Commit graph

176 commits

Author SHA1 Message Date
Elliott Hughes
05b675e8bf Add renameat2.
Bug: http://b/127675384
Test: new tests
Change-Id: Ia2e3d5679180391ca98e62fa429fa11cbf167507
2019-08-02 09:09:59 -07:00
Elliott Hughes
b2bd7c575e Merge "libnetd_client: support hooking sendto/sendmsg/sendmmsg too." 2019-06-24 15:04:25 +00:00
Elliott Hughes
5c6a3f9fbc libnetd_client: support hooking sendto/sendmsg/sendmmsg too.
Samsung has asked for this for KNOX.

Test: treehugger
Change-Id: Iffaace9f8cb265ce8c911472989c9829cbf91a42
2019-06-20 08:32:24 -07:00
Elliott Hughes
50080a29f7 Remove the ___ hack.
Plain __ for generated syscalls didn't mean it was a hidden symbol, it
just meant "please don't use this". We added ___ to signify that a
hidden symbol should be generated, but then we added the map files
anyway so you now have to explicitly export symbols. Given that, this
convention serves no particular purpose so we may as well just use the
nicer names have everything look the same.

Test: treehugger
Change-Id: If424e17a49c36f4be545f5d283c4561a6ea9c7ea
2019-06-19 15:38:42 -07:00
Elliott Hughes
782c485880 Generate assembler system call stubs via genrule.
There's no need to check in generated code.

Test: builds & boots
Change-Id: Ife368bca4349d4adeb0666db590356196b4fbd63
2019-04-16 12:31:00 -07:00
Elliott Hughes
8251d4419f Add lp32 and lp64 shorthands to SYSCALLS.TXT.
Bug: N/A
Test: updating the generated stubs is a no-op
Change-Id: I7f6f9bcfd8c054f0a2d7e5f488eacb88cefb8d15
2018-11-09 13:57:34 -08:00
Elliott Hughes
5905d6f879 Add sigset64_t and accompanying functions.
This doesn't address `struct sigaction` and `sigaction`. That will
come later.

Bug: http://b/72493232
Test: ran tests
Change-Id: I4134346757ce3a4dac6feae413361cec16223386
2018-01-30 18:47:16 -08:00
Elliott Hughes
2180978c88 Fix SYSCALLS.TXT now clock_getres comes from the vdso.
Bug: N/A
Test: ran tests
Change-Id: I122066992e1ab1aa38beed256103c3a22fd05a6f
2017-12-11 11:40:40 -08:00
Elliott Hughes
8465e968a8 Add <sys/random.h>.
iOS 10 has <sys/random.h> with getentropy, glibc >= 2.25 has
<sys/random.h> with getentropy and getrandom. (glibc also pollutes
<unistd.h>, but that seems like a bad idea.)

Also, all supported devices now have kernels with the getrandom system
call.

We've had these available internally for a while, but it seems like the
time is ripe to expose them.

Bug: http://b/67014255
Test: ran tests
Change-Id: I76dde1e3a2d0bc82777eea437ac193f96964f138
2017-09-29 05:31:35 +00:00
Elliott Hughes
896362eb0e Add syncfs(2).
GMM calls this system call directly at the moment. That's silly.

Bug: http://b/36405699
Test: ran tests
Change-Id: I1e14c0e5ce0bc2aa888d884845ac30dc20f13cd5
2017-08-24 16:31:49 -07:00
Miodrag Dinic
a301e73475 MIPS64: move fstat64/fstatat64/_flush_cache syscalls to SECCOMP_WHITELIST.TXT
fstat64/fstatat64/_flush_cache were accidentally put in SYSCALLS.TXT in:
    https://android-review.googlesource.com/#/c/390454/

This patch just moves them to SECCOMP_WHITELIST.TXT because we do not
want stubs accidenatally generated for the mentioned syscalls using
gensyscalls.py script.

This commit does not introduce any functional changes to mips64_policy.cpp.

Test: Run genseccomp.py -> File seccomp/mips64_policy.cpp not changed.
Test: Run gensyscalls.py -> INFO:root:no changes detected!

