1/* 2 * Copyright (C) 2006 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#define LOG_TAG "JavaBinder" 18//#define LOG_NDEBUG 0 19 20#include "android_os_Parcel.h" 21#include "android_util_Binder.h" 22 23#include "JNIHelp.h" 24 25#include <fcntl.h> 26#include <stdio.h> 27#include <sys/stat.h> 28#include <sys/types.h> 29#include <unistd.h> 30 31#include <utils/Atomic.h> 32#include <binder/IInterface.h> 33#include <binder/IPCThreadState.h> 34#include <utils/Log.h> 35#include <utils/SystemClock.h> 36#include <utils/List.h> 37#include <utils/KeyedVector.h> 38#include <cutils/logger.h> 39#include <binder/Parcel.h> 40#include <binder/ProcessState.h> 41#include <binder/IServiceManager.h> 42#include <utils/threads.h> 43#include <utils/String8.h> 44 45#include <ScopedUtfChars.h> 46#include <ScopedLocalRef.h> 47 48#include <android_runtime/AndroidRuntime.h> 49 50//#undef ALOGV 51//#define ALOGV(...) fprintf(stderr, __VA_ARGS__) 52 53#define DEBUG_DEATH 0 54#if DEBUG_DEATH 55#define LOGDEATH ALOGD 56#else 57#define LOGDEATH ALOGV 58#endif 59 60using namespace android; 61 62// ---------------------------------------------------------------------------- 63 64static struct bindernative_offsets_t 65{ 66 // Class state. 67 jclass mClass; 68 jmethodID mExecTransact; 69 70 // Object state. 71 jfieldID mObject; 72 73} gBinderOffsets; 74 75// ---------------------------------------------------------------------------- 76 77static struct binderinternal_offsets_t 78{ 79 // Class state. 80 jclass mClass; 81 jmethodID mForceGc; 82 83} gBinderInternalOffsets; 84 85// ---------------------------------------------------------------------------- 86 87static struct debug_offsets_t 88{ 89 // Class state. 90 jclass mClass; 91 92} gDebugOffsets; 93 94// ---------------------------------------------------------------------------- 95 96static struct weakreference_offsets_t 97{ 98 // Class state. 99 jclass mClass; 100 jmethodID mGet; 101 102} gWeakReferenceOffsets; 103 104static struct error_offsets_t 105{ 106 jclass mClass; 107} gErrorOffsets; 108 109// ---------------------------------------------------------------------------- 110 111static struct binderproxy_offsets_t 112{ 113 // Class state. 114 jclass mClass; 115 jmethodID mConstructor; 116 jmethodID mSendDeathNotice; 117 118 // Object state. 119 jfieldID mObject; 120 jfieldID mSelf; 121 jfieldID mOrgue; 122 123} gBinderProxyOffsets; 124 125static struct class_offsets_t 126{ 127 jmethodID mGetName; 128} gClassOffsets; 129 130// ---------------------------------------------------------------------------- 131 132static struct log_offsets_t 133{ 134 // Class state. 135 jclass mClass; 136 jmethodID mLogE; 137} gLogOffsets; 138 139static struct parcel_file_descriptor_offsets_t 140{ 141 jclass mClass; 142 jmethodID mConstructor; 143} gParcelFileDescriptorOffsets; 144 145static struct strict_mode_callback_offsets_t 146{ 147 jclass mClass; 148 jmethodID mCallback; 149} gStrictModeCallbackOffsets; 150 151// **************************************************************************** 152// **************************************************************************** 153// **************************************************************************** 154 155static volatile int32_t gNumRefsCreated = 0; 156static volatile int32_t gNumProxyRefs = 0; 157static volatile int32_t gNumLocalRefs = 0; 158static volatile int32_t gNumDeathRefs = 0; 159 160static void incRefsCreated(JNIEnv* env) 161{ 162 int old = android_atomic_inc(&gNumRefsCreated); 163 if (old == 200) { 164 android_atomic_and(0, &gNumRefsCreated); 165 env->CallStaticVoidMethod(gBinderInternalOffsets.mClass, 166 gBinderInternalOffsets.mForceGc); 167 } else { 168 ALOGV("Now have %d binder ops", old); 169 } 170} 171 172static JavaVM* jnienv_to_javavm(JNIEnv* env) 173{ 174 JavaVM* vm; 175 return env->GetJavaVM(&vm) >= 0 ? vm : NULL; 176} 177 178static JNIEnv* javavm_to_jnienv(JavaVM* vm) 179{ 180 JNIEnv* env; 181 return vm->GetEnv((void **)&env, JNI_VERSION_1_4) >= 0 ? env : NULL; 182} 183 184static void report_exception(JNIEnv* env, jthrowable excep, const char* msg) 185{ 186 env->ExceptionClear(); 187 188 jstring tagstr = env->NewStringUTF(LOG_TAG); 189 jstring msgstr = env->NewStringUTF(msg); 190 191 if ((tagstr == NULL) || (msgstr == NULL)) { 192 env->ExceptionClear(); /* assume exception (OOM?) was thrown */ 193 ALOGE("Unable to call Log.e()\n"); 194 ALOGE("%s", msg); 195 goto bail; 196 } 197 198 env->CallStaticIntMethod( 199 gLogOffsets.mClass, gLogOffsets.mLogE, tagstr, msgstr, excep); 200 if (env->ExceptionCheck()) { 201 /* attempting to log the failure has failed */ 202 ALOGW("Failed trying to log exception, msg='%s'\n", msg); 203 env->ExceptionClear(); 204 } 205 206 if (env->IsInstanceOf(excep, gErrorOffsets.mClass)) { 207 /* 208 * It's an Error: Reraise the exception, detach this thread, and 209 * wait for the fireworks. Die even more blatantly after a minute 210 * if the gentler attempt doesn't do the trick. 211 * 212 * The GetJavaVM function isn't on the "approved" list of JNI calls 213 * that can be made while an exception is pending, so we want to 214 * get the VM ptr, throw the exception, and then detach the thread. 