Listen on property_service_for_system socket for powerctl messages It is easy to dos the property_service socket, since it will wait for a complete data packet from one command before moving on to the next one. To prevent low privilege apps interfering with system and root apps, add a second property_service socket that only they can use. However, since writes to properties are not thread-safe, limit use of this second socket to just sys.powerctl messages. These are the messages that this security issue is concerned about, and they do not actually write to the properties, rather they are acted upon immediately. Bug: 262208935 Test: Builds, boots Ignore-AOSP-First: Security fix Change-Id: I1e96444115de4cc0b021c6864922845de331f6a7

commit: 71ade013f46410187c9d981504ec1a713f20d1b7 [log] [tgz]
author: Paul Lawrence <paullawrence@google.com> Tue Jul 18 08:49:44 2023 -0700
committer: Paul Lawrence <paullawrence@google.com> Tue Jul 18 08:51:19 2023 -0700
tree: 6ee51ea9769a367a13379ef1e3f033e4080d3886
parent: b1c1cf7c86a8f58d567c933ba3cb20b1061355fd [diff] [blame]
diff --git a/libc/include/sys/_system_properties.h b/libc/include/sys/_system_properties.h
index 943d4c6..1afb000 100644
--- a/libc/include/sys/_system_properties.h
+++ b/libc/include/sys/_system_properties.h

@@ -41,6 +41,7 @@
 __BEGIN_DECLS
 
 #define PROP_SERVICE_NAME "property_service"
+#define PROP_SERVICE_FOR_SYSTEM_NAME "property_service_for_system"
 #define PROP_FILENAME "/dev/__properties__"
 
 #define PROP_MSG_SETPROP 1
commit	71ade013f46410187c9d981504ec1a713f20d1b7	[log] [tgz]
author	Paul Lawrence <paullawrence@google.com>	Tue Jul 18 08:49:44 2023 -0700
committer	Paul Lawrence <paullawrence@google.com>	Tue Jul 18 08:51:19 2023 -0700
tree	6ee51ea9769a367a13379ef1e3f033e4080d3886
parent	b1c1cf7c86a8f58d567c933ba3cb20b1061355fd [diff] [blame]