For security reasons, when a binary is executed which causes a security
transition (eg, a setuid binary, setgid binary, filesystem capabilities,
or SELinux domain transition), the AT_SECURE flag is set. This causes
certain blacklisted environment variables to be stripped before the
process is executed. The list of blacklisted environment variables is
stored in UNSAFE_VARIABLE_NAMES. Generally speaking, most environment
variables used internally by libc show up in this list.
Add ANDROID_DNS_MODE to the list of unsafe variables.
Similar to RESOLV_HOST_CONF and RES_OPTIONS (which are already
blacklisted), this variable controls how name resolution requests are
handled. Allowing ANDROID_DNS_MODE to be set across a security
boundary could induce resolution failures or otherwise impact
name resolution.
Remove BIONIC_DNSCACHE. This does not appear to be used, and setting
this variable across a security boundary could cause name resolution
problems.
Test: Android compiles and runs with no obvious problems.
Change-Id: I835a7b42d6afbc9c67866594c7951cfd9b355d81
It's faster and safer to skip them on the device, where we know where
everything is anyway.
(cherrypick of cf6365690cc68bdd7e16648fb7881ba0b5cae93d.)
Bug: http://b/36807787
Test: ran tests
Change-Id: I0bb7879cc46f194152c67ddaf072cbebb424f789
This CL changes the linker to point to the newly refactored location
of ASAN-ified libraries on disk.
This supports changes made by the following CLs -
https://android-review.googlesource.com/#/c/359087/https://android-review.googlesource.com/#/c/359389/
Which refactor the on-disk location as follows:
/data/lib* --> /data/asan/system/lib*
/data/vendor/* --> /data/asan/vendor/*
There are a couple of advantages to this, including better isolation
from other components, and more transparent linker renaming and
SELinux policies.
Bug: 36574794
Bug: 36674745
Test: m -j40 && SANITIZE_TARGET="address" m -j40 and the device
boots. All sanitized libraries are correctly located in /data/asan/*.
Change-Id: Iad8b298a66c38eb0f6327f6b51027f0728aa7a40
While this change is correct, GNU libstdc++ 4.9 isn't able to handle a
standard compliant C library. Its <cmath> will `#undef isnan` from
math.h and only adds the function overloads to the std namespace,
making it impossible to use both <cmath> (which gets included by a
lot of other standard headers) and ::isnan.
We're going to have to revert this until we can start turning down
support for gnustl.
This reverts commit e76ee993ff.
Bug: https://code.google.com/p/android/issues/detail?id=271629
Test: make checkbuild
Change-Id: I394f50271430e78ab801d85c3ee4e87019eda6af
Used by CFI, so broke cfi_test#early_init@x86, but I've added a specific
test for this (and a similar test for getauxval from preinit, which this
patch does not fix).
Bug: http://b/35885875
Test: ran tests
Change-Id: I43885bedfb88c0a26b4474bd3c27a87dec7bbc97
Currently linker reports all potential dlerrors
for example if library was not found in 'this'
namespace - it initializes linker error buffer
with not found message but when consequent
search in linked namespace succeeds this message
is droped because dlopen was successful.
This commit avoids logging false positive error
messages when debug.ld.* set to dlerror.
Test: manual
Change-Id: I480694a1b1bbacd6bd1d8505cd2ee491710964cc
This addresses outstanding todo for anonymous namespace
and fixes an app compatibility bug.
Bug: http://b/36008422
Test: start app from http://b/36008422 and make sure it runs
Change-Id: Ie148418b944379ee1000e7274f2f6c1eca511d6c
This is needed to generate the NDK, so unbundled projects using the
NDK need to build this. If they don't need the NDK, they should just
remove bionic from their manifest.
Test: make checkbuild
Bug: None
Change-Id: I7db816c4a341cf34d4d11739dc64182af630ad63
