Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_core / ee7a713757314366023e855a76ff17943b6b9296
commitee7a713757314366023e855a76ff17943b6b9296[log] [tgz]
authorIsaac J. Manjarres <isaacmanjarres@google.com>Tue Dec 03 09:42:56 2024 -0800
committerIsaac J. Manjarres <isaacmanjarres@google.com>Tue Dec 03 10:13:28 2024 -0800
treeba820b2cc5682fde3bcef37c6dbb7c70c2566e20
parent92487860cf75d57d50dca015ab0764a5e00d2f77 [diff]
ashmem: Ensure all memfds have non-executable permissions by default

Currently, memfds are created with executable permissions, meaning that
one can load a binary into a memfd buffer and use fexecve() to run said
binary. This is not desirable for security reasons, and also does not
match with the behavior that the ashmem driver currently supports.

When the ashmem driver is in use, /dev/ashmem* does not have executable
permissions, so fexecve() cannot be used on those buffers. Linux kernels
6.3+ offer MFD_NOEXEC_SEAL as part of the memfd interface, which allows
one to create memfds with non-executable permissions. Furthermore, the
executable permissions cannot be changed on these memfds.

This matches the expected behavior that ashmem provided, so allow memfd
usage only if MFD_NOEXEC_SEAL is supported, and create memfds with
non-executable permissions by default.

Bug: 111903542
Change-Id: Ibb2c2be3c118ead44fc12bcd2b63dcf6f83c9b03
Signed-off-by: Isaac J. Manjarres <isaacmanjarres@google.com>
1 file changed
tree: ba820b2cc5682fde3bcef37c6dbb7c70c2566e20
  1. bootstat/
  2. cli-test/
  3. code_coverage/
  4. debuggerd/
  5. diagnose_usb/
  6. fastboot/
  7. fs_mgr/
  8. gatekeeperd/
  9. healthd/
  10. include/
  11. init/
  12. janitors/
  13. libappfuse/
  14. libasyncio/
  15. libcrypto_utils/
  16. libcutils/
  17. libgrallocusage/
  18. libkeyutils/
  19. libmodprobe/
  20. libnetutils/
  21. libpackagelistparser/
  22. libprocessgroup/
  23. libsparse/
  24. libstats/
  25. libsuspend/
  26. libsync/
  27. libsystem/
  28. libsysutils/
  29. libusbhost/
  30. libutils/
  31. libvendorsupport/
  32. libvndksupport/
  33. llkd/
  34. mini_keyctl/
  35. mkbootfs/
  36. property_service/
  37. reboot/
  38. rootdir/
  39. run-as/
  40. sdcard/
  41. shell_and_utilities/
  42. storaged/
  43. toolbox/
  44. trusty/
  45. usbd/
  46. watchdogd/
  47. .clang-format.clang-format-4
  48. .clang-format-2 ⇨ ../../build/soong/scripts/system-clang-format-2
  49. .clang-format-4 ⇨ ../../build/soong/scripts/system-clang-format
  50. rustfmt.toml ⇨ ../../build/soong/scripts/rustfmt.toml
  51. .gitignore
  52. Android.bp
  53. CleanSpec.mk
  54. MODULE_LICENSE_APACHE2
  55. OWNERS
  56. PREUPLOAD.cfg