Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_core / d2465b8332b3958f9f68ac21b0e15983a3fbd9d6^2..d2465b8332b3958f9f68ac21b0e15983a3fbd9d6 / .
commitd2465b8332b3958f9f68ac21b0e15983a3fbd9d6[log] [tgz]
authorAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Thu Jan 25 20:37:29 2024 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Thu Jan 25 20:37:29 2024 +0000
tree2794724a0cbaf2c3a863a1e7f155eef68d90f8ce
parent1f218b0f420d122d5c6833b396dbde5fe8de7135 [diff]
parentdb8555c78e8df9db0b6573e8952a83e2a83395be [diff]
[automerger skipped] Merge "Merge "sched_policy_test: set_sched_policy also set the cpuset policy as fallback" into android12-tests-dev am: ce34e32556" into android12L-tests-dev am: 421a3c69ad -s ours am: db8555c78e -s ours

am skip reason: Merged-In Ia77ace7513c48b1a14290c6ecc0222b46d6bf927 with SHA-1 7e5925ef02 is already in history

Original change: https://android-review.googlesource.com/c/platform/system/core/+/2913222

Change-Id: Id0fcd688a2553da6571f0f9ccefd69b9aea89bee
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

diff --git a/debuggerd/Android.bp b/debuggerd/Android.bp
index ad0231d..5198872 100644
--- a/debuggerd/Android.bp
+++ b/debuggerd/Android.bp

@@ -14,9 +14,15 @@
         "-Wno-nullability-completeness",
         "-Os",
         "-fno-finite-loops",
+        "-DANDROID_DEBUGGABLE=0",
     ],
 
     local_include_dirs: ["include"],
+    product_variables: {
+        debuggable: {
+            cflags: ["-UANDROID_DEBUGGABLE", "-DANDROID_DEBUGGABLE=1"],
+        }
+    },
 }
 
 cc_library_headers {

diff --git a/debuggerd/include/debuggerd/handler.h b/debuggerd/include/debuggerd/handler.h
index bc08327..68b2e67 100644
--- a/debuggerd/include/debuggerd/handler.h
+++ b/debuggerd/include/debuggerd/handler.h

@@ -62,10 +62,11 @@
 #define DEBUGGER_SIGNAL BIONIC_SIGNAL_DEBUGGER
 
 static void __attribute__((__unused__)) debuggerd_register_handlers(struct sigaction* action) {
+  bool enabled = true;
+#if ANDROID_DEBUGGABLE
   char value[PROP_VALUE_MAX] = "";
-  bool enabled =
-      !(__system_property_get("ro.debuggable", value) > 0 && !strcmp(value, "1") &&
-        __system_property_get("debug.debuggerd.disable", value) > 0 && !strcmp(value, "1"));
+  enabled = !(__system_property_get("debug.debuggerd.disable", value) > 0 && !strcmp(value, "1"));
+#endif
   if (enabled) {
     sigaction(SIGABRT, action, nullptr);
     sigaction(SIGBUS, action, nullptr);

diff --git a/libcutils/ashmem-dev.cpp b/libcutils/ashmem-dev.cpp
index 6a27f9a..56d6875 100644
--- a/libcutils/ashmem-dev.cpp
+++ b/libcutils/ashmem-dev.cpp

@@ -349,6 +349,12 @@
         return -1;
     }
 
+    // forbid size changes to match ashmem behaviour
+    if (fcntl(fd, F_ADD_SEALS, F_SEAL_GROW | F_SEAL_SHRINK) == -1) {
+        ALOGE("memfd_create(%s, %zd) F_ADD_SEALS failed: %m", name, size);
+        return -1;
+    }
+
     if (debug_log) {
         ALOGE("memfd_create(%s, %zd) success. fd=%d\n", name, size, fd.get());
     }
@@ -400,14 +406,29 @@
 }
 
 static int memfd_set_prot_region(int fd, int prot) {
-    /* Only proceed if an fd needs to be write-protected */
+    int seals = fcntl(fd, F_GET_SEALS);
+    if (seals == -1) {
+        ALOGE("memfd_set_prot_region(%d, %d): F_GET_SEALS failed: %s\n", fd, prot, strerror(errno));
+        return -1;
+    }
+
     if (prot & PROT_WRITE) {
+        /* Now we want the buffer to be read-write, let's check if the buffer
+         * has been previously marked as read-only before, if so return error
+         */
+        if (seals & F_SEAL_FUTURE_WRITE) {
+            ALOGE("memfd_set_prot_region(%d, %d): region is write protected\n", fd, prot);
+            errno = EINVAL;  // inline with ashmem error code, if already in
+                             // read-only mode
+            return -1;
+        }
         return 0;
     }
 
-    if (fcntl(fd, F_ADD_SEALS, F_SEAL_FUTURE_WRITE) == -1) {
-        ALOGE("memfd_set_prot_region(%d, %d): F_SEAL_FUTURE_WRITE seal failed: %s\n", fd, prot,
-              strerror(errno));
+    /* We would only allow read-only for any future file operations */
+    if (fcntl(fd, F_ADD_SEALS, F_SEAL_FUTURE_WRITE | F_SEAL_SEAL) == -1) {
+        ALOGE("memfd_set_prot_region(%d, %d): F_SEAL_FUTURE_WRITE | F_SEAL_SEAL seal failed: %s\n",
+              fd, prot, strerror(errno));
         return -1;
     }