Difference between revisions of "Services"

From 3dbrew
Jump to navigation Jump to search
(Fill in a command header)
(fix notif 0x10C)
(44 intermediate revisions by 11 users not shown)
Line 1: Line 1:
Services are an abstraction of ports and are the commonly used way of inter-process communication outside of the kernel. While handles of regular ports are retrieved from [[SVC]](svcConnectToPort), service handles are retrieved through the port ''srv:'' ("service manager").
+
Services are an abstraction of ports and are the commonly used way of inter-process communication outside of the kernel. While handles of regular ports are retrieved from [[SVC|svcConnectToPort]], service handles are retrieved through the port ''srv:'' ("service manager").
  
Processes with PID less than or equal to the number of NATIVE_FIRM built-in modules (fs, sm, pm, pxi, ldr) have access to all services.
+
When a service is registered, [[SVC|svcCreatePort]] is used without a port-name. This means that the port is inaccessible via the port SVCs outside of sm-module. See below for getting a session handle for sending commands to services.
 +
 
 +
Processes with PID less than or equal to the number of NATIVE_FIRM built-in modules (fs, sm, pm, pxi, ldr) have access to all services. This value is obtained from [[SVC|svcGetSystemInfo]]. Other processes are limited to access services listed in their [[NCCH/Extended_Header#ARM11_Local_System_Capabilities|service access control list]], as passed to [[SRVPM:RegisterProcess]].
 +
 
 +
Attempting to use [[SRV:GetServiceHandle|GetServiceHandle]] with a service that the process has access to when that service isn't registered will block until it is registered.
  
 
==Service Manager Port "srv:"==
 
==Service Manager Port "srv:"==
Line 10: Line 14:
 
|-
 
|-
 
| 0x00010002
 
| 0x00010002
| Initialize
+
| [[SRV:RegisterClient|RegisterClient]]
 
|-
 
|-
 
| 0x00020000
 
| 0x00020000
| GetProcSemaphore (the handle from this gets signaled when notifications for this process gets triggered)
+
| [[SRV:EnableNotification|EnableNotification]]
 
|-
 
|-
 
| 0x00030100
 
| 0x00030100
| RegisterService (8-byte servicename, u32 strlen, u32 flags?)
+
| [[SRV:RegisterService|RegisterService]]
 
|-
 
|-
 
| 0x000400C0
 
| 0x000400C0
| UnregisterService (8-byte servicename, u32 strlen)
+
| [[SRV:UnregisterService|UnregisterService]]
 
|-
 
|-
 
| 0x00050100
 
| 0x00050100
| GetServiceHandle (8-byte servicename, u32 strlen, u32 flags?)
+
| [[SRV:GetServiceHandle|GetServiceHandle]]
 
|-
 
|-
| 0x000600c2
+
| 0x000600C2
| RegisterHandle? (8-byte servicename, u32 strlen, Handle h)
+
| [[SRV:RegisterPort|RegisterPort]]
 
|-
 
|-
| 0x0007....
+
| 0x000700C0
| UnregisterHandle? (8-byte servicename, u32 strlen)
+
| [[SRV:UnregisterPort|UnregisterPort]]
 
|-
 
|-
| 0x0008....
+
| 0x00080100
| IsHandlePresent (8-byte servicename, u32 strlen,u32 flags) if flag is set it returns the handle?
+
| [[SRV:GetPort|GetPort]]
 
|-
 
|-
 
| 0x00090040
 
| 0x00090040
| Subscribe () This enables the specified notificationID for the current process.
+
| [[SRV:Subscribe|Subscribe]]
 
|-
 
|-
 
| 0x000A0040
 
| 0x000A0040
| This disables the specified notificationID for the current process (u32 ID)
+
| [[SRV:Unsubscribe|Unsubscribe]]
 
|-
 
|-
 
| 0x000B0000
 
| 0x000B0000
| ReceiveNotification This returns the notificationID which was triggered, if any(see GetProcSemaphore).
+
| [[SRV:ReceiveNotification|ReceiveNotification]]
 
