Commit Graph

68 Commits

Author SHA1 Message Date
Dianne Hackborn
5da5ca520c App ops: new native access API.
This is to help implementation of bug #8181262 and maybe
bug #8181261

Note the current code has not yet been tested; it is only
known to compile at this point.

Change-Id: I489674c96d0d3fc0ddacc92611931a19a9ee5230
2013-02-12 15:13:37 -08:00
Mathias Agopian
7b19051137 fix a crasher when running out of memory
MemoryHeapBase::getBase() returns MAP_FAILED in case or
OOM, not null which is what SF was checking against.

This addresses one of the issues of bug 7230543.

Bug: 7230543
Change-Id: I763a88f64a2f9ff75eb139cfbaf9a1a9746c5577
2012-09-25 15:30:38 -07:00
Mathias Agopian
2098517e3e make sure Parcel handles 0-sized LightFlatenables
Change-Id: Ib30a1c0228f8a938abaa0c7c8a6ba32ffd971121
2012-08-31 18:09:51 -07:00
Dianne Hackborn
8210185fe3 No longer need "original calling uid".
Change-Id: Ifc4a89dd088609a5a8553f6ac6553174e09e8222
2012-08-31 15:40:58 -07:00
Mathias Agopian
8683fca395 improve [un]marshalling of non-binder objects
this change introduces a new class LightFlattenable<> which is
a protocol to flatten simple objects that don't require
binders or file descriptors; the benefit of this protocol is that
it doesn't require the objects to have a virtual table and give us
a consitant way of doing this.

we also introduce an implementation of this protocol for
POD structures, LightFlattenablePod<>.

Parcel has been update to handle this protocol automatically.

Sensor, Rect, Point and Region now use this new protocol.

Change-Id: Icb3ce7fa1d785249eb666f39c2129f2fc143ea4a
2012-08-13 02:46:05 -07:00
Mathias Agopian
db403e8ff0 split-up Client.h out of SurfaceFlinger.h
Change-Id: I1993bf23e417163749d886283563a93d50b361b4
2012-06-18 16:47:56 -07:00
Dianne Hackborn
555f89d8df Add callback hack to find out when to reload system properties.
Every IBinder object can accept a new transaction to tell it that
it might want to reload system properties, and in the process
anyone can register a callback to be executed when this happens.

Use this to reload the trace property.

This is very much ONLY for debugging.

Change-Id: I55c67c46f8f3fa9073bef0dfaab4577ed1d47eb4
2012-05-09 14:53:26 -07:00
Mathias Agopian
64a1e08b86 SF doesn't need more than a few binder threads
Change-Id: Ic4659fb81f9990cc7caf84a496a8ae659a1d16a9
2012-04-19 17:32:03 -07:00
Mathias Agopian
1b80f793d2 add set thread count
Change-Id: I70f02908d8362a465eb8a2a24356f6989847f7ba
2012-04-18 17:50:03 -07:00
Mathias Agopian
7a7524810a get rid of MemoryHeapPmem
MemoryHeapPmem is not used any longer. PMEM is not a supported
type of memory by the system anymore. a particular device might
use PMEM and need something like MemoryHeapPmem, in this case this
should be implemented in device specific code (HAL).

This will most likely break older no longer supported targets.

Change-Id: I434e4291219950018de8b793b0403bb2d92dd5cc
2012-02-27 19:58:57 -08:00
Mathias Agopian
89d353a4c5 move CursorWindow from libbinder to libandroidfw
Change-Id: I3b304e4f74e0d0ec8b20c57296c62449c9a0f792
2012-02-27 18:11:20 -08:00
Dianne Hackborn
a94f129a7b Some hardening of isolated processes by restricting access to services.
Services now must explicitly opt in to being accessed by isolated
processes.  Currently only the activity manager and surface flinger
allow this.  Activity manager is needed so that we can actually
bring up the process; SurfaceFlinger is needed to be able to get the
display information for creating the Configuration.  The SurfaceFlinger
should be safe because the app doesn't have access to the window
manager so can't actually get a surface to do anything with.

The activity manager now protects most of its entry points against
isolated processes.

