IPCThreadState.cpp revision 4bcb57502c5a7da53ef84228aceeffb54d36e06b
1/* 2 * Copyright (C) 2005 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#define LOG_TAG "IPCThreadState" 18 19#include <binder/IPCThreadState.h> 20 21#include <binder/Binder.h> 22#include <binder/BpBinder.h> 23#include <utils/Debug.h> 24#include <utils/Log.h> 25#include <utils/TextOutput.h> 26#include <utils/threads.h> 27 28#include <private/binder/binder_module.h> 29#include <private/binder/Static.h> 30 31#include <sys/ioctl.h> 32#include <signal.h> 33#include <errno.h> 34#include <stdio.h> 35#include <unistd.h> 36 37#ifdef HAVE_PTHREADS 38#include <pthread.h> 39#include <sched.h> 40#include <sys/resource.h> 41#endif 42#ifdef HAVE_WIN32_THREADS 43#include <windows.h> 44#endif 45 46 47#if LOG_NDEBUG 48 49#define IF_LOG_TRANSACTIONS() if (false) 50#define IF_LOG_COMMANDS() if (false) 51#define LOG_REMOTEREFS(...) 52#define IF_LOG_REMOTEREFS() if (false) 53#define LOG_THREADPOOL(...) 54#define LOG_ONEWAY(...) 55 56#else 57 58#define IF_LOG_TRANSACTIONS() IF_ALOG(LOG_VERBOSE, "transact") 59#define IF_LOG_COMMANDS() IF_ALOG(LOG_VERBOSE, "ipc") 60#define LOG_REMOTEREFS(...) ALOG(LOG_DEBUG, "remoterefs", __VA_ARGS__) 61#define IF_LOG_REMOTEREFS() IF_ALOG(LOG_DEBUG, "remoterefs") 62#define LOG_THREADPOOL(...) ALOG(LOG_DEBUG, "threadpool", __VA_ARGS__) 63#define LOG_ONEWAY(...) ALOG(LOG_DEBUG, "ipc", __VA_ARGS__) 64 65#endif 66 67// --------------------------------------------------------------------------- 68 69namespace android { 70 71static const char* getReturnString(size_t idx); 72static const char* getCommandString(size_t idx); 73static const void* printReturnCommand(TextOutput& out, const void* _cmd); 74static const void* printCommand(TextOutput& out, const void* _cmd); 75 76// This will result in a missing symbol failure if the IF_LOG_COMMANDS() 77// conditionals don't get stripped... but that is probably what we want. 78#if !LOG_NDEBUG 79static const char *kReturnStrings[] = { 80 "BR_ERROR", 81 "BR_OK", 82 "BR_TRANSACTION", 83 "BR_REPLY", 84 "BR_ACQUIRE_RESULT", 85 "BR_DEAD_REPLY", 86 "BR_TRANSACTION_COMPLETE", 87 "BR_INCREFS", 88 "BR_ACQUIRE", 89 "BR_RELEASE", 90 "BR_DECREFS", 91 "BR_ATTEMPT_ACQUIRE", 92 "BR_NOOP", 93 "BR_SPAWN_LOOPER", 94 "BR_FINISHED", 95 "BR_DEAD_BINDER", 96 "BR_CLEAR_DEATH_NOTIFICATION_DONE", 97 "BR_FAILED_REPLY" 98}; 99 100static const char *kCommandStrings[] = { 101 "BC_TRANSACTION", 102 "BC_REPLY", 103 "BC_ACQUIRE_RESULT", 104 "BC_FREE_BUFFER", 105 "BC_INCREFS", 106 "BC_ACQUIRE", 107 "BC_RELEASE", 108 "BC_DECREFS", 109 "BC_INCREFS_DONE", 110 "BC_ACQUIRE_DONE", 111 "BC_ATTEMPT_ACQUIRE", 112 "BC_REGISTER_LOOPER", 113 "BC_ENTER_LOOPER", 114 "BC_EXIT_LOOPER", 115 "BC_REQUEST_DEATH_NOTIFICATION", 116 "BC_CLEAR_DEATH_NOTIFICATION", 117 "BC_DEAD_BINDER_DONE" 118}; 119 120static const char* getReturnString(size_t idx) 121{ 122 if (idx < sizeof(kReturnStrings) / sizeof(kReturnStrings[0])) 123 return kReturnStrings[idx]; 124 else 125 return "unknown"; 126} 127 128static const char* getCommandString(size_t idx) 129{ 130 if (idx < sizeof(kCommandStrings) / sizeof(kCommandStrings[0])) 131 return kCommandStrings[idx]; 132 else 133 return "unknown"; 134} 135 136static const void* printBinderTransactionData(TextOutput& out, const void* data) 137{ 138 const binder_transaction_data* btd = 139 (const binder_transaction_data*)data; 140 if (btd->target.handle < 1024) { 141 /* want to print descriptors in decimal; guess based on value */ 142 out << "target.desc=" << btd->target.handle; 143 } else { 144 out << "target.ptr=" << btd->target.ptr; 145 } 146 out << " (cookie " << btd->cookie << ")" << endl 147 << "code=" << TypeCode(btd->code) << ", flags=" << (void*)btd->flags << endl 148 << "data=" << btd->data.ptr.buffer << " (" << (void*)btd->data_size 149 << " bytes)" << endl 150 << "offsets=" << btd->data.ptr.offsets << " (" << (void*)btd->offsets_size 151 << " bytes)"; 