1/* 2 * Copyright (C) 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#include <errno.h> 18#include <fcntl.h> 19#include <poll.h> 20#include <pthread.h> 21#include <stdio.h> 22#include <stdlib.h> 23 24#include <gtest/gtest.h> 25 26#include <binder/Binder.h> 27#include <binder/IBinder.h> 28#include <binder/IPCThreadState.h> 29#include <binder/IServiceManager.h> 30 31#include <sys/epoll.h> 32 33#define ARRAY_SIZE(array) (sizeof array / sizeof array[0]) 34 35using namespace android; 36 37static ::testing::AssertionResult IsPageAligned(void *buf) { 38 if (((unsigned long)buf & ((unsigned long)PAGE_SIZE - 1)) == 0) 39 return ::testing::AssertionSuccess(); 40 else 41 return ::testing::AssertionFailure() << buf << " is not page aligned"; 42} 43 44static testing::Environment* binder_env; 45static char *binderservername; 46static char *binderserversuffix; 47static char binderserverarg[] = "--binderserver"; 48 49static String16 binderLibTestServiceName = String16("test.binderLib"); 50 51enum BinderLibTestTranscationCode { 52 BINDER_LIB_TEST_NOP_TRANSACTION = IBinder::FIRST_CALL_TRANSACTION, 53 BINDER_LIB_TEST_REGISTER_SERVER, 54 BINDER_LIB_TEST_ADD_SERVER, 55 BINDER_LIB_TEST_ADD_POLL_SERVER, 56 BINDER_LIB_TEST_CALL_BACK, 57 BINDER_LIB_TEST_CALL_BACK_VERIFY_BUF, 58 BINDER_LIB_TEST_DELAYED_CALL_BACK, 59 BINDER_LIB_TEST_NOP_CALL_BACK, 60 BINDER_LIB_TEST_GET_SELF_TRANSACTION, 61 BINDER_LIB_TEST_GET_ID_TRANSACTION, 62 BINDER_LIB_TEST_INDIRECT_TRANSACTION, 63 BINDER_LIB_TEST_SET_ERROR_TRANSACTION, 64 BINDER_LIB_TEST_GET_STATUS_TRANSACTION, 65 BINDER_LIB_TEST_ADD_STRONG_REF_TRANSACTION, 66 BINDER_LIB_TEST_LINK_DEATH_TRANSACTION, 67 BINDER_LIB_TEST_WRITE_FILE_TRANSACTION, 68 BINDER_LIB_TEST_PROMOTE_WEAK_REF_TRANSACTION, 69 BINDER_LIB_TEST_EXIT_TRANSACTION, 70 BINDER_LIB_TEST_DELAYED_EXIT_TRANSACTION, 71 BINDER_LIB_TEST_GET_PTR_SIZE_TRANSACTION, 72 BINDER_LIB_TEST_CREATE_BINDER_TRANSACTION, 73}; 74 75pid_t start_server_process(int arg2, bool usePoll = false) 76{ 77 int ret; 78 pid_t pid; 79 status_t status; 80 int pipefd[2]; 81 char stri[16]; 82 char strpipefd1[16]; 83 char usepoll[2]; 84 char *childargv[] = { 85 binderservername, 86 binderserverarg, 87 stri, 88 strpipefd1, 89 usepoll, 90 binderserversuffix, 91 NULL 92 }; 93 94 ret = pipe(pipefd); 95 if (ret < 0) 96 return ret; 97 98 snprintf(stri, sizeof(stri), "%d", arg2); 99 snprintf(strpipefd1, sizeof(strpipefd1), "%d", pipefd[1]); 100 snprintf(usepoll, sizeof(usepoll), "%d", usePoll ? 1 : 0); 101 102 pid = fork(); 103 if (pid == -1) 104 return pid; 105 if (pid == 0) { 106 close(pipefd[0]); 107 execv(binderservername, childargv); 108 status = -errno; 109 write(pipefd[1], &status, sizeof(status)); 110 fprintf(stderr, "execv failed, %s\n", strerror(errno)); 111 _exit(EXIT_FAILURE); 112 } 113 close(pipefd[1]); 114 ret = read(pipefd[0], &status, sizeof(status)); 115 //printf("pipe read returned %d, status %d\n", ret, status); 116 close(pipefd[0]); 117 if (ret == sizeof(status)) { 118 ret = status; 119 } else { 120 kill(pid, SIGKILL); 121 if (ret >= 0) { 122 ret = NO_INIT; 123 } 124 } 125 if (ret < 0) { 126 wait(NULL); 127 return ret; 128 } 129 return pid; 130} 131 132class BinderLibTestEnv : public ::testing::Environment { 133 public: 134 BinderLibTestEnv() {} 135 sp<IBinder> getServer(void) { 136 return m_server; 137 } 138 139 private: 140 virtual void SetUp() { 141 m_serverpid = start_server_process(0); 142 //printf("m_serverpid %d\n", m_serverpid); 143 ASSERT_GT(m_serverpid, 0); 144 145 sp<IServiceManager> sm = defaultServiceManager(); 146 //printf("%s: pid %d, get service\n", __func__, m_pid); 147 m_server = sm->getService(binderLibTestServiceName); 148 ASSERT_TRUE(m_server != NULL); 149 //printf("%s: pid %d, get service done\n", __func__, m_pid); 150 } 151 virtual void TearDown() { 152 status_t ret; 153 Parcel data, reply; 154 int exitStatus; 155 pid_t pid; 156 157 //printf("%s: pid %d\n", __func__, m_pid); 158 if (m_server != NULL) { 159 ret = m_server->transact(BINDER_LIB_TEST_GET_STATUS_TRANSACTION, data, &reply); 160 EXPECT_EQ(0, ret); 161 ret = m_server->transact(BINDER_LIB_TEST_EXIT_TRANSACTION, data, &reply, TF_ONE_WAY); 162 EXPECT_EQ(0, ret); 163 } 164 if (m_serverpid > 0) { 165 //printf("wait for %d\n", m_pids[i]); 166 pid = wait(&exitStatus); 167 EXPECT_EQ(m_serverpid, pid); 168 EXPECT_TRUE(WIFEXITED(exitStatus)); 169 EXPECT_EQ(0, WEXITSTATUS(exitStatus)); 170 } 171 } 172 173 pid_t m_serverpid; 174 sp<IBinder> m_server; 175}; 176 177class BinderLibTest : public ::testing::Test { 178 public: 179 virtual void SetUp() { 180 m_server = static_cast<BinderLibTestEnv *>(binder_env)->getServer(); 