Hide some headers from libbinder to vendors
The headers that are related to system services are now hidden to
vendors. Note that this does not break anything because vendors have
already been disallowed to talk to system services via sepolicy. Their
use of binder is strictly limited within themselves (via
/dev/vndbinder).
The hidden headers are now guarded with __ANDROID_VNDK__ and including
them from vendors (or vendor variants of other VNDK libraries) will
trigger a build-time error.
Bug: 78113963
Test: m -j
Test: devices boots to the UI
Change-Id: I19be5ca024fc4081b7861d908d75758c1d956a83
diff --git a/libs/binder/Android.bp b/libs/binder/Android.bp
index 6103188..7c1eaaf 100644
--- a/libs/binder/Android.bp
+++ b/libs/binder/Android.bp
@@ -75,6 +75,28 @@
":libbinder_aidl",
],
+ target: {
+ vendor: {
+ exclude_srcs: [
+ "ActivityManager.cpp",
+ "AppOpsManager.cpp",
+ "IActivityManager.cpp",
+ "IAppOpsCallback.cpp",
+ "IAppOpsService.cpp",
+ "IBatteryStats.cpp",
+ "IMediaResourceMonitor.cpp",
+ "IPermissionController.cpp",
+ "IProcessInfoService.cpp",
+ "IUidObserver.cpp",
+ "PermissionCache.cpp",
+ "PermissionController.cpp",
+ "ProcessInfoService.cpp",
+ "IpPrefix.cpp",
+ ":libbinder_aidl",
+ ],
+ },
+ },
+
aidl: {
export_aidl_headers: true,
},
diff --git a/libs/binder/IServiceManager.cpp b/libs/binder/IServiceManager.cpp
index 70f5108..711143c 100644
--- a/libs/binder/IServiceManager.cpp
+++ b/libs/binder/IServiceManager.cpp
@@ -20,6 +20,9 @@
#include <utils/Log.h>
#include <binder/IPCThreadState.h>
+#ifndef __ANDROID_VNDK__
+#include <binder/IPermissionController.h>
+#endif
#include <binder/Parcel.h>
#include <utils/String8.h>
#include <utils/SystemClock.h>
@@ -48,6 +51,9 @@
return gDefaultServiceManager;
}
+#ifndef __ANDROID_VNDK__
+// IPermissionController is not accessible to vendors
+
bool checkCallingPermission(const String16& permission)
{
return checkCallingPermission(permission, NULL, NULL);
@@ -122,6 +128,8 @@
}
}
+#endif //__ANDROID_VNDK__
+
// ----------------------------------------------------------------------
class BpServiceManager : public BpInterface<IServiceManager>
diff --git a/libs/binder/Static.cpp b/libs/binder/Static.cpp
index f0613d1..9899b65 100644
--- a/libs/binder/Static.cpp
+++ b/libs/binder/Static.cpp
@@ -94,6 +94,8 @@
Mutex gDefaultServiceManagerLock;
sp<IServiceManager> gDefaultServiceManager;
+#ifndef __ANDROID_VNDK__
sp<IPermissionController> gPermissionController;
+#endif
} // namespace android
diff --git a/libs/binder/include/binder/ActivityManager.h b/libs/binder/include/binder/ActivityManager.h
index 3090cae..b8db091 100644
--- a/libs/binder/include/binder/ActivityManager.h
+++ b/libs/binder/include/binder/ActivityManager.h
@@ -17,6 +17,8 @@
#ifndef ANDROID_ACTIVITY_MANAGER_H
#define ANDROID_ACTIVITY_MANAGER_H
+#ifndef __ANDROID_VNDK__
+
#include <binder/IActivityManager.h>
#include <utils/threads.h>
@@ -64,4 +66,8 @@
}; // namespace android
// ---------------------------------------------------------------------------
+#else // __ANDROID_VNDK__
+#error "This header is not visible to vendors"
