From 28d211395704583d6fb585f2152f306e3fde7c86 Mon Sep 17 00:00:00 2001 From: Tavi Date: Thu, 9 May 2024 10:15:48 -0400 Subject: [PATCH] 15.1: switch to latest hardened_malloc revision and enable it verified working on bullhead via: - top - /proc/self/maps with -DLABEL_MEMORY - Sanitizer Test App and logcat Signed-off-by: Tavi --- Logs/resetWorkspace-LineageOS-15.1.txt | 2 +- Manifests/Manifest_LAOS-15.1.xml | 4 +- .../android_bionic/0002-Add_M_PURGE.patch | 53 ++ .../android_bionic/0003-Add_random.h.patch | 548 ++++++++++++++++++ Scripts/LineageOS-15.1/Patch.sh | 40 +- 5 files changed, 633 insertions(+), 14 deletions(-) create mode 100644 Patches/LineageOS-15.1/android_bionic/0002-Add_M_PURGE.patch create mode 100644 Patches/LineageOS-15.1/android_bionic/0003-Add_random.h.patch diff --git a/Logs/resetWorkspace-LineageOS-15.1.txt b/Logs/resetWorkspace-LineageOS-15.1.txt index 7e52adbc..1b622956 100644 --- a/Logs/resetWorkspace-LineageOS-15.1.txt +++ b/Logs/resetWorkspace-LineageOS-15.1.txt @@ -68,7 +68,7 @@ external/caliper 4a0d9aba0856d0aa965d5653bfa4c138f0e8a8ba external/cblas d063db8bdddfcde61e4bad3bfe65941fd73e8094 external/chromium-libpac 0ac78251d11006d764ba1aad8cc0867827fafe5c external/chromium-trace 8b2c0074e71a8086dee98ca8730acfdc5eddf7a1 -external/chromium-webview 24b9f0130e044adf811867666dd967e5081398bc +external/chromium-webview 7a167062342c2f6dc6b6a152dd1021735287d0b9 external/clang 751a76679b0fb5798ea6cab75906df07edcab315 external/cmockery 9199c7bfafefea32d1884182fa655b6e4578c1c4 external/compiler-rt 0c46c9e892a3f68420635032ef2f6152dabd197c diff --git a/Manifests/Manifest_LAOS-15.1.xml b/Manifests/Manifest_LAOS-15.1.xml index 76952c21..f9184cbe 100644 --- a/Manifests/Manifest_LAOS-15.1.xml +++ b/Manifests/Manifest_LAOS-15.1.xml @@ -79,8 +79,8 @@ - + + diff --git a/Patches/LineageOS-15.1/android_bionic/0002-Add_M_PURGE.patch b/Patches/LineageOS-15.1/android_bionic/0002-Add_M_PURGE.patch new file mode 100644 index 00000000..ba87ee60 --- /dev/null +++ b/Patches/LineageOS-15.1/android_bionic/0002-Add_M_PURGE.patch @@ -0,0 +1,53 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Tim Murray +Date: Mon, 15 Oct 2018 16:26:56 -0700 +Subject: [PATCH 1/2] malloc: add M_PURGE mallopt flag + +Add a new mallopt flag that purges any pending decaying pages. + +Test: boots and works +bug 117795621 + +Merged-in: Ib250ae2b705b6a368c1efb801d6a7be54e075acb +Change-Id: Ib250ae2b705b6a368c1efb801d6a7be54e075acb +(cherry picked from commit 8a07791fbff0dd014ce5da8d88969d09cd3dcf0b) +--- + libc/bionic/jemalloc_wrapper.cpp | 12 ++++++++++++ + libc/include/malloc.h | 1 + + 2 files changed, 13 insertions(+) + +diff --git a/libc/bionic/jemalloc_wrapper.cpp b/libc/bionic/jemalloc_wrapper.cpp +index 266b9660c..b4678d008 100644 +--- a/libc/bionic/jemalloc_wrapper.cpp ++++ b/libc/bionic/jemalloc_wrapper.cpp +@@ -79,6 +79,18 @@ int je_mallopt(int param, int value) { + } + } + return 1; ++ } else if (param == M_PURGE) { ++ unsigned narenas; ++ size_t sz = sizeof(unsigned); ++ if (je_mallctl("arenas.narenas", &narenas, &sz, nullptr, 0) != 0) { ++ return 0; ++ } ++ char buffer[100]; ++ snprintf(buffer, sizeof(buffer), "arena.