1 /* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef ANDROID_HARDWARE_BINDER_STATUS_H 18 #define ANDROID_HARDWARE_BINDER_STATUS_H 19 20 #include <cstdint> 21 #include <sstream> 22 23 #include <hidl/HidlInternal.h> 24 #include <utils/Errors.h> 25 #include <utils/StrongPointer.h> 26 27 namespace android { 28 namespace hardware { 29 30 // HIDL formally separates transport error codes from interface error codes. When developing a HIDL 31 // interface, errors relevant to a service should be placed in the interface design for that HAL. 32 // 33 // For instance: 34 // 35 // interface I* { 36 // enum FooStatus { NO_FOO, NO_BAR }; // service-specific errors 37 // doFoo(...) generates (FooStatus foo); 38 // }; 39 // 40 // When calling into this interface, a Return<*> (in this case Return<FooStatus> object will be 41 // returned). For most clients, it's expected that they'll just get the result from this function 42 // and use it directly. If there is a transport error, the process will just abort. In general, 43 // transport errors are expected only in extremely rare circumstances (bug in the 44 // code/cosmic radiation/etc..). Aborting allows process to restart using their normal happy path 45 // code. 46 // 47 // For certain processes though which are critical to the functionality of the phone (e.g. 48 // hwservicemanager/init), these errors must be handled. Return<*>::isOk and 49 // Return<*>::isDeadObject are provided for these cases. Whenever this is done, special attention 50 // should be paid to testing the unhappy paths to make sure that error handling is handled 51 // properly. 52 53 // Transport implementation detail. HIDL implementors, see Return below. HAL implementations should 54 // return HIDL-defined errors rather than use this. 55 class Status final { 56 public: 57 // Note: forked from 58 // - frameworks/base/core/java/android/os/android/os/Parcel.java. 59 // - frameworks/native/libs/binder/include/binder/Status.h 60 enum Exception { 61 EX_NONE = 0, 62 EX_SECURITY = -1, 63 EX_BAD_PARCELABLE = -2, 64 EX_ILLEGAL_ARGUMENT = -3, 65 EX_NULL_POINTER = -4, 66 EX_ILLEGAL_STATE = -5, 67 EX_NETWORK_MAIN_THREAD = -6, 68 EX_UNSUPPORTED_OPERATION = -7, 69 70 // This is special and Java specific; see Parcel.java. 71 EX_HAS_REPLY_HEADER = -128, 72 // This is special, and indicates to C++ binder proxies that the 73 // transaction has failed at a low level. 74 EX_TRANSACTION_FAILED = -129, 75 }; 76 77 // A more readable alias for the default constructor. 78 static Status ok(); 79 // Authors should explicitly pick whether their integer is: 80 // - an exception code (EX_* above) 81 // - status_t 82 // 83 // Prefer a generic exception code when possible or a status_t 84 // for low level transport errors. Service specific errors 85 // should be at a higher level in HIDL. 86 static Status fromExceptionCode(int32_t exceptionCode); 87 static Status fromExceptionCode(int32_t exceptionCode, 88 const char *message); 89 static Status fromStatusT(status_t status); 90 91 Status() = default; 92 ~Status() = default; 93 94 // Status objects are copyable and contain just simple data. 95 Status(const Status& status) = default; 96 Status(Status&& status) = default; 97 Status& operator=(const Status& status) = default; 98 99 // Set one of the pre-defined exception types defined above. 100 void setException(int32_t ex, const char *message); 101 // Setting a |status| != OK causes generated code to return |status| 102 // from Binder transactions, rather than writing an exception into the 103 // reply Parcel. This is the least preferable way of reporting errors. 104 void setFromStatusT(status_t status); 105 106 // Get information about an exception. exceptionCode()107 int32_t exceptionCode() const { return mException; } exceptionMessage()108 const char *exceptionMessage() const { return mMessage.c_str(); } transactionError()109 status_t transactionError() const { 110 return mException == EX_TRANSACTION_FAILED ? mErrorCode : OK; 111 } 112 isOk()113 bool isOk() const { return mException == EX_NONE; } 114 115 // For debugging purposes only 116 std::string description() const; 117 118 private: 119 Status(int32_t exceptionCode, int32_t errorCode); 120 Status(int32_t exceptionCode, int32_t errorCode, const char *message); 121 122 // If |mException| == EX_TRANSACTION_FAILED, generated code will return 123 // |mErrorCode| as the result of the transaction rather than write an 124 // exception to the reply parcel. 125 // 126 // Otherwise, we always write |mException| to the parcel. 