Hello,

I'm actually one of the main binder userspace maintainers in my day job there (opinions are my own), and I haven't heard about this. Do you have a reference? What has happened is that there is a userspace shim over libbinder called libbinder_rs which provides Rust support for binder, but AFAIK, the kernel driver and main userspace lib is remaining in C++. Still, would be cool.

Your Friend, Steven Moreland

Hi! Not a Google employee, but I'm volunteering on the Rust-for-Linux project which is bringing Rust bindings to the upstream linux kernel. A Google engineer is working on porting binder to Rust and is contributing as he implements it. See his comments here[0] and here[1].

[0] https://github.com/Rust-for-Linux/linux/pull/145 [1] https://github.com/Rust-for-Linux/linux/pull/130

Outch! Thanks for the refs.

Thanks! I searched for this rewritten version and couldn't find anything.

Now we need safer NDK APIs, even C++ bindings would be better than nothing.

Additionally exposing some NDK only APIs to ART would also be welcomed from security point of view.

And since we are at it, support Rust on the NDK LLVM toolchain.

This is a big f'n deal for Android, IMHO

In the "big deal" sense, i'm always curious in what way. Eg is it a source of constant problems? Where not only a rewrite, but specifically a rewrite in Rust, would prevent a lot of issues?

Or is it more of a "What if" thing? Ie there's not many problems currently, but the liability is a huge deal?

to be clear i work in Rust, use it for all my projects, etc - i'm a fanboy, but i also recognize there's a lot of hype. I'm always keeping an eye out for the Rewrite It In Rust (RIIR?) meme vs actual needs.

Which isn't to say that i think people _need_ to have a reason to use Rust, i use it for everything because i (and my team) prefer it - but i think the meme is destructive.. so i'm always looking for it heh.

Binder has been the source of a number of Android security vulnerabilities.