IPCThreadState.cpp revision dcd3958c5086f757dc09472700ae7384efea7fc8
1/* 2 * Copyright (C) 2005 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#define LOG_TAG "IPCThreadState" 18 19#include <binder/IPCThreadState.h> 20 21#include <binder/Binder.h> 22#include <binder/BpBinder.h> 23#include <cutils/sched_policy.h> 24#include <utils/Debug.h> 25#include <utils/Log.h> 26#include <utils/TextOutput.h> 27#include <utils/threads.h> 28 29#include <private/binder/binder_module.h> 30#include <private/binder/Static.h> 31 32#include <sys/ioctl.h> 33#include <signal.h> 34#include <errno.h> 35#include <stdio.h> 36#include <unistd.h> 37 38#ifdef HAVE_PTHREADS 39#include <pthread.h> 40#include <sched.h> 41#include <sys/resource.h> 42#endif 43#ifdef HAVE_WIN32_THREADS 44#include <windows.h> 45#endif 46 47 48#if LOG_NDEBUG 49 50#define IF_LOG_TRANSACTIONS() if (false) 51#define IF_LOG_COMMANDS() if (false) 52#define LOG_REMOTEREFS(...) 53#define IF_LOG_REMOTEREFS() if (false) 54#define LOG_THREADPOOL(...) 55#define LOG_ONEWAY(...) 56 57#else 58 59#define IF_LOG_TRANSACTIONS() IF_LOG(LOG_VERBOSE, "transact") 60#define IF_LOG_COMMANDS() IF_LOG(LOG_VERBOSE, "ipc") 61#define LOG_REMOTEREFS(...) LOG(LOG_DEBUG, "remoterefs", __VA_ARGS__) 62#define IF_LOG_REMOTEREFS() IF_LOG(LOG_DEBUG, "remoterefs") 63#define LOG_THREADPOOL(...) LOG(LOG_DEBUG, "threadpool", __VA_ARGS__) 64#define LOG_ONEWAY(...) LOG(LOG_DEBUG, "ipc", __VA_ARGS__) 65 66#endif 67 68// --------------------------------------------------------------------------- 69 70namespace android { 71 72static const char* getReturnString(size_t idx); 73static const char* getCommandString(size_t idx); 74static const void* printReturnCommand(TextOutput& out, const void* _cmd); 75static const void* printCommand(TextOutput& out, const void* _cmd); 76 77// This will result in a missing symbol failure if the IF_LOG_COMMANDS() 78// conditionals don't get stripped... but that is probably what we want. 79#if !LOG_NDEBUG 80static const char *kReturnStrings[] = { 81#if 1 /* TODO: error update strings */ 82 "unknown", 83#else 84 "BR_OK", 85 "BR_TIMEOUT", 86 "BR_WAKEUP", 87 "BR_TRANSACTION", 88 "BR_REPLY", 89 "BR_ACQUIRE_RESULT", 90 "BR_DEAD_REPLY", 91 "BR_TRANSACTION_COMPLETE", 92 "BR_INCREFS", 93 "BR_ACQUIRE", 94 "BR_RELEASE", 95 "BR_DECREFS", 96 "BR_ATTEMPT_ACQUIRE", 97 "BR_EVENT_OCCURRED", 98 "BR_NOOP", 99 "BR_SPAWN_LOOPER", 100 "BR_FINISHED", 101 "BR_DEAD_BINDER", 102 "BR_CLEAR_DEATH_NOTIFICATION_DONE" 103#endif 104}; 105 106static const char *kCommandStrings[] = { 107#if 1 /* TODO: error update strings */ 108 "unknown", 109#else 110 "BC_NOOP", 111 "BC_TRANSACTION", 112 "BC_REPLY", 113 "BC_ACQUIRE_RESULT", 114 "BC_FREE_BUFFER", 115 "BC_TRANSACTION_COMPLETE", 116 "BC_INCREFS", 117 "BC_ACQUIRE", 118 "BC_RELEASE", 119 "BC_DECREFS", 120 "BC_INCREFS_DONE", 121 "BC_ACQUIRE_DONE", 122 "BC_ATTEMPT_ACQUIRE", 123 "BC_RETRIEVE_ROOT_OBJECT", 124 "BC_SET_THREAD_ENTRY", 125 "BC_REGISTER_LOOPER", 126 "BC_ENTER_LOOPER", 127 "BC_EXIT_LOOPER", 128 "BC_SYNC", 129 "BC_STOP_PROCESS", 130 "BC_STOP_SELF", 131 "BC_REQUEST_DEATH_NOTIFICATION", 132 "BC_CLEAR_DEATH_NOTIFICATION", 133 "BC_DEAD_BINDER_DONE" 134#endif 135}; 136 137static const char* getReturnString(size_t idx) 138{ 139 if (idx < sizeof(kReturnStrings) / sizeof(kReturnStrings[0])) 140 return kReturnStrings[idx]; 141 else 142 return "unknown"; 143} 144 145static const char* getCommandString(size_t idx) 146{ 147 if (idx < sizeof(kCommandStrings) / sizeof(kCommandStrings[0])) 148 return kCommandStrings[idx]; 149 