Many libc functions have an option to not follow symbolic
links. This is useful to avoid security sensitive code
from inadvertantly following attacker supplied symlinks
and taking inappropriate action on files it shouldn't.
For example, open() has O_NOFOLLOW, chown() has
lchown(), stat() has lstat(), etc.
There is no such equivalent function for chmod(), such as lchmod().
To address this, POSIX introduced fchmodat(AT_SYMLINK_NOFOLLOW),
which is intended to provide a way to perform a chmod operation
which doesn't follow symlinks.
Currently, the Linux kernel doesn't implement AT_SYMLINK_NOFOLLOW.
In GLIBC, attempting to use the AT_SYMLINK_NOFOLLOW flag causes
fchmodat to return ENOTSUP. Details are in "man fchmodat".
Bionic currently differs from GLIBC in that AT_SYMLINK_NOFOLLOW
is silently ignored and treated as if the flag wasn't present.
This patch provides a userspace implementation of
AT_SYMLINK_NOFOLLOW for bionic. Using open(O_PATH | O_NOFOLLOW),
we can provide a way to atomically change the permissions on
files without worrying about race conditions.
As part of this change, we add support for fchmod on O_PATH
file descriptors, because it's relatively straight forward
and could be useful in the future.
The basic idea behind this implementation comes from
https://sourceware.org/bugzilla/show_bug.cgi?id=14578 , specifically
comment #10.
Change-Id: I1eba0cdb2c509d9193ceecf28f13118188a3cfa7
All these inlines were turned in to out of line definitions in L.
This brings us a step closer to being able to just use the current
bionic headers for the NDK, rather than having many old versions of
them.
Change-Id: Ie010bc727d78d3742abc577c70f6578db2e68625
If two or more threads crash at the same time, only let one talk to
debuggerd. It's possible for a race to occur that two threads send
data to debuggerd, the second one will cause errors in debuggerd since
the process will die once debuggerd lets the crashing pid start again.
Bug: 19183955
Change-Id: I17dfce46102117ab4a870f7381bd526488d37fb5
The kernel version of the stat structure is used during the syscalls. After the syscall,
the kernel stat structure is converted to match the generic one. Eventually we would like
the generic stat structure and related syscalls be added to MIPS64 kernel, removing the
thunks added to AOSP.
Change-Id: I7764e80278c1cc8254754c3531ec2dda7544a8ec
Move various mips-only things into the arch-mips directory. As soon as mips
writes assembler replacements, we can remove these.
Change-Id: Ia7308559bc361f5c8df3e1d456b381865e060b93
Interestingly, this mostly involves cleaning up our implementation of
various <string.h> functions.
Change-Id: Ifaef49b5cb997134f7bc0cc31bdac844bdb9e089
The code now compiles with all combinations of DEBUG and
DEBUG_DATA except DEBUG_DATA=1, DEBUG=0, which is unsupported.
Change-Id: I9035a65c649df73092f1fc0864ae1cdd9a14aa3b
