diff options
| -rw-r--r-- | libs/binder/Android.bp | 6 | ||||
| -rw-r--r-- | libs/binder/Binder.cpp | 96 | ||||
| -rw-r--r-- | libs/binder/BinderRecordReplay.cpp | 185 | ||||
| -rw-r--r-- | libs/binder/BpBinder.cpp | 14 | ||||
| -rw-r--r-- | libs/binder/include/binder/Binder.h | 8 | ||||
| -rw-r--r-- | libs/binder/include/binder/BinderRecordReplay.h | 80 | ||||
| -rw-r--r-- | libs/binder/include/binder/BpBinder.h | 7 | ||||
| -rw-r--r-- | libs/binder/include/binder/IBinder.h | 2 |
8 files changed, 395 insertions, 3 deletions
diff --git a/libs/binder/Android.bp b/libs/binder/Android.bp index 7080c7b958..df965ab65f 100644 --- a/libs/binder/Android.bp +++ b/libs/binder/Android.bp @@ -76,6 +76,7 @@ cc_defaults { srcs: [ "Binder.cpp", + "BinderRecordReplay.cpp", "BpBinder.cpp", "Debug.cpp", "FdTrigger.cpp", @@ -148,7 +149,10 @@ cc_defaults { }, debuggable: { - cflags: ["-DBINDER_RPC_DEV_SERVERS"], + cflags: [ + "-DBINDER_RPC_DEV_SERVERS", + "-DBINDER_ENABLE_RECORDING", + ], }, }, diff --git a/libs/binder/Binder.cpp b/libs/binder/Binder.cpp index 402995717c..481d704f1c 100644 --- a/libs/binder/Binder.cpp +++ b/libs/binder/Binder.cpp @@ -21,6 +21,7 @@ #include <android-base/logging.h> #include <android-base/unique_fd.h> +#include <binder/BinderRecordReplay.h> #include <binder/BpBinder.h> #include <binder/IInterface.h> #include <binder/IPCThreadState.h> @@ -28,7 +29,9 @@ #include <binder/IShellCallback.h> #include <binder/Parcel.h> #include <binder/RpcServer.h> +#include <cutils/compiler.h> #include <private/android_filesystem_config.h> +#include <pthread.h> #include <utils/misc.h> #include <inttypes.h> @@ -60,6 +63,12 @@ bool kEnableRpcDevServers = true; bool kEnableRpcDevServers = false; #endif +#ifdef BINDER_ENABLE_RECORDING +bool kEnableRecording = true; +#else +bool kEnableRecording = false; +#endif + // Log any reply transactions for which the data exceeds this size #define LOG_REPLIES_OVER_SIZE (300 * 1024) // --------------------------------------------------------------------------- @@ -265,11 +274,13 @@ public: Mutex mLock; std::set<sp<RpcServerLink>> mRpcServerLinks; BpBinder::ObjectManager mObjects; + + android::base::unique_fd mRecordingFd; }; // --------------------------------------------------------------------------- -BBinder::BBinder() : mExtras(nullptr), mStability(0), mParceled(false) {} +BBinder::BBinder() : mExtras(nullptr), mStability(0), mParceled(false), mRecordingOn(false) {} bool BBinder::isBinderAlive() const { @@ -281,6 +292,63 @@ status_t BBinder::pingBinder() return NO_ERROR; } +status_t BBinder::startRecordingTransactions(const Parcel& data) { + if (!kEnableRecording) { + ALOGW("Binder recording disallowed because recording is not enabled"); + return INVALID_OPERATION; + } + if (!kEnableKernelIpc) { + ALOGW("Binder recording disallowed because kernel binder is not enabled"); + return INVALID_OPERATION; + } + uid_t uid = IPCThreadState::self()->getCallingUid(); + if (uid != AID_ROOT) { + ALOGE("Binder recording not allowed because client %" PRIu32 " is not root", uid); + return PERMISSION_DENIED; + } + Extras* e = getOrCreateExtras(); + AutoMutex lock(e->mLock); + if (mRecordingOn) { + LOG(INFO) << "Could not start Binder recording. Another is already in progress."; + return INVALID_OPERATION; + } else { + status_t readStatus = data.readUniqueFileDescriptor(&(e->mRecordingFd)); + if (readStatus != OK) { + return readStatus; + } + mRecordingOn = true; + LOG(INFO) << "Started Binder recording."; + return NO_ERROR; + } +} + +status_t BBinder::stopRecordingTransactions() { + if (!kEnableRecording) { + ALOGW("Binder recording disallowed because recording is not enabled"); + return INVALID_OPERATION; + } + if (!kEnableKernelIpc) { + ALOGW("Binder recording disallowed because kernel binder is not enabled"); + return INVALID_OPERATION; + } + uid_t uid = IPCThreadState::self()->getCallingUid(); + if (uid != AID_ROOT) { + ALOGE("Binder recording not allowed because client %" PRIu32 " is not root", uid); + return PERMISSION_DENIED; + } + Extras* e = getOrCreateExtras(); + AutoMutex lock(e->mLock); + if (mRecordingOn) { + e->mRecordingFd.reset(); + mRecordingOn = false; + LOG(INFO) << "Stopped Binder recording."; + return NO_ERROR; + } else { + LOG(INFO) << "Could not stop Binder recording. One is not in progress."; + return INVALID_OPERATION; + } +} + const String16& BBinder::getInterfaceDescriptor() const { static StaticString16 sBBinder(u"BBinder"); @@ -303,6 +371,12 @@ status_t BBinder::transact( case PING_TRANSACTION: err = pingBinder(); break; + case START_RECORDING_TRANSACTION: + err = startRecordingTransactions(data); + break; + case STOP_RECORDING_TRANSACTION: + err = stopRecordingTransactions(); + break; case EXTENSION_TRANSACTION: CHECK(reply != nullptr); err = reply->writeStrongBinder(getExtension()); @@ -329,6 +403,26 @@ status_t BBinder::transact( } } + if (CC_UNLIKELY(kEnableKernelIpc && mRecordingOn && code != START_RECORDING_TRANSACTION)) { + Extras* e = mExtras.load(std::memory_order_acquire); + AutoMutex lock(e->mLock); + if (mRecordingOn) { + Parcel emptyReply; + auto transaction = + android::binder::debug::RecordedTransaction::fromDetails(code, flags, data, + reply ? *reply + : emptyReply, + err); + if (transaction) { + if (status_t err = transaction->dumpToFile(e->mRecordingFd); err != NO_ERROR) { + LOG(INFO) << "Failed to dump RecordedTransaction to file with error " << err; + } + } else { + LOG(INFO) << "Failed to create RecordedTransaction object."; + } + } + } + return err; } diff --git a/libs/binder/BinderRecordReplay.cpp b/libs/binder/BinderRecordReplay.cpp new file mode 100644 index 0000000000..90c02a80b9 --- /dev/null +++ b/libs/binder/BinderRecordReplay.cpp @@ -0,0 +1,185 @@ +/* + * Copyright (C) 2022, The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <android-base/file.h> +#include <android-base/logging.h> +#include <binder/BinderRecordReplay.h> +#include <algorithm> + +using android::Parcel; +using android::base::unique_fd; +using android::binder::debug::RecordedTransaction; + +#define PADDING8(s) ((8 - (s) % 8) % 8) + +static_assert(PADDING8(0) == 0); +static_assert(PADDING8(1) == 7); +static_assert(PADDING8(7) == 1); +static_assert(PADDING8(8) == 0); + +// Transactions are sequentially recorded to the file descriptor in the following format: +// +// RecordedTransaction.TransactionHeader (32 bytes) +// Sent Parcel data (getDataSize() bytes) +// padding (enough bytes to align the reply Parcel data to 8 bytes) +// Reply Parcel data (getReplySize() bytes) +// padding (enough bytes to align the next header to 8 bytes) +// [repeats with next transaction] +// +// Warning: This format is non-stable + +RecordedTransaction::RecordedTransaction(RecordedTransaction&& t) noexcept { + mHeader = {t.getCode(), t.getFlags(), t.getDataSize(), + t.getReplySize(), t.getReturnedStatus(), t.getVersion()}; + mSent.setData(t.getDataParcel().data(), t.getDataSize()); + mReply.setData(t.getReplyParcel().data(), t.getReplySize()); +} + +std::optional<RecordedTransaction> RecordedTransaction::fromDetails(uint32_t code, uint32_t flags, + const Parcel& dataParcel, + const Parcel& replyParcel, + status_t err) { + RecordedTransaction t; + t.mHeader = {code, + flags, + static_cast<uint64_t>(dataParcel.dataSize()), + static_cast<uint64_t>(replyParcel.dataSize()), + static_cast<int32_t>(err), + dataParcel.isForRpc() ? static_cast<uint32_t>(1) : static_cast<uint32_t>(0)}; + + if (t.mSent.setData(dataParcel.data(), t.getDataSize()) != android::NO_ERROR) { + LOG(INFO) << "Failed to set sent parcel data."; + return std::nullopt; + } + + if (t.mReply.setData(replyParcel.data(), t.getReplySize()) != android::NO_ERROR) { + LOG(INFO) << "Failed to set reply parcel data."; + return std::nullopt; + } + + return std::optional<RecordedTransaction>(std::move(t)); +} + +std::optional<RecordedTransaction> RecordedTransaction::fromFile(const unique_fd& fd) { + RecordedTransaction t; + if (!android::base::ReadFully(fd, &t.mHeader, sizeof(mHeader))) { + LOG(INFO) << "Failed to read transactionHeader from fd " << fd.get(); + return std::nullopt; + } + if (t.getVersion() != 0) { + LOG(INFO) << "File corrupted: transaction version is not 0."; + return std::nullopt; + } + + std::vector<uint8_t> bytes; + bytes.resize(t.getDataSize()); + if (!android::base::ReadFully(fd, bytes.data(), t.getDataSize())) { + LOG(INFO) << "Failed to read sent parcel data from fd " << fd.get(); + return std::nullopt; + } + if (t.mSent.setData(bytes.data(), t.getDataSize()) != android::NO_ERROR) { + LOG(INFO) << "Failed to set sent parcel data."; + return std::nullopt; + } + + uint8_t padding[7]; + if (!android::base::ReadFully(fd, padding, PADDING8(t.getDataSize()))) { + LOG(INFO) << "Failed to read sent parcel padding from fd " << fd.get(); + return std::nullopt; + } + if (std::any_of(padding, padding + 7, [](uint8_t i) { return i != 0; })) { + LOG(INFO) << "File corrupted: padding isn't 0."; + return std::nullopt; + } + + bytes.resize(t.getReplySize()); + if (!android::base::ReadFully(fd, bytes.data(), t.getReplySize())) { + LOG(INFO) << "Failed to read reply parcel data from fd " << fd.get(); + return std::nullopt; + } + if (t.mReply.setData(bytes.data(), t.getReplySize()) != android::NO_ERROR) { + LOG(INFO) << "Failed to set reply parcel data."; + return std::nullopt; + } + + if (!android::base::ReadFully(fd, padding, PADDING8(t.getReplySize()))) { + LOG(INFO) << "Failed to read parcel padding from fd " << fd.get(); + return std::nullopt; + } + if (std::any_of(padding, padding + 7, [](uint8_t i) { return i != 0; })) { + LOG(INFO) << "File corrupted: padding isn't 0."; + return std::nullopt; + } + + return std::optional<RecordedTransaction>(std::move(t)); +} + +android::status_t RecordedTransaction::dumpToFile(const unique_fd& fd) const { + if (!android::base::WriteFully(fd, &mHeader, sizeof(mHeader))) { + LOG(INFO) << "Failed to write transactionHeader to fd " << fd.get(); + return