Parcel.cpp revision 6c31acd969ffc754e514885fa7f4d0c25403f580
1/* 2 * Copyright (C) 2005 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#define LOG_TAG "Parcel" 18//#define LOG_NDEBUG 0 19 20#include <binder/Parcel.h> 21 22#include <binder/IPCThreadState.h> 23#include <binder/Binder.h> 24#include <binder/BpBinder.h> 25#include <binder/ProcessState.h> 26#include <binder/Status.h> 27#include <binder/TextOutput.h> 28 29#include <errno.h> 30#include <utils/Debug.h> 31#include <utils/Log.h> 32#include <utils/String8.h> 33#include <utils/String16.h> 34#include <utils/misc.h> 35#include <utils/Flattenable.h> 36#include <cutils/ashmem.h> 37 38#include <private/binder/binder_module.h> 39#include <private/binder/Static.h> 40 41#include <inttypes.h> 42#include <stdio.h> 43#include <stdlib.h> 44#include <stdint.h> 45#include <sys/mman.h> 46 47#ifndef INT32_MAX 48#define INT32_MAX ((int32_t)(2147483647)) 49#endif 50 51#define LOG_REFS(...) 52//#define LOG_REFS(...) ALOG(LOG_DEBUG, "Parcel", __VA_ARGS__) 53#define LOG_ALLOC(...) 54//#define LOG_ALLOC(...) ALOG(LOG_DEBUG, "Parcel", __VA_ARGS__) 55 56// --------------------------------------------------------------------------- 57 58// This macro should never be used at runtime, as a too large value 59// of s could cause an integer overflow. Instead, you should always 60// use the wrapper function pad_size() 61#define PAD_SIZE_UNSAFE(s) (((s)+3)&~3) 62 63static size_t pad_size(size_t s) { 64 if (s > (SIZE_T_MAX - 3)) { 65 abort(); 66 } 67 return PAD_SIZE_UNSAFE(s); 68} 69 70// Note: must be kept in sync with android/os/StrictMode.java's PENALTY_GATHER 71#define STRICT_MODE_PENALTY_GATHER (0x40 << 16) 72 73// XXX This can be made public if we want to provide 74// support for typed data. 75struct small_flat_data 76{ 77 uint32_t type; 78 uint32_t data; 79}; 80 81namespace android { 82 83static pthread_mutex_t gParcelGlobalAllocSizeLock = PTHREAD_MUTEX_INITIALIZER; 84static size_t gParcelGlobalAllocSize = 0; 85static size_t gParcelGlobalAllocCount = 0; 86 87// Maximum size of a blob to transfer in-place. 88static const size_t BLOB_INPLACE_LIMIT = 16 * 1024; 89 90enum { 91 BLOB_INPLACE = 0, 92 BLOB_ASHMEM_IMMUTABLE = 1, 93 BLOB_ASHMEM_MUTABLE = 2, 94}; 95 96void acquire_object(const sp<ProcessState>& proc, 97 const flat_binder_object& obj, const void* who, size_t* outAshmemSize) 98{ 99 switch (obj.type) { 100 case BINDER_TYPE_BINDER: 101 if (obj.binder) { 102 LOG_REFS("Parcel %p acquiring reference on local %p", who, obj.cookie); 103 reinterpret_cast<IBinder*>(obj.cookie)->incStrong(who); 104 } 105 return; 106 case BINDER_TYPE_WEAK_BINDER: 107 if (obj.binder) 108 reinterpret_cast<RefBase::weakref_type*>(obj.binder)->incWeak(who); 109 return; 110 case BINDER_TYPE_HANDLE: { 111 const sp<IBinder> b = proc->getStrongProxyForHandle(obj.handle); 112 if (b != NULL) { 113 LOG_REFS("Parcel %p acquiring reference on remote %p", who, b.get()); 114 b->incStrong(who); 115 } 116 return; 117 } 118 case BINDER_TYPE_WEAK_HANDLE: { 119 const wp<IBinder> b = proc->getWeakProxyForHandle(obj.handle); 120 if (b != NULL) b.get_refs()->incWeak(who); 121 return; 122 } 123 case BINDER_TYPE_FD: { 124 if (obj.cookie != 0) { 125 if (outAshmemSize != NULL) { 126 // If we own an ashmem fd, keep track of how much memory it refers to. 127 int size = ashmem_get_size_region(obj.handle); 128 if (size > 0) { 129 *outAshmemSize += size; 130 } 131 } 132 } 133 return; 134 } 135 } 136 137 ALOGD("Invalid object type 0x%08x", obj.type); 138} 139 140void acquire_object(const sp<ProcessState>& proc, 141 const flat_binder_object& obj, const void* who) 142{ 143 acquire_object(proc, obj, who, NULL); 144} 145 146static void release_object(const sp<ProcessState>& proc, 147 const flat_binder_object& obj, const void* who, size_t* outAshmemSize) 148{ 149 switch (obj.type) { 150 case BINDER_TYPE_BINDER: 151 if (obj.binder) { 152 LOG_REFS("Parcel %p releasing reference on local %p", who, obj.cookie); 153 reinterpret_cast<IBinder*>(obj.cookie)->decStrong(who); 154 } 155 return; 156 case BINDER_TYPE_WEAK_BINDER: 157 if (obj.binder) 158 reinterpret_cast<RefBase::weakref_type*>(obj.binder)->decWeak(who); 159 return; 160 case BINDER_TYPE_HANDLE: { 161 const sp<IBinder> b = proc->getStrongProxyForHandle(obj.handle); 162 if (b != NULL) { 163 LOG_REFS("Parcel %p releasing reference on remote %p", who, b.get()); 164 b->decStrong(who); 165 } 166 return; 167 } 168 case BINDER_TYPE_WEAK_HANDLE: { 169 const wp<IBinder> b = proc->getWeakProxyForHandle(obj.handle); 170 if (b != NULL) b.get_refs()->decWeak(who); 171 return; 172 } 173 case BINDER_TYPE_FD: { 174 if (outAshmemSize != NULL) { 175 if (obj.cookie != 0) { 176 int size = ashmem_get_size_region(obj.handle); 177 if (size > 0) { 178 *outAshmemSize -= size; 179 } 180 181 close(obj.handle); 182 } 183 } 184 return; 185 } 186 } 187 188 ALOGE("Invalid object type 0x%08x", obj.type); 189} 190 191void release_object(const sp<ProcessState>& proc, 192 const flat_binder_object& obj, const void* who) 193{ 194 release_object(proc, obj, who, NULL); 195} 196 197inline static status_t finish_flatten_binder( 198 const sp<IBinder>& /*binder*/, const flat_binder_object& flat, Parcel* out) 199{ 200 return out->writeObject(flat, false); 201} 202 203status_t flatten_binder(const sp<ProcessState>& /*proc*/, 204 const sp<IBinder>& binder, Parcel* out) 205{ 206 flat_binder_object obj; 207 208 obj.flags = 0x7f | FLAT_BINDER_FLAG_ACCEPTS_FDS; 209 if (binder != NULL) { 210 IBinder *local = binder->localBinder(); 211 if (!local) { 212 BpBinder *proxy = binder->remoteBinder(); 213 if (proxy == NULL) { 214 ALOGE("null proxy"); 215 } 216 const int32_t handle = proxy ? proxy->handle() : 0; 217 obj.type = BINDER_TYPE_HANDLE; 218 obj.binder = 0; /* Don't pass uninitialized stack data to a remote process */ 219 obj.handle = handle; 220 obj.cookie = 0; 221 } else { 222 obj.type = BINDER_TYPE_BINDER; 223 obj.binder = reinterpret_cast<uintptr_t>(local->getWeakRefs()); 224 obj.cookie = reinterpret_cast<uintptr_t>(local); 225 } 226 } else { 227 obj.type = BINDER_TYPE_BINDER; 228 obj.binder = 0; 229 obj.cookie = 0; 230 } 231 232 return finish_flatten_binder(binder, obj, out); 233} 234 235status_t flatten_binder(const sp<ProcessState>& /*proc*/, 236 const wp<IBinder>& binder, Parcel* out) 237{ 238 flat_binder_object obj; 239 240 obj.flags = 0x7f | FLAT_BINDER_FLAG_ACCEPTS_FDS; 241 if (binder != NULL) { 242 sp<IBinder> real = binder.promote(); 243 if (real != NULL) { 244 IBinder *local = real->localBinder(); 245 if (!local) { 246 BpBinder *proxy = real->remoteBinder(); 247 if (proxy == NULL) { 248 ALOGE("null proxy"); 249 } 250 const int32_t handle = proxy ? proxy->handle() : 0; 251 obj.type = BINDER_TYPE_WEAK_HANDLE; 252 obj.binder = 0; /* Don't pass uninitialized stack data to a remote process */ 253 obj.handle = handle; 254 obj.cookie = 0; 255 } else { 256 obj.type = BINDER_TYPE_WEAK_BINDER; 257 obj.binder = reinterpret_cast<uintptr_t>(binder.get_refs()); 258 obj.cookie = reinterpret_cast<uintptr_t>(binder.unsafe_get()); 259 } 260 return finish_flatten_binder(real, obj, out); 261 } 262 263 // XXX How to deal? In order to flatten the given binder, 264 // we need to probe it for information, which requires a primary 265 // reference... but we don't have one. 266 // 267 // The OpenBinder implementation uses a dynamic_cast<> here, 268 // but we can't do that with the different reference counting 269 // implementation we are using. 