From e34afe0a4bd8092cca89a607c994124a9ddb28b9 Mon Sep 17 00:00:00 2001
From: Fabien Sanglard <sanglardf@google.com>
Date: Wed, 18 Jan 2017 16:43:18 -0800
Subject: Fix security vulnerability

AOSP-Change-Id: I4c9ea3a3177131fa29d2561da71ef18bec3af108
Test: angler, marlin
Bug: 32628763

CVE-2017-0546

Change-Id: I3e87518163540a9fce1d4fc3751ed558d4854140
(cherry picked from commit 45b202513ba7440beaefbf9928f73fb6683dcfbd)
---
 services/surfaceflinger/SurfaceFlinger.cpp | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/services/surfaceflinger/SurfaceFlinger.cpp b/services/surfaceflinger/SurfaceFlinger.cpp
index 441bad8..941257c 100644
--- a/services/surfaceflinger/SurfaceFlinger.cpp
+++ b/services/surfaceflinger/SurfaceFlinger.cpp
@@ -2249,8 +2249,7 @@ void SurfaceFlinger::setTransactionState(
         if (s.client != NULL) {
             sp<IBinder> binder = IInterface::asBinder(s.client);
             if (binder != NULL) {
-                String16 desc(binder->getInterfaceDescriptor());
-                if (desc == ISurfaceComposerClient::descriptor) {
+                if (binder->queryLocalInterface(ISurfaceComposerClient::descriptor) != NULL) {
                     sp<Client> client( static_cast<Client *>(s.client.get()) );
                     transactionFlags |= setClientStateLocked(client, s.state);
                 }
-- 
cgit v1.1