Add support for disabling the greylist.
Useful for testing whether apps have actually stopped using greylisted
libraries even if they still have references to them in their apk to support
old Android releases but also haven't bumped their targetSdkVersion yet.
Since we already have two expensive __system_property_get calls and this
would add a third, optimize two (but leave the third since it's not
obviously amenable to optimization). None of this matters for user builds,
but I don't want userdebug/eng to have distractingly different performance.
(cherrypick of 7933bec2872aa1c3430149c7649726333c0ac9d8.)
Bug: http://b/36106661
Test: ran "can you escape 5" with and without this property
Change-Id: Id9a804695c1dca9b4be2ebd0e72f01817bb13cba
diff --git a/android-changes-for-ndk-developers.md b/android-changes-for-ndk-developers.md
index ebdae83..5279118 100644
--- a/android-changes-for-ndk-developers.md
+++ b/android-changes-for-ndk-developers.md
@@ -145,6 +145,12 @@
temporarily support these libraries; so if you see a warning that means
your code will not work in a future release -- please fix it now!
+In O and later, the system property `debug.ld.greylist_disabled` can be
+used to deny access to the greylist even to an app that would normally
+be allowed it. This allows you to test compatibility without bumping the
+app's `targetSdkVersion`. Use `setprop debug.ld.greylist_disabled true`
+to turn this on (any other value leaves the greylist enabled).
+
```
$ readelf --dynamic libBroken.so | grep NEEDED
0x00000001 (NEEDED) Shared library: [libnativehelper.so]
diff --git a/libc/private/CachedProperty.h b/libc/private/CachedProperty.h
new file mode 100644
index 0000000..0a41abf
--- /dev/null
+++ b/libc/private/CachedProperty.h
@@ -0,0 +1,87 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include <string.h>
+
+#define _REALLY_INCLUDE_SYS__SYSTEM_PROPERTIES_H_
+#include <sys/_system_properties.h>
+
+#include "private/bionic_lock.h"
+
+class CachedProperty {
+ public:
+ CachedProperty(const char* property_name)
+ : property_name_(property_name),
+ prop_info_(nullptr),
+ cached_area_serial_(0),
+ cached_property_serial_(0) {
+ cached_value_[0] = '\0';
+ }
+
+ const char* Get() {
+ lock_.lock();
+
+ // Do we have a `struct prop_info` yet?
+ if (prop_info_ == nullptr) {
+ // `__system_property_find` is expensive, so only retry if a property
+ // has been created since last time we checked.
+ uint32_t property_area_serial = __system_property_area_serial();
+ if (property_area_serial != cached_area_serial_) {
+ prop_info_ = __system_property_find(property_name_);
+ cached_area_serial_ = property_area_serial;
+ }
+ }
+
+ if (prop_info_ != nullptr) {
+ // Only bother re-reading the property if it's actually changed since last time.
+ uint32_t property_serial = __system_property_serial(prop_info_);
+ if (property_serial != cached_property_serial_) {
+ __system_property_read_callback(prop_info_, &CachedProperty::Callback, this);
+ }
+ }
+
+ lock_.unlock();
+ return cached_value_;
+ }
+
+ private:
+ Lock lock_;
+ const char* property_name_;
+ const prop_info* prop_info_;
+ uint32_t cached_area_serial_;
+ uint32_t cached_property_serial_;
+ char cached_value_[PROP_VALUE_MAX];
+
+ static void Callback(void* data, const char*, const char* value, uint32_t serial) {
+ CachedProperty* instance = reinterpret_cast<CachedProperty*>(data);
+ instance->cached_property_serial_ = serial;
+ strcpy(instance->cached_value_, value);
+ }
+};
diff --git a/linker/linker.cpp b/linker/linker.cpp
index 1647db7..2777d73 100644
--- a/linker/linker.cpp
+++ b/linker/linker.cpp
@@ -185,7 +185,7 @@
};
// If you're targeting N, you don't get the greylist.
- if (get_application_target_sdk_version() >= __ANDROID_API_N__) {
+ if (g_greylist_disabled || get_application_target_sdk_version() >= __ANDROID_API_N__) {
return false;
}
diff --git a/linker/linker_logger.cpp b/linker/linker_logger.cpp
index b2ea320..717667c 100644
--- a/linker/linker_logger.cpp
+++ b/linker/linker_logger.cpp
@@ -26,32 +26,21 @@
* SUCH DAMAGE.