270 ALOGE("Unable to unflatten Binder weak reference!"); 271 obj.type = BINDER_TYPE_BINDER; 272 obj.binder = 0; 273 obj.cookie = 0; 274 return finish_flatten_binder(NULL, obj, out); 275 276 } else { 277 obj.type = BINDER_TYPE_BINDER; 278 obj.binder = 0; 279 obj.cookie = 0; 280 return finish_flatten_binder(NULL, obj, out); 281 } 282} 283 284inline static status_t finish_unflatten_binder( 285 BpBinder* /*proxy*/, const flat_binder_object& /*flat*/, 286 const Parcel& /*in*/) 287{ 288 return NO_ERROR; 289} 290 291status_t unflatten_binder(const sp<ProcessState>& proc, 292 const Parcel& in, sp<IBinder>* out) 293{ 294 const flat_binder_object* flat = in.readObject(false); 295 296 if (flat) { 297 switch (flat->type) { 298 case BINDER_TYPE_BINDER: 299 *out = reinterpret_cast<IBinder*>(flat->cookie); 300 return finish_unflatten_binder(NULL, *flat, in); 301 case BINDER_TYPE_HANDLE: 302 *out = proc->getStrongProxyForHandle(flat->handle); 303 return finish_unflatten_binder( 304 static_cast<BpBinder*>(out->get()), *flat, in); 305 } 306 } 307 return BAD_TYPE; 308} 309 310status_t unflatten_binder(const sp<ProcessState>& proc, 311 const Parcel& in, wp<IBinder>* out) 312{ 313 const flat_binder_object* flat = in.readObject(false); 314 315 if (flat) { 316 switch (flat->type) { 317 case BINDER_TYPE_BINDER: 318 *out = reinterpret_cast<IBinder*>(flat->cookie); 319 return finish_unflatten_binder(NULL, *flat, in); 320 case BINDER_TYPE_WEAK_BINDER: 321 if (flat->binder != 0) { 322 out->set_object_and_refs( 323 reinterpret_cast<IBinder*>(flat->cookie), 324 reinterpret_cast<RefBase::weakref_type*>(flat->binder)); 325 } else { 326 *out = NULL; 327 } 328 return finish_unflatten_binder(NULL, *flat, in); 329 case BINDER_TYPE_HANDLE: 330 case BINDER_TYPE_WEAK_HANDLE: 331 *out = proc->getWeakProxyForHandle(flat->handle); 332 return finish_unflatten_binder( 333 static_cast<BpBinder*>(out->unsafe_get()), *flat, in); 334 } 335 } 336 return BAD_TYPE; 337} 338 339// --------------------------------------------------------------------------- 340 341Parcel::Parcel() 342{ 343 LOG_ALLOC("Parcel %p: constructing", this); 344 initState(); 345} 346 347Parcel::~Parcel() 348{ 349 freeDataNoInit(); 350 LOG_ALLOC("Parcel %p: destroyed", this); 351} 352 353size_t Parcel::getGlobalAllocSize() { 354 pthread_mutex_lock(&gParcelGlobalAllocSizeLock); 355 size_t size = gParcelGlobalAllocSize; 356 pthread_mutex_unlock(&gParcelGlobalAllocSizeLock); 357 return size; 358} 359 360size_t Parcel::getGlobalAllocCount() { 361 pthread_mutex_lock(&gParcelGlobalAllocSizeLock); 362 size_t count = gParcelGlobalAllocCount; 363 pthread_mutex_unlock(&gParcelGlobalAllocSizeLock); 364 return count; 365} 366 367const uint8_t* Parcel::data() const 368{ 369 return mData; 370} 371 372size_t Parcel::dataSize() const 373{ 374 return (mDataSize > mDataPos ? mDataSize : mDataPos); 375} 376 377size_t Parcel::dataAvail() const 378{ 379 // TODO: decide what to do about the possibility that this can 380 // report an available-data size that exceeds a Java int's max 381 // positive value, causing havoc. Fortunately this will only 382 // happen if someone constructs a Parcel containing more than two 383 // gigabytes of data, which on typical phone hardware is simply 384 // not possible. 385 return dataSize() - dataPosition(); 386} 387 388size_t Parcel::dataPosition() const 389{ 390 return mDataPos; 391} 392 393size_t Parcel::dataCapacity() const 394{ 395 return mDataCapacity; 396} 397 398status_t Parcel::setDataSize(size_t size) 399{ 400 if (size > INT32_MAX) { 401 // don't accept size_t values which may have come from an 402 // inadvertent conversion from a negative int. 403 return BAD_VALUE; 404 } 405 406 status_t err; 407 err = continueWrite(size); 408 if (err == NO_ERROR) { 409 mDataSize = size; 410 ALOGV("setDataSize Setting data size of %p to %zu", this, mDataSize); 411 } 412 return err; 413} 414 415void Parcel::setDataPosition(size_t pos) const 416{ 417 if (pos > INT32_MAX) { 418 // don't accept size_t values which may have come from an 419 // inadvertent conversion from a negative int. 420 abort(); 421 } 422 423 mDataPos = pos; 424 mNextObjectHint = 0; 425} 426 427status_t Parcel::setDataCapacity(size_t size) 428{ 429 if (size > INT32_MAX) { 430 // don't accept size_t values which may have come from an 431 // inadvertent conversion from a negative int. 432 return BAD_VALUE; 433 } 434 435 if (size > mDataCapacity) return continueWrite(size); 436 return NO_ERROR; 437} 438 439status_t Parcel::setData(const uint8_t* buffer, size_t len) 440{ 441 if (len > INT32_MAX) { 442 // don't accept size_t values which may have come from an 443 // inadvertent conversion from a negative int. 444 return BAD_VALUE; 445 } 446 447 status_t err = restartWrite(len); 448 if (err == NO_ERROR) { 449 memcpy(const_cast<uint8_t*>(data()), buffer, len); 450 mDataSize = len; 451 mFdsKnown = false; 452 } 453 return err; 454} 455 456status_t Parcel::appendFrom(const Parcel *parcel, size_t offset, size_t len) 457{ 458 const sp<ProcessState> proc(ProcessState::self()); 459 status_t err; 460 const uint8_t *data = parcel->mData; 461 const binder_size_t *objects = parcel->mObjects; 462 size_t size = parcel->mObjectsSize; 463 int startPos = mDataPos; 464 int firstIndex = -1, lastIndex = -2; 465 466 if (len == 0) { 467 return NO_ERROR; 468 } 469 470 if (len > INT32_MAX) { 471 // don't accept size_t values which may have come from an 472 // inadvertent conversion from a negative int. 473 return BAD_VALUE; 474 } 475 476 // range checks against the source parcel size 477 if ((offset > parcel->mDataSize) 478 || (len > parcel->mDataSize) 479 || (offset + len > parcel->mDataSize)) { 480 return BAD_VALUE; 481 } 482 483 // Count objects in range 484 for (int i = 0; i < (int) size; i++) { 485 size_t off = objects[i]; 486 if ((off >= offset) && (off + sizeof(flat_binder_object) <= offset + len)) { 487 if (firstIndex == -1) { 488 firstIndex = i; 489 } 490 lastIndex = i; 491 } 492 } 493 int numObjects = lastIndex - firstIndex + 1; 494 495 if ((mDataSize+len) > mDataCapacity) { 496 // grow data 497 err = growData(len); 498 if (err != NO_ERROR) { 499 return err; 500 } 501 } 502 503 // append data 504 memcpy(mData + mDataPos, data + offset, len); 505 mDataPos += len; 506 mDataSize += len; 507 508 err = NO_ERROR; 509 510 if (numObjects > 0) { 511 // grow objects 512 if (mObjectsCapacity < mObjectsSize + numObjects) { 513 size_t newSize = ((mObjectsSize + numObjects)*3)/2; 514 if (newSize < mObjectsSize) return NO_MEMORY; // overflow 515 binder_size_t *objects = 516 (binder_size_t*)realloc(mObjects, newSize*sizeof(binder_size_t)); 517 if (objects == (binder_size_t*)0) { 518 return NO_MEMORY; 519 } 520 mObjects = objects; 521 mObjectsCapacity = newSize; 522 } 523 524 // append and acquire objects 525 int idx = mObjectsSize; 526 for (int i = firstIndex; i <= lastIndex; i++) { 527 size_t off = objects[i] - offset + startPos; 528 mObjects[idx++] = off; 529 mObjectsSize++; 530 531 flat_binder_object* flat 532 = reinterpret_cast<flat_binder_object*>(mData + off); 533 acquire_object(proc, *flat, this, &mOpenAshmemSize); 534 535 if (flat->type == BINDER_TYPE_FD) { 536 // If this is a file descriptor, we need to dup it so the 537 // new Parcel now owns its own fd, and can declare that we 538 // officially know we have fds. 539 flat->handle = dup(flat->handle); 540 flat->cookie = 1; 541 mHasFds = mFdsKnown = true; 542 if (!mAllowFds) { 543 err = FDS_NOT_ALLOWED; 544 } 545 } 546 } 547 } 548 549 return err; 550} 551 552bool Parcel::allowFds() const 553{ 554 return mAllowFds; 555} 556 557bool Parcel::pushAllowFds(bool allowFds) 558{ 559 const bool origValue = mAllowFds; 560 if (!allowFds) { 561 mAllowFds = false; 562 } 563 return origValue; 564} 565 566void Parcel::restoreAllowFds(bool lastValue) 567{ 568 mAllowFds = lastValue; 569} 570 571bool Parcel::hasFileDescriptors() const 572{ 573 if (!mFdsKnown) { 574 scanForFds(); 575 } 576 return mHasFds; 577} 578 579// Write RPC headers. (previously just the interface token) 580status_t Parcel::writeInterfaceToken(const String16& interface) 581{ 582 writeInt32(IPCThreadState::self()->getStrictModePolicy() | 583 STRICT_MODE_PENALTY_GATHER); 584 // currently the interface identification token is just its name as a string 585 return writeString16(interface); 586} 587 588bool Parcel::checkInterface(IBinder* binder) const 589{ 590 return enforceInterface(binder->getInterfaceDescriptor()); 591} 592 593bool Parcel::enforceInterface(const String16& interface, 594 IPCThreadState* threadState) const 595{ 596 int32_t strictPolicy = readInt32(); 597 if (threadState == NULL) { 598 threadState = IPCThreadState::self(); 599 } 600 if ((threadState->getLastTransactionBinderFlags() & 601 IBinder::FLAG_ONEWAY) != 0) { 602 // For one-way calls, the callee is running entirely 603 // disconnected from the caller, so disable StrictMode entirely. 604 // Not only does disk/network usage not impact the caller, but 605 // there's no way to commuicate back any violations anyway. 606 threadState->setStrictModePolicy(0); 607 } else { 608 threadState->setStrictModePolicy(strictPolicy); 609 } 610 const String16 str(readString16()); 611 if (str == interface) { 612 return true; 613 } else { 614 ALOGW("**** enforceInterface() expected '%s' but read '%s'", 615 String8(interface).string(), String8(str).string()); 616 return false; 617 } 618} 619 620const binder_size_t* Parcel::objects() const 621{ 622 return mObjects; 623} 624 625size_t Parcel::objectsCount() const 626{ 627 return mObjectsSize; 628} 629 630status_t Parcel::errorCheck() const 631{ 632 return mError; 633} 634 635void Parcel::setError(status_t err) 636{ 637 mError = err; 638} 639 640status_t Parcel::finishWrite(size_t len) 641{ 642 if (len > INT32_MAX) { 643 // don't accept size_t values which may have come from an 644 // inadvertent conversion from a negative int. 645 return BAD_VALUE; 646 } 647 648 //printf("Finish write of %d\n", len); 649 mDataPos += len; 650 ALOGV("finishWrite Setting data pos of %p to %zu", this, mDataPos); 651 if (mDataPos > mDataSize) { 652 mDataSize = mDataPos; 653 ALOGV("finishWrite Setting data size of %p to %zu", this, mDataSize); 654 } 655 //printf("New pos=%d, size=%d\n", mDataPos, mDataSize); 656 return NO_ERROR; 657} 658 659status_t Parcel::writeUnpadded(const void* data, size_t len) 660{ 661 if (len > INT32_MAX) { 662 // don't accept size_t values which may have come from an 663 // inadvertent conversion from a negative int. 664 return BAD_VALUE; 665 } 666 667 size_t end = mDataPos + len; 668 if (end < mDataPos) { 669 // integer overflow 670 return BAD_VALUE; 671 } 672 673 if (end <= mDataCapacity) { 674restart_write: 675 memcpy(mData+mDataPos, data, len); 676 return finishWrite(len); 677 } 678 679 status_t err = growData(len); 680 if (err == NO_ERROR) goto restart_write; 681 return err; 682} 683 684status_t Parcel::write(const void* data, size_t len) 685{ 686 if (len > INT32_MAX) { 687 // don't accept size_t values which may have come from an 688 // inadvertent conversion from a negative int. 689 return BAD_VALUE; 690 } 691 692 void* const d = writeInplace(len); 693 if (d) { 694 memcpy(d, data, len); 695 return NO_ERROR; 696 } 697 return mError; 698} 699 700void* Parcel::writeInplace(size_t len) 701{ 702 if (len > INT32_MAX) { 703 // don't accept size_t values which may have come from an 704 // inadvertent conversion from a negative int. 705 return NULL; 706 } 707 708 const size_t padded = pad_size(len); 709 710 // sanity check for integer overflow 711 if (mDataPos+padded < mDataPos) { 712 return NULL; 713 } 714 715 if ((mDataPos+padded) <= mDataCapacity) { 716restart_write: 717 //printf("Writing %ld bytes, padded to %ld\n", len, padded); 718 uint8_t* const data = mData+mDataPos; 719 720 // Need to pad at end? 721 if (padded != len) { 722#if BYTE_ORDER == BIG_ENDIAN 723 static const uint32_t mask[4] = { 724 0x00000000, 0xffffff00, 0xffff0000, 0xff000000 725 }; 726#endif 727#if BYTE_ORDER == LITTLE_ENDIAN 728 static const uint32_t mask[4] = { 729 0x00000000, 0x00ffffff, 0x0000ffff, 0x000000ff 730 }; 731#endif 732 //printf("Applying pad mask: %p to %p\n", (void*)mask[padded-len], 733 // *reinterpret_cast<void**>(data+padded-4)); 734 *reinterpret_cast<uint32_t*>(data+padded-4) &= mask[padded-len]; 735 } 736 737 finishWrite(padded); 738 return data; 739 } 740 741 status_t err = growData(padded); 742 if (err == NO_ERROR) goto restart_write; 743 return NULL; 744} 745 746status_t Parcel::writeByteVector(const std::vector<int8_t>& val) 747{ 748 status_t status; 749 if (val.size() > std::numeric_limits<int32_t>::max()) { 750 status = BAD_VALUE; 751 return status; 752 } 753 754 status = writeInt32(val.size()); 755 if (status != OK) { 756 return status; 757 } 758 759 void* data = writeInplace(val.size()); 760 if (!data) { 761 status = BAD_VALUE; 762 return status; 763 } 764 765 memcpy(data, val.data(), val.size()); 766 return status; 767} 768 769status_t Parcel::writeInt32Vector(const std::vector<int32_t>& val) 770{ 771 return writeTypedVector(val, &Parcel::writeInt32); 772} 773 774status_t Parcel::writeInt64Vector(const std::vector<int64_t>& val) 775{ 776 return writeTypedVector(val, &Parcel::writeInt64); 777} 778 779status_t Parcel::writeFloatVector(const std::vector<float>& val) 780{ 781 return writeTypedVector(val, &Parcel::writeFloat); 782} 783 784status_t Parcel::writeDoubleVector(const std::vector<double>& val) 785{ 786 return writeTypedVector(val, &Parcel::writeDouble); 787} 788 789status_t Parcel::writeBoolVector(const std::vector<bool>& val) 790{ 791 return writeTypedVector(val, &Parcel::writeBool); 792} 793 794status_t Parcel::writeCharVector(const std::vector<char16_t>& val) 795{ 796 return writeTypedVector(val, &Parcel::writeChar); 797} 798 799status_t Parcel::writeString16Vector(const std::vector<String16>& val) 800{ 801 return writeTypedVector(val, &Parcel::writeString16); 802} 803 804status_t Parcel::writeInt32(int32_t val) 805{ 806 return writeAligned(val); 807} 808 809status_t Parcel::writeUint32(uint32_t val) 810{ 811 return writeAligned(val); 812} 813 814status_t Parcel::writeInt32Array(size_t len, const int32_t *val) { 815 if (len > INT32_MAX) { 816 // don't accept size_t values which may have come from an 817 // inadvertent conversion from a negative int. 818 return BAD_VALUE; 819 } 820 821 if (!val) { 822 return writeInt32(-1); 823 } 824 status_t ret = writeInt32(static_cast<uint32_t>(len)); 825 if (ret == NO_ERROR) { 826 ret = write(val, len * sizeof(*val)); 827 } 828 return ret; 829} 830status_t Parcel::writeByteArray(size_t len, const uint8_t *val) { 831 if (len > INT32_MAX) { 832 // don't accept size_t values which may have come from an 833 // inadvertent conversion from