Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 739c0b51 authored by Jeff Vander Stoep's avatar Jeff Vander Stoep
Browse files

Disable XOM on libraries for apps with targetSdkVerison<Q 

Apps may (and do) assume that libraries are readable. To avoid app
breakage, mark execute-only sections of as read+execute
for apps with targetSdkVersion<Q.

Bug: 128907672
Test: Check libc for app with targetSdk==current
cat /proc/25950/maps | grep libc.so
77c01e3000-77c028b000 --xp 00041000 07:20 106 /apex/com.android.runtime/lib64/bionic/libc.so
Test: Check libc for app with targetSdk<current
cat /proc/26355/maps | grep libc.so
77c01e3000-77c028b000 r-xp 00041000 07:20 106
/apex/com.android.runtime/lib64/bionic/libc.so

Change-Id: I90b5c91923c8008ae4b4818985842fe3e354a850
parent 417059b1

core/java/com/android/internal/os/Zygote.java

+16 −1
Original line number Diff line number Diff line
@@ -24,6 +24,7 @@ import android.content.pm.ApplicationInfo; 
import android.net.Credentials;

import android.net.LocalServerSocket;

import android.net.LocalSocket;

import android.os.Build;

import android.os.FactoryTest;

import android.os.IVold;

import android.os.Process;
@@ -236,7 +237,7 @@ public final class Zygote { 
    public static int forkAndSpecialize(int uid, int gid, int[] gids, int runtimeFlags,

            int[][] rlimits, int mountExternal, String seInfo, String niceName, int[] fdsToClose,

            int[] fdsToIgnore, boolean startChildZygote, String instructionSet, String appDataDir,

            String packageName, String[] packagesForUID, String sandboxId) {

            String packageName, String[] packagesForUID, String sandboxId, int targetSdkVersion) {

        ZygoteHooks.preFork();

        // Resets nice priority for zygote process.

        resetNicePriority();
@@ -246,6 +247,7 @@ public final class Zygote { 
                packagesForUID, sandboxId);

        // Enable tracing as soon as possible for the child process.

        if (pid == 0) {

            Zygote.disableExecuteOnly(targetSdkVersion);

            Trace.setTracingEnabled(true, runtimeFlags);



            // Note that this event ends at the end of handleChildProc,
@@ -599,6 +601,8 @@ public final class Zygote { 
                           args.mInstructionSet, args.mAppDataDir, args.mPackageName,

                           args.mPackagesForUid, args.mSandboxId);



        disableExecuteOnly(args.mTargetSdkVersion);



        if (args.mNiceName != null) {

            Process.setArgV0(args.mNiceName);

        }
@@ -649,6 +653,17 @@ public final class Zygote { 
        }

    }



    /**

     * Mark execute-only segments of libraries read+execute for apps with targetSdkVersion<Q.

     */

    protected static void disableExecuteOnly(int targetSdkVersion) {

        if ((targetSdkVersion < Build.VERSION_CODES.Q) && !nativeDisableExecuteOnly()) {

            Log.e("Zygote", "Failed to set libraries to read+execute.");

        }

    }



    private static native boolean nativeDisableExecuteOnly();



    /**

     * @return  Raw file descriptors for the read-end of USAP reporting pipes.

     */

core/java/com/android/internal/os/ZygoteConnection.java

+1 −1
Original line number Diff line number Diff line
@@ -264,7 +264,7 @@ class ZygoteConnection { 
                parsedArgs.mRuntimeFlags, rlimits, parsedArgs.mMountExternal, parsedArgs.mSeInfo,

                parsedArgs.mNiceName, fdsToClose, fdsToIgnore, parsedArgs.mStartChildZygote,

                parsedArgs.mInstructionSet, parsedArgs.mAppDataDir, parsedArgs.mPackageName,

                parsedArgs.mPackagesForUid, parsedArgs.mSandboxId);

                parsedArgs.mPackagesForUid, parsedArgs.mSandboxId, parsedArgs.mTargetSdkVersion);



        try {

            if (pid == 0) {

core/jni/com_android_internal_os_Zygote.cpp

+26 −1
Original line number Diff line number Diff line
@@ -46,6 +46,7 @@ 
#include <fcntl.h>

#include <grp.h>

#include <inttypes.h>

#include <link.h>

#include <malloc.h>

#include <mntent.h>

#include <paths.h>
@@ -54,6 +55,7 @@ 
#include <sys/capability.h>

#include <sys/cdefs.h>

#include <sys/eventfd.h>

#include <sys/mman.h>

#include <sys/personality.h>

#include <sys/prctl.h>

#include <sys/resource.h>
@@ -69,6 +71,7 @@ 
#include <android-base/properties.h>

#include <android-base/file.h>

#include <android-base/stringprintf.h>

#include <android-base/strings.h>

#include <android-base/unique_fd.h>

#include <cutils/fs.h>

#include <cutils/multiuser.h>
@@ -1975,6 +1978,26 @@ static void com_android_internal_os_Zygote_nativeEmptyUsapPool(JNIEnv* env, jcla 
  }

}



static int disable_execute_only(struct dl_phdr_info *info, size_t size, void *data) {

  // Search for any execute-only segments and mark them read+execute.

  for (int i = 0; i < info->dlpi_phnum; i++) {

    if ((info->dlpi_phdr[i].p_type == PT_LOAD) && (info->dlpi_phdr[i].p_flags == PF_X)) {

      mprotect(reinterpret_cast<void*>(info->dlpi_addr + info->dlpi_phdr[i].p_vaddr),

              info->dlpi_phdr[i].p_memsz, PROT_READ | PROT_EXEC);

    }

  }

  // Return non-zero to exit dl_iterate_phdr.

  return 0;

}



/**

 * @param env  Managed runtime environment

 * @return  True if disable was successful.

 */

static jboolean com_android_internal_os_Zygote_nativeDisableExecuteOnly(JNIEnv* env, jclass) {

  return dl_iterate_phdr(disable_execute_only, nullptr) == 0;

}



static const JNINativeMethod gMethods[] = {

    { "nativeSecurityInit", "()V",

      (void *) com_android_internal_os_Zygote_nativeSecurityInit },
@@ -2007,7 +2030,9 @@ static const JNINativeMethod gMethods[] = { 
    { "nativeGetUsapPoolCount", "()I",

      (void *) com_android_internal_os_Zygote_nativeGetUsapPoolCount },

    { "nativeEmptyUsapPool", "()V",

      (void *) com_android_internal_os_Zygote_nativeEmptyUsapPool }

      (void *) com_android_internal_os_Zygote_nativeEmptyUsapPool },

    { "nativeDisableExecuteOnly", "()Z",

      (void *) com_android_internal_os_Zygote_nativeDisableExecuteOnly }

};



int register_com_android_internal_os_Zygote(JNIEnv* env) {