From c276f8db509dfc95caa0f7d0146297c8d330010d Mon Sep 17 00:00:00 2001
From: Yifan Hong <elsk@google.com>
Date: Thu, 13 May 2021 17:13:44 -0700
Subject: RpcServer::setupSocketServer prevent race

If two threads calls setup*Server, they may race.
Make sure one of them fail.

setupSocketServer calls into setupExternalServer to
double check that no other thread was setting up
server in the mean time to prevent TOCTOU.

This change also ensures that setupExternalServer is the
only place where mServer is set, and it is guarded by a
lock.

Test: binderRpcTest

Change-Id: Iadd3585b9cb4aa157bae072943f1bd47896a7a77
---
 libs/binder/RpcServer.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libs/binder/RpcServer.cpp b/libs/binder/RpcServer.cpp
index 9cc6e7fe04..59659bd0a6 100644
--- a/libs/binder/RpcServer.cpp
+++ b/libs/binder/RpcServer.cpp
@@ -255,7 +255,10 @@ bool RpcServer::setupSocketServer(const RpcSocketAddress& addr) {
 
     LOG_RPC_DETAIL("Successfully setup socket server %s", addr.toString().c_str());
 
-    mServer = std::move(serverFd);
+    if (!setupExternalServer(std::move(serverFd))) {
+        ALOGE("Another thread has set up server while calling setupSocketServer. Race?");
+        return false;
+    }
     return true;
 }
 
-- 
cgit v1.2.3-59-g8ed1b