a negative int. 834 return BAD_VALUE; 835 } 836 837 if (!val) { 838 return writeInt32(-1); 839 } 840 status_t ret = writeInt32(static_cast<uint32_t>(len)); 841 if (ret == NO_ERROR) { 842 ret = write(val, len * sizeof(*val)); 843 } 844 return ret; 845} 846 847status_t Parcel::writeBool(bool val) 848{ 849 return writeInt32(int32_t(val)); 850} 851 852status_t Parcel::writeChar(char16_t val) 853{ 854 return writeInt32(int32_t(val)); 855} 856 857status_t Parcel::writeByte(int8_t val) 858{ 859 return writeInt32(int32_t(val)); 860} 861 862status_t Parcel::writeInt64(int64_t val) 863{ 864 return writeAligned(val); 865} 866 867status_t Parcel::writeUint64(uint64_t val) 868{ 869 return writeAligned(val); 870} 871 872status_t Parcel::writePointer(uintptr_t val) 873{ 874 return writeAligned<binder_uintptr_t>(val); 875} 876 877status_t Parcel::writeFloat(float val) 878{ 879 return writeAligned(val); 880} 881 882#if defined(__mips__) && defined(__mips_hard_float) 883 884status_t Parcel::writeDouble(double val) 885{ 886 union { 887 double d; 888 unsigned long long ll; 889 } u; 890 u.d = val; 891 return writeAligned(u.ll); 892} 893 894#else 895 896status_t Parcel::writeDouble(double val) 897{ 898 return writeAligned(val); 899} 900 901#endif 902 903status_t Parcel::writeCString(const char* str) 904{ 905 return write(str, strlen(str)+1); 906} 907 908status_t Parcel::writeString8(const String8& str) 909{ 910 status_t err = writeInt32(str.bytes()); 911 // only write string if its length is more than zero characters, 912 // as readString8 will only read if the length field is non-zero. 913 // this is slightly different from how writeString16 works. 914 if (str.bytes() > 0 && err == NO_ERROR) { 915 err = write(str.string(), str.bytes()+1); 916 } 917 return err; 918} 919 920status_t Parcel::writeString16(const String16& str) 921{ 922 return writeString16(str.string(), str.size()); 923} 924 925status_t Parcel::writeString16(const char16_t* str, size_t len) 926{ 927 if (str == NULL) return writeInt32(-1); 928 929 status_t err = writeInt32(len); 930 if (err == NO_ERROR) { 931 len *= sizeof(char16_t); 932 uint8_t* data = (uint8_t*)writeInplace(len+sizeof(char16_t)); 933 if (data) { 934 memcpy(data, str, len); 935 *reinterpret_cast<char16_t*>(data+len) = 0; 936 return NO_ERROR; 937 } 938 err = mError; 939 } 940 return err; 941} 942 943status_t Parcel::writeStrongBinder(const sp<IBinder>& val) 944{ 945 return flatten_binder(ProcessState::self(), val, this); 946} 947 948status_t Parcel::writeStrongBinderVector(const std::vector<sp<IBinder>>& val) 949{ 950 return writeTypedVector(val, &Parcel::writeStrongBinder); 951} 952 953status_t Parcel::readStrongBinderVector(std::vector<sp<IBinder>>* val) const { 954 return readTypedVector(val, &Parcel::readStrongBinder); 955} 956 957status_t Parcel::writeWeakBinder(const wp<IBinder>& val) 958{ 959 return flatten_binder(ProcessState::self(), val, this); 960} 961 962status_t Parcel::writeParcelable(const Parcelable& parcelable) { 963 status_t status = writeInt32(1); // parcelable is not null. 964 if (status != OK) { 965 return status; 966 } 967 return parcelable.writeToParcel(this); 968} 969 970status_t Parcel::writeNativeHandle(const native_handle* handle) 971{ 972 if (!handle || handle->version != sizeof(native_handle)) 973 return BAD_TYPE; 974 975 status_t err; 976 err = writeInt32(handle->numFds); 977 if (err != NO_ERROR) return err; 978 979 err = writeInt32(handle->numInts); 980 if (err != NO_ERROR) return err; 981 982 for (int i=0 ; err==NO_ERROR && i<handle->numFds ; i++) 983 err = writeDupFileDescriptor(handle->data[i]); 984 985 if (err != NO_ERROR) { 986 ALOGD("write native handle, write dup fd failed"); 987 return err; 988 } 989 err = write(handle->data + handle->numFds, sizeof(int)*handle->numInts); 990 return err; 991} 992 993status_t Parcel::writeFileDescriptor(int fd, bool takeOwnership) 994{ 995 flat_binder_object obj; 996 obj.type = BINDER_TYPE_FD; 997 obj.flags = 0x7f | FLAT_BINDER_FLAG_ACCEPTS_FDS; 998 obj.binder = 0; /* Don't pass uninitialized stack data to a remote process */ 999 obj.handle = fd; 1000 obj.cookie = takeOwnership ? 1 : 0; 1001 return writeObject(obj, true); 1002} 1003 1004status_t Parcel::writeDupFileDescriptor(int fd) 1005{ 1006 int dupFd = dup(fd); 1007 if (dupFd < 0) { 1008 return -errno; 1009 } 1010 status_t err = writeFileDescriptor(dupFd, true /*takeOwnership*/); 1011 if (err) { 1012 close(dupFd); 1013 } 1014 return err; 1015} 1016 1017status_t Parcel::writeBlob(size_t len, bool mutableCopy, WritableBlob* outBlob) 1018{ 1019 if (len > INT32_MAX) { 1020 // don't accept size_t values which may have come from an 1021 // inadvertent conversion from a negative int. 1022 return BAD_VALUE; 1023 } 1024 1025 status_t status; 1026 if (!mAllowFds || len <= BLOB_INPLACE_LIMIT) { 1027 ALOGV("writeBlob: write in place"); 1028 status = writeInt32(BLOB_INPLACE); 1029 if (status) return status; 1030 1031 void* ptr = writeInplace(len); 1032 if (!ptr) return NO_MEMORY; 1033 1034 outBlob->init(-1, ptr, len, false); 1035 return NO_ERROR; 1036 } 1037 1038 ALOGV("writeBlob: write to ashmem"); 1039 int fd = ashmem_create_region("Parcel Blob", len); 1040 if (fd < 0) return NO_MEMORY; 1041 1042 int result = ashmem_set_prot_region(fd, PROT_READ | PROT_WRITE); 1043 if (result < 0) { 1044 status = result; 1045 } else { 1046 void* ptr = ::mmap(NULL, len, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); 1047 if (ptr == MAP_FAILED) { 1048 status = -errno; 1049 } else { 1050 if (!mutableCopy) { 1051 result = ashmem_set_prot_region(fd, PROT_READ); 1052 } 1053 if (result < 0) { 1054 status = result; 1055 } else { 1056 status = writeInt32(mutableCopy ? BLOB_ASHMEM_MUTABLE : BLOB_ASHMEM_IMMUTABLE); 1057 if (!status) { 1058 status = writeFileDescriptor(fd, true /*takeOwnership*/); 1059 if (!status) { 1060 outBlob->init(fd, ptr, len, mutableCopy); 1061 return NO_ERROR; 1062 } 1063 } 1064 } 1065 } 1066 ::munmap(ptr, len); 1067 } 1068 ::close(fd); 1069 return status; 1070} 1071 1072status_t Parcel::writeDupImmutableBlobFileDescriptor(int fd) 1073{ 1074 // Must match up with what's done in writeBlob. 1075 if (!mAllowFds) return FDS_NOT_ALLOWED; 1076 status_t status = writeInt32(BLOB_ASHMEM_IMMUTABLE); 1077 if (status) return status; 1078 return writeDupFileDescriptor(fd); 1079} 1080 1081status_t Parcel::write(const FlattenableHelperInterface& val) 1082{ 1083 status_t err; 1084 1085 // size if needed 1086 const size_t len = val.getFlattenedSize(); 1087 const size_t fd_count = val.getFdCount(); 1088 1089 if ((len > INT32_MAX) || (fd_count > INT32_MAX)) { 1090 // don't accept size_t values which may have come from an 1091 // inadvertent conversion from a negative int. 1092 return BAD_VALUE; 1093 } 1094 1095 err = this->writeInt32(len); 1096 if (err) return err; 1097 1098 err = this->writeInt32(fd_count); 1099 if (err) return err; 1100 1101 // payload 1102 void* const buf = this->writeInplace(pad_size(len)); 1103 if (buf == NULL) 1104 return BAD_VALUE; 1105 1106 int* fds = NULL; 1107 if (fd_count) { 1108 fds = new int[fd_count]; 1109 } 1110 1111 err = val.flatten(buf, len, fds, fd_count); 1112 for (size_t i=0 ; i<fd_count && err==NO_ERROR ; i++) { 1113 err = this->writeDupFileDescriptor( fds[i] ); 1114 } 1115 1116 if (fd_count) { 1117 delete [] fds; 1118 } 1119 1120 return err; 1121} 1122 1123status_t Parcel::writeObject(const