%u.purge", narenas); ++ if (je_mallctl(buffer, nullptr, nullptr, nullptr, 0) != 0) { ++ return 0; ++ } ++ return 1; + } + return 0; + } +diff --git a/libc/include/malloc.h b/libc/include/malloc.h +index db5da04c5..9a30b35b7 100644 +--- a/libc/include/malloc.h ++++ b/libc/include/malloc.h +@@ -79,6 +79,7 @@ int malloc_info(int, FILE*) __INTRODUCED_IN(23); + + /* mallopt options */ + #define M_DECAY_TIME -100 ++#define M_PURGE -101 + + int mallopt(int, int) __INTRODUCED_IN(26); + diff --git a/Patches/LineageOS-15.1/android_bionic/0003-Add_random.h.patch b/Patches/LineageOS-15.1/android_bionic/0003-Add_random.h.patch new file mode 100644 index 00000000..8ef86ef1 --- /dev/null +++ b/Patches/LineageOS-15.1/android_bionic/0003-Add_random.h.patch @@ -0,0 +1,548 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Elliott Hughes +Date: Wed, 27 Sep 2017 16:33:35 -0700 +Subject: [PATCH] Add . + +iOS 10 has with getentropy, glibc >= 2.25 has + with getentropy and getrandom. (glibc also pollutes +, but that seems like a bad idea.) + +Also, all supported devices now have kernels with the getrandom system +call. + +We've had these available internally for a while, but it seems like the +time is ripe to expose them. + +Bug: http://b/67014255 +Test: ran tests +Change-Id: I76dde1e3a2d0bc82777eea437ac193f96964f138 +--- + libc/SECCOMP_WHITELIST.TXT | 1 - + libc/SYSCALLS.TXT | 3 + + libc/arch-arm/syscalls/getrandom.S | 16 +++ + libc/arch-arm64/syscalls/getrandom.S | 14 ++ + libc/arch-mips/syscalls/getrandom.S | 19 +++ + libc/arch-mips64/syscalls/getrandom.S | 25 ++++ + libc/arch-x86/syscalls/getrandom.S | 39 ++++++ + libc/arch-x86_64/syscalls/getrandom.S | 15 +++ + libc/include/sys/random.h | 47 +++++++ + libc/libc.arm.map | 2 + + libc/libc.arm64.map | 2 + + libc/libc.map.txt | 2 + + libc/libc.mips.map | 2 + + libc/libc.mips64.map | 2 + + libc/libc.x86.map | 2 + + libc/libc.x86_64.map | 2 + + .../android/include/openbsd-compat.h | 10 +- + tests/Android.bp | 1 + + tests/sys_random_test.cpp | 120 ++++++++++++++++++ + 19 files changed, 319 insertions(+), 5 deletions(-) + create mode 100644 libc/arch-arm/syscalls/getrandom.S + create mode 100644 libc/arch-arm64/syscalls/getrandom.S + create mode 100644 libc/arch-mips/syscalls/getrandom.S + create mode 100644 libc/arch-mips64/syscalls/getrandom.S + create mode 100644 libc/arch-x86/syscalls/getrandom.S + create mode 100644 libc/arch-x86_64/syscalls/getrandom.S + create mode 100644 libc/include/sys/random.h + create mode 100644 tests/sys_random_test.cpp + +diff --git a/libc/SECCOMP_WHITELIST.TXT b/libc/SECCOMP_WHITELIST.TXT +index 0b9dad3ff..f36b29032 100644 +--- a/libc/SECCOMP_WHITELIST.TXT ++++ b/libc/SECCOMP_WHITELIST.TXT +@@ -35,7 +35,6 @@ int clone:clone(int (*fn)(void *), void *child_stack, int flags, void *arg, ..) + int rt_sigreturn:rt_sigreturn(unsigned long __unused) all + int rt_tgsigqueueinfo:int rt_tgsigqueueinfo(pid_t tgid, pid_t tid, int sig, siginfo_t *uinfo) all + int restart_syscall:int restart_syscall() all +-int getrandom:int getrandom(void *buf, size_t buflen, unsigned int flags) all + int fstatat64|fstatat:newfstatat(int, const char*, struct stat*, int) mips64 + int fstat64|fstat:fstat(int, struct stat*) mips64 + int _flush_cache:cacheflush(char* addr, const int nbytes, const int op) mips64 +diff --git a/libc/SYSCALLS.TXT b/libc/SYSCALLS.TXT +index d674630ac..2070de7b5 100644 +--- a/libc/SYSCALLS.TXT ++++ b/libc/SYSCALLS.TXT +@@ -352,3 +352,6 @@ int __set_thread_area:set_thread_area(void*) x86 + # vdso stuff. + int __clock_gettime:clock_gettime(clockid_t, timespec*) all + int __gettimeofday:gettimeofday(timeval*, timezone*) all ++ ++# ++ssize_t getrandom(void*, size_t, unsigned) all +diff --git a/libc/arch-arm/syscalls/getrandom.S b/libc/arch-arm/syscalls/getrandom.S +new file mode 100644 +index 000000000..3f28af6f0 +--- /dev/null ++++ b/libc/arch-arm/syscalls/getrandom.S +@@ -0,0 +1,16 @@ ++/* Generated by gensyscalls.py. Do not edit. */ ++ ++#include ++ ++ENTRY(getrandom) ++ mov ip, r7 ++ .cfi_register r7, ip ++ ldr r7, =__NR_getrandom ++ swi #0 ++ mov r7, ip ++ .cfi_restore r7 ++ cmn r0, #(MAX_ERRNO + 1) ++ bxls lr ++ neg r0, r0 ++ b __set_errno_internal ++END(getrandom) +diff --git a/libc/arch-arm64/syscalls/getrandom.S b/libc/arch-arm64/syscalls/getrandom.S +new file mode 100644 +index 000000000..c8fe41ffd +--- /dev/null ++++ b/libc/arch-arm64/syscalls/getrandom.S +@@ -0,0 +1,14 @@ ++/* Generated by gensyscalls.py. Do not edit. */ ++ ++#include ++ ++ENTRY(getrandom) ++ mov x8, __NR_getrandom ++ svc #0 ++ ++ cmn x0, #(MAX_ERRNO + 1) ++ cneg x0, x0, hi ++ b.hi __set_errno_internal ++ ++ ret ++END(getrandom) +diff --git a/libc/arch-mips/syscalls/getrandom.S b/libc/arch-mips/syscalls/getrandom.S +new file mode 100644 +index 000000000..7a2f3b978 +--- /dev/null ++++ b/libc/arch-mips/syscalls/getrandom.S +@@ -0,0 +1,19 @@ ++/* Generated by gensyscalls.py. Do not edit. */ ++ ++#include ++ ++ENTRY(getrandom) ++ .set noreorder ++ .cpload t9 ++ li v0, __NR_getrandom ++ syscall ++ bnez a3, 1f ++ move a0, v0 ++ j ra ++ nop ++1: ++ la t9,__set_errno_internal ++ j t9 ++ nop ++ .set reorder ++END(getrandom) +diff --git a/libc/arch-mips64/syscalls/getrandom.S b/libc/arch-mips64/syscalls/getrandom.S +new file mode 100644 +index 000000000..3c5b4673f +--- /dev/null ++++ b/libc/arch-mips64/syscalls/getrandom.S +@@ -0,0 +1,25 @@ ++/* Generated by gensyscalls.py. Do not edit. */ ++ ++#include ++ ++ENTRY(getrandom) ++ .set push ++ .set noreorder ++ li v0, __NR_getrandom ++ syscall ++ bnez a3, 1f ++ move a0, v0 ++ j ra ++ nop ++1: ++ move t0, ra ++ bal 2f ++ nop ++2: ++ .cpsetup ra, t1, 2b ++ LA t9,__set_errno_internal ++ .cpreturn ++ j t9 ++ move ra, t0 ++ .set pop ++END(getrandom) +diff --git a/libc/arch-x86/syscalls/getrandom.S b/libc/arch-x86/syscalls/getrandom.S +new file mode 100644 +index 000000000..2e8ebc955 +--- /dev/null ++++ b/libc/arch-x86/syscalls/getrandom.S +@@ -0,0 +1,39 @@ ++/* Generated by gensyscalls.py. Do not edit. */ ++ ++#include ++ ++ENTRY(getrandom) ++ pushl %ebx ++ .cfi_def_cfa_offset 8 ++ .cfi_rel_offset ebx, 0 ++ pushl %ecx ++ .cfi_adjust_cfa_offset 4 ++ .cfi_rel_offset ecx, 0 ++ pushl %edx ++ .cfi_adjust_cfa_offset 4 ++ .cfi_rel_offset edx, 0 ++ ++ call __kernel_syscall ++ pushl %eax ++ .cfi_adjust_cfa_offset 4 ++ .cfi_rel_offset eax, 0 ++ ++ mov 20(%esp), %ebx ++ mov 24(%esp), %ecx ++ mov 28(%esp), %edx ++ movl $__NR_getrandom, %eax ++ call *(%esp) ++ addl $4, %esp ++ ++ cmpl $-MAX_ERRNO, %eax ++ jb 1f ++ negl %eax ++ pushl %eax ++ call __set_errno_internal ++ addl $4, %esp ++1: ++ popl %edx ++ popl %ecx ++ popl %ebx ++ ret ++END(getrandom) +diff --git a/libc/arch-x86_64/syscalls/getrandom.S b/libc/arch-x86_64/syscalls/getrandom.S +new file mode 100644 +index 000000000..c5e44a966 +--- /dev/null ++++ b/libc/arch-x86_64/syscalls/getrandom.S +@@ -0,0 +1,15 @@ ++/* Generated by gensyscalls.py. Do not edit. */ ++ ++#include ++ ++ENTRY(getrandom) ++ movl $__NR_getrandom, %eax ++ syscall ++ cmpq $-MAX_ERRNO, %rax ++ jb 1f ++ negl %eax ++ movl %eax, %edi ++ call __set_errno_internal ++1: ++ ret ++END(getrandom) +diff --git a/libc/include/sys/random.h b/libc/include/sys/random.h +new file mode 100644 +index 000000000..34756520e +--- /dev/null ++++ b/libc/include/sys/random.h +@@ -0,0 +1,47 @@ ++/* ++ * Copyright (C) 2017 The Android Open Source Project ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * * Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * * Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in ++ * the documentation and/or other materials provided with the ++ * distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS ++ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE ++ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, ++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, ++ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS ++ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED ++ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, ++ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT ++ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ * SUCH DAMAGE. ++ */ ++ ++#ifndef _SYS_RANDOM_H_ ++#define _SYS_RANDOM_H_ ++ ++#include ++#include ++ ++#include ++ ++__BEGIN_DECLS ++ ++/* See also arc4random_buf in , which is available in all API levels. */ ++ ++int getentropy(void* __buffer, size_t __buffer_size) __wur __INTRODUCED_IN_FUTURE; ++ ++ssize_t getrandom(void* __buffer, size_t __buffer_size, unsigned int __flags) __wur __INTRODUCED_IN_FUTURE; ++ ++__END_DECLS ++ ++#endif +diff --git a/libc/libc.arm.map b/libc/libc.arm.map +index a4212dda7..aa66b4d61 100644 +--- a/libc/libc.arm.map ++++ b/libc/libc.arm.map +@@ -1532,6 +1532,8 @@ LIBC_PRIVATE { + vfdprintf; # arm x86 mips + wait3; # arm x86 mips + wcswcs; # arm x86 mips ++ getentropy; # future ++ getrandom; # future + } LIBC_O; + + LIBC_DEPRECATED { +diff --git a/libc/libc.arm64.map b/libc/libc.arm64.map +index bf0341ad2..6a34fb533 100644 +--- a/libc/libc.arm64.map ++++ b/libc/libc.arm64.map +@@ -1249,6 +1249,8 @@ LIBC_PRIVATE { + free_malloc_leak_info; + get_malloc_leak_info; + gMallocLeakZygoteChild; ++ getentropy; # future ++ getrandom; # future + } LIBC_O; + + LIBC_DEPRECATED { +diff --git a/libc/libc.map.txt b/libc/libc.map.txt +index c271a57e4..d740fe764 100644 +--- a/libc/libc.map.txt ++++ b/libc/libc.map.txt +@@ -1558,6 +1558,8 @@ LIBC_PRIVATE { + vfdprintf; # arm x86 mips + wait3; # arm x86 mips + wcswcs; # arm x86 mips ++ getentropy; # future ++ getrandom; # future + } LIBC_O; + + LIBC_DEPRECATED { +diff --git a/libc/libc.mips.map b/libc/libc.mips.map +index 214c7f506..385606c64 100644 +--- a/libc/libc.mips.map ++++ b/libc/libc.mips.map +@@ -1373,6 +1373,8 @@ LIBC_PRIVATE { + vfdprintf; # arm x86 mips + wait3; # arm x86 mips + wcswcs; # arm x86 mips ++ getentropy; # future ++ getrandom; # future + } LIBC_O; + + LIBC_DEPRECATED { +diff --git a/libc/libc.mips64.map b/libc/libc.mips64.map +index bf0341ad2..6a34fb533 100644 +--- a/libc/libc.mips64.map ++++ b/libc/libc.mips64.map +@@ -1249,6 +1249,8 @@ LIBC_PRIVATE { + free_malloc_leak_info; + get_malloc_leak_info; + gMallocLeakZygoteChild; ++ getentropy; # future ++ getrandom; # future + } LIBC_O; + + LIBC_DEPRECATED { +diff --git a/libc/libc.x86.map b/libc/libc.x86.map +index 145b64ebf..2b29d3e51 100644 +--- a/libc/libc.x86.map ++++ b/libc/libc.x86.map +@@ -1372,6 +1372,8 @@ LIBC_PRIVATE { + vfdprintf; # arm x86 mips + wait3; # arm x86 mips + wcswcs; # arm x86 mips ++ getentropy; # future ++ getrandom; # future + } LIBC_O; + + LIBC_DEPRECATED { +diff --git a/libc/libc.x86_64.map b/libc/libc.x86_64.map +index bf0341ad2..6a34fb533 100644 +--- a/libc/libc.x86_64.map ++++ b/libc/libc.x86_64.map +@@ -1249,6 +1249,8 @@ LIBC_PRIVATE { + free_malloc_leak_info; + get_malloc_leak_info; + gMallocLeakZygoteChild; ++ getentropy; # future ++ getrandom; # future + } LIBC_O; + + LIBC_DEPRECATED { +diff --git a/libc/upstream-openbsd/android/include/openbsd-compat.h b/libc/upstream-openbsd/android/include/openbsd-compat.h +index 1e433beef..dbc2db44c 100644 +--- a/libc/upstream-openbsd/android/include/openbsd-compat.h ++++ b/libc/upstream-openbsd/android/include/openbsd-compat.h +@@ -18,10 +18,15 @@ + #define _BIONIC_OPENBSD_COMPAT_H_included + + #define _BSD_SOURCE +- + #include ++ + #include // For size_t. + ++// TODO: libandroid_support uses this file, so we need to wait for ++// to be in the NDK headers before we can lose this declaration. ++//#include // For getentropy. ++int getentropy(void*, size_t); ++ + #define __BEGIN_HIDDEN_DECLS _Pragma("GCC visibility push(hidden)") + #define __END_HIDDEN_DECLS _Pragma("GCC visibility