[gbinder] correct stability field wire format on Android 12 & 13

On Android 12, the wire format of stability field is changed to also include so-called "Binder wire format version", which starts at 1 [1]. A 32-bit-sized struct is re-interpreted into a 32-bit integer, with a layout which makes it incompatible with the old version. Interestingly, they reverted this idea in Android 14 [2], which makes the wire format of the stability field the same as Android 11 again (as far as I know). Add a new RPC protocol variant 'aidl4' to account for this difference. Use this protocol on API level 31 through 33 and use 'aidl3' from API level 34 onwards. The only difference from 'aidl3' is `finish_flatten_ binder()` function. Interestingly, there is also a 16-bit-sized struct variant of the field too [3]. However, to the best of my knowledge, this version is not used in any of the released Android versions. [1]: LineageOS/android_frameworks_native@89ddfc5 [2]: LineageOS/android_frameworks_native@16a4106 [3]: LineageOS/android_frameworks_native@14e4cfa
mer-hybris · Sep 24, 2024 · 962d249 · 962d249
1 parent 20774ae
commit 962d249
Show file tree

Hide file tree

Showing 3 changed files with 70 additions and 0 deletions.
diff --git a/src/gbinder_config.c b/src/gbinder_config.c
@@ -135,13 +135,27 @@ static const GBinderConfigPresetGroup gbinder_config_30[] = {
 
 /* API level 31 */
 
+static const GBinderConfigPresetEntry gbinder_config_31_protocol[] = {
+    { "/dev/binder", "aidl4" },
+    { "/dev/vndbinder", "aidl4" },
+    { NULL, NULL }
+};
+
 static const GBinderConfigPresetEntry gbinder_config_31_servicemanager[] = {
     { "/dev/binder", "aidl4" },
     { "/dev/vndbinder", "aidl4" },
     { NULL, NULL }
 };
 
 static const GBinderConfigPresetGroup gbinder_config_31[] = {
+    { GBINDER_CONFIG_GROUP_PROTOCOL, gbinder_config_31_protocol },
+    { GBINDER_CONFIG_GROUP_SERVICEMANAGER, gbinder_config_31_servicemanager },
+    { NULL, NULL }
+};
+
+/* API level 34 - reverts back to AIDL3 protocol */
+
+static const GBinderConfigPresetGroup gbinder_config_34[] = {
     { GBINDER_CONFIG_GROUP_PROTOCOL, gbinder_config_30_protocol },
     { GBINDER_CONFIG_GROUP_SERVICEMANAGER, gbinder_config_31_servicemanager },
     { NULL, NULL }
@@ -150,6 +164,7 @@ static const GBinderConfigPresetGroup gbinder_config_31[] = {
 /* Presets sorted by API level in descending order */
 
 static const GBinderConfigPreset gbinder_config_presets[] = {
+    { 34, gbinder_config_34 },
     { 31, gbinder_config_31 },
     { 30, gbinder_config_30 },
     { 29, gbinder_config_29 },

diff --git a/src/gbinder_rpc_protocol.c b/src/gbinder_rpc_protocol.c
@@ -37,6 +37,8 @@
 #include "gbinder_log.h"
 #include "gbinder_local_object_p.h"
 
+#include <string.h>
+
 #define STRICT_MODE_PENALTY_GATHER (0x40 << 16)
 #define BINDER_RPC_FLAGS (STRICT_MODE_PENALTY_GATHER)
 #define UNSET_WORK_SOURCE (-1)
@@ -236,6 +238,44 @@ static const GBinderRpcProtocol gbinder_rpc_protocol_aidl3 = {
     .finish_flatten_binder = gbinder_rpc_protocol_aidl3_finish_flatten_binder
 };
 
+/*==========================================================================*
+ * AIDL protocol appeared in Android 12 (API level 31), but reverted in
+ * Android 14 (API level 34).
+ *==========================================================================*/
+
+#define BINDER_WIRE_FORMAT_VERSION_AIDL4 1
+struct stability_category {
+    guint8 binder_wire_format_version;
+    guint8 reserved[2];
+    guint8 stability_level;
+};
+G_STATIC_ASSERT(sizeof(struct stability_category) == sizeof(guint32));
+
+static
+void
+gbinder_rpc_protocol_aidl4_finish_flatten_binder(
+    void* out,
+    GBinderLocalObject* obj)
+{
+    struct stability_category cat = {
+        .binder_wire_format_version = BINDER_WIRE_FORMAT_VERSION_AIDL4,
+        .reserved = { 0, 0, },
+        .stability_level = obj ? obj->stability : GBINDER_STABILITY_UNDECLARED,
+    };
+
+    memcpy(out, &cat, sizeof(cat));
+}
+
+static const GBinderRpcProtocol gbinder_rpc_protocol_aidl4 = {
+    .name = "aidl4",
+    .ping_tx = GBINDER_PING_TRANSACTION,
+    .write_ping = gbinder_rpc_protocol_aidl_write_ping, /* no payload */
+    .write_rpc_header = gbinder_rpc_protocol_aidl3_write_rpc_header,
+    .read_rpc_header = gbinder_rpc_protocol_aidl3_read_rpc_header,
+    .flat_binder_object_extra = 4,
+    .finish_flatten_binder = gbinder_rpc_protocol_aidl4_finish_flatten_binder
+};
+
 /*==========================================================================*
  * The original /dev/hwbinder protocol.
  *==========================================================================*/
@@ -289,6 +329,7 @@ static const GBinderRpcProtocol* gbinder_rpc_protocol_list[] = {
     &gbinder_rpc_protocol_aidl,
     &gbinder_rpc_protocol_aidl2,
     &gbinder_rpc_protocol_aidl3,
+    &gbinder_rpc_protocol_aidl4,
     &gbinder_rpc_protocol_hidl
 };
 

diff --git a/unit/unit_config/unit_config.c b/unit/unit_config/unit_config.c
@@ -531,6 +531,20 @@ static const TestPresetsData test_presets_data [] = {
         "[General]\n"
         "ApiLevel = 31\n"
         "[Protocol]\n"
+        "/dev/binder = aidl4\n"
+        "/dev/vndbinder = aidl4\n"
+        "[ServiceManager]\n"
+        "/dev/binder = aidl4\n"
+        "/dev/vndbinder = aidl4\n"
+    },{
+        "34",
+
+        "[General]\n"
+        "ApiLevel = 34",
+
+        "[General]\n"
+        "ApiLevel = 34\n"
+        "[Protocol]\n"
         "/dev/binder = aidl3\n"
         "/dev/vndbinder = aidl3\n"
         "[ServiceManager]\n"