Skip to content

Commit 760f097

Browse files
Treehugger Robotandroid-build-merge-worker-robot
Treehugger Robot
authored and
android-build-merge-worker-robot
committed
Merge "libbinder: add hasBinders" into main am: 1a06751
Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/2986295 Change-Id: I07e275dfff55380efa7aa2908937b087a151d9ae Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2 parents 7c46c7a + 1a06751 commit 760f097

4 files changed

Lines changed: 106 additions & 2 deletions

File tree

libs/binder/Parcel.cpp

Lines changed: 48 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -256,7 +256,7 @@ status_t Parcel::flattenBinder(const sp<IBinder>& binder) {
256256

257257
if (const auto* rpcFields = maybeRpcFields()) {
258258
if (binder) {
259-
status_t status = writeInt32(1); // non-null
259+
status_t status = writeInt32(RpcFields::TYPE_BINDER); // non-null
260260
if (status != OK) return status;
261261
uint64_t address;
262262
// TODO(b/167966510): need to undo this if the Parcel is not sent
@@ -266,7 +266,7 @@ status_t Parcel::flattenBinder(const sp<IBinder>& binder) {
266266
status = writeUint64(address);
267267
if (status != OK) return status;
268268
} else {
269-
status_t status = writeInt32(0); // null
269+
status_t status = writeInt32(RpcFields::TYPE_BINDER_NULL); // null
270270
if (status != OK) return status;
271271
}
272272
return finishFlattenBinder(binder);
@@ -740,6 +740,12 @@ bool Parcel::hasFileDescriptors() const
740740
return kernelFields->mHasFds;
741741
}
742742

743+
status_t Parcel::hasBinders(bool* result) const {
744+
status_t status = hasBindersInRange(0, dataSize(), result);
745+
ALOGE_IF(status != NO_ERROR, "Error %d calling hasBindersInRange()", status);
746+
return status;
747+
}
748+
743749
std::vector<sp<IBinder>> Parcel::debugReadAllStrongBinders() const {
744750
std::vector<sp<IBinder>> ret;
745751

@@ -799,6 +805,46 @@ std::vector<int> Parcel::debugReadAllFileDescriptors() const {
799805
return ret;
800806
}
801807

808+
status_t Parcel::hasBindersInRange(size_t offset, size_t len, bool* result) const {
809+
if (len > INT32_MAX || offset > INT32_MAX) {
810+
// Don't accept size_t values which may have come from an inadvertent conversion from a
811+
// negative int.
812+
return BAD_VALUE;
813+
}
814+
size_t limit;
815+
if (__builtin_add_overflow(offset, len, &limit) || limit > mDataSize) {
816+
return BAD_VALUE;
817+
}
818+
*result = false;
819+
if (const auto* kernelFields = maybeKernelFields()) {
820+
#ifdef BINDER_WITH_KERNEL_IPC
821+
for (size_t i = 0; i < kernelFields->mObjectsSize; i++) {
822+
size_t pos = kernelFields->mObjects[i];
823+
if (pos < offset) continue;
824+
if (pos + sizeof(flat_binder_object) > offset + len) {
825+
if (kernelFields->mObjectsSorted) {
826+
break;
827+
} else {
828+
continue;
829+
}
830+
}
831+
const flat_binder_object* flat =
832+
reinterpret_cast<const flat_binder_object*>(mData + pos);
833+
if (flat->hdr.type == BINDER_TYPE_BINDER || flat->hdr.type == BINDER_TYPE_HANDLE) {
834+
*result = true;
835+
break;
836+
}
837+
}
838+
#else
839+
LOG_ALWAYS_FATAL("Binder kernel driver disabled at build time");
840+
return INVALID_OPERATION;
841+
#endif // BINDER_WITH_KERNEL_IPC
842+
} else if (const auto* rpcFields = maybeRpcFields()) {
843+
return INVALID_OPERATION;
844+
}
845+
return NO_ERROR;
846+
}
847+
802848
status_t Parcel::hasFileDescriptorsInRange(size_t offset, size_t len, bool* result) const {
803849
if (len > INT32_MAX || offset > INT32_MAX) {
804850
// Don't accept size_t values which may have come from an inadvertent conversion from a

libs/binder/include/binder/Parcel.h

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -101,7 +101,9 @@ class Parcel {
101101
void restoreAllowFds(bool lastValue);
102102

