| 9087f331a85790d49d1095e1eaf0305b7863e0ba |
|
23-Sep-2016 |
Narayan Kamath <narayan@google.com> |
Zygote: Additional whitelists for runtime overlay / other static resources.
Partially cherry picked from commit 1c15c635785c64a.
These files are safe to reopen for the same reason that files in
/system/framework are. They're regular files and will not change after
the first zygote fork.
Bug: 32618130
Change-Id: I119e0bfcbf397cb331064adf148d92a5cd3ea92f
(cherry picked from commit 25cd01cc69fcad34756b00e52a79c0c54178f2e6)
/frameworks/base/core/jni/fd_utils-inl.h
|
| 9efaadccc05eafab68fd28ee352b979f25785945 |
|
14-Nov-2016 |
Narayan Kamath <narayan@google.com> |
Zygote: Additional whitelisting for legacy devices. am: 5e2f7c6229 am: 6bf96c1192 am: 22e45fa247 am: d98e75feca am: 87dc13f249 am: c50c43667f
am: a5ff6c84a2
Change-Id: I62e2180c0a3b2d9e2a11b3ad4d93288bed1ccef6
|
| a5ff6c84a2f29c4900cf7b29a41bff189702dfe3 |
|
14-Nov-2016 |
Narayan Kamath <narayan@google.com> |
Zygote: Additional whitelisting for legacy devices. am: 5e2f7c6229 am: 6bf96c1192 am: 22e45fa247 am: d98e75feca am: 87dc13f249
am: c50c43667f
Change-Id: I11f57941eb00efafb14e0505131e66bc22fc68c6
|
| 87dc13f24985563010d913763cc4537a7bbf019c |
|
14-Nov-2016 |
Narayan Kamath <narayan@google.com> |
Zygote: Additional whitelisting for legacy devices. am: 5e2f7c6229 am: 6bf96c1192 am: 22e45fa247
am: d98e75feca
Change-Id: Ic63a80f3a591956fd82a223c74050a24d7805add
|
| 76a388b93b2a6b30addf2a8b8796fcc61961a298 |
|
09-Nov-2016 |
Narayan Kamath <narayan@google.com> |
Zygote: Additional whitelists for runtime overlay / other static resources. am: 25cd01cc69
am: 4f65baa12f
Change-Id: Ib482d999552ca44ccc000a4a2f5604e920db2079
|
| 5e2f7c6229d7191183888d685b57a7d0a2835fce |
|
07-Nov-2016 |
Narayan Kamath <narayan@google.com> |
Zygote: Additional whitelisting for legacy devices.
On M and below, we provide a blanket whitelist for all files under
"/vendor/zygote_whitelist". This path is whitelisted purely to allow
this patch to be applied easily on legacy devices and configurations.
Note that this does not amount to a loosening of our security policy
because whitelisted files are reopened anyway.
Bug: 32691930
Test: manual
Change-Id: If5b53f6f0a707f8d36603c09bfd3f72dbfbbbb99
/frameworks/base/core/jni/fd_utils-inl.h
|
| 4e8ba1d73eee1311bb78144be43862b393548d5d |
|
23-Sep-2016 |
Narayan Kamath <narayan@google.com> |
Zygote: Additional whitelists for runtime overlay / other static resources.
Partially cherry picked from commit 1c15c635785c64a.
These files are safe to reopen for the same reason that files in
/system/framework are. They're regular files and will not change after
the first zygote fork.
Bug: 32618130
Change-Id: I119e0bfcbf397cb331064adf148d92a5cd3ea92f
/frameworks/base/core/jni/fd_utils-inl.h
|
| 25cd01cc69fcad34756b00e52a79c0c54178f2e6 |
|
23-Sep-2016 |
Narayan Kamath <narayan@google.com> |
Zygote: Additional whitelists for runtime overlay / other static resources.
Partially cherry picked from commit 1c15c635785c64a.
These files are safe to reopen for the same reason that files in
/system/framework are. They're regular files and will not change after
the first zygote fork.
Bug: 32618130
Change-Id: I119e0bfcbf397cb331064adf148d92a5cd3ea92f
/frameworks/base/core/jni/fd_utils-inl.h
|
| c03d9483f0380fb7babfdeb11d6762bc6c8d784c |
|
30-Sep-2016 |
Jakub Adamek <jakuba@google.com> |
Change name of overlay subdir property to sku.
Also move the SKU subdirectories directly under /vendor/overlay.
Bug: 31692079
Change-Id: I68c712b13918cc99629534580ee4f77d9e5b3823
/frameworks/base/core/jni/fd_utils-inl.h
|
| 1c15c635785c64aee961f895dabd184cc2e9e0b1 |
|
23-Sep-2016 |
Jakub Adamek <jakuba@google.com> |
Search for runtime resource overlays in subdir.
See go/sku-colors. This changes the directory to search for framework
overlays if the right system property is defined. This allows
OEMs to specify different resources based on device SKUs.
