android: Limit bindToCaller check to webview

content/public/android/java/src/org/chromium/content/app/ChildProcessServiceImpl.java

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 package org.chromium.content.app;
 
 import android.content.Context;
 import android.content.Intent;
 import android.graphics.SurfaceTexture;
 import android.os.Binder;
@@ skipping 41 matching lines @@
 @SuppressWarnings("SynchronizeOnNonFinalField")
 @MainDex
 @UsedByReflection("WebApkSandboxedProcessService")
 public class ChildProcessServiceImpl {
     private static final String MAIN_THREAD_NAME = "ChildProcessMain";
     private static final String TAG = "ChildProcessService";
 
     // Lock that protects the following members.
     private final Object mBinderLock = new Object();
     private IGpuProcessCallback mGpuCallback;
-    // PID of the client of this service, set in bindToCaller().
+    private boolean mBindToCallerCheck;
+    // PID of the client of this service, set in bindToCaller(), if mBindToCallerCheck is true.
     private int mBoundCallingPid;
 
     // This is the native "Main" thread for the renderer / utility process.
     private Thread mMainThread;
     // Parameters received via IPC, only accessed while holding the mMainThread monitor.
     private String[] mCommandLineParams;
     private int mCpuCount;
     private long mCpuFeatures;
     // File descriptors that should be registered natively.
     private FileDescriptorInfo[] mFdInfos;
@@ skipping 30 matching lines @@
                     mLinkerParams.mTestRunnerClassNameForTesting);
         }
         return Linker.getInstance();
     }
 
     // Binder object used by clients for this service.
     private final IChildProcessService.Stub mBinder = new IChildProcessService.Stub() {
         // NOTE: Implement any IChildProcessService methods here.
         @Override
         public boolean bindToCaller() {
+            assert mBindToCallerCheck;
             synchronized (mBinderLock) {
                 int callingPid = Binder.getCallingPid();
                 if (mBoundCallingPid == 0) {
                     mBoundCallingPid = callingPid;
                 } else if (mBoundCallingPid != callingPid) {
                     Log.e(TAG, "Service is already bound by pid %d, cannot bind for pid %d",
                             mBoundCallingPid, callingPid);
                     return false;
                 }
             }
             return true;
         }
 
         @Override
         public int setupConnection(Bundle args, IBinder callback) {
             int callingPid = Binder.getCallingPid();
             synchronized (mBinderLock) {
-                if (mBoundCallingPid != callingPid) {
+                if (mBindToCallerCheck && mBoundCallingPid != callingPid) {
                     if (mBoundCallingPid == 0) {
                         Log.e(TAG, "Service has not been bound with bindToCaller()");
                     } else {
                         Log.e(TAG, "Client pid %d does not match the bound pid %d", callingPid,
                                 mBoundCallingPid);
                     }
                     return -1;
                 }
+            }
 
-                mGpuCallback =
-                        callback != null ? IGpuProcessCallback.Stub.asInterface(callback) : null;
-                getServiceInfo(args);
-                return Process.myPid();
-            }
+            mGpuCallback = callback != null ? IGpuProcessCallback.Stub.asInterface(callback) : null;
+            getServiceInfo(args);
+            return Process.myPid();
         }
 
         @Override
         public void crashIntentionallyForTesting() {
             Process.killProcess(Process.myPid());
         }
 
         @Override
         public boolean onTransact(int arg0, Parcel arg1, Parcel arg2, int arg3)
                 throws RemoteException {
@@ skipping 179 matching lines @@
 
     private void initializeParams(Intent intent) {
         synchronized (mMainThread) {
             // mLinkerParams is never used if Linker.isUsed() returns false.
             // See onCreate().
             mLinkerParams = (ChromiumLinkerParams) intent.getParcelableExtra(
                     ChildProcessConstants.EXTRA_LINKER_PARAMS);
             mLibraryProcessType = ChildProcessCreationParams.getLibraryProcessType(intent);
             mMainThread.notifyAll();
         }
+        synchronized (mBinderLock) {
+            mBindToCallerCheck =
+                    intent.getBooleanExtra(ChildProcessConstants.EXTRA_BIND_TO_CALLER, false);
+        }
     }
 
     private void getServiceInfo(Bundle bundle) {
         // Required to unparcel FileDescriptorInfo.
         bundle.setClassLoader(mHostClassLoader);
         synchronized (mMainThread) {
             if (mCommandLineParams == null) {
                 mCommandLineParams =
                         bundle.getStringArray(ChildProcessConstants.EXTRA_COMMAND_LINE);
                 mMainThread.notifyAll();
@@ skipping 77 matching lines @@
     private static native void nativeInitChildProcessImpl(
             ChildProcessServiceImpl serviceImpl, int cpuCount, long cpuFeatures);
 
     /**
      * Force the child process to exit.
      */
     private static native void nativeExitChildProcess();
 
     private native void nativeShutdownMainThread();
 }