Commit Graph

317 Commits

Author SHA1 Message Date
Marco Nelissen
54cb02ad73 Correctly handle dup() failure in Parcel::readNativeHandle
bail out if dup() fails, instead of creating an invalid native_handle_t

Bug: 28395952

Change-Id: Ia1a6198c0f45165b9c6a55a803e5f64d8afa0572
2016-05-27 11:31:22 -07:00
Dianne Hackborn
a59b827869 Fix issue #27252896: Security Vulnerability -- weak binder
Sending transaction to freed BBinder through weak handle
can cause use of a (mostly) freed object.  We need to try to
safely promote to a strong reference first.

Change-Id: Ic9c6940fa824980472e94ed2dfeca52a6b0fd342
(cherry picked from commit c11146106f94e07016e8e26e4f8628f9a0c73199)
2016-03-25 17:47:54 -07:00
Christopher Tate
25719f6e1f Sanity check IMemory access versus underlying mmap
Bug 26877992

Change-Id: Ibbf4b1061e4675e4e96bc944a865b53eaf6984fe
2016-02-26 16:56:14 -08:00
Adrian Roos
6bb3114246 Maintain Parcel ABI
Makes sure we don't change the memory layout of the Parcel class
to maintain binary compatibility with prebuilts linking against
libbinder.

Bug: 25004154
Change-Id: I656687497f08bb85cefda796aafa2341e601e30a
2015-10-22 17:48:16 -07:00
Adrian Roos
cbf3726357 Revert "Revert "Track ashmem memory usage in Parcel""
This reverts commit 6880307e8e.

Bug: 25004154
Change-Id: I9b432d1ebc39f3bbcd7afdefc403f0fb6ced8158
2015-10-22 17:47:27 -07:00
Ian Pedowitz
6880307e8e Revert "Track ashmem memory usage in Parcel"
This reverts commit e2f499fb73.

Bug: 25169267
Bug: 25191602
Bug: 25004154
Change-Id: I24bb0da4e8739ee5a0c251e4adac9904827144e0
2015-10-22 22:09:16 +00:00
Adrian Roos
e2f499fb73 Track ashmem memory usage in Parcel
Bug: 25004154
Change-Id: Id9d5656dd0605f1b50525596b75601309f67ebdc
2015-10-21 22:32:35 +00:00
Chad Brubaker
e59cb43eda Fix writeByteArray/writeInt32Array size on x64
writeByteArray writes the size using sizeof(size_t), however it is always
read using readInt32(). On devices where sizeof(size_t) != 4 this causes
extra bytes to be written.

BUG: 22204736
Change-Id: I8d4507b6b616857ef5827f1fe9da0907d09abf0e
2015-06-30 14:50:09 -07:00
Christopher Tate
ed7a50cc7d Prevent integer overflow when calculating buffer resizes
Make sure that we don't go haywire if an exponential buffer growth
operation winds up wrapping integer range.  Along the way, fix a
bookkeeping bug in BufferedTextOutput that would cause it to keep
spuriously realloc()ing on every append().

Bug 20674694

Change-Id: Ia845b7de36b90672a151a918ffc26c7da68e20a2
2015-06-08 14:49:09 -07:00
Christopher Tate
98e67d352b Don't corrupt parcel when writeFileDescriptor() fails
We now check for fd-legality before committing binder objects to
the flattened data buffer rather than after.  Previously we would
wind up corrupting the parcel and incurring driver-level errors,
as well as potentially leaking FDs.

Bug 21428802

Change-Id: Ice0d641b3dcc41fb1b8c68ce2e2ebd744c2863a1
2015-06-08 13:13:19 -07:00
Jeff Brown
13b1604018 Enable more flexible usage of blobs in parcels.
Add functions to allow a client to take over the ashmem region
that was transferred so that it can claim it for its own and
reuse it.

Add support for mutable ashmem regions too.

Bug: 21428802
Change-Id: I16eca338cdb99b07d81fc43573d53ce86dbc60c8
2015-06-05 17:40:59 -07:00
Tim Kilbourn
9e6d2ee030 DO NOT MERGE Remove unused ParcelFileDescriptor methods in parcel.
Attempts to replicate Java parceling in native code is fraught with
peril.

Change-Id: I4359036c5dddd1b886d886beef1d060523e53e5f
(cherry picked from commit f47a381001)
2015-06-04 21:36:21 +00:00
Ruben Brunk
7e5bb3701a Merge "Track camera and flashlight usage in battery stats." into mnc-dev 2015-06-02 01:48:25 +00:00
Ruben Brunk
d47da60836 Track camera and flashlight usage in battery stats.
Bug: 15986092

Change-Id: I272ec070113a0bfc41c637c45a6e1a2ab346e87b
2015-06-01 16:55:07 -07:00
Christopher Tate
27182be9f2 Disregard alleged binder entities beyond parcel bounds
When appending one parcel's contents to another, ignore binder
objects within the source Parcel that appear to lie beyond the
formal bounds of that Parcel's data buffer.

