Merge "Reset PAC keys on thread creation instead of on zygote fork."

  gUsapPoolCount = 0;

}

NO_PAC_FUNC

static void PAuthKeyChange(JNIEnv* env) {

#ifdef __aarch64__

  unsigned long int hwcaps = getauxval(AT_HWCAP);

  if (hwcaps & HWCAP_PACA) {

    const unsigned long key_mask = PR_PAC_APIAKEY | PR_PAC_APIBKEY |

                                   PR_PAC_APDAKEY | PR_PAC_APDBKEY | PR_PAC_APGAKEY;

    if (prctl(PR_PAC_RESET_KEYS, key_mask, 0, 0, 0) != 0) {

      ALOGE("Failed to change the PAC keys: %s", strerror(errno));

      RuntimeAbort(env, __LINE__, "PAC key change failed.");

    }

  }

#endif

}

// Create an app data directory over tmpfs overlayed CE / DE storage, and bind mount it

// from the actual app data directory in data mirror.

static bool createAndMountAppData(std::string_view package_name,

}

// Utility routine to fork a process from the zygote.

NO_PAC_FUNC

pid_t zygote::ForkCommon(JNIEnv* env, bool is_system_server,

                         const std::vector<int>& fds_to_close,

                         const std::vector<int>& fds_to_ignore,

    }

    // The child process.

    PAuthKeyChange(env);

    PreApplicationInit();

    // Clean up any descriptors which must be closed immediately

  PreApplicationInit();

}

NO_PAC_FUNC

static jint com_android_internal_os_Zygote_nativeForkAndSpecialize(

        JNIEnv* env, jclass, jint uid, jint gid, jintArray gids, jint runtime_flags,

        jobjectArray rlimits, jint mount_external, jstring se_info, jstring nice_name,

    return pid;

}

NO_PAC_FUNC

static jint com_android_internal_os_Zygote_nativeForkSystemServer(

        JNIEnv* env, jclass, uid_t uid, gid_t gid, jintArray gids,

        jint runtime_flags, jobjectArray rlimits, jlong permitted_capabilities,

 * @param is_priority_fork  Controls the nice level assigned to the newly created process

 * @return child pid in the parent, 0 in the child

 */

NO_PAC_FUNC

static jint com_android_internal_os_Zygote_nativeForkApp(JNIEnv* env,

                                                         jclass,

                                                         jint read_pipe_fd,

                            args_known == JNI_TRUE, is_priority_fork == JNI_TRUE, true);

}

NO_PAC_FUNC

int zygote::forkApp(JNIEnv* env,

                    int read_pipe_fd,

                    int write_pipe_fd,

#define LOG_TAG "Zygote"

#define ATRACE_TAG ATRACE_TAG_DALVIK

/* Functions in the callchain during the fork shall not be protected with

   Armv8.3-A Pointer Authentication, otherwise child will not be able to return. */

#ifdef __ARM_FEATURE_PAC_DEFAULT

#ifdef __ARM_FEATURE_BTI_DEFAULT

#define NO_PAC_FUNC __attribute__((target("branch-protection=bti")))

#else

#define NO_PAC_FUNC __attribute__((target("branch-protection=none")))

#endif /* __ARM_FEATURE_BTI_DEFAULT */

#else /* !__ARM_FEATURE_PAC_DEFAULT */

#define NO_PAC_FUNC

#endif /* __ARM_FEATURE_PAC_DEFAULT */

#include <jni.h>

#include <vector>

#include <android-base/stringprintf.h>

namespace android {

namespace zygote {

NO_PAC_FUNC

pid_t ForkCommon(JNIEnv* env,bool is_system_server,

                 const std::vector<int>& fds_to_close,

                 const std::vector<int>& fds_to_ignore,

 * communication is required. Is_priority_fork should be true if this is on the app startup

 * critical path. Purge specifies that unused pages should be purged before the fork.

 */

NO_PAC_FUNC

int forkApp(JNIEnv* env,

            int read_pipe_fd,

            int write_pipe_fd,

// We only process fork commands if the peer uid matches expected_uid.

// For every fork command after the first, we check that the requested uid is at

// least minUid.

NO_PAC_FUNC

jboolean com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly(

            JNIEnv* env,

            jclass,