else 150 return "unknown"; 151} 152 153static const void* printBinderTransactionData(TextOutput& out, const void* data) 154{ 155 const binder_transaction_data* btd = 156 (const binder_transaction_data*)data; 157 out << "target=" << btd->target.ptr << " (cookie " << btd->cookie << ")" << endl 158 << "code=" << TypeCode(btd->code) << ", flags=" << (void*)btd->flags << endl 159 << "data=" << btd->data.ptr.buffer << " (" << (void*)btd->data_size 160 << " bytes)" << endl 161 << "offsets=" << btd->data.ptr.offsets << " (" << (void*)btd->offsets_size 162 << " bytes)" << endl; 163 return btd+1; 164} 165 166static const void* printReturnCommand(TextOutput& out, const void* _cmd) 167{ 168 static const int32_t N = sizeof(kReturnStrings)/sizeof(kReturnStrings[0]); 169 170 const int32_t* cmd = (const int32_t*)_cmd; 171 int32_t code = *cmd++; 172 if (code == BR_ERROR) { 173 out << "BR_ERROR: " << (void*)(*cmd++) << endl; 174 return cmd; 175 } else if (code < 0 || code >= N) { 176 out << "Unknown reply: " << code << endl; 177 return cmd; 178 } 179 180 out << kReturnStrings[code]; 181 switch (code) { 182 case BR_TRANSACTION: 183 case BR_REPLY: { 184 out << ": " << indent; 185 cmd = (const int32_t *)printBinderTransactionData(out, cmd); 186 out << dedent; 187 } break; 188 189 case BR_ACQUIRE_RESULT: { 190 const int32_t res = *cmd++; 191 out << ": " << res << (res ? " (SUCCESS)" : " (FAILURE)"); 192 } break; 193 194 case BR_INCREFS: 195 case BR_ACQUIRE: 196 case BR_RELEASE: 197 case BR_DECREFS: { 198 const int32_t b = *cmd++; 199 const int32_t c = *cmd++; 200 out << ": target=" << (void*)b << " (cookie " << (void*)c << ")"; 201 } break; 202 203 case BR_ATTEMPT_ACQUIRE: { 204 const int32_t p = *cmd++; 205 const int32_t b = *cmd++; 206 const int32_t c = *cmd++; 207 out << ": target=" << (void*)b << " (cookie " << (void*)c 208 << "), pri=" << p; 209 } break; 210 211 case BR_DEAD_BINDER: 212 case BR_CLEAR_DEATH_NOTIFICATION_DONE: { 213 const int32_t c = *cmd++; 214 out << ": death cookie " << (void*)c; 215 } break; 216 } 217 218 out << endl; 219 return cmd; 220} 221 222static const void* printCommand(TextOutput& out, const void* _cmd) 223{ 224 static const int32_t N = sizeof(kCommandStrings)/sizeof(kCommandStrings[0]); 225 226 const int32_t* cmd = (const int32_t*)_cmd; 227 int32_t code = *cmd++; 228 if (code < 0 || code >= N) { 229 out << "Unknown command: " << code << endl; 230 return cmd; 231 } 232 233 out << kCommandStrings[code]; 234 switch (code) { 235 case BC_TRANSACTION: 236 case BC_REPLY: { 237 out << ": " << indent; 238 cmd = (const int32_t *)printBinderTransactionData(out, cmd); 239 out << dedent; 240 } break; 241 242 case BC_ACQUIRE_RESULT: { 243 const int32_t res = *cmd++; 244 out << ": " << res << (res ? " (SUCCESS)" : " (FAILURE)"); 245 } break; 246 247 case BC_FREE_BUFFER: { 248 const int32_t buf = *cmd++; 249 out << ": buffer=" << (void*)buf; 250 } break; 251 252 case BC_INCREFS: 253 case BC_ACQUIRE: 254 case BC_RELEASE: 255 case BC_DECREFS: { 256 const int32_t d = *cmd++; 257 out << ": descriptor=" << (void*)d; 258 } break; 259 260 case BC_INCREFS_DONE: 261 case BC_ACQUIRE_DONE: { 262 const int32_t b = *cmd++; 263 const int32_t c = *cmd++; 264 out << ": target=" << (void*)b << " (cookie " << (void*)c << ")"; 265 } break; 266 267 case BC_ATTEMPT_ACQUIRE: { 268 const int32_t p = *cmd++; 269 const int32_t d = *cmd++; 270 out << ": decriptor=" << (void*)d << ", pri=" << p; 271 } break; 272 273 case BC_REQUEST_DEATH_NOTIFICATION: 274 case BC_CLEAR_DEATH_NOTIFICATION: { 275 const