From 0a17db1cc5942ea000ca87bb72853de57a15ec64 Mon Sep 17 00:00:00 2001 From: Jeff Sharkey Date: Fri, 4 Nov 2016 11:23:46 -0600 Subject: Detect non-oneway calls leaving system_server. To protect system stability, any Binder calls leaving the system_server must carefully be performed using FLAG_ONEWAY (or the 'oneway' verb in AIDL) which prevents the call from blocking indefinitely on the remote process. In this CL, the system_server uses the new Binder.setWarnOnBlocking() method to enable detection by default for all remote Binder interfaces. It can also use Binder.allowBlocking() to allow blocking calls on certain remote interfaces that have been determined to be safe. This CL adds the 'oneway' verb to several interfaces and methods where it should have been added, and marks a handful of system ContentProviders as being safe to call into. Also, we assume that any services obtained from ServiceManager are part of the core OS, and are okay to make blocking calls to. Test: builds, boots, runs with minimal logs triggered Bug: 32715088 Change-Id: Ide476e120cb40436a94b7faf7615c943d691f4c0 --- keystore/java/android/security/KeyChain.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'keystore/java/android/security/KeyChain.java') diff --git a/keystore/java/android/security/KeyChain.java b/keystore/java/android/security/KeyChain.java index 4fc789249c5c..5e59a64b23d4 100644 --- a/keystore/java/android/security/KeyChain.java +++ b/keystore/java/android/security/KeyChain.java @@ -26,6 +26,7 @@ import android.content.Context; import android.content.Intent; import android.content.ServiceConnection; import android.net.Uri; +import android.os.Binder; import android.os.Build; import android.os.IBinder; import android.os.Looper; @@ -630,7 +631,7 @@ public final class KeyChain { if (!mConnectedAtLeastOnce) { mConnectedAtLeastOnce = true; try { - q.put(IKeyChainService.Stub.asInterface(service)); + q.put(IKeyChainService.Stub.asInterface(Binder.allowBlocking(service))); } catch (InterruptedException e) { // will never happen, since the queue starts with one available slot } -- cgit v1.2.3