15.1: switch to latest hardened_malloc revision and enable it

verified working on bullhead via:
- top
- /proc/self/maps with -DLABEL_MEMORY
- Sanitizer Test App and logcat

Signed-off-by: Tavi <tavi@divested.dev>
This commit is contained in:
Tavi 2024-05-09 10:15:48 -04:00
parent 650fc2ec27
commit 28d2113957
No known key found for this signature in database
GPG Key ID: E599F62ECBAEAF2E
5 changed files with 633 additions and 14 deletions

View File

@ -68,7 +68,7 @@ external/caliper 4a0d9aba0856d0aa965d5653bfa4c138f0e8a8ba
external/cblas d063db8bdddfcde61e4bad3bfe65941fd73e8094
external/chromium-libpac 0ac78251d11006d764ba1aad8cc0867827fafe5c
external/chromium-trace 8b2c0074e71a8086dee98ca8730acfdc5eddf7a1
external/chromium-webview 24b9f0130e044adf811867666dd967e5081398bc
external/chromium-webview 7a167062342c2f6dc6b6a152dd1021735287d0b9
external/clang 751a76679b0fb5798ea6cab75906df07edcab315
external/cmockery 9199c7bfafefea32d1884182fa655b6e4578c1c4
external/compiler-rt 0c46c9e892a3f68420635032ef2f6152dabd197c

View File

@ -79,8 +79,8 @@
<!-- END OF BRANCH SWITCHING -->
<!-- START OF ADDITIONAL REPOS -->
<!-- GrapheneOS
<project path="external/hardened_malloc" name="GrapheneOS/hardened_malloc" remote="github" revision="464bfd4d829927f19fd5d2729a101ee241319d1e" /> -->
<!-- GrapheneOS -->
<project path="external/hardened_malloc" name="GrapheneOS/hardened_malloc" remote="github" revision="749640c274d54e084505a24fa758bcb5f96a25ef" />
<!-- END OF ADDITIONAL REPOS -->
<!-- START OF DEVICE REPOS -->

View File

@ -0,0 +1,53 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Tim Murray <timmurray@google.com>
Date: Mon, 15 Oct 2018 16:26:56 -0700
Subject: [PATCH 1/2] malloc: add M_PURGE mallopt flag
Add a new mallopt flag that purges any pending decaying pages.
Test: boots and works
bug 117795621
Merged-in: Ib250ae2b705b6a368c1efb801d6a7be54e075acb
Change-Id: Ib250ae2b705b6a368c1efb801d6a7be54e075acb
(cherry picked from commit 8a07791fbff0dd014ce5da8d88969d09cd3dcf0b)
---
libc/bionic/jemalloc_wrapper.cpp | 12 ++++++++++++
libc/include/malloc.h | 1 +
2 files changed, 13 insertions(+)
diff --git a/libc/bionic/jemalloc_wrapper.cpp b/libc/bionic/jemalloc_wrapper.cpp
index 266b9660c..b4678d008 100644
--- a/libc/bionic/jemalloc_wrapper.cpp
+++ b/libc/bionic/jemalloc_wrapper.cpp
@@ -79,6 +79,18 @@ int je_mallopt(int param, int value) {
}
}
return 1;
+ } else if (param == M_PURGE) {
+ unsigned narenas;
+ size_t sz = sizeof(unsigned);
+ if (je_mallctl("arenas.narenas", &narenas, &sz, nullptr, 0) != 0) {
+ return 0;
+ }
+ char buffer[100];
+ snprintf(buffer, sizeof(buffer), "arena.%u.purge", narenas);
+ if (je_mallctl(buffer, nullptr, nullptr, nullptr, 0) != 0) {
+ return 0;
+ }
+ return 1;
}
return 0;
}
diff --git a/libc/include/malloc.h b/libc/include/malloc.h
index db5da04c5..9a30b35b7 100644
--- a/libc/include/malloc.h
+++ b/libc/include/malloc.h
@@ -79,6 +79,7 @@ int malloc_info(int, FILE*) __INTRODUCED_IN(23);
/* mallopt options */
#define M_DECAY_TIME -100
+#define M_PURGE -101
int mallopt(int, int) __INTRODUCED_IN(26);

View File

@ -0,0 +1,548 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Elliott Hughes <enh@google.com>
Date: Wed, 27 Sep 2017 16:33:35 -0700
Subject: [PATCH] Add <sys/random.h>.
iOS 10 has <sys/random.h> with getentropy, glibc >= 2.25 has
<sys/random.h> with getentropy and getrandom. (glibc also pollutes
<unistd.h>, but that seems like a bad idea.)
