Check in gVisor.

PiperOrigin-RevId: 194583126
Change-Id: Ica1d8821a90f74e7e745962d71801c598c652463

2 files changed, 396 insertions, 0 deletions

diff --git a/pkg/sentry/fs/binder/BUILD b/pkg/sentry/fs/binder/BUILD
new file mode 100644
index 000000000..15f91699f
--- /dev/null
+++ b/pkg/sentry/fs/binder/BUILD
@@ -0,0 +1,38 @@
+package(licenses = ["notice"])  # Apache 2.0
+
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+load("//tools/go_stateify:defs.bzl", "go_stateify")
+
+go_stateify(
+    name = "binder_state",
+    srcs = ["binder.go"],
+    out = "binder_state.go",
+    package = "binder",
+)
+
+go_library(
+    name = "binder",
+    srcs = [
+        "binder.go",
+        "binder_state.go",
+    ],
+    importpath = "gvisor.googlesource.com/gvisor/pkg/sentry/fs/binder",
+    visibility = ["//pkg/sentry:internal"],
+    deps = [
+        "//pkg/abi/linux",
+        "//pkg/log",
+        "//pkg/sentry/arch",
+        "//pkg/sentry/context",
+        "//pkg/sentry/fs",
+        "//pkg/sentry/fs/fsutil",
+        "//pkg/sentry/kernel",
+        "//pkg/sentry/kernel/time",
+        "//pkg/sentry/memmap",
+        "//pkg/sentry/platform",
+        "//pkg/sentry/usage",
+        "//pkg/sentry/usermem",
+        "//pkg/state",
+        "//pkg/syserror",
+        "//pkg/tcpip/transport/unix",
+    ],
+)
diff --git a/pkg/sentry/fs/binder/binder.go b/pkg/sentry/fs/binder/binder.go
new file mode 100644
index 000000000..3f87b6b08
--- /dev/null
+++ b/pkg/sentry/fs/binder/binder.go
@@ -0,0 +1,358 @@
+// Copyright 2018 Google Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package binder implements Android Binder IPC module.
+package binder
+
+import (
+	"sync"
+
+	"gvisor.googlesource.com/gvisor/pkg/abi/linux"
+	"gvisor.googlesource.com/gvisor/pkg/sentry/arch"
+	"gvisor.googlesource.com/gvisor/pkg/sentry/context"
+	"gvisor.googlesource.com/gvisor/pkg/sentry/fs"
+	"gvisor.googlesource.com/gvisor/pkg/sentry/fs/fsutil"
+	"gvisor.googlesource.com/gvisor/pkg/sentry/kernel"
+	"gvisor.googlesource.com/gvisor/pkg/sentry/kernel/time"
+	"gvisor.googlesource.com/gvisor/pkg/sentry/memmap"
+	"gvisor.googlesource.com/gvisor/pkg/sentry/platform"
+	"gvisor.googlesource.com/gvisor/pkg/sentry/usage"
+	"gvisor.googlesource.com/gvisor/pkg/sentry/usermem"
+	"gvisor.googlesource.com/gvisor/pkg/syserror"
+)
+
+const (
+	currentProtocolVersion = 8
+
+	// mmapSizeLimit is the upper limit for mapped memory size in Binder.
+	mmapSizeLimit = 4 * 1024 * 1024 // 4MB
+)
+
+// Device implements fs.InodeOperations.
+type Device struct {
+	fsutil.InodeNoExtendedAttributes
+	fsutil.InodeNotDirectory
+	fsutil.InodeNotRenameable
+	fsutil.InodeNotSocket
+	fsutil.InodeNotSymlink
+	fsutil.NoMappable
+	fsutil.NoopWriteOut
+	fsutil.DeprecatedFileOperations
+
+	// mu protects unstable.
+	mu       sync.Mutex `state:"nosave"`
+	unstable fs.UnstableAttr
+}
+
+// NewDevice creates and intializes a Device structure.
