9087f331a85790d49d1095e1eaf0305b7863e0ba |
|
23-Sep-2016 |
Narayan Kamath <narayan@google.com> |
Zygote: Additional whitelists for runtime overlay / other static resources. Partially cherry picked from commit 1c15c635785c64a. These files are safe to reopen for the same reason that files in /system/framework are. They're regular files and will not change after the first zygote fork. Bug: 32618130 Change-Id: I119e0bfcbf397cb331064adf148d92a5cd3ea92f (cherry picked from commit 25cd01cc69fcad34756b00e52a79c0c54178f2e6)
/frameworks/base/core/jni/fd_utils-inl.h
|
9efaadccc05eafab68fd28ee352b979f25785945 |
|
14-Nov-2016 |
Narayan Kamath <narayan@google.com> |
Zygote: Additional whitelisting for legacy devices. am: 5e2f7c6229 am: 6bf96c1192 am: 22e45fa247 am: d98e75feca am: 87dc13f249 am: c50c43667f am: a5ff6c84a2 Change-Id: I62e2180c0a3b2d9e2a11b3ad4d93288bed1ccef6
|
a5ff6c84a2f29c4900cf7b29a41bff189702dfe3 |
|
14-Nov-2016 |
Narayan Kamath <narayan@google.com> |
Zygote: Additional whitelisting for legacy devices. am: 5e2f7c6229 am: 6bf96c1192 am: 22e45fa247 am: d98e75feca am: 87dc13f249 am: c50c43667f Change-Id: I11f57941eb00efafb14e0505131e66bc22fc68c6
|
87dc13f24985563010d913763cc4537a7bbf019c |
|
14-Nov-2016 |
Narayan Kamath <narayan@google.com> |
Zygote: Additional whitelisting for legacy devices. am: 5e2f7c6229 am: 6bf96c1192 am: 22e45fa247 am: d98e75feca Change-Id: Ic63a80f3a591956fd82a223c74050a24d7805add
|
76a388b93b2a6b30addf2a8b8796fcc61961a298 |
|
09-Nov-2016 |
Narayan Kamath <narayan@google.com> |
Zygote: Additional whitelists for runtime overlay / other static resources. am: 25cd01cc69 am: 4f65baa12f Change-Id: Ib482d999552ca44ccc000a4a2f5604e920db2079
|
5e2f7c6229d7191183888d685b57a7d0a2835fce |
|
07-Nov-2016 |
Narayan Kamath <narayan@google.com> |
Zygote: Additional whitelisting for legacy devices. On M and below, we provide a blanket whitelist for all files under "/vendor/zygote_whitelist". This path is whitelisted purely to allow this patch to be applied easily on legacy devices and configurations. Note that this does not amount to a loosening of our security policy because whitelisted files are reopened anyway. Bug: 32691930 Test: manual Change-Id: If5b53f6f0a707f8d36603c09bfd3f72dbfbbbb99
/frameworks/base/core/jni/fd_utils-inl.h
|
4e8ba1d73eee1311bb78144be43862b393548d5d |
|
23-Sep-2016 |
Narayan Kamath <narayan@google.com> |
Zygote: Additional whitelists for runtime overlay / other static resources. Partially cherry picked from commit 1c15c635785c64a. These files are safe to reopen for the same reason that files in /system/framework are. They're regular files and will not change after the first zygote fork. Bug: 32618130 Change-Id: I119e0bfcbf397cb331064adf148d92a5cd3ea92f
/frameworks/base/core/jni/fd_utils-inl.h
|
25cd01cc69fcad34756b00e52a79c0c54178f2e6 |
|
23-Sep-2016 |
Narayan Kamath <narayan@google.com> |
Zygote: Additional whitelists for runtime overlay / other static resources. Partially cherry picked from commit 1c15c635785c64a. These files are safe to reopen for the same reason that files in /system/framework are. They're regular files and will not change after the first zygote fork. Bug: 32618130 Change-Id: I119e0bfcbf397cb331064adf148d92a5cd3ea92f
/frameworks/base/core/jni/fd_utils-inl.h
|
c03d9483f0380fb7babfdeb11d6762bc6c8d784c |
|
30-Sep-2016 |
Jakub Adamek <jakuba@google.com> |
Change name of overlay subdir property to sku. Also move the SKU subdirectories directly under /vendor/overlay. Bug: 31692079 Change-Id: I68c712b13918cc99629534580ee4f77d9e5b3823
/frameworks/base/core/jni/fd_utils-inl.h
|
1c15c635785c64aee961f895dabd184cc2e9e0b1 |
|
23-Sep-2016 |
Jakub Adamek <jakuba@google.com> |
Search for runtime resource overlays in subdir. See go/sku-colors. This changes the directory to search for framework overlays if the right system property is defined. This allows OEMs to specify different resources based on device SKUs. Bug: 31692079 Change-Id: I9cb121b286b7f52aa26de1757fde1f3110cd47fd
/frameworks/base/core/jni/fd_utils-inl.h
|
a1252ccbdbae686cb41e7efba769c4935f664220 |
|
19-Aug-2016 |
Narayan Kamath <narayan@google.com> |
