We now check for fd-legality before committing binder objects to
the flattened data buffer rather than after. Previously we would
wind up corrupting the parcel and incurring driver-level errors,
as well as potentially leaking FDs.
Bug 21428802
Change-Id: Ice0d641b3dcc41fb1b8c68ce2e2ebd744c2863a1
Add functions to allow a client to take over the ashmem region
that was transferred so that it can claim it for its own and
reuse it.
Add support for mutable ashmem regions too.
Bug: 21428802
Change-Id: I16eca338cdb99b07d81fc43573d53ce86dbc60c8
Attempts to replicate Java parceling in native code is fraught with
peril.
Change-Id: I4359036c5dddd1b886d886beef1d060523e53e5f
(cherry picked from commit f47a381001)
When appending one parcel's contents to another, ignore binder
objects within the source Parcel that appear to lie beyond the
formal bounds of that Parcel's data buffer.
Bug 17312693
Change-Id: If592a260f3fcd9a56fc160e7feb2c8b44c73f514
The inputs to native_handle_create can cause an overflowed allocation,
so check the return value of native_handle_create before accessing
the memory it returns.
Bug:19334482
Change-Id: I1f489382776c2a1390793a79dc27ea17baa9b2a2
Will be used by the system_server watchdog to monitor the
availability of binder threads in the process to handle
incoming IPC requests.
Bug: 19297165
Change-Id: I39175f3869ad14da5620fddb47f454e6e4ee2b25
It's a security best practice for size_t values to be rejected if
they are greater than INT32_SIZE. This is intended to prevent the
common error of inadvertently passing a negative int value to a
function, which after conversion to an unsigned type, becomes a huge
number, defeating the purpose of bounds checking.
This patch also addresses a bug where the call to:
Parcel::write(buf, (size_t) -1);
would call writeInPlace() which uses PAD_SIZE on the supplied
argument. This would then cause an integer overflow, with PAD_SIZE
returning a small value, but the memcpy in Parcel::write using the
old large length value.
Bug: 19573085
Change-Id: Ib11bfb3dae4f3be91cd17b2c676926700972c7b8
This makes apps linked against the previous non-static versions
work with the new libbinder.
Bug: 19060033
Bug: 19773812
Change-Id: I3b5c78cbb4f4c0681ca1042e4d8503d98f969502
When compiling 32 bit binaries against a 64 bit binder interface,
implicit promotions of intptr_t types to uint64_t for fields in the
binder ioctl structures can result in invalid pointers because of sign
extension.
Adds readUint32 and writeUint32 methods to the Parcel class. This
saves a lot of static_casting in anything implementing a Binder
interface on the native side.
Change-Id: Iafc73b0633654a3a4c49767f41806b56906c924f
Now that we're in C++11 mode by default, clang complains about switch
statements with case values not matching the type -- since some
binder_driver_return_protocol values are > 0x7fffffff, we need to make
the switch statements operate on uint32_t rather than int32_t.
BUG: 18466763
Change-Id: Iedbfd5c7a3d3d9f087d2eab4ff21343ad7a2a448
Signed-off-by: Bernhard Rosenkränzer <Bernhard.Rosenkranzer@linaro.org>
* Explicit conversion for atomic_uintptr_t initialization.
* Fix string literal concatenation to not be a UD literal.
* Use __typeof__ instead of typeof (should become decltype once this
actually moves to C++11).
Bug: 18466763
Change-Id: I4eedddfb945a2a703ed27317cb6e2b3041b1ebfc
so we can do NULL checks again, and update calls to IInterface::asBinder()
to use the new static version.
Change-Id: Ia7b10eb38ca55b72278bfd33d3bf647f338b4e6a
so we can do NULL checks again, and update calls to IInterface::asBinder()
to use the new static version.
Change-Id: Ia7b10eb38ca55b72278bfd33d3bf647f338b4e6a
...in Parcel destructor
Don't use a Mutux object, just use simple posix mutex primitives,
to avoid static init/destroy order problems.
Change-Id: Ic012d94297564c0a55d58869f8276d7d10545fbc