libc: use more secure system properties if available

Currently, system properties are passed via the environment
variable ANDROID_PROPERTY_WORKSPACE and a file descriptor passed
from parent to child. This is insecure for setuid executables,
as the environment variable can be changed by the caller.

Modify system property handling so that we get the properties
from a root owned properties file, rather than using an
environment variable.  Fall back to the environment variable
if the file doesn't exist.

Bug: 8045561
Change-Id: I54f3efa98cf7d63d88788da5ce0d19e34fd7851a

libc/include/sys/_system_properties.h

@@ -41,6 +41,7 @@ typedef struct prop_msg prop_msg;
 #define PROP_AREA_VERSION 0x45434f76
 
 #define PROP_SERVICE_NAME "property_service"
+#define PROP_FILENAME "/dev/__properties__"
 
 /* #define PROP_MAX_ENTRIES 247 */
 /* 247 -> 32620 bytes (<32768) */