Make Log.wtf() safe to call from within the system server

Make sure to use the handler if the caller is the system server

Test: Build / treehugger / manual code inspection
Change-Id: I0c9998511280193d785ebcf7aa501ee02c0a8548
Fix: 148230239

3 files changed, 14 insertions, 7 deletions

diff --git a/core/java/android/app/IActivityManager.aidl b/core/java/android/app/IActivityManager.aidl
index 3ffd7c70b40d..be418424e64c 100644
--- a/core/java/android/app/IActivityManager.aidl
+++ b/core/java/android/app/IActivityManager.aidl
@@ -287,7 +287,7 @@ interface IActivityManager {
     void killApplicationProcess(in String processName, int uid);
     // Special low-level communication with activity manager.
     boolean handleApplicationWtf(in IBinder app, in String tag, boolean system,
-            in ApplicationErrorReport.ParcelableCrashInfo crashInfo);
+            in ApplicationErrorReport.ParcelableCrashInfo crashInfo, int immediateCallerPid);
     @UnsupportedAppUsage
     void killBackgroundProcesses(in String packageName, int userId);
     boolean isUserAMonkey();
diff --git a/core/java/com/android/internal/os/RuntimeInit.java b/core/java/com/android/internal/os/RuntimeInit.java
index 7adb27cd9e36..db009f68d28a 100644
--- a/core/java/com/android/internal/os/RuntimeInit.java
+++ b/core/java/com/android/internal/os/RuntimeInit.java
@@ -468,7 +468,8 @@ public class RuntimeInit {
         try {
             if (ActivityManager.getService().handleApplicationWtf(
                     mApplicationObject, tag, system,
-                    new ApplicationErrorReport.ParcelableCrashInfo(t))) {
+                    new ApplicationErrorReport.ParcelableCrashInfo(t),
+                    Process.myPid())) {
                 // The Activity Manager has already written us off -- now exit.
                 Process.killProcess(Process.myPid());
                 System.exit(10);
diff --git a/services/core/java/com/android/server/am/ActivityManagerService.java b/services/core/java/com/android/server/am/ActivityManagerService.java
index 8b547c6bda42..b7ef6000efd7 100644
--- a/services/core/java/com/android/server/am/ActivityManagerService.java
+++ b/services/core/java/com/android/server/am/ActivityManagerService.java
@@ -9707,15 +9707,21 @@ public class ActivityManagerService extends IActivityManager.Stub
      * @param crashInfo describing the context of the error
      * @return true if the process should exit immediately (WTF is fatal)
      */
+    @Override
     public boolean handleApplicationWtf(final IBinder app, final String tag, boolean system,
-            final ApplicationErrorReport.ParcelableCrashInfo crashInfo) {
+            final ApplicationErrorReport.ParcelableCrashInfo crashInfo, int immediateCallerPid) {
         final int callingUid = Binder.getCallingUid();
         final int callingPid = Binder.getCallingPid();
 
-        if (system) {
-            // If this is coming from the system, we could very well have low-level
-            // system locks held, so we want to do this all asynchronously.  And we
-            // never want this to become fatal, so there is that too.
+        // If this is coming from the system, we could very well have low-level
+        // system locks held, so we want to do this all asynchronously.  And we
+        // never want this to become fatal, so there is that too.
+        //
+        // Note: "callingPid == Process.myPid())" wouldn't be reliable because even if the caller
+        // is within the system server, if it calls Log.wtf() without clearning the calling
+        // identity, callingPid would still be of a remote caller. So we explicltly pass the
+        // process PID from the caller.
+        if (system || (immediateCallerPid == Process.myPid())) {
             mHandler.post(new Runnable() {
                 @Override public void run() {
                     handleApplicationWtfInner(callingUid, callingPid, app, tag, crashInfo);