise to be a stable vendor interface ([`Stability::Vintf`]), 104 /// or makes no stability guarantees ([`Stability::Local`]). [`Stability::Local`] is 105 /// currently the default stability. 106 #[derive(Debug, Copy, Clone, PartialEq, Eq, PartialOrd, Ord, Default)] 107 pub enum Stability { 108 /// Default stability, visible to other modules in the same compilation 109 /// context (e.g. modules on system.img) 110 #[default] 111 Local, 112 113 /// A Vendor Interface Object, which promises to be stable 114 Vintf, 115 } 116 117 impl From<Stability> for i32 { from(stability: Stability) -> i32118 fn from(stability: Stability) -> i32 { 119 use Stability::*; 120 match stability { 121 Local => 0, 122 Vintf => 1, 123 } 124 } 125 } 126 127 impl TryFrom<i32> for Stability { 128 type Error = StatusCode; try_from(stability: i32) -> Result<Stability>129 fn try_from(stability: i32) -> Result<Stability> { 130 use Stability::*; 131 match stability { 132 0 => Ok(Local), 133 1 => Ok(Vintf), 134 _ => Err(StatusCode::BAD_VALUE), 135 } 136 } 137 } 138 139 /// A local service that can be remotable via Binder. 140 /// 141 /// An object that implement this interface made be made into a Binder service 142 /// via `Binder::new(object)`. 143 /// 144 /// This is a low-level interface that should normally be automatically 145 /// generated from AIDL via the [`crate::declare_binder_interface!`] macro. 146 /// When using the AIDL backend, users need only implement the high-level AIDL-defined 147 /// interface. The AIDL compiler then generates a container struct that wraps 148 /// the user-defined service and implements `Remotable`. 149 pub trait Remotable: Send + Sync + 'static { 150 /// The Binder interface descriptor string. 151 /// 152 /// This string is a unique identifier for a Binder interface, and should be 153 /// the same between all implementations of that interface. get_descriptor() -> &'static str154 fn get_descriptor() -> &'static str; 155 156 /// Handle and reply to a request to invoke a transaction on this object. 157 /// 158 /// `reply` may be [`None`] if the sender does not expect a reply. on_transact( &self, code: TransactionCode, data: &BorrowedParcel<'_>, reply: &mut BorrowedParcel<'_>, ) -> Result<()>159 fn on_transact( 160 &self, 161 code: TransactionCode, 162 data: &BorrowedParcel<'_>, 163 reply: &mut BorrowedParcel<'_>, 164 ) -> Result<()>; 165 166 /// Handle a request to invoke the dump transaction on this 167 /// object. on_dump(&self, file: &mut dyn Write, args: &[&CStr]) -> Result<()>168 fn on_dump(&self, file: &mut dyn Write, args: &[&CStr]) -> Result<()>; 169 170 /// Retrieve the class of this remote object. 171 /// 172 /// This method should always return the same InterfaceClass for the same 173 /// type. get_class() -> InterfaceClass174 fn get_class() -> InterfaceClass; 175 } 176 177 /// First transaction code available for user commands (inclusive) 178 pub const FIRST_CALL_TRANSACTION: TransactionCode = sys::FIRST_CALL_TRANSACTION; 179 /// Last transaction code available for user commands (inclusive) 180 pub const LAST_CALL_TRANSACTION: TransactionCode = sys::LAST_CALL_TRANSACTION; 181 182 /// Corresponds to TF_ONE_WAY -- an asynchronous call. 183 pub const FLAG_ONEWAY: TransactionFlags = sys::FLAG_ONEWAY; 184 /// Corresponds to TF_CLEAR_BUF -- clear transaction buffers after call is made. 185 pub const FLAG_CLEAR_BUF: TransactionFlags = sys::FLAG_CLEAR_BUF; 186 /// Set to the vendor flag if we are building for the VNDK, 0 otherwise 187 pub const FLAG_PRIVATE_LOCAL: TransactionFlags = sys::FLAG_PRIVATE_LOCAL; 188 189 /// Internal interface of binder local or remote objects for making 190 /// transactions. 191 /// 192 /// This trait corresponds to the parts of the interface of the C++ `IBinder` 193 /// class which are internal implementation details. 194 pub trait IBinderInternal: IBinder { 195 /// Is this object still alive? is_binder_alive(&self) -> bool196 fn is_binder_alive(&self) -> bool; 197 198 /// Indicate that the service intends to receive caller security contexts. 199 #[cfg(not(android_vndk))] set_requesting_sid(&mut self, enable: bool)200 fn set_requesting_sid(&mut self, enable: bool); 201 202 /// Dump this object to the given file handle dump<F: AsRawFd>(&mut self, fp: &F, args: &[&str]) -> Result<()>203 fn dump<F: AsRawFd>(&mut self, fp: &F, args: &[&str]) -> Result<()>; 204 205 /// Get a new interface that exposes additional extension functionality, if 206 /// available. get_extension(&mut self) -> Result<Option<SpIBinder>>207 fn get_extension(&mut self) -> Result<Option<SpIBinder>>; 208 209 /// Create a Parcel that can be used with `submit_transact`. prepare_transact(&self) -> Result<Parcel>210 fn prepare_transact(&self) -> Result<Parcel>; 211 212 /// Perform a generic operation with the object. 213 /// 214 /// The provided [`Parcel`] must have been created by a call to 215 /// `prepare_transact` on the same binder. 216 /// 217 /// # Arguments 218 /// 219 /// * `code` - Transaction code for the operation. 