Camera2: protect the device access
The Camera3Device could be detached during the static metadata access,
which could cause some nstive crash or even DoS.
Bug: 26696230
Change-Id: I081a119f6687fdbfcba845c4d317d043390c3a84
diff --git a/services/camera/libcameraservice/api2/CameraDeviceClient.cpp b/services/camera/libcameraservice/api2/CameraDeviceClient.cpp
index 307b412..0692e5a 100644
--- a/services/camera/libcameraservice/api2/CameraDeviceClient.cpp
+++ b/services/camera/libcameraservice/api2/CameraDeviceClient.cpp
@@ -310,6 +310,15 @@
ALOGV("%s: ending configure (%d input stream, %zu output streams)",
__FUNCTION__, mInputStream.configured ? 1 : 0, mStreamMap.size());
+ binder::Status res;
+ if (!(res = checkPidStatus(__FUNCTION__)).isOk()) return res;
+
+ Mutex::Autolock icl(mBinderSerializationLock);
+
+ if (!mDevice.get()) {
+ return STATUS_ERROR(CameraService::ERROR_DISCONNECTED, "Camera device no longer alive");
+ }
+
// Sanitize the high speed session against necessary capability bit.
if (isConstrainedHighSpeed) {
CameraMetadata staticInfo = mDevice->info();
@@ -332,15 +341,6 @@
}
}
- binder::Status res;
- if (!(res = checkPidStatus(__FUNCTION__)).isOk()) return res;
-
- Mutex::Autolock icl(mBinderSerializationLock);
-
- if (!mDevice.get()) {
- return STATUS_ERROR(CameraService::ERROR_DISCONNECTED, "Camera device no longer alive");
- }
-
status_t err = mDevice->configureStreams(isConstrainedHighSpeed);
if (err != OK) {
res = STATUS_ERROR_FMT(CameraService::ERROR_INVALID_OPERATION,