Frameworks: Refactor zygote abort code
Fail in the main fork function. This will simplify follow-ups that
will include more data in the abort.
(cherry picked from commit b8aae1969c6b8f9ac420745166edcd6c9fe59717)
Bug: 74531335
Test: m
Test: Device boots
Merged-In: I269eae0fb15e96fb27d02d4b7c6fdf7e9e8e3346
Change-Id: I269eae0fb15e96fb27d02d4b7c6fdf7e9e8e3346
diff --git a/core/jni/com_android_internal_os_Zygote.cpp b/core/jni/com_android_internal_os_Zygote.cpp
index d05be2c..6b4e4f2 100644
--- a/core/jni/com_android_internal_os_Zygote.cpp
+++ b/core/jni/com_android_internal_os_Zygote.cpp
@@ -71,6 +71,9 @@
using android::base::StringPrintf;
using android::base::WriteStringToFile;
+#define CREATE_ERROR(...) StringPrintf("%s:%d: ", __FILE__, __LINE__). \
+ append(StringPrintf(__VA_ARGS__))
+
static pid_t gSystemServerPid = 0;
static const char kZygoteClassName[] = "com/android/internal/os/Zygote";
@@ -186,30 +189,32 @@
// Calls POSIX setgroups() using the int[] object as an argument.
// A NULL argument is tolerated.
-static void SetGids(JNIEnv* env, jintArray javaGids) {
+static bool SetGids(JNIEnv* env, jintArray javaGids, std::string* error_msg) {
if (javaGids == NULL) {
- return;
+ return true;
}
ScopedIntArrayRO gids(env, javaGids);
if (gids.get() == NULL) {
- RuntimeAbort(env, __LINE__, "Getting gids int array failed");
+ *error_msg = CREATE_ERROR("Getting gids int array failed");
+ return false;
}
int rc = setgroups(gids.size(), reinterpret_cast<const gid_t*>(&gids[0]));
if (rc == -1) {
- std::ostringstream oss;
- oss << "setgroups failed: " << strerror(errno) << ", gids.size=" << gids.size();
- RuntimeAbort(env, __LINE__, oss.str().c_str());
+ *error_msg = CREATE_ERROR("setgroups failed: %s, gids.size=%zu", strerror(errno), gids.size());
+ return false;
}
+
+ return true;
}
// Sets the resource limits via setrlimit(2) for the values in the
// two-dimensional array of integers that's passed in. The second dimension
// contains a tuple of length 3: (resource, rlim_cur, rlim_max). NULL is
// treated as an empty array.
-static void SetRLimits(JNIEnv* env, jobjectArray javaRlimits) {
+static bool SetRLimits(JNIEnv* env, jobjectArray javaRlimits, std::string* error_msg) {
if (javaRlimits == NULL) {
- return;
+ return true;
}
rlimit rlim;
@@ -219,7 +224,8 @@
ScopedLocalRef<jobject> javaRlimitObject(env, env->GetObjectArrayElement(javaRlimits, i));
ScopedIntArrayRO javaRlimit(env, reinterpret_cast<jintArray>(javaRlimitObject.get()));
if (javaRlimit.size() != 3) {
- RuntimeAbort(env, __LINE__, "rlimits array must have a second dimension of size 3");
+ *error_msg = CREATE_ERROR("rlimits array must have a second dimension of size 3");
+ return false;
}
rlim.rlim_cur = javaRlimit[1];
@@ -227,11 +233,13 @@
int rc = setrlimit(javaRlimit[0], &rlim);
if (rc == -1) {
- ALOGE("setrlimit(%d, {%ld, %ld}) failed", javaRlimit[0], rlim.rlim_cur,
+ *error_msg = CREATE_ERROR("setrlimit(%d, {%ld, %ld}) failed", javaRlimit[0], rlim.rlim_cur,
rlim.rlim_max);
- RuntimeAbort(env, __LINE__, "setrlimit failed");
+ return false;
}
}
+
+ return true;
}
// The debug malloc library needs to know whether it's the zygote or a child.
