1/* 2 * Copyright (C) 2005 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#define LOG_TAG "Parcel" 18//#define LOG_NDEBUG 0 19 20#include <errno.h> 21#include <fcntl.h> 22#include <inttypes.h> 23#include <pthread.h> 24#include <stdint.h> 25#include <stdio.h> 26#include <stdlib.h> 27#include <sys/mman.h> 28#include <sys/stat.h> 29#include <sys/types.h> 30#include <sys/resource.h> 31#include <unistd.h> 32 33#include <binder/Binder.h> 34#include <binder/BpBinder.h> 35#include <binder/IPCThreadState.h> 36#include <binder/Parcel.h> 37#include <binder/ProcessState.h> 38#include <binder/Status.h> 39#include <binder/TextOutput.h> 40 41#include <cutils/ashmem.h> 42#include <utils/Debug.h> 43#include <utils/Flattenable.h> 44#include <utils/Log.h> 45#include <utils/misc.h> 46#include <utils/String8.h> 47#include <utils/String16.h> 48 49#include <private/binder/binder_module.h> 50#include <private/binder/Static.h> 51 52#ifndef INT32_MAX 53#define INT32_MAX ((int32_t)(2147483647)) 54#endif 55 56#define LOG_REFS(...) 57//#define LOG_REFS(...) ALOG(LOG_DEBUG, LOG_TAG, __VA_ARGS__) 58#define LOG_ALLOC(...) 59//#define LOG_ALLOC(...) ALOG(LOG_DEBUG, LOG_TAG, __VA_ARGS__) 60 61// --------------------------------------------------------------------------- 62 63// This macro should never be used at runtime, as a too large value 64// of s could cause an integer overflow. Instead, you should always 65// use the wrapper function pad_size() 66#define PAD_SIZE_UNSAFE(s) (((s)+3)&~3) 67 68static size_t pad_size(size_t s) { 69 if (s > (SIZE_T_MAX - 3)) { 70 abort(); 71 } 72 return PAD_SIZE_UNSAFE(s); 73} 74 75// Note: must be kept in sync with android/os/StrictMode.java's PENALTY_GATHER 76#define STRICT_MODE_PENALTY_GATHER (0x40 << 16) 77 78// XXX This can be made public if we want to provide 79// support for typed data. 80struct small_flat_data 81{ 82 uint32_t type; 83 uint32_t data; 84}; 85 86namespace android { 87 88static pthread_mutex_t gParcelGlobalAllocSizeLock = PTHREAD_MUTEX_INITIALIZER; 89static size_t gParcelGlobalAllocSize = 0; 90static size_t gParcelGlobalAllocCount = 0; 91 92static size_t gMaxFds = 0; 93 94// Maximum size of a blob to transfer in-place. 95static const size_t BLOB_INPLACE_LIMIT = 16 * 1024; 96 97enum { 98 BLOB_INPLACE = 0, 99 BLOB_ASHMEM_IMMUTABLE = 1, 100 BLOB_ASHMEM_MUTABLE = 2, 101}; 102 103static dev_t ashmem_rdev() 104{ 105 static dev_t __ashmem_rdev; 106 static pthread_mutex_t __ashmem_rdev_lock = PTHREAD_MUTEX_INITIALIZER; 107 108 pthread_mutex_lock(&__ashmem_rdev_lock); 109 110 dev_t rdev = __ashmem_rdev; 111 if (!rdev) { 112 int fd = TEMP_FAILURE_RETRY(open("/dev/ashmem", O_RDONLY)); 113 if (fd >= 0) { 114 struct stat st; 115 116 int ret = TEMP_FAILURE_RETRY(fstat(fd, &st)); 117 close(fd); 118 if ((ret >= 0) && S_ISCHR(st.st_mode)) { 119 rdev = __ashmem_rdev = st.st_rdev; 120 } 121 } 122 } 123 124 pthread_mutex_unlock(&__ashmem_rdev_lock); 125 126 return rdev; 127} 128 129void acquire_object(const sp<ProcessState>& proc, 130 const flat_binder_object& obj, const void* who, size_t* outAshmemSize) 131{ 132 switch (obj.type) { 133 case BINDER_TYPE_BINDER: 134 if (obj.binder) { 135 LOG_REFS("Parcel %p acquiring reference on local %p", who, obj.cookie); 136 reinterpret_cast<IBinder*>(obj.cookie)->incStrong(who); 137 } 138 return; 139 case BINDER_TYPE_WEAK_BINDER: 140 if (obj.binder) 141 reinterpret_cast<RefBase::weakref_type*>(obj.binder)->incWeak(who); 142 return; 143 case BINDER_TYPE_HANDLE: { 144 const sp<IBinder> b = proc->getStrongProxyForHandle(obj.handle); 145 if (b != NULL) { 146 LOG_REFS("Parcel %p acquiring reference on remote %p", who, b.get()); 147 b->incStrong(who); 148 } 149 return; 150 } 151 case BINDER_TYPE_WEAK_HANDLE: { 152 const wp<IBinder> b = proc->getWeakProxyForHandle(obj.handle); 153 if (b != NULL) b.get_refs()->incWeak(who); 154 return; 155 } 156 case BINDER_TYPE_FD: { 157 if ((obj.cookie != 0) && (outAshmemSize != NULL)) { 158 struct stat st; 159 int ret = fstat(obj.handle, &st); 160 if (!ret && S_ISCHR(st.st_mode) && (st.st_rdev == ashmem_rdev())) { 161 // If we own an ashmem fd, keep track of how much memory it refers to. 162 int size = ashmem_get_size_region(obj.handle); 163 if (size > 0) { 164 *outAshmemSize += size; 165 } 166 } 167 } 168 return; 169 } 170 } 171 172 ALOGD("Invalid object type 0x%08x", obj.type); 173} 174 175void acquire_object(const sp<ProcessState>& proc, 176 const flat_binder_object& obj, const void* who) 177{ 178 acquire_object(proc, obj, who, NULL); 179} 180 181static void release_object(const sp<ProcessState>& proc, 182 const flat_binder_object& obj, const void* who, size_t* outAshmemSize) 183{ 184 switch (obj.type) { 185 case BINDER_TYPE_BINDER: 186 if (obj.binder) { 187 LOG_REFS("Parcel %p releasing reference on local %p", who, obj.cookie); 188 reinterpret_cast<IBinder*>(obj.cookie)->decStrong(who); 189 } 190 return; 191 case BINDER_TYPE_WEAK_BINDER: 192 if (obj.binder) 193 reinterpret_cast<RefBase::weakref_type*>(obj.binder)->decWeak(who); 194 return; 195 case BINDER_TYPE_HANDLE: { 196 const sp<IBinder> b = proc->getStrongProxyForHandle(obj.handle); 197 if (b != NULL) { 198 LOG_REFS("Parcel %p releasing reference on remote %p", who, b.get()); 199 b->decStrong(who); 200 } 201 return; 202 } 203 case BINDER_TYPE_WEAK_HANDLE: { 204 const wp<IBinder> b = proc->getWeakProxyForHandle(obj.handle); 205 if (b != NULL) b.get_refs()->decWeak(who); 206 return; 207 } 208 case BINDER_TYPE_FD: { 209 if (obj.cookie != 0) { // owned 210 if (outAshmemSize != NULL) { 211 struct stat st; 212 int ret = fstat(obj.handle, &st); 213 if (!ret && S_ISCHR(st.st_mode) && (st.st_rdev == ashmem_rdev())) { 214 int size = ashmem_get_size_region(obj.handle); 215 if (size > 0) { 216 *outAshmemSize -= size; 217 } 218 } 219 } 220 221 close(obj.handle); 222 } 223 return; 224 } 225 } 226 227 ALOGE("Invalid object type 0x%08x", obj.type); 228} 229 230void release_object(const sp<ProcessState>& proc, 231 const flat_binder_object& obj, const void* who) 232{ 233 release_object(proc, obj, who, NULL); 234} 235 236inline static status_t finish_flatten_binder( 237 const sp<IBinder>& /*binder*/, const flat_binder_object& flat, Parcel* out) 238{ 239 return out->writeObject(flat, false); 240} 241 242status_t flatten_binder(const sp<ProcessState>& /*proc*/, 243 const sp<IBinder>& binder, Parcel* out) 244{ 245 flat_binder_object obj; 246 247 obj.flags = 0x7f | FLAT_BINDER_FLAG_ACCEPTS_FDS; 248 if (binder != NULL) { 249 IBinder *local = binder->localBinder(); 250 if (!local) { 251 BpBinder *proxy = binder->remoteBinder(); 252 if (proxy == NULL) { 253 ALOGE("null proxy"); 254 } 255 const int32_t handle = proxy ? proxy->handle() : 0; 256 obj.type = BINDER_TYPE_HANDLE; 257 obj.binder = 0; /* Don't pass uninitialized stack data to a remote process */ 258 obj.handle = handle; 259 obj.cookie = 0; 260 } else { 261 obj.type = BINDER_TYPE_BINDER; 262 obj.binder = reinterpret_cast<uintptr_t>(local->getWeakRefs()); 263 obj.cookie = reinterpret_cast<uintptr_t>(local); 264 } 265 } else { 266 obj.type = BINDER_TYPE_BINDER; 267 obj.binder = 0; 268 obj.cookie = 0; 269 } 270 271 return finish_flatten_binder(binder, obj, out); 272} 273 274status_t flatten_binder(const sp<ProcessState>& /*proc*/, 275 const wp<IBinder>& binder, Parcel* out) 276{ 277 flat_binder_object obj; 278 279 obj.flags = 0x7f | FLAT_BINDER_FLAG_ACCEPTS_FDS; 280 if (binder != NULL) { 281 sp<IBinder> real = binder.promote(); 282 if (real != NULL) { 283 IBinder *local = real->localBinder(); 284 if (!local) { 285 BpBinder *proxy = real->remoteBinder(); 286 if (proxy == NULL) { 287 ALOGE("null proxy"); 288 } 289 const int32_t handle = proxy ? proxy->handle() : 0; 290 obj.type = BINDER_TYPE_WEAK_HANDLE; 291 obj.binder = 0; /* Don't pass uninitialized stack data to a remote process */ 292 obj.handle = handle; 293 obj.cookie = 0; 294 } else { 295 obj.type = BINDER_TYPE_WEAK_BINDER; 296 obj.binder = reinterpret_cast<uintptr_t>(binder.get_refs()); 297 obj.cookie = reinterpret_cast<uintptr_t>(binder.unsafe_get()); 298 } 299 return finish_flatten_binder(real, obj, out); 300 } 301 302 // XXX How to deal? In order to flatten the given binder, 303 // we need to probe it for information, which requires a primary 304 // reference... but we don't have one. 305 // 306 // The OpenBinder implementation uses a dynamic_cast<> here, 307 // but we can't do that with the different reference counting 308 // implementation we are using. 