Change-Id: I0dad8cb2c873575c4c7659c3c2a7eda8e98f46b0
2012-02-09 18:06:01 -08:00
Amith Yamasani
4e975bb488 Multi-user - 1st major checkin
Switching activity stacks
Cache ContentProvider per user
Long-press power to switch users (on phone)

Added ServiceMap for separating services by user
Launch PendingIntents on the correct user's uid
Fix task switching from Recents list
AppWidgetService is mostly working.

Commands added to pm and am to allow creating and switching profiles.

Change-Id: I15810e8cfbe50a04bd3323a7ef5a8ff4230870ed
2012-02-03 12:01:47 -08:00
Jeff Brown
c17f56fdf1 am 88061d6b: am 5462bc63: Fix a leak in Parcel::writeBlob.
* commit '88061d6b38cfb4bf374039846b753a3b21ac61e1':
  Fix a leak in Parcel::writeBlob.
2011-11-07 15:51:31 +00:00
Jeff Brown
efd912c05c am 5462bc63: Fix a leak in Parcel::writeBlob.
* commit '5462bc6318b4b70e7a58c66994e2bd79f59d9739':
  Fix a leak in Parcel::writeBlob.
2011-11-05 02:35:57 +00:00
Jeff Brown
93ff1f985e Fix a leak in Parcel::writeBlob.
Was mistakenly assuming that Parcel::writeFileDescriptor took
ownership of the fd that was passed in.  It does not!
Added some comments and a default parameter to allow the caller
to specify whether it wishes the Parcel to take ownership.

Bug: 5563374
Change-Id: I5a12f51d582bf246ce90133cce7690bb9bca93f6
2011-11-04 19:26:03 -07:00
Steve Block
9f760150f6 Rename (IF_)LOG() to (IF_)ALOG() DO NOT MERGE
See https://android-git.corp.google.com/g/#/c/141576

Bug: 5449033
Change-Id: I42575e7c29cf1c0f465c357a5c97ab118df6f473
2011-10-25 16:28:24 +01:00
Jeff Brown
3e2fb7056a Deprecate local-only CursorWindows.
There is no difference and has never really been a difference
between local-only and remotable CursorWindows.  By removing the
distinction officially in the API, we will make it easier to
implement CrossProcessCursor correctly.  CrossProcessCursor
is problematic currently because it's not clear whether a call
to getWindow() will return a local-only window or a remotable window.
As a result, the bulk cursor adaptor has special case handling
for AbstractWindowedCursors vs. ordinary CrossProcessCursors
so that it can set a remotable window before the cursor fills it.
All these problems go away if we just forget about local-only
windows being special in any way.

Change-Id: Ie59f517968e33d0ecb239c3c4f60206495e8f376
2011-10-12 22:19:41 -07:00
Jeff Brown
ec4e0063a1 Use ashmem for CursorWindows.
Bug: 5332296

The memory dealer introduces additional delays for reclaiming
the memory owned by CursorWindows because the Binder object must
be finalized.  Using ashmem instead gives CursorWindow more
direct control over the lifetime of the shared memory region.

The provider now allocates the CursorWindows and returns them
to clients with a read-only protection bit set on the ashmem
region.

Improved the encapsulation of CursorWindow.  Callers shouldn't
need to care about details like how string fields are allocated.

Removed the compile-time configuration of string and numeric
storage modes to remove some dead weight.

Change-Id: I07c2bc2a9c573d7e435dcaecd269d25ea9807acd
2011-10-11 11:03:19 -07:00
Jeff Brown
cc0bf53f21 Clean up CursorWindow code.
Bug: 5332296

The code is functionally equivalent, but a little more efficient
and much easier to maintain.

Change-Id: I90670a13799df05831843a5137ab234929281b7c
2011-10-06 14:40:13 -07:00
Dianne Hackborn
7746cc3188 Fix handling of "allow fds" state.
Didn't take into account nesting of bundles.  Boo.

