Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c8176efe authored by Victor Hsieh's avatar Victor Hsieh
Browse files

Reland: Move zygote's seccomp setup to post-fork 

Before this change, seccomp filter setup is as early as in zygote's main
function.  To make it possible to split app and system server's filter,
this postpone the setup to after fork.  It also starts to call app
specific and system server specific setup function.

The filter setup is done in Zygote's ForkAndSpecializeCommon.  This is
because adding a seccomp filter must be done when either the caller has
CAP_SYS_ADMIN or after the PR_SET_NO_NEW_PRIVS bit is set.  Given that
setting PR_SET_NO_NEW_PRIVS breaks SELinux domain transition
(b/71859146), this must be done after Zygote forks but before
CAP_SYS_ADMIN is droppped.

Test: (cts) -m CtsSecurityTestCases -t android.security.cts.SeccompTest
Test: no selinux denial flood in dmesg with selinux enforced
Test: debuggerd -b `pidof com.android.phone`  # logcat shows tombstoned
      received crash request
Bug: 63944145
Bug: 71859146

Change-Id: I8215c8530d3d0de504a270488f8e29635805e8b0
parent 106a9152

core/java/android/os/Seccomp.java

deleted100644 → 0
+0 −24
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2017 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */



package android.os;



/**

 * @hide

 */

public final class Seccomp {

    public static final native void setPolicy();

}

core/java/com/android/internal/os/Zygote.java

+3 −0
Original line number Diff line number Diff line
@@ -69,6 +69,9 @@ public final class Zygote { 


    private Zygote() {}



    /** Called for some security initialization before any fork. */

    native static void nativeSecurityInit();



    /**

     * Forks a new VM instance.  The current VM must have been started

     * with the -Xzygote flag. <b>NOTE: new instance keeps all

core/java/com/android/internal/os/ZygoteInit.java

+2 −4
Original line number Diff line number Diff line
@@ -30,7 +30,6 @@ import android.os.IInstalld; 
import android.os.Environment;

import android.os.Process;

import android.os.RemoteException;

import android.os.Seccomp;

import android.os.ServiceManager;

import android.os.ServiceSpecificException;

import android.os.SystemClock;
@@ -781,12 +780,11 @@ public class ZygoteInit { 
            // Zygote.

            Trace.setTracingEnabled(false, 0);



            Zygote.nativeSecurityInit();



            // Zygote process unmounts root storage spaces.

            Zygote.nativeUnmountStorageOnInit();



            // Set seccomp policy

            Seccomp.setPolicy();



            ZygoteHooks.stopZygoteNoThreadCreation();



            if (startSystemServer) {

core/jni/Android.bp

+0 −1
Original line number Diff line number Diff line
@@ -86,7 +86,6 @@ cc_library_shared { 
        "android_os_MessageQueue.cpp",

        "android_os_Parcel.cpp",

        "android_os_SELinux.cpp",

        "android_os_seccomp.cpp",

        "android_os_SharedMemory.cpp",

        "android_os_SystemClock.cpp",

        "android_os_SystemProperties.cpp",

core/jni/AndroidRuntime.cpp

+0 −2
Original line number Diff line number Diff line
@@ -163,7 +163,6 @@ extern int register_android_os_Parcel(JNIEnv* env); 
extern int register_android_os_SELinux(JNIEnv* env);

extern int register_android_os_VintfObject(JNIEnv *env);

extern int register_android_os_VintfRuntimeInfo(JNIEnv *env);

extern int register_android_os_seccomp(JNIEnv* env);

extern int register_android_os_SystemProperties(JNIEnv *env);

extern int register_android_os_SystemClock(JNIEnv* env);

extern int register_android_os_Trace(JNIEnv* env);
@@ -1420,7 +1419,6 @@ static const RegJNIRec gRegJNI[] = { 
    REG_JNI(register_android_os_GraphicsEnvironment),

    REG_JNI(register_android_os_MessageQueue),

    REG_JNI(register_android_os_SELinux),

    REG_JNI(register_android_os_seccomp),

    REG_JNI(register_android_os_Trace),

    REG_JNI(register_android_os_UEventObserver),

    REG_JNI(register_android_net_LocalSocketImpl),