309 ALOGE("Unable to unflatten Binder weak reference!"); 310 obj.type = BINDER_TYPE_BINDER; 311 obj.binder = 0; 312 obj.cookie = 0; 313 return finish_flatten_binder(NULL, obj, out); 314 315 } else { 316 obj.type = BINDER_TYPE_BINDER; 317 obj.binder = 0; 318 obj.cookie = 0; 319 return finish_flatten_binder(NULL, obj, out); 320 } 321} 322 323inline static status_t finish_unflatten_binder( 324 BpBinder* /*proxy*/, const flat_binder_object& /*flat*/, 325 const Parcel& /*in*/) 326{ 327 return NO_ERROR; 328} 329 330status_t unflatten_binder(const sp<ProcessState>& proc, 331 const Parcel& in, sp<IBinder>* out) 332{ 333 const flat_binder_object* flat = in.readObject(false); 334 335 if (flat) { 336 switch (flat->type) { 337 case BINDER_TYPE_BINDER: 338 *out = reinterpret_cast<IBinder*>(flat->cookie); 339 return finish_unflatten_binder(NULL, *flat, in); 340 case BINDER_TYPE_HANDLE: 341 *out = proc->getStrongProxyForHandle(flat->handle); 342 return finish_unflatten_binder( 343 static_cast<BpBinder*>(out->get()), *flat, in); 344 } 345 } 346 return BAD_TYPE; 347} 348 349status_t unflatten_binder(const sp<ProcessState>& proc, 350 const Parcel& in, wp<IBinder>* out) 351{ 352 const flat_binder_object* flat = in.readObject(false); 353 354 if (flat) { 355 switch (flat->type) { 356 case BINDER_TYPE_BINDER: 357 *out = reinterpret_cast<IBinder*>(flat->cookie); 358 return finish_unflatten_binder(NULL, *flat, in); 359 case BINDER_TYPE_WEAK_BINDER: 360 if (flat->binder != 0) { 361 out->set_object_and_refs( 362 reinterpret_cast<IBinder*>(flat->cookie), 363 reinterpret_cast<RefBase::weakref_type*>(flat->binder)); 364 } else { 365 *out = NULL; 366 } 367 return finish_unflatten_binder(NULL, *flat, in); 368 case BINDER_TYPE_HANDLE: 369 case BINDER_TYPE_WEAK_HANDLE: 370 *out = proc->getWeakProxyForHandle(flat->handle); 371 return finish_unflatten_binder( 372 static_cast<BpBinder*>(out->unsafe_get()), *flat, in); 373 } 374 } 375 return BAD_TYPE; 376} 377 378// --------------------------------------------------------------------------- 379 380Parcel::Parcel() 381{ 382 LOG_ALLOC("Parcel %p: constructing", this); 383 initState(); 384} 385 386Parcel::~Parcel() 387{ 388 freeDataNoInit(); 389 LOG_ALLOC("Parcel %p: destroyed", this); 390} 391 392size_t Parcel::getGlobalAllocSize() { 393 pthread_mutex_lock(&gParcelGlobalAllocSizeLock); 394 size_t size = gParcelGlobalAllocSize; 395 pthread_mutex_unlock(&gParcelGlobalAllocSizeLock); 396 return size; 397} 398 399size_t Parcel::getGlobalAllocCount() { 400 pthread_mutex_lock(&gParcelGlobalAllocSizeLock); 401 size_t count = gParcelGlobalAllocCount; 402 pthread_mutex_unlock(&gParcelGlobalAllocSizeLock); 403 return count; 404} 405 406const uint8_t* Parcel::data() const 407{ 408 return mData; 409} 410 411size_t Parcel::dataSize() const 412{ 413 return (mDataSize > mDataPos ? mDataSize : mDataPos); 414} 415 416size_t Parcel::dataAvail() const 417{ 418 size_t result = dataSize() - dataPosition(); 419 if (result > INT32_MAX) { 420 abort(); 421 } 422 return result; 423} 424 425size_t Parcel::dataPosition() const 426{ 427 return mDataPos; 428} 429 430size_t Parcel::dataCapacity() const 431{ 432 return mDataCapacity; 433} 434 435status_t Parcel::setDataSize(size_t size) 436{ 437 if (size > INT32_MAX) { 438 // don't accept size_t values which may have come from an 439 // inadvertent conversion from a negative int. 440 return BAD_VALUE; 441 } 442 443 status_t err; 444 err = continueWrite(size); 445 if (err == NO_ERROR) { 446 mDataSize = size; 447 ALOGV("setDataSize Setting data size of %p to %zu", this, mDataSize); 448 } 449 return err; 450} 451 452void Parcel::setDataPosition(size_t pos) const 453{ 454 if (pos > INT32_MAX) { 455 // don't accept size_t values which may have come from an 456 // inadvertent conversion from a negative int. 457 abort(); 458 } 459 460 mDataPos = pos; 461 mNextObjectHint = 0; 462} 463 464status_t Parcel::setDataCapacity(size_t size) 465{ 466 if (size > INT32_MAX) { 467 // don't accept size_t values which may have come from an 468 // inadvertent conversion from a negative int. 469 return BAD_VALUE; 470 } 471 472 if (size > mDataCapacity) return continueWrite(size); 473 return NO_ERROR; 474} 475 476status_t Parcel::setData(const uint8_t* buffer, size_t len) 477{ 478 if (len > INT32_MAX) { 479 // don't accept size_t values which may have come from an 480 // inadvertent conversion from a negative int. 481 return BAD_VALUE; 482 } 483 484 status_t err = restartWrite(len); 485 if (err == NO_ERROR) { 486 memcpy(const_cast<uint8_t*>(data()), buffer, len); 487 mDataSize = len; 488 mFdsKnown = false; 489 } 490 return err; 491} 492 493status_t Parcel::appendFrom(const Parcel *parcel, size_t offset, size_t len) 494{ 495 const sp<ProcessState> proc(ProcessState::self()); 496 status_t err; 497 const uint8_t *data = parcel->mData; 498 const binder_size_t *objects = parcel->mObjects; 499 size_t size = parcel->mObjectsSize; 500 int startPos = mDataPos; 501 int firstIndex = -1, lastIndex = -2; 502 503 if (len == 0) { 504 return NO_ERROR; 505 } 506 507 if (len > INT32_MAX) { 508 // don't accept size_t values which may have come from an 509 // inadvertent conversion from a negative int. 510 return BAD_VALUE; 511 } 512 513 // range checks against the source parcel size 514 if ((offset > parcel->mDataSize) 515 || (len > parcel->mDataSize) 516 || (offset + len > parcel->mDataSize)) { 517 return BAD_VALUE; 518 } 519 520 // Count objects in range 521 for (int i = 0; i < (int) size; i++) { 522 size_t off = objects[i]; 523 if ((off >= offset) && (off + sizeof(flat_binder_object) <= offset + len)) { 524 if (firstIndex == -1) { 525 firstIndex = i; 526 } 527 lastIndex = i; 528 } 529 } 530 int numObjects = lastIndex - firstIndex + 1; 531 532 if ((mDataSize+len) > mDataCapacity) { 533 // grow data 534 err = growData(len); 535 if (err != NO_ERROR) { 536 return err; 537 } 538 } 539 540 // append data 541 memcpy(mData + mDataPos, data + offset, len); 542 mDataPos += len; 543 mDataSize += len; 544 545 err = NO_ERROR; 546 547 if (numObjects > 0) { 548 // grow objects 549 if (mObjectsCapacity < mObjectsSize + numObjects) { 550 size_t newSize = ((mObjectsSize + numObjects)*3)/2; 551 if (newSize < mObjectsSize) return NO_MEMORY; // overflow 552 binder_size_t *objects = 553 (binder_size_t*)realloc(mObjects, newSize*sizeof(binder_size_t)); 554 if (objects == (binder_size_t*)0) { 555 return NO_MEMORY; 556 } 557 mObjects = objects; 558 mObjectsCapacity = newSize; 559 } 560 561 // append and acquire objects 562 int idx = mObjectsSize; 563 for (int i = firstIndex; i <= lastIndex; i++) { 564 size_t off = objects[i] - offset + startPos; 565 mObjects[idx++] = off; 566 mObjectsSize++; 567 568 flat_binder_object* flat 569 = reinterpret_cast<flat_binder_object*>(mData + off); 570 acquire_object(proc, *flat, this, &mOpenAshmemSize); 571 572 if (flat->type == BINDER_TYPE_FD) { 573 // If this is a file descriptor, we need to dup it so the 574 // new Parcel now owns its own fd, and can declare that we 575 // officially know we have fds. 576 flat->handle = dup(flat->handle); 577 flat->cookie = 1; 578 mHasFds = mFdsKnown = true; 579 if (!mAllowFds) { 580 err = FDS_NOT_ALLOWED; 581 } 582 } 583 } 584 } 585 586 return err; 587} 588 589bool Parcel::allowFds() const 590{ 591 return mAllowFds; 592} 593 594bool Parcel::pushAllowFds(bool allowFds) 595{ 596 const bool origValue = mAllowFds; 597 if (!allowFds) { 598 mAllowFds = false; 599 } 600 return origValue; 601} 602 603void Parcel::restoreAllowFds(bool lastValue) 604{ 605 mAllowFds = lastValue; 606} 607 608bool Parcel::hasFileDescriptors() const 609{ 610 if (!mFdsKnown) { 611 scanForFds(); 612 } 613 return mHasFds; 614} 615 616// Write RPC headers. (previously just the interface token) 617status_t Parcel::writeInterfaceToken(const String16& interface) 618{ 619 writeInt32(IPCThreadState::self()->getStrictModePolicy() | 620 STRICT_MODE_PENALTY_GATHER); 621 // currently the interface identification token is just its name as a string 622 return writeString16(interface); 623} 624 625bool Parcel::checkInterface(IBinder* binder) const 626{ 627 return enforceInterface(binder->getInterfaceDescriptor()); 628} 629 630bool Parcel::enforceInterface(const String16& interface, 631 IPCThreadState* threadState) const 632{ 633 int32_t strictPolicy = readInt32(); 634 if (threadState == NULL) { 635 threadState = IPCThreadState::self(); 636 } 637 if ((threadState->getLastTransactionBinderFlags() & 638 IBinder::FLAG_ONEWAY) != 0) { 639 // For one-way calls, the callee is running entirely 640 // disconnected from the caller, so disable StrictMode entirely. 641 // Not only does disk/network usage not impact the caller, but 642 // there's no way to commuicate back any violations anyway. 