220 /// * `data` - [`Parcel`] with input data. 221 /// * `flags` - Transaction flags, e.g. marking the transaction as 222 /// asynchronous ([`FLAG_ONEWAY`](FLAG_ONEWAY)). submit_transact( &self, code: TransactionCode, data: Parcel, flags: TransactionFlags, ) -> Result<Parcel>223 fn submit_transact( 224 &self, 225 code: TransactionCode, 226 data: Parcel, 227 flags: TransactionFlags, 228 ) -> Result<Parcel>; 229 230 /// Perform a generic operation with the object. This is a convenience 231 /// method that internally calls `prepare_transact` followed by 232 /// `submit_transact. 233 /// 234 /// # Arguments 235 /// * `code` - Transaction code for the operation 236 /// * `flags` - Transaction flags, e.g. marking the transaction as 237 /// asynchronous ([`FLAG_ONEWAY`](FLAG_ONEWAY)) 238 /// * `input_callback` A callback for building the `Parcel`. transact<F: FnOnce(BorrowedParcel<'_>) -> Result<()>>( &self, code: TransactionCode, flags: TransactionFlags, input_callback: F, ) -> Result<Parcel>239 fn transact<F: FnOnce(BorrowedParcel<'_>) -> Result<()>>( 240 &self, 241 code: TransactionCode, 242 flags: TransactionFlags, 243 input_callback: F, 244 ) -> Result<Parcel> { 245 let mut parcel = self.prepare_transact()?; 246 input_callback(parcel.borrowed())?; 247 self.submit_transact(code, parcel, flags) 248 } 249 } 250 251 /// Interface of binder local or remote objects. 252 /// 253 /// This trait corresponds to the parts of the interface of the C++ `IBinder` 254 /// class which are public. 255 pub trait IBinder { 256 /// Register the recipient for a notification if this binder 257 /// goes away. If this binder object unexpectedly goes away 258 /// (typically because its hosting process has been killed), 259 /// then the `DeathRecipient`'s callback will be called. 260 /// 261 /// You will only receive death notifications for remote binders, 262 /// as local binders by definition can't die without you dying as well. 263 /// Trying to use this function on a local binder will result in an 264 /// INVALID_OPERATION code being returned and nothing happening. 265 /// 266 /// This link only holds a weak reference to its recipient. If the 267 /// `DeathRecipient` is dropped then it will be unlinked. 268 /// 269 /// Note that the notifications won't work if you don't first start at least 270 /// one Binder thread by calling 271 /// [`ProcessState::start_thread_pool`](crate::ProcessState::start_thread_pool) 272 /// or 273 /// [`ProcessState::join_thread_pool`](crate::ProcessState::join_thread_pool). link_to_death(&mut self, recipient: &mut DeathRecipient) -> Result<()>274 fn link_to_death(&mut self, recipient: &mut DeathRecipient) -> Result<()>; 275 276 /// Remove a previously registered death notification. 277 /// The recipient will no longer be called if this object 278 /// dies. unlink_to_death(&mut self, recipient: &mut DeathRecipient) -> Result<()>279 fn unlink_to_death(&mut self, recipient: &mut DeathRecipient) -> Result<()>; 280 281 /// Send a ping transaction to this object ping_binder(&mut self) -> Result<()>282 fn ping_binder(&mut self) -> Result<()>; 283 } 284 285 /// Opaque reference to the type of a Binder interface. 286 /// 287 /// This object encapsulates the Binder interface descriptor string, along with 288 /// the binder transaction callback, if the class describes a local service. 289 /// 290 /// A Binder remotable object may only have a single interface class, and any 291 /// given object can only be associated with one class. Two objects with 292 /// different classes are incompatible, even if both classes have the same 293 /// interface descriptor. 294 #[derive(Copy, Clone, PartialEq, Eq)] 295 pub struct InterfaceClass(*const sys::AIBinder_Class); 296 297 impl InterfaceClass { 298 /// Get a Binder NDK `AIBinder_Class` pointer for this object type. 299 /// 300 /// Note: the returned pointer will not be constant. Calling this method 301 /// multiple times for the same type will result in distinct class 302 /// pointers. A static getter for this value is implemented in 303 /// [`crate::declare_binder_interface!`]. new<I: InterfaceClassMethods>() -> InterfaceClass304 pub fn new<I: InterfaceClassMethods>() -> InterfaceClass { 305 let descriptor = CString::new(I::get_descriptor()).unwrap(); 306 // Safety: `AIBinder_Class_define` expects a valid C string, and three 307 // valid callback functions, all non-null pointers. The C string is 308 // copied and need not be valid for longer than the call, so we can drop 309 // it after the call. We can safely assign null to the onDump and 310 // handleShellCommand callbacks as long as the class pointer was 311 // non-null. Rust None for a Option<fn> is guaranteed to be a NULL 312 // pointer. Rust retains ownership of the pointer after it is defined. 313 let ptr = unsafe { 314 let class = sys::AIBinder_Class_define( 315 descriptor.as_ptr(), 316 Some(I::on_create), 317 Some(I::on_destroy), 318 Some(I::on_transact), 319 ); 320 if class.is_null() { 321 panic!