Disable XOM on libraries for apps with targetSdkVerison<Q
Apps may (and do) assume that libraries are readable. To avoid app
breakage, mark execute-only sections of as read+execute
for apps with targetSdkVersion<Q.
Bug: 128907672
Test: Check libc for app with targetSdk==current
cat /proc/25950/maps | grep libc.so
77c01e3000-77c028b000 --xp 00041000 07:20 106 /apex/com.android.runtime/lib64/bionic/libc.so
Test: Check libc for app with targetSdk<current
cat /proc/26355/maps | grep libc.so
77c01e3000-77c028b000 r-xp 00041000 07:20 106
/apex/com.android.runtime/lib64/bionic/libc.so
Change-Id: I90b5c91923c8008ae4b4818985842fe3e354a850
diff --git a/core/java/com/android/internal/os/Zygote.java b/core/java/com/android/internal/os/Zygote.java
index 992ddd8..0e21fab 100644
--- a/core/java/com/android/internal/os/Zygote.java
+++ b/core/java/com/android/internal/os/Zygote.java
@@ -24,6 +24,7 @@
import android.net.Credentials;
import android.net.LocalServerSocket;
import android.net.LocalSocket;
+import android.os.Build;
import android.os.FactoryTest;
import android.os.IVold;
import android.os.Process;
@@ -236,7 +237,7 @@
public static int forkAndSpecialize(int uid, int gid, int[] gids, int runtimeFlags,
int[][] rlimits, int mountExternal, String seInfo, String niceName, int[] fdsToClose,
int[] fdsToIgnore, boolean startChildZygote, String instructionSet, String appDataDir,
- String packageName, String[] packagesForUID, String sandboxId) {
+ String packageName, String[] packagesForUID, String sandboxId, int targetSdkVersion) {
ZygoteHooks.preFork();
// Resets nice priority for zygote process.
resetNicePriority();
@@ -246,6 +247,7 @@
packagesForUID, sandboxId);
// Enable tracing as soon as possible for the child process.
if (pid == 0) {
+ Zygote.disableExecuteOnly(targetSdkVersion);
Trace.setTracingEnabled(true, runtimeFlags);
// Note that this event ends at the end of handleChildProc,
@@ -599,6 +601,8 @@
args.mInstructionSet, args.mAppDataDir, args.mPackageName,
args.mPackagesForUid, args.mSandboxId);
+ disableExecuteOnly(args.mTargetSdkVersion);
+
if (args.mNiceName != null) {
Process.setArgV0(args.mNiceName);
}
@@ -650,6 +654,17 @@
}
/**
+ * Mark execute-only segments of libraries read+execute for apps with targetSdkVersion<Q.
+ */
+ protected static void disableExecuteOnly(int targetSdkVersion) {
+ if ((targetSdkVersion < Build.VERSION_CODES.Q) && !nativeDisableExecuteOnly()) {
+ Log.e("Zygote", "Failed to set libraries to read+execute.");
+ }
+ }
+
+ private static native boolean nativeDisableExecuteOnly();
+
+ /**
* @return Raw file descriptors for the read-end of USAP reporting pipes.
*/
protected static int[] getUsapPipeFDs() {
diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java/com/android/internal/os/ZygoteConnection.java
index 87adce7..9e018b0 100644
--- a/core/java/com/android/internal/os/ZygoteConnection.java
+++ b/core/java/com/android/internal/os/ZygoteConnection.java
@@ -264,7 +264,7 @@
parsedArgs.mRuntimeFlags, rlimits, parsedArgs.mMountExternal, parsedArgs.mSeInfo,
parsedArgs.mNiceName, fdsToClose, fdsToIgnore, parsedArgs.mStartChildZygote,
parsedArgs.mInstructionSet, parsedArgs.mAppDataDir, parsedArgs.mPackageName,
- parsedArgs.mPackagesForUid, parsedArgs.mSandboxId);
+ parsedArgs.mPackagesForUid, parsedArgs.mSandboxId, parsedArgs.mTargetSdkVersion);
try {
if (pid == 0) {
diff --git a/core/jni/com_android_internal_os_Zygote.cpp b/core/jni/com_android_internal_os_Zygote.cpp
index cde1884..70b3436 100644
--- a/core/jni/com_android_internal_os_Zygote.cpp
+++ b/core/jni/com_android_internal_os_Zygote.cpp
@@ -46,6 +46,7 @@
#include <fcntl.h>
#include <grp.h>
#include <inttypes.h>
+#include <link.h>
#include <malloc.h>
#include <mntent.h>
#include <paths.h>
@@ -54,6 +55,7 @@
#include <sys/capability.h>
#include <sys/cdefs.h>
#include <sys/eventfd.h>
+#include <sys/mman.h>
#include <sys/personality.h>
#include <sys/prctl.h>
#include <sys/resource.h>
@@ -69,6 +71,7 @@
#include <android-base/properties.h>
#include <android-base/file.h>
#include <android-base/stringprintf.h>
+#include <android-base/strings.h>
#include <android-base/unique_fd.h>
#include <cutils/fs.h>
#include <cutils/multiuser.h>
@@ -1975,6 +1978,26 @@
}
}
+static int disable_execute_only(struct dl_phdr_info *info, size_t size, void *data) {
+ // Search for any execute-only segments and mark them read+execute.
+ for (int i = 0; i < info->dlpi_phnum; i++) {
+ if ((info->dlpi_phdr[i].p_type == PT_LOAD) && (info->dlpi_phdr[i].p_flags == PF_X)) {
+ mprotect(reinterpret_cast<void*>(info->dlpi_addr + info->dlpi_phdr[i].p_vaddr),
+ info->dlpi_phdr[i].p_memsz, PROT_READ | PROT_EXEC);
+ }
+ }
+ // Return non-zero to exit dl_iterate_phdr.
+ return 0;
+}
+
+/**
+ * @param env Managed runtime environment
+ * @return True if disable was successful.
+ */
+static jboolean com_android_internal_os_Zygote_nativeDisableExecuteOnly(JNIEnv* env, jclass) {
+ return dl_iterate_phdr(disable_execute_only, nullptr) == 0;
+}
+
static const JNINativeMethod gMethods[] = {
{ "nativeSecurityInit", "()V",
(void *) com_android_internal_os_Zygote_nativeSecurityInit },
@@ -2007,7 +2030,9 @@
{ "nativeGetUsapPoolCount", "()I",
(void *) com_android_internal_os_Zygote_nativeGetUsapPoolCount },
{ "nativeEmptyUsapPool", "()V",
- (void *) com_android_internal_os_Zygote_nativeEmptyUsapPool }
+ (void *) com_android_internal_os_Zygote_nativeEmptyUsapPool },
+ { "nativeDisableExecuteOnly", "()Z",
+ (void *) com_android_internal_os_Zygote_nativeDisableExecuteOnly }
};
int register_com_android_internal_os_Zygote(JNIEnv* env) {