Also, all supported devices now have kernels with the getrandom system
call.
We've had these available internally for a while, but it seems like the
time is ripe to expose them.
Bug: http://b/67014255
Test: ran tests
Change-Id: I76dde1e3a2d0bc82777eea437ac193f96964f138
---
libc/SECCOMP_WHITELIST.TXT | 1 -
libc/SYSCALLS.TXT | 3 +
libc/arch-arm/syscalls/getrandom.S | 16 +++
libc/arch-arm64/syscalls/getrandom.S | 14 ++
libc/arch-mips/syscalls/getrandom.S | 19 +++
libc/arch-mips64/syscalls/getrandom.S | 25 ++++
libc/arch-x86/syscalls/getrandom.S | 39 ++++++
libc/arch-x86_64/syscalls/getrandom.S | 15 +++
libc/include/sys/random.h | 47 +++++++
libc/libc.arm.map | 2 +
libc/libc.arm64.map | 2 +
libc/libc.map.txt | 2 +
libc/libc.mips.map | 2 +
libc/libc.mips64.map | 2 +
libc/libc.x86.map | 2 +
libc/libc.x86_64.map | 2 +
.../android/include/openbsd-compat.h | 10 +-
tests/Android.bp | 1 +
tests/sys_random_test.cpp | 120 ++++++++++++++++++
19 files changed, 319 insertions(+), 5 deletions(-)
create mode 100644 libc/arch-arm/syscalls/getrandom.S
create mode 100644 libc/arch-arm64/syscalls/getrandom.S
create mode 100644 libc/arch-mips/syscalls/getrandom.S
create mode 100644 libc/arch-mips64/syscalls/getrandom.S
create mode 100644 libc/arch-x86/syscalls/getrandom.S
create mode 100644 libc/arch-x86_64/syscalls/getrandom.S
create mode 100644 libc/include/sys/random.h
create mode 100644 tests/sys_random_test.cpp
diff --git a/libc/SECCOMP_WHITELIST.TXT b/libc/SECCOMP_WHITELIST.TXT
index 0b9dad3ff..f36b29032 100644
--- a/libc/SECCOMP_WHITELIST.TXT
+++ b/libc/SECCOMP_WHITELIST.TXT
@@ -35,7 +35,6 @@ int clone:clone(int (*fn)(void *), void *child_stack, int flags, void *arg, ..)
int rt_sigreturn:rt_sigreturn(unsigned long __unused) all
int rt_tgsigqueueinfo:int rt_tgsigqueueinfo(pid_t tgid, pid_t tid, int sig, siginfo_t *uinfo) all
