Add GWP-ASan support to Android WebView

GWP-ASan [1] is a probabilistic heap memory-error detector meant to be deployed in-the-wild. Add calls to initialize GWP-ASan during WebView initialization (gated by feature flags) and white list the annotations GWP-ASan uses to communicate with the crash handler. [1] https://chromium.googlesource.com/chromium/src/+/master/docs/gwp_asan.md CQ-DEPEND=chromium:1757160 Bug: 973167 Change-Id: Ib950dadc957dc4e4c2356a070fa8c7ec244299f4 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1757430Reviewed-by: Richard Coles <torne@chromium.org> Commit-Queue: Vlad Tsyrklevich <vtsyrklevich@chromium.org> Cr-Commit-Position: refs/heads/master@{#689070}

Add GWP-ASan support to Android WebView
GWP-ASan [1] is a probabilistic heap memory-error detector meant to be deployed in-the-wild. Add calls to initialize GWP-ASan during WebView initialization (gated by feature flags) and white list the annotations GWP-ASan uses to communicate with the crash handler. [1] https://chromium.googlesource.com/chromium/src/+/master/docs/gwp_asan.md CQ-DEPEND=chromium:1757160 Bug: 973167 Change-Id: Ib950dadc957dc4e4c2356a070fa8c7ec244299f4 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1757430Reviewed-by: Richard Coles <torne@chromium.org> Commit-Queue: Vlad Tsyrklevich <vtsyrklevich@chromium.org> Cr-Commit-Position: refs/heads/master@{#689070}
ffd03178 · Vlad Tsyrklevich · Commit Bot · 85543319 · ffd03178 · ffd03178
Commit ffd03178 authored Aug 21, 2019 by Vlad Tsyrklevich Committed by Commit Bot Aug 21, 2019
7 changed files
--- a/android_webview/BUILD.gn
+++ b/android_webview/BUILD.gn
@@ -12,6 +12,7 @@ import("//build/config/locales.gni")
 import("//chrome/android/chrome_common_shared_library.gni")
 import("//chrome/android/chrome_public_apk_tmpl.gni")
 import("//chrome/android/trichrome.gni")
+import("//components/gwp_asan/buildflags/buildflags.gni")
 import("//components/spellcheck/spellcheck_build_features.gni")
 import("//tools/grit/repack.gni")
 import("//tools/resources/generate_resource_whitelist.gni")
@@ -713,6 +714,7 @@ source_set("common") {
    "//components/download/public/common:public",
    "//components/embedder_support/android:web_contents_delegate",
    "//components/google/core/common",
+    "//components/gwp_asan/buildflags",
    "//components/heap_profiling",
    "//components/keyed_service/content",
    "//components/metrics",
@@ -787,6 +789,10 @@ source_set("common") {
    ]
  }

+  if (enable_gwp_asan) {
+    deps += [ "//components/gwp_asan/client" ]
+  }
+
  configs += [
    "//tools/v8_context_snapshot:use_v8_context_snapshot",
    "//v8:external_startup_data",

--- a/android_webview/DEPS
+++ b/android_webview/DEPS
@@ -13,6 +13,7 @@ include_rules = [
  "+components/embedder_support/android/java",
  "+components/heap_profiling",
  "+components/google/core",
+  "+components/gwp_asan",
  "+components/network_session_configurator/common",
  "+components/metrics",
  "+components/prefs",

--- a/android_webview/common/BUILD.gn
+++ b/android_webview/common/BUILD.gn
@@ -51,6 +51,7 @@ source_set("common") {
    "//components/cdm/common",
    "//components/crash/content/app",
    "//components/crash/core/common:crash_key",
+    "//components/gwp_asan/common",
    "//components/services/heap_profiling/public/cpp",
    "//components/version_info",
    "//components/version_info:generate_version_info",

--- a/android_webview/common/crash_reporter/crash_keys.cc
+++ b/android_webview/common/crash_reporter/crash_keys.cc
@@ -5,6 +5,7 @@
 #include "android_webview/common/crash_reporter/crash_keys.h"

 #include "components/crash/core/common/crash_key.h"
+#include "components/gwp_asan/common/crash_key_name.h"

 namespace android_webview {
 namespace crash_keys {
@@ -46,6 +47,10 @@ const char* const kWebViewCrashKeyWhiteList[] = {
    "mojo-message-error__4",
    "total-discardable-memory-allocated",

