Merge "ELS TLS documentation: s/module/module_id/." am: 4b27a21b6a am: 8e89285553 am: 6cdcce7a83
Original change: https://android-review.googlesource.com/c/platform/bionic/+/2520195
Change-Id: Ia2edbc23123c28772e36a4f75170cd25c8bce829
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/libc/bionic/system_property_set.cpp b/libc/bionic/system_property_set.cpp
index 212aafc..845ff27 100644
--- a/libc/bionic/system_property_set.cpp
+++ b/libc/bionic/system_property_set.cpp
@@ -49,21 +49,34 @@
#include "private/ScopedFd.h"
static const char property_service_socket[] = "/dev/socket/" PROP_SERVICE_NAME;
+static const char property_service_for_system_socket[] =
+ "/dev/socket/" PROP_SERVICE_FOR_SYSTEM_NAME;
static const char* kServiceVersionPropertyName = "ro.property_service.version";
class PropertyServiceConnection {
public:
- PropertyServiceConnection() : last_error_(0) {
+ PropertyServiceConnection(const char* name) : last_error_(0) {
socket_.reset(::socket(AF_LOCAL, SOCK_STREAM | SOCK_CLOEXEC, 0));
if (socket_.get() == -1) {
last_error_ = errno;
return;
}
- const size_t namelen = strlen(property_service_socket);
+ // If we're trying to set "sys.powerctl" from a privileged process, use the special
+ // socket. Because this socket is only accessible to privileged processes, it can't
+ // be DoSed directly by malicious apps. (The shell user should be able to reboot,
+ // though, so we don't just always use the special socket for "sys.powerctl".)
+ // See b/262237198 for context
+ const char* socket = property_service_socket;
+ if (strcmp(name, "sys.powerctl") == 0 &&
+ access(property_service_for_system_socket, W_OK) == 0) {
+ socket = property_service_for_system_socket;
+ }
+
+ const size_t namelen = strlen(socket);
sockaddr_un addr;
memset(&addr, 0, sizeof(addr));
- strlcpy(addr.sun_path, property_service_socket, sizeof(addr.sun_path));
+ strlcpy(addr.sun_path, socket, sizeof(addr.sun_path));
addr.sun_family = AF_LOCAL;
socklen_t alen = namelen + offsetof(sockaddr_un, sun_path) + 1;
@@ -176,7 +189,7 @@
};
static int send_prop_msg(const prop_msg* msg) {
- PropertyServiceConnection connection;
+ PropertyServiceConnection connection(msg->name);
if (!connection.IsValid()) {
return connection.GetLastError();
}
@@ -269,7 +282,7 @@
// New protocol only allows long values for ro. properties only.
if (strlen(value) >= PROP_VALUE_MAX && strncmp(key, "ro.", 3) != 0) return -1;
// Use proper protocol
- PropertyServiceConnection connection;
+ PropertyServiceConnection connection(key);
if (!connection.IsValid()) {
errno = connection.GetLastError();
async_safe_format_log(
diff --git a/libc/include/sys/_system_properties.h b/libc/include/sys/_system_properties.h
index 744a45b..c7a30eb 100644
--- a/libc/include/sys/_system_properties.h
+++ b/libc/include/sys/_system_properties.h
@@ -41,6 +41,7 @@
__BEGIN_DECLS
#define PROP_SERVICE_NAME "property_service"
+#define PROP_SERVICE_FOR_SYSTEM_NAME "property_service_for_system"
#define PROP_FILENAME "/dev/__properties__"
#define PROP_MSG_SETPROP 1