int restart_syscall:int restart_syscall() all
-int getrandom:int getrandom(void *buf, size_t buflen, unsigned int flags) all
int fstatat64|fstatat:newfstatat(int, const char*, struct stat*, int) mips64
int fstat64|fstat:fstat(int, struct stat*) mips64
int _flush_cache:cacheflush(char* addr, const int nbytes, const int op) mips64
diff --git a/libc/SYSCALLS.TXT b/libc/SYSCALLS.TXT
index d674630ac..2070de7b5 100644
--- a/libc/SYSCALLS.TXT
+++ b/libc/SYSCALLS.TXT
@@ -352,3 +352,6 @@ int __set_thread_area:set_thread_area(void*) x86
# vdso stuff.
int __clock_gettime:clock_gettime(clockid_t, timespec*) all
int __gettimeofday:gettimeofday(timeval*, timezone*) all
+
+# <sys/random.h>
+ssize_t getrandom(void*, size_t, unsigned) all
diff --git a/libc/arch-arm/syscalls/getrandom.S b/libc/arch-arm/syscalls/getrandom.S
new file mode 100644
index 000000000..3f28af6f0
--- /dev/null
+++ b/libc/arch-arm/syscalls/getrandom.S
@@ -0,0 +1,16 @@
+/* Generated by gensyscalls.py. Do not edit. */
+
+#include <private/bionic_asm.h>
+
+ENTRY(getrandom)
+ mov ip, r7
+ .cfi_register r7, ip
+ ldr r7, =__NR_getrandom
+ swi #0
+ mov r7, ip
+ .cfi_restore r7
+ cmn r0, #(MAX_ERRNO + 1)
+ bxls lr
+ neg r0, r0
+ b __set_errno_internal
+END(getrandom)
diff --git a/libc/arch-arm64/syscalls/getrandom.S b/libc/arch-arm64/syscalls/getrandom.S
new file mode 100644
index 000000000..c8fe41ffd
--- /dev/null
+++ b/libc/arch-arm64/syscalls/getrandom.S
@@ -0,0 +1,14 @@
+/* Generated by gensyscalls.py. Do not edit. */
+
+#include <private/bionic_asm.h>
+
+ENTRY(getrandom)
+ mov x8, __NR_getrandom
+ svc #0
+
+ cmn x0, #(MAX_ERRNO + 1)
+ cneg x0, x0, hi
+ b.hi __set_errno_internal
+
+ ret
+END(getrandom)
diff --git a/libc/arch-mips/syscalls/getrandom.S b/libc/arch-mips/syscalls/getrandom.S
new file mode 100644
index 000000000..7a2f3b978
--- /dev/null
+++ b/libc/arch-mips/syscalls/getrandom.S
@@ -0,0 +1,19 @@
+/* Generated by gensyscalls.py. Do not edit. */
+
+#include <private/bionic_asm.h>
+
+ENTRY(getrandom)
+ .set noreorder
+ .cpload t9
+ li v0, __NR_getrandom
+ syscall
+ bnez a3, 1f
+ move a0, v0
+ j ra
+ nop
+1:
+ la t9,__set_errno_internal
+ j t9
+ nop
+ .set reorder
+END(getrandom)
diff --git a/libc/arch-mips64/syscalls/getrandom.S b/libc/arch-mips64/syscalls/getrandom.S
new file mode 100644
index 000000000..3c5b4673f
--- /dev/null
+++ b/libc/arch-mips64/syscalls/getrandom.S
@@ -0,0 +1,25 @@
+/* Generated by gensyscalls.py. Do not edit. */
+
+#include <private/bionic_asm.h>
+
+ENTRY(getrandom)
+ .set push
+ .set noreorder
+ li v0, __NR_getrandom
+ syscall
+ bnez a3, 1f
+ move a0, v0
+ j ra
+ nop
+1:
+ move t0, ra
+ bal 2f
+ nop
+2:
+ .cpsetup ra, t1, 2b
+ LA t9,__set_errno_internal
+ .cpreturn
+ j t9
+ move ra, t0
+ .set pop
+END(getrandom)
diff --git a/libc/arch-x86/syscalls/getrandom.S b/libc/arch-x86/syscalls/getrandom.S
new file mode 100644
index 000000000..2e8ebc955
--- /dev/null
+++ b/libc/arch-x86/syscalls/getrandom.S
@@ -0,0 +1,39 @@