Change-Id: Ic8cf21ad8d6f4938a3e105128624c9d162310d01
2011-10-03 21:09:35 -07:00
Jeff Brown
5707dbf15d Transfer large bitmaps using ashmem.
Bug: 5224703

Change-Id: If385a66adf4c6179a0bb49c0e6d09a9567e23808
2011-10-03 17:28:13 -07:00
Dianne Hackborn
8938ed2c8e Add mechanism for Parcel to not allow FDs to be written to it.
This is to help implement issue #5224703.

Change-Id: I026a5890495537d15b57fe61227a640aac806d46
2011-10-03 16:58:41 -07:00
Bart Sears
8acda78034 Revert "Transfer large bitmaps using ashmem. Bug: 5224703"
This reverts commit 56c58f66b97d22fe7e7de1f7d9548bcbe1973029

This CL was causing the browser to crash when adding bookmarks, visiting the bookmarks page, and sharing pages (see bug http://b/issue?id=5369231
2011-09-25 14:30:21 -07:00
Jeff Brown
f4c1088d75 Transfer large bitmaps using ashmem.
Bug: 5224703

Change-Id: Ic7481dd9f173986f085a8bbdcc59bbe9830d7a44
2011-09-23 21:20:47 -07:00
Jeff Brown
e16986cae2 Eliminate single-process mode.
Bug: 5010576

Change-Id: Id450dc83efed4897d1e4ff451530fed14457aace
2011-07-08 19:54:07 -07:00
Mathias Agopian
99b49840d3 PermissionCache caches permission checks
This is intended to absorb the cost of the IPC
to the permission controller.
Cached permission checks cost about 3us, while
full blown ones are two orders of magnitude slower.

CAVEAT: PermissionCache can only handle system
permissions safely for now, because the cache is
not purged upon global permission changes.

Change-Id: I8b8a5e71e191e3c01e8f792f253c379190eee62e
2011-06-27 17:42:15 -07:00
Anu Sundararajan
5728a92e29 MemoryHeapBase: Save and binderize the offset
The offset that is used in the creation of the MemoryHeapBase must be saved, so
that it can be used to recreate the Heap when an IMemory object is passed
across process boundary through the binder.

Change-Id: Ie618fb5c0718e6711f55ed9235616fd801e648dc
Signed-off-by: Anu Sundararajan <sanuradha@ti.com>
Signed-off-by: Iliyan Malchev <malchev@google.com>
2011-06-27 13:48:51 -07:00
Andreas Huber
51faf46e29 Parcel::appendFrom({const } Parcel *parcel, size_t, size_t)
As far as I can tell "parcel" isn't actually modified by the implementation.

Change-Id: Ib806eefdc13c97b932773e1dc9ca3a4aad4422b2
2011-04-13 10:21:56 -07:00
Christopher Tate
71f64dd876 Binder linkage no longer depends on JNI objrefs as persistent tokens
There are two areas that have changed to eliminate the assumption that
local jobject references are both canonical and persistent:

1. JavaBBinderHolder no longer holds onto and reuses it parent object
reference per se.  Since the underlying JavaBBinder object holds a
real global ref, this was redundant anyway.  Now, for purposes of its
transient need to perform JNI operations, it simply uses the current
jobject ref(s) passed during method invocation, and no longer attempts
to hold these refs beyond the scope of a single invocation.

2. Binder obituaries no longer assume that a jobject reference to a
recipient will always compare == as a 32-bit value with any future
reference to the same object.  The implementation now asks Dalvik
whether object references match.

This amended patch fixes the earlier bug around races between
remote binder death cleanup and local explicit unregistration of
VM-side death recipients.

Bug 2090115

Change-Id: I70bd788a80ea953632b1f466f385ab6b78ef2913
2011-02-28 11:37:20 -08:00
Christopher Tate
9f5b53d4b0 Revert "Binder linkage no longer depends on JNI objrefs as persistent tokens"
This reverts commit c2d55dd89743c8a38deb809f3cdf1ad2d1dbac2b.
2011-02-25 15:18:53 -08:00
Christopher Tate
c811e7a775 Binder linkage no longer depends on JNI objrefs as persistent tokens
There are two areas that have changed to eliminate the assumption that
local jobject references are both canonical and persistent:

1. JavaBBinderHolder no longer holds onto and reuses it parent object
reference per se.  Since the underlying JavaBBinder object holds a
real global ref, this was redundant anyway.  Now, for purposes of its
transient need to perform JNI operations, it simply uses the current
jobject ref(s) passed during method invocation, and no longer attempts
to hold these refs beyond the scope of a single invocation.

