From eb258ff0ce3fde7db201c0c9063a057c9d5e06ae Mon Sep 17 00:00:00 2001
From: Steven Moreland <smoreland@google.com>
Date: Fri, 14 May 2021 03:20:06 +0000
Subject: libbinder: binder RPC - using getCalling* aborts

Broken code? Now you know!

Fixes: 186647790
Test: binderRpcTest (on host and device)
Change-Id: Id8fc889f4998b98f8c3a5ae0e054741e0e83c785
---
 libs/binder/RpcState.cpp | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'libs/binder/RpcState.cpp')

diff --git a/libs/binder/RpcState.cpp b/libs/binder/RpcState.cpp
index 2ba9fa2bd5..e5a6026f3b 100644
--- a/libs/binder/RpcState.cpp
+++ b/libs/binder/RpcState.cpp
@@ -18,7 +18,9 @@
 
 #include "RpcState.h"
 
+#include <android-base/scopeguard.h>
 #include <binder/BpBinder.h>
+#include <binder/IPCThreadState.h>
 #include <binder/RpcServer.h>
 
 #include "Debug.h"
@@ -28,6 +30,8 @@
 
 namespace android {
 
+using base::ScopeGuard;
+
 RpcState::RpcState() {}
 RpcState::~RpcState() {}
 
@@ -470,6 +474,18 @@ status_t RpcState::getAndExecuteCommand(const base::unique_fd& fd, const sp<RpcS
 
 status_t RpcState::processServerCommand(const base::unique_fd& fd, const sp<RpcSession>& session,
                                         const RpcWireHeader& command) {
+    IPCThreadState* kernelBinderState = IPCThreadState::selfOrNull();
+    IPCThreadState::SpGuard spGuard{"processing binder RPC command"};
+    IPCThreadState::SpGuard* origGuard;
+    if (kernelBinderState != nullptr) {
+        origGuard = kernelBinderState->pushGetCallingSpGuard(&spGuard);
+    }
+    ScopeGuard guardUnguard = [&]() {
+        if (kernelBinderState != nullptr) {
+            kernelBinderState->restoreGetCallingSpGuard(origGuard);
+        }
+    };
+
     switch (command.command) {
         case RPC_COMMAND_TRANSACT:
             return processTransact(fd, session, command);
-- 
cgit v1.2.3-59-g8ed1b