Loading libs/binder/ndk/include_platform/android/binder_manager.h +14 −3 Original line number Original line Diff line number Diff line Loading @@ -22,6 +22,16 @@ __BEGIN_DECLS __BEGIN_DECLS enum AServiceManager_AddServiceFlag : uint32_t { /** * This allows processes with AID_ISOLATED to get the binder of the service added. * * Services with methods that perform file IO, web socket creation or ways to egress data must * not be added with this flag for privacy concerns. */ ADD_SERVICE_ALLOW_ISOLATED = 1, }; /** /** * This registers the service with the default service manager under this instance name. This does * This registers the service with the default service manager under this instance name. This does * not take ownership of binder. * not take ownership of binder. Loading @@ -46,12 +56,13 @@ __attribute__((warn_unused_result)) binder_exception_t AServiceManager_addServic * * * \param binder object to register globally with the service manager. * \param binder object to register globally with the service manager. * \param instance identifier of the service. This will be used to lookup the service. * \param instance identifier of the service. This will be used to lookup the service. * \param allowIsolated allows if this service can be isolated. * \param flag an AServiceManager_AddServiceFlag enum to denote how the service should be added. * * * \return EX_NONE on success. * \return EX_NONE on success. */ */ __attribute__((warn_unused_result)) binder_exception_t AServiceManager_addServiceWithAllowIsolated( __attribute__((warn_unused_result)) binder_exception_t AServiceManager_addServiceWithFlag( AIBinder* binder, const char* instance, bool allowIsolated) __INTRODUCED_IN(34); AIBinder* binder, const char* instance, const AServiceManager_AddServiceFlag flag) __INTRODUCED_IN(34); /** /** * Gets a binder object with this specific instance name. Will return nullptr immediately if the * Gets a binder object with this specific instance name. Will return nullptr immediately if the Loading libs/binder/ndk/libbinder_ndk.map.txt +1 −1 Original line number Original line Diff line number Diff line Loading @@ -158,12 +158,12 @@ LIBBINDER_NDK34 { # introduced=UpsideDownCake AServiceManager_getUpdatableApexName; # systemapi AServiceManager_getUpdatableApexName; # systemapi AServiceManager_registerForServiceNotifications; # systemapi llndk AServiceManager_registerForServiceNotifications; # systemapi llndk AServiceManager_NotificationRegistration_delete; # systemapi llndk AServiceManager_NotificationRegistration_delete; # systemapi llndk AServiceManager_addServiceWithFlag; # systemapi llndk }; }; LIBBINDER_NDK_PLATFORM { LIBBINDER_NDK_PLATFORM { global: global: AParcel_getAllowFds; AParcel_getAllowFds; AServiceManager_addServiceWithAllowIsolated; extern "C++" { extern "C++" { AIBinder_fromPlatformBinder*; AIBinder_fromPlatformBinder*; AIBinder_toPlatformBinder*; AIBinder_toPlatformBinder*; Loading libs/binder/ndk/service_manager.cpp +4 −3 Original line number Original line Diff line number Diff line Loading @@ -42,14 +42,15 @@ binder_exception_t AServiceManager_addService(AIBinder* binder, const char* inst return PruneException(exception); return PruneException(exception); } } binder_exception_t AServiceManager_addServiceWithAllowIsolated(AIBinder* binder, binder_exception_t AServiceManager_addServiceWithFlag(AIBinder* binder, const char* instance, const char* instance, const AServiceManager_AddServiceFlag flag) { bool allowIsolated) { if (binder == nullptr || instance == nullptr) { if (binder == nullptr || instance == nullptr) { return EX_ILLEGAL_ARGUMENT; return EX_ILLEGAL_ARGUMENT; } } sp<IServiceManager> sm = defaultServiceManager(); sp<IServiceManager> sm = defaultServiceManager(); bool allowIsolated = flag & AServiceManager_AddServiceFlag::ADD_SERVICE_ALLOW_ISOLATED; status_t exception = sm->addService(String16(instance), binder->getBinder(), allowIsolated); status_t