diff --git a/libc/bionic/fdsan.cpp b/libc/bionic/fdsan.cpp index 84d2c94a4..0b0678bab 100644 --- a/libc/bionic/fdsan.cpp +++ b/libc/bionic/fdsan.cpp @@ -219,6 +219,8 @@ const char* android_fdsan_get_tag_type(uint64_t tag) { return "ZipArchive"; case ANDROID_FDSAN_OWNER_TYPE_NATIVE_HANDLE: return "native_handle_t"; + case ANDROID_FDSAN_OWNER_TYPE_PARCEL: + return "Parcel"; case ANDROID_FDSAN_OWNER_TYPE_GENERIC_00: default: diff --git a/libc/bionic/system_property_set.cpp b/libc/bionic/system_property_set.cpp index f7999dbf7..6e49bced6 100644 --- a/libc/bionic/system_property_set.cpp +++ b/libc/bionic/system_property_set.cpp @@ -49,21 +49,34 @@ #include "private/ScopedFd.h" static const char property_service_socket[] = "/dev/socket/" PROP_SERVICE_NAME; +static const char property_service_for_system_socket[] = + "/dev/socket/" PROP_SERVICE_FOR_SYSTEM_NAME; static const char* kServiceVersionPropertyName = "ro.property_service.version"; class PropertyServiceConnection { public: - PropertyServiceConnection() : last_error_(0) { + PropertyServiceConnection(const char* name) : last_error_(0) { socket_.reset(::socket(AF_LOCAL, SOCK_STREAM | SOCK_CLOEXEC, 0)); if (socket_.get() == -1) { last_error_ = errno; return; } - const size_t namelen = strlen(property_service_socket); + // If we're trying to set "sys.powerctl" from a privileged process, use the special + // socket. Because this socket is only accessible to privileged processes, it can't + // be DoSed directly by malicious apps. (The shell user should be able to reboot, + // though, so we don't just always use the special socket for "sys.powerctl".) + // See b/262237198 for context + const char* socket = property_service_socket; + if (strcmp(name, "sys.powerctl") == 0 && + access(property_service_for_system_socket, W_OK) == 0) { + socket = property_service_for_system_socket; + } + + const size_t namelen = strlen(socket); sockaddr_un addr; memset(&addr, 0, sizeof(addr)); - strlcpy(addr.sun_path, property_service_socket, sizeof(addr.sun_path)); + strlcpy(addr.sun_path, socket, sizeof(addr.sun_path)); addr.sun_family = AF_LOCAL; socklen_t alen = namelen + offsetof(sockaddr_un, sun_path) + 1; @@ -176,7 +189,7 @@ struct prop_msg { }; static int send_prop_msg(const prop_msg* msg) { - PropertyServiceConnection connection; + PropertyServiceConnection connection(msg->name); if (!connection.IsValid()) { return connection.GetLastError(); } @@ -269,7 +282,7 @@ int __system_property_set(const char* key, const char* value) { // New protocol only allows long values for ro. properties only. if (strlen(value) >= PROP_VALUE_MAX && strncmp(key, "ro.", 3) != 0) return -1; // Use proper protocol - PropertyServiceConnection connection; + PropertyServiceConnection connection(key); if (!connection.IsValid()) { errno = connection.GetLastError(); async_safe_format_log(ANDROID_LOG_WARN, "libc", diff --git a/libc/include/android/fdsan.h b/libc/include/android/fdsan.h index 3de064914..4540498d8 100644 --- a/libc/include/android/fdsan.h +++ b/libc/include/android/fdsan.h @@ -126,6 +126,9 @@ enum android_fdsan_owner_type { /* native_handle_t */ ANDROID_FDSAN_OWNER_TYPE_NATIVE_HANDLE = 13, + + /* android::Parcel */ + ANDROID_FDSAN_OWNER_TYPE_PARCEL = 14, }; /* diff --git a/libc/include/sys/_system_properties.h b/libc/include/sys/_system_properties.h index 079c82577..078e85763 100644 --- a/libc/include/sys/_system_properties.h +++ b/libc/include/sys/_system_properties.h @@ -41,6 +41,7 @@ __BEGIN_DECLS #define PROP_SERVICE_NAME "property_service" +#define PROP_SERVICE_FOR_SYSTEM_NAME "property_service_for_system" #define PROP_DIRNAME "/dev/__properties__" #define PROP_MSG_SETPROP 1