From: Sanket Padawe Date: Thu, 10 Aug 2017 04:52:34 +0000 (+0000) Subject: Merge "DO NOT MERGE Fix security vulnerability in pre-O rild code." into mnc-dev... X-Git-Tag: android-x86-8.1-r3~1^2~2^2^2^2^2^2^2 X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=e9fe8f02c9;hp=b8484b0fe305ff6c8425964836b80553ac0a9100;p=android-x86%2Fhardware-ril.git Merge "DO NOT MERGE Fix security vulnerability in pre-O rild code." into mnc-dev am: e66a47c150 am: 957626f82d am: ddc6f6427e am: 0756964d91 -s ours am: b8484b0fe3 Change-Id: I95424dcd22474782dd128c045d96416e4795c2f9 --- diff --git a/include/libril/ril_ex.h b/include/libril/ril_ex.h index 8e15d65..692e4df 100644 --- a/include/libril/ril_ex.h +++ b/include/libril/ril_ex.h @@ -37,7 +37,7 @@ typedef struct SocketListenParam { RIL_SOCKET_ID socket_id; int fdListen; int fdCommand; - char* processName; + const char* processName; struct ril_event* commands_event; struct ril_event* listen_event; void (*processCommandsCallback)(int fd, short flags, void *param); diff --git a/include/telephony/ril.h b/include/telephony/ril.h index eba4eb8..98aa7d3 100644 --- a/include/telephony/ril.h +++ b/include/telephony/ril.h @@ -66,6 +66,11 @@ extern "C" { * * RIL_VERSION = 13 : This version includes new wakelock semantics and as the first * strongly versioned version it enforces structure use. + * RIL_VERSION = 14 : New data structures are added, namely RIL_CarrierMatchType, + * RIL_Carrier, RIL_CarrierRestrictions and RIL_PCO_Data. + * New commands added: RIL_REQUEST_SET_CARRIER_RESTRICTIONS, + * RIL_REQUEST_SET_CARRIER_RESTRICTIONS and + * RIL_UNSOL_PCO_DATA */ #define RIL_VERSION 12 #define LAST_IMPRECISE_RIL_VERSION 12 // Better self-documented name @@ -241,7 +246,8 @@ typedef enum { RADIO_TECH_HSPAP = 15, // HSPA+ RADIO_TECH_GSM = 16, // Only supports voice RADIO_TECH_TD_SCDMA = 17, - RADIO_TECH_IWLAN = 18 + RADIO_TECH_IWLAN = 18, + RADIO_TECH_LTE_CA = 19 } RIL_RadioTechnology; typedef enum { @@ -263,6 +269,7 @@ typedef enum { RAF_HSPAP = (1 << RADIO_TECH_HSPAP), RAF_GSM = (1 << RADIO_TECH_GSM), RAF_TD_SCDMA = (1 << RADIO_TECH_TD_SCDMA), + RAF_LTE_CA = (1 << RADIO_TECH_LTE_CA) } RIL_RadioAccessFamily; typedef enum { @@ -536,7 +543,10 @@ typedef struct { RIL_CDMA_SMS_Message* cdmaMessage; /* Valid field if tech is RADIO_TECH_3GPP. See RIL_REQUEST_SEND_SMS */ - char** gsmMessage; + char** gsmMessage; /* This is an array of pointers where pointers + are contiguous but elements pointed by those pointers + are not contiguous + */ } message; } RIL_IMS_SMS_Message; @@ -687,6 +697,36 @@ typedef struct { */ } RIL_LceDataInfo; +typedef enum { + RIL_MATCH_ALL = 0, /* Apply to all carriers with the same mcc/mnc */ + RIL_MATCH_SPN = 1, /* Use SPN and mcc/mnc to identify the carrier */ + RIL_MATCH_IMSI_PREFIX = 2, /* Use IMSI prefix and mcc/mnc to identify the carrier */ + RIL_MATCH_GID1 = 3, /* Use GID1 and mcc/mnc to identify the carrier */ + RIL_MATCH_GID2 = 4, /* Use GID2 and mcc/mnc to identify the carrier */ +} RIL_CarrierMatchType; + +typedef struct { + const char * mcc; + const char * mnc; + RIL_CarrierMatchType match_type; /* Specify match type for the carrier. + * If it’s RIL_MATCH_ALL, match_data is null; + * otherwise, match_data is the value for the match type. + */ + const char * match_data; +} RIL_Carrier; + +typedef struct { + int32_t len_allowed_carriers; /* length of array allowed_carriers */ + int32_t len_excluded_carriers; /* length of array excluded_carriers */ + RIL_Carrier * allowed_carriers; /* whitelist for