| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is mixed use of __ANDROID_VNDK__
and __ANDROID_VENDOR__, so make sure they
are set consistently.
This is only possible because the VNDK is
deprecated. Before this, __ANDROID_VNDK__
may be set without __ANDROID_VENDOR__ (and I
think some of the logic in libbinder was
probably wrong at that point).
Bug: N/A
Test: N/A
Change-Id: I9cf106ab8309520229ae9e23e7d5c42ab3e425cf
|
| |
|
|
|
|
| |
Bug: 302724232
Test: build binder with GCC
Change-Id: I5bb7cff8999f6fb6f2411eb8697a79c979d12103
|
| |\
| |
| |
| |
| |
| |
| |
| | |
am: 34d8b2ca5d
Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/1776767
Change-Id: I5698e61d542017fbbaba5d2ef6259c63ddc6d3d4
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For the RPC project, I had added a version into the binder-level wire
protocol. However, there is no plan to make the on-device wire protocol
backwards compatible, and for RPC, this version needs to be stored with
RpcSession objects, so it is not needed here.
Bug: 182938972
Test: boot, binderStabilityTest
Change-Id: Iad2e7ae77c562690015814ba8d8d439e1befc0b2
|
| |\|
| |
| |
| |
| |
| | |
Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/1537303
Change-Id: Ifee05e1c82cfc6beebf6b7396ff42d651d8c89ae
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
sizeof(BBinder) may not be changed unless 1,000s of people in many
different companies fundamentally change the way they work. So, with
precious few bits to spare, we make room by changing the way that
binder stability reserves space on the wire. Now, it uses the least
significant 16-bits of the 32-bits which is reserved on the wire.
The sideeffect of this straightforward implementation is that the wire
protocol is slightly changed. This is an intentional change in order to
exercise its instability, perhaps as an early warning.
Bug: 166282674
Test: boot, binderLibTest
Change-Id: I654fcd2cc9d20cbac557d1a176a5095c491d88cf
|
| |\|
| |
| |
| |
| |
| |
| |
| | |
3658c3bcc0
Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/1712769
Change-Id: Ibd2b4a395b64459763ddb3449d561d861422af14
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
See if a service is coupled with the system/core build variant or build
variant (or if the service has 'vintf' stability - meaning it is used as
a HAL). This will also print additional information about the version of
the binder wire protocol that is being used by this object (currently
everything uses the same version - this may be the case for a while).
Fixes: 184062810
Test: dumpsys_test
Test: manually running 'dumpsys --stability' and 'dumpsys --help'
Change-Id: Ia9f1d011ef28a9d62a3076fa497ebb33ed53fe0a
|
| |\|
| |
| |
| |
| |
| |
| |
| | |
am: 332edaa92a
Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/1661238
Change-Id: Ie0a517777bc80d5884e217e8a794a1bbba2036b3
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This can be used to allow registering a service with a VINTF interface
without requiring a manifest declaration.
This is useful for test services or in the case of a system proxy
service that implements the same interface as the vintf service.
Bug: 183154648
Bug: 177664629
Test: atest binderStabilityTest
Change-Id: Ibd8dad46945a339b77dca70484082fda06220ee3
|
| |\|
| |
| |
| |
| |
| |
| |
| | |
am: c8b582fc81
Original change: https://android-review.googlesource.com/c/platform/frameworks/native/+/1649815
Change-Id: Ib59a0c6fdc3f91107857d394c0c5605f8e6e0023
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For instance, use a VINTF interface inside the system image without
adding it to the VINTF manifest (e.g. for testing, in this case, the
interface can't be used between system and vendor).
Bug: 183154648
Test: binderStabilityTest
Change-Id: I38019e226547b2437b920e79c252c7e55c17f7e4
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since the product partition is using __ANDROID_VNDK__, we can't remove
the __ANDROID_APEX__ check from the NDK header.
This reverts commit 15b7029849a1c59ecb54961fa7417ee0611408a0.
Reason for revert: reland b/179906909
Fixes: 179906909
Test: the following, which was failing before w/ stability error
mmma packages/modules/Gki
adb install --staged-ready-timeout 600000\
out/host/linux-x86/testcases/GkiInstallTest/com.android.gki.kmi_5_10_android12_0_test_high.apex
Change-Id: I189b5c07ffd767fa46c59fd8828ba4f59b31f095
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit e9441bcf32c04901807748bde85f16444464eb91.
Reason for revert: b/180559880#comment7
Bug: 179906909
Change-Id: I04472d3bbe97c9c42df74c10ce87c176fa7098dd
|
| |/
|
|
|
|
|
|
|
|
|
| |
These were setup because the media APEX module was using vendor variants
of libbinder on the system partition. However, now that this build
dependency is cleaned up, we can remove the #ifdefs and make this a
build error instead of a runtime error.
Test: binderStabilityTest
Fixes: 179906909
Change-Id: If05cf3fa0851866d7113f6e8f9705891672ad369
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The libbinder wire protocol version is currently unstable, but we may
stablize it. This adds a version field in the stability token which is
passed around with binder objects, so it doesn't require additional
memory.
Future consideration/direction:
- when starting a transaction, attach a binder to a Parcel object
- when parceling, parcel according to the maximum of (locally
understood wire protocol, binder wire protocol)
- verify in transact the data parcel has the corresponding binder
- when the server creates a reply parcel, note version which is the
same as the version used in the data Parcel (we know that whoever
wrote this transaction can understand this level).