215 */ 216 JavaVM* vm = jnienv_to_javavm(env); 217 env->Throw(excep); 218 vm->DetachCurrentThread(); 219 sleep(60); 220 ALOGE("Forcefully exiting"); 221 exit(1); 222 *((int *) 1) = 1; 223 } 224 225bail: 226 /* discard local refs created for us by VM */ 227 env->DeleteLocalRef(tagstr); 228 env->DeleteLocalRef(msgstr); 229} 230 231class JavaBBinderHolder; 232 233class JavaBBinder : public BBinder 234{ 235public: 236 JavaBBinder(JNIEnv* env, jobject object) 237 : mVM(jnienv_to_javavm(env)), mObject(env->NewGlobalRef(object)) 238 { 239 ALOGV("Creating JavaBBinder %p\n", this); 240 android_atomic_inc(&gNumLocalRefs); 241 incRefsCreated(env); 242 } 243 244 bool checkSubclass(const void* subclassID) const 245 { 246 return subclassID == &gBinderOffsets; 247 } 248 249 jobject object() const 250 { 251 return mObject; 252 } 253 254protected: 255 virtual ~JavaBBinder() 256 { 257 ALOGV("Destroying JavaBBinder %p\n", this); 258 android_atomic_dec(&gNumLocalRefs); 259 JNIEnv* env = javavm_to_jnienv(mVM); 260 env->DeleteGlobalRef(mObject); 261 } 262 263 virtual status_t onTransact( 264 uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags = 0) 265 { 266 JNIEnv* env = javavm_to_jnienv(mVM); 267 268 ALOGV("onTransact() on %p calling object %p in env %p vm %p\n", this, mObject, env, mVM); 269 270 IPCThreadState* thread_state = IPCThreadState::self(); 271 const int strict_policy_before = thread_state->getStrictModePolicy(); 272 thread_state->setLastTransactionBinderFlags(flags); 273 274 //printf("Transact from %p to Java code sending: ", this); 275 //data.print(); 276 //printf("\n"); 277 jboolean res = env->CallBooleanMethod(mObject, gBinderOffsets.mExecTransact, 278 code, (int32_t)&data, (int32_t)reply, flags); 279 jthrowable excep = env->ExceptionOccurred(); 280 281 if (excep) { 282 report_exception(env, excep, 283 "*** Uncaught remote exception! " 284 "(Exceptions are not yet supported across processes.)"); 285 res = JNI_FALSE; 286 287 /* clean up JNI local ref -- we don't return to Java code */ 288 env->DeleteLocalRef(excep); 289 } 290 291 // Restore the Java binder thread's state if it changed while 292 // processing a call (as it would if the Parcel's header had a 293 // new policy mask and Parcel.enforceInterface() changed 294 // it...) 295 const int strict_policy_after = thread_state->getStrictModePolicy(); 296 if (strict_policy_after != strict_policy_before) { 297 // Our thread-local... 298 thread_state->setStrictModePolicy(strict_policy_before); 299 // And the Java-level thread-local... 300 set_dalvik_blockguard_policy(env, strict_policy_before); 301 } 302 303 jthrowable excep2 = env->ExceptionOccurred(); 304 if (excep2) { 305 report_exception(env, excep2, 306 "*** Uncaught exception in onBinderStrictModePolicyChange"); 307 /* clean up JNI local ref -- we don't return to Java code */ 308 env->DeleteLocalRef(excep2); 309 } 310 311 // Need to always call through the native implementation of 312 // SYSPROPS_TRANSACTION. 313 if (code == SYSPROPS_TRANSACTION) { 314 BBinder::onTransact(code, data, reply, flags); 315 } 316 317 //aout << "onTransact to Java code; result=" << res << endl 318 // << "Transact from " << this << " to Java code returning " 319 // << reply << ": " << *reply << endl; 320 return res != JNI_FALSE ? NO_ERROR : UNKNOWN_TRANSACTION; 321 } 322 323 virtual status_t dump(int fd, const Vector<String16>& args) 324 { 325 return 0; 326 } 327 328private: 329 JavaVM* const mVM; 330 jobject const mObject; 331}; 332 333// ---------------------------------------------------------------------------- 334 335class JavaBBinderHolder : public RefBase 336{ 337public: 338 sp<JavaBBinder> get(JNIEnv* env, jobject obj) 339 { 340 AutoMutex _l(mLock); 341 sp<JavaBBinder> b = mBinder.promote(); 342 if (b == NULL) { 343 b = new JavaBBinder(env, obj); 344 mBinder = b; 345 ALOGV("Creating JavaBinder %p (refs %p) for Object %p, weakCount=%d\n", 346 b.get(), b->getWeakRefs(), obj, b->getWeakRefs()->getWeakCount()); 347 } 348 349 return b; 350 } 351 352 sp<JavaBBinder> getExisting() 353 { 354 AutoMutex _l(mLock); 355 return mBinder.promote(); 356 } 357 358private: 359 Mutex mLock; 360 wp<JavaBBinder> mBinder; 361}; 362 363// ---------------------------------------------------------------------------- 364 365// Per-IBinder death recipient bookkeeping. This is how we reconcile local jobject 366// death recipient references passed in through JNI with the permanent corresponding 367// JavaDeathRecipient objects. 368 369class JavaDeathRecipient; 370 371class DeathRecipientList : public RefBase { 372 List< sp<JavaDeathRecipient> > mList; 373 Mutex mLock; 374 375public: 376 DeathRecipientList(); 377 ~DeathRecipientList(); 378 379 void add(const sp<JavaDeathRecipient>& recipient); 380 void remove(const sp<JavaDeathRecipient>& recipient); 381 sp<JavaDeathRecipient> find(jobject recipient); 382}; 383 384// ---------------------------------------------------------------------------- 385 386class JavaDeathRecipient : public IBinder::DeathRecipient 387{ 388public: 389 JavaDeathRecipient(JNIEnv* env, jobject object, const sp<DeathRecipientList>& list) 390 : mVM(jnienv_to_javavm(env)), mObject(env->NewGlobalRef(object)), 391 mObjectWeak(NULL), mList(list) 392 { 393 // These objects manage their own lifetimes so are responsible for final bookkeeping. 394 // The list holds a strong reference to this object. 