ACPR/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge "ashmem: Ensure all memfds have non-executable permissions by default" into main am: 445d2e0025

Browse source 
Original change: https://android-review.googlesource.com/c/platform/system/core/+/3388580

Change-Id: I0764f39cae8029a14042d4196287adc870264a89
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Isaac Manjarres 2024-12-03 23:25:21 +00:00 committed by Automerger Merge Worker
commit 54fcd05250
1 changed files with 14 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
libcutils/ashmem-dev.cpp
View file

@ -114,8 +114,14 @@ static bool __has_memfd_support() {
// Check if kernel support exists, otherwise fall back to ashmem. // Check if kernel support exists, otherwise fall back to ashmem.
// This code needs to build on old API levels, so we can't use the libc // This code needs to build on old API levels, so we can't use the libc
// wrapper. // wrapper.
//
// MFD_NOEXEC_SEAL is used to match the semantics of the ashmem device,
// which did not have executable permissions. This also seals the executable
// permissions of the buffer (i.e. they cannot be changed by fchmod()).
//
// MFD_NOEXEC_SEAL implies MFD_ALLOW_SEALING.
android::base::unique_fd fd( android::base::unique_fd fd(
syscall(__NR_memfd_create, "test_android_memfd", MFD_CLOEXEC | MFD_ALLOW_SEALING)); syscall(__NR_memfd_create, "test_android_memfd", MFD_CLOEXEC | MFD_NOEXEC_SEAL));
if (fd == -1) { if (fd == -1) {
ALOGE("memfd_create failed: %s, no memfd support.\n", strerror(errno)); ALOGE("memfd_create failed: %s, no memfd support.\n", strerror(errno));
return false; return false;
@ -289,7 +295,13 @@ int ashmem_valid(int fd)
static int memfd_create_region(const char* name, size_t size) { static int memfd_create_region(const char* name, size_t size) {
// This code needs to build on old API levels, so we can't use the libc // This code needs to build on old API levels, so we can't use the libc
// wrapper. // wrapper.
android::base::unique_fd fd(syscall(__NR_memfd_create, name, MFD_CLOEXEC | MFD_ALLOW_SEALING)); //
// MFD_NOEXEC_SEAL to match the semantics of the ashmem device, which did
// not have executable permissions. This also seals the executable
// permissions of the buffer (i.e. they cannot be changed by fchmod()).
//
// MFD_NOEXEC_SEAL implies MFD_ALLOW_SEALING.
android::base::unique_fd fd(syscall(__NR_memfd_create, name, MFD_CLOEXEC | MFD_NOEXEC_SEAL));
if (fd == -1) { if (fd == -1) {
ALOGE("memfd_create(%s, %zd) failed: %s\n", name, size, strerror(errno)); ALOGE("memfd_create(%s, %zd) failed: %s\n", name, size, strerror(errno));