Initial implementation of HostBinder

cmds/servicemanager/Android.mk

@@ -18,8 +18,8 @@ LOCAL_MODULE_TAGS := optional
 include $(BUILD_EXECUTABLE)
 
 include $(CLEAR_VARS)
-LOCAL_SHARED_LIBRARIES := liblog libcutils libselinux
-LOCAL_SRC_FILES := service_manager.c binder.c
+LOCAL_SHARED_LIBRARIES := liblog libcutils libselinux libbinder
+LOCAL_SRC_FILES := service_manager.c binder.c hostbinder.cpp
 LOCAL_CFLAGS += $(svc_c_flags)
 LOCAL_MODULE := servicemanager
 LOCAL_INIT_RC := servicemanager.rc

cmds/servicemanager/binder.c

@@ -226,6 +226,8 @@ int binder_parse(struct binder_state *bs, struct binder_io *bio,
         fprintf(stderr,"%s:\n", cmd_name(cmd));
 #endif
         switch(cmd) {
+        // ananbox: BR_SPAWN_LOOPER is OK
+        case BR_SPAWN_LOOPER:
         case BR_NOOP:
             break;
         case BR_TRANSACTION_COMPLETE:

cmds/servicemanager/hostbinder.cpp

@@ -0,0 +1,6 @@
+#include <binder/HostBinder.h>
+extern "C"
+void publishSVM(binder_state *bs) {
+    android::HostBinder host(bs);
+    host.publishSVM();
+}

cmds/servicemanager/hostbinder.h

@@ -0,0 +1,13 @@
+#ifndef __SVCHOSTBINDER_H__
+#define __SVCHOSTBINDER_H__
+struct binder_state
+{
+    int fd;
+    void *mapped;
+    size_t mapsize;
+};
+#ifdef __cplusplus
+extern "C"
+#endif
+void publishSVM(struct binder_state *bs);
+#endif

cmds/servicemanager/service_manager.c

@@ -16,6 +16,7 @@
 #include <selinux/avc.h>
 
 #include "binder.h"
+#include "hostbinder.h"
 
 #if 0
 #define ALOGI(x...) fprintf(stderr, "svcmgr: " x)
@@ -64,6 +65,7 @@ static int selinux_enabled;
 static char *service_manager_context;
 static struct selabel_handle* sehandle;
 
+#if 0
 static bool check_mac_perms(pid_t spid, uid_t uid, const char *tctx, const char *perm, const char *name)
 {
     char *sctx = NULL;
@@ -142,6 +144,7 @@ static int svc_can_find(const uint16_t *name, size_t name_len, pid_t spid, uid_t
     const char *perm = "find";
     return check_mac_perms_from_lookup(spid, uid, perm, str8(name, name_len)) ? 1 : 0;
 }
+#endif
 
 struct svcinfo
 {
@@ -185,7 +188,7 @@ uint16_t svcmgr_id[] = {
 };
 
 
-uint32_t do_find_service(const uint16_t *s, size_t len, uid_t uid, pid_t spid)
+uint32_t do_find_service(const uint16_t *s, size_t len, uid_t uid,  __attribute__ ((unused)) pid_t spid)
 {
     struct svcinfo *si = find_svc(s, len);
 
@@ -202,17 +205,19 @@ uint32_t do_find_service(const uint16_t *s, size_t len, uid_t uid, pid_t spid)
         }
     }
 
+#if 0
     if (!svc_can_find(s, len, spid, uid)) {
         return 0;
     }
+#endif
 
     return si->handle;
 }
 
 int do_add_service(struct binder_state *bs,
                    const uint16_t *s, size_t len,
                    uint32_t handle, uid_t uid, int allow_isolated,
-                   pid_t spid)
+                   __attribute__ ((unused)) pid_t spid)
 {
     struct svcinfo *si;
 
