Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1f0cc466 authored by Peter Collingbourne's avatar Peter Collingbourne Committed by Automerger Merge Worker
Browse files

Merge "Reset PAC keys on thread creation instead of on zygote fork." am:... 

Merge "Reset PAC keys on thread creation instead of on zygote fork." am: 0c612627 am: 90a348d8 am: d7d903b3

Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1653717

Change-Id: If6807f96f51aff07bf7f6a2aeac9f75dd99b1358
parents 64aa8161 d7d903b3

core/jni/com_android_internal_os_Zygote.cpp

+0 −21
Original line number Original line Diff line number Diff line
@@ -1026,21 +1026,6 @@ static void ClearUsapTable() { 
  gUsapPoolCount = 0;

  gUsapPoolCount = 0;

}

}





NO_PAC_FUNC

static void PAuthKeyChange(JNIEnv* env) {

#ifdef __aarch64__

  unsigned long int hwcaps = getauxval(AT_HWCAP);

  if (hwcaps & HWCAP_PACA) {

    const unsigned long key_mask = PR_PAC_APIAKEY | PR_PAC_APIBKEY |

                                   PR_PAC_APDAKEY | PR_PAC_APDBKEY | PR_PAC_APGAKEY;

    if (prctl(PR_PAC_RESET_KEYS, key_mask, 0, 0, 0) != 0) {

      ALOGE("Failed to change the PAC keys: %s", strerror(errno));

      RuntimeAbort(env, __LINE__, "PAC key change failed.");

    }

  }

#endif

}



// Create an app data directory over tmpfs overlayed CE / DE storage, and bind mount it

// Create an app data directory over tmpfs overlayed CE / DE storage, and bind mount it

// from the actual app data directory in data mirror.

// from the actual app data directory in data mirror.

static bool createAndMountAppData(std::string_view package_name,

static bool createAndMountAppData(std::string_view package_name,
@@ -2020,7 +2005,6 @@ void zygote::ZygoteFailure(JNIEnv* env, 
}

}





// Utility routine to fork a process from the zygote.

// Utility routine to fork a process from the zygote.

NO_PAC_FUNC

pid_t zygote::ForkCommon(JNIEnv* env, bool is_system_server,

pid_t zygote::ForkCommon(JNIEnv* env, bool is_system_server,

                         const std::vector<int>& fds_to_close,

                         const std::vector<int>& fds_to_close,

                         const std::vector<int>& fds_to_ignore,

                         const std::vector<int>& fds_to_ignore,
@@ -2075,7 +2059,6 @@ pid_t zygote::ForkCommon(JNIEnv* env, bool is_system_server, 
    }

    }





    // The child process.

    // The child process.

    PAuthKeyChange(env);

    PreApplicationInit();

    PreApplicationInit();





    // Clean up any descriptors which must be closed immediately

    // Clean up any descriptors which must be closed immediately
@@ -2107,7 +2090,6 @@ static void com_android_internal_os_Zygote_nativePreApplicationInit(JNIEnv*, jcl 
  PreApplicationInit();

  PreApplicationInit();

}

}





NO_PAC_FUNC

static jint com_android_internal_os_Zygote_nativeForkAndSpecialize(

static jint com_android_internal_os_Zygote_nativeForkAndSpecialize(

        JNIEnv* env, jclass, jint uid, jint gid, jintArray gids, jint runtime_flags,

        JNIEnv* env, jclass, jint uid, jint gid, jintArray gids, jint runtime_flags,

        jobjectArray rlimits, jint mount_external, jstring se_info, jstring nice_name,

        jobjectArray rlimits, jint mount_external, jstring se_info, jstring nice_name,
@@ -2157,7 +2139,6 @@ static jint com_android_internal_os_Zygote_nativeForkAndSpecialize( 
    return pid;

    return pid;

}

}





NO_PAC_FUNC

static jint com_android_internal_os_Zygote_nativeForkSystemServer(

static jint com_android_internal_os_Zygote_nativeForkSystemServer(

        JNIEnv* env, jclass, uid_t uid, gid_t gid, jintArray gids,

        JNIEnv* env, jclass, uid_t uid, gid_t gid, jintArray gids,

        jint runtime_flags, jobjectArray rlimits, jlong permitted_capabilities,

        jint runtime_flags, jobjectArray rlimits, jlong permitted_capabilities,
@@ -2229,7 +2210,6 @@ static jint com_android_internal_os_Zygote_nativeForkSystemServer( 
 * @param is_priority_fork  Controls the nice level assigned to the newly created process

