Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 9f6bb5b7617822c1a6c42d5f2530610bc4c84fdc^! / . / core / java / android / os / ZygoteProcess.java
commit9f6bb5b7617822c1a6c42d5f2530610bc4c84fdc[log] [tgz]
authorMathew Inwood <mathewi@google.com>Mon Apr 09 17:29:12 2018 +0100
committerMathew Inwood <mathewi@google.com>Thu Apr 19 10:12:28 2018 +0100
treeb80680b94c8e7c76f89c9c85dad29ed5c7a4cc08
parent8182e354d84a0cdf92458b268f96c28d2dce3cb6 [diff] [blame]
Fail gracefully if we get a bad API whitelist.

If we send a bad API whitelist to the Zygote, it causes it to close the
socket. If we take no further action in AMS, it results in the same list
of exceptions being sent when we re-open the socket, resulting in it again
being closed. This results in no longer fork/start any new processes.
Since the list is persisted, this would result in the device entering a
boot loop upon reboot. Since no apps could be started, we cannot recover.

So in the case that the exemptions list causes problems, clear out the
list so we don't try to send it again next time. This means we will see
a single failure, but future attempts will succeed (obviously without
any whitelist). The device should not enter a boot loop.

Note, the test below relies on the fact that we can send at most 1024
arguments in a command to the Zygote (MAX_ZYGOTE_ARGC), and that each
item on the list is a separate argument.

Test: adb shell settings put global hidden_api_blacklist_exemptions \
Test:    $(for i in {1..1025}; do echo -n $i,; done)
Bug: 64382372
Change-Id: Ie47095d516c247ff6a8d667a2ac9b7be45f1acda

diff --git a/core/java/android/os/ZygoteProcess.java b/core/java/android/os/ZygoteProcess.java
index 673da50..6994033 100644
--- a/core/java/android/os/ZygoteProcess.java
+++ b/core/java/android/os/ZygoteProcess.java

@@ -475,11 +475,14 @@
      * @param exemptions List of hidden API exemption prefixes. Any matching members are treated as
      *        whitelisted/public APIs (i.e. allowed, no logging of usage).
      */
-    public void setApiBlacklistExemptions(List<String> exemptions) {
+    public boolean setApiBlacklistExemptions(List<String> exemptions) {
         synchronized (mLock) {
             mApiBlacklistExemptions = exemptions;
-            maybeSetApiBlacklistExemptions(primaryZygoteState, true);
-            maybeSetApiBlacklistExemptions(secondaryZygoteState, true);
+            boolean ok = maybeSetApiBlacklistExemptions(primaryZygoteState, true);
+            if (ok) {
+                ok = maybeSetApiBlacklistExemptions(secondaryZygoteState, true);
+            }
+            return ok;
         }
     }
 
@@ -499,12 +502,13 @@
     }
 
     @GuardedBy("mLock")
-    private void maybeSetApiBlacklistExemptions(ZygoteState state, boolean sendIfEmpty) {
+    private boolean maybeSetApiBlacklistExemptions(ZygoteState state, boolean sendIfEmpty) {
         if (state == null || state.isClosed()) {
-            return;
+            Slog.e(LOG_TAG, "Can't set API blacklist exemptions: no zygote connection");
+            return false;
         }
         if (!sendIfEmpty && mApiBlacklistExemptions.isEmpty()) {
-            return;
+            return true;
         }
         try {
             state.writer.write(Integer.toString(mApiBlacklistExemptions.size() + 1));
@@ -520,8 +524,11 @@
             if (status != 0) {
                 Slog.e(LOG_TAG, "Failed to set API blacklist exemptions; status " + status);
             }
+            return true;
         } catch (IOException ioe) {
             Slog.e(LOG_TAG, "Failed to set API blacklist exemptions", ioe);
+            mApiBlacklistExemptions = Collections.emptyList();
+            return false;
         }
     }