diff options
| -rw-r--r-- | core/java/com/android/internal/os/Zygote.java | 18 | ||||
| -rw-r--r-- | core/java/com/android/internal/os/ZygoteConnection.java | 2 | ||||
| -rw-r--r-- | core/jni/com_android_internal_os_Zygote.cpp | 27 |
3 files changed, 44 insertions, 3 deletions
diff --git a/core/java/com/android/internal/os/Zygote.java b/core/java/com/android/internal/os/Zygote.java index d4fa5cbb4f55..14b511df390b 100644 --- a/core/java/com/android/internal/os/Zygote.java +++ b/core/java/com/android/internal/os/Zygote.java @@ -23,6 +23,7 @@ import static com.android.internal.os.ZygoteConnectionConstants.MAX_ZYGOTE_ARGC; import android.net.Credentials; import android.net.LocalServerSocket; import android.net.LocalSocket; +import android.os.Build; import android.os.FactoryTest; import android.os.IVold; import android.os.Process; @@ -215,7 +216,8 @@ public final class Zygote { */ public static int forkAndSpecialize(int uid, int gid, int[] gids, int runtimeFlags, int[][] rlimits, int mountExternal, String seInfo, String niceName, int[] fdsToClose, - int[] fdsToIgnore, boolean startChildZygote, String instructionSet, String appDataDir) { + int[] fdsToIgnore, boolean startChildZygote, String instructionSet, String appDataDir, + int targetSdkVersion) { ZygoteHooks.preFork(); // Resets nice priority for zygote process. resetNicePriority(); @@ -224,6 +226,7 @@ public final class Zygote { fdsToIgnore, startChildZygote, instructionSet, appDataDir); // Enable tracing as soon as possible for the child process. if (pid == 0) { + Zygote.disableExecuteOnly(targetSdkVersion); Trace.setTracingEnabled(true, runtimeFlags); // Note that this event ends at the end of handleChildProc, @@ -568,6 +571,8 @@ public final class Zygote { args.mSeInfo, args.mNiceName, args.mStartChildZygote, args.mInstructionSet, args.mAppDataDir); + disableExecuteOnly(args.mTargetSdkVersion); + if (args.mNiceName != null) { Process.setArgV0(args.mNiceName); } @@ -614,6 +619,17 @@ public final class Zygote { } /** + * Mark execute-only segments of libraries read+execute for apps with targetSdkVersion<Q. + */ + protected static void disableExecuteOnly(int targetSdkVersion) { + if ((targetSdkVersion < Build.VERSION_CODES.Q) && !nativeDisableExecuteOnly()) { + Log.e("Zygote", "Failed to set libraries to read+execute."); + } + } + + private static native boolean nativeDisableExecuteOnly(); + + /** * @return Raw file descriptors for the read-end of blastula reporting pipes. */ protected static int[] getBlastulaPipeFDs() { diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java/com/android/internal/os/ZygoteConnection.java index 034c37cdf4c3..ad9f64cd2b0b 100644 --- a/core/java/com/android/internal/os/ZygoteConnection.java +++ b/core/java/com/android/internal/os/ZygoteConnection.java @@ -243,7 +243,7 @@ class ZygoteConnection { pid = Zygote.forkAndSpecialize(parsedArgs.mUid, parsedArgs.mGid, parsedArgs.mGids, parsedArgs.mRuntimeFlags, rlimits, parsedArgs.mMountExternal, parsedArgs.mSeInfo, parsedArgs.mNiceName, fdsToClose, fdsToIgnore, parsedArgs.mStartChildZygote, - parsedArgs.mInstructionSet, parsedArgs.mAppDataDir); + parsedArgs.mInstructionSet, parsedArgs.mAppDataDir, parsedArgs.mTargetSdkVersion); try { if (pid == 0) { diff --git a/core/jni/com_android_internal_os_Zygote.cpp b/core/jni/com_android_internal_os_Zygote.cpp index d26425ae0969..0e5f53b87049 100644 --- a/core/jni/com_android_internal_os_Zygote.cpp +++ b/core/jni/com_android_internal_os_Zygote.cpp @@ -45,6 +45,7 @@ #include <fcntl.h> #include <grp.h> #include <inttypes.h> +#include <link.h> #include <malloc.h> #include <mntent.h> #include <paths.h> @@ -53,6 +54,7 @@ #include <sys/capability.h> #include <sys/cdefs.h> #include <sys/eventfd.h> +#include <sys/mman.h> #include <sys/personality.h> #include <sys/prctl.h> #include <sys/resource.h> @@ -68,6 +70,7 @@ #include <android-base/properties.h> #include <android-base/file.h> #include <android-base/stringprintf.h> +#include <android-base/strings.h> #include <android-base/unique_fd.h> #include <cutils/ashmem.h> #include <cutils/fs.h> @@ -1546,6 +1549,26 @@ static jint com_android_internal_os_Zygote_nativeGetBlastulaPoolCount(JNIEnv* en return gBlastulaPoolCount; } +static int disable_execute_only(struct dl_phdr_info *info, size_t size, void *data) { + // Search for any execute-only segments and mark them read+execute. + for (int i = 0; i < info->dlpi_phnum; i++) { + if ((info->dlpi_phdr[i].p_type == PT_LOAD) && (info->dlpi_phdr[i].p_flags == PF_X)) { + mprotect(reinterpret_cast<void*>(info->dlpi_addr + info->dlpi_phdr[i].p_vaddr), + info->dlpi_phdr[i].p_memsz, PROT_READ | PROT_EXEC); + } + } + // Return non-zero to exit dl_iterate_phdr. + return 0; +} + +/** + * @param env Managed runtime environment + * @return True if disable was successful. + */ +static jboolean com_android_internal_os_Zygote_nativeDisableExecuteOnly(JNIEnv* env, jclass) { + return dl_iterate_phdr(disable_execute_only, nullptr) == 0; +} + static const JNINativeMethod gMethods[] = { { "nativeSecurityInit", "()V", (void *) com_android_internal_os_Zygote_nativeSecurityInit }, @@ -1574,7 +1597,9 @@ static const JNINativeMethod gMethods[] = { { "nativeGetBlastulaPoolEventFD", "()I", (void *) com_android_internal_os_Zygote_nativeGetBlastulaPoolEventFD }, { "nativeGetBlastulaPoolCount", "()I", - (void *) com_android_internal_os_Zygote_nativeGetBlastulaPoolCount } + (void *) com_android_internal_os_Zygote_nativeGetBlastulaPoolCount }, + { "nativeDisableExecuteOnly", "()Z", + (void *) com_android_internal_os_Zygote_nativeDisableExecuteOnly } }; int register_com_android_internal_os_Zygote(JNIEnv* env) { |