@@ -259,14 +267,16 @@
}
}
-static void EnableKeepCapabilities(JNIEnv* env) {
+static bool EnableKeepCapabilities(std::string* error_msg) {
int rc = prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
if (rc == -1) {
- RuntimeAbort(env, __LINE__, "prctl(PR_SET_KEEPCAPS) failed");
+ *error_msg = CREATE_ERROR("prctl(PR_SET_KEEPCAPS) failed: %s", strerror(errno));
+ return false;
}
+ return true;
}
-static void DropCapabilitiesBoundingSet(JNIEnv* env) {
+static bool DropCapabilitiesBoundingSet(std::string* error_msg) {
for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {
int rc = prctl(PR_CAPBSET_DROP, i, 0, 0, 0);
if (rc == -1) {
@@ -274,14 +284,15 @@
ALOGE("prctl(PR_CAPBSET_DROP) failed with EINVAL. Please verify "
"your kernel is compiled with file capabilities support");
} else {
- ALOGE("prctl(PR_CAPBSET_DROP, %d) failed: %s", i, strerror(errno));
- RuntimeAbort(env, __LINE__, "prctl(PR_CAPBSET_DROP) failed");
+ *error_msg = CREATE_ERROR("prctl(PR_CAPBSET_DROP, %d) failed: %s", i, strerror(errno));
+ return false;
}
}
}
+ return true;
}
-static void SetInheritable(JNIEnv* env, uint64_t inheritable) {
+static bool SetInheritable(uint64_t inheritable, std::string* error_msg) {
__user_cap_header_struct capheader;
memset(&capheader, 0, sizeof(capheader));
capheader.version = _LINUX_CAPABILITY_VERSION_3;
@@ -289,21 +300,23 @@
__user_cap_data_struct capdata[2];
if (capget(&capheader, &capdata[0]) == -1) {
- ALOGE("capget failed: %s", strerror(errno));
- RuntimeAbort(env, __LINE__, "capget failed");
+ *error_msg = CREATE_ERROR("capget failed: %s", strerror(errno));
+ return false;
}
capdata[0].inheritable = inheritable;
capdata[1].inheritable = inheritable >> 32;
if (capset(&capheader, &capdata[0]) == -1) {
- ALOGE("capset(inh=%" PRIx64 ") failed: %s", inheritable, strerror(errno));
- RuntimeAbort(env, __LINE__, "capset failed");
+ *error_msg = CREATE_ERROR("capset(inh=%" PRIx64 ") failed: %s", inheritable, strerror(errno));
+ return false;
}
+
+ return true;
}
-static void SetCapabilities(JNIEnv* env, uint64_t permitted, uint64_t effective,
- uint64_t inheritable) {
+static bool SetCapabilities(uint64_t permitted, uint64_t effective, uint64_t inheritable,
+ std::string* error_msg) {
__user_cap_header_struct capheader;
memset(&capheader, 0, sizeof(capheader));
capheader.version = _LINUX_CAPABILITY_VERSION_3;
@@ -319,18 +332,20 @@
capdata[1].inheritable = inheritable >> 32;
if (capset(&capheader, &capdata[0]) == -1) {
- ALOGE("capset(perm=%" PRIx64 ", eff=%" PRIx64 ", inh=%" PRIx64 ") failed: %s", permitted,
- effective, inheritable, strerror(errno));
- RuntimeAbort(env, __LINE__, "capset failed");
+ *error_msg = CREATE_ERROR("capset(perm=%" PRIx64 ", eff=%" PRIx64 ", inh=%" PRIx64 ") "
+ "failed: %s", permitted, effective, inheritable, strerror(errno));
+ return false;
}
+ return true;
}
-static void SetSchedulerPolicy(JNIEnv* env) {
+static bool SetSchedulerPolicy(std::string* error_msg) {
errno = -set_sched_policy(0, SP_DEFAULT);
if (errno != 0) {
- ALOGE("set_sched_policy(0, SP_DEFAULT) failed");
- RuntimeAbort(env, __LINE__, "set_sched_policy(0, SP_DEFAULT) failed");
+ *error_msg = CREATE_ERROR("set_sched_policy(0, SP_DEFAULT) failed: %s", strerror(errno));
+ return false;
}
+ return true;
}
static int UnmountTree(const char* path) {
@@ -364,7 +379,7 @@
// Create a private mount namespace and bind mount appropriate emulated
// storage for the given user.