Bug 17312693

Change-Id: If592a260f3fcd9a56fc160e7feb2c8b44c73f514
2015-05-27 19:20:15 -07:00
Adam Lesinski
eaac99a717 Verify that the native handle was created
The inputs to native_handle_create can cause an overflowed allocation,
so check the return value of native_handle_create before accessing
the memory it returns.

Bug:19334482
Change-Id: I1f489382776c2a1390793a79dc27ea17baa9b2a2
2015-05-12 17:35:48 -07:00
Svetoslav
b412f6e203 Add body sensors app op - framework native
Change-Id: I727a2bb1e28ae9158f2df9c74dd0aee977dfd47f
2015-05-01 13:51:45 -07:00
Svet Ganov
7a6c586161 Merge "Respect the record audio app op - frameworks native" into mnc-dev 2015-04-29 19:34:18 +00:00
Nick Kralevich
e9881a3961 Parcel.cpp: use calloc instead of malloc
(cherrypicked from commit 6329f0199e)

Bug: 20669363
Change-Id: Ia4c8d8ca9d8b4b87954d7267e8b1c94cf4e570e1
2015-04-28 21:31:20 -07:00
Svet Ganov
f1377f506c Respect the record audio app op - frameworks native
Change-Id: Id747767377953fd644a538aad3f603d6c50875a2
2015-04-28 16:33:28 -07:00
Wale Ogunwale
1c38c4192b Merge "Fixed build error with clang/llvm." 2015-04-22 00:27:31 +00:00
Wale Ogunwale
a3206e690b Fixed build error with clang/llvm.
Change-Id: Ideacdc974ebad542df724464ccba9fcfb2b7ea91
2015-04-21 14:00:27 -07:00
Dan Sandler
8f91a6fb04 Merge "Add ashmem stats to Parcels" 2015-04-21 14:10:23 +00:00
Dan Sandler
aa5c2346c7 Add ashmem stats to Parcels
Requires change Ifaf115da in frameworks/base.

Bug: 20079551
Change-Id: Ifaf115dabd1a59cdb1b46e2d49c41f64ac107de4
2015-04-16 04:08:53 +00:00
Wale Ogunwale
376b822728 Added IPCThreadState::blockUntilThreadAvailable() method.
Will be used by the system_server watchdog to monitor the
availability of binder threads in the process to handle
incoming IPC requests.

Bug: 19297165
Change-Id: I39175f3869ad14da5620fddb47f454e6e4ee2b25
2015-04-14 13:17:25 -07:00
Nick Kralevich
b6b1423c87 Parcel.cpp: reject size_t arguments greater than INT32_MAX
It's a security best practice for size_t values to be rejected if
they are greater than INT32_SIZE. This is intended to prevent the
common error of inadvertently passing a negative int value to a
function, which after conversion to an unsigned type, becomes a huge
number, defeating the purpose of bounds checking.

This patch also addresses a bug where the call to:
  Parcel::write(buf, (size_t) -1);
would call writeInPlace() which uses PAD_SIZE on the supplied
argument. This would then cause an integer overflow, with PAD_SIZE
returning a small value, but the memcpy in Parcel::write using the
old large length value.

Bug: 19573085
Change-Id: Ib11bfb3dae4f3be91cd17b2c676926700972c7b8
2015-04-02 10:56:12 -07:00
Marco Nelissen
b1b2193680 Merge "Add backwards compatible versions of IInterface::asBinder()" 2015-03-31 22:10:48 +00:00
Marco Nelissen
5c6ec52ff8 Add backwards compatible versions of IInterface::asBinder()
This makes apps linked against the previous non-static versions
work with the new libbinder.

Bug: 19060033
Bug: 19773812

Change-Id: I3b5c78cbb4f4c0681ca1042e4d8503d98f969502
2015-03-31 20:32:30 +00:00
Ronghua Wu
2d13afdfa1 binder: add uint64 support to Parcel.
Bug: 19620911
Change-Id: Ifce5319e4e35afd344dead67ab7ba1cd399476a3
2015-03-19 16:45:04 -07:00
Ruben Brunk
52f0407d68 Add ProcessInfoService to activity manager.
- Adds a new AIDL interface for querying process
  information from activity manager.