Change-Id: I3b527b3d9f18715c44a4e6ddc6db6e49f48f4890
Signed-off-by: Miodrag Dinic <miodrag.dinic@imgtec.com>
2017-06-15 10:25:09 +02:00
Goran Ferenc
996f6decfa MIPS: 32/64-bit VDSO support
File libc/SYSCALLS.TXT is updated to generate bionic's system call wrappers
for clock_gettime() & gettimeofday() that will be called if kernel vdso
implementations fail to execute.
The system call wrappers are generated using a python script gensyscalls.py.

Since all architectures support vdso now, there is no more need for conditional
statements regarding supported architectures in libc/bionic/vdso.cpp &
libc/private/bionic_vdso.h files.

Test: builds
Change-Id: I7213f29c179a7929851499d78a72900638ae861a
Signed-off-by: Goran Ferenc <goran.ferenc@imgtec.com>
2017-06-01 08:50:57 -07:00
Lazar Trsic
dd5bd456fb [MIPS64] Enable necessary mips64 syscalls in seccomp whitelist
Allow execution of: newfstatat, fstat and cacheflush syscalls
for mips64 arch.

Test: Boot mips64 emulator to homescreen with 3.18 kernel.
emulator -kernel prebuilts/qemu-kernel/mips64/3.18/kernel-qemu2

Change-Id: Ib5d6b0060f3e17b64d86fc944aa83a5240d512f8
2017-05-05 15:37:11 +02:00
Treehugger Robot
04a3b24d7e Merge "Correct the return types of readv and writev." 2016-11-30 19:26:06 +00:00
Elliott Hughes
8f0e42fda6 Fix getpriority/setpriority types.
Bug: N/A
Test: builds
Change-Id: Ica099bae04a0260871783452811a54672094ba4a
2016-11-29 15:14:11 -08:00
Josh Gao
753361a981 Correct the return types of readv and writev.
readv and writev should return ssize_t, not int.

Bug: none
Test: `m checkbuild` on bullhead
Change-Id: I934c2e8cb7bf76384b63cedfeab88e2f6b65971a
2016-11-29 14:26:15 -08:00
Elliott Hughes
2b9605fec4 Fix various <sys/socket.h> prototypes.
http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/sys_socket.h.html

Interestingly, recvmmsg/sendmmsg do actually return int, unlike their
recv/recvmsg/sendv/sendvmsg siblings.

The generated assembler stubs don't actually change.

Change-Id: If71cd02431903774de9bbce77fbedf6b03f90c0f
2016-08-16 13:37:24 -07:00
Elliott Hughes
4ce902c30e Support 32-bit ARM vdso.
Linux 4.1 added this.

Bug: http://b/19198045
Change-Id: I28be802ff403a61dd6733a001411b3ff05fef5a5
2016-07-12 13:55:51 -07:00
Elliott Hughes
8963dd337e Make all rt_sigtimedwait signatures match.
There's no change to the generated stubs, because the script only cares
that this is a pointer type, not what it's a pointer to.

Change-Id: I766720965f0f3d201fc90677a076b26870485377
2016-05-23 11:20:19 -07:00
Elliott Hughes
eafad49bd6 Add <sys/quota.h>.
It turns out that at least the Nexus 9 kernel is built without CONFIG_QUOTA.
If we decide we're going to mandate quota functionality, I'm happy for us to
be a part of CTS that ensures that happens, but I don't want to be first, so
there's not much to test here other than "will it compile?". The strace
output looks right though.

Bug: http://b/27948821
Bug: http://b/27952303
Change-Id: If667195eee849ed17c8fa9110f6b02907fc8fc04
2016-04-06 11:06:09 -07:00
Elliott Hughes
7f72ad4d6c Add sync_file_range to <fcntl.h>.
Bug: http://b/27952303
Change-Id: Idadfacd657ed415abc11684b9471e4e24c2fbf05
2016-04-05 12:17:22 -07:00
Greg Hackmann
e2faf07d65 Add {get,set}domainname(2)
{get,set}domainname aren't in POSIX but are widely-implemented
extensions.

The Linux kernel provides a setdomainname syscall but not a symmetric
getdomainname syscall, since it expects userspace to get the domain name
from uname(2).

