Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit a1252ccb authored by Narayan Kamath's avatar Narayan Kamath
Browse files

Backport changes to whitelist sockets opened by the zygote. 

This is the backport of the following commits :

Reopen whitelisted zygote file descriptors after a fork.

We don't want these descriptors to be shared post-fork, so we'll
have to close and reopen them when the zygote forks. The set of
open descriptors is checked against a whitelist and it is a fatal
error if a non whitelisted FD is opened. It is also a fatal error
if anything other than a regular file / character device or socket
is opened at the time of forking.

This work is done in two stages :
- An initial list of FDs is constructed and cached prior to the
  first zygote fork.

- On each subsequent fork, we check whether the list of open FDs
  has changed. We are currently tolerant of changes, but in the
  longer term, it should be a fatal error if the set of open file
  descriptors in the zygote changes.

- Post fork, we traverse the list of open descriptors and reopen
  them if necessary.

bug: 30963384

(cherry picked from commit c5f27a7c)

Fix clang build breakage (-Werror -Wformat).

Use %zd for size_t. Note that this will break only on (-plus-)aosp because
clang is disabled on the N development branches.

bug: 30963384

(cherry picked from commit b334c33d)

Add a whitelist of sockets on fork.

Maintain a whitelist of AF_UNIX sockets that are permitted
to exist at the time of forking. If an open socket does not belong
to the whitelist (or is not AF_UNIX), the process will abort. If an
open socket is whitelisted, it will be redirected to /dev/null after
a sucessful fork. This allows us to unify our handling of the special
zygote sockets (/dev/socket/zygote[_secondary]) with the existing
whitelist of non socket file descriptors.

This change also removes non-fatal ALOGW messages since they have the
side effect of reopening the logging socket.

bug: 30963384

(cherry picked from commit 3764a260)

fd_utils: Remove whitelist for "/dev/pmsg0".

We're now calling __android_log_close prior to a fork, so this file
shouldn't need to be open.

bug: 31243313
bug: 30963384

(cherry picked from commit 8dee0541)

fd_utils: Fix broken usage of iterators.

There were two separate issues here :
- RestatInternal was using an iterator after a call to erase(). This
  will not work because it will be invalidated.
- The "standard" for loop idiom for iterating over a map while making
  structural changes to it is broken. Switch to a while loop and treat
  cases where elements are erased differently from cases where they
  aren't.

bug: 31092930
bug: 30963384

(cherry picked from commit 0b76d6a2)

add dri device to zygote whitelisted FDs

The driver can be used just like /dev/ion for graphic buffers.

(cherry picked from commit 8977e424)
parent 4dc743ac
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment