diff options
Diffstat (limited to 'libs/binder')
| -rw-r--r-- | libs/binder/IPCThreadState.cpp | 8 | ||||
| -rw-r--r-- | libs/binder/MemoryDealer.cpp | 6 | ||||
| -rw-r--r-- | libs/binder/Parcel.cpp | 10 |
3 files changed, 22 insertions, 2 deletions
diff --git a/libs/binder/IPCThreadState.cpp b/libs/binder/IPCThreadState.cpp index 629b899..b578a6c 100644 --- a/libs/binder/IPCThreadState.cpp +++ b/libs/binder/IPCThreadState.cpp @@ -371,6 +371,11 @@ int IPCThreadState::getCallingUid() return mCallingUid; } +int IPCThreadState::getOrigCallingUid() +{ + return mOrigCallingUid; +} + int64_t IPCThreadState::clearCallingIdentity() { int64_t token = ((int64_t)mCallingUid<<32) | mCallingPid; @@ -641,6 +646,7 @@ IPCThreadState::IPCThreadState() { pthread_setspecific(gTLS, this); clearCaller(); + mOrigCallingUid = mCallingUid; mIn.setDataCapacity(256); mOut.setDataCapacity(256); } @@ -987,6 +993,7 @@ status_t IPCThreadState::executeCommand(int32_t cmd) mCallingPid = tr.sender_pid; mCallingUid = tr.sender_euid; + mOrigCallingUid = tr.sender_euid; int curPrio = getpriority(PRIO_PROCESS, mMyThreadId); if (gDisableBackgroundScheduling) { @@ -1045,6 +1052,7 @@ status_t IPCThreadState::executeCommand(int32_t cmd) mCallingPid = origPid; mCallingUid = origUid; + mOrigCallingUid = origUid; IF_LOG_TRANSACTIONS() { TextOutput::Bundle _b(alog); diff --git a/libs/binder/MemoryDealer.cpp b/libs/binder/MemoryDealer.cpp index ff5e6bd..8d0e0a7 100644 --- a/libs/binder/MemoryDealer.cpp +++ b/libs/binder/MemoryDealer.cpp @@ -180,7 +180,6 @@ Allocation::~Allocation() /* NOTE: it's VERY important to not free allocations of size 0 because * they're special as they don't have any record in the allocator * and could alias some real allocation (their offset is zero). */ - mDealer->deallocate(freedOffset); // keep the size to unmap in excess size_t pagesize = getpagesize(); @@ -216,6 +215,11 @@ Allocation::~Allocation() } #endif } + + // This should be done after madvise(MADV_REMOVE), otherwise madvise() + // might kick out the memory region that's allocated and/or written + // right after the deallocation. + mDealer->deallocate(freedOffset); } } diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp index 3400e97..dea14bb 100644 --- a/libs/binder/Parcel.cpp +++ b/libs/binder/Parcel.cpp @@ -722,7 +722,15 @@ status_t Parcel::writeFileDescriptor(int fd, bool takeOwnership) status_t Parcel::writeDupFileDescriptor(int fd) { - return writeFileDescriptor(dup(fd), true /*takeOwnership*/); + int dupFd = dup(fd); + if (dupFd < 0) { + return -errno; + } + status_t err = writeFileDescriptor(dupFd, true /*takeOwnership*/); + if (err) { + close(dupFd); + } + return err; } status_t Parcel::writeBlob(size_t len, WritableBlob* outBlob) |