+/* Generated by gensyscalls.py. Do not edit. */
+
+#include <private/bionic_asm.h>
+
+ENTRY(getrandom)
+ pushl %ebx
+ .cfi_def_cfa_offset 8
+ .cfi_rel_offset ebx, 0
+ pushl %ecx
+ .cfi_adjust_cfa_offset 4
+ .cfi_rel_offset ecx, 0
+ pushl %edx
+ .cfi_adjust_cfa_offset 4
+ .cfi_rel_offset edx, 0
+
+ call __kernel_syscall
+ pushl %eax
+ .cfi_adjust_cfa_offset 4
+ .cfi_rel_offset eax, 0
+
+ mov 20(%esp), %ebx
+ mov 24(%esp), %ecx
+ mov 28(%esp), %edx
+ movl $__NR_getrandom, %eax
+ call *(%esp)
+ addl $4, %esp
+
+ cmpl $-MAX_ERRNO, %eax
+ jb 1f
+ negl %eax
+ pushl %eax
+ call __set_errno_internal
+ addl $4, %esp
+1:
+ popl %edx
+ popl %ecx
+ popl %ebx
+ ret
+END(getrandom)
diff --git a/libc/arch-x86_64/syscalls/getrandom.S b/libc/arch-x86_64/syscalls/getrandom.S
new file mode 100644
index 000000000..c5e44a966
--- /dev/null
+++ b/libc/arch-x86_64/syscalls/getrandom.S
@@ -0,0 +1,15 @@
+/* Generated by gensyscalls.py. Do not edit. */
+
+#include <private/bionic_asm.h>
+
+ENTRY(getrandom)
+ movl $__NR_getrandom, %eax
+ syscall
+ cmpq $-MAX_ERRNO, %rax
+ jb 1f
+ negl %eax
+ movl %eax, %edi
+ call __set_errno_internal
+1:
+ ret
+END(getrandom)
diff --git a/libc/include/sys/random.h b/libc/include/sys/random.h
new file mode 100644
index 000000000..34756520e
--- /dev/null
+++ b/libc/include/sys/random.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef _SYS_RANDOM_H_
+#define _SYS_RANDOM_H_
+
+#include <sys/cdefs.h>
+#include <sys/types.h>
+
+#include <linux/random.h>
+
+__BEGIN_DECLS
+
+/* See also arc4random_buf in <stdlib.h>, which is available in all API levels. */
+
+int getentropy(void* __buffer, size_t __buffer_size) __wur __INTRODUCED_IN_FUTURE;
+
+ssize_t getrandom(void* __buffer, size_t __buffer_size, unsigned int __flags) __wur __INTRODUCED_IN_FUTURE;
+
+__END_DECLS
+
+#endif
diff --git a/libc/libc.arm.map b/libc/libc.arm.map
index a4212dda7..aa66b4d61 100644
--- a/libc/libc.arm.map
+++ b/libc/libc.arm.map
@@ -1532,6 +1532,8 @@ LIBC_PRIVATE {
vfdprintf; # arm x86 mips
wait3; # arm x86 mips
wcswcs; # arm x86 mips
+ getentropy; # future
+ getrandom; # future
} LIBC_O;
LIBC_DEPRECATED {
diff --git a/libc/libc.arm64.map b/libc/libc.arm64.map
index bf0341ad2..6a34fb533 100644
--- a/libc/libc.arm64.map
+++ b/libc/libc.arm64.map
@@ -1249,6 +1249,8 @@ LIBC_PRIVATE {
free_malloc_leak_info;
get_malloc_leak_info;
gMallocLeakZygoteChild;
+ getentropy; # future
+ getrandom; # future
} LIBC_O;
LIBC_DEPRECATED {
diff --git a/libc/libc.map.txt b/libc/libc.map.txt
index c271a57e4..d740fe764 100644
--- a/libc/libc.map.txt
+++ b/libc/libc.map.txt
@@ -1558,6 +1558,8 @@ LIBC_PRIVATE {
vfdprintf; # arm x86 mips
wait3; # arm x86 mips
wcswcs; # arm x86 mips
+ getentropy; # future
+ getrandom; # future
} LIBC_O;
LIBC_DEPRECATED {
diff --git a/libc/libc.mips.map b/libc/libc.mips.map
index 214c7f506..385606c64 100644
--- a/libc/libc.mips.map
+++ b/libc/libc.mips.map
@@ -1373,6 +1373,8 @@ LIBC_PRIVATE {
vfdprintf; # arm x86 mips