("Expected non-null class pointer from AIBinder_Class_define!"); 322 } 323 sys::AIBinder_Class_setOnDump(class, Some(I::on_dump)); 324 sys::AIBinder_Class_setHandleShellCommand(class, None); 325 class 326 }; 327 InterfaceClass(ptr) 328 } 329 330 /// Construct an `InterfaceClass` out of a raw, non-null `AIBinder_Class` 331 /// pointer. 332 /// 333 /// # Safety 334 /// 335 /// This function is safe iff `ptr` is a valid, non-null pointer to an 336 /// `AIBinder_Class`. from_ptr(ptr: *const sys::AIBinder_Class) -> InterfaceClass337 pub(crate) unsafe fn from_ptr(ptr: *const sys::AIBinder_Class) -> InterfaceClass { 338 InterfaceClass(ptr) 339 } 340 341 /// Get the interface descriptor string of this class. get_descriptor(&self) -> String342 pub fn get_descriptor(&self) -> String { 343 // SAFETY: The descriptor returned by AIBinder_Class_getDescriptor is 344 // always a two-byte null terminated sequence of u16s. Thus, we can 345 // continue reading from the pointer until we hit a null value, and this 346 // pointer can be a valid slice if the slice length is <= the number of 347 // u16 elements before the null terminator. 348 unsafe { 349 let raw_descriptor: *const c_char = sys::AIBinder_Class_getDescriptor(self.0); 350 CStr::from_ptr(raw_descriptor) 351 .to_str() 352 .expect("Expected valid UTF-8 string from AIBinder_Class_getDescriptor") 353 .into() 354 } 355 } 356 } 357 358 impl From<InterfaceClass> for *const sys::AIBinder_Class { from(class: InterfaceClass) -> *const sys::AIBinder_Class359 fn from(class: InterfaceClass) -> *const sys::AIBinder_Class { 360 class.0 361 } 362 } 363 364 /// Strong reference to a binder object 365 pub struct Strong<I: FromIBinder + ?Sized>(Box<I>); 366 367 impl<I: FromIBinder + ?Sized> Strong<I> { 368 /// Create a new strong reference to the provided binder object new(binder: Box<I>) -> Self369 pub fn new(binder: Box<I>) -> Self { 370 Self(binder) 371 } 372 373 /// Construct a new weak reference to this binder downgrade(this: &Strong<I>) -> Weak<I>374 pub fn downgrade(this: &Strong<I>) -> Weak<I> { 375 Weak::new(this) 376 } 377 378 /// Convert this synchronous binder handle into an asynchronous one. into_async<P>(self) -> Strong<<I as ToAsyncInterface<P>>::Target> where I: ToAsyncInterface<P>,379 pub fn into_async<P>(self) -> Strong<<I as ToAsyncInterface<P>>::Target> 380 where 381 I: ToAsyncInterface<P>, 382 { 383 // By implementing the ToAsyncInterface trait, it is guaranteed that the binder 384 // object is also valid for the target type. 385 FromIBinder::try_from(self.0.as_binder()).unwrap() 386 } 387 388 /// Convert this asynchronous binder handle into a synchronous one. into_sync(self) -> Strong<<I as ToSyncInterface>::Target> where I: ToSyncInterface,389 pub fn into_sync(self) -> Strong<<I as ToSyncInterface>::Target> 390 where 391 I: ToSyncInterface, 392 { 393 // By implementing the ToSyncInterface trait, it is guaranteed that the binder 394 // object is also valid for the target type. 395 FromIBinder::try_from(self.0.as_binder()).unwrap() 396 } 397 } 398 399 impl<I: FromIBinder + ?Sized> Clone for Strong<I> { clone(&self) -> Self400 fn clone(&self) -> Self { 401 // Since we hold a strong reference, we should always be able to create 402 // a new strong reference to the same interface type, so try_from() 403 // should never fail here. 404 FromIBinder::try_from(self.0.as_binder()).unwrap() 405 } 406 } 407 408 impl<I: FromIBinder + ?Sized> Borrow<I> for Strong<I> { borrow(&self) -> &I409 fn borrow(&self) -> &I { 410 &self.0 411 } 412 } 413 414 impl<I: FromIBinder + ?Sized> AsRef<I> for Strong<I> { as_ref(&self) -> &I415 fn as_ref(&self) -> &I { 416 &self.0 417 } 418 } 419 420 impl<I: FromIBinder + ?Sized> Deref for Strong<I> { 421 type Target = I; 422 deref(&self) -> &Self::Target423 fn deref(&self) -> &Self::Target { 424 &self.0 425 } 426 } 427 428 impl<I: FromIBinder + fmt::Debug + ?Sized> fmt::Debug for Strong<I> { fmt(&self, f: &mut fmt::Formatter) -> fmt::Result429 fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { 430 fmt::Debug::fmt(&**self, f) 431 } 432 } 433 434 impl<I: FromIBinder + ?Sized> Ord for Strong<I> { cmp(&self, other: &Self) -> Ordering435 fn cmp(&self, other: &Self) -> Ordering { 436 self.0.as_binder().cmp(&other.0.as_binder()) 437 } 438 } 439 440 impl<I: FromIBinder + ?Sized> PartialOrd for Strong<I> { partial_cmp(&self, other: &Self) -> Option<Ordering>441 fn partial_cmp(&self, other: &Self) -> Option<Ordering> { 442 Some(self.cmp(other)) 443 } 444 } 445 446 impl<I: FromIBinder + ?Sized> PartialEq for Strong<I> { eq(&self, other: &Self) -> bool447 fn eq(&self, other: &Self) -> bool { 448 self.0.as_binder().eq(&other.0.as_binder()) 449 } 450 } 451 452 impl<I: FromIBinder + ?Sized> Eq for Strong<I> {} 453 454 /// Weak reference to a binder object 455 #[derive(Debug)] 456 pub struct Weak<I: FromIBinder + ?Sized> { 457 weak_binder: WpIBinder, 458 interface_type: PhantomData<I>, 459 } 460 461 impl<I: FromIBinder + ?Sized> Weak<I> { 462 /// Construct a new weak reference from a strong reference new(binder: &Strong<I>) -> Self463 fn new(binder: &Strong<I>) -> Self { 464 let weak_binder = binder.as_binder().downgrade(); 465 Weak { weak_binder, interface_type: PhantomData } 466 } 467 468 /// Upgrade this weak reference to a strong reference if the binder object 469 /// is still alive upgrade(&self) -> Result<Strong<I>>470 pub fn upgrade(&self) -> Result<Strong<I>> { 471 self.weak_binder.promote().ok_or(StatusCode::DEAD_OBJECT).and_then(FromIBinder::try_from) 472 } 473 } 474 475 impl<I: FromIBinder + ?Sized> Clone for Weak<I> { clone(&self) -> Self476 fn clone(&self) -> Self { 477 Self { weak_binder: self.weak_binder.clone(), interface_type: PhantomData } 478 } 479 } 480 481 impl<I: FromIBinder + ?Sized> Ord for Weak<I> { cmp(&self, other: &Self) -> Ordering482 fn cmp(&self, other: &Self) -> Ordering { 483 self.weak_binder.cmp(&other.weak_binder) 484 } 485 } 486 487 impl<I: FromIBinder + ?Sized> PartialOrd for Weak<I> { partial_cmp(&self, other: &Self) -> Option<Ordering>488 fn partial_cmp(&self, other: &Self) -> Option<Ordering> { 489 Some(self.cmp(other)) 490 } 491 } 492 493 impl<I: FromIBinder + ?Sized> PartialEq for Weak<I> { eq(&self, other: &Self) -> bool494 fn eq(&self, other: &Self) -> bool { 495 self.weak_binder == other.weak_binder 496 } 497 } 498 499 impl<I: FromIBinder + ?Sized> Eq for Weak<I> {} 500 501 /// Create a function implementing a static getter for an interface class. 502 /// 503 /// Each binder interface (i.e. local [`Remotable`] service or remote proxy 504 /// [`Interface`]) must have global, static class that uniquely identifies 505 /// it. This macro implements an [`InterfaceClass`] getter to simplify these 506 /// implementations. 507 /// 508 /// The type of a structure that implements [`InterfaceClassMethods`] must be 509 /// passed to this macro. For local services, this should be `Binder<Self>` 510 /// since [`Binder`] implements [`InterfaceClassMethods`]. 511 /// 512 /// # Examples 513 /// 514 /// When implementing a local [`Remotable`] service `ExampleService`, the 515 /// `get_class` method is required in the [`Remotable`] impl block. This macro 516 /// should be used as follows to implement this functionality: 517 /// 518 /// ```rust 519 /// impl Remotable for ExampleService { 520 /// fn get_descriptor() -> &'static str { 521 /// "android.os.IExampleInterface" 522 /// } 523 /// 524 /// fn on_transact( 525 /// &self, 526 /// code: TransactionCode, 527 /// data: &BorrowedParcel, 528 /// reply: &mut BorrowedParcel, 529 /// ) -> Result<()> { 530 /// // ... 531 /// } 532 /// 533 /// binder_fn_get_class!(Binder<Self>); 534 /// } 535 /// ``` 536 macro_rules! binder_fn_get_class { 537 ($class:ty) => { 538 binder_fn_get_class!($crate::binder_impl::InterfaceClass::new::<$class>()); 539 }; 540 541 ($constructor:expr) => { 542 fn get_class() -> $crate::binder_impl::InterfaceClass { 543 static CLASS_INIT: std::sync::Once = std::sync::Once::new(); 544 static mut CLASS: Option<$crate::binder_impl::InterfaceClass> = None; 545 546 // Safety: This assignment is guarded by the `CLASS_INIT` `Once` 547 // variable, and therefore is thread-safe, as it can only occur 548 // once. 549 CLASS_INIT.call_once(|| unsafe { 550 CLASS = Some($constructor); 551 }); 552 // Safety: The `CLASS` variable can only be mutated once, above, and 553 // is subsequently safe to read from any thread. 554 unsafe { CLASS.unwrap() } 555 } 556 }; 557 } 558 559 pub trait InterfaceClassMethods { 560 /// Get the interface descriptor string for this object type. get_descriptor() -> &'static str where Self: Sized561 fn get_descriptor() -> &'static str 562 where 563 Self: Sized; 564 565 /// Called during construction of a new `AIBinder` object of this interface 566 /// class. 567 /// 568 /// The opaque pointer parameter will be the parameter provided to 569 /// `AIBinder_new`. Returns an opaque userdata to be associated with the new 570 /// `AIBinder` object. 571 /// 572 /// # Safety 573 /// 574 /// Callback called from C++. The parameter argument provided to 575 /// `AIBinder_new` must match the type expected here. The `AIBinder` object 576 /// will take ownership of the returned pointer, which it will free via 577 /// `on_destroy`. on_create(args: *mut c_void) -> *mut c_void578 unsafe extern "C" fn on_create(args: *mut c_void) -> *mut c_void; 579 580 /// Called when a transaction needs to be processed by the local service 581 /// implementation. 582 /// 583 /// # Safety 584 /// 585 /// Callback called from C++. The `binder` parameter must be a valid pointer 586 /// to a binder object of this class with userdata initialized via this 587 /// class's `on_create`. The parcel parameters must be valid pointers to 588 /// parcel objects. on_transact( binder: *mut sys::AIBinder, code: u32, data: *const sys::AParcel, reply: *mut sys::AParcel, ) -> status_t589 unsafe extern "C" fn on_transact( 590 binder: *mut sys::AIBinder, 591 code: u32, 592 data: *const sys::AParcel, 593 reply: *mut sys::AParcel, 594 ) -> status_t; 595 596 /// Called whenever an `AIBinder` object is no longer referenced and needs 597 /// to be destroyed. 