181 } 182 virtual void TearDown() { 183 } 184 protected: 185 sp<IBinder> addServerEtc(int32_t *idPtr, int code) 186 { 187 int ret; 188 int32_t id; 189 Parcel data, reply; 190 sp<IBinder> binder; 191 192 ret = m_server->transact(code, data, &reply); 193 EXPECT_EQ(NO_ERROR, ret); 194 195 EXPECT_FALSE(binder != NULL); 196 binder = reply.readStrongBinder(); 197 EXPECT_TRUE(binder != NULL); 198 ret = reply.readInt32(&id); 199 EXPECT_EQ(NO_ERROR, ret); 200 if (idPtr) 201 *idPtr = id; 202 return binder; 203 } 204 205 sp<IBinder> addServer(int32_t *idPtr = NULL) 206 { 207 return addServerEtc(idPtr, BINDER_LIB_TEST_ADD_SERVER); 208 } 209 210 sp<IBinder> addPollServer(int32_t *idPtr = NULL) 211 { 212 return addServerEtc(idPtr, BINDER_LIB_TEST_ADD_POLL_SERVER); 213 } 214 215 void waitForReadData(int fd, int timeout_ms) { 216 int ret; 217 pollfd pfd = pollfd(); 218 219 pfd.fd = fd; 220 pfd.events = POLLIN; 221 ret = poll(&pfd, 1, timeout_ms); 222 EXPECT_EQ(1, ret); 223 } 224 225 sp<IBinder> m_server; 226}; 227 228class BinderLibTestBundle : public Parcel 229{ 230 public: 231 BinderLibTestBundle(void) {} 232 BinderLibTestBundle(const Parcel *source) : m_isValid(false) { 233 int32_t mark; 234 int32_t bundleLen; 235 size_t pos; 236 237 if (source->readInt32(&mark)) 238 return; 239 if (mark != MARK_START) 240 return; 241 if (source->readInt32(&bundleLen)) 242 return; 243 pos = source->dataPosition(); 244 if (Parcel::appendFrom(source, pos, bundleLen)) 245 return; 246 source->setDataPosition(pos + bundleLen); 247 if (source->readInt32(&mark)) 248 return; 249 if (mark != MARK_END) 250 return; 251 m_isValid = true; 252 setDataPosition(0); 253 } 254 void appendTo(Parcel *dest) { 255 dest->writeInt32(MARK_START); 256 dest->writeInt32(dataSize()); 257 dest->appendFrom(this, 0, dataSize()); 258 dest->writeInt32(MARK_END); 259 }; 260 bool isValid(void) { 261 return m_isValid; 262 } 263 private: 264 enum { 265 MARK_START = B_PACK_CHARS('B','T','B','S'), 266 MARK_END = B_PACK_CHARS('B','T','B','E'), 267 }; 268 bool m_isValid; 269}; 270 271class BinderLibTestEvent 272{ 273 public: 274 BinderLibTestEvent(void) 275 : m_eventTriggered(false) 276 { 277 pthread_mutex_init(&m_waitMutex, NULL); 278 pthread_cond_init(&m_waitCond, NULL); 279 } 280 int waitEvent(int timeout_s) 281 { 282 int ret; 283 pthread_mutex_lock(&m_waitMutex); 284 if (!m_eventTriggered) { 285 struct timespec ts; 286 clock_gettime(CLOCK_REALTIME, &ts); 287 ts.tv_sec += timeout_s; 288 pthread_cond_timedwait(&m_waitCond, &m_waitMutex, &ts); 289 } 290 ret = m_eventTriggered ? NO_ERROR : TIMED_OUT; 291 pthread_mutex_unlock(&m_waitMutex); 292 return ret; 293 } 294 pthread_t getTriggeringThread() 295 { 296 return m_triggeringThread; 297 } 298 protected: 299 void triggerEvent(void) { 300 pthread_mutex_lock(&m_waitMutex); 301 pthread_cond_signal(&m_waitCond); 302 m_eventTriggered = true; 303 m_triggeringThread = pthread_self(); 304 pthread_mutex_unlock(&m_waitMutex); 305 }; 306 private: 307 pthread_mutex_t m_waitMutex; 308 pthread_cond_t m_waitCond; 309 bool m_eventTriggered; 310 pthread_t m_triggeringThread; 311}; 312 313class BinderLibTestCallBack : public BBinder, public BinderLibTestEvent 314{ 315 public: 316 BinderLibTestCallBack() 317 : m_result(NOT_ENOUGH_DATA) 318 , m_prev_end(NULL) 319 { 320 } 321 status_t getResult(void) 322 { 323 return m_result; 324 } 325 326 private: 327 virtual status_t onTransact(uint32_t code, 328 const Parcel& data, Parcel* reply, 329 uint32_t flags = 0) 330 { 331 (void)reply; 332 (void)flags; 333 switch(code) { 334 case BINDER_LIB_TEST_CALL_BACK: { 335 status_t status = data.readInt32(&m_result); 336 if (status != NO_ERROR) { 337 m_result = status; 338 } 339 triggerEvent(); 340 return NO_ERROR; 341 } 342 case BINDER_LIB_TEST_CALL_BACK_VERIFY_BUF: { 343 sp<IBinder> server; 344 int ret; 345 const uint8_t *buf = data.data(); 346 size_t size = data.dataSize(); 347 if (m_prev_end) { 348 /* 64-bit kernel needs at most 8 bytes to align buffer end */ 349 EXPECT_LE((size_t)(buf - m_prev_end), (size_t)8); 350 } else { 351 EXPECT_TRUE(IsPageAligned((void *)buf)); 352 } 353 354 m_prev_end = buf + size + data.objectsCount() * sizeof(binder_size_t); 355 356 if (size > 0) { 357 server = static_cast<BinderLibTestEnv *>(binder_env)->getServer(); 358 ret = server->transact(BINDER_LIB_TEST_INDIRECT_TRANSACTION, 359 data, reply); 360 EXPECT_EQ(NO_ERROR, ret); 361 } 362 return NO_ERROR; 363 } 364 default: 365 return UNKNOWN_TRANSACTION; 366 } 367 } 368 369 status_t m_result; 370 const uint8_t *m_prev_end; 371}; 372 373class TestDeathRecipient : public IBinder::DeathRecipient, public BinderLibTestEvent 