Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6cb17ae0 authored by Jack He's avatar Jack He
Browse files

JNI: Prevent duplicate construction of Socket Manager 

* There is a race condition in **_AdapterService.cpp where check on
  socket manager pointer and construction of new socket manager instance
  are not protected by a mutex. Thus when called from multiple binder
  threads from the Java layer, multiple socket manager instances could
  be created, causing a crash in StrongPointer assignment
* This CL adds a mutex to protect access to socket manager pointer

Bug: 69621696
Change-Id: Id22b247db6784a51ac922587778634d9b98e87a4
Fixes: 69621696
Test: make, connect to remote device via RFCOMM
parent baa7c389

android/app/jni/com_android_bluetooth_btservice_AdapterService.cpp

+13 −7
Original line number Diff line number Diff line
@@ -36,6 +36,8 @@ 
#include <sys/prctl.h>

#include <sys/stat.h>



#include <mutex>



using base::StringPrintf;

using bluetooth::Uuid;

using android::bluetooth::BluetoothSocketManagerBinderServer;
@@ -75,7 +77,8 @@ static jobject sJniCallbacksObj; 
static jfieldID sJniCallbacksField;



namespace {

android::sp<BluetoothSocketManagerBinderServer> socketManager = NULL;

android::sp<BluetoothSocketManagerBinderServer> sSocketManager = NULL;

std::mutex sSocketManagerMutex;

}



const bt_interface_t* getBluetoothInterface() { return sBluetoothInterface; }
@@ -738,8 +741,10 @@ static bool cleanupNative(JNIEnv* env, jobject obj) { 
    env->DeleteGlobalRef(android_bluetooth_UidTraffic.clazz);

    android_bluetooth_UidTraffic.clazz = NULL;

  }



  socketManager = nullptr;

  {

    std::lock_guard<std::mutex> lock(sSocketManagerMutex);

    sSocketManager = nullptr;

  }

  return JNI_TRUE;

}
@@ -1114,11 +1119,12 @@ static jboolean getRemoteServicesNative(JNIEnv* env, jobject obj, 
}



static jobject getSocketManagerNative(JNIEnv* env) {

  if (!socketManager.get())

    socketManager =

  std::lock_guard<std::mutex> lock(sSocketManagerMutex);

  if (!sSocketManager.get()) {

    sSocketManager =

        new BluetoothSocketManagerBinderServer(sBluetoothSocketInterface);



  return javaObjectForIBinder(env, IInterface::asBinder(socketManager));

  }

  return javaObjectForIBinder(env, IInterface::asBinder(sSocketManager));

}



static void setSystemUiUidNative(JNIEnv* env, jobject obj, jint uid) {