395 LOGDEATH("Adding JDR %p to DRL %p", this, list.get()); 396 list->add(this); 397 398 android_atomic_inc(&gNumDeathRefs); 399 incRefsCreated(env); 400 } 401 402 void binderDied(const wp<IBinder>& who) 403 { 404 LOGDEATH("Receiving binderDied() on JavaDeathRecipient %p\n", this); 405 if (mObject != NULL) { 406 JNIEnv* env = javavm_to_jnienv(mVM); 407 408 env->CallStaticVoidMethod(gBinderProxyOffsets.mClass, 409 gBinderProxyOffsets.mSendDeathNotice, mObject); 410 jthrowable excep = env->ExceptionOccurred(); 411 if (excep) { 412 report_exception(env, excep, 413 "*** Uncaught exception returned from death notification!"); 414 } 415 416 // Demote from strong ref to weak after binderDied() has been delivered, 417 // to allow the DeathRecipient and BinderProxy to be GC'd if no longer needed. 418 mObjectWeak = env->NewWeakGlobalRef(mObject); 419 env->DeleteGlobalRef(mObject); 420 mObject = NULL; 421 } 422 } 423 424 void clearReference() 425 { 426 sp<DeathRecipientList> list = mList.promote(); 427 if (list != NULL) { 428 LOGDEATH("Removing JDR %p from DRL %p", this, list.get()); 429 list->remove(this); 430 } else { 431 LOGDEATH("clearReference() on JDR %p but DRL wp purged", this); 432 } 433 } 434 435 bool matches(jobject obj) { 436 bool result; 437 JNIEnv* env = javavm_to_jnienv(mVM); 438 439 if (mObject != NULL) { 440 result = env->IsSameObject(obj, mObject); 441 } else { 442 jobject me = env->NewLocalRef(mObjectWeak); 443 result = env->IsSameObject(obj, me); 444 env->DeleteLocalRef(me); 445 } 446 return result; 447 } 448 449 void warnIfStillLive() { 450 if (mObject != NULL) { 451 // Okay, something is wrong -- we have a hard reference to a live death 452 // recipient on the VM side, but the list is being torn down. 453 JNIEnv* env = javavm_to_jnienv(mVM); 454 ScopedLocalRef<jclass> objClassRef(env, env->GetObjectClass(mObject)); 455 ScopedLocalRef<jstring> nameRef(env, 456 (jstring) env->CallObjectMethod(objClassRef.get(), gClassOffsets.mGetName)); 457 ScopedUtfChars nameUtf(env, nameRef.get()); 458 if (nameUtf.c_str() != NULL) { 459 ALOGW("BinderProxy is being destroyed but the application did not call " 460 "unlinkToDeath to unlink all of its death recipients beforehand. " 461 "Releasing leaked death recipient: %s", nameUtf.c_str()); 462 } else { 463 ALOGW("BinderProxy being destroyed; unable to get DR object name"); 464 env->ExceptionClear(); 465 } 466 } 467 } 468 469protected: 470 virtual ~JavaDeathRecipient() 471 { 472 //ALOGI("Removing death ref: recipient=%p\n", mObject); 473 android_atomic_dec(&gNumDeathRefs); 474 JNIEnv* env = javavm_to_jnienv(mVM); 475 if (mObject != NULL) { 476 env->DeleteGlobalRef(mObject); 477 } else { 478 env->DeleteWeakGlobalRef(mObjectWeak); 479 } 480 } 481 482private: 483 JavaVM* const mVM; 484 jobject mObject; 485 jweak mObjectWeak; // will be a weak ref to the same VM-side DeathRecipient after binderDied() 486 wp<DeathRecipientList> mList; 487}; 488 489// ---------------------------------------------------------------------------- 490 491DeathRecipientList::DeathRecipientList() { 492 LOGDEATH("New DRL @ %p", this); 493} 494 495DeathRecipientList::~DeathRecipientList() { 496 LOGDEATH("Destroy DRL @ %p", this); 497 AutoMutex _l(mLock); 498 499 // Should never happen -- the JavaDeathRecipient objects that have added themselves 500 // to the list are holding references on the list object. Only when they are torn 501 // down can the list header be destroyed. 502 if (mList.size() > 0) { 503 List< sp<JavaDeathRecipient> >::iterator iter; 504 for (iter = mList.begin(); iter != mList.end(); iter++) { 505 (*iter)->warnIfStillLive(); 506 } 507 } 508} 509 510void DeathRecipientList::add(const sp<JavaDeathRecipient>& recipient) { 511 AutoMutex _l(mLock); 512 513 LOGDEATH("DRL @ %p : add JDR %p", this, recipient.get()); 514 mList.push_back(recipient); 515} 516 517void DeathRecipientList::remove(const sp<JavaDeathRecipient>& recipient) { 518 AutoMutex _l(mLock); 519 520 List< sp<JavaDeathRecipient> >::iterator iter; 521 for (iter = mList.begin(); iter != mList.end(); iter++) { 522 if (*iter == recipient) { 523 LOGDEATH("DRL @ %p : remove JDR %p", this, recipient.get()); 524 mList.erase(iter); 525 return; 526 } 527 } 528} 529 530sp<JavaDeathRecipient> DeathRecipientList::find(jobject recipient) { 531 AutoMutex _l(mLock); 532 533 List< sp<JavaDeathRecipient> >::iterator iter; 534 for (iter = mList.begin(); iter != mList.end(); iter++) { 535 if ((*iter)->matches(recipient)) { 536 return *iter; 537 } 538 } 539 return NULL; 540} 541 542// ---------------------------------------------------------------------------- 543 544namespace android { 545 546static void proxy_cleanup(const void* id, void* obj, void* cleanupCookie) 547{ 548 android_atomic_dec(&gNumProxyRefs); 549 JNIEnv* env = javavm_to_jnienv((JavaVM*)cleanupCookie); 550 env->DeleteGlobalRef((jobject)obj); 551} 552 553static Mutex mProxyLock; 554 555jobject javaObjectForIBinder(JNIEnv* env, const sp<IBinder>& val) 556{ 557 if (val == NULL) return NULL; 558 559 if (val->checkSubclass(&gBinderOffsets)) { 560 // One of our own! 561 jobject object = static_cast<JavaBBinder*>(val.get())->object(); 562 LOGDEATH("objectForBinder %p: it's our own %p!\n", val.get(), object); 563 return object; 564 } 565 566 // For the rest of the function we will hold this lock, to serialize 567 // looking/creation of Java proxies for native Binder proxies. 568 AutoMutex _l(mProxyLock); 569 570 // Someone else's... do we know about it? 571 jobject object = (jobject)val->findObject(&gBinderProxyOffsets); 572 if (object != NULL) { 573 jobject res = env->CallObjectMethod(object, gWeakReferenceOffsets.mGet); 574 if (res != NULL) { 575 ALOGV("objectForBinder %p: found existing %p!