8352475c756663fb22fce851a5ff9b9d8320f4de |
|
27-Jan-2016 |
Tom Cherry <tomcherry@google.com> |
Replace snprintf() with __libc_format_buffer() If snprintf() is called from the linker, it may erroneously return a null string. The libc internal __libc_format_buffer() does not have this problem, so it is now used instead. Bug: 26756577 Change-Id: I37a97e27f59b3c0a087f54a6603cc3aff7f07522
|
917af43e980c5d1cbaa31a06c4501939290b98b6 |
|
06-Jan-2016 |
Tom Cherry <tomcherry@google.com> |
Revert "system_properties.cpp: special case ro.* properties" This reverts commit c5fd81ab2524a06be907d9c5234e79346bbbbd7c. Bug: 26416032 Change-Id: Id2d6761fdf55efa28c0b08b597daaa5cd381d758
|
e97ce31fe768f6383234d809eef144f049210a5e |
|
06-Jan-2016 |
Tom Cherry <tomcherry@google.com> |
Revert "system_properties.cpp: special case ro.* properties" This reverts commit c5fd81ab2524a06be907d9c5234e79346bbbbd7c. Bug: 26416032 Change-Id: Id2d6761fdf55efa28c0b08b597daaa5cd381d758
|
c5fd81ab2524a06be907d9c5234e79346bbbbd7c |
|
06-Jan-2016 |
Nick Kralevich <nnk@google.com> |
system_properties.cpp: special case ro.* properties Currently, reads of ro.* properties are treated differently than writes of ro.* properties. When writing an ro.* property, we ignore the "ro." portion of the property, and base the security decision on the label of the remaining portion. See https://android.googlesource.com/platform/system/core/+/e7a9e52740c952c623f7842ffa1d09b58b45e552/init/property_service.cpp line 120-126 For example, for writing, the label associated with "ro.build.fingerprint" comes from the /property_contexts file entry: # ro.build.fingerprint is either set in /system/build.prop, or is # set at runtime by system_server. build.fingerprint u:object_r:fingerprint_prop:s0 However, we fail to follow this same special case when sorting properties into files. Instead, ro.build.fingerprint is assigned u:object_r:default_prop:s0 instead of u:object_r:fingerprint_prop:s0 Ignore the "ro." portion when sorting properties into files. This will make reads and writes of properties use the same label. Bug: 21852512 Change-Id: Ie88ffc6b78b31fc8ddf370ae27c218546fb25a83
|
b417169d80cdf975c71b03de247ea2365e83c229 |
|
10-Dec-2015 |
Tom Cherry <tomcherry@google.com> |
Reset access to system properties on reinitialization Treat subsequent calls to __system_properties_init() as a reinitialization of system properties and revoke access to prop files that have been previously mapped but that the process's current context does not have access to. Additionally reset the no_access_ flag in case permissions have loosened and previously unaccessible files can now be accessed. This is meant to work around an issue that setcon() does not revoke mmap() mappings, so we must manually revoke them after a successful setcon() call. Bug 26114086 Change-Id: I4d690abb6817283ca64ac26ea4c1dad398a98fbc
|
21eadee6e97c08485c9ec52a8f44cabd4261bf4a |
|
05-Dec-2015 |
Tom Cherry <tomcherry@google.com> |
Do not create prop files for ctl.* properties Change-Id: Ia6660c68c9e0cb89938751dbc0747ee038394778
|
6ed51c0e8542922f8ceb2659a7921e0af096d734 |
|
04-Dec-2015 |
Tom Cherry <tomcherry@google.com> |
add checks for initialization for system properties If a __system_property* function is called before __system_properties_init() then the app will will abort. This commit returns either an error code or a safe return value instead. Bug 26027140 Change-Id: I95ffd143e9563658ab67a397991e84fb4c46ab77
|
ba96c0e3ef1edd0f87d22205cfb9258bd56271b4 |
|
04-Dec-2015 |
Tom Cherry <tomcherry@google.com> |
