Allow debugging only for apps forked from zygote

Sebastien Hertz · andi34 · commit 41d7f47aa212 · 2016-06-07T18:20:57.000+02:00
When starting the runtime from app_process, we only pass JDWP options if starting zygote. It prevents from opening a JDWP connection in non-zygote programs while Android apps (forked from zygote) remain debuggable. CVE-2015-3865 Bug: 23050463 (cherry picked from commit 7a09b83) Change-Id: Ib5b6d3bc4d45389993c3c54226df5a7b72479d19
diff --git a/cmds/app_process/app_main.cpp b/cmds/app_process/app_main.cpp
@@ -221,14 +221,14 @@ int main(int argc, char* const argv[])
 
     if (zygote) {
         runtime.start("com.android.internal.os.ZygoteInit",
-                startSystemServer ? "start-system-server" : "");
+                startSystemServer ? "start-system-server" : "", zygote);
     } else if (className) {
         // Remainder of args get passed to startup class main()
         runtime.mClassName = className;
         runtime.mArgC = argc - i;
         runtime.mArgV = argv + i;
         runtime.start("com.android.internal.os.RuntimeInit",
-                application ? "application" : "tool");
+                application ? "application" : "tool", zygote);
     } else {
         fprintf(stderr, "Error: no class name or --zygote supplied.\n");
         app_usage();
diff --git a/core/jni/AndroidRuntime.cpp b/core/jni/AndroidRuntime.cpp
@@ -432,7 +432,7 @@ void AndroidRuntime::parseExtraOpts(char* extraOptsBuf)
  *
  * Returns 0 on success.
  */
-int AndroidRuntime::startVm(JavaVM** pJavaVM, JNIEnv** pEnv)
+int AndroidRuntime::startVm(JavaVM** pJavaVM, JNIEnv** pEnv, bool zygote)
 {
     int result = -1;
     JavaVMInitArgs initArgs;
@@ -633,11 +633,15 @@ int AndroidRuntime::startVm(JavaVM** pJavaVM, JNIEnv** pEnv)
         }
     }
 
-    /* enable debugging; set suspend=y to pause during VM init */
-    /* use android ADB transport */
-    opt.optionString =
-        "-agentlib:jdwp=transport=dt_android_adb,suspend=n,server=y";
-    mOptions.add(opt);
+    /*
+     * Enable debugging only for apps forked from zygote.
+     * Set suspend=y to pause during VM init and use android ADB transport.
+     */
+    if (zygote) {
+        opt.optionString =
+            "-agentlib:jdwp=transport=dt_android_adb,suspend=n,server=y";
+        mOptions.add(opt);
+    }
 
     ALOGD("CheckJNI is %s\n", checkJni ? "ON" : "OFF");
     if (checkJni) {
@@ -802,7 +806,7 @@ char* AndroidRuntime::toSlashClassName(const char* className)
  * Passes the main function two arguments, the class name and the specified
  * options string.
  */
-void AndroidRuntime::start(const char* className, const char* options)
+void AndroidRuntime::start(const char* className, const char* options, bool zygote)
 {
     ALOGD("\n>>>>>> AndroidRuntime START %s <<<<<<\n",
             className != NULL ? className : "(unknown)");
@@ -835,7 +839,7 @@ void AndroidRuntime::start(const char* className, const char* options)
     JniInvocation jni_invocation;
     jni_invocation.Init(NULL);
     JNIEnv* env;
-    if (startVm(&mJavaVM, &env) != 0) {
+    if (startVm(&mJavaVM, &env, zygote) != 0) {
         return;
     }
     onVmCreated(env);
diff --git a/include/android_runtime/AndroidRuntime.h b/include/android_runtime/AndroidRuntime.h
@@ -64,7 +64,7 @@ class AndroidRuntime
 
     int addVmArguments(int argc, const char* const argv[]);
 
-    void start(const char *classname, const char* options);
+    void start(const char *classname, const char* options, bool zygote);
 
     void exit(int code);
 
@@ -116,7 +116,7 @@ class AndroidRuntime
 private:
     static int startReg(JNIEnv* env);
     void parseExtraOpts(char* extraOptsBuf);
-    int startVm(JavaVM** pJavaVM, JNIEnv** pEnv);
+    int startVm(JavaVM** pJavaVM, JNIEnv** pEnv, bool zygote);
 
     Vector<JavaVMOption> mOptions;
     bool mExitWithoutCleanup;