Change-Id: I96726c242f4bb646c130b361688328b0b97269a0
Signed-off-by: Greg Hackmann <ghackmann@google.com>
2016-03-25 14:16:58 -07:00
Elliott Hughes
5f26c6bc91 Really add adjtimex(2), and add clock_adjtime(2) too.
Change-Id: I81fde2ec9fdf787bb19a784ad13df92d33a4f852
2016-02-03 13:19:10 -08:00
Greg Hackmann
3f3f6c526b Add adjtimex
Change-Id: Ia92d35b1851e73c9f157a749dba1e98f68309a8d
Signed-off-by: Greg Hackmann <ghackmann@google.com>
2016-01-28 13:41:22 -08:00
Daniel Micay
4200e260d2 fix the mremap signature
The mremap definition was incorrect (unsigned long instead of int) and
it was missing the optional new_address parameter.

Change-Id: Ib9d0675aaa098c21617cedc9b2b8cf267be3aec4
2015-11-06 13:14:43 -08:00
Elliott Hughes
6f4594d5dc Add preadv/pwritev.
Bug: http://b/12612572
Change-Id: I38ff2684d69bd0fe3f21b1d371b88fa60d5421cb
2015-08-26 14:48:55 -07:00
Elliott Hughes
5891abdc66 Invalidate cached pid in vfork.
Bug: http://b/23008979
Change-Id: I1dd900ac988cdbe10aad3abc53240c5d352891d5
2015-08-07 19:44:12 -07:00
Robert Jarzmik
10726d52ac libc: arch-x86: implement kernel vdso time functions
This patch give the possibility of time vdso support on 32bit kernel.
If the 32bit x86 kernel provides gettimeofday() and clock_gettime()
primitives in vdso. In this case make bionic use them. If the kernel
doesn't provide them, fallback to the legacy system call versions.

Change-Id: I87b772a9486fa356903e1f98f486ab9eb0b6f6f7
Signed-off-by: Robert Jarzmik <robert.jarzmik@intel.com>
Signed-off-by: Mingwei Shi <mingwei.shi@intel.com>
2015-07-22 01:31:38 +00:00
Elliott Hughes
b1304935b6 Hide accidentally-exposed __clock_nanosleep.
Bug: http://b/21858067
Change-Id: Iaa83a5e17cfff796aed4f641d0d14427614d9399
2015-06-15 19:39:04 -07:00
Elliott Hughes
be57a40d29 Add process_vm_readv and process_vm_writev.
Bug: http://b/21761353
Change-Id: Ic8ef3f241d62d2a4271fbc783c8af50257bac498
2015-06-10 17:24:20 -07:00
Nick Kralevich
e1d0810cd7 Add O_PATH support for flistxattr()
A continuation of commit 2825f10b7f.

Add O_PATH compatibility support for flistxattr(). This allows
a process to list out all the extended attributes associated with
O_PATH file descriptors.

Change-Id: Ie2285ac7ad2e4eac427ddba6c2d182d41b130f75
2015-06-06 11:25:41 -07:00
Nick Kralevich
2825f10b7f libc: Add O_PATH support for fgetxattr / fsetxattr
Support O_PATH file descriptors when handling fgetxattr and fsetxattr.
This avoids requiring file read access to pull extended attributes.

This is needed to support O_PATH file descriptors when calling
SELinux's fgetfilecon() call. In particular, this allows the querying
and setting of SELinux file context by using something like the following
code:

  int dirfd = open("/path/to/dir", O_DIRECTORY);
  int fd = openat(dirfd, "file", O_PATH | O_NOFOLLOW);
  char *context;
  fgetfilecon(fd, &context);

This change was motivated by a comment in
https://android-review.googlesource.com/#/c/152680/1/toys/posix/ls.c

Change-Id: Ic0cdf9f9dd0e35a63b44a4c4a08400020041eddf
2015-06-01 15:51:56 -07:00
Dan Albert
c05554ec5c Fix error handling for negative size in ftruncate.
Bug: 21309901
Change-Id: I54692ab8105dd09db6af7a2c0894a17bdd118aa0
2015-05-20 14:20:33 -07:00
Yabin Cui
40a8f214a5 Hide rt_sigqueueinfo.
Bug: 19358804
Change-Id: I38a53ad64c81d0eefdd1d24599e769fd8a477a56
2015-05-18 11:29:20 -07:00
Elliott Hughes
3391a9ff13 Simplify close(2) EINTR handling.
This doesn't affect code like Chrome that correctly ignores EINTR on
close, makes code that tries TEMP_FAILURE_RETRY work (where before it might
have closed a different fd and appeared to succeed, or had a bogus EBADF),
and makes "goto fail" code work (instead of mistakenly assuming that EINTR
means that the close failed).