+func NewDevice(ctx context.Context, owner fs.FileOwner, fp fs.FilePermissions) *Device {
+	return &Device{
+		unstable: fs.WithCurrentTime(ctx, fs.UnstableAttr{
+			Owner: owner,
+			Perms: fp,
+			Links: 1,
+		}),
+	}
+}
+
+// Release implements fs.InodeOperations.Release.
+func (bd *Device) Release(context.Context) {}
+
+// GetFile implements fs.InodeOperations.GetFile.
+//
+// TODO: Add functionality to GetFile: Additional fields will be
+// needed in the Device structure, initialize them here. Also, Device will need
+// to keep track of the created Procs in order to implement BINDER_READ_WRITE
+// ioctl.
+func (bd *Device) GetFile(ctx context.Context, d *fs.Dirent, flags fs.FileFlags) (*fs.File, error) {
+	return fs.NewFile(ctx, d, flags, &Proc{
+		bd:       bd,
+		task:     kernel.TaskFromContext(ctx),
+		platform: platform.FromContext(ctx),
+	}), nil
+}
+
+// UnstableAttr implements fs.InodeOperations.UnstableAttr.
+func (bd *Device) UnstableAttr(ctx context.Context, inode *fs.Inode) (fs.UnstableAttr, error) {
+	bd.mu.Lock()
+	defer bd.mu.Unlock()
+	return bd.unstable, nil
+}
+
+// Check implements fs.InodeOperations.Check.
+func (bd *Device) Check(ctx context.Context, inode *fs.Inode, p fs.PermMask) bool {
+	return fs.ContextCanAccessFile(ctx, inode, p)
+}
+
+// SetPermissions implements fs.InodeOperations.SetPermissions.
+func (bd *Device) SetPermissions(ctx context.Context, inode *fs.Inode, fp fs.FilePermissions) bool {
+	bd.mu.Lock()
+	defer bd.mu.Unlock()
+	bd.unstable.Perms = fp
+	bd.unstable.StatusChangeTime = time.NowFromContext(ctx)
+	return true
+}
+
+// SetOwner implements fs.InodeOperations.SetOwner.
+func (bd *Device) SetOwner(ctx context.Context, inode *fs.Inode, owner fs.FileOwner) error {
+	bd.mu.Lock()
+	defer bd.mu.Unlock()
+	if owner.UID.Ok() {
+		bd.unstable.Owner.UID = owner.UID
+	}
+	if owner.GID.Ok() {
+		bd.unstable.Owner.GID = owner.GID
+	}
+	return nil
+}
+
+// SetTimestamps implements fs.InodeOperations.SetTimestamps.
+func (bd *Device) SetTimestamps(ctx context.Context, inode *fs.Inode, ts fs.TimeSpec) error {
+	if ts.ATimeOmit && ts.MTimeOmit {
+		return nil
+	}
+
+	bd.mu.Lock()
+	defer bd.mu.Unlock()
+
+	now := time.NowFromContext(ctx)
+	if !ts.ATimeOmit {
+		if ts.ATimeSetSystemTime {
+			bd.unstable.AccessTime = now
+		} else {
+			bd.unstable.AccessTime = ts.ATime
+		}
+	}
+	if !ts.MTimeOmit {
+		if ts.MTimeSetSystemTime {
+			bd.unstable.ModificationTime = now
+		} else {
+			bd.unstable.ModificationTime = ts.MTime
+		}
+	}
+	bd.unstable.StatusChangeTime = now
+	return nil
+}
+
+// Truncate implements fs.InodeOperations.WriteOut.
+//
+// Ignored for a character device, such as Binder.
+func (bd *Device) Truncate(ctx context.Context, inode *fs.Inode, size int64) error {
+	return nil
+}
+
+// AddLink implements fs.InodeOperations.AddLink.
+//
+// Binder doesn't support links, no-op.
+func (bd *Device) AddLink() {}
+
+// DropLink implements fs.InodeOperations.DropLink.
+//
+// Binder doesn't support links, no-op.