|-
 
|-
 
| 0x000C0080
 
| 0x000C0080
| PublishToSubscriber(u32 ID,u32 flag) This can fire notificationID (Bit(0) only fire if not already fired, Bit(1) = return error if error happens, else it always returns 0)
+
| [[SRV:PublishToSubscriber|PublishToSubscriber]]
 
|-
 
|-
| 0x000D....
+
| 0x000D0040
| This can fire notificationIDs and return the number of fired notificationID
+
| [[SRV:PublishAndGetSubscriber|PublishAndGetSubscriber]]
 
|-
 
|-
| 0x000E....
+
| 0x000E00C0
| returns 1 if the service is registered. 0 if not (8-byte servicename, u32 strlen)
+
| [[SRV:IsServiceRegistered|IsServiceRegistered]]
 
|}
 
|}
  
==Service Manager Process-Manager Port "srv:pm"==
+
It appears these "port" commands can be used for transferring arbitrary handles, however [[SRV:GetPort|GetPort]] still uses the same service-access-control validation as [[SRV:GetServiceHandle|GetServiceHandle]]. Despite this fact, it appears that a "port" and a service with the same name can coexist independently.
 +
 
 +
==Service Manager Process-Manager Port/Service "srv:pm"==
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
!  Command Header, prior to [[7.0.0-13]]
+
!  Command Header (port), prior to [[7.0.0-13]]
 +
!  Command Header (service), post [[7.0.0-13]]
 
!  Description
 
!  Description
 +
|-
 +
| 0x04010042
 +
| 0x00010042
 +
| [[SRVPM:PublishToProcess|PublishToProcess]]
 +
|-
 +
| 0x04020040
 +
| 0x00020040
 +
| [[SRVPM:PublishToAll|PublishToAll]]
 
|-
 
|-
 
| 0x04030082
 
| 0x04030082
| RegisterProcess (u32 procid, u32 wordsz, <nowiki>((wordsz<<16) | 2)</nowiki>, serviceaccesscontrol*).
+
| 0x00030082
 +
| [[SRVPM:RegisterProcess|RegisterProcess]]
 
|-
 
|-
 
| 0x04040040
 
| 0x04040040
| UnregisterProcess (u32 procid).
+
| 0x00040040
 +
| [[SRVPM:UnregisterProcess|UnregisterProcess]]
 
|}
 
|}
 
The Register command registers a process with the service-manager, which includes registering the serviceaccesscontrol for the process which normally originates from the [[NCCH/Extended_Header|exheader]].
 
  
 
Prior to to [[7.0.0-13]], the commands listed for "srv:" were also accessible under this port with the same command-headers. Starting with [[7.0.0-13]], the "srv:pm" port was changed to a service. With this change, commandIDs for these commands were changed. "srv:pm" was originally vulnerable, this was fixed with [[7.0.0-13]], see [[3DS_exploits|here]]. Originally any process could use "srv:pm", however starting with [[7.0.0-13]] only the built-in NATIVE_FIRM sysmodules have access to it. The only system title which uses "srv:pm" is the [[Process_Manager_Services|Process Manager]].
 
Prior to to [[7.0.0-13]], the commands listed for "srv:" were also accessible under this port with the same command-headers. Starting with [[7.0.0-13]], the "srv:pm" port was changed to a service. With this change, commandIDs for these commands were changed. "srv:pm" was originally vulnerable, this was fixed with [[7.0.0-13]], see [[3DS_exploits|here]]. Originally any process could use "srv:pm", however starting with [[7.0.0-13]] only the built-in NATIVE_FIRM sysmodules have access to it. The only system title which uses "srv:pm" is the [[Process_Manager_Services|Process Manager]].
Line 76: Line 91:
 
|-
 
|-
 
| 0x100
 
| 0x100
| This indicates that all processes must terminate: power-off, reboot, or [[FIRM]]-launch.
+
| This indicates that the recipient must terminate. Does not require subscription.
 +
|-
 +
| 0x101
 +
| Signaled to NS on sleep mode entry.
 +
|-
 +
| 0x103
 +
| Fired on sleep mode entry, subscribed to by NS, CSND, NWM, AC and NIM.
 +
|-
 +
| 0x104
 +
| This indicates that the system is entering sleep mode. (PTM:NotifySleepPreparationComplete needed for this and the following?)
 +
|-
 +
| 0x105
 +
| This indicates that the system has exited sleep mode.
 +
|-
 +
| 0x106
 +
| Fired after sleep mode exit, subscribed to by NS, MIC, AC, NEWS, CECD and BOSS.
 +
|-
 +
| 0x107
 +
| Unknown. Subscribed to by CECD module.
 
