Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_native / eab2afc7ac5183750a23693ecee89dad7f7abf5f^! / . / libs / binder / Parcel.cpp
commiteab2afc7ac5183750a23693ecee89dad7f7abf5f[log] [tgz]
authorMark Salyzyn <salyzyn@google.com>Wed Jan 27 08:02:48 2016 -0800
committerMark Salyzyn <salyzyn@google.com>Wed Jan 27 10:05:06 2016 -0800
treeb0bbd21d79e29ab2aec643d6216b60720a3d52a0
parentacca0abaf15318a6a260addd78566383bd4110a5 [diff] [blame]
system_server BINDER_TYPE_FD sockets using ashmem accessors

check if device is a character device, before calling
ashmem_get_size_region. We do not check if the st_rdev
matches /dev/ashmem. So this at least eliminates making
this call when associated with a socket.

Bug: 26374183
Change-Id: I68ed9d1c2cd4c47228ed065e3e18eb4151f038f4

diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp
index 9ca3c06..3acd869 100644
--- a/libs/binder/Parcel.cpp
+++ b/libs/binder/Parcel.cpp

@@ -23,6 +23,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <sys/mman.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
 
 #include <binder/Binder.h>
 #include <binder/BpBinder.h>
@@ -120,8 +123,10 @@
             return;
         }
         case BINDER_TYPE_FD: {
-            if (obj.cookie != 0) {
-                if (outAshmemSize != NULL) {
+            if ((obj.cookie != 0) && (outAshmemSize != NULL)) {
+                struct stat st;
+                int ret = fstat(obj.handle, &st);
+                if (!ret && S_ISCHR(st.st_mode)) {
                     // If we own an ashmem fd, keep track of how much memory it refers to.
                     int size = ashmem_get_size_region(obj.handle);
                     if (size > 0) {
@@ -172,9 +177,13 @@
         case BINDER_TYPE_FD: {
             if (obj.cookie != 0) { // owned
                 if (outAshmemSize != NULL) {
-                    int size = ashmem_get_size_region(obj.handle);
-                    if (size > 0) {
-                        *outAshmemSize -= size;
+                    struct stat st;
+                    int ret = fstat(obj.handle, &st);
+                    if (!ret && S_ISCHR(st.st_mode)) {
+                        int size = ashmem_get_size_region(obj.handle);
+                        if (size > 0) {
+                            *outAshmemSize -= size;
+                        }
                     }
                 }