103103
bool hasFileDescriptors() const;
104+
status_t hasBinders(bool* result) const;
104105
status_t hasFileDescriptorsInRange(size_t offset, size_t length, bool* result) const;
106+
status_t hasBindersInRange(size_t offset, size_t length, bool* result) const;
105107

106108
// returns all binder objects in the Parcel
107109
std::vector<sp<IBinder>> debugReadAllStrongBinders() const;
@@ -647,6 +649,8 @@ class Parcel {
647649
void freeDataNoInit();
648650
void initState();
649651
void scanForFds() const;
652+
status_t scanForBinders(bool* result) const;
653+
650654
status_t validateReadData(size_t len) const;
651655

652656
void updateWorkSourceRequestHeaderPosition() const;

libs/binder/tests/binderParcelUnitTest.cpp

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@
2323
using android::BBinder;
2424
using android::IBinder;
2525
using android::IPCThreadState;
26+
using android::NO_ERROR;
2627
using android::OK;
2728
using android::Parcel;
2829
using android::sp;
@@ -164,6 +165,45 @@ TEST(Parcel, AppendPlainDataPartial) {
164165
ASSERT_EQ(2, p2.readInt32());
165166
}
166167

168+
TEST(Parcel, HasBinders) {
169+
sp<IBinder> b1 = sp<BBinder>::make();
170+
171+
Parcel p1;
172+
p1.writeInt32(1);
173+
p1.writeStrongBinder(b1);
174+
175+
bool result = false;
176+
ASSERT_EQ(NO_ERROR, p1.hasBinders(&result));
177+
ASSERT_EQ(true, result);
178+
179+
p1.setDataSize(0); // clear data
180+
result = false;
181+
ASSERT_EQ(NO_ERROR, p1.hasBinders(&result));
182+
ASSERT_EQ(false, result);
183+
p1.writeStrongBinder(b1); // reset with binder data
184+
result = false;
185+
ASSERT_EQ(NO_ERROR, p1.hasBinders(&result));
186+
ASSERT_EQ(true, result);
187+
188+
Parcel p3;
189+
p3.appendFrom(&p1, 0, p1.dataSize());
190+
result = false;
191+
ASSERT_EQ(NO_ERROR, p1.hasBinders(&result));
192+
ASSERT_EQ(true, result);
193+
}
194+
195+
TEST(Parcel, HasBindersInRange) {
196+
sp<IBinder> b1 = sp<BBinder>::make();
197+
Parcel p1;
198+
p1.writeStrongBinder(b1);
199+
bool result = false;
200+
ASSERT_EQ(NO_ERROR, p1.hasBindersInRange(0, p1.dataSize(), &result));
201+
ASSERT_EQ(true, result);
202+
result = false;
203+
ASSERT_EQ(NO_ERROR, p1.hasBinders(&result));
204+
ASSERT_EQ(true, result);
205+
}
206+
167207
TEST(Parcel, AppendWithBinder) {
168208
sp<IBinder> b1 = sp<BBinder>::make();
169209
sp<IBinder> b2 = sp<BBinder>::make();

libs/binder/tests/parcel_fuzzer/binder.cpp

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -352,6 +352,20 @@ std::vector<ParcelRead<::android::Parcel>> BINDER_PARCEL_READ_FUNCTIONS {
352352
status_t status = p.hasFileDescriptorsInRange(offset, length, &result);
353353
FUZZ_LOG() << " status: " << status << " result: " << result;
354354
},
355+
[] (const ::android::Parcel& p, FuzzedDataProvider& /*provider*/) {
356+
FUZZ_LOG() << "about to call hasBinders() with status";
357+
bool result;
358+
status_t status = p.hasBinders(&result);
359+
FUZZ_LOG() << " status: " << status << " result: " << result;
360+
},
361+
[] (const ::android::Parcel& p, FuzzedDataProvider& /*provider*/) {
362+
FUZZ_LOG() << "about to call hasBindersInRange() with status";
363+
size_t offset = p.readUint32();
364+
size_t length = p.readUint32();
365+
bool result;
366+
status_t status = p.hasBindersInRange(offset, length, &result);
367+
FUZZ_LOG() << " status: " << status << " result: " << result;
368+
},
355369
[] (const ::android::Parcel& p, FuzzedDataProvider& /*provider*/) {
356370
FUZZ_LOG() << "about to call compareDataInRange() with status";
357371
size_t thisOffset = p.readUint32();

0 commit comments

Comments
 (0)