598 /// 599 /// # Safety 600 /// 601 /// Callback called from C++. The opaque pointer parameter must be the value 602 /// returned by `on_create` for this class. This function takes ownership of 603 /// the provided pointer and destroys it. on_destroy(object: *mut c_void)604 unsafe extern "C" fn on_destroy(object: *mut c_void); 605 606 /// Called to handle the `dump` transaction. 607 /// 608 /// # Safety 609 /// 610 /// Must be called with a non-null, valid pointer to a local `AIBinder` that 611 /// contains a `T` pointer in its user data. fd should be a non-owned file 612 /// descriptor, and args must be an array of null-terminated string 613 /// poiinters with length num_args. on_dump( binder: *mut sys::AIBinder, fd: i32, args: *mut *const c_char, num_args: u32, ) -> status_t614 unsafe extern "C" fn on_dump( 615 binder: *mut sys::AIBinder, 616 fd: i32, 617 args: *mut *const c_char, 618 num_args: u32, 619 ) -> status_t; 620 } 621 622 /// Interface for transforming a generic SpIBinder into a specific remote 623 /// interface trait. 624 /// 625 /// # Example 626 /// 627 /// For Binder interface `IFoo`, the following implementation should be made: 628 /// ```no_run 629 /// # use binder::{FromIBinder, SpIBinder, Result}; 630 /// # trait IFoo {} 631 /// impl FromIBinder for dyn IFoo { 632 /// fn try_from(ibinder: SpIBinder) -> Result<Box<Self>> { 633 /// // ... 634 /// # Err(binder::StatusCode::OK) 635 /// } 636 /// } 637 /// ``` 638 pub trait FromIBinder: Interface { 639 /// Try to interpret a generic Binder object as this interface. 640 /// 641 /// Returns a trait object for the `Self` interface if this object 642 /// implements that interface. try_from(ibinder: SpIBinder) -> Result<Strong<Self>>643 fn try_from(ibinder: SpIBinder) -> Result<Strong<Self>>; 644 } 645 646 /// Trait for transparent Rust wrappers around android C++ native types. 647 /// 648 /// The pointer return by this trait's methods should be immediately passed to 649 /// C++ and not stored by Rust. The pointer is valid only as long as the 650 /// underlying C++ object is alive, so users must be careful to take this into 651 /// account, as Rust cannot enforce this. 652 /// 653 /// # Safety 654 /// 655 /// For this trait to be a correct implementation, `T` must be a valid android 656 /// C++ type. Since we cannot constrain this via the type system, this trait is 657 /// marked as unsafe. 658 pub unsafe trait AsNative<T> { 659 /// Return a pointer to the native version of `self` as_native(&self) -> *const T660 fn as_native(&self) -> *const T; 661 662 /// Return a mutable pointer to the native version of `self` as_native_mut(&mut self) -> *mut T663 fn as_native_mut(&mut self) -> *mut T; 664 } 665 666 // Safety: If V is a valid Android C++ type then we can either use that or a 667 // null pointer. 668 unsafe impl<T, V: AsNative<T>> AsNative<T> for Option<V> { as_native(&self) -> *const T669 fn as_native(&self) -> *const T { 670 self.as_ref().map_or(ptr::null(), |v| v.as_native()) 671 } 672 as_native_mut(&mut self) -> *mut T673 fn as_native_mut(&mut self) -> *mut T { 674 self.as_mut().map_or(ptr::null_mut(), |v| v.as_native_mut()) 675 } 676 } 677 678 /// The features to enable when creating a native Binder. 679 /// 680 /// This should always be initialised with a default value, e.g.: 681 /// ``` 682 /// # use binder::BinderFeatures; 683 /// BinderFeatures { 684 /// set_requesting_sid: true, 685 /// ..BinderFeatures::default(), 686 /// } 687 /// ``` 688 #[derive(Clone, Debug, Default, Eq, PartialEq)] 689 pub struct BinderFeatures { 690 /// Indicates that the service intends to receive caller security contexts. This must be true 691 /// for `ThreadState::with_calling_sid` to work. 692 #[cfg(not(android_vndk))] 693 pub set_requesting_sid: bool, 694 // Ensure that clients include a ..BinderFeatures::default() to preserve backwards compatibility 695 // when new fields are added. #[non_exhaustive] doesn't work because it prevents struct 696 // expressions entirely. 697 #[doc(hidden)] 698 pub _non_exhaustive: (), 699 } 700 701 /// Declare typed interfaces for a binder object. 702 /// 703 /// Given an interface trait and descriptor string, create a native and remote 704 /// proxy wrapper for this interface. The native service object (`$native`) 705 /// implements `Remotable` and will dispatch to the function `$on_transact` to 706 /// handle transactions. The typed proxy object (`$proxy`) wraps remote binder 707 /// objects for this interface and can optionally contain additional fields. 708 /// 709 /// Assuming the interface trait is `Interface`, `$on_transact` function must 710 /// have the following type: 711 /// 712 /// ``` 713 /// # use binder::{Interface, TransactionCode, BorrowedParcel}; 714 /// # trait Placeholder { 715 /// fn on_transact( 716 /// service: &dyn Interface, 717 /// code: TransactionCode, 718 /// data: &BorrowedParcel, 719 /// reply: &mut BorrowedParcel, 720 /// ) -> binder::Result<()>; 721 /// # } 722 /// ``` 723 /// 724 /// # Examples 725 /// 726 /// The following example declares the local service type `BnServiceManager` and 727 /// a remote proxy type `BpServiceManager` (the `n` and `p` stand for native and 728 /// proxy respectively) for the `IServiceManager` Binder interface. The 729 /// interfaces will be identified by the descriptor string 730 /// "android.os.IServiceManager". The local service will dispatch transactions 731 /// using the provided function, `on_transact`. 