flat_binder_object& val, bool nullMetaData) 1124{ 1125 const bool enoughData = (mDataPos+sizeof(val)) <= mDataCapacity; 1126 const bool enoughObjects = mObjectsSize < mObjectsCapacity; 1127 if (enoughData && enoughObjects) { 1128restart_write: 1129 *reinterpret_cast<flat_binder_object*>(mData+mDataPos) = val; 1130 1131 // remember if it's a file descriptor 1132 if (val.type == BINDER_TYPE_FD) { 1133 if (!mAllowFds) { 1134 // fail before modifying our object index 1135 return FDS_NOT_ALLOWED; 1136 } 1137 mHasFds = mFdsKnown = true; 1138 } 1139 1140 // Need to write meta-data? 1141 if (nullMetaData || val.binder != 0) { 1142 mObjects[mObjectsSize] = mDataPos; 1143 acquire_object(ProcessState::self(), val, this, &mOpenAshmemSize); 1144 mObjectsSize++; 1145 } 1146 1147 return finishWrite(sizeof(flat_binder_object)); 1148 } 1149 1150 if (!enoughData) { 1151 const status_t err = growData(sizeof(val)); 1152 if (err != NO_ERROR) return err; 1153 } 1154 if (!enoughObjects) { 1155 size_t newSize = ((mObjectsSize+2)*3)/2; 1156 if (newSize < mObjectsSize) return NO_MEMORY; // overflow 1157 binder_size_t* objects = (binder_size_t*)realloc(mObjects, newSize*sizeof(binder_size_t)); 1158 if (objects == NULL) return NO_MEMORY; 1159 mObjects = objects; 1160 mObjectsCapacity = newSize; 1161 } 1162 1163 goto restart_write; 1164} 1165 1166status_t Parcel::writeNoException() 1167{ 1168 binder::Status status; 1169 return status.writeToParcel(this); 1170} 1171 1172void Parcel::remove(size_t /*start*/, size_t /*amt*/) 1173{ 1174 LOG_ALWAYS_FATAL("Parcel::remove() not yet implemented!"); 1175} 1176 1177status_t Parcel::read(void* outData, size_t len) const 1178{ 1179 if (len > INT32_MAX) { 1180 // don't accept size_t values which may have come from an 1181 // inadvertent conversion from a negative int. 1182 return BAD_VALUE; 1183 } 1184 1185 if ((mDataPos+pad_size(len)) >= mDataPos && (mDataPos+pad_size(len)) <= mDataSize 1186 && len <= pad_size(len)) { 1187 memcpy(outData, mData+mDataPos, len); 1188 mDataPos += pad_size(len); 1189 ALOGV("read Setting data pos of %p to %zu", this, mDataPos); 1190 return NO_ERROR; 1191 } 1192 return NOT_ENOUGH_DATA; 1193} 1194 1195const void* Parcel::readInplace(size_t len) const 1196{ 1197 if (len > INT32_MAX) { 1198 // don't accept size_t values which may have come from an 1199 // inadvertent conversion from a negative int. 1200 return NULL; 1201 } 1202 1203 if ((mDataPos+pad_size(len)) >= mDataPos && (mDataPos+pad_size(len)) <= mDataSize 1204 && len <= pad_size(len)) { 1205 const void* data = mData+mDataPos; 1206 mDataPos += pad_size(len); 1207 ALOGV("readInplace Setting data pos of %p to %zu", this, mDataPos); 1208 return data; 1209 } 1210 return NULL; 1211} 1212 1213template<class T> 1214status_t Parcel::readAligned(T *pArg) const { 1215 COMPILE_TIME_ASSERT_FUNCTION_SCOPE(PAD_SIZE_UNSAFE(sizeof(T)) == sizeof(T)); 1216 1217 if ((mDataPos+sizeof(T)) <= mDataSize) { 1218 const void* data = mData+mDataPos; 1219 mDataPos += sizeof(T); 1220 *pArg = *reinterpret_cast<const T*>(data); 1221 return NO_ERROR; 1222 } else { 1223 return NOT_ENOUGH_DATA; 1224 } 1225} 1226 1227template<class T> 1228T Parcel::readAligned() const { 1229 T result; 1230 if (readAligned(&result) != NO_ERROR) { 1231 result = 0; 1232 } 1233 1234 return result; 1235} 1236 1237template<class T> 1238status_t Parcel::writeAligned(T val) { 1239 COMPILE_TIME_ASSERT_FUNCTION_SCOPE(PAD_SIZE_UNSAFE(sizeof(T)) == sizeof(T)); 1240 1241 if ((mDataPos+sizeof(val)) <= mDataCapacity) { 1242restart_write: 1243 *reinterpret_cast<T*>(mData+mDataPos) = val; 1244 return finishWrite(sizeof(val)); 1245 } 1246 1247 status_t err = growData(sizeof(val)); 1248 if (err == NO_ERROR) goto restart_write; 1249 return err; 1250} 1251 1252status_t Parcel::readByteVector(std::vector<int8_t>* val) const { 1253 val->clear(); 1254 1255 int32_t size; 1256 status_t status = readInt32(&size); 1257 1258 if (status != OK) { 1259 return status; 1260 } 1261 1262 if (size < 0) { 1263 status = UNEXPECTED_NULL; 1264 return status; 1265 } 1266 if (size_t(size) > dataAvail()) { 1267 status = BAD_VALUE; 1268 return status; 1269 } 1270 1271 const void* data = readInplace(size); 1272 if (!data) { 1273 status = BAD_VALUE; 1274 return status; 1275 } 1276 val->resize(size); 1277 memcpy(val->data(), data, size); 1278 1279 return status; 1280} 1281 1282status_t Parcel::readInt32Vector(std::vector<int32_t>* val) const { 1283 return readTypedVector(val, &Parcel::readInt32); 1284} 1285 1286status_t Parcel::readInt64Vector(std::vector<int64_t>* val) const { 1287 return readTypedVector(val, &Parcel::readInt64); 1288} 1289 1290status_t Parcel::readFloatVector(std::vector<float>* val) const { 1291 return readTypedVector(val, &Parcel::readFloat); 1292} 1293 1294status_t Parcel::readDoubleVector(std::vector<double>* val) const { 1295 return readTypedVector(val, &Parcel::readDouble); 1296} 1297 1298status_t Parcel::readBoolVector(std::vector<bool>* val) const { 1299 val->clear(); 1300 1301 int32_t size; 1302 status_t status = readInt32(&size); 1303 1304 if (status != OK) { 1305 return status; 1306 } 1307 1308 if (size < 0) { 1309 return UNEXPECTED_NULL; 1310 } 1311 1312 val->resize(size); 1313 1314 /* C++ bool handling means a vector of bools isn't necessarily addressable 1315 * (we might use individual bits) 1316 */ 1317 bool data; 1318 for (int32_t i = 0; i < size; ++i) { 1319 status = readBool(&data); 1320 (*val)[i] = data; 1321 1322 if (status != OK) { 1323 return status; 1324 } 1325 } 1326 1327 return OK; 1328} 1329 1330status_t Parcel::readCharVector(std::vector<char16_t>* val) const { 1331 return readTypedVector(val, &Parcel::readChar); 1332} 1333 1334status_t Parcel::readString16Vector(std::vector<String16>* val) const { 1335 return readTypedVector(val, &Parcel::readString16); 1336} 1337 1338 1339status_t Parcel::readInt32(int32_t *pArg) const 1340{ 1341 return readAligned(pArg); 1342} 1343 1344int32_t Parcel::readInt32() const 1345{ 1346 return readAligned<int32_t>(); 1347} 1348 1349status_t Parcel::readUint32(uint32_t *pArg) const 1350{ 1351 return readAligned(pArg); 1352} 1353 1354uint32_t Parcel::readUint32() const 1355{ 1356 return readAligned<uint32_t>(); 1357} 1358 1359status_t Parcel::readInt64(int64_t *pArg) const 1360{ 1361 return readAligned(pArg); 1362} 1363 1364 1365int64_t Parcel::readInt64() const 1366{ 1367 return readAligned<int64_t>(); 1368} 1369 1370status_t Parcel::readUint64(uint64_t *pArg) const 1371{ 1372 return readAligned(pArg); 1373} 1374 1375uint64_t Parcel::readUint64() const 1376{ 1377 return readAligned<uint64_t>(); 1378} 1379 1380status_t Parcel::readPointer(uintptr_t *pArg) const 1381{ 1382 status_t ret; 1383 binder_uintptr_t ptr; 1384 ret = readAligned(&ptr); 1385 if (!ret) 1386 *pArg = ptr; 1387 return ret; 1388} 1389 1390uintptr_t Parcel::readPointer() const 1391{ 1392 return readAligned<binder_uintptr_t>(); 1393} 1394 1395 1396status_t Parcel::readFloat(float *pArg) const 1397{ 1398 return readAligned(pArg); 1399} 1400 1401 1402float Parcel::readFloat() const 1403{ 1404 return readAligned<float>(); 1405} 1406 1407#if defined(__mips__) && defined(__mips_hard_float) 1408 1409status_t Parcel::readDouble(double *pArg) const 1410{ 1411 union { 1412 double d; 1413 unsigned long long ll; 1414 } u; 1415 u.d = 0; 1416 status_t status; 1417 status = readAligned(&u.ll); 1418 *pArg = u.d; 1419 return status; 1420} 1421 1422double