Commit graph

63 commits

Author SHA1 Message Date
Florian Mayer
ca4749af30 header and android_crash_detail prefix for crash_detail API
Bug: 155462331
Change-Id: Ib1c0ac76d2bd036a6b802b0997d9de8be61dfd2b
2024-02-20 23:41:38 +00:00
Florian Mayer
7c83d09679 Add API to allow apps to attach extra information to tombstones.
Test: atest debuggerd_test
Bug: 155462331
Bug: 309446525
Change-Id: Idc8387307738957dbba3daaae59f605566329f0f
2024-02-13 13:41:12 -08:00
dimitry
a66a6830aa Reserve TLS slot for native bridge
Adding the slot to store pointer to the guest state
for natively translated environment.

Test: run bionic unit tests on redfin
Bug: http://b/293142668
Change-Id: I4fea5595fb613f37c85cd2b591cbcd15313973c1
2023-11-10 00:25:07 +01:00
Christopher Ferris
b4e560ed7c Add android_mallopt M_GET_DECAY_TIME_ENABLED.
The bionic benchmarks set the decay time in various ways, but
don't necessarily restore it properly. Add a new method for
getting the current decay time and then a way to restore it.

Right now the assumption is that the decay time defaults to zero,
but in the near future that assumption might be incorrect. Therefore
using this method will future proof the code.

Bug: 302212507

Test: Unit tests pass for both static and dynamic executables.
Test: Ran bionic benchmarks that were modified.
Change-Id: Ia77ff9ffee3081c5c1c02cb4309880f33b284e82
2023-10-30 15:30:16 -07:00
Juan Yescas
8ff3886ff7 Merge "bionic: Fix typo in the argument passed to getauxval()" into main 2023-08-20 17:05:31 +00:00
Kalesh Singh
307bae7afe bionic: Introduce max_page_size()
This can be used to "page-align" variables at build time -
__attribute__((aligned(max_pge_size()))), so it is a
preprocessor macro instead of an inline function.

There is no functional change to the 4kB-only build targets
(!defined(__BIONIC_NO_PAGE_SIZE_MACRO))

Bug: 296275298
Test: mma
Change-Id: I462e9f971a176b6b59e32e449a2e11f95c3f1b45
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
2023-08-19 00:04:53 +00:00
Juan Yescas
0bd4117f3f bionic: Fix typo in the argument passed to getauxval()
AT_PAGESZ is the correct argument for getauxval() to get the page size.

Bug: 277272383
Test: source build/envsetup.sh
      lunch aosp_cf_arm64_phone_pgagnostic
Change-Id: Ied2db77e9fda73b58f65b2f489ad7fab743c2fe7
2023-08-18 03:49:15 +00:00
Juan Yescas
49fdb0babf bionic: Use getauxval(AT_PAGESZ) for page agnostic targets
When the C flag -D__BIONIC_NO_PAGE_SIZE_MACRO is defined,
the function getauxval(AT_PAGESZ) will be called instead of
using the PAGE_SIZE macro for the arm64 architectures.

Bug: 277272383
Bug: 289419664

Test: source build/envsetup.sh
      lunch aosp_raven_pgagnostic_64-userdebug
      m

      source build/envsetup.sh
      lunch aosp_cf_x86_64_phone
      m

Change-Id: Ie904ee5601365abbcf93ee371922a351844eccff
2023-08-10 15:28:19 -07:00
zijunzhao
f0fb41851b Nullability check for modules in /platform directory.
Bugs: b/245972273
Test: adb shell
Change-Id: Iaefd0231de760455b24fb09aada0144a84379689
2023-06-14 22:27:49 +00:00
Peter Collingbourne
bb11ee6d9c Remove PAGE_SIZE call sites.
To enable experiments with non-4KiB page sizes, introduce
an inline page_size() function that will either return the runtime
page size (if PAGE_SIZE is not 4096) or a constant 4096 (elsewhere).
This should ensure that there are no changes to the generated code on
unaffected platforms.

Test: source build/envsetup.sh
      lunch aosp_cf_arm64_16k_phone-userdebug
      m -j32 installclean
      m -j32
Test: launch_cvd \
  -kernel_path /path/to/out/android14-5.15/dist/Image \
  -initramfs_path /path/to/out/android14-5.15/dist/initramfs.img \
  -userdata_format=ext4
Bug: 277272383
Bug: 230790254
Change-Id: Ic0ed98b67f7c6b845804b90a4e16649f2fc94028
2023-06-12 10:59:39 -07:00
Mitch Phillips
2480f491be [GWP-ASan] Add TURN_ON_FOR_APP_SAMPLED_NON_CRASHING to android_mallopt
This mode allows an android_mallopt(M_INITIALIZE_GWP_ASAN, ...) to turn
on the recoverable, sampled mode. This is the intended mode for
non-system apps that don't specify the gwpAsanMode in Android U.

Bug: 247012630
Test: Patch the zygote to use this option, launch an app with
gwpAsanMode unspecified, trigger a use-after-free, assert the app uses
the recoverable mode.

Change-Id: I701e10f44b2e2694789cc5ec6f0af4bc0c55b9e4
2023-02-02 15:58:35 -08:00
Elliott Hughes
43462707a1 riscv64 TLS support.
Signed-off-by: Mao Han <han_mao@linux.alibaba.com>
Signed-off-by: Xia Lifang <lifang_xia@linux.alibaba.com>
Signed-off-by: Chen Guoyin <chenguoyin.cgy@linux.alibaba.com>
Signed-off-by: Wang Chen <wangchen20@iscas.ac.cn>
Signed-off-by: Lu Xufan <luxufan@iscas.ac.cn>
Test: treehugger
Change-Id: I14efb4a03a3dc2ec736d7e47a3f8859c886eb9d6
2022-10-10 20:30:24 +00:00
Elliott Hughes
e0b9474854 Merge "riscv64 __get_tls()." 2022-10-08 03:02:56 +00:00
Elliott Hughes
fc009dd8a7 riscv64 __get_tls().
Signed-off-by: Mao Han <han_mao@linux.alibaba.com>
Signed-off-by: Xia Lifang <lifang_xia@linux.alibaba.com>
Signed-off-by: Chen Guoyin <chenguoyin.cgy@linux.alibaba.com>
Signed-off-by: Wang Chen <wangchen20@iscas.ac.cn>
Signed-off-by: Lu Xufan <luxufan@iscas.ac.cn>
Test: treehugger
Change-Id: Ie7616cef6d394ba457c30c58d15f696c9b6d3853
2022-10-07 21:33:57 +00:00
Elliott Hughes
203b0b7346 riscv64 BIONIC_STOP_UNWIND.
Signed-off-by: Mao Han <han_mao@linux.alibaba.com>
Signed-off-by: Xia Lifang <lifang_xia@linux.alibaba.com>
Signed-off-by: Chen Guoyin <chenguoyin.cgy@linux.alibaba.com>
Signed-off-by: Wang Chen <wangchen20@iscas.ac.cn>
Signed-off-by: Lu Xufan <luxufan@iscas.ac.cn>
Test: treehugger
Change-Id: I1b6723e9fb60de8f98a716ef388ec81a41df02d3
2022-10-07 21:33:08 +00:00
Florian Mayer
cc61ad895e Add android_mallopt to query MTE stack state
Bug: 244364391
Change-Id: Ie6267201f0c2e293b27c71cd160a2311c9de8091
2022-09-07 23:38:42 +00:00
Florian Mayer
d71bc4bc3a Fix comment to indicate android_mallopt is also available to APEXes.
Change-Id: Ic8ed578ab3323e6e1a80e05756202354b92fd512
2022-08-31 22:30:04 +00:00
Mitch Phillips
e6997d52de [GWP-ASan] Provide runtime configuration through an env var + sysprop.
This patch introduces GWP-ASan system properties and environment
variables to control the internal sampling rates of GWP-ASan. This can
be used for:

 1. "Torture testing" the system, i.e. running it under an extremely
    high sampling rate under GWP-ASan.
 2. Increasing sampling remotely to allow further crash report
    collection of rare issues.

There are three sets of system properites:
 1. libc.debug.gwp_asan.*.system_default: Default values for native
    executables and system apps.
 2. libc.debug.gwp_asan.*.app_default: Default values for non-system
    apps, and
 3. libc.debug.gwp_asan.*.<basename/app_name>: Default values for an
    individual app or native process.

