Add mechanism for Parcel to not allow FDs to be written to it.

This is to help implement issue #5224703. Change-Id: I026a5890495537d15b57fe61227a640aac806d46
2011-09-28 23:19:47 -04:00 · 2011-09-28 23:19:47 -04:00 · 8938ed2c8e
parent c673c03671
commit 8938ed2c8e
3 changed files with 23 additions and 2 deletions
--- a/include/binder/Parcel.h
+++ b/include/binder/Parcel.h
@ -46,7 +46,7 @@ public:
    size_t              dataAvail() const;
    size_t              dataPosition() const;
    size_t              dataCapacity() const;
-    
+
    status_t            setDataSize(size_t size);
    void                setDataPosition(size_t pos) const;
    status_t            setDataCapacity(size_t size);
@ -56,6 +56,8 @@ public:
    status_t            appendFrom(const Parcel *parcel,
                                   size_t start, size_t len);

+    bool                setAllowFds(bool allowFds);
+
    bool                hasFileDescriptors() const;

    // Writes the RPC header.
@ -212,6 +214,7 @@ private:

    mutable bool        mFdsKnown;
    mutable bool        mHasFds;
+    bool                mAllowFds;
    
    release_func        mOwner;
    void*               mOwnerCookie;
--- a/include/utils/Errors.h
+++ b/include/utils/Errors.h
@ -72,6 +72,7 @@ enum {
    TIMED_OUT           = 0x80000005,
    UNKNOWN_TRANSACTION = 0x80000006,
 #endif    
+    FDS_NOT_ALLOWED     = 0x80000007,
 };

 // Restore define; enumeration is in "android" namespace, so the value defined
--- a/libs/binder/Parcel.cpp
+++ b/libs/binder/Parcel.cpp
@ -399,6 +399,8 @@ status_t Parcel::appendFrom(const Parcel *parcel, size_t offset, size_t len)
    mDataPos += len;
    mDataSize += len;

+    err = NO_ERROR;
+
    if (numObjects > 0) {
        // grow objects
        if (mObjectsCapacity < mObjectsSize + numObjects) {
@ -430,11 +432,21 @@ status_t Parcel::appendFrom(const Parcel *parcel, size_t offset, size_t len)
                flat->handle = dup(flat->handle);
                flat->cookie = (void*)1;
                mHasFds = mFdsKnown = true;
+                if (!mAllowFds) {
+                    err = FDS_NOT_ALLOWED;
+                }
            }
        }
    }

-    return NO_ERROR;
+    return err;
+}
+
+bool Parcel::setAllowFds(bool allowFds)
+{
+    const bool origValue = mAllowFds;
+    mAllowFds = allowFds;
+    return origValue;
 }

 bool Parcel::hasFileDescriptors() const
@ -759,6 +771,9 @@ restart_write:
        
        // remember if it's a file descriptor
        if (val.type == BINDER_TYPE_FD) {
+            if (!mAllowFds) {
+                return FDS_NOT_ALLOWED;
+            }
            mHasFds = mFdsKnown = true;
        }

@ -1283,6 +1298,7 @@ status_t Parcel::restartWrite(size_t desired)
    mNextObjectHint = 0;
    mHasFds = false;
    mFdsKnown = true;
+    mAllowFds = true;
    
    return NO_ERROR;
 }
@ -1434,6 +1450,7 @@ void Parcel::initState()
    mNextObjectHint = 0;
    mHasFds = false;
    mFdsKnown = true;
+    mAllowFds = true;
    mOwner = NULL;
 }