Who loses? Anyone actively trying to detect that they caught a signal while
in close(2). I don't think those people exist, and I think they have better
alternatives available.

Bug: https://code.google.com/p/chromium/issues/detail?id=269623
Bug: http://b/20501816
Change-Id: I11e2f66532fe5d1b0082b2433212e24bdda8219b
2015-04-23 08:41:45 -07:00
Elliott Hughes
fa495d51b0 Hide statfs/fstatfs' ST_VALID flag from userspace.
Spotted while debugging the strace 4.10 upgrade.

Change-Id: I1af1be9c9440151f55f74a835e1df71529b0e4fe
2015-03-18 15:46:48 -07:00
Nick Kralevich
35778253a5 Fix "faccessat ignores flags"
The kernel system call faccessat() does not have any flags arguments,
so passing flags to the kernel is currently ignored.

Fix the kernel system call so that no flags argument is passed in.

Ensure that we don't support AT_SYMLINK_NOFOLLOW. This non-POSIX
(http://pubs.opengroup.org/onlinepubs/9699919799/functions/access.html)
flag is a glibc extension, and has non-intuitive, error prone behavior.

For example, consider the following code:

  symlink("foo.is.dangling", "foo");
  if (faccessat(AT_FDCWD, "foo", R_OK, AT_SYMLINK_NOFOLLOW) == 0) {
    int fd = openat(AT_FDCWD, "foo", O_RDONLY | O_NOFOLLOW);
  }

The faccessat() call in glibc will return true, but an attempt to
open the dangling symlink will end up failing. GLIBC documents this
as returning the access mode of the symlink itself, which will
always return true for any symlink on Linux.

Some further discussions of this are at:

  * http://lists.landley.net/pipermail/toybox-landley.net/2014-September/003617.html
  * http://permalink.gmane.org/gmane.linux.lib.musl.general/6952

AT_SYMLINK_NOFOLLOW seems broken by design. I suspect this is why this
function was never added to POSIX. (note that "access" is pretty much
broken by design too, since it introduces a race condition between
check and action). We shouldn't support this until it's clearly
documented by POSIX or we can have it produce intuitive results.

Don't support AT_EACCESS for now. Implementing it is complicated, and
pretty much useless on Android, since we don't have setuid binaries.
See http://git.musl-libc.org/cgit/musl/commit/?id=0a05eace163cee9b08571d2ff9d90f5e82d9c228
for how an implementation might look.

Bug: 18867827
Change-Id: I25b86c5020f3152ffa3ac3047f6c4152908d0e04
2015-02-24 13:40:43 -08:00
Nick Kralevich
00490ae3f3 Ensure raw fchmod/fchmodat syscalls are hidden.
In https://android-review.googlesource.com/#/c/127908/5/libc/SYSCALLS.TXT@116
Elliott said:

  for LP64 these will be hidden. for LP32 we were cowards and left
  them all public for compatibility (though i don't think we ever
  dremeled to see whether it was needed). we don't have an easy
  way to recognize additions, though, so we can't prevent adding
  new turds.

Add a mechanism to prevent the adding of new turds, and use that
mechanism on the fchmod/fchmodat system calls.

Bug: 19233951
Change-Id: I98f98345970b631a379f348df57858f9fc3d57c0
2015-02-03 12:10:30 -08:00
Nick Kralevich
3cbc6c627f Add fchmodat(AT_SYMLINK_NOFOLLOW) and fchmod O_PATH support
Many libc functions have an option to not follow symbolic
links. This is useful to avoid security sensitive code
from inadvertantly following attacker supplied symlinks
and taking inappropriate action on files it shouldn't.
For example, open() has O_NOFOLLOW, chown() has
lchown(), stat() has lstat(), etc.

There is no such equivalent function for chmod(), such as lchmod().
To address this, POSIX introduced fchmodat(AT_SYMLINK_NOFOLLOW),
which is intended to provide a way to perform a chmod operation
which doesn't follow symlinks.