There are three variables that can be changed:
 1. The allocation sampling rate (default: 2500) - using the environment
    variable GWP_ASAN_SAMPLE_RATE or the libc.debug.gwp_asan.sample_rate.*
    system property.
 2. The process sampling rate (default: 128 for system apps/processes, 1
    for opted-in apps) - using the environment variable
    GWP_ASAN_PROCESS_SAMPLING or the libc.debug.gwp_asan.process_sampling.*
    system property,
 3. The number of slots available (default: 32) - using the environment
    variable GWP_ASAN_MAX_ALLOCS or the libc.debug.gwp_asan.max_allocs.*
    system property.

If not specified, #3 will be calculated as a ratio of the default
|2500 SampleRate : 32 slots|. So, a sample rate of "1250" (i.e. twice as
frequent sampling) will result in a doubling of the max_allocs to "64".

Bug: 219651032
Test: atest bionic-unit-tests
Change-Id: Idb40a2a4d074e01ce3c4e635ad639a91a32d570f
2022-04-20 11:26:00 -07:00
Elliott Hughes
7309177235 Revert "Disable pointer authentication in app processes."
Revert submission 1954983-master-I3030c47be9d02a27505bd4775c1982a20755758c

Reason for revert: PAC has shipped with S, and we're going with app compat outreach rather than regressing security.
Reverted Changes:
I3030c47be:Disable pointer authentication in app processes.
I3030c47be:Disable pointer authentication in app processes.

Change-Id: I8761f08ddbd9077ff98b1a9a0c323de968792778
2022-03-10 18:01:04 +00:00
Peter Collingbourne
bf52e88596 Disable pointer authentication in app processes.
Unfortunately we have discovered that some applications in the wild
are using PAC instructions incorrectly. To keep those applications
working on PAC enabled devices, disable PAC in application processes
for now.

Bug: 212660282
Change-Id: I3030c47be9d02a27505bd4775c1982a20755758c
2022-01-19 13:35:54 -08:00
Josh Gao
dcc97c0887 Disable fdtrack post-fork.
Also delete some fdsan code that attempts to check for the post-fork
state, but never will, because we update the cached pid upon fork.

Bug: http://b/174542867
Test: /data/nativetest64/bionic-unit-tests/bionic-unit-tests
Test: treehugger
Change-Id: I9b748dac9de9b4c741897d93e64d31737e52bf8e
2021-04-07 19:00:45 -07:00
Elliott Hughes
73366636e1 Remove the now-unnecessary android_mallopt() options.
These are available from mallopt() now, and all callers have been
switched over.

Bug: http://b/135772972
Test: treehugger
Change-Id: I90c7a7573b261c27001a2dfd4589b23861ad613b
2021-01-15 18:08:25 -08:00
Elliott Hughes
e925485acd Merge "Make "disable memory mitigations" and "set heap tagging level" more available." 2021-01-15 00:49:45 +00:00
Elliott Hughes
446b4dde72 Make "disable memory mitigations" and "set heap tagging level" more available.
These were only available internally via android_mallopt(), but they're
likely to be needed by more code in future, so move them into mallopt().

This change leaves the android_mallopt() options for now, but I plan on
coming back to remove them after I've switched the handful of callers
over to mallopt() instead.

Bug: http://b/135772972
Test: treehugger
Change-Id: Ia154614069a7623c6aca85975a91e6a156f04759
2021-01-14 13:34:20 -08:00
Mitch Phillips
4cded9729b [MTE] Add MEMTAG_OPTIONS and arm64.memtag.process.* sysprop parsing.
These two options allow for ARM MTE to be enabled dynamically (instead
of at compile time via the ELF note). They are settable from a non-root
shell to allow device owners to test system binaries with MTE.

The following values may be set:
  1. 'off' -> No MTE, uses TBI on compatible devices.
  2. 'sync' -> SYNC MTE.
  3. 'async' -> ASYNC MTE.

The following methods can be used to launch a process (sanitizer-status)
with configurable values:
  1. adb shell MEMTAG_OPTIONS=async sanitizer-status
  2. adb shell setprop arm64.memtag.process.sanitizer-status async && \
     adb shell sanitizer-status

Note: The system server will require some special handing in the zygote
pre-fork to check the sysprops. The zygote should always have the ELF
note. TODO in a subsequent patch.

