1/*
2 * Copyright (C) 2022 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
1617use binder::unstable_api::new_spibinder;
18use binder::{FromIBinder, SpIBinder, StatusCode, Strong};
19use foreign_types::{foreign_type, ForeignType, ForeignTypeRef};
20use std::os::fd::RawFd;
21use std::os::raw::{c_int, c_void};
2223pub use binder_rpc_unstable_bindgen::ARpcSession_FileDescriptorTransportMode as FileDescriptorTransportMode;
2425foreign_type! {
26type CType = binder_rpc_unstable_bindgen::ARpcSession;
27fn drop = binder_rpc_unstable_bindgen::ARpcSession_free;
2829/// A type that represents a foreign instance of RpcSession.
30#[derive(Debug)]
31pub struct RpcSession;
32/// A borrowed RpcSession.
33pub struct RpcSessionRef;
34}
3536/// SAFETY: The opaque handle can be cloned freely.
37unsafe impl Send for RpcSession {}
38/// SAFETY: The underlying C++ RpcSession class is thread-safe.
39unsafe impl Sync for RpcSession {}
4041impl RpcSession {
42/// Allocates a new RpcSession object.
43pub fn new() -> RpcSession {
44// SAFETY: Takes ownership of the returned handle, which has correct refcount.
45unsafe { RpcSession::from_ptr(binder_rpc_unstable_bindgen::ARpcSession_new()) }
46 }
47}
4849impl Default for RpcSession {
50fn default() -> Self {
51Self::new()
52 }
53}
5455impl RpcSessionRef {
56/// Sets the file descriptor transport mode for this session.
57pub fn set_file_descriptor_transport_mode(&self, mode: FileDescriptorTransportMode) {
58// SAFETY: Only passes the 'self' pointer as an opaque handle.
59unsafe {
60 binder_rpc_unstable_bindgen::ARpcSession_setFileDescriptorTransportMode(
61self.as_ptr(),
62 mode,
63 )
64 };
65 }
6667/// Sets the maximum number of incoming threads.
68pub fn set_max_incoming_threads(&self, threads: usize) {
69// SAFETY: Only passes the 'self' pointer as an opaque handle.
70unsafe {
71 binder_rpc_unstable_bindgen::ARpcSession_setMaxIncomingThreads(self.as_ptr(), threads)
72 };
73 }
7475/// Sets the maximum number of outgoing connections.
76pub fn set_max_outgoing_connections(&self, connections: usize) {
77// SAFETY: Only passes the 'self' pointer as an opaque handle.
78unsafe {
79 binder_rpc_unstable_bindgen::ARpcSession_setMaxOutgoingConnections(
80self.as_ptr(),
81 connections,
82 )
83 };
84 }
8586/// Connects to an RPC Binder server over vsock for a particular interface.
87#[cfg(not(target_os = "trusty"))]
88pub fn setup_vsock_client<T: FromIBinder + ?Sized>(
89&self,
90 cid: u32,
91 port: u32,
92 ) -> Result<Strong<T>, StatusCode> {
93// SAFETY: AIBinder returned by ARpcSession_setupVsockClient has correct
94 // reference count, and the ownership can safely be taken by new_spibinder.
95let service = unsafe {
96 new_spibinder(binder_rpc_unstable_bindgen::ARpcSession_setupVsockClient(
97self.as_ptr(),
98 cid,
99 port,
100 ))
101 };
102Self::get_interface(service)
103 }
104105/// Connects to an RPC Binder server over a names Unix Domain Socket for
106 /// a particular interface.
107#[cfg(not(target_os = "trusty"))]
108pub fn setup_unix_domain_client<T: FromIBinder + ?Sized>(
109&self,
110 socket_name: &str,
111 ) -> Result<Strong<T>, StatusCode> {
112let socket_name = match std::ffi::CString::new(socket_name) {
113Ok(s) => s,
114Err(e) => {
115log::error!("Cannot convert {} to CString. Error: {:?}", socket_name, e);
116return Err(StatusCode::NAME_NOT_FOUND);
117 }
118 };
119120// SAFETY: AIBinder returned by ARpcSession_setupUnixDomainClient has correct
121 // reference count, and the ownership can safely be taken by new_spibinder.
122let service = unsafe {
123 new_spibinder(binder_rpc_unstable_bindgen::ARpcSession_setupUnixDomainClient(
124self.as_ptr(),
125 socket_name.as_ptr(),
126 ))
127 };
128Self::get_interface(service)
129 }
130131/// Connects to an RPC Binder server over a bootstrap Unix Domain Socket
132 /// for a particular interface.
