1 /* 2 * Copyright (C) 2008 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include <stdlib.h> 20 #include <stdint.h> 21 22 #include <binder/Common.h> 23 #include <binder/IMemory.h> 24 25 26 namespace android { 27 28 // --------------------------------------------------------------------------- 29 30 class MemoryHeapBase : public BnMemoryHeap { 31 public: 32 static constexpr auto MEMFD_ALLOW_SEALING_FLAG = 0x00000800; 33 enum { 34 READ_ONLY = IMemoryHeap::READ_ONLY, 35 // memory won't be mapped locally, but will be mapped in the remote 36 // process. 37 DONT_MAP_LOCALLY = 0x00000100, 38 NO_CACHING = 0x00000200, 39 // Bypass ashmem-libcutils to create a memfd shared region. 40 // Ashmem-libcutils will eventually migrate to memfd. 41 // Memfd has security benefits and supports file sealing. 42 // Calling process will need to modify selinux permissions to 43 // open access to tmpfs files. See audioserver for examples. 44 // This is only valid for size constructor. 45 // For host compilation targets, memfd is stubbed in favor of /tmp 46 // files so sealing is not enforced. 47 FORCE_MEMFD = 0x00000400, 48 // Default opt-out of sealing behavior in memfd to avoid potential DOS. 49 // Clients of shared files can seal at anytime via syscall, leading to 50 // TOC/TOU issues if additional seals prevent access from the creating 51 // process. Alternatively, seccomp fcntl(). 52 MEMFD_ALLOW_SEALING = FORCE_MEMFD | MEMFD_ALLOW_SEALING_FLAG 53 }; 54 55 /* 56 * maps the memory referenced by fd. but DOESN'T take ownership 57 * of the filedescriptor (it makes a copy with dup() 58 */ 59 LIBBINDER_EXPORTED MemoryHeapBase(int fd, size_t size, uint32_t flags = 0, off_t offset = 0); 60 61 /* 62 * maps memory from the given device 63 */ 64 LIBBINDER_EXPORTED explicit MemoryHeapBase(const char* device, size_t size = 0, 65 uint32_t flags = 0); 66 67 /* 68 * maps memory from ashmem, with the given name for debugging 69 * if the READ_ONLY flag is set, the memory will be writeable by the calling process, 70 * but not by others. this is NOT the case with the other ctors. 71 */ 72 LIBBINDER_EXPORTED explicit MemoryHeapBase(size_t size, uint32_t flags = 0, 73 char const* name = nullptr); 74 75 LIBBINDER_EXPORTED virtual ~MemoryHeapBase(); 76 77 /* implement IMemoryHeap interface */ 78 LIBBINDER_EXPORTED int getHeapID() const override; 79 80 /* virtual address of the heap. returns MAP_FAILED in case of error */ 81 LIBBINDER_EXPORTED void* getBase() const override; 82 83 LIBBINDER_EXPORTED size_t getSize() const override; 84 LIBBINDER_EXPORTED uint32_t getFlags() const override; 85 LIBBINDER_EXPORTED off_t getOffset() const override; 86 87 LIBBINDER_EXPORTED const char* getDevice() const; 88 89 /* this closes this heap -- use carefully */ 90 LIBBINDER_EXPORTED void dispose(); 91 92 protected: 93 LIBBINDER_EXPORTED MemoryHeapBase(); 94 // init() takes ownership of fd 95 LIBBINDER_EXPORTED status_t init(int fd, void* base, size_t size, int flags = 0, 96 const char* device = nullptr); 97 98 private: 99 status_t mapfd(int fd, bool writeableByCaller, size_t size, off_t offset = 0); 100 101 int mFD; 102 size_t mSize; 103 void* mBase; 104 uint32_t mFlags; 105 const char* mDevice; 106 bool mNeedUnmap; 107 off_t mOffset; 108 }; 109 110 // --------------------------------------------------------------------------- 111 } // namespace android 112