Bug: 31692079
Change-Id: I9cb121b286b7f52aa26de1757fde1f3110cd47fd
/frameworks/base/core/jni/fd_utils-inl.h
|
| a1252ccbdbae686cb41e7efba769c4935f664220 |
|
19-Aug-2016 |
Narayan Kamath <narayan@google.com> |
Backport changes to whitelist sockets opened by the zygote.
This is the backport of the following commits :
Reopen whitelisted zygote file descriptors after a fork.
We don't want these descriptors to be shared post-fork, so we'll
have to close and reopen them when the zygote forks. The set of
open descriptors is checked against a whitelist and it is a fatal
error if a non whitelisted FD is opened. It is also a fatal error
if anything other than a regular file / character device or socket
is opened at the time of forking.
This work is done in two stages :
- An initial list of FDs is constructed and cached prior to the
first zygote fork.
- On each subsequent fork, we check whether the list of open FDs
has changed. We are currently tolerant of changes, but in the
longer term, it should be a fatal error if the set of open file
descriptors in the zygote changes.
- Post fork, we traverse the list of open descriptors and reopen
them if necessary.
bug: 30963384
(cherry picked from commit c5f27a7cb2ec816f483a65255034a1b57a8aa221)
Fix clang build breakage (-Werror -Wformat).
Use %zd for size_t. Note that this will break only on (-plus-)aosp because
clang is disabled on the N development branches.
bug: 30963384
(cherry picked from commit b334c33d65894f5ca9833fa55c3a1cf75e01c497)
Add a whitelist of sockets on fork.
Maintain a whitelist of AF_UNIX sockets that are permitted
to exist at the time of forking. If an open socket does not belong
to the whitelist (or is not AF_UNIX), the process will abort. If an
open socket is whitelisted, it will be redirected to /dev/null after
a sucessful fork. This allows us to unify our handling of the special
zygote sockets (/dev/socket/zygote[_secondary]) with the existing
whitelist of non socket file descriptors.
This change also removes non-fatal ALOGW messages since they have the
side effect of reopening the logging socket.
bug: 30963384
(cherry picked from commit 3764a260f0c90dcb323caeda14baf903cc108759)
fd_utils: Remove whitelist for "/dev/pmsg0".
We're now calling __android_log_close prior to a fork, so this file
shouldn't need to be open.
bug: 31243313
bug: 30963384
(cherry picked from commit 8dee0541904e4f792cdebdee4f23f768561cb276)
fd_utils: Fix broken usage of iterators.
There were two separate issues here :
- RestatInternal was using an iterator after a call to erase(). This
will not work because it will be invalidated.
- The "standard" for loop idiom for iterating over a map while making
structural changes to it is broken. Switch to a while loop and treat
cases where elements are erased differently from cases where they
aren't.
bug: 31092930
bug: 30963384
(cherry picked from commit 0b76d6a28e6978151bf245a775329cdae5e574d5)
add dri device to zygote whitelisted FDs
The driver can be used just like /dev/ion for graphic buffers.
(cherry picked from commit 8977e424ee2d6d85fec419532ae510131aa88c45)
/frameworks/base/core/jni/fd_utils-inl.h
|
| 0f6a0e15606dd8b0b1aa58ee1df23f75902169a0 |
|
19-Aug-2016 |
Narayan Kamath <narayan@google.com> |
Backport changes to whitelist sockets opened by the zygote.
This is the backport of the following commits :
Commit c5f27a7cb2ec816f483a65255034a1b57a8aa22:
-----------------------------------------------
Reopen whitelisted zygote file descriptors after a fork.
We don't want these descriptors to be shared post-fork, so we'll
have to close and reopen them when the zygote forks. The set of
open descriptors is checked against a whitelist and it is a fatal
error if a non whitelisted FD is opened. It is also a fatal error
if anything other than a regular file / character device or socket
is opened at the time of forking.
This work is done in two stages :
- An initial list of FDs is constructed and cached prior to the
first zygote fork.
- On each subsequent fork, we check whether the list of open FDs
has changed. We are currently tolerant of changes, but in the
longer term, it should be a fatal error if the set of open file
descriptors in the zygote changes.
- Post fork, we traverse the list of open descriptors and reopen
them if necessary.
bug: 30963384
Commit 3764a260f0c90dcb323caeda14baf903cc108759:
-----------------------------------------------
Add a whitelist of sockets on fork.
Maintain a whitelist of AF_UNIX sockets that are permitted
to exist at the time of forking. If an open socket does not belong
to the whitelist (or is not AF_UNIX), the process will abort. If an
open socket is whitelisted, it will be redirected to /dev/null after
a sucessful fork. This allows us to unify our handling of the special
zygote sockets (/dev/socket/zygote[_secondary]) with the existing
whitelist of non socket file descriptors.
This change also removes non-fatal ALOGW messages since they have the
side effect of reopening the logging socket.
bug: 30963384
Commit 0b76d6a28e6978151bf245a775329cdae5e574d5:
-----------------------------------------------
fd_utils: Fix broken usage of iterators.
There were two separate issues here :
- RestatInternal was using an iterator after a call to erase(). This
will not work because it will be invalidated.