Bug: 135772972
Bug: 172365548
Test: Launching sanitizer-status above using both the settings.
Change-Id: Ic1dbf3985a3f23521ec86725ec482c8f6739c182
2021-01-14 13:13:17 -08:00
Peter Collingbourne
7e20117a36 Remove ANDROID_EXPERIMENTAL_MTE.
Now that the feature guarded by this flag has landed in Linux 5.10
we no longer need the flag, so we can remove it.

Bug: 135772972
Change-Id: I02fa50848cbd0486c23c8a229bb8f1ab5dd5a56f
2021-01-11 10:55:51 -08:00
Peter Collingbourne
9eb85bf70c Change the android_mallopt(M_SET_HEAP_TAGGING_LEVEL) API.
- Make it apply to every thread, and thus remove the restriction
  that it must be called while the program is single threaded.
- Make it change TCF0 itself (on all threads), instead of requiring
  callers to do it themselves, which can be error prone.

And update all of the call sites.

Change the implementation of
android_mallopt(M_DISABLE_MEMORY_MITIGATIONS) to call
android_mallopt(M_SET_HEAP_TAGGING_LEVEL) internally. This avoids
crashes during startup that were observed when the two mallopts
updated TCF0 unaware of each other.

I wouldn't expect there to be any out-of-tree callers at this point,
but it's worth noting that the new interface is backwards compatible
with the old one because it strictly expands the set of situations in
which the API can be used (i.e. situations where there are multiple
threads running or where TCF0 hadn't been updated beforehand).

Bug: 135772972
Change-Id: I7746707898ff31ef2e0af01c4f55ba90b72bef51
2020-11-18 10:24:29 -08:00
Peter Collingbourne
a5c4b17e13 Clear PAC bits in android_unsafe_frame_pointer_chase().
Bug: 172057932
Change-Id: Ie0eb4800a6699f2094070e97e5157d4e9c186097
2020-10-30 14:36:37 -07:00
Peter Collingbourne
5d3aa86cd1 Add an API for per-process disabling memory initialization.
Introduce an android_mallopt(M_DISABLE_MEMORY_MITIGATIONS) API call
that may be used to disable zero- or pattern-init on non-MTE hardware,
or memory tagging on MTE hardware. The intent is that this function
may be called at any time, including when there are multiple threads
running.

Disabling zero- or pattern-init is quite trivial, we just need to set
a global variable to 0 via a Scudo API call (although there will be
some separate work required on the Scudo side to make this operation
thread-safe).

It is a bit more tricky to disable MTE across a process, because
the kernel does not provide an API for disabling tag checking in all
threads in a process, only per-thread. We need to send a signal to each
of the process's threads with a handler that issues the required prctl
call, and lock thread creation for the duration of the API call to
avoid races between thread enumeration and calls to pthread_create().

Bug: 135772972
Change-Id: I81ece86ace916eb6b435ab516cd431ec4b48a3bf
2020-10-08 14:02:36 -07:00
Peter Collingbourne
cf69abc0f4 Merge "Dump the per-thread TAGGED_ADDR_CTRL value if available." 2020-09-18 22:00:53 +00:00
Peter Collingbourne
98d79de51d Dump the per-thread TAGGED_ADDR_CTRL value if available.
This value indicates whether memory tagging is enabled on a thread,
the mode (sync or async) and the set of excluded tags. This information
can sometimes be important for understanding an MTE related crash,
so include it in the per-thread tombstone output.

Bug: 135772972
Change-Id: I25a16e10ac7fbb2b1ab2a961a5279f787039000b
2020-09-15 21:32:36 -07:00
Peter Collingbourne
38d290a11d Implement a new mechanism to let Scudo access the TLS slot
An upcoming change to Scudo will change how we use the TLS slot
in tsd_shared.h, which will be a little easier to deal with if
we can remove the code path that calls pthread_getspecific and
pthread_setspecific. The only known user of this code path is Fuchsia.

We can't eliminate this code path by making Fuchsia use ELF TLS
because although Fuchsia supports ELF TLS, it is not supported within
libc itself. To address this, Roland McGrath on the Fuchsia team has
proposed that Scudo will optionally call a platform-provided function
to access a TLS slot reserved for Scudo. Android also has a reserved
TLS slot, but the code that accesses the TLS slot lives in Scudo.

We can eliminate some complexity and duplicated code by having Android
implement the same mechanism that was proposed for Fuchsia, which is
what this change does. A separate change to Scudo will make use of it.

