Check that the permissions on the properties file
are exactly as we expect them to be.
Make sure we close the fd if fstat fails.
Refactor the code slightly.
Change-Id: I5503fd58c3b8093ce7e6d05920748ed70eaf8e2c
prctl.h uses __BEGIN_DECLS but fails to include sys/cdefs.h
(where it's defined). Code which includes prctl.h without
previously including sys/cdefs.h will fail to compile.
Fixed.
Change-Id: If4c9f3308f08b93596dcd00e351ae786807e9320
Currently, system properties are passed via the environment
variable ANDROID_PROPERTY_WORKSPACE and a file descriptor passed
from parent to child. This is insecure for setuid executables,
as the environment variable can be changed by the caller.
Modify system property handling so that we get the properties
from a root owned properties file, rather than using an
environment variable. Fall back to the environment variable
if the file doesn't exist.
Bug: 8045561
Change-Id: I54f3efa98cf7d63d88788da5ce0d19e34fd7851a
We don't know that they're not going to be cleaned up by a
C++ global destructor that runs after us. This is the case with
bootanimation, for example.
Bug: 7291287
Change-Id: Iba402514d1735fdc2ae4bc95b65396d816be46c0
When each shell leaks ~240 allocations, you can't see the leaks from
the program you ran with "adb shell".
Bug: 7291287
Change-Id: Ib8780db72ba0114ebdb24768537da74bbb61f354
Both libc/include/sys/auxv.h and libc/private/bionic_auxv.h
use _SYS_AUXV_H_ to see if a header file has already been included.
This prevents both of these files from being included at the same
time.
Fix this name conflict.
Change-Id: Ifaec88aa9779d784b95f8e75145117acf3d5cfc5
We had two copies of the backtrace code, and two copies of the
libcorkscrew /proc/pid/maps code. This patch gets us down to one.
We also had hacks so we could log in the malloc debugging code.
This patch pulls the non-allocating "printf" code out of the
dynamic linker so everyone can share.
This patch also makes the leak diagnostics easier to read, and
makes it possible to paste them directly into the 'stack' tool (by
using relative PCs).
This patch also fixes the stdio standard stream leak that was
causing a leak warning every time tf_daemon ran.
Bug: 7291287
Change-Id: I66e4083ac2c5606c8d2737cb45c8ac8a32c7cfe8
Don't do the fortify_source checks if we can determine, at
compile time, that the provided operation is safe.
This avoids silliness like calling fortify source on things like:
size_t len = strlen("asdf");
printf("%d\n", len);
and allows the compiler to optimize this code to:
printf("%d\n", 4);
Defer to gcc's builtin functions instead of pointing our code
to the libc implementation.
Change-Id: I5e1dcb61946461c4afaaaa983e39f07c7a0df0ae
The AT_RANDOM changes broke setuid / setgid executables
such as "ping". When the linker executes a setuid program,
it cleans the environment, removing any invalid environment
entries, and adding "NULL"s to the end of the environment
array for each removed variable. Later on, we try to determine
the location of the aux environment variable, and get tripped
up by these extra NULLs.
Reverting this patch will get setuid executables working again,
but getauxval() is still broken for setuid programs because of
this bug.
This reverts commit e3a49a8661125f24aec8a1453e54b3b78005e21e.
Change-Id: I05c58a896b1fe32cfb5d95d43b096045cda0aa4a
