Parcel.cpp revision 83ec65e19a8b5e1ae11e789b3d79d08543b09193
1/* 2 * Copyright (C) 2005 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#define LOG_TAG "Parcel" 18//#define LOG_NDEBUG 0 19 20#include <binder/Parcel.h> 21 22#include <binder/IPCThreadState.h> 23#include <binder/Binder.h> 24#include <binder/BpBinder.h> 25#include <binder/ProcessState.h> 26#include <binder/Status.h> 27#include <binder/TextOutput.h> 28 29#include <errno.h> 30#include <utils/Debug.h> 31#include <utils/Log.h> 32#include <utils/String8.h> 33#include <utils/String16.h> 34#include <utils/misc.h> 35#include <utils/Flattenable.h> 36#include <cutils/ashmem.h> 37 38#include <private/binder/binder_module.h> 39#include <private/binder/Static.h> 40 41#include <inttypes.h> 42#include <stdio.h> 43#include <stdlib.h> 44#include <stdint.h> 45#include <sys/mman.h> 46 47#ifndef INT32_MAX 48#define INT32_MAX ((int32_t)(2147483647)) 49#endif 50 51#define LOG_REFS(...) 52//#define LOG_REFS(...) ALOG(LOG_DEBUG, "Parcel", __VA_ARGS__) 53#define LOG_ALLOC(...) 54//#define LOG_ALLOC(...) ALOG(LOG_DEBUG, "Parcel", __VA_ARGS__) 55 56// --------------------------------------------------------------------------- 57 58// This macro should never be used at runtime, as a too large value 59// of s could cause an integer overflow. Instead, you should always 60// use the wrapper function pad_size() 61#define PAD_SIZE_UNSAFE(s) (((s)+3)&~3) 62 63static size_t pad_size(size_t s) { 64 if (s > (SIZE_T_MAX - 3)) { 65 abort(); 66 } 67 return PAD_SIZE_UNSAFE(s); 68} 69 70// Note: must be kept in sync with android/os/StrictMode.java's PENALTY_GATHER 71#define STRICT_MODE_PENALTY_GATHER (0x40 << 16) 72 73// XXX This can be made public if we want to provide 74// support for typed data. 75struct small_flat_data 76{ 77 uint32_t type; 78 uint32_t data; 79}; 80 81namespace android { 82 83static pthread_mutex_t gParcelGlobalAllocSizeLock = PTHREAD_MUTEX_INITIALIZER; 84static size_t gParcelGlobalAllocSize = 0; 85static size_t gParcelGlobalAllocCount = 0; 86 87// Maximum size of a blob to transfer in-place. 88static const size_t BLOB_INPLACE_LIMIT = 16 * 1024; 89 90enum { 91 BLOB_INPLACE = 0, 92 BLOB_ASHMEM_IMMUTABLE = 1, 93 BLOB_ASHMEM_MUTABLE = 2, 94}; 95 96void acquire_object(const sp<ProcessState>& proc, 97 const flat_binder_object& obj, const void* who) 98{ 99 switch (obj.type) { 100 case BINDER_TYPE_BINDER: 101 if (obj.binder) { 102 LOG_REFS("Parcel %p acquiring reference on local %p", who, obj.cookie); 103 reinterpret_cast<IBinder*>(obj.cookie)->incStrong(who); 104 } 105 return; 106 case BINDER_TYPE_WEAK_BINDER: 107 if (obj.binder) 108 reinterpret_cast<RefBase::weakref_type*>(obj.binder)->incWeak(who); 109 return; 110 case BINDER_TYPE_HANDLE: { 111 const sp<IBinder> b = proc->getStrongProxyForHandle(obj.handle); 112 if (b != NULL) { 113 LOG_REFS("Parcel %p acquiring reference on remote %p", who, b.get()); 114 b->incStrong(who); 115 } 116 return; 117 } 118 case BINDER_TYPE_WEAK_HANDLE: { 119 const wp<IBinder> b = proc->getWeakProxyForHandle(obj.handle); 120 if (b != NULL) b.get_refs()->incWeak(who); 121 return; 122 } 123 case BINDER_TYPE_FD: { 124 // intentionally blank -- nothing to do to acquire this, but we do 125 // recognize it as a legitimate object type. 126 return; 127 } 128 } 129 130 ALOGD("Invalid object type 0x%08x", obj.type); 131} 132 133void release_object(const sp<ProcessState>& proc, 134 const flat_binder_object& obj, const void* who) 135{ 136 switch (obj.type) { 137 case BINDER_TYPE_BINDER: 138 if (obj.binder) { 139 LOG_REFS("Parcel %p releasing reference on local %p", who, obj.cookie); 140 reinterpret_cast<IBinder*>(obj.cookie)->decStrong(who); 141 } 142 return; 143 case BINDER_TYPE_WEAK_BINDER: 144 if (obj.binder) 145 reinterpret_cast<RefBase::weakref_type*>(obj.binder)->decWeak(who); 146 return; 147 case BINDER_TYPE_HANDLE: { 148 const sp<IBinder> b = proc->getStrongProxyForHandle(obj.handle); 149 if (b != NULL) { 150 LOG_REFS("Parcel %p releasing reference on remote %p", who, b.get()); 151 b->decStrong(who); 152 } 153 return; 154 } 155 case BINDER_TYPE_WEAK_HANDLE: { 156 const wp<IBinder> b = proc->getWeakProxyForHandle(obj.handle); 157 if (b != NULL) b.get_refs()->decWeak(who); 158 return; 159 } 160 case BINDER_TYPE_FD: { 161 if (obj.cookie != 0) close(obj.handle); 162 return; 163 } 164 } 165 166 ALOGE("Invalid object type 0x%08x", obj.type); 167} 168 169inline static status_t finish_flatten_binder( 170 const sp<IBinder>& /*binder*/, const flat_binder_object& flat, Parcel* out) 171{ 172 return out->writeObject(flat, false); 173} 174 175status_t flatten_binder(const sp<ProcessState>& /*proc*/, 176 const sp<IBinder>& binder, Parcel* out) 177{ 178 flat_binder_object obj; 179 180 obj.flags = 0x7f | FLAT_BINDER_FLAG_ACCEPTS_FDS; 181 if (binder != NULL) { 182 IBinder *local = binder->localBinder(); 183 if (!local) { 184 BpBinder *proxy = binder->remoteBinder(); 185 if (proxy == NULL) { 186 ALOGE("null proxy"); 187 } 188 const int32_t handle = proxy ? proxy->handle() : 0; 189 obj.type = BINDER_TYPE_HANDLE; 190 obj.binder = 0; /* Don't pass uninitialized stack data to a remote process */ 191 obj.handle = handle; 192 obj.cookie = 0; 193 } else { 194 obj.type = BINDER_TYPE_BINDER; 195 obj.binder = reinterpret_cast<uintptr_t>(local->getWeakRefs()); 196 obj.cookie = reinterpret_cast<uintptr_t>(local); 197 } 198 } else { 199 obj.type = BINDER_TYPE_BINDER; 200 obj.binder = 0; 201 obj.cookie = 0; 202 } 203 204 return finish_flatten_binder(binder, obj, out); 205} 206 207status_t flatten_binder(const sp<ProcessState>& /*proc*/, 208 const wp<IBinder>& binder, Parcel* out) 209{ 210 flat_binder_object obj; 211 212 obj.flags = 0x7f | FLAT_BINDER_FLAG_ACCEPTS_FDS; 213 if (binder != NULL) { 214 sp<IBinder> real = binder.promote(); 215 if (real != NULL) { 216 IBinder *local = real->localBinder(); 217 if (!local) { 218 BpBinder *proxy = real->remoteBinder(); 219 if (proxy == NULL) { 220 ALOGE("null proxy"); 221 } 222 const int32_t handle = proxy ? proxy->handle() : 0; 223 obj.type = BINDER_TYPE_WEAK_HANDLE; 224 obj.binder = 0; /* Don't pass uninitialized stack data to a remote process */ 225 obj.handle = handle; 226 obj.cookie = 0; 227 } else { 228 obj.type = BINDER_TYPE_WEAK_BINDER; 229 obj.binder = reinterpret_cast<uintptr_t>(binder.get_refs()); 230 obj.cookie = reinterpret_cast<uintptr_t>(binder.unsafe_get()); 231 } 232 return finish_flatten_binder(real, obj, out); 233 } 234 235 // XXX How to deal? In order to flatten the given binder, 236 // we need to probe it for information, which requires a primary 237 // reference... but we don't have one. 238 // 239 // The OpenBinder implementation uses a dynamic_cast<> here, 240 // but we can't do that with the different reference counting 241 // implementation we are using. 