| 8352475c756663fb22fce851a5ff9b9d8320f4de |
|
27-Jan-2016 |
Tom Cherry <tomcherry@google.com> |
Replace snprintf() with __libc_format_buffer()
If snprintf() is called from the linker, it may erroneously return a
null string. The libc internal __libc_format_buffer() does not have
this problem, so it is now used instead.
Bug: 26756577
Change-Id: I37a97e27f59b3c0a087f54a6603cc3aff7f07522
|
| 917af43e980c5d1cbaa31a06c4501939290b98b6 |
|
06-Jan-2016 |
Tom Cherry <tomcherry@google.com> |
Revert "system_properties.cpp: special case ro.* properties"
This reverts commit c5fd81ab2524a06be907d9c5234e79346bbbbd7c.
Bug: 26416032
Change-Id: Id2d6761fdf55efa28c0b08b597daaa5cd381d758
|
| e97ce31fe768f6383234d809eef144f049210a5e |
|
06-Jan-2016 |
Tom Cherry <tomcherry@google.com> |
Revert "system_properties.cpp: special case ro.* properties"
This reverts commit c5fd81ab2524a06be907d9c5234e79346bbbbd7c.
Bug: 26416032
Change-Id: Id2d6761fdf55efa28c0b08b597daaa5cd381d758
|
| c5fd81ab2524a06be907d9c5234e79346bbbbd7c |
|
06-Jan-2016 |
Nick Kralevich <nnk@google.com> |
system_properties.cpp: special case ro.* properties
Currently, reads of ro.* properties are treated differently than
writes of ro.* properties. When writing an ro.* property, we ignore
the "ro." portion of the property, and base the security decision
on the label of the remaining portion.
See https://android.googlesource.com/platform/system/core/+/e7a9e52740c952c623f7842ffa1d09b58b45e552/init/property_service.cpp
line 120-126
For example, for writing, the label associated with
"ro.build.fingerprint" comes from the /property_contexts file
entry:
# ro.build.fingerprint is either set in /system/build.prop, or is
# set at runtime by system_server.
build.fingerprint u:object_r:fingerprint_prop:s0
However, we fail to follow this same special case when sorting
properties into files. Instead, ro.build.fingerprint is assigned
u:object_r:default_prop:s0 instead of u:object_r:fingerprint_prop:s0
Ignore the "ro." portion when sorting properties into files.
This will make reads and writes of properties use the same label.
Bug: 21852512
Change-Id: Ie88ffc6b78b31fc8ddf370ae27c218546fb25a83
|
| b417169d80cdf975c71b03de247ea2365e83c229 |
|
10-Dec-2015 |
Tom Cherry <tomcherry@google.com> |
Reset access to system properties on reinitialization
Treat subsequent calls to __system_properties_init() as a
reinitialization of system properties and revoke access to prop files
that have been previously mapped but that the process's current context
does not have access to. Additionally reset the no_access_ flag in
case permissions have loosened and previously unaccessible files can now
be accessed.
This is meant to work around an issue that setcon() does not revoke
mmap() mappings, so we must manually revoke them after a successful
setcon() call.
Bug 26114086
Change-Id: I4d690abb6817283ca64ac26ea4c1dad398a98fbc
|
| 21eadee6e97c08485c9ec52a8f44cabd4261bf4a |
|
05-Dec-2015 |
Tom Cherry <tomcherry@google.com> |
Do not create prop files for ctl.* properties
Change-Id: Ia6660c68c9e0cb89938751dbc0747ee038394778
|
| 6ed51c0e8542922f8ceb2659a7921e0af096d734 |
|
04-Dec-2015 |
Tom Cherry <tomcherry@google.com> |
add checks for initialization for system properties
If a __system_property* function is called before
__system_properties_init() then the app will will abort. This commit
returns either an error code or a safe return value instead.
Bug 26027140
Change-Id: I95ffd143e9563658ab67a397991e84fb4c46ab77
|
| ba96c0e3ef1edd0f87d22205cfb9258bd56271b4 |
|
04-Dec-2015 |
Tom Cherry <tomcherry@google.com> |
Remove c++14'isms from system_properties
Change-Id: If78e7d2770e8f8321f0d1824c3c52f93820dd325
|
| 845e24a05e56003d0ac35d904bfc02f5dac762f1 |
|
04-Dec-2015 |
Tom Cherry <tomcherry@google.com> |
Remove c++14'isms from system_properties
Change-Id: If78e7d2770e8f8321f0d1824c3c52f93820dd325
|
| 49a309ff6a8349cbd1625711497743463638bebf |
|
24-Sep-2015 |
Tom Cherry <tomcherry@google.com> |
Separate properties by selabel
The purpose of this change is to add read access control to the property
space.