Backport changes to whitelist sockets opened by the zygote. This is the backport of the following commits : Reopen whitelisted zygote file descriptors after a fork. We don't want these descriptors to be shared post-fork, so we'll have to close and reopen them when the zygote forks. The set of open descriptors is checked against a whitelist and it is a fatal error if a non whitelisted FD is opened. It is also a fatal error if anything other than a regular file / character device or socket is opened at the time of forking. This work is done in two stages : - An initial list of FDs is constructed and cached prior to the first zygote fork. - On each subsequent fork, we check whether the list of open FDs has changed. We are currently tolerant of changes, but in the longer term, it should be a fatal error if the set of open file descriptors in the zygote changes. - Post fork, we traverse the list of open descriptors and reopen them if necessary. bug: 30963384 (cherry picked from commit c5f27a7cb2ec816f483a65255034a1b57a8aa221) Fix clang build breakage (-Werror -Wformat). Use %zd for size_t. Note that this will break only on (-plus-)aosp because clang is disabled on the N development branches. bug: 30963384 (cherry picked from commit b334c33d65894f5ca9833fa55c3a1cf75e01c497) Add a whitelist of sockets on fork. Maintain a whitelist of AF_UNIX sockets that are permitted to exist at the time of forking. If an open socket does not belong to the whitelist (or is not AF_UNIX), the process will abort. If an open socket is whitelisted, it will be redirected to /dev/null after a sucessful fork. This allows us to unify our handling of the special zygote sockets (/dev/socket/zygote[_secondary]) with the existing whitelist of non socket file descriptors. This change also removes non-fatal ALOGW messages since they have the side effect of reopening the logging socket. bug: 30963384 (cherry picked from commit 3764a260f0c90dcb323caeda14baf903cc108759) fd_utils: Remove whitelist for "/dev/pmsg0". We're now calling __android_log_close prior to a fork, so this file shouldn't need to be open. bug: 31243313 bug: 30963384 (cherry picked from commit 8dee0541904e4f792cdebdee4f23f768561cb276) fd_utils: Fix broken usage of iterators. There were two separate issues here : - RestatInternal was using an iterator after a call to erase(). This will not work because it will be invalidated. - The "standard" for loop idiom for iterating over a map while making structural changes to it is broken. Switch to a while loop and treat cases where elements are erased differently from cases where they aren't. bug: 31092930 bug: 30963384 (cherry picked from commit 0b76d6a28e6978151bf245a775329cdae5e574d5) add dri device to zygote whitelisted FDs The driver can be used just like /dev/ion for graphic buffers. (cherry picked from commit 8977e424ee2d6d85fec419532ae510131aa88c45)
/frameworks/base/core/jni/fd_utils-inl.h
|
0f6a0e15606dd8b0b1aa58ee1df23f75902169a0 |
|
19-Aug-2016 |
Narayan Kamath <narayan@google.com> |
Backport changes to whitelist sockets opened by the zygote. This is the backport of the following commits : Commit c5f27a7cb2ec816f483a65255034a1b57a8aa22: ----------------------------------------------- Reopen whitelisted zygote file descriptors after a fork. We don't want these descriptors to be shared post-fork, so we'll have to close and reopen them when the zygote forks. The set of open descriptors is checked against a whitelist and it is a fatal error if a non whitelisted FD is opened. It is also a fatal error if anything other than a regular file / character device or socket is opened at the time of forking. This work is done in two stages : - An initial list of FDs is constructed and cached prior to the first zygote fork. - On each subsequent fork, we check whether the list of open FDs has changed. We are currently tolerant of changes, but in the longer term, it should be a fatal error if the set of open file descriptors in the zygote changes. - Post fork, we traverse the list of open descriptors and reopen them if necessary. bug: 30963384 Commit 3764a260f0c90dcb323caeda14baf903cc108759: ----------------------------------------------- Add a whitelist of sockets on fork. Maintain a whitelist of AF_UNIX sockets that are permitted to exist at the time of forking. If an open socket does not belong to the whitelist (or is not AF_UNIX), the process will abort. If an open socket is whitelisted, it will be redirected to /dev/null after a sucessful fork. This allows us to unify our handling of the special zygote sockets (/dev/socket/zygote[_secondary]) with the existing whitelist of non socket file descriptors. This change also removes non-fatal ALOGW messages since they have the side effect of reopening the logging socket. bug: 30963384 Commit 0b76d6a28e6978151bf245a775329cdae5e574d5: ----------------------------------------------- fd_utils: Fix broken usage of iterators. There were two separate issues here : - RestatInternal was using an iterator after a call to erase(). This will not work because it will be invalidated. - The "standard" for loop idiom for iterating over a map while making structural changes to it is broken. Switch to a while loop and treat cases where elements are erased differently from cases where they aren't. bug: 31092930 bug: 30963384 Plus additional changes: ----------------------------------------------- - add /dev/__properties__ to the whitelist. Change-Id: Ic512be6362c3c5d84767e933884872b7e995dfea