152 return btd+1; 153} 154 155static const void* printReturnCommand(TextOutput& out, const void* _cmd) 156{ 157 static const size_t N = sizeof(kReturnStrings)/sizeof(kReturnStrings[0]); 158 const int32_t* cmd = (const int32_t*)_cmd; 159 int32_t code = *cmd++; 160 size_t cmdIndex = code & 0xff; 161 if (code == (int32_t) BR_ERROR) { 162 out << "BR_ERROR: " << (void*)(*cmd++) << endl; 163 return cmd; 164 } else if (cmdIndex >= N) { 165 out << "Unknown reply: " << code << endl; 166 return cmd; 167 } 168 out << kReturnStrings[cmdIndex]; 169 170 switch (code) { 171 case BR_TRANSACTION: 172 case BR_REPLY: { 173 out << ": " << indent; 174 cmd = (const int32_t *)printBinderTransactionData(out, cmd); 175 out << dedent; 176 } break; 177 178 case BR_ACQUIRE_RESULT: { 179 const int32_t res = *cmd++; 180 out << ": " << res << (res ? " (SUCCESS)" : " (FAILURE)"); 181 } break; 182 183 case BR_INCREFS: 184 case BR_ACQUIRE: 185 case BR_RELEASE: 186 case BR_DECREFS: { 187 const int32_t b = *cmd++; 188 const int32_t c = *cmd++; 189 out << ": target=" << (void*)b << " (cookie " << (void*)c << ")"; 190 } break; 191 192 case BR_ATTEMPT_ACQUIRE: { 193 const int32_t p = *cmd++; 194 const int32_t b = *cmd++; 195 const int32_t c = *cmd++; 196 out << ": target=" << (void*)b << " (cookie " << (void*)c 197 << "), pri=" << p; 198 } break; 199 200 case BR_DEAD_BINDER: 201 case BR_CLEAR_DEATH_NOTIFICATION_DONE: { 202 const int32_t c = *cmd++; 203 out << ": death cookie " << (void*)c; 204 } break; 205 206 default: 207 // no details to show for: BR_OK, BR_DEAD_REPLY, 208 // BR_TRANSACTION_COMPLETE, BR_FINISHED 209 break; 210 } 211 212 out << endl; 213 return cmd; 214} 215 216static const void* printCommand(TextOutput& out, const void* _cmd) 217{ 218 static const size_t N = sizeof(kCommandStrings)/sizeof(kCommandStrings[0]); 219 const int32_t* cmd = (const int32_t*)_cmd; 220 int32_t code = *cmd++; 221 size_t cmdIndex = code & 0xff; 222 223 if (cmdIndex >= N) { 224 out << "Unknown command: " << code << endl; 225 return cmd; 226 } 227 out << kCommandStrings[cmdIndex]; 228 229 switch (code) { 230 case BC_TRANSACTION: 231 case BC_REPLY: { 232 out << ": " << indent; 233 cmd = (const int32_t *)printBinderTransactionData(out, cmd); 234 out << dedent; 235 } break; 236 237 case BC_ACQUIRE_RESULT: { 238 const int32_t res = *cmd++; 239 out << ": " << res << (res ? " (SUCCESS)" : " (FAILURE)"); 240 } break; 241 242 case BC_FREE_BUFFER: { 243 const int32_t buf = *cmd++; 244 out << ": buffer=" << (void*)buf; 245 } break; 246 247 case BC_INCREFS: 248 case BC_ACQUIRE: 249 case BC_RELEASE: 250 case BC_DECREFS: { 251 const int32_t d = *cmd++; 252 out << ": desc=" << d; 253 } break; 254 255 case BC_INCREFS_DONE: 256 case BC_ACQUIRE_DONE: { 257 const int32_t b = *cmd++; 258 const int32_t c = *cmd++; 259 out << ": target=" << (void*)b << " (cookie " << (void*)c << ")"; 260 } break; 261 262 case BC_ATTEMPT_ACQUIRE: { 263 const int32_t p = *cmd++; 264 const int32_t d = *cmd++; 265 out << ": desc=" << d << ", pri=" << p; 266 } break; 267 268 case BC_REQUEST_DEATH_NOTIFICATION: 269 case BC_CLEAR_DEATH_NOTIFICATION: { 270 const int32_t h = *cmd++; 271 const int32_t c = *cmd++; 272 out << ": handle=" << h << " (death cookie " << (void*)c << ")"; 273 } break; 274 275 case BC_DEAD_BINDER_DONE: { 276 const int32_t c = *cmd++; 277 out << ": death cookie " << (void*)c; 278 } break; 279 280 default: 281 // no details to show for: BC_REGISTER_LOOPER, BC_ENTER_LOOPER, 282 // BC_EXIT_LOOPER 283 break; 284 } 285 286 out << endl; 287 return cmd; 288} 289#endif 290 291static pthread_mutex_t gTLSMutex = PTHREAD_MUTEX_INITIALIZER; 292static bool gHaveTLS = false; 293static pthread_key_t gTLS = 0; 294static bool gShutdown = false; 295static bool gDisableBackgroundScheduling = false; 296 297IPCThreadState* IPCThreadState::self() 298{ 299 if (gHaveTLS) { 300restart: 301 const pthread_key_t k = gTLS; 302 IPCThreadState* st = (IPCThreadState*)pthread_getspecific(k); 303 if (st) return st; 304 return new IPCThreadState; 305 } 306 307 if (gShutdown) return NULL; 308 309 pthread_mutex_lock(&gTLSMutex); 310 if (!gHaveTLS) { 311 if (pthread_key_create(&gTLS, threadDestructor) != 0) { 312 pthread_mutex_unlock(&gTLSMutex); 313 return NULL; 314 } 315 gHaveTLS = true; 316 } 317 pthread_mutex_unlock(&gTLSMutex); 318 goto restart; 319} 320 321IPCThreadState* IPCThreadState::selfOrNull() 322{ 323 if (gHaveTLS) { 324 const pthread_key_t k = gTLS; 325 IPCThreadState* st = (IPCThreadState*)pthread_getspecific(k); 326 return st; 327 } 328 return NULL; 329} 330 331void IPCThreadState::shutdown() 332{ 333 gShutdown = true; 334 335 if (gHaveTLS) { 336 // XXX Need to wait for all thread pool threads to exit! 337 IPCThreadState* st = (IPCThreadState*)pthread_getspecific(gTLS); 338 if (st) { 339 delete st; 340 pthread_setspecific(gTLS, NULL); 341 } 342 gHaveTLS = false; 343 } 344} 345 346void IPCThreadState::disableBackgroundScheduling(bool disable) 347{ 348 gDisableBackgroundScheduling = disable; 349} 350 351sp<ProcessState> IPCThreadState::process() 352{ 353 return mProcess; 354} 355 356status_t IPCThreadState::clearLastError() 357{ 358 const status_t err = mLastError; 359 mLastError = NO_ERROR; 360 return err; 361} 362 363int IPCThreadState::getCallingPid() 364{ 365 return mCallingPid; 366} 367 368int IPCThreadState::getCallingUid() 369{ 370 return mCallingUid; 371} 372 373int IPCThreadState::getOrigCallingUid() 374{ 375 return mOrigCallingUid; 376} 377 378int64_t IPCThreadState::clearCallingIdentity() 379{ 380 int64_t token = ((int64_t)mCallingUid<<32) | mCallingPid; 381 clearCaller(); 382 return token; 383} 384 385void IPCThreadState::setStrictModePolicy(int32_t policy) 386{ 387 mStrictModePolicy = policy; 388} 389 390int32_t IPCThreadState::getStrictModePolicy() const 391{ 392 return mStrictModePolicy; 393} 394 395void IPCThreadState::setLastTransactionBinderFlags(int32_t flags) 396{ 397 mLastTransactionBinderFlags = flags; 398} 399 400int32_t IPCThreadState::getLastTransactionBinderFlags() const 401{ 402 return mLastTransactionBinderFlags; 403} 404 405void IPCThreadState::restoreCallingIdentity(int64_t token) 406{ 407 mCallingUid = (int)(token>>32); 408 mCallingPid = (int)token; 409} 410 411void IPCThreadState::clearCaller() 412{ 413 mCallingPid = getpid(); 414 mCallingUid = getuid(); 415} 416 417void IPCThreadState::flushCommands() 418{ 419 if (mProcess->mDriverFD <= 0) 420 return; 421 talkWithDriver(false); 422} 423 424void IPCThreadState::joinThreadPool(bool isMain) 425{ 426 LOG_THREADPOOL("**** THREAD %p (PID %d) IS JOINING THE THREAD POOL\n", (void*)pthread_self(), getpid()); 427 428 mOut.writeInt32(isMain ? BC_ENTER_LOOPER : BC_REGISTER_LOOPER); 429 430 // This thread may have been spawned by a thread that was in the background 431 // scheduling group, so first we will make sure it is in the default/foreground 432 // one to avoid performing an initial transaction in the background. 433 androidSetThreadSchedulingGroup(mMyThreadId, ANDROID_TGROUP_DEFAULT); 434 435 status_t result; 436 do { 437 int32_t cmd; 438 439 // When we've cleared the incoming command queue, process any pending derefs 440 if (mIn.dataPosition() >= mIn.dataSize()) { 441 size_t numPending = mPendingWeakDerefs.size(); 442 if (numPending > 0) { 443 for (size_t i = 0; i < numPending; i++) { 444 RefBase::weakref_type* refs = mPendingWeakDerefs[i]; 445 refs->decWeak(mProcess.get()); 446 } 447 mPendingWeakDerefs.clear(); 448 } 449 450 numPending = mPendingStrongDerefs.size(); 451 if (numPending > 0) { 452 for (size_t i = 0; i < numPending; i++) { 453 BBinder* obj = mPendingStrongDerefs[i]; 454 obj->decStrong(mProcess.get()); 455 } 456 mPendingStrongDerefs.clear(); 457 } 458 } 459 460 // now get the next command to be processed, waiting if necessary 461 result = talkWithDriver(); 462 if (result >= NO_ERROR) { 463 size_t IN = mIn.dataAvail(); 464 if (IN < sizeof(int32_t)) continue; 465 cmd = mIn.readInt32(); 466 IF_LOG_COMMANDS() { 467 alog << "Processing top-level Command: " 468 << getReturnString(cmd) << endl; 469 } 470 471 472 result = executeCommand(cmd); 473 } 474 475 // After executing the command, ensure that the thread is returned to the 476 // default cgroup before rejoining the pool. The driver takes care of 477 // restoring the priority, but doesn't do anything with cgroups so we 478 // need to take care of that here in userspace. Note that we do make 479 // sure to go in the foreground after executing a transaction, but 480 // there are other callbacks into user code that could have changed 481 // our group so we want to make absolutely sure it is put back. 482 androidSetThreadSchedulingGroup(mMyThreadId, ANDROID_TGROUP_DEFAULT); 483 484 // Let this thread exit the thread pool if it is no longer 485 // needed and it is not the main process thread. 486 if(result == TIMED_OUT && !isMain) { 487 break; 488 } 489 } while (result != -ECONNREFUSED && result != -EBADF); 490 491 LOG_THREADPOOL("**** THREAD %p (PID %d) IS LEAVING THE THREAD POOL err=%p\n", 492 (void*)pthread_self(), getpid(), (void*)result); 493 494 mOut.writeInt32(BC_EXIT_LOOPER); 495 talkWithDriver(false); 496} 497 498void IPCThreadState::stopProcess(bool immediate) 499{ 500 //ALOGI("**** STOPPING PROCESS"); 501 flushCommands(); 502 int fd = mProcess->mDriverFD; 503 mProcess->mDriverFD = -1; 504 close(fd); 505 //kill(getpid(), SIGKILL); 506} 507 508status_t IPCThreadState::transact(int32_t handle, 509 uint32_t code, const Parcel& data, 510 Parcel* reply, uint32_t flags) 511{ 512 status_t err = data.errorCheck(); 513 514 flags |= TF_ACCEPT_FDS; 515 516 IF_LOG_TRANSACTIONS() { 517 TextOutput::Bundle _b(alog); 518 alog << "BC_TRANSACTION thr " << (void*)pthread_self() << " / hand " 519 << handle << " / code " << TypeCode(code) << ": " 520 << indent << data << dedent << endl; 521 } 522 523 if (err == NO_ERROR) { 524 LOG_ONEWAY(">>>> SEND from pid %d uid %d %s", getpid(), getuid(), 525 (flags & TF_ONE_WAY) == 0 ? "READ REPLY" : "ONE WAY"); 526 err = writeTransactionData(BC_TRANSACTION, flags, handle, code, data, NULL); 527 } 528 529 if (err != NO_ERROR) { 530 if (reply) reply->setError(err); 531 return (mLastError = err); 532 } 533 534 if ((flags & TF_ONE_WAY) == 0) { 535 #if 0 536 if (code == 4) { // relayout 537 ALOGI(">>>>>> CALLING transaction 4"); 538 } else { 539 ALOGI(">>>>>> CALLING transaction %d", code); 540 } 541 #endif 542 if (reply) { 543 err = waitForResponse(reply); 544 } else { 545 Parcel fakeReply; 546 err = waitForResponse(&fakeReply); 547 } 548 #if 0 549 if (code == 4) { // relayout 550 ALOGI("<<<<<< RETURNING transaction 4"); 551 } else { 552 ALOGI("<<<<<< RETURNING transaction %d", code); 553 } 554 #endif 555 556 IF_LOG_TRANSACTIONS() { 557 TextOutput::Bundle _b(alog); 558 alog << "BR_REPLY thr " << (void*)pthread_self() << " / hand " 559 << handle << ": "; 560 if (reply) alog << indent << *reply << dedent << endl; 561 else alog << "(none requested)" << endl; 562 } 563 } else { 564 err = waitForResponse(NULL, NULL); 565 } 566 567 return err; 568} 569 570void IPCThreadState::incStrongHandle(int32_t handle) 571{ 572 LOG_REMOTEREFS("IPCThreadState::incStrongHandle(%d)\n", handle); 573 mOut.writeInt32(BC_ACQUIRE); 574 mOut.writeInt32(handle); 575} 576 577void IPCThreadState::decStrongHandle(int32_t handle) 578{ 579 LOG_REMOTEREFS("IPCThreadState::decStrongHandle(%d)\n", handle); 580 mOut.writeInt32(BC_RELEASE); 581 mOut.writeInt32(handle); 582} 583 584void IPCThreadState::incWeakHandle(int32_t handle) 585{ 586 LOG_REMOTEREFS("IPCThreadState::incWeakHandle(%d)\n", handle); 587 mOut.writeInt32(BC_INCREFS); 588 mOut.writeInt32(handle); 589} 590 591void IPCThreadState::decWeakHandle(int32_t handle) 592{ 593 LOG_REMOTEREFS("IPCThreadState::decWeakHandle(%d)\n", handle); 594 mOut.writeInt32(BC_DECREFS); 