Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 30b2cd80 authored by T.J. Mercier's avatar T.J. Mercier
Browse files

Throw exception for negative UIDs/GIDs 

UIDs and GIDs are unsigned on linux. Badly behaved callers are
occasionally passing negative integers for UIDs through JNI to uid_t
which is unsigned. Prevent this by throwing a JNI exception.

12-08 23:15:34.542  1000  3354  3388 I ActivityManager: Force stopping com.android.cts.install.lib.testapp.A appid=10109 user=-1: deletePackageX
12-08 23:15:34.543  1000  3354  3388 E libprocessgroup: No such cgroup attribute: /sys/fs/cgroup/uid_4294877405/cgroup.freeze
12-08 23:15:34.543  1000  3354  3388 W libprocessgroup: Failed to apply Frozen process profile: No such file or directory

Test: 12-11 18:43:23.145  3432  3466 I ActivityManager: Force stopping com.android.cts.install.lib.testapp.A appid=10109 user=-1: deletePackageX
Test: 12-11 18:43:23.146  3432  3466 E ActivityManager: Unable to freeze cgroup uid: -89891: java.lang.IllegalArgumentException: uid is negative: -89891
Test: 12-11 18:43:23.147  3432  3466 E ActivityManager: Unable to unfreeze cgroup uid: -89891: java.lang.IllegalArgumentException: uid is negative: -89891
Bug: 316198981
Change-Id: I24cb1e65e502ef6e09226538efe6ed54c8db7cdd
parent 9bbbca96

core/jni/android_util_Process.cpp

+37 −3
Original line number Diff line number Diff line
@@ -282,6 +282,11 @@ void android_os_Process_setProcessGroup(JNIEnv* env, jobject clazz, int pid, jin 
void android_os_Process_setProcessFrozen(

        JNIEnv *env, jobject clazz, jint pid, jint uid, jboolean freeze)

{

    if (uid < 0) {

        jniThrowExceptionFmt(env, "java/lang/IllegalArgumentException", "uid is negative: %d", uid);

        return;

    }



    bool success = true;



    if (freeze) {
@@ -305,6 +310,11 @@ jint android_os_Process_getProcessGroup(JNIEnv* env, jobject clazz, jint pid) 
}



jint android_os_Process_createProcessGroup(JNIEnv* env, jobject clazz, jint uid, jint pid) {

    if (uid < 0) {

        return jniThrowExceptionFmt(env, "java/lang/IllegalArgumentException",

                                    "uid is negative: %d", uid);

    }



    return createProcessGroup(uid, pid);

}
@@ -590,12 +600,21 @@ void android_os_Process_setArgV0(JNIEnv* env, jobject clazz, jstring name) 


jint android_os_Process_setUid(JNIEnv* env, jobject clazz, jint uid)

{

    if (uid < 0) {

        return jniThrowExceptionFmt(env, "java/lang/IllegalArgumentException",

                                    "uid is negative: %d", uid);

    }



    return setuid(uid) == 0 ? 0 : errno;

}



jint android_os_Process_setGid(JNIEnv* env, jobject clazz, jint uid)

{

    return setgid(uid) == 0 ? 0 : errno;

jint android_os_Process_setGid(JNIEnv* env, jobject clazz, jint gid) {

    if (gid < 0) {

        return jniThrowExceptionFmt(env, "java/lang/IllegalArgumentException",

                                    "gid is negative: %d", gid);

    }



    return setgid(gid) == 0 ? 0 : errno;

}



static int pid_compare(const void* v1, const void* v2)
@@ -1235,11 +1254,21 @@ jintArray android_os_Process_getPidsForCommands(JNIEnv* env, jobject clazz, 


jint android_os_Process_killProcessGroup(JNIEnv* env, jobject clazz, jint uid, jint pid)

{

    if (uid < 0) {

        return jniThrowExceptionFmt(env, "java/lang/IllegalArgumentException",

                                    "uid is negative: %d", uid);

    }



    return killProcessGroup(uid, pid, SIGKILL);

}



jint android_os_Process_sendSignalToProcessGroup(JNIEnv* env, jobject clazz, jint uid, jint pid,

                                                 jint signal) {

    if (uid < 0) {

        return jniThrowExceptionFmt(env, "java/lang/IllegalArgumentException",

                                    "uid is negative: %d", uid);

    }



    return sendSignalToProcessGroup(uid, pid, signal);

}
@@ -1258,6 +1287,11 @@ static jint android_os_Process_nativePidFdOpen(JNIEnv* env, jobject, jint pid, j 
}



void android_os_Process_freezeCgroupUID(JNIEnv* env, jobject clazz, jint uid, jboolean freeze) {

    if (uid < 0) {

        jniThrowExceptionFmt(env, "java/lang/IllegalArgumentException", "uid is negative: %d", uid);

        return;

    }



    bool success = true;



    if (freeze) {