exception = sm->addService(String16(instance), binder->getBinder(), allowIsolated); return PruneException(exception); return PruneException(exception); } } Loading libs/ui/Gralloc4.cpp +11 −2 Original line number Original line Diff line number Diff line Loading @@ -22,6 +22,8 @@ #include <aidlcommonsupport/NativeHandle.h> #include <aidlcommonsupport/NativeHandle.h> #include <android/binder_enums.h> #include <android/binder_enums.h> #include <android/binder_manager.h> #include <android/binder_manager.h> #include <cutils/android_filesystem_config.h> #include <cutils/multiuser.h> #include <gralloctypes/Gralloc4.h> #include <gralloctypes/Gralloc4.h> #include <hidl/ServiceManagement.h> #include <hidl/ServiceManagement.h> #include <hwbinder/IPCThreadState.h> #include <hwbinder/IPCThreadState.h> Loading Loading @@ -1195,8 +1197,15 @@ Gralloc4Allocator::Gralloc4Allocator(const Gralloc4Mapper& mapper) : mMapper(map mAllocator = IAllocator::getService(); mAllocator = IAllocator::getService(); if (__builtin_available(android 31, *)) { if (__builtin_available(android 31, *)) { if (hasIAllocatorAidl()) { if (hasIAllocatorAidl()) { // TODO(b/269517338): Perform the isolated checking for this in service manager instead. uid_t aid = multiuser_get_app_id(getuid()); if (aid >= AID_ISOLATED_START && aid <= AID_ISOLATED_END) { mAidlAllocator = AidlIAllocator::fromBinder(ndk::SpAIBinder( AServiceManager_getService(kAidlAllocatorServiceName.c_str()))); } else { mAidlAllocator = AidlIAllocator::fromBinder(ndk::SpAIBinder( mAidlAllocator = AidlIAllocator::fromBinder(ndk::SpAIBinder( AServiceManager_waitForService(kAidlAllocatorServiceName.c_str()))); AServiceManager_waitForService(kAidlAllocatorServiceName.c_str()))); } ALOGE_IF(!mAidlAllocator, "AIDL IAllocator declared but failed to get service"); ALOGE_IF(!mAidlAllocator, "AIDL IAllocator declared but failed to get service"); } } } } Loading Loading
libs/binder/ndk/include_platform/android/binder_manager.h +14 −3 Original line number Original line Diff line number Diff line Loading @@ -22,6 +22,16 @@ __BEGIN_DECLS __BEGIN_DECLS enum AServiceManager_AddServiceFlag : uint32_t { /** * This allows processes with AID_ISOLATED to get the binder of the service added. * * Services with methods that perform file IO, web socket creation or ways to egress data must * not be added with this flag for privacy concerns. */ ADD_SERVICE_ALLOW_ISOLATED = 1, }; /** /** * This registers the service with the default service manager under this instance name. This does * This registers the service with the default service manager under this instance name. This does * not take ownership of binder. * not take ownership of binder. Loading @@ -46,12 +56,13 @@ __attribute__((warn_unused_result)) binder_exception_t AServiceManager_addServic * * * \param binder object to register globally with the service manager. * \param binder object to register globally with the service manager. * \param instance identifier of the service. This will be used to lookup the service. * \param instance identifier of the service. This will be used to lookup the service. * \param allowIsolated allows if this service can be isolated. * \param flag an AServiceManager_AddServiceFlag enum to denote how the service should be added. * * * \return EX_NONE on success. * \return EX_NONE on success. */ */ __attribute__((warn_unused_result)) binder_exception_t AServiceManager_addServiceWithAllowIsolated( __attribute__((warn_unused_result)) binder_exception_t AServiceManager_addServiceWithFlag( AIBinder* binder, const char* instance, bool allowIsolated) __INTRODUCED_IN(34); AIBinder* binder, const char* instance, const AServiceManager_AddServiceFlag flag) __INTRODUCED_IN(34); /** /** * Gets a binder object with this specific instance name. Will return nullptr immediately if the * Gets a binder object with this specific instance name. Will return nullptr immediately if the Loading