Parcel::readDouble() const 1423{ 1424 union { 1425 double d; 1426 unsigned long long ll; 1427 } u; 1428 u.ll = readAligned<unsigned long long>(); 1429 return u.d; 1430} 1431 1432#else 1433 1434status_t Parcel::readDouble(double *pArg) const 1435{ 1436 return readAligned(pArg); 1437} 1438 1439double Parcel::readDouble() const 1440{ 1441 return readAligned<double>(); 1442} 1443 1444#endif 1445 1446status_t Parcel::readIntPtr(intptr_t *pArg) const 1447{ 1448 return readAligned(pArg); 1449} 1450 1451 1452intptr_t Parcel::readIntPtr() const 1453{ 1454 return readAligned<intptr_t>(); 1455} 1456 1457status_t Parcel::readBool(bool *pArg) const 1458{ 1459 int32_t tmp; 1460 status_t ret = readInt32(&tmp); 1461 *pArg = (tmp != 0); 1462 return ret; 1463} 1464 1465bool Parcel::readBool() const 1466{ 1467 return readInt32() != 0; 1468} 1469 1470status_t Parcel::readChar(char16_t *pArg) const 1471{ 1472 int32_t tmp; 1473 status_t ret = readInt32(&tmp); 1474 *pArg = char16_t(tmp); 1475 return ret; 1476} 1477 1478char16_t Parcel::readChar() const 1479{ 1480 return char16_t(readInt32()); 1481} 1482 1483status_t Parcel::readByte(int8_t *pArg) const 1484{ 1485 int32_t tmp; 1486 status_t ret = readInt32(&tmp); 1487 *pArg = int8_t(tmp); 1488 return ret; 1489} 1490 1491int8_t Parcel::readByte() const 1492{ 1493 return int8_t(readInt32()); 1494} 1495 1496const char* Parcel::readCString() const 1497{ 1498 const size_t avail = mDataSize-mDataPos; 1499 if (avail > 0) { 1500 const char* str = reinterpret_cast<const char*>(mData+mDataPos); 1501 // is the string's trailing NUL within the parcel's valid bounds? 1502 const char* eos = reinterpret_cast<const char*>(memchr(str, 0, avail)); 1503 if (eos) { 1504 const size_t len = eos - str; 1505 mDataPos += pad_size(len+1); 1506 ALOGV("readCString Setting data pos of %p to %zu", this, mDataPos); 1507 return str; 1508 } 1509 } 1510 return NULL; 1511} 1512 1513String8 Parcel::readString8() const 1514{ 1515 int32_t size = readInt32(); 1516 // watch for potential int overflow adding 1 for trailing NUL 1517 if (size > 0 && size < INT32_MAX) { 1518 const char* str = (const char*)readInplace(size+1); 1519 if (str) return String8(str, size); 1520 } 1521 return String8(); 1522} 1523 1524String16 Parcel::readString16() const 1525{ 1526 size_t len; 1527 const char16_t* str = readString16Inplace(&len); 1528 if (str) return String16(str, len); 1529 ALOGE("Reading a NULL string not supported here."); 1530 return String16(); 1531} 1532 1533status_t Parcel::readString16(String16* pArg) const 1534{ 1535 size_t len; 1536 const char16_t* str = readString16Inplace(&len); 1537 if (str) { 1538 pArg->setTo(str, len); 1539 return 0; 1540 } else { 1541 *pArg = String16(); 1542 return UNEXPECTED_NULL; 1543 } 1544} 1545 1546const char16_t* Parcel::readString16Inplace(size_t* outLen) const 1547{ 1548 int32_t size = readInt32(); 1549 // watch for potential int overflow from size+1 1550 if (size >= 0 && size < INT32_MAX) { 1551 *outLen = size; 1552 const char16_t* str = (const char16_t*)readInplace((size+1)*sizeof(char16_t)); 1553 if (str != NULL) { 1554 return str; 1555 } 1556 } 1557 *outLen = 0; 1558 return NULL; 1559} 1560 1561status_t Parcel::readStrongBinder(sp<IBinder>* val) const 1562{ 1563 return unflatten_binder(ProcessState::self(), *this, val); 1564} 1565 1566sp<IBinder> Parcel::readStrongBinder() const 1567{ 1568 sp<IBinder> val; 1569 readStrongBinder(&val); 1570 return val; 1571} 1572 1573wp<IBinder> Parcel::readWeakBinder() const 1574{ 1575 wp<IBinder> val; 1576 unflatten_binder(ProcessState::self(), *this, &val); 1577 return val; 1578} 1579 1580status_t Parcel::readParcelable(Parcelable* parcelable) const { 1581 int32_t have_parcelable = 0; 1582 status_t status = readInt32(&have_parcelable); 1583 if (status != OK) { 1584 return status; 1585 } 1586 if (!have_parcelable) { 1587 return UNEXPECTED_NULL; 1588 } 1589 return parcelable->readFromParcel(this); 1590} 1591 1592int32_t Parcel::readExceptionCode() const 1593{ 1594 binder::Status status; 1595 status.readFromParcel(*this); 1596 return status.exceptionCode(); 1597} 1598 1599native_handle* Parcel::readNativeHandle() const 1600{ 1601 int numFds, numInts; 1602 status_t err; 1603 err = readInt32(&numFds); 1604 if (err != NO_ERROR) return 0; 1605 err = readInt32(&numInts); 1606 if (err != NO_ERROR) return 0; 1607 1608 native_handle* h = native_handle_create(numFds, numInts); 1609 if (!h) { 1610 return 0; 1611 } 1612 1613 for (int i=0 ; err==NO_ERROR && i<numFds ; i++) { 1614 h->data[i] = dup(readFileDescriptor()); 1615 if (h->data[i] < 0) err = BAD_VALUE; 1616 } 1617 err = read(h->data + numFds, sizeof(int)*numInts); 1618 if (err != NO_ERROR) { 1619 native_handle_close(h); 1620 native_handle_delete(h); 1621 h = 0; 1622 } 1623 return h; 1624} 1625 1626 1627int Parcel::readFileDescriptor() const 1628{ 1629 const flat_binder_object* flat = readObject(true); 1630 if (flat) { 1631 switch (flat->type) { 1632 case BINDER_TYPE_FD: 1633 //ALOGI("Returning file descriptor %ld from parcel %p", flat->handle, this); 1634 return flat->handle; 1635 } 1636 } 1637 return BAD_TYPE; 1638} 1639 1640status_t Parcel::readBlob(size_t len, ReadableBlob* outBlob) const 1641{ 1642 int32_t blobType; 1643 status_t status = readInt32(&blobType); 1644 if (status) return status; 1645 1646 if (blobType == BLOB_INPLACE) { 1647 ALOGV("readBlob: read in place"); 1648 const void* ptr = readInplace(len); 1649 if (!ptr) return BAD_VALUE; 1650 1651 outBlob->init(-1, const_cast<void*>(ptr), len, false); 1652 return NO_ERROR; 1653 } 1654 1655 ALOGV("readBlob: read from ashmem"); 1656 bool isMutable = (blobType == BLOB_ASHMEM_MUTABLE); 1657 int fd = readFileDescriptor(); 1658 if (fd == int(BAD_TYPE)) return BAD_VALUE; 1659 1660 void* ptr = ::mmap(NULL, len, isMutable ? PROT_READ | PROT_WRITE : PROT_READ, 1661 MAP_SHARED, fd, 0); 1662 if (ptr == MAP_FAILED) return NO_MEMORY; 1663 1664 outBlob->init(fd, ptr, len, isMutable); 1665 return NO_ERROR; 1666} 1667 1668status_t Parcel::read(FlattenableHelperInterface& val) const 1669{ 1670 // size 1671 const size_t len = this->readInt32(); 1672 const size_t fd_count = this->readInt32(); 1673 1674 if (len > INT32_MAX) { 1675 // don't accept size_t values which may have come from an 1676 // inadvertent conversion from a negative int. 1677 return BAD_VALUE; 1678 } 1679 1680 // payload 1681 void const* const buf = this->readInplace(pad_size(len)); 1682 if (buf == NULL) 1683 return BAD_VALUE; 1684 1685 int* fds = NULL; 1686 if (fd_count) { 1687 fds = new int[fd_count]; 1688 } 1689 1690 status_t err = NO_ERROR; 1691 for (size_t i=0 ; i<fd_count && err==NO_ERROR ; i++) { 1692 fds[i] = dup(this->readFileDescriptor()); 1693 if (fds[i] < 0) { 1694 err = BAD_VALUE; 1695 ALOGE("dup() failed in Parcel::read, i is %zu, fds[i] is %d, fd_count is %zu, error: %s", 1696 i, fds[i], fd_count, strerror(errno)); 1697 } 1698 } 1699 1700 if (err == NO_ERROR) { 1701 err = val.unflatten(buf, len, fds, fd_count); 1702 } 1703 1704 if (fd_count) { 1705 delete [] fds; 1706 } 1707 1708 return err; 1709} 1710const flat_binder_object* Parcel::readObject(bool nullMetaData) const 1711{ 1712 const size_t DPOS = mDataPos; 1713 if ((DPOS+sizeof(flat_binder_object)) <= mDataSize) { 1714 const flat_binder_object* obj 1715 = reinterpret_cast<const flat_binder_object*>(mData+DPOS); 1716 mDataPos = DPOS + sizeof(flat_binder_object); 1717 if (!nullMetaData && (obj->cookie == 0 && obj->binder == 0)) { 1718 // When transferring a NULL object, we don't write it into 1719 // the object list, so we don't want to check for it when 1720 // reading. 