From c16961b8c3b932716b2e576c5877d39411b453cc Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Fri, 25 Jan 2013 13:07:31 -0800
Subject: [PATCH] system_properties: do more checking of file

Check that the permissions on the properties file
are exactly as we expect them to be.

Make sure we close the fd if fstat fails.

Refactor the code slightly.

Change-Id: I5503fd58c3b8093ce7e6d05920748ed70eaf8e2c
---
 libc/bionic/system_properties.c | 26 ++++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/libc/bionic/system_properties.c b/libc/bionic/system_properties.c
index a1312af11..c9cf2f75f 100644
--- a/libc/bionic/system_properties.c
+++ b/libc/bionic/system_properties.c
@@ -69,6 +69,7 @@ static int get_fd_from_env(void)
 int __system_properties_init(void)
 {
     bool fromFile = true;
+    int result = -1;
 
     if(__system_property_area__ != ((void*) &dummy_props)) {
         return 0;
@@ -96,26 +97,35 @@ int __system_properties_init(void)
 
     struct stat fd_stat;
     if (fstat(fd, &fd_stat) < 0) {
-        return -1;
+        goto cleanup;
+    }
+
+    if ((fd_stat.st_uid != 0)
+            || (fd_stat.st_gid != 0)
+            || ((fd_stat.st_mode & (S_IWGRP | S_IWOTH)) != 0)) {
+        goto cleanup;
     }
 
     prop_area *pa = mmap(0, fd_stat.st_size, PROT_READ, MAP_SHARED, fd, 0);
 
-    if (fromFile) {
-        close(fd);
-    }
-
     if (pa == MAP_FAILED) {
-        return -1;
+        goto cleanup;
     }
 
     if((pa->magic != PROP_AREA_MAGIC) || (pa->version != PROP_AREA_VERSION)) {
         munmap(pa, fd_stat.st_size);
-        return -1;
+        goto cleanup;
     }
 
     __system_property_area__ = pa;
-    return 0;
+    result = 0;
+
+cleanup:
+    if (fromFile) {
+        close(fd);
+    }
+
+    return result;
 }
 
 const prop_info *__system_property_find_nth(unsigned n)