When app_process/zygote starts, make sure PR_SET_NO_NEW_PRIVS is set.
This prevents zygote spawned apps from acquiring new privileges
on exec.
In particular, this allows the CTS test
android.os.cts.SecurityFeaturesTest#testNoNewPrivs() to pass if ART is set
as the default runtime.
Change-Id: I81139cda999c7b1430242561aad28f566e9b6da0
Use String8::isEmpty instead. Note that this code path is hit
only if the zygote calls ::exit, and that never happens unless
the VM invocation fails.
Change-Id: I0e7d3a86a79b12b2174ca3bf0dbe1904e33c041a
- Use different process names for the 32 / 64 bit zygote.
- Pass command line arguments correctly. The first unmatched
argument must be passed through to the java main class.
Change-Id: I952ebbdbba941f118d992354b9bd0ada2dade417
Query system properties for the list of ABIs and pass
it as a command line argument to ZygoteInit.
Also add a new Zygote command that returns this list of
ABIs to peers.
Change-Id: I68034c6f63fa626911122579a011a0a25a8cda94
- Make copies of argc, argv before argv is potentially
overwritten with the process name.
- Allow multiple command line arguments to be passed to
ZygoteInit (this is required for some of the 64 bit
zygote work).
- Add an explanatory comment about how these argments
are processed.
Change-Id: I752be69c5c0f97ed17d1a3dded19f46ee00929b0
These look like historical oddities, and weren't really being
used for anything useful.
Process:setArgV0 was being called by android.util.Process, but
that functionality can be moved directly into the implementation
of that class.
bug: 13647418
Change-Id: I216c8f8a4c065f0cf3a61f19f9e32decd26f93f6
Use LOCAL_MULTILIB := both to build app_process64 instead of
duplicating the build rule.
Also causes PRODUCT_PACKAGES := app_process to install both
versions on 64-bit platforms, as the module names for both
app_process and app_process64 are now app_process.
Change-Id: Ia3c3265d15475771b0cae8bace53b8fbf351c186
On 64-bit platforms builds two copies of app_process, the 32-bit
app_process and 64-bit app_process64.
Change-Id: I59d739b5df398ad0bd040c954c57640ff7ab3e72
Stop working around bad applications by setting ADDR_COMPAT_LAYOUT.
ADDR_COMPAT_LAYOUT is undesirable because it reduces the amount of
address space available to an application.
The Android emulator, in both 4.3 and 4.4, does not set
ADDR_COMPAT_LAYOUT. Anyone needing to test their application on a
version of Android without ADDR_COMPAT_LAYOUT can use the emulator
and reproduce the failures.
Change-Id: I8f753acc205798bd7f031026c7ece12d26de562c
This change disables all atrace tracing in Zygote immediately after it is
initialized. This is necessary because Zygote has no way to receive
notifications that the enabled trace tags have been changed. Tracing is
re-enabled when other processes fork from Zygote.
Change-Id: If2983858fb0c4890ba9ab041849b1c4d98f66c13
Different kernels seem to handle ADDR_COMPAT_LAYOUT differently,
sometimes passing it to its children, sometimes not. If it's not
passed to its child successfully, we can end up in a restart loop.
Instead of testing for the presence of ADDR_COMPAT_LAYOUT, use an
environment variable instead, which is handled more predictably.
Bug: 8392487
Change-Id: Ia531dd2abb4e1cd46f3430d844e644f53581f530
For the emulator, we want people to see memory as it
actually is, not how we're hacking around buggy apps. Don't
set ADDR_COMPAT_LAYOUT on the emulator.
For reasons that I don't understand, personality(ADDR_COMPAT_LAYOUT)
does not persist across an exec on the emulator. app_main gets
into a tight loop restarting itself because of this. This change
also works around that bug.
Change-Id: Ia73a7d2d623c25cf39d248145d97307945d554da
This seems simpler and more contained, and I think the comment explaining
why hoop-jumping is necessary is a bit clearer now.
Change-Id: Ief4afd7cbb42188ed835fce23e497520bdb753a8
Since LOG_ALWAYS_FATAL is always fatal and code after it is by
definition unreachable, put the call after other diagnostic output.
Change-Id: Ib3a515a04125d8e4f6e8af3a6f59226e8f0dd9cd
executables have calls to some shared libraries without explicitly linking
them. Currently it works as linker links these libraries via dependencies of
other libraries. This is fragile and not the right thing to do.
