Detect non-oneway calls leaving system_server.

To protect system stability, any Binder calls leaving the
system_server must carefully be performed using FLAG_ONEWAY (or
the 'oneway' verb in AIDL) which prevents the call from blocking
indefinitely on the remote process.

In this CL, the system_server uses the new Binder.setWarnOnBlocking()
method to enable detection by default for all remote Binder
interfaces.  It can also use Binder.allowBlocking() to allow
blocking calls on certain remote interfaces that have been
determined to be safe.

This CL adds the 'oneway' verb to several interfaces and methods
where it should have been added, and marks a handful of system
ContentProviders as being safe to call into.  Also, we assume that
any services obtained from ServiceManager are part of the core
OS, and are okay to make blocking calls to.

Test: builds, boots, runs with minimal logs triggered
Bug: 32715088
Change-Id: Ide476e120cb40436a94b7faf7615c943d691f4c0

1 files changed, 2 insertions, 1 deletions

diff --git a/keystore/java/android/security/KeyChain.java b/keystore/java/android/security/KeyChain.java
index 4fc789249c5c..5e59a64b23d4 100644
--- a/keystore/java/android/security/KeyChain.java
+++ b/keystore/java/android/security/KeyChain.java
@@ -26,6 +26,7 @@ import android.content.Context;
 import android.content.Intent;
 import android.content.ServiceConnection;
 import android.net.Uri;
+import android.os.Binder;
 import android.os.Build;
 import android.os.IBinder;
 import android.os.Looper;
@@ -630,7 +631,7 @@ public final class KeyChain {
                 if (!mConnectedAtLeastOnce) {
                     mConnectedAtLeastOnce = true;
                     try {
-                        q.put(IKeyChainService.Stub.asInterface(service));
+                        q.put(IKeyChainService.Stub.asInterface(Binder.allowBlocking(service)));
                     } catch (InterruptedException e) {
                         // will never happen, since the queue starts with one available slot
                     }