Disable heap pointer tagging on Q or earlier. (cba0c365) · Commits · e / os / android_frameworks_base

core/java/com/android/internal/os/RuntimeInit.java

+28 −0

Original line number	Original line	Diff line number	Diff line
	@@ -19,6 +19,8 @@ package com.android.internal.os;
	import android.app.ActivityManager;		import android.app.ActivityManager;
	import android.app.ActivityThread;		import android.app.ActivityThread;
	import android.app.ApplicationErrorReport;		import android.app.ApplicationErrorReport;
			import android.compat.annotation.ChangeId;
			import android.compat.annotation.EnabledAfter;
	import android.compat.annotation.UnsupportedAppUsage;		import android.compat.annotation.UnsupportedAppUsage;
	import android.content.type.DefaultMimeMapFactory;		import android.content.type.DefaultMimeMapFactory;
	import android.os.Build;		import android.os.Build;
	@@ -34,6 +36,7 @@ import android.util.Slog;
	import com.android.internal.logging.AndroidConfig;		import com.android.internal.logging.AndroidConfig;
	import com.android.server.NetworkManagementSocketTagger;		import com.android.server.NetworkManagementSocketTagger;

			import dalvik.annotation.compat.VersionCodes;
	import dalvik.system.RuntimeHooks;		import dalvik.system.RuntimeHooks;
	import dalvik.system.ThreadPrioritySetter;		import dalvik.system.ThreadPrioritySetter;
	import dalvik.system.VMRuntime;		import dalvik.system.VMRuntime;
	@@ -64,8 +67,17 @@ public class RuntimeInit {

	private static volatile boolean mCrashing = false;		private static volatile boolean mCrashing = false;

			/*
			* Native heap allocations will now have a non-zero tag in the most significant byte.
			* See {@linktourl https://source.android.com/devices/tech/debug/tagged-pointers}.
			*/
			@ChangeId
			@EnabledAfter(targetSdkVersion = VersionCodes.Q)
			private static final long NATIVE_HEAP_POINTER_TAGGING = 135754954; // This is a bug id.

	private static final native void nativeFinishInit();		private static final native void nativeFinishInit();
	private static final native void nativeSetExitWithoutCleanup(boolean exitWithoutCleanup);		private static final native void nativeSetExitWithoutCleanup(boolean exitWithoutCleanup);
			private static native void nativeDisableHeapPointerTagging();

	private static int Clog_e(String tag, String msg, Throwable tr) {		private static int Clog_e(String tag, String msg, Throwable tr) {
	return Log.printlns(Log.LOG_ID_CRASH, Log.ERROR, tag, msg, tr);		return Log.printlns(Log.LOG_ID_CRASH, Log.ERROR, tag, msg, tr);
	@@ -398,6 +410,20 @@ public class RuntimeInit {
	if (DEBUG) Slog.d(TAG, "Leaving RuntimeInit!");		if (DEBUG) Slog.d(TAG, "Leaving RuntimeInit!");
	}		}

			private static void maybeDisableHeapPointerTagging(long[] disabledCompatChanges) {
			// Heap tagging needs to be disabled before any additional threads are created, but the
			// AppCompat framework is not initialized enough at this point.
			// Check if the change is enabled manually.
			if (disabledCompatChanges != null) {
			for (int i = 0; i < disabledCompatChanges.length; i++) {
			if (disabledCompatChanges[i] == NATIVE_HEAP_POINTER_TAGGING) {
			nativeDisableHeapPointerTagging();
			break;
			}
			}
			}
			}

	protected static Runnable applicationInit(int targetSdkVersion, long[] disabledCompatChanges,		protected static Runnable applicationInit(int targetSdkVersion, long[] disabledCompatChanges,
	String[] argv, ClassLoader classLoader) {		String[] argv, ClassLoader classLoader) {
	// If the application calls System.exit(), terminate the process		// If the application calls System.exit(), terminate the process
	@@ -410,6 +436,8 @@ public class RuntimeInit {
	VMRuntime.getRuntime().setTargetSdkVersion(targetSdkVersion);		VMRuntime.getRuntime().setTargetSdkVersion(targetSdkVersion);
	VMRuntime.getRuntime().setDisabledCompatChanges(disabledCompatChanges);		VMRuntime.getRuntime().setDisabledCompatChanges(disabledCompatChanges);

			maybeDisableHeapPointerTagging(disabledCompatChanges);

	final Arguments args = new Arguments(argv);		final Arguments args = new Arguments(argv);

	// The end of of the RuntimeInit event (see #zygoteInit).		// The end of of the RuntimeInit event (see #zygoteInit).

core/jni/AndroidRuntime.cpp

+15 −4

Original line number	Original line	Diff line number	Diff line
	@@ -47,6 +47,7 @@
	#include <signal.h>		#include <signal.h>
	#include <dirent.h>		#include <dirent.h>
	#include <assert.h>		#include <assert.h>
			#include <bionic/malloc.h>

	#include <string>		#include <string>
	#include <vector>		#include <vector>
	@@ -279,6 +280,14 @@ static void com_android_internal_os_RuntimeInit_nativeSetExitWithoutCleanup(JNIE
	gCurRuntime->setExitWithoutCleanup(exitWithoutCleanup);		gCurRuntime->setExitWithoutCleanup(exitWithoutCleanup);
	}		}

			static void com_android_internal_os_RuntimeInit_nativeDisableHeapPointerTagging(
			JNIEnv* env, jobject clazz) {
			HeapTaggingLevel tag_level = M_HEAP_TAGGING_LEVEL_NONE;
			if (!android_mallopt(M_SET_HEAP_TAGGING_LEVEL, &tag_level, sizeof(tag_level))) {
			ALOGE("ERROR: could not disable heap pointer tagging\n");
			}
			}

	/*		/*
	* JNI registration.		* JNI registration.
	*/		*/
	@@ -290,6 +299,8 @@ int register_com_android_internal_os_RuntimeInit(JNIEnv* env)
	(void*)com_android_internal_os_RuntimeInit_nativeFinishInit},		(void*)com_android_internal_os_RuntimeInit_nativeFinishInit},
	{"nativeSetExitWithoutCleanup", "(Z)V",		{"nativeSetExitWithoutCleanup", "(Z)V",
	(void*)com_android_internal_os_RuntimeInit_nativeSetExitWithoutCleanup},		(void*)com_android_internal_os_RuntimeInit_nativeSetExitWithoutCleanup},
			{"nativeDisableHeapPointerTagging", "()V",
			(void*)com_android_internal_os_RuntimeInit_nativeDisableHeapPointerTagging},
	};		};
	return jniRegisterNativeMethods(env, "com/android/internal/os/RuntimeInit",		return jniRegisterNativeMethods(env, "com/android/internal/os/RuntimeInit",
	methods, NELEM(methods));		methods, NELEM(methods));