int32_t h = *cmd++; 276 const int32_t c = *cmd++; 277 out << ": handle=" << h << " (death cookie " << (void*)c << ")"; 278 } break; 279 280 case BC_DEAD_BINDER_DONE: { 281 const int32_t c = *cmd++; 282 out << ": death cookie " << (void*)c; 283 } break; 284 } 285 286 out << endl; 287 return cmd; 288} 289#endif 290 291static pthread_mutex_t gTLSMutex = PTHREAD_MUTEX_INITIALIZER; 292static bool gHaveTLS = false; 293static pthread_key_t gTLS = 0; 294static bool gShutdown = false; 295 296IPCThreadState* IPCThreadState::self() 297{ 298 if (gHaveTLS) { 299restart: 300 const pthread_key_t k = gTLS; 301 IPCThreadState* st = (IPCThreadState*)pthread_getspecific(k); 302 if (st) return st; 303 return new IPCThreadState; 304 } 305 306 if (gShutdown) return NULL; 307 308 pthread_mutex_lock(&gTLSMutex); 309 if (!gHaveTLS) { 310 if (pthread_key_create(&gTLS, threadDestructor) != 0) { 311 pthread_mutex_unlock(&gTLSMutex); 312 return NULL; 313 } 314 gHaveTLS = true; 315 } 316 pthread_mutex_unlock(&gTLSMutex); 317 goto restart; 318} 319 320void IPCThreadState::shutdown() 321{ 322 gShutdown = true; 323 324 if (gHaveTLS) { 325 // XXX Need to wait for all thread pool threads to exit! 326 IPCThreadState* st = (IPCThreadState*)pthread_getspecific(gTLS); 327 if (st) { 328 delete st; 329 pthread_setspecific(gTLS, NULL); 330 } 331 gHaveTLS = false; 332 } 333} 334 335sp<ProcessState> IPCThreadState::process() 336{ 337 return mProcess; 338} 339 340status_t IPCThreadState::clearLastError() 341{ 342 const status_t err = mLastError; 343 mLastError = NO_ERROR; 344 return err; 345} 346 347int IPCThreadState::getCallingPid() 348{ 349 return mCallingPid; 350} 351 352int IPCThreadState::getCallingUid() 353{ 354 return mCallingUid; 355} 356 357int64_t IPCThreadState::clearCallingIdentity() 358{ 359 int64_t token = ((int64_t)mCallingUid<<32) | mCallingPid; 360 clearCaller(); 361 return token; 362} 363 364void IPCThreadState::restoreCallingIdentity(int64_t token) 365{ 366 mCallingUid = (int)(token>>32); 367 mCallingPid = (int)token; 368} 369 370void IPCThreadState::clearCaller() 371{ 372 mCallingPid = getpid(); 373 mCallingUid = getuid(); 374} 375 376void IPCThreadState::flushCommands() 377{ 378 if (mProcess->mDriverFD <= 0) 379 return; 380 talkWithDriver(false); 381} 382 383void IPCThreadState::joinThreadPool(bool isMain) 384{ 385 LOG_THREADPOOL("**** THREAD %p (PID %d) IS JOINING THE THREAD POOL\n", (void*)pthread_self(), getpid()); 386 387 mOut.writeInt32(isMain ? BC_ENTER_LOOPER : BC_REGISTER_LOOPER); 388 389 status_t result; 390 do { 391 int32_t cmd; 392 393 // When we've cleared the incoming command queue, process any pending derefs 394 if (mIn.dataPosition() >= mIn.dataSize()) { 395 size_t numPending = mPendingWeakDerefs.size(); 396 if (numPending > 0) { 397 for (size_t i = 0; i < numPending; i++) { 398 RefBase::weakref_type* refs = mPendingWeakDerefs[i]; 399 refs->decWeak(mProcess.get()); 400 } 401 mPendingWeakDerefs.clear(); 402 } 403 404 numPending = mPendingStrongDerefs.size(); 405 if (numPending > 0) { 406 for (size_t i = 0; i < numPending; i++) { 407 BBinder* obj = mPendingStrongDerefs[i]; 408 obj->decStrong(mProcess.get()); 409 } 410 mPendingStrongDerefs.clear(); 411 } 412 } 413 414 // now get the next command to be processed, waiting if necessary 415 result = talkWithDriver(); 416 if (result >= NO_ERROR) { 417 size_t IN = mIn.dataAvail(); 418 if (IN < sizeof(int32_t)) continue; 419 cmd = mIn.readInt32(); 420 IF_LOG_COMMANDS() { 421 alog << "Processing top-level Command: " 422 << getReturnString(cmd) << endl; 423 } 424 425 bool isTainted = false; 426 427 { 428 SchedPolicy policy; 429 get_sched_policy(getpid(), &policy); 430 431 if (policy == SP_BACKGROUND) { 432 isTainted = true; 433 } 434 } 435 436 result = executeCommand(cmd); 437 438 // Make sure that after executing the commands that we put the thread back into the 439 // default cgroup. 