Bug: 19186859

Change-Id: Ic08858f346d6b66e7bfc9da6faa2c6e38d9b2e82
2015-02-02 14:56:55 -08:00
Yabin Cui
39d890d9ae am 6e32c037: Merge "Kill HAVE_PTHREADS."
* commit '6e32c0377db89bafa477715b3a02431d651978cf':
  Kill HAVE_PTHREADS.
2015-01-27 19:56:06 +00:00
Yabin Cui
8fb2d25ff3 Kill HAVE_PTHREADS.
Bug: 19083585
Change-Id: I355491de945590f43c82bdcb7968b01b4bff6e06
2015-01-26 22:36:36 -08:00
Jeff Sharkey
499127eab8 am 8f3ade0c: Merge "Follow StrictMode refactoring."
* commit '8f3ade0c9ab52a1e4f13d6ff1922dd98e3ccdbcc':
  Follow StrictMode refactoring.
2015-01-16 06:07:31 +00:00
Jeff Sharkey
0c1f5cbb8a Follow StrictMode refactoring.
Bug: 18335678
Change-Id: Iea920cfa26b5ebfd77b4601c9e6e65b21599342a
2015-01-14 10:58:52 -08:00
Riley Andrews
15411a00e1 am aec92242: Merge "Replace all instances of intptr_t with uintptr_t."
* commit 'aec922426620804768f00a6c5cb902f278f2967f':
  Replace all instances of intptr_t with uintptr_t.
2015-01-13 23:26:02 +00:00
Riley Andrews
d66ba5209a am 41a160c4: Merge "Fix signed/unsigned comparison warnings in driver interface test."
* commit '41a160c4cda1ef2c916028ec2d0801da738b5249':
  Fix signed/unsigned comparison warnings in driver interface test.
2015-01-13 23:26:01 +00:00
Riley Andrews
29d8cf91be Replace all instances of intptr_t with uintptr_t.
When compiling 32 bit binaries against a 64 bit binder interface,
implicit promotions of intptr_t types to uint64_t for fields in the
binder ioctl structures can result in invalid pointers because of sign
extension.
2015-01-13 21:59:44 +00:00
Riley Andrews
50bcb00a91 Fix signed/unsigned comparison warnings in driver interface test. 2015-01-12 18:20:49 -08:00
Riley Andrews
68047ffd43 am 53186a4d: Merge "Add binder tests"
* commit '53186a4d78479ba21213b6e055c7a85faeb318e2':
  Add binder tests
2014-12-19 03:52:36 +00:00
Riley Andrews
bf247a3d37 am dbd252ea: Merge "Add binder driver interface test"
* commit 'dbd252eab09d669a7d4b917890d75408193a85d3':
  Add binder driver interface test
2014-12-19 03:52:35 +00:00
Riley Andrews
06b01adcb8 Add binder tests
Change-Id: Ib0b38708dd6387fc4d5a4857ca74a217f3edad1a
2014-12-19 00:39:31 +00:00
Riley Andrews
dc9b148985 Add binder driver interface test
Test ioctls and some binder commands without using libbinder.

Change-Id: I86dde56ff1380bca17d086021ac5324dc5210354
2014-12-19 00:38:27 +00:00
Dan Stoza
e4ea03f74d am 80e81505: Merge "binder: Add {read,write}Uint32 methods to Parcel"
* commit '80e8150549c9d8380dadf942336d41ab3d92bf78':
  binder: Add {read,write}Uint32 methods to Parcel
2014-12-01 19:27:00 +00:00
Dan Stoza
32ad1d518b am 104e1259: Merge "binder: Return pid_t/uid_t instead of int"
* commit '104e12594e085bc8dd32eedb96643b774b1508a0':
  binder: Return pid_t/uid_t instead of int
2014-12-01 19:23:22 +00:00
Dan Stoza
41a0f2f86c binder: Add {read,write}Uint32 methods to Parcel
Adds readUint32 and writeUint32 methods to the Parcel class. This
saves a lot of static_casting in anything implementing a Binder
interface on the native side.

Change-Id: Iafc73b0633654a3a4c49767f41806b56906c924f
2014-12-01 11:13:11 -08:00
Dan Stoza
9c634fd2d1 binder: Return pid_t/uid_t instead of int
Makes IPCThreadState::getCalling{Pid,Uid} return a more
appropriate type.

Change-Id: I97f8a83c1c0722bc1afbf8a6df1a288f8f1f0d2c
2014-12-01 11:07:14 -08:00
Chih-hung Hsieh
a7c75d1b17 am 2d7ec9d7: Merge "Fix build with clang in C++11 mode"
* commit '2d7ec9d7b5dfdb93930b94c134fa2dc10fd27313':
  Fix build with clang in C++11 mode
2014-11-25 22:56:02 +00:00
Bernhard Rosenkränzer
74debb0b8f Fix build with clang in C++11 mode
Now that we're in C++11 mode by default, clang complains about switch
statements with case values not matching the type -- since some
binder_driver_return_protocol values are > 0x7fffffff, we need to make
the switch statements operate on uint32_t rather than int32_t.

BUG: 18466763
Change-Id: Iedbfd5c7a3d3d9f087d2eab4ff21343ad7a2a448
Signed-off-by: Bernhard Rosenkränzer <Bernhard.Rosenkranzer@linaro.org>
2014-11-25 14:06:04 -08:00
Andreas Gampe
09efe0ac2a am 2e42a906: Merge "Binder: Remove unused functions & variables"
* commit '2e42a90653abd0fc8a76909b5f101782d187136e':
  Binder: Remove unused functions & variables
2014-11-25 18:52:24 +00:00
Andreas Gampe
0b53b5c0b3 Binder: Remove unused functions & variables
For build-system CFLAGS clean-up, remove unused functions and
variables.

Change-Id: I88abc2bc99e6b91c7aa56470ff9671bf8bf29f8d
2014-11-24 11:39:11 -08:00