Pass MTE RuntimeFlags to AppZygote.

Fix AppZygote process and its children (the actual service processes) ignoring android:memtagMode attribute in the app manifest. When starting a new AppZygote process, apply memtag-related flags as determined by the app manifest (and modified by compat features and actual h/w capabilities). If this is not done, MTE is always disabled in an AppZygote process, which makes it impossible to enable it in the AppZygote's children. This change has no effect unless MTE is supported in the hardware (ARMv9) and enabled in the system. Bug: 207557677 Test: CtsTaggingHostTestCases Merged-In: Ibf64db8882a1fbffe6c0cc3cd3bc2299b088876a Change-Id: Ibf64db8882a1fbffe6c0cc3cd3bc2299b088876a (cherry picked from commit 2e50afbd53c686a7cb82c73e926ab34d7dd9257d)
author: Evgenii Stepanov <eugenis@google.com> 2021-12-03 17:06:46 -0800
committer: Evgenii Stepanov <eugenis@google.com> 2021-12-10 19:02:55 +0000
commit: 980f233d2d53512457583df7511e65a2a63269dd (patch)
tree: 1f4cf64506aae2fb6958d837b8761af8a62b5797
parent: 3a1a4dbf898666c0a4195581b138b6a070c44132 (diff)
2 files changed, 28 insertions, 3 deletions
diff --git a/core/java/android/os/AppZygote.java b/core/java/android/os/AppZygote.java
index 74b814ea4159..c8b4226ecae0 100644
--- a/core/java/android/os/AppZygote.java
+++ b/core/java/android/os/AppZygote.java
@@ -45,6 +45,8 @@ public class AppZygote {
     // Last UID/GID of the range the AppZygote can setuid()/setgid() to
     private final int mZygoteUidGidMax;
 
+    private final int mZygoteRuntimeFlags;
+
     private final Object mLock = new Object();
 
     /**
@@ -56,11 +58,13 @@ public class AppZygote {
 
     private final ApplicationInfo mAppInfo;
 
-    public AppZygote(ApplicationInfo appInfo, int zygoteUid, int uidGidMin, int uidGidMax) {
+    public AppZygote(ApplicationInfo appInfo, int zygoteUid, int uidGidMin, int uidGidMax,
+            int runtimeFlags) {
         mAppInfo = appInfo;
         mZygoteUid = zygoteUid;
         mZygoteUidGidMin = uidGidMin;
         mZygoteUidGidMax = uidGidMax;
+        mZygoteRuntimeFlags = runtimeFlags;
     }
 
     /**
@@ -110,7 +114,7 @@ public class AppZygote {
                     mZygoteUid,
                     mZygoteUid,
                     null,  // gids
-                    0,  // runtimeFlags
+                    mZygoteRuntimeFlags,  // runtimeFlags
                     "app_zygote",  // seInfo
                     abi,  // abi
                     abi, // acceptedAbiList
diff --git a/services/core/java/com/android/server/am/ProcessList.java b/services/core/java/com/android/server/am/ProcessList.java
index 92c82232d474..1e66ed42ff96 100644
--- a/services/core/java/com/android/server/am/ProcessList.java
+++ b/services/core/java/com/android/server/am/ProcessList.java
@@ -374,6 +374,16 @@ public final class ProcessList {
     private static final long NATIVE_HEAP_POINTER_TAGGING = 135754954; // This is a bug id.
 
     /**
+     * Native heap allocations in AppZygote process and its descendants will now have a
+     * non-zero tag in the most significant byte.
+     * @see <a href="https://source.android.com/devices/tech/debug/tagged-pointers">Tagged
+     * Pointers</a>
+     */
+    @ChangeId
+    @EnabledAfter(targetSdkVersion = Build.VERSION_CODES.S)
+    private static final long NATIVE_HEAP_POINTER_TAGGING_APP_ZYGOTE = 207557677;
+
+    /**
      * Enable asynchronous (ASYNC) memory tag checking in this process. This
      * flag will only have an effect on hardware supporting the ARM Memory
      * Tagging Extension (MTE).
@@ -1738,6 +1748,16 @@ public final class ProcessList {
         return level;
     }
 
+    private int decideTaggingLevelForAppZygote(ProcessRecord app) {
+        int level = decideTaggingLevel(app);
+        // TBI ("fake" pointer tagging) in AppZygote is controlled by a separate compat feature.
+        if (!mPlatformCompat.isChangeEnabled(NATIVE_HEAP_POINTER_TAGGING_APP_ZYGOTE, app.info)
+                && level == Zygote.MEMORY_TAG_LEVEL_TBI) {
+            level = Zygote.MEMORY_TAG_LEVEL_NONE;
+        }
+        return level;
+    }
+
     private int decideGwpAsanLevel(ProcessRecord app) {
         // Look at the process attribute first.
        if (app.processInfo != null
@@ -2238,7 +2258,8 @@ public final class ProcessList {
                 // not the calling one.
                 appInfo.packageName = app.getHostingRecord().getDefiningPackageName();
                 appInfo.uid = uid;
-                appZygote = new AppZygote(appInfo, uid, firstUid, lastUid);
+                int runtimeFlags = decideTaggingLevelForAppZygote(app);
+                appZygote = new AppZygote(appInfo, uid, firstUid, lastUid, runtimeFlags);
                 mAppZygotes.put(app.info.processName, uid, appZygote);
                 zygoteProcessList = new ArrayList<ProcessRecord>();
                 mAppZygoteProcesses.put(appZygote, zygoteProcessList);
author	Evgenii Stepanov <eugenis@google.com>	2021-12-03 17:06:46 -0800
committer	Evgenii Stepanov <eugenis@google.com>	2021-12-10 19:02:55 +0000
commit	980f233d2d53512457583df7511e65a2a63269dd (patch)
tree	1f4cf64506aae2fb6958d837b8761af8a62b5797
parent	3a1a4dbf898666c0a4195581b138b6a070c44132 (diff)