595 mOut.writeInt32(handle); 596} 597 598status_t IPCThreadState::attemptIncStrongHandle(int32_t handle) 599{ 600 LOG_REMOTEREFS("IPCThreadState::attemptIncStrongHandle(%d)\n", handle); 601 mOut.writeInt32(BC_ATTEMPT_ACQUIRE); 602 mOut.writeInt32(0); // xxx was thread priority 603 mOut.writeInt32(handle); 604 status_t result = UNKNOWN_ERROR; 605 606 waitForResponse(NULL, &result); 607 608#if LOG_REFCOUNTS 609 printf("IPCThreadState::attemptIncStrongHandle(%ld) = %s\n", 610 handle, result == NO_ERROR ? "SUCCESS" : "FAILURE"); 611#endif 612 613 return result; 614} 615 616void IPCThreadState::expungeHandle(int32_t handle, IBinder* binder) 617{ 618#if LOG_REFCOUNTS 619 printf("IPCThreadState::expungeHandle(%ld)\n", handle); 620#endif 621 self()->mProcess->expungeHandle(handle, binder); 622} 623 624status_t IPCThreadState::requestDeathNotification(int32_t handle, BpBinder* proxy) 625{ 626 mOut.writeInt32(BC_REQUEST_DEATH_NOTIFICATION); 627 mOut.writeInt32((int32_t)handle); 628 mOut.writeInt32((int32_t)proxy); 629 return NO_ERROR; 630} 631 632status_t IPCThreadState::clearDeathNotification(int32_t handle, BpBinder* proxy) 633{ 634 mOut.writeInt32(BC_CLEAR_DEATH_NOTIFICATION); 635 mOut.writeInt32((int32_t)handle); 636 mOut.writeInt32((int32_t)proxy); 637 return NO_ERROR; 638} 639 640IPCThreadState::IPCThreadState() 641 : mProcess(ProcessState::self()), 642 mMyThreadId(androidGetTid()), 643 mStrictModePolicy(0), 644 mLastTransactionBinderFlags(0) 645{ 646 pthread_setspecific(gTLS, this); 647 clearCaller(); 648 mOrigCallingUid = mCallingUid; 649 mIn.setDataCapacity(256); 650 mOut.setDataCapacity(256); 651} 652 653IPCThreadState::~IPCThreadState() 654{ 655} 656 657status_t IPCThreadState::sendReply(const Parcel& reply, uint32_t flags) 658{ 659 status_t err; 660 status_t statusBuffer; 661 err = writeTransactionData(BC_REPLY, flags, -1, 0, reply, &statusBuffer); 662 if (err < NO_ERROR) return err; 663 664 return waitForResponse(NULL, NULL); 665} 666 667status_t IPCThreadState::waitForResponse(Parcel *reply, status_t *acquireResult) 668{ 669 int32_t cmd; 670 int32_t err; 671 672 while (1) { 673 if ((err=talkWithDriver()) < NO_ERROR) break; 674 err = mIn.errorCheck(); 675 if (err < NO_ERROR) break; 676 if (mIn.dataAvail() == 0) continue; 677 678 cmd = mIn.readInt32(); 679 680 IF_LOG_COMMANDS() { 681 alog << "Processing waitForResponse Command: " 682 << getReturnString(cmd) << endl; 683 } 684 685 switch (cmd) { 686 case BR_TRANSACTION_COMPLETE: 687 if (!reply && !acquireResult) goto finish; 688 break; 689 690 case BR_DEAD_REPLY: 691 err = DEAD_OBJECT; 692 goto finish; 693 694 case BR_FAILED_REPLY: 695 err = FAILED_TRANSACTION; 696 goto finish; 697 698 case BR_ACQUIRE_RESULT: 699 { 700 ALOG_ASSERT(acquireResult != NULL, "Unexpected brACQUIRE_RESULT"); 701 const int32_t result = mIn.readInt32(); 702 if (!acquireResult) continue; 703 *acquireResult = result ? NO_ERROR : INVALID_OPERATION; 704 } 705 goto finish; 706 707 case BR_REPLY: 708 { 709 binder_transaction_data tr; 710 err = mIn.read(&tr, sizeof(tr)); 711 ALOG_ASSERT(err == NO_ERROR, "Not enough command data for brREPLY"); 712 if (err != NO_ERROR) goto finish; 713 714 if (reply) { 715 if ((tr.flags & TF_STATUS_CODE) == 0) { 716 reply->ipcSetDataReference( 717 reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer), 718 tr.data_size, 719 reinterpret_cast<const size_t*>(tr.data.ptr.offsets), 720 tr.offsets_size/sizeof(size_t), 721 freeBuffer, this); 722 } else { 723 err = *static_cast<const status_t*>(tr.data.ptr.buffer); 724 freeBuffer(NULL, 725 reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer), 726 tr.data_size, 727 reinterpret_cast<const size_t*>(tr.data.ptr.offsets), 728 tr.offsets_size/sizeof(size_t), this); 729 } 730 } else { 731 freeBuffer(NULL, 732 reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer), 733 tr.data_size, 734 reinterpret_cast<const size_t*>(tr.data.ptr.offsets), 735 tr.offsets_size/sizeof(size_t), this); 736 continue; 737 } 738 } 739 goto finish; 740 741 default: 742 err = executeCommand(cmd); 743 if (err != NO_ERROR) goto finish; 744 break; 745 } 746 } 747 748finish: 749 if (err != NO_ERROR) { 750 if (acquireResult) *acquireResult = err; 751 if (reply) reply->setError(err); 752 mLastError = err; 753 } 754 755 return err; 756} 757 758status_t IPCThreadState::talkWithDriver(bool doReceive) 759{ 760 ALOG_ASSERT(mProcess->mDriverFD >= 0, "Binder driver is not opened"); 761 762 binder_write_read bwr; 763 764 // Is the read buffer empty? 