732 /// 733 /// ``` 734 /// use binder::{declare_binder_interface, Binder, Interface, TransactionCode, BorrowedParcel}; 735 /// 736 /// pub trait IServiceManager: Interface { 737 /// // remote methods... 738 /// } 739 /// 740 /// declare_binder_interface! { 741 /// IServiceManager["android.os.IServiceManager"] { 742 /// native: BnServiceManager(on_transact), 743 /// proxy: BpServiceManager, 744 /// } 745 /// } 746 /// 747 /// fn on_transact( 748 /// service: &dyn IServiceManager, 749 /// code: TransactionCode, 750 /// data: &BorrowedParcel, 751 /// reply: &mut BorrowedParcel, 752 /// ) -> binder::Result<()> { 753 /// // ... 754 /// Ok(()) 755 /// } 756 /// 757 /// impl IServiceManager for BpServiceManager { 758 /// // parceling/unparceling code for the IServiceManager emitted here 759 /// } 760 /// 761 /// impl IServiceManager for Binder<BnServiceManager> { 762 /// // Forward calls to local implementation 763 /// } 764 /// ``` 765 #[macro_export] 766 macro_rules! declare_binder_interface { 767 { 768 $interface:path[$descriptor:expr] { 769 native: $native:ident($on_transact:path), 770 proxy: $proxy:ident, 771 $(async: $async_interface:ident,)? 772 } 773 } => { 774 $crate::declare_binder_interface! { 775 $interface[$descriptor] { 776 native: $native($on_transact), 777 proxy: $proxy {}, 778 $(async: $async_interface,)? 779 stability: $crate::binder_impl::Stability::default(), 780 } 781 } 782 }; 783 784 { 785 $interface:path[$descriptor:expr] { 786 native: $native:ident($on_transact:path), 787 proxy: $proxy:ident, 788 $(async: $async_interface:ident,)? 789 stability: $stability:expr, 790 } 791 } => { 792 $crate::declare_binder_interface! { 793 $interface[$descriptor] { 794 native: $native($on_transact), 795 proxy: $proxy {}, 796 $(async: $async_interface,)? 797 stability: $stability, 798 } 799 } 800 }; 801 802 { 803 $interface:path[$descriptor:expr] { 804 native: $native:ident($on_transact:path), 805 proxy: $proxy:ident { 806 $($fname:ident: $fty:ty = $finit:expr),* 807 }, 808 $(async: $async_interface:ident,)? 809 } 810 } => { 811 $crate::declare_binder_interface! { 812 $interface[$descriptor] { 813 native: $native($on_transact), 814 proxy: $proxy { 815 $($fname: $fty = $finit),* 816 }, 817 $(async: $async_interface,)? 818 stability: $crate::binder_impl::Stability::default(), 819 } 820 } 821 }; 822 823 { 824 $interface:path[$descriptor:expr] { 825 native: $native:ident($on_transact:path), 826 proxy: $proxy:ident { 827 $($fname:ident: $fty:ty = $finit:expr),* 828 }, 829 $(async: $async_interface:ident,)? 830 stability: $stability:expr, 831 } 832 } => { 833 $crate::declare_binder_interface! { 834 $interface[$descriptor] { 835 @doc[concat!("A binder [`Remotable`]($crate::binder_impl::Remotable) that holds an [`", stringify!($interface), "`] object.")] 836 native: $native($on_transact), 837 @doc[concat!("A binder [`Proxy`]($crate::binder_impl::Proxy) that holds an [`", stringify!($interface), "`] remote interface.")] 838 proxy: $proxy { 839 $($fname: $fty = $finit),* 840 }, 841 $(async: $async_interface,)? 842 stability: $stability, 843 } 844 } 845 }; 846 847 { 848 $interface:path[$descriptor:expr] { 849 @doc[$native_doc:expr] 850 native: $native:ident($on_transact:path), 851 852 @doc[$proxy_doc:expr] 853 proxy: $proxy:ident { 854 $($fname:ident: $fty:ty = $finit:expr),* 855 }, 856 857 $( async: $async_interface:ident, )? 858 859 stability: $stability:expr, 860 } 861 } => { 862 #[doc = $proxy_doc] 863 pub struct $proxy { 864 binder: $crate::SpIBinder, 865 $($fname: $fty,)* 866 } 867 868 impl $crate::Interface for $proxy { 869 fn as_binder(&self) -> $crate::SpIBinder { 870 self.binder.clone() 871 } 872 } 873 874 impl $crate::binder_impl::Proxy for $proxy 875 where 876 $proxy: $interface, 877 { 878 fn get_descriptor() -> &'static str { 879 $descriptor 880 } 881 882 fn from_binder(mut binder: $crate::SpIBinder) -> std::result::Result<Self, $crate::StatusCode> { 883 Ok(Self { binder, $($fname: $finit),* }) 884 } 885 } 886 887 #[doc = $native_doc] 888 #[repr(transparent)] 889 pub struct $native(Box<dyn $interface + Sync + Send + 'static>); 890 891 impl $native { 892 /// Create a new binder service. 893 pub fn new_binder<T: $interface + Sync + Send + 'static>(inner: T, features: $crate::BinderFeatures) -> $crate::Strong<dyn $interface> { 894 let mut binder = $crate::binder_impl::Binder::new_with_stability($native(Box::new(inner)), $stability); 895 #[cfg(not(android_vndk))] 896 $crate::binder_impl::IBinderInternal::set_requesting_sid(&mut binder, features.set_requesting_sid); 897 $crate::Strong::new(Box::new(binder)) 898 } 899 900 /// Tries to downcast the interface to another type. 901 /// When receiving this object from a binder call, make sure that the object received is 902 /// a binder native object and that is of the right type for the Downcast: 903 /// 904 /// let binder = received_object.as_binder(); 905 /// if !binder.is_remote() { 906 /// let binder_native: Binder<BnFoo> = binder.try_into()?; 907 /// let original_object = binder_native.downcast_binder::<MyFoo>(); 908 /// // Check that returned type is not None before using it 909 /// } 910 /// 911 /// Handle the error cases instead of just calling `unwrap` or `expect` to prevent a 912 /// malicious caller to mount a Denial of Service attack. 