RK3368 Scpi: add Scpi version check

[firefly-linux-kernel-4.4.55.git] / drivers / android / binder.c

diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index 3d0750780217553a6d09e3fbfdc262ae03098b28..383aa21a0e2a6a4380ccfe9bc2eff3496ceafd92 100644 (file)
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -38,6 +38,7 @@
 #include <linux/vmalloc.h>
 #include <linux/slab.h>
 #include <linux/pid_namespace.h>
+#include <linux/security.h>
 
 #ifdef CONFIG_ANDROID_BINDER_IPC_32BIT
 #define BINDER_IPC_32BIT 1
@@ -1404,6 +1405,10 @@ static void binder_transaction(struct binder_proc *proc,
                        return_error = BR_DEAD_REPLY;
                        goto err_dead_binder;
                }
+               if (security_binder_transaction(proc->tsk, target_proc->tsk) < 0) {
+                       return_error = BR_FAILED_REPLY;
+                       goto err_invalid_target_handle;
+               }
                if (!(tr->flags & TF_ONE_WAY) && thread->transaction_stack) {
                        struct binder_transaction *tmp;
 
@@ -1561,6 +1566,10 @@ static void binder_transaction(struct binder_proc *proc,
                                return_error = BR_FAILED_REPLY;
                                goto err_binder_get_ref_for_node_failed;
                        }
+                       if (security_binder_transfer_binder(proc->tsk, target_proc->tsk)) {
+                               return_error = BR_FAILED_REPLY;
+                               goto err_binder_get_ref_for_node_failed;
+                       }
                        ref = binder_get_ref_for_node(target_proc, node);
                        if (ref == NULL) {
                                return_error = BR_FAILED_REPLY;
@@ -1591,6 +1600,10 @@ static void binder_transaction(struct binder_proc *proc,
                                return_error = BR_FAILED_REPLY;
                                goto err_binder_get_ref_failed;
                        }
+                       if (security_binder_transfer_binder(proc->tsk, target_proc->tsk)) {
+                               return_error = BR_FAILED_REPLY;
+                               goto err_binder_get_ref_failed;
+                       }
                        if (ref->node->proc == target_proc) {
                                if (fp->type == BINDER_TYPE_HANDLE)
                                        fp->type = BINDER_TYPE_BINDER;
@@ -1648,6 +1661,11 @@ static void binder_transaction(struct binder_proc *proc,
                                return_error = BR_FAILED_REPLY;
                                goto err_fget_failed;
                        }
+                       if (security_binder_transfer_file(proc->tsk, target_proc->tsk, file) < 0) {
+                               fput(file);
+                               return_error = BR_FAILED_REPLY;
+                               goto err_get_unused_fd_failed;
+                       }
                        target_fd = task_get_unused_fd_flags(target_proc, O_CLOEXEC);
                        if (target_fd < 0) {
                                fput(file);
@@ -2685,6 +2703,9 @@ static int binder_ioctl_set_ctx_mgr(struct file *filp)
                ret = -EBUSY;
                goto out;
        }
+       ret = security_binder_set_context_mgr(proc->tsk);
+       if (ret < 0)
+               goto out;
        if (uid_valid(binder_context_mgr_uid)) {
                if (!uid_eq(binder_context_mgr_uid, curr_euid)) {
                        pr_err("BINDER_SET_CONTEXT_MGR bad uid %d != %d\n",
@@ -3577,13 +3598,24 @@ static int binder_transactions_show(struct seq_file *m, void *unused)
 
 static int binder_proc_show(struct seq_file *m, void *unused)
 {
+       struct binder_proc *itr;
        struct binder_proc *proc = m->private;
        int do_lock = !binder_debug_no_lock;
+       bool valid_proc = false;
 
        if (do_lock)
                binder_lock(__func__);
-       seq_puts(m, "binder proc state:\n");
-       print_binder_proc(m, proc, 1);
+
+       hlist_for_each_entry(itr, &binder_procs, proc_node) {
+               if (itr == proc) {
+                       valid_proc = true;
+                       break;
+               }
+       }
+       if (valid_proc) {
+               seq_puts(m, "binder proc state:\n");
+               print_binder_proc(m, proc, 1);
+       }
        if (do_lock)
                binder_unlock(__func__);
        return 0;