Currently, the Linux kernel doesn't implement AT_SYMLINK_NOFOLLOW.
In GLIBC, attempting to use the AT_SYMLINK_NOFOLLOW flag causes
fchmodat to return ENOTSUP. Details are in "man fchmodat".

Bionic currently differs from GLIBC in that AT_SYMLINK_NOFOLLOW
is silently ignored and treated as if the flag wasn't present.

This patch provides a userspace implementation of
AT_SYMLINK_NOFOLLOW for bionic. Using open(O_PATH | O_NOFOLLOW),
we can provide a way to atomically change the permissions on
files without worrying about race conditions.

As part of this change, we add support for fchmod on O_PATH
file descriptors, because it's relatively straight forward
and could be useful in the future.

The basic idea behind this implementation comes from
https://sourceware.org/bugzilla/show_bug.cgi?id=14578 , specifically
comment #10.

Change-Id: I1eba0cdb2c509d9193ceecf28f13118188a3cfa7
2015-02-02 13:17:17 -08:00
Raghu Gandham
86d2feef9f Modify MIPS64 stat structure to match a generic one in AOSP.
The kernel version of the stat structure is used during the syscalls. After the syscall,
the kernel stat structure is converted to match the generic one. Eventually we would like
the generic stat structure and related syscalls be added to MIPS64 kernel, removing the
thunks added to AOSP.

Change-Id: I7764e80278c1cc8254754c3531ec2dda7544a8ec
2015-01-28 16:12:17 -08:00
Yabin Cui
94926f8cfa Merge "support _POSIX_REALTIME_SIGNALS" 2014-12-09 20:10:19 +00:00
Yabin Cui
634816055f support _POSIX_REALTIME_SIGNALS
Bug: 18489947
Change-Id: I2e834d68bc10ca5fc7ebde047b517a3074179475
2014-12-08 21:52:43 -08:00
Yabin Cui
efbb6fb3f7 change argument type in madvise
Make madvise prototype the same as linux man page.

Bug: 18539500
Change-Id: If3fd0e1d9539b9e10531ab9087bc4040e32b6e9b
2014-12-03 11:11:50 -08:00
Elliott Hughes
b86a4c7f65 Add sethostname(2).
Not very useful, but helps building stuff like toybox out of the box.

Change-Id: I110e39030452bd093a84278e019c5752d293718d
2014-11-07 16:48:27 -08:00
Haruki Hasegawa
1816025684 Add clock_settime and clock_nanosleep.
Add the missing prototypes, fix the existing prototypes to use clockid_t
rather than int, fix clock_nanosleep's failure behavior, and add simple
tests.

Bug: 17644443
Bug: https://code.google.com/p/android/issues/detail?id=77372
Change-Id: I03fba369939403918abcabae9551a7123953d780
Signed-off-by: Haruki Hasegawa <h6a.h4i.0@gmail.com>
2014-10-13 17:04:10 -07:00
Elliott Hughes
9990b3973b Fix mips __fadvise64.S build failure.
Bug: 12449798
Change-Id: I0663b741108ba2f1d286904d6414b3ff4d475551
2014-09-11 10:10:08 -07:00
Elliott Hughes
b587f339db Add posix_fadvise(3).
(cherry-pick of 00008263782e484020420c606f7d145fe7d0a4d8.)

Bug: 12449798
Change-Id: I07cbf3f670a0d1304b68148325a774f266b5c433
2014-09-11 08:45:46 -07:00
Dan Albert
47793d6a29 Remove _flush_cache(2) for mips64.
Also remove declaration.

The only user is compiler-rt, and they can replace that call with one to
syscall(2). compiler-rt doesn't currently build on mips64 anyway.

Bug: 11156955
Change-Id: Ieae0ba49c8e7aa50253401fc1d7c2d17bc867d39
2014-08-21 13:32:37 -07:00
Dan Albert
6a918870ba Revert "Replaces vfork() implementation with fork()"
We're getting cold feet on this one... let's put it back.

This reverts commit 210331d976.

Change-Id: I6b0d3c2b1dbf7f1dc9566979a91b7504c2189269
2014-08-05 14:11:38 -07:00
Elliott Hughes
79310994d2 Implement <sys/fsuid.h>.
Change-Id: I1e5e50444a1b5a430ba5b5d9b8b1d91219af5e92
2014-07-30 15:19:29 -07:00