Many libc functions have an option to not follow symbolic
links. This is useful to avoid security sensitive code
from inadvertantly following attacker supplied symlinks
and taking inappropriate action on files it shouldn't.
For example, open() has O_NOFOLLOW, chown() has
lchown(), stat() has lstat(), etc.
There is no such equivalent function for chmod(), such as lchmod().
To address this, POSIX introduced fchmodat(AT_SYMLINK_NOFOLLOW),
which is intended to provide a way to perform a chmod operation
which doesn't follow symlinks.
Currently, the Linux kernel doesn't implement AT_SYMLINK_NOFOLLOW.
In GLIBC, attempting to use the AT_SYMLINK_NOFOLLOW flag causes
fchmodat to return ENOTSUP. Details are in "man fchmodat".
Bionic currently differs from GLIBC in that AT_SYMLINK_NOFOLLOW
is silently ignored and treated as if the flag wasn't present.
This patch provides a userspace implementation of
AT_SYMLINK_NOFOLLOW for bionic. Using open(O_PATH | O_NOFOLLOW),
we can provide a way to atomically change the permissions on
files without worrying about race conditions.
As part of this change, we add support for fchmod on O_PATH
file descriptors, because it's relatively straight forward
and could be useful in the future.
The basic idea behind this implementation comes from
https://sourceware.org/bugzilla/show_bug.cgi?id=14578 , specifically
comment #10.
Change-Id: I1eba0cdb2c509d9193ceecf28f13118188a3cfa7
Interestingly, this mostly involves cleaning up our implementation of
various <string.h> functions.
Change-Id: Ifaef49b5cb997134f7bc0cc31bdac844bdb9e089
Static libraries are painful. Details are in the comment. I'll try to
get prebuilts in to the tree so I can fix this on Monday. Until then,
this isn't actually a regression because we've not had coverage
available for this library until now anyway.
Bug: 17574078
Change-Id: I7505c8a94007203e15a6cf192caa06004849d7d9
We know we can safely statically link `libm`, since it doesn't have
any dependencies on the OS or the layout of a data type that has
changed between releases (like `pthread_t`).
We can safely statically link `libc_syscalls` because the user can
check for and handle `ENOSYS`.
Update `ndk_missing_symbols.py` to account for symbols that are in the
compatibility library.
Improve `symbols.py` to be able to pull symbols from a static library.
Change-Id: Ifb0ede1e8b4a8f0f33865d9fed72fb8b4d443fbc
This is correctness rather than performance, but found while investigating
performance.
Bug: 18593728
Change-Id: Idbdfed89d1931fcfae65db29d662108d4bbd9b65
change to behaviour the same as glibc for the check about buflen
Change-Id: I98265a8fe441df6fed2527686f89b087364ca53d
Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
Strictly speaking, this only implements the _l variants of the functions
we actually have. We're still missing nl_langinfo_l, for example, but we
don't have nl_langinfo either.
Change-Id: Ie711c7b04e7b9100932a13f5a5d5b28847eb4c12
Unless we completely redo how we build bionic (so that the object
files for libc.so get built separately from libc.a), we can't enable
ASAN here, as libc.a gets linked into static executables.
Change-Id: I2ce4f51248bd51c4213a555ff481b6faabbf53f8
All we're actually interested in is the unwinder. Since that's now a
separate library, just use that.
Change-Id: If86071a0d850da961336a58147b70369ace7bd12
Add the missing prototypes, fix the existing prototypes to use clockid_t
rather than int, fix clock_nanosleep's failure behavior, and add simple
tests.
Bug: 17644443
Bug: https://code.google.com/p/android/issues/detail?id=77372
Change-Id: I03fba369939403918abcabae9551a7123953d780
Signed-off-by: Haruki Hasegawa <h6a.h4i.0@gmail.com>
This means all our stdio implementation is now the OpenBSD implementation.
The only thing we lose is the STDIO_THREAD_LOCK calls but they were no-ops
anyway.
We should probably talk to upstream about this. Either fix the locking or,
preferably, encourage them to move away from this pooling (especially since
there's no eviction policy).
Bug: 17154680
Change-Id: Ie2523e444a7d0965b8d141d57e3e11f6432d5b9a
fpathconf(3) and pathconf(3) can share code. There's no such
header file as <pathconf.h>. glibc/POSIX and BSD disagree about where
the _POSIX_* definitions should go.
Change-Id: I4a67f1595c9f5fbb26700a131178eedebd6bf712
A lot of third-party code calls the private __get_thread symbol,
often as part of a backport of bionic's pthread_rwlock implementation.
Hopefully this will go away for LP64 (since you're guaranteed the
real implementation there), but there are still APIs that take a tid
and no way to convert between a pthread_t and a tid. pthread_gettid_np
is a public API for that. To aid the transition, make __get_thread
available again for LP32.
(cherry-pick of 27efc48814b8153c55cbcd0af5d9add824816e69.)
Bug: 14079438
Change-Id: I43fabc7f1918250d31d4665ffa4ca352d0dbeac1
Enable the -std=gnu++11 flag for libstdc++ static and
dynamic libs.
ScopeGuard uses DISABLE_ macros instead of '= delete';
Change-Id: I07e21b306f95fffd49345f7fa136cfdac61e0225
Clang is still disabled for x86 and x86_64 long double code,
for x86_64 special assembly instruction, and the linker module.
BUG: 17163651
BUG: 17302991
BUG: 17403674
Change-Id: I43c5f5f0ddc0c2a31918f00b57150dadd8f3f26b
