Fix potential use-after-free bug in reboot Instead of operating on raw pointers, init now uses name of the services as it's primary identifier. Only place that still uses vector<Service*> is StopServices. In addition, ServiceList::services() function is removed, which should help avoiding similar bugs in the future. Bug: 170315126 Bug: 174335499 Test: adb reboot Test: atest CtsInitTestCases Change-Id: I73ecd7a8c58c2ec3732934c595b7f7db814b7034 Ignore-AOSP-First: fixing security vulnerability

commit: 8d6ae2dd8aebfd98e5b0968062b2f0c92fa0b0da [log] [tgz]
author: Nikita Ioffe <ioffe@google.com> Fri Nov 27 18:57:44 2020 +0000
committer: Nikita Ioffe <ioffe@google.com> Wed Dec 02 11:14:07 2020 +0000
tree: 0332457fab777ae0fd4a8cc8e0e2caeee3250c60
parent: c57f61ab23f2c3a57ff31cc6b611bc5a6a8de641 [diff] [blame]
diff --git a/init/lmkd_service.cpp b/init/lmkd_service.cpp
index dd1ab4d..c982925 100644
--- a/init/lmkd_service.cpp
+++ b/init/lmkd_service.cpp

@@ -79,7 +79,7 @@
 }
 
 static void RegisterServices(pid_t exclude_pid) {
-    for (const auto& service : ServiceList::GetInstance().services()) {
+    for (const auto& service : ServiceList::GetInstance()) {
         auto svc = service.get();
         if (svc->oom_score_adjust() != DEFAULT_OOM_SCORE_ADJUST) {
             // skip if process is excluded or not yet forked (pid==0)
commit	8d6ae2dd8aebfd98e5b0968062b2f0c92fa0b0da	[log] [tgz]
author	Nikita Ioffe <ioffe@google.com>	Fri Nov 27 18:57:44 2020 +0000
committer	Nikita Ioffe <ioffe@google.com>	Wed Dec 02 11:14:07 2020 +0000
tree	0332457fab777ae0fd4a8cc8e0e2caeee3250c60
parent	c57f61ab23f2c3a57ff31cc6b611bc5a6a8de641 [diff] [blame]