allowed carriers */ + RIL_Carrier * excluded_carriers; /* blacklist for explicitly excluded carriers + * which match allowed_carriers. Eg. allowed_carriers match + * mcc/mnc, excluded_carriers has same mcc/mnc and gid1 + * is ABCD. It means except the carrier whose gid1 is ABCD, + * all carriers with the same mcc/mnc are allowed. + */ +} RIL_CarrierRestrictions; + /* See RIL_REQUEST_LAST_CALL_FAIL_CAUSE */ typedef enum { CALL_FAIL_UNOBTAINABLE_NUMBER = 1, @@ -894,9 +934,10 @@ typedef struct { #define RIL_CARD_MAX_APPS 8 typedef enum { - RIL_CARDSTATE_ABSENT = 0, - RIL_CARDSTATE_PRESENT = 1, - RIL_CARDSTATE_ERROR = 2 + RIL_CARDSTATE_ABSENT = 0, + RIL_CARDSTATE_PRESENT = 1, + RIL_CARDSTATE_ERROR = 2, + RIL_CARDSTATE_RESTRICTED = 3 /* card is present but not usable due to carrier restrictions.*/ } RIL_CardState; typedef enum { @@ -5077,6 +5118,57 @@ typedef struct { */ #define RIL_REQUEST_GET_ACTIVITY_INFO 135 +/** + * RIL_REQUEST_SET_CARRIER_RESTRICTIONS + * + * Set carrier restrictions for this sim slot. Expected modem behavior: + * If never receives this command + * - Must allow all carriers + * Receives this command with data being NULL + * - Must allow all carriers. If a previously allowed SIM is present, modem must not reload + * the SIM. If a previously disallowed SIM is present, reload the SIM and notify Android. + * Receives this command with a list of carriers + * - Only allow specified carriers, persist across power cycles and FDR. If a present SIM + * is in the allowed list, modem must not reload the SIM. If a present SIM is *not* in + * the allowed list, modem must detach from the registered network and only keep emergency + * service, and notify Android SIM refresh reset with new SIM state being + * RIL_CARDSTATE_RESTRICTED. Emergency service must be enabled. + * + * "data" is const RIL_CarrierRestrictions * + * A list of allowed carriers and possibly a list of excluded carriers. + * If data is NULL, means to clear previous carrier restrictions and allow all carriers + * + * "response" is int * + * ((int *)data)[0] contains the number of allowed carriers which have been set correctly. + * On success, it should match the length of list data->allowed_carriers. + * If data is NULL, the value must be 0. + * + * Valid errors: + * RIL_E_SUCCESS + * RIL_E_INVALID_ARGUMENTS + * RIL_E_RADIO_NOT_AVAILABLE + * RIL_E_REQUEST_NOT_SUPPORTED + */ +#define RIL_REQUEST_SET_CARRIER_RESTRICTIONS 136 + +/** + * RIL_REQUEST_GET_CARRIER_RESTRICTIONS + * + * Get carrier restrictions for this sim slot. Expected modem behavior: + * Return list of allowed carriers, or null if all carriers are allowed. + * + * "data" is NULL + * + * "response" is const RIL_CarrierRestrictions *. + * If response is NULL, it means all carriers are allowed. + * + * Valid errors: + * RIL_E_SUCCESS + * RIL_E_RADIO_NOT_AVAILABLE + * RIL_E_REQUEST_NOT_SUPPORTED + */ +#define RIL_REQUEST_GET_CARRIER_RESTRICTIONS 137 + /***********************************************************************/ /** @@ -5692,6 +5784,19 @@ typedef struct { */ #define RIL_UNSOL_LCEDATA_RECV 1045 + /** + * RIL_UNSOL_PCO_DATA + * + * Called when there is new Carrier PCO data received for a data call. Ideally + * only new data will be forwarded, though this is not required. Multiple + * boxes of carrier PCO data for a given call should result in a series of + * RIL_UNSOL_PCO_DATA calls. + * + * "data" is the RIL_PCO_Data structure. + * + */ +#define RIL_UNSOL_PCO_DATA 1046 + /***********************************************************************/ @@ -5702,8 +5807,13 @@ typedef struct { * @param request is one of RIL_REQUEST_* * @param data is pointer to data defined for that RIL_REQUEST_* * data is owned by caller, and should not be modified or freed by callee + * structures passed as data may contain pointers to non-contiguous memory * @param t should be used in subsequent call to RIL_onResponse - * @param datalen the length of data + * @param datalen is the length of "data" which is defined as other argument. It may or may + * not be equal to sizeof(data). Refer to the documentation of individual structures + * to find if pointers listed in the structure are contiguous and counted in the datalen + * length or not. + * (Eg: RIL_IMS_SMS_Message where we don't have datalen equal to sizeof(data)) * */ typedef void (*RIL_RequestFunc) (int request, void *data, @@ -5723,8 +5833,13 @@ typedef RIL_RadioState (*RIL_RadioStateRequest)(RIL_SOCKET_ID socket_id); * @param request is one of RIL_REQUEST_* * @param data is pointer to data defined for that RIL_REQUEST_* * data is owned by caller, and should not be modified or freed by callee + * structures passed as data may contain pointers to non-contiguous memory * @param t should be used in subsequent call to RIL_onResponse - * @param datalen the length of data + * @param datalen is the length of "data" which is defined as other argument. It may or may + * not be equal to sizeof(data). Refer to the documentation of individual structures + * to find if pointers listed in the structure are contiguous and counted in the datalen + * length or not. + * (Eg: RIL_IMS_SMS_Message where we don't have datalen equal to sizeof(data)) * */ typedef void (*RIL_RequestFunc) (int request, void *data, @@ -5802,6 +5917,19 @@ typedef struct { NULL if no value. */ } RIL_SimAuthentication; +typedef struct { + int cid; /* Context ID, uniquely identifies this call */ + char *bearer_proto; /* One of the PDP_type values in TS 27.007 section 10.1.1. + For example, "IP", "IPV6", "IPV4V6" */ + int pco_id; /* The protocol ID for this box. Note that only IDs from + FF00H - FFFFH are accepted. If more than one is included + from the network, multiple calls should be made to send all + of them. */ + int contents_length; /* The number of octets in the contents. */ + char *contents; /* Carrier-defined content. It is binary, opaque and + loosely defined in LTE Layer 3 spec 24.008 */ +} RIL_PCO_Data; + #ifdef RIL_SHLIB struct RIL_Env { /** @@ -5957,7 +6085,6 @@ void RIL_onUnsolicitedResponse(int unsolResponse, const void *data, void RIL_requestTimedCallback (RIL_TimedCallback callback, void *param, const struct timeval *relativeTime); - #endif /* RIL_SHLIB */ #ifdef __cplusplus diff --git a/libril/RilSapSocket.cpp b/libril/RilSapSocket.cpp index 32d383e..33eabb5 100644 --- a/libril/RilSapSocket.cpp +++ b/libril/RilSapSocket.cpp @@ -21,6 +21,7 @@ #include "RilSapSocket.h" #include "pb_decode.h" #include "pb_encode.h" +#undef LOG_TAG #define LOG_TAG "RIL_UIM_SOCKET" #include #include @@ -356,8 +357,8 @@ void RilSapSocket::sendResponse(MsgHeader* hdr) { success = pb_encode(&ostream, MsgHeader_fields, hdr); if (success) { - RLOGD("Size: %d (0x%x) Size as written: 0x%x", encoded_size, encoded_size, - written_size); + RLOGD("Size: %zu (0x%zx) Size as written: 0x%x", encoded_size, + encoded_size, written_size); log_hex("onRequestComplete", &buffer[sizeof(written_size)], encoded_size); RLOGI("[%d] < SAP RESPONSE type: %d. id: %d. error: %d", hdr->token, hdr->type, hdr->id,hdr->error ); @@ -368,13 +369,13 @@ void RilSapSocket::sendResponse(MsgHeader* hdr) { RLOGD("Write successful"); } } else { - RLOGE("Error while encoding response of type %d id %d buffer_size: %d: %s.", - hdr->type, hdr->id, buffer_size, PB_GET_ERROR(&ostream)); + RLOGE("Error while encoding response of type %d id %d buffer_size: %zu: %s.", + hdr->type, hdr->id, buffer_size, PB_GET_ERROR(&ostream)); } free(buffer); } else { - RLOGE("Not sending response type %d: encoded_size: %u. commandFd: %d. encoded size result: %d", - hdr->type, encoded_size, commandFd, success); + RLOGE("Not sending response type %d: encoded_size: %zu. commandFd: %d. encoded size result:\ + %d", hdr->type, encoded_size, commandFd, success); } pthread_mutex_unlock(&write_lock); diff --git a/libril/ril.cpp b/libril/ril.cpp old mode 100755 new mode 100644 index e1d30ea..d7744c0 --- a/libril/ril.cpp +++ b/libril/ril.cpp @@ -282,6 +282,7 @@ static void dispatchUiccSubscripton(Parcel &p, RequestInfo *pRI); static void dispatchSimAuthentication(Parcel &p, RequestInfo *pRI); static void dispatchDataProfile(Parcel &p, RequestInfo *pRI); static void dispatchRadioCapability(Parcel &p, RequestInfo *pRI); +static void dispatchCarrierRestrictions(Parcel &p, RequestInfo *pRI); static int responseInts(Parcel &p, void *response, size_t responselen); static int responseFailCause(Parcel &p, void *response, size_t responselen); static int responseStrings(Parcel &p, void *response, size_t responselen); @@ -314,6 +315,8 @@ static int responseSSData(Parcel &p, void *response, size_t responselen); static int responseLceStatus(Parcel &p, void *response, size_t responselen); static int responseLceData(Parcel &p, void *response, size_t responselen); static int responseActivityData(Parcel &p, void *response, size_t responselen); +static int responseCarrierRestrictions(Parcel &p, void *response, size_t responselen); +static int responsePcoData(Parcel &p, void *response, size_t responselen); static int decodeVoiceRadioTechnology (RIL_RadioState radioState); static int decodeCdmaSubscriptionSource (RIL_RadioState radioState); @@ -1329,7 +1332,7 @@ dispatchImsGsmSms(Parcel &p, RequestInfo *pRI, uint8_t retry, int32_t messageRef pStrings = NULL; datalen = 0; } else { - if (countStrings > (INT_MAX/sizeof(char *))) { + if ((size_t)countStrings > (INT_MAX/sizeof(char *))) { RLOGE("Invalid value of countStrings: \n"); closeRequest; return; @@ -2135,6 +2138,105 @@ invalid: return; } +/** + * Callee expects const RIL_CarrierRestrictions * + */ +static void dispatchCarrierRestrictions(Parcel &p, RequestInfo *pRI) { + RIL_CarrierRestrictions cr; + RIL_Carrier * allowed_carriers = NULL; + RIL_Carrier * excluded_carriers = NULL; + int32_t t; + status_t status; + + memset(&cr, 0, sizeof(RIL_CarrierRestrictions)); + + if (s_callbacks.version < 14) { + RLOGE("Unsuppoted RIL version %d, min version expected %d", + s_callbacks.version, 14); + RIL_onRequestComplete(pRI, RIL_E_REQUEST_NOT_SUPPORTED, NULL, 0); + return; + } + + status = p.readInt32(&t); + if (status != NO_ERROR) { + goto invalid; + } + allowed_carriers = (RIL_Carrier *)calloc(t, sizeof(RIL_Carrier)); + if (allowed_carriers == NULL) { + RLOGE("Memory allocation failed for request %s", requestToString(pRI->pCI->requestNumber)); + goto exit; + } + cr.len_allowed_carriers = t; + cr.allowed_carriers = allowed_carriers; + + status = p.readInt32(&t); + if (status != NO_ERROR) { + goto invalid; + } + excluded_carriers = (RIL_Carrier *)calloc(t, sizeof(RIL_Carrier)); + if (excluded_carriers == NULL) { + RLOGE("Memory allocation failed for request %s", requestToString(pRI->pCI->requestNumber)); + goto exit; + } + cr.len_excluded_carriers = t; + cr.excluded_carriers = excluded_carriers; + + startRequest; + appendPrintBuf("%s len_allowed_carriers:%d, len_excluded_carriers:%d,", + printBuf, cr.len_allowed_carriers, cr.len_excluded_carriers); + + appendPrintBuf("%s allowed_carriers:", printBuf); + for (int32_t i = 0; i < cr.len_allowed_carriers; i++) { + RIL_Carrier *p_cr = allowed_carriers + i; + p_cr->mcc = strdupReadString(p); + p_cr->mnc = strdupReadString(p); + status = p.readInt32(&t); + p_cr->match_type = static_cast(t); + if (status != NO_ERROR) { + goto invalid; + } + p_cr->match_data = strdupReadString(p); + appendPrintBuf("%s [%d mcc:%s, mnc:%s, match_type:%d, match_data:%s],", + printBuf, i, p_cr->mcc, p_cr->mnc, p_cr->match_type, p_cr->match_data); + } + + for (int32_t i = 0; i < cr.len_excluded_carriers; i++) { + RIL_Carrier *p_cr = excluded_carriers + i; + p_cr->mcc = strdupReadString(p); + p_cr->mnc = strdupReadString(p); + status = p.readInt32(&t); + p_cr->match_type = static_cast(t); + if (status != NO_ERROR) { + goto invalid; + } + p_cr->match_data = strdupReadString(p); + appendPrintBuf("%s [%d mcc:%s, mnc:%s, match_type:%d, match_data:%s],", + printBuf, i, p_cr->mcc, p_cr->mnc, p_cr->match_type, p_cr->match_data); + } + + closeRequest; + printRequest(pRI->token, pRI->pCI->requestNumber); + + CALL_ONREQUEST(pRI->pCI->requestNumber, + &cr, + sizeof(RIL_CarrierRestrictions), + pRI, pRI->socket_id); + + goto exit; + +invalid: + invalidCommandBlock(pRI); + RIL_onRequestComplete(pRI, RIL_E_INVALID_ARGUMENTS, NULL, 0); +exit: + if (allowed_carriers != NULL) { + free(allowed_carriers); + } + if (excluded_carriers != NULL) { + free(excluded_carriers); + } + return; +} + static int blockingWrite(int fd, const void *buffer, size_t len) { size_t writeOffset = 0; @@ -3883,8 +3985,8 @@ static int responseLceStatus(Parcel &p, void *response, size_t responselen) { RLOGE("invalid response: NULL"); } else { - RLOGE("responseLceStatus: invalid response length %d expecting len: d%", - sizeof(RIL_LceStatusInfo), responselen); + RLOGE("responseLceStatus: invalid response length %u expecting len: %u", + (unsigned)sizeof(RIL_LceStatusInfo), (unsigned)responselen); } return RIL_ERRNO_INVALID_RESPONSE; } @@ -3907,8 +4009,8 @@ static int responseLceData(Parcel &p, void *response, size_t responselen) { RLOGE("invalid response: NULL"); } else { - RLOGE("responseLceData: invalid response length %d expecting len: d%", - sizeof(RIL_LceDataInfo), responselen); + RLOGE("responseLceData: invalid response length %u expecting len: %u", + (unsigned)sizeof(RIL_LceDataInfo), (unsigned)responselen); } return RIL_ERRNO_INVALID_RESPONSE; } @@ -3936,8 +4038,8 @@ static int responseActivityData(Parcel &p, void *response, size_t responselen) { RLOGE("invalid response: NULL"); } else { - RLOGE("responseActivityData: invalid response length %d expecting len: d%", - sizeof(RIL_ActivityStatsInfo), responselen); + RLOGE("responseActivityData: invalid response length %u expecting len: %u", + (unsigned)sizeof(RIL_ActivityStatsInfo), (unsigned)responselen); } return RIL_ERRNO_INVALID_RESPONSE; } @@ -3961,6 +4063,78 @@ static int responseActivityData(Parcel &p, void *response, size_t responselen) { return 0; } +static int responseCarrierRestrictions(Parcel &p, void *response, size_t responselen) { + if (response == NULL) { + RLOGE("invalid