Loading core/java/com/android/internal/os/Zygote.java +16 −1 Original line number Diff line number Diff line Loading @@ -24,6 +24,7 @@ import android.content.pm.ApplicationInfo; import android.net.Credentials; import android.net.LocalServerSocket; import android.net.LocalSocket; import android.os.Build; import android.os.FactoryTest; import android.os.IVold; import android.os.Process; Loading Loading @@ -236,7 +237,7 @@ public final class Zygote { public static int forkAndSpecialize(int uid, int gid, int[] gids, int runtimeFlags, int[][] rlimits, int mountExternal, String seInfo, String niceName, int[] fdsToClose, int[] fdsToIgnore, boolean startChildZygote, String instructionSet, String appDataDir, String packageName, String[] packagesForUID, String sandboxId) { String packageName, String[] packagesForUID, String sandboxId, int targetSdkVersion) { ZygoteHooks.preFork(); // Resets nice priority for zygote process. resetNicePriority(); Loading @@ -246,6 +247,7 @@ public final class Zygote { packagesForUID, sandboxId); // Enable tracing as soon as possible for the child process. if (pid == 0) { Zygote.disableExecuteOnly(targetSdkVersion); Trace.setTracingEnabled(true, runtimeFlags); // Note that this event ends at the end of handleChildProc, Loading Loading @@ -600,6 +602,8 @@ public final class Zygote { args.mInstructionSet, args.mAppDataDir, args.mPackageName, args.mPackagesForUid, args.mSandboxId); disableExecuteOnly(args.mTargetSdkVersion); if (args.mNiceName != null) { Process.setArgV0(args.mNiceName); } Loading Loading @@ -650,6 +654,17 @@ public final class Zygote { } } /** * Mark execute-only segments of libraries read+execute for apps with targetSdkVersion<Q. */ protected static void disableExecuteOnly(int targetSdkVersion) { if ((targetSdkVersion < Build.VERSION_CODES.Q) && !nativeDisableExecuteOnly()) { Log.e("Zygote", "Failed to set libraries to read+execute."); } } private static native boolean nativeDisableExecuteOnly(); /** * @return Raw file descriptors for the read-end of USAP reporting pipes. */ Loading core/java/com/android/internal/os/ZygoteConnection.java +1 −1 Original line number Diff line number Diff line Loading @@ -268,7 +268,7 @@ class ZygoteConnection { parsedArgs.mRuntimeFlags, rlimits, parsedArgs.mMountExternal, parsedArgs.mSeInfo, parsedArgs.mNiceName, fdsToClose, fdsToIgnore, parsedArgs.mStartChildZygote, parsedArgs.mInstructionSet, parsedArgs.mAppDataDir, parsedArgs.mPackageName, parsedArgs.mPackagesForUid, parsedArgs.mSandboxId); parsedArgs.mPackagesForUid, parsedArgs.mSandboxId, parsedArgs.mTargetSdkVersion); try { if (pid == 0) { Loading core/jni/com_android_internal_os_Zygote.cpp +26 −1 Original line number Diff line number Diff line Loading @@ -46,6 +46,7 @@ #include <fcntl.h> #include <grp.h> #include <inttypes.h> #include <link.h> #include <malloc.h> #include <mntent.h> #include <paths.h> Loading @@ -54,6 +55,7 @@ #include <sys/capability.h> #include <sys/cdefs.h> #include <sys/eventfd.h> #include <sys/mman.h> #include <sys/personality.h> #include <sys/prctl.h> #include <sys/resource.h> Loading @@ -69,6 +71,7 @@ #include <android-base/properties.h> #include <android-base/file.h> #include <android-base/stringprintf.h> #include <android-base/strings.h> #include <android-base/unique_fd.h> #include <cutils/fs.h> #include <cutils/multiuser.h> Loading Loading @@ -1975,6 +1978,26 @@ static void com_android_internal_os_Zygote_nativeEmptyUsapPool(JNIEnv* env, jcla } } static int disable_execute_only(struct dl_phdr_info *info, size_t size, void *data) { // Search for any execute-only segments and mark them read+execute. for (int i = 0; i < info->dlpi_phnum; i++) { if ((info->dlpi_phdr[i].p_type == PT_LOAD) && (info->dlpi_phdr[i].p_flags == PF_X)) { mprotect(reinterpret_cast<void*>(info->dlpi_addr + info->dlpi_phdr[i].p_vaddr), info->dlpi_phdr[i].p_memsz, PROT_READ | PROT_EXEC); } } // Return non-zero to exit dl_iterate_phdr. return 0; } /** * @param env Managed runtime environment * @return True if disable was successful. */ static jboolean com_android_internal_os_Zygote_nativeDisableExecuteOnly(JNIEnv* env, jclass) { return dl_iterate_phdr(disable_execute_only, nullptr) == 0; } static const JNINativeMethod gMethods[] = { { "nativeSecurityInit", "()V", (void *) com_android_internal_os_Zygote_nativeSecurityInit }, Loading Loading @@ -2007,7 +2030,9 @@ static const JNINativeMethod gMethods[] = { { "nativeGetUsapPoolCount", "()I", (void *) com_android_internal_os_Zygote_nativeGetUsapPoolCount }, { "nativeEmptyUsapPool", "()V", (void *) com_android_internal_os_Zygote_nativeEmptyUsapPool } (void *) com_android_internal_os_Zygote_nativeEmptyUsapPool }, { "nativeDisableExecuteOnly", "()Z", (void *) com_android_internal_os_Zygote_nativeDisableExecuteOnly } }; int register_com_android_internal_os_Zygote(JNIEnv* env) { Loading Loading
