Adds additional sanitization for Zygote command arguments.

Previously we were only insuring that the arguments provided to the
Zygote didn't contain any newlines.  This adds additional checks for
carriage returns and standalone integer arguments to protect against
malicious argument and packet injection respectively.

Bug: 130164289
Test: m & flash & boot & check logs
Change-Id: I4055c50d52db0047c02c11096710fd07b429660c
Merged-In: I4055c50d52db0047c02c11096710fd07b429660c
(cherry picked from commit c99198249f8bb79487d4f9f0f45b5b2fefaba41a)

diff --git a/core/java/android/os/ZygoteProcess.java b/core/java/android/os/ZygoteProcess.java
index db7c229..6478de2 100644 (file)
--- a/core/java/android/os/ZygoteProcess.java
+++ b/core/java/android/os/ZygoteProcess.java
@@ -385,13 +385,17 @@ public class ZygoteProcess {
      */
     @GuardedBy("mLock")
     private Process.ProcessStartResult zygoteSendArgsAndGetResult(
-            ZygoteState zygoteState, boolean useUsapPool, ArrayList<String> args)
+            ZygoteState zygoteState, boolean useUsapPool, @NonNull ArrayList<String> args)
             throws ZygoteStartFailedEx {
         // Throw early if any of the arguments are malformed. This means we can
         // avoid writing a partial response to the zygote.
         for (String arg : args) {
+            // Making two indexOf calls here is faster than running a manually fused loop due
+            // to the fact that indexOf is a optimized intrinsic.
             if (arg.indexOf('\n') >= 0) {
-                throw new ZygoteStartFailedEx("embedded newlines not allowed");
+                throw new ZygoteStartFailedEx("Embedded newlines not allowed");
+            } else if (arg.indexOf('\r') >= 0) {
+                throw new ZygoteStartFailedEx("Embedded carriage returns not allowed");
             }
         }