a1252ccbdb
This is the backport of the following commits : Reopen whitelisted zygote file descriptors after a fork. We don't want these descriptors to be shared post-fork, so we'll have to close and reopen them when the zygote forks. The set of open descriptors is checked against a whitelist and it is a fatal error if a non whitelisted FD is opened. It is also a fatal error if anything other than a regular file / character device or socket is opened at the time of forking. This work is done in two stages : - An initial list of FDs is constructed and cached prior to the first zygote fork. - On each subsequent fork, we check whether the list of open FDs has changed. We are currently tolerant of changes, but in the longer term, it should be a fatal error if the set of open file descriptors in the zygote changes. - Post fork, we traverse the list of open descriptors and reopen them if necessary. bug: 30963384 (cherry picked from commitc5f27a7cb2) Fix clang build breakage (-Werror -Wformat). Use %zd for size_t. Note that this will break only on (-plus-)aosp because clang is disabled on the N development branches. bug: 30963384 (cherry picked from commitb334c33d65) Add a whitelist of sockets on fork. Maintain a whitelist of AF_UNIX sockets that are permitted to exist at the time of forking. If an open socket does not belong to the whitelist (or is not AF_UNIX), the process will abort. If an open socket is whitelisted, it will be redirected to /dev/null after a sucessful fork. This allows us to unify our handling of the special zygote sockets (/dev/socket/zygote[_secondary]) with the existing whitelist of non socket file descriptors. This change also removes non-fatal ALOGW messages since they have the side effect of reopening the logging socket. bug: 30963384 (cherry picked from commit3764a260f0) fd_utils: Remove whitelist for "/dev/pmsg0". We're now calling __android_log_close prior to a fork, so this file shouldn't need to be open. bug: 31243313 bug: 30963384 (cherry picked from commit8dee054190) fd_utils: Fix broken usage of iterators. There were two separate issues here : - RestatInternal was using an iterator after a call to erase(). This will not work because it will be invalidated. - The "standard" for loop idiom for iterating over a map while making structural changes to it is broken. Switch to a while loop and treat cases where elements are erased differently from cases where they aren't. bug: 31092930 bug: 30963384 (cherry picked from commit0b76d6a28e) add dri device to zygote whitelisted FDs The driver can be used just like /dev/ion for graphic buffers. (cherry picked from commit8977e424ee)