440 { 441 int pid = getpid(); 442 SchedPolicy policy; 443 get_sched_policy(pid, &policy); 444 445 if (!isTainted && policy == SP_BACKGROUND) { 446 LOGW("*** THREAD %p (PID %p) was left in SP_BACKGROUND with a priority of %d\n", 447 (void*)pthread_self(), pid, getpriority(PRIO_PROCESS, pid)); 448 } 449 } 450 } 451 452 // Let this thread exit the thread pool if it is no longer 453 // needed and it is not the main process thread. 454 if(result == TIMED_OUT && !isMain) { 455 break; 456 } 457 } while (result != -ECONNREFUSED && result != -EBADF); 458 459 LOG_THREADPOOL("**** THREAD %p (PID %d) IS LEAVING THE THREAD POOL err=%p\n", 460 (void*)pthread_self(), getpid(), (void*)result); 461 462 mOut.writeInt32(BC_EXIT_LOOPER); 463 talkWithDriver(false); 464} 465 466void IPCThreadState::stopProcess(bool immediate) 467{ 468 //LOGI("**** STOPPING PROCESS"); 469 flushCommands(); 470 int fd = mProcess->mDriverFD; 471 mProcess->mDriverFD = -1; 472 close(fd); 473 //kill(getpid(), SIGKILL); 474} 475 476status_t IPCThreadState::transact(int32_t handle, 477 uint32_t code, const Parcel& data, 478 Parcel* reply, uint32_t flags) 479{ 480 status_t err = data.errorCheck(); 481 482 flags |= TF_ACCEPT_FDS; 483 484 IF_LOG_TRANSACTIONS() { 485 TextOutput::Bundle _b(alog); 486 alog << "BC_TRANSACTION thr " << (void*)pthread_self() << " / hand " 487 << handle << " / code " << TypeCode(code) << ": " 488 << indent << data << dedent << endl; 489 } 490 491 if (err == NO_ERROR) { 492 LOG_ONEWAY(">>>> SEND from pid %d uid %d %s", getpid(), getuid(), 493 (flags & TF_ONE_WAY) == 0 ? "READ REPLY" : "ONE WAY"); 494 err = writeTransactionData(BC_TRANSACTION, flags, handle, code, data, NULL); 495 } 496 497 if (err != NO_ERROR) { 498 if (reply) reply->setError(err); 499 return (mLastError = err); 500 } 501 502 if ((flags & TF_ONE_WAY) == 0) { 503 if (reply) { 504 err = waitForResponse(reply); 505 } else { 506 Parcel fakeReply; 507 err = waitForResponse(&fakeReply); 508 } 509 510 IF_LOG_TRANSACTIONS() { 511 TextOutput::Bundle _b(alog); 512 alog << "BR_REPLY thr " << (void*)pthread_self() << " / hand " 513 << handle << ": "; 514 if (reply) alog << indent << *reply << dedent << endl; 515 else alog << "(none requested)" << endl; 516 } 517 } else { 518 err = waitForResponse(NULL, NULL); 519 } 520 521 return err; 522} 523 524void IPCThreadState::incStrongHandle(int32_t handle) 525{ 526 LOG_REMOTEREFS("IPCThreadState::incStrongHandle(%d)\n", handle); 527 mOut.writeInt32(BC_ACQUIRE); 528 mOut.writeInt32(handle); 529} 530 531void IPCThreadState::decStrongHandle(int32_t handle) 532{ 533 LOG_REMOTEREFS("IPCThreadState::decStrongHandle(%d)\n", handle); 534 mOut.writeInt32(BC_RELEASE); 535 mOut.writeInt32(handle); 536} 537 538void IPCThreadState::incWeakHandle(int32_t handle) 539{ 540 LOG_REMOTEREFS("IPCThreadState::incWeakHandle(%d)\n", handle); 541 mOut.writeInt32(BC_INCREFS); 542 mOut.writeInt32(handle); 543} 544 545void IPCThreadState::decWeakHandle(int32_t handle) 546{ 547 LOG_REMOTEREFS("IPCThreadState::decWeakHandle(%d)\n", handle); 548 mOut.writeInt32(BC_DECREFS); 549 mOut.writeInt32(handle); 550} 551 552status_t IPCThreadState::attemptIncStrongHandle(int32_t handle) 