2. Binder obituaries no longer assume that a jobject reference to a
recipient will always compare == as a 32-bit value with any future
reference to the same object.  The implementation now asks Dalvik
whether object references match.

Bug 2090115

Change-Id: If62edd554d0a9fbb2d2977b0cbf8ad7cc8e2e68d
2011-02-24 13:15:09 -08:00
Vasu Nori
11dde1100d resubmitting Change-Id: I67b1d04a5c9fc18b0cd4da6184d0b814b64d89e9
Change-Id: I67b1d04a5c9fc18b0cd4da6184d0b814b64d89e9 was reverted
due to a bug. fixed the bug and resubmitting it here
2010-12-21 09:32:36 -08:00
Vasu Nori
204249bcbe Revert "bug:2448371 cursorwindow size moved to resource xml file."
This reverts commit 2594bae1f551d758c5c88771310d1ee3dc2c71ac.
2010-12-20 14:23:48 -08:00
Vasu Nori
bd57473e90 bug:2448371 cursorwindow size moved to resource xml file.
let cursor window size be set per device in device resources file.
default is 1MB.
for SR, it is 2MB.
it can be set to any value (in kB) in the device resource
strings.xml file

Change-Id: I67b1d04a5c9fc18b0cd4da6184d0b814b64d89e9
2010-12-20 13:08:08 -08:00
Brad Fitzpatrick
1b60843547 Framework-side support for Dalvik "isSensitiveThread" hook.
Used in lock contention stats.

Bug: 3226270
Change-Id: Ie6f58d130a29079a59bdefad40b80304d9bc3623
2010-12-14 09:28:16 -08:00
Brad Fitzpatrick
f3372f7ca3 am ae087369: am 63070856: Merge "Don\'t propagate StrictMode over one-way Binder calls." into gingerbread
Merge commit 'ae087369c56a270c33c1c1af5be7d3c5d7f94e80'

* commit 'ae087369c56a270c33c1c1af5be7d3c5d7f94e80':
  Don't propagate StrictMode over one-way Binder calls.
2010-08-31 15:06:24 -07:00
Brad Fitzpatrick
5273603e98 Don't propagate StrictMode over one-way Binder calls.
This was causing stack stitching problems where a one-way call with
violations followed by a two-way call without violations was getting
the previous one-way call's violation stack stitched on to the second
caller's stack.

The solution is a little more indirect than I would've liked
(preserving the binder's onTransact flags until enforceInterface) but
was seemingly necessary to work without changing the AIDL compiler.
It should also be sufficiently cheap, since no new calls to
thread-local IPCThreadState lookups were required.  The additional
work is just same-thread getter/setters on the existing
IPCThreadState.

Change-Id: I4b6db1d445c56e868e6d0d7be3ba6849f4ef23ae
2010-08-31 13:16:49 -07:00
Brad Fitzpatrick
b8f4015c0a am 245cb784: am 84c924a6: Merge "Replace several IPCThreadState::get() lookups with one." into gingerbread
Merge commit '245cb7846c82f7c0840e13f0b994d356846b1678'

* commit '245cb7846c82f7c0840e13f0b994d356846b1678':
  Replace several IPCThreadState::get() lookups with one.
2010-07-27 14:04:14 -07:00
Brad Fitzpatrick
70081a1511 Replace several IPCThreadState::get() lookups with one.
Also, make StrictMode's ThreadLocal final.

