Avoid prctl(PR_PAC_RESET_KEYS) on devices without PAC support.
Processes loaded from vendor partitions may have their own sandboxes
that would reject the prctl. Because no devices launched with PAC
enabled before S, we can avoid issues on upgrading devices by checking
for PAC support before issuing the prctl.
Bug: 186117046
Change-Id: I9905b963df01c9007d9fb4527273062ea87a5075
diff --git a/libc/bionic/pthread_create.cpp b/libc/bionic/pthread_create.cpp
index f3fee88..46d9e86 100644
--- a/libc/bionic/pthread_create.cpp
+++ b/libc/bionic/pthread_create.cpp
@@ -30,6 +30,7 @@
#include <errno.h>
#include <string.h>
+#include <sys/auxv.h>
#include <sys/mman.h>
#include <sys/prctl.h>
#include <sys/random.h>
@@ -346,7 +347,11 @@
__rt_sigprocmask(SIG_SETMASK, &thread->start_mask, nullptr, sizeof(thread->start_mask));
#ifdef __aarch64__
// Chrome's sandbox prevents this prctl, so only reset IA if the target SDK level is high enough.
- if (android_get_application_target_sdk_version() >= __ANDROID_API_S__) {
+ // Furthermore, processes loaded from vendor partitions may have their own sandboxes that would
+ // reject the prctl. Because no devices launched with PAC enabled before S, we can avoid issues on
+ // upgrading devices by checking for PAC support before issuing the prctl.
+ static const bool pac_supported = getauxval(AT_HWCAP) & HWCAP_PACA;
+ if (pac_supported && android_get_application_target_sdk_version() >= __ANDROID_API_S__) {
prctl(PR_PAC_RESET_KEYS, PR_PAC_APIAKEY, 0, 0, 0);
}
#endif