summaryrefslogtreecommitdiffstats
path: root/libc/bionic/system_properties.c
diff options
context:
space:
mode:
authorColin Cross <ccross@android.com>2013-06-16 10:19:16 -0700
committerColin Cross <ccross@android.com>2013-06-24 16:35:41 -0700
commit1d36ee1a6e69ec529a7c43a4fe6268f85bc5134a (patch)
tree1a48ada4a610b0662d3f6d88740931fd19b27c3a /libc/bionic/system_properties.c
parent1540f601be32bdd4af8e8c13bdf2bc06bdaa76f1 (diff)
downloadbionic-1d36ee1a6e69ec529a7c43a4fe6268f85bc5134a.zip
bionic-1d36ee1a6e69ec529a7c43a4fe6268f85bc5134a.tar.gz
bionic-1d36ee1a6e69ec529a7c43a4fe6268f85bc5134a.tar.bz2
bionic: prevent root processes from calling __system_property_add
If a root process other than init calls __system_property_add, which it should never do, it will break the design assumption that there is only one mutator. Pass O_EXCL to open() in map_prop_region_rw to ensure that only one process ever has the property pages open for write. (cherry picked from commit fb9b7b436f3ef94385f1b0c55ab81f246f0d96b8) Change-Id: I6df3afedbfb5d07891b095aa24b78278381a5aaf
Diffstat (limited to 'libc/bionic/system_properties.c')
-rw-r--r--libc/bionic/system_properties.c20
1 files changed, 17 insertions, 3 deletions
diff --git a/libc/bionic/system_properties.c b/libc/bionic/system_properties.c
index d4054d2..f9671c6 100644
--- a/libc/bionic/system_properties.c
+++ b/libc/bionic/system_properties.c
@@ -128,11 +128,13 @@ static int map_prop_area_rw()
{
prop_area *pa;
int fd;
+ int ret;
/* dev is a tmpfs that we can use to carve a shared workspace
* out of, so let's do that...
*/
- fd = open(property_filename, O_RDWR | O_CREAT | O_NOFOLLOW, 0644);
+ fd = open(property_filename, O_RDWR | O_CREAT | O_NOFOLLOW | O_CLOEXEC |
+ O_EXCL, 0444);
if (fd < 0) {
if (errno == EACCES) {
/* for consistency with the case where the process has already
@@ -143,6 +145,10 @@ static int map_prop_area_rw()
return -1;
}
+ ret = fcntl(fd, F_SETFD, FD_CLOEXEC);
+ if (ret < 0)
+ goto out;
+
if (ftruncate(fd, PA_SIZE) < 0)
goto out;
@@ -186,8 +192,16 @@ static int map_prop_area()
{
bool fromFile = true;
int result = -1;
-
- int fd = open(property_filename, O_RDONLY | O_NOFOLLOW);
+ int fd;
+ int ret;
+
+ fd = open(property_filename, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
+ if (fd >= 0) {
+ /* For old kernels that don't support O_CLOEXEC */
+ ret = fcntl(fd, F_SETFD, FD_CLOEXEC);
+ if (ret < 0)
+ goto cleanup;
+ }
if ((fd < 0) && (errno == ENOENT)) {
/*