summaryrefslogtreecommitdiff
path: root/core/java/android/os/Binder.java
Commit message (Collapse)AuthorAgeFilesLines
* Fix NPE in Binder#getTransactionNameMarcin Oczeretko2022-01-181-5/+12
| | | | | | | Bug: 214053959 Test: manual Change-Id: Ie77080d20f638e5e6e0a6ecb255d45bdb12f3c4d
* Merge "Binder: recycle Parcel in finally block" am: 8581d27415 am: ↵Steven Moreland2021-12-161-3/+4
|\ | | | | | | | | | | | | | | 0c1dac2572 am: b4f0710e19 am: 2cc9570c3b Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1926857 Change-Id: Ibeb6d54f6be510c6800c57c28a32398f084be89a
| * Binder: recycle Parcel in finally blockSteven Moreland2021-12-161-3/+4
| | | | | | | | | | | | | | | | If other types of exceptions happen here, we should still recycle the Parcel. Bug: 207778694 Test: boot Change-Id: I3375b87a674c45f8bc66848dfaf899497f5acaa8
* | Add cheap aidl tracing suitable for always-on-tracing (1/3)Jorim Jaggi2021-12-101-15/+88
|/ | | | | | | | | | | | | | | | | | | | | | Instead of having only one switch to enable all binder tracing, we seperate between stack tracking and tracing. Stack tracking still works as before. However, the more lightweight option, tracing using android.os.Trace, is toggleable separately and will work on the receiver side without dumping the entire stack trace. We also make the tracing more efficient by caching getTransactionName and concatting the class name. Also, enable this selectively for SysUI+Launcher, which is currently the focus of always-on-tracing effort to figure out what kind of binder calls these processes are calling which seems to contribute a huge amount of jank (long binder calls are in >= 50% of janky traces). Test: external/perfetto/tools/record_android_trace gfx view freq sched wm am aidl Test: atest aidl_unittests Bug: 202278427 Change-Id: I4d803d073cc4b69d07fa433bfef7e1c7f45132b7
* Binder: correction of javadoc formattingDima2021-11-031-85/+106
| | | | | | Fixed javadoc formatting, namely references to methods that were typoed and displayed incorrectly in Android Studio. Change-Id: I190eab35bc7ec6e162cb6d614b2c74523ff86c1c
* Rename isHandlingTransaction to isDirectlyHandlingTransactionAlice Ryhl2021-10-191-2/+2
| | | | | | | | | | The change in aosp/1806594 is adding a method to the binder ndk called isHandlingTransaction, but that method behaves differently from this method when HIDL gets involved, as getCurrentServingCall returns HWBINDER in that case. Test: m Change-Id: Ie2812943d1e98e99a1c361475965a2c75214724a
* Merge "Binder: allow stability downgrade" am: 7236cf6dca am: 0852de16cb am: ↵Steven Moreland2021-03-261-0/+10
|\ | | | | | | | | | | | | | | e86ea5d7d4 Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1651544 Change-Id: Icb13c0c97fb72d56c0212fe2ec4100653c454bd4
| * Binder: allow stability downgradeSteven Moreland2021-03-241-0/+10
| | | | | | | | | | | | | | | | | | | | For instance, use a VINTF interface inside the system image without adding it to the VINTF manifest (e.g. for testing, in this case, the interface can't be used between system and vendor). Bug: 183154648 Test: N/A Change-Id: I9ceb5d96e6a245b9509d9c60828aa3736056909d
* | Remove redundant method Binder.getNativeTid()Dmitri Plotnikov2021-01-261-8/+0
| | | | | | | | | | | | Bug: 177257934 Test: atest BinderCallsStatsTest Change-Id: I797a580e7bf6bc3c7174d061c1cf86bccc5b1f3a
* | Make restoreCallingIdentity() @CriticalNative.Jeff Sharkey2020-10-191-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | The validation check that might throw an exception is almost a decade old at this point, and isn't likely to be hit. In addition, the recently added "AndroidFrameworkBinderIdentity" Error Prone checker ensures that clients working with these identities are well-behaved. Removing this exception code is what enables @CriticalNative. Bug: 171078335 Test: none Change-Id: Ib4cc9becf325979a97a9b0e58ac2277f3b226aaa
