Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d7b3a369 authored Jan 30, 2019 by Martijn Coenen

Widen allowed UID range for webview zygote.

The webview zygote is shared for all users on the system, and so unlike
the app zygote, it can't use a single whitelisted UID range. For now,
clamp to the upper bound of the UID range, until we have a better idea.

This is still an improvement from the previous status quo, because it
will prevent setuid/setgid into system users.

Bug: 123597434
Test: builds, webview_zygote running
Change-Id: Ia975826ed5b1f20cabb46f60f5951723b1ba80c9

parent 6ab2e4a9

core/java/android/webkit/WebViewZygote.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -163,7 +163,7 @@ public class WebViewZygote {
		TextUtils.join(",", Build.SUPPORTED_ABIS),
		null, // instructionSet
		Process.FIRST_ISOLATED_UID,
		Process.LAST_ISOLATED_UID);
		Integer.MAX_VALUE); // TODO(b/123615476) deal with user-id ranges properly
		ZygoteProcess.waitForConnectionToZygote(sZygote.getPrimarySocketAddress());

		if (sPackageOriginalAppInfo.sourceDir.equals(sPackage.applicationInfo.sourceDir)) {

core/java/com/android/internal/os/ChildZygoteInit.java

+5 −3

Original line number	Diff line number	Diff line
		@@ -98,9 +98,11 @@ public class ChildZygoteInit {
		throw new RuntimeException("Passed in UID range is invalid, min > max.");
		}

		// Verify the UIDs are in the isolated UID range, as that's the only thing that we should
		// be forking right now
		if (!Process.isIsolated(uidGidMin) \|\| !Process.isIsolated(uidGidMax)) {
		// Verify the UIDs at least do not include system UIDs; we can't easily verify there
		// are just isolated UIDs in the range, because for the webview zygote, there is no
		// single range that captures all possible isolated UIDs.
		// TODO(b/123615476) narrow this down
		if (uidGidMin < Process.FIRST_ISOLATED_UID) {
		throw new RuntimeException("Passed in UID range does not map to isolated processes.");
		}