374{ 375 private: 376 virtual void binderDied(const wp<IBinder>& who) { 377 (void)who; 378 triggerEvent(); 379 }; 380}; 381 382TEST_F(BinderLibTest, NopTransaction) { 383 status_t ret; 384 Parcel data, reply; 385 ret = m_server->transact(BINDER_LIB_TEST_NOP_TRANSACTION, data, &reply); 386 EXPECT_EQ(NO_ERROR, ret); 387} 388 389TEST_F(BinderLibTest, SetError) { 390 int32_t testValue[] = { 0, -123, 123 }; 391 for (size_t i = 0; i < ARRAY_SIZE(testValue); i++) { 392 status_t ret; 393 Parcel data, reply; 394 data.writeInt32(testValue[i]); 395 ret = m_server->transact(BINDER_LIB_TEST_SET_ERROR_TRANSACTION, data, &reply); 396 EXPECT_EQ(testValue[i], ret); 397 } 398} 399 400TEST_F(BinderLibTest, GetId) { 401 status_t ret; 402 int32_t id; 403 Parcel data, reply; 404 ret = m_server->transact(BINDER_LIB_TEST_GET_ID_TRANSACTION, data, &reply); 405 EXPECT_EQ(NO_ERROR, ret); 406 ret = reply.readInt32(&id); 407 EXPECT_EQ(NO_ERROR, ret); 408 EXPECT_EQ(0, id); 409} 410 411TEST_F(BinderLibTest, PtrSize) { 412 status_t ret; 413 int32_t ptrsize; 414 Parcel data, reply; 415 sp<IBinder> server = addServer(); 416 ASSERT_TRUE(server != NULL); 417 ret = server->transact(BINDER_LIB_TEST_GET_PTR_SIZE_TRANSACTION, data, &reply); 418 EXPECT_EQ(NO_ERROR, ret); 419 ret = reply.readInt32(&ptrsize); 420 EXPECT_EQ(NO_ERROR, ret); 421 RecordProperty("TestPtrSize", sizeof(void *)); 422 RecordProperty("ServerPtrSize", sizeof(void *)); 423} 424 425TEST_F(BinderLibTest, IndirectGetId2) 426{ 427 status_t ret; 428 int32_t id; 429 int32_t count; 430 Parcel data, reply; 431 int32_t serverId[3]; 432 433 data.writeInt32(ARRAY_SIZE(serverId)); 434 for (size_t i = 0; i < ARRAY_SIZE(serverId); i++) { 435 sp<IBinder> server; 436 BinderLibTestBundle datai; 437 438 server = addServer(&serverId[i]); 439 ASSERT_TRUE(server != NULL); 440 data.writeStrongBinder(server); 441 data.writeInt32(BINDER_LIB_TEST_GET_ID_TRANSACTION); 442 datai.appendTo(&data); 443 } 444 445 ret = m_server->transact(BINDER_LIB_TEST_INDIRECT_TRANSACTION, data, &reply); 446 ASSERT_EQ(NO_ERROR, ret); 447 448 ret = reply.readInt32(&id); 449 ASSERT_EQ(NO_ERROR, ret); 450 EXPECT_EQ(0, id); 451 452 ret = reply.readInt32(&count); 453 ASSERT_EQ(NO_ERROR, ret); 454 EXPECT_EQ(ARRAY_SIZE(serverId), (size_t)count); 455 456 for (size_t i = 0; i < (size_t)count; i++) { 457 BinderLibTestBundle replyi(&reply); 458 EXPECT_TRUE(replyi.isValid()); 459 ret = replyi.readInt32(&id); 460 EXPECT_EQ(NO_ERROR, ret); 461 EXPECT_EQ(serverId[i], id); 462 EXPECT_EQ(replyi.dataSize(), replyi.dataPosition()); 463 } 464 465 EXPECT_EQ(reply.dataSize(), reply.dataPosition()); 466} 467 468TEST_F(BinderLibTest, IndirectGetId3) 469{ 470 status_t ret; 471 int32_t id; 472 int32_t count; 473 Parcel data, reply; 474 int32_t serverId[3]; 475 476 data.writeInt32(ARRAY_SIZE(serverId)); 477 for (size_t i = 0; i < ARRAY_SIZE(serverId); i++) { 478 sp<IBinder> server; 479 BinderLibTestBundle datai; 480 BinderLibTestBundle datai2; 481 482 server = addServer(&serverId[i]); 483 ASSERT_TRUE(server != NULL); 484 data.writeStrongBinder(server); 485 data.writeInt32(BINDER_LIB_TEST_INDIRECT_TRANSACTION); 486 487 datai.writeInt32(1); 488 datai.writeStrongBinder(m_server); 489 datai.writeInt32(BINDER_LIB_TEST_GET_ID_TRANSACTION); 490 datai2.appendTo(&datai); 491 492 datai.appendTo(&data); 493 } 494 495 ret = m_server->transact(BINDER_LIB_TEST_INDIRECT_TRANSACTION, data, &reply); 496 ASSERT_EQ(NO_ERROR, ret); 497 498 ret = reply.readInt32(&id); 499 ASSERT_EQ(NO_ERROR, ret); 500 EXPECT_EQ(0, id); 501 502 ret = reply.readInt32(&count); 503 ASSERT_EQ(NO_ERROR, ret); 504 EXPECT_EQ(ARRAY_SIZE(serverId), (size_t)count); 505 506 for (size_t i = 0; i < (size_t)count; i++) { 507 int32_t counti; 508 509 BinderLibTestBundle replyi(&reply); 510 EXPECT_TRUE(replyi.isValid()); 511 ret = replyi.readInt32(&id); 512 EXPECT_EQ(NO_ERROR, ret); 513 EXPECT_EQ(serverId[i], id); 514 515 ret = replyi.readInt32(&counti); 516 ASSERT_EQ(NO_ERROR, ret); 517 EXPECT_EQ(1, counti); 518 519 BinderLibTestBundle replyi2(&replyi); 520 EXPECT_TRUE(replyi2.isValid()); 521 ret = replyi2.readInt32(&id); 522 EXPECT_EQ(NO_ERROR, ret); 523 EXPECT_EQ(0, id); 524 EXPECT_EQ(replyi2.dataSize(), replyi2.dataPosition()); 525 526 EXPECT_EQ(replyi.dataSize(), replyi.dataPosition()); 527 } 528 529 EXPECT_EQ(reply.dataSize(), reply.dataPosition()); 530} 531 532TEST_F(BinderLibTest, CallBack) 533{ 534 status_t ret; 535 Parcel data, reply; 536 sp<BinderLibTestCallBack> callBack = new BinderLibTestCallBack(); 537 data.writeStrongBinder(callBack); 538 ret = m_server->transact(BINDER_LIB_TEST_NOP_CALL_BACK, data, &reply, TF_ONE_WAY); 539 