\n", val.get(), res); 576 return res; 577 } 578 LOGDEATH("Proxy object %p of IBinder %p no longer in working set!!!", object, val.get()); 579 android_atomic_dec(&gNumProxyRefs); 580 val->detachObject(&gBinderProxyOffsets); 581 env->DeleteGlobalRef(object); 582 } 583 584 object = env->NewObject(gBinderProxyOffsets.mClass, gBinderProxyOffsets.mConstructor); 585 if (object != NULL) { 586 LOGDEATH("objectForBinder %p: created new proxy %p !\n", val.get(), object); 587 // The proxy holds a reference to the native object. 588 env->SetIntField(object, gBinderProxyOffsets.mObject, (int)val.get()); 589 val->incStrong(object); 590 591 // The native object needs to hold a weak reference back to the 592 // proxy, so we can retrieve the same proxy if it is still active. 593 jobject refObject = env->NewGlobalRef( 594 env->GetObjectField(object, gBinderProxyOffsets.mSelf)); 595 val->attachObject(&gBinderProxyOffsets, refObject, 596 jnienv_to_javavm(env), proxy_cleanup); 597 598 // Also remember the death recipients registered on this proxy 599 sp<DeathRecipientList> drl = new DeathRecipientList; 600 drl->incStrong((void*)javaObjectForIBinder); 601 env->SetIntField(object, gBinderProxyOffsets.mOrgue, reinterpret_cast<jint>(drl.get())); 602 603 // Note that a new object reference has been created. 604 android_atomic_inc(&gNumProxyRefs); 605 incRefsCreated(env); 606 } 607 608 return object; 609} 610 611sp<IBinder> ibinderForJavaObject(JNIEnv* env, jobject obj) 612{ 613 if (obj == NULL) return NULL; 614 615 if (env->IsInstanceOf(obj, gBinderOffsets.mClass)) { 616 JavaBBinderHolder* jbh = (JavaBBinderHolder*) 617 env->GetIntField(obj, gBinderOffsets.mObject); 618 return jbh != NULL ? jbh->get(env, obj) : NULL; 619 } 620 621 if (env->IsInstanceOf(obj, gBinderProxyOffsets.mClass)) { 622 return (IBinder*) 623 env->GetIntField(obj, gBinderProxyOffsets.mObject); 624 } 625 626 ALOGW("ibinderForJavaObject: %p is not a Binder object", obj); 627 return NULL; 628} 629 630jobject newParcelFileDescriptor(JNIEnv* env, jobject fileDesc) 631{ 632 return env->NewObject( 633 gParcelFileDescriptorOffsets.mClass, gParcelFileDescriptorOffsets.mConstructor, fileDesc); 634} 635 636void set_dalvik_blockguard_policy(JNIEnv* env, jint strict_policy) 637{ 638 // Call back into android.os.StrictMode#onBinderStrictModePolicyChange 639 // to sync our state back to it. See the comments in StrictMode.java. 640 env->CallStaticVoidMethod(gStrictModeCallbackOffsets.mClass, 641 gStrictModeCallbackOffsets.mCallback, 642 strict_policy); 643} 644 645void signalExceptionForError(JNIEnv* env, jobject obj, status_t err, 646 bool canThrowRemoteException) 647{ 648 switch (err) { 649 case UNKNOWN_ERROR: 650 jniThrowException(env, "java/lang/RuntimeException", "Unknown error"); 651 break; 652 case NO_MEMORY: 653 jniThrowException(env, "java/lang/OutOfMemoryError", NULL); 654 break; 655 case INVALID_OPERATION: 656 jniThrowException(env, "java/lang/UnsupportedOperationException", NULL); 657 break; 658 case BAD_VALUE: 659 jniThrowException(env, "java/lang/IllegalArgumentException", NULL); 660 break; 661 case BAD_INDEX: 662 jniThrowException(env, "java/lang/IndexOutOfBoundsException", NULL); 663 break; 664 case BAD_TYPE: 665 jniThrowException(env, "java/lang/IllegalArgumentException", NULL); 666 break; 667 case NAME_NOT_FOUND: 668 jniThrowException(env, "java/util/NoSuchElementException", NULL); 669 break; 670 case PERMISSION_DENIED: 671 jniThrowException(env, "java/lang/SecurityException", NULL); 672 break; 673 case NOT_ENOUGH_DATA: 674 jniThrowException(env, "android/os/ParcelFormatException", "Not enough data"); 675 break; 676 case NO_INIT: 677 jniThrowException(env, "java/lang/RuntimeException", "Not initialized"); 678 break; 679 case ALREADY_EXISTS: 680 jniThrowException(env, "java/lang/RuntimeException", "Item already exists"); 681 break; 682 case DEAD_OBJECT: 683 // DeadObjectException is a checked exception, only throw from certain methods. 684 jniThrowException(env, canThrowRemoteException 685 ? "android/os/DeadObjectException" 686 : "java/lang/RuntimeException", NULL); 687 break; 688 case UNKNOWN_TRANSACTION: 689 jniThrowException(env, "java/lang/RuntimeException", "Unknown transaction code"); 690 break; 691 case FAILED_TRANSACTION: 692 ALOGE("!!! FAILED BINDER TRANSACTION !!!"); 693 // TransactionTooLargeException is a checked exception, only throw from certain methods. 694 // FIXME: Transaction too large is the most common reason for FAILED_TRANSACTION 695 // but it is not the only one. The Binder driver can return BR_FAILED_REPLY 696 // for other reasons also, such as if the transaction is malformed or 697 // refers to an FD that has been closed. We should change the driver 698 // to enable us to distinguish these cases in the future. 699 jniThrowException(env, canThrowRemoteException 700 ? "android/os/TransactionTooLargeException" 701 : "java/lang/RuntimeException", NULL); 702 break; 703 case FDS_NOT_ALLOWED: 704 jniThrowException(env, "java/lang/RuntimeException", 705 "Not allowed to write file descriptors here"); 706 break; 707 default: 708 ALOGE("Unknown binder error code. 0x%x", err); 709 String8 msg; 710 msg.appendFormat("Unknown binder error code. 0x%x", err); 711 // RemoteException is a checked exception, only throw from certain methods. 