Lookup layer handle when registering region sampling listener We must do this in order to prevent clients from providing a bogus handle when registering a region sampling listener. Fortunately, this particular path required a permissions check so it cannot be accessed from arbitrary apps on unrooted devices. But, we should not allow this type of memory corruption to be reachable by the system. Bug: 153467444 Test: libgui_test Test: Repro steps in the bug no longer reproduce Change-Id: I883506798574dfd0688371fdb6305cfad9d153fc

commit: 9a02eda8d5f95d754aa908e66089750183355511 [log] [tgz]
author: Alec Mouri <alecmouri@google.com> Tue Apr 21 17:39:34 2020 -0700
committer: Alec Mouri <alecmouri@google.com> Wed Apr 22 11:24:30 2020 -0700
tree: 97ebeea93991e0132e090c5fddd45fae92967989
parent: 9bb4cfb009f1317605e8ff090e0ce930e15d4d40 [diff] [blame]
diff --git a/services/surfaceflinger/tests/unittests/TransactionApplicationTest.cpp b/services/surfaceflinger/tests/unittests/TransactionApplicationTest.cpp
index f1739e5..65de48c 100644
--- a/services/surfaceflinger/tests/unittests/TransactionApplicationTest.cpp
+++ b/services/surfaceflinger/tests/unittests/TransactionApplicationTest.cpp

@@ -322,7 +322,7 @@
 TEST_F(TransactionApplicationTest, FromHandle) {
     sp<IBinder> badHandle;
     auto ret = mFlinger.fromHandle(badHandle);
-    EXPECT_EQ(nullptr, ret.get());
+    EXPECT_EQ(nullptr, ret.promote().get());
 }
 } // namespace android
commit	9a02eda8d5f95d754aa908e66089750183355511	[log] [tgz]
author	Alec Mouri <alecmouri@google.com>	Tue Apr 21 17:39:34 2020 -0700
committer	Alec Mouri <alecmouri@google.com>	Wed Apr 22 11:24:30 2020 -0700
tree	97ebeea93991e0132e090c5fddd45fae92967989
parent	9bb4cfb009f1317605e8ff090e0ce930e15d4d40 [diff] [blame]