diff options
author | Keith Mok <keithmok@google.com> | 2023-10-28 00:36:10 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2023-10-28 00:36:10 +0000 |
commit | 4281014b850669c2f46fcf54f45ae52e54cbc758 (patch) | |
tree | a9d7d020cb693137c81d43a88191b94c5c2a2116 | |
parent | 2d9d60a93db6276d2a3932a109c07987e8f6f4bf (diff) | |
parent | 87675df8a68c32a4747a6fea4c07114df78ac66c (diff) | |
download | core-4281014b850669c2f46fcf54f45ae52e54cbc758.tar.gz |
Add seal if ashmem-dev is backed by memfd am: 61a2897733 am: 7878e7c9b7 am: fb73f1789e am: 170c133259 am: 72add75484 am: 87675df8a6
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/core/+/24776869
Change-Id: Ifce93a193d062ea6af1dd20bc18ecbc15f8cc6c2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
-rw-r--r-- | libcutils/ashmem-dev.cpp | 29 |
1 files changed, 25 insertions, 4 deletions
diff --git a/libcutils/ashmem-dev.cpp b/libcutils/ashmem-dev.cpp index 6a27f9a20..56d68759f 100644 --- a/libcutils/ashmem-dev.cpp +++ b/libcutils/ashmem-dev.cpp @@ -349,6 +349,12 @@ static int memfd_create_region(const char* name, size_t size) { return -1; } + // forbid size changes to match ashmem behaviour + if (fcntl(fd, F_ADD_SEALS, F_SEAL_GROW | F_SEAL_SHRINK) == -1) { + ALOGE("memfd_create(%s, %zd) F_ADD_SEALS failed: %m", name, size); + return -1; + } + if (debug_log) { ALOGE("memfd_create(%s, %zd) success. fd=%d\n", name, size, fd.get()); } @@ -400,14 +406,29 @@ error: } static int memfd_set_prot_region(int fd, int prot) { - /* Only proceed if an fd needs to be write-protected */ + int seals = fcntl(fd, F_GET_SEALS); + if (seals == -1) { + ALOGE("memfd_set_prot_region(%d, %d): F_GET_SEALS failed: %s\n", fd, prot, strerror(errno)); + return -1; + } + if (prot & PROT_WRITE) { + /* Now we want the buffer to be read-write, let's check if the buffer + * has been previously marked as read-only before, if so return error + */ + if (seals & F_SEAL_FUTURE_WRITE) { + ALOGE("memfd_set_prot_region(%d, %d): region is write protected\n", fd, prot); + errno = EINVAL; // inline with ashmem error code, if already in + // read-only mode + return -1; + } return 0; } - if (fcntl(fd, F_ADD_SEALS, F_SEAL_FUTURE_WRITE) == -1) { - ALOGE("memfd_set_prot_region(%d, %d): F_SEAL_FUTURE_WRITE seal failed: %s\n", fd, prot, - strerror(errno)); + /* We would only allow read-only for any future file operations */ + if (fcntl(fd, F_ADD_SEALS, F_SEAL_FUTURE_WRITE | F_SEAL_SEAL) == -1) { + ALOGE("memfd_set_prot_region(%d, %d): F_SEAL_FUTURE_WRITE | F_SEAL_SEAL seal failed: %s\n", + fd, prot, strerror(errno)); return -1; } |