 * @param is_priority_fork  Controls the nice level assigned to the newly created process

 * @return child pid in the parent, 0 in the child

 * @return child pid in the parent, 0 in the child

 */

 */

NO_PAC_FUNC

static jint com_android_internal_os_Zygote_nativeForkApp(JNIEnv* env,

static jint com_android_internal_os_Zygote_nativeForkApp(JNIEnv* env,

                                                         jclass,

                                                         jclass,

                                                         jint read_pipe_fd,

                                                         jint read_pipe_fd,
@@ -2244,7 +2224,6 @@ static jint com_android_internal_os_Zygote_nativeForkApp(JNIEnv* env, 
                            args_known == JNI_TRUE, is_priority_fork == JNI_TRUE, true);

                            args_known == JNI_TRUE, is_priority_fork == JNI_TRUE, true);

}

}





NO_PAC_FUNC

int zygote::forkApp(JNIEnv* env,

int zygote::forkApp(JNIEnv* env,

                    int read_pipe_fd,

                    int read_pipe_fd,

                    int write_pipe_fd,

                    int write_pipe_fd,

core/jni/com_android_internal_os_Zygote.h

+0 −14
Original line number Original line Diff line number Diff line
@@ -20,18 +20,6 @@ 
#define LOG_TAG "Zygote"

#define LOG_TAG "Zygote"

#define ATRACE_TAG ATRACE_TAG_DALVIK

#define ATRACE_TAG ATRACE_TAG_DALVIK





/* Functions in the callchain during the fork shall not be protected with

   Armv8.3-A Pointer Authentication, otherwise child will not be able to return. */

#ifdef __ARM_FEATURE_PAC_DEFAULT

#ifdef __ARM_FEATURE_BTI_DEFAULT

#define NO_PAC_FUNC __attribute__((target("branch-protection=bti")))

#else

#define NO_PAC_FUNC __attribute__((target("branch-protection=none")))

#endif /* __ARM_FEATURE_BTI_DEFAULT */

#else /* !__ARM_FEATURE_PAC_DEFAULT */

#define NO_PAC_FUNC

#endif /* __ARM_FEATURE_PAC_DEFAULT */



#include <jni.h>

#include <jni.h>

#include <vector>

#include <vector>

#include <android-base/stringprintf.h>

#include <android-base/stringprintf.h>
@@ -42,7 +30,6 @@ 
namespace android {

namespace android {

namespace zygote {

namespace zygote {





NO_PAC_FUNC

pid_t ForkCommon(JNIEnv* env,bool is_system_server,

pid_t ForkCommon(JNIEnv* env,bool is_system_server,

                 const std::vector<int>& fds_to_close,

                 const std::vector<int>& fds_to_close,

                 const std::vector<int>& fds_to_ignore,

                 const std::vector<int>& fds_to_ignore,
@@ -57,7 +44,6 @@ pid_t ForkCommon(JNIEnv* env,bool is_system_server, 
 * communication is required. Is_priority_fork should be true if this is on the app startup

 * communication is required. Is_priority_fork should be true if this is on the app startup

 * critical path. Purge specifies that unused pages should be purged before the fork.

 * critical path. Purge specifies that unused pages should be purged before the fork.

 */

 */

NO_PAC_FUNC

int forkApp(JNIEnv* env,

int forkApp(JNIEnv* env,

            int read_pipe_fd,

            int read_pipe_fd,

            int write_pipe_fd,

            int write_pipe_fd,

core/jni/com_android_internal_os_ZygoteCommandBuffer.cpp

+0 −1
Original line number Original line Diff line number Diff line
@@ -365,7 +365,6 @@ void com_android_internal_os_ZygoteCommandBuffer_nativeReadFullyAndReset(JNIEnv* 
// We only process fork commands if the peer uid matches expected_uid.

// We only process fork commands if the peer uid matches expected_uid.

// For every fork command after the first, we check that the requested uid is at

// For every fork command after the first, we check that the requested uid is at

// least minUid.

// least minUid.

NO_PAC_FUNC

jboolean com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly(

jboolean com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly(

            JNIEnv* env,

            JNIEnv* env,

            jclass,

            jclass,