ACPR/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_system_core/libcutils
History
Isaac J. Manjarres ee7a713757 ashmem: Ensure all memfds have non-executable permissions by default 
Currently, memfds are created with executable permissions, meaning that
one can load a binary into a memfd buffer and use fexecve() to run said
binary. This is not desirable for security reasons, and also does not
match with the behavior that the ashmem driver currently supports.

When the ashmem driver is in use, /dev/ashmem* does not have executable
permissions, so fexecve() cannot be used on those buffers. Linux kernels
6.3+ offer MFD_NOEXEC_SEAL as part of the memfd interface, which allows
one to create memfds with non-executable permissions. Furthermore, the
executable permissions cannot be changed on these memfds.

This matches the expected behavior that ashmem provided, so allow memfd
usage only if MFD_NOEXEC_SEAL is supported, and create memfds with
non-executable permissions by default.

Bug: 111903542
Change-Id: Ibb2c2be3c118ead44fc12bcd2b63dcf6f83c9b03
Signed-off-by: Isaac J. Manjarres <isaacmanjarres@google.com>
2024-12-03 10:13:28 -08:00
..
abi-dumps libcutils: Split uevent_open_socket() 2024-08-05 09:31:24 -07:00
include Add AID for memory management daemon 2024-11-09 23:05:36 -08:00
include_outside_system/cutils Revert "Revert "Remove cutils threads.h header completely."" 2023-08-16 22:37:14 +00:00
rust libcutils: create rust bindings for android ids 2024-11-19 02:47:16 +00:00
Android.bp libcutils: create rust bindings for android ids 2024-11-19 02:47:16 +00:00
android_get_control_env.h Clean up some mess by only building Android-specific code for the device. 2019-03-21 14:59:45 -07:00
android_get_control_file.cpp libcutils: android_get_control_file uses realpath. 2019-03-21 16:00:00 -07:00
android_get_control_file_test.cpp
android_get_control_socket_test.cpp
android_reboot.cpp libcutils: android_reboot command should be unsigned. 2019-04-02 09:19:46 -07:00
ashmem-dev.cpp ashmem: Ensure all memfds have non-executable permissions by default 2024-12-03 10:13:28 -08:00
ashmem-host.cpp Add support for ashmem-host for host Windows 2024-03-15 20:03:30 +00:00
ashmem_base_test.cpp Add support for ashmem-host for host Windows 2024-03-15 20:03:30 +00:00
ashmem_test.cpp Add support for ashmem-host for host Windows 2024-03-15 20:03:30 +00:00
canned_fs_config.cpp canned fs_config accepts multiple lines having the same path 2021-12-14 09:54:34 +09:00
config_utils.cpp
fs.cpp
fs_config.cpp Merge "Add fs_config entry for *.rc files." into main 2024-05-30 00:54:48 +00:00
fs_config.h Actually make fs_path_config / fs_path_config_from_file private 2019-06-20 23:34:30 +00:00
fs_config_test.cpp libcutils: update fs_config tests for current behavior 2019-11-06 09:40:33 -08:00
hashmap.cpp
iosched_policy.cpp Don't duplicate uapi ioprio constants. 2023-09-22 14:51:26 +00:00
KernelLibcutilsTest.xml KernelLibcutilsTest: change test file push location 2023-06-02 23:39:48 +00:00
klog.cpp
load_file.cpp
MODULE_LICENSE_APACHE2
multiuser.cpp Create utility method for converting sdk_sandbox_uid to app_uid 2022-03-03 21:49:43 +00:00
multiuser_test.cpp Create utility method for converting sdk_sandbox_uid to app_uid 2022-03-03 21:49:43 +00:00
native_handle.cpp Add fdsan capabilities for native handles 2022-09-02 00:44:13 +00:00
native_handle_test.cpp Ignore nullptr in native_handle_close(). 2019-11-12 20:23:55 -08:00
NOTICE
OWNERS Add bug component to cutils 2023-07-27 10:16:05 -07:00
partition_utils.cpp
properties.cpp There's only one <sys/system_properties.h> now. 2024-08-09 15:55:38 +00:00
properties_test.cpp libcutils: reimplement system property functions with libbase. 2020-05-21 16:20:16 -07:00
qtaguid.cpp qtaguid.cpp - improvements 2023-01-26 22:39:04 +00:00
record_stream.cpp
sched_policy_test.cpp libprocessgroup: Remove schedtune support 2024-10-02 14:47:45 +00:00
socket_inaddr_any_server_unix.cpp
socket_inaddr_any_server_windows.cpp
socket_local_client_unix.cpp
socket_local_server_unix.cpp
socket_local_unix.h Add an include 2023-10-06 18:46:17 +00:00
socket_network_client_unix.cpp
socket_network_client_windows.cpp
sockets.cpp
sockets_test.cpp Add support for ashmem-host for host Windows 2024-03-15 20:03:30 +00:00
sockets_unix.cpp libcutils: remove unused socket_set_receive_timeout(). 2019-11-08 15:21:39 -08:00
sockets_windows.cpp s/master/main/ 2023-10-04 23:31:09 +00:00
str_parms.cpp
str_parms_test.cpp
strlcpy.c
TEST_MAPPING TEST_MAPPING: enable KernelLibcutilsTest in kernel-presubmit 2023-05-31 17:29:17 +00:00
trace-container.cpp Updating ATRACE_ASYNC_FOR_TRACK_END to not require a name argument 2022-04-28 18:18:57 +00:00
trace-dev.cpp Updating ATRACE_ASYNC_FOR_TRACK_END to not require a name argument 2022-04-28 18:18:57 +00:00
trace-dev.inc There's only one <sys/system_properties.h> now. 2024-08-09 15:55:38 +00:00
trace-dev_test.cpp Updating ATRACE_ASYNC_FOR_TRACK_END to not require a name argument 2022-04-28 18:18:57 +00:00
trace-host.cpp Remove usage of ATOMIC_VAR_INIT. 2024-07-11 23:54:48 +00:00
uevent.cpp libcutils: Split uevent_open_socket() 2024-08-05 09:31:24 -07:00