1 /* 2 * Copyright (C) 2007 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include <stdint.h> 20 #include <sys/types.h> 21 #include <sys/mman.h> 22 23 #include <utils/RefBase.h> 24 #include <utils/Errors.h> 25 #include <binder/IInterface.h> 26 27 namespace android { 28 29 // ---------------------------------------------------------------------------- 30 31 class IMemoryHeap : public IInterface 32 { 33 public: 34 DECLARE_META_INTERFACE(MemoryHeap) 35 36 // flags returned by getFlags() 37 enum { 38 READ_ONLY = 0x00000001 39 }; 40 41 virtual int getHeapID() const = 0; 42 virtual void* getBase() const = 0; 43 virtual size_t getSize() const = 0; 44 virtual uint32_t getFlags() const = 0; 45 virtual off_t getOffset() const = 0; 46 47 // these are there just for backward source compatibility heapID()48 int32_t heapID() const { return getHeapID(); } base()49 void* base() const { return getBase(); } virtualSize()50 size_t virtualSize() const { return getSize(); } 51 }; 52 53 class BnMemoryHeap : public BnInterface<IMemoryHeap> 54 { 55 public: 56 // NOLINTNEXTLINE(google-default-arguments) 57 virtual status_t onTransact( 58 uint32_t code, 59 const Parcel& data, 60 Parcel* reply, 61 uint32_t flags = 0); 62 63 BnMemoryHeap(); 64 protected: 65 virtual ~BnMemoryHeap(); 66 }; 67 68 // ---------------------------------------------------------------------------- 69 70 class IMemory : public IInterface 71 { 72 public: 73 DECLARE_META_INTERFACE(Memory) 74 75 // NOLINTNEXTLINE(google-default-arguments) 76 virtual sp<IMemoryHeap> getMemory(ssize_t* offset=nullptr, size_t* size=nullptr) const = 0; 77 78 // helpers 79 80 // Accessing the underlying pointer must be done with caution, as there are 81 // some inherent security risks associated with it. When receiving an 82 // IMemory from an untrusted process, there is currently no way to guarantee 83 // that this process would't change the content after the fact. This may 84 // lead to TOC/TOU class of security bugs. In most cases, when performance 85 // is not an issue, the recommended practice is to immediately copy the 86 // buffer upon reception, then work with the copy, e.g.: 87 // 88 // std::string private_copy(mem.size(), '\0'); 89 // memcpy(private_copy.data(), mem.unsecurePointer(), mem.size()); 90 // 91 // In cases where performance is an issue, this matter must be addressed on 92 // an ad-hoc basis. 93 void* unsecurePointer() const; 94 95 size_t size() const; 96 ssize_t offset() const; 97 98 private: 99 // These are now deprecated and are left here for backward-compatibility 100 // with prebuilts that may reference these symbol at runtime. 101 // Instead, new code should use unsecurePointer()/unsecureFastPointer(), 102 // which do the same thing, but make it more obvious that there are some 103 // security-related pitfalls associated with them. 104 void* pointer() const; 105 void* fastPointer(const sp<IBinder>& heap, ssize_t offset) const; 106 }; 107 108 class BnMemory : public BnInterface<IMemory> 109 { 110 public: 111 // NOLINTNEXTLINE(google-default-arguments) 112 virtual status_t onTransact( 113 uint32_t code, 114 const Parcel& data, 115 Parcel* reply, 116 uint32_t flags = 0); 117 118 BnMemory(); 119 protected: 120 virtual ~BnMemory(); 121 }; 122 123 // ---------------------------------------------------------------------------- 124 125 } // namespace android 126