Nick Kralevich
f10c5a2215
libc: make system properties more secure.
...
Currently, system properties are passed via the environment
variable ANDROID_PROPERTY_WORKSPACE and a file descriptor passed
from parent to child. This is insecure for setuid executables,
as the environment variable can be changed by the caller.
Modify system property handling so that we get the properties
from a root owned properties file, rather than using an
environment variable.
Related to bug: 8029617
Change-Id: I5717e51f20f9e4339ed0a1fdf2fc797e52670fbb
2013-01-18 14:30:07 -08:00
Nick Kralevich
c82bc4f472
am 9468ee53
: am f246ae98
: am 5496bbf6
: Merge "Revert "Filter ANDROID_PROPERTY_WORKSPACE""
...
* commit '9468ee53ac01a86255bd00976d8aa5a1a4141020':
Revert "Filter ANDROID_PROPERTY_WORKSPACE"
2013-01-18 14:01:54 -08:00
Nick Kralevich
9468ee53ac
am f246ae98
: am 5496bbf6
: Merge "Revert "Filter ANDROID_PROPERTY_WORKSPACE""
...
* commit 'f246ae984baa133b93af4e14f94ba35990b43dbb':
Revert "Filter ANDROID_PROPERTY_WORKSPACE"
2013-01-18 13:11:13 -08:00
Nick Kralevich
f246ae984b
am 5496bbf6
: Merge "Revert "Filter ANDROID_PROPERTY_WORKSPACE""
...
* commit '5496bbf6a3592fd99cee6b8c20c8624c2aeea0c1':
Revert "Filter ANDROID_PROPERTY_WORKSPACE"
2013-01-18 13:10:04 -08:00
Nick Kralevich
5496bbf6a3
Merge "Revert "Filter ANDROID_PROPERTY_WORKSPACE""
2013-01-18 20:50:41 +00:00
Guang Zhu
4df577fef7
Revert "Filter ANDROID_PROPERTY_WORKSPACE"
...
Temporarily revert the change since DNS resolution seems
broken right now in ping util.
Bug: 8029617
This reverts commit a0f64756a4
.
2013-01-18 11:28:47 -08:00
Guang Zhu
bf1d225593
Revert "Filter ANDROID_PROPERTY_WORKSPACE"
...
Temporarily revert the change since DNS resolution seems
broken right now in ping util.
Bug: 8029617
This reverts commit a0f64756a4
.
2013-01-17 23:25:24 -08:00
Nick Kralevich
c5c99adeed
am 8e833972
: am 0a0c2321
: am 4bfaf1e5
: Merge "FORTIFY_SOURCE: optimize"
...
* commit '8e833972c2506267024136a0f609bdbb26dcc498':
FORTIFY_SOURCE: optimize
2013-01-17 17:08:21 -08:00
Nick Kralevich
8e833972c2
am 0a0c2321
: am 4bfaf1e5
: Merge "FORTIFY_SOURCE: optimize"
...
* commit '0a0c23216766adf76739dc38dcb45934105cd41c':
FORTIFY_SOURCE: optimize
2013-01-17 17:06:11 -08:00
Nick Kralevich
0a0c232167
am 4bfaf1e5
: Merge "FORTIFY_SOURCE: optimize"
...
* commit '4bfaf1e5f62748b305406ff4ceebd5f4b750038c':
FORTIFY_SOURCE: optimize
2013-01-17 17:04:33 -08:00
Elliott Hughes
e230306135
am a4723742
: am 261e9d08
: am e4ca88d9
: Merge "Add functionlity to the scripts to replace tokens in kernel headers based on architecture."
...
* commit 'a4723742c1ee0daa2ec17a148334c548b5edf3a8':
Add functionlity to the scripts to replace tokens in kernel headers based on architecture.
2013-01-17 16:53:57 -08:00
Elliott Hughes
a4723742c1
am 261e9d08
: am e4ca88d9
: Merge "Add functionlity to the scripts to replace tokens in kernel headers based on architecture."
...
* commit '261e9d08dbf1cd7fea7e1799338238d11d18cb7c':
Add functionlity to the scripts to replace tokens in kernel headers based on architecture.
