Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 95ac79e9 authored by Steven Moreland's avatar Steven Moreland
Browse files

libfakeservicemanager: no hold lock in clear 

destructors may reference servicemanager, and so
if objects are destroyed by libfakeservicemanager
clear, this was causing a recursive lock take.

Fix this the standard way, by using the lock to
copy out references, and then clear them when
its okay to talk to servicemanager again.

Bug: N/A
Test: w/ fuzzers
Change-Id: I4795ff6e042324e6ffe76f6c915c1328d3eee94f
parent 22ac12b2

libs/fakeservicemanager/FakeServiceManager.cpp

+13 −3
Original line number Diff line number Diff line
@@ -122,10 +122,20 @@ std::vector<IServiceManager::ServiceDebugInfo> FakeServiceManager::getServiceDeb 
}



void FakeServiceManager::clear() {

    std::lock_guard<std::mutex> l(mMutex);

    std::map<String16, sp<IBinder>> backup;



    {

      std::lock_guard<std::mutex> l(mMutex);

      backup = mNameToService;

      mNameToService.clear();

    }



    // destructors may access FSM, so avoid recursive lock

    backup.clear(); // explicit



    // TODO: destructors may have added more services here - may want

    // to check this or abort

}

}  // namespace android



[[clang::no_destroy]] static sp<FakeServiceManager> gFakeServiceManager;