diff options
author | 2020-02-13 09:34:33 -0800 | |
---|---|---|
committer | 2020-02-14 23:55:01 +0000 | |
commit | 10d9ddf2e3da3ba3a425fb8396aaaec728e5fbdb (patch) | |
tree | f8a8c3162a464e73a99e9bafe737f1e6d0a726f1 /libs/ui/Region.cpp | |
parent | 51c6a7c8a423ca48d4287c715cd2beffa1c061ad (diff) |
libbinder_ndk: private SharedRefBase construction
SharedRefBase, like sp, has a weakref within it. This allows us to
promote to a strong ref when we only have a pointer to an object (for
instance when we're getting a binder from a binder transaction).
However, it means that the objects have an implicit ownership model.
So, this code is problematic:
std::shared_ptr<IFoo> foo = std::make_shared<MyFoo>();
...
// what other code will do when getting the binder from another
// process, creating double ownership w/ shared_ptrs
std::shared_ptr<IFoo> foo = foo->ref();
Here, we're hiding the use of the 'new' operator so that the initial
make_shared is impossible. If people always use 'SharedRefBase::make'
and 'SharedRefBase::ref' to get strong ownership of the object, then we
avoid this possibility.
Since we hide the 'new' operator, all heap allocation will be blocked.
So other possibilities of double-ownership (e.g. using std::shared_ptr)
will also fail.
One problem with this approach is that it still allows these objects to
be declared on the stack. This is an opportunity for improvement.
Bug: 149249948
Test: TH
Change-Id: I300008f1413474c9e78dd57217f57338a3528db0
Diffstat (limited to 'libs/ui/Region.cpp')
0 files changed, 0 insertions, 0 deletions