static bool MountEmulatedStorage(uid_t uid, jint mount_mode,
- bool force_mount_namespace) {
+ bool force_mount_namespace, std::string* error_msg) {
// See storage config details at http://source.android.com/tech/storage/
String8 storageSource;
@@ -381,7 +396,7 @@
// Create a second private mount namespace for our process
if (unshare(CLONE_NEWNS) == -1) {
- ALOGW("Failed to unshare(): %s", strerror(errno));
+ *error_msg = CREATE_ERROR("Failed to unshare(): %s", strerror(errno));
return false;
}
@@ -392,7 +407,9 @@
if (TEMP_FAILURE_RETRY(mount(storageSource.string(), "/storage",
NULL, MS_BIND | MS_REC | MS_SLAVE, NULL)) == -1) {
- ALOGW("Failed to mount %s to /storage: %s", storageSource.string(), strerror(errno));
+ *error_msg = CREATE_ERROR("Failed to mount %s to /storage: %s",
+ storageSource.string(),
+ strerror(errno));
return false;
}
@@ -400,11 +417,14 @@
userid_t user_id = multiuser_get_user_id(uid);
const String8 userSource(String8::format("/mnt/user/%d", user_id));
if (fs_prepare_dir(userSource.string(), 0751, 0, 0) == -1) {
+ *error_msg = CREATE_ERROR("fs_prepare_dir failed on %s", userSource.string());
return false;
}
if (TEMP_FAILURE_RETRY(mount(userSource.string(), "/storage/self",
NULL, MS_BIND, NULL)) == -1) {
- ALOGW("Failed to mount %s to /storage/self: %s", userSource.string(), strerror(errno));
+ *error_msg = CREATE_ERROR("Failed to mount %s to /storage/self: %s",
+ userSource.string(),
+ strerror(errno));
return false;
}
@@ -436,31 +456,32 @@
// descriptor (if any) is closed via dup2(), replacing it with a valid
// (open) descriptor to /dev/null.
-static void DetachDescriptors(JNIEnv* env, jintArray fdsToClose) {
+static bool DetachDescriptors(JNIEnv* env, jintArray fdsToClose, std::string* error_msg) {
if (!fdsToClose) {
- return;
+ return true;
}
jsize count = env->GetArrayLength(fdsToClose);
ScopedIntArrayRO ar(env, fdsToClose);
if (ar.get() == NULL) {
- RuntimeAbort(env, __LINE__, "Bad fd array");
+ *error_msg = "Bad fd array";
+ return false;
}
jsize i;
int devnull;
for (i = 0; i < count; i++) {
devnull = open("/dev/null", O_RDWR);
if (devnull < 0) {
- ALOGE("Failed to open /dev/null: %s", strerror(errno));
- RuntimeAbort(env, __LINE__, "Failed to open /dev/null");
- continue;
+ *error_msg = std::string("Failed to open /dev/null: ").append(strerror(errno));
+ return false;
}
ALOGV("Switching descriptor %d to /dev/null: %s", ar[i], strerror(errno));
if (dup2(devnull, ar[i]) < 0) {
- ALOGE("Failed dup2() on descriptor %d: %s", ar[i], strerror(errno));
- RuntimeAbort(env, __LINE__, "Failed dup2()");
+ *error_msg = StringPrintf("Failed dup2() on descriptor %d: %s", ar[i], strerror(errno));
+ return false;
}
close(devnull);
}
+ return true;
}
void SetThreadName(const char* thread_name) {
@@ -495,20 +516,23 @@
// The list of open zygote file descriptors.
static FileDescriptorTable* gOpenFdTable = NULL;
-static void FillFileDescriptorVector(JNIEnv* env,
+static bool FillFileDescriptorVector(JNIEnv* env,
jintArray java_fds,
- std::vector<int>* fds) {
+ std::vector<int>* fds,
+ std::string* error_msg) {
CHECK(fds != nullptr);
if (java_fds != nullptr) {
ScopedIntArrayRO ar(env, java_fds);
if (ar.get() == nullptr) {
- RuntimeAbort(env, __LINE__, "Bad fd array");
+ *error_msg = "Bad fd array";
+ return false;
}
fds->reserve(ar.size());
for (size_t i = 0; i < ar.size(); ++i) {
fds->push_back(ar[i]);
}
}
+ return true;
}
// Utility routine to fork zygote and specialize the child process.
@@ -526,32 +550,40 @@
sigemptyset(&sigchld);
sigaddset(&sigchld, SIGCHLD);
+ auto fail_fn = [env](const std::string& msg) __attribute__ ((noreturn)) {
+ env->FatalError(msg.c_str());
+ __builtin_unreachable();
+ };
+
// Temporarily block SIGCHLD during forks. The SIGCHLD handler might
// log, which would result in the logging FDs we close being reopened.