643 threadState->setStrictModePolicy(0); 644 } else { 645 threadState->setStrictModePolicy(strictPolicy); 646 } 647 const String16 str(readString16()); 648 if (str == interface) { 649 return true; 650 } else { 651 ALOGW("**** enforceInterface() expected '%s' but read '%s'", 652 String8(interface).string(), String8(str).string()); 653 return false; 654 } 655} 656 657const binder_size_t* Parcel::objects() const 658{ 659 return mObjects; 660} 661 662size_t Parcel::objectsCount() const 663{ 664 return mObjectsSize; 665} 666 667status_t Parcel::errorCheck() const 668{ 669 return mError; 670} 671 672void Parcel::setError(status_t err) 673{ 674 mError = err; 675} 676 677status_t Parcel::finishWrite(size_t len) 678{ 679 if (len > INT32_MAX) { 680 // don't accept size_t values which may have come from an 681 // inadvertent conversion from a negative int. 682 return BAD_VALUE; 683 } 684 685 //printf("Finish write of %d\n", len); 686 mDataPos += len; 687 ALOGV("finishWrite Setting data pos of %p to %zu", this, mDataPos); 688 if (mDataPos > mDataSize) { 689 mDataSize = mDataPos; 690 ALOGV("finishWrite Setting data size of %p to %zu", this, mDataSize); 691 } 692 //printf("New pos=%d, size=%d\n", mDataPos, mDataSize); 693 return NO_ERROR; 694} 695 696status_t Parcel::writeUnpadded(const void* data, size_t len) 697{ 698 if (len > INT32_MAX) { 699 // don't accept size_t values which may have come from an 700 // inadvertent conversion from a negative int. 701 return BAD_VALUE; 702 } 703 704 size_t end = mDataPos + len; 705 if (end < mDataPos) { 706 // integer overflow 707 return BAD_VALUE; 708 } 709 710 if (end <= mDataCapacity) { 711restart_write: 712 memcpy(mData+mDataPos, data, len); 713 return finishWrite(len); 714 } 715 716 status_t err = growData(len); 717 if (err == NO_ERROR) goto restart_write; 718 return err; 719} 720 721status_t Parcel::write(const void* data, size_t len) 722{ 723 if (len > INT32_MAX) { 724 // don't accept size_t values which may have come from an 725 // inadvertent conversion from a negative int. 726 return BAD_VALUE; 727 } 728 729 void* const d = writeInplace(len); 730 if (d) { 731 memcpy(d, data, len); 732 return NO_ERROR; 733 } 734 return mError; 735} 736 737void* Parcel::writeInplace(size_t len) 738{ 739 if (len > INT32_MAX) { 740 // don't accept size_t values which may have come from an 741 // inadvertent conversion from a negative int. 742 return NULL; 743 } 744 745 const size_t padded = pad_size(len); 746 747 // sanity check for integer overflow 748 if (mDataPos+padded < mDataPos) { 749 return NULL; 750 } 751 752 if ((mDataPos+padded) <= mDataCapacity) { 753restart_write: 754 //printf("Writing %ld bytes, padded to %ld\n", len, padded); 755 uint8_t* const data = mData+mDataPos; 756 757 // Need to pad at end? 758 if (padded != len) { 759#if BYTE_ORDER == BIG_ENDIAN 760 static const uint32_t mask[4] = { 761 0x00000000, 0xffffff00, 0xffff0000, 0xff000000 762 }; 763#endif 764#if BYTE_ORDER == LITTLE_ENDIAN 765 static const uint32_t mask[4] = { 766 0x00000000, 0x00ffffff, 0x0000ffff, 0x000000ff 767 }; 768#endif 769 //printf("Applying pad mask: %p to %p\n", (void*)mask[padded-len], 770 // *reinterpret_cast<void**>(data+padded-4)); 771 *reinterpret_cast<uint32_t*>(data+padded-4) &= mask[padded-len]; 772 } 773 774 finishWrite(padded); 775 return data; 776 } 777 778 status_t err = growData(padded); 779 if (err == NO_ERROR) goto restart_write; 780 return NULL; 781} 782 783status_t Parcel::writeUtf8AsUtf16(const std::string& str) { 784 const uint8_t* strData = (uint8_t*)str.data(); 785 const size_t strLen= str.length(); 786 const ssize_t utf16Len = utf8_to_utf16_length(strData, strLen); 787 if (utf16Len < 0 || utf16Len> std::numeric_limits<int32_t>::max()) { 788 return BAD_VALUE; 789 } 790 791 status_t err = writeInt32(utf16Len); 792 if (err) { 793 return err; 794 } 795 796 // Allocate enough bytes to hold our converted string and its terminating NULL. 797 void* dst = writeInplace((utf16Len + 1) * sizeof(char16_t)); 798 if (!dst) { 799 return NO_MEMORY; 800 } 801 802 utf8_to_utf16(strData, strLen, (char16_t*)dst); 803 804 return NO_ERROR; 805} 806 807status_t Parcel::writeUtf8AsUtf16(const std::unique_ptr<std::string>& str) { 808 if (!str) { 809 return writeInt32(-1); 810 } 811 return writeUtf8AsUtf16(*str); 812} 813 814namespace { 815 816template<typename T> 817status_t writeByteVectorInternal(Parcel* parcel, const std::vector<T>& val) 818{ 819 status_t status; 820 if (val.size() > std::numeric_limits<int32_t>::max()) { 821 status = BAD_VALUE; 822 return status; 823 } 824 825 status = parcel->writeInt32(val.size()); 826 if (status != OK) { 827 return status; 828 } 829 830 void* data = parcel->writeInplace(val.size()); 831 if (!data) { 832 status = BAD_VALUE; 833 return status; 834 } 835 836 memcpy(data, val.data(), val.size()); 837 return status; 838} 839 840template<typename T> 841status_t writeByteVectorInternalPtr(Parcel* parcel, 842 const std::unique_ptr<std::vector<T>>& val) 843{ 844 if (!val) { 845 return parcel->writeInt32(-1); 846 } 847 848 return writeByteVectorInternal(parcel, *val); 849} 850 851} // namespace 852 853status_t Parcel::writeByteVector(const std::vector<int8_t>& val) { 854 return writeByteVectorInternal(this, val); 855} 856 857status_t Parcel::writeByteVector(const std::unique_ptr<std::vector<int8_t>>& val) 858{ 859 return writeByteVectorInternalPtr(this, val); 860} 861 862status_t Parcel::writeByteVector(const std::vector<uint8_t>& val) { 863 return writeByteVectorInternal(this, val); 864} 865 866status_t Parcel::writeByteVector(const std::unique_ptr<std::vector<uint8_t>>& val) 867{ 868 return writeByteVectorInternalPtr(this, val); 869} 870 871status_t Parcel::writeInt32Vector(const std::vector<int32_t>& val) 872{ 873 return writeTypedVector(val, &Parcel::writeInt32); 874} 875 876status_t Parcel::writeInt32Vector(const std::unique_ptr<std::vector<int32_t>>& val) 877{ 878 return writeNullableTypedVector(val, &Parcel::writeInt32); 879} 880 881status_t Parcel::writeInt64Vector(const std::vector<int64_t>& val) 882{ 883 return writeTypedVector(val, &Parcel::writeInt64); 884} 885 886status_t Parcel::writeInt64Vector(const std::unique_ptr<std::vector<int64_t>>& val) 887{ 888 return writeNullableTypedVector(val, &Parcel::writeInt64); 889} 890 891status_t Parcel::writeFloatVector(const std::vector<float>& val) 892{ 893 return writeTypedVector(val, &Parcel::writeFloat); 894} 895 896status_t Parcel::writeFloatVector(const std::unique_ptr<std::vector<float>>& val) 897{ 898 return writeNullableTypedVector(val, &Parcel::writeFloat); 899} 900 901status_t Parcel::writeDoubleVector(const std::vector<double>& val) 902{ 903 return writeTypedVector(val, &Parcel::writeDouble); 904} 905 906status_t Parcel::writeDoubleVector(const std::unique_ptr<std::vector<double>>& val) 907{ 908 return writeNullableTypedVector(val, &Parcel::writeDouble); 909} 910 911status_t Parcel::writeBoolVector(const std::vector<bool>& val) 912{ 913 return writeTypedVector(val, &Parcel::writeBool); 914} 915 916status_t Parcel::writeBoolVector(const std::unique_ptr<std::vector<bool>>& val) 917{ 918 return writeNullableTypedVector(val, &Parcel::writeBool); 919} 920 921status_t Parcel::writeCharVector(const std::vector<char16_t>& val) 922{ 923 return writeTypedVector(val, &Parcel::writeChar); 924} 925 926status_t Parcel::writeCharVector(const std::unique_ptr<std::vector<char16_t>>& val) 927{ 928 return writeNullableTypedVector(val, &Parcel::writeChar); 929} 930 931status_t Parcel::writeString16Vector(const std::vector<String16>& val) 932{ 933 return writeTypedVector(val, &Parcel::writeString16); 934} 935 936status_t Parcel::writeString16Vector( 937 const std::unique_ptr<std::vector<std::unique_ptr<String16>>>& val) 938{ 939 return writeNullableTypedVector(val, &Parcel::writeString16); 940} 941 942status_t Parcel::writeUtf8VectorAsUtf16Vector( 943 const std::unique_ptr<std::vector<std::unique_ptr<std::string>>>& val) { 944 return writeNullableTypedVector(val, &Parcel::writeUtf8AsUtf16); 945} 946 947status_t Parcel::writeUtf8VectorAsUtf16Vector(const std::vector<std::string>& val) { 948 return writeTypedVector(val, &Parcel::writeUtf8AsUtf16); 949} 950 951status_t Parcel::writeInt32(int32_t val) 952{ 953 return writeAligned(val); 954} 955 956status_t Parcel::writeUint32(uint32_t val) 957{ 958 return writeAligned(val); 959} 960 961status_t Parcel::writeInt32Array(size_t len, const int32_t *val) { 962 if (len > INT32_MAX) { 963 // don't accept size_t values which may have come from an 964 // inadvertent conversion from a negative int. 965 return BAD_VALUE; 966 } 967 968 if (!val) { 969 return writeInt32(-1); 970 } 971 status_t ret = writeInt32(static_cast<uint32_t>(len)); 972 if (ret == NO_ERROR) { 973 ret = write(val, len * sizeof(*val)); 974 } 975 return ret; 976} 977status_t Parcel::writeByteArray(size_t len, const uint8_t *val) { 978 if (len > INT32_MAX) { 979 // don't accept size_t values which may have come from an 980 // inadvertent conversion from a negative int. 981 return BAD_VALUE; 982 } 983 984 if (!val) { 985 return writeInt32(-1); 986 } 987 status_t ret = writeInt32(static_cast<uint32_t>(len)); 988 if (ret == NO_ERROR) { 989 ret = write(val, len * sizeof(*val)); 990 } 991 return ret; 992} 993 994status_t Parcel::writeBool(bool val) 995{ 996 return