Commit Graph

3377 Commits

Author SHA1 Message Date
Nick Kralevich
b871e5d6b3 Merge "system_properties: do more checking of file" 2013-01-25 21:52:00 +00:00
Nick Kralevich
c16961b8c3 system_properties: do more checking of file
Check that the permissions on the properties file
are exactly as we expect them to be.

Make sure we close the fd if fstat fails.

Refactor the code slightly.

Change-Id: I5503fd58c3b8093ce7e6d05920748ed70eaf8e2c
2013-01-25 13:07:31 -08:00
Nick Kralevich
82ef8296dc Merge "prctl.h: include sys/cdefs.h" 2013-01-24 16:44:59 +00:00
Nick Kralevich
8e70b0d5c3 prctl.h: include sys/cdefs.h
prctl.h uses __BEGIN_DECLS but fails to include sys/cdefs.h
(where it's defined).  Code which includes prctl.h without
previously including sys/cdefs.h will fail to compile.

Fixed.

Change-Id: If4c9f3308f08b93596dcd00e351ae786807e9320
2013-01-23 16:49:47 -08:00
Nick Kralevich
b3351f1204 Merge "libc: use more secure system properties if available" 2013-01-23 18:50:24 +00:00
Nick Kralevich
32417fb376 libc: use more secure system properties if available
Currently, system properties are passed via the environment
variable ANDROID_PROPERTY_WORKSPACE and a file descriptor passed
from parent to child. This is insecure for setuid executables,
as the environment variable can be changed by the caller.

Modify system property handling so that we get the properties
from a root owned properties file, rather than using an
environment variable.  Fall back to the environment variable
if the file doesn't exist.

Bug: 8045561
Change-Id: I54f3efa98cf7d63d88788da5ce0d19e34fd7851a
2013-01-23 09:28:35 -08:00
Elliott Hughes
778a68e1e5 Merge "Don't free anything when reporting leaks." 2013-01-23 06:06:21 +00:00
Elliott Hughes
5c8f75ef8b Merge "Disable leak checking for mksh; it's way too leaky." 2013-01-23 06:05:19 +00:00
Elliott Hughes
848247a972 Don't free anything when reporting leaks.
We don't know that they're not going to be cleaned up by a
C++ global destructor that runs after us. This is the case with
bootanimation, for example.

Bug: 7291287
Change-Id: Iba402514d1735fdc2ae4bc95b65396d816be46c0
2013-01-22 18:36:28 -08:00
Elliott Hughes
84f8b5f401 Disable leak checking for mksh; it's way too leaky.
When each shell leaks ~240 allocations, you can't see the leaks from
the program you ran with "adb shell".

Bug: 7291287
Change-Id: Ib8780db72ba0114ebdb24768537da74bbb61f354
2013-01-22 18:35:14 -08:00
Elliott Hughes
28f82b260c Merge "Add const for first argument of sigismember for fit POSIX spec" 2013-01-23 01:11:28 +00:00
Elliott Hughes
8d6302cdcf Merge "Our strcoll(3) is no different from NetBSD's, so take exactly theirs." 2013-01-22 23:19:35 +00:00
Elliott Hughes
2b47307012 Our strcoll(3) is no different from NetBSD's, so take exactly theirs.
Change-Id: I45251047202a229f9175735ecc23c0ebcda71e8d
2013-01-22 15:10:19 -08:00
Elliott Hughes
547eba0a63 Merge "Avoid overflow in memccpy." 2013-01-22 22:53:54 +00:00
Elliott Hughes
c51cd764a2 Avoid overflow in memccpy.
Just take the upstream NetBSD code.

Bug: http://code.google.com/p/android/issues/detail?id=43078
Change-Id: Ibbbde9d00e8bc6a09c9503aab2b04b4e3d1f98b0
2013-01-22 14:41:23 -08:00
Elliott Hughes
85597e2b59 Merge "Clean up debuggerd-related logging." 2013-01-22 22:37:28 +00:00
Elliott Hughes
7af7895eeb Merge "Use the new non-allocating logging for dlmalloc failures." 2013-01-22 22:26:35 +00:00
Elliott Hughes
ce4cf90d79 Use the new non-allocating logging for dlmalloc failures.
Change-Id: I88afe0201ee5766a295fc5a9e710fba9d6e0d363
2013-01-22 14:24:52 -08:00
Elliott Hughes
6b8e321e61 Clean up debuggerd-related logging.
Bug: 7291287
Change-Id: Ia7aa386e8b75b8058d7d9e707e11b1da7dc62f00
2013-01-22 14:17:14 -08:00
Nick Kralevich
244bee5bb6 Merge "bionic_auxv.h: fix #define conflict" 2013-01-22 21:30:27 +00:00
Nick Kralevich
abc21c8056 bionic_auxv.h: fix #define conflict
Both libc/include/sys/auxv.h and libc/private/bionic_auxv.h
use _SYS_AUXV_H_ to see if a header file has already been included.
This prevents both of these files from being included at the same
time.