@@ -221,12 +226,15 @@ int do_add_service(struct binder_state *bs,
 
     if (!handle || (len == 0) || (len > 127))
         return -1;
-
+
+    // Ananbox: disable svc_can_register
+#if 0
     if (!svc_can_register(s, len, spid, uid)) {
         ALOGE("add_service('%s',%x) uid=%d - PERMISSION DENIED\n",
              str8(s, len), handle, uid);
         return -1;
     }
+#endif
 
     si = find_svc(s, len);
     if (si) {
@@ -274,8 +282,11 @@ int svcmgr_handler(struct binder_state *bs,
     //ALOGI("target=%p code=%d pid=%d uid=%d\n",
     //      (void*) txn->target.ptr, txn->code, txn->sender_pid, txn->sender_euid);
 
+    // ananbox: running as virtual servicemanager
+#if 0
     if (txn->target.ptr != BINDER_SERVICE_MANAGER)
         return -1;
+#endif
 
     if (txn->code == PING_TRANSACTION)
         return 0;
@@ -296,13 +307,16 @@ int svcmgr_handler(struct binder_state *bs,
         return -1;
     }
 
+    // Ananbox: disable selinux
+#if 0
     if (sehandle && selinux_status_updated() > 0) {
         struct selabel_handle *tmp_sehandle = selinux_android_service_context_handle();
         if (tmp_sehandle) {
             selabel_close(sehandle);
             sehandle = tmp_sehandle;
         }
     }
+#endif
 
     switch(txn->code) {
     case SVC_MGR_GET_SERVICE:
@@ -332,11 +346,13 @@ int svcmgr_handler(struct binder_state *bs,
     case SVC_MGR_LIST_SERVICES: {
         uint32_t n = bio_get_uint32(msg);
 
+#if 0
         if (!svc_can_list(txn->sender_pid, txn->sender_euid)) {
             ALOGE("list_service() uid=%d - PERMISSION DENIED\n",
                     txn->sender_euid);
             return -1;
         }
+#endif
         si = svclist;
         while ((n-- > 0) && si)
             si = si->next;
@@ -373,16 +389,16 @@ int main()
 {
     struct binder_state *bs;
 
+#if 0
     bs = binder_open(128*1024);
     if (!bs) {
         ALOGE("failed to open binder driver\n");
         return -1;
     }
-
-    if (binder_become_context_manager(bs)) {
-        ALOGE("cannot become context manager (%s)\n", strerror(errno));
-        return -1;
-    }
+#else
+    bs = malloc(sizeof(*bs));
+    publishSVM(bs);
+#endif
 
     selinux_enabled = is_selinux_enabled();
     sehandle = selinux_android_service_context_handle();

include/binder/BpBinder.h

@@ -28,6 +28,7 @@ class BpBinder : public IBinder
 {
 public:
                         BpBinder(int32_t handle);
+                        BpBinder(int32_t handle, bool incWeak);
 
     inline  int32_t     handle() const { return mHandle; }
 

include/binder/HostBinder.h

@@ -0,0 +1,38 @@
+#ifndef __HOSTBINDER_H__
+#define __HOSTBINDER_H__
+#include <utils/RefBase.h>
+#include <binder/HostBinderShim.h>
+struct binder_state
+{
+    int fd;
+    void *mapped;
+    size_t mapsize;
+};
+namespace android {
+    class IBinder;
+    class HostBinder {
+        public:
+            HostBinder(int mDriverFD_);
+            HostBinder(binder_state* bs);
+            sp<IBinder> getSVMObj();
+            void publishSVM();
+        private:
+            int mDriverFD;
+            std::shared_ptr<HostBinderShim> shim;
+            std::shared_ptr<HostBinderShim> getShim();
+    };
+    class LocalBinder : public BBinder
+    {
+        public:
+            sp<IBinder> remoteBinder;
+            LocalBinder(std::shared_ptr<HostBinderShim> &shim_);
+        protected:
+            virtual status_t    onTransact( uint32_t code,
+                    const Parcel& data,
+                    Parcel* reply,
+                    uint32_t flags = 0);
+        private:
+            std::shared_ptr<HostBinderShim> shim;
+    };
+}
+#endif