242 ALOGE("Unable to unflatten Binder weak reference!"); 243 obj.type = BINDER_TYPE_BINDER; 244 obj.binder = 0; 245 obj.cookie = 0; 246 return finish_flatten_binder(NULL, obj, out); 247 248 } else { 249 obj.type = BINDER_TYPE_BINDER; 250 obj.binder = 0; 251 obj.cookie = 0; 252 return finish_flatten_binder(NULL, obj, out); 253 } 254} 255 256inline static status_t finish_unflatten_binder( 257 BpBinder* /*proxy*/, const flat_binder_object& /*flat*/, 258 const Parcel& /*in*/) 259{ 260 return NO_ERROR; 261} 262 263status_t unflatten_binder(const sp<ProcessState>& proc, 264 const Parcel& in, sp<IBinder>* out) 265{ 266 const flat_binder_object* flat = in.readObject(false); 267 268 if (flat) { 269 switch (flat->type) { 270 case BINDER_TYPE_BINDER: 271 *out = reinterpret_cast<IBinder*>(flat->cookie); 272 return finish_unflatten_binder(NULL, *flat, in); 273 case BINDER_TYPE_HANDLE: 274 *out = proc->getStrongProxyForHandle(flat->handle); 275 return finish_unflatten_binder( 276 static_cast<BpBinder*>(out->get()), *flat, in); 277 } 278 } 279 return BAD_TYPE; 280} 281 282status_t unflatten_binder(const sp<ProcessState>& proc, 283 const Parcel& in, wp<IBinder>* out) 284{ 285 const flat_binder_object* flat = in.readObject(false); 286 287 if (flat) { 288 switch (flat->type) { 289 case BINDER_TYPE_BINDER: 290 *out = reinterpret_cast<IBinder*>(flat->cookie); 291 return finish_unflatten_binder(NULL, *flat, in); 292 case BINDER_TYPE_WEAK_BINDER: 293 if (flat->binder != 0) { 294 out->set_object_and_refs( 295 reinterpret_cast<IBinder*>(flat->cookie), 296 reinterpret_cast<RefBase::weakref_type*>(flat->binder)); 297 } else { 298 *out = NULL; 299 } 300 return finish_unflatten_binder(NULL, *flat, in); 301 case BINDER_TYPE_HANDLE: 302 case BINDER_TYPE_WEAK_HANDLE: 303 *out = proc->getWeakProxyForHandle(flat->handle); 304 return finish_unflatten_binder( 305 static_cast<BpBinder*>(out->unsafe_get()), *flat, in); 306 } 307 } 308 return BAD_TYPE; 309} 310 311// --------------------------------------------------------------------------- 312 313Parcel::Parcel() 314{ 315 LOG_ALLOC("Parcel %p: constructing", this); 316 initState(); 317} 318 319Parcel::~Parcel() 320{ 321 freeDataNoInit(); 322 LOG_ALLOC("Parcel %p: destroyed", this); 323} 324 325size_t Parcel::getGlobalAllocSize() { 326 pthread_mutex_lock(&gParcelGlobalAllocSizeLock); 327 size_t size = gParcelGlobalAllocSize; 328 pthread_mutex_unlock(&gParcelGlobalAllocSizeLock); 329 return size; 330} 331 332size_t Parcel::getGlobalAllocCount() { 333 pthread_mutex_lock(&gParcelGlobalAllocSizeLock); 334 size_t count = gParcelGlobalAllocCount; 335 pthread_mutex_unlock(&gParcelGlobalAllocSizeLock); 336 return count; 337} 338 339const uint8_t* Parcel::data() const 340{ 341 return mData; 342} 343 344size_t Parcel::dataSize() const 345{ 346 return (mDataSize > mDataPos ? mDataSize : mDataPos); 347} 348 349size_t Parcel::dataAvail() const 350{ 351 // TODO: decide what to do about the possibility that this can 352 // report an available-data size that exceeds a Java int's max 353 // positive value, causing havoc. Fortunately this will only 354 // happen if someone constructs a Parcel containing more than two 355 // gigabytes of data, which on typical phone hardware is simply 356 // not possible. 357 return dataSize() - dataPosition(); 358} 359 360size_t Parcel::dataPosition() const 361{ 362 return mDataPos; 363} 364 365size_t Parcel::dataCapacity() const 366{ 367 return mDataCapacity; 368} 369 370status_t Parcel::setDataSize(size_t size) 371{ 372 if (size > INT32_MAX) { 373 // don't accept size_t values which may have come from an 374 // inadvertent conversion from a negative int. 375 return BAD_VALUE; 376 } 377 378 status_t err; 379 err = continueWrite(size); 380 if (err == NO_ERROR) { 381 mDataSize = size; 382 ALOGV("setDataSize Setting data size of %p to %zu", this, mDataSize); 383 } 384 return err; 385} 386 387void Parcel::setDataPosition(size_t pos) const 388{ 389 if (pos > INT32_MAX) { 390 // don't accept size_t values which may have come from an 391 // inadvertent conversion from a negative int. 392 abort(); 393 } 394 395 mDataPos = pos; 396 mNextObjectHint = 0; 397} 398 399status_t Parcel::setDataCapacity(size_t size) 400{ 401 if (size > INT32_MAX) { 402 // don't accept size_t values which may have come from an 403 // inadvertent conversion from a negative int. 404 return BAD_VALUE; 405 } 406 407 if (size > mDataCapacity) return continueWrite(size); 408 return NO_ERROR; 409} 410 411status_t Parcel::setData(const uint8_t* buffer, size_t len) 412{ 413 if (len > INT32_MAX) { 414 // don't accept size_t values which may have come from an 415 // inadvertent conversion from a negative int. 416 return BAD_VALUE; 417 } 418 419 status_t err = restartWrite(len); 420 if (err == NO_ERROR) { 421 memcpy(const_cast<uint8_t*>(data()), buffer, len); 422 mDataSize = len; 423 mFdsKnown = false; 424 } 425 return err; 426} 427 428status_t Parcel::appendFrom(const Parcel *parcel, size_t offset, size_t len) 429{ 430 const sp<ProcessState> proc(ProcessState::self()); 431 status_t err; 432 const uint8_t *data = parcel->mData; 433 const binder_size_t *objects = parcel->mObjects; 434 size_t size = parcel->mObjectsSize; 435 int startPos = mDataPos; 436 int firstIndex = -1, lastIndex = -2; 437 438 if (len == 0) { 439 return NO_ERROR; 440 } 441 442 if (len > INT32_MAX) { 443 // don't accept size_t values which may have come from an 444 // inadvertent conversion from a negative int. 445 return BAD_VALUE; 446 } 447 448 // range checks against the source parcel size 449 if ((offset > parcel->mDataSize) 450 || (len > parcel->mDataSize) 451 || (offset + len > parcel->mDataSize)) { 452 return BAD_VALUE; 453 } 454 455 // Count objects in range 456 for (int i = 0; i < (int) size; i++) { 457 size_t off = objects[i]; 458 if ((off >= offset) && (off + sizeof(flat_binder_object) <= offset + len)) { 459 if (firstIndex == -1) { 460 firstIndex = i; 461 } 462 lastIndex = i; 463 } 464 } 465 int numObjects = lastIndex - firstIndex + 1; 466 467 if ((mDataSize+len) > mDataCapacity) { 468 // grow data 469 err = growData(len); 470 if (err != NO_ERROR) { 471 return err; 472 } 473 } 474 475 // append data 476 memcpy(mData + mDataPos, data + offset, len); 477 mDataPos += len; 478 mDataSize += len; 479 480 err = NO_ERROR; 481 482 if (numObjects > 0) { 483 // grow objects 484 if (mObjectsCapacity < mObjectsSize + numObjects) { 485 size_t newSize = ((mObjectsSize + numObjects)*3)/2; 486 if (newSize < mObjectsSize) return NO_MEMORY; // overflow 487 binder_size_t *objects = 488 (binder_size_t*)realloc(mObjects, newSize*sizeof(binder_size_t)); 489 if (objects == (binder_size_t*)0) { 490 return NO_MEMORY; 491 } 492 mObjects = objects; 493 mObjectsCapacity = newSize; 494 } 495 496 // append and acquire objects 497 int idx = mObjectsSize; 498 for (int i = firstIndex; i <= lastIndex; i++) { 499 size_t off = objects[i] - offset + startPos; 500 mObjects[idx++] = off; 501 mObjectsSize++; 502 503 flat_binder_object* flat 504 = reinterpret_cast<flat_binder_object*>(mData + off); 505 acquire_object(proc, *flat, this); 506 507 if (flat->type == BINDER_TYPE_FD) { 508 // If this is a file descriptor, we need to dup it so the 509 // new Parcel now owns its own fd, and can declare that we 510 // officially know we have fds. 511 flat->handle = dup(flat->handle); 512 flat->cookie = 1; 513 mHasFds = mFdsKnown = true; 514 if (!mAllowFds) { 515 err = FDS_NOT_ALLOWED; 516 } 517 } 518 } 519 } 520 521 return err; 522} 523 524bool Parcel::allowFds() const 525{ 526 return mAllowFds; 527} 528 529bool Parcel::pushAllowFds(bool allowFds) 530{ 531 const bool origValue = mAllowFds; 532 if (!allowFds) { 533 mAllowFds = false; 534 } 535 return origValue; 536} 537 538void Parcel::restoreAllowFds(bool lastValue) 539{ 540 mAllowFds = lastValue; 541} 542 543bool Parcel::hasFileDescriptors() const 544{ 545 if (!mFdsKnown) { 546 scanForFds(); 547 } 548 return mHasFds; 549} 550 551// Write RPC headers. (previously just the interface token) 552status_t Parcel::writeInterfaceToken(const String16& interface) 553{ 554 writeInt32(IPCThreadState::self()->getStrictModePolicy() | 555 STRICT_MODE_PENALTY_GATHER); 556 // currently the interface identification token is just its name as a string 557 return writeString16(interface); 558} 559 560bool Parcel::checkInterface(IBinder* binder) const 561{ 562 return enforceInterface(binder->getInterfaceDescriptor()); 563} 564 565bool Parcel::enforceInterface(const String16& interface, 566 IPCThreadState* threadState) const 567{ 568 int32_t strictPolicy = readInt32(); 569 if (threadState == NULL) { 570 threadState = IPCThreadState::self(); 571 } 572 if ((threadState->getLastTransactionBinderFlags() & 573 IBinder::FLAG_ONEWAY) != 0) { 574 // For one-way calls, the callee is running entirely 575 // disconnected from the caller, so disable StrictMode entirely. 