From 9f50ea66b4cd4ddf436fea574f768a7fab7963ea Mon Sep 17 00:00:00 2001
From: Steven Moreland <smoreland@google.com>
Date: Fri, 18 Sep 2020 01:04:15 +0000
Subject: libbinder: ignore CallRestriction for magic 0 cmd

There is a special transaction required to make sure that the context
manager is setup before we get a reference to it. Since this is required
to use binder, it would prevent use of CallRestriction outside of
servicemanager.

Fixes: 167302413
Test: binderLibTest

Change-Id: I029e2a99013008a7c8614d63dc29df2889067d11
---
 libs/binder/ProcessState.cpp | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'libs/binder/ProcessState.cpp')

diff --git a/libs/binder/ProcessState.cpp b/libs/binder/ProcessState.cpp
index a53056560e..83ca687519 100644
--- a/libs/binder/ProcessState.cpp
+++ b/libs/binder/ProcessState.cpp
@@ -282,9 +282,17 @@ sp<IBinder> ProcessState::getStrongProxyForHandle(int32_t handle)
                 // a driver API to get a handle to the context manager with
                 // proper reference counting.
 
+                IPCThreadState* ipc = IPCThreadState::self();
+
+                CallRestriction originalCallRestriction = ipc->getCallRestriction();
+                ipc->setCallRestriction(CallRestriction::NONE);
+
                 Parcel data;
-                status_t status = IPCThreadState::self()->transact(
+                status_t status = ipc->transact(
                         0, IBinder::PING_TRANSACTION, data, nullptr, 0);
+
+                ipc->setCallRestriction(originalCallRestriction);
+
                 if (status == DEAD_OBJECT)
                    return nullptr;
             }
-- 
cgit v1.2.3-59-g8ed1b