wait3; # arm x86 mips
wcswcs; # arm x86 mips
+ getentropy; # future
+ getrandom; # future
} LIBC_O;
LIBC_DEPRECATED {
diff --git a/libc/libc.mips64.map b/libc/libc.mips64.map
index bf0341ad2..6a34fb533 100644
--- a/libc/libc.mips64.map
+++ b/libc/libc.mips64.map
@@ -1249,6 +1249,8 @@ LIBC_PRIVATE {
free_malloc_leak_info;
get_malloc_leak_info;
gMallocLeakZygoteChild;
+ getentropy; # future
+ getrandom; # future
} LIBC_O;
LIBC_DEPRECATED {
diff --git a/libc/libc.x86.map b/libc/libc.x86.map
index 145b64ebf..2b29d3e51 100644
--- a/libc/libc.x86.map
+++ b/libc/libc.x86.map
@@ -1372,6 +1372,8 @@ LIBC_PRIVATE {
vfdprintf; # arm x86 mips
wait3; # arm x86 mips
wcswcs; # arm x86 mips
+ getentropy; # future
+ getrandom; # future
} LIBC_O;
LIBC_DEPRECATED {
diff --git a/libc/libc.x86_64.map b/libc/libc.x86_64.map
index bf0341ad2..6a34fb533 100644
--- a/libc/libc.x86_64.map
+++ b/libc/libc.x86_64.map
@@ -1249,6 +1249,8 @@ LIBC_PRIVATE {
free_malloc_leak_info;
get_malloc_leak_info;
gMallocLeakZygoteChild;
+ getentropy; # future
+ getrandom; # future
} LIBC_O;
LIBC_DEPRECATED {
diff --git a/libc/upstream-openbsd/android/include/openbsd-compat.h b/libc/upstream-openbsd/android/include/openbsd-compat.h
index 1e433beef..dbc2db44c 100644
--- a/libc/upstream-openbsd/android/include/openbsd-compat.h
+++ b/libc/upstream-openbsd/android/include/openbsd-compat.h
@@ -18,10 +18,15 @@
#define _BIONIC_OPENBSD_COMPAT_H_included
#define _BSD_SOURCE
-
#include <sys/cdefs.h>
+
#include <stddef.h> // For size_t.
+// TODO: libandroid_support uses this file, so we need to wait for
+// <sys/random.h> to be in the NDK headers before we can lose this declaration.
+//#include <sys/random.h> // For getentropy.
+int getentropy(void*, size_t);
+
#define __BEGIN_HIDDEN_DECLS _Pragma("GCC visibility push(hidden)")
#define __END_HIDDEN_DECLS _Pragma("GCC visibility pop")
@@ -74,9 +79,6 @@ extern const char* __progname;
__LIBC_HIDDEN__ extern const char* __bionic_get_shell_path();
#define _PATH_BSHELL __bionic_get_shell_path()
-/* We have OpenBSD's getentropy_linux.c, but we don't mention getentropy in any header. */
-__LIBC_HIDDEN__ extern int getentropy(void*, size_t);
-
/* OpenBSD has this as API, but we just use it internally. */
__LIBC_HIDDEN__ void* reallocarray(void*, size_t, size_t);
diff --git a/tests/Android.bp b/tests/Android.bp
index 29204b558..b120ac3cc 100644
--- a/tests/Android.bp
+++ b/tests/Android.bp
@@ -121,6 +121,7 @@ cc_test_library {
"sys_procfs_test.cpp",
"sys_ptrace_test.cpp",
"sys_quota_test.cpp",
+ "sys_random_test.cpp",
"sys_resource_test.cpp",
"sys_select_test.cpp",
"sys_sem_test.cpp",
diff --git a/tests/sys_random_test.cpp b/tests/sys_random_test.cpp
new file mode 100644
index 000000000..a25490c67
--- /dev/null
+++ b/tests/sys_random_test.cpp
@@ -0,0 +1,120 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// <sys/random.h> was only added as of glibc version 2.25.
+// Don't try to compile this code on older glibc versions.
