libbinder_ndk: pointer equality of AIBinder.

static const void* kId = "ABBinder";

static void* kValue = static_cast<void*>(new bool{true});

void cleanId(const void* /*id*/, void* /*obj*/, void* /*cookie*/){/* do nothing */};

void clean(const void* /*id*/, void* /*obj*/, void* /*cookie*/){/* do nothing */};

static void attach(const sp<IBinder>& binder) {

    binder->attachObject(kId, kValue, nullptr /*cookie*/, cleanId);

    binder->attachObject(kId, kValue, nullptr /*cookie*/, clean);

}

static bool has(const sp<IBinder>& binder) {

    return binder != nullptr && binder->findObject(kId) == kValue;

} // namespace ABBinderTag

namespace ABpBinderTag {

static std::mutex gLock;

static const void* kId = "ABpBinder";

struct Value {

    wp<ABpBinder> binder;

};

void clean(const void* id, void* obj, void* cookie) {

    CHECK(id == kId) << id << " " << obj << " " << cookie;

    delete static_cast<Value*>(obj);

};

} // namespace ABpBinderTag

AIBinder::AIBinder(const AIBinder_Class* clazz) : mClazz(clazz) {}

AIBinder::~AIBinder() {}

}

ABpBinder::~ABpBinder() {}

sp<AIBinder> ABpBinder::fromBinder(const ::android::sp<::android::IBinder>& binder) {

void ABpBinder::onLastStrongRef(const void* id) {

    {

        std::lock_guard<std::mutex> lock(ABpBinderTag::gLock);

        // Since ABpBinder is OBJECT_LIFETIME_WEAK, we must remove this weak reference in order for

        // the ABpBinder to be deleted. Since a strong reference to this ABpBinder object should no

        // longer be able to exist at the time of this method call, there is no longer a need to

        // recover it.

        ABpBinderTag::Value* value =

                static_cast<ABpBinderTag::Value*>(remote()->findObject(ABpBinderTag::kId));

        if (value != nullptr) {

            value->binder = nullptr;

        }

    }

    BpRefBase::onLastStrongRef(id);

}

sp<AIBinder> ABpBinder::lookupOrCreateFromBinder(const ::android::sp<::android::IBinder>& binder) {

    if (binder == nullptr) {

        return nullptr;

    }

    if (ABBinderTag::has(binder)) {

        return static_cast<ABBinder*>(binder.get());

    }

    return new ABpBinder(binder);

    // The following code ensures that for a given binder object (remote or local), if it is not an

    // ABBinder then at most one ABpBinder object exists in a given process representing it.

    std::lock_guard<std::mutex> lock(ABpBinderTag::gLock);

    ABpBinderTag::Value* value =

            static_cast<ABpBinderTag::Value*>(binder->findObject(ABpBinderTag::kId));

    if (value == nullptr) {

        value = new ABpBinderTag::Value;

        binder->attachObject(ABpBinderTag::kId, static_cast<void*>(value), nullptr /*cookie*/,

                             ABpBinderTag::clean);

    }

    sp<ABpBinder> ret = value->binder.promote();

    if (ret == nullptr) {

        ret = new ABpBinder(binder);

        value->binder = ret;

    }

    return ret;

}

struct AIBinder_Weak {

    void* mUserData;

};

// This binder object may be remote or local (even though it is 'Bp'). It is not yet associated with

// a class.

// This binder object may be remote or local (even though it is 'Bp'). The implication if it is

// local is that it is an IBinder object created outside of the domain of libbinder_ndk.

struct ABpBinder : public AIBinder, public ::android::BpRefBase {

    static ::android::sp<AIBinder> fromBinder(const ::android::sp<::android::IBinder>& binder);

    // Looks up to see if this object has or is an existing ABBinder or ABpBinder object, otherwise

    // it creates an ABpBinder object.

    static ::android::sp<AIBinder> lookupOrCreateFromBinder(

            const ::android::sp<::android::IBinder>& binder);

    virtual ~ABpBinder();

    void onLastStrongRef(const void* id) override;

    ::android::sp<::android::IBinder> getBinder() override { return remote(); }

    ABpBinder* asABpBinder() override { return this; }

    if (status != EX_NONE) {

        return status;

    }

    sp<AIBinder> ret = ABpBinder::fromBinder(readBinder);

    sp<AIBinder> ret = ABpBinder::lookupOrCreateFromBinder(readBinder);

    AIBinder_incStrong(ret.get());

    *binder = ret.get();

    return status;

    if (status != EX_NONE) {

        return status;

    }

    sp<AIBinder> ret = ABpBinder::fromBinder(readBinder);

    sp<AIBinder> ret = ABpBinder::lookupOrCreateFromBinder(readBinder);

    AIBinder_incStrong(ret.get());

    *binder = ret.get();

    return status;

    sp<IServiceManager> sm = defaultServiceManager();

    sp<IBinder> binder = sm->getService(String16(instance));

    sp<AIBinder> ret = ABpBinder::fromBinder(binder);

    sp<AIBinder> ret = ABpBinder::lookupOrCreateFromBinder(binder);

    AIBinder_incStrong(ret.get());

    return ret.get();

}

 * If the process containing an AIBinder dies, it is possible to be holding a strong reference to

 * an object which does not exist. In this case, transactions to this binder will return

 * EX_DEAD_OBJECT. See also AIBinder_linkToDeath, AIBinder_unlinkToDeath, and AIBinder_isAlive.

 *

 * Once an AIBinder is created, anywhere it is passed (remotely or locally), there is a 1-1

 * correspondence between the address of an AIBinder and the object it represents. This means that

 * when two AIBinder pointers point to the same address, they represent the same object (whether

 * that object is local or remote). This correspondance can be broken accidentally if AIBinder_new

 * is erronesouly called to create the same object multiple times.

 */

struct AIBinder;

typedef struct AIBinder AIBinder;

 *

 * When this is called, the refcount is implicitly 1. So, calling decStrong exactly one time is

 * required to delete this object.

 *

 * Once an AIBinder object is created using this API, re-creating that AIBinder for the same

 * instance of the same class will break pointer equality for that specific AIBinder object. For

 * instance, if someone erroneously created two AIBinder instances representing the same callback

 * object and passed one to a hypothetical addCallback function and then later another one to a

 * hypothetical removeCallback function, the remote process would have no way to determine that

 * these two objects are actually equal using the AIBinder pointer alone (which they should be able

 * to do). Also see the suggested memory ownership model suggested above.

 */

__attribute__((warn_unused_result)) AIBinder* AIBinder_new(const AIBinder_Class* clazz, void* args);