Remove c++14'isms from system_properties Change-Id: If78e7d2770e8f8321f0d1824c3c52f93820dd325
|
845e24a05e56003d0ac35d904bfc02f5dac762f1 |
|
04-Dec-2015 |
Tom Cherry <tomcherry@google.com> |
Remove c++14'isms from system_properties Change-Id: If78e7d2770e8f8321f0d1824c3c52f93820dd325
|
49a309ff6a8349cbd1625711497743463638bebf |
|
24-Sep-2015 |
Tom Cherry <tomcherry@google.com> |
Separate properties by selabel The purpose of this change is to add read access control to the property space. In the current design, a process either has access to the single /dev/__properties__ file and therefore all properties that it contains or it has access to no properties. This change separates properties into multiple property files based on their selabel, which allows creation of sepolicies that allow read access of only specific sets of properties to specific domains. Bug 21852512 Change-Id: Ice265db79201ca811c6b6cf6d851703f53224f03
|
926ebe109424baa407b2cd938ba053b5c0b8ce7c |
|
24-Sep-2015 |
Tom Cherry <tomcherry@google.com> |
Refactor prop_area into a class Bug 21852512 Change-Id: I432bf592f1a71a046c32616fc334ad77c220f0ca
|
123927dffc28018a1feb1d42c625b601cb948f34 |
|
24-Apr-2015 |
Mark Salyzyn <salyzyn@google.com> |
bionic: add __system_property_area_serial() Adds a new _internal_ function. Provide a global serial number to support more efficient private caching algorithms. This allows to skip re-running the __system_property_find() call on misses until there is a global change in the properties. This call is a read barrier, the property data to be read following this call will be read sequentially and up to date. (Cherry pick from bfd65279a5a9018b01f71773270e462f1b9a7768) Bug: 19544788 Change-Id: I58e6a92baa0f3e8e7b9ec79b10af6d56407dab48
|
bfd65279a5a9018b01f71773270e462f1b9a7768 |
|
24-Apr-2015 |
Mark Salyzyn <salyzyn@google.com> |
bionic: add __system_property_area_serial() Adds a new _internal_ function. Provide a global serial number to support more efficient private caching algorithms. This allows to skip re-running the __system_property_find() call on misses until there is a global change in the properties. This call is a read barrier, the property data to be read following this call will be read sequentially and up to date. Bug: 19544788 Change-Id: I58e6a92baa0f3e8e7b9ec79b10af6d56407dab48
|
b8ce47421727f7621f3e00043d535e35cd904852 |
|
11-Feb-2015 |
Yabin Cui <yabinc@google.com> |
Switch system_properties.cpp from bionic atomic operations to stdatomic. Bug: 17177189 Change-Id: I42e05ad1c490cc7a8040138151afc0ee72a9b63f
|
748fbe5c41d97433dc756a50812e1caf6a6ef727 |
|
23-Sep-2014 |
Elliott Hughes <enh@google.com> |
Fix a couple more cases of missing CLOEXEC. The debuggerd case can probably never happen, because you're crashing at this point anyway. The system property one seems possible though. Bug: 18186310 (cherry picked from commit 0dc39f9952c5e3a3121ea77357bb264ef0f8ded7) Change-Id: I3e84488fc246f6c28cbd82e96d0cd4343a12c28a
|
0dc39f9952c5e3a3121ea77357bb264ef0f8ded7 |
|
23-Sep-2014 |
Elliott Hughes <enh@google.com> |
Fix a couple more cases of missing CLOEXEC. The debuggerd case can probably never happen, because you're crashing at this point anyway. The system property one seems possible though. Change-Id: Idba6a4f1d68587ec5b320d1e25f0b6a987ea32a0
|
c189ffaaec45efb49e785517e504b41a5e57b088 |
|
27-Aug-2014 |
Elliott Hughes <enh@google.com> |
More cases where libc should use O_CLOEXEC. (cherry picked from commit f73183f1a34df22b62a3d0bbf82e18d5797c9cde) (cherry picked from commit 21ce3f506f3b54e4f57a37847375cef9f8aff57f) Change-Id: I70b240bd40ad8d2ba33ae7ab2618782709fd0d6a
