commit ae4f85d2ff11079bd79650a61745a89fa695ed4a
author Jeff Sharkey <jsharkey@android.com> Wed Oct 18 17:02:21 2017 -0600
committer Jeff Sharkey <jsharkey@android.com> Wed Oct 18 17:02:24 2017 -0600
tree 4e30b893cf6f6f566be4e330ed6179e5aaadecf8
parent a6f628587523624d03ba78f49d2aff6f57368d99

Introduce lock for SELinux process-level changes.

Used to protect process-level SELinux changes from racing with each
other between multiple threads.

Test: builds, boots
Bug: 67041047
Change-Id: I242afed3c3eb7fba282f1f6b3bdb2d957417c7e8

Utils.cpp

diff --git a/Utils.cpp b/Utils.cpp
index 484de90..9c19190 100644
--- a/Utils.cpp
+++ b/Utils.cpp
@@ -60,7 +60,12 @@
 
 static const char* kProcFilesystems = "/proc/filesystems";
 
+// Lock used to protect process-level SELinux changes from racing with each
+// other between multiple threads.
+static std::mutex kSecurityLock;
+
 status_t CreateDeviceNode(const std::string& path, dev_t dev) {
+    std::lock_guard<std::mutex> lock(kSecurityLock);
     const char* cpath = path.c_str();
     status_t res = 0;
 
@@ -98,6 +103,7 @@
 }
 
 status_t PrepareDir(const std::string& path, mode_t mode, uid_t uid, gid_t gid) {
+    std::lock_guard<std::mutex> lock(kSecurityLock);
     const char* cpath = path.c_str();
 
     char* secontext = nullptr;
@@ -251,6 +257,7 @@
 }
 
 status_t ForkExecvp(const std::vector<std::string>& args, security_context_t context) {
+    std::lock_guard<std::mutex> lock(kSecurityLock);
     size_t argc = args.size();
     char** argv = (char**) calloc(argc, sizeof(char*));
     for (size_t i = 0; i < argc; i++) {
@@ -283,6 +290,7 @@
 
 status_t ForkExecvp(const std::vector<std::string>& args,
         std::vector<std::string>& output, security_context_t context) {
+    std::lock_guard<std::mutex> lock(kSecurityLock);
     std::string cmd;
     for (size_t i = 0; i < args.size(); i++) {
         cmd += args[i] + " ";