Merge "Merge Android R"
diff --git a/msm8998/android/location_api/GnssAPIClient.cpp b/msm8998/android/location_api/GnssAPIClient.cpp
index efcc1c6..400051e 100644
--- a/msm8998/android/location_api/GnssAPIClient.cpp
+++ b/msm8998/android/location_api/GnssAPIClient.cpp
@@ -74,10 +74,10 @@
const sp<IGnssNiCallback>& niCb)
{
LOC_LOGD("%s]: (%p %p)", __FUNCTION__, &gpsCb, &niCb);
-
+ mMutex.lock();
mGnssCbIface = gpsCb;
mGnssNiCbIface = niCb;
-
+ mMutex.unlock();
LocationCallbacks locationCallbacks;
locationCallbacks.size = sizeof(LocationCallbacks);
@@ -234,7 +234,10 @@
LOC_LOGD("%s]: (%02x)", __FUNCTION__, capabilitiesMask);
mLocationCapabilitiesMask = capabilitiesMask;
mLocationCapabilitiesCached = true;
- sp<IGnssCallback> gnssCbIface = mGnssCbIface;
+
+ mMutex.lock();
+ auto gnssCbIface(mGnssCbIface);
+ mMutex.unlock();
if (gnssCbIface != nullptr) {
uint32_t data = 0;
@@ -275,7 +278,9 @@
void GnssAPIClient::onTrackingCb(Location location)
{
LOC_LOGD("%s]: (flags: %02x)", __FUNCTION__, location.flags);
- sp<IGnssCallback> gnssCbIface = mGnssCbIface;
+ mMutex.lock();
+ auto gnssCbIface(mGnssCbIface);
+ mMutex.unlock();
if (gnssCbIface != nullptr) {
GnssLocation gnssLocation;
@@ -291,7 +296,9 @@
void GnssAPIClient::onGnssNiCb(uint32_t id, GnssNiNotification gnssNiNotification)
{
LOC_LOGD("%s]: (id: %d)", __FUNCTION__, id);
- sp<IGnssNiCallback> gnssNiCbIface = mGnssNiCbIface;
+ mMutex.lock();
+ auto gnssNiCbIface(mGnssNiCbIface);
+ mMutex.unlock();
if (gnssNiCbIface == nullptr) {
LOC_LOGE("%s]: mGnssNiCbIface is nullptr", __FUNCTION__);
@@ -364,7 +371,9 @@
void GnssAPIClient::onGnssSvCb(GnssSvNotification gnssSvNotification)
{
LOC_LOGD("%s]: (count: %zu)", __FUNCTION__, gnssSvNotification.count);
- sp<IGnssCallback> gnssCbIface = mGnssCbIface;
+ mMutex.lock();
+ auto gnssCbIface(mGnssCbIface);
+ mMutex.unlock();
if (gnssCbIface != nullptr) {
IGnssCallback::GnssSvStatus svStatus;
@@ -379,7 +388,9 @@
void GnssAPIClient::onGnssNmeaCb(GnssNmeaNotification gnssNmeaNotification)
{
- sp<IGnssCallback> gnssCbIface = mGnssCbIface;
+ mMutex.lock();
+ auto gnssCbIface(mGnssCbIface);
+ mMutex.unlock();
if (gnssCbIface != nullptr) {
android::hardware::hidl_string nmeaString;
@@ -396,7 +407,9 @@
void GnssAPIClient::onStartTrackingCb(LocationError error)
{
LOC_LOGD("%s]: (%d)", __FUNCTION__, error);
- sp<IGnssCallback> gnssCbIface = mGnssCbIface;
+ mMutex.lock();
+ auto gnssCbIface(mGnssCbIface);
+ mMutex.unlock();
if (error == LOCATION_ERROR_SUCCESS && gnssCbIface != nullptr) {
auto r = gnssCbIface->gnssStatusCb(IGnssCallback::GnssStatusValue::ENGINE_ON);
@@ -415,7 +428,9 @@
void GnssAPIClient::onStopTrackingCb(LocationError error)
{