765 const bool needRead = mIn.dataPosition() >= mIn.dataSize(); 766 767 // We don't want to write anything if we are still reading 768 // from data left in the input buffer and the caller 769 // has requested to read the next data. 770 const size_t outAvail = (!doReceive || needRead) ? mOut.dataSize() : 0; 771 772 bwr.write_size = outAvail; 773 bwr.write_buffer = (long unsigned int)mOut.data(); 774 775 // This is what we'll read. 776 if (doReceive && needRead) { 777 bwr.read_size = mIn.dataCapacity(); 778 bwr.read_buffer = (long unsigned int)mIn.data(); 779 } else { 780 bwr.read_size = 0; 781 bwr.read_buffer = 0; 782 } 783 784 IF_LOG_COMMANDS() { 785 TextOutput::Bundle _b(alog); 786 if (outAvail != 0) { 787 alog << "Sending commands to driver: " << indent; 788 const void* cmds = (const void*)bwr.write_buffer; 789 const void* end = ((const uint8_t*)cmds)+bwr.write_size; 790 alog << HexDump(cmds, bwr.write_size) << endl; 791 while (cmds < end) cmds = printCommand(alog, cmds); 792 alog << dedent; 793 } 794 alog << "Size of receive buffer: " << bwr.read_size 795 << ", needRead: " << needRead << ", doReceive: " << doReceive << endl; 796 } 797 798 // Return immediately if there is nothing to do. 799 if ((bwr.write_size == 0) && (bwr.read_size == 0)) return NO_ERROR; 800 801 bwr.write_consumed = 0; 802 bwr.read_consumed = 0; 803 status_t err; 804 do { 805 IF_LOG_COMMANDS() { 806 alog << "About to read/write, write size = " << mOut.dataSize() << endl; 807 } 808#if defined(HAVE_ANDROID_OS) 809 if (ioctl(mProcess->mDriverFD, BINDER_WRITE_READ, &bwr) >= 0) 810 err = NO_ERROR; 811 else 812 err = -errno; 813#else 814 err = INVALID_OPERATION; 815#endif 816 IF_LOG_COMMANDS() { 817 alog << "Finished read/write, write size = " << mOut.dataSize() << endl; 818 } 819 } while (err == -EINTR); 820 821 IF_LOG_COMMANDS() { 822 alog << "Our err: " << (void*)err << ", write consumed: " 823 << bwr.write_consumed << " (of " << mOut.dataSize() 824 << "), read consumed: " << bwr.read_consumed << endl; 825 } 826 827 if (err >= NO_ERROR) { 828 if (bwr.write_consumed > 0) { 829 if (bwr.write_consumed < (ssize_t)mOut.dataSize()) 830 mOut.remove(0, bwr.write_consumed); 831 else 832 mOut.setDataSize(0); 833 } 834 if (bwr.read_consumed > 0) { 835 mIn.setDataSize(bwr.read_consumed); 836 mIn.setDataPosition(0); 837 } 838 IF_LOG_COMMANDS() { 839 TextOutput::Bundle _b(alog); 840 alog << "Remaining data size: " << mOut.dataSize() << endl; 841 alog << "Received commands from driver: " << indent; 842 const void* cmds = mIn.data(); 843 const void* end = mIn.data() + mIn.dataSize(); 844 alog << HexDump(cmds, mIn.dataSize()) << endl; 845 while (cmds < end) cmds = printReturnCommand(alog, cmds); 846 alog << dedent; 847 } 848 return NO_ERROR; 849 } 850 851 return err; 852} 853 854status_t IPCThreadState::writeTransactionData(int32_t cmd, uint32_t binderFlags, 855 int32_t handle, uint32_t code, const Parcel& data, status_t* statusBuffer) 856{ 857 binder_transaction_data tr; 858 859 tr.target.handle = handle; 860 tr.code = code; 861 tr.flags = binderFlags; 862 tr.cookie = 0; 863 tr.sender_pid = 0; 864 tr.sender_euid = 0; 865 866 const status_t err = data.errorCheck(); 867 if (err == NO_ERROR) { 868 tr.data_size = data.ipcDataSize(); 869 tr.data.ptr.buffer = data.ipcData(); 870 tr.offsets_size = data.ipcObjectsCount()*sizeof(size_t); 871 