audiohal: Fix UAF of HAL devices in Stream objects

    }

}

void Device::closeInputStream(audio_stream_in_t* stream) {

    mDevice->close_input_stream(mDevice, stream);

}

void Device::closeOutputStream(audio_stream_out_t* stream) {

    mDevice->close_output_stream(mDevice, stream);

}

char* Device::halGetParameters(const char* keys) {

    return mDevice->get_parameters(mDevice, keys);

}

    ALOGV("open_output_stream status %d stream %p", status, halStream);

    sp<IStreamOut> streamOut;

    if (status == OK) {

        streamOut = new StreamOut(mDevice, halStream);

        streamOut = new StreamOut(this, halStream);

    }

    AudioConfig suggestedConfig;

    HidlUtils::audioConfigFromHal(halConfig, &suggestedConfig);

    ALOGV("open_input_stream status %d stream %p", status, halStream);

    sp<IStreamIn> streamIn;

    if (status == OK) {

        streamIn = new StreamIn(mDevice, halStream);

        streamIn = new StreamIn(this, halStream);

    }

    AudioConfig suggestedConfig;

    HidlUtils::audioConfigFromHal(halConfig, &suggestedConfig);

    // Utility methods for extending interfaces.

    Result analyzeStatus(const char* funcName, int status);

    void closeInputStream(audio_stream_in_t* stream);

    void closeOutputStream(audio_stream_out_t* stream);

    audio_hw_device_t* device() const { return mDevice; }

  private:

}  // namespace

StreamIn::StreamIn(audio_hw_device_t* device, audio_stream_in_t* stream)

StreamIn::StreamIn(const sp<Device>& device, audio_stream_in_t* stream)

        : mIsClosed(false), mDevice(device), mStream(stream),

          mStreamCommon(new Stream(&stream->common)),

          mStreamMmap(new StreamMmap<audio_stream_in_t>(stream)),

        status_t status = EventFlag::deleteEventFlag(&mEfGroup);

        ALOGE_IF(status, "read MQ event flag deletion error: %s", strerror(-status));

    }

    mDevice->close_input_stream(mDevice, mStream);

    mDevice->closeInputStream(mStream);

    mStream = nullptr;

    mDevice = nullptr;

}

// Methods from ::android::hardware::audio::V2_0::IStream follow.

#include <hidl/Status.h>

#include <utils/Thread.h>

#include "Device.h"

#include "Stream.h"

namespace android {

    typedef MessageQueue<uint8_t, kSynchronizedReadWrite> DataMQ;

    typedef MessageQueue<ReadStatus, kSynchronizedReadWrite> StatusMQ;

    StreamIn(audio_hw_device_t* device, audio_stream_in_t* stream);

    StreamIn(const sp<Device>& device, audio_stream_in_t* stream);

    // Methods from ::android::hardware::audio::V2_0::IStream follow.

    Return<uint64_t> getFrameSize()  override;

  private:

    bool mIsClosed;

    audio_hw_device_t *mDevice;

    const sp<Device> mDevice;

    audio_stream_in_t *mStream;

    sp<Stream> mStreamCommon;

    sp<StreamMmap<audio_stream_in_t>> mStreamMmap;

    const sp<Stream> mStreamCommon;

    const sp<StreamMmap<audio_stream_in_t>> mStreamMmap;

    std::unique_ptr<CommandMQ> mCommandMQ;

    std::unique_ptr<DataMQ> mDataMQ;

    std::unique_ptr<StatusMQ> mStatusMQ;

}  // namespace

StreamOut::StreamOut(audio_hw_device_t* device, audio_stream_out_t* stream)

StreamOut::StreamOut(const sp<Device>& device, audio_stream_out_t* stream)

        : mIsClosed(false), mDevice(device), mStream(stream),

          mStreamCommon(new Stream(&stream->common)),

          mStreamMmap(new StreamMmap<audio_stream_out_t>(stream)),

        ALOGE_IF(status, "write MQ event flag deletion error: %s", strerror(-status));

    }

    mCallback.clear();

    mDevice->close_output_stream(mDevice, mStream);

    mDevice->closeOutputStream(mStream);

    mStream = nullptr;

    mDevice = nullptr;

}

// Methods from ::android::hardware::audio::V2_0::IStream follow.