In the current design, a process either has access to the single
/dev/__properties__ file and therefore all properties that it contains
or it has access to no properties. This change separates properties
into multiple property files based on their selabel, which allows
creation of sepolicies that allow read access of only specific sets of
properties to specific domains.
Bug 21852512
Change-Id: Ice265db79201ca811c6b6cf6d851703f53224f03
|
| 926ebe109424baa407b2cd938ba053b5c0b8ce7c |
|
24-Sep-2015 |
Tom Cherry <tomcherry@google.com> |
Refactor prop_area into a class
Bug 21852512
Change-Id: I432bf592f1a71a046c32616fc334ad77c220f0ca
|
| 123927dffc28018a1feb1d42c625b601cb948f34 |
|
24-Apr-2015 |
Mark Salyzyn <salyzyn@google.com> |
bionic: add __system_property_area_serial()
Adds a new _internal_ function. Provide a global serial number to
support more efficient private caching algorithms. This allows
to skip re-running the __system_property_find() call on misses until
there is a global change in the properties. This call is a read
barrier, the property data to be read following this call will be
read sequentially and up to date.
(Cherry pick from bfd65279a5a9018b01f71773270e462f1b9a7768)
Bug: 19544788
Change-Id: I58e6a92baa0f3e8e7b9ec79b10af6d56407dab48
|
| bfd65279a5a9018b01f71773270e462f1b9a7768 |
|
24-Apr-2015 |
Mark Salyzyn <salyzyn@google.com> |
bionic: add __system_property_area_serial()
Adds a new _internal_ function. Provide a global serial number to
support more efficient private caching algorithms. This allows
to skip re-running the __system_property_find() call on misses until
there is a global change in the properties. This call is a read
barrier, the property data to be read following this call will be
read sequentially and up to date.
Bug: 19544788
Change-Id: I58e6a92baa0f3e8e7b9ec79b10af6d56407dab48
|
| b8ce47421727f7621f3e00043d535e35cd904852 |
|
11-Feb-2015 |
Yabin Cui <yabinc@google.com> |
Switch system_properties.cpp from bionic atomic operations to stdatomic.
Bug: 17177189
Change-Id: I42e05ad1c490cc7a8040138151afc0ee72a9b63f
|
| 748fbe5c41d97433dc756a50812e1caf6a6ef727 |
|
23-Sep-2014 |
Elliott Hughes <enh@google.com> |
Fix a couple more cases of missing CLOEXEC.
The debuggerd case can probably never happen, because you're crashing at this
point anyway. The system property one seems possible though.
Bug: 18186310
(cherry picked from commit 0dc39f9952c5e3a3121ea77357bb264ef0f8ded7)
Change-Id: I3e84488fc246f6c28cbd82e96d0cd4343a12c28a
|
| 0dc39f9952c5e3a3121ea77357bb264ef0f8ded7 |
|
23-Sep-2014 |
Elliott Hughes <enh@google.com> |
Fix a couple more cases of missing CLOEXEC.
The debuggerd case can probably never happen, because you're crashing at this
point anyway. The system property one seems possible though.
Change-Id: Idba6a4f1d68587ec5b320d1e25f0b6a987ea32a0
|
| c189ffaaec45efb49e785517e504b41a5e57b088 |
|
27-Aug-2014 |
Elliott Hughes <enh@google.com> |
More cases where libc should use O_CLOEXEC.
(cherry picked from commit f73183f1a34df22b62a3d0bbf82e18d5797c9cde)
(cherry picked from commit 21ce3f506f3b54e4f57a37847375cef9f8aff57f)
Change-Id: I70b240bd40ad8d2ba33ae7ab2618782709fd0d6a
|
| 21ce3f506f3b54e4f57a37847375cef9f8aff57f |
|
27-Aug-2014 |
Elliott Hughes <enh@google.com> |
More cases where libc should use O_CLOEXEC.