Bug: 163630045
Change-Id: I4678105c9c47a23feb5a5e80a314416de4556d9c
2020-09-10 13:55:24 -07:00
Peter Collingbourne
642b374e64 Merge "Define mte_supported() on non-aarch64." 2020-05-21 20:49:11 +00:00
Christopher Ferris
9bf7817dd2 Fix deadlock/timeout in thread unwinding.
When malloc debug is enabled, using libbacktrace to unwind can
result in a deadlock. This happens when an unwind of a thread
is occuring which triggers a signal to be sent to that thread. If
that thread is interrupted while a malloc debug function is
executing and owns a lock, that thread is then stuck in the signal
handler. Then the original unwinding thread attempts to do an
allocation and gets stuck waiting for the same malloc debug lock.

This is not a complete deadlock since the unwinder has timeouts,
but it results in truncated unwinds that take at least five
seconds to complete.

Only the backtrace signals needs to be blocked because it is the only
known signal that will result in a thread being paused in a signal
handler.

Also, added a named signal in the reserved signal list for the
special bionic backtrace signal.

Bug: 150833265

Test: New unit tests pass with fix, fail without fix.
Change-Id: If3e41f092ebd40ce62a59ef51d636a91bc31ed80
2020-05-20 18:18:54 -07:00
Peter Collingbourne
1541800aa7 Define mte_supported() on non-aarch64.
It turns out that we need this on non-aarch64 more than I thought
we would, so let's start defining it everywhere.

Also expose platform headers to sanitizer-status.

Bug: 135772972
Change-Id: Ia7fd8a9bca0c123c4ca2ecd5f250f3a628a5513b
2020-05-12 16:03:50 -07:00
Peter Collingbourne
d3060019de Introduce a new heap tagging level, M_HEAP_TAGGING_LEVEL_SYNC.
The SYNC tagging level enables stack trace collection for allocations and
deallocations, which allows allocation and deallocation stack traces to
appear in tombstones when encountering a tag check fault in synchronous tag
checking mode.

Bug: 135772972
Change-Id: Ibda9f51b29d2c8e2c993fc74425dea7bfa23ab1e
2020-05-05 13:28:16 -07:00
Peter Collingbourne
a41c3256d7 Switch to new kernel ptrace interface for reading tags.
Bug: 135772972
Change-Id: I1839f04130736b8f7ba0c282d4d6833d50b1a9ae
2020-04-24 17:32:23 -07:00
Peter Collingbourne
6e316e6112 Add PTRACE_PEEKTAG to mte_kernel.h.
This constant is used by the experimental ptrace API for reading
tags in other processes.

Also expose the platform headers to libunwindstack.

Bug: 135772972
Change-Id: I2daecdaa4c8b557b42222f65fc6b68d13da84ad4
2020-04-07 16:49:36 -07:00
Florian Mayer
96272df35c dynamic libc: ignore ART profiling signal by default.
These solves the issue that targetting non-profilable apps crashed them.
There is still a race condition between starting the app and the SIG_IGN
being installed, but that will be fixed in follow-ups.

This also does not cover programs that statically link libc, but those are
rare.

This might be reverted if we find a more general solution to
b/151835887.

Bug: 151328035
Test: java profile sysui, doesn't crash
Test: atest CtsBionicTestCases

Change-Id: I6b99352ed50afe15a609f7ddb85312c2676ddf11
2020-03-27 19:22:00 +01:00
Peter Collingbourne
2528dab741 Clean up untag_address.
We had two copies of this function, one (not quite correct) in tests/utils.h
and another in bionic/macros.h. Delete the former and have the users include
the latter.

Also, create an overload of the function that takes a uintptr_t, which will
be useful for out-of-process scenarios such as the MTE support in debuggerd.

Bug: 135772972
Change-Id: Ia3c2652c97797663146b3f05fa786afe09f7ea97
2020-03-20 15:35:54 -07:00
Chih-Hung Hsieh
fa658eb094 Fix bugprone-macro-parentheses warnings
Bug: 150783705
Test: WITH_TIDY=1 make
Change-Id: If47b7adaa5f3ba3c518fb0be48f0ffdc81d204b2
2020-03-04 13:22:05 -08:00
Peter Collingbourne
80af1b0a2c Update bionic to the v2 MTE patch set.
The values of some constants have changed, and the tag mask has changed from
being an exclusion mask to an inclusion mask.

