summaryrefslogtreecommitdiff
path: root/libs/binder/Parcel.cpp
AgeCommit message (Collapse)Author
2025-09-18[SP 2025-09-01] Protect objects in Parcel::appendFrom Devin Moore
* only aquire objects within the range supplied to appendFrom * don't append over existing objects * unset the mObjectsSorted flag a couple more cases * keep mObjectPositions sorted Flag: EXEMPT bug fix Ignore-AOSP-First: security fix Test: binder_parcel_fuzzer Bug: 402319736 Change-Id: I63715fdd81781aaf04f5fc0cb8bdb74c09d5d807 (cherry picked from commit 28e7af08b92e7b97f46d8ecd88ebd3f27a065e08)
2025-03-19Check mDataPos to see if the Parcel needs to grow Devin Moore
Flag: EXEMPT bug fix Ignore-AOSP-First: security fix Test: atest binderUnitTest Bug: 399155883 Change-Id: I38b755ca3381cfca3300292873f763823fbf169b
2025-01-28Merge "Enable compilation of libbinder on Fuchsia" into main am: 7317ccbb67 ↵ Kevin Lindkvist
am: fcfe040991 Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/3459704 Change-Id: I7af7ff3260fcb5b8e05a1897ad1e537d34ccdc06 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2025-01-28Enable compilation of libbinder on Fuchsia Kevin Lindkvist
This ensures that getMinSchedulerPolicy and getMinSchedulerPriority are only called on Linux as they are only defined here. This replaces some __ANDROID__ ifdef's with BINDER_WITH_KERNEL_IPC. Change-Id: Idec83bf1715ac3c62ac7a849aa188aa491a19fda
2025-01-21Merge "trusty: Don't generate errors for new lints in clang/LLVM 19" into ↵ Treehugger Robot
main am: 17e176aca1 am: 9838df8114 Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/3453157 Change-Id: I21aa16d0a76de77634a123a78f6e2707475dd91e Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2025-01-21trusty: Don't generate errors for new lints in clang/LLVM 19 Per Larsen
clang/LLVM 19 triggers a new lint (-Wunused-but-set-variable) when building Parcel.cpp for Trusty because `BINDER_WITH_KERNEL_IPC` is not defined. Trusty neededs to roll to clang 19 to match the version of LLVM used to build Rust 1.82. The lints are raised because some variables are set but unused whenever BINDER_WITH_KERNEL_IPC is undefined. Since the lints are not surfacing actual problems, silence them by adding no-op uses. Bug: 390243478 Test: Treehugger Test: build Trusty with prebuilt clang-r536225 Change-Id: Ib45a21b79ca87f5467b67d0d9179cdfb2e4c0331
2025-01-06Merge "libbinder: remove obsolete getBlobAshmemSize" into main am: ↵ Treehugger Robot
1656f6ba83 am: 03c58c3e54 Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/3434384 Change-Id: I6419d7c5698c36b4087d80c607212f677561ff7c Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2025-01-06Merge "libbinder: remove obsolete getBlobAshmemSize" into main Treehugger Robot
2025-01-06Merge "libbinder: remove unique_ptr FD APIs." into main am: 0ed1176ada am: ↵ Treehugger Robot
06ed0c9a69 Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/3434706 Change-Id: Iefdb9c8b0102e0ae69b21accab8ffbb98e897715 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-12-30libbinder: remove unique_ptr FD APIs. Steven Moreland
There are many deprecated APIs here, and mkate@'s data indicates they aren't used. Going ahead and trying to remove one of them to see what happens. Bug: N/A Test: N/A Change-Id: I91b38fbe88a6e4ece3d261f32e93f45de2a6a0fb
2024-12-30libbinder: remove obsolete getBlobAshmemSize Steven Moreland
This used to be referenced by some prebuilts, but should be able to remove now. Bug: N/A Test: N/A Change-Id: I77306c123bf3535d7a0cb7857e1e1d99d3c1c7d4
2024-12-16binder_parcel_fuzzer: support owned Parcels Steven Moreland
Some codepaths in Parcel are different when the Parcel is owned. This allows fillRandomParcel to also sometimes cause the returned Parcel be a view of a filled out Parcel. This increases the possible impact and bug finding abilities of all of our AIDL fuzzers as well. Ignore-AOSP-First: fuzzing Bug: 369404061 Test: binder_parcel_fuzzer Change-Id: Ib19a0cbd74d48e18ba36cff56202541105ef9163
2024-12-16libbinder: remove overeager fdsan crash Steven Moreland
In the continueWrite case, if a Parcel contians FDs, we try to tag the FDs we own in Parcel a second time. This causes a crash. Bug: 384097481 Test: with fuzzer, on device and host Ignore-AOSP-First: fuzzing Change-Id: I01b2312c316fa457781a4a0c1a81bfd845d0e60e
2024-12-13Parcel: Avoid realloc on owned Parcels. Steven Moreland
Continuation of support to allow 'write' calls on Parcel objects in any state. That is, any call on any Parcel API in any state should be valid. Bug: 382799130 Test: with fuzzer Change-Id: Ib139ee941f070724fb61ecb3ada2fc689545b11b
