| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
When using memfd for cross process communication, we always need to seal
the file size, otherwise remote process and shrink the size we memory
mapped and thus crash the originate process causing a DoS
Bug: 294609150
Test: Build
Ignore-AOSP-First: security
Change-Id: Ibc263c4f78df897e884378e3d984a188ca8772c7
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MemoryHeapBase currently logs fatal on passing invalid flags.
Since we control flags combinations as compile time constants within an
enum, we can enforce that all the enum values pass valid flag combos in
order to remove the fatal flag checks.
This avoids aborts in fuzzers consuming the enum value. If a user passes
MEMFD_ALLOW_SEALING_FLAG without FORCE_MEMFD set (not possible if using
the enum values), then the flag is silently ignored.
Test: atest binderUnitTest
Bug: 224667194
Change-Id: Iab90c8b0926ac32f01bb1489bf954c136dd2953f
|
|
|
The default behavior of MemoryHeapBase is to request memory from
ashmem in libcutils. This library is being used to migrate from
ashmem to memfd, but on supported devices, memfd is still debug
only in order to sanitize expectations of callees of the library.
As such, we add a flag to explicitly request memfd files, as well
as to opt into file sealing of memfd files.
Note: the calling process will have to modify selinux permissions
to allow tmpfs access to the domains accessing the shared buffer.
This is more secure than ashmem as granular acess can be specified.
See audioserver_tmpfs in system/selinux for examples.
Test: Expected mappings recieved in Audioflinger for flag combos.
atest binderMemoryHeapBaseUnitTest
Change-Id: I893f7846f4d16b8ccc7f407fb957dccd9ebe62d7
|