913 pub fn downcast_binder<T: $interface>(&self) -> Option<&T> { 914 self.0.as_any().downcast_ref::<T>() 915 } 916 } 917 918 impl $crate::binder_impl::Remotable for $native { 919 fn get_descriptor() -> &'static str { 920 $descriptor 921 } 922 923 fn on_transact(&self, code: $crate::binder_impl::TransactionCode, data: &$crate::binder_impl::BorrowedParcel<'_>, reply: &mut $crate::binder_impl::BorrowedParcel<'_>) -> std::result::Result<(), $crate::StatusCode> { 924 match $on_transact(&*self.0, code, data, reply) { 925 // The C++ backend converts UNEXPECTED_NULL into an exception 926 Err($crate::StatusCode::UNEXPECTED_NULL) => { 927 let status = $crate::Status::new_exception( 928 $crate::ExceptionCode::NULL_POINTER, 929 None, 930 ); 931 reply.write(&status) 932 }, 933 result => result 934 } 935 } 936 937 fn on_dump(&self, writer: &mut dyn std::io::Write, args: &[&std::ffi::CStr]) -> std::result::Result<(), $crate::StatusCode> { 938 self.0.dump(writer, args) 939 } 940 941 fn get_class() -> $crate::binder_impl::InterfaceClass { 942 static CLASS_INIT: std::sync::Once = std::sync::Once::new(); 943 static mut CLASS: Option<$crate::binder_impl::InterfaceClass> = None; 944 945 // Safety: This assignment is guarded by the `CLASS_INIT` `Once` 946 // variable, and therefore is thread-safe, as it can only occur 947 // once. 948 CLASS_INIT.call_once(|| unsafe { 949 CLASS = Some($crate::binder_impl::InterfaceClass::new::<$crate::binder_impl::Binder<$native>>()); 950 }); 951 // Safety: The `CLASS` variable can only be mutated once, above, 952 // and is subsequently safe to read from any thread. 953 unsafe { 954 CLASS.unwrap() 955 } 956 } 957 } 958 959 impl $crate::FromIBinder for dyn $interface { 960 fn try_from(mut ibinder: $crate::SpIBinder) -> std::result::Result<$crate::Strong<dyn $interface>, $crate::StatusCode> { 961 use $crate::binder_impl::AssociateClass; 962 963 let existing_class = ibinder.get_class(); 964 if let Some(class) = existing_class { 965 if class != <$native as $crate::binder_impl::Remotable>::get_class() && 966 class.get_descriptor() == <$native as $crate::binder_impl::Remotable>::get_descriptor() 967 { 968 // The binder object's descriptor string matches what we 969 // expect. We still need to treat this local or already 970 // associated object as remote, because we can't cast it 971 // into a Rust service object without a matching class 972 // pointer. 973 return Ok($crate::Strong::new(Box::new(<$proxy as $crate::binder_impl::Proxy>::from_binder(ibinder)?))); 974 } 975 } 976 977 if ibinder.associate_class(<$native as $crate::binder_impl::Remotable>::get_class()) { 978 let service: std::result::Result<$crate::binder_impl::Binder<$native>, $crate::StatusCode> = 979 std::convert::TryFrom::try_from(ibinder.clone()); 980 if let Ok(service) = service { 981 // We were able to associate with our expected class and 982 // the service is local. 983 return Ok($crate::Strong::new(Box::new(service))); 984 } else { 985 // Service is remote 986 return Ok($crate::Strong::new(Box::new(<$proxy as $crate::binder_impl::Proxy>::from_binder(ibinder)?))); 987 } 988 } 989 990 Err($crate::StatusCode::BAD_TYPE.into()) 991 } 992 } 993 994 impl $crate::binder_impl::Serialize for dyn $interface + '_ 995 where 996 dyn $interface: $crate::Interface 997 { 998 fn serialize(&self, parcel: &mut $crate::binder_impl::BorrowedParcel<'_>) -> std::result::Result<(), $crate::StatusCode> { 999 let binder = $crate::Interface::as_binder(self); 1000 parcel.write(&binder) 1001 } 1002 } 1003 1004 impl $crate::binder_impl::SerializeOption for dyn $interface + '_ { 1005 fn serialize_option(this: Option<&Self>, parcel: &mut $crate::binder_impl::BorrowedParcel<'_>) -> std::result::Result<(), $crate::StatusCode> { 1006 parcel.write(&this.map($crate::Interface::as_binder)) 1007 } 1008 } 1009 1010 impl std::fmt::Debug for dyn $interface + '_ { 1011 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { 1012 f.pad(stringify!($interface)) 1013 } 1014 } 1015 1016 /// Convert a &dyn $interface to Strong<dyn $interface> 1017 impl std::borrow::ToOwned for dyn $interface { 1018 type Owned = $crate::Strong<dyn $interface>; 1019 fn to_owned(&self) -> Self::Owned { 1020 self.as_binder().into_interface() 1021 .expect(concat!("Error cloning interface ", stringify!($interface))) 1022 } 1023 } 1024 1025 $( 1026 // Async interface trait implementations. 