* | Tighten up Binder.clearCallingIdentity() usage.Jeff Sharkey2020-10-071-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a third CL in a chain that adjusts existing malformed code to follow AndroidFrameworkBinderIdentity best-practices. Specifically, if a thread clears an identity they need to restore it to avoid obscure security vulnerabilities. In addition, the relevant "try" block must start immediately after the identity is cleared to ensure that its restored if/when any exceptions are thrown. Bug: 155703208 Test: make Exempt-From-Owner-Approval: trivial refactoring Change-Id: I74cb958b68d55a647547aae21baff6ddc364859b
* | Tighten up Binder.clearCallingIdentity() usage.Jeff Sharkey2020-10-061-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The recently added AndroidFrameworkBinderIdentity Error Prone checker examines code to ensure that any cleared identities are restored to avoid obscure security vulnerabilities. This change is a purely mechanical refactoring that adds the "final" keyword to the cleared identity to ensure that it's not accidentally modified before eventually being cleared. Here's the exact command used to generate this CL: $ find . -name "*.java" -exec sed -Ei \ 's/ (long \w+ = .+?clearCallingIdentity)/ final \1/' \ {} \; Bug: 155703208 Test: make Exempt-From-Owner-Approval: trivial refactoring Change-Id: I832c9d70c3dfcd8d669cf71939d97837becc973a
* | Merge "android.os.Binder: remove unused getFinalizer" am: c59758ab41 am: ↵Treehugger Robot2020-09-081-1/+0
|\| | | | | | | | | | | | | | | e98c205ba8 am: 4d279afec1 am: 402ef20f46 am: f5d56737ea Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1418956 Change-Id: I4cf1ecd318ea03823763d047a08f57539607f7fa
| * Merge "android.os.Binder: remove unused getFinalizer" am: c59758ab41Treehugger Robot2020-09-081-1/+0
| |\ | | | | | | | | | | | | | | | Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1418956 Change-Id: Ia8f7da7e819eaa5080412efe86b7c9d96bb7b971
| | * android.os.Binder: remove unused getFinalizerSteven Moreland2020-09-041-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | This native method is unimplemented, and it is never called. Bug: N/A Test: N/A Change-Id: I6da9da9dc47051bd7d1591a8e88272739e06cf4c
| * | Merge Android R (rvc-dev-plus-aosp-without-vendor@6692709)Xin Li2020-08-311-15/+120
| |\ \ | | |/ | |/| | | | | | | | | | Bug: 166295507 Merged-In: I3d92a6de21a938f6b352ec26dc23420c0fe02b27 Change-Id: Ifdb80563ef042738778ebb8a7581a97c4e3d96e2
| * | Allow module libs to use VINTF AIDL.Steven Moreland2020-07-241-6/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently a native APEX can get and use a VINTF AIDL. However, this can't be passed over JNI to be used by Java code. This does not open VINTF AIDLs to any type of apps, where AIDL as an API is completely disallowed. Also, no Java ServiceManager APIs are available, and they couldn't be until b/139325468 is fixed. Bug: 161501127 Test: atest binderVendorDoubleLoadTest Change-Id: I1ab977248b1c39a7d08e0ca34389a7ba168c05b0 Merged-In: I1ab977248b1c39a7d08e0ca34389a7ba168c05b0
* | | Merge "Allow module libs to use VINTF AIDL." into rvc-dev-plus-aosp am: ↵Steven Moreland2020-07-241-6/+8
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | b9440149be am: 88cab6ba53 am: 178e6ff50a Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/12219679 Change-Id: I4a454f847575eddd84439614a49be4f2ee9e3e1e
| * | | Allow module libs to use VINTF AIDL.Steven Moreland2020-07-241-6/+8
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently a native APEX can get and use a VINTF AIDL. However, this can't be passed over JNI to be used by Java code. This does not open VINTF AIDLs to any type of apps, where AIDL as an API is completely disallowed. Also, no Java ServiceManager APIs are available, and they couldn't be until b/139325468 is fixed. Bug: 161501127 Test: atest binderVendorDoubleLoadTest Change-Id: I1ab977248b1c39a7d08e0ca34389a7ba168c05b0
| * | Merge "Migrate clients from Binder.waitForService to ↵TreeHugger Robot2020-04-241-9/+0
| |\ \ | | | | | | | | | | | | | | | | | | | | ServiceManager.waitForService" into rvc-dev am: 8f0b08f178 Change-Id: I2f7f8018de645e17c2a937ce16cdcce5898ea011
| * \ \ Merge "Introduce thread-local allowBlocking flag" into rvc-dev am: 2a594c9e64Automerger Merge Worker2020-03-091-0/+21