576 // Not only does disk/network usage not impact the caller, but 577 // there's no way to commuicate back any violations anyway. 578 threadState->setStrictModePolicy(0); 579 } else { 580 threadState->setStrictModePolicy(strictPolicy); 581 } 582 const String16 str(readString16()); 583 if (str == interface) { 584 return true; 585 } else { 586 ALOGW("**** enforceInterface() expected '%s' but read '%s'", 587 String8(interface).string(), String8(str).string()); 588 return false; 589 } 590} 591 592const binder_size_t* Parcel::objects() const 593{ 594 return mObjects; 595} 596 597size_t Parcel::objectsCount() const 598{ 599 return mObjectsSize; 600} 601 602status_t Parcel::errorCheck() const 603{ 604 return mError; 605} 606 607void Parcel::setError(status_t err) 608{ 609 mError = err; 610} 611 612status_t Parcel::finishWrite(size_t len) 613{ 614 if (len > INT32_MAX) { 615 // don't accept size_t values which may have come from an 616 // inadvertent conversion from a negative int. 617 return BAD_VALUE; 618 } 619 620 //printf("Finish write of %d\n", len); 621 mDataPos += len; 622 ALOGV("finishWrite Setting data pos of %p to %zu", this, mDataPos); 623 if (mDataPos > mDataSize) { 624 mDataSize = mDataPos; 625 ALOGV("finishWrite Setting data size of %p to %zu", this, mDataSize); 626 } 627 //printf("New pos=%d, size=%d\n", mDataPos, mDataSize); 628 return NO_ERROR; 629} 630 631status_t Parcel::writeUnpadded(const void* data, size_t len) 632{ 633 if (len > INT32_MAX) { 634 // don't accept size_t values which may have come from an 635 // inadvertent conversion from a negative int. 636 return BAD_VALUE; 637 } 638 639 size_t end = mDataPos + len; 640 if (end < mDataPos) { 641 // integer overflow 642 return BAD_VALUE; 643 } 644 645 if (end <= mDataCapacity) { 646restart_write: 647 memcpy(mData+mDataPos, data, len); 648 return finishWrite(len); 649 } 650 651 status_t err = growData(len); 652 if (err == NO_ERROR) goto restart_write; 653 return err; 654} 655 656status_t Parcel::write(const void* data, size_t len) 657{ 658 if (len > INT32_MAX) { 659 // don't accept size_t values which may have come from an 660 // inadvertent conversion from a negative int. 661 return BAD_VALUE; 662 } 663 664 void* const d = writeInplace(len); 665 if (d) { 666 memcpy(d, data, len); 667 return NO_ERROR; 668 } 669 return mError; 670} 671 672void* Parcel::writeInplace(size_t len) 673{ 674 if (len > INT32_MAX) { 675 // don't accept size_t values which may have come from an 676 // inadvertent conversion from a negative int. 677 return NULL; 678 } 679 680 const size_t padded = pad_size(len); 681 682 // sanity check for integer overflow 683 if (mDataPos+padded < mDataPos) { 684 return NULL; 685 } 686 687 if ((mDataPos+padded) <= mDataCapacity) { 688restart_write: 689 //printf("Writing %ld bytes, padded to %ld\n", len, padded); 690 uint8_t* const data = mData+mDataPos; 691 692 // Need to pad at end? 693 if (padded != len) { 694#if BYTE_ORDER == BIG_ENDIAN 695 static const uint32_t mask[4] = { 696 0x00000000, 0xffffff00, 0xffff0000, 0xff000000 697 }; 698#endif 699#if BYTE_ORDER == LITTLE_ENDIAN 700 static const uint32_t mask[4] = { 701 0x00000000, 0x00ffffff, 0x0000ffff, 0x000000ff 702 }; 703#endif 704 //printf("Applying pad mask: %p to %p\n", (void*)mask[padded-len], 705 // *reinterpret_cast<void**>(data+padded-4)); 706 *reinterpret_cast<uint32_t*>(data+padded-4) &= mask[padded-len]; 707 } 708 709 finishWrite(padded); 710 return data; 711 } 712 713 status_t err = growData(padded); 714 if (err == NO_ERROR) goto restart_write; 715 return NULL; 716} 717 718status_t Parcel::writeByteVector(const std::vector<int8_t>& val) 719{ 720 status_t status; 721 if (val.size() > std::numeric_limits<int32_t>::max()) { 722 status = BAD_VALUE; 723 return status; 724 } 725 726 status = writeInt32(val.size()); 727 if (status != OK) { 728 return status; 729 } 730 731 void* data = writeInplace(val.size()); 732 if (!data) { 733 status = BAD_VALUE; 734 return status; 735 } 736 737 memcpy(data, val.data(), val.size()); 738 return status; 739} 740 741status_t Parcel::writeInt32Vector(const std::vector<int32_t>& val) 742{ 743 return writeTypedVector(val, &Parcel::writeInt32); 744} 745 746status_t Parcel::writeInt64Vector(const std::vector<int64_t>& val) 747{ 748 return writeTypedVector(val, &Parcel::writeInt64); 749} 750 751status_t Parcel::writeFloatVector(const std::vector<float>& val) 752{ 753 return writeTypedVector(val, &Parcel::writeFloat); 754} 755 756status_t Parcel::writeDoubleVector(const std::vector<double>& val) 757{ 758 return writeTypedVector(val, &Parcel::writeDouble); 759} 760 761status_t Parcel::writeBoolVector(const std::vector<bool>& val) 762{ 763 return writeTypedVector(val, &Parcel::writeBool); 764} 765 766status_t Parcel::writeCharVector(const std::vector<char16_t>& val) 767{ 768 return writeTypedVector(val, &Parcel::writeChar); 769} 770 771status_t Parcel::writeString16Vector(const std::vector<String16>& val) 772{ 773 return writeTypedVector(val, &Parcel::writeString16); 774} 775 776status_t Parcel::writeInt32(int32_t val) 777{ 778 return writeAligned(val); 779} 780 781status_t Parcel::writeUint32(uint32_t val) 782{ 783 return writeAligned(val); 784} 785 786status_t Parcel::writeInt32Array(size_t len, const int32_t *val) { 787 if (len > INT32_MAX) { 788 // don't accept size_t values which may have come from an 789 // inadvertent conversion from a negative int. 790 return BAD_VALUE; 791 } 792 793 if (!val) { 794 return writeInt32(-1); 795 } 796 status_t ret = writeInt32(static_cast<uint32_t>(len)); 797 if (ret == NO_ERROR) { 798 ret = write(val, len * sizeof(*val)); 799 } 800 return ret; 801} 802status_t Parcel::writeByteArray(size_t len, const uint8_t *val) { 803 if (len > INT32_MAX) { 804 // don't accept size_t values which may have come from an 805 // inadvertent conversion from a negative int. 806 return BAD_VALUE; 807 } 808 809 if (!val) { 810 return writeInt32(-1); 811 } 812 status_t ret = writeInt32(static_cast<uint32_t>(len)); 813 if (ret == NO_ERROR) { 814 ret = write(val, len * sizeof(*val)); 815 } 816 return ret; 817} 818 819status_t Parcel::writeBool(bool val) 820{ 821 return writeInt32(int32_t(val)); 822} 823 824status_t Parcel::writeChar(char16_t val) 825{ 826 return writeInt32(int32_t(val)); 827} 828 829status_t Parcel::writeByte(int8_t val) 830{ 831 return writeInt32(int32_t(val)); 832} 833 834status_t