+func (bd *Device) DropLink() {}
+
+// NotifyStatusChange implements fs.InodeOperations.NotifyStatusChange.
+func (bd *Device) NotifyStatusChange(ctx context.Context) {
+	bd.mu.Lock()
+	defer bd.mu.Unlock()
+	now := time.NowFromContext(ctx)
+	bd.unstable.ModificationTime = now
+	bd.unstable.StatusChangeTime = now
+}
+
+// IsVirtual implements fs.InodeOperations.IsVirtual.
+//
+// Binder is virtual.
+func (bd *Device) IsVirtual() bool {
+	return true
+}
+
+// StatFS implements fs.InodeOperations.StatFS.
+//
+// Binder doesn't support querying for filesystem info.
+func (bd *Device) StatFS(context.Context) (fs.Info, error) {
+	return fs.Info{}, syserror.ENOSYS
+}
+
+// Proc implements fs.FileOperations and fs.IoctlGetter.
+type Proc struct {
+	fsutil.NoFsync
+	fsutil.DeprecatedFileOperations
+	fsutil.NotDirReaddir
+
+	bd       *Device
+	task     *kernel.Task
+	platform platform.Platform
+
+	// mu protects fr.
+	mu sync.Mutex `state:"nosave"`
+
+	// mapped is memory allocated from platform.Memory() by AddMapping.
+	mapped platform.FileRange
+}
+
+// Release implements fs.FileOperations.Release.
+func (bp *Proc) Release() {
+	bp.mu.Lock()
+	defer bp.mu.Unlock()
+	if bp.mapped.Length() != 0 {
+		bp.platform.Memory().DecRef(bp.mapped)
+	}
+}
+
+// Seek implements fs.FileOperations.Seek.
+//
+// Binder doesn't support seek operation (unless in debug mode).
+func (bp *Proc) Seek(ctx context.Context, file *fs.File, whence fs.SeekWhence, offset int64) (int64, error) {
+	return offset, syserror.EOPNOTSUPP
+}
+
+// Read implements fs.FileOperations.Read.
+//
+// Binder doesn't support read operation (unless in debug mode).
+func (bp *Proc) Read(ctx context.Context, file *fs.File, dst usermem.IOSequence, offset int64) (int64, error) {
+	return 0, syserror.EOPNOTSUPP
+}
+
+// Write implements fs.FileOperations.Write.
+//
+// Binder doesn't support write operation.
+func (bp *Proc) Write(ctx context.Context, file *fs.File, src usermem.IOSequence, offset int64) (int64, error) {
+	return 0, syserror.EOPNOTSUPP
+}
+
+// Flush implements fs.FileOperations.Flush.
+//
+// TODO: Implement.
+func (bp *Proc) Flush(ctx context.Context, file *fs.File) error {
+	return nil
+}
+
+// ConfigureMMap implements fs.FileOperations.ConfigureMMap.
+func (bp *Proc) ConfigureMMap(ctx context.Context, file *fs.File, opts *memmap.MMapOpts) error {
+	// Compare drivers/android/binder.c:binder_mmap().
+	if caller := kernel.TaskFromContext(ctx); caller != bp.task {
+		return syserror.EINVAL
+	}
+	if opts.Length > mmapSizeLimit {
+		opts.Length = mmapSizeLimit
+	}
+	opts.MaxPerms.Write = false
+
+	// TODO: Binder sets VM_DONTCOPY, preventing the created vma
+	// from being copied across fork(), but we don't support this yet. As
+	// a result, MMs containing a Binder mapping cannot be forked (MM.Fork will
+	// fail when AddMapping returns EBUSY).
+
+	return fsutil.GenericConfigureMMap(file, bp, opts)
+}
+
+// Ioctl implements fs.FileOperations.Ioctl.
+//
+// TODO: Implement.
+func (bp *Proc) Ioctl(ctx context.Context, io usermem.IO, args arch.SyscallArguments) (uintptr, error) {
+	// Switch on ioctl request.
