Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_frameworks_base / 5b34c78d4d901435ed9abd258de0ccf6d4ee9853
commit5b34c78d4d901435ed9abd258de0ccf6d4ee9853[log] [tgz]
authorMartijn Coenen <maco@google.com>Thu Feb 29 12:03:05 2024 +0000
committerAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>Tue May 21 04:28:27 2024 +0000
treea16b1e86f7b929d38c31ef5306f7c9f63fb63fd2
parentae7c8db0495fc8f83ed91aba9c610a3f7fb03e67 [diff]
Verify UID of incoming Zygote connections.

Only the system UID should be allowed to connect to the Zygote. While
for generic Zygotes this is also covered by SELinux policy, this is not
true for App Zygotes: the preload code running in an app zygote could
connect to another app zygote socket, if it had access to its (random)
socket address.

On the Java layer, simply check the UID when the connection is made. In
the native layer, this check was already present, but it actually didn't
work in the case where we receive a new incoming connection on the
socket, and receive a 'non-fork' command: in that case, we will simply
exit the native loop, and let the Java layer handle the command, without
any further UID checking.

Modified the native logic to drop new connections with a mismatching
UID, and to keep serving the existing connection (if it was still
there).

Bug: 319081336
Test: manual
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:2ffc7cb220e4220b7e108c4043a3f0f2a85b6508)
Merged-In: I3f85a17107849e2cd3e82d6ef15c90b9e2f26532
Change-Id: I3f85a17107849e2cd3e82d6ef15c90b9e2f26532
2 files changed
tree: a16b1e86f7b929d38c31ef5306f7c9f63fb63fd2
  1. .prebuilt_info/
  2. apct-tests/
  3. apex/
  4. api/
  5. boot/
  6. cmds/
  7. config/
  8. core/
  9. data/
  10. docs/
  11. drm/
  12. errorprone/
  13. graphics/
  14. identity/
  15. keystore/
  16. libs/
  17. location/
  18. media/
  19. mime/
  20. mms/
  21. native/
  22. nfc/
  23. nfc-extras/
  24. obex/
  25. omapi/
  26. opengl/
  27. packages/
  28. proto/
  29. ravenwood/
  30. rs/
  31. samples/
  32. sax/
  33. services/
  34. startop/
  35. telecomm/
  36. telephony/
  37. test-base/
  38. test-legacy/
  39. test-mock/
  40. test-runner/
  41. tests/
  42. tools/
  43. wifi/
  44. .clang-format
  45. .gitignore
  46. .mailmap
  47. AconfigFlags.bp
  48. ADPF_OWNERS
  49. Android.bp
  50. Android.mk
  51. BAL_OWNERS
  52. BATTERY_STATS_OWNERS
  53. BROADCASTS_OWNERS
  54. CleanSpec.mk
  55. framework-jarjar-rules.txt
  56. GAME_MANAGER_OWNERS
  57. INPUT_OWNERS
  58. INTENT_OWNERS
  59. ktfmt_includes.txt
  60. lint-baseline.xml
  61. LSE_APP_COMPAT_OWNERS
  62. MEMORY_OWNERS
  63. METADATA
  64. MODULE_LICENSE_APACHE2
  65. MULTIUSER_OWNERS
  66. NOTICE
  67. OWNERS
  68. OWNERS.md
  69. PACKAGE_MANAGER_OWNERS
  70. pathmap.mk
  71. PERFORMANCE_OWNERS
  72. PREUPLOAD.cfg
  73. ProtoLibraries.bp
  74. Ravenwood.bp
  75. SECURITY_STATE_OWNERS
  76. SQLITE_OWNERS
  77. TEST_MAPPING
  78. TestProtoLibraries.bp
  79. THERMAL_OWNERS
  80. TRACE_OWNERS
  81. WEAR_OWNERS
  82. ZYGOTE_OWNERS