Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ce0b8ba0 authored by Colin Cross's avatar Colin Cross Committed by Cherrypicker Worker
Browse files

Disable ptrace debugging by default on userdebug 

I2fb1aa0aea81400f573b8c2e2fa309b7942d9446 re-enabled ptrace on all
apps by default on userdebug after I6fff6f1a683893244bc2d40f930044747befb2ce
had disabled it along with JDWP.  The same reasoning that applied to
JDWP also applies to ptrace, it could be trivially used for root
detection.  Return to defaulting it to off again, with an additional
persist.debug.ptrace.enabled property to turn it back on.

Bug: 292818059
Bug: 291332760
Bug: 290832806
Test: CtsMemunreachableTestCases
(cherry picked from https://android-review.googlesource.com/q/commit:8a609d4b62a710c2f43921f8b4de435d58f64556)
Merged-In: I0b8c07da661b7bf45c32b304aaa72cf9837dabd5
Change-Id: I0b8c07da661b7bf45c32b304aaa72cf9837dabd5
parent 2398f769

core/java/com/android/internal/os/Zygote.java

+25 −8
Original line number Diff line number Diff line
@@ -196,7 +196,8 @@ public final class Zygote { 
    public static final int PROFILEABLE = 1 << 24;



    /**

     * Enable ptrace.  This is enabled on eng or userdebug builds, or if the app is debuggable.

     * Enable ptrace.  This is enabled on eng, if the app is debuggable, or if

     * the persist.debug.ptrace.enabled property is set.

     */

    public static final int DEBUG_ENABLE_PTRACE = 1 << 25;
@@ -1019,21 +1020,36 @@ public final class Zygote { 
    private static final boolean ENABLE_JDWP = SystemProperties.get(

                          "persist.debug.dalvik.vm.jdwp.enabled").equals("1");



    /**

     * This will enable ptrace by default for all apps. It is OK to cache this property

     * because we expect to reboot the system whenever this property changes

     */

    private static final boolean ENABLE_PTRACE = SystemProperties.get(

                          "persist.debug.ptrace.enabled").equals("1");



    /**

     * Applies debugger system properties to the zygote arguments.

     *

     * For eng builds all apps are debuggable. On userdebug and user builds

     * if persist.debug.dalvik.vm.jdwp.enabled is 1 all apps are

     * debuggable. Otherwise, the debugger state is specified via the

     * "--enable-jdwp" flag in the spawn request.

     * For eng builds all apps are debuggable with JDWP and ptrace.

     *

     * On userdebug builds if persist.debug.dalvik.vm.jdwp.enabled

     * is 1 all apps are debuggable with JDWP and ptrace. Otherwise, the

     * debugger state is specified via the "--enable-jdwp" flag in the

     * spawn request.

     *

     * On userdebug builds if persist.debug.ptrace.enabled is 1 all

     * apps are debuggable with ptrace.

     *

     * @param args non-null; zygote spawner args

     */

    static void applyDebuggerSystemProperty(ZygoteArguments args) {

        if (Build.IS_ENG || ENABLE_JDWP) {

        if (Build.IS_ENG || (Build.IS_USERDEBUG && ENABLE_JDWP)) {

            args.mRuntimeFlags |= Zygote.DEBUG_ENABLE_JDWP;

            // Also enable ptrace when JDWP is enabled for consistency with

            // before persist.debug.ptrace.enabled existed.

            args.mRuntimeFlags |= Zygote.DEBUG_ENABLE_PTRACE;

        }

        if (RoSystemProperties.DEBUGGABLE) {

        if (Build.IS_ENG || (Build.IS_USERDEBUG && ENABLE_PTRACE)) {

            args.mRuntimeFlags |= Zygote.DEBUG_ENABLE_PTRACE;

        }

    }
@@ -1057,7 +1073,8 @@ public final class Zygote { 
        int peerUid = peer.getUid();



        if (args.mInvokeWith != null && peerUid != 0

                && (args.mRuntimeFlags & Zygote.DEBUG_ENABLE_JDWP) == 0) {

                && (args.mRuntimeFlags

                    & (Zygote.DEBUG_ENABLE_JDWP | Zygote.DEBUG_ENABLE_PTRACE)) == 0) {

            throw new ZygoteSecurityException("Peer is permitted to specify an "

                + "explicit invoke-with wrapper command only for debuggable "

                + "applications.");