Fix this name conflict.

Change-Id: Ifaec88aa9779d784b95f8e75145117acf3d5cfc5
2013-01-22 13:09:04 -08:00
Elliott Hughes
02f96b9db0 Merge "Add missing extern "C"." 2013-01-22 19:22:47 +00:00
Elliott Hughes
f90b95ea1a Add missing extern "C".
Change-Id: Idbf24ce8482ff03f24caa89bafb08677b1c5cec3
2013-01-22 11:20:45 -08:00
Elliott Hughes
ca483765bd Merge "Fix the duplication in the debugging code." 2013-01-22 17:44:15 +00:00
Kito Cheng
f373b11f9f Add const for first argument of sigismember for fit POSIX spec
Change-Id: Icbc67375282f2a22dce02e4bacab15ddae846057
2013-01-20 00:15:23 +08:00
Elliott Hughes
1e980b6bc8 Fix the duplication in the debugging code.
We had two copies of the backtrace code, and two copies of the
libcorkscrew /proc/pid/maps code. This patch gets us down to one.

We also had hacks so we could log in the malloc debugging code.
This patch pulls the non-allocating "printf" code out of the
dynamic linker so everyone can share.

This patch also makes the leak diagnostics easier to read, and
makes it possible to paste them directly into the 'stack' tool (by
using relative PCs).

This patch also fixes the stdio standard stream leak that was
causing a leak warning every time tf_daemon ran.

Bug: 7291287
Change-Id: I66e4083ac2c5606c8d2737cb45c8ac8a32c7cfe8
2013-01-18 22:20:06 -08:00
Nick Kralevich
5496bbf6a3 Merge "Revert "Filter ANDROID_PROPERTY_WORKSPACE"" 2013-01-18 20:50:41 +00:00
Guang Zhu
4df577fef7 Revert "Filter ANDROID_PROPERTY_WORKSPACE"
Temporarily revert the change since DNS resolution seems
broken right now in ping util.

Bug: 8029617

This reverts commit a0f64756a4.
2013-01-18 11:28:47 -08:00
Nick Kralevich
4bfaf1e5f6 Merge "FORTIFY_SOURCE: optimize" 2013-01-18 00:49:36 +00:00
Elliott Hughes
e4ca88d9fa Merge "Add functionlity to the scripts to replace tokens in kernel headers based on architecture." 2013-01-18 00:34:13 +00:00
Nick Kralevich
a44e9afdd1 FORTIFY_SOURCE: optimize
Don't do the fortify_source checks if we can determine, at
compile time, that the provided operation is safe.

This avoids silliness like calling fortify source on things like:

  size_t len = strlen("asdf");
  printf("%d\n", len);

and allows the compiler to optimize this code to:

  printf("%d\n", 4);

Defer to gcc's builtin functions instead of pointing our code
to the libc implementation.

Change-Id: I5e1dcb61946461c4afaaaa983e39f07c7a0df0ae
2013-01-17 15:41:33 -08:00
Raghu Gandham
a864c2c234 Add functionlity to the scripts to replace tokens in kernel headers
based on architecture.
2013-01-17 14:39:09 -08:00
Nick Kralevich
f3fe19459f Merge "linker: add -Wl,--exclude-libs,ALL to LDFLAGS" 2013-01-17 16:41:31 +00:00
Nick Kralevich
d89ce40d8e linker: add -Wl,--exclude-libs,ALL to LDFLAGS
The linker is essentially a shared library, and incorporates
it's own copy of libc. Even though it's unnecessary, currently
/system/bin/linker is exporting various libc symbols (only to
apps which explicitly dlopen /system/bin/linker)

Add --exclude-libs,ALL, which tells the static linker to mark
all of the imported libc symbols as hidden. This reduces the
size of /system/bin/linker from 92K to 67K with no obvious
loss in functionality.