// This would cause failures because the FDs are not whitelisted.
//
// Note that the zygote process is single threaded at this point.
if (sigprocmask(SIG_BLOCK, &sigchld, nullptr) == -1) {
- ALOGE("sigprocmask(SIG_SETMASK, { SIGCHLD }) failed: %s", strerror(errno));
- RuntimeAbort(env, __LINE__, "Call to sigprocmask(SIG_BLOCK, { SIGCHLD }) failed.");
+ fail_fn(CREATE_ERROR("sigprocmask(SIG_SETMASK, { SIGCHLD }) failed: %s", strerror(errno)));
}
// Close any logging related FDs before we start evaluating the list of
// file descriptors.
__android_log_close();
+ std::string error_msg;
+
// If this is the first fork for this zygote, create the open FD table.
// If it isn't, we just need to check whether the list of open files has
// changed (and it shouldn't in the normal case).
std::vector<int> fds_to_ignore;
- FillFileDescriptorVector(env, fdsToIgnore, &fds_to_ignore);
+ if (!FillFileDescriptorVector(env, fdsToIgnore, &fds_to_ignore, &error_msg)) {
+ fail_fn(error_msg);
+ }
if (gOpenFdTable == NULL) {
gOpenFdTable = FileDescriptorTable::Create(fds_to_ignore);
if (gOpenFdTable == NULL) {
- RuntimeAbort(env, __LINE__, "Unable to construct file descriptor table.");
+ fail_fn(CREATE_ERROR("Unable to construct file descriptor table."));
}
} else if (!gOpenFdTable->Restat(fds_to_ignore)) {
- RuntimeAbort(env, __LINE__, "Unable to restat file descriptor table.");
+ fail_fn(CREATE_ERROR("Unable to restat file descriptor table."));
}
pid_t pid = fork();
@@ -560,17 +592,18 @@
PreApplicationInit();
// Clean up any descriptors which must be closed immediately
- DetachDescriptors(env, fdsToClose);
+ if (!DetachDescriptors(env, fdsToClose, &error_msg)) {
+ fail_fn(error_msg);
+ }
// Re-open all remaining open file descriptors so that they aren't shared
// with the zygote across a fork.
if (!gOpenFdTable->ReopenOrDetach()) {
- RuntimeAbort(env, __LINE__, "Unable to reopen whitelisted descriptors.");
+ fail_fn(CREATE_ERROR("Unable to reopen whitelisted descriptors."));
}
if (sigprocmask(SIG_UNBLOCK, &sigchld, nullptr) == -1) {
- ALOGE("sigprocmask(SIG_SETMASK, { SIGCHLD }) failed: %s", strerror(errno));
- RuntimeAbort(env, __LINE__, "Call to sigprocmask(SIG_UNBLOCK, { SIGCHLD }) failed.");
+ fail_fn(CREATE_ERROR("sigprocmask(SIG_SETMASK, { SIGCHLD }) failed: %s", strerror(errno)));
}
// Must be called when the new process still has CAP_SYS_ADMIN. The other alternative is to
@@ -580,11 +613,17 @@
// Keep capabilities across UID change, unless we're staying root.
if (uid != 0) {
- EnableKeepCapabilities(env);
+ if (!EnableKeepCapabilities(&error_msg)) {
+ fail_fn(error_msg);
+ }
}
- SetInheritable(env, permittedCapabilities);
- DropCapabilitiesBoundingSet(env);
+ if (!SetInheritable(permittedCapabilities, &error_msg)) {
+ fail_fn(error_msg);
+ }
+ if (!DropCapabilitiesBoundingSet(&error_msg)) {
+ fail_fn(error_msg);
+ }
bool use_native_bridge = !is_system_server && (instructionSet != NULL)
&& android::NativeBridgeAvailable();
@@ -601,8 +640,8 @@
ALOGW("Native bridge will not be used because dataDir == NULL.");
}
- if (!MountEmulatedStorage(uid, mount_external, use_native_bridge)) {
- ALOGW("Failed to mount emulated storage: %s", strerror(errno));
+ if (!MountEmulatedStorage(uid, mount_external, use_native_bridge, &error_msg)) {
+ ALOGW("Failed to mount emulated storage: %s (%s)", error_msg.c_str(), strerror(errno));
if (errno == ENOTCONN || errno == EROFS) {
// When device is actively encrypting, we get ENOTCONN here
// since FUSE was mounted before the framework restarted.