553{ 554 mOut.writeInt32(BC_ATTEMPT_ACQUIRE); 555 mOut.writeInt32(0); // xxx was thread priority 556 mOut.writeInt32(handle); 557 status_t result = UNKNOWN_ERROR; 558 559 waitForResponse(NULL, &result); 560 561#if LOG_REFCOUNTS 562 printf("IPCThreadState::attemptIncStrongHandle(%ld) = %s\n", 563 handle, result == NO_ERROR ? "SUCCESS" : "FAILURE"); 564#endif 565 566 return result; 567} 568 569void IPCThreadState::expungeHandle(int32_t handle, IBinder* binder) 570{ 571#if LOG_REFCOUNTS 572 printf("IPCThreadState::expungeHandle(%ld)\n", handle); 573#endif 574 self()->mProcess->expungeHandle(handle, binder); 575} 576 577status_t IPCThreadState::requestDeathNotification(int32_t handle, BpBinder* proxy) 578{ 579 mOut.writeInt32(BC_REQUEST_DEATH_NOTIFICATION); 580 mOut.writeInt32((int32_t)handle); 581 mOut.writeInt32((int32_t)proxy); 582 return NO_ERROR; 583} 584 585status_t IPCThreadState::clearDeathNotification(int32_t handle, BpBinder* proxy) 586{ 587 mOut.writeInt32(BC_CLEAR_DEATH_NOTIFICATION); 588 mOut.writeInt32((int32_t)handle); 589 mOut.writeInt32((int32_t)proxy); 590 return NO_ERROR; 591} 592 593IPCThreadState::IPCThreadState() 594 : mProcess(ProcessState::self()) 595{ 596 pthread_setspecific(gTLS, this); 597 clearCaller(); 598 mIn.setDataCapacity(256); 599 mOut.setDataCapacity(256); 600} 601 602IPCThreadState::~IPCThreadState() 603{ 604} 605 606status_t IPCThreadState::sendReply(const Parcel& reply, uint32_t flags) 607{ 608 status_t err; 609 status_t statusBuffer; 610 err = writeTransactionData(BC_REPLY, flags, -1, 0, reply, &statusBuffer); 611 if (err < NO_ERROR) return err; 612 613 return waitForResponse(NULL, NULL); 614} 615 616status_t IPCThreadState::waitForResponse(Parcel *reply, status_t *acquireResult) 617{ 618 int32_t cmd; 619 int32_t err; 620 621 while (1) { 622 if ((err=talkWithDriver()) < NO_ERROR) break; 623 err = mIn.errorCheck(); 624 if (err < NO_ERROR) break; 625 if (mIn.dataAvail() == 0) continue; 626 627 cmd = mIn.readInt32(); 628 629 IF_LOG_COMMANDS() { 630 alog << "Processing waitForResponse Command: " 631 << getReturnString(cmd) << endl; 632 } 633 634 switch (cmd) { 635 case BR_TRANSACTION_COMPLETE: 636 if (!reply && !acquireResult) goto finish; 637 break; 638 639 case BR_DEAD_REPLY: 640 err = DEAD_OBJECT; 641 goto finish; 642 643 case BR_FAILED_REPLY: 644 err = FAILED_TRANSACTION; 645 goto finish; 646 647 case BR_ACQUIRE_RESULT: 648 { 649 LOG_ASSERT(acquireResult != NULL, "Unexpected brACQUIRE_RESULT"); 650 const int32_t result = mIn.readInt32(); 651 if (!acquireResult) continue; 652 *acquireResult = result ? NO_ERROR : INVALID_OPERATION; 653 } 654 goto finish; 655 656 case BR_REPLY: 657 { 658 binder_transaction_data tr; 659 err = mIn.read(&tr, sizeof(tr)); 660 LOG_ASSERT(err == NO_ERROR, "Not enough command data for brREPLY"); 661 if (err != NO_ERROR) goto finish; 662 663 if (reply) { 664 if ((tr.flags & TF_STATUS_CODE) == 0) { 665 reply->ipcSetDataReference( 666 reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer), 667 tr.data_size, 668 reinterpret_cast<const size_t*>(tr.data.ptr.offsets), 669 tr.offsets_size/sizeof(size_t), 670 freeBuffer, this); 671 } else { 672 err = *static_cast<const status_t*>(tr.data.ptr.buffer); 673 freeBuffer(NULL, 674 reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer), 675 tr.data_size, 676 reinterpret_cast<const size_t*>(tr.data.ptr.offsets), 677 tr.offsets_size/sizeof(size_t), this); 678 } 679 } else { 680 freeBuffer(NULL, 681 reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer), 682 tr.data_size, 