|-
 
|-
 
| 0x108
 
| 0x108
 
| error at boot?
 
| error at boot?
 +
|-
 +
| 0x109
 +
| ? (Subscribed to by GSP)
 +
|-
 +
| 0x10C
 +
| Sent by PM after it starts a regular application.
 +
|-
 +
| 0x110-0x11F
 +
| Sent to NS on application exit. See [[PMApp:LaunchTitle#Launch_Flags|PM launch flags]].
 +
|-
 +
| 0x179
 +
| Unknown.
 +
|-
 +
| 0x200
 +
| Signaled just before sleep mode is exited from, subscribed to by NS.
 +
|-
 +
| 0x202
 +
| POWER button pressed
 +
|-
 +
| 0x203
 +
| POWER button held long
 
|-
 
|-
 
| 0x204
 
| 0x204
| This indicates that the HOME button was pressed.
+
| HOME button pressed
 +
|-
 +
| 0x205
 +
| HOME button released
 +
|-
 +
| 0x206
 +
| This is signaled by [[NWMEXT:ControlWirelessEnabled]] and when the physical Wi-Fi slider is enabled
 +
|-
 +
| 0x207
 +
| SD card inserted
 +
|-
 +
| 0x208
 +
| Game cartridge inserted
 +
|-
 +
| 0x209
 +
| SD card removed
 +
|-
 +
| 0x20A
 +
| Game cartridge removed
 +
|-
 +
| 0x211
 +
| Battery Related? (Published by PTM module)
 +
|-
 +
| 0x212
 +
| Battery Related? (Published by PTM module)
 +
|-
 +
| 0x20B
 +
| Game cartridge inserted or removed
 +
|-
 +
| 0x20C
 +
| mcu-module publishes this on a (fatal) hardware condition?, ptm throws fatal error F960D407 in receipt of this
 +
|-
 +
| 0x20D
 +
| Charger plugged out
 +
|-
 +
| 0x20E
 +
| Charger plugged in
 +
|-
 +
| 0x213
 +
| Signaled after exiting sleep mode and early during system boot. Subscribed to by CODEC, HID, GSP, CAMERA, MIC, NDM and PTM. GSP powers LCD on in receipt to this, etc.
 +
|-
 +
| 0x214
 +
| Signaled before entering sleep mode. Subscribed to by CODEC, HID, GSP, CAMERA, MIC, NDM and PTM. GSP shutdowns LCD in receipt to this, etc.
 +
|-
 +
| 0x300
 +
| Signaled after sleep mode exit and during system boot, subscribed to by NDM.
 +
|-
 +
| 0x301
 +
| Signaled just before sleep mode is exited from, subscribed to by FRIENDS and NDM.
 +
|-
 +
| 0x302
 +
| Unknown. Signaled by nwm/AC module.
 +
|-
 +
| 0x303
 +
| Unknown. Subscribed to by CECD module.
 +
|-
 +
| 0x304
 +
| Unknown. Subscribed to by CECD module.
 
|}
 
|}

Revision as of 14:34, 20 March 2019

Services are an abstraction of ports and are the commonly used way of inter-process communication outside of the kernel. While handles of regular ports are retrieved from svcConnectToPort, service handles are retrieved through the port srv: ("service manager").

When a service is registered, svcCreatePort is used without a port-name. This means that the port is inaccessible via the port SVCs outside of sm-module. See below for getting a session handle for sending commands to services.

Processes with PID less than or equal to the number of NATIVE_FIRM built-in modules (fs, sm, pm, pxi, ldr) have access to all services. This value is obtained from svcGetSystemInfo. Other processes are limited to access services listed in their service access control list, as passed to SRVPM:RegisterProcess.