712 jniThrowException(env, canThrowRemoteException 713 ? "android/os/RemoteException" : "java/lang/RuntimeException", msg.string()); 714 break; 715 } 716} 717 718} 719 720// ---------------------------------------------------------------------------- 721 722static jint android_os_Binder_getCallingPid(JNIEnv* env, jobject clazz) 723{ 724 return IPCThreadState::self()->getCallingPid(); 725} 726 727static jint android_os_Binder_getCallingUid(JNIEnv* env, jobject clazz) 728{ 729 return IPCThreadState::self()->getCallingUid(); 730} 731 732static jlong android_os_Binder_clearCallingIdentity(JNIEnv* env, jobject clazz) 733{ 734 return IPCThreadState::self()->clearCallingIdentity(); 735} 736 737static void android_os_Binder_restoreCallingIdentity(JNIEnv* env, jobject clazz, jlong token) 738{ 739 // XXX temporary sanity check to debug crashes. 740 int uid = (int)(token>>32); 741 if (uid > 0 && uid < 999) { 742 // In Android currently there are no uids in this range. 743 char buf[128]; 744 sprintf(buf, "Restoring bad calling ident: 0x%Lx", token); 745 jniThrowException(env, "java/lang/IllegalStateException", buf); 746 return; 747 } 748 IPCThreadState::self()->restoreCallingIdentity(token); 749} 750 751static void android_os_Binder_setThreadStrictModePolicy(JNIEnv* env, jobject clazz, jint policyMask) 752{ 753 IPCThreadState::self()->setStrictModePolicy(policyMask); 754} 755 756static jint android_os_Binder_getThreadStrictModePolicy(JNIEnv* env, jobject clazz) 757{ 758 return IPCThreadState::self()->getStrictModePolicy(); 759} 760 761static void android_os_Binder_flushPendingCommands(JNIEnv* env, jobject clazz) 762{ 763 IPCThreadState::self()->flushCommands(); 764} 765 766static void android_os_Binder_init(JNIEnv* env, jobject obj) 767{ 768 JavaBBinderHolder* jbh = new JavaBBinderHolder(); 769 if (jbh == NULL) { 770 jniThrowException(env, "java/lang/OutOfMemoryError", NULL); 771 return; 772 } 773 ALOGV("Java Binder %p: acquiring first ref on holder %p", obj, jbh); 774 jbh->incStrong((void*)android_os_Binder_init); 775 env->SetIntField(obj, gBinderOffsets.mObject, (int)jbh); 776} 777 778static void android_os_Binder_destroy(JNIEnv* env, jobject obj) 779{ 780 JavaBBinderHolder* jbh = (JavaBBinderHolder*) 781 env->GetIntField(obj, gBinderOffsets.mObject); 782 if (jbh != NULL) { 783 env->SetIntField(obj, gBinderOffsets.mObject, 0); 784 ALOGV("Java Binder %p: removing ref on holder %p", obj, jbh); 785 jbh->decStrong((void*)android_os_Binder_init); 786 } else { 787 // Encountering an uninitialized binder is harmless. All it means is that 788 // the Binder was only partially initialized when its finalizer ran and called 789 // destroy(). The Binder could be partially initialized for several reasons. 790 // For example, a Binder subclass constructor might have thrown an exception before 791 // it could delegate to its superclass's constructor. Consequently init() would 792 // not have been called and the holder pointer would remain NULL. 793 ALOGV("Java Binder %p: ignoring uninitialized binder", obj); 794 } 795} 796 797// ---------------------------------------------------------------------------- 798 799static const JNINativeMethod gBinderMethods[] = { 800 /* name, signature, funcPtr */ 801 { "getCallingPid", "()I", (void*)android_os_Binder_getCallingPid }, 802 { "getCallingUid", "()I", (void*)android_os_Binder_getCallingUid }, 803 { "clearCallingIdentity", "()J", (void*)android_os_Binder_clearCallingIdentity }, 804 { "restoreCallingIdentity", "(J)V", (void*)android_os_Binder_restoreCallingIdentity }, 805 { "setThreadStrictModePolicy", "(I)V", (void*)android_os_Binder_setThreadStrictModePolicy }, 806 { "getThreadStrictModePolicy", "()I", (void*)android_os_Binder_getThreadStrictModePolicy }, 807 { "flushPendingCommands", "()V", (void*)android_os_Binder_flushPendingCommands }, 808 { "init", "()V", (void*)android_os_Binder_init }, 809 { "destroy", "()V", (void*)android_os_Binder_destroy } 810}; 811 812const char* const kBinderPathName = "android/os/Binder"; 813 814static int int_register_android_os_Binder(JNIEnv* env) 815{ 816 jclass clazz; 817 818 clazz = env->FindClass(kBinderPathName); 819 LOG_FATAL_IF(clazz == NULL, "Unable to find class android.os.Binder"); 820 821 gBinderOffsets.mClass = (jclass) env->NewGlobalRef(clazz); 822 gBinderOffsets.mExecTransact 823 = env->GetMethodID(clazz, "execTransact", "(IIII)Z"); 824 assert(gBinderOffsets.mExecTransact); 825 826 gBinderOffsets.mObject 827 = env->GetFieldID(clazz, "mObject", "I"); 828 assert(gBinderOffsets.mObject); 829 830 return AndroidRuntime::registerNativeMethods( 831 env, kBinderPathName, 832 gBinderMethods, NELEM(gBinderMethods)); 833} 834 835// **************************************************************************** 836// **************************************************************************** 837// **************************************************************************** 838 839namespace android { 840 841jint android_os_Debug_getLocalObjectCount(JNIEnv* env, jobject clazz) 842{ 843 return gNumLocalRefs; 844} 845 846jint android_os_Debug_getProxyObjectCount(JNIEnv* env, jobject clazz) 847{ 848 return gNumProxyRefs; 849} 850 851jint android_os_Debug_getDeathObjectCount(JNIEnv* env, jobject clazz) 852{ 853 return gNumDeathRefs; 854} 855 856} 857 858// **************************************************************************** 859// **************************************************************************** 