Backport changes to whitelist sockets opened by the zygote.
This is the backport of the following commits :
Reopen whitelisted zygote file descriptors after a fork.
We don't want these descriptors to be shared post-fork, so we'll
have to close and reopen them when the zygote forks. The set of
open descriptors is checked against a whitelist and it is a fatal
error if a non whitelisted FD is opened. It is also a fatal error
if anything other than a regular file / character device or socket
is opened at the time of forking.
This work is done in two stages :
- An initial list of FDs is constructed and cached prior to the
first zygote fork.
- On each subsequent fork, we check whether the list of open FDs
has changed. We are currently tolerant of changes, but in the
longer term, it should be a fatal error if the set of open file
descriptors in the zygote changes.
- Post fork, we traverse the list of open descriptors and reopen
them if necessary.
bug: 30963384
(cherry picked from commit c5f27a7cb2ec816f483a65255034a1b57a8aa221)
Fix clang build breakage (-Werror -Wformat).
Use %zd for size_t. Note that this will break only on (-plus-)aosp because
clang is disabled on the N development branches.
bug: 30963384
(cherry picked from commit b334c33d65894f5ca9833fa55c3a1cf75e01c497)
Add a whitelist of sockets on fork.
Maintain a whitelist of AF_UNIX sockets that are permitted
to exist at the time of forking. If an open socket does not belong
to the whitelist (or is not AF_UNIX), the process will abort. If an
open socket is whitelisted, it will be redirected to /dev/null after
a sucessful fork. This allows us to unify our handling of the special
zygote sockets (/dev/socket/zygote[_secondary]) with the existing
whitelist of non socket file descriptors.
This change also removes non-fatal ALOGW messages since they have the
side effect of reopening the logging socket.
bug: 30963384
(cherry picked from commit 3764a260f0c90dcb323caeda14baf903cc108759)
fd_utils: Remove whitelist for "/dev/pmsg0".
We're now calling __android_log_close prior to a fork, so this file
shouldn't need to be open.
bug: 31243313
bug: 30963384
(cherry picked from commit 8dee0541904e4f792cdebdee4f23f768561cb276)
fd_utils: Fix broken usage of iterators.
There were two separate issues here :
- RestatInternal was using an iterator after a call to erase(). This
will not work because it will be invalidated.
- The "standard" for loop idiom for iterating over a map while making
structural changes to it is broken. Switch to a while loop and treat
cases where elements are erased differently from cases where they
aren't.
bug: 31092930
bug: 30963384
(cherry picked from commit 0b76d6a28e6978151bf245a775329cdae5e574d5)
add dri device to zygote whitelisted FDs
The driver can be used just like /dev/ion for graphic buffers.
(cherry picked from commit 8977e424ee2d6d85fec419532ae510131aa88c45)
2 files changed