| |\ \ \ | | | | | | | | | | | | | | | Change-Id: Iccd150c416f5d04b4913fb23df548f0671b49f97
* | | | | Add @CriticalNative to getNativeTid to improve performanceDmitri Plotnikov2020-07-091-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bug: 158232997 Test: atest FrameworksCoreTests:com.android.internal.os.BinderCallsStatsTestBug Change-Id: I5a5022921ba54354db59083f015d193d929ae0d5
* | | | | Collect native TIDs for binder threadsDmitri Plotnikov2020-07-081-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This information will be used for attribution of CPU usage to work source UIDs. Bug: 158232997 Test: atest FrameworksCoreTests:com.android.internal.os.BinderCallsStatsTest Change-Id: Ic9fcc1d62515dd11a1fbade80264412615014919
* | | | | Add support to detect and log excessive incoming binder callsJing Ji2020-06-251-0/+40
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make estimation on incoming binder calls. If there are too many binder transactions from certain caller with certain transaction code, log it. The threshold is configurable via device_config. The estimation here is based on the heavy hitter detection on steams. It's less accurate than the actual stats, but also less usage with the memory. Currently there are two sets of watcher configurations: the default one with a higher threshold and an "auto" one with a lower threshold. The former one overrides the later one; while the later one will be activated to run for a while in case there are consecutive ANRs, but it's throttled to run only up to once an hour. For now both of them are turned ON by default. Example of the output: 06-19 22:31:49.695 1000 1523 1609 W ActivityManager: Excessive incoming binder calls(>33.3%,2000,1744ms): [1041,com.android.server.appop.AppOpsService,checkAudioOperation,8,34.2%] 06-19 22:32:32.744 1000 1523 1609 W ActivityManager: Excessive incoming binder calls(>33.3%,2000,4938ms): [10160,com.android.server.am.ActivityManagerService,refContentProvider,25,50.7%] Bug: 155522521 Test: Pick up a service & code and loop "adb shell service call ..." Test: atest HeavyHitterSketchTest Test: atest FrameworksCoreTests:BinderHeavyHitterTest Change-Id: I4cdcce5d02797ef71190172e40a09b543478760f
* | | | | Merge "Migrate clients from Binder.waitForService to ↵TreeHugger Robot2020-04-241-9/+0
|\ \ \ \ \ | | |_|/ / | |/| | | | | | | | | | | | | | | | | | ServiceManager.waitForService" into rvc-dev am: 8f0b08f178 am: 7bb412a077 Change-Id: Ibed2c8ab7499e7a8bda2286397f61bb259e2acf4
| * | | | Migrate clients from Binder.waitForService to ServiceManager.waitForServiceRobin Lee2020-04-231-9/+0
| | |/ / | |/| | | | | | | | | | | | | | | | | | Change-Id: I749203ba09b63dd4aafd6e7df9b87b3fd7955689 Test: ApexManagerTest # (and manually flash a device) Fix: 154629168
* | | | Merge "Introduce thread-local allowBlocking flag" into rvc-dev am: ↵Automerger Merge Worker2020-03-091-0/+21
|\| | | | |/ / |/| | | | | | | | | | | 2a594c9e64 am: f8353d2653 Change-Id: Id7fbdaa4a11001a58894e1999a1dd65f11072be2
| * | Introduce thread-local allowBlocking flagDmitri Plotnikov2020-03-061-0/+21
| | | | | | | | | | | | | | | | | | | | | Test: see instructions in http://ag/7911739 Fixes: 146675384 Change-Id: I478f2a8c4e4d8d563e5e78f6e103a62fe120191f
* | | Merge "Clarify getCallingPid for oneway transactions." am: 26bbd81bd6 am: ↵Automerger Merge Worker2020-03-061-0/+2
|\ \ \ | |/ / |/| / | |/ | | | | 79e3174053 Change-Id: I53ae60643905018ecbae910d30b4adb1224fdf03
| * Clarify getCallingPid for oneway transactions.Steven Moreland2020-03-051-0/+2
| | | | | | | | | | | | | | | | Seems this frequent gotcha is not documented here. Bug: N/A Test: N/A Change-Id: Ia186cd8b9945b75b8342b0750713d8667cfef064
* | Merge "Add getExtension to android.os.IBinder interface" am: 935dfd2ce9 am: ↵Automerger Merge Worker2020-02-041-0/+12
|\| | | | | | | | | | | 84642d37d5 am: fcc3a08dd4 Change-Id: I3e36d8ab9a629377529afbb1c0276c79d3414a00
| * Add getExtension to android.os.IBinder interfaceYo Chiang2020-02-031-0/+12