Attempting to use GetServiceHandle with a service that the process has access to when that service isn't registered will block until it is registered.

Service Manager Port "srv:"

Command Header Description
0x00010002 RegisterClient
0x00020000 EnableNotification
0x00030100 RegisterService
0x000400C0 UnregisterService
0x00050100 GetServiceHandle
0x000600C2 RegisterPort
0x000700C0 UnregisterPort
0x00080100 GetPort
0x00090040 Subscribe
0x000A0040 Unsubscribe
0x000B0000 ReceiveNotification
0x000C0080 PublishToSubscriber
0x000D0040 PublishAndGetSubscriber
0x000E00C0 IsServiceRegistered

It appears these "port" commands can be used for transferring arbitrary handles, however GetPort still uses the same service-access-control validation as GetServiceHandle. Despite this fact, it appears that a "port" and a service with the same name can coexist independently.

Service Manager Process-Manager Port/Service "srv:pm"

Command Header (port), prior to 7.0.0-13 Command Header (service), post 7.0.0-13 Description
0x04010042 0x00010042 PublishToProcess
0x04020040 0x00020040 PublishToAll
0x04030082 0x00030082 RegisterProcess
0x04040040 0x00040040 UnregisterProcess

Prior to to 7.0.0-13, the commands listed for "srv:" were also accessible under this port with the same command-headers. Starting with 7.0.0-13, the "srv:pm" port was changed to a service. With this change, commandIDs for these commands were changed. "srv:pm" was originally vulnerable, this was fixed with 7.0.0-13, see here. Originally any process could use "srv:pm", however starting with 7.0.0-13 only the built-in NATIVE_FIRM sysmodules have access to it. The only system title which uses "srv:pm" is the Process Manager.

Notifications

ID Description
0x100 This indicates that the recipient must terminate. Does not require subscription.
0x101 Signaled to NS on sleep mode entry.
0x103 Fired on sleep mode entry, subscribed to by NS, CSND, NWM, AC and NIM.
0x104 This indicates that the system is entering sleep mode. (PTM:NotifySleepPreparationComplete needed for this and the following?)
0x105 This indicates that the system has exited sleep mode.
0x106 Fired after sleep mode exit, subscribed to by NS, MIC, AC, NEWS, CECD and BOSS.
0x107 Unknown. Subscribed to by CECD module.
0x108 error at boot?
0x109 ? (Subscribed to by GSP)
0x10C Sent by PM after it starts a regular application.
0x110-0x11F Sent to NS on application exit. See PM launch flags.
0x179 Unknown.
0x200 Signaled just before sleep mode is exited from, subscribed to by NS.
0x202 POWER button pressed
0x203 POWER button held long
0x204 HOME button pressed
0x205 HOME button released
0x206 This is signaled by NWMEXT:ControlWirelessEnabled and when the physical Wi-Fi slider is enabled
0x207 SD card inserted
0x208 Game cartridge inserted
0x209 SD card removed
0x20A Game cartridge removed
0x211 Battery Related? (Published by PTM module)
0x212 Battery Related? (Published by PTM module)
0x20B Game cartridge inserted or removed
0x20C mcu-module publishes this on a (fatal) hardware condition?, ptm throws fatal error F960D407 in receipt of this
0x20D Charger plugged out
0x20E Charger plugged in
0x213 Signaled after exiting sleep mode and early during system boot. Subscribed to by CODEC, HID, GSP, CAMERA, MIC, NDM and PTM. GSP powers LCD on in receipt to this, etc.
0x214 Signaled before entering sleep mode. Subscribed to by CODEC, HID, GSP, CAMERA, MIC, NDM and PTM. GSP shutdowns LCD in receipt to this, etc.
0x300 Signaled after sleep mode exit and during system boot, subscribed to by NDM.
0x301 Signaled just before sleep mode is exited from, subscribed to by FRIENDS and NDM.
0x302 Unknown. Signaled by nwm/AC module.
0x303 Unknown. Subscribed to by CECD module.
0x304 Unknown. Subscribed to by CECD module.