860// **************************************************************************** 861 862static jobject android_os_BinderInternal_getContextObject(JNIEnv* env, jobject clazz) 863{ 864 sp<IBinder> b = ProcessState::self()->getContextObject(NULL); 865 return javaObjectForIBinder(env, b); 866} 867 868static void android_os_BinderInternal_joinThreadPool(JNIEnv* env, jobject clazz) 869{ 870 sp<IBinder> b = ProcessState::self()->getContextObject(NULL); 871 android::IPCThreadState::self()->joinThreadPool(); 872} 873 874static void android_os_BinderInternal_disableBackgroundScheduling(JNIEnv* env, 875 jobject clazz, jboolean disable) 876{ 877 IPCThreadState::disableBackgroundScheduling(disable ? true : false); 878} 879 880static void android_os_BinderInternal_handleGc(JNIEnv* env, jobject clazz) 881{ 882 ALOGV("Gc has executed, clearing binder ops"); 883 android_atomic_and(0, &gNumRefsCreated); 884} 885 886// ---------------------------------------------------------------------------- 887 888static const JNINativeMethod gBinderInternalMethods[] = { 889 /* name, signature, funcPtr */ 890 { "getContextObject", "()Landroid/os/IBinder;", (void*)android_os_BinderInternal_getContextObject }, 891 { "joinThreadPool", "()V", (void*)android_os_BinderInternal_joinThreadPool }, 892 { "disableBackgroundScheduling", "(Z)V", (void*)android_os_BinderInternal_disableBackgroundScheduling }, 893 { "handleGc", "()V", (void*)android_os_BinderInternal_handleGc } 894}; 895 896const char* const kBinderInternalPathName = "com/android/internal/os/BinderInternal"; 897 898static int int_register_android_os_BinderInternal(JNIEnv* env) 899{ 900 jclass clazz; 901 902 clazz = env->FindClass(kBinderInternalPathName); 903 LOG_FATAL_IF(clazz == NULL, "Unable to find class com.android.internal.os.BinderInternal"); 904 905 gBinderInternalOffsets.mClass = (jclass) env->NewGlobalRef(clazz); 906 gBinderInternalOffsets.mForceGc 907 = env->GetStaticMethodID(clazz, "forceBinderGc", "()V"); 908 assert(gBinderInternalOffsets.mForceGc); 909 910 return AndroidRuntime::registerNativeMethods( 911 env, kBinderInternalPathName, 912 gBinderInternalMethods, NELEM(gBinderInternalMethods)); 913} 914 915// **************************************************************************** 916// **************************************************************************** 917// **************************************************************************** 918 919static jboolean android_os_BinderProxy_pingBinder(JNIEnv* env, jobject obj) 920{ 921 IBinder* target = (IBinder*) 922 env->GetIntField(obj, gBinderProxyOffsets.mObject); 923 if (target == NULL) { 924 return JNI_FALSE; 925 } 926 status_t err = target->pingBinder(); 927 return err == NO_ERROR ? JNI_TRUE : JNI_FALSE; 928} 929 930static jstring android_os_BinderProxy_getInterfaceDescriptor(JNIEnv* env, jobject obj) 931{ 932 IBinder* target = (IBinder*) env->GetIntField(obj, gBinderProxyOffsets.mObject); 933 if (target != NULL) { 934 const String16& desc = target->getInterfaceDescriptor(); 935 return env->NewString(desc.string(), desc.size()); 936 } 937 jniThrowException(env, "java/lang/RuntimeException", 938 "No binder found for object"); 939 return NULL; 940} 941 942static jboolean android_os_BinderProxy_isBinderAlive(JNIEnv* env, jobject obj) 943{ 944 IBinder* target = (IBinder*) 945 env->GetIntField(obj, gBinderProxyOffsets.mObject); 946 if (target == NULL) { 947 return JNI_FALSE; 948 } 949 bool alive = target->isBinderAlive(); 950 return alive ? JNI_TRUE : JNI_FALSE; 951} 952 953static int getprocname(pid_t pid, char *buf, size_t len) { 954 char filename[20]; 955 FILE *f; 956 957 sprintf(filename, "/proc/%d/cmdline", pid); 958 f = fopen(filename, "r"); 959 if (!f) { *buf = '\0'; return 1; } 960 if (!fgets(buf, len, f)) { *buf = '\0'; return 2; } 961 fclose(f); 962 return 0; 963} 964 965static bool push_eventlog_string(char** pos, const char* end, const char* str) { 966 jint len = strlen(str); 967 int space_needed = 1 + sizeof(len) + len; 968 if (end - *pos < space_needed) { 969 ALOGW("not enough space for string. remain=%d; needed=%d", 970 (end - *pos), space_needed); 971 return false; 972 } 973 **pos = EVENT_TYPE_STRING; 974 (*pos)++; 975 memcpy(*pos, &len, sizeof(len)); 976 *pos += sizeof(len); 977 memcpy(*pos, str, len); 978 *pos += len; 979 return true; 980} 981 982static bool push_eventlog_int(char** pos, const char* end, jint val) { 983 int space_needed = 1 + sizeof(val); 984 if (end - *pos < space_needed) { 985 ALOGW("not enough space for int. remain=%d; needed=%d", 986 (end - *pos), space_needed); 987 return false; 988 } 989 **pos = EVENT_TYPE_INT; 990 (*pos)++; 991 memcpy(*pos, &val, sizeof(val)); 992 *pos += sizeof(val); 993 return true; 994} 995 996// From frameworks/base/core/java/android/content/EventLogTags.logtags: 997#define LOGTAG_BINDER_OPERATION 52004 998 999static void conditionally_log_binder_call(int64_t start_millis, 1000 IBinder* target, jint code) { 1001 int duration_ms = static_cast<int>(uptimeMillis() - start_millis); 1002 1003 int sample_percent; 1004 if (duration_ms >= 500) { 1005 sample_percent = 100; 1006 } else { 1007 sample_percent = 100 * duration_ms / 500; 1008 if (sample_percent == 0) { 1009 return; 1010 } 1011 if (sample_percent < (random() % 100 + 1)) { 1012 return; 1013 } 1014 } 1015 1016 char process_name[40]; 1017 getprocname(getpid(), process_name, sizeof(process_name)); 1018 String8 desc(target->getInterfaceDescriptor()); 1019 1020 char buf[LOGGER_ENTRY_MAX_PAYLOAD]; 1021 buf[0] = EVENT_TYPE_LIST; 1022 buf[1] = 5; 1023 char* pos = &buf[2]; 1024 char* end = &buf[LOGGER_ENTRY_MAX_PAYLOAD - 1]; // leave room for final \n 1025 if (!push_eventlog_string(&pos, end, desc.string())) return; 1026 if (!push_eventlog_int(&pos, end, code)) return; 1027 if (!push_eventlog_int(&pos, end, duration_ms)) return; 1028 if (!push_eventlog_string(&pos, end, process_name)) return; 1029 if (!push_eventlog_int(&pos, end, sample_percent)) return; 1030 *(pos++) = '\n'; // conventional with EVENT_TYPE_LIST apparently. 