- The "standard" for loop idiom for iterating over a map while making
structural changes to it is broken. Switch to a while loop and treat
cases where elements are erased differently from cases where they
aren't.
bug: 31092930
bug: 30963384
Plus additional changes:
-----------------------------------------------
- add /dev/__properties__ to the whitelist.
Change-Id: Ic512be6362c3c5d84767e933884872b7e995dfea
/frameworks/base/core/jni/fd_utils-inl.h
|
| 0b76d6a28e6978151bf245a775329cdae5e574d5 |
|
07-Sep-2016 |
Narayan Kamath <narayan@google.com> |
fd_utils: Fix broken usage of iterators.
There were two separate issues here :
- RestatInternal was using an iterator after a call to erase(). This
will not work because it will be invalidated.
- The "standard" for loop idiom for iterating over a map while making
structural changes to it is broken. Switch to a while loop and treat
cases where elements are erased differently from cases where they
aren't.
bug: 31092930
bug: 30963384
Change-Id: I261d59239558230dd8cdd1d1cb5b9e2448a4c23f
/frameworks/base/core/jni/fd_utils-inl.h
|
| cefc0374eb4c0775d684ba5f650eeb1b95ee6d55 |
|
06-Sep-2016 |
Narayan Kamath <narayan@google.com> |
fd_utils: Remove /system/etc/event-log-tags from the whitelist.
We don't need this file open after change bfd8eafa1d33460.
bug: 30963384
Change-Id: Iaa6ff54cdef2b29c8d170b1fe0718cd045b44e2f
/frameworks/base/core/jni/fd_utils-inl.h
|
| 8dee0541904e4f792cdebdee4f23f768561cb276 |
|
05-Sep-2016 |
Narayan Kamath <narayan@google.com> |
fd_utils: Remove whitelist for "/dev/pmsg0".
We're now calling __android_log_close prior to a fork, so this file
shouldn't need to be open.
bug: 31243313
bug: 30963384
Change-Id: I8c29adf075782eed966c9197d58f0325310f6c3a
/frameworks/base/core/jni/fd_utils-inl.h
|
| f7d8a1648bb18402ddb914801e9bcccf45e89345 |
|
31-Aug-2016 |
Narayan Kamath <narayan@google.com> |
Merge "Add a whitelist of sockets on fork." into nyc-mr1-dev
|
| 8977e424ee2d6d85fec419532ae510131aa88c45 |
|
30-Aug-2016 |
Adrian Salido <salidoa@google.com> |
add dri device to zygote whitelisted FDs
The driver can be used just like /dev/ion for graphic buffers.
Bug: 31172436
Change-Id: I4f76e398b58a684f614f72ce7ef6bdd049ea7655
/frameworks/base/core/jni/fd_utils-inl.h
|
| 3764a260f0c90dcb323caeda14baf903cc108759 |
|
30-Aug-2016 |
Narayan Kamath <narayan@google.com> |
Add a whitelist of sockets on fork.
Maintain a whitelist of AF_UNIX sockets that are permitted
to exist at the time of forking. If an open socket does not belong
to the whitelist (or is not AF_UNIX), the process will abort. If an
open socket is whitelisted, it will be redirected to /dev/null after
a sucessful fork. This allows us to unify our handling of the special
zygote sockets (/dev/socket/zygote[_secondary]) with the existing
whitelist of non socket file descriptors.
This change also removes non-fatal ALOGW messages since they have the
side effect of reopening the logging socket.
bug: 30963384
Change-Id: Ie04dac62d0e0f29354df9ac15af217ad652ffbbe
/frameworks/base/core/jni/fd_utils-inl.h
|
| b334c33d65894f5ca9833fa55c3a1cf75e01c497 |
|
29-Aug-2016 |
Narayan Kamath <narayan@google.com> |
Fix clang build breakage (-Werror -Wformat).
Use %zd for size_t. Note that this will break only on (-plus-)aosp because
clang is disabled on the N development branches.
bug: 30963384
Change-Id: I4b5ba7caf15bc2ebf5bb3395d82170ec786ed50c
/frameworks/base/core/jni/fd_utils-inl.h
|
| c5f27a7cb2ec816f483a65255034a1b57a8aa221 |
|
19-Aug-2016 |
Narayan Kamath <narayan@google.com> |
Reopen whitelisted zygote file descriptors after a fork.
We don't want these descriptors to be shared post-fork, so we'll
have to close and reopen them when the zygote forks. The set of
open descriptors is checked against a whitelist and it is a fatal
error if a non whitelisted FD is opened. It is also a fatal error
if anything other than a regular file / character device or socket
is opened at the time of forking.
This work is done in two stages :
- An initial list of FDs is constructed and cached prior to the
first zygote fork.
- On each subsequent fork, we check whether the list of open FDs
has changed. We are currently tolerant of changes, but in the
longer term, it should be a fatal error if the set of open file
descriptors in the zygote changes.
- Post fork, we traverse the list of open descriptors and reopen
them if necessary.
bug: 30963384
Change-Id: Icfd45c96c660491b554d146a9d70d97dbcc712bc
/frameworks/base/core/jni/fd_utils-inl.h
|