LOC_LOGD("%s]: (%d)", __FUNCTION__, error);
- sp<IGnssCallback> gnssCbIface = mGnssCbIface;
+ mMutex.lock();
+ auto gnssCbIface(mGnssCbIface);
+ mMutex.unlock();
if (error == LOCATION_ERROR_SUCCESS && gnssCbIface != nullptr) {
auto r = gnssCbIface->gnssStatusCb(IGnssCallback::GnssStatusValue::SESSION_END);
diff --git a/msm8998/android/location_api/GnssAPIClient.h b/msm8998/android/location_api/GnssAPIClient.h
index d447157..904ee25 100644
--- a/msm8998/android/location_api/GnssAPIClient.h
+++ b/msm8998/android/location_api/GnssAPIClient.h
@@ -30,7 +30,7 @@
#ifndef GNSS_API_CLINET_H
#define GNSS_API_CLINET_H
-
+#include <mutex>
#include <android/hardware/gnss/1.0/IGnss.h>
#include <android/hardware/gnss/1.0/IGnssCallback.h>
#include <android/hardware/gnss/1.0/IGnssNiCallback.h>
@@ -89,7 +89,7 @@
private:
sp<IGnssCallback> mGnssCbIface;
sp<IGnssNiCallback> mGnssNiCbIface;
-
+ std::mutex mMutex;
LocationCapabilitiesMask mLocationCapabilitiesMask;
bool mLocationCapabilitiesCached;
diff --git a/msm8998/gnss/Agps.cpp b/msm8998/gnss/Agps.cpp
index e671daa..f2fcdd9 100644
--- a/msm8998/gnss/Agps.cpp
+++ b/msm8998/gnss/Agps.cpp
@@ -452,19 +452,20 @@
if (NULL != mAPN) {
delete mAPN;
+ mAPN = NULL;
}
- if (apn == NULL || len <= 0) {
+ if (NULL == apn || len <= 0 || len > MAX_APN_LEN || strlen(apn) != len) {
LOC_LOGD("Invalid apn len (%d) or null apn", len);
mAPN = NULL;
mAPNLen = 0;
- }
-
- if (NULL != apn) {
+ } else {
mAPN = new char[len+1];
- memcpy(mAPN, apn, len);
- mAPN[len] = '\0';
- mAPNLen = len;
+ if (NULL != mAPN) {
+ memcpy(mAPN, apn, len);
+ mAPN[len] = '\0';
+ mAPNLen = len;
+ }
}
}
diff --git a/msm8998/gnss/GnssAdapter.cpp b/msm8998/gnss/GnssAdapter.cpp
index 4de1129..98535f4 100644
--- a/msm8998/gnss/GnssAdapter.cpp
+++ b/msm8998/gnss/GnssAdapter.cpp
@@ -2544,6 +2544,12 @@
new char[apnLen + 1]), mApnLen(apnLen), mIpType(ipType) {
LOC_LOGV("AgpsMsgAtlOpenSuccess");
+ if (mApnName == nullptr) {
+ LOC_LOGE("%s] new allocation failed, fatal error.", __func__);
+ // Reporting the failure here
+ mAgpsManager->reportAtlClosed(mAgpsType);
+ return;
+ }
memcpy(mApnName, apnName, apnLen);
mApnName[apnLen] = 0;
}
@@ -2559,9 +2565,15 @@
mIpType);
}
};
-
+ // Added inital length checks for apnlen check to avoid security issues
+ // In case of failure reporting the same
+ if (NULL == apnName || apnLen <= 0 || apnLen > MAX_APN_LEN || (strlen(apnName) != apnLen)) {
+ LOC_LOGe("%s]: incorrect apnlen length or incorrect apnName", __func__);
+ mAgpsManager.reportAtlClosed(agpsType);
+ } else {
sendMsg( new AgpsMsgAtlOpenSuccess(
&mAgpsManager, (AGpsExtType)agpsType, apnName, apnLen, ipType));
+ }
}
void GnssAdapter::dataConnClosedCommand(AGpsExtType agpsType){
