Google Git
Sign in
android / platform / system / netd / 4a8b7fb767ad4e1dec7987511ac85dfeb6b83109 / . / include / binder_utils / BinderUtil.h
blob: 92754c81b7b271cd21d11a7ed4a7e4aa1ec11baf [file] [log] [blame]
/*
* Copyright (C) 2019 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#pragma once
#include "NetdPermissions.h"
#include <android-base/stringprintf.h>
#include <android-base/strings.h>
#include <binder/IPCThreadState.h>
#include <binder/IServiceManager.h>
#include <binder/Status.h>
#include <fmt/format.h>
#include <private/android_filesystem_config.h>
#ifdef ANDROID_BINDER_STATUS_H
#define IS_BINDER_OK(__ex__) (__ex__ == ::android::binder::Status::EX_NONE)
#define EXCEPTION_TO_STRING(__ex__, str) \
case ::android::binder::Status::__ex__: \
return str;
#define TO_EXCEPTION(__ex__) __ex__;
#else
#define IS_BINDER_OK(__ex__) (AStatus_isOk(AStatus_fromExceptionCode(__ex__)))
#define EXCEPTION_TO_STRING(__ex__, str) \
case __ex__: \
return str;
#define TO_EXCEPTION(__ex__) AStatus_getExceptionCode(AStatus_fromExceptionCode(__ex__));
#endif
inline std::string exceptionToString(int32_t exception) {
switch (exception) {
EXCEPTION_TO_STRING(EX_SECURITY, "SecurityException")
EXCEPTION_TO_STRING(EX_BAD_PARCELABLE, "BadParcelableException")
EXCEPTION_TO_STRING(EX_ILLEGAL_ARGUMENT, "IllegalArgumentException")
EXCEPTION_TO_STRING(EX_NULL_POINTER, "NullPointerException")
EXCEPTION_TO_STRING(EX_ILLEGAL_STATE, "IllegalStateException")
EXCEPTION_TO_STRING(EX_NETWORK_MAIN_THREAD, "NetworkMainThreadException")
EXCEPTION_TO_STRING(EX_UNSUPPORTED_OPERATION, "UnsupportedOperationException")
EXCEPTION_TO_STRING(EX_SERVICE_SPECIFIC, "ServiceSpecificException")
EXCEPTION_TO_STRING(EX_PARCELABLE, "ParcelableException")
EXCEPTION_TO_STRING(EX_TRANSACTION_FAILED, "TransactionFailedException")
default:
return "UnknownException";
}
}
using LogFn = std::function<void(const std::string& msg)>;
template <typename LogType>
void binderCallLogFn(const LogType& log, const LogFn& logFn) {
using namespace std::string_literals;
bool hasReturnArgs;
std::string output;
hasReturnArgs = !log.result.empty();
output.append(log.method_name + "("s);
// input args
for (size_t i = 0; i < log.input_args.size(); ++i) {
output.append(log.input_args[i].second);
if (i != log.input_args.size() - 1) {
output.append(", "s);
}
}
output.append(")"s);
const int exceptionCode = TO_EXCEPTION(log.exception_code);
if (hasReturnArgs || !IS_BINDER_OK(exceptionCode)) {
output.append(" -> "s);
}
// return status
if (!IS_BINDER_OK(exceptionCode)) {
// an exception occurred
const int errCode = log.service_specific_error_code;
output.append(fmt::format("{}({}, \"{}\")", exceptionToString(exceptionCode),
(errCode != 0) ? errCode : exceptionCode, log.exception_message));
}
// return args
if (hasReturnArgs) {
output.append("{" + log.result + "}");
}
// duration time
output.append(fmt::format(" <{:.2f}ms>", log.duration_ms));
// escape newline characters to avoid multiline log entries
logFn(::android::base::StringReplace(output, "\n", "\\n", true));
}
// The input permissions should be equivalent that this function would return ok if any of them is
// granted.
inline android::binder::Status checkAnyPermission(const std::vector<const char*>& permissions) {
pid_t pid = android::IPCThreadState::self()->getCallingPid();
uid_t uid = android::IPCThreadState::self()->getCallingUid();
// TODO: Do the pure permission check in this function. Have another method
// (e.g. checkNetworkStackPermission) to wrap AID_SYSTEM and
// AID_NETWORK_STACK uid check.
// If the caller is the system UID, don't check permissions.
// Otherwise, if the system server's binder thread pool is full, and all the threads are
// blocked on a thread that's waiting for us to complete, we deadlock. http://b/69389492
//
// From a security perspective, there is currently no difference, because:
// 1. The system server has the NETWORK_STACK permission, which grants access to all the
// IPCs in this file.
// 2. AID_SYSTEM always has all permissions. See ActivityManager#checkComponentPermission.
if (uid == AID_SYSTEM) {
return android::binder::Status::ok();
}
// AID_NETWORK_STACK own MAINLINE_NETWORK_STACK permission, don't IPC to system server to check
// MAINLINE_NETWORK_STACK permission. Cross-process(netd, networkstack and system server)
// deadlock: http://b/149766727
if (uid == AID_NETWORK_STACK) {
for (const char* permission : permissions) {
if (std::strcmp(permission, PERM_MAINLINE_NETWORK_STACK) == 0) {
return android::binder::Status::ok();
}
}
}
for (const char* permission : permissions) {
if (checkPermission(android::String16(permission), pid, uid)) {
return android::binder::Status::ok();
}
}
auto err = android::base::StringPrintf(
"UID %d / PID %d does not have any of the following permissions: %s", uid, pid,
android::base::Join(permissions, ',').c_str());
return android::binder::Status::fromExceptionCode(android::binder::Status::EX_SECURITY,
err.c_str());
}
inline android::binder::Status statusFromErrcode(int ret) {
if (ret) {
return android::binder::Status::fromServiceSpecificError(-ret, strerror(-ret));
}
return android::binder::Status::ok();
}