Change-Id: I08d400ed254fa67bb7a3dae1227f205a54c00df0
2010-07-27 12:28:57 -07:00
Brad Fitzpatrick
721c4162c3 am cc52121c: am c4b204bd: Merge "More StrictMode work, keeping Binder & BlockGuard\'s thread-locals in-sync." into gingerbread
Merge commit 'cc52121c4f88e9feb8404937bcbfff6e73084666'

* commit 'cc52121c4f88e9feb8404937bcbfff6e73084666':
  More StrictMode work, keeping Binder & BlockGuard's thread-locals in-sync.
2010-07-15 23:05:35 -07:00
Brad Fitzpatrick
a877cd85b5 More StrictMode work, keeping Binder & BlockGuard's thread-locals in-sync.
Change-Id: Ia67cabcc17a73a0f15907ffea683d06bc41b90e5
2010-07-15 13:18:05 -07:00
Mathias Agopian
9382d111bb am c74034b6: am 24651682: added BinderService<> template to help creating native binder services
Merge commit 'c74034b6bf0940dc80c4d4efa1e677ad0d2dfd6c'

* commit 'c74034b6bf0940dc80c4d4efa1e677ad0d2dfd6c':
  added BinderService<> template to help creating native binder services
2010-07-14 20:18:50 -07:00
Mathias Agopian
a1e6bc864f added BinderService<> template to help creating native binder services
Change-Id: Id980899d2647b56479f8a27c89eaa949f9209dfe
2010-07-14 18:43:19 -07:00
Brad Fitzpatrick
0c2aaca5d6 am 706623dd: am c0a7e690: Add Parcel::readExceptionCode() and Parcel::writeNoException()
Merge commit '706623ddb8314850c0551f0b66e24b5f0bd28620'

* commit '706623ddb8314850c0551f0b66e24b5f0bd28620':
  Add Parcel::readExceptionCode() and Parcel::writeNoException()
2010-07-13 15:57:20 -07:00
Brad Fitzpatrick
837a0d0fb2 Add Parcel::readExceptionCode() and Parcel::writeNoException()
Add native Parcel methods analogous to the Java versions.

Currently, these don't do much, but upcoming StrictMode work changes
the RPC calling conventions in some cases, so it's important that
everybody uses these consistently, rather than having a lot of code
trying to parse RPC responses out of Parcels themselves.

As a summary, the current convention that Java Binder services use is
to prepend the reply Parcel with an int32 signaling the exception
status:

     0: no exception
     -1: Security exception
     -2: Bad Parcelable
     -3: ...
     -4: ...
     -5: ...

... followed by Parceled String if the exception code is non-zero.

With an upcoming change, it'll be the case that a response Parcel can,
non-exceptionally return rich data in the header, and also return data
to the caller.  The important thing to note in this new case is that
the first int32 in the reply parcel *will not be zero*, so anybody
manually checking for it with reply.readInt32() will get false
negative failures.

Short summary: If you're calling into a Java service and manually
checking the exception status with reply.readInt32(), change it to
reply.readExceptionCode().

Change-Id: I23f9a0e53a8cfbbd9759242cfde16723641afe04
2010-07-13 15:45:18 -07:00
Brad Fitzpatrick
f9e01ea481 am efcf68aa: am ef8f96a7: Merge "Start of work on passing around StrictMode policy over Binder calls." into gingerbread
Merge commit 'efcf68aa1fd7fcfd52cf3d2837ed8db8e797194b'

* commit 'efcf68aa1fd7fcfd52cf3d2837ed8db8e797194b':
  Start of work on passing around StrictMode policy over Binder calls.
2010-06-23 10:18:18 -07:00
Brad Fitzpatrick
702ea9d42f Start of work on passing around StrictMode policy over Binder calls.
This is (intendend to be) a no-op change.

At this stage, Binder RPCs just have an additional uint32 passed around
in the header, right before the interface name.  But nothing is actually
done with them yet.  That value should right now always be 0.

This now boots and seems to work.

Change-Id: I135b7c84f07575e6b9717fef2424d301a450df7b
2010-06-21 12:56:35 -07:00
Vasu Nori
e733497af5 add API to Cursor to get column value type
Change-Id: I3ef1bcdb2eb1c45f68e829ccb6e3ecde28076591
2010-06-02 17:40:41 -07:00
Mike Lockwood
244a7655ae Move CursorWindow class from core/jni to libbinder
To allow use of the native CursorWindow class outside of the core framework jni

Change-Id: I72e8dcb91a2c691130c33cdfd9a25d343da1c592
Signed-off-by: Mike Lockwood <lockwood@android.com>
2010-05-28 10:08:21 -04:00