From c60c4fcd56cb6b08894a447d0ea6e8a8e6a83148 Mon Sep 17 00:00:00 2001
From: Alexandre Baião <alexandre.baiao@gmail.com>
Date: Wed, 31 Jul 2019 12:29:31 -0200
Subject: Fix FD comparisons in binder

Even though 0 is a valid file descriptor (FD),
all checks made using it as error.
When a user space process is started by the kernel,
there are no FD open.
The first one to be opened is 0. If this process used binder,
then its connection would be dropped due to the checks mentioned
previously.
This issue is fixed by changing the comparisons to allow a FD 0.

This change was created by Alexandre while he was an employee of
Samsung Electronics (SRBR). He is no longer part of the staff.
On behalf of Samsung Electronics (SRBR).

BUG: 122699850
Test: Called test binary from kernel and ensured connection
to libbinder is not dropped.

Change-Id: I588ec8c4c1ba130ea2d5d61d94dea66838e4aa1d
---
 libs/binder/IPCThreadState.cpp | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/libs/binder/IPCThreadState.cpp b/libs/binder/IPCThreadState.cpp
index 3b889fbe20..4356706b7e 100644
--- a/libs/binder/IPCThreadState.cpp
+++ b/libs/binder/IPCThreadState.cpp
@@ -421,7 +421,7 @@ void IPCThreadState::clearCaller()
 
 void IPCThreadState::flushCommands()
 {
-    if (mProcess->mDriverFD <= 0)
+    if (mProcess->mDriverFD < 0)
         return;
     talkWithDriver(false);
     // The flush could have caused post-write refcount decrements to have
@@ -574,7 +574,7 @@ void IPCThreadState::joinThreadPool(bool isMain)
 
 int IPCThreadState::setupPolling(int* fd)
 {
-    if (mProcess->mDriverFD <= 0) {
+    if (mProcess->mDriverFD < 0) {
         return -EBADF;
     }
 
@@ -878,7 +878,7 @@ finish:
 
 status_t IPCThreadState::talkWithDriver(bool doReceive)
 {
-    if (mProcess->mDriverFD <= 0) {
+    if (mProcess->mDriverFD < 0) {
         return -EBADF;
     }
 
@@ -936,7 +936,7 @@ status_t IPCThreadState::talkWithDriver(bool doReceive)
 #else
         err = INVALID_OPERATION;
 #endif
-        if (mProcess->mDriverFD <= 0) {
+        if (mProcess->mDriverFD < 0) {
             err = -EBADF;
         }
         IF_LOG_COMMANDS() {
@@ -1246,7 +1246,7 @@ void IPCThreadState::threadDestructor(void *st)
         if (self) {
                 self->flushCommands();
 #if defined(__ANDROID__)
-        if (self->mProcess->mDriverFD > 0) {
+        if (self->mProcess->mDriverFD >= 0) {
             ioctl(self->mProcess->mDriverFD, BINDER_THREAD_EXIT, 0);
         }
 #endif
-- 
cgit v1.2.3-59-g8ed1b