Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b6de5cac authored by Dianne Hackborn's avatar Dianne Hackborn Committed by Android Git Automerger
Browse files

am d10035d5: Merge "Some hardening of isolated processes by restricting access to services." 

* commit 'd10035d52bcd4eed9f83cad580d606cd522dd6c7':
  Some hardening of isolated processes by restricting access to services.
parents fbf4dd13 98799fc4

cmds/surfaceflinger/main_surfaceflinger.cpp

+1 −1
Original line number Diff line number Diff line
@@ -20,6 +20,6 @@ 
using namespace android;



int main(int argc, char** argv) {

    SurfaceFlinger::publishAndJoinThreadPool();

    SurfaceFlinger::publishAndJoinThreadPool(true);

    return 0;

}

include/binder/BinderService.h

+4 −4
Original line number Diff line number Diff line
@@ -34,15 +34,15 @@ template<typename SERVICE> 
class BinderService

{

public:

    static status_t publish() {

    static status_t publish(bool allowIsolated = false) {

        sp<IServiceManager> sm(defaultServiceManager());

        return sm->addService(String16(SERVICE::getServiceName()), new SERVICE());

        return sm->addService(String16(SERVICE::getServiceName()), new SERVICE(), allowIsolated);

    }



    static void publishAndJoinThreadPool() {

    static void publishAndJoinThreadPool(bool allowIsolated = false) {

        sp<ProcessState> proc(ProcessState::self());

        sp<IServiceManager> sm(defaultServiceManager());

        sm->addService(String16(SERVICE::getServiceName()), new SERVICE());

        sm->addService(String16(SERVICE::getServiceName()), new SERVICE(), allowIsolated);

        ProcessState::self()->startThreadPool();

        IPCThreadState::self()->joinThreadPool();

    }

include/binder/IServiceManager.h

+2 −1
Original line number Diff line number Diff line
@@ -47,7 +47,8 @@ public: 
     * Register a service.

     */

    virtual status_t            addService( const String16& name,

                                            const sp<IBinder>& service) = 0;

                                            const sp<IBinder>& service,

                                            bool allowIsolated = false) = 0;



    /**

     * Return list of all existing services.

libs/binder/IServiceManager.cpp

+3 −1
Original line number Diff line number Diff line
@@ -151,12 +151,14 @@ public: 
        return reply.readStrongBinder();

    }



    virtual status_t addService(const String16& name, const sp<IBinder>& service)

    virtual status_t addService(const String16& name, const sp<IBinder>& service,

            bool allowIsolated)

    {

        Parcel data, reply;

        data.writeInterfaceToken(IServiceManager::getInterfaceDescriptor());

        data.writeString16(name);

        data.writeStrongBinder(service);

        data.writeInt32(allowIsolated ? 1 : 0);

        status_t err = remote()->transact(ADD_SERVICE_TRANSACTION, data, &reply);

        return err == NO_ERROR ? reply.readExceptionCode() : err;

    }