writeInt32(int32_t(val)); 997} 998 999status_t Parcel::writeChar(char16_t val) 1000{ 1001 return writeInt32(int32_t(val)); 1002} 1003 1004status_t Parcel::writeByte(int8_t val) 1005{ 1006 return writeInt32(int32_t(val)); 1007} 1008 1009status_t Parcel::writeInt64(int64_t val) 1010{ 1011 return writeAligned(val); 1012} 1013 1014status_t Parcel::writeUint64(uint64_t val) 1015{ 1016 return writeAligned(val); 1017} 1018 1019status_t Parcel::writePointer(uintptr_t val) 1020{ 1021 return writeAligned<binder_uintptr_t>(val); 1022} 1023 1024status_t Parcel::writeFloat(float val) 1025{ 1026 return writeAligned(val); 1027} 1028 1029#if defined(__mips__) && defined(__mips_hard_float) 1030 1031status_t Parcel::writeDouble(double val) 1032{ 1033 union { 1034 double d; 1035 unsigned long long ll; 1036 } u; 1037 u.d = val; 1038 return writeAligned(u.ll); 1039} 1040 1041#else 1042 1043status_t Parcel::writeDouble(double val) 1044{ 1045 return writeAligned(val); 1046} 1047 1048#endif 1049 1050status_t Parcel::writeCString(const char* str) 1051{ 1052 return write(str, strlen(str)+1); 1053} 1054 1055status_t Parcel::writeString8(const String8& str) 1056{ 1057 status_t err = writeInt32(str.bytes()); 1058 // only write string if its length is more than zero characters, 1059 // as readString8 will only read if the length field is non-zero. 1060 // this is slightly different from how writeString16 works. 1061 if (str.bytes() > 0 && err == NO_ERROR) { 1062 err = write(str.string(), str.bytes()+1); 1063 } 1064 return err; 1065} 1066 1067status_t Parcel::writeString16(const std::unique_ptr<String16>& str) 1068{ 1069 if (!str) { 1070 return writeInt32(-1); 1071 } 1072 1073 return writeString16(*str); 1074} 1075 1076status_t Parcel::writeString16(const String16& str) 1077{ 1078 return writeString16(str.string(), str.size()); 1079} 1080 1081status_t Parcel::writeString16(const char16_t* str, size_t len) 1082{ 1083 if (str == NULL) return writeInt32(-1); 1084 1085 status_t err = writeInt32(len); 1086 if (err == NO_ERROR) { 1087 len *= sizeof(char16_t); 1088 uint8_t* data = (uint8_t*)writeInplace(len+sizeof(char16_t)); 1089 if (data) { 1090 memcpy(data, str, len); 1091 *reinterpret_cast<char16_t*>(data+len) = 0; 1092 return NO_ERROR; 1093 } 1094 err = mError; 1095 } 1096 return err; 1097} 1098 1099status_t Parcel::writeStrongBinder(const sp<IBinder>& val) 1100{ 1101 return flatten_binder(ProcessState::self(), val, this); 1102} 1103 1104status_t Parcel::writeStrongBinderVector(const std::vector<sp<IBinder>>& val) 1105{ 1106 return writeTypedVector(val, &Parcel::writeStrongBinder); 1107} 1108 1109status_t Parcel::writeStrongBinderVector(const std::unique_ptr<std::vector<sp<IBinder>>>& val) 1110{ 1111 return writeNullableTypedVector(val, &Parcel::writeStrongBinder); 1112} 1113 1114status_t Parcel::readStrongBinderVector(std::unique_ptr<std::vector<sp<IBinder>>>* val) const { 1115 return readNullableTypedVector(val, &Parcel::readStrongBinder); 1116} 1117 1118status_t Parcel::readStrongBinderVector(std::vector<sp<IBinder>>* val) const { 1119 return readTypedVector(val, &Parcel::readStrongBinder); 1120} 1121 1122status_t Parcel::writeWeakBinder(const wp<IBinder>& val) 1123{ 1124 return flatten_binder(ProcessState::self(), val, this); 1125} 1126 1127status_t Parcel::writeRawNullableParcelable(const Parcelable* parcelable) { 1128 if (!parcelable) { 1129 return writeInt32(0); 1130 } 1131 1132 return writeParcelable(*parcelable); 1133} 1134 1135status_t Parcel::writeParcelable(const Parcelable& parcelable) { 1136 status_t status = writeInt32(1); // parcelable is not null. 1137 if (status != OK) { 1138 return status; 1139 } 1140 return parcelable.writeToParcel(this); 1141} 1142 1143status_t Parcel::writeNativeHandle(const native_handle* handle) 1144{ 1145 if (!handle || handle->version != sizeof(native_handle)) 1146 return BAD_TYPE; 1147 1148 status_t err; 1149 err = writeInt32(handle->numFds); 1150 if (err != NO_ERROR) return err; 1151 1152 err = writeInt32(handle->numInts); 1153 if (err != NO_ERROR) return err; 1154 1155 for (int i=0 ; err==NO_ERROR && i<handle->numFds ; i++) 1156 err = writeDupFileDescriptor(handle->data[i]); 1157 1158 if (err != NO_ERROR) { 1159 ALOGD("write native handle, write dup fd failed"); 1160 return err; 1161 } 1162 err = write(handle->data + handle->numFds, sizeof(int)*handle->numInts); 1163 return err; 1164} 1165 1166status_t Parcel::writeFileDescriptor(int fd, bool takeOwnership) 1167{ 1168 flat_binder_object obj; 1169 obj.type = BINDER_TYPE_FD; 1170 obj.flags = 0x7f | FLAT_BINDER_FLAG_ACCEPTS_FDS; 1171 obj.binder = 0; /* Don't pass uninitialized stack data to a remote process */ 1172 obj.handle = fd; 1173 obj.cookie = takeOwnership ? 1 : 0; 1174 return writeObject(obj, true); 1175} 1176 1177status_t Parcel::writeDupFileDescriptor(int fd) 1178{ 1179 int dupFd = dup(fd); 1180 if (dupFd < 0) { 1181 return -errno; 1182 } 1183 status_t err = writeFileDescriptor(dupFd, true /*takeOwnership*/); 1184 if (err != OK) { 1185 close(dupFd); 1186 } 1187 return err; 1188} 1189 1190status_t Parcel::writeUniqueFileDescriptor(const ScopedFd& fd) { 1191 return writeDupFileDescriptor(fd.get()); 1192} 1193 1194status_t Parcel::writeUniqueFileDescriptorVector(const std::vector<ScopedFd>& val) { 1195 return writeTypedVector(val, &Parcel::writeUniqueFileDescriptor); 1196} 1197 1198status_t Parcel::writeUniqueFileDescriptorVector(const std::unique_ptr<std::vector<ScopedFd>>& val) { 1199 return writeNullableTypedVector(val, &Parcel::writeUniqueFileDescriptor); 1200} 1201 1202status_t Parcel::writeBlob(size_t len, bool mutableCopy, WritableBlob* outBlob) 1203{ 1204 if (len > INT32_MAX) { 1205 // don't accept size_t values which may have come from an 1206 // inadvertent conversion from a negative int. 1207 return BAD_VALUE; 1208 } 1209 1210 status_t status; 1211 if (!mAllowFds || len <= BLOB_INPLACE_LIMIT) { 1212 ALOGV("writeBlob: write in place"); 1213 status = writeInt32(BLOB_INPLACE); 1214 if (status) return status; 1215 1216 void* ptr = writeInplace(len); 1217 if (!ptr) return NO_MEMORY; 1218 1219 outBlob->init(-1, ptr, len, false); 1220 return NO_ERROR; 1221 } 1222 1223 ALOGV("writeBlob: write to ashmem"); 1224 int fd = ashmem_create_region("Parcel Blob", len); 1225 if (fd < 0) return NO_MEMORY; 1226 1227 int result = ashmem_set_prot_region(fd, PROT_READ | PROT_WRITE); 1228 if (result < 0) { 1229 status = result; 1230 } else { 1231 void* ptr = ::mmap(NULL, len, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); 1232 if (ptr == MAP_FAILED) { 1233 status = -errno; 1234 } else { 1235 if (!mutableCopy) { 1236 result = ashmem_set_prot_region(fd, PROT_READ); 1237 } 1238 if (result < 0) { 1239 status = result; 1240 } else { 1241 status = writeInt32(mutableCopy ? BLOB_ASHMEM_MUTABLE : BLOB_ASHMEM_IMMUTABLE); 1242 if (!status) { 1243 status = writeFileDescriptor(fd, true /*takeOwnership*/); 1244 if (!status) { 1245 outBlob->init(fd, ptr, len, mutableCopy); 1246 return NO_ERROR; 1247 } 1248 } 1249 } 1250 } 1251 ::munmap(ptr, len); 1252 } 1253 ::close(fd); 1254 return status; 1255} 1256 1257status_t Parcel::writeDupImmutableBlobFileDescriptor(int fd) 1258{ 1259 // Must match up with what's done in writeBlob. 1260 if (!mAllowFds) return FDS_NOT_ALLOWED; 1261 status_t status = writeInt32(BLOB_ASHMEM_IMMUTABLE); 1262 if (status) return status; 1263 return writeDupFileDescriptor(fd); 1264} 1265 1266status_t Parcel::write(const FlattenableHelperInterface& val) 1267{ 1268 status_t err; 1269 1270 // size if needed 1271 const size_t len = val.getFlattenedSize(); 1272 const size_t fd_count = val.getFdCount(); 1273 1274 if ((len > INT32_MAX) || (fd_count >= gMaxFds)) { 1275 // don't accept size_t values which may have come from an 1276 // inadvertent conversion from a negative int. 1277 return BAD_VALUE; 1278 } 1279 1280 err = this->writeInt32(len); 1281 if (err) return err; 1282 1283 err = this->writeInt32(fd_count); 1284 if (err) return err; 1285 1286 // payload 1287 void* const buf = this->writeInplace(pad_size(len)); 1288 if (buf == NULL) 1289 return BAD_VALUE; 1290 1291 int* fds = NULL; 1292 if (fd_count) { 1293 fds = new (std::nothrow) int[fd_count]; 1294 if (fds == nullptr) { 1295 ALOGE("write: failed to allocate requested %zu fds", fd_count); 1296 return BAD_VALUE; 1297 } 1298 } 1299 1300 err = val.flatten(buf, len, fds, fd_count); 1301 for (size_t i=0 ; i<fd_count && err==NO_ERROR ; i++) { 1302 err = this->writeDupFileDescriptor( fds[i] ); 1303 } 1304 1305 if (fd_count) { 1306 delete [] fds; 1307 } 1308 1309 return err; 1310} 1311 1312status_t Parcel::writeObject(const flat_binder_object& val, bool nullMetaData) 1313{ 1314 const bool enoughData = (mDataPos+sizeof(val)) <= mDataCapacity; 1315 const bool enoughObjects = mObjectsSize < mObjectsCapacity; 1316 if (enoughData && enoughObjects) { 1317restart_write: 1318 *reinterpret_cast<flat_binder_object*>(mData+mDataPos) = val; 1319 1320 // remember if it's a file descriptor 1321 if (val.type == BINDER_TYPE_FD) { 1322 if (!mAllowFds) { 1323 // fail before modifying our object index 1324 return FDS_NOT_ALLOWED; 1325 } 1326 mHasFds = mFdsKnown = true; 1327 } 1328 1329 // Need to write meta-data? 1330 if (nullMetaData || val.binder != 0) { 1331 mObjects[mObjectsSize] = mDataPos; 1332 acquire_object(ProcessState::self(), val, this, &mOpenAshmemSize); 1333 mObjectsSize++; 1334 } 1335 1336 return finishWrite(sizeof(flat_binder_object)); 1337 } 1338 1339 if (!enoughData) { 1340 const status_t err = growData(sizeof(val)); 1341 if (err != NO_ERROR) return err; 1342 } 1343 if (!enoughObjects) { 1344 size_t newSize = ((mObjectsSize+2)*3)/2; 1345 if (newSize < mObjectsSize) return NO_MEMORY; // overflow 1346 binder_size_t* objects = (binder_size_t*)realloc(mObjects, newSize*sizeof(binder_size_t)); 1347 if (objects == NULL) return NO_MEMORY; 1348 mObjects = objects; 1349 mObjectsCapacity = newSize; 1350 } 1351 1352 goto restart_write; 1353} 1354 1355status_t Parcel::writeNoException() 1356{ 1357 binder::Status status; 1358 return status.writeToParcel(this); 1359} 1360 1361void Parcel::remove(size_t /*start*/, size_t /*amt*/) 1362{ 1363 LOG_ALWAYS_FATAL("Parcel::remove() not yet implemented!"); 1364} 1365 1366status_t Parcel::read(void* outData, size_t len) const 1367{ 1368 if (len > INT32_MAX) { 1369 // don't accept size_t values which may have come from an 1370 // inadvertent conversion from a negative int. 1371 return BAD_VALUE; 1372 } 1373 1374 if ((mDataPos+pad_size(len)) >= mDataPos && (mDataPos+pad_size(len)) <= mDataSize 1375 && len <= pad_size(len)) { 1376 memcpy(outData, mData+mDataPos, len); 1377 mDataPos += pad_size(len); 1378 ALOGV("read Setting data pos of %p to %zu", this, mDataPos); 1379 return NO_ERROR; 1380 } 1381 return NOT_ENOUGH_DATA; 1382} 1383 1384const void* Parcel::readInplace(size_t len) const 1385{ 1386 if (len > INT32_MAX) { 1387 // don't accept size_t values which may have come from an 1388 // inadvertent conversion from a negative int. 1389 return NULL; 1390 } 1391 1392 if ((mDataPos+pad_size(len)) >= mDataPos && (mDataPos+pad_size(len)) <= mDataSize 1393 && len <= pad_size(len)) { 1394 const void* data = mData+mDataPos; 1395 mDataPos += pad_size(len); 1396 ALOGV("readInplace Setting data pos of %p to %zu", this, mDataPos); 1397 return data; 1398 } 1399 return NULL; 1400} 1401 1402template<class T> 1403status_t Parcel::readAligned(T *pArg) const { 1404 COMPILE_TIME_ASSERT_FUNCTION_SCOPE(PAD_SIZE_UNSAFE(sizeof(T)) == sizeof(T)); 1405 1406 if ((mDataPos+sizeof(T)) <= mDataSize) { 1407 const void* data = mData+mDataPos; 1408 mDataPos += sizeof(T); 1409 *pArg = *reinterpret_cast<const T*>(data); 1410 return NO_ERROR; 1411 } else { 1412 return NOT_ENOUGH_DATA; 1413 } 1414} 1415 1416template<class T> 1417T Parcel::readAligned() const { 1418 T result; 1419 if (readAligned(&result) != NO_ERROR) { 1420 result = 0; 1421 } 1422 1423 return result; 1424} 1425 1426template<class T> 1427status_t Parcel::writeAligned(T val) { 1428 COMPILE_TIME_ASSERT_FUNCTION_SCOPE(PAD_SIZE_UNSAFE(sizeof(T)) == sizeof(T)); 1429 1430 if ((mDataPos+sizeof(val)) <= mDataCapacity) { 1431restart_write: 1432 *reinterpret_cast<T*>(mData+mDataPos) = val; 1433 return finishWrite(sizeof(val)); 1434 } 1435 1436 status_t err = growData(sizeof(val)); 1437 if (err == NO_ERROR) goto restart_write; 1438 return err; 1439} 1440 1441namespace { 1442 1443template<typename T> 1444status_t readByteVectorInternal(const Parcel* parcel, 1445 std::vector<T>* val) { 1446 val->clear(); 1447 1448 int32_t size; 1449 status_t status = parcel->readInt32(&size); 1450 1451 if (status != OK) { 1452 return status; 1453 } 1454 1455 if (size < 0) { 1456 status = UNEXPECTED_NULL; 1457 return status; 1458 } 1459 if (size_t(size) > parcel->dataAvail()) { 1460 status = BAD_VALUE; 1461 return status; 1462 } 1463 1464 const void* data = parcel->readInplace(size); 1465 if (!data) { 1466 status = BAD_VALUE; 1467 return status; 1468 } 1469 val->resize(size); 1470 memcpy(val->data(), data, size); 1471 1472 return status; 1473} 1474 1475template<typename T> 1476status_t readByteVectorInternalPtr( 1477 const Parcel* parcel, 1478 std::unique_ptr<std::vector<T>>* val) { 1479 const int32_t start = parcel->dataPosition(); 1480 int32_t size; 1481 status_t status = parcel->readInt32(&size); 1482 val->reset(); 1483 1484 if (status != OK || size < 0) { 1485 return status; 1486 } 1487 1488 parcel->setDataPosition(start); 1489 val->reset(new (std::nothrow) std::vector<T>()); 1490 1491 status = readByteVectorInternal(parcel, val->get()); 1492 1493 if (status != OK) { 1494 val->reset(); 1495 } 1496 1497 return status; 1498} 1499 1500} // namespace 1501 1502status_t Parcel::readByteVector(std::vector<int8_t>* val) const { 1503 return readByteVectorInternal(this, val); 1504} 1505 1506status_t Parcel::readByteVector(std::vector<uint8_t>* val) const { 1507 return readByteVectorInternal(this, val); 1508} 1509 1510status_t Parcel::readByteVector(std::unique_ptr<std::vector<int8_t>>* val) const { 1511 return readByteVectorInternalPtr(this, val); 1512} 1513 1514status_t Parcel::readByteVector(std::unique_ptr<std::vector<uint8_t>>* val) const { 1515 return readByteVectorInternalPtr(this, val); 1516} 1517 1518status_t Parcel::readInt32Vector(std::unique_ptr<std::vector<int32_t>>* val) const { 1519 return readNullableTypedVector(val, &Parcel::readInt32); 1520} 1521 1522status_t Parcel::readInt32Vector(std::vector<int32_t>* val) const { 1523 return readTypedVector(val, &Parcel::readInt32); 1524} 1525 1526status_t Parcel::readInt64Vector(std::unique_ptr<std::vector<int64_t>>* val) const { 1527 return readNullableTypedVector(val, &Parcel::readInt64); 1528} 1529 1530status_t Parcel::readInt64Vector(std::vector<int64_t>* val) const { 1531 return readTypedVector(val, &Parcel::readInt64); 1532} 1533 1534status_t Parcel::readFloatVector(std::unique_ptr<std::vector<float>>* val) const { 1535 return readNullableTypedVector(val, &Parcel::readFloat); 1536} 1537 1538status_t Parcel::readFloatVector(std::vector<float>* val) const { 1539 return readTypedVector(val, &Parcel::readFloat); 1540} 1541 1542status_t Parcel::readDoubleVector(std::unique_ptr<std::vector<double>>* val) const { 1543 return readNullableTypedVector(val, &Parcel::readDouble); 1544} 1545 1546status_t Parcel::readDoubleVector(std::vector<double>* val) const { 1547 return readTypedVector(val, &Parcel::readDouble); 1548} 1549 1550status_t Parcel::readBoolVector(std::unique_ptr<std::vector<bool>>* val) const { 1551 const int32_t start = dataPosition(); 1552 int32_t size; 1553 status_t status = readInt32(&size); 1554 val->reset(); 1555 1556 if (status != OK || size < 0) { 1557 return status; 1558 } 1559 1560 setDataPosition(start); 1561 val->reset(new (std::nothrow) std::vector<bool>()); 1562 1563 status = readBoolVector(val->get()); 1564 1565 if (status != OK) { 1566 val->reset(); 1567 } 1568 1569 return status; 1570} 1571 1572status_t Parcel::readBoolVector(std::vector<bool>* val) const { 1573 int32_t size; 1574 status_t status = readInt32(&size); 1575 1576 if (status != OK) { 1577 return status; 1578 } 1579 1580 if (size < 0) { 1581 return UNEXPECTED_NULL; 1582 } 1583 1584 val->resize(size); 1585 1586 /* C++ bool handling means a vector of bools isn't necessarily addressable 1587 * (we might use individual bits) 1588 */ 1589 bool data; 1590 for (int32_t i = 0; i < size; ++i) { 1591 status = readBool(&data); 1592 (*val)[i] = data; 1593 1594 if (status != OK) { 1595 return status; 1596 } 1597 } 1598 1599 return OK; 1600} 1601 1602status_t Parcel::readCharVector(std::unique_ptr<std::vector<char16_t>>* val) const { 1603 return readNullableTypedVector(val, &Parcel::readChar); 1604} 1605 1606status_t Parcel::readCharVector(std::vector<char16_t>* val) const { 1607 return readTypedVector(val, &Parcel::readChar); 1608} 1609 1610status_t Parcel::readString16Vector( 1611 std::unique_ptr<std::vector<std::unique_ptr<String16>>>* val) const { 1612 return readNullableTypedVector(val, &Parcel::readString16); 1613} 1614 1615status_t Parcel::readString16Vector(std::vector<String16>* val) const { 1616 return readTypedVector(val, &Parcel::readString16); 1617} 1618 1619status_t Parcel::readUtf8VectorFromUtf16Vector( 1620 std::unique_ptr<std::vector<std::unique_ptr<std::string>>>* val) const { 1621 return readNullableTypedVector(val, &Parcel::readUtf8FromUtf16); 1622} 1623 1624status_t Parcel::readUtf8VectorFromUtf16Vector(std::vector<std::string>* val) const { 1625 return readTypedVector(val, &Parcel::readUtf8FromUtf16); 1626} 1627 1628status_t Parcel::readInt32(int32_t *pArg) const 1629{ 1630 return readAligned(pArg); 1631} 1632 1633int32_t Parcel::readInt32() const 1634{ 1635 return