Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e7b20fba authored by Treehugger Robot's avatar Treehugger Robot Committed by Gerrit Code Review
Browse files

Merge "Disable XOM on libraries for apps with targetSdkVerison<Q"

parents 5ab0dd0a 72625f5f

core/java/com/android/internal/os/Zygote.java

+17 −1
Original line number Diff line number Diff line
@@ -23,6 +23,7 @@ import static com.android.internal.os.ZygoteConnectionConstants.MAX_ZYGOTE_ARGC; 
import android.net.Credentials;

import android.net.LocalServerSocket;

import android.net.LocalSocket;

import android.os.Build;

import android.os.FactoryTest;

import android.os.IVold;

import android.os.Process;
@@ -215,7 +216,8 @@ public final class Zygote { 
     */

    public static int forkAndSpecialize(int uid, int gid, int[] gids, int runtimeFlags,

            int[][] rlimits, int mountExternal, String seInfo, String niceName, int[] fdsToClose,

            int[] fdsToIgnore, boolean startChildZygote, String instructionSet, String appDataDir) {

            int[] fdsToIgnore, boolean startChildZygote, String instructionSet, String appDataDir,

            int targetSdkVersion) {

        ZygoteHooks.preFork();

        // Resets nice priority for zygote process.

        resetNicePriority();
@@ -224,6 +226,7 @@ public final class Zygote { 
                fdsToIgnore, startChildZygote, instructionSet, appDataDir);

        // Enable tracing as soon as possible for the child process.

        if (pid == 0) {

            Zygote.disableExecuteOnly(targetSdkVersion);

            Trace.setTracingEnabled(true, runtimeFlags);



            // Note that this event ends at the end of handleChildProc,
@@ -568,6 +571,8 @@ public final class Zygote { 
                           args.mSeInfo, args.mNiceName, args.mStartChildZygote,

                           args.mInstructionSet, args.mAppDataDir);



        disableExecuteOnly(args.mTargetSdkVersion);



        if (args.mNiceName != null) {

            Process.setArgV0(args.mNiceName);

        }
@@ -613,6 +618,17 @@ public final class Zygote { 
        }

    }



    /**

     * Mark execute-only segments of libraries read+execute for apps with targetSdkVersion<Q.

     */

    protected static void disableExecuteOnly(int targetSdkVersion) {

        if ((targetSdkVersion < Build.VERSION_CODES.Q) && !nativeDisableExecuteOnly()) {

            Log.e("Zygote", "Failed to set libraries to read+execute.");

        }

    }



    private static native boolean nativeDisableExecuteOnly();



    /**

     * @return  Raw file descriptors for the read-end of blastula reporting pipes.

     */

core/java/com/android/internal/os/ZygoteConnection.java

+1 −1
Original line number Diff line number Diff line
@@ -243,7 +243,7 @@ class ZygoteConnection { 
        pid = Zygote.forkAndSpecialize(parsedArgs.mUid, parsedArgs.mGid, parsedArgs.mGids,

                parsedArgs.mRuntimeFlags, rlimits, parsedArgs.mMountExternal, parsedArgs.mSeInfo,

                parsedArgs.mNiceName, fdsToClose, fdsToIgnore, parsedArgs.mStartChildZygote,

                parsedArgs.mInstructionSet, parsedArgs.mAppDataDir);

                parsedArgs.mInstructionSet, parsedArgs.mAppDataDir, parsedArgs.mTargetSdkVersion);



        try {

            if (pid == 0) {

core/jni/com_android_internal_os_Zygote.cpp

+26 −1
Original line number Diff line number Diff line
@@ -45,6 +45,7 @@ 
#include <fcntl.h>

#include <grp.h>

#include <inttypes.h>

#include <link.h>

#include <malloc.h>

#include <mntent.h>

#include <paths.h>
@@ -53,6 +54,7 @@ 
#include <sys/capability.h>

#include <sys/cdefs.h>

#include <sys/eventfd.h>

#include <sys/mman.h>

#include <sys/personality.h>

#include <sys/prctl.h>

#include <sys/resource.h>
@@ -68,6 +70,7 @@ 
#include <android-base/properties.h>

#include <android-base/file.h>

#include <android-base/stringprintf.h>

#include <android-base/strings.h>

#include <android-base/unique_fd.h>

#include <cutils/ashmem.h>

#include <cutils/fs.h>
@@ -1546,6 +1549,26 @@ static jint com_android_internal_os_Zygote_nativeGetBlastulaPoolCount(JNIEnv* en 
  return gBlastulaPoolCount;

}



static int disable_execute_only(struct dl_phdr_info *info, size_t size, void *data) {

  // Search for any execute-only segments and mark them read+execute.

  for (int i = 0; i < info->dlpi_phnum; i++) {

    if ((info->dlpi_phdr[i].p_type == PT_LOAD) && (info->dlpi_phdr[i].p_flags == PF_X)) {

      mprotect(reinterpret_cast<void*>(info->dlpi_addr + info->dlpi_phdr[i].p_vaddr),

              info->dlpi_phdr[i].p_memsz, PROT_READ | PROT_EXEC);

    }

  }

  // Return non-zero to exit dl_iterate_phdr.

  return 0;

}



/**

 * @param env  Managed runtime environment

 * @return  True if disable was successful.

 */

static jboolean com_android_internal_os_Zygote_nativeDisableExecuteOnly(JNIEnv* env, jclass) {

  return dl_iterate_phdr(disable_execute_only, nullptr) == 0;

}



static const JNINativeMethod gMethods[] = {

    { "nativeSecurityInit", "()V",

      (void *) com_android_internal_os_Zygote_nativeSecurityInit },
@@ -1574,7 +1597,9 @@ static const JNINativeMethod gMethods[] = { 
    { "nativeGetBlastulaPoolEventFD", "()I",

      (void *) com_android_internal_os_Zygote_nativeGetBlastulaPoolEventFD },

    { "nativeGetBlastulaPoolCount", "()I",

      (void *) com_android_internal_os_Zygote_nativeGetBlastulaPoolCount }

      (void *) com_android_internal_os_Zygote_nativeGetBlastulaPoolCount },

    { "nativeDisableExecuteOnly", "()Z",

      (void *) com_android_internal_os_Zygote_nativeDisableExecuteOnly }

};



int register_com_android_internal_os_Zygote(JNIEnv* env) {