/frameworks/base/core/jni/fd_utils-inl.h
|
0b76d6a28e6978151bf245a775329cdae5e574d5 |
|
07-Sep-2016 |
Narayan Kamath <narayan@google.com> |
fd_utils: Fix broken usage of iterators. There were two separate issues here : - RestatInternal was using an iterator after a call to erase(). This will not work because it will be invalidated. - The "standard" for loop idiom for iterating over a map while making structural changes to it is broken. Switch to a while loop and treat cases where elements are erased differently from cases where they aren't. bug: 31092930 bug: 30963384 Change-Id: I261d59239558230dd8cdd1d1cb5b9e2448a4c23f
/frameworks/base/core/jni/fd_utils-inl.h
|
cefc0374eb4c0775d684ba5f650eeb1b95ee6d55 |
|
06-Sep-2016 |
Narayan Kamath <narayan@google.com> |
fd_utils: Remove /system/etc/event-log-tags from the whitelist. We don't need this file open after change bfd8eafa1d33460. bug: 30963384 Change-Id: Iaa6ff54cdef2b29c8d170b1fe0718cd045b44e2f
/frameworks/base/core/jni/fd_utils-inl.h
|
8dee0541904e4f792cdebdee4f23f768561cb276 |
|
05-Sep-2016 |
Narayan Kamath <narayan@google.com> |
fd_utils: Remove whitelist for "/dev/pmsg0". We're now calling __android_log_close prior to a fork, so this file shouldn't need to be open. bug: 31243313 bug: 30963384 Change-Id: I8c29adf075782eed966c9197d58f0325310f6c3a
/frameworks/base/core/jni/fd_utils-inl.h
|
f7d8a1648bb18402ddb914801e9bcccf45e89345 |
|
31-Aug-2016 |
Narayan Kamath <narayan@google.com> |
Merge "Add a whitelist of sockets on fork." into nyc-mr1-dev
|
8977e424ee2d6d85fec419532ae510131aa88c45 |
|
30-Aug-2016 |
Adrian Salido <salidoa@google.com> |
add dri device to zygote whitelisted FDs The driver can be used just like /dev/ion for graphic buffers. Bug: 31172436 Change-Id: I4f76e398b58a684f614f72ce7ef6bdd049ea7655
/frameworks/base/core/jni/fd_utils-inl.h
|
3764a260f0c90dcb323caeda14baf903cc108759 |
|
30-Aug-2016 |
Narayan Kamath <narayan@google.com> |
Add a whitelist of sockets on fork. Maintain a whitelist of AF_UNIX sockets that are permitted to exist at the time of forking. If an open socket does not belong to the whitelist (or is not AF_UNIX), the process will abort. If an open socket is whitelisted, it will be redirected to /dev/null after a sucessful fork. This allows us to unify our handling of the special zygote sockets (/dev/socket/zygote[_secondary]) with the existing whitelist of non socket file descriptors. This change also removes non-fatal ALOGW messages since they have the side effect of reopening the logging socket. bug: 30963384 Change-Id: Ie04dac62d0e0f29354df9ac15af217ad652ffbbe
/frameworks/base/core/jni/fd_utils-inl.h
|
b334c33d65894f5ca9833fa55c3a1cf75e01c497 |
|
29-Aug-2016 |
Narayan Kamath <narayan@google.com> |
Fix clang build breakage (-Werror -Wformat). Use %zd for size_t. Note that this will break only on (-plus-)aosp because clang is disabled on the N development branches. bug: 30963384 Change-Id: I4b5ba7caf15bc2ebf5bb3395d82170ec786ed50c
/frameworks/base/core/jni/fd_utils-inl.h
|
c5f27a7cb2ec816f483a65255034a1b57a8aa221 |
|
19-Aug-2016 |
Narayan Kamath <narayan@google.com> |
Reopen whitelisted zygote file descriptors after a fork. We don't want these descriptors to be shared post-fork, so we'll have to close and reopen them when the zygote forks. The set of open descriptors is checked against a whitelist and it is a fatal error if a non whitelisted FD is opened. It is also a fatal error if anything other than a regular file / character device or socket is opened at the time of forking. This work is done in two stages : - An initial list of FDs is constructed and cached prior to the first zygote fork. - On each subsequent fork, we check whether the list of open FDs has changed. We are currently tolerant of changes, but in the longer term, it should be a fatal error if the set of open file descriptors in the zygote changes. - Post fork, we traverse the list of open descriptors and reopen them if necessary. bug: 30963384 Change-Id: Icfd45c96c660491b554d146a9d70d97dbcc712bc
/frameworks/base/core/jni/fd_utils-inl.h
|