Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6a4a3398 authored by Victor Hsieh's avatar Victor Hsieh
Browse files

Move zygote's seccomp setup to post-fork 

Before this change, seccomp filter setup is as early as in zygote's main
function.  To make it possible to split app and system server's filter,
this postpone the setup to after fork.  It also starts to call app
specific and system server specific setup function.

In terms of performance since this happens at fork, the measure shows
the overhead is negligible.  Assuming 130 instruction in the BPF, on
walleye, even when running on little core with fixed low frequency, each
setup took about 60.9us on average.  When it runs on big core with
higher frequency, it took about 39.3us.

Test: (cts) -m CtsSecurityTestCases -t android.security.cts.SeccompTest
Bug: 63944145

Change-Id: I748735b478405098beac1e200d911c13ea60e380
Merged-In: I748735b478405098beac1e200d911c13ea60e380
parent 761b7b50

core/java/android/os/Seccomp.java

+2 −1
Original line number Diff line number Diff line
@@ -20,5 +20,6 @@ package android.os; 
 * @hide

 */

public final class Seccomp {

    public static final native void setPolicy();

    public static native void setSystemServerPolicy();

    public static native void setAppPolicy();

}

core/java/com/android/internal/os/Zygote.java

+4 −0
Original line number Diff line number Diff line
@@ -17,6 +17,7 @@ 
package com.android.internal.os;





import android.os.Seccomp;

import android.os.Trace;

import dalvik.system.ZygoteHooks;

import android.system.ErrnoException;
@@ -155,6 +156,9 @@ public final class Zygote { 
     */

    public static int forkSystemServer(int uid, int gid, int[] gids, int runtimeFlags,

            int[][] rlimits, long permittedCapabilities, long effectiveCapabilities) {

        // Set system server specific seccomp policy.

        Seccomp.setSystemServerPolicy();



        VM_HOOKS.preFork();

        // Resets nice priority for zygote process.

        resetNicePriority();

core/java/com/android/internal/os/ZygoteConnection.java

+4 −0
Original line number Diff line number Diff line
@@ -30,6 +30,7 @@ import android.net.Credentials; 
import android.net.LocalSocket;

import android.os.FactoryTest;

import android.os.Process;

import android.os.Seccomp;

import android.os.SystemProperties;

import android.os.Trace;

import android.system.ErrnoException;
@@ -767,6 +768,9 @@ class ZygoteConnection { 
            Process.setArgV0(parsedArgs.niceName);

        }



        // Set app specific seccomp policy.

        Seccomp.setAppPolicy();



        // End of the postFork event.

        Trace.traceEnd(Trace.TRACE_TAG_ACTIVITY_MANAGER);

        if (parsedArgs.invokeWith != null) {

core/java/com/android/internal/os/ZygoteInit.java

+0 −3
Original line number Diff line number Diff line
@@ -782,9 +782,6 @@ public class ZygoteInit { 
            // Zygote process unmounts root storage spaces.

            Zygote.nativeUnmountStorageOnInit();



            // Set seccomp policy

            Seccomp.setPolicy();



            ZygoteHooks.stopZygoteNoThreadCreation();



            if (startSystemServer) {

core/jni/android_os_seccomp.cpp

+16 −3
Original line number Diff line number Diff line
@@ -21,20 +21,33 @@ 


#include "seccomp_policy.h"



static void Seccomp_setPolicy(JNIEnv* /*env*/) {

static void Seccomp_setSystemServerPolicy(JNIEnv* /*env*/) {

    if (security_getenforce() == 0) {

        ALOGI("seccomp disabled by setenforce 0");

        return;

    }



    if (!set_seccomp_filter()) {

    if (!set_system_seccomp_filter()) {

        ALOGE("Failed to set seccomp policy - killing");

        exit(1);

    }

}



static void Seccomp_setAppPolicy(JNIEnv* /*env*/) {

    if (security_getenforce() == 0) {

        ALOGI("seccomp disabled by setenforce 0");

        return;

    }



    if (!set_app_seccomp_filter()) {

        ALOGE("Failed to set seccomp policy - killing");

        exit(1);

    }

}



static const JNINativeMethod method_table[] = {

    NATIVE_METHOD(Seccomp, setPolicy, "()V"),

    NATIVE_METHOD(Seccomp, setSystemServerPolicy, "()V"),

    NATIVE_METHOD(Seccomp, setAppPolicy, "()V"),

};



namespace android {