- save binary blobs of known write*/read* data flows, and test that
Parcel can understand and recreate these blobs after it is versioned.
Bug: 167966510
Test: 'atest binderStabilityTest' - verifies behavior
Test: internally checks version is always set
Change-Id: I9bb5be5b5b7d7255f8387cf690d86a055102f95d
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is in preparation for splitting system/apex stability and also
ensures there are no surprises if/when vendor APEXes are introduced by
specifically checking that the only __ANDROID_APEX__ + __ANDROID_VNDK__
case is com.android.media, which is compiled with vendor code, but
shipped with the system partition.
Bug: 139325195
Test: build checks satifised, TEST_MAPPING
Change-Id: Id72e40addb4ab4b7a7e2e35a90c1ca0d0a51558a
|
| |
|
|
|
|
|
|
|
|
|
| |
Attached objects require a heap allocation, and stability is always
attached. This avoids a heap allocation per binder object (Android R
regression).
Bug: 148177595
Test: binderStabilityTest
Change-Id: I5eab8be5d87fdd9468bcbd8d54913ca713559314
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For interfaces that are exported API to vendor, check that the
interfaces are declared in the manifest before allowing them to
register.
Implements this relationship:
Device using VINTF instance => instance in manifest
The manifest is used for two things:
- understand which HAL interfaces are used so that we don't deprecate
them too early.
- understand which interfaces are on the device: this allows clients to
depend on a HAL interface IFF it is installed.
Bug: 136027762
Test: try registering interface that is and isn't in the VINTF manifest
Change-Id: I8aa09a56c638a6cc3aa93f102caf09da401a143b
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before: stability check done when binder is read from a parcel
After: stability check done when binder is transacted on
Why this change is being made/benefits:
- vendor binders can be used as tokens in system context
- pingBinder/interfaceChain/etc.. can be done on vendor binders in a
system context, so code can generically operate on binders. This is
particularly useful for service manager and dumpstate, which previously
I was going to special-case
- policy on which binders go where is entirely reliant on SELinux
whereas before there were additional runtime restrictions
Cons to this change:
- allowed binders must be determined by context. BpBinder now checks
stability based on kLocalStability. More work would need to be done to
get this working with APEX.
Bug: 136027762
Test: binderStabilityTest
Change-Id: Iff026e81a130dbb8885ca82ec24e69a5768847eb
Merged-In: Iff026e81a130dbb8885ca82ec24e69a5768847eb
|
| |
|
|
|
|
| |
Bug: 136027762
Test: manual
Change-Id: Id390f0459fd162a20bbd64870fc568a87f422f15
|
| |
|
|
|
|
|
|
| |
So that it shows current stability as well as new stability.
Bug: 136027762
Test: check log
Change-Id: I7b8481528c0b8e8506a3e95508c9bbef62c71d62
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This specifically has handwritten interfaces in mind. This CL ensures
that if there is a handwritten interface, it'll be marked with 'local'
stability before it is sent out. This means that a handwritten interface
won't accidentally be interpretted as a stable interface.
Bug: 136027762
Test: boot
Merged-In: I97e3e7c72f99e12dbf00996ff0c68fb683f3c494
Change-Id: I97e3e7c72f99e12dbf00996ff0c68fb683f3c494
|
|
|
An internal CL adds stability annotations to interfaces. In order to
make it easier to make changes against this on AOSP, the API only is
merged here. This means, until Android Q is released, AOSP will have
stability API annotations but not enforcement. Enforcement will only
happen on internal branches. This is being done because of a mismatch
between vndservicemanager (in the vendor.img blobs) and libbinder in the
VNDK.
(remaining comments are from the internal CL and aren't reflected in
AOSP yet)
This adds runtime information for what the stability class of a binder
is in preparation for allowing binders system<->vendor. However, this
shouldn't necessarily be restricted to this case. For instance, it may
also be used to separate APEX interface stability levels. The idea is
that for code serving an interface of a given stability, only intefaces
of greater stability can be sent to it. This is slightly less
restrictive than existing binder domains. For instance, this could
potentially support having a single interface 'vintf' interface which is
shared by both system and vendor (this removing the need for infra like
ITokenManager).
The API that is exposed only allows marking a binder as a specific
stability class (see Stability.h). For instance, 'markVintf' marks an
API as being exposed system<->vendor. Although, infrastructure in
servicemanager, aidl, sepolicy, and VTS still need to support this in
order to be useful.
The actual implementation of these stability classes (bitmasks) is not
exposed and may be changed arbitrarily. Currently these bitmasks are
32-bit integers. These are sent to other processes because the type
system in AIDL cannot encode the stability requirements here without
either dropping IBinder or differentating IBinder by stability level
(which we don't want). So, where possible, AIDL will differentiate
stability level at compile time, but when IBinder is used, for
handwritten interfaces, and as a backup in case any other piece of the
infrastructure fails, the stability is also checked at runtime.
Bug: 136027762
Test: atest binderStabilityTest
Change-Id: Ia637ee3652d55550e7fce78876458f391b1dd928
Merged-In: Ia637ee3652d55550e7fce78876458f391b1dd928
|
