commit 8938ed2c8e906fc332301b64787728d4d34da571
author Dianne Hackborn <hackbod@google.com> Wed Sep 28 23:19:47 2011 -0400
committer Dianne Hackborn <hackbod@google.com> Mon Oct 03 16:58:41 2011 -0700
tree b24c8e54739c81b47fb33196660e056a028253c3
parent c673c036712bb113ce2670c46ca808209b9d07e6

Add mechanism for Parcel to not allow FDs to be written to it.

This is to help implement issue #5224703.

Change-Id: I026a5890495537d15b57fe61227a640aac806d46

include/binder/Parcel.h

diff --git a/include/binder/Parcel.h b/include/binder/Parcel.h
index bfe13f0..57f5dd2 100644
--- a/include/binder/Parcel.h
+++ b/include/binder/Parcel.h
@@ -46,7 +46,7 @@
     size_t              dataAvail() const;
     size_t              dataPosition() const;
     size_t              dataCapacity() const;
-    
+
     status_t            setDataSize(size_t size);
     void                setDataPosition(size_t pos) const;
     status_t            setDataCapacity(size_t size);
@@ -56,6 +56,8 @@
     status_t            appendFrom(const Parcel *parcel,
                                    size_t start, size_t len);
 
+    bool                setAllowFds(bool allowFds);
+
     bool                hasFileDescriptors() const;
 
     // Writes the RPC header.
@@ -212,6 +214,7 @@
 
     mutable bool        mFdsKnown;
     mutable bool        mHasFds;
+    bool                mAllowFds;
     
     release_func        mOwner;
     void*               mOwnerCookie;

include/utils/Errors.h

diff --git a/include/utils/Errors.h b/include/utils/Errors.h
index 81f818b..0b75b19 100644
--- a/include/utils/Errors.h
+++ b/include/utils/Errors.h
@@ -72,6 +72,7 @@
     TIMED_OUT           = 0x80000005,
     UNKNOWN_TRANSACTION = 0x80000006,
 #endif    
+    FDS_NOT_ALLOWED     = 0x80000007,
 };
 
 // Restore define; enumeration is in "android" namespace, so the value defined

libs/binder/Parcel.cpp

diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp
index a0fc4d0..8eeab7a 100644
--- a/libs/binder/Parcel.cpp
+++ b/libs/binder/Parcel.cpp
@@ -399,6 +399,8 @@
     mDataPos += len;
     mDataSize += len;
 
+    err = NO_ERROR;
+
     if (numObjects > 0) {
         // grow objects
         if (mObjectsCapacity < mObjectsSize + numObjects) {
@@ -430,11 +432,21 @@
                 flat->handle = dup(flat->handle);
                 flat->cookie = (void*)1;
                 mHasFds = mFdsKnown = true;
+                if (!mAllowFds) {
+                    err = FDS_NOT_ALLOWED;
+                }
             }
         }
     }
 
-    return NO_ERROR;
+    return err;
+}
+
+bool Parcel::setAllowFds(bool allowFds)
+{
+    const bool origValue = mAllowFds;
+    mAllowFds = allowFds;
+    return origValue;
 }
 
 bool Parcel::hasFileDescriptors() const
@@ -759,6 +771,9 @@
         
         // remember if it's a file descriptor
         if (val.type == BINDER_TYPE_FD) {
+            if (!mAllowFds) {
+                return FDS_NOT_ALLOWED;
+            }
             mHasFds = mFdsKnown = true;
         }
 
@@ -1283,6 +1298,7 @@
     mNextObjectHint = 0;
     mHasFds = false;
     mFdsKnown = true;
+    mAllowFds = true;
     
     return NO_ERROR;
 }
@@ -1434,6 +1450,7 @@
     mNextObjectHint = 0;
     mHasFds = false;
     mFdsKnown = true;
+    mAllowFds = true;
     mOwner = NULL;
 }