1721 ALOGV("readObject Setting data pos of %p to %zu", this, mDataPos); 1722 return obj; 1723 } 1724 1725 // Ensure that this object is valid... 1726 binder_size_t* const OBJS = mObjects; 1727 const size_t N = mObjectsSize; 1728 size_t opos = mNextObjectHint; 1729 1730 if (N > 0) { 1731 ALOGV("Parcel %p looking for obj at %zu, hint=%zu", 1732 this, DPOS, opos); 1733 1734 // Start at the current hint position, looking for an object at 1735 // the current data position. 1736 if (opos < N) { 1737 while (opos < (N-1) && OBJS[opos] < DPOS) { 1738 opos++; 1739 } 1740 } else { 1741 opos = N-1; 1742 } 1743 if (OBJS[opos] == DPOS) { 1744 // Found it! 1745 ALOGV("Parcel %p found obj %zu at index %zu with forward search", 1746 this, DPOS, opos); 1747 mNextObjectHint = opos+1; 1748 ALOGV("readObject Setting data pos of %p to %zu", this, mDataPos); 1749 return obj; 1750 } 1751 1752 // Look backwards for it... 1753 while (opos > 0 && OBJS[opos] > DPOS) { 1754 opos--; 1755 } 1756 if (OBJS[opos] == DPOS) { 1757 // Found it! 1758 ALOGV("Parcel %p found obj %zu at index %zu with backward search", 1759 this, DPOS, opos); 1760 mNextObjectHint = opos+1; 1761 ALOGV("readObject Setting data pos of %p to %zu", this, mDataPos); 1762 return obj; 1763 } 1764 } 1765 ALOGW("Attempt to read object from Parcel %p at offset %zu that is not in the object list", 1766 this, DPOS); 1767 } 1768 return NULL; 1769} 1770 1771void Parcel::closeFileDescriptors() 1772{ 1773 size_t i = mObjectsSize; 1774 if (i > 0) { 1775 //ALOGI("Closing file descriptors for %zu objects...", i); 1776 } 1777 while (i > 0) { 1778 i--; 1779 const flat_binder_object* flat 1780 = reinterpret_cast<flat_binder_object*>(mData+mObjects[i]); 1781 if (flat->type == BINDER_TYPE_FD) { 1782 //ALOGI("Closing fd: %ld", flat->handle); 1783 close(flat->handle); 1784 } 1785 } 1786} 1787 1788uintptr_t Parcel::ipcData() const 1789{ 1790 return reinterpret_cast<uintptr_t>(mData); 1791} 1792 1793size_t Parcel::ipcDataSize() const 1794{ 1795 return (mDataSize > mDataPos ? mDataSize : mDataPos); 1796} 1797 1798uintptr_t Parcel::ipcObjects() const 1799{ 1800 return reinterpret_cast<uintptr_t>(mObjects); 1801} 1802 1803size_t Parcel::ipcObjectsCount() const 1804{ 1805 return mObjectsSize; 1806} 1807 1808void Parcel::ipcSetDataReference(const uint8_t* data, size_t dataSize, 1809 const binder_size_t* objects, size_t objectsCount, release_func relFunc, void* relCookie) 1810{ 1811 binder_size_t minOffset = 0; 1812 freeDataNoInit(); 1813 mError = NO_ERROR; 1814 mData = const_cast<uint8_t*>(data); 1815 mDataSize = mDataCapacity = dataSize; 1816 //ALOGI("setDataReference Setting data size of %p to %lu (pid=%d)", this, mDataSize, getpid()); 1817 mDataPos = 0; 1818 ALOGV("setDataReference Setting data pos of %p to %zu", this, mDataPos); 1819 mObjects = const_cast<binder_size_t*>(objects); 1820 mObjectsSize = mObjectsCapacity = objectsCount; 1821 mNextObjectHint = 0; 1822 mOwner = relFunc; 1823 mOwnerCookie = relCookie; 1824 for (size_t i = 0; i < mObjectsSize; i++) { 1825 binder_size_t offset = mObjects[i]; 1826 if (offset < minOffset) { 1827 ALOGE("%s: bad object offset %" PRIu64 " < %" PRIu64 "\n", 1828 __func__, (uint64_t)offset, (uint64_t)minOffset); 1829 mObjectsSize = 0; 1830 break; 1831 } 1832 minOffset = offset + sizeof(flat_binder_object); 1833 } 1834 scanForFds(); 1835} 1836 1837void Parcel::print(TextOutput& to, uint32_t /*flags*/) const 1838{ 1839 to << "Parcel("; 1840 1841 if (errorCheck() != NO_ERROR) { 1842 const status_t err = errorCheck(); 1843 to << "Error: " << (void*)(intptr_t)err << " \"" << strerror(-err) << "\""; 1844 } else if (dataSize() > 0) { 1845 const uint8_t* DATA = data(); 1846 to << indent << HexDump(DATA, dataSize()) << dedent; 1847 const binder_size_t* OBJS = objects(); 1848 const size_t N = objectsCount(); 1849 for (size_t i=0; i<N; i++) { 1850 const flat_binder_object* flat 1851 = reinterpret_cast<const flat_binder_object*>(DATA+OBJS[i]); 1852 to << endl << "Object #" << i << " @ " << (void*)OBJS[i] << ": " 1853 << TypeCode(flat->type & 0x7f7f7f00) 1854 << " = " << flat->binder; 1855 } 1856 } else { 1857 to << "NULL"; 1858 } 1859 1860 to << ")"; 1861} 1862 1863void Parcel::releaseObjects() 1864{ 1865 const sp<ProcessState> proc(ProcessState::self()); 1866 size_t i = mObjectsSize; 1867 uint8_t* const data = mData; 1868 binder_size_t* const objects = mObjects; 1869 while (i > 0) { 1870 i--; 1871 const flat_binder_object* flat 1872 = reinterpret_cast<flat_binder_object*>(data+objects[i]); 1873 release_object(proc, *flat, this, &mOpenAshmemSize); 1874 } 1875} 1876 1877void Parcel::acquireObjects() 1878{ 1879 const sp<ProcessState> proc(ProcessState::self()); 1880 size_t i = mObjectsSize; 1881 uint8_t* const data = mData; 1882 binder_size_t* const objects = mObjects; 1883 while (i > 0) { 1884 i--; 1885 const flat_binder_object* flat 1886 = reinterpret_cast<flat_binder_object*>(data+objects[i]); 1887 acquire_object(proc, *flat, this, &mOpenAshmemSize); 1888 } 1889} 1890 1891void Parcel::freeData() 1892{ 1893 freeDataNoInit(); 1894 initState(); 1895} 1896 1897void Parcel::freeDataNoInit() 1898{ 1899 if (mOwner) { 1900 LOG_ALLOC("Parcel %p: freeing other owner data", this); 1901 //ALOGI("Freeing data ref of %p (pid=%d)", this, getpid()); 1902 mOwner(this, mData, mDataSize, mObjects, mObjectsSize, mOwnerCookie); 1903 } else { 1904 LOG_ALLOC("Parcel %p: freeing allocated data", this); 1905 releaseObjects(); 1906 if (mData) { 1907 LOG_ALLOC("Parcel %p: freeing with %zu capacity", this, mDataCapacity); 1908 pthread_mutex_lock(&gParcelGlobalAllocSizeLock); 1909 if (mDataCapacity <= gParcelGlobalAllocSize) { 1910 gParcelGlobalAllocSize = gParcelGlobalAllocSize - mDataCapacity; 1911 } else { 1912 gParcelGlobalAllocSize = 0; 1913 } 1914 if (gParcelGlobalAllocCount > 0) { 1915 gParcelGlobalAllocCount--; 1916 } 1917 pthread_mutex_unlock(&gParcelGlobalAllocSizeLock); 1918 free(mData); 1919 } 1920 if (mObjects) free(mObjects); 1921 } 1922} 1923 1924status_t Parcel::growData(size_t len) 1925{ 1926 if (len > INT32_MAX) { 1927 // don't accept size_t values which may have come from an 1928 // inadvertent conversion from a negative int. 1929 return BAD_VALUE; 1930 } 1931 1932 size_t newSize = ((mDataSize+len)*3)/2; 1933 return (newSize <= mDataSize) 1934 ? (status_t) NO_MEMORY 1935 : continueWrite(newSize); 1936} 1937 1938status_t Parcel::restartWrite(size_t desired) 1939{ 1940 if (desired > INT32_MAX) { 1941 // don't accept size_t values which may have come from an 1942 // inadvertent conversion from a negative int. 1943 return BAD_VALUE; 1944 } 1945 1946 if (mOwner) { 1947 freeData(); 1948 return continueWrite(desired); 1949 } 1950 1951 uint8_t* data = (uint8_t*)realloc(mData, desired); 1952 if (!data && desired > mDataCapacity) { 1953 mError = NO_MEMORY; 1954 return NO_MEMORY; 1955 } 1956 1957 releaseObjects(); 1958 1959 if (data) { 1960 LOG_ALLOC("Parcel %p: restart from %zu to %zu capacity", this, mDataCapacity, desired); 1961 pthread_mutex_lock(&gParcelGlobalAllocSizeLock); 1962 gParcelGlobalAllocSize += desired; 1963 gParcelGlobalAllocSize -= mDataCapacity; 1964 pthread_mutex_unlock(&gParcelGlobalAllocSizeLock); 1965 mData = data; 1966 