mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-10-01 01:35:54 -04:00
d2d0c48a25
no effective change: https://review.lineageos.org/q/topic:%22P_asb_2024-05%22 gains 8 patches: https://review.lineageos.org/q/topic:%22Q_asb_2024-06%22 https://review.lineageos.org/q/topic:%22Q_asb_2024-07%22 Signed-off-by: Tavi <tavi@divested.dev>
49 lines
2.1 KiB
Diff
49 lines
2.1 KiB
Diff
From 1e4f397dc110954bdc6baffff51f72cbaad0c142 Mon Sep 17 00:00:00 2001
|
|
From: Martijn Coenen <maco@google.com>
|
|
Date: Thu, 29 Feb 2024 12:03:05 +0000
|
|
Subject: [PATCH] [BACKPORT] Verify UID of incoming Zygote connections.
|
|
|
|
Only the system UID should be allowed to connect to the Zygote. While
|
|
for generic Zygotes this is also covered by SELinux policy, this is not
|
|
true for App Zygotes: the preload code running in an app zygote could
|
|
connect to another app zygote socket, if it had access to its (random)
|
|
socket address.
|
|
|
|
On the Java layer, simply check the UID when the connection is made. In
|
|
the native layer, this check was already present, but it actually didn't
|
|
work in the case where we receive a new incoming connection on the
|
|
socket, and receive a 'non-fork' command: in that case, we will simply
|
|
exit the native loop, and let the Java layer handle the command, without
|
|
any further UID checking.
|
|
|
|
Modified the native logic to drop new connections with a mismatching
|
|
UID, and to keep serving the existing connection (if it was still
|
|
there).
|
|
|
|
[Backport: No native layer for ZygoteCommandBuffer present]
|
|
|
|
Bug: 319081336
|
|
Test: manual
|
|
(cherry picked from commit 2ffc7cb220e4220b7e108c4043a3f0f2a85b6508)
|
|
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:e397fd3d20c3f409311e411387ec1524ccecf085)
|
|
Merged-In: I3f85a17107849e2cd3e82d6ef15c90b9e2f26532
|
|
Change-Id: I3f85a17107849e2cd3e82d6ef15c90b9e2f26532
|
|
---
|
|
core/java/com/android/internal/os/ZygoteConnection.java | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
diff --git a/core/java/com/android/internal/os/ZygoteConnection.java b/core/java/com/android/internal/os/ZygoteConnection.java
|
|
index 52d0adba0a057..fe2ff54194fb9 100644
|
|
--- a/core/java/com/android/internal/os/ZygoteConnection.java
|
|
+++ b/core/java/com/android/internal/os/ZygoteConnection.java
|
|
@@ -106,6 +106,9 @@ class ZygoteConnection {
|
|
throw ex;
|
|
}
|
|
|
|
+ if (peer.getUid() != Process.SYSTEM_UID) {
|
|
+ throw new ZygoteSecurityException("Only system UID is allowed to connect to Zygote.");
|
|
+ }
|
|
isEof = false;
|
|
}
|
|
|