tr.data.ptr.offsets = data.ipcObjects(); 872 } else if (statusBuffer) { 873 tr.flags |= TF_STATUS_CODE; 874 *statusBuffer = err; 875 tr.data_size = sizeof(status_t); 876 tr.data.ptr.buffer = statusBuffer; 877 tr.offsets_size = 0; 878 tr.data.ptr.offsets = NULL; 879 } else { 880 return (mLastError = err); 881 } 882 883 mOut.writeInt32(cmd); 884 mOut.write(&tr, sizeof(tr)); 885 886 return NO_ERROR; 887} 888 889sp<BBinder> the_context_object; 890 891void setTheContextObject(sp<BBinder> obj) 892{ 893 the_context_object = obj; 894} 895 896status_t IPCThreadState::executeCommand(int32_t cmd) 897{ 898 BBinder* obj; 899 RefBase::weakref_type* refs; 900 status_t result = NO_ERROR; 901 902 switch (cmd) { 903 case BR_ERROR: 904 result = mIn.readInt32(); 905 break; 906 907 case BR_OK: 908 break; 909 910 case BR_ACQUIRE: 911 refs = (RefBase::weakref_type*)mIn.readInt32(); 912 obj = (BBinder*)mIn.readInt32(); 913 ALOG_ASSERT(refs->refBase() == obj, 914 "BR_ACQUIRE: object %p does not match cookie %p (expected %p)", 915 refs, obj, refs->refBase()); 916 obj->incStrong(mProcess.get()); 917 IF_LOG_REMOTEREFS() { 918 LOG_REMOTEREFS("BR_ACQUIRE from driver on %p", obj); 919 obj->printRefs(); 920 } 921 mOut.writeInt32(BC_ACQUIRE_DONE); 922 mOut.writeInt32((int32_t)refs); 923 mOut.writeInt32((int32_t)obj); 924 break; 925 926 case BR_RELEASE: 927 refs = (RefBase::weakref_type*)mIn.readInt32(); 928 obj = (BBinder*)mIn.readInt32(); 929 ALOG_ASSERT(refs->refBase() == obj, 930 "BR_RELEASE: object %p does not match cookie %p (expected %p)", 931 refs, obj, refs->refBase()); 932 IF_LOG_REMOTEREFS() { 933 LOG_REMOTEREFS("BR_RELEASE from driver on %p", obj); 934 obj->printRefs(); 935 } 936 mPendingStrongDerefs.push(obj); 937 break; 938 939 case BR_INCREFS: 940 refs = (RefBase::weakref_type*)mIn.readInt32(); 941 obj = (BBinder*)mIn.readInt32(); 942 refs->incWeak(mProcess.get()); 943 mOut.writeInt32(BC_INCREFS_DONE); 944 mOut.writeInt32((int32_t)refs); 945 mOut.writeInt32((int32_t)obj); 946 break; 947 948 case BR_DECREFS: 949 refs = (RefBase::weakref_type*)mIn.readInt32(); 950 obj = (BBinder*)mIn.readInt32(); 951 // NOTE: This assertion is not valid, because the object may no 952 // longer exist (thus the (BBinder*)cast above resulting in a different 953 // memory address). 954 //ALOG_ASSERT(refs->refBase() == obj, 955 // "BR_DECREFS: object %p does not match cookie %p (expected %p)", 956 // refs, obj, refs->refBase()); 957 mPendingWeakDerefs.push(refs); 958 break; 959 960 case BR_ATTEMPT_ACQUIRE: 961 refs = (RefBase::weakref_type*)mIn.readInt32(); 962 obj = (BBinder*)mIn.readInt32(); 963 964 { 965 const bool success = refs->attemptIncStrong(mProcess.get()); 966 ALOG_ASSERT(success && refs->refBase() == obj, 967 "BR_ATTEMPT_ACQUIRE: object %p does not match cookie %p (expected %p)", 968 refs, obj, refs->refBase()); 969 970 mOut.writeInt32(BC_ACQUIRE_RESULT); 971 mOut.writeInt32((int32_t)success); 972 } 973 break; 974 975 case BR_TRANSACTION: 976 { 977 binder_transaction_data tr; 978 result = mIn.read(&tr, sizeof(tr)); 979 ALOG_ASSERT(result == NO_ERROR, 980 "Not enough command data for brTRANSACTION"); 981 if (result != NO_ERROR) break; 982 983 Parcel buffer; 984 buffer.ipcSetDataReference( 985 reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer), 986 tr.data_size, 987 reinterpret_cast<const size_t*>(tr.data.ptr.offsets), 988 tr.offsets_size/sizeof(size_t), freeBuffer, this); 989 990 const pid_t origPid = mCallingPid; 991 const uid_t origUid = mCallingUid; 992 993 mCallingPid = tr.sender_pid; 994 mCallingUid = tr.sender_euid; 995 mOrigCallingUid = tr.sender_euid; 996 997 int curPrio = getpriority(PRIO_PROCESS, mMyThreadId); 998 if (gDisableBackgroundScheduling) { 999 if (curPrio > ANDROID_PRIORITY_NORMAL) { 1000 // We have inherited a reduced priority from the caller, but do not 1001 // want to run in that state in this process. The driver set our 1002 // priority already (though not our scheduling class), so bounce 1003 // it back to the default before invoking the transaction. 