pop") + +@@ -74,9 +79,6 @@ extern const char* __progname; + __LIBC_HIDDEN__ extern const char* __bionic_get_shell_path(); + #define _PATH_BSHELL __bionic_get_shell_path() + +-/* We have OpenBSD's getentropy_linux.c, but we don't mention getentropy in any header. */ +-__LIBC_HIDDEN__ extern int getentropy(void*, size_t); +- + /* OpenBSD has this as API, but we just use it internally. */ + __LIBC_HIDDEN__ void* reallocarray(void*, size_t, size_t); + +diff --git a/tests/Android.bp b/tests/Android.bp +index 29204b558..b120ac3cc 100644 +--- a/tests/Android.bp ++++ b/tests/Android.bp +@@ -121,6 +121,7 @@ cc_test_library { + "sys_procfs_test.cpp", + "sys_ptrace_test.cpp", + "sys_quota_test.cpp", ++ "sys_random_test.cpp", + "sys_resource_test.cpp", + "sys_select_test.cpp", + "sys_sem_test.cpp", +diff --git a/tests/sys_random_test.cpp b/tests/sys_random_test.cpp +new file mode 100644 +index 000000000..a25490c67 +--- /dev/null ++++ b/tests/sys_random_test.cpp +@@ -0,0 +1,120 @@ ++/* ++ * Copyright (C) 2017 The Android Open Source Project ++ * ++ * Licensed under the Apache License, Version 2.0 (the "License"); ++ * you may not use this file except in compliance with the License. ++ * You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ */ ++ ++// was only added as of glibc version 2.25. ++// Don't try to compile this code on older glibc versions. ++ ++#include ++#if defined(__BIONIC__) ++ #define HAVE_SYS_RANDOM 1 ++#elif defined(__GLIBC_PREREQ) ++ #if __GLIBC_PREREQ(2, 25) ++ #define HAVE_SYS_RANDOM 1 ++ #endif ++#endif ++ ++ ++#if defined(HAVE_SYS_RANDOM) ++#include ++#endif ++ ++#include ++#include ++ ++TEST(sys_random, getentropy) { ++#if defined(HAVE_SYS_RANDOM) ++ char buf1[64]; ++ char buf2[64]; ++ ++ ASSERT_EQ(0, getentropy(buf1, sizeof(buf1))); ++ ASSERT_EQ(0, getentropy(buf2, sizeof(buf2))); ++ ASSERT_TRUE(memcmp(buf1, buf2, sizeof(buf1)) != 0); ++#else ++ GTEST_LOG_(INFO) << "This test requires a C library with .\n"; ++#endif ++} ++ ++TEST(sys_random, getentropy_EFAULT) { ++#if defined(HAVE_SYS_RANDOM) ++ errno = 0; ++ ASSERT_EQ(-1, getentropy(nullptr, 1)); ++ ASSERT_EQ(EFAULT, errno); ++#else ++ GTEST_LOG_(INFO) << "This test requires a C library with .\n"; ++#endif ++} ++ ++TEST(sys_random, getentropy_EIO) { ++#if defined(HAVE_SYS_RANDOM) ++ char buf[BUFSIZ]; ++ static_assert(BUFSIZ > 256, "BUFSIZ <= 256!"); ++ ++ errno = 0; ++ ASSERT_EQ(-1, getentropy(buf, sizeof(buf))); ++ ASSERT_EQ(EIO, errno); ++#else ++ GTEST_LOG_(INFO) << "This test requires a C library with .\n"; ++#endif ++} ++ ++TEST(sys_random, getrandom) { ++#if defined(HAVE_SYS_RANDOM) ++ if (getrandom(nullptr, 0, 0) == -1 && errno == ENOSYS) { ++ GTEST_LOG_(INFO) << "This test requires a >= 3.17 kernel with getrandom(2).\n"; ++ return; ++ } ++ ++ char buf1[64]; ++ char buf2[64]; ++ ++ ASSERT_EQ(64, getrandom(buf1, sizeof(buf1), 0)); ++ ASSERT_EQ(64, getrandom(buf2, sizeof(buf2), 0)); ++ ASSERT_TRUE(memcmp(buf1, buf2, sizeof(buf1)) != 0); ++#else ++ GTEST_LOG_(INFO) << "This test requires a C library with .