| | | | | | | | | | | | | | | | | | | | Provide a mechanism to extend and customize a binder interface without having to modify the original (base) interface. See the full motivation here: aosp/1099664 Bug: 147834064 Test: atest FrameworksCoreTests:BinderTest FrameworksCoreTests:BinderProxyTest Change-Id: Idd3595b1302cf7ac0590d064e795ba0b75811af6
| * Use new UnsupportedAppUsage annotation.Artur Satayev2020-01-131-1/+1
| | | | | | | | | | | | | | | | | | Existing annotations in libcore/ and frameworks/ will deleted after the migration. This also means that any java library that compiles @UnsupportedAppUsage requires a direct dependency on "unsupportedappusage" java_library. Bug: 145132366 Test: m && diff unsupportedappusage_index.csv Change-Id: I534e3fd1305e2f4af076986770033478448a665c Merged-In: I534e3fd1305e2f4af076986770033478448a665c
* | Use new UnsupportedAppUsage annotation.Artur Satayev2019-12-181-1/+1
| | | | | | | | | | | | | | | | Existing annotations in libcore/ and frameworks/ will deleted after the migration. This also means that any java library that compiles @UnsupportedAppUsage requires a direct dependency on "unsupportedappusage" java_library. Bug: 145132366 Test: m && diff unsupportedappusage_index.csv Change-Id: I534e3fd1305e2f4af076986770033478448a665c
* | Merge "Add SystemApi to handle "adb shell cmd""Makoto Onuki2019-12-061-9/+22
|\ \
| * | Add SystemApi to handle "adb shell cmd"Makoto Onuki2019-12-031-9/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This will be used by mainline system services. TODO: Maybe add more APIs to register subcommands Bug: 142751512 Test: adb shell cmd jobscheduler help Change-Id: Ie6d4b9aa4df426d64270d114d694f042b2600cce
* | | Merge "Binder: add markVintfStability" am: 4bdfc3c05c am: c8d045a384Steven Moreland2019-12-021-0/+13
|\ \ \ | |/ / |/| / | |/ | | | | am: 6090a98164 Change-Id: I87d07e53c8ed9bbc7e4216b186c79077c5d318bc
| * Binder: add markVintfStabilitySteven Moreland2019-11-271-0/+13
| | | | | | | | | | | | | | | | | | For the AIDL compiler to call. Without this, the Java framework can't pass callbacks to HALs. Bug: 139325468 Test: use vibrator callback from Java Change-Id: I147d3e3da699ce740f6589264b37f43f8557719b
* | Change FileDescriptor to PFD, per API guidelines.Makoto Onuki2019-11-131-5/+12
| | | | | | | | | | | | | | | | | | | | | | handleShellCommand() would be a system API, so we should use PFD instead, per the API guidelines. Bug: 142751512 Test: "adb shell cmd jobschduler help" -> show help Test: "$ cmd jobscheduler run abc 123" -> shows "Package not found: abc / user 0" Test: "adb shell cmd activity help" -> show help Change-Id: I64b1e4c540db836cc4a46fed24a038b7077ecb63
* | Revert "Change argument types from FD to PFD"Makoto Onuki2019-11-121-6/+4
| | | | | | | | | | | | | | | | | | This reverts commit 933bf11cc3de00c3a5718922548e5148043ed41d. Reason for revert: Broke shell commands. Change-Id: Icbe1e4089d2607d9bfa839ceb2e1ffad4f08e892 Fixes: 144317147
* | Change argument types from FD to PFDMakoto Onuki2019-11-051-4/+6
| | | | | | | | | | | | | | Bug: 142751512 Test: "adb shell cmd jobschduler help" Test: "adb shell cmd activity help" Change-Id: Ic35588f7c9fcaa06e3cf4feeedf54b3a0835ad44
* | Bidner shell command API proposalMakoto Onuki2019-11-051-3/+54
| | | | | | | | | | | | | | | | Bug: 142751512 Test: "adb shell cmd jobschduler help" Test: "adb shell cmd activity help" Change-Id: I9174040cae72172e82d260d0ceb9ca5a69b72940
* | Merge "Made libbinder's waitForService accessible in java" am: 3ef1b5e544 ↵Jon Spivack2019-10-111-0/+9
|\| | | | | | | | | | | | | | | am: fa830219cd am: 6b8cef41e5 am: 6fd2b9e8e5 Change-Id: If28614029aa7ba2f5ce4358bcd47db3f316c236a
| * Made libbinder's waitForService accessible in javaJon Spivack2019-10-111-0/+9
| | | | | | | | | | | | | | | | waitForService is used to lazily start AIDL services Bug: 138756857 Test: Manual (tested starting gsiservice with this function) Change-Id: I7ff16b014052d3845bd4b1baa8fc9843e7975a16
