From 962d249c8635b20a0af84c09085fe422369685a0 Mon Sep 17 00:00:00 2001 From: Ratchanan Srirattanamet Date: Sun, 22 Sep 2024 21:52:57 +0700 Subject: [PATCH] [gbinder] correct stability field wire format on Android 12 & 13 On Android 12, the wire format of stability field is changed to also include so-called "Binder wire format version", which starts at 1 [1]. A 32-bit-sized struct is re-interpreted into a 32-bit integer, with a layout which makes it incompatible with the old version. Interestingly, they reverted this idea in Android 14 [2], which makes the wire format of the stability field the same as Android 11 again (as far as I know). Add a new RPC protocol variant 'aidl4' to account for this difference. Use this protocol on API level 31 through 33 and use 'aidl3' from API level 34 onwards. The only difference from 'aidl3' is `finish_flatten_ binder()` function. Interestingly, there is also a 16-bit-sized struct variant of the field too [3]. However, to the best of my knowledge, this version is not used in any of the released Android versions. [1]: https://github.com/LineageOS/android_frameworks_native/commit/89ddfc5f8c1c9f5bacc6d6d5133bb910d63663a3 [2]: https://github.com/LineageOS/android_frameworks_native/commit/16a4106cb7bc18d473a428d9f19c7561a21e3f06 [3]: https://github.com/LineageOS/android_frameworks_native/commit/14e4cfae36aa878c6a9838299bc7b9aa42a16dfa --- src/gbinder_config.c | 15 +++++++++++++ src/gbinder_rpc_protocol.c | 41 ++++++++++++++++++++++++++++++++++ unit/unit_config/unit_config.c | 14 ++++++++++++ 3 files changed, 70 insertions(+) diff --git a/src/gbinder_config.c b/src/gbinder_config.c index b467ac5..e71d2d4 100644 --- a/src/gbinder_config.c +++ b/src/gbinder_config.c @@ -135,6 +135,12 @@ static const GBinderConfigPresetGroup gbinder_config_30[] = { /* API level 31 */ +static const GBinderConfigPresetEntry gbinder_config_31_protocol[] = { + { "/dev/binder", "aidl4" }, + { "/dev/vndbinder", "aidl4" }, + { NULL, NULL } +}; + static const GBinderConfigPresetEntry gbinder_config_31_servicemanager[] = { { "/dev/binder", "aidl4" }, { "/dev/vndbinder", "aidl4" }, @@ -142,6 +148,14 @@ static const GBinderConfigPresetEntry gbinder_config_31_servicemanager[] = { }; static const GBinderConfigPresetGroup gbinder_config_31[] = { + { GBINDER_CONFIG_GROUP_PROTOCOL, gbinder_config_31_protocol }, + { GBINDER_CONFIG_GROUP_SERVICEMANAGER, gbinder_config_31_servicemanager }, + { NULL, NULL } +}; + +/* API level 34 - reverts back to AIDL3 protocol */ + +static const GBinderConfigPresetGroup gbinder_config_34[] = { { GBINDER_CONFIG_GROUP_PROTOCOL, gbinder_config_30_protocol }, { GBINDER_CONFIG_GROUP_SERVICEMANAGER, gbinder_config_31_servicemanager }, { NULL, NULL } @@ -150,6 +164,7 @@ static const GBinderConfigPresetGroup gbinder_config_31[] = { /* Presets sorted by API level in descending order */ static const GBinderConfigPreset gbinder_config_presets[] = { + { 34, gbinder_config_34 }, { 31, gbinder_config_31 }, { 30, gbinder_config_30 }, { 29, gbinder_config_29 }, diff --git a/src/gbinder_rpc_protocol.c b/src/gbinder_rpc_protocol.c index a4756b1..74e7b64 100644 --- a/src/gbinder_rpc_protocol.c +++ b/src/gbinder_rpc_protocol.c @@ -37,6 +37,8 @@ #include "gbinder_log.h" #include "gbinder_local_object_p.h" +#include + #define STRICT_MODE_PENALTY_GATHER (0x40 << 16) #define BINDER_RPC_FLAGS (STRICT_MODE_PENALTY_GATHER) #define UNSET_WORK_SOURCE (-1) @@ -236,6 +238,44 @@ static const GBinderRpcProtocol gbinder_rpc_protocol_aidl3 = { .finish_flatten_binder = gbinder_rpc_protocol_aidl3_finish_flatten_binder }; +/*==========================================================================* + * AIDL protocol appeared in Android 12 (API level 31), but reverted in + * Android 14 (API level 34). + *==========================================================================*/ + +#define BINDER_WIRE_FORMAT_VERSION_AIDL4 1 +struct stability_category { + guint8 binder_wire_format_version; + guint8 reserved[2]; + guint8 stability_level; +}; +G_STATIC_ASSERT(sizeof(struct stability_category) == sizeof(guint32)); + +static +void +gbinder_rpc_protocol_aidl4_finish_flatten_binder( + void* out, + GBinderLocalObject* obj) +{ + struct stability_category cat = { + .binder_wire_format_version = BINDER_WIRE_FORMAT_VERSION_AIDL4, + .reserved = { 0, 0, }, + .stability_level = obj ? obj->stability : GBINDER_STABILITY_UNDECLARED, + }; + + memcpy(out, &cat, sizeof(cat)); +} + +static const GBinderRpcProtocol gbinder_rpc_protocol_aidl4 = { + .name = "aidl4", + .ping_tx = GBINDER_PING_TRANSACTION, + .write_ping = gbinder_rpc_protocol_aidl_write_ping, /* no payload */ + .write_rpc_header = gbinder_rpc_protocol_aidl3_write_rpc_header, + .read_rpc_header = gbinder_rpc_protocol_aidl3_read_rpc_header, + .flat_binder_object_extra = 4, + .finish_flatten_binder = gbinder_rpc_protocol_aidl4_finish_flatten_binder +}; + /*==========================================================================* * The original /dev/hwbinder protocol. *==========================================================================*/ @@ -289,6 +329,7 @@ static const GBinderRpcProtocol* gbinder_rpc_protocol_list[] = { &gbinder_rpc_protocol_aidl, &gbinder_rpc_protocol_aidl2, &gbinder_rpc_protocol_aidl3, + &gbinder_rpc_protocol_aidl4, &gbinder_rpc_protocol_hidl }; diff --git a/unit/unit_config/unit_config.c b/unit/unit_config/unit_config.c index 92fd489..9da6e8a 100644 --- a/unit/unit_config/unit_config.c +++ b/unit/unit_config/unit_config.c @@ -531,6 +531,20 @@ static const TestPresetsData test_presets_data [] = { "[General]\n" "ApiLevel = 31\n" "[Protocol]\n" + "/dev/binder = aidl4\n" + "/dev/vndbinder = aidl4\n" + "[ServiceManager]\n" + "/dev/binder = aidl4\n" + "/dev/vndbinder = aidl4\n" + },{ + "34", + + "[General]\n" + "ApiLevel = 34", + + "[General]\n" + "ApiLevel = 34\n" + "[Protocol]\n" "/dev/binder = aidl3\n" "/dev/vndbinder = aidl3\n" "[ServiceManager]\n"