core/java/com/android/internal/os/Zygote.java +16 −1 Original line number Diff line number Diff line Loading @@ -24,6 +24,7 @@ import android.content.pm.ApplicationInfo; import android.net.Credentials; import android.net.LocalServerSocket; import android.net.LocalSocket; import android.os.Build; import android.os.FactoryTest; import android.os.IVold; import android.os.Process; Loading Loading @@ -236,7 +237,7 @@ public final class Zygote { public static int forkAndSpecialize(int uid, int gid, int[] gids, int runtimeFlags, int[][] rlimits, int mountExternal, String seInfo, String niceName, int[] fdsToClose, int[] fdsToIgnore, boolean startChildZygote, String instructionSet, String appDataDir, String packageName, String[] packagesForUID, String sandboxId) { String packageName, String[] packagesForUID, String sandboxId, int targetSdkVersion) { ZygoteHooks.preFork(); // Resets nice priority for zygote process. resetNicePriority(); Loading @@ -246,6 +247,7 @@ public final class Zygote { packagesForUID, sandboxId); // Enable tracing as soon as possible for the child process. if (pid == 0) { Zygote.disableExecuteOnly(targetSdkVersion); Trace.setTracingEnabled(true, runtimeFlags); // Note that this event ends at the end of handleChildProc, Loading Loading @@ -600,6 +602,8 @@ public final class Zygote { args.mInstructionSet, args.mAppDataDir, args.mPackageName, args.mPackagesForUid, args.mSandboxId); disableExecuteOnly(args.mTargetSdkVersion); if (args.mNiceName != null) { Process.setArgV0(args.mNiceName); } Loading Loading @@ -650,6 +654,17 @@ public final class Zygote { } } /** * Mark execute-only segments of libraries read+execute for apps with targetSdkVersion<Q. */ protected static void disableExecuteOnly(int targetSdkVersion) { if ((targetSdkVersion < Build.VERSION_CODES.Q) && !nativeDisableExecuteOnly()) { Log.e("Zygote", "Failed to set libraries to read+execute."); } } private static native boolean nativeDisableExecuteOnly(); /** * @return Raw file descriptors for the read-end of USAP reporting pipes. */ Loading
core/java/com/android/internal/os/ZygoteConnection.java +1 −1 Original line number Diff line number Diff line Loading @@ -268,7 +268,7 @@ class ZygoteConnection { parsedArgs.mRuntimeFlags, rlimits, parsedArgs.mMountExternal, parsedArgs.mSeInfo, parsedArgs.mNiceName, fdsToClose, fdsToIgnore, parsedArgs.mStartChildZygote, parsedArgs.mInstructionSet, parsedArgs.mAppDataDir, parsedArgs.mPackageName, parsedArgs.mPackagesForUid, parsedArgs.mSandboxId); parsedArgs.mPackagesForUid, parsedArgs.mSandboxId, parsedArgs.mTargetSdkVersion); try { if (pid == 0) { Loading
core/jni/com_android_internal_os_Zygote.cpp +26 −1 Original line number Diff line number Diff line Loading @@ -46,6 +46,7 @@ #include <fcntl.h> #include <grp.h> #include <inttypes.h> #include <link.h> #include <malloc.h> #include <mntent.h> #include <paths.h> Loading @@ -54,6 +55,7 @@ #include <sys/capability.h> #include <sys/cdefs.h> #include <sys/eventfd.h> #include <sys/mman.h> #include <sys/personality.h> #include <sys/prctl.h> #include <sys/resource.h> Loading @@ -69,6 +71,7 @@ #include <android-base/properties.h> #include <android-base/file.h> #include <android-base/stringprintf.h> #include <android-base/strings.h> #include <android-base/unique_fd.h> #include <cutils/fs.h> #include <cutils/multiuser.h> Loading Loading @@ -1975,6 +1978,26 @@ static void com_android_internal_os_Zygote_nativeEmptyUsapPool(JNIEnv* env, jcla } } static int disable_execute_only(struct dl_phdr_info *info, size_t size, void *data) { // Search for any execute-only segments and mark them read+execute. for (int i = 0; i < info->dlpi_phnum; i++) { if ((info->dlpi_phdr[i].p_type == PT_LOAD) && (info->dlpi_phdr[i].p_flags == PF_X)) { mprotect(reinterpret_cast<void*>(info->dlpi_addr + info->dlpi_phdr[i].p_vaddr), info->dlpi_phdr[i].p_memsz, PROT_READ | PROT_EXEC); } } // Return non-zero to exit dl_iterate_phdr. return 0; } /** * @param env Managed runtime environment * @return True if disable was successful. */ static jboolean com_android_internal_os_Zygote_nativeDisableExecuteOnly(JNIEnv* env, jclass) { return dl_iterate_phdr(disable_execute_only, nullptr) == 0; } static const JNINativeMethod gMethods[] = { { "nativeSecurityInit", "()V", (void *) com_android_internal_os_Zygote_nativeSecurityInit }, Loading Loading @@ -2007,7 +2030,9 @@ static const JNINativeMethod gMethods[] = { { "nativeGetUsapPoolCount", "()I", (void *) com_android_internal_os_Zygote_nativeGetUsapPoolCount }, { "nativeEmptyUsapPool", "()V", (void *) com_android_internal_os_Zygote_nativeEmptyUsapPool } (void *) com_android_internal_os_Zygote_nativeEmptyUsapPool }, { "nativeDisableExecuteOnly", "()Z", (void *) com_android_internal_os_Zygote_nativeDisableExecuteOnly } }; int register_com_android_internal_os_Zygote(JNIEnv* env) { Loading