\n"; ++#endif ++} ++ ++TEST(sys_random, getrandom_EFAULT) { ++#if defined(HAVE_SYS_RANDOM) ++ if (getrandom(nullptr, 0, 0) == -1 && errno == ENOSYS) { ++ GTEST_LOG_(INFO) << "This test requires a >= 3.17 kernel with getrandom(2).\n"; ++ return; ++ } ++ ++ errno = 0; ++ ASSERT_EQ(-1, getrandom(nullptr, 256, 0)); ++ ASSERT_EQ(EFAULT, errno); ++#else ++ GTEST_LOG_(INFO) << "This test requires a C library with .\n"; ++#endif ++} ++ ++TEST(sys_random, getrandom_EINVAL) { ++#if defined(HAVE_SYS_RANDOM) ++ if (getrandom(nullptr, 0, 0) == -1 && errno == ENOSYS) { ++ GTEST_LOG_(INFO) << "This test requires a >= 3.17 kernel with getrandom(2).\n"; ++ return; ++ } ++ ++ errno = 0; ++ char buf[64]; ++ ASSERT_EQ(-1, getrandom(buf, sizeof(buf), ~0)); ++ ASSERT_EQ(EINVAL, errno); ++#else ++ GTEST_LOG_(INFO) << "This test requires a C library with .\n"; ++#endif ++} diff --git a/Scripts/LineageOS-15.1/Patch.sh b/Scripts/LineageOS-15.1/Patch.sh index 0379f210..edc563ea 100644 --- a/Scripts/LineageOS-15.1/Patch.sh +++ b/Scripts/LineageOS-15.1/Patch.sh @@ -57,7 +57,11 @@ cp -r "$DOS_PATCHES_COMMON/android_vendor_divested/." "$DOS_BUILD_BASE/vendor/di if enterAndClear "bionic"; then applyPatch "$DOS_PATCHES_COMMON/android_bionic/0001-Wildcard_Hosts.patch"; #Support wildcards in cached hosts file (backport from 16.0+) (tdm) -#if [ "$DOS_GRAPHENE_MALLOC_BROKEN" = true ]; then applyPatch "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; fi; #(GrapheneOS) +if [ "$DOS_GRAPHENE_MALLOC" = true ]; then +applyPatch "$DOS_PATCHES/android_bionic/0001-HM-Use_HM.patch"; #(GrapheneOS) +applyPatch "$DOS_PATCHES/android_bionic/0002-Add_M_PURGE.patch"; #malloc: add M_PURGE mallopt flag +applyPatch "$DOS_PATCHES/android_bionic/0003-Add_random.h.patch"; #Add . +fi; fi; if enterAndClear "bootable/recovery"; then @@ -117,14 +121,28 @@ if enterAndClear "external/freetype"; then applyPatch "$DOS_PATCHES/android_external_freetype/360951.patch"; #R_asb_2023-07 Cherry-pick two upstream changes fi; -#if [ "$DOS_GRAPHENE_MALLOC_BROKEN" = true ]; then -#if enterAndClear "external/hardened_malloc"; then -#git revert --no-edit 3d18fb80742fd80a75481b580d102deb18c74af9; #compile fix -#applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc-legacy/0001-Broken_Audio.patch"; #DeviceDescriptor sorting wrongly relies on malloc addresses (GrapheneOS) -#applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc-legacy/0002-Broken_Cameras.patch"; #Expand workaround to all camera executables (DivestOS) -#sed -i 's/struct mallinfo info = {0};/struct mallinfo info = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0};/' h_malloc.c; #compile fix -#fi; -#fi; +if [ "$DOS_GRAPHENE_MALLOC" = true ]; then +if enterAndClear "external/hardened_malloc"; then +applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc-modern/0001-Broken_Cameras-1.patch"; #Workarounds for Pixel 3 SoC era camera