Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a088b40d authored by Hansong Zhang's avatar Hansong Zhang
Browse files

HIDD: Add null pointer check in JNI and check invalid unregister 

* Check null pointer before invoking JNI methods
* unregisterApp() returns false when no app is registered

Test: SL4A
Bug: 72168126
Change-Id: I17d99696f0e7a385d8cb155328731b0f45fc518b
parent 853994fb

android/app/jni/com_android_bluetooth_hid_device.cpp

+41 −0
Original line number Diff line number Diff line
@@ -261,6 +261,11 @@ static jboolean registerAppNative(JNIEnv* env, jobject thiz, jstring name, 
                                  jintArray p_in_qos, jintArray p_out_qos) {

  ALOGV("%s enter", __FUNCTION__);



  if (!sHiddIf) {

    ALOGE("%s: Failed to get the Bluetooth HIDD Interface", __func__);

    return JNI_FALSE;

  }



  jboolean result = JNI_FALSE;

  bthd_app_param_t app_param;

  bthd_qos_param_t in_qos;
@@ -309,6 +314,11 @@ static jboolean unregisterAppNative(JNIEnv* env, jobject thiz) { 


  jboolean result = JNI_FALSE;



  if (!sHiddIf) {

    ALOGE("%s: Failed to get the Bluetooth HIDD Interface", __func__);

    return JNI_FALSE;

  }



  bt_status_t ret = sHiddIf->unregister_app();



  ALOGV("%s: unregister_app() returned %d", __FUNCTION__, ret);
@@ -325,6 +335,12 @@ static jboolean unregisterAppNative(JNIEnv* env, jobject thiz) { 
static jboolean sendReportNative(JNIEnv* env, jobject thiz, jint id,

                                 jbyteArray data) {

  jboolean result = JNI_FALSE;



  if (!sHiddIf) {

    ALOGE("%s: Failed to get the Bluetooth HIDD Interface", __func__);

    return JNI_FALSE;

  }



  jsize size;

  uint8_t* buf;
@@ -351,6 +367,11 @@ static jboolean replyReportNative(JNIEnv* env, jobject thiz, jbyte type, 
                                  jbyte id, jbyteArray data) {

  ALOGV("%s enter", __FUNCTION__);



  if (!sHiddIf) {

    ALOGE("%s: Failed to get the Bluetooth HIDD Interface", __func__);

    return JNI_FALSE;

  }



  jboolean result = JNI_FALSE;

  jsize size;

  uint8_t* buf;
@@ -382,6 +403,11 @@ static jboolean replyReportNative(JNIEnv* env, jobject thiz, jbyte type, 
static jboolean reportErrorNative(JNIEnv* env, jobject thiz, jbyte error) {

  ALOGV("%s enter", __FUNCTION__);



  if (!sHiddIf) {

    ALOGE("%s: Failed to get the Bluetooth HIDD Interface", __func__);

    return JNI_FALSE;

  }



  jboolean result = JNI_FALSE;



  bt_status_t ret = sHiddIf->report_error(error);
@@ -400,6 +426,11 @@ static jboolean reportErrorNative(JNIEnv* env, jobject thiz, jbyte error) { 
static jboolean unplugNative(JNIEnv* env, jobject thiz) {

  ALOGV("%s enter", __FUNCTION__);



  if (!sHiddIf) {

    ALOGE("%s: Failed to get the Bluetooth HIDD Interface", __func__);

    return JNI_FALSE;

  }



  jboolean result = JNI_FALSE;



  bt_status_t ret = sHiddIf->virtual_cable_unplug();
@@ -418,6 +449,11 @@ static jboolean unplugNative(JNIEnv* env, jobject thiz) { 
static jboolean connectNative(JNIEnv* env, jobject thiz, jbyteArray address) {

  ALOGV("%s enter", __FUNCTION__);



  if (!sHiddIf) {

    ALOGE("%s: Failed to get the Bluetooth HIDD Interface", __func__);

    return JNI_FALSE;

  }



  jboolean result = JNI_FALSE;



  jbyte* addr = env->GetByteArrayElements(address, NULL);
@@ -442,6 +478,11 @@ static jboolean connectNative(JNIEnv* env, jobject thiz, jbyteArray address) { 
static jboolean disconnectNative(JNIEnv* env, jobject thiz) {

  ALOGV("%s enter", __FUNCTION__);



  if (!sHiddIf) {

    ALOGE("%s: Failed to get the Bluetooth HIDD Interface", __func__);

    return JNI_FALSE;

  }



  jboolean result = JNI_FALSE;



  bt_status_t ret = sHiddIf->disconnect();

android/app/src/com/android/bluetooth/hid/HidDeviceService.java

+10 −5
Original line number Diff line number Diff line
@@ -508,7 +508,15 @@ public class HidDeviceService extends ProfileService { 
        }



        int callingUid = Binder.getCallingUid();

        return unregisterAppUid(callingUid);



        if (callingUid == mUserUid || callingUid < Process.FIRST_APPLICATION_UID) {

            mUserUid = 0;

            return mHidDeviceNativeInterface.unregisterApp();

        }

        if (DBG) {

            Log.d(TAG, "unregisterAppUid(): caller UID doesn't match user UID");

        }

        return false;

    }



    private synchronized boolean unregisterAppUid(int uid) {
@@ -516,13 +524,10 @@ public class HidDeviceService extends ProfileService { 
            Log.d(TAG, "unregisterAppUid(): uid=" + uid);

        }



        if (uid == mUserUid || uid < Process.FIRST_APPLICATION_UID) {

        if (uid == mUserUid) {

            mUserUid = 0;

            return mHidDeviceNativeInterface.unregisterApp();

        }

        if (DBG) {

            Log.d(TAG, "unregisterAppUid(): caller UID doesn't match user UID");

        }

        return false;

    }