diff options
| author | 2017-12-20 09:51:51 -0800 | |
|---|---|---|
| committer | 2018-01-09 20:16:01 +0000 | |
| commit | 6a4a3398325787f6cb1b93db17a7bf50d353e2a5 (patch) | |
| tree | 2e412383fe03c921b144815814d93a249ff2245c | |
| parent | 761b7b50d1dbc90334bc719d32bac13efcf3de80 (diff) | |
Move zygote's seccomp setup to post-fork
Before this change, seccomp filter setup is as early as in zygote's main
function. To make it possible to split app and system server's filter,
this postpone the setup to after fork. It also starts to call app
specific and system server specific setup function.
In terms of performance since this happens at fork, the measure shows
the overhead is negligible. Assuming 130 instruction in the BPF, on
walleye, even when running on little core with fixed low frequency, each
setup took about 60.9us on average. When it runs on big core with
higher frequency, it took about 39.3us.
Test: (cts) -m CtsSecurityTestCases -t android.security.cts.SeccompTest
Bug: 63944145
Change-Id: I748735b478405098beac1e200d911c13ea60e380
Merged-In: I748735b478405098beac1e200d911c13ea60e380
| -rw-r--r-- | core/java/android/os/Seccomp.java | 3 | ||||
| -rw-r--r-- | core/java/com/android/internal/os/Zygote.java | 4 | ||||
| -rw-r--r-- | core/java/com/android/internal/os/ZygoteConnection.java | 4 | ||||
| -rw-r--r-- | core/java/com/android/internal/os/ZygoteInit.java | 3 | ||||
| -rw-r--r-- | core/jni/android_os_seccomp.cpp | 19 |
5 files changed, 26 insertions, 7 deletions
diff --git a/core/java/android/os/Seccomp.java b/core/java/android/os/Seccomp.java index f14e93fe9403..335e44b65711 100644 --- a/core/java/android/os/Seccomp.java +++ b/core/java/android/os/Seccomp.java @@ -20,5 +20,6 @@ package android.os; * @hide */ public final class Seccomp { - public static final native void setPolicy(); + public static native void setSystemServerPolicy(); + public static native void setAppPolicy(); } diff --git a/core/java/com/android/internal/os/Zygote.java b/core/java/com/android/internal/os/Zygote.java index 3ee8b472869b..ebebad2950ce 100644 --- a/core/java/com/android/internal/os/Zygote.java +++ b/core/java/com/android/internal/os/Zygote.java @@ -17,6 +17,7 @@ package com.android.internal.os; +import android.os.Seccomp; import android.os.Trace; import dalvik.system.ZygoteHooks; import android.system.ErrnoException; @@ -155,6 +156,9 @@ public final class Zygote { */ public static int forkSystemServer(int uid, int gid, int[] gids, int runtimeFlags, int[][] rlimits, long permittedCapabilities, long effectiveCapabilities) { + // Set system server specific seccomp policy. + Seccomp.setSystemServerPolicy(); + VM_HOOKS.preFork(); // Resets nice priority for zygote process. resetNicePriority(); diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java/com/android/internal/os/ZygoteConnection.java index 6a87b1f4d3fd..24c4a8d8d438 100644 --- a/core/java/com/android/internal/os/ZygoteConnection.java +++ b/core/java/com/android/internal/os/ZygoteConnection.java @@ -30,6 +30,7 @@ import android.net.Credentials; import android.net.LocalSocket; import android.os.FactoryTest; import android.os.Process; +import android.os.Seccomp; import android.os.SystemProperties; import android.os.Trace; import android.system.ErrnoException; @@ -767,6 +768,9 @@ class ZygoteConnection { Process.setArgV0(parsedArgs.niceName); } + // Set app specific seccomp policy. + Seccomp.setAppPolicy(); + // End of the postFork event. Trace.traceEnd(Trace.TRACE_TAG_ACTIVITY_MANAGER); if (parsedArgs.invokeWith != null) { diff --git a/core/java/com/android/internal/os/ZygoteInit.java b/core/java/com/android/internal/os/ZygoteInit.java index 2be6212b9f1e..40168328c5bc 100644 --- a/core/java/com/android/internal/os/ZygoteInit.java +++ b/core/java/com/android/internal/os/ZygoteInit.java @@ -782,9 +782,6 @@ public class ZygoteInit { // Zygote process unmounts root storage spaces. Zygote.nativeUnmountStorageOnInit(); - // Set seccomp policy - Seccomp.setPolicy(); - ZygoteHooks.stopZygoteNoThreadCreation(); if (startSystemServer) { diff --git a/core/jni/android_os_seccomp.cpp b/core/jni/android_os_seccomp.cpp index 06e2a167de0a..b9006e4403cd 100644 --- a/core/jni/android_os_seccomp.cpp +++ b/core/jni/android_os_seccomp.cpp @@ -21,20 +21,33 @@ #include "seccomp_policy.h" -static void Seccomp_setPolicy(JNIEnv* /*env*/) { +static void Seccomp_setSystemServerPolicy(JNIEnv* /*env*/) { if (security_getenforce() == 0) { ALOGI("seccomp disabled by setenforce 0"); return; } - if (!set_seccomp_filter()) { + if (!set_system_seccomp_filter()) { + ALOGE("Failed to set seccomp policy - killing"); + exit(1); + } +} + +static void Seccomp_setAppPolicy(JNIEnv* /*env*/) { + if (security_getenforce() == 0) { + ALOGI("seccomp disabled by setenforce 0"); + return; + } + + if (!set_app_seccomp_filter()) { ALOGE("Failed to set seccomp policy - killing"); exit(1); } } static const JNINativeMethod method_table[] = { - NATIVE_METHOD(Seccomp, setPolicy, "()V"), + NATIVE_METHOD(Seccomp, setSystemServerPolicy, "()V"), + NATIVE_METHOD(Seccomp, setAppPolicy, "()V"), }; namespace android { |