+#endif // __ANDROID_VNDK__
+
#endif // ANDROID_ACTIVITY_MANAGER_H
diff --git a/libs/binder/include/binder/AppOpsManager.h b/libs/binder/include/binder/AppOpsManager.h
index a44d270..c5b57c7 100644
--- a/libs/binder/include/binder/AppOpsManager.h
+++ b/libs/binder/include/binder/AppOpsManager.h
@@ -17,6 +17,8 @@
#ifndef ANDROID_APP_OPS_MANAGER_H
#define ANDROID_APP_OPS_MANAGER_H
+#ifndef __ANDROID_VNDK__
+
#include <binder/IAppOpsService.h>
#include <utils/threads.h>
@@ -117,4 +119,8 @@
}; // namespace android
// ---------------------------------------------------------------------------
+#else // __ANDROID_VNDK__
+#error "This header is not visible to vendors"
+#endif // __ANDROID_VNDK__
+
#endif // ANDROID_APP_OPS_MANAGER_H
diff --git a/libs/binder/include/binder/IActivityManager.h b/libs/binder/include/binder/IActivityManager.h
index 6607c0e..f34969b 100644
--- a/libs/binder/include/binder/IActivityManager.h
+++ b/libs/binder/include/binder/IActivityManager.h
@@ -17,6 +17,8 @@
#ifndef ANDROID_IACTIVITY_MANAGER_H
#define ANDROID_IACTIVITY_MANAGER_H
+#ifndef __ANDROID_VNDK__
+
#include <binder/IInterface.h>
#include <binder/IUidObserver.h>
@@ -49,4 +51,8 @@
}; // namespace android
+#else // __ANDROID_VNDK__
+#error "This header is not visible to vendors"
+#endif // __ANDROID_VNDK__
+
#endif // ANDROID_IACTIVITY_MANAGER_H
diff --git a/libs/binder/include/binder/IAppOpsCallback.h b/libs/binder/include/binder/IAppOpsCallback.h
index b62e9e2..e5b12a9 100644
--- a/libs/binder/include/binder/IAppOpsCallback.h
+++ b/libs/binder/include/binder/IAppOpsCallback.h
@@ -18,6 +18,8 @@
#ifndef ANDROID_IAPP_OPS_CALLBACK_H
#define ANDROID_IAPP_OPS_CALLBACK_H
+#ifndef __ANDROID_VNDK__
+
#include <binder/IInterface.h>
namespace android {
@@ -51,5 +53,9 @@
}; // namespace android
+#else // __ANDROID_VNDK__
+#error "This header is not visible to vendors"
+#endif // __ANDROID_VNDK__
+
#endif // ANDROID_IAPP_OPS_CALLBACK_H
diff --git a/libs/binder/include/binder/IAppOpsService.h b/libs/binder/include/binder/IAppOpsService.h
index ecba5d6..f0c5e17 100644
--- a/libs/binder/include/binder/IAppOpsService.h
+++ b/libs/binder/include/binder/IAppOpsService.h
@@ -18,6 +18,8 @@
#ifndef ANDROID_IAPP_OPS_SERVICE_H
#define ANDROID_IAPP_OPS_SERVICE_H
+#ifndef __ANDROID_VNDK__
+
#include <binder/IAppOpsCallback.h>
#include <binder/IInterface.h>
@@ -75,4 +77,8 @@
}; // namespace android
+#else // __ANDROID_VNDK__
+#error "This header is not visible to vendors"
+#endif // __ANDROID_VNDK__
+
#endif // ANDROID_IAPP_OPS_SERVICE_H
diff --git a/libs/binder/include/binder/IBatteryStats.h b/libs/binder/include/binder/IBatteryStats.h
index e15d6f0..59e806c 100644
--- a/libs/binder/include/binder/IBatteryStats.h
+++ b/libs/binder/include/binder/IBatteryStats.h
@@ -17,6 +17,8 @@
#ifndef ANDROID_IBATTERYSTATS_H
#define ANDROID_IBATTERYSTATS_H
+#ifndef __ANDROID_VNDK__
+
#include <binder/IInterface.h>
namespace android {
@@ -76,4 +78,8 @@
}; // namespace android
+#else // __ANDROID_VNDK__
+#error "This header is not visible to vendors"
+#endif // __ANDROID_VNDK__