+
+#include <sys/cdefs.h>
+#if defined(__BIONIC__)
+ #define HAVE_SYS_RANDOM 1
+#elif defined(__GLIBC_PREREQ)
+ #if __GLIBC_PREREQ(2, 25)
+ #define HAVE_SYS_RANDOM 1
+ #endif
+#endif
+
+
+#if defined(HAVE_SYS_RANDOM)
+#include <sys/random.h>
+#endif
+
+#include <errno.h>
+#include <gtest/gtest.h>
+
+TEST(sys_random, getentropy) {
+#if defined(HAVE_SYS_RANDOM)
+ char buf1[64];
+ char buf2[64];
+
+ ASSERT_EQ(0, getentropy(buf1, sizeof(buf1)));
+ ASSERT_EQ(0, getentropy(buf2, sizeof(buf2)));
+ ASSERT_TRUE(memcmp(buf1, buf2, sizeof(buf1)) != 0);
+#else
+ GTEST_LOG_(INFO) << "This test requires a C library with <sys/random.h>.\n";
+#endif
+}
+
+TEST(sys_random, getentropy_EFAULT) {
+#if defined(HAVE_SYS_RANDOM)
+ errno = 0;
+ ASSERT_EQ(-1, getentropy(nullptr, 1));
+ ASSERT_EQ(EFAULT, errno);
+#else
+ GTEST_LOG_(INFO) << "This test requires a C library with <sys/random.h>.\n";
+#endif
+}
+
+TEST(sys_random, getentropy_EIO) {
+#if defined(HAVE_SYS_RANDOM)
+ char buf[BUFSIZ];
+ static_assert(BUFSIZ > 256, "BUFSIZ <= 256!");
+
+ errno = 0;
+ ASSERT_EQ(-1, getentropy(buf, sizeof(buf)));
+ ASSERT_EQ(EIO, errno);
+#else
+ GTEST_LOG_(INFO) << "This test requires a C library with <sys/random.h>.\n";
+#endif
+}
+
+TEST(sys_random, getrandom) {
+#if defined(HAVE_SYS_RANDOM)
+ if (getrandom(nullptr, 0, 0) == -1 && errno == ENOSYS) {
+ GTEST_LOG_(INFO) << "This test requires a >= 3.17 kernel with getrandom(2).\n";
+ return;
+ }
+
+ char buf1[64];
+ char buf2[64];
+
+ ASSERT_EQ(64, getrandom(buf1, sizeof(buf1), 0));
+ ASSERT_EQ(64, getrandom(buf2, sizeof(buf2), 0));
+ ASSERT_TRUE(memcmp(buf1, buf2, sizeof(buf1)) != 0);
+#else
+ GTEST_LOG_(INFO) << "This test requires a C library with <sys/random.h>.\n";
+#endif
+}
+
+TEST(sys_random, getrandom_EFAULT) {
+#if defined(HAVE_SYS_RANDOM)
+ if (getrandom(nullptr, 0, 0) == -1 && errno == ENOSYS) {
+ GTEST_LOG_(INFO) << "This test requires a >= 3.17 kernel with getrandom(2).\n";
+ return;
+ }
+
+ errno = 0;
+ ASSERT_EQ(-1, getrandom(nullptr, 256, 0));
+ ASSERT_EQ(EFAULT, errno);
+#else
+ GTEST_LOG_(INFO) << "This test requires a C library with <sys/random.h>.\n";
+#endif
+}
+
+TEST(sys_random, getrandom_EINVAL) {
+#if defined(HAVE_SYS_RANDOM)
+ if (getrandom(nullptr, 0, 0) == -1 && errno == ENOSYS) {
+ GTEST_LOG_(INFO) << "This test requires a >= 3.17 kernel with getrandom(2).\n";
+ return;
+ }
+
+ errno = 0;
+ char buf[64];
+ ASSERT_EQ(-1, getrandom(buf, sizeof(buf), ~0));
+ ASSERT_EQ(EINVAL, errno);
+#else
+ GTEST_LOG_(INFO) << "This test requires a C library with <sys/random.h>.\n";
+#endif
+}

View File

@ -57,7 +57,11 @@ cp -r "$DOS_PATCHES_COMMON/android_vendor_divested/." "$DOS_BUILD_BASE/vendor/di
if enterAndClear "bionic"; then
applyPatch "$DOS_PATCHES_COMMON/android_bionic/0001-Wildcard_Hosts.patch"; #Support wildcards in cached hosts file (backport from 16.0+) (tdm)
#if [ "$DOS_GRAPHENE_MALLOC_BROKEN" = true ]; then applyPatch "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; fi; #(GrapheneOS)
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then
applyPatch "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; #(GrapheneOS)
applyPatch "$DOS_PATCHES/android_bionic/0002-Add_M_PURGE.patch"; #malloc: add M_PURGE mallopt flag
applyPatch "$DOS_PATCHES/android_bionic/0003-Add_random.h.patch"; #Add <sys/random.h>.