1031 android_bWriteLog(LOGTAG_BINDER_OPERATION, buf, pos - buf); 1032} 1033 1034// We only measure binder call durations to potentially log them if 1035// we're on the main thread. Unfortunately sim-eng doesn't seem to 1036// have gettid, so we just ignore this and don't log if we can't 1037// get the thread id. 1038static bool should_time_binder_calls() { 1039#ifdef HAVE_GETTID 1040 return (getpid() == androidGetTid()); 1041#else 1042#warning no gettid(), so not logging Binder calls... 1043 return false; 1044#endif 1045} 1046 1047static jboolean android_os_BinderProxy_transact(JNIEnv* env, jobject obj, 1048 jint code, jobject dataObj, jobject replyObj, jint flags) // throws RemoteException 1049{ 1050 if (dataObj == NULL) { 1051 jniThrowNullPointerException(env, NULL); 1052 return JNI_FALSE; 1053 } 1054 1055 Parcel* data = parcelForJavaObject(env, dataObj); 1056 if (data == NULL) { 1057 return JNI_FALSE; 1058 } 1059 Parcel* reply = parcelForJavaObject(env, replyObj); 1060 if (reply == NULL && replyObj != NULL) { 1061 return JNI_FALSE; 1062 } 1063 1064 IBinder* target = (IBinder*) 1065 env->GetIntField(obj, gBinderProxyOffsets.mObject); 1066 if (target == NULL) { 1067 jniThrowException(env, "java/lang/IllegalStateException", "Binder has been finalized!"); 1068 return JNI_FALSE; 1069 } 1070 1071 ALOGV("Java code calling transact on %p in Java object %p with code %d\n", 1072 target, obj, code); 1073 1074 // Only log the binder call duration for things on the Java-level main thread. 1075 // But if we don't 1076 const bool time_binder_calls = should_time_binder_calls(); 1077 1078 int64_t start_millis; 1079 if (time_binder_calls) { 1080 start_millis = uptimeMillis(); 1081 } 1082 //printf("Transact from Java code to %p sending: ", target); data->print(); 1083 status_t err = target->transact(code, *data, reply, flags); 1084 //if (reply) printf("Transact from Java code to %p received: ", target); reply->print(); 1085 if (time_binder_calls) { 1086 conditionally_log_binder_call(start_millis, target, code); 1087 } 1088 1089 if (err == NO_ERROR) { 1090 return JNI_TRUE; 1091 } else if (err == UNKNOWN_TRANSACTION) { 1092 return JNI_FALSE; 1093 } 1094 1095 signalExceptionForError(env, obj, err, true /*canThrowRemoteException*/); 1096 return JNI_FALSE; 1097} 1098 1099static void android_os_BinderProxy_linkToDeath(JNIEnv* env, jobject obj, 1100 jobject recipient, jint flags) // throws RemoteException 1101{ 1102 if (recipient == NULL) { 1103 jniThrowNullPointerException(env, NULL); 1104 return; 1105 } 1106 1107 IBinder* target = (IBinder*) 1108 env->GetIntField(obj, gBinderProxyOffsets.mObject); 1109 if (target == NULL) { 1110 ALOGW("Binder has been finalized when calling linkToDeath() with recip=%p)\n", recipient); 1111 assert(false); 1112 } 1113 1114 LOGDEATH("linkToDeath: binder=%p recipient=%p\n", target, recipient); 1115 1116 if (!target->localBinder()) { 1117 DeathRecipientList* list = (DeathRecipientList*) 1118 env->GetIntField(obj, gBinderProxyOffsets.mOrgue); 1119 sp<JavaDeathRecipient> jdr = new JavaDeathRecipient(env, recipient, list); 1120 status_t err = target->linkToDeath(jdr, NULL, flags); 1121 if (err != NO_ERROR) { 1122 // Failure adding the death recipient, so clear its reference 1123 // now. 1124 jdr->clearReference(); 1125 signalExceptionForError(env, obj, err, true /*canThrowRemoteException*/); 1126 } 1127 } 1128} 1129 1130static jboolean android_os_BinderProxy_unlinkToDeath(JNIEnv* env, jobject obj, 1131 jobject recipient, jint flags) 1132{ 1133 jboolean res = JNI_FALSE; 1134 if (recipient == NULL) { 1135 jniThrowNullPointerException(env, NULL); 1136 return res; 1137 } 1138 1139 IBinder* target = (IBinder*) 1140 env->GetIntField(obj, gBinderProxyOffsets.mObject); 1141 if (target == NULL) { 1142 ALOGW("Binder has been finalized when calling linkToDeath() with recip=%p)\n", recipient); 1143 return JNI_FALSE; 1144 } 1145 1146 LOGDEATH("unlinkToDeath: binder=%p recipient=%p\n", target, recipient); 1147 1148 if (!target->localBinder()) { 1149 status_t err = NAME_NOT_FOUND; 1150 1151 // If we find the matching recipient, proceed to unlink using that 1152 DeathRecipientList* list = (DeathRecipientList*) 1153 env->GetIntField(obj, gBinderProxyOffsets.mOrgue); 1154 sp<JavaDeathRecipient> origJDR = list->find(recipient); 1155 LOGDEATH(" unlink found list %p and JDR %p", list, origJDR.get()); 1156 if (origJDR != NULL) { 1157 wp<IBinder::DeathRecipient> dr; 1158 err = target->unlinkToDeath(origJDR, NULL, flags, &dr); 1159 if (err == NO_ERROR && dr != NULL) { 1160 sp<IBinder::DeathRecipient> sdr = dr.promote(); 1161 JavaDeathRecipient* jdr = static_cast<JavaDeathRecipient*>(sdr.get()); 1162 if (jdr != NULL) { 1163 jdr->clearReference(); 1164 } 1165 } 1166 } 1167 1168 if (err == NO_ERROR || err == DEAD_OBJECT) { 