*/
+#include "linker_logger.h"
+
#include <string.h>
#include <sys/prctl.h>
-#include <sys/system_properties.h>
#include <unistd.h>
#include <string>
#include <vector>
#include "android-base/strings.h"
-#include "linker_logger.h"
+#include "private/CachedProperty.h"
#include "private/libc_logging.h"
LinkerLogger g_linker_logger;
-
-static const char* kSystemLdDebugProperty = "debug.ld.all";
-static const char* kLdDebugPropertyPrefix = "debug.ld.app.";
-
-static const char* kOptionErrors = "dlerror";
-static const char* kOptionDlopen = "dlopen";
-static const char* kOptionDlsym = "dlsym";
-
-static std::string property_get(const char* name) {
- char value[PROP_VALUE_MAX] = {};
- __system_property_get(name, value);
- return value;
-}
+bool g_greylist_disabled = false;
static uint32_t ParseProperty(const std::string& value) {
if (value.empty()) {
@@ -63,38 +52,22 @@
uint32_t flags = 0;
for (const auto& o : options) {
- if (o == kOptionErrors) {
+ if (o == "dlerror") {
flags |= kLogErrors;
- } else if (o == kOptionDlopen){
+ } else if (o == "dlopen") {
flags |= kLogDlopen;
- } else if (o == kOptionDlsym){
+ } else if (o == "dlsym") {
flags |= kLogDlsym;
} else {
- __libc_format_log(ANDROID_LOG_WARN, "linker", "Unknown debug.ld option \"%s\", will ignore.", o.c_str());
+ __libc_format_log(ANDROID_LOG_WARN, "linker", "Ignoring unknown debug.ld option \"%s\"",
+ o.c_str());
}
}
return flags;
}
-void LinkerLogger::ResetState() {
- // the most likely scenario app is not debuggable and
- // is running on user build - the logging is disabled.
- if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 0) {
- return;
- }
-
- flags_ = 0;
-
- // Check flag applied to all processes first.
- std::string value = property_get(kSystemLdDebugProperty);
- flags_ |= ParseProperty(value);
-
- // Ignore processes started without argv (http://b/33276926).
- if (g_argv[0] == nullptr) {
- return;
- }
-
+static void GetAppSpecificProperty(char* buffer) {
// Get process basename.
const char* process_name_start = basename(g_argv[0]);
@@ -106,10 +79,42 @@
std::string(process_name_start, (process_name_end - process_name_start)) :
std::string(process_name_start);
- std::string property_name = std::string(kLdDebugPropertyPrefix) + process_name;
+ std::string property_name = std::string("debug.ld.app.") + process_name;
+ __system_property_get(property_name.c_str(), buffer);
+}
- value = property_get(property_name.c_str());
- flags_ |= ParseProperty(value);
+void LinkerLogger::ResetState() {
+ // The most likely scenario app is not debuggable and
+ // is running on a user build, in which case logging is disabled.
+ if (prctl(PR_GET_DUMPABLE, 0, 0, 0, 0) == 0) {
+ return;
+ }
+
+ // This is a convenient place to check whether the greylist should be disabled for testing.
+ static CachedProperty greylist_disabled("debug.ld.greylist_disabled");
+ bool old_value = g_greylist_disabled;
+ g_greylist_disabled = (strcmp(greylist_disabled.Get(), "true") == 0);
+ if (g_greylist_disabled != old_value) {
+ __libc_format_log(ANDROID_LOG_INFO, "linker", "%s greylist",
+ g_greylist_disabled ? "Disabling" : "Enabling");
+ }
+
+ flags_ = 0;
+
+ // For logging, check the flag applied to all processes first.
+ static CachedProperty debug_ld_all("debug.ld.all");
+ flags_ |= ParseProperty(debug_ld_all.Get());
+
+ // Ignore processes started without argv (http://b/33276926).
+ if (g_argv[0] == nullptr) {
+ return;
+ }
+
+ // Otherwise check the app-specific property too.
+ // We can't easily cache the property here because argv[0] changes.
+ char debug_ld_app[PROP_VALUE_MAX] = {};
+ GetAppSpecificProperty(debug_ld_app);
+ flags_ |= ParseProperty(debug_ld_app);
}
void LinkerLogger::Log(uint32_t type, const char* format, ...) {
@@ -122,4 +127,3 @@
__libc_format_log_va_list(ANDROID_LOG_DEBUG, "linker", format, ap);
va_end(ap);
}
-
diff --git a/linker/linker_logger.h b/linker/linker_logger.h
index f37b974..3e53f74 100644
--- a/linker/linker_logger.h
+++ b/linker/linker_logger.h
@@ -58,4 +58,8 @@
extern LinkerLogger g_linker_logger;
extern char** g_argv;
+// If the system property debug.ld.greylist_disabled is true, we'll not use the greylist
+// regardless of API level.
+extern bool g_greylist_disabled;
+
#endif /* _LINKER_LOGGER_H_ */