683 reinterpret_cast<const size_t*>(tr.data.ptr.offsets), 684 tr.offsets_size/sizeof(size_t), this); 685 continue; 686 } 687 } 688 goto finish; 689 690 default: 691 err = executeCommand(cmd); 692 if (err != NO_ERROR) goto finish; 693 break; 694 } 695 } 696 697finish: 698 if (err != NO_ERROR) { 699 if (acquireResult) *acquireResult = err; 700 if (reply) reply->setError(err); 701 mLastError = err; 702 } 703 704 return err; 705} 706 707status_t IPCThreadState::talkWithDriver(bool doReceive) 708{ 709 LOG_ASSERT(mProcess->mDriverFD >= 0, "Binder driver is not opened"); 710 711 binder_write_read bwr; 712 713 // Is the read buffer empty? 714 const bool needRead = mIn.dataPosition() >= mIn.dataSize(); 715 716 // We don't want to write anything if we are still reading 717 // from data left in the input buffer and the caller 718 // has requested to read the next data. 719 const size_t outAvail = (!doReceive || needRead) ? mOut.dataSize() : 0; 720 721 bwr.write_size = outAvail; 722 bwr.write_buffer = (long unsigned int)mOut.data(); 723 724 // This is what we'll read. 725 if (doReceive && needRead) { 726 bwr.read_size = mIn.dataCapacity(); 727 bwr.read_buffer = (long unsigned int)mIn.data(); 728 } else { 729 bwr.read_size = 0; 730 } 731 732 IF_LOG_COMMANDS() { 733 TextOutput::Bundle _b(alog); 734 if (outAvail != 0) { 735 alog << "Sending commands to driver: " << indent; 736 const void* cmds = (const void*)bwr.write_buffer; 737 const void* end = ((const uint8_t*)cmds)+bwr.write_size; 738 alog << HexDump(cmds, bwr.write_size) << endl; 739 while (cmds < end) cmds = printCommand(alog, cmds); 740 alog << dedent; 741 } 742 alog << "Size of receive buffer: " << bwr.read_size 743 << ", needRead: " << needRead << ", doReceive: " << doReceive << endl; 744 } 745 746 // Return immediately if there is nothing to do. 747 if ((bwr.write_size == 0) && (bwr.read_size == 0)) return NO_ERROR; 748 749 bwr.write_consumed = 0; 750 bwr.read_consumed = 0; 751 status_t err; 752 do { 753 IF_LOG_COMMANDS() { 754 alog << "About to read/write, write size = " << mOut.dataSize() << endl; 755 } 756#if defined(HAVE_ANDROID_OS) 757 if (ioctl(mProcess->mDriverFD, BINDER_WRITE_READ, &bwr) >= 0) 758 err = NO_ERROR; 759 else 760 err = -errno; 761#else 762 err = INVALID_OPERATION; 763#endif 764 IF_LOG_COMMANDS() { 765 alog << "Finished read/write, write size = " << mOut.dataSize() << endl; 766 } 767 } while (err == -EINTR); 768 769 IF_LOG_COMMANDS() { 770 alog << "Our err: " << (void*)err << ", write consumed: " 771 << bwr.write_consumed << " (of " << mOut.dataSize() 772 << "), read consumed: " << bwr.read_consumed << endl; 773 } 774 775 if (err >= NO_ERROR) { 776 if (bwr.write_consumed > 0) { 777 if (bwr.write_consumed < (ssize_t)mOut.dataSize()) 778 mOut.remove(0, bwr.write_consumed); 779 else 780 mOut.setDataSize(0); 781 } 782 if (bwr.read_consumed > 0) { 783 mIn.setDataSize(bwr.read_consumed); 784 mIn.setDataPosition(0); 785 } 786 IF_LOG_COMMANDS() { 787 TextOutput::Bundle _b(alog); 788 alog << "Remaining data size: " << mOut.dataSize() << endl; 789 alog << "Received commands from driver: " << indent; 790 const void* cmds = mIn.data(); 791 const void* end = mIn.data() + mIn.dataSize(); 792 alog << HexDump(cmds, mIn.dataSize()) << endl; 793 while (cmds < end) cmds = printReturnCommand(alog, cmds); 794 alog << dedent; 795 } 796 return NO_ERROR; 797 } 798 799 return err; 800} 801 802status_t IPCThreadState::writeTransactionData(int32_t cmd, uint32_t binderFlags, 803 int32_t handle, uint32_t code, const