Verify shmem fd is sealed.
Change-Id: Id64f928b0ca87f08ff5fa4b9d3d2ec4852a9cb21
diff --git a/src/profiling/memory/shared_ring_buffer.cc b/src/profiling/memory/shared_ring_buffer.cc
index 8f1a884..b8e222e 100644
--- a/src/profiling/memory/shared_ring_buffer.cc
+++ b/src/profiling/memory/shared_ring_buffer.cc
@@ -42,6 +42,9 @@
constexpr auto kAlignment = 8; // 64 bits to use aligned memcpy().
constexpr auto kHeaderSize = kAlignment;
constexpr auto kGuardSize = base::kPageSize * 1024 * 16; // 64 MB.
+#if PERFETTO_BUILDFLAG(PERFETTO_OS_ANDROID)
+constexpr auto kFDSeals = F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_SEAL;
+#endif
} // namespace
@@ -88,7 +91,14 @@
if (!fd) {
// TODO: if this fails on Android we should fall back on ashmem.
+#if PERFETTO_BUILDFLAG(PERFETTO_ANDROID_BUILD)
+ // In-tree builds should only allow mem_fd, so we can inspect the seals
+ // to verify the fd is appropriately sealed.
+ PERFETTO_ELOG("memfd_create() failed");
+ return;
+#else
PERFETTO_DPLOG("memfd_create() failed");
+#endif
}
#endif
@@ -100,7 +110,7 @@
PERFETTO_CHECK(res == 0);
#if PERFETTO_BUILDFLAG(PERFETTO_OS_ANDROID)
if (is_memfd) {
- res = fcntl(*fd, F_ADD_SEALS, F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_SEAL);
+ res = fcntl(*fd, F_ADD_SEALS, kFDSeals);
PERFETTO_DCHECK(res == 0);
}
#endif
@@ -121,6 +131,15 @@
}
void SharedRingBuffer::Initialize(base::ScopedFile mem_fd) {
+#if PERFETTO_BUILDFLAG(PERFETTO_ANDROID_BUILD)
+ int seals = fcntl(*mem_fd, F_GET_SEALS);
+ if ((seals & kFDSeals) != kFDSeals) {
+ PERFETTO_ELOG("FD not properly sealed. Expected %x, got %x", kFDSeals,
+ seals);
+ return;
+ }
+#endif
+
struct stat stat_buf = {};
int res = fstat(*mem_fd, &stat_buf);
if (res != 0 || stat_buf.st_size == 0) {