* | Allow apps to collect which appops were notedPhilip P. Moltmann2019-08-301-1/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If private user data is send to an app the data provider should note an app-op. This change adds a new API AppOpsManager#setNotedAppOpsCollector that allows an app to get notified every time such an private data access happens. This will allow apps to monitor their own private data usage. Esp. with big, old apps, distributed teams or 3rd party libraries it might not always be clear what subsystems access private data. There are three different situations how private data can be accessed and an app op is noted: 1. Private data access inside a two-way binder call. E.g. LocationManager#getLastKnownLocation. When we start a two way binder transaction, we remember the calling uid via AppOpsManager#collectNotedAppOps. Then when the data providing code calls AppOpsManager#noteOp->AppOpsManager#markAppOpNoted the noted app-op is remembered in AppOpsManager#sAppOpsNotedInThisBinderTransaction. Then when returning from the binder call, we add the list of noted app-ops to the reply-parcel via AppOpsManager#prefixParcelWithAppOpsIfNeeded. On the calling side we check if there were any app-ops noted in AppOpsManager#readAndLogNotedAppops and then call the collector while still in the binder code. This allows the collector e.g. collect a stack trace which can be used to figure out what app code caused the private data access. 2. Very complex apps might do permissions checks internal to themself. I.e. an app notes an op for itself. We detect this case in AppOpsManager#markAppOpNoted and immediately call the collector similar to case (1). 3. Sometimes private data is accessed outside of a two-way binder call. E.g. if an app registers a LocationListener an app-op is noted each time a new location is send to the app. In this case it is not clear to the framework which app-action triggered this app-op-note. Hence the data provider has to describe in a AsyncNotedAppOp object when an why the access happened. These objects are then send to the system server via IAppOpsService#noteAsyncOp and then the collector in the app. There are rare cases where a private data access happens before the app is running (e.g. when a geo-fence is triggered). In this case we cache a small amount of AsyncNotedAppOps (in AppOpsService#mUnforwardedAsyncNotedOps) and deliver them when the app is ready for these events (in AppOpsManager#setNotedAppOpsCollector). Test: atest CtsAppOpsTestCases (includes new tests covering this functionality) Bug: 136505050 Change-Id: I96ded4a8d8d9bcb37a4555d9b1281cb57945ffa9
* | IPC StrictModeLucas Dupin2019-08-261-0/+11
|/ | | | | | | | | | | | | | This CL introduces a way of blocking IPCs on the main thread. This is enforced by StrictMode, and enabled on tests and eng builds. All current blocking IPCs were whitelisted and bugs will be filed, in order to fix them for R. Bug: 139360025 Test: adb logcat Test: atest SystemUITests Change-Id: I45af2619605ee36b6bae83ef080272c62754b654
* Clear the Parcel before writing an exception during a transactionMichael Wachenschwanz2019-05-151-0/+2
| | | | | | | | | | This prevents any object data from being accidentally overwritten by the exception, which could cause unexpected malformed objects to be sent across the transaction. Test: atest CtsOsTestCases:ParcelTest#testExceptionOverwritesObject Fixes: 34175893 Change-Id: Iaf80a0ad711762992b8ae60f76d861c97a403013
* Change visibility of *WorkSourceUid APIs to public instead of @SystemApi.Olivier Gaillard2019-04-031-10/+1
| | | | | | Bug: 127465468 Test: atest BinderWorkSourceTest Change-Id: Ib5743219ed44b893a64825d3d8c66e2f20b4197f
* Add @UnsupportedAppUsage annotationsAndrei Onea2019-03-151-0/+3
| | | | | | | | | | | | | | | | For packages: android.os This is an automatically generated CL. See go/UnsupportedAppUsage for more details. Exempted-From-Owner-Approval: Mechanical changes to the codebase which have been approved by Android API council and announced on android-eng@ Bug: 110868826 Test: m Change-Id: I4ece0a3f37f88fc2508cb965092aed7cabc61819
* Add @Nullable and @NonNull to onTransactStartedOlivier Gaillard2019-03-051-1/+2
| | | | | | Bug: 126702217 Test: atest BinderWorkSourceTest Change-Id: I1d0b932f403b3350a82b601e1a799aa07ac02361
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-12 04:44:02 +0000