2024-11-22readCString: implemented with readInplace Steven Moreland
All read logic must go through and be validated in the same few places. Bug: 376674798 Test: binderClearBufTest covers this, and in presubmit Change-Id: Icc0ade84b671ecd3026069d8f672ff254d58e995
2024-10-22Merge "libbinder: statusToString for status_t errors" into main am: ↵ Treehugger Robot
8a482fd1ad am: c16271ca4d Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/3316036 Change-Id: I2281aebd6b6a09939941bd60c47cfd28ad0b8b42 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-10-22libbinder: statusToString for status_t errors Steven Moreland
'-status' for status=UNKNOWN_ERROR is UB, since that is min integer. To avoid this, use the better function which will also avoid this area. Only the cases that matter are cleaned up. Fixes: 354371732 Test: build Change-Id: I0a71cd2c04680221191c7d926a64bda08012951f
2024-10-09Merge "libbinder: Parcel: validate read data before write" into main Steven Moreland
2024-10-08binder: fix FD handling in continueWrite Frederick Mayle
Only close FDs within the truncated part of the parcel. This change also fixes a bug where a parcel truncated into the middle of an object would not properly free that object. That could have resulted in an OOB access in `Parcel::truncateRpcObjects`, so more bounds checking is added. The new tests show how to reproduce the bug by appending to or partially truncating Parcels owned by the kernel. Two cases are disabled because of a bug in the Parcel fdsan code (b/370824489). Flag: EXEMPT bugfix Ignore-AOSP-First: security fix Bug: 239222407, 359179312 Test: atest binderLibTest Change-Id: Iadf7e2e98e3eb97c56ec2fed2b49d1e6492af9a3
2024-10-03Merge "libbinder: better object logs" into main Steven Moreland
2024-10-02Merge "libbinder: remove writeUnpadded" into main Steven Moreland
2024-10-02libbinder: better object logs Steven Moreland
Separate patch, b/c won't be backported Bug: 370840874 Test: N/A Ignore-AOSP-First: security related Change-Id: Iefc49398bab70e7255346dd4a0375b11edc1c159
2024-10-02libbinder: remove writeUnpadded Steven Moreland
Unused. Ignore-AOSP-First: security related Bug: 328161314 Test: build Change-Id: I751b8e23c02967dc422f5cd8f696e297bcc5c051
2024-10-02libbinder: Parcel: validate read data before write Steven Moreland
This is slow, but it's required to prevent memory corruption. Ignore-AOSP-First: security Bug: 370840874 Test: fuzzer Change-Id: Ibc5566ade0389221690dc90324f93394cf7fc9a5
2024-10-02libbinder: Parcel: grow rejects large data pos Steven Moreland
This is unexpected behavior so throw an error. Allocating this much memory may cause OOM or other issues. Bug: 370831157 Test: fuzzer Change-Id: Iea0884ca61b08e52e6a6e9c66693e427cb5536f4
2024-09-30libbinder Parcel: compareData const. Steven Moreland
This API should probably be removed because it's a derivative API, but it also does not modify the Parcel, so quick fix. Bugs: me Test: build Change-Id: I4732360f8cbd53491520dd2cb028c13279995dab
2024-08-28Merge "Mark the return of munmap() as unused." into main am: 7153373983 Mike McTernan
Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/3244900 Change-Id: I7f6e76a0537355440cfbd7d71b0bf378d2d38dcb Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-08-28Mark the return of munmap() as unused. Mike McTernan
Allow munmap() to be marked with nodiscard / warn_unused_result attribute without causing a warning or error here. Bug: 361754857 Test: build.py Change-Id: I49f85c79c8741b28e5baca35431a59288e07d862
2024-07-09Merge "libbinder: Add log when FDs aren't supported in RpcSession" into main ↵ Treehugger Robot
am: f5883db738 Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/3156117 Change-Id: I445a5d1ec10396548976bfa49bf9780772d9d321 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-07-01libbinder: Add log when FDs aren't supported in RpcSession Devin Moore
Give a hint when this error is hit and make it obvious that both sides of the RpcSession need to agree on the FD support for the connection. Test: none Bug: none Change-Id: If7a559721d5886df0b418923e879538179658d85
2024-05-22Merge "Fix libbinder_sdk build warnings" into main am: 3d0aa7899c am: e7f6fbe9fd Tomasz Wasilczyk
Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/3068485 Change-Id: I1647feb8e8ef6d79a040506b96659fa79bfd6c82 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-05-17Fix libbinder_sdk build warnings Tomasz Wasilczyk
