Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_libhidl / c7477b7c04de69038178b832fa354536fdb9f8e9^2..c7477b7c04de69038178b832fa354536fdb9f8e9 / .
commitc7477b7c04de69038178b832fa354536fdb9f8e9[log] [tgz]
authorSteven Moreland <smoreland@google.com>Tue Apr 07 22:50:53 2020 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Tue Apr 07 22:50:53 2020 +0000
treed22f57e26075a0131332fdbca8e767563d994859
parenta48b96a36adf048696342a4f78d7d3fb6c721379 [diff]
parent179ea9955bcabb83923fd2db5847a4c2e77ca2f5 [diff]
Merge "Harder failures for lazy service clients." am: 07b8e06531 am: 179ea9955b

Change-Id: Ica83f7c883f5c91db0a83fcedec223571f91c2f5

diff --git a/Android.bp b/Android.bp
index ed29f5b..8e5c345 100644
--- a/Android.bp
+++ b/Android.bp

@@ -112,6 +112,8 @@
 cc_library {
     name: "libhidltransport",
     vendor_available: true,
+
+    visibility: [":__subpackages__"],
 }
 
 cc_defaults {

diff --git a/transport/HidlBinderSupport.cpp b/transport/HidlBinderSupport.cpp
index 89b3a24..b48b460 100644
--- a/transport/HidlBinderSupport.cpp
+++ b/transport/HidlBinderSupport.cpp

@@ -19,6 +19,9 @@
 #include <hidl/HidlBinderSupport.h>
 
 #include <android/hidl/base/1.0/BpHwBase.h>
+#include <android/hidl/manager/1.0/BpHwServiceManager.h>
+#include <android/hidl/manager/1.1/BpHwServiceManager.h>
+#include <android/hidl/manager/1.2/BpHwServiceManager.h>
 #include <hwbinder/IPCThreadState.h>
 #include "InternalStatic.h"  // TODO(b/69122224): remove this include, for getOrCreateCachedBinder
 
@@ -206,16 +209,34 @@
     return status;
 }
 
+// assume: iface != nullptr, iface isRemote
+// This function is to sandbox a cast through a BpHw* class into a function, so
+// that we can remove cfi sanitization from it. Do not add additional
+// functionality here.
+__attribute__((no_sanitize("cfi"))) static inline BpHwRefBase* forceGetRefBase(
+        ::android::hidl::base::V1_0::IBase* ifacePtr) {
+    using ::android::hidl::base::V1_0::BpHwBase;
+
+    // canary only
+    static_assert(sizeof(BpHwBase) == sizeof(hidl::manager::V1_0::BpHwServiceManager));
+    static_assert(sizeof(BpHwBase) == sizeof(hidl::manager::V1_1::BpHwServiceManager));
+    static_assert(sizeof(BpHwBase) == sizeof(hidl::manager::V1_2::BpHwServiceManager));
+
+    // All BpHw* are generated the same. This may be BpHwServiceManager,
+    // BpHwFoo, or any other class. For ABI compatibility, we can't modify the
+    // class hierarchy of these, so we have no way to get BpHwRefBase from a
+    // remote ifacePtr.
+    BpHwBase* bpBase = static_cast<BpHwBase*>(ifacePtr);
+    return static_cast<BpHwRefBase*>(bpBase);
+}
+
 sp<IBinder> getOrCreateCachedBinder(::android::hidl::base::V1_0::IBase* ifacePtr) {
     if (ifacePtr == nullptr) {
         return nullptr;
     }
 
     if (ifacePtr->isRemote()) {
-        using ::android::hidl::base::V1_0::BpHwBase;
-
-        BpHwBase* bpBase = static_cast<BpHwBase*>(ifacePtr);
-        BpHwRefBase* bpRefBase = static_cast<BpHwRefBase*>(bpBase);
+        BpHwRefBase* bpRefBase = forceGetRefBase(ifacePtr);
         return sp<IBinder>(bpRefBase->remote());
     }
 

diff --git a/transport/base/1.0/vts/functional/Android.bp b/transport/base/1.0/vts/functional/Android.bp
index 3f1c239..1c6e7ad 100644
--- a/transport/base/1.0/vts/functional/Android.bp
+++ b/transport/base/1.0/vts/functional/Android.bp

@@ -34,6 +34,7 @@
         "libinit_test_utils",
     ],
     test_suites: [
+        "general-tests",
         "vts",
     ],
     require_root: true,

diff --git a/transport/include/hidl/HidlBinderSupport.h b/transport/include/hidl/HidlBinderSupport.h
index 5dec5cd..f0981ff 100644
--- a/transport/include/hidl/HidlBinderSupport.h
+++ b/transport/include/hidl/HidlBinderSupport.h

@@ -204,13 +204,19 @@
     if (binderIface.get() == nullptr) {
         return nullptr;
     }
+
     if (binderIface->localBinder() == nullptr) {
         return new ProxyType(binderIface);
     }
+
+    // Ensure that IBinder is BnHwBase (not JHwBinder, for instance)
+    if (!binderIface->checkSubclass(IBase::descriptor)) {
+        return new ProxyType(binderIface);
+    }
     sp<IBase> base = static_cast<BnHwBase*>(binderIface.get())->getImpl();
+
     if (details::canCastInterface(base.get(), IType::descriptor)) {
-        StubType* stub = static_cast<StubType*>(binderIface.get());
-        return stub->getImpl();
+        return static_cast<IType*>(base.get());
     } else {
         return nullptr;
     }

diff --git a/transport/include/hidl/HidlLazyUtils.h b/transport/include/hidl/HidlLazyUtils.h
index 257de98..6a62c97 100644
--- a/transport/include/hidl/HidlLazyUtils.h
+++ b/transport/include/hidl/HidlLazyUtils.h

@@ -29,13 +29,13 @@
 /** Exits when all HALs registered through this object have 0 clients */
 class LazyServiceRegistrar {
    public:
-     LazyServiceRegistrar();
      static LazyServiceRegistrar& getInstance();
      status_t registerService(const sp<::android::hidl::base::V1_0::IBase>& service,
                               const std::string& name = "default");
 
    private:
      std::shared_ptr<details::LazyServiceRegistrarImpl> mImpl;
+     LazyServiceRegistrar();
 };
 
 }  // namespace hardware