It has been reported in b2/19657449 and b2/19381040 that fchmodat
AT_SYMLINK_NOFOLLOW operation on symlink can succeed. It seems to be
controlled by kernel(version or configuration) or user configuration
whether chmod is allowed on symlinks. Unless we can disable chmod on
symlinks in bionic explicitly, we can not guarantee that the test can
pass. But it seems reasonable to allow chmod on symlink if kernel allows
to. So We prefer to loosen the test here, accepting both success and
failure when doing chmod operation on symlinks.
Bug: 19657449
Bug: 19381040
Change-Id: I780e84f0b50d0412fbac9f1c240d07e984892a28
Two parts of tests are added:
1. Compile time warnings for gcc checking built-in functions.
2. Compile time errors for each errordecl() in bionic.
Bug: 19234260
Change-Id: Iec6e4a8070c36815574fe9e0af9595d6143a4757
The kernel system call faccessat() does not have any flags arguments,
so passing flags to the kernel is currently ignored.
Fix the kernel system call so that no flags argument is passed in.
Ensure that we don't support AT_SYMLINK_NOFOLLOW. This non-POSIX
(http://pubs.opengroup.org/onlinepubs/9699919799/functions/access.html)
flag is a glibc extension, and has non-intuitive, error prone behavior.
For example, consider the following code:
symlink("foo.is.dangling", "foo");
if (faccessat(AT_FDCWD, "foo", R_OK, AT_SYMLINK_NOFOLLOW) == 0) {
int fd = openat(AT_FDCWD, "foo", O_RDONLY | O_NOFOLLOW);
}
The faccessat() call in glibc will return true, but an attempt to
open the dangling symlink will end up failing. GLIBC documents this
as returning the access mode of the symlink itself, which will
always return true for any symlink on Linux.
Some further discussions of this are at:
* http://lists.landley.net/pipermail/toybox-landley.net/2014-September/003617.html
* http://permalink.gmane.org/gmane.linux.lib.musl.general/6952
AT_SYMLINK_NOFOLLOW seems broken by design. I suspect this is why this
function was never added to POSIX. (note that "access" is pretty much
broken by design too, since it introduces a race condition between
check and action). We shouldn't support this until it's clearly
documented by POSIX or we can have it produce intuitive results.
Don't support AT_EACCESS for now. Implementing it is complicated, and
pretty much useless on Android, since we don't have setuid binaries.
See http://git.musl-libc.org/cgit/musl/commit/?id=0a05eace163cee9b08571d2ff9d90f5e82d9c228
for how an implementation might look.
Bug: 18867827
Change-Id: I25b86c5020f3152ffa3ac3047f6c4152908d0e04
Bionic never had this bug, but since the proposed fix is to remove the NDK's
broken code, we should add a regression test here.
Bug: https://code.google.com/p/android/issues/detail?id=80199
Change-Id: I4de21b5da9913cef990bc4d05a7e27562a71a02b
The overflow's actually in the generic C implementation of memchr.
While I'm here, let's switch our generic memrchr to the OpenBSD version too.
Bug: https://code.google.com/p/android/issues/detail?id=147048
Change-Id: I296ae06a1ee196d2c77c95a22f11ee4d658962da
This patch adds more tests for math functions to address coverage
issue of math functions discussed in:
https://android-review.googlesource.com/#/c/49653/https://android-review.googlesource.com/#/c/94780/
These are data sets used in regression tests for the Intel the math library (libm). They were collected over a long period of testing various libm implementations.
The data sets contain function specific data (special and corner cases such as +/-0, maximum/minimum normalized numbers, +/-infinity, QNaN/SNaN, maximum/minimum denormal numbers, arguments that would produce close to overflow/underflow results, known hard-to-round cases, etc), implementation specific data (arguments close to table look-up values for different polynomial approximations, worst cases for range reduction algorithms) and other data with interesting bit patterns.
The reference values are computed with Maple and were converted into hexadecimal format.
Change-Id: I7177c282937369eae98f25d02134e4fc3beadde8
Signed-off-by: Jingwei Zhang <jingwei.zhang@intel.com>
Signed-off-by: Mingwei Shi <mingwei.shi@intel.com>
SELinux denies access to some files in /sys, so we can't just trawl
through that asserting general truths. Instead, create a small known
tree.
Sadly neither ftw nor nftw takes user callback data, otherwise it would
be nice to assert that we visit all the expected nodes.
Bug: 19252748
Change-Id: Ib5309c38aaef53e6030281191a265a8d5a619044
When there is an error detected, the code runs forever and then times
out without any indication of what happened. Change it so that error
messages are printed and the test fails.
Change-Id: Id3160fc2f394984de0157356594fd8b40de66b4a
The two bugs are very closely related and code amount is very small,
So I think they may be fixed in one change.
Bug: 19128558
Bug: 19129994
Change-Id: I44a35398e64dfca7e9676428cb8f4026e8f6e488
Many libc functions have an option to not follow symbolic
links. This is useful to avoid security sensitive code
from inadvertantly following attacker supplied symlinks
and taking inappropriate action on files it shouldn't.
For example, open() has O_NOFOLLOW, chown() has
lchown(), stat() has lstat(), etc.
There is no such equivalent function for chmod(), such as lchmod().
To address this, POSIX introduced fchmodat(AT_SYMLINK_NOFOLLOW),
which is intended to provide a way to perform a chmod operation
which doesn't follow symlinks.
Currently, the Linux kernel doesn't implement AT_SYMLINK_NOFOLLOW.
In GLIBC, attempting to use the AT_SYMLINK_NOFOLLOW flag causes
fchmodat to return ENOTSUP. Details are in "man fchmodat".
Bionic currently differs from GLIBC in that AT_SYMLINK_NOFOLLOW
is silently ignored and treated as if the flag wasn't present.
This patch provides a userspace implementation of
AT_SYMLINK_NOFOLLOW for bionic. Using open(O_PATH | O_NOFOLLOW),
we can provide a way to atomically change the permissions on
files without worrying about race conditions.
As part of this change, we add support for fchmod on O_PATH
file descriptors, because it's relatively straight forward
and could be useful in the future.
The basic idea behind this implementation comes from
https://sourceware.org/bugzilla/show_bug.cgi?id=14578 , specifically
comment #10.
Change-Id: I1eba0cdb2c509d9193ceecf28f13118188a3cfa7