133#[cfg(not(target_os = "trusty"))]
134pub fn setup_unix_domain_bootstrap_client<T: FromIBinder + ?Sized>(
135&self,
136 bootstrap_fd: std::os::fd::BorrowedFd,
137 ) -> Result<Strong<T>, StatusCode> {
138use std::os::fd::AsRawFd;
139// SAFETY: ARpcSession_setupUnixDomainBootstrapClient does not take
140 // ownership of bootstrap_fd. The returned AIBinder has correct
141 // reference count, and the ownership can safely be taken by new_spibinder.
142let service = unsafe {
143 new_spibinder(binder_rpc_unstable_bindgen::ARpcSession_setupUnixDomainBootstrapClient(
144self.as_ptr(),
145 bootstrap_fd.as_raw_fd(),
146 ))
147 };
148Self::get_interface(service)
149 }
150151/// Connects to an RPC Binder server over inet socket at the given address and port.
152#[cfg(not(target_os = "trusty"))]
153pub fn setup_inet_client<T: FromIBinder + ?Sized>(
154&self,
155 address: &str,
156 port: u32,
157 ) -> Result<Strong<T>, StatusCode> {
158let address = match std::ffi::CString::new(address) {
159Ok(s) => s,
160Err(e) => {
161log::error!("Cannot convert {} to CString. Error: {:?}", address, e);
162return Err(StatusCode::BAD_VALUE);
163 }
164 };
165166// SAFETY: AIBinder returned by ARpcSession_setupInet has correct reference
167 // count, and the ownership can safely be taken by new_spibinder.
168let service = unsafe {
169 new_spibinder(binder_rpc_unstable_bindgen::ARpcSession_setupInet(
170self.as_ptr(),
171 address.as_ptr(),
172 port,
173 ))
174 };
175Self::get_interface(service)
176 }
177178#[cfg(target_os = "trusty")]
179pub fn setup_trusty_client<T: FromIBinder + ?Sized>(
180&self,
181 port: &std::ffi::CStr,
182 ) -> Result<Strong<T>, StatusCode> {
183self.setup_preconnected_client(|| {
184let h = tipc::Handle::connect(port)
185 .expect("Failed to connect to service port {SERVICE_PORT}");
186187// Do not close the handle at the end of the scope
188let fd = h.as_raw_fd();
189 core::mem::forget(h);
190Some(fd)
191 })
192 }
193194/// Connects to an RPC Binder server, using the given callback to get (and
195 /// take ownership of) file descriptors already connected to it.
196pub fn setup_preconnected_client<T: FromIBinder + ?Sized>(
197&self,
198mut request_fd: impl FnMut() -> Option<RawFd>,
199 ) -> Result<Strong<T>, StatusCode> {
200// Double reference the factory because trait objects aren't FFI safe.
201let mut request_fd_ref: RequestFd = &mut request_fd;
202let param = &mut request_fd_ref as *mut RequestFd as *mut c_void;
203204// SAFETY: AIBinder returned by RpcPreconnectedClient has correct reference count, and the
205 // ownership can be safely taken by new_spibinder. RpcPreconnectedClient does not take ownership
206 // of param, only passing it to request_fd_wrapper.
207let service = unsafe {
208 new_spibinder(binder_rpc_unstable_bindgen::ARpcSession_setupPreconnectedClient(
209self.as_ptr(),
210Some(request_fd_wrapper),
211 param,
212 ))
213 };
214Self::get_interface(service)
215 }
216217fn get_interface<T: FromIBinder + ?Sized>(
218 service: Option<SpIBinder>,
219 ) -> Result<Strong<T>, StatusCode> {
220if let Some(service) = service {
221 FromIBinder::try_from(service)
222 } else {
223Err(StatusCode::NAME_NOT_FOUND)
224 }
225 }
226}
227228type RequestFd<'a> = &'a mut dyn FnMut() -> Option<RawFd>;
229230unsafe extern "C" fn request_fd_wrapper(param: *mut c_void) -> c_int {
231let request_fd_ptr = param as *mut RequestFd;
232// SAFETY: This is only ever called by RpcPreconnectedClient, within the lifetime of the
233 // BinderFdFactory reference, with param being a properly aligned non-null pointer to an
234 // initialized instance.
235let request_fd = unsafe { request_fd_ptr.as_mut().unwrap() };
236 request_fd().unwrap_or(-1)
237}