127 // If |mException| != EX_NONE, we write |mMessage| as well. 128 int32_t mException = EX_NONE; 129 int32_t mErrorCode = 0; 130 std::string mMessage; 131 }; // class Status 132 133 // For gtest output logging 134 std::ostream& operator<< (std::ostream& stream, const Status& s); 135 136 template<typename T> class Return; 137 138 namespace details { 139 class return_status { 140 private: 141 Status mStatus {}; 142 mutable bool mCheckedStatus = false; 143 144 // called when an unchecked status is discarded 145 // makes sure this status is checked according to the preference 146 // set by setProcessHidlReturnRestriction 147 void onIgnored() const; 148 149 template <typename T, typename U> 150 friend Return<U> StatusOf(const Return<T> &other); 151 protected: 152 void onValueRetrieval() const; 153 public: 154 void assertOk() const; return_status()155 return_status() {} return_status(const Status & s)156 return_status(const Status& s) : mStatus(s) {} 157 158 return_status(const return_status &) = delete; 159 return_status &operator=(const return_status &) = delete; 160 return_status(return_status && other)161 return_status(return_status&& other) noexcept { *this = std::move(other); } 162 return_status& operator=(return_status&& other) noexcept; 163 164 ~return_status(); 165 isOkUnchecked()166 bool isOkUnchecked() const { 167 // someone else will have to check 168 return mStatus.isOk(); 169 } 170 isOk()171 bool isOk() const { 172 mCheckedStatus = true; 173 return mStatus.isOk(); 174 } 175 176 // Check if underlying error is DEAD_OBJECT. 177 // Check mCheckedStatus only if this method returns true. isDeadObject()178 bool isDeadObject() const { 179 bool dead = mStatus.transactionError() == DEAD_OBJECT; 180 181 // This way, if you only check isDeadObject your process will 182 // only be killed for more serious unchecked errors 183 if (dead) { 184 mCheckedStatus = true; 185 } 186 187 return dead; 188 } 189 190 // For debugging purposes only description()191 std::string description() const { 192 // Doesn't consider checked. 193 return mStatus.description(); 194 } 195 }; 196 } // namespace details 197 198 enum class HidlReturnRestriction { 199 // Okay to ignore checking transport errors. This would instead rely on init to reset state 200 // after an error in the underlying transport. This is the default and expected for most 201 // usecases. 202 NONE, 203 // Log when there is an unchecked error. 204 ERROR_IF_UNCHECKED, 205 // Fatal when there is an unchecked error. 206 FATAL_IF_UNCHECKED, 207 }; 208 209 /** 210 * This should be called during process initialization (e.g. before binder threadpool is created). 211 * 212 * Note: default of HidlReturnRestriction::NONE should be good for most usecases. See above. 213 * 214 * The restriction will be applied when Return objects are deconstructed. 215 */ 216 void setProcessHidlReturnRestriction(HidlReturnRestriction restriction); 217 218 template<typename T> class Return : public details::return_status { 219 private: 220 T mVal {}; 221 public: Return(T v)222 Return(T v) : details::return_status(), mVal{v} {} Return(Status s)223 Return(Status s) : details::return_status(s) {} 224 225 // move-able. 226 // precondition: "this" has checked status 227 // postcondition: other is safe to destroy after moving to *this. 228 Return(Return&& other) noexcept = default; 229 Return& operator=(Return&&) noexcept = default; 230 231 ~Return() = default; 232 T()233 operator T() const { 234 onValueRetrieval(); // assert okay 235 return mVal; 236 } 237 withDefault(T t)238 T withDefault(T t) const { return isOk() ? mVal : t; } 239 }; 240 241 template<typename T> class Return<sp<T>> : public details::return_status { 242 private: 243 sp<T> mVal {}; 244 public: Return(sp<T> v)245 Return(sp<T> v) : details::return_status(), mVal{v} {} Return(T * v)246 Return(T* v) : details::return_status(), mVal{v} {} 247 // Constructors matching a different type (that is related by inheritance) Return(sp<U> v)248 template<typename U> Return(sp<U> v) : details::return_status(), mVal{v} {} Return(U * v)249 template<typename U> Return(U* v) : details::return_status(), mVal{v} {} Return(Status s)250 Return(Status s) : details::return_status(s) {} 251 252 // move-able. 253 // precondition: "this" has checked status 254 // postcondition: other is safe to destroy after moving to *this. 255 Return(Return&& other) noexcept = default; 256 Return& operator=(Return&&) noexcept = default; 257 258 ~Return() = default; 259 260 operator sp<T>() const { 261 onValueRetrieval(); // assert okay 262 return mVal; 263 } 264 withDefault(sp<T> t)265 sp<T> withDefault(sp<T> t) const { return isOk() ? mVal : t; } 266 }; 267 268 269 template<> class Return<void> : public details::return_status { 270 public: Return()271 Return() : details::return_status() {} Return(const Status & s)272 Return(const Status& s) : details::return_status(s) {} 273 274 // move-able. 275 // precondition: "this" has checked status 276 // postcondition: other is safe to destroy after moving to *this. 277 Return(Return &&) = default; 278 Return &operator=(Return &&) = default; 279 280 ~Return() = default; 281 }; 282 Void()283 static inline Return<void> Void() { 284 return Return<void>(); 285 } 286 287 namespace details { 288 // Create a Return<U> from the Status of Return<T>. The provided 289 // Return<T> must have an error status and have it checked. 290 template <typename T, typename U> StatusOf(const Return<T> & other)291 Return<U> StatusOf(const Return<T> &other) { 292 if (other.mStatus.isOk() || !other.mCheckedStatus) { 293 details::logAlwaysFatal("cannot call statusOf on an OK Status or an unchecked status"); 294 } 295 return Return<U>{other.mStatus}; 296 } 297 } // namespace details 298 299 } // namespace hardware 300 } // namespace android 301 302 #endif // ANDROID_HARDWARE_BINDER_STATUS_H 303