Merge "Check 64-to-32-bit transition in system_server for Tagged Ptrs [#2]." am: fbe9d7e821 (19740a47) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/am/ProcessList.java

+65 −16

Original line number	Diff line number	Diff line
		@@ -1509,6 +1509,57 @@ public final class ProcessList {
		}
		}

		private boolean shouldEnableMemoryTagging(ProcessRecord app) {
		// Ensure the hardware + kernel actually supports MTE.
		if (!Zygote.nativeSupportsMemoryTagging()) {
		return false;
		}

		// Enable MTE for system apps if supported.
		if ((app.info.flags & ApplicationInfo.FLAG_SYSTEM) != 0) {
		return true;
		}

		// Enable MTE if the compat feature is enabled.
		if (mPlatformCompat.isChangeEnabled(NATIVE_MEMORY_TAGGING, app.info)) {
		return true;
		}

		return false;
		}

		private boolean shouldEnableTaggedPointers(ProcessRecord app) {
		// Ensure we have platform + kernel support for TBI.
		if (!Zygote.nativeSupportsTaggedPointers()) {
		return false;
		}

		// Enable TBI for system apps if supported.
		if ((app.info.flags & ApplicationInfo.FLAG_SYSTEM) != 0) {
		return true;
		}

		// Enable TBI if the compat feature is enabled.
		if (!mPlatformCompat.isChangeEnabled(NATIVE_HEAP_POINTER_TAGGING, app.info)) {
		return true;
		}

		return false;
		}

		private int decideTaggingLevel(ProcessRecord app) {
		// Check MTE support first, as it should take precedence over TBI.
		if (shouldEnableMemoryTagging(app)) {
		return Zygote.MEMORY_TAG_LEVEL_ASYNC;
		}

		if (shouldEnableTaggedPointers(app)) {
		return Zygote.MEMORY_TAG_LEVEL_TBI;
		}

		return 0;
		}

		/**
		* @return {@code true} if process start is successful, false otherwise.
		*/
		@@ -1672,22 +1723,6 @@ public final class ProcessList {
		runtimeFlags \|= Zygote.USE_APP_IMAGE_STARTUP_CACHE;
		}

		if (Zygote.nativeSupportsMemoryTagging()) {
		// System apps are generally more privileged than regular apps, and don't have the
		// same app compat concerns as regular apps, so we enable async tag checks for all
		// of their processes.
		if ((app.info.flags & ApplicationInfo.FLAG_SYSTEM) != 0
		\|\| mPlatformCompat.isChangeEnabled(NATIVE_MEMORY_TAGGING, app.info)) {
		runtimeFlags \|= Zygote.MEMORY_TAG_LEVEL_ASYNC;
		}
		} else if (Zygote.nativeSupportsTaggedPointers()) {
		// Enable heap pointer tagging if supported by the kernel, unless disabled by the
		// target sdk level or compat feature.
		if (mPlatformCompat.isChangeEnabled(NATIVE_HEAP_POINTER_TAGGING, app.info)) {
		runtimeFlags \|= Zygote.MEMORY_TAG_LEVEL_TBI;
		}
		}

		String invokeWith = null;
		if ((app.info.flags & ApplicationInfo.FLAG_DEBUGGABLE) != 0) {
		// Debuggable apps may include a wrapper script with their library directory.
		@@ -1716,6 +1751,20 @@ public final class ProcessList {
		app.setRequiredAbi(requiredAbi);
		app.instructionSet = instructionSet;

		// If instructionSet is non-null, this indicates that the system_server is spawning a
		// process with an ISA that may be different from its own. System (kernel and hardware)
		// compatililty for these features is checked in the decideTaggingLevel in the
		// system_server process (not the child process). As both MTE and TBI are only supported
		// in aarch64, we can simply ensure that the new process is also aarch64. This prevents
		// the mismatch where a 64-bit system server spawns a 32-bit child that thinks it should
		// enable some tagging variant. Theoretically, a 32-bit system server could exist that
		// spawns 64-bit processes, in which case the new process won't get any tagging. This is
		// fine as we haven't seen this configuration in practice, and we can reasonable assume
		// that if tagging is desired, the system server will be 64-bit.
		if (instructionSet == null \|\| instructionSet.equals("arm64")) {
		runtimeFlags \|= decideTaggingLevel(app);
		}

		// the per-user SELinux context must be set
		if (TextUtils.isEmpty(app.info.seInfoUser)) {
		Slog.wtf(ActivityManagerService.TAG, "SELinux tag not defined",