libs/binder/ndk/libbinder_ndk.map.txt +1 −1 Original line number Original line Diff line number Diff line Loading @@ -158,12 +158,12 @@ LIBBINDER_NDK34 { # introduced=UpsideDownCake AServiceManager_getUpdatableApexName; # systemapi AServiceManager_getUpdatableApexName; # systemapi AServiceManager_registerForServiceNotifications; # systemapi llndk AServiceManager_registerForServiceNotifications; # systemapi llndk AServiceManager_NotificationRegistration_delete; # systemapi llndk AServiceManager_NotificationRegistration_delete; # systemapi llndk AServiceManager_addServiceWithFlag; # systemapi llndk }; }; LIBBINDER_NDK_PLATFORM { LIBBINDER_NDK_PLATFORM { global: global: AParcel_getAllowFds; AParcel_getAllowFds; AServiceManager_addServiceWithAllowIsolated; extern "C++" { extern "C++" { AIBinder_fromPlatformBinder*; AIBinder_fromPlatformBinder*; AIBinder_toPlatformBinder*; AIBinder_toPlatformBinder*; Loading
libs/binder/ndk/service_manager.cpp +4 −3 Original line number Original line Diff line number Diff line Loading @@ -42,14 +42,15 @@ binder_exception_t AServiceManager_addService(AIBinder* binder, const char* inst return PruneException(exception); return PruneException(exception); } } binder_exception_t AServiceManager_addServiceWithAllowIsolated(AIBinder* binder, binder_exception_t AServiceManager_addServiceWithFlag(AIBinder* binder, const char* instance, const char* instance, const AServiceManager_AddServiceFlag flag) { bool allowIsolated) { if (binder == nullptr || instance == nullptr) { if (binder == nullptr || instance == nullptr) { return EX_ILLEGAL_ARGUMENT; return EX_ILLEGAL_ARGUMENT; } } sp<IServiceManager> sm = defaultServiceManager(); sp<IServiceManager> sm = defaultServiceManager(); bool allowIsolated = flag & AServiceManager_AddServiceFlag::ADD_SERVICE_ALLOW_ISOLATED; status_t exception = sm->addService(String16(instance), binder->getBinder(), allowIsolated); status_t exception = sm->addService(String16(instance), binder->getBinder(), allowIsolated); return PruneException(exception); return PruneException(exception); } } Loading
libs/ui/Gralloc4.cpp +11 −2 Original line number Original line Diff line number Diff line Loading @@ -22,6 +22,8 @@ #include <aidlcommonsupport/NativeHandle.h> #include <aidlcommonsupport/NativeHandle.h> #include <android/binder_enums.h> #include <android/binder_enums.h> #include <android/binder_manager.h> #include <android/binder_manager.h> #include <cutils/android_filesystem_config.h> #include <cutils/multiuser.h> #include <gralloctypes/Gralloc4.h> #include <gralloctypes/Gralloc4.h> #include <hidl/ServiceManagement.h> #include <hidl/ServiceManagement.h> #include <hwbinder/IPCThreadState.h> #include <hwbinder/IPCThreadState.h> Loading Loading @@ -1195,8 +1197,15 @@ Gralloc4Allocator::Gralloc4Allocator(const Gralloc4Mapper& mapper) : mMapper(map mAllocator = IAllocator::getService(); mAllocator = IAllocator::getService(); if (__builtin_available(android 31, *)) { if (__builtin_available(android 31, *)) { if (hasIAllocatorAidl()) { if (hasIAllocatorAidl()) { // TODO(b/269517338): Perform the isolated checking for this in service manager instead. uid_t aid = multiuser_get_app_id(getuid()); if (aid >= AID_ISOLATED_START && aid <= AID_ISOLATED_END) { mAidlAllocator = AidlIAllocator::fromBinder(ndk::SpAIBinder( AServiceManager_getService(kAidlAllocatorServiceName.c_str()))); } else { mAidlAllocator = AidlIAllocator::fromBinder(ndk::SpAIBinder( mAidlAllocator = AidlIAllocator::fromBinder(ndk::SpAIBinder( AServiceManager_waitForService(kAidlAllocatorServiceName.c_str()))); AServiceManager_waitForService(kAidlAllocatorServiceName.c_str()))); } ALOGE_IF(!mAidlAllocator, "AIDL IAllocator declared but failed to get service"); ALOGE_IF(!mAidlAllocator, "AIDL IAllocator declared but failed to get service"); } } } } Loading