1169 res = JNI_TRUE; 1170 } else { 1171 jniThrowException(env, "java/util/NoSuchElementException", 1172 "Death link does not exist"); 1173 } 1174 } 1175 1176 return res; 1177} 1178 1179static void android_os_BinderProxy_destroy(JNIEnv* env, jobject obj) 1180{ 1181 IBinder* b = (IBinder*) 1182 env->GetIntField(obj, gBinderProxyOffsets.mObject); 1183 DeathRecipientList* drl = (DeathRecipientList*) 1184 env->GetIntField(obj, gBinderProxyOffsets.mOrgue); 1185 1186 LOGDEATH("Destroying BinderProxy %p: binder=%p drl=%p\n", obj, b, drl); 1187 env->SetIntField(obj, gBinderProxyOffsets.mObject, 0); 1188 env->SetIntField(obj, gBinderProxyOffsets.mOrgue, 0); 1189 drl->decStrong((void*)javaObjectForIBinder); 1190 b->decStrong(obj); 1191 1192 IPCThreadState::self()->flushCommands(); 1193} 1194 1195// ---------------------------------------------------------------------------- 1196 1197static const JNINativeMethod gBinderProxyMethods[] = { 1198 /* name, signature, funcPtr */ 1199 {"pingBinder", "()Z", (void*)android_os_BinderProxy_pingBinder}, 1200 {"isBinderAlive", "()Z", (void*)android_os_BinderProxy_isBinderAlive}, 1201 {"getInterfaceDescriptor", "()Ljava/lang/String;", (void*)android_os_BinderProxy_getInterfaceDescriptor}, 1202 {"transact", "(ILandroid/os/Parcel;Landroid/os/Parcel;I)Z", (void*)android_os_BinderProxy_transact}, 1203 {"linkToDeath", "(Landroid/os/IBinder$DeathRecipient;I)V", (void*)android_os_BinderProxy_linkToDeath}, 1204 {"unlinkToDeath", "(Landroid/os/IBinder$DeathRecipient;I)Z", (void*)android_os_BinderProxy_unlinkToDeath}, 1205 {"destroy", "()V", (void*)android_os_BinderProxy_destroy}, 1206}; 1207 1208const char* const kBinderProxyPathName = "android/os/BinderProxy"; 1209 1210static int int_register_android_os_BinderProxy(JNIEnv* env) 1211{ 1212 jclass clazz; 1213 1214 clazz = env->FindClass("java/lang/ref/WeakReference"); 1215 LOG_FATAL_IF(clazz == NULL, "Unable to find class java.lang.ref.WeakReference"); 1216 gWeakReferenceOffsets.mClass = (jclass) env->NewGlobalRef(clazz); 1217 gWeakReferenceOffsets.mGet 1218 = env->GetMethodID(clazz, "get", "()Ljava/lang/Object;"); 1219 assert(gWeakReferenceOffsets.mGet); 1220 1221 clazz = env->FindClass("java/lang/Error"); 1222 LOG_FATAL_IF(clazz == NULL, "Unable to find class java.lang.Error"); 1223 gErrorOffsets.mClass = (jclass) env->NewGlobalRef(clazz); 1224 1225 clazz = env->FindClass(kBinderProxyPathName); 1226 LOG_FATAL_IF(clazz == NULL, "Unable to find class android.os.BinderProxy"); 1227 1228 gBinderProxyOffsets.mClass = (jclass) env->NewGlobalRef(clazz); 1229 gBinderProxyOffsets.mConstructor 1230 = env->GetMethodID(clazz, "<init>", "()V"); 1231 assert(gBinderProxyOffsets.mConstructor); 1232 gBinderProxyOffsets.mSendDeathNotice 1233 = env->GetStaticMethodID(clazz, "sendDeathNotice", "(Landroid/os/IBinder$DeathRecipient;)V"); 1234 assert(gBinderProxyOffsets.mSendDeathNotice); 1235 1236 gBinderProxyOffsets.mObject 1237 = env->GetFieldID(clazz, "mObject", "I"); 1238 assert(gBinderProxyOffsets.mObject); 1239 gBinderProxyOffsets.mSelf 1240 = env->GetFieldID(clazz, "mSelf", "Ljava/lang/ref/WeakReference;"); 1241 assert(gBinderProxyOffsets.mSelf); 1242 gBinderProxyOffsets.mOrgue 1243 = env->GetFieldID(clazz, "mOrgue", "I"); 1244 assert(gBinderProxyOffsets.mOrgue); 1245 1246 clazz = env->FindClass("java/lang/Class"); 1247 LOG_FATAL_IF(clazz == NULL, "Unable to find java.lang.Class"); 1248 gClassOffsets.mGetName = env->GetMethodID(clazz, "getName", "()Ljava/lang/String;"); 1249 assert(gClassOffsets.mGetName); 1250 1251 return AndroidRuntime::registerNativeMethods( 1252 env, kBinderProxyPathName, 1253 gBinderProxyMethods, NELEM(gBinderProxyMethods)); 1254} 1255 1256// **************************************************************************** 1257// **************************************************************************** 1258// **************************************************************************** 1259 1260int register_android_os_Binder(JNIEnv* env) 1261{ 1262 if (int_register_android_os_Binder(env) < 0) 1263 return -1; 1264 if (int_register_android_os_BinderInternal(env) < 0) 1265 return -1; 1266 if (int_register_android_os_BinderProxy(env) < 0) 1267 return -1; 1268 1269 jclass clazz; 1270 1271 clazz = env->FindClass("android/util/Log"); 1272 LOG_FATAL_IF(clazz == NULL, "Unable to find class android.util.Log"); 1273 gLogOffsets.mClass = (jclass) env->NewGlobalRef(clazz); 1274 gLogOffsets.mLogE = env->GetStaticMethodID( 1275 clazz, "e", "(Ljava/lang/String;Ljava/lang/String;Ljava/lang/Throwable;)I"); 1276 assert(gLogOffsets.mLogE); 1277 1278 clazz = env->FindClass("android/os/ParcelFileDescriptor"); 1279 LOG_FATAL_IF(clazz == NULL, "Unable to find class android.os.ParcelFileDescriptor"); 1280 gParcelFileDescriptorOffsets.mClass = (jclass) env->NewGlobalRef(clazz); 1281 gParcelFileDescriptorOffsets.mConstructor 1282 = env->GetMethodID(clazz, "<init>", "(Ljava/io/FileDescriptor;)V"); 1283 1284 clazz = env->FindClass("android/os/StrictMode"); 1285 LOG_FATAL_IF(clazz == NULL, "Unable to find class android.os.StrictMode"); 1286 gStrictModeCallbackOffsets.mClass = (jclass) env->NewGlobalRef(clazz); 1287 gStrictModeCallbackOffsets.mCallback = env->GetStaticMethodID( 1288 clazz, "onBinderStrictModePolicyChange", "(I)V"); 1289 LOG_FATAL_IF(gStrictModeCallbackOffsets.mCallback == NULL, 1290 "Unable to find strict mode callback."); 1291 1292 return 0; 1293} 1294