@@ -610,7 +649,7 @@
// FUSE hasn't been created yet by init.
// In either case, continue without external storage.
} else {
- RuntimeAbort(env, __LINE__, "Cannot continue without emulated storage");
+ fail_fn(error_msg);
}
}
@@ -625,9 +664,14 @@
}
}
- SetGids(env, javaGids);
+ std::string error_msg;
+ if (!SetGids(env, javaGids, &error_msg)) {
+ fail_fn(error_msg);
+ }
- SetRLimits(env, javaRlimits);
+ if (!SetRLimits(env, javaRlimits, &error_msg)) {
+ fail_fn(error_msg);
+ }
if (use_native_bridge) {
ScopedUtfChars isa_string(env, instructionSet);
@@ -637,14 +681,12 @@
int rc = setresgid(gid, gid, gid);
if (rc == -1) {
- ALOGE("setresgid(%d) failed: %s", gid, strerror(errno));
- RuntimeAbort(env, __LINE__, "setresgid failed");
+ fail_fn(CREATE_ERROR("setresgid(%d) failed: %s", gid, strerror(errno)));
}
rc = setresuid(uid, uid, uid);
if (rc == -1) {
- ALOGE("setresuid(%d) failed: %s", uid, strerror(errno));
- RuntimeAbort(env, __LINE__, "setresuid failed");
+ fail_fn(CREATE_ERROR("setresuid(%d) failed: %s", uid, strerror(errno)));
}
if (NeedsNoRandomizeWorkaround()) {
@@ -656,9 +698,14 @@
}
}
- SetCapabilities(env, permittedCapabilities, effectiveCapabilities, permittedCapabilities);
+ if (!SetCapabilities(permittedCapabilities, effectiveCapabilities, permittedCapabilities,
+ &error_msg)) {
+ fail_fn(error_msg);
+ }
- SetSchedulerPolicy(env);
+ if (!SetSchedulerPolicy(&error_msg)) {
+ fail_fn(error_msg);
+ }
const char* se_info_c_str = NULL;
ScopedUtfChars* se_info = NULL;
@@ -666,7 +713,7 @@
se_info = new ScopedUtfChars(env, java_se_info);
se_info_c_str = se_info->c_str();
if (se_info_c_str == NULL) {
- RuntimeAbort(env, __LINE__, "se_info_c_str == NULL");
+ fail_fn("se_info_c_str == NULL");
}
}
const char* se_name_c_str = NULL;
@@ -675,14 +722,13 @@
se_name = new ScopedUtfChars(env, java_se_name);
se_name_c_str = se_name->c_str();
if (se_name_c_str == NULL) {
- RuntimeAbort(env, __LINE__, "se_name_c_str == NULL");
+ fail_fn("se_name_c_str == NULL");
}
}
rc = selinux_android_setcontext(uid, is_system_server, se_info_c_str, se_name_c_str);
if (rc == -1) {
- ALOGE("selinux_android_setcontext(%d, %d, \"%s\", \"%s\") failed", uid,
- is_system_server, se_info_c_str, se_name_c_str);
- RuntimeAbort(env, __LINE__, "selinux_android_setcontext failed");
+ fail_fn(CREATE_ERROR("selinux_android_setcontext(%d, %d, \"%s\", \"%s\") failed", uid,
+ is_system_server, se_info_c_str, se_name_c_str));
}
// Make it easier to debug audit logs by setting the main thread's name to the
@@ -703,15 +749,14 @@
env->CallStaticVoidMethod(gZygoteClass, gCallPostForkChildHooks, runtime_flags,
is_system_server, is_child_zygote, instructionSet);
if (env->ExceptionCheck()) {
- RuntimeAbort(env, __LINE__, "Error calling post fork hooks.");
+ fail_fn("Error calling post fork hooks.");
}
} else if (pid > 0) {
// the parent process
// We blocked SIGCHLD prior to a fork, we unblock it here.
if (sigprocmask(SIG_UNBLOCK, &sigchld, nullptr) == -1) {
- ALOGE("sigprocmask(SIG_SETMASK, { SIGCHLD }) failed: %s", strerror(errno));
- RuntimeAbort(env, __LINE__, "Call to sigprocmask(SIG_UNBLOCK, { SIGCHLD }) failed.");
+ fail_fn(CREATE_ERROR("sigprocmask(SIG_SETMASK, { SIGCHLD }) failed: %s", strerror(errno)));
}
}
return pid;