+
#endif // ANDROID_IBATTERYSTATS_H
diff --git a/libs/binder/include/binder/IMediaResourceMonitor.h b/libs/binder/include/binder/IMediaResourceMonitor.h
index b21047f..213ee63 100644
--- a/libs/binder/include/binder/IMediaResourceMonitor.h
+++ b/libs/binder/include/binder/IMediaResourceMonitor.h
@@ -17,6 +17,8 @@
#ifndef ANDROID_I_MEDIA_RESOURCE_MONITOR_H
#define ANDROID_I_MEDIA_RESOURCE_MONITOR_H
+#ifndef __ANDROID_VNDK__
+
#include <binder/IInterface.h>
namespace android {
@@ -52,4 +54,8 @@
}; // namespace android
+#else // __ANDROID_VNDK__
+#error "This header is not visible to vendors"
+#endif // __ANDROID_VNDK__
+
#endif // ANDROID_I_MEDIA_RESOURCE_MONITOR_H
diff --git a/libs/binder/include/binder/IPermissionController.h b/libs/binder/include/binder/IPermissionController.h
index b83d226..3ec459f 100644
--- a/libs/binder/include/binder/IPermissionController.h
+++ b/libs/binder/include/binder/IPermissionController.h
@@ -18,6 +18,8 @@
#ifndef ANDROID_IPERMISSION_CONTROLLER_H
#define ANDROID_IPERMISSION_CONTROLLER_H
+#ifndef __ANDROID_VNDK__
+
#include <binder/IInterface.h>
#include <stdlib.h>
@@ -64,5 +66,9 @@
}; // namespace android
+#else // __ANDROID_VNDK__
+#error "This header is not visible to vendors"
+#endif // __ANDROID_VNDK__
+
#endif // ANDROID_IPERMISSION_CONTROLLER_H
diff --git a/libs/binder/include/binder/IProcessInfoService.h b/libs/binder/include/binder/IProcessInfoService.h
index 2669f91..033c145 100644
--- a/libs/binder/include/binder/IProcessInfoService.h
+++ b/libs/binder/include/binder/IProcessInfoService.h
@@ -17,6 +17,8 @@
#ifndef ANDROID_I_PROCESS_INFO_SERVICE_H
#define ANDROID_I_PROCESS_INFO_SERVICE_H
+#ifndef __ANDROID_VNDK__
+
#include <binder/IInterface.h>
namespace android {
@@ -46,4 +48,8 @@
}; // namespace android
+#else // __ANDROID_VNDK__
+#error "This header is not visible to vendors"
+#endif // __ANDROID_VNDK__
+
#endif // ANDROID_I_PROCESS_INFO_SERVICE_H
diff --git a/libs/binder/include/binder/IServiceManager.h b/libs/binder/include/binder/IServiceManager.h
index cf4c08a..197026d 100644
--- a/libs/binder/include/binder/IServiceManager.h
+++ b/libs/binder/include/binder/IServiceManager.h
@@ -19,7 +19,6 @@
#define ANDROID_ISERVICE_MANAGER_H
#include <binder/IInterface.h>
-#include <binder/IPermissionController.h>
#include <utils/Vector.h>
#include <utils/String16.h>
diff --git a/libs/binder/include/binder/IUidObserver.h b/libs/binder/include/binder/IUidObserver.h
index fd4d8a6..d81789e 100644
--- a/libs/binder/include/binder/IUidObserver.h
+++ b/libs/binder/include/binder/IUidObserver.h
@@ -18,6 +18,8 @@
#ifndef ANDROID_IUID_OBSERVER_H
#define ANDROID_IUID_OBSERVER_H
+#ifndef __ANDROID_VNDK__
+
#include <binder/IInterface.h>
namespace android {
@@ -55,4 +57,8 @@
}; // namespace android
+#else // __ANDROID_VNDK__
+#error "This header is not visible to vendors"
+#endif // __ANDROID_VNDK__
+
#endif // ANDROID_IUID_OBSERVER_H
diff --git a/libs/binder/include/binder/IpPrefix.h b/libs/binder/include/binder/IpPrefix.h
index 96ebaac..dd5bc3a 100644
--- a/libs/binder/include/binder/IpPrefix.h
