diff options
| author | Nick Desaulniers <ndesaulniers@google.com> | 2017-08-18 10:00:44 -0700 |
|---|---|---|
| committer | Bruno Martins <bgcngm@gmail.com> | 2018-09-05 16:56:33 +0200 |
| commit | 2456154199f0d03fa35a8ebf06901d597614b928 (patch) | |
| tree | 9a75ed77e2b7e5dceffa48ef35394178983fef2f | |
| parent | d296aef6354c67b90896e24e6d5aa9b0e25b415a (diff) | |
| download | android_hardware_lineage_interfaces-2456154199f0d03fa35a8ebf06901d597614b928.tar.gz android_hardware_lineage_interfaces-2456154199f0d03fa35a8ebf06901d597614b928.tar.bz2 android_hardware_lineage_interfaces-2456154199f0d03fa35a8ebf06901d597614b928.zip | |
biometrics: fingerprint: add locking to default impl
There exists the following race condition:
a). thread A receives setNotify and sets the callback to some object
b). thread B of the wrapped implementation calls
BiometricsFingerprint::notify which it was given a handle to. Thread B
executes past the nullptr check:
c). thread A receives setNotify and sets the callback to some other
object (or nullptr)
d). thread B resumes in notify with unknown state
Add mutex to protect access to mClientCallback.
Change-Id: I9163204ff5802e9246056caeb2a7857e6138531c
Fixes: 64802340
Test: VtsHalBiometricsFingerprintV2_1IfaceFuzzer
| -rw-r--r-- | biometrics/fingerprint/2.0/BiometricsFingerprint.cpp | 2 | ||||
| -rw-r--r-- | biometrics/fingerprint/2.0/BiometricsFingerprint.h | 1 |
2 files changed, 3 insertions, 0 deletions
diff --git a/biometrics/fingerprint/2.0/BiometricsFingerprint.cpp b/biometrics/fingerprint/2.0/BiometricsFingerprint.cpp index cad25a0..3c5b78f 100644 --- a/biometrics/fingerprint/2.0/BiometricsFingerprint.cpp +++ b/biometrics/fingerprint/2.0/BiometricsFingerprint.cpp @@ -145,6 +145,7 @@ FingerprintAcquiredInfo BiometricsFingerprint::VendorAcquiredFilter( Return<uint64_t> BiometricsFingerprint::setNotify( const sp<IBiometricsFingerprintClientCallback>& clientCallback) { + std::lock_guard<std::mutex> lock(mClientCallbackMutex); mClientCallback = clientCallback; // This is here because HAL 2.1 doesn't have a way to propagate a // unique token for its driver. Subsequent versions should send a unique @@ -281,6 +282,7 @@ fingerprint_device_t* BiometricsFingerprint::openHal() { void BiometricsFingerprint::notify(const fingerprint_msg_t *msg) { BiometricsFingerprint* thisPtr = static_cast<BiometricsFingerprint*>( BiometricsFingerprint::getInstance()); + std::lock_guard<std::mutex> lock(thisPtr->mClientCallbackMutex); if (thisPtr == nullptr || thisPtr->mClientCallback == nullptr) { ALOGE("Receiving callbacks before the client callback is registered."); return; diff --git a/biometrics/fingerprint/2.0/BiometricsFingerprint.h b/biometrics/fingerprint/2.0/BiometricsFingerprint.h index 5923c84..6d64e3d 100644 --- a/biometrics/fingerprint/2.0/BiometricsFingerprint.h +++ b/biometrics/fingerprint/2.0/BiometricsFingerprint.h @@ -69,6 +69,7 @@ private: static FingerprintAcquiredInfo VendorAcquiredFilter(int32_t error, int32_t* vendorCode); static BiometricsFingerprint* sInstance; + std::mutex mClientCallbackMutex; sp<IBiometricsFingerprintClientCallback> mClientCallback; fingerprint_device_t *mDevice; }; |