Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 19699d0e authored by Christopher Ferris's avatar Christopher Ferris
Browse files

Get the program name for MTE property check. 

The property check in is_permissive_mte() uses getprogname() which
doesn't get the correct program name. Instead use the libbase
GetExecutablePath() function instead.

Add a new test for the fallback path that runs in minijail to verify
that there is no SIGSYS raised.

Add the readlinkat syscall for MTE but only on aarch64.

Test: Verified that the property check actually sees the executable name.
Test: All unit tests pass on an MTE enabled device.
Change-Id: I44276f6cdc4860a88e1f48a2011ca4c4e4f1dc2a
parent a4a1f0a8

debuggerd/debuggerd_test.cpp

+37 −0
Original line number Diff line number Diff line
@@ -1841,6 +1841,43 @@ TEST_F(CrasherTest, seccomp_backtrace_no_allocation) { 
  ASSERT_BACKTRACE_FRAME(result, "bar");

}



TEST_F(CrasherTest, seccomp_mte) {

#if defined(__aarch64__)

  if (!mte_supported() || !mte_enabled()) {

    GTEST_SKIP() << "Requires MTE";

  }



  LogcatCollector logcat_collector;



  size_t allocation_size = 1;

  int intercept_result;

  unique_fd output_fd;

  StartProcess(

      [&]() {

        SetTagCheckingLevelSync();

        volatile int* p = (volatile int*)malloc(allocation_size);

        free((void*)p);

        p[0] = 42;

      },

      &seccomp_fork);



  StartIntercept(&output_fd);

  FinishCrasher();

  AssertDeath(SIGSEGV);

  FinishIntercept(&intercept_result);



  ASSERT_EQ(1, intercept_result) << "tombstoned reported failure";



  // The fallback path does not support getting MTE error data, so simply check

  // that we get the correct type of crash.

  std::string result;

  ConsumeFd(std::move(output_fd), &result);

  ASSERT_MATCH(result, R"(signal 11 \(SIGSEGV\), code 9 \(SEGV_MTESERR)");

#else

  GTEST_SKIP() << "Requires aarch64";

#endif

}



TEST_F(CrasherTest, competing_tracer) {

  int intercept_result;

  unique_fd output_fd;

debuggerd/handler/debuggerd_handler.cpp

+2 −1
Original line number Diff line number Diff line
@@ -39,6 +39,7 @@ 
#include <time.h>

#include <unistd.h>



#include <android-base/file.h>

#include <android-base/macros.h>

#include <android-base/parsebool.h>

#include <android-base/parseint.h>
@@ -108,7 +109,7 @@ static bool is_permissive_mte() { 
  char process_sysprop_name[512];

  async_safe_format_buffer(process_sysprop_name, sizeof(process_sysprop_name),

                           "persist.device_config.memory_safety_native.permissive.process.%s",

                           getprogname());

                           android::base::Basename(android::base::GetExecutablePath()).c_str());

  // DO NOT REPLACE this with GetBoolProperty. That uses std::string which allocates, so it is

  // not async-safe, and this function gets used in a signal handler.

  return property_parse_bool("persist.sys.mte.permissive") ||

debuggerd/seccomp_policy/crash_dump.arm64.policy

+1 −0
Original line number Diff line number Diff line
@@ -42,3 +42,4 @@ geteuid: 1 
getgid: 1

getegid: 1

getgroups: 1

readlinkat: 1

debuggerd/seccomp_policy/crash_dump.no_mmap_mprotect_prctl.arm64.policy

+1 −0
Original line number Diff line number Diff line
@@ -39,3 +39,4 @@ geteuid: 1 
getgid: 1

getegid: 1

getgroups: 1

readlinkat: 1

debuggerd/seccomp_policy/crash_dump.policy.def

+5 −0
Original line number Diff line number Diff line
@@ -101,3 +101,8 @@ getgid32: 1 
getegid32: 1

getgroups32: 1

#endif



// MTE specific syscalls

#if defined(__aarch64__)

readlinkat: 1

#endif