EXPECT_EQ(NO_ERROR, ret); 540 ret = callBack->waitEvent(5); 541 EXPECT_EQ(NO_ERROR, ret); 542 ret = callBack->getResult(); 543 EXPECT_EQ(NO_ERROR, ret); 544} 545 546TEST_F(BinderLibTest, AddServer) 547{ 548 sp<IBinder> server = addServer(); 549 ASSERT_TRUE(server != NULL); 550} 551 552TEST_F(BinderLibTest, DeathNotificationNoRefs) 553{ 554 status_t ret; 555 556 sp<TestDeathRecipient> testDeathRecipient = new TestDeathRecipient(); 557 558 { 559 sp<IBinder> binder = addServer(); 560 ASSERT_TRUE(binder != NULL); 561 ret = binder->linkToDeath(testDeathRecipient); 562 EXPECT_EQ(NO_ERROR, ret); 563 } 564 IPCThreadState::self()->flushCommands(); 565 ret = testDeathRecipient->waitEvent(5); 566 EXPECT_EQ(NO_ERROR, ret); 567#if 0 /* Is there an unlink api that does not require a strong reference? */ 568 ret = binder->unlinkToDeath(testDeathRecipient); 569 EXPECT_EQ(NO_ERROR, ret); 570#endif 571} 572 573TEST_F(BinderLibTest, DeathNotificationWeakRef) 574{ 575 status_t ret; 576 wp<IBinder> wbinder; 577 578 sp<TestDeathRecipient> testDeathRecipient = new TestDeathRecipient(); 579 580 { 581 sp<IBinder> binder = addServer(); 582 ASSERT_TRUE(binder != NULL); 583 ret = binder->linkToDeath(testDeathRecipient); 584 EXPECT_EQ(NO_ERROR, ret); 585 wbinder = binder; 586 } 587 IPCThreadState::self()->flushCommands(); 588 ret = testDeathRecipient->waitEvent(5); 589 EXPECT_EQ(NO_ERROR, ret); 590#if 0 /* Is there an unlink api that does not require a strong reference? */ 591 ret = binder->unlinkToDeath(testDeathRecipient); 592 EXPECT_EQ(NO_ERROR, ret); 593#endif 594} 595 596TEST_F(BinderLibTest, DeathNotificationStrongRef) 597{ 598 status_t ret; 599 sp<IBinder> sbinder; 600 601 sp<TestDeathRecipient> testDeathRecipient = new TestDeathRecipient(); 602 603 { 604 sp<IBinder> binder = addServer(); 605 ASSERT_TRUE(binder != NULL); 606 ret = binder->linkToDeath(testDeathRecipient); 607 EXPECT_EQ(NO_ERROR, ret); 608 sbinder = binder; 609 } 610 { 611 Parcel data, reply; 612 ret = sbinder->transact(BINDER_LIB_TEST_EXIT_TRANSACTION, data, &reply, TF_ONE_WAY); 613 EXPECT_EQ(0, ret); 614 } 615 IPCThreadState::self()->flushCommands(); 616 ret = testDeathRecipient->waitEvent(5); 617 EXPECT_EQ(NO_ERROR, ret); 618 ret = sbinder->unlinkToDeath(testDeathRecipient); 619 EXPECT_EQ(DEAD_OBJECT, ret); 620} 621 622TEST_F(BinderLibTest, DeathNotificationMultiple) 623{ 624 status_t ret; 625 const int clientcount = 2; 626 sp<IBinder> target; 627 sp<IBinder> linkedclient[clientcount]; 628 sp<BinderLibTestCallBack> callBack[clientcount]; 629 sp<IBinder> passiveclient[clientcount]; 630 631 target = addServer(); 632 ASSERT_TRUE(target != NULL); 633 for (int i = 0; i < clientcount; i++) { 634 { 635 Parcel data, reply; 636 637 linkedclient[i] = addServer(); 638 ASSERT_TRUE(linkedclient[i] != NULL); 639 callBack[i] = new BinderLibTestCallBack(); 640 data.writeStrongBinder(target); 641 data.writeStrongBinder(callBack[i]); 642 ret = linkedclient[i]->transact(BINDER_LIB_TEST_LINK_DEATH_TRANSACTION, data, &reply, TF_ONE_WAY); 643 EXPECT_EQ(NO_ERROR, ret); 644 } 645 { 646 Parcel data, reply; 647 648 passiveclient[i] = addServer(); 649 ASSERT_TRUE(passiveclient[i] != NULL); 650 data.writeStrongBinder(target); 651 ret = passiveclient[i]->transact(BINDER_LIB_TEST_ADD_STRONG_REF_TRANSACTION, data, &reply, TF_ONE_WAY); 652 EXPECT_EQ(NO_ERROR, ret); 653 } 654 } 655 { 656 Parcel data, reply; 657 ret = target->transact(BINDER_LIB_TEST_EXIT_TRANSACTION, data, &reply, TF_ONE_WAY); 658 EXPECT_EQ(0, ret); 659 } 660 661 for (int i = 0; i < clientcount; i++) { 662 ret = callBack[i]->waitEvent(5); 663 EXPECT_EQ(NO_ERROR, ret); 664 ret = callBack[i]->getResult(); 665 EXPECT_EQ(NO_ERROR, ret); 666 } 667} 668 669TEST_F(BinderLibTest, DeathNotificationThread) 670{ 671 status_t ret; 672 sp<BinderLibTestCallBack> callback; 673 sp<IBinder> target = addServer(); 674 ASSERT_TRUE(target != NULL); 675 sp<IBinder> client = addServer(); 676 ASSERT_TRUE(client != NULL); 677 678 sp<TestDeathRecipient> testDeathRecipient = new TestDeathRecipient(); 679 680 ret = target->linkToDeath(testDeathRecipient); 681 EXPECT_EQ(NO_ERROR, ret); 682 683 { 684 Parcel data, reply; 685 ret = target->transact(BINDER_LIB_TEST_EXIT_TRANSACTION, data, &reply, TF_ONE_WAY); 686 EXPECT_EQ(0, ret); 687 } 688 689 /* Make sure it's dead */ 690 testDeathRecipient->waitEvent(5); 691 692 /* Now, pass the ref to another process and ask that process to 693 * call linkToDeath() on it, and wait for a response. This tests 694 * two things: 695 * 1) You still get death notifications when calling linkToDeath() 696 * on a ref that is already dead when it was passed to you. 697 * 2) That death notifications are not directly pushed to the thread 698 * registering them, but to the threadpool (proc workqueue) instead. 