readAligned<int32_t>(); 1636} 1637 1638status_t Parcel::readUint32(uint32_t *pArg) const 1639{ 1640 return readAligned(pArg); 1641} 1642 1643uint32_t Parcel::readUint32() const 1644{ 1645 return readAligned<uint32_t>(); 1646} 1647 1648status_t Parcel::readInt64(int64_t *pArg) const 1649{ 1650 return readAligned(pArg); 1651} 1652 1653 1654int64_t Parcel::readInt64() const 1655{ 1656 return readAligned<int64_t>(); 1657} 1658 1659status_t Parcel::readUint64(uint64_t *pArg) const 1660{ 1661 return readAligned(pArg); 1662} 1663 1664uint64_t Parcel::readUint64() const 1665{ 1666 return readAligned<uint64_t>(); 1667} 1668 1669status_t Parcel::readPointer(uintptr_t *pArg) const 1670{ 1671 status_t ret; 1672 binder_uintptr_t ptr; 1673 ret = readAligned(&ptr); 1674 if (!ret) 1675 *pArg = ptr; 1676 return ret; 1677} 1678 1679uintptr_t Parcel::readPointer() const 1680{ 1681 return readAligned<binder_uintptr_t>(); 1682} 1683 1684 1685status_t Parcel::readFloat(float *pArg) const 1686{ 1687 return readAligned(pArg); 1688} 1689 1690 1691float Parcel::readFloat() const 1692{ 1693 return readAligned<float>(); 1694} 1695 1696#if defined(__mips__) && defined(__mips_hard_float) 1697 1698status_t Parcel::readDouble(double *pArg) const 1699{ 1700 union { 1701 double d; 1702 unsigned long long ll; 1703 } u; 1704 u.d = 0; 1705 status_t status; 1706 status = readAligned(&u.ll); 1707 *pArg = u.d; 1708 return status; 1709} 1710 1711double Parcel::readDouble() const 1712{ 1713 union { 1714 double d; 1715 unsigned long long ll; 1716 } u; 1717 u.ll = readAligned<unsigned long long>(); 1718 return u.d; 1719} 1720 1721#else 1722 1723status_t Parcel::readDouble(double *pArg) const 1724{ 1725 return readAligned(pArg); 1726} 1727 1728double Parcel::readDouble() const 1729{ 1730 return readAligned<double>(); 1731} 1732 1733#endif 1734 1735status_t Parcel::readIntPtr(intptr_t *pArg) const 1736{ 1737 return readAligned(pArg); 1738} 1739 1740 1741intptr_t Parcel::readIntPtr() const 1742{ 1743 return readAligned<intptr_t>(); 1744} 1745 1746status_t Parcel::readBool(bool *pArg) const 1747{ 1748 int32_t tmp; 1749 status_t ret = readInt32(&tmp); 1750 *pArg = (tmp != 0); 1751 return ret; 1752} 1753 1754bool Parcel::readBool() const 1755{ 1756 return readInt32() != 0; 1757} 1758 1759status_t Parcel::readChar(char16_t *pArg) const 1760{ 1761 int32_t tmp; 1762 status_t ret = readInt32(&tmp); 1763 *pArg = char16_t(tmp); 1764 return ret; 1765} 1766 1767char16_t Parcel::readChar() const 1768{ 1769 return char16_t(readInt32()); 1770} 1771 1772status_t Parcel::readByte(int8_t *pArg) const 1773{ 1774 int32_t tmp; 1775 status_t ret = readInt32(&tmp); 1776 *pArg = int8_t(tmp); 1777 return ret; 1778} 1779 1780int8_t Parcel::readByte() const 1781{ 1782 return int8_t(readInt32()); 1783} 1784 1785status_t Parcel::readUtf8FromUtf16(std::string* str) const { 1786 size_t utf16Size = 0; 1787 const char16_t* src = readString16Inplace(&utf16Size); 1788 if (!src) { 1789 return UNEXPECTED_NULL; 1790 } 1791 1792 // Save ourselves the trouble, we're done. 1793 if (utf16Size == 0u) { 1794 str->clear(); 1795 return NO_ERROR; 1796 } 1797 1798 ssize_t utf8Size = utf16_to_utf8_length(src, utf16Size); 1799 if (utf8Size < 0) { 1800 return BAD_VALUE; 1801 } 1802 // Note that while it is probably safe to assume string::resize keeps a 1803 // spare byte around for the trailing null, we're going to be explicit. 1804 str->resize(utf8Size + 1); 1805 utf16_to_utf8(src, utf16Size, &((*str)[0])); 1806 str->resize(utf8Size); 1807 return NO_ERROR; 1808} 1809 1810status_t Parcel::readUtf8FromUtf16(std::unique_ptr<std::string>* str) const { 1811 const int32_t start = dataPosition(); 1812 int32_t size; 1813 status_t status = readInt32(&size); 1814 str->reset(); 1815 1816 if (status != OK || size < 0) { 1817 return status; 1818 } 1819 1820 setDataPosition(start); 1821 str->reset(new (std::nothrow) std::string()); 1822 return readUtf8FromUtf16(str->get()); 1823} 1824 1825const char* Parcel::readCString() const 1826{ 1827 const size_t avail = mDataSize-mDataPos; 1828 if (avail > 0) { 1829 const char* str = reinterpret_cast<const char*>(mData+mDataPos); 1830 // is the string's trailing NUL within the parcel's valid bounds? 1831 const char* eos = reinterpret_cast<const char*>(memchr(str, 0, avail)); 1832 if (eos) { 1833 const size_t len = eos - str; 1834 mDataPos += pad_size(len+1); 1835 ALOGV("readCString Setting data pos of %p to %zu", this, mDataPos); 1836 return str; 1837 } 1838 } 1839 return NULL; 1840} 1841 1842String8 Parcel::readString8() const 1843{ 1844 int32_t size = readInt32(); 1845 // watch for potential int overflow adding 1 for trailing NUL 1846 if (size > 0 && size < INT32_MAX) { 1847 const char* str = (const char*)readInplace(size+1); 1848 if (str) return String8(str, size); 1849 } 1850 return String8(); 1851} 1852 1853String16 Parcel::readString16() const 1854{ 1855 size_t len; 1856 const char16_t* str = readString16Inplace(&len); 1857 if (str) return String16(str, len); 1858 ALOGE("Reading a NULL string not supported here."); 1859 return String16(); 1860} 1861 1862status_t Parcel::readString16(std::unique_ptr<String16>* pArg) const 1863{ 1864 const int32_t start = dataPosition(); 1865 int32_t size; 1866 status_t status = readInt32(&size); 1867 pArg->reset(); 1868 1869 if (status != OK || size < 0) { 1870 return status; 1871 } 1872 1873 setDataPosition(start); 1874 pArg->reset(new (std::nothrow) String16()); 1875 1876 status = readString16(pArg->get()); 1877 1878 if (status != OK) { 1879 pArg->reset(); 1880 } 1881 1882 return status; 1883} 1884 1885status_t Parcel::readString16(String16* pArg) const 1886{ 1887 size_t len; 1888 const char16_t* str = readString16Inplace(&len); 1889 if (str) { 1890 pArg->setTo(str, len); 1891 return 0; 1892 } else { 1893 *pArg = String16(); 1894 return UNEXPECTED_NULL; 1895 } 1896} 1897 1898const char16_t* Parcel::readString16Inplace(size_t* outLen) const 1899{ 1900 int32_t size = readInt32(); 1901 // watch for potential int overflow from size+1 1902 if (size >= 0 && size < INT32_MAX) { 1903 *outLen = size; 1904 const char16_t* str = (const char16_t*)readInplace((size+1)*sizeof(char16_t)); 1905 if (str != NULL) { 1906 return str; 1907 } 1908 } 1909 *outLen = 0; 1910 return NULL; 1911} 1912 1913status_t Parcel::readStrongBinder(sp<IBinder>* val) const 1914{ 1915 return unflatten_binder(ProcessState::self(), *this, val); 1916} 1917 1918sp<IBinder> Parcel::readStrongBinder() const 1919{ 1920 sp<IBinder> val; 1921 readStrongBinder(&val); 1922 return val; 1923} 1924 1925wp<IBinder> Parcel::readWeakBinder() const 1926{ 1927 wp<IBinder> val; 1928 unflatten_binder(ProcessState::self(), *this, &val); 1929 return val; 1930} 1931 1932status_t Parcel::readParcelable(Parcelable* parcelable) const { 1933 int32_t have_parcelable = 0; 1934 status_t status = readInt32(&have_parcelable); 1935 if (status != OK) { 1936 return status; 1937 } 1938 if (!have_parcelable) { 1939 return UNEXPECTED_NULL; 1940 } 1941 return parcelable->readFromParcel(this); 1942} 1943 1944int32_t Parcel::readExceptionCode() const 1945{ 1946 binder::Status status; 1947 status.readFromParcel(*this); 1948 return status.exceptionCode(); 1949} 1950 1951native_handle* Parcel::readNativeHandle() const 1952{ 1953 int numFds, numInts; 1954 status_t err; 1955 err = readInt32(&numFds); 1956 if (err != NO_ERROR) return 0; 1957 err = readInt32(&numInts); 1958 if (err != NO_ERROR) return 0; 1959 1960 native_handle* h = native_handle_create(numFds, numInts); 1961 if (!h) { 1962 return 0; 1963 } 1964 1965 for (int i=0 ; err==NO_ERROR && i<numFds ; i++) { 1966 h->data[i] = dup(readFileDescriptor()); 1967 if (h->data[i] < 0) { 1968 for (int j = 0; j < i; j++) { 1969 close(h->data[j]); 1970 } 1971 native_handle_delete(h); 1972 return 0; 1973 } 1974 } 1975 err = read(h->data + numFds, sizeof(int)*numInts); 1976 if (err != NO_ERROR) { 1977 native_handle_close(h); 1978 native_handle_delete(h); 1979 h = 0; 1980 } 1981 return h; 1982} 1983 1984 1985int Parcel::readFileDescriptor() const 1986{ 1987 const flat_binder_object* flat = readObject(true); 1988 1989 if (flat && flat->type == BINDER_TYPE_FD) { 1990 return flat->handle; 1991 } 1992 1993 return BAD_TYPE; 1994} 1995 1996status_t Parcel::readUniqueFileDescriptor(ScopedFd* val) const 1997{ 1998 int got = readFileDescriptor(); 1999 2000 if (got == BAD_TYPE) { 2001 return BAD_TYPE; 2002 } 2003 2004 val->reset(dup(got)); 2005 2006 if (val->get() < 0) { 2007 return BAD_VALUE; 2008 } 2009 2010 return OK; 2011} 2012 2013 2014status_t Parcel::readUniqueFileDescriptorVector(std::unique_ptr<std::vector<ScopedFd>>* val) const { 2015 return readNullableTypedVector(val, &Parcel::readUniqueFileDescriptor); 2016} 2017 2018status_t Parcel::readUniqueFileDescriptorVector(std::vector<ScopedFd>* val) const { 2019 return