Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f1ecf223 authored by Jeff Sharkey's avatar Jeff Sharkey
Browse files

Tighten up Binder.clearCallingIdentity() usage. 

This is a third CL in a chain that adjusts existing malformed code
to follow AndroidFrameworkBinderIdentity best-practices.

Specifically, if a thread clears an identity they need to restore it
to avoid obscure security vulnerabilities.  In addition, the relevant
"try" block must start immediately after the identity is cleared to
ensure that its restored if/when any exceptions are thrown.

Bug: 155703208
Test: make
Exempt-From-Owner-Approval: trivial refactoring
Change-Id: I74cb958b68d55a647547aae21baff6ddc364859b
parent 119a0467

framework/java/android/bluetooth/BluetoothHidDevice.java

+42 −14
Original line number Diff line number Diff line
@@ -342,44 +342,72 @@ public final class BluetoothHidDevice implements BluetoothProfile { 


        @Override

        public void onAppStatusChanged(BluetoothDevice pluggedDevice, boolean registered) {

            clearCallingIdentity();

            final long token = clearCallingIdentity();

            try {

                mExecutor.execute(() -> mCallback.onAppStatusChanged(pluggedDevice, registered));

            } finally {

                restoreCallingIdentity(token);

            }

        }



        @Override

        public void onConnectionStateChanged(BluetoothDevice device, int state) {

            clearCallingIdentity();

            final long token = clearCallingIdentity();

            try {

                mExecutor.execute(() -> mCallback.onConnectionStateChanged(device, state));

            } finally {

                restoreCallingIdentity(token);

            }

        }



        @Override

        public void onGetReport(BluetoothDevice device, byte type, byte id, int bufferSize) {

            clearCallingIdentity();

            final long token = clearCallingIdentity();

            try {

                mExecutor.execute(() -> mCallback.onGetReport(device, type, id, bufferSize));

            } finally {

                restoreCallingIdentity(token);

            }

        }



        @Override

        public void onSetReport(BluetoothDevice device, byte type, byte id, byte[] data) {

            clearCallingIdentity();

            final long token = clearCallingIdentity();

            try {

                mExecutor.execute(() -> mCallback.onSetReport(device, type, id, data));

            } finally {

                restoreCallingIdentity(token);

            }

        }



        @Override

        public void onSetProtocol(BluetoothDevice device, byte protocol) {

            clearCallingIdentity();

            final long token = clearCallingIdentity();

            try {

                mExecutor.execute(() -> mCallback.onSetProtocol(device, protocol));

            } finally {

                restoreCallingIdentity(token);

            }

        }



        @Override

        public void onInterruptData(BluetoothDevice device, byte reportId, byte[] data) {

            clearCallingIdentity();

            final long token = clearCallingIdentity();

            try {

                mExecutor.execute(() -> mCallback.onInterruptData(device, reportId, data));

            } finally {

                restoreCallingIdentity(token);

            }

        }



        @Override

        public void onVirtualCableUnplug(BluetoothDevice device) {

            clearCallingIdentity();

            final long token = clearCallingIdentity();

            try {

                mExecutor.execute(() -> mCallback.onVirtualCableUnplug(device));

            } finally {

                restoreCallingIdentity(token);

            }

        }

    }