-Wdeprecated-declarations -Wformat -Wpessimizing-move -Wsign-compare -Wsubobject-linkage -Wunused-result -Wzero-as-null-pointer-constant (turned on in ag/4503295) Bug: 285204695 Test: m libbinder_sdk Change-Id: Id4a482c511244968e450fdeecf6b9de41bc65b04
2024-04-23Merge "Add missing header for std::binary_search" into main am: 951e73500c ↵ Treehugger Robot
am: 68c7ebeaf9 Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/3051523 Change-Id: I399cb5713f2a3d18aa8ff66df6b6f104993b3f06 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-04-22Add missing header for std::binary_search Benjamin Lerman
Change-Id: I7b01c89633742413539fdbf5375cc9fb72839f89
2024-03-11Merge "libbinder: restartWrite abort out of memory" into main Frederick Mayle
2024-03-08libbinder: restartWrite abort out of memory Steven Moreland
Most code in Android and indeed in libbinder will abort in this case. Since setData is underspecified, we should probably start the process of removing all the users of it (AIDL does not use it). However, until it can be removed, it's safer to abort here than risk mObjects is referenced in an invalid state from here on. Bug: 328177618 Test: N/A Change-Id: Ia36303e1f9bdc91d37943aa106bd832166b91e28
2024-03-06Merge changes I8929d11e,Ib737e81f into main Steven Moreland
* changes: Parcel: free objects before realloc binder_parcel_fuzz: add setData
2024-03-05Merge "libbinder: add hasBinders" into main am: 1a06751702 Treehugger Robot
Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/2986295 Change-Id: I07e275dfff55380efa7aa2908937b087a151d9ae Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2024-03-05libbinder: add hasBinders sandeepbandaru
Adding logic similar to hasFileDescriptorsInRange to scan the parcel to check for presence of a Binder type object. Test: atest binderUnitTest Bug: 326032074 Change-Id: I444af2bdcf833f265a889f0124cdbafa5aa1338d
2024-03-05Parcel: free objects before realloc Steven Moreland
Otherwise this would try to free the objects which have been written over in mData. Bug: 328177618 Test: with fuzzer Change-Id: I8929d11e3c1c193a1c36e95371b5e96e24d47ece
2023-12-07Merge "Minor build-outside-android fixes" into main am: 43571dd2ef am: ↵ Tomasz Wasilczyk
dda7686ebb am: 8ff6f889dc Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/2852823 Change-Id: I3ce78f71a50097e1e0e7f177a9e8a511c9b619a6 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-12-06Merge "Minor build-outside-android fixes" into main Tomasz Wasilczyk
2023-12-06Merge "libbinder: restrict non-Android kernel binder use" into main am: ↵ Steven Moreland
96b83024e4 am: 3969bc7e77 am: e712783ddc Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/2860905 Change-Id: I6733149035dabe2e6d7fe47134df7a77fe8d97f9 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-12-05libbinder: restrict non-Android kernel binder use Steven Moreland
Bringing this up in new environments, we need to make sure they use different headers, so we never copy transactions from one environment or another by accident. Bug: 313702213 Test: build Change-Id: I0cae4a149267862092030c00d239e93155f70143
2023-12-05Minor build-outside-android fixes Tomasz Wasilczyk
- add missing includes - fix maybe_unused warning - use LOG_ALWAYS_FATAL instead of __assert (behind flag) Bug: 302723053 Test: mma in binder folder Change-Id: I4e90ff7c7f37e6736bc38abaa11744ccf7155a17
2023-11-21Merge "Binder unique_fd" into main am: 1cc6ef1a50 am: b59b0e8323 am: d66061b7f9 Treehugger Robot
Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/2813342 Change-Id: I64b6511d1bb87247f418f5de5ede4d85be58f9cf Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-11-17Binder unique_fd Tomasz Wasilczyk
Test: mma Bug: 302723053 Change-Id: I52f14cadb027b3f854946d5315dce3d23aa21b19
2023-11-05Merge changes from topic ↵ Tomasz Wasilczyk
"revert-2807644-revert-2780893-XRITMVSTFB-ZYEEKMIRIQ" into main am: dc0f937ddf am: d6ca48dcab am: 124fd63f89 Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/2809894 Change-Id: I4f9ae094682ebb7649dae05d04ad85ec565d2cda Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-11-04Revert^2 "Use std::unique_ptr instead of ScopeGuard" Tomasz Wasilczyk
25c1a3b8543dd1756308424dd65030f90bb7a99f Test: m Bug: 302723053 Change-Id: Id9355c10d78d0c55afb49f512b78bb0923fbc4f7
2023-10-31Merge "Binder: don't depend on libutils headers" into main am: d429f318b4 ↵ Tomasz Wasilczyk
am: 2f1ac888ec am: f224612600 Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/2802651 Change-Id: Ib4effc268401fd8c09de27f88f2c80729eebb335 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-10-21 18:53:11 +0000