Merge "Enable isolated process to use graphics allocator" am: 11a9b482

__BEGIN_DECLS

enum AServiceManager_AddServiceFlag : uint32_t {

    /**

     * This allows processes with AID_ISOLATED to get the binder of the service added.

     *

     * Services with methods that perform file IO, web socket creation or ways to egress data must

     * not be added with this flag for privacy concerns.

     */

    ADD_SERVICE_ALLOW_ISOLATED = 1,

};

/**

 * This registers the service with the default service manager under this instance name. This does

 * not take ownership of binder.

 *

 * \param binder object to register globally with the service manager.

 * \param instance identifier of the service. This will be used to lookup the service.

 * \param allowIsolated allows if this service can be isolated.

 * \param flag an AServiceManager_AddServiceFlag enum to denote how the service should be added.

 *

 * \return EX_NONE on success.

 */

__attribute__((warn_unused_result)) binder_exception_t AServiceManager_addServiceWithAllowIsolated(

        AIBinder* binder, const char* instance, bool allowIsolated) __INTRODUCED_IN(34);

__attribute__((warn_unused_result)) binder_exception_t AServiceManager_addServiceWithFlag(

        AIBinder* binder, const char* instance, const AServiceManager_AddServiceFlag flag)

        __INTRODUCED_IN(34);

/**

 * Gets a binder object with this specific instance name. Will return nullptr immediately if the

    AServiceManager_getUpdatableApexName; # systemapi

    AServiceManager_registerForServiceNotifications; # systemapi llndk

    AServiceManager_NotificationRegistration_delete; # systemapi llndk

    AServiceManager_addServiceWithFlag; # systemapi llndk

};

LIBBINDER_NDK_PLATFORM {

  global:

    AParcel_getAllowFds;

    AServiceManager_addServiceWithAllowIsolated;

    extern "C++" {

        AIBinder_fromPlatformBinder*;

        AIBinder_toPlatformBinder*;

    return PruneException(exception);

}

binder_exception_t AServiceManager_addServiceWithAllowIsolated(AIBinder* binder,

                                                               const char* instance,

                                                               bool allowIsolated) {

binder_exception_t AServiceManager_addServiceWithFlag(AIBinder* binder, const char* instance,

                                                      const AServiceManager_AddServiceFlag flag) {

    if (binder == nullptr || instance == nullptr) {

        return EX_ILLEGAL_ARGUMENT;

    }

    sp<IServiceManager> sm = defaultServiceManager();

    bool allowIsolated = flag & AServiceManager_AddServiceFlag::ADD_SERVICE_ALLOW_ISOLATED;

    status_t exception = sm->addService(String16(instance), binder->getBinder(), allowIsolated);

    return PruneException(exception);

}

#include <aidlcommonsupport/NativeHandle.h>

#include <android/binder_enums.h>

#include <android/binder_manager.h>

#include <cutils/android_filesystem_config.h>

#include <cutils/multiuser.h>

#include <gralloctypes/Gralloc4.h>

#include <hidl/ServiceManagement.h>

#include <hwbinder/IPCThreadState.h>

    mAllocator = IAllocator::getService();

    if (__builtin_available(android 31, *)) {

        if (hasIAllocatorAidl()) {

            // TODO(b/269517338): Perform the isolated checking for this in service manager instead.

            uid_t aid = multiuser_get_app_id(getuid());

            if (aid >= AID_ISOLATED_START && aid <= AID_ISOLATED_END) {

                mAidlAllocator = AidlIAllocator::fromBinder(ndk::SpAIBinder(

                        AServiceManager_getService(kAidlAllocatorServiceName.c_str())));

            } else {

                mAidlAllocator = AidlIAllocator::fromBinder(ndk::SpAIBinder(

                        AServiceManager_waitForService(kAidlAllocatorServiceName.c_str())));

            }

            ALOGE_IF(!mAidlAllocator, "AIDL IAllocator declared but failed to get service");

        }

    }