Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit abbd4a7a authored by Nicolas Geoffray's avatar Nicolas Geoffray
Browse files

Add checks to ensure only the ART memfd file is whitelisted. 

A memfd file can be created with any name, but to protect ourselves
from unintended leakage, check that it's the name ART uses.

Test: boots
Bug: 119800099
Change-Id: Ibc684d09dd05f38933c6808b72fb402fc9d5e4eb
parent 813b9e8c

core/jni/fd_utils.cpp

+18 −6
Original line number Original line Diff line number Diff line
@@ -59,8 +59,8 @@ FileDescriptorWhitelist* FileDescriptorWhitelist::Get() { 
  return instance_;

  return instance_;

}

}





static bool IsMemfd(const std::string& path) {

static bool IsArtMemfd(const std::string& path) {

  return android::base::StartsWith(path, "/memfd:");

  return android::base::StartsWith(path, "/memfd:/boot-image-methods.art");

}

}





bool FileDescriptorWhitelist::IsAllowed(const std::string& path) const {

bool FileDescriptorWhitelist::IsAllowed(const std::string& path) const {
@@ -91,8 +91,8 @@ bool FileDescriptorWhitelist::IsAllowed(const std::string& path) const { 
    return true;

    return true;

  }

  }





  // In-memory files created through memfd_create are allowed.

  // the in-memory file created by ART through memfd_create is allowed.

  if (IsMemfd(path)) {

  if (IsArtMemfd(path)) {

    return true;

    return true;

  }

  }
@@ -321,8 +321,8 @@ void FileDescriptorInfo::ReopenOrDetach(fail_fn_t fail_fn) const { 
    return DetachSocket(fail_fn);

    return DetachSocket(fail_fn);

  }

  }





  // Children can directly use in-memory files created through memfd_create.

  // Children can directly use the in-memory file created by ART through memfd_create.

  if (IsMemfd(file_path)) {

  if (IsArtMemfd(file_path)) {

    return;

    return;

  }

  }
@@ -545,6 +545,10 @@ FileDescriptorTable::FileDescriptorTable( 
}

}





void FileDescriptorTable::RestatInternal(std::set<int>& open_fds, fail_fn_t fail_fn) {

void FileDescriptorTable::RestatInternal(std::set<int>& open_fds, fail_fn_t fail_fn) {

  // ART creates a file through memfd for optimization purposes. We make sure

  // there is at most one being created.

  bool art_memfd_seen = false;



  // Iterate through the list of file descriptors we've already recorded

  // Iterate through the list of file descriptors we've already recorded

  // and check whether :

  // and check whether :

  //

  //
@@ -577,6 +581,14 @@ void FileDescriptorTable::RestatInternal(std::set<int>& open_fds, fail_fn_t fail 
        // FD.

        // FD.

      }

      }





      if (IsArtMemfd(it->second->file_path)) {

        if (art_memfd_seen) {

          fail_fn("ART fd already seen: " + it->second->file_path);

        } else {

          art_memfd_seen = true;

        }

      }



      ++it;

      ++it;





      // Finally, remove the FD from the set of open_fds. We do this last because

      // Finally, remove the FD from the set of open_fds. We do this last because