Reject invalid object types for incoming transactions.
TYPE_PTR and TYPE_FDA should only be used for scatter-gather
transactions, which is not supported by libbinder. Because userspace is
responsible for cleaning up the transaction objects, we can't just
reject the transaction outright; instead, free the objects and make sure
the Parcel won't contain them going forward.
While we're at it, also reject weak binders now, since those are no
longer supported.
For Parcels which were expecting valid objects, those will now fail to
unparcel, and return an error to the caller, which seems reasonable.
For Parcels which didn't expect any objects, the Parcel will be read
out successfully, but also no harm should be done, as there's no way to
propagate the bad objects.
Bug: 135930648
Test: atest binderLibTest
Change-Id: I2a4b408d6dcf1a67f3093d40061cb6159a0444f9
2 files changed