+    // GWP-ASan
+    gwp_asan::kMallocCrashKey,
+    gwp_asan::kPartitionAllocCrashKey,
+
    // crash keys needed for recording finch trials
    "variations",
    "variations__1",

--- a/android_webview/lib/aw_main_delegate.cc
+++ b/android_webview/lib/aw_main_delegate.cc
@@ -37,9 +37,11 @@
 #include "cc/base/switches.h"
 #include "components/autofill/core/common/autofill_features.h"
 #include "components/crash/core/common/crash_key.h"
+#include "components/gwp_asan/buildflags/buildflags.h"
 #include "components/safe_browsing/android/safe_browsing_api_handler_bridge.h"
 #include "components/services/heap_profiling/public/cpp/profiling_client.h"
 #include "components/spellcheck/spellcheck_buildflags.h"
+#include "components/version_info/android/channel_getter.h"
 #include "components/viz/common/features.h"
 #include "content/public/browser/android/media_url_interceptor_register.h"
 #include "content/public/browser/browser_main_runner.h"
@@ -63,6 +65,10 @@
 #include "components/spellcheck/common/spellcheck_features.h"
 #endif  // ENABLE_SPELLCHECK

+#if BUILDFLAG(ENABLE_GWP_ASAN)
+#include "components/gwp_asan/client/gwp_asan.h"  // nogncheck
+#endif
+
 namespace android_webview {

 AwMainDelegate::AwMainDelegate() {}
@@ -312,6 +318,30 @@ bool AwMainDelegate::ShouldCreateFeatureList() {
 void AwMainDelegate::PostEarlyInitialization(bool is_running_tests) {
  InitIcuAndResourceBundleBrowserSide();
  aw_feature_list_creator_->CreateFeatureListAndFieldTrials();
+  PostFieldTrialInitialization();
+}
+
+void AwMainDelegate::PostFieldTrialInitialization() {
+  version_info::Channel channel = version_info::android::GetChannel();
+  bool is_canary_dev = (channel == version_info::Channel::CANARY ||
+                        channel == version_info::Channel::DEV);
+  const base::CommandLine& command_line =
+      *base::CommandLine::ForCurrentProcess();
+  std::string process_type =
+      command_line.GetSwitchValueASCII(switches::kProcessType);
+  bool is_browser_process = process_type.empty();
+
+  ALLOW_UNUSED_LOCAL(is_canary_dev);
+  ALLOW_UNUSED_LOCAL(is_browser_process);
+
+#if BUILDFLAG(ENABLE_GWP_ASAN_MALLOC)
+  gwp_asan::EnableForMalloc(is_canary_dev || is_browser_process,
+                            process_type.c_str());
+#endif
+
+#if BUILDFLAG(ENABLE_GWP_ASAN_PARTITIONALLOC)
+  gwp_asan::EnableForPartitionAlloc(is_canary_dev, process_type.c_str());
+#endif
 }

 content::ContentBrowserClient* AwMainDelegate::CreateContentBrowserClient() {

--- a/android_webview/lib/aw_main_delegate.h
+++ b/android_webview/lib/aw_main_delegate.h
@@ -46,6 +46,7 @@ class AwMainDelegate : public content::ContentMainDelegate {
  void ProcessExiting(const std::string& process_type) override;
  bool ShouldCreateFeatureList() override;
  void PostEarlyInitialization(bool is_running_tests) override;
+  void PostFieldTrialInitialization() override;
  content::ContentBrowserClient* CreateContentBrowserClient() override;
  content::ContentGpuClient* CreateContentGpuClient() override;
  content::ContentRendererClient* CreateContentRendererClient() override;

--- a/components/gwp_asan/common/crash_key_name.h
+++ b/components/gwp_asan/common/crash_key_name.h
@@ -6,14 +6,12 @@
 #define COMPONENTS_GWP_ASAN_COMMON_CRASH_KEY_NAME_H_

 namespace gwp_asan {
-namespace internal {

 // The name of the crash key used to convey the address of the AllocatorState
 // for the malloc/PartitionAlloc hooks to the crash handler.
 const char kMallocCrashKey[] = "gwp-asan-malloc";
 const char kPartitionAllocCrashKey[] = "gwp-asan-partitionalloc";

-}  // namespace internal
 }  // namespace gwp_asan

 #endif  // COMPONENTS_GWP_ASAN_COMMON_CRASH_KEY_NAME_H_