fi;
fi;
if enterAndClear "bootable/recovery"; then
@ -117,14 +121,28 @@ if enterAndClear "external/freetype"; then
applyPatch "$DOS_PATCHES/android_external_freetype/360951.patch"; #R_asb_2023-07 Cherry-pick two upstream changes
fi;
#if [ "$DOS_GRAPHENE_MALLOC_BROKEN" = true ]; then
#if enterAndClear "external/hardened_malloc"; then
#git revert --no-edit 3d18fb80742fd80a75481b580d102deb18c74af9; #compile fix
#applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc-legacy/0001-Broken_Audio.patch"; #DeviceDescriptor sorting wrongly relies on malloc addresses (GrapheneOS)
#applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc-legacy/0002-Broken_Cameras.patch"; #Expand workaround to all camera executables (DivestOS)
#sed -i 's/struct mallinfo info = {0};/struct mallinfo info = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0};/' h_malloc.c; #compile fix
#fi;
#fi;
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then
if enterAndClear "external/hardened_malloc"; then
applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc-modern/0001-Broken_Cameras-1.patch"; #Workarounds for Pixel 3 SoC era camera driver bugs (GrapheneOS)
applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc-modern/0001-Broken_Cameras-2.patch"; #Expand workaround to all camera executables (DivestOS)
applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc-modern/0002-Broken_Displays.patch"; #Add workaround for OnePlus 8 & 9 display driver crash (DivestOS)
applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc-modern/0003-Broken_Audio.patch"; #Workaround for audio service sorting bug (GrapheneOS)
sed -i 's/34359738368/2147483648/' Android.bp; #revert 48-bit address space requirement
sed -i -e '76,78d;' Android.bp; #fix compile under A13
sed -i -e '22,24d;' androidtest/Android.bp; #fix compile under A12
awk -i inplace '!/vendor_ramdisk_available/' Android.bp; #fix compile under A11
rm -rfv androidtest;
sed -i -e '76,78d;' Android.bp; #fix compile under A10
awk -i inplace '!/ramdisk_available/' Android.bp;
git revert --no-edit 8974af86d12f7e29b54b5090133ab3d7eea0e519;
mv include/h_malloc.h .
awk -i inplace '!/recovery_available/' Android.bp; #fix compile under A8
awk -i inplace '!/system_shared_libs/' Android.bp;
sed -i 's/c17/c11/' Android.bp;
git revert --no-edit a28da3c65aed0528036da9ebd33e0c05b2c5884a
sed -i 's/struct mallinfo info = {0};/struct mallinfo info = {};/' h_malloc.c;
fi;
fi;
if enterAndClear "external/libvpx"; then
applyPatch "$DOS_PATCHES_COMMON/android_external_libvpx/CVE-2023-5217.patch"; #VP8: disallow thread count changes
@ -147,7 +165,7 @@ applyPatch "$DOS_PATCHES/android_external_zlib/351909.patch"; #P_asb_2023-03 Fix
fi;
if enterAndClear "frameworks/av"; then
#if [ "$DOS_GRAPHENE_MALLOC_BROKEN" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch"; fi; #(GrapheneOS)
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch"; fi; #(GrapheneOS)
applyPatch "$DOS_PATCHES/android_frameworks_av/358729.patch"; #n-asb-2023-06 Fix NuMediaExtractor::readSampleData buffer Handling
applyPatch "$DOS_PATCHES/android_frameworks_av/365962.patch"; #R_asb_2023-09 Fix Segv on unknown address error flagged by fuzzer test.
applyPatch "$DOS_PATCHES/android_frameworks_av/373949.patch"; #R_asb_2023-11 Fix for heap buffer overflow issue flagged by fuzzer test.
@ -530,7 +548,7 @@ applyPatch "$DOS_PATCHES/android_system_core/332765.patch"; #P_asb_2022-06 Backp
if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file
git revert --no-edit a6a4ce8e9a6d63014047a447c6bb3ac1fa90b3f4; #Always update recovery
applyPatch "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts with nodev/noexec/nosuid + misc sysctl changes (GrapheneOS)
#if [ "$DOS_GRAPHENE_MALLOC_BROKEN" = true ]; then applyPatch "$DOS_PATCHES/android_system_core/0002-HM-Increase_vm_mmc.patch"; fi; #(GrapheneOS)
if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_system_core/0002-HM-Increase_vm_mmc.patch"; fi; #(GrapheneOS)
fi;
if enterAndClear "system/netd"; then