1004 setpriority(PRIO_PROCESS, mMyThreadId, ANDROID_PRIORITY_NORMAL); 1005 } 1006 } else { 1007 if (curPrio >= ANDROID_PRIORITY_BACKGROUND) { 1008 // We want to use the inherited priority from the caller. 1009 // Ensure this thread is in the background scheduling class, 1010 // since the driver won't modify scheduling classes for us. 1011 // The scheduling group is reset to default by the caller 1012 // once this method returns after the transaction is complete. 1013 androidSetThreadSchedulingGroup(mMyThreadId, 1014 ANDROID_TGROUP_BG_NONINTERACT); 1015 } 1016 } 1017 1018 //ALOGI(">>>> TRANSACT from pid %d uid %d\n", mCallingPid, mCallingUid); 1019 1020 Parcel reply; 1021 IF_LOG_TRANSACTIONS() { 1022 TextOutput::Bundle _b(alog); 1023 alog << "BR_TRANSACTION thr " << (void*)pthread_self() 1024 << " / obj " << tr.target.ptr << " / code " 1025 << TypeCode(tr.code) << ": " << indent << buffer 1026 << dedent << endl 1027 << "Data addr = " 1028 << reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer) 1029 << ", offsets addr=" 1030 << reinterpret_cast<const size_t*>(tr.data.ptr.offsets) << endl; 1031 } 1032 if (tr.target.ptr) { 1033 sp<BBinder> b((BBinder*)tr.cookie); 1034 const status_t error = b->transact(tr.code, buffer, &reply, tr.flags); 1035 if (error < NO_ERROR) reply.setError(error); 1036 1037 } else { 1038 const status_t error = the_context_object->transact(tr.code, buffer, &reply, tr.flags); 1039 if (error < NO_ERROR) reply.setError(error); 1040 } 1041 1042 //ALOGI("<<<< TRANSACT from pid %d restore pid %d uid %d\n", 1043 // mCallingPid, origPid, origUid); 1044 1045 if ((tr.flags & TF_ONE_WAY) == 0) { 1046 LOG_ONEWAY("Sending reply to %d!", mCallingPid); 1047 sendReply(reply, 0); 1048 } else { 1049 LOG_ONEWAY("NOT sending reply to %d!", mCallingPid); 1050 } 1051 1052 mCallingPid = origPid; 1053 mCallingUid = origUid; 1054 mOrigCallingUid = origUid; 1055 1056 IF_LOG_TRANSACTIONS() { 1057 TextOutput::Bundle _b(alog); 1058 alog << "BC_REPLY thr " << (void*)pthread_self() << " / obj " 1059 << tr.target.ptr << ": " << indent << reply << dedent << endl; 1060 } 1061 1062 } 1063 break; 1064 1065 case BR_DEAD_BINDER: 1066 { 1067 BpBinder *proxy = (BpBinder*)mIn.readInt32(); 1068 proxy->sendObituary(); 1069 mOut.writeInt32(BC_DEAD_BINDER_DONE); 1070 mOut.writeInt32((int32_t)proxy); 1071 } break; 1072 1073 case BR_CLEAR_DEATH_NOTIFICATION_DONE: 1074 { 1075 BpBinder *proxy = (BpBinder*)mIn.readInt32(); 1076 proxy->getWeakRefs()->decWeak(proxy); 1077 } break; 1078 1079 case BR_FINISHED: 1080 result = TIMED_OUT; 1081 break; 1082 1083 case BR_NOOP: 1084 break; 1085 1086 case BR_SPAWN_LOOPER: 1087 mProcess->spawnPooledThread(false); 1088 break; 1089 1090 default: 1091 printf("*** BAD COMMAND %d received from Binder driver\n", cmd); 1092 result = UNKNOWN_ERROR; 1093 break; 1094 } 1095 1096 if (result != NO_ERROR) { 1097 mLastError = result; 1098 } 1099 1100 return result; 1101} 1102 1103void IPCThreadState::threadDestructor(void *st) 1104{ 1105 IPCThreadState* const self = static_cast<IPCThreadState*>(st); 1106 if (self) { 1107 self->flushCommands(); 1108#if defined(HAVE_ANDROID_OS) 1109 ioctl(self->mProcess->mDriverFD, BINDER_THREAD_EXIT, 0); 1110#endif 1111 delete self; 1112 } 1113} 1114 1115 1116void IPCThreadState::freeBuffer(Parcel* parcel, const uint8_t* data, size_t dataSize, 1117 const size_t* objects, size_t objectsSize, 1118 void* cookie) 1119{ 1120 //ALOGI("Freeing parcel %p", &parcel); 1121 IF_LOG_COMMANDS() { 1122 alog << "Writing BC_FREE_BUFFER for " << data << endl; 1123 } 1124 ALOG_ASSERT(data != NULL, "Called with NULL data"); 1125 if (parcel != NULL) parcel->closeFileDescriptors(); 1126 IPCThreadState* state = self(); 1127 state->mOut.writeInt32(BC_FREE_BUFFER); 1128 state->mOut.writeInt32((int32_t)data); 1129} 1130 1131}; // namespace android 1132