response: NULL"); + return RIL_ERRNO_INVALID_RESPONSE; + } + if (responselen != sizeof(RIL_CarrierRestrictions)) { + RLOGE("responseCarrierRestrictions: invalid response length %u expecting len: %u", + (unsigned)responselen, (unsigned)sizeof(RIL_CarrierRestrictions)); + return RIL_ERRNO_INVALID_RESPONSE; + } + + RIL_CarrierRestrictions *p_cr = (RIL_CarrierRestrictions *)response; + startResponse; + + p.writeInt32(p_cr->len_allowed_carriers); + p.writeInt32(p_cr->len_excluded_carriers); + appendPrintBuf(" %s len_allowed_carriers: %d, len_excluded_carriers: %d,", printBuf, + p_cr->len_allowed_carriers,p_cr->len_excluded_carriers); + + appendPrintBuf(" %s allowed_carriers:", printBuf); + for(int32_t i = 0; i < p_cr->len_allowed_carriers; i++) { + RIL_Carrier *carrier = p_cr->allowed_carriers + i; + writeStringToParcel(p, carrier->mcc); + writeStringToParcel(p, carrier->mnc); + p.writeInt32(carrier->match_type); + writeStringToParcel(p, carrier->match_data); + appendPrintBuf(" %s [%d mcc: %s, mnc: %s, match_type: %d, match_data: %s],", printBuf, + i, carrier->mcc, carrier->mnc, carrier->match_type, carrier->match_data); + } + + appendPrintBuf(" %s excluded_carriers:", printBuf); + for(int32_t i = 0; i < p_cr->len_excluded_carriers; i++) { + RIL_Carrier *carrier = p_cr->excluded_carriers + i; + writeStringToParcel(p, carrier->mcc); + writeStringToParcel(p, carrier->mnc); + p.writeInt32(carrier->match_type); + writeStringToParcel(p, carrier->match_data); + appendPrintBuf(" %s [%d mcc: %s, mnc: %s, match_type: %d, match_data: %s],", printBuf, + i, carrier->mcc, carrier->mnc, carrier->match_type, carrier->match_data); + } + + closeResponse; + + return 0; +} + +static int responsePcoData(Parcel &p, void *response, size_t responselen) { + if (response == NULL) { + RLOGE("responsePcoData: invalid NULL response"); + return RIL_ERRNO_INVALID_RESPONSE; + } + if (responselen != sizeof(RIL_PCO_Data)) { + RLOGE("responsePcoData: invalid response length %u, expecting %u", + (unsigned)responselen, (unsigned)sizeof(RIL_PCO_Data)); + return RIL_ERRNO_INVALID_RESPONSE; + } + + RIL_PCO_Data *p_cur = (RIL_PCO_Data *)response; + p.writeInt32(p_cur->cid); + writeStringToParcel(p, p_cur->bearer_proto); + p.writeInt32(p_cur->pco_id); + p.writeInt32(p_cur->contents_length); + p.write(p_cur->contents, p_cur->contents_length); + + startResponse; + appendPrintBuf("PCO data received: cid %d, id %d, length %d", + p_cur->cid, p_cur->pco_id, p_cur->contents_length); + closeResponse; + + return 0; +} + /** * A write on the wakeup fd is done just to pop us out of select() * We empty the buffer here and then ril_event will reset the timers on the @@ -4107,7 +4281,7 @@ static void listenCallback (int fd, short flags, void *param) { int err; int is_phone_socket; int fdCommand = -1; - char* processName; + const char* processName; RecordStream *p_rs; MySocketListenParam* listenParam; RilSocket *sapSocket = NULL; @@ -4609,7 +4783,8 @@ RIL_register (const RIL_RadioFunctions *callbacks) { &s_commands_event, /* commands_event */ &s_listen_event, /* listen_event */ processCommandsCallback, /* processCommandsCallback */ - NULL /* p_rs */ + NULL, /* p_rs */ + RIL_TELEPHONY_SOCKET /* type */ }; #if (SIM_COUNT >= 2) @@ -4621,7 +4796,8 @@ RIL_register (const RIL_RadioFunctions *callbacks) { &s_commands_event_socket2, /* commands_event */ &s_listen_event_socket2, /* listen_event */ processCommandsCallback, /* processCommandsCallback */ - NULL /* p_rs */ + NULL, /* p_rs */ + RIL_TELEPHONY_SOCKET /* type */ }; #endif @@ -4634,7 +4810,8 @@ RIL_register (const RIL_RadioFunctions *callbacks) { &s_commands_event_socket3, /* commands_event */ &s_listen_event_socket3, /* listen_event */ processCommandsCallback, /* processCommandsCallback */ - NULL /* p_rs */ + NULL, /* p_rs */ + RIL_TELEPHONY_SOCKET /* type */ }; #endif @@ -4647,7 +4824,8 @@ RIL_register (const RIL_RadioFunctions *callbacks) { &s_commands_event_socket4, /* commands_event */ &s_listen_event_socket4, /* listen_event */ processCommandsCallback, /* processCommandsCallback */ - NULL /* p_rs */ + NULL, /* p_rs */ + RIL_TELEPHONY_SOCKET /* type */ }; #endif @@ -4750,6 +4928,8 @@ RIL_register_socket (RIL_RadioFunctions *(*Init)(const struct RIL_Env *, int, ch #if (SIM_COUNT >= 4) RilSapSocket::initSapSocket("sap_uim_socket4", UimFuncs); #endif + break; + default:; } } } @@ -5525,6 +5705,7 @@ requestToString(int request) { case RIL_REQUEST_QUERY_CLIP: return "QUERY_CLIP"; case RIL_REQUEST_LAST_DATA_CALL_FAIL_CAUSE: return "LAST_DATA_CALL_FAIL_CAUSE"; case RIL_REQUEST_DATA_CALL_LIST: return "DATA_CALL_LIST"; + case RIL_REQUEST_NV_RESET_CONFIG: return "NV_RESET_CONFIG"; case RIL_REQUEST_RESET_RADIO: return "RESET_RADIO"; case RIL_REQUEST_OEM_HOOK_RAW: return "OEM_HOOK_RAW"; case RIL_REQUEST_OEM_HOOK_STRINGS: return "OEM_HOOK_STRINGS"; @@ -5588,6 +5769,8 @@ requestToString(int request) { case RIL_REQUEST_GET_DC_RT_INFO: return "GET_DC_RT_INFO"; case RIL_REQUEST_SET_DC_RT_INFO_RATE: return "SET_DC_RT_INFO_RATE"; case RIL_REQUEST_SET_DATA_PROFILE: return "SET_DATA_PROFILE"; + case RIL_REQUEST_SET_CARRIER_RESTRICTIONS: return "SET_CARRIER_RESTRICTIONS"; + case RIL_REQUEST_GET_CARRIER_RESTRICTIONS: return "GET_CARRIER_RESTRICTIONS"; case RIL_UNSOL_RESPONSE_RADIO_STATE_CHANGED: return "UNSOL_RESPONSE_RADIO_STATE_CHANGED"; case RIL_UNSOL_RESPONSE_CALL_STATE_CHANGED: return "UNSOL_RESPONSE_CALL_STATE_CHANGED"; case RIL_UNSOL_RESPONSE_VOICE_NETWORK_STATE_CHANGED: return "UNSOL_RESPONSE_VOICE_NETWORK_STATE_CHANGED"; @@ -5633,6 +5816,7 @@ requestToString(int request) { case RIL_REQUEST_SHUTDOWN: return "SHUTDOWN"; case RIL_UNSOL_RADIO_CAPABILITY: return "RIL_UNSOL_RADIO_CAPABILITY"; case RIL_RESPONSE_ACKNOWLEDGEMENT: return "RIL_RESPONSE_ACKNOWLEDGEMENT"; + case RIL_UNSOL_PCO_DATA: return "RIL_UNSOL_PCO_DATA"; default: return ""; } } diff --git a/libril/ril_commands.h b/libril/ril_commands.h index 163aa46..8d02c39 100644 --- a/libril/ril_commands.h +++ b/libril/ril_commands.h @@ -150,3 +150,5 @@ {RIL_REQUEST_STOP_LCE, dispatchVoid, responseLceStatus}, {RIL_REQUEST_PULL_LCEDATA, dispatchVoid, responseLceData}, {RIL_REQUEST_GET_ACTIVITY_INFO, dispatchVoid, responseActivityData}, + {RIL_REQUEST_SET_CARRIER_RESTRICTIONS, dispatchCarrierRestrictions, responseInts}, + {RIL_REQUEST_GET_CARRIER_RESTRICTIONS, dispatchVoid, responseCarrierRestrictions}, diff --git a/libril/ril_unsol_commands.h b/libril/ril_unsol_commands.h index eb9e12d..11ae050 100755 --- a/libril/ril_unsol_commands.h +++ b/libril/ril_unsol_commands.h @@ -60,3 +60,4 @@ {RIL_UNSOL_ON_SS, responseSSData, WAKE_PARTIAL}, {RIL_UNSOL_STK_CC_ALPHA_NOTIFY, responseString, WAKE_PARTIAL}, {RIL_UNSOL_LCEDATA_RECV, responseLceData, WAKE_PARTIAL}, + {RIL_UNSOL_PCO_DATA, responsePcoData, WAKE_PARTIAL}, diff --git a/reference-ril/atchannel.c b/reference-ril/atchannel.c index 6124d88..2ef3a4c 100644 --- a/reference-ril/atchannel.c +++ b/reference-ril/atchannel.c @@ -422,7 +422,7 @@ static void onReaderClosed() } -static void *readerLoop(void *arg) +static void *readerLoop(void *arg __unused) { for (;;) { const char * line; diff --git a/reference-ril/reference-ril.c b/reference-ril/reference-ril.c index b9baef1..089100f 100644 --- a/reference-ril/reference-ril.c +++ b/reference-ril/reference-ril.c @@ -364,7 +364,7 @@ static void onSIMReady() at_send_command("AT+CNMI=1,2,2,1,1", NULL); } -static void requestRadioPower(void *data, size_t datalen, RIL_Token t) +static void requestRadioPower(void *data, size_t datalen __unused, RIL_Token t) { int onOff; @@ -1932,6 +1932,7 @@ static void requestGetCellInfoList(void *data __unused, size_t datalen __unused, { // ci[0] 1, // cellInfoType 1, // registered + RIL_TIMESTAMP_TYPE_MODEM, curTime - 1000, // Fake some time in the past { // union CellInfo { // RIL_CellInfoGsm gsm @@ -1940,7 +1941,6 @@ static void requestGetCellInfoList(void *data __unused, size_t datalen __unused, s_mnc, // mnc s_lac, // lac s_cid, // cid - 0 // psc }, { // gsm.signalStrengthGsm 10, // signalStrength @@ -1955,7 +1955,7 @@ static void requestGetCellInfoList(void *data __unused, size_t datalen __unused, } -static void requestSetCellInfoListRate(void *data, size_t datalen, RIL_Token t) +static void requestSetCellInfoListRate(void *data, size_t datalen __unused, RIL_Token t) { // For now we'll save the rate but no RIL_UNSOL_CELL_INFO_LIST messages // will be sent. @@ -3273,7 +3273,7 @@ static void setHardwareConfiguration(int num, RIL_HardwareConfig *cfg) RIL_onUnsolicitedResponse(RIL_UNSOL_HARDWARE_CONFIG_CHANGED, cfg, num*sizeof(*cfg)); } -static void usage(char *s) +static void usage(char *s __unused) { #ifdef RIL_SHLIB fprintf(stderr, "reference-ril requires: -p or -d /dev/tty_device\n"); diff --git a/rild/rild.c b/rild/rild.c index b32afe4..ce1adba 100644 --- a/rild/rild.c +++ b/rild/rild.c @@ -147,8 +147,8 @@ int main(int argc, char **argv) { char **rilArgv; void *dlHandle; const RIL_RadioFunctions *(*rilInit)(const struct RIL_Env *, int, char **); - const RIL_RadioFunctions *(*rilUimInit)(const struct RIL_Env *, int, char **); - char *err_str = NULL; + RIL_RadioFunctions *(*rilUimInit)(const struct RIL_Env *, int, char **); + const char *err_str = NULL; const RIL_RadioFunctions *funcs; char libPath[PROPERTY_VALUE_MAX]; @@ -207,21 +207,34 @@ int main(int argc, char **argv) { #define REFERENCE_RIL_PATH "libreference-ril.so" /* first, read /proc/cmdline into memory */ - char buffer[1024] = {'\0'}, *p, *q; + char buffer[2048] = {'\0'}, *p, *q; int len; + struct stat st; int fd = open("/proc/cmdline",O_RDONLY); if (fd < 0) { - RLOGD("could not open /proc/cmdline:%s", strerror(errno)); + RLOGE("could not open /proc/cmdline:%s", strerror(errno)); + goto OpenLib; + } + + if (fstat(fd, &st)) { + RLOGE("fstat error: %s", strerror(errno)); + close(fd); + goto OpenLib; + } + + if ((unsigned long)st.st_size > sizeof(buffer) - 1) { + RLOGE("Size of /proc/cmdline exceeds buffer"); + close(fd); goto OpenLib; } do { - len = read(fd,buffer,sizeof(buffer)); } + len = read(fd,buffer,sizeof(buffer) - 1); } while (len == -1 && errno == EINTR); if (len < 0) { - RLOGD("could not read /proc/cmdline:%s", strerror(errno)); + RLOGE("could not read /proc/cmdline:%s", strerror(errno)); close(fd); goto OpenLib; } @@ -326,7 +339,7 @@ OpenLib: dlerror(); // Clear any previous dlerror rilUimInit = - (const RIL_RadioFunctions *(*)(const struct RIL_Env *, int, char **)) + (RIL_RadioFunctions *(*)(const struct RIL_Env *, int, char **)) dlsym(dlHandle, "RIL_SAP_Init"); err_str = dlerror(); if (err_str) {