If snprintf() is called from the linker, it may erroneously return a
null string. The libc internal __libc_format_buffer() does not have
this problem, so it is now used instead.
Bug: 26756577
Change-Id: I37a97e27f59b3c0a087f54a6603cc3aff7f07522
Currently, reads of ro.* properties are treated differently than
writes of ro.* properties. When writing an ro.* property, we ignore
the "ro." portion of the property, and base the security decision
on the label of the remaining portion.
See e7a9e52740/init/property_service.cpp
line 120-126
For example, for writing, the label associated with
"ro.build.fingerprint" comes from the /property_contexts file
entry:
# ro.build.fingerprint is either set in /system/build.prop, or is
# set at runtime by system_server.
build.fingerprint u:object_r:fingerprint_prop:s0
However, we fail to follow this same special case when sorting
properties into files. Instead, ro.build.fingerprint is assigned
u:object_r:default_prop:s0 instead of u:object_r:fingerprint_prop:s0
Ignore the "ro." portion when sorting properties into files.
This will make reads and writes of properties use the same label.
Bug: 21852512
Change-Id: Ie88ffc6b78b31fc8ddf370ae27c218546fb25a83
Treat subsequent calls to __system_properties_init() as a
reinitialization of system properties and revoke access to prop files
that have been previously mapped but that the process's current context
does not have access to. Additionally reset the no_access_ flag in
case permissions have loosened and previously unaccessible files can now
be accessed.
This is meant to work around an issue that setcon() does not revoke
mmap() mappings, so we must manually revoke them after a successful
setcon() call.
Bug 26114086
Change-Id: I4d690abb6817283ca64ac26ea4c1dad398a98fbc
If a __system_property* function is called before
__system_properties_init() then the app will will abort. This commit
returns either an error code or a safe return value instead.
Bug 26027140
Change-Id: I95ffd143e9563658ab67a397991e84fb4c46ab77
The purpose of this change is to add read access control to the property
space.
In the current design, a process either has access to the single
/dev/__properties__ file and therefore all properties that it contains
or it has access to no properties. This change separates properties
into multiple property files based on their selabel, which allows
creation of sepolicies that allow read access of only specific sets of
properties to specific domains.
Bug 21852512
Change-Id: Ice265db79201ca811c6b6cf6d851703f53224f03
Adds a new _internal_ function. Provide a global serial number to
support more efficient private caching algorithms. This allows
to skip re-running the __system_property_find() call on misses until
there is a global change in the properties. This call is a read
barrier, the property data to be read following this call will be
read sequentially and up to date.
Bug: 19544788
Change-Id: I58e6a92baa0f3e8e7b9ec79b10af6d56407dab48
The debuggerd case can probably never happen, because you're crashing at this
point anyway. The system property one seems possible though.
Change-Id: Idba6a4f1d68587ec5b320d1e25f0b6a987ea32a0
Add an ordering constraint/fence to __system_property_serial.
This slows down a read on a Nexus 5 from about 50 to about 70 ns,
but avoids the possibility of seeing an inconsistent property value.
Use C11 atomic operations where easy and appropriate.
This code remains not fully C++11 memory model conformant, but
I would now expect the generated code to now be correct with current compilers.
Bug:14970171
Change-Id: I0891ff1d0f914ae5c3857e3d76b6a7c8a4a07d83
Also hide part of the system properties compatibility code, since
we needed to touch that to keep it building.
I'll remove __futex_syscall4 and futex in a later patch.
Bug: 11156955
Change-Id: Ibbf42414c5bb07fb9f1c4a169922844778e4eeae
__system_property_serial just returned serial value without
checking if it is dirty, so check and wait until serial
value is not dirty before return
Change-Id: If485b6251b5555b004912c66c7c2cb455a7fdbdc
Signed-off-by: jiaguo <jiaguo@marvell.com>
A warning about signed vs unsigned comparison was converted
into an error here :
...
struct stat st;
if (st.st_size > sizeof(prop_area) {
...
st_size is either an off64_t, which is a signed type. It's
worth investigating why this didn't trigger a warning on 32 bit,
where it's signed as well.
Change-Id: Ib2622bd5c444ddcfa7fb2141f00332cbb4a0818b
This change constitutes the minimum amount of
work required to move the code over to C++, address
compiler warnings, and to make it const correct and
idiomatic (within the constraints of being called
from C code).
bug: 13058886
Change-Id: Ic78cf91b7c8e8f07b4ab0781333a9e243763298c
2014-02-24 10:45:35 +00:00
Renamed from libc/bionic/system_properties.c (Browse further)
