Merge "Zygote: Add Arm pointer authentication keychange support." am: 285dfb3126 am: 9b63f4e904 am: 54cb1fcefb

Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1215821 Change-Id: I31122b33e74c08efbf4e50dfd693f0ca1359a59b
2020-07-17 18:22:13 +00:00
parent 11f538f963 54cb1fcefb
commit 6844bdf237
1 changed files with 33 additions and 0 deletions
--- a/core/jni/com_android_internal_os_Zygote.cpp
+++ b/core/jni/com_android_internal_os_Zygote.cpp
@@ -101,6 +101,19 @@

 #include "nativebridge/native_bridge.h"

+/* Functions in the callchain during the fork shall not be protected with
+   Armv8.3-A Pointer Authentication, otherwise child will not be able to return. */
+#ifdef __ARM_FEATURE_PAC_DEFAULT
+#ifdef __ARM_FEATURE_BTI_DEFAULT
+#define NO_PAC_FUNC __attribute__((target("branch-protection=bti")))
+#else
+#define NO_PAC_FUNC __attribute__((target("branch-protection=none")))
+#endif /* __ARM_FEATURE_BTI_DEFAULT */
+#else /* !__ARM_FEATURE_PAC_DEFAULT */
+#define NO_PAC_FUNC
+#endif /* __ARM_FEATURE_PAC_DEFAULT */
+
+
 namespace {

 // TODO (chriswailes): Add a function to initialize native Zygote data.
@@ -1076,7 +1089,23 @@ static void ClearUsapTable() {
  gUsapPoolCount = 0;
 }

+NO_PAC_FUNC
+static void PAuthKeyChange(JNIEnv* env) {
+#ifdef __aarch64__
+  unsigned long int hwcaps = getauxval(AT_HWCAP);
+  if (hwcaps & HWCAP_PACA) {
+    const unsigned long key_mask = PR_PAC_APIAKEY | PR_PAC_APIBKEY |
+                                   PR_PAC_APDAKEY | PR_PAC_APDBKEY | PR_PAC_APGAKEY;
+    if (prctl(PR_PAC_RESET_KEYS, key_mask, 0, 0, 0) != 0) {
+      ALOGE("Failed to change the PAC keys: %s", strerror(errno));
+      RuntimeAbort(env, __LINE__, "PAC key change failed.");
+    }
+  }
+#endif
+}
+
 // Utility routine to fork a process from the zygote.
+NO_PAC_FUNC
 static pid_t ForkCommon(JNIEnv* env, bool is_system_server,
                        const std::vector<int>& fds_to_close,
                        const std::vector<int>& fds_to_ignore,
@@ -1127,6 +1156,7 @@ static pid_t ForkCommon(JNIEnv* env, bool is_system_server,
    }

    // The child process.
+    PAuthKeyChange(env);
    PreApplicationInit();

    // Clean up any descriptors which must be closed immediately
@@ -2062,6 +2092,7 @@ static void com_android_internal_os_Zygote_nativePreApplicationInit(JNIEnv*, jcl
  PreApplicationInit();
 }

+NO_PAC_FUNC
 static jint com_android_internal_os_Zygote_nativeForkAndSpecialize(
        JNIEnv* env, jclass, jint uid, jint gid, jintArray gids,
        jint runtime_flags, jobjectArray rlimits,
@@ -2114,6 +2145,7 @@ static jint com_android_internal_os_Zygote_nativeForkAndSpecialize(
    return pid;
 }

+NO_PAC_FUNC
 static jint com_android_internal_os_Zygote_nativeForkSystemServer(
        JNIEnv* env, jclass, uid_t uid, gid_t gid, jintArray gids,
        jint runtime_flags, jobjectArray rlimits, jlong permitted_capabilities,
@@ -2185,6 +2217,7 @@ static jint com_android_internal_os_Zygote_nativeForkSystemServer(
 * @param is_priority_fork  Controls the nice level assigned to the newly created process
 * @return
 */
+NO_PAC_FUNC
 static jint com_android_internal_os_Zygote_nativeForkUsap(JNIEnv* env,
                                                          jclass,
                                                          jint read_pipe_fd,