UNKNOWN_ERROR; + } + if (!android::base::WriteFully(fd, mSent.data(), getDataSize())) { + LOG(INFO) << "Failed to write sent parcel data to fd " << fd.get(); + return UNKNOWN_ERROR; + } + const uint8_t zeros[7] = {0}; + if (!android::base::WriteFully(fd, zeros, PADDING8(getDataSize()))) { + LOG(INFO) << "Failed to write sent parcel padding to fd " << fd.get(); + return UNKNOWN_ERROR; + } + if (!android::base::WriteFully(fd, mReply.data(), getReplySize())) { + LOG(INFO) << "Failed to write reply parcel data to fd " << fd.get(); + return UNKNOWN_ERROR; + } + if (!android::base::WriteFully(fd, zeros, PADDING8(getReplySize()))) { + LOG(INFO) << "Failed to write reply parcel padding to fd " << fd.get(); + return UNKNOWN_ERROR; + } + return NO_ERROR; +} + +uint32_t RecordedTransaction::getCode() const { + return mHeader.code; +} + +uint32_t RecordedTransaction::getFlags() const { + return mHeader.flags; +} + +uint64_t RecordedTransaction::getDataSize() const { + return mHeader.dataSize; +} + +uint64_t RecordedTransaction::getReplySize() const { + return mHeader.replySize; +} + +int32_t RecordedTransaction::getReturnedStatus() const { + return mHeader.statusReturned; +} + +uint32_t RecordedTransaction::getVersion() const { + return mHeader.version; +} + +const Parcel& RecordedTransaction::getDataParcel() const { + return mSent; +} + +const Parcel& RecordedTransaction::getReplyParcel() const { + return mReply; +} diff --git a/libs/binder/BpBinder.cpp b/libs/binder/BpBinder.cpp index d9b723108e..54d24457d4 100644 --- a/libs/binder/BpBinder.cpp +++ b/libs/binder/BpBinder.cpp @@ -30,6 +30,8 @@ #include "BuildFlags.h" +#include <android-base/file.h> + //#undef ALOGV //#define ALOGV(...) fprintf(stderr, __VA_ARGS__) @@ -299,6 +301,18 @@ status_t BpBinder::pingBinder() return transact(PING_TRANSACTION, data, &reply); } +status_t BpBinder::startRecordingBinder(const android::base::unique_fd& fd) { + Parcel send, reply; + send.writeUniqueFileDescriptor(fd); + return transact(START_RECORDING_TRANSACTION, send, &reply); +} + +status_t BpBinder::stopRecordingBinder() { + Parcel data, reply; + data.markForBinder(sp<BpBinder>::fromExisting(this)); + return transact(STOP_RECORDING_TRANSACTION, data, &reply); +} + status_t BpBinder::dump(int fd, const Vector<String16>& args) { Parcel send; diff --git a/libs/binder/include/binder/Binder.h b/libs/binder/include/binder/Binder.h index 88d9ca1d58..08dbd13bf4 100644 --- a/libs/binder/include/binder/Binder.h +++ b/libs/binder/include/binder/Binder.h @@ -105,6 +105,12 @@ public: [[nodiscard]] status_t setRpcClientDebug(android::base::unique_fd clientFd, const sp<IBinder>& keepAliveBinder); + // Start recording transactions to the unique_fd in data. + // See BinderRecordReplay.h for more details. + [[nodiscard]] status_t startRecordingTransactions(const Parcel& data); + // Stop the current recording. + [[nodiscard]] status_t stopRecordingTransactions(); + protected: virtual ~BBinder(); @@ -131,7 +137,7 @@ private: friend ::android::internal::Stability; int16_t mStability; bool mParceled; - uint8_t mReserved0; + bool mRecordingOn; #ifdef __LP64__ int32_t mReserved1; diff --git a/libs/binder/include/binder/BinderRecordReplay.h b/libs/binder/include/binder/BinderRecordReplay.h new file mode 100644 index 0000000000..25ed5e5ff8 --- /dev/null +++ b/libs/binder/include/binder/BinderRecordReplay.h @@ -0,0 +1,80 @@ +/* + * Copyright (C) 2022, The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include <android-base/unique_fd.h> +#include <binder/Parcel.h> +#include <mutex> + +namespace android { + +namespace binder::debug { + +// Warning: Transactions are sequentially recorded to the file descriptor in a +// non-stable format. A detailed description of the recording format can be found in +// BinderRecordReplay.cpp. + +class RecordedTransaction { +public: + // Filled with the first transaction from fd. + static std::optional<RecordedTransaction> fromFile(const android::base::unique_fd& fd); + // Filled with the arguments. + static std::optional<RecordedTransaction> fromDetails(uint32_t code, uint32_t flags, + const Parcel& data, const Parcel& reply, + status_t err); + RecordedTransaction(RecordedTransaction&& t) noexcept; + + [[nodiscard]] status_t dumpToFile(const android::base::unique_fd& fd) const; + + uint32_t getCode() const; + uint32_t getFlags() const; + uint64_t getDataSize() const; + uint64_t getReplySize() const; + int32_t getReturnedStatus() const; + uint32_t getVersion() const; + const Parcel& getDataParcel() const; + const Parcel& getReplyParcel() const; + +private: + RecordedTransaction() = default; + +#pragma clang diagnostic push +#pragma clang diagnostic error "-Wpadded" + struct TransactionHeader { + uint32_t code = 0; + uint32_t flags = 0; + uint64_t dataSize = 0; + uint64_t replySize = 0; + int32_t statusReturned = 0; + uint32_t version = 0; // !0 iff Rpc + }; +#pragma clang diagnostic pop + static_assert(sizeof(TransactionHeader) == 32); + static_assert(sizeof(TransactionHeader) % 8 == 0); + + TransactionHeader mHeader; + Parcel mSent; + Parcel mReply; +#pragma clang diagnostic push +#pragma clang diagnostic ignored "-Wunused-private-field" + uint8_t mReserved[40]; +#pragma clang diagnostic pop +}; + +} // namespace binder::debug + +} // namespace android diff --git a/libs/binder/include/binder/BpBinder.h b/libs/binder/include/binder/BpBinder.h index 4172cc511e..57e103d39e 100644 --- a/libs/binder/include/binder/BpBinder.h +++ b/libs/binder/include/binder/BpBinder.h @@ -16,6 +16,7 @@ #pragma once +#include <android-base/unique_fd.h> #include <binder/IBinder.h> #include <utils/Mutex.h> @@ -89,6 +90,12 @@ public: std::optional<int32_t> getDebugBinderHandle() const; + // Start recording transactions to the unique_fd. + // See BinderRecordReplay.h for more details. + status_t startRecordingBinder(const android::base::unique_fd& fd); + // Stop the current recording. + status_t stopRecordingBinder(); + class ObjectManager { public: ObjectManager(); diff --git a/libs/binder/include/binder/IBinder.h b/libs/binder/include/binder/IBinder.h index 83aaca7f95..e75d548bd8 100644 --- a/libs/binder/include/binder/IBinder.h +++ b/libs/binder/include/binder/IBinder.h @@ -56,6 +56,8 @@ public: LAST_CALL_TRANSACTION = 0x00ffffff, PING_TRANSACTION = B_PACK_CHARS('_', 'P', 'N', 'G'), + START_RECORDING_TRANSACTION = B_PACK_CHARS('_', 'S', 'R', 'D'), + STOP_RECORDING_TRANSACTION = B_PACK_CHARS('_', 'E', 'R', 'D'), DUMP_TRANSACTION = B_PACK_CHARS('_', 'D', 'M', 'P'), SHELL_COMMAND_TRANSACTION = B_PACK_CHARS('_', 'C', 'M', 'D'), INTERFACE_TRANSACTION = B_PACK_CHARS('_', 'N', 'T', 'F'), |