Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_native / 8e5f3b455afd2783788a6c68fbed37ce1ea36952^! / . / libs / binder / IPCThreadState.cpp
commit8e5f3b455afd2783788a6c68fbed37ce1ea36952[log] [tgz]
authorSteven Moreland <smoreland@google.com>Fri May 14 02:39:59 2021 +0000
committerSteven Moreland <smoreland@google.com>Fri May 14 03:22:55 2021 +0000
tree018527b00e6312efad649ec16cd2948b8619124b
parentc3229abcc72519b381e40fd9223df333f67d6779 [diff] [blame]
libbinder: introduce guards for getCalling*

Rein in the context! These "global" functions make sense sometimes, and
sometimes they make NO sense. Specifically, if you're going to make a
binder RPC call, you shouldn't be relying on getCalling* (silly!).

This is added as a generic mechanism in order that it might see more
use.

Bug: 186647790
Test: binderLibTest

Change-Id: I2145ad0e7dc44d257c25098160ad65086fa8cf21

diff --git a/libs/binder/IPCThreadState.cpp b/libs/binder/IPCThreadState.cpp
index ef7fd44..18b77e6 100644
--- a/libs/binder/IPCThreadState.cpp
+++ b/libs/binder/IPCThreadState.cpp

@@ -366,19 +366,45 @@
 
 pid_t IPCThreadState::getCallingPid() const
 {
+    checkContextIsBinderForUse(__func__);
     return mCallingPid;
 }
 
 const char* IPCThreadState::getCallingSid() const
 {
+    checkContextIsBinderForUse(__func__);
     return mCallingSid;
 }
 
 uid_t IPCThreadState::getCallingUid() const
 {
+    checkContextIsBinderForUse(__func__);
     return mCallingUid;
 }
 
+IPCThreadState::SpGuard* IPCThreadState::pushGetCallingSpGuard(SpGuard* guard) {
+    SpGuard* orig = mServingStackPointerGuard;
+    mServingStackPointerGuard = guard;
+    return orig;
+}
+
+void IPCThreadState::restoreGetCallingSpGuard(SpGuard* guard) {
+    mServingStackPointerGuard = guard;
+}
+
+void IPCThreadState::checkContextIsBinderForUse(const char* use) const {
+    if (mServingStackPointerGuard == nullptr) return;
+
+    if (!mServingStackPointer || mServingStackPointerGuard < mServingStackPointer) {
+        LOG_ALWAYS_FATAL("In context %s, %s does not make sense.",
+                         mServingStackPointerGuard->context, use);
+    }
+
+    // in the case mServingStackPointer is deeper in the stack than the guard,
+    // we must be serving a binder transaction (maybe nested). This is a binder
+    // context, so we don't abort
+}
+
 int64_t IPCThreadState::clearCallingIdentity()
 {
     // ignore mCallingSid for legacy reasons
@@ -847,15 +873,15 @@
 }
 
 IPCThreadState::IPCThreadState()
-    : mProcess(ProcessState::self()),
-      mServingStackPointer(nullptr),
-      mWorkSource(kUnsetWorkSource),
-      mPropagateWorkSource(false),
-      mIsLooper(false),
-      mStrictModePolicy(0),
-      mLastTransactionBinderFlags(0),
-      mCallRestriction(mProcess->mCallRestriction)
-{
+      : mProcess(ProcessState::self()),
+        mServingStackPointer(nullptr),
+        mServingStackPointerGuard(nullptr),
+        mWorkSource(kUnsetWorkSource),
+        mPropagateWorkSource(false),
+        mIsLooper(false),
+        mStrictModePolicy(0),
+        mLastTransactionBinderFlags(0),
+        mCallRestriction(mProcess->mCallRestriction) {
     pthread_setspecific(gTLS, this);
     clearCaller();
     mIn.setDataCapacity(256);