readTypedVector(val, &Parcel::readUniqueFileDescriptor); 2020} 2021 2022status_t Parcel::readBlob(size_t len, ReadableBlob* outBlob) const 2023{ 2024 int32_t blobType; 2025 status_t status = readInt32(&blobType); 2026 if (status) return status; 2027 2028 if (blobType == BLOB_INPLACE) { 2029 ALOGV("readBlob: read in place"); 2030 const void* ptr = readInplace(len); 2031 if (!ptr) return BAD_VALUE; 2032 2033 outBlob->init(-1, const_cast<void*>(ptr), len, false); 2034 return NO_ERROR; 2035 } 2036 2037 ALOGV("readBlob: read from ashmem"); 2038 bool isMutable = (blobType == BLOB_ASHMEM_MUTABLE); 2039 int fd = readFileDescriptor(); 2040 if (fd == int(BAD_TYPE)) return BAD_VALUE; 2041 2042 void* ptr = ::mmap(NULL, len, isMutable ? PROT_READ | PROT_WRITE : PROT_READ, 2043 MAP_SHARED, fd, 0); 2044 if (ptr == MAP_FAILED) return NO_MEMORY; 2045 2046 outBlob->init(fd, ptr, len, isMutable); 2047 return NO_ERROR; 2048} 2049 2050status_t Parcel::read(FlattenableHelperInterface& val) const 2051{ 2052 // size 2053 const size_t len = this->readInt32(); 2054 const size_t fd_count = this->readInt32(); 2055 2056 if ((len > INT32_MAX) || (fd_count >= gMaxFds)) { 2057 // don't accept size_t values which may have come from an 2058 // inadvertent conversion from a negative int. 2059 return BAD_VALUE; 2060 } 2061 2062 // payload 2063 void const* const buf = this->readInplace(pad_size(len)); 2064 if (buf == NULL) 2065 return BAD_VALUE; 2066 2067 int* fds = NULL; 2068 if (fd_count) { 2069 fds = new (std::nothrow) int[fd_count]; 2070 if (fds == nullptr) { 2071 ALOGE("read: failed to allocate requested %zu fds", fd_count); 2072 return BAD_VALUE; 2073 } 2074 } 2075 2076 status_t err = NO_ERROR; 2077 for (size_t i=0 ; i<fd_count && err==NO_ERROR ; i++) { 2078 fds[i] = dup(this->readFileDescriptor()); 2079 if (fds[i] < 0) { 2080 err = BAD_VALUE; 2081 ALOGE("dup() failed in Parcel::read, i is %zu, fds[i] is %d, fd_count is %zu, error: %s", 2082 i, fds[i], fd_count, strerror(errno)); 2083 } 2084 } 2085 2086 if (err == NO_ERROR) { 2087 err = val.unflatten(buf, len, fds, fd_count); 2088 } 2089 2090 if (fd_count) { 2091 delete [] fds; 2092 } 2093 2094 return err; 2095} 2096const flat_binder_object* Parcel::readObject(bool nullMetaData) const 2097{ 2098 const size_t DPOS = mDataPos; 2099 if ((DPOS+sizeof(flat_binder_object)) <= mDataSize) { 2100 const flat_binder_object* obj 2101 = reinterpret_cast<const flat_binder_object*>(mData+DPOS); 2102 mDataPos = DPOS + sizeof(flat_binder_object); 2103 if (!nullMetaData && (obj->cookie == 0 && obj->binder == 0)) { 2104 // When transferring a NULL object, we don't write it into 2105 // the object list, so we don't want to check for it when 2106 // reading. 2107 ALOGV("readObject Setting data pos of %p to %zu", this, mDataPos); 2108 return obj; 2109 } 2110 2111 // Ensure that this object is valid... 2112 binder_size_t* const OBJS = mObjects; 2113 const size_t N = mObjectsSize; 2114 size_t opos = mNextObjectHint; 2115 2116 if (N > 0) { 2117 ALOGV("Parcel %p looking for obj at %zu, hint=%zu", 2118 this, DPOS, opos); 2119 2120 // Start at the current hint position, looking for an object at 2121 // the current data position. 2122 if (opos < N) { 2123 while (opos < (N-1) && OBJS[opos] < DPOS) { 2124 opos++; 2125 } 2126 } else { 2127 opos = N-1; 2128 } 2129 if (OBJS[opos] == DPOS) { 2130 // Found it! 2131 ALOGV("Parcel %p found obj %zu at index %zu with forward search", 2132 this, DPOS, opos); 2133 mNextObjectHint = opos+1; 2134 ALOGV("readObject Setting data pos of %p to %zu", this, mDataPos); 2135 return obj; 2136 } 2137 2138 // Look backwards for it... 2139 while (opos > 0 && OBJS[opos] > DPOS) { 2140 opos--; 2141 } 2142 if (OBJS[opos] == DPOS) { 2143 // Found it! 2144 ALOGV("Parcel %p found obj %zu at index %zu with backward search", 2145 this, DPOS, opos); 2146 mNextObjectHint = opos+1; 2147 ALOGV("readObject Setting data pos of %p to %zu", this, mDataPos); 2148 return obj; 2149 } 2150 } 2151 ALOGW("Attempt to read object from Parcel %p at offset %zu that is not in the object list", 2152 this, DPOS); 2153 } 2154 return NULL; 2155} 2156 2157void Parcel::closeFileDescriptors() 2158{ 2159 size_t i = mObjectsSize; 2160 if (i > 0) { 2161 //ALOGI("Closing file descriptors for %zu objects...", i); 2162 } 2163 while (i > 0) { 2164 i--; 2165 const flat_binder_object* flat 2166 = reinterpret_cast<flat_binder_object*>(mData+mObjects[i]); 2167 if (flat->type == BINDER_TYPE_FD) { 2168 //ALOGI("Closing fd: %ld", flat->handle); 2169 close(flat->handle); 2170 } 2171 } 2172} 2173 2174uintptr_t Parcel::ipcData() const 2175{ 2176 return reinterpret_cast<uintptr_t>(mData); 2177} 2178 2179size_t Parcel::ipcDataSize() const 2180{ 2181 return (mDataSize > mDataPos ? mDataSize : mDataPos); 2182} 2183 2184uintptr_t Parcel::ipcObjects() const 2185{ 2186 return reinterpret_cast<uintptr_t>(mObjects); 2187} 2188 2189size_t Parcel::ipcObjectsCount() const 2190{ 2191 return mObjectsSize; 2192} 2193 2194void Parcel::ipcSetDataReference(const uint8_t* data, size_t dataSize, 2195 const binder_size_t* objects, size_t objectsCount, release_func relFunc, void* relCookie) 2196{ 2197 binder_size_t minOffset = 0; 2198 freeDataNoInit(); 2199 mError = NO_ERROR; 2200 mData = const_cast<uint8_t*>(data); 2201 mDataSize = mDataCapacity = dataSize; 2202 //ALOGI("setDataReference Setting data size of %p to %lu (pid=%d)", this, mDataSize, getpid()); 2203 mDataPos = 0; 2204 ALOGV("setDataReference Setting data pos of %p to %zu", this, mDataPos); 2205 mObjects = const_cast<binder_size_t*>(objects); 2206 mObjectsSize = mObjectsCapacity = objectsCount; 2207 mNextObjectHint = 0; 2208 mOwner = relFunc; 2209 mOwnerCookie = relCookie; 2210 for (size_t i = 0; i < mObjectsSize; i++) { 2211 binder_size_t offset = mObjects[i]; 2212 if (offset < minOffset) { 2213 ALOGE("%s: bad object offset %" PRIu64 " < %" PRIu64 "\n", 2214 __func__, (uint64_t)offset, (uint64_t)minOffset); 2215 mObjectsSize = 0; 2216 break; 2217 } 2218 minOffset = offset + sizeof(flat_binder_object); 2219 } 2220 scanForFds(); 2221} 2222 2223void Parcel::print(TextOutput& to, uint32_t /*flags*/) const 2224{ 2225 to << "Parcel("; 2226 2227 if (errorCheck() != NO_ERROR) { 2228 const status_t err = errorCheck(); 2229 to << "Error: " << (void*)(intptr_t)err << " \"" << strerror(-err) << "\""; 2230 } else if (dataSize() > 0) { 2231 const uint8_t* DATA = data(); 2232 to << indent << HexDump(DATA, dataSize()) << dedent; 2233 const binder_size_t* OBJS = objects(); 2234 const size_t N = objectsCount(); 2235 for (size_t i=0; i<N; i++) { 2236 const flat_binder_object* flat 2237 = reinterpret_cast<const flat_binder_object*>(DATA+OBJS[i]); 2238 to << endl << "Object #" << i << " @ " << (void*)OBJS[i] << ": " 2239 << TypeCode(flat->type & 0x7f7f7f00) 2240 << " = " << flat->binder; 2241 } 2242 } else { 2243 to << "NULL"; 2244 } 2245 2246 to << ")"; 2247} 2248 2249void Parcel::releaseObjects() 2250{ 2251 const sp<ProcessState> proc(ProcessState::self()); 2252 size_t i = mObjectsSize; 2253 uint8_t* const data = mData; 2254 binder_size_t* const objects = mObjects; 2255 while (i > 0) { 2256 i--; 2257 const flat_binder_object* flat 2258 = reinterpret_cast<flat_binder_object*>(data+objects[i]); 2259 release_object(proc, *flat, this, &mOpenAshmemSize); 2260 } 2261} 2262 2263void Parcel::acquireObjects() 2264{ 2265 const sp<ProcessState> proc(ProcessState::self()); 2266 size_t i = mObjectsSize; 2267 uint8_t* const data = mData; 2268 binder_size_t* const objects = mObjects; 2269 while (i > 0) { 2270 i--; 2271 const flat_binder_object* flat 2272 = reinterpret_cast<flat_binder_object*>(data+objects[i]); 2273 acquire_object(proc, *flat, this, &mOpenAshmemSize); 2274 } 2275} 2276 2277void Parcel::freeData() 2278{ 2279 freeDataNoInit(); 2280 initState(); 2281} 2282 2283void Parcel::freeDataNoInit() 2284{ 2285 if (mOwner) { 2286 LOG_ALLOC("Parcel %p: freeing other owner data", this); 2287 //ALOGI("Freeing data ref of %p (pid=%d)", this, getpid()); 2288 mOwner(this, mData, mDataSize, mObjects, mObjectsSize, mOwnerCookie); 2289 } else { 2290 LOG_ALLOC("Parcel %p: freeing allocated data", this); 2291 releaseObjects(); 2292 if (mData) { 2293 LOG_ALLOC("Parcel %p: freeing with %zu capacity", this, mDataCapacity); 2294 pthread_mutex_lock(&gParcelGlobalAllocSizeLock); 2295 if (mDataCapacity <= gParcelGlobalAllocSize) { 2296 gParcelGlobalAllocSize = gParcelGlobalAllocSize - mDataCapacity; 2297 } else { 2298 gParcelGlobalAllocSize = 0; 2299 } 2300 if (gParcelGlobalAllocCount > 0) { 2301 gParcelGlobalAllocCount--; 2302 } 2303 pthread_mutex_unlock(&gParcelGlobalAllocSizeLock); 2304 free(mData); 2305 } 2306 if (mObjects) free(mObjects); 2307 } 2308} 2309 2310status_t Parcel::growData(size_t len) 2311{ 2312 if (len > INT32_MAX) { 2313 // don't accept size_t values which may have come from an 2314 // inadvertent conversion