  $ adb shell ls -l /system/bin/linker
  -rwxrwxrwx root     root        92260 2013-01-16 16:52 linker

  $ adb shell ls -l /system/bin/linker
  -rwxrwxrwx root     root        67660 2013-01-16 16:49 linker

Documentation on exclude-libs can be found at
http://sourceware.org/binutils/docs-2.21/ld/Options.html

Change-Id: I4508287770e4b7a845def2e6b4af969f9c866c6a
2013-01-16 16:43:58 -08:00
Nick Kralevich
1271cdc1c9 Merge "Revert "stack protector: use AT_RANDOM"" 2013-01-16 21:36:53 +00:00
Nick Kralevich
36bd371e26 Revert "stack protector: use AT_RANDOM"
The AT_RANDOM changes broke setuid / setgid executables
such as "ping". When the linker executes a setuid program,
it cleans the environment, removing any invalid environment
entries, and adding "NULL"s to the end of the environment
array for each removed variable. Later on, we try to determine
the location of the aux environment variable, and get tripped
up by these extra NULLs.

Reverting this patch will get setuid executables working again,
but getauxval() is still broken for setuid programs because of
this bug.

This reverts commit e3a49a8661.

Change-Id: I05c58a896b1fe32cfb5d95d43b096045cda0aa4a
2013-01-16 13:16:42 -08:00
Nick Kralevich
ba117e4172 Merge "stack protector: use AT_RANDOM" 2013-01-16 11:23:26 -08:00
Nick Kralevich
1b34228bb2 Merge "Filter ANDROID_PROPERTY_WORKSPACE" 2013-01-16 11:11:17 -08:00
Nick Kralevich
e3a49a8661 stack protector: use AT_RANDOM
Populate the stack canaries from the kernel supplied
AT_RANDOM value, which doesn't involve any system calls.
This is slightly faster (6 fewer syscalls) and avoids
unnecessarily reading /dev/urandom, which depletes entropy.

Bug: 7959813

Change-Id: If2b43100a2a9929666df3de56b6139fed969e0f1
2013-01-16 10:09:52 -08:00
Elliott Hughes
14e1975e13 Merge "Fix signalfd for MIPS." 2013-01-16 09:42:51 -08:00
Elliott Hughes
f193b9fc21 Fix signalfd for MIPS.
Also mark signalfd's sigset_t* argument as non-nullable.

Change-Id: I466e09cdf3fb92480744c496da92274a97f99dd1
2013-01-16 09:40:25 -08:00
Matthieu Castet
faa0fdb119 arm syscall : for eabi call_default don't use stack
In the default case, we don't need to use the stack, we can save r7 with
ip register (that what does eglibc).

This allow to fix vfork data corruption
(see 3884bfe966), because vfork now don't
use the stack.
2013-01-16 14:53:37 +01:00
Nick Kralevich
a0f64756a4 Filter ANDROID_PROPERTY_WORKSPACE
When executing a setuid executable, filter out ANDROID_PROPERTY_WORKSPACE
from the environment. Some applications implicitly trust the property
space and don't realize that it's passed by an environment variable
which can be modified by the caller.

Change-Id: I3e3a98941f0a1f249a2ff983ecbcfe1278aa9159
2013-01-15 16:02:03 -08:00
Elliott Hughes
791e26d959 Merge "Revert "DO NOT MERGE Revert "Add the libcutils localtime_tz and mktime_t extensions to bionic.""" 2013-01-15 13:21:52 -08:00
Elliott Hughes
acb907fb0d Revert "DO NOT MERGE Revert "Add the libcutils localtime_tz and mktime_t extensions to bionic.""
This reverts commit f4b34b6c39.

The revert was only meant to apply to the jb-mr1 branch, but accidentally
leaked out into AOSP. This revert-revert gets AOSP master and internal
master back in sync.
2013-01-15 11:12:18 -08:00
Nick Kralevich
b59e358bb9 Merge "fix strerror_r test" 2013-01-15 10:56:07 -08:00
Nick Kralevich
606058933c fix strerror_r test
e6e60065ff modified strerror_r to
treat errno as signed. However, the change to the test code
modified the "strerror" test, not the "strerror_r" test.

Make the same change for the strerror_r code.

Change-Id: Ia236a53df5745935e229a4446a74da8bed0cfd7b
2013-01-15 10:35:09 -08:00
Ben Cheng
b09d7d8600 Merge "Add __aeabi_idiv to the dummy reference list." 2013-01-14 15:35:04 -08:00
Ben Cheng
35f5385aa5 Add __aeabi_idiv to the dummy reference list.
If the platform code is compiled with -mcpu=cortex-a15, then without this
change prebuilt libraries built against -march=armv7 cannot resolve the
dependency on __aeabi_idiv (provided by libgcc.a).

Bug: 7961327

cherry-picked from internal master.

Change-Id: I8fe59a98eb53d641518b882523c1d6a724fb7e55
2013-01-14 15:33:40 -08:00
Nick Kralevich
29fe857ec8 Merge "headers: update auxvec.h from Linux kernel" 2013-01-14 14:14:49 -08:00