From 01a6bad2e1441c4ec89d6157dc663cb43c6d9cf9 Mon Sep 17 00:00:00 2001 From: Steven Moreland Date: Fri, 11 Jun 2021 00:59:20 +0000 Subject: libbinder: RPC session ID uses the long binder ID This is 'unguessable' (pending security review and constant time compare). Right now, it's unclear if we'll go with full TLS for on-device communication or use some other authentication scheme. However, this is being used similarly to TLS session tickets. Bug: 167966510 Test: binderRpcTest Change-Id: I4c5edd2de6cc3f6ae37b0815e7f45c7a08bac2b1 --- libs/binder/RpcState.cpp | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) (limited to 'libs/binder/RpcState.cpp') diff --git a/libs/binder/RpcState.cpp b/libs/binder/RpcState.cpp index 15eec20d1d..fd2eff6870 100644 --- a/libs/binder/RpcState.cpp +++ b/libs/binder/RpcState.cpp @@ -369,7 +369,7 @@ status_t RpcState::getMaxThreads(const sp& connection } status_t RpcState::getSessionId(const sp& connection, - const sp& session, int32_t* sessionIdOut) { + const sp& session, RpcAddress* sessionIdOut) { Parcel data; data.markForRpc(session); Parcel reply; @@ -382,12 +382,7 @@ status_t RpcState::getSessionId(const sp& connection, return status; } - int32_t sessionId; - status = reply.readInt32(&sessionId); - if (status != OK) return status; - - *sessionIdOut = sessionId; - return OK; + return sessionIdOut->readFromParcel(reply); } status_t RpcState::transact(const sp& connection, @@ -767,9 +762,9 @@ processTransactInternalTailCall: } case RPC_SPECIAL_TRANSACT_GET_SESSION_ID: { // for client connections, this should always report the value - // originally returned from the server - int32_t id = session->mId.value(); - replyStatus = reply.writeInt32(id); + // originally returned from the server, so this is asserting + // that it exists + replyStatus = session->mId.value().writeToParcel(&reply); break; } default: { -- cgit v1.2.3-59-g8ed1b