Change-Id: Idfa111aeebc5deca2399dae919e8b72eb54c23c0
(cherry picked from commit f73183f1a34df22b62a3d0bbf82e18d5797c9cde)
|
| f73183f1a34df22b62a3d0bbf82e18d5797c9cde |
|
27-Aug-2014 |
Elliott Hughes <enh@google.com> |
More cases where libc should use O_CLOEXEC.
Change-Id: Idfa111aeebc5deca2399dae919e8b72eb54c23c0
|
| 1e8587a479fd8b1ce9b594298a93f517816e8f15 |
|
19-Aug-2014 |
Hans Boehm <hboehm@google.com> |
Work around atomic_load(const T*) issues.
Bug:17067219
Change-Id: I78e753bcf03464f5f05c3f37e394f2727d282589
|
| 30214b901e8dbec9ec11230187a8e71fc8a04014 |
|
01-Aug-2014 |
Hans Boehm <hboehm@google.com> |
Add memory ordering constraint, convert to C11 atomics
Add an ordering constraint/fence to __system_property_serial.
This slows down a read on a Nexus 5 from about 50 to about 70 ns,
but avoids the possibility of seeing an inconsistent property value.
Use C11 atomic operations where easy and appropriate.
This code remains not fully C++11 memory model conformant, but
I would now expect the generated code to now be correct with current compilers.
Bug:14970171
Change-Id: I0891ff1d0f914ae5c3857e3d76b6a7c8a4a07d83
|
| 03eebcb6e8762e668a0d3af6bb303cccb88c5b81 |
|
13-Jun-2014 |
Christopher Ferris <cferris@google.com> |
Move common macros into bionic_macros.h.
Bug: 15590152
Change-Id: I730636613ef3653f68c5ab1d43b53beaf8e0dc25
|
| d5ed63a6a8290de88802172ce178656fbafe70c6 |
|
22-May-2014 |
Elliott Hughes <enh@google.com> |
Hide most of the private futex functions.
Also hide part of the system properties compatibility code, since
we needed to touch that to keep it building.
I'll remove __futex_syscall4 and futex in a later patch.
Bug: 11156955
Change-Id: Ibbf42414c5bb07fb9f1c4a169922844778e4eeae
|
| 3e786987b5fb3272b37dd955fe13fc67a8ddc880 |
|
15-May-2014 |
Elliott Hughes <enh@google.com> |
Remove the unused __system_property_wait.
This isn't declared in any header file.
Bug: 14970171
Change-Id: Ib9fce61343dfb6b6ccd7e1430e1a6e34e4e869df
|
| 8eac9af24ea7e570e0b297bcd6ac8a46ba3ecc39 |
|
10-May-2014 |
Elliott Hughes <enh@google.com> |
Bring in google3-style DISALLOW_* macros.
I've been meaning to do this for a very long time...
Change-Id: Ia8c16eee7c026c3c9505399948485fb778fb0152
|
| 879d33049946fa2293a61dbdb20addace953922b |
|
13-Mar-2014 |
jiaguo <jiaguo@marvell.com> |
property: fix getting dirty serial value
__system_property_serial just returned serial value without
checking if it is dirty, so check and wait until serial
value is not dirty before return
Change-Id: If485b6251b5555b004912c66c7c2cb455a7fdbdc
Signed-off-by: jiaguo <jiaguo@marvell.com>
|
| 37e9570bce0ec5c08eab53935905f1e3a133dea2 |
|
24-Feb-2014 |
Narayan Kamath <narayan@google.com> |
Fix 64-bit build.
A warning about signed vs unsigned comparison was converted
into an error here :
...
struct stat st;
if (st.st_size > sizeof(prop_area) {
...
st_size is either an off64_t, which is a signed type. It's
worth investigating why this didn't trigger a warning on 32 bit,
where it's signed as well.
Change-Id: Ib2622bd5c444ddcfa7fb2141f00332cbb4a0818b
|
| c9ae21a5c3b2e1baafe50f752e2e07e343d39530 |
|
19-Feb-2014 |
Narayan Kamath <narayan@google.com> |
Move system_properties over to C++.
This change constitutes the minimum amount of
work required to move the code over to C++, address
compiler warnings, and to make it const correct and
idiomatic (within the constraints of being called
from C code).
bug: 13058886
Change-Id: Ic78cf91b7c8e8f07b4ab0781333a9e243763298c
|