Parcel& data, status_t* statusBuffer) 804{ 805 binder_transaction_data tr; 806 807 tr.target.handle = handle; 808 tr.code = code; 809 tr.flags = binderFlags; 810 811 const status_t err = data.errorCheck(); 812 if (err == NO_ERROR) { 813 tr.data_size = data.ipcDataSize(); 814 tr.data.ptr.buffer = data.ipcData(); 815 tr.offsets_size = data.ipcObjectsCount()*sizeof(size_t); 816 tr.data.ptr.offsets = data.ipcObjects(); 817 } else if (statusBuffer) { 818 tr.flags |= TF_STATUS_CODE; 819 *statusBuffer = err; 820 tr.data_size = sizeof(status_t); 821 tr.data.ptr.buffer = statusBuffer; 822 tr.offsets_size = 0; 823 tr.data.ptr.offsets = NULL; 824 } else { 825 return (mLastError = err); 826 } 827 828 mOut.writeInt32(cmd); 829 mOut.write(&tr, sizeof(tr)); 830 831 return NO_ERROR; 832} 833 834sp<BBinder> the_context_object; 835 836void setTheContextObject(sp<BBinder> obj) 837{ 838 the_context_object = obj; 839} 840 841status_t IPCThreadState::executeCommand(int32_t cmd) 842{ 843 BBinder* obj; 844 RefBase::weakref_type* refs; 845 status_t result = NO_ERROR; 846 847 switch (cmd) { 848 case BR_ERROR: 849 result = mIn.readInt32(); 850 break; 851 852 case BR_OK: 853 break; 854 855 case BR_ACQUIRE: 856 refs = (RefBase::weakref_type*)mIn.readInt32(); 857 obj = (BBinder*)mIn.readInt32(); 858 LOG_ASSERT(refs->refBase() == obj, 859 "BR_ACQUIRE: object %p does not match cookie %p (expected %p)", 860 refs, obj, refs->refBase()); 861 obj->incStrong(mProcess.get()); 862 IF_LOG_REMOTEREFS() { 863 LOG_REMOTEREFS("BR_ACQUIRE from driver on %p", obj); 864 obj->printRefs(); 865 } 866 mOut.writeInt32(BC_ACQUIRE_DONE); 867 mOut.writeInt32((int32_t)refs); 868 mOut.writeInt32((int32_t)obj); 869 break; 870 871 case BR_RELEASE: 872 refs = (RefBase::weakref_type*)mIn.readInt32(); 873 obj = (BBinder*)mIn.readInt32(); 874 LOG_ASSERT(refs->refBase() == obj, 875 "BR_RELEASE: object %p does not match cookie %p (expected %p)", 876 refs, obj, refs->refBase()); 877 IF_LOG_REMOTEREFS() { 878 LOG_REMOTEREFS("BR_RELEASE from driver on %p", obj); 879 obj->printRefs(); 880 } 881 mPendingStrongDerefs.push(obj); 882 break; 883 884 case BR_INCREFS: 885 refs = (RefBase::weakref_type*)mIn.readInt32(); 886 obj = (BBinder*)mIn.readInt32(); 887 refs->incWeak(mProcess.get()); 888 mOut.writeInt32(BC_INCREFS_DONE); 889 mOut.writeInt32((int32_t)refs); 890 mOut.writeInt32((int32_t)obj); 891 break; 892 893 case BR_DECREFS: 894 refs = (RefBase::weakref_type*)mIn.readInt32(); 895 obj = (BBinder*)mIn.readInt32(); 896 // NOTE: This assertion is not valid, because the object may no 897 // longer exist (thus the (BBinder*)cast above resulting in a different 898 // memory address). 899 //LOG_ASSERT(refs->refBase() == obj, 900 // "BR_DECREFS: object %p does not match cookie %p (expected %p)", 901 // refs, obj, refs->refBase()); 902 mPendingWeakDerefs.push(refs); 903 break; 904 905 case BR_ATTEMPT_ACQUIRE: 906 refs = (RefBase::weakref_type*)mIn.readInt32(); 907 obj = (BBinder*)mIn.readInt32(); 908 909 { 910 const bool success = refs->attemptIncStrong(mProcess.get()); 911 LOG_ASSERT(success && refs->refBase() == obj, 912 "BR_ATTEMPT_ACQUIRE: object %p does not match cookie %p (expected %p)", 913 refs, obj, refs->refBase()); 914 915 mOut.writeInt32(BC_ACQUIRE_RESULT); 916 mOut.writeInt32((int32_t)success); 917 } 918 break; 919 920 case BR_TRANSACTION: 921 { 922 binder_transaction_data tr; 923 result = mIn.read(&tr, sizeof(tr)); 924 LOG_ASSERT(result == NO_ERROR, 925 "Not enough command data for brTRANSACTION"); 926 if (result != NO_ERROR) break; 927 928 Parcel