diff options
| author | Nicolas Geoffray <ngeoffray@google.com> | 2019-10-29 15:45:46 +0000 |
|---|---|---|
| committer | Nicolas Geoffray <ngeoffray@google.com> | 2019-10-29 15:45:46 +0000 |
| commit | abbd4a7aa0a0251dff5bb4eecac5134ac0c4e524 (patch) | |
| tree | 72447dba3cbf6d25483da892d483c38e3a9cff89 /core/jni/fd_utils.cpp | |
| parent | 813b9e8cb49e50eeace57247f180a97acb0e789b (diff) | |
Add checks to ensure only the ART memfd file is whitelisted.
A memfd file can be created with any name, but to protect ourselves
from unintended leakage, check that it's the name ART uses.
Test: boots
Bug: 119800099
Change-Id: Ibc684d09dd05f38933c6808b72fb402fc9d5e4eb
Diffstat (limited to 'core/jni/fd_utils.cpp')
| -rw-r--r-- | core/jni/fd_utils.cpp | 24 |
1 files changed, 18 insertions, 6 deletions
diff --git a/core/jni/fd_utils.cpp b/core/jni/fd_utils.cpp index c0e4e1fe5e7a..3704ccdfb8ea 100644 --- a/core/jni/fd_utils.cpp +++ b/core/jni/fd_utils.cpp @@ -59,8 +59,8 @@ FileDescriptorWhitelist* FileDescriptorWhitelist::Get() { return instance_; } -static bool IsMemfd(const std::string& path) { - return android::base::StartsWith(path, "/memfd:"); +static bool IsArtMemfd(const std::string& path) { + return android::base::StartsWith(path, "/memfd:/boot-image-methods.art"); } bool FileDescriptorWhitelist::IsAllowed(const std::string& path) const { @@ -91,8 +91,8 @@ bool FileDescriptorWhitelist::IsAllowed(const std::string& path) const { return true; } - // In-memory files created through memfd_create are allowed. - if (IsMemfd(path)) { + // the in-memory file created by ART through memfd_create is allowed. + if (IsArtMemfd(path)) { return true; } @@ -321,8 +321,8 @@ void FileDescriptorInfo::ReopenOrDetach(fail_fn_t fail_fn) const { return DetachSocket(fail_fn); } - // Children can directly use in-memory files created through memfd_create. - if (IsMemfd(file_path)) { + // Children can directly use the in-memory file created by ART through memfd_create. + if (IsArtMemfd(file_path)) { return; } @@ -545,6 +545,10 @@ FileDescriptorTable::FileDescriptorTable( } void FileDescriptorTable::RestatInternal(std::set<int>& open_fds, fail_fn_t fail_fn) { + // ART creates a file through memfd for optimization purposes. We make sure + // there is at most one being created. + bool art_memfd_seen = false; + // Iterate through the list of file descriptors we've already recorded // and check whether : // @@ -577,6 +581,14 @@ void FileDescriptorTable::RestatInternal(std::set<int>& open_fds, fail_fn_t fail // FD. } + if (IsArtMemfd(it->second->file_path)) { + if (art_memfd_seen) { + fail_fn("ART fd already seen: " + it->second->file_path); + } else { + art_memfd_seen = true; + } + } + ++it; // Finally, remove the FD from the set of open_fds. We do this last because |