Parcel::writeInt64(int64_t val) 835{ 836 return writeAligned(val); 837} 838 839status_t Parcel::writeUint64(uint64_t val) 840{ 841 return writeAligned(val); 842} 843 844status_t Parcel::writePointer(uintptr_t val) 845{ 846 return writeAligned<binder_uintptr_t>(val); 847} 848 849status_t Parcel::writeFloat(float val) 850{ 851 return writeAligned(val); 852} 853 854#if defined(__mips__) && defined(__mips_hard_float) 855 856status_t Parcel::writeDouble(double val) 857{ 858 union { 859 double d; 860 unsigned long long ll; 861 } u; 862 u.d = val; 863 return writeAligned(u.ll); 864} 865 866#else 867 868status_t Parcel::writeDouble(double val) 869{ 870 return writeAligned(val); 871} 872 873#endif 874 875status_t Parcel::writeCString(const char* str) 876{ 877 return write(str, strlen(str)+1); 878} 879 880status_t Parcel::writeString8(const String8& str) 881{ 882 status_t err = writeInt32(str.bytes()); 883 // only write string if its length is more than zero characters, 884 // as readString8 will only read if the length field is non-zero. 885 // this is slightly different from how writeString16 works. 886 if (str.bytes() > 0 && err == NO_ERROR) { 887 err = write(str.string(), str.bytes()+1); 888 } 889 return err; 890} 891 892status_t Parcel::writeString16(const String16& str) 893{ 894 return writeString16(str.string(), str.size()); 895} 896 897status_t Parcel::writeString16(const char16_t* str, size_t len) 898{ 899 if (str == NULL) return writeInt32(-1); 900 901 status_t err = writeInt32(len); 902 if (err == NO_ERROR) { 903 len *= sizeof(char16_t); 904 uint8_t* data = (uint8_t*)writeInplace(len+sizeof(char16_t)); 905 if (data) { 906 memcpy(data, str, len); 907 *reinterpret_cast<char16_t*>(data+len) = 0; 908 return NO_ERROR; 909 } 910 err = mError; 911 } 912 return err; 913} 914 915status_t Parcel::writeStrongBinder(const sp<IBinder>& val) 916{ 917 return flatten_binder(ProcessState::self(), val, this); 918} 919 920status_t Parcel::writeStrongBinderVector(const std::vector<sp<IBinder>>& val) 921{ 922 return writeTypedVector(val, &Parcel::writeStrongBinder); 923} 924 925status_t Parcel::readStrongBinderVector(std::vector<sp<IBinder>>* val) const { 926 return readTypedVector(val, &Parcel::readStrongBinder); 927} 928 929status_t Parcel::writeWeakBinder(const wp<IBinder>& val) 930{ 931 return flatten_binder(ProcessState::self(), val, this); 932} 933 934status_t Parcel::writeParcelable(const Parcelable& parcelable) { 935 status_t status = writeInt32(1); // parcelable is not null. 936 if (status != OK) { 937 return status; 938 } 939 return parcelable.writeToParcel(this); 940} 941 942status_t Parcel::writeNativeHandle(const native_handle* handle) 943{ 944 if (!handle || handle->version != sizeof(native_handle)) 945 return BAD_TYPE; 946 947 status_t err; 948 err = writeInt32(handle->numFds); 949 if (err != NO_ERROR) return err; 950 951 err = writeInt32(handle->numInts); 952 if (err != NO_ERROR) return err; 953 954 for (int i=0 ; err==NO_ERROR && i<handle->numFds ; i++) 955 err = writeDupFileDescriptor(handle->data[i]); 956 957 if (err != NO_ERROR) { 958 ALOGD("write native handle, write dup fd failed"); 959 return err; 960 } 961 err = write(handle->data + handle->numFds, sizeof(int)*handle->numInts); 962 return err; 963} 964 965status_t Parcel::writeFileDescriptor(int fd, bool takeOwnership) 966{ 967 flat_binder_object obj; 968 obj.type = BINDER_TYPE_FD; 969 obj.flags = 0x7f | FLAT_BINDER_FLAG_ACCEPTS_FDS; 970 obj.binder = 0; /* Don't pass uninitialized stack data to a remote process */ 971 obj.handle = fd; 972 obj.cookie = takeOwnership ? 1 : 0; 973 return writeObject(obj, true); 974} 975 976status_t Parcel::writeDupFileDescriptor(int fd) 977{ 978 int dupFd = dup(fd); 979 if (dupFd < 0) { 980 return -errno; 981 } 982 status_t err = writeFileDescriptor(dupFd, true /*takeOwnership*/); 983 if (err != OK) { 984 close(dupFd); 985 } 986 return err; 987} 988 989status_t Parcel::writeUniqueFileDescriptor(const ScopedFd& fd) { 990 return writeDupFileDescriptor(fd.get()); 991} 992 993status_t Parcel::writeUniqueFileDescriptorVector(const std::vector<ScopedFd>& val) { 994 return writeTypedVector(val, &Parcel::writeUniqueFileDescriptor); 995} 996 997status_t Parcel::writeBlob(size_t len, bool mutableCopy, WritableBlob* outBlob) 998{ 999 if (len > INT32_MAX) { 1000 // don't accept size_t values which may have come from an 1001 // inadvertent conversion from a negative int. 1002 return BAD_VALUE; 1003 } 1004 1005 status_t status; 1006 if (!mAllowFds || len <= BLOB_INPLACE_LIMIT) { 1007 ALOGV("writeBlob: write in place"); 1008 status = writeInt32(BLOB_INPLACE); 1009 if (status) return status; 1010 1011 void* ptr = writeInplace(len); 1012 if (!ptr) return NO_MEMORY; 1013 1014 outBlob->init(-1, ptr, len, false); 1015 return NO_ERROR; 1016 } 1017 1018 ALOGV("writeBlob: write to ashmem"); 1019 int fd = ashmem_create_region("Parcel Blob", len); 1020 if (fd < 0) return NO_MEMORY; 1021 1022 mBlobAshmemSize += len; 1023 1024 int result = ashmem_set_prot_region(fd, PROT_READ | PROT_WRITE); 1025 if (result < 0) { 1026 status = result; 1027 } else { 1028 void* ptr = ::mmap(NULL, len, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); 1029 if (ptr == MAP_FAILED) { 1030 status = -errno; 1031 } else { 1032 if (!mutableCopy) { 1033 result = ashmem_set_prot_region(fd, PROT_READ); 1034 } 1035 if (result < 0) { 1036 status = result; 1037 } else { 1038 status = writeInt32(mutableCopy ? BLOB_ASHMEM_MUTABLE : BLOB_ASHMEM_IMMUTABLE); 1039 if (!status) { 1040 status = writeFileDescriptor(fd, true /*takeOwnership*/); 1041 if (!status) { 1042 outBlob->init(fd, ptr, len, mutableCopy); 1043 return NO_ERROR; 1044 } 1045 } 1046 } 1047 } 1048 ::munmap(ptr, len); 1049 } 1050 ::close(fd); 1051 return status; 1052} 1053 1054status_t Parcel::writeDupImmutableBlobFileDescriptor(int fd) 1055{ 1056 // Must match up with what's done in writeBlob. 1057 if (!mAllowFds) return FDS_NOT_ALLOWED; 1058 status_t status = writeInt32(BLOB_ASHMEM_IMMUTABLE); 1059 if (status) return status; 1060 return writeDupFileDescriptor(fd); 1061} 1062 1063status_t Parcel::write(const FlattenableHelperInterface& val) 1064{ 1065 status_t err; 1066 1067 // size if needed 1068 const size_t len = val.getFlattenedSize(); 1069 const size_t fd_count = val.getFdCount(); 1070 1071 if ((len > INT32_MAX) || (fd_count > INT32_MAX)) { 1072 // don't accept size_t values which may have come from an 1073 // inadvertent conversion from a negative int. 1074 return BAD_VALUE; 1075 } 1076 1077 err = this->writeInt32(len); 1078 if (err) return err; 1079 1080 err = this->writeInt32(fd_count); 1081 if (err) return err; 1082 1083 // payload 1084 void* const buf = this->writeInplace(pad_size(len)); 1085 if (buf == NULL) 1086 return BAD_VALUE; 1087 1088 int* fds = NULL; 1089 if (fd_count) { 1090 fds = new int[fd_count]; 1091 } 1092 1093 err = val.flatten(buf, len, fds, fd_count); 1094 for (size_t i=0 ; i<fd_count && err==NO_ERROR ; i++) { 1095 err = this->writeDupFileDescriptor( fds[i] ); 1096 } 1097 1098 if (fd_count) { 1099 delete [] fds; 1100 } 1101 1102 return err; 1103} 1104 1105status_t Parcel::writeObject(const flat_binder_object& val, bool nullMetaData) 1106{ 1107 const bool enoughData = (mDataPos+sizeof(val)) <= mDataCapacity; 1108 const bool enoughObjects = mObjectsSize < mObjectsCapacity; 1109 if (enoughData && enoughObjects) { 1110restart_write: 1111 *reinterpret_cast<flat_binder_object*>(mData+mDataPos) = val; 1112 1113 // remember if it's a file descriptor 1114 if (val.type == BINDER_TYPE_FD) { 1115 if (!mAllowFds) { 1116 // fail before modifying our object index 1117 return FDS_NOT_ALLOWED; 1118 } 1119 mHasFds = mFdsKnown = true; 1120 } 1121 1122 // Need to write meta-data? 1123 if (nullMetaData || val.binder != 0) { 1124 mObjects[mObjectsSize] = mDataPos; 1125 acquire_object(ProcessState::self(), val, this); 1126 mObjectsSize++; 1127 } 1128 1129 return finishWrite(sizeof(flat_binder_object)); 1130 } 1131 1132 if (!enoughData) { 1133 const status_t err = growData(sizeof(val)); 1134 if (err != NO_ERROR) return err; 1135 } 1136 if (!enoughObjects) { 1137 size_t newSize = ((mObjectsSize+2)*3)/2; 1138 if (newSize < mObjectsSize) return NO_MEMORY; // overflow 1139 binder_size_t* objects = (binder_size_t*)realloc(mObjects, newSize*sizeof(binder_size_t)); 1140 if (objects == NULL) return NO_MEMORY; 1141 mObjects = objects; 1142 mObjectsCapacity = newSize; 1143 } 1144 1145 goto restart_write; 1146} 1147 1148status_t Parcel::writeNoException() 1149{ 1150 binder::Status status; 1151 return status.writeToParcel(this); 1152} 1153 1154void Parcel::remove(size_t /*start*/, size_t /*amt*/) 1155{ 1156 LOG_ALWAYS_FATAL("Parcel::remove() not yet implemented!"); 1157} 1158 1159status_t Parcel::read(void* outData, size_t len) const 1160{ 1161 if (len > INT32_MAX) { 1162 // don't accept size_t values which may have come from an 1163 // inadvertent conversion from a negative int. 1164 return BAD_VALUE; 1165 } 1166 1167 if ((mDataPos+pad_size(len)) >= mDataPos && (mDataPos+pad_size(len)) <= mDataSize 1168 && len <= pad_size(len)) { 1169 memcpy(outData, mData+mDataPos, len); 1170 mDataPos += pad_size(len); 1171 ALOGV("read Setting data pos of %p to %zu", this, mDataPos); 1172 return NO_ERROR; 1173 } 1174 return NOT_ENOUGH_DATA; 1175} 1176 1177const void* Parcel::readInplace(size_t len) const 1178{ 1179 if (len > INT32_MAX) { 1180 // don't accept size_t values which may have come from an 1181 // inadvertent conversion from a negative int. 1182 return NULL; 1183 } 1184 1185 if ((mDataPos+pad_size(len)) >= mDataPos && (mDataPos+pad_size(len)) <= mDataSize 1186 && len <= pad_size(len)) { 1187 const void* data = mData+mDataPos; 1188 mDataPos += pad_size(len); 1189 ALOGV("readInplace Setting data pos of %p to %zu", this, mDataPos); 1190 return data; 1191 } 1192 return NULL; 1193} 1194 1195template<class T> 1196status_t Parcel::readAligned(T *pArg) const { 1197 COMPILE_TIME_ASSERT_FUNCTION_SCOPE(PAD_SIZE_UNSAFE(sizeof(T)) == sizeof(T)); 1198 1199 if ((mDataPos+sizeof(T)) <= mDataSize) { 1200 const void* data = mData+mDataPos; 1201 mDataPos += sizeof(T); 1202 *pArg = *reinterpret_cast<const T*>(data); 1203 return NO_ERROR; 1204 } else { 1205 return NOT_ENOUGH_DATA; 1206 } 1207} 1208 1209template<class T> 1210T Parcel::readAligned() const { 1211 T result; 1212 if (readAligned(&result) != NO_ERROR) { 1213 result = 0; 1214 } 1215 1216 return result; 1217} 1218 1219template<class T> 1220status_t Parcel::writeAligned(T val) { 1221 COMPILE_TIME_ASSERT_FUNCTION_SCOPE(PAD_SIZE_UNSAFE(sizeof(T)) == sizeof(T)); 1222 1223 if ((mDataPos+sizeof(val)) <= mDataCapacity) { 1224restart_write: 1225 *reinterpret_cast<T*>(mData+mDataPos) = val; 1226 return finishWrite(sizeof(val)); 1227 } 1228 1229 status_t err = growData(sizeof(val)); 1230 if (err == NO_ERROR) goto restart_write; 1231 return err; 1232} 1233 1234status_t Parcel::readByteVector(std::vector<int8_t>* val) const { 1235 val->clear(); 1236 1237 int32_t size; 1238 status_t status = readInt32(&size); 1239 1240 if (status != OK) { 1241 return status; 1242 } 1243 1244 if (size < 0) { 1245 status = UNEXPECTED_NULL; 1246 return status; 1247 } 1248 if (size_t(size) > dataAvail()) { 1249 status = BAD_VALUE; 1250 return status; 1251 } 1252 1253 const void* data = readInplace(size); 1254 if (!data) { 1255 status = BAD_VALUE; 1256 return status; 1257 } 1258 val->resize(size); 1259 memcpy(val->data(), data, size); 1260 1261 return status; 1262} 1263 1264status_t Parcel::readInt32Vector(std::vector<int32_t>* val) const { 1265 return readTypedVector(val, &Parcel::readInt32); 1266} 1267 1268status_t Parcel::readInt64Vector(std::vector<int64_t>* val) const { 1269 return readTypedVector(val, &Parcel::readInt64); 1270} 1271 1272status_t Parcel::readFloatVector(std::vector<float>* val) const { 1273 return readTypedVector(val, &Parcel::readFloat); 1274} 1275 1276status_t Parcel::readDoubleVector(std::vector<double>* val) const { 1277 return readTypedVector(val, &Parcel::readDouble); 1278} 1279 1280status_t Parcel::readBoolVector(std::vector<bool>* val) const { 1281 val->clear(); 1282 1283 int32_t size; 1284 status_t status = readInt32(&size); 1285 1286 if (status != OK) { 1287 return status; 1288 } 1289 1290 if (size < 0) { 1291 return UNEXPECTED_NULL; 1292 } 1293 1294 val->resize(size); 1295 1296 /* C++ bool handling means a vector of bools isn't necessarily addressable 1297 * (we might use individual bits) 1298 */ 1299 bool data; 1300 for (int32_t i = 0; i < size; ++i) { 1301 status = readBool(&data); 1302 (*val)[i] = data; 1303 1304 if (status != OK) { 1305 return status; 1306 } 1307 } 1308 1309 return OK; 1310} 1311 1312status_t Parcel::readCharVector(std::vector<char16_t>* val) const { 1313 return readTypedVector(val, &Parcel::readChar); 1314} 1315 1316status_t Parcel::readString16Vector(std::vector<String16>* val) const { 1317 return readTypedVector(val, &Parcel::readString16); 1318} 1319 1320 1321status_t Parcel::readInt32(int32_t *pArg) const 1322{ 1323 return readAligned(pArg); 1324} 1325 1326int32_t Parcel::readInt32() const 1327{ 1328 return readAligned<int32_t>(); 1329} 1330 1331status_t Parcel::readUint32(uint32_t *pArg) const 1332{ 1333 return readAligned(pArg); 1334} 1335 1336uint32_t Parcel::readUint32() const 1337{ 1338 return readAligned<uint32_t>(); 1339} 1340 1341status_t Parcel::readInt64(int64_t *pArg) const 1342{ 1343 return readAligned(pArg); 1344} 1345 1346 1347int64_t Parcel::readInt64() const 1348{ 1349 return readAligned<int64_t>(); 1350} 1351 1352status_t Parcel::readUint64(uint64_t *pArg) const 1353{ 1354 return readAligned(pArg); 1355} 1356 1357uint64_t Parcel::readUint64() const 1358{ 1359 return readAligned<uint64_t>(); 1360} 1361 1362status_t Parcel::readPointer(uintptr_t *pArg) const 1363{ 1364 status_t ret; 1365 binder_uintptr_t ptr; 1366 ret = readAligned(&ptr); 1367 if (!ret) 1368 *pArg = ptr; 1369 return ret; 1370} 1371 1372uintptr_t Parcel::readPointer() const 1373{ 1374 return readAligned<binder_uintptr_t>(); 1375} 1376 1377 1378status_t Parcel::readFloat(float *pArg) const 1379{ 1380 return readAligned(pArg); 1381} 1382 1383 1384float Parcel::readFloat() const 1385{ 1386 return readAligned<float>(); 1387} 1388 1389#if defined(__mips__) && defined(__mips_hard_float) 1390 1391status_t Parcel::readDouble(double *pArg) const 1392{ 1393 union { 1394 double d; 1395 unsigned long long ll; 1396 } u; 1397 u.d = 0; 1398 status_t status; 1399 status = readAligned(&u.ll); 1400 *pArg = u.d; 1401 return status; 1402} 1403 1404double Parcel::readDouble() const 1405{ 1406 union { 1407 double d; 1408 unsigned long long ll; 1409 } u; 1410 u.ll = readAligned<unsigned long long>(); 1411 return