mDataCapacity = desired; 1967 } 1968 1969 mDataSize = mDataPos = 0; 1970 ALOGV("restartWrite Setting data size of %p to %zu", this, mDataSize); 1971 ALOGV("restartWrite Setting data pos of %p to %zu", this, mDataPos); 1972 1973 free(mObjects); 1974 mObjects = NULL; 1975 mObjectsSize = mObjectsCapacity = 0; 1976 mNextObjectHint = 0; 1977 mHasFds = false; 1978 mFdsKnown = true; 1979 mAllowFds = true; 1980 1981 return NO_ERROR; 1982} 1983 1984status_t Parcel::continueWrite(size_t desired) 1985{ 1986 if (desired > INT32_MAX) { 1987 // don't accept size_t values which may have come from an 1988 // inadvertent conversion from a negative int. 1989 return BAD_VALUE; 1990 } 1991 1992 // If shrinking, first adjust for any objects that appear 1993 // after the new data size. 1994 size_t objectsSize = mObjectsSize; 1995 if (desired < mDataSize) { 1996 if (desired == 0) { 1997 objectsSize = 0; 1998 } else { 1999 while (objectsSize > 0) { 2000 if (mObjects[objectsSize-1] < desired) 2001 break; 2002 objectsSize--; 2003 } 2004 } 2005 } 2006 2007 if (mOwner) { 2008 // If the size is going to zero, just release the owner's data. 2009 if (desired == 0) { 2010 freeData(); 2011 return NO_ERROR; 2012 } 2013 2014 // If there is a different owner, we need to take 2015 // posession. 2016 uint8_t* data = (uint8_t*)malloc(desired); 2017 if (!data) { 2018 mError = NO_MEMORY; 2019 return NO_MEMORY; 2020 } 2021 binder_size_t* objects = NULL; 2022 2023 if (objectsSize) { 2024 objects = (binder_size_t*)calloc(objectsSize, sizeof(binder_size_t)); 2025 if (!objects) { 2026 free(data); 2027 2028 mError = NO_MEMORY; 2029 return NO_MEMORY; 2030 } 2031 2032 // Little hack to only acquire references on objects 2033 // we will be keeping. 2034 size_t oldObjectsSize = mObjectsSize; 2035 mObjectsSize = objectsSize; 2036 acquireObjects(); 2037 mObjectsSize = oldObjectsSize; 2038 } 2039 2040 if (mData) { 2041 memcpy(data, mData, mDataSize < desired ? mDataSize : desired); 2042 } 2043 if (objects && mObjects) { 2044 memcpy(objects, mObjects, objectsSize*sizeof(binder_size_t)); 2045 } 2046 //ALOGI("Freeing data ref of %p (pid=%d)", this, getpid()); 2047 mOwner(this, mData, mDataSize, mObjects, mObjectsSize, mOwnerCookie); 2048 mOwner = NULL; 2049 2050 LOG_ALLOC("Parcel %p: taking ownership of %zu capacity", this, desired); 2051 pthread_mutex_lock(&gParcelGlobalAllocSizeLock); 2052 gParcelGlobalAllocSize += desired; 2053 gParcelGlobalAllocCount++; 2054 pthread_mutex_unlock(&gParcelGlobalAllocSizeLock); 2055 2056 mData = data; 2057 mObjects = objects; 2058 mDataSize = (mDataSize < desired) ? mDataSize : desired; 2059 ALOGV("continueWrite Setting data size of %p to %zu", this, mDataSize); 2060 mDataCapacity = desired; 2061 mObjectsSize = mObjectsCapacity = objectsSize; 2062 mNextObjectHint = 0; 2063 2064 } else if (mData) { 2065 if (objectsSize < mObjectsSize) { 2066 // Need to release refs on any objects we are dropping. 2067 const sp<ProcessState> proc(ProcessState::self()); 2068 for (size_t i=objectsSize; i<mObjectsSize; i++) { 2069 const flat_binder_object* flat 2070 = reinterpret_cast<flat_binder_object*>(mData+mObjects[i]); 2071 if (flat->type == BINDER_TYPE_FD) { 2072 // will need to rescan because we may have lopped off the only FDs 2073 mFdsKnown = false; 2074 } 2075 release_object(proc, *flat, this, &mOpenAshmemSize); 2076 } 2077 binder_size_t* objects = 2078 (binder_size_t*)realloc(mObjects, objectsSize*sizeof(binder_size_t)); 2079 if (objects) { 2080 mObjects = objects; 2081 } 2082 mObjectsSize = objectsSize; 2083 mNextObjectHint = 0; 2084 } 2085 2086 // We own the data, so we can just do a realloc(). 2087 if (desired > mDataCapacity) { 2088 uint8_t* data = (uint8_t*)realloc(mData, desired); 2089 if (data) { 2090 LOG_ALLOC("Parcel %p: continue from %zu to %zu capacity", this, mDataCapacity, 2091 desired); 2092 pthread_mutex_lock(&gParcelGlobalAllocSizeLock); 2093 gParcelGlobalAllocSize += desired; 2094 gParcelGlobalAllocSize -= mDataCapacity; 2095 gParcelGlobalAllocCount++; 2096 pthread_mutex_unlock(&gParcelGlobalAllocSizeLock); 2097 mData = data; 2098 mDataCapacity = desired; 2099 } else if (desired > mDataCapacity) { 2100 mError = NO_MEMORY; 2101 return NO_MEMORY; 2102 } 2103 } else { 2104 if (mDataSize > desired) { 2105 mDataSize = desired; 2106 ALOGV("continueWrite Setting data size of %p to %zu", this, mDataSize); 2107 } 2108 if (mDataPos > desired) { 2109 mDataPos = desired; 2110 ALOGV("continueWrite Setting data pos of %p to %zu", this, mDataPos); 2111 } 2112 } 2113 2114 } else { 2115 // This is the first data. Easy! 2116 uint8_t* data = (uint8_t*)malloc(desired); 2117 if (!data) { 2118 mError = NO_MEMORY; 2119 return NO_MEMORY; 2120 } 2121 2122 if(!(mDataCapacity == 0 && mObjects == NULL 2123 && mObjectsCapacity == 0)) { 2124 ALOGE("continueWrite: %zu/%p/%zu/%zu", mDataCapacity, mObjects, mObjectsCapacity, desired); 2125 } 2126 2127 LOG_ALLOC("Parcel %p: allocating with %zu capacity", this, desired); 2128 pthread_mutex_lock(&gParcelGlobalAllocSizeLock); 2129 gParcelGlobalAllocSize += desired; 2130 gParcelGlobalAllocCount++; 2131 pthread_mutex_unlock(&gParcelGlobalAllocSizeLock); 2132 2133 mData = data; 2134 mDataSize = mDataPos = 0; 2135 ALOGV("continueWrite Setting data size of %p to %zu", this, mDataSize); 2136 ALOGV("continueWrite Setting data pos of %p to %zu", this, mDataPos); 2137 mDataCapacity = desired; 2138 } 2139 2140 return NO_ERROR; 2141} 2142 2143void Parcel::initState() 2144{ 2145 LOG_ALLOC("Parcel %p: initState", this); 2146 mError = NO_ERROR; 2147 mData = 0; 2148 mDataSize = 0; 2149 mDataCapacity = 0; 2150 mDataPos = 0; 2151 ALOGV("initState Setting data size of %p to %zu", this, mDataSize); 2152 ALOGV("initState Setting data pos of %p to %zu", this, mDataPos); 2153 mObjects = NULL; 2154 mObjectsSize = 0; 2155 mObjectsCapacity = 0; 2156 mNextObjectHint = 0; 2157 mHasFds = false; 2158 mFdsKnown = true; 2159 mAllowFds = true; 2160 mOwner = NULL; 2161 mOpenAshmemSize = 0; 2162} 2163 2164void Parcel::scanForFds() const 2165{ 2166 bool hasFds = false; 2167 for (size_t i=0; i<mObjectsSize; i++) { 2168 const flat_binder_object* flat 2169 = reinterpret_cast<const flat_binder_object*>(mData + mObjects[i]); 2170 if (flat->type == BINDER_TYPE_FD) { 2171 hasFds = true; 2172 break; 2173 } 2174 } 2175 mHasFds = hasFds; 2176 mFdsKnown = true; 2177} 2178 2179size_t Parcel::getBlobAshmemSize() const 2180{ 2181 // This used to return the size of all blobs that were written to ashmem, now we're returning 2182 // the ashmem currently referenced by this Parcel, which should be equivalent. 2183 // TODO: Remove method once ABI can be changed. 2184 return mOpenAshmemSize; 2185} 2186 2187size_t Parcel::getOpenAshmemSize() const 2188{ 2189 return mOpenAshmemSize; 2190} 2191 2192// --- Parcel::Blob --- 2193 2194Parcel::Blob::Blob() : 2195 mFd(-1), mData(NULL), mSize(0), mMutable(false) { 2196} 2197 2198Parcel::Blob::~Blob() { 2199 release(); 2200} 2201 2202void Parcel::Blob::release() { 2203 if (mFd != -1 && mData) { 2204 ::munmap(mData, mSize); 2205 } 2206 clear(); 2207} 2208 2209void Parcel::Blob::init(int fd, void* data, size_t size, bool isMutable) { 2210 mFd = fd; 2211 mData = data; 2212 mSize = size; 2213 mMutable = isMutable; 2214} 2215 2216void Parcel::Blob::clear() { 2217 mFd = -1; 2218 mData = NULL; 2219 mSize = 0; 2220 mMutable = false; 2221} 2222 2223}; // namespace android 2224