ANDROID: rust_binder: allow PollTable to be null

Rust Binder currently makes a nullptr deref when the poll_table passed
to f_ops->poll is a null pointer. This is due to the incorrect
assumption that this pointer is never null. To fix this, I adjusted the
API of the Rust PollTable to allow turning null ptrs into a Rust
PollTable and adjusted Rust Binder to use the updated API. By also
adjusting the PollTable api itself, and not just Rust Binder, this kind
of mistake should be prevented in the future.

Bug: 426545861
Change-Id: I1eabd62d5e499c83b990517c93a63d7de49252ab
Signed-off-by: Alice Ryhl <aliceryhl@google.com>

drivers/android/binder/process.rs

@@ -1633,7 +1633,7 @@ impl Process {
     pub(crate) fn poll(
         this: ArcBorrow<'_, Process>,
         file: &File,
-        table: &mut PollTable,
+        table: PollTable<'_>,
     ) -> Result<u32> {
         let thread = this.get_current_thread()?;
         let (from_proc, mut mask) = thread.poll(file, table);

drivers/android/binder/rust_binder.rs

@@ -472,7 +472,7 @@ unsafe extern "C" fn rust_binder_poll(
     // SAFETY: The caller ensures that the file is valid.
     let fileref = unsafe { File::from_raw_file(file) };
     // SAFETY: The caller ensures that the `PollTable` is valid.
-    match Process::poll(f, fileref, unsafe { PollTable::from_ptr(wait) }) {
+    match Process::poll(f, fileref, unsafe { PollTable::from_raw(wait) }) {
         Ok(v) => v,
         Err(_) => bindings::POLLERR,
     }

drivers/android/binder/thread.rs

@@ -1614,7 +1614,7 @@ impl Thread {
         ret
     }
 
-    pub(crate) fn poll(&self, file: &File, table: &mut PollTable) -> (bool, u32) {
+    pub(crate) fn poll(&self, file: &File, table: PollTable<'_>) -> (bool, u32) {
         table.register_wait(file, &self.work_condvar);
         let mut inner = self.inner.lock();
         (inner.should_use_process_work_queue(), inner.poll())