u.d; 1412} 1413 1414#else 1415 1416status_t Parcel::readDouble(double *pArg) const 1417{ 1418 return readAligned(pArg); 1419} 1420 1421double Parcel::readDouble() const 1422{ 1423 return readAligned<double>(); 1424} 1425 1426#endif 1427 1428status_t Parcel::readIntPtr(intptr_t *pArg) const 1429{ 1430 return readAligned(pArg); 1431} 1432 1433 1434intptr_t Parcel::readIntPtr() const 1435{ 1436 return readAligned<intptr_t>(); 1437} 1438 1439status_t Parcel::readBool(bool *pArg) const 1440{ 1441 int32_t tmp; 1442 status_t ret = readInt32(&tmp); 1443 *pArg = (tmp != 0); 1444 return ret; 1445} 1446 1447bool Parcel::readBool() const 1448{ 1449 return readInt32() != 0; 1450} 1451 1452status_t Parcel::readChar(char16_t *pArg) const 1453{ 1454 int32_t tmp; 1455 status_t ret = readInt32(&tmp); 1456 *pArg = char16_t(tmp); 1457 return ret; 1458} 1459 1460char16_t Parcel::readChar() const 1461{ 1462 return char16_t(readInt32()); 1463} 1464 1465status_t Parcel::readByte(int8_t *pArg) const 1466{ 1467 int32_t tmp; 1468 status_t ret = readInt32(&tmp); 1469 *pArg = int8_t(tmp); 1470 return ret; 1471} 1472 1473int8_t Parcel::readByte() const 1474{ 1475 return int8_t(readInt32()); 1476} 1477 1478const char* Parcel::readCString() const 1479{ 1480 const size_t avail = mDataSize-mDataPos; 1481 if (avail > 0) { 1482 const char* str = reinterpret_cast<const char*>(mData+mDataPos); 1483 // is the string's trailing NUL within the parcel's valid bounds? 1484 const char* eos = reinterpret_cast<const char*>(memchr(str, 0, avail)); 1485 if (eos) { 1486 const size_t len = eos - str; 1487 mDataPos += pad_size(len+1); 1488 ALOGV("readCString Setting data pos of %p to %zu", this, mDataPos); 1489 return str; 1490 } 1491 } 1492 return NULL; 1493} 1494 1495String8 Parcel::readString8() const 1496{ 1497 int32_t size = readInt32(); 1498 // watch for potential int overflow adding 1 for trailing NUL 1499 if (size > 0 && size < INT32_MAX) { 1500 const char* str = (const char*)readInplace(size+1); 1501 if (str) return String8(str, size); 1502 } 1503 return String8(); 1504} 1505 1506String16 Parcel::readString16() const 1507{ 1508 size_t len; 1509 const char16_t* str = readString16Inplace(&len); 1510 if (str) return String16(str, len); 1511 ALOGE("Reading a NULL string not supported here."); 1512 return String16(); 1513} 1514 1515status_t Parcel::readString16(String16* pArg) const 1516{ 1517 size_t len; 1518 const char16_t* str = readString16Inplace(&len); 1519 if (str) { 1520 pArg->setTo(str, len); 1521 return 0; 1522 } else { 1523 *pArg = String16(); 1524 return UNEXPECTED_NULL; 1525 } 1526} 1527 1528const char16_t* Parcel::readString16Inplace(size_t* outLen) const 1529{ 1530 int32_t size = readInt32(); 1531 // watch for potential int overflow from size+1 1532 if (size >= 0 && size < INT32_MAX) { 1533 *outLen = size; 1534 const char16_t* str = (const char16_t*)readInplace((size+1)*sizeof(char16_t)); 1535 if (str != NULL) { 1536 return str; 1537 } 1538 } 1539 *outLen = 0; 1540 return NULL; 1541} 1542 1543status_t Parcel::readStrongBinder(sp<IBinder>* val) const 1544{ 1545 return unflatten_binder(ProcessState::self(), *this, val); 1546} 1547 1548sp<IBinder> Parcel::readStrongBinder() const 1549{ 1550 sp<IBinder> val; 1551 readStrongBinder(&val); 1552 return val; 1553} 1554 1555wp<IBinder> Parcel::readWeakBinder() const 1556{ 1557 wp<IBinder> val; 1558 unflatten_binder(ProcessState::self(), *this, &val); 1559 return val; 1560} 1561 1562status_t Parcel::readParcelable(Parcelable* parcelable) const { 1563 int32_t have_parcelable = 0; 1564 status_t status = readInt32(&have_parcelable); 1565 if (status != OK) { 1566 return status; 1567 } 1568 if (!have_parcelable) { 1569 return UNEXPECTED_NULL; 1570 } 1571 return parcelable->readFromParcel(this); 1572} 1573 1574int32_t Parcel::readExceptionCode() const 1575{ 1576 binder::Status status; 1577 status.readFromParcel(*this); 1578 return status.exceptionCode(); 1579} 1580 1581native_handle* Parcel::readNativeHandle() const 1582{ 1583 int numFds, numInts; 1584 status_t err; 1585 err = readInt32(&numFds); 1586 if (err != NO_ERROR) return 0; 1587 err = readInt32(&numInts); 1588 if (err != NO_ERROR) return 0; 1589 1590 native_handle* h = native_handle_create(numFds, numInts); 1591 if (!h) { 1592 return 0; 1593 } 1594 1595 for (int i=0 ; err==NO_ERROR && i<numFds ; i++) { 1596 h->data[i] = dup(readFileDescriptor()); 1597 if (h->data[i] < 0) err = BAD_VALUE; 1598 } 1599 err = read(h->data + numFds, sizeof(int)*numInts); 1600 if (err != NO_ERROR) { 1601 native_handle_close(h); 1602 native_handle_delete(h); 1603 h = 0; 1604 } 1605 return h; 1606} 1607 1608 1609int Parcel::readFileDescriptor() const 1610{ 1611 const flat_binder_object* flat = readObject(true); 1612 1613 if (flat && flat->type == BINDER_TYPE_FD) { 1614 return flat->handle; 1615 } 1616 1617 return BAD_TYPE; 1618} 1619 1620status_t Parcel::readUniqueFileDescriptor(ScopedFd* val) const 1621{ 1622 int got = readFileDescriptor(); 1623 1624 if (got == BAD_TYPE) { 1625 return BAD_TYPE; 1626 } 1627 1628 val->reset(dup(got)); 1629 1630 if (val->get() < 0) { 1631 return BAD_VALUE; 1632 } 1633 1634 return OK; 1635} 1636 1637 1638status_t Parcel::readUniqueFileDescriptorVector(std::vector<ScopedFd>* val) const { 1639 return readTypedVector(val, &Parcel::readUniqueFileDescriptor); 1640} 1641 1642status_t Parcel::readBlob(size_t len, ReadableBlob* outBlob) const 1643{ 1644 int32_t blobType; 1645 status_t status = readInt32(&blobType); 1646 if (status) return status; 1647 1648 if (blobType == BLOB_INPLACE) { 1649 ALOGV("readBlob: read in place"); 1650 const void* ptr = readInplace(len); 1651 if (!ptr) return BAD_VALUE; 1652 1653 outBlob->init(-1, const_cast<void*>(ptr), len, false); 1654 return NO_ERROR; 1655 } 1656 1657 ALOGV("readBlob: read from ashmem"); 1658 bool isMutable = (blobType == BLOB_ASHMEM_MUTABLE); 1659 int fd = readFileDescriptor(); 1660 if (fd == int(BAD_TYPE)) return BAD_VALUE; 1661 1662 void* ptr = ::mmap(NULL, len, isMutable ? PROT_READ | PROT_WRITE : PROT_READ, 1663 MAP_SHARED, fd, 0); 1664 if (ptr == MAP_FAILED) return NO_MEMORY; 1665 1666 outBlob->init(fd, ptr, len, isMutable); 1667 return NO_ERROR; 1668} 1669 1670status_t Parcel::read(FlattenableHelperInterface& val) const 1671{ 1672 // size 1673 const size_t len = this->readInt32(); 1674 const size_t fd_count = this->readInt32(); 1675 1676 if (len > INT32_MAX) { 1677 // don't accept size_t values which may have come from an 1678 // inadvertent conversion from a negative int. 1679 return BAD_VALUE; 1680 } 1681 1682 // payload 1683 void const* const buf = this->readInplace(pad_size(len)); 1684 if (buf == NULL) 1685 return BAD_VALUE; 1686 1687 int* fds = NULL; 1688 if (fd_count) { 1689 fds = new int[fd_count]; 1690 } 1691 1692 status_t err = NO_ERROR; 1693 for (size_t i=0 ; i<fd_count && err==NO_ERROR ; i++) { 1694 fds[i] = dup(this->readFileDescriptor()); 1695 if (fds[i] < 0) { 1696 err = BAD_VALUE; 1697 ALOGE("dup() failed in Parcel::read, i is %zu, fds[i] is %d, fd_count is %zu, error: %s", 1698 i, fds[i], fd_count, strerror(errno)); 1699 } 1700 } 1701 1702 if (err == NO_ERROR) { 1703 err = val.unflatten(buf, len, fds, fd_count); 1704 } 1705 1706 if (fd_count) { 1707 delete [] fds; 1708 } 1709 1710 return err; 1711} 1712const flat_binder_object* Parcel::readObject(bool nullMetaData) const 1713{ 1714 const size_t DPOS = mDataPos; 1715 if ((DPOS+sizeof(flat_binder_object)) <= mDataSize) { 1716 const flat_binder_object* obj 1717 = reinterpret_cast<const flat_binder_object*>(mData+DPOS); 1718 mDataPos = DPOS + sizeof(flat_binder_object); 1719 if (!nullMetaData && (obj->cookie == 0 && obj->binder == 0)) { 1720 // When transferring a NULL object, we don't write it into 1721 // the object list, so we don't want to check for it when 1722 // reading. 