+++ b/libs/binder/include/binder/IpPrefix.h
@@ -17,6 +17,8 @@
#ifndef ANDROID_IP_PREFIX_H
#define ANDROID_IP_PREFIX_H
+#ifndef __ANDROID_VNDK__
+
#include <netinet/in.h>
#include <binder/Parcelable.h>
@@ -85,4 +87,8 @@
} // namespace android
+#else // __ANDROID_VNDK__
+#error "This header is not visible to vendors"
+#endif // __ANDROID_VNDK__
+
#endif // ANDROID_IP_PREFIX_H
diff --git a/libs/binder/include/binder/PermissionCache.h b/libs/binder/include/binder/PermissionCache.h
index bcdf0c2..95eabff 100644
--- a/libs/binder/include/binder/PermissionCache.h
+++ b/libs/binder/include/binder/PermissionCache.h
@@ -17,6 +17,8 @@
#ifndef BINDER_PERMISSION_H
#define BINDER_PERMISSION_H
+#ifndef __ANDROID_VNDK__
+
#include <stdint.h>
#include <unistd.h>
@@ -77,4 +79,8 @@
// ---------------------------------------------------------------------------
}; // namespace android
+#else // __ANDROID_VNDK__
+#error "This header is not visible to vendors"
+#endif // __ANDROID_VNDK__
+
#endif /* BINDER_PERMISSION_H */
diff --git a/libs/binder/include/binder/PermissionController.h b/libs/binder/include/binder/PermissionController.h
index cc5b6fe..d81f514 100644
--- a/libs/binder/include/binder/PermissionController.h
+++ b/libs/binder/include/binder/PermissionController.h
@@ -17,6 +17,8 @@
#ifndef ANDROID_PERMISSION_CONTROLLER_H
#define ANDROID_PERMISSION_CONTROLLER_H
+#ifndef __ANDROID_VNDK__
+
#include <binder/IPermissionController.h>
#include <utils/threads.h>
@@ -60,4 +62,8 @@
}; // namespace android
// ---------------------------------------------------------------------------
+#else // __ANDROID_VNDK__
+#error "This header is not visible to vendors"
+#endif // __ANDROID_VNDK__
+
#endif // ANDROID_PERMISSION_CONTROLLER_H
diff --git a/libs/binder/include/binder/ProcessInfoService.h b/libs/binder/include/binder/ProcessInfoService.h
index 0da61ee..a03aae9 100644
--- a/libs/binder/include/binder/ProcessInfoService.h
+++ b/libs/binder/include/binder/ProcessInfoService.h
@@ -17,6 +17,8 @@
#ifndef ANDROID_PROCESS_INFO_SERVICE_H
#define ANDROID_PROCESS_INFO_SERVICE_H
+#ifndef __ANDROID_VNDK__
+
#include <binder/IProcessInfoService.h>
#include <utils/Errors.h>
#include <utils/Singleton.h>
@@ -78,5 +80,9 @@
}; // namespace android
+#else // __ANDROID_VNDK__
+#error "This header is not visible to vendors"
+#endif // __ANDROID_VNDK__
+
#endif // ANDROID_PROCESS_INFO_SERVICE_H
diff --git a/libs/binder/include/private/binder/Static.h b/libs/binder/include/private/binder/Static.h
index 3d10456..f04bcae 100644
--- a/libs/binder/include/private/binder/Static.h
+++ b/libs/binder/include/private/binder/Static.h
@@ -21,7 +21,9 @@
#include <binder/IBinder.h>
#include <binder/ProcessState.h>
+#ifndef __ANDROID_VNDK__
#include <binder/IPermissionController.h>
+#endif
#include <binder/IServiceManager.h>
namespace android {
@@ -36,6 +38,8 @@
// For IServiceManager.cpp
extern Mutex gDefaultServiceManagerLock;
extern sp<IServiceManager> gDefaultServiceManager;
+#ifndef __ANDROID_VNDK__
extern sp<IPermissionController> gPermissionController;
+#endif
} // namespace android