diff options
author | Colin Cross <ccross@android.com> | 2013-06-16 10:19:16 -0700 |
---|---|---|
committer | Colin Cross <ccross@android.com> | 2013-06-24 16:35:41 -0700 |
commit | 1d36ee1a6e69ec529a7c43a4fe6268f85bc5134a (patch) | |
tree | 1a48ada4a610b0662d3f6d88740931fd19b27c3a /libc/bionic/system_properties.c | |
parent | 1540f601be32bdd4af8e8c13bdf2bc06bdaa76f1 (diff) | |
download | bionic-1d36ee1a6e69ec529a7c43a4fe6268f85bc5134a.zip bionic-1d36ee1a6e69ec529a7c43a4fe6268f85bc5134a.tar.gz bionic-1d36ee1a6e69ec529a7c43a4fe6268f85bc5134a.tar.bz2 |
bionic: prevent root processes from calling __system_property_add
If a root process other than init calls __system_property_add, which
it should never do, it will break the design assumption that there is
only one mutator.
Pass O_EXCL to open() in map_prop_region_rw to ensure that only one
process ever has the property pages open for write.
(cherry picked from commit fb9b7b436f3ef94385f1b0c55ab81f246f0d96b8)
Change-Id: I6df3afedbfb5d07891b095aa24b78278381a5aaf
Diffstat (limited to 'libc/bionic/system_properties.c')
-rw-r--r-- | libc/bionic/system_properties.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/libc/bionic/system_properties.c b/libc/bionic/system_properties.c index d4054d2..f9671c6 100644 --- a/libc/bionic/system_properties.c +++ b/libc/bionic/system_properties.c @@ -128,11 +128,13 @@ static int map_prop_area_rw() { prop_area *pa; int fd; + int ret; /* dev is a tmpfs that we can use to carve a shared workspace * out of, so let's do that... */ - fd = open(property_filename, O_RDWR | O_CREAT | O_NOFOLLOW, 0644); + fd = open(property_filename, O_RDWR | O_CREAT | O_NOFOLLOW | O_CLOEXEC | + O_EXCL, 0444); if (fd < 0) { if (errno == EACCES) { /* for consistency with the case where the process has already @@ -143,6 +145,10 @@ static int map_prop_area_rw() return -1; } + ret = fcntl(fd, F_SETFD, FD_CLOEXEC); + if (ret < 0) + goto out; + if (ftruncate(fd, PA_SIZE) < 0) goto out; @@ -186,8 +192,16 @@ static int map_prop_area() { bool fromFile = true; int result = -1; - - int fd = open(property_filename, O_RDONLY | O_NOFOLLOW); + int fd; + int ret; + + fd = open(property_filename, O_RDONLY | O_NOFOLLOW | O_CLOEXEC); + if (fd >= 0) { + /* For old kernels that don't support O_CLOEXEC */ + ret = fcntl(fd, F_SETFD, FD_CLOEXEC); + if (ret < 0) + goto cleanup; + } if ((fd < 0) && (errno == ENOENT)) { /* |