Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fe0cd263 authored by Varun Shah's avatar Varun Shah Committed by Kevin Haggerty
Browse files

RESTRICT AUTOMERGE Ensure caller identity is restored in CP quick-path. 

Bug: 172935267
Test: PoC in bug
Change-Id: I469bde7d0a0f89c94f1234cf40983395048962e2
(cherry picked from commit 79062d79)
parent 5cc8255a

services/core/java/com/android/server/am/ActivityManagerService.java

+57 −56
Original line number Diff line number Diff line
@@ -10972,10 +10972,10 @@ public final class ActivityManagerService extends ActivityManagerNative 














                final long origId = Binder.clearCallingIdentity();



























                try {















                    checkTime(startTime, "getContentProviderImpl: incProviderCountLocked");



























                // In this case the provider instance already exists, so we can













                // return it right away.













                    // Return the provider instance right away since it already exists.















                    conn = incProviderCountLocked(r, cpr, token, stable);















                    if (conn != null && (conn.stableCount+conn.unstableCount) == 1) {















                        if (cpr.proc != null && r.setAdj <= ProcessList.PERCEPTIBLE_APP_ADJ) {









@@ -10988,7 +10988,6 @@ public final class ActivityManagerService extends ActivityManagerNative













                            checkTime(startTime, "getContentProviderImpl: after updateLruProcess");















                        }















                    }



























                    checkTime(startTime, "getContentProviderImpl: before updateOomAdj");















                    final int verifiedAdj = cpr.proc.verifiedAdj;















                    boolean success = updateOomAdjLocked(cpr.proc);









@@ -10997,7 +10996,8 @@ public final class ActivityManagerService extends ActivityManagerNative













                    // it, we will check whether the process still exists.  Note that this doesn't















                    // completely get rid of races with LMK killing the process, but should make















                    // them much smaller.













                if (success && verifiedAdj != cpr.proc.setAdj && !isProcessAliveLocked(cpr.proc)) {













                    if (success && verifiedAdj != cpr.proc.setAdj













                            && !isProcessAliveLocked(cpr.proc)) {















                        success = false;















                    }















                    maybeUpdateProviderUsageStatsLocked(r, cpr.info.packageName, name);









@@ -11007,7 +11007,7 @@ public final class ActivityManagerService extends ActivityManagerNative













                    // pending on the process even though we managed to update its















                    // adj level.  Not sure what to do about this, but at least















                    // the race is now smaller.













                if (!success || cpr.proc.killedByAm) {













                    if (!success) {















                        // Uh oh...  it looks like the provider's process















                        // has been killed on us.  We need to wait for a new















                        // process to be started, and make sure its death









@@ -11028,9 +11028,10 @@ public final class ActivityManagerService extends ActivityManagerNative













                    } else {















                        cpr.proc.verifiedAdj = cpr.proc.setAdj;















                    }

























                } finally {















                    Binder.restoreCallingIdentity(origId);















                }













            }





























            if (!providerRunning) {















                try {