system_server BINDER_TYPE_FD sockets using ashmem accessors

check if device is a character device, before calling ashmem_get_size_region. We do not check if the st_rdev matches /dev/ashmem. So this at least eliminates making this call when associated with a socket. Bug: 26374183 Change-Id: I68ed9d1c2cd4c47228ed065e3e18eb4151f038f4
author: Mark Salyzyn <salyzyn@google.com> 2016-01-27 08:02:48 -0800
committer: Steve Kondik <steve@cyngn.com> 2016-07-15 13:04:30 -0700
commit: d70043eaf41b911c464cf62d5f79aac8697aeb6b (patch)
tree: 5077f2e9d2bffd2c18b5ab53f345c21bf69b498f
parent: e481771aa3de37a8cf01a36c5637f0cc48506205 (diff)
download: frameworks_native-d70043eaf41b911c464cf62d5f79aac8697aeb6b.zip
frameworks_native-d70043eaf41b911c464cf62d5f79aac8697aeb6b.tar.gz
frameworks_native-d70043eaf41b911c464cf62d5f79aac8697aeb6b.tar.bz2
1 files changed, 14 insertions, 5 deletions
diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp
index 1aaee92..56890a2 100644
--- a/libs/binder/Parcel.cpp
+++ b/libs/binder/Parcel.cpp
@@ -42,6 +42,9 @@
 #include <stdlib.h>
 #include <stdint.h>
 #include <sys/mman.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
 
 #ifndef INT32_MAX
 #define INT32_MAX ((int32_t)(2147483647))
@@ -123,8 +126,10 @@ void acquire_object(const sp<ProcessState>& proc,
             return;
         }
         case BINDER_TYPE_FD: {
-            if (obj.cookie != 0) {
-                if (outAshmemSize != NULL) {
+            if ((obj.cookie != 0) && (outAshmemSize != NULL)) {
+                struct stat st;
+                int ret = fstat(obj.handle, &st);
+                if (!ret && S_ISCHR(st.st_mode)) {
                     // If we own an ashmem fd, keep track of how much memory it refers to.
                     int size = ashmem_get_size_region(obj.handle);
                     if (size > 0) {
@@ -175,9 +180,13 @@ static void release_object(const sp<ProcessState>& proc,
         case BINDER_TYPE_FD: {
             if (obj.cookie != 0) { // owned
                 if (outAshmemSize != NULL) {
-                    int size = ashmem_get_size_region(obj.handle);
-                    if (size > 0) {
-                        *outAshmemSize -= size;
+                    struct stat st;
+                    int ret = fstat(obj.handle, &st);
+                    if (!ret && S_ISCHR(st.st_mode)) {
+                        int size = ashmem_get_size_region(obj.handle);
+                        if (size > 0) {
+                            *outAshmemSize -= size;
+                        }
                     }
                 }
             close(obj.handle);
author	Mark Salyzyn <salyzyn@google.com>	2016-01-27 08:02:48 -0800
committer	Steve Kondik <steve@cyngn.com>	2016-07-15 13:04:30 -0700
commit	d70043eaf41b911c464cf62d5f79aac8697aeb6b (patch)
tree	5077f2e9d2bffd2c18b5ab53f345c21bf69b498f
parent	e481771aa3de37a8cf01a36c5637f0cc48506205 (diff)
download	frameworks_native-d70043eaf41b911c464cf62d5f79aac8697aeb6b.zip frameworks_native-d70043eaf41b911c464cf62d5f79aac8697aeb6b.tar.gz frameworks_native-d70043eaf41b911c464cf62d5f79aac8697aeb6b.tar.bz2