1723 ALOGV("readObject Setting data pos of %p to %zu", this, mDataPos); 1724 return obj; 1725 } 1726 1727 // Ensure that this object is valid... 1728 binder_size_t* const OBJS = mObjects; 1729 const size_t N = mObjectsSize; 1730 size_t opos = mNextObjectHint; 1731 1732 if (N > 0) { 1733 ALOGV("Parcel %p looking for obj at %zu, hint=%zu", 1734 this, DPOS, opos); 1735 1736 // Start at the current hint position, looking for an object at 1737 // the current data position. 1738 if (opos < N) { 1739 while (opos < (N-1) && OBJS[opos] < DPOS) { 1740 opos++; 1741 } 1742 } else { 1743 opos = N-1; 1744 } 1745 if (OBJS[opos] == DPOS) { 1746 // Found it! 1747 ALOGV("Parcel %p found obj %zu at index %zu with forward search", 1748 this, DPOS, opos); 1749 mNextObjectHint = opos+1; 1750 ALOGV("readObject Setting data pos of %p to %zu", this, mDataPos); 1751 return obj; 1752 } 1753 1754 // Look backwards for it... 1755 while (opos > 0 && OBJS[opos] > DPOS) { 1756 opos--; 1757 } 1758 if (OBJS[opos] == DPOS) { 1759 // Found it! 1760 ALOGV("Parcel %p found obj %zu at index %zu with backward search", 1761 this, DPOS, opos); 1762 mNextObjectHint = opos+1; 1763 ALOGV("readObject Setting data pos of %p to %zu", this, mDataPos); 1764 return obj; 1765 } 1766 } 1767 ALOGW("Attempt to read object from Parcel %p at offset %zu that is not in the object list", 1768 this, DPOS); 1769 } 1770 return NULL; 1771} 1772 1773void Parcel::closeFileDescriptors() 1774{ 1775 size_t i = mObjectsSize; 1776 if (i > 0) { 1777 //ALOGI("Closing file descriptors for %zu objects...", i); 1778 } 1779 while (i > 0) { 1780 i--; 1781 const flat_binder_object* flat 1782 = reinterpret_cast<flat_binder_object*>(mData+mObjects[i]); 1783 if (flat->type == BINDER_TYPE_FD) { 1784 //ALOGI("Closing fd: %ld", flat->handle); 1785 close(flat->handle); 1786 } 1787 } 1788} 1789 1790uintptr_t Parcel::ipcData() const 1791{ 1792 return reinterpret_cast<uintptr_t>(mData); 1793} 1794 1795size_t Parcel::ipcDataSize() const 1796{ 1797 return (mDataSize > mDataPos ? mDataSize : mDataPos); 1798} 1799 1800uintptr_t Parcel::ipcObjects() const 1801{ 1802 return reinterpret_cast<uintptr_t>(mObjects); 1803} 1804 1805size_t Parcel::ipcObjectsCount() const 1806{ 1807 return mObjectsSize; 1808} 1809 1810void Parcel::ipcSetDataReference(const uint8_t* data, size_t dataSize, 1811 const binder_size_t* objects, size_t objectsCount, release_func relFunc, void* relCookie) 1812{ 1813 binder_size_t minOffset = 0; 1814 freeDataNoInit(); 1815 mError = NO_ERROR; 1816 mData = const_cast<uint8_t*>(data); 1817 mDataSize = mDataCapacity = dataSize; 1818 //ALOGI("setDataReference Setting data size of %p to %lu (pid=%d)", this, mDataSize, getpid()); 1819 mDataPos = 0; 1820 ALOGV("setDataReference Setting data pos of %p to %zu", this, mDataPos); 1821 mObjects = const_cast<binder_size_t*>(objects); 1822 mObjectsSize = mObjectsCapacity = objectsCount; 1823 mNextObjectHint = 0; 1824 mOwner = relFunc; 1825 mOwnerCookie = relCookie; 1826 for (size_t i = 0; i < mObjectsSize; i++) { 1827 binder_size_t offset = mObjects[i]; 1828 if (offset < minOffset) { 1829 ALOGE("%s: bad object offset %" PRIu64 " < %" PRIu64 "\n", 1830 __func__, (uint64_t)offset, (uint64_t)minOffset); 1831 mObjectsSize = 0; 1832 break; 1833 } 1834 minOffset = offset + sizeof(flat_binder_object); 1835 } 1836 scanForFds(); 1837} 1838 1839void Parcel::print(TextOutput& to, uint32_t /*flags*/) const 1840{ 1841 to << "Parcel("; 1842 1843 if (errorCheck() != NO_ERROR) { 1844 const status_t err = errorCheck(); 1845 to << "Error: " << (void*)(intptr_t)err << " \"" << strerror(-err) << "\""; 1846 } else if (dataSize() > 0) { 1847 const uint8_t* DATA = data(); 1848 to << indent << HexDump(DATA, dataSize()) << dedent; 1849 const binder_size_t* OBJS = objects(); 1850 const size_t N = objectsCount(); 1851 for (size_t i=0; i<N; i++) { 1852 const flat_binder_object* flat 1853 = reinterpret_cast<const flat_binder_object*>(DATA+OBJS[i]); 1854 to << endl << "Object #" << i << " @ " << (void*)OBJS[i] << ": " 1855 << TypeCode(flat->type & 0x7f7f7f00) 1856 << " = " << flat->binder; 1857 } 1858 } else { 1859 to << "NULL"; 1860 } 1861 1862 to << ")"; 1863} 1864 1865void Parcel::releaseObjects() 1866{ 1867 const sp<ProcessState> proc(ProcessState::self()); 1868 size_t i = mObjectsSize; 1869 uint8_t* const data = mData; 1870 binder_size_t* const objects = mObjects; 1871 while (i > 0) { 1872 i--; 1873 const flat_binder_object* flat 1874 = reinterpret_cast<flat_binder_object*>(data+objects[i]); 1875 release_object(proc, *flat, this); 1876 } 1877} 1878 1879void Parcel::acquireObjects() 1880{ 1881 const sp<ProcessState> proc(ProcessState::self()); 1882 size_t i = mObjectsSize; 1883 uint8_t* const data = mData; 1884 binder_size_t* const objects = mObjects; 1885 while (i > 0) { 1886 i--; 1887 const flat_binder_object* flat 1888 = reinterpret_cast<flat_binder_object*>(data+objects[i]); 1889 acquire_object(proc, *flat, this); 1890 } 1891} 1892 1893void Parcel::freeData() 1894{ 1895 freeDataNoInit(); 1896 initState(); 1897} 1898 1899void Parcel::freeDataNoInit() 1900{ 1901 if (mOwner) { 1902 LOG_ALLOC("Parcel %p: freeing other owner data", this); 1903 //ALOGI("Freeing data ref of %p (pid=%d)", this, getpid()); 1904 mOwner(this, mData, mDataSize, mObjects, mObjectsSize, mOwnerCookie); 1905 } else { 1906 LOG_ALLOC("Parcel %p: freeing allocated data", this); 1907 releaseObjects(); 1908 if (mData) { 1909 LOG_ALLOC("Parcel %p: freeing with %zu capacity", this, mDataCapacity); 1910 pthread_mutex_lock(&gParcelGlobalAllocSizeLock); 1911 if (mDataCapacity <= gParcelGlobalAllocSize) { 1912 gParcelGlobalAllocSize = gParcelGlobalAllocSize - mDataCapacity; 1913 } else { 1914 gParcelGlobalAllocSize = 0; 1915 } 1916 if (gParcelGlobalAllocCount > 0) { 1917 gParcelGlobalAllocCount--; 1918 } 1919 pthread_mutex_unlock(&gParcelGlobalAllocSizeLock); 1920 free(mData); 1921 } 1922 if (mObjects) free(mObjects); 1923 } 1924} 1925 1926status_t Parcel::growData(size_t len) 1927{ 1928 if (len > INT32_MAX) { 1929 // don't accept size_t values which may have come from an 1930 // inadvertent conversion from a negative int. 1931 return BAD_VALUE; 1932 } 1933 1934 size_t newSize = ((mDataSize+len)*3)/2; 1935 return (newSize <= mDataSize) 1936 ? (status_t) NO_MEMORY 1937 : continueWrite(newSize); 1938} 1939 1940status_t Parcel::restartWrite(size_t desired) 1941{ 1942 if (desired > INT32_MAX) { 1943 // don't accept size_t values which may have come from an 1944 // inadvertent conversion from a negative int. 1945 return BAD_VALUE; 1946 } 1947 1948 if (mOwner) { 1949 freeData(); 1950 return continueWrite(desired); 1951 } 1952 1953 uint8_t* data = (uint8_t*)realloc(mData, desired); 1954 if (!data && desired > mDataCapacity) { 1955 mError = NO_MEMORY; 1956 return NO_MEMORY; 1957 } 1958 1959 releaseObjects(); 1960 1961 if (data) { 1962 LOG_ALLOC("Parcel %p: restart from %zu to %zu capacity", this, mDataCapacity, desired); 1963 pthread_mutex_lock(&gParcelGlobalAllocSizeLock); 1964 gParcelGlobalAllocSize += desired; 1965 gParcelGlobalAllocSize -= mDataCapacity; 1966 if (!mData) { 1967 gParcelGlobalAllocCount++; 1968 } 1969 pthread_mutex_unlock(&gParcelGlobalAllocSizeLock); 1970 mData = data; 1971 mDataCapacity = desired; 1972 } 1973 1974 mDataSize = mDataPos = 0; 1975 ALOGV("restartWrite Setting data size of %p to %zu", this, mDataSize); 1976 ALOGV("restartWrite Setting data pos of %p to %zu", this, mDataPos); 1977 1978 free(mObjects); 1979 mObjects = NULL; 1980 mObjectsSize = mObjectsCapacity = 0; 1981 mNextObjectHint = 0; 1982 mHasFds = false; 1983 mFdsKnown = true; 1984 mAllowFds = true; 1985 1986 return NO_ERROR; 1987} 1988 1989status_t Parcel::continueWrite(size_t desired) 1990{ 1991 if (desired > INT32_MAX) { 1992 // don't accept size_t values which may have come from an 1993 // inadvertent conversion from a negative int. 1994 return BAD_VALUE; 1995 } 1996 1997 // If shrinking, first adjust for any objects that appear 1998 // after the new data size. 1999 size_t objectsSize = mObjectsSize; 2000 if (desired < mDataSize) { 2001 if (desired == 0) { 2002 objectsSize = 0; 2003 } else { 2004 while (objectsSize > 0) { 2005 if (mObjects[objectsSize-1] < desired) 2006 break; 2007 objectsSize--; 2008 } 2009 } 2010 } 2011 2012 if (mOwner) { 2013 // If the size is going to zero, just release the owner's data. 2014 if (desired == 0) { 2015 freeData(); 2016 return NO_ERROR; 2017 } 2018 2019 // If there is a different owner, we need to take 2020 // posession. 2021 uint8_t* data = (uint8_t*)malloc(desired); 2022 if (!data) { 2023 mError = NO_MEMORY; 2024 return NO_MEMORY; 2025 } 2026 binder_size_t* objects = NULL; 2027 2028 if (objectsSize) { 2029 objects = (binder_size_t*)calloc(objectsSize, sizeof(binder_size_t)); 2030 if (!objects) { 2031 free(data); 2032 2033 mError = NO_MEMORY; 2034 return NO_MEMORY; 2035 } 2036 2037 // Little hack to only acquire references on objects 2038 // we will be keeping. 2039 size_t oldObjectsSize = mObjectsSize; 2040 mObjectsSize = objectsSize; 2041 acquireObjects(); 2042 mObjectsSize = oldObjectsSize; 2043 } 2044 2045 if (mData) { 2046 memcpy(data, mData, mDataSize < desired ? mDataSize : desired); 2047 } 2048 if (objects && mObjects) { 2049 memcpy(objects, mObjects, objectsSize*sizeof(binder_size_t)); 2050 } 2051 //ALOGI("Freeing data ref of %p (pid=%d)", this, getpid()); 2052 mOwner(this, mData, mDataSize, mObjects, mObjectsSize, mOwnerCookie); 2053 mOwner = NULL; 2054 2055 LOG_ALLOC("Parcel %p: taking ownership of %zu capacity", this, desired); 2056 pthread_mutex_lock(&gParcelGlobalAllocSizeLock); 2057 gParcelGlobalAllocSize += desired; 2058 gParcelGlobalAllocCount++; 2059 pthread_mutex_unlock(&gParcelGlobalAllocSizeLock); 2060 2061 mData = data; 2062 mObjects = objects; 2063 mDataSize = (mDataSize < desired) ? mDataSize : desired; 2064 ALOGV("continueWrite Setting data size of %p to %zu", this, mDataSize); 2065 mDataCapacity = desired; 2066 mObjectsSize = mObjectsCapacity = objectsSize; 2067 mNextObjectHint = 0; 2068 2069 } else if (mData) { 2070 if (objectsSize < mObjectsSize) { 2071 // Need to release refs on any objects we are dropping. 2072 const sp<ProcessState> proc(ProcessState::self()); 2073 for (size_t i=objectsSize; i<mObjectsSize; i++) { 2074 const flat_binder_object* flat 2075 = reinterpret_cast<flat_binder_object*>(mData+mObjects[i]); 2076 if (flat->type == BINDER_TYPE_FD) { 2077 // will need to rescan because we may have lopped off the only FDs 2078 mFdsKnown = false; 2079 } 2080 release_object(proc, *flat, this); 2081 } 2082 binder_size_t* objects = 2083 (binder_size_t*)realloc(mObjects, objectsSize*sizeof(binder_size_t)); 2084 if (objects) { 2085 mObjects = objects; 2086 } 2087 mObjectsSize = objectsSize; 2088 mNextObjectHint = 0; 2089 } 2090 2091 // We own the data, so we can just do a realloc(). 2092 if (desired > mDataCapacity) { 2093 uint8_t* data = (uint8_t*)realloc(mData, desired); 2094 if (data) { 2095 LOG_ALLOC("Parcel %p: continue from %zu to %zu capacity", this, mDataCapacity, 2096 desired); 2097 pthread_mutex_lock(&gParcelGlobalAllocSizeLock); 2098 gParcelGlobalAllocSize += desired; 2099 gParcelGlobalAllocSize -= mDataCapacity; 2100 pthread_mutex_unlock(&gParcelGlobalAllocSizeLock); 2101 mData = data; 2102 mDataCapacity = desired; 2103 } else if (desired > mDataCapacity) { 2104 mError = NO_MEMORY; 2105 return NO_MEMORY; 2106 } 2107 } else { 2108 if (mDataSize > desired) { 2109 mDataSize = desired; 2110 ALOGV("continueWrite Setting data size of %p to %zu", this, mDataSize); 2111 } 2112 if (mDataPos > desired) { 2113 mDataPos = desired; 2114 ALOGV("continueWrite Setting data pos of %p to %zu", this, mDataPos); 2115 } 2116 } 2117 2118 } else { 2119 // This is the first data. Easy! 2120 uint8_t* data = (uint8_t*)malloc(desired); 2121 if (!data) { 2122 mError = NO_MEMORY; 2123 return NO_MEMORY; 2124 } 2125 2126 if(!(mDataCapacity == 0 && mObjects == NULL 2127 && mObjectsCapacity == 0)) { 2128 ALOGE("continueWrite: %zu/%p/%zu/%zu", mDataCapacity, mObjects, mObjectsCapacity, desired); 2129 } 2130 2131 LOG_ALLOC("Parcel %p: allocating with %zu capacity", this, desired); 2132 pthread_mutex_lock(&gParcelGlobalAllocSizeLock); 2133 gParcelGlobalAllocSize += desired; 2134 gParcelGlobalAllocCount++; 2135 pthread_mutex_unlock(&gParcelGlobalAllocSizeLock); 2136 2137 mData = data; 2138 mDataSize = mDataPos = 0; 2139 ALOGV("continueWrite Setting data size of %p to %zu", this, mDataSize); 2140 ALOGV("continueWrite Setting data pos of %p to %zu", this, mDataPos); 2141 mDataCapacity = desired; 2142 } 2143 2144 return NO_ERROR; 2145} 2146 2147void Parcel::initState() 2148{ 2149 LOG_ALLOC("Parcel %p: initState", this); 2150 mError = NO_ERROR; 2151 mData = 0; 2152 mDataSize = 0; 2153 mDataCapacity = 0; 2154 mDataPos = 0; 2155 ALOGV("initState Setting data size of %p to %zu", this, mDataSize); 2156 ALOGV("initState Setting data pos of %p to %zu", this, mDataPos); 2157 mObjects = NULL; 2158 mObjectsSize = 0; 2159 mObjectsCapacity = 0; 2160 mNextObjectHint = 0; 2161 mHasFds = false; 2162 mFdsKnown = true; 2163 mAllowFds = true; 2164 mOwner = NULL; 2165 mBlobAshmemSize = 0; 2166} 2167 2168void Parcel::scanForFds() const 2169{ 2170 bool hasFds = false; 2171 for (size_t i=0; i<mObjectsSize; i++) { 2172 const flat_binder_object* flat 2173 = reinterpret_cast<const flat_binder_object*>(mData + mObjects[i]); 2174 if (flat->type == BINDER_TYPE_FD) { 2175 hasFds = true; 2176 break; 2177 } 2178 } 2179 mHasFds = hasFds; 2180 mFdsKnown = true; 2181} 2182 2183size_t Parcel::getBlobAshmemSize() const 2184{ 2185 return mBlobAshmemSize; 2186} 2187 2188// --- Parcel::Blob --- 2189 2190Parcel::Blob::Blob() : 2191 mFd(-1), mData(NULL), mSize(0), mMutable(false) { 2192} 2193 2194Parcel::Blob::~Blob() { 2195 release(); 2196} 2197 2198void Parcel::Blob::release() { 2199 if (mFd != -1 && mData) { 2200 ::munmap(mData, mSize); 2201 } 2202 clear(); 2203} 2204 2205void Parcel::Blob::init(int fd, void* data, size_t size, bool isMutable) { 2206 mFd = fd; 2207 mData = data; 2208 mSize = size; 2209 mMutable = isMutable; 2210} 2211 2212void Parcel::Blob::clear() { 2213 mFd = -1; 2214 mData = NULL; 2215 mSize = 0; 2216 mMutable = false; 2217} 2218 2219}; // namespace android 2220