699 * 700 * 2) is tested because the thread handling BINDER_LIB_TEST_DEATH_TRANSACTION 701 * is blocked on a condition variable waiting for the death notification to be 702 * called; therefore, that thread is not available for handling proc work. 703 * So, if the death notification was pushed to the thread workqueue, the callback 704 * would never be called, and the test would timeout and fail. 705 * 706 * Note that we can't do this part of the test from this thread itself, because 707 * the binder driver would only push death notifications to the thread if 708 * it is a looper thread, which this thread is not. 709 * 710 * See b/23525545 for details. 711 */ 712 { 713 Parcel data, reply; 714 715 callback = new BinderLibTestCallBack(); 716 data.writeStrongBinder(target); 717 data.writeStrongBinder(callback); 718 ret = client->transact(BINDER_LIB_TEST_LINK_DEATH_TRANSACTION, data, &reply, TF_ONE_WAY); 719 EXPECT_EQ(NO_ERROR, ret); 720 } 721 722 ret = callback->waitEvent(5); 723 EXPECT_EQ(NO_ERROR, ret); 724 ret = callback->getResult(); 725 EXPECT_EQ(NO_ERROR, ret); 726} 727 728TEST_F(BinderLibTest, PassFile) { 729 int ret; 730 int pipefd[2]; 731 uint8_t buf[1] = { 0 }; 732 uint8_t write_value = 123; 733 734 ret = pipe2(pipefd, O_NONBLOCK); 735 ASSERT_EQ(0, ret); 736 737 { 738 Parcel data, reply; 739 uint8_t writebuf[1] = { write_value }; 740 741 ret = data.writeFileDescriptor(pipefd[1], true); 742 EXPECT_EQ(NO_ERROR, ret); 743 744 ret = data.writeInt32(sizeof(writebuf)); 745 EXPECT_EQ(NO_ERROR, ret); 746 747 ret = data.write(writebuf, sizeof(writebuf)); 748 EXPECT_EQ(NO_ERROR, ret); 749 750 ret = m_server->transact(BINDER_LIB_TEST_WRITE_FILE_TRANSACTION, data, &reply); 751 EXPECT_EQ(NO_ERROR, ret); 752 } 753 754 ret = read(pipefd[0], buf, sizeof(buf)); 755 EXPECT_EQ(sizeof(buf), (size_t)ret); 756 EXPECT_EQ(write_value, buf[0]); 757 758 waitForReadData(pipefd[0], 5000); /* wait for other proccess to close pipe */ 759 760 ret = read(pipefd[0], buf, sizeof(buf)); 761 EXPECT_EQ(0, ret); 762 763 close(pipefd[0]); 764} 765 766TEST_F(BinderLibTest, PromoteLocal) { 767 sp<IBinder> strong = new BBinder(); 768 wp<IBinder> weak = strong; 769 sp<IBinder> strong_from_weak = weak.promote(); 770 EXPECT_TRUE(strong != NULL); 771 EXPECT_EQ(strong, strong_from_weak); 772 strong = NULL; 773 strong_from_weak = NULL; 774 strong_from_weak = weak.promote(); 775 EXPECT_TRUE(strong_from_weak == NULL); 776} 777 778TEST_F(BinderLibTest, PromoteRemote) { 779 int ret; 780 Parcel data, reply; 781 sp<IBinder> strong = new BBinder(); 782 sp<IBinder> server = addServer(); 783 784 ASSERT_TRUE(server != NULL); 785 ASSERT_TRUE(strong != NULL); 786 787 ret = data.writeWeakBinder(strong); 788 EXPECT_EQ(NO_ERROR, ret); 789 790 ret = server->transact(BINDER_LIB_TEST_PROMOTE_WEAK_REF_TRANSACTION, data, &reply); 791 EXPECT_GE(ret, 0); 792} 793 794TEST_F(BinderLibTest, CheckHandleZeroBinderHighBitsZeroCookie) { 795 status_t ret; 796 Parcel data, reply; 797 798 ret = m_server->transact(BINDER_LIB_TEST_GET_SELF_TRANSACTION, data, &reply); 799 EXPECT_EQ(NO_ERROR, ret); 800 801 const flat_binder_object *fb = reply.readObject(false); 802 ASSERT_TRUE(fb != NULL); 803 EXPECT_EQ(BINDER_TYPE_HANDLE, fb->hdr.type); 804 EXPECT_EQ(m_server, ProcessState::self()->getStrongProxyForHandle(fb->handle)); 805 EXPECT_EQ((binder_uintptr_t)0, fb->cookie); 806 EXPECT_EQ((uint64_t)0, (uint64_t)fb->binder >> 32); 807} 808 809TEST_F(BinderLibTest, FreedBinder) { 810 status_t ret; 811 812 sp<IBinder> server = addServer(); 813 ASSERT_TRUE(server != NULL); 814 815 __u32 freedHandle; 816 wp<IBinder> keepFreedBinder; 817 { 818 Parcel data, reply; 819 data.writeBool(false); /* request weak reference */ 820 ret = server->transact(BINDER_LIB_TEST_CREATE_BINDER_TRANSACTION, data, &reply); 821 ASSERT_EQ(NO_ERROR, ret); 822 struct flat_binder_object *freed = (struct flat_binder_object *)(reply.data()); 823 freedHandle = freed->handle; 824 /* Add a weak ref to the freed binder so the driver does not 825 * delete its reference to it - otherwise the transaction 826 * fails regardless of whether the driver is fixed. 827 */ 828 keepFreedBinder = reply.readWeakBinder(); 829 } 830 { 831 Parcel data, reply; 832 data.writeStrongBinder(server); 833 /* Replace original handle with handle to the freed binder */ 834 struct flat_binder_object *strong = (struct flat_binder_object *)(data.data()); 835 __u32 oldHandle = strong->handle; 836 strong->handle = freedHandle; 837 ret = server->transact(BINDER_LIB_TEST_ADD_STRONG_REF_TRANSACTION, data, &reply); 838 /* Returns DEAD_OBJECT (-32) if target crashes and 839 * FAILED_TRANSACTION if the driver rejects the invalid 840 * object. 841 */ 842 EXPECT_EQ((status_t)FAILED_TRANSACTION, ret); 843 /* Restore original handle so parcel destructor does not use 844 * the wrong handle. 845 */ 846 strong->handle = oldHandle; 847 } 848} 849 850TEST_F(BinderLibTest, CheckNoHeaderMappedInUser) { 851 status_t ret; 852 Parcel data, reply; 853 sp<BinderLibTestCallBack> callBack = new BinderLibTestCallBack(); 854 for (int i = 0; i < 2; i++) { 855 BinderLibTestBundle datai; 856 datai.appendFrom(&data, 0, data.dataSize()); 857 858 data.freeData(); 859 data.writeInt32(1); 860 data.writeStrongBinder(callBack); 861 data.writeInt32(BINDER_LIB_TEST_CALL_BACK_VERIFY_BUF); 862 863 datai.appendTo(&data); 864 } 865 ret = m_server->transact(BINDER_LIB_TEST_INDIRECT_TRANSACTION, data, &reply); 866 EXPECT_EQ(NO_ERROR, ret); 867} 868 869TEST_F(BinderLibTest, OnewayQueueing) 870{ 871 status_t ret; 872 Parcel data, data2; 873 874 sp<IBinder> pollServer = addPollServer(); 875 876 sp<BinderLibTestCallBack> callBack = new BinderLibTestCallBack(); 877 data.writeStrongBinder(callBack); 878 data.writeInt32(500000); // delay in us before calling back 879 880 sp<BinderLibTestCallBack> callBack2 = new BinderLibTestCallBack(); 881 data2.writeStrongBinder(callBack2); 882 data2.writeInt32(0); // delay in us 883 884 ret = pollServer->transact(BINDER_LIB_TEST_DELAYED_CALL_BACK, data, NULL, TF_ONE_WAY); 885 EXPECT_EQ(NO_ERROR, ret); 886 887 // The delay ensures that this second transaction will end up on the async_todo list 888 // (for a single-threaded server) 889 ret = pollServer->transact(BINDER_LIB_TEST_DELAYED_CALL_BACK, data2, NULL, TF_ONE_WAY); 890 EXPECT_EQ(NO_ERROR, ret); 891 892 // The server will ensure that the two transactions are handled in the expected order; 893 // If the ordering is not as expected, an error will be returned through the callbacks. 894 ret = callBack->waitEvent(2); 895 EXPECT_EQ(NO_ERROR, ret); 896 ret = callBack->getResult(); 897 EXPECT_EQ(NO_ERROR, ret); 898 899 ret = callBack2->waitEvent(2); 900 EXPECT_EQ(NO_ERROR, ret); 901 ret = callBack2->getResult(); 902 EXPECT_EQ(NO_ERROR, ret); 903} 904 905class BinderLibTestService : public BBinder 906{ 907 public: 908 BinderLibTestService(int32_t id) 909 : m_id(id) 910 , m_nextServerId(id + 1) 911 , m_serverStartRequested(false) 912 , m_callback(NULL) 913 { 914 pthread_mutex_init(&m_serverWaitMutex, NULL); 915 pthread_cond_init(&m_serverWaitCond, NULL); 916 } 917 ~BinderLibTestService() 918 { 919 exit(EXIT_SUCCESS); 920 } 921 922 void processPendingCall() { 923 if (m_callback != NULL) { 924 Parcel data; 925 data.writeInt32(NO_ERROR); 926 m_callback->transact(BINDER_LIB_TEST_CALL_BACK, data, nullptr, TF_ONE_WAY); 927 m_callback = NULL; 928 } 929 } 930 931 virtual status_t onTransact(uint32_t code, 932 const Parcel& data, Parcel* reply, 933 uint32_t flags = 0) { 934 //printf("%s: code %d\n", __func__, code); 935 (void)flags; 936 937 if (getuid() != (uid_t)IPCThreadState::self()->getCallingUid()) { 938 return PERMISSION_DENIED; 939 } 940 switch (code) { 941 case BINDER_LIB_TEST_REGISTER_SERVER: { 942 int32_t id; 943 sp<IBinder> binder; 944 id = data.readInt32(); 945 binder = data.readStrongBinder(); 946 if (binder == NULL) { 947 return BAD_VALUE; 948 } 949 950 if (m_id != 0) 951 return INVALID_OPERATION; 952 953 pthread_mutex_lock(&m_serverWaitMutex); 954 if (m_serverStartRequested) { 955 m_serverStartRequested = false; 956 m_serverStarted = binder; 957 pthread_cond_signal(&m_serverWaitCond); 958 } 959 pthread_mutex_unlock(&m_serverWaitMutex); 960 return NO_ERROR; 961 } 962 case BINDER_LIB_TEST_ADD_POLL_SERVER: 963 case BINDER_LIB_TEST_ADD_SERVER: { 964 int ret; 965 uint8_t buf[1] = { 0 }; 966 int serverid; 967 968 if (m_id != 0) { 969 return INVALID_OPERATION; 970 } 971 pthread_mutex_lock(&m_serverWaitMutex); 972 if (m_serverStartRequested) { 973 ret = -EBUSY; 974 } else { 975 serverid = m_nextServerId++; 976 m_serverStartRequested = true; 977 bool usePoll = code == BINDER_LIB_TEST_ADD_POLL_SERVER; 978 979 pthread_mutex_unlock(&m_serverWaitMutex); 980 ret = start_server_process(serverid, usePoll); 981 pthread_mutex_lock(&m_serverWaitMutex); 982 } 983 if (ret > 0) { 984 if (m_serverStartRequested) { 985 struct timespec ts; 986 clock_gettime(CLOCK_REALTIME, &ts); 987 ts.tv_sec += 5; 988 ret = pthread_cond_timedwait(&m_serverWaitCond, &m_serverWaitMutex, &ts); 989 } 990 if (m_serverStartRequested) { 991 m_serverStartRequested = false; 992 ret = -ETIMEDOUT; 993 } else { 994 reply->writeStrongBinder(m_serverStarted); 995 reply->writeInt32(serverid); 996 m_serverStarted = NULL; 997 ret = NO_ERROR; 998 } 999 } else if (ret >= 0) { 1000 m_serverStartRequested = false; 1001 ret = UNKNOWN_ERROR; 1002 } 1003 pthread_mutex_unlock(&m_serverWaitMutex); 1004 return ret; 1005 } 1006 case BINDER_LIB_TEST_NOP_TRANSACTION: 1007 return NO_ERROR; 1008 case BINDER_LIB_TEST_DELAYED_CALL_BACK: { 1009 // Note: this transaction is only designed for use with a 1010 // poll() server. See comments around epoll_wait(). 