include/binder/HostBinderShim.h

@@ -0,0 +1,22 @@
+#ifndef __HOSTBINDERSHIM_H__
+#define __HOSTBINDERSHIM_H__
+#include <utils/RefBase.h>
+#include <utils/String16.h>
+#include <binder/IBinder.h>
+#include <binder/Parcel.h>
+namespace android {
+    class Parcel;
+    class IBinder;
+    class HostBinderShim {
+        public:
+            sp<IBinder> getHostAMS(); 
+            virtual void writeInterfaceToken(Parcel &data, String16 name) = 0;
+            virtual void writeIntent(Parcel &out, const char *mPackage, const char *mClass, bool hasBundle) = 0;
+            virtual void writeBroadcastBundle(Parcel &data, const char *key, sp<IBinder> binder) = 0;
+            virtual void broadCastIntent(Parcel &data, const char* key, sp<IBinder> binder) = 0;
+            virtual void sendBroadCast(sp<IBinder> ams, Parcel &data) = 0;
+            virtual void enforceDescriptor(const Parcel &data) = 0;
+            virtual bool needReadStatus() = 0;
+    };
+}
+#endif

include/binder/HostBinderShim30.h

@@ -0,0 +1,16 @@
+#ifndef __HOSTBINDERSHIM30_H__
+#define __HOSTBINDERSHIM30_H__
+#include <binder/HostBinderShim.h>
+namespace android {
+    class HostBinderShim30: public HostBinderShim {
+        public:
+            void writeInterfaceToken(Parcel &data, String16 name);
+            void writeIntent(Parcel &out, const char *mPackage, const char *mClass, bool hasBundle);
+            void writeBroadcastBundle(Parcel &data, const char *key, sp<IBinder> binder);
+            void broadCastIntent(Parcel &data, const char* key, sp<IBinder> binder);
+            void sendBroadCast(sp<IBinder> ams, Parcel &data);
+            void enforceDescriptor(const Parcel &data);
+            bool needReadStatus();
+    };
+}
+#endif

include/binder/IPCThreadState.h

@@ -89,6 +89,7 @@ class IPCThreadState
             void                blockUntilThreadAvailable();
 
 private:
+            friend class HostBinder;
                                 IPCThreadState();
                                 ~IPCThreadState();
 

include/binder/ProcessState.h

@@ -66,6 +66,7 @@ class ProcessState : public virtual RefBase
 
 private:
     friend class IPCThreadState;
+    friend class HostBinder;
 
                                 ProcessState();
                                 ~ProcessState();

libs/binder/Android.mk

@@ -41,13 +41,16 @@ sources := \
     Static.cpp \
     Status.cpp \
     TextOutput.cpp \
+    HostBinder.cpp \
+    HostBinderShim.cpp \
+    HostBinderShim30.cpp
 
 LOCAL_PATH:= $(call my-dir)
 
 include $(CLEAR_VARS)
 LOCAL_MODULE := libbinder
 LOCAL_SHARED_LIBRARIES := liblog libcutils libutils
-
+#LOCAL_SHARED_LIBRARIES += libananbox
 LOCAL_CLANG := true
 LOCAL_SANITIZE := integer
 LOCAL_SRC_FILES := $(sources)
@@ -62,6 +65,7 @@ include $(BUILD_SHARED_LIBRARY)
 include $(CLEAR_VARS)
 LOCAL_MODULE := libbinder
 LOCAL_STATIC_LIBRARIES += libutils
+#LOCAL_WHOLE_STATIC_LIBRARIES += libananbox
 LOCAL_SRC_FILES := $(sources)
 ifneq ($(TARGET_USES_64_BIT_BINDER),true)
 ifneq ($(TARGET_IS_64_BIT),true)

libs/binder/BpBinder.cpp

@@ -99,6 +99,19 @@ BpBinder::BpBinder(int32_t handle)
     IPCThreadState::self()->incWeakHandle(handle);
 }
 
+BpBinder::BpBinder(int32_t handle, bool incWeak)
+    : mHandle(handle)
+    , mAlive(1)
+    , mObitsSent(0)
+    , mObituaries(NULL)
+{
+    ALOGV("Creating BpBinder %p handle %d\n", this, mHandle);
+
+    extendObjectLifetime(OBJECT_LIFETIME_WEAK);
+    if (incWeak)
+        IPCThreadState::self()->incWeakHandle(handle);
+}
+
 bool BpBinder::isDescriptorCached() const {
     Mutex::Autolock _l(mLock);
     return mDescriptorCache.size() ? true : false;