from a negative int. 2315 return BAD_VALUE; 2316 } 2317 2318 size_t newSize = ((mDataSize+len)*3)/2; 2319 return (newSize <= mDataSize) 2320 ? (status_t) NO_MEMORY 2321 : continueWrite(newSize); 2322} 2323 2324status_t Parcel::restartWrite(size_t desired) 2325{ 2326 if (desired > INT32_MAX) { 2327 // don't accept size_t values which may have come from an 2328 // inadvertent conversion from a negative int. 2329 return BAD_VALUE; 2330 } 2331 2332 if (mOwner) { 2333 freeData(); 2334 return continueWrite(desired); 2335 } 2336 2337 uint8_t* data = (uint8_t*)realloc(mData, desired); 2338 if (!data && desired > mDataCapacity) { 2339 mError = NO_MEMORY; 2340 return NO_MEMORY; 2341 } 2342 2343 releaseObjects(); 2344 2345 if (data) { 2346 LOG_ALLOC("Parcel %p: restart from %zu to %zu capacity", this, mDataCapacity, desired); 2347 pthread_mutex_lock(&gParcelGlobalAllocSizeLock); 2348 gParcelGlobalAllocSize += desired; 2349 gParcelGlobalAllocSize -= mDataCapacity; 2350 if (!mData) { 2351 gParcelGlobalAllocCount++; 2352 } 2353 pthread_mutex_unlock(&gParcelGlobalAllocSizeLock); 2354 mData = data; 2355 mDataCapacity = desired; 2356 } 2357 2358 mDataSize = mDataPos = 0; 2359 ALOGV("restartWrite Setting data size of %p to %zu", this, mDataSize); 2360 ALOGV("restartWrite Setting data pos of %p to %zu", this, mDataPos); 2361 2362 free(mObjects); 2363 mObjects = NULL; 2364 mObjectsSize = mObjectsCapacity = 0; 2365 mNextObjectHint = 0; 2366 mHasFds = false; 2367 mFdsKnown = true; 2368 mAllowFds = true; 2369 2370 return NO_ERROR; 2371} 2372 2373status_t Parcel::continueWrite(size_t desired) 2374{ 2375 if (desired > INT32_MAX) { 2376 // don't accept size_t values which may have come from an 2377 // inadvertent conversion from a negative int. 2378 return BAD_VALUE; 2379 } 2380 2381 // If shrinking, first adjust for any objects that appear 2382 // after the new data size. 2383 size_t objectsSize = mObjectsSize; 2384 if (desired < mDataSize) { 2385 if (desired == 0) { 2386 objectsSize = 0; 2387 } else { 2388 while (objectsSize > 0) { 2389 if (mObjects[objectsSize-1] < desired) 2390 break; 2391 objectsSize--; 2392 } 2393 } 2394 } 2395 2396 if (mOwner) { 2397 // If the size is going to zero, just release the owner's data. 2398 if (desired == 0) { 2399 freeData(); 2400 return NO_ERROR; 2401 } 2402 2403 // If there is a different owner, we need to take 2404 // posession. 2405 uint8_t* data = (uint8_t*)malloc(desired); 2406 if (!data) { 2407 mError = NO_MEMORY; 2408 return NO_MEMORY; 2409 } 2410 binder_size_t* objects = NULL; 2411 2412 if (objectsSize) { 2413 objects = (binder_size_t*)calloc(objectsSize, sizeof(binder_size_t)); 2414 if (!objects) { 2415 free(data); 2416 2417 mError = NO_MEMORY; 2418 return NO_MEMORY; 2419 } 2420 2421 // Little hack to only acquire references on objects 2422 // we will be keeping. 2423 size_t oldObjectsSize = mObjectsSize; 2424 mObjectsSize = objectsSize; 2425 acquireObjects(); 2426 mObjectsSize = oldObjectsSize; 2427 } 2428 2429 if (mData) { 2430 memcpy(data, mData, mDataSize < desired ? mDataSize : desired); 2431 } 2432 if (objects && mObjects) { 2433 memcpy(objects, mObjects, objectsSize*sizeof(binder_size_t)); 2434 } 2435 //ALOGI("Freeing data ref of %p (pid=%d)", this, getpid()); 2436 mOwner(this, mData, mDataSize, mObjects, mObjectsSize, mOwnerCookie); 2437 mOwner = NULL; 2438 2439 LOG_ALLOC("Parcel %p: taking ownership of %zu capacity", this, desired); 2440 pthread_mutex_lock(&gParcelGlobalAllocSizeLock); 2441 gParcelGlobalAllocSize += desired; 2442 gParcelGlobalAllocCount++; 2443 pthread_mutex_unlock(&gParcelGlobalAllocSizeLock); 2444 2445 mData = data; 2446 mObjects = objects; 2447 mDataSize = (mDataSize < desired) ? mDataSize : desired; 2448 ALOGV("continueWrite Setting data size of %p to %zu", this, mDataSize); 2449 mDataCapacity = desired; 2450 mObjectsSize = mObjectsCapacity = objectsSize; 2451 mNextObjectHint = 0; 2452 2453 } else if (mData) { 2454 if (objectsSize < mObjectsSize) { 2455 // Need to release refs on any objects we are dropping. 2456 const sp<ProcessState> proc(ProcessState::self()); 2457 for (size_t i=objectsSize; i<mObjectsSize; i++) { 2458 const flat_binder_object* flat 2459 = reinterpret_cast<flat_binder_object*>(mData+mObjects[i]); 2460 if (flat->type == BINDER_TYPE_FD) { 2461 // will need to rescan because we may have lopped off the only FDs 2462 mFdsKnown = false; 2463 } 2464 release_object(proc, *flat, this, &mOpenAshmemSize); 2465 } 2466 binder_size_t* objects = 2467 (binder_size_t*)realloc(mObjects, objectsSize*sizeof(binder_size_t)); 2468 if (objects) { 2469 mObjects = objects; 2470 } 2471 mObjectsSize = objectsSize; 2472 mNextObjectHint = 0; 2473 } 2474 2475 // We own the data, so we can just do a realloc(). 2476 if (desired > mDataCapacity) { 2477 uint8_t* data = (uint8_t*)realloc(mData, desired); 2478 if (data) { 2479 LOG_ALLOC("Parcel %p: continue from %zu to %zu capacity", this, mDataCapacity, 2480 desired); 2481 pthread_mutex_lock(&gParcelGlobalAllocSizeLock); 2482 gParcelGlobalAllocSize += desired; 2483 gParcelGlobalAllocSize -= mDataCapacity; 2484 pthread_mutex_unlock(&gParcelGlobalAllocSizeLock); 2485 mData = data; 2486 mDataCapacity = desired; 2487 } else if (desired > mDataCapacity) { 2488 mError = NO_MEMORY; 2489 return NO_MEMORY; 2490 } 2491 } else { 2492 if (mDataSize > desired) { 2493 mDataSize = desired; 2494 ALOGV("continueWrite Setting data size of %p to %zu", this, mDataSize); 2495 } 2496 if (mDataPos > desired) { 2497 mDataPos = desired; 2498 ALOGV("continueWrite Setting data pos of %p to %zu", this, mDataPos); 2499 } 2500 } 2501 2502 } else { 2503 // This is the first data. Easy! 2504 uint8_t* data = (uint8_t*)malloc(desired); 2505 if (!data) { 2506 mError = NO_MEMORY; 2507 return NO_MEMORY; 2508 } 2509 2510 if(!(mDataCapacity == 0 && mObjects == NULL 2511 && mObjectsCapacity == 0)) { 2512 ALOGE("continueWrite: %zu/%p/%zu/%zu", mDataCapacity, mObjects, mObjectsCapacity, desired); 2513 } 2514 2515 LOG_ALLOC("Parcel %p: allocating with %zu capacity", this, desired); 2516 pthread_mutex_lock(&gParcelGlobalAllocSizeLock); 2517 gParcelGlobalAllocSize += desired; 2518 gParcelGlobalAllocCount++; 2519 pthread_mutex_unlock(&gParcelGlobalAllocSizeLock); 2520 2521 mData = data; 2522 mDataSize = mDataPos = 0; 2523 ALOGV("continueWrite Setting data size of %p to %zu", this, mDataSize); 2524 ALOGV("continueWrite Setting data pos of %p to %zu", this, mDataPos); 2525 mDataCapacity = desired; 2526 } 2527 2528 return NO_ERROR; 2529} 2530 2531void Parcel::initState() 2532{ 2533 LOG_ALLOC("Parcel %p: initState", this); 2534 mError = NO_ERROR; 2535 mData = 0; 2536 mDataSize = 0; 2537 mDataCapacity = 0; 2538 mDataPos = 0; 2539 ALOGV("initState Setting data size of %p to %zu", this, mDataSize); 2540 ALOGV("initState Setting data pos of %p to %zu", this, mDataPos); 2541 mObjects = NULL; 2542 mObjectsSize = 0; 2543 mObjectsCapacity = 0; 2544 mNextObjectHint = 0; 2545 mHasFds = false; 2546 mFdsKnown = true; 2547 mAllowFds = true; 2548 mOwner = NULL; 2549 mOpenAshmemSize = 0; 2550 2551 // racing multiple init leads only to multiple identical write 2552 if (gMaxFds == 0) { 2553 struct rlimit result; 2554 if (!getrlimit(RLIMIT_NOFILE, &result)) { 2555 gMaxFds = (size_t)result.rlim_cur; 2556 //ALOGI("parcel fd limit set to %zu", gMaxFds); 2557 } else { 2558 ALOGW("Unable to getrlimit: %s", strerror(errno)); 2559 gMaxFds = 1024; 2560 } 2561 } 2562} 2563 2564void Parcel::scanForFds() const 2565{ 2566 bool hasFds = false; 2567 for (size_t i=0; i<mObjectsSize; i++) { 2568 const flat_binder_object* flat 2569 = reinterpret_cast<const flat_binder_object*>(mData + mObjects[i]); 2570 if (flat->type == BINDER_TYPE_FD) { 2571 hasFds = true; 2572 break; 2573 } 2574 } 2575 mHasFds = hasFds; 2576 mFdsKnown = true; 2577} 2578 2579size_t Parcel::getBlobAshmemSize() const 2580{ 2581 // This used to return the size of all blobs that were written to ashmem, now we're returning 2582 // the ashmem currently referenced by this Parcel, which should be equivalent. 2583 // TODO: Remove method once ABI can be changed. 2584 return mOpenAshmemSize; 2585} 2586 2587size_t Parcel::getOpenAshmemSize() const 2588{ 2589 return mOpenAshmemSize; 2590} 2591 2592// --- Parcel::Blob --- 2593 2594Parcel::Blob::Blob() : 2595 mFd(-1), mData(NULL), mSize(0), mMutable(false) { 2596} 2597 2598Parcel::Blob::~Blob() { 2599 release(); 2600} 2601 2602void Parcel::Blob::release() { 2603 if (mFd != -1 && mData) { 2604 ::munmap(mData, mSize); 2605 } 2606 clear(); 2607} 2608 2609void Parcel::Blob::init(int fd, void* data, size_t size, bool isMutable) { 2610 mFd = fd; 2611 mData = data; 2612 mSize = size; 2613 mMutable = isMutable; 2614} 2615 2616void Parcel::Blob::clear() { 2617 mFd = -1; 2618 mData = NULL; 2619 mSize = 0; 2620 mMutable = false; 2621} 2622 2623}; // namespace android 2624