2013-01-17 16:51:09 -08:00
Nick Kralevich
4bfaf1e5f6
Merge "FORTIFY_SOURCE: optimize"
2013-01-18 00:49:36 +00:00
Elliott Hughes
261e9d08db
am e4ca88d9
: Merge "Add functionlity to the scripts to replace tokens in kernel headers based on architecture."
...
* commit 'e4ca88d9fa8757e4fb4056fcafa5bc15b406a2fd':
Add functionlity to the scripts to replace tokens in kernel headers based on architecture.
2013-01-17 16:48:45 -08:00
Elliott Hughes
e4ca88d9fa
Merge "Add functionlity to the scripts to replace tokens in kernel headers based on architecture."
2013-01-18 00:34:13 +00:00
Nick Kralevich
a44e9afdd1
FORTIFY_SOURCE: optimize
...
Don't do the fortify_source checks if we can determine, at
compile time, that the provided operation is safe.
This avoids silliness like calling fortify source on things like:
size_t len = strlen("asdf");
printf("%d\n", len);
and allows the compiler to optimize this code to:
printf("%d\n", 4);
Defer to gcc's builtin functions instead of pointing our code
to the libc implementation.
Change-Id: I5e1dcb61946461c4afaaaa983e39f07c7a0df0ae
2013-01-17 15:41:33 -08:00
Raghu Gandham
a864c2c234
Add functionlity to the scripts to replace tokens in kernel headers
...
based on architecture.
2013-01-17 14:39:09 -08:00
Nick Kralevich
dbcf3ed458
am 36c4eb18
: am 3a72fe58
: am f3fe1945
: Merge "linker: add -Wl,--exclude-libs,ALL to LDFLAGS"
...
* commit '36c4eb188c6594db877bd7b9f46c55264180dc3f':
linker: add -Wl,--exclude-libs,ALL to LDFLAGS
2013-01-17 11:34:20 -08:00
Nick Kralevich
36c4eb188c
am 3a72fe58
: am f3fe1945
: Merge "linker: add -Wl,--exclude-libs,ALL to LDFLAGS"
...
* commit '3a72fe587f454a2eea79b5564e4ab1d3880b51c8':
linker: add -Wl,--exclude-libs,ALL to LDFLAGS
2013-01-17 09:01:14 -08:00
Nick Kralevich
3a72fe587f
am f3fe1945
: Merge "linker: add -Wl,--exclude-libs,ALL to LDFLAGS"
...
* commit 'f3fe19459fd9263e8cc8a413a5313b1ec3cf3975':
linker: add -Wl,--exclude-libs,ALL to LDFLAGS
2013-01-17 08:58:27 -08:00
Nick Kralevich
f3fe19459f
Merge "linker: add -Wl,--exclude-libs,ALL to LDFLAGS"
2013-01-17 16:41:31 +00:00
Robert Greenwalt
89f9b30e4d
Merge "dns cache per interface iteration 2"
2013-01-17 16:14:52 +00:00
Nick Kralevich
d89ce40d8e
linker: add -Wl,--exclude-libs,ALL to LDFLAGS
...
The linker is essentially a shared library, and incorporates
it's own copy of libc. Even though it's unnecessary, currently
/system/bin/linker is exporting various libc symbols (only to
apps which explicitly dlopen /system/bin/linker)
Add --exclude-libs,ALL, which tells the static linker to mark
all of the imported libc symbols as hidden. This reduces the
size of /system/bin/linker from 92K to 67K with no obvious
loss in functionality.
$ adb shell ls -l /system/bin/linker
-rwxrwxrwx root root 92260 2013-01-16 16:52 linker
$ adb shell ls -l /system/bin/linker
-rwxrwxrwx root root 67660 2013-01-16 16:49 linker
Documentation on exclude-libs can be found at
http://sourceware.org/binutils/docs-2.21/ld/Options.html
Change-Id: I4508287770e4b7a845def2e6b4af969f9c866c6a
2013-01-16 16:43:58 -08:00
Nick Kralevich
927d904d52
am 91bc5865
: am 8d01c055
: am 1271cdc1
: Merge "Revert "stack protector: use AT_RANDOM""
...
* commit '91bc5865a333212e7cac934b0a2ac7c522911d58':
Revert "stack protector: use AT_RANDOM"
2013-01-16 13:58:04 -08:00
Nick Kralevich
91bc5865a3
am 8d01c055
: am 1271cdc1
: Merge "Revert "stack protector: use AT_RANDOM""
...