1027 impl<P: $crate::BinderAsyncPool + 'static> $crate::FromIBinder for dyn $async_interface<P> { 1028 fn try_from(mut ibinder: $crate::SpIBinder) -> std::result::Result<$crate::Strong<dyn $async_interface<P>>, $crate::StatusCode> { 1029 use $crate::binder_impl::AssociateClass; 1030 1031 let existing_class = ibinder.get_class(); 1032 if let Some(class) = existing_class { 1033 if class != <$native as $crate::binder_impl::Remotable>::get_class() && 1034 class.get_descriptor() == <$native as $crate::binder_impl::Remotable>::get_descriptor() 1035 { 1036 // The binder object's descriptor string matches what we 1037 // expect. We still need to treat this local or already 1038 // associated object as remote, because we can't cast it 1039 // into a Rust service object without a matching class 1040 // pointer. 1041 return Ok($crate::Strong::new(Box::new(<$proxy as $crate::binder_impl::Proxy>::from_binder(ibinder)?))); 1042 } 1043 } 1044 1045 if ibinder.associate_class(<$native as $crate::binder_impl::Remotable>::get_class()) { 1046 return Ok($crate::Strong::new(Box::new(<$proxy as $crate::binder_impl::Proxy>::from_binder(ibinder)?))); 1047 } 1048 1049 Err($crate::StatusCode::BAD_TYPE.into()) 1050 } 1051 } 1052 1053 impl<P: $crate::BinderAsyncPool + 'static> $crate::binder_impl::Serialize for dyn $async_interface<P> + '_ { 1054 fn serialize(&self, parcel: &mut $crate::binder_impl::BorrowedParcel<'_>) -> std::result::Result<(), $crate::StatusCode> { 1055 let binder = $crate::Interface::as_binder(self); 1056 parcel.write(&binder) 1057 } 1058 } 1059 1060 impl<P: $crate::BinderAsyncPool + 'static> $crate::binder_impl::SerializeOption for dyn $async_interface<P> + '_ { 1061 fn serialize_option(this: Option<&Self>, parcel: &mut $crate::binder_impl::BorrowedParcel<'_>) -> std::result::Result<(), $crate::StatusCode> { 1062 parcel.write(&this.map($crate::Interface::as_binder)) 1063 } 1064 } 1065 1066 impl<P: $crate::BinderAsyncPool + 'static> std::fmt::Debug for dyn $async_interface<P> + '_ { 1067 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { 1068 f.pad(stringify!($async_interface)) 1069 } 1070 } 1071 1072 /// Convert a &dyn $async_interface to Strong<dyn $async_interface> 1073 impl<P: $crate::BinderAsyncPool + 'static> std::borrow::ToOwned for dyn $async_interface<P> { 1074 type Owned = $crate::Strong<dyn $async_interface<P>>; 1075 fn to_owned(&self) -> Self::Owned { 1076 self.as_binder().into_interface() 1077 .expect(concat!("Error cloning interface ", stringify!($async_interface))) 1078 } 1079 } 1080 1081 impl<P: $crate::BinderAsyncPool + 'static> $crate::binder_impl::ToAsyncInterface<P> for dyn $interface { 1082 type Target = dyn $async_interface<P>; 1083 } 1084 1085 impl<P: $crate::BinderAsyncPool + 'static> $crate::binder_impl::ToSyncInterface for dyn $async_interface<P> { 1086 type Target = dyn $interface; 1087 } 1088 )? 1089 }; 1090 } 1091 1092 /// Declare an AIDL enumeration. 1093 /// 1094 /// This is mainly used internally by the AIDL compiler. 1095 #[macro_export] 1096 macro_rules! declare_binder_enum { 1097 { 1098 $( #[$attr:meta] )* 1099 $enum:ident : [$backing:ty; $size:expr] { 1100 $( $( #[$value_attr:meta] )* $name:ident = $value:expr, )* 1101 } 1102 } => { 1103 $( #[$attr] )* 1104 #[derive(Default, Copy, Clone, PartialOrd, Ord, PartialEq, Eq, Hash)] 1105 #[allow(missing_docs)] 1106 pub struct $enum(pub $backing); 1107 impl $enum { 1108 $( $( #[$value_attr] )* #[allow(missing_docs)] pub const $name: Self = Self($value); )* 1109 1110 #[inline(always)] 1111 #[allow(missing_docs)] 1112 pub const fn enum_values() -> [Self; $size] { 1113 [$(Self::$name),*] 1114 } 1115 } 1116 1117 impl std::fmt::Debug for $enum { 1118 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { 1119 match self.0 { 1120 $($value => f.write_str(stringify!($name)),)* 1121 _ => f.write_fmt(format_args!("{}", self.0)) 1122 } 1123 } 1124 } 1125 1126 impl $crate::binder_impl::Serialize for $enum { 1127 fn serialize(&self, parcel: &mut $crate::binder_impl::BorrowedParcel<'_>) -> std::result::Result<(), $crate::StatusCode> { 1128 parcel.write(&self.0) 1129 } 1130 } 1131 1132 impl $crate::binder_impl::SerializeArray for $enum { 1133 fn serialize_array(slice: &[Self], parcel: &mut $crate::binder_impl::BorrowedParcel<'_>) -> std::result::Result<(), $crate::StatusCode> { 1134 let v: Vec<$backing> = slice.iter().map(|x| x.0).collect(); 1135 <$backing as $crate::binder_impl::SerializeArray>::serialize_array(&v[..], parcel) 1136 } 1137 } 1138 1139 impl $crate::binder_impl::Deserialize for $enum { 1140 type UninitType = Self; 1141 fn uninit() -> Self::UninitType { Self::UninitType::default() } 1142 fn from_init(value: Self) -> Self::UninitType { value } 1143 1144 fn deserialize(parcel: &$crate::binder_impl::BorrowedParcel<'_>) -> std::result::Result<Self, $crate::StatusCode> { 1145 parcel.read().map(Self) 1146 } 1147 } 1148 1149 impl $crate::binder_impl::DeserializeArray for $enum { 1150 fn deserialize_array(parcel: &$crate::binder_impl::BorrowedParcel<'_>) -> std::result::Result<Option<Vec<Self>>, $crate::StatusCode> { 1151 let v: Option<Vec<$backing>> = 1152 <$backing as $crate::binder_impl::DeserializeArray>::deserialize_array(parcel)?; 1153 Ok(v.map(|v| v.into_iter().map(Self).collect())) 1154 } 1155 } 1156 }; 1157 } 1158