Enable isolated process to use graphics allocator
Add an LLNDK API for isolated process usage.
Bug: 268016157
Bug: 269675258
Test: Manual - Service can be added with allowIsolated set to true.
Change-Id: I9d3c39e313978ccd6b01574b5533530d4f959904
Merged-In: I9d3c39e313978ccd6b01574b5533530d4f959904
diff --git a/libs/binder/ndk/include_platform/android/binder_manager.h b/libs/binder/ndk/include_platform/android/binder_manager.h
index 86d5ed2..43159d8 100644
--- a/libs/binder/ndk/include_platform/android/binder_manager.h
+++ b/libs/binder/ndk/include_platform/android/binder_manager.h
@@ -22,6 +22,16 @@
__BEGIN_DECLS
+enum AServiceManager_AddServiceFlag : uint32_t {
+ /**
+ * This allows processes with AID_ISOLATED to get the binder of the service added.
+ *
+ * Services with methods that perform file IO, web socket creation or ways to egress data must
+ * not be added with this flag for privacy concerns.
+ */
+ ADD_SERVICE_ALLOW_ISOLATED = 1,
+};
+
/**
* This registers the service with the default service manager under this instance name. This does
* not take ownership of binder.
@@ -46,12 +56,13 @@
*
* \param binder object to register globally with the service manager.
* \param instance identifier of the service. This will be used to lookup the service.
- * \param allowIsolated allows if this service can be isolated.
+ * \param flag an AServiceManager_AddServiceFlag enum to denote how the service should be added.
*
* \return EX_NONE on success.
*/
-__attribute__((warn_unused_result)) binder_exception_t AServiceManager_addServiceWithAllowIsolated(
- AIBinder* binder, const char* instance, bool allowIsolated) __INTRODUCED_IN(34);
+__attribute__((warn_unused_result)) binder_exception_t AServiceManager_addServiceWithFlag(
+ AIBinder* binder, const char* instance, const AServiceManager_AddServiceFlag flag)
+ __INTRODUCED_IN(34);
/**
* Gets a binder object with this specific instance name. Will return nullptr immediately if the
diff --git a/libs/binder/ndk/libbinder_ndk.map.txt b/libs/binder/ndk/libbinder_ndk.map.txt
index 5f2f617..1078fb2 100644
--- a/libs/binder/ndk/libbinder_ndk.map.txt
+++ b/libs/binder/ndk/libbinder_ndk.map.txt
@@ -158,12 +158,12 @@
AServiceManager_getUpdatableApexName; # systemapi
AServiceManager_registerForServiceNotifications; # systemapi llndk
AServiceManager_NotificationRegistration_delete; # systemapi llndk
+ AServiceManager_addServiceWithFlag; # systemapi llndk
};
LIBBINDER_NDK_PLATFORM {
global:
AParcel_getAllowFds;
- AServiceManager_addServiceWithAllowIsolated;
extern "C++" {
AIBinder_fromPlatformBinder*;
AIBinder_toPlatformBinder*;
diff --git a/libs/binder/ndk/service_manager.cpp b/libs/binder/ndk/service_manager.cpp
index 2763ddb..84da459 100644
--- a/libs/binder/ndk/service_manager.cpp
+++ b/libs/binder/ndk/service_manager.cpp
@@ -42,14 +42,15 @@
return PruneException(exception);
}
-binder_exception_t AServiceManager_addServiceWithAllowIsolated(AIBinder* binder,
- const char* instance,
- bool allowIsolated) {
+binder_exception_t AServiceManager_addServiceWithFlag(AIBinder* binder, const char* instance,
+ const AServiceManager_AddServiceFlag flag) {
if (binder == nullptr || instance == nullptr) {
return EX_ILLEGAL_ARGUMENT;
}
sp<IServiceManager> sm = defaultServiceManager();
+
+ bool allowIsolated = flag & AServiceManager_AddServiceFlag::ADD_SERVICE_ALLOW_ISOLATED;
status_t exception = sm->addService(String16(instance), binder->getBinder(), allowIsolated);
return PruneException(exception);
}