+	switch uint32(args[1].Int()) {
+	case linux.BinderVersionIoctl:
+		ver := &linux.BinderVersion{
+			ProtocolVersion: currentProtocolVersion,
+		}
+		// Copy result to user-space.
+		_, err := usermem.CopyObjectOut(ctx, io, args[2].Pointer(), ver, usermem.IOOpts{
+			AddressSpaceActive: true,
+		})
+		return 0, err
+	case linux.BinderWriteReadIoctl:
+		// TODO: Implement.
+		fallthrough
+	case linux.BinderSetIdleTimeoutIoctl:
+		// TODO: Implement.
+		fallthrough
+	case linux.BinderSetMaxThreadsIoctl:
+		// TODO: Implement.
+		fallthrough
+	case linux.BinderSetIdlePriorityIoctl:
+		// TODO: Implement.
+		fallthrough
+	case linux.BinderSetContextMgrIoctl:
+		// TODO: Implement.
+		fallthrough
+	case linux.BinderThreadExitIoctl:
+		// TODO: Implement.
+		return 0, syserror.ENOSYS
+	default:
+		// Ioctls irrelevant to Binder.
+		return 0, syserror.EINVAL
+	}
+}
+
+// AddMapping implements memmap.Mappable.AddMapping.
+func (bp *Proc) AddMapping(ctx context.Context, ms memmap.MappingSpace, ar usermem.AddrRange, offset uint64) error {
+	bp.mu.Lock()
+	defer bp.mu.Unlock()
+	if bp.mapped.Length() != 0 {
+		// mmap has been called before, which binder_mmap() doesn't like.
+		return syserror.EBUSY
+	}
+	// Binder only allocates and maps a single page up-front
+	// (drivers/android/binder.c:binder_mmap() => binder_update_page_range()).
+	fr, err := bp.platform.Memory().Allocate(usermem.PageSize, usage.Anonymous)
+	if err != nil {
+		return err
+	}
+	bp.mapped = fr
+	return nil
+}
+
+// RemoveMapping implements memmap.Mappable.RemoveMapping.
+func (bp *Proc) RemoveMapping(ctx context.Context, ms memmap.MappingSpace, ar usermem.AddrRange, offset uint64) {
+	// Nothing to do. Notably, we don't free bp.mapped to allow another mmap.
+}
+
+// CopyMapping implements memmap.Mappable.CopyMapping.
+func (bp *Proc) CopyMapping(ctx context.Context, ms memmap.MappingSpace, srcAR, dstAR usermem.AddrRange, offset uint64) error {
+	// Nothing to do. Notably, this is one case where CopyMapping isn't
+	// equivalent to AddMapping, as AddMapping would return EBUSY.
+	return nil
+}
+
+// Translate implements memmap.Mappable.Translate.
+func (bp *Proc) Translate(ctx context.Context, required, optional memmap.MappableRange, at usermem.AccessType) ([]memmap.Translation, error) {
+	// TODO: In addition to the page initially allocated and mapped
+	// in AddMapping (Linux: binder_mmap), Binder allocates and maps pages for
+	// each transaction (Linux: binder_ioctl => binder_ioctl_write_read =>
+	// binder_thread_write => binder_transaction => binder_alloc_buf =>
+	// binder_update_page_range). Since we don't actually implement
+	// BinderWriteReadIoctl (Linux: BINDER_WRITE_READ), we only ever have the
+	// first page.
+	var err error
+	if required.End > usermem.PageSize {
+		err = &memmap.BusError{syserror.EFAULT}
+	}
+	if required.Start == 0 {
+		return []memmap.Translation{
+			{
+				Source: memmap.MappableRange{0, usermem.PageSize},
+				File:   bp.platform.Memory(),
+				Offset: bp.mapped.Start,
+			},
+		}, err
+	}
+	return nil, err
+}
+
+// InvalidateUnsavable implements memmap.Mappable.InvalidateUnsavable.
+func (bp *Proc) InvalidateUnsavable(ctx context.Context) error {
+	return nil
+}