1011 if (m_callback != NULL) { 1012 // A callback was already pending; this means that 1013 // we received a second call while still processing 1014 // the first one. Fail the test. 1015 sp<IBinder> callback = data.readStrongBinder(); 1016 Parcel data2; 1017 data2.writeInt32(UNKNOWN_ERROR); 1018 1019 callback->transact(BINDER_LIB_TEST_CALL_BACK, data2, NULL, TF_ONE_WAY); 1020 } else { 1021 m_callback = data.readStrongBinder(); 1022 int32_t delayUs = data.readInt32(); 1023 /* 1024 * It's necessary that we sleep here, so the next 1025 * transaction the caller makes will be queued to 1026 * the async queue. 1027 */ 1028 usleep(delayUs); 1029 1030 /* 1031 * Now when we return, libbinder will tell the kernel 1032 * we are done with this transaction, and the kernel 1033 * can move the queued transaction to either the 1034 * thread todo worklist (for kernels without the fix), 1035 * or the proc todo worklist. In case of the former, 1036 * the next outbound call will pick up the pending 1037 * transaction, which leads to undesired reentrant 1038 * behavior. This is caught in the if() branch above. 1039 */ 1040 } 1041 1042 return NO_ERROR; 1043 } 1044 case BINDER_LIB_TEST_NOP_CALL_BACK: { 1045 Parcel data2, reply2; 1046 sp<IBinder> binder; 1047 binder = data.readStrongBinder(); 1048 if (binder == NULL) { 1049 return BAD_VALUE; 1050 } 1051 data2.writeInt32(NO_ERROR); 1052 binder->transact(BINDER_LIB_TEST_CALL_BACK, data2, &reply2); 1053 return NO_ERROR; 1054 } 1055 case BINDER_LIB_TEST_GET_SELF_TRANSACTION: 1056 reply->writeStrongBinder(this); 1057 return NO_ERROR; 1058 case BINDER_LIB_TEST_GET_ID_TRANSACTION: 1059 reply->writeInt32(m_id); 1060 return NO_ERROR; 1061 case BINDER_LIB_TEST_INDIRECT_TRANSACTION: { 1062 int32_t count; 1063 uint32_t indirect_code; 1064 sp<IBinder> binder; 1065 1066 count = data.readInt32(); 1067 reply->writeInt32(m_id); 1068 reply->writeInt32(count); 1069 for (int i = 0; i < count; i++) { 1070 binder = data.readStrongBinder(); 1071 if (binder == NULL) { 1072 return BAD_VALUE; 1073 } 1074 indirect_code = data.readInt32(); 1075 BinderLibTestBundle data2(&data); 1076 if (!data2.isValid()) { 1077 return BAD_VALUE; 1078 } 1079 BinderLibTestBundle reply2; 1080 binder->transact(indirect_code, data2, &reply2); 1081 reply2.appendTo(reply); 1082 } 1083 return NO_ERROR; 1084 } 1085 case BINDER_LIB_TEST_SET_ERROR_TRANSACTION: 1086 reply->setError(data.readInt32()); 1087 return NO_ERROR; 1088 case BINDER_LIB_TEST_GET_PTR_SIZE_TRANSACTION: 1089 reply->writeInt32(sizeof(void *)); 1090 return NO_ERROR; 1091 case BINDER_LIB_TEST_GET_STATUS_TRANSACTION: 1092 return NO_ERROR; 1093 case BINDER_LIB_TEST_ADD_STRONG_REF_TRANSACTION: 1094 m_strongRef = data.readStrongBinder(); 1095 return NO_ERROR; 1096 case BINDER_LIB_TEST_LINK_DEATH_TRANSACTION: { 1097 int ret; 1098 Parcel data2, reply2; 1099 sp<TestDeathRecipient> testDeathRecipient = new TestDeathRecipient(); 1100 sp<IBinder> target; 1101 sp<IBinder> callback; 1102 1103 target = data.readStrongBinder(); 1104 if (target == NULL) { 1105 return BAD_VALUE; 1106 } 1107 callback = data.readStrongBinder(); 1108 if (callback == NULL) { 1109 return BAD_VALUE; 1110 } 1111 ret = target->linkToDeath(testDeathRecipient); 1112 if (ret == NO_ERROR) 1113 ret = testDeathRecipient->waitEvent(5); 1114 data2.writeInt32(ret); 1115 callback->transact(BINDER_LIB_TEST_CALL_BACK, data2, &reply2); 1116 return NO_ERROR; 1117 } 1118 case BINDER_LIB_TEST_WRITE_FILE_TRANSACTION: { 1119 int ret; 1120 int32_t size; 1121 const void *buf; 1122 int fd; 1123 1124 fd = data.readFileDescriptor(); 1125 if (fd < 0) { 1126 return BAD_VALUE; 1127 } 1128 ret = data.readInt32(&size); 1129 if (ret != NO_ERROR) { 1130 return ret; 1131 } 1132 buf = data.readInplace(size); 1133 if (buf == NULL) { 1134 return BAD_VALUE; 1135 } 1136 ret = write(fd, buf, size); 1137 if (ret != size) 1138 return UNKNOWN_ERROR; 1139 return NO_ERROR; 1140 } 1141 case BINDER_LIB_TEST_PROMOTE_WEAK_REF_TRANSACTION: { 1142 int ret; 1143 wp<IBinder> weak; 1144 sp<IBinder> strong; 1145 Parcel data2, reply2; 1146 sp<IServiceManager> sm = defaultServiceManager(); 1147 sp<IBinder> server = sm->getService(binderLibTestServiceName); 1148 1149 weak = data.readWeakBinder(); 1150 if (weak == NULL) { 1151 return BAD_VALUE; 1152 } 1153 strong = weak.promote(); 1154 1155 ret = server->transact(BINDER_LIB_TEST_NOP_TRANSACTION, data2, &reply2); 1156 if (ret != NO_ERROR) 1157 exit(EXIT_FAILURE); 1158 1159 if (strong == NULL) { 1160 reply->setError(1); 1161 } 1162 return NO_ERROR; 1163 } 1164 case BINDER_LIB_TEST_DELAYED_EXIT_TRANSACTION: 1165 alarm(10); 1166 return NO_ERROR; 1167 case BINDER_LIB_TEST_EXIT_TRANSACTION: 1168 while (wait(NULL) != -1 || errno != ECHILD) 1169 ; 1170 exit(EXIT_SUCCESS); 1171 case BINDER_LIB_TEST_CREATE_BINDER_TRANSACTION: { 1172 bool strongRef = data.readBool(); 1173 sp<IBinder> binder = new BBinder(); 1174 if (strongRef) { 1175 reply->writeStrongBinder(binder); 1176 } else { 1177 reply->writeWeakBinder(binder); 1178 } 1179 return NO_ERROR; 1180 } 1181 default: 1182 return UNKNOWN_TRANSACTION; 1183 }; 1184 } 1185 private: 1186 int32_t m_id; 1187 int32_t m_nextServerId; 1188 pthread_mutex_t m_serverWaitMutex; 1189 pthread_cond_t m_serverWaitCond; 1190 bool m_serverStartRequested; 1191 sp<IBinder> m_serverStarted; 1192 sp<IBinder> m_strongRef; 1193 bool m_callbackPending; 1194 sp<IBinder> m_callback; 1195}; 1196 1197int run_server(int index, int readypipefd, bool usePoll) 1198{ 1199 binderLibTestServiceName += String16(binderserversuffix); 1200 1201 status_t ret; 1202 sp<IServiceManager> sm = defaultServiceManager(); 1203 BinderLibTestService* testServicePtr; 1204 { 1205 sp<BinderLibTestService> testService = new BinderLibTestService(index); 1206 /* 1207 * We need this below, but can't hold a sp<> because it prevents the 1208 * node from being cleaned up automatically. It's safe in this case 1209 * because of how the tests are written. 1210 */ 1211 testServicePtr = testService.get(); 1212 1213 if (index == 0) { 1214 ret = sm->addService(binderLibTestServiceName, testService); 1215 } else { 1216 sp<IBinder> server = sm->getService(binderLibTestServiceName); 1217 Parcel data, reply; 1218 data.writeInt32(index); 1219 data.writeStrongBinder(testService); 1220 1221 ret = server->transact(BINDER_LIB_TEST_REGISTER_SERVER, data, &reply); 1222 } 1223 } 1224 write(readypipefd, &ret, sizeof(ret)); 1225 close(readypipefd); 1226 //printf("%s: ret %d\n", __func__, ret); 1227 if (ret) 1228 return 1; 1229 //printf("%s: joinThreadPool\n", __func__); 1230 if (usePoll) { 1231 int fd; 1232 struct epoll_event ev; 1233 int epoll_fd; 1234 IPCThreadState::self()->setupPolling(&fd); 1235 if (fd < 0) { 1236 return 1; 1237 } 1238 IPCThreadState::self()->flushCommands(); // flush BC_ENTER_LOOPER 1239 1240 epoll_fd = epoll_create1(0); 1241 if (epoll_fd == -1) { 1242 return 1; 1243 } 1244 1245 ev.events = EPOLLIN; 1246 if (epoll_ctl(epoll_fd, EPOLL_CTL_ADD, fd, &ev) == -1) { 1247 return 1; 1248 } 1249 1250 while (1) { 1251 /* 1252 * We simulate a single-threaded process using the binder poll 1253 * interface; besides handling binder commands, it can also 1254 * issue outgoing transactions, by storing a callback in 1255 * m_callback and setting m_callbackPending. 1256 * 1257 * processPendingCall() will then issue that transaction. 1258 */ 1259 struct epoll_event events[1]; 1260 int numEvents = epoll_wait(epoll_fd, events, 1, 1000); 1261 if (numEvents < 0) { 1262 if (errno == EINTR) { 1263 continue; 1264 } 1265 return 1; 1266 } 1267 if (numEvents > 0) { 1268 IPCThreadState::self()->handlePolledCommands(); 1269 IPCThreadState::self()->flushCommands(); // flush BC_FREE_BUFFER 1270 testServicePtr->processPendingCall(); 1271 } 1272 } 1273 } else { 1274 ProcessState::self()->startThreadPool(); 1275 IPCThreadState::self()->joinThreadPool(); 1276 } 1277 //printf("%s: joinThreadPool returned\n", __func__); 1278 return 1; /* joinThreadPool should not return */ 1279} 1280 1281int main(int argc, char **argv) { 1282 int ret; 1283 1284 if (argc == 4 && !strcmp(argv[1], "--servername")) { 1285 binderservername = argv[2]; 1286 } else { 1287 binderservername = argv[0]; 1288 } 1289 1290 if (argc == 6 && !strcmp(argv[1], binderserverarg)) { 1291 binderserversuffix = argv[5]; 1292 return run_server(atoi(argv[2]), atoi(argv[3]), atoi(argv[4]) == 1); 1293 } 1294 binderserversuffix = new char[16]; 1295 snprintf(binderserversuffix, 16, "%d", getpid()); 1296 binderLibTestServiceName += String16(binderserversuffix); 1297 1298 ::testing::InitGoogleTest(&argc, argv); 1299 binder_env = AddGlobalTestEnvironment(new BinderLibTestEnv()); 1300 ProcessState::self()->startThreadPool(); 1301 return RUN_ALL_TESTS(); 1302} 1303 1304