Bug: 135772972
Change-Id: I322fceae7003bee6b391e7187194ed4c0cb28c58
2020-02-28 01:55:20 +00:00
Peter Collingbourne
45819dde10 Allow android_mallopt(M_SET_HEAP_TAGGING_LEVEL) to control scudo heap tagging.
The tag level may now be async, which is now the default. When the tag level
is set to none, memory tagging is disabled in the allocator using the new
API proposed in https://reviews.llvm.org/D70762 .

Bug: 135772972
Change-Id: I847f5822a70913c446ed9ffa13792177bbfc96af
2020-02-20 15:25:08 -08:00
Peter Collingbourne
c8cef93f24 Allow nested usage of ScopedDisableMTE.
An upcoming change to scudo will cause us to start calling
android_unsafe_frame_pointer_chase() from within the allocator. Since this
function uses ScopedDisableMTE, this would otherwise make it unsafe to use
the allocator from within ScopedDisableMTE. This seems like an unreasonable
restriction, so make ScopedDisableMTE save the PSTATE.TCO state in the
constructor and restore it in the destructor.

Bug: 135772972
Change-Id: I47e18d5fb2929efd5a58676488180cd85731007b
2020-02-18 13:13:57 -08:00
Elliott Hughes
5ac438e5da Clean up mips references in the headers.
Test: treehugger
Change-Id: I1997af980b9e46c7c530f9e6cb1aa407b2d63d76
2020-02-13 18:00:16 -08:00
Mitch Phillips
f3968e89cb [GWP-ASan] Integrate GWP-ASan into bionc's malloc() (using hooks).
This patch introduces GWP-ASan - a sampled allocator framework that
finds use-after-free and heap-buffer-overflow bugs in production
environments.

GWP-ASan is being introduced in an always-disabled mode. This means that
GWP-ASan will be permanently disabled until a further patch turns on
support. As such, there should be no visible functional change for the
time being.

GWP-ASan requires -fno-emulated-tls wherever it's linked from. We
intentionally link GWP-ASan into libc so that it's part of the initial
set of libraries, and thus has static TLS storage (so we can use
Initial-Exec TLS instead of Global-Dynamic). As a benefit, this reduces
overhead for a sampled process.

GWP-ASan is always initialised via. a call to
mallopt(M_INITIALIZE_GWP_ASAN, which must be done before a process is
multithreaded).

More information about GWP-ASan can be found in the upstream
documentation: http://llvm.org/docs/GwpAsan.html

Bug: 135634846
Test: atest bionic
Change-Id: Ib9bd33337d17dab39ac32f4536bff71bd23498b0
2020-02-10 10:51:23 -08:00
Peter Collingbourne
5f45c18a7f Add an android_unsafe_frame_pointer_chase function.
This function will be used by Scudo and GWP-ASan to efficiently collect
stack traces for frames built with frame pointers.

Bug: 135634846
Bug: 135772972
Change-Id: Ic63efdbafe11dfbb1226b5b4b403d53c4dbf28f3
Merged-In: Ic63efdbafe11dfbb1226b5b4b403d53c4dbf28f3
2020-02-03 10:30:45 -08:00
Peter Collingbourne
4fe5b783a4 Merge "Add some MTE-related helpers." 2020-01-31 00:00:44 +00:00
Josh Gao
7596250722 Move fdtrack APIs to LLNDK.
Test: logcat -c; fdtrack_test; logcat -d
Change-Id: Ib6f75a7c8bbc4d6efa0708dcbbfe4ad3c0641022
2020-01-30 13:55:10 -08:00
Josh Gao
97271920bf Add a tool to track down fd leaks.
Add a hook that's called upon file descriptor creation to libc, and a
library that uses it to capture backtraces for file descriptor creation,
to make it easier to hunt down file descriptor leaks.

Currently, this doesn't capture all of the ways of creating a file
descriptor, but completeness isn't required for this to be useful as
long as leaked file descriptors are created with a function that is
tracked. The primary unhandled case is binder, which receives file
descriptors as a payload in a not-trivially-parsable byte blob, but
there's a chance that the leak we're currently trying to track down
isn't of a file descriptor received over binder, so leave that for
later.

Bug: http://b/140703823
Test: manual
Change-Id: I308a14c2e234cdba4207157b634ab6b8bc539dd9
(cherry picked from commit b7eccd4b15)
2020-01-30 13:55:10 -08:00