* commit '8d01c0557bb2b7ea30f4038b6c84b816800073a7':
Revert "stack protector: use AT_RANDOM"
2013-01-16 13:55:55 -08:00
Nick Kralevich
8d01c0557b
am 1271cdc1
: Merge "Revert "stack protector: use AT_RANDOM""
...
* commit '1271cdc1c91c6ae688917bc8f4ae59d2a97b3e99':
Revert "stack protector: use AT_RANDOM"
2013-01-16 13:53:25 -08:00
Nick Kralevich
1271cdc1c9
Merge "Revert "stack protector: use AT_RANDOM""
2013-01-16 21:36:53 +00:00
Nick Kralevich
bcd18c0485
am 27ff1ae4
: am de666485
: am ba117e41
: Merge "stack protector: use AT_RANDOM"
...
* commit '27ff1ae414915789b27d0a485ff6d856ae742aad':
stack protector: use AT_RANDOM
2013-01-16 13:34:46 -08:00
Nick Kralevich
dde6b88a9f
am 079e4356
: am 30894bdf
: am 1b34228b
: Merge "Filter ANDROID_PROPERTY_WORKSPACE"
...
* commit '079e4356550030e8bacec86b8aa058ade2b7142c':
Filter ANDROID_PROPERTY_WORKSPACE
2013-01-16 13:34:45 -08:00
Elliott Hughes
31ecd0c342
am b989c9ce
: (-s ours) Revert "DO NOT MERGE Revert "Add the libcutils localtime_tz and mktime_t extensions to bionic.""
...
* commit 'b989c9ceda71f6f75112645b5c45af341275cbab':
Revert "DO NOT MERGE Revert "Add the libcutils localtime_tz and mktime_t extensions to bionic.""
2013-01-16 13:31:35 -08:00
Nick Kralevich
27ff1ae414
am de666485
: am ba117e41
: Merge "stack protector: use AT_RANDOM"
...
* commit 'de666485b8123ac35be94109336f7c56a7e9e3c2':
stack protector: use AT_RANDOM
2013-01-16 13:31:24 -08:00
Nick Kralevich
079e435655
am 30894bdf
: am 1b34228b
: Merge "Filter ANDROID_PROPERTY_WORKSPACE"
...
* commit '30894bdfd6e4c74ab673d47391e62fb14fb51381':
Filter ANDROID_PROPERTY_WORKSPACE
2013-01-16 13:31:23 -08:00
Nick Kralevich
36bd371e26
Revert "stack protector: use AT_RANDOM"
...
The AT_RANDOM changes broke setuid / setgid executables
such as "ping". When the linker executes a setuid program,
it cleans the environment, removing any invalid environment
entries, and adding "NULL"s to the end of the environment
array for each removed variable. Later on, we try to determine
the location of the aux environment variable, and get tripped
up by these extra NULLs.
Reverting this patch will get setuid executables working again,
but getauxval() is still broken for setuid programs because of
this bug.
This reverts commit e3a49a8661
.
Change-Id: I05c58a896b1fe32cfb5d95d43b096045cda0aa4a
2013-01-16 13:16:42 -08:00
Nick Kralevich
de666485b8
am ba117e41
: Merge "stack protector: use AT_RANDOM"
...
* commit 'ba117e4172fe6f160bf5f4d58b37e12c08c34245':
stack protector: use AT_RANDOM
2013-01-16 11:31:00 -08:00
Nick Kralevich
ba117e4172
Merge "stack protector: use AT_RANDOM"
2013-01-16 11:23:26 -08:00
Nick Kralevich
30894bdfd6
am 1b34228b
: Merge "Filter ANDROID_PROPERTY_WORKSPACE"
...
* commit '1b34228bb289723c4ba0534eae57d0d085a3d0fa':
Filter ANDROID_PROPERTY_WORKSPACE
2013-01-16 11:14:01 -08:00
Nick Kralevich
1b34228bb2
Merge "Filter ANDROID_PROPERTY_WORKSPACE"
2013-01-16 11:11:17 -08:00
Elliott Hughes
b989c9ceda
Revert "DO NOT MERGE Revert "Add the libcutils localtime_tz and mktime_t extensions to bionic.""
...
This reverts commit f4b34b6c39
.