buffer; 929 buffer.ipcSetDataReference( 930 reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer), 931 tr.data_size, 932 reinterpret_cast<const size_t*>(tr.data.ptr.offsets), 933 tr.offsets_size/sizeof(size_t), freeBuffer, this); 934 935 const pid_t origPid = mCallingPid; 936 const uid_t origUid = mCallingUid; 937 938 mCallingPid = tr.sender_pid; 939 mCallingUid = tr.sender_euid; 940 941 //LOGI(">>>> TRANSACT from pid %d uid %d\n", mCallingPid, mCallingUid); 942 943 Parcel reply; 944 IF_LOG_TRANSACTIONS() { 945 TextOutput::Bundle _b(alog); 946 alog << "BR_TRANSACTION thr " << (void*)pthread_self() 947 << " / obj " << tr.target.ptr << " / code " 948 << TypeCode(tr.code) << ": " << indent << buffer 949 << dedent << endl 950 << "Data addr = " 951 << reinterpret_cast<const uint8_t*>(tr.data.ptr.buffer) 952 << ", offsets addr=" 953 << reinterpret_cast<const size_t*>(tr.data.ptr.offsets) << endl; 954 } 955 if (tr.target.ptr) { 956 sp<BBinder> b((BBinder*)tr.cookie); 957 const status_t error = b->transact(tr.code, buffer, &reply, 0); 958 if (error < NO_ERROR) reply.setError(error); 959 960 } else { 961 const status_t error = the_context_object->transact(tr.code, buffer, &reply, 0); 962 if (error < NO_ERROR) reply.setError(error); 963 } 964 965 //LOGI("<<<< TRANSACT from pid %d restore pid %d uid %d\n", 966 // mCallingPid, origPid, origUid); 967 968 if ((tr.flags & TF_ONE_WAY) == 0) { 969 LOG_ONEWAY("Sending reply to %d!", mCallingPid); 970 sendReply(reply, 0); 971 } else { 972 LOG_ONEWAY("NOT sending reply to %d!", mCallingPid); 973 } 974 975 mCallingPid = origPid; 976 mCallingUid = origUid; 977 978 IF_LOG_TRANSACTIONS() { 979 TextOutput::Bundle _b(alog); 980 alog << "BC_REPLY thr " << (void*)pthread_self() << " / obj " 981 << tr.target.ptr << ": " << indent << reply << dedent << endl; 982 } 983 984 } 985 break; 986 987 case BR_DEAD_BINDER: 988 { 989 BpBinder *proxy = (BpBinder*)mIn.readInt32(); 990 proxy->sendObituary(); 991 mOut.writeInt32(BC_DEAD_BINDER_DONE); 992 mOut.writeInt32((int32_t)proxy); 993 } break; 994 995 case BR_CLEAR_DEATH_NOTIFICATION_DONE: 996 { 997 BpBinder *proxy = (BpBinder*)mIn.readInt32(); 998 proxy->getWeakRefs()->decWeak(proxy); 999 } break; 1000 1001 case BR_FINISHED: 1002 result = TIMED_OUT; 1003 break; 1004 1005 case BR_NOOP: 1006 break; 1007 1008 case BR_SPAWN_LOOPER: 1009 mProcess->spawnPooledThread(false); 1010 break; 1011 1012 default: 1013 printf("*** BAD COMMAND %d received from Binder driver\n", cmd); 1014 result = UNKNOWN_ERROR; 1015 break; 1016 } 1017 1018 if (result != NO_ERROR) { 1019 mLastError = result; 1020 } 1021 1022 return result; 1023} 1024 1025void IPCThreadState::threadDestructor(void *st) 1026{ 1027 IPCThreadState* const self = static_cast<IPCThreadState*>(st); 1028 if (self) { 1029 self->flushCommands(); 1030#if defined(HAVE_ANDROID_OS) 1031 ioctl(self->mProcess->mDriverFD, BINDER_THREAD_EXIT, 0); 1032#endif 1033 delete self; 1034 } 1035} 1036 1037 1038void IPCThreadState::freeBuffer(Parcel* parcel, const uint8_t* data, size_t dataSize, 1039 const size_t* objects, size_t objectsSize, 1040 void* cookie) 1041{ 1042 //LOGI("Freeing parcel %p", &parcel); 1043 IF_LOG_COMMANDS() { 1044 alog << "Writing BC_FREE_BUFFER for " << data << endl; 1045 } 1046 LOG_ASSERT(data != NULL, "Called with NULL data"); 1047 if (parcel != NULL) parcel->closeFileDescriptors(); 1048 IPCThreadState* state = self(); 1049 state->mOut.writeInt32(BC_FREE_BUFFER); 1050 state->mOut.writeInt32((int32_t)data); 1051} 1052 1053}; // namespace android 1054