driver bugs (GrapheneOS) +applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc-modern/0001-Broken_Cameras-2.patch"; #Expand workaround to all camera executables (DivestOS) +applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc-modern/0002-Broken_Displays.patch"; #Add workaround for OnePlus 8 & 9 display driver crash (DivestOS) +applyPatch "$DOS_PATCHES_COMMON/android_external_hardened_malloc-modern/0003-Broken_Audio.patch"; #Workaround for audio service sorting bug (GrapheneOS) +sed -i 's/34359738368/2147483648/' Android.bp; #revert 48-bit address space requirement +sed -i -e '76,78d;' Android.bp; #fix compile under A13 +sed -i -e '22,24d;' androidtest/Android.bp; #fix compile under A12 +awk -i inplace '!/vendor_ramdisk_available/' Android.bp; #fix compile under A11 +rm -rfv androidtest; +sed -i -e '76,78d;' Android.bp; #fix compile under A10 +awk -i inplace '!/ramdisk_available/' Android.bp; +git revert --no-edit 8974af86d12f7e29b54b5090133ab3d7eea0e519; +mv include/h_malloc.h . +awk -i inplace '!/recovery_available/' Android.bp; #fix compile under A8 +awk -i inplace '!/system_shared_libs/' Android.bp; +sed -i 's/c17/c11/' Android.bp; +git revert --no-edit a28da3c65aed0528036da9ebd33e0c05b2c5884a +sed -i 's/struct mallinfo info = {0};/struct mallinfo info = {};/' h_malloc.c; +fi; +fi; if enterAndClear "external/libvpx"; then applyPatch "$DOS_PATCHES_COMMON/android_external_libvpx/CVE-2023-5217.patch"; #VP8: disallow thread count changes @@ -147,7 +165,7 @@ applyPatch "$DOS_PATCHES/android_external_zlib/351909.patch"; #P_asb_2023-03 Fix fi; if enterAndClear "frameworks/av"; then -#if [ "$DOS_GRAPHENE_MALLOC_BROKEN" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch"; fi; #(GrapheneOS) +if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch"; fi; #(GrapheneOS) applyPatch "$DOS_PATCHES/android_frameworks_av/358729.patch"; #n-asb-2023-06 Fix NuMediaExtractor::readSampleData buffer Handling applyPatch "$DOS_PATCHES/android_frameworks_av/365962.patch"; #R_asb_2023-09 Fix Segv on unknown address error flagged by fuzzer test. applyPatch "$DOS_PATCHES/android_frameworks_av/373949.patch"; #R_asb_2023-11 Fix for heap buffer overflow issue flagged by fuzzer test. @@ -530,7 +548,7 @@ applyPatch "$DOS_PATCHES/android_system_core/332765.patch"; #P_asb_2022-06 Backp if [ "$DOS_HOSTS_BLOCKING" = true ]; then cat "$DOS_HOSTS_FILE" >> rootdir/etc/hosts; fi; #Merge in our HOSTS file git revert --no-edit a6a4ce8e9a6d63014047a447c6bb3ac1fa90b3f4; #Always update recovery applyPatch "$DOS_PATCHES/android_system_core/0001-Harden.patch"; #Harden mounts with nodev/noexec/nosuid + misc sysctl changes (GrapheneOS) -#if [ "$DOS_GRAPHENE_MALLOC_BROKEN" = true ]; then applyPatch "$DOS_PATCHES/android_system_core/0002-HM-Increase_vm_mmc.patch"; fi; #(GrapheneOS) +if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_system_core/0002-HM-Increase_vm_mmc.patch"; fi; #(GrapheneOS) fi; if enterAndClear "system/netd"; then