For security reasons, when a binary is executed which causes a security
transition (eg, a setuid binary, setgid binary, filesystem capabilities,
or SELinux domain transition), the AT_SECURE flag is set. This causes
certain blacklisted environment variables to be stripped before the
process is executed. The list of blacklisted environment variables is
stored in UNSAFE_VARIABLE_NAMES. Generally speaking, most environment
variables used internally by libc show up in this list.
Add ANDROID_DNS_MODE to the list of unsafe variables.
Similar to RESOLV_HOST_CONF and RES_OPTIONS (which are already
blacklisted), this variable controls how name resolution requests are
handled. Allowing ANDROID_DNS_MODE to be set across a security
boundary could induce resolution failures or otherwise impact
name resolution.
Remove BIONIC_DNSCACHE. This does not appear to be used, and setting
this variable across a security boundary could cause name resolution
problems.
Test: Android compiles and runs with no obvious problems.
Change-Id: I835a7b42d6afbc9c67866594c7951cfd9b355d81
It's faster and safer to skip them on the device, where we know where
everything is anyway.
(cherrypick of cf6365690cc68bdd7e16648fb7881ba0b5cae93d.)
Bug: http://b/36807787
Test: ran tests
Change-Id: I0bb7879cc46f194152c67ddaf072cbebb424f789
This CL changes the linker to point to the newly refactored location
of ASAN-ified libraries on disk.
This supports changes made by the following CLs -
https://android-review.googlesource.com/#/c/359087/https://android-review.googlesource.com/#/c/359389/
Which refactor the on-disk location as follows:
/data/lib* --> /data/asan/system/lib*
/data/vendor/* --> /data/asan/vendor/*
There are a couple of advantages to this, including better isolation
from other components, and more transparent linker renaming and
SELinux policies.
Bug: 36574794
Bug: 36674745
Test: m -j40 && SANITIZE_TARGET="address" m -j40 and the device
boots. All sanitized libraries are correctly located in /data/asan/*.
Change-Id: Iad8b298a66c38eb0f6327f6b51027f0728aa7a40
While this change is correct, GNU libstdc++ 4.9 isn't able to handle a
standard compliant C library. Its <cmath> will `#undef isnan` from
math.h and only adds the function overloads to the std namespace,
making it impossible to use both <cmath> (which gets included by a
lot of other standard headers) and ::isnan.
We're going to have to revert this until we can start turning down
support for gnustl.
This reverts commit e76ee993ff.
Bug: https://code.google.com/p/android/issues/detail?id=271629
Test: make checkbuild
Change-Id: I394f50271430e78ab801d85c3ee4e87019eda6af
Used by CFI, so broke cfi_test#early_init@x86, but I've added a specific
test for this (and a similar test for getauxval from preinit, which this
patch does not fix).
Bug: http://b/35885875
Test: ran tests
Change-Id: I43885bedfb88c0a26b4474bd3c27a87dec7bbc97
Currently linker reports all potential dlerrors
for example if library was not found in 'this'
namespace - it initializes linker error buffer
with not found message but when consequent
search in linked namespace succeeds this message
is droped because dlopen was successful.
This commit avoids logging false positive error
messages when debug.ld.* set to dlerror.
Test: manual
Change-Id: I480694a1b1bbacd6bd1d8505cd2ee491710964cc
This addresses outstanding todo for anonymous namespace
and fixes an app compatibility bug.
Bug: http://b/36008422
Test: start app from http://b/36008422 and make sure it runs
Change-Id: Ie148418b944379ee1000e7274f2f6c1eca511d6c
This is needed to generate the NDK, so unbundled projects using the
NDK need to build this. If they don't need the NDK, they should just
remove bionic from their manifest.
Test: make checkbuild
Bug: None
Change-Id: I7db816c4a341cf34d4d11739dc64182af630ad63
This change allows customization of default namespace
configuration for different executables. It also enables
target_sdk_version setup for binaries (note that this
option should explicitly be enabled in ld.config.txt).
Bug: http://b/30706810
Bug: http://b/30435785
Test: run linker-unit-tests/bionic-unit-tests, boot angler
Change-Id: Ibbe87209acf1538fc9cec04944f3d22a190c38f1
android loader should not rely on the fact
that AT_BASE is set because kernel currently
does not set it when linker is run standalone
(The linker does not have PT_INTERP set)
This commit replaces AT_BASE with calculated value.
Bug: http://b/30739481
Bug: http://b/35890756
Test: run bionic-unit-tests --gtest_filter=dl*
Change-Id: Ic2eb73e4452624b1f2e05f46e99e4c17df0bbc3f
Modify the test slightly to make sure that the unwinder properly unwinds
through at least 2 frames outside of the signal handler. This guarantees
that if the first frame outside of the handler happens to be garbage,
this test will fail.
Bug: 34468756
Test: Ran the unit tests on fugu, angler (both 32 bit and 64 bit).
Change-Id: I6b76ac9fc1df9ed6fd5bbcc6f5fa4bf458354dff
The check that we are not below the lowest permitted syscall was
off by one, so we always allowed them, rather than always denying
them
Test: Check arm64 boots, chrome and maps work
mips and mips64 emulators boot
Note that arm, x86 and x86_64 already allow syscall 0 so there
will be no functional change there
Change-Id: I85873f1d04124e634e648bd47c027f280f1d6dbd
IANA changes:
Briefly: Haiti has resumed DST.
Changes to past and future time stamps
Haiti resumed observance of DST in 2017. (Thanks to Steffen Thorsen.)
Changes to past time stamps
Liberia changed from -004430 to +00 on 1972-01-07, not 1972-05-01.
Use "MMT" to abbreviate Liberia's time zone before 1972, as "-004430"
is one byte over the POSIX limit. (Problem reported by Derick Rethans.)
Bug: 36470257
Test: CtsLibcoreTestCases / CtsBionicTestCases
Change-Id: I5a8ffb60232410d88ffa67c7702dd234ff05f61d