2013-01-16 10:34:33 -08:00
Nick Kralevich
e3a49a8661
stack protector: use AT_RANDOM
...
Populate the stack canaries from the kernel supplied
AT_RANDOM value, which doesn't involve any system calls.
This is slightly faster (6 fewer syscalls) and avoids
unnecessarily reading /dev/urandom, which depletes entropy.
Bug: 7959813
Change-Id: If2b43100a2a9929666df3de56b6139fed969e0f1
2013-01-16 10:09:52 -08:00
Elliott Hughes
1a18895ebc
am e05709b1
: am e611fad0
: am 14e1975e
: Merge "Fix signalfd for MIPS."
...
* commit 'e05709b1df7dba98c37e83f84dcbd2ad8429bcfc':
Fix signalfd for MIPS.
2013-01-16 09:50:42 -08:00
Elliott Hughes
e05709b1df
am e611fad0
: am 14e1975e
: Merge "Fix signalfd for MIPS."
...
* commit 'e611fad0d055f2d869981136e5e51b7a01d525fc':
Fix signalfd for MIPS.
2013-01-16 09:48:04 -08:00
Elliott Hughes
e611fad0d0
am 14e1975e
: Merge "Fix signalfd for MIPS."
...
* commit '14e1975e13c197180ed0481f305f83a362b16a24':
Fix signalfd for MIPS.
2013-01-16 09:45:57 -08:00
Elliott Hughes
14e1975e13
Merge "Fix signalfd for MIPS."
2013-01-16 09:42:51 -08:00
Elliott Hughes
f193b9fc21
Fix signalfd for MIPS.
...
Also mark signalfd's sigset_t* argument as non-nullable.
Change-Id: I466e09cdf3fb92480744c496da92274a97f99dd1
2013-01-16 09:40:25 -08:00
Matthieu Castet
faa0fdb119
arm syscall : for eabi call_default don't use stack
...
In the default case, we don't need to use the stack, we can save r7 with
ip register (that what does eglibc).
This allow to fix vfork data corruption
(see 3884bfe966
), because vfork now don't
use the stack.
2013-01-16 14:53:37 +01:00
Nick Kralevich
a0f64756a4
Filter ANDROID_PROPERTY_WORKSPACE
...
When executing a setuid executable, filter out ANDROID_PROPERTY_WORKSPACE
from the environment. Some applications implicitly trust the property
space and don't realize that it's passed by an environment variable
which can be modified by the caller.
Change-Id: I3e3a98941f0a1f249a2ff983ecbcfe1278aa9159
2013-01-15 16:02:03 -08:00
Elliott Hughes
7cfe0d2602
am 04aa0fdd
: (-s ours) am 42c5847d
: (-s ours) am 791e26d9
: (-s ours) Merge "Revert "DO NOT MERGE Revert "Add the libcutils localtime_tz and mktime_t extensions to bionic."""
...
* commit '04aa0fdda60b6a492e572c2a79f21c732e8c33c8':
Revert "DO NOT MERGE Revert "Add the libcutils localtime_tz and mktime_t extensions to bionic.""
2013-01-15 13:40:39 -08:00
Elliott Hughes
04aa0fdda6
am 42c5847d
: (-s ours) am 791e26d9
: (-s ours) Merge "Revert "DO NOT MERGE Revert "Add the libcutils localtime_tz and mktime_t extensions to bionic."""
...
* commit '42c5847d65d3e50a3efc4e32bb913dc66c9d0e4d':
Revert "DO NOT MERGE Revert "Add the libcutils localtime_tz and mktime_t extensions to bionic.""
2013-01-15 13:37:56 -08:00
Elliott Hughes
42c5847d65
am 791e26d9
: (-s ours) Merge "Revert "DO NOT MERGE Revert "Add the libcutils localtime_tz and mktime_t extensions to bionic."""
...
* commit '791e26d9598a72376b8a16a5ccfb5d1ae0010965':
Revert "DO NOT MERGE Revert "Add the libcutils localtime_tz and mktime_t extensions to bionic.""
2013-01-15 13:35:58 -08:00
Elliott Hughes
791e26d959
Merge "Revert "DO NOT MERGE Revert "Add the libcutils localtime_tz and mktime_t extensions to bionic."""
2013-01-15 13:21:52 -08:00