diff options
| author | 2019-08-05 20:30:14 -0700 | |
|---|---|---|
| committer | 2019-08-07 10:03:09 -0700 | |
| commit | c709dd898617f795e5cccff9aa482423a162f0dd (patch) | |
| tree | b535aea1ff956f7bab53780885953c760a9d36bb /libs/binder/Stability.cpp | |
| parent | 8c5dd6de2c30b1e0250fb725993864183050f25e (diff) | |
libbinder: stability check moved to trans time
Before: stability check done when binder is read from a parcel
After: stability check done when binder is transacted on
Why this change is being made/benefits:
- vendor binders can be used as tokens in system context
- pingBinder/interfaceChain/etc.. can be done on vendor binders in a
system context, so code can generically operate on binders. This is
particularly useful for service manager and dumpstate, which previously
I was going to special-case
- policy on which binders go where is entirely reliant on SELinux
whereas before there were additional runtime restrictions
Cons to this change:
- allowed binders must be determined by context. BpBinder now checks
stability based on kLocalStability. More work would need to be done to
get this working with APEX.
Bug: 136027762
Test: binderStabilityTest
Change-Id: Iff026e81a130dbb8885ca82ec24e69a5768847eb
Merged-In: Iff026e81a130dbb8885ca82ec24e69a5768847eb
Diffstat (limited to 'libs/binder/Stability.cpp')
| -rw-r--r-- | libs/binder/Stability.cpp | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/libs/binder/Stability.cpp b/libs/binder/Stability.cpp index 0a10a1d354..b6f10c8759 100644 --- a/libs/binder/Stability.cpp +++ b/libs/binder/Stability.cpp @@ -32,6 +32,11 @@ void Stability::debugLogStability(const std::string& tag, const sp<IBinder>& bin ALOGE("%s: stability is %s", tag.c_str(), stabilityString(get(binder.get())).c_str()); } +void Stability::markVndk(IBinder* binder) { + status_t result = set(binder, Level::VENDOR, true /*log*/); + LOG_ALWAYS_FATAL_IF(result != OK, "Should only mark known object."); +} + void Stability::tryMarkCompilationUnit(IBinder* binder) { (void) set(binder, kLocalStability, false /*log*/); } @@ -95,9 +100,9 @@ bool Stability::check(int32_t provided, Level required) { } if (!stable) { - ALOGE("Interface with %s cannot accept interface with %s.", - stabilityString(required).c_str(), - stabilityString(provided).c_str()); + ALOGE("Cannot do a user transaction on a %s binder in a %s context.", + stabilityString(provided).c_str(), + stabilityString(required).c_str()); } return stable; |