|
21ce3f506f3b54e4f57a37847375cef9f8aff57f |
|
27-Aug-2014 |
Elliott Hughes <enh@google.com> |
More cases where libc should use O_CLOEXEC. Change-Id: Idfa111aeebc5deca2399dae919e8b72eb54c23c0 (cherry picked from commit f73183f1a34df22b62a3d0bbf82e18d5797c9cde)
|
f73183f1a34df22b62a3d0bbf82e18d5797c9cde |
|
27-Aug-2014 |
Elliott Hughes <enh@google.com> |
More cases where libc should use O_CLOEXEC. Change-Id: Idfa111aeebc5deca2399dae919e8b72eb54c23c0
|
1e8587a479fd8b1ce9b594298a93f517816e8f15 |
|
19-Aug-2014 |
Hans Boehm <hboehm@google.com> |
Work around atomic_load(const T*) issues. Bug:17067219 Change-Id: I78e753bcf03464f5f05c3f37e394f2727d282589
|
30214b901e8dbec9ec11230187a8e71fc8a04014 |
|
01-Aug-2014 |
Hans Boehm <hboehm@google.com> |
Add memory ordering constraint, convert to C11 atomics Add an ordering constraint/fence to __system_property_serial. This slows down a read on a Nexus 5 from about 50 to about 70 ns, but avoids the possibility of seeing an inconsistent property value. Use C11 atomic operations where easy and appropriate. This code remains not fully C++11 memory model conformant, but I would now expect the generated code to now be correct with current compilers. Bug:14970171 Change-Id: I0891ff1d0f914ae5c3857e3d76b6a7c8a4a07d83
|
03eebcb6e8762e668a0d3af6bb303cccb88c5b81 |
|
13-Jun-2014 |
Christopher Ferris <cferris@google.com> |
Move common macros into bionic_macros.h. Bug: 15590152 Change-Id: I730636613ef3653f68c5ab1d43b53beaf8e0dc25
|
d5ed63a6a8290de88802172ce178656fbafe70c6 |
|
22-May-2014 |
Elliott Hughes <enh@google.com> |
Hide most of the private futex functions. Also hide part of the system properties compatibility code, since we needed to touch that to keep it building. I'll remove __futex_syscall4 and futex in a later patch. Bug: 11156955 Change-Id: Ibbf42414c5bb07fb9f1c4a169922844778e4eeae
|
3e786987b5fb3272b37dd955fe13fc67a8ddc880 |
|
15-May-2014 |
Elliott Hughes <enh@google.com> |
Remove the unused __system_property_wait. This isn't declared in any header file. Bug: 14970171 Change-Id: Ib9fce61343dfb6b6ccd7e1430e1a6e34e4e869df
|
8eac9af24ea7e570e0b297bcd6ac8a46ba3ecc39 |
|
10-May-2014 |
Elliott Hughes <enh@google.com> |
Bring in google3-style DISALLOW_* macros. I've been meaning to do this for a very long time... Change-Id: Ia8c16eee7c026c3c9505399948485fb778fb0152
|
879d33049946fa2293a61dbdb20addace953922b |
|
13-Mar-2014 |
jiaguo <jiaguo@marvell.com> |
property: fix getting dirty serial value __system_property_serial just returned serial value without checking if it is dirty, so check and wait until serial value is not dirty before return Change-Id: If485b6251b5555b004912c66c7c2cb455a7fdbdc Signed-off-by: jiaguo <jiaguo@marvell.com>
|
37e9570bce0ec5c08eab53935905f1e3a133dea2 |
|
24-Feb-2014 |
Narayan Kamath <narayan@google.com> |
Fix 64-bit build. A warning about signed vs unsigned comparison was converted into an error here : ... struct stat st; if (st.st_size > sizeof(prop_area) { ... st_size is either an off64_t, which is a signed type. It's worth investigating why this didn't trigger a warning on 32 bit, where it's signed as well. Change-Id: Ib2622bd5c444ddcfa7fb2141f00332cbb4a0818b
|
c9ae21a5c3b2e1baafe50f752e2e07e343d39530 |
|
19-Feb-2014 |
Narayan Kamath <narayan@google.com> |
Move system_properties over to C++. This change constitutes the minimum amount of work required to move the code over to C++, address compiler warnings, and to make it const correct and idiomatic (within the constraints of being called from C code). bug: 13058886 Change-Id: Ic78cf91b7c8e8f07b4ab0781333a9e243763298c
|