Merge "Unified sysroot: kill arch-specific include dirs."
diff --git a/docs/status.md b/docs/status.md
index 25f5663..a32a4c7 100644
--- a/docs/status.md
+++ b/docs/status.md
@@ -8,8 +8,12 @@
 
 New libc functions in P:
   * `__freading`/`__fwriting` (completing <stdio_ext.h>)
+  * `getentropy`/`getrandom` (adding <sys/random.h>)
   * `getlogin_r`
+  * `glob`/`globfree` (adding <glob.h>)
+  * `hcreate`/hcreate_r`/`hdestroy`/`hdestroy_r`/`hsearch`/`hsearch_r` (completing <search.h>)
   * `iconv`/`iconv_close`/`iconv_open` (adding <iconv.h>)
+  * <spawn.h>
   * `syncfs`
 
 New libc functions in O:
@@ -56,7 +60,7 @@
 
 Run `./libc/tools/check-symbols-glibc.py` in bionic/ for the current
 list of POSIX functions implemented by glibc but not by bionic. Currently
-(2017-09):
+(2017-10):
 ```
 aio_cancel
 aio_error
@@ -75,33 +79,7 @@
 getdate_err
 getnetent
 getprotoent
-glob
-globfree
-hcreate
-hdestroy
-hsearch
 lio_listio
-posix_spawn
-posix_spawn_file_actions_addclose
-posix_spawn_file_actions_adddup2
-posix_spawn_file_actions_addopen
-posix_spawn_file_actions_destroy
-posix_spawn_file_actions_init
-posix_spawnattr_destroy
-posix_spawnattr_getflags
-posix_spawnattr_getpgroup
-posix_spawnattr_getschedparam
-posix_spawnattr_getschedpolicy
-posix_spawnattr_getsigdefault
-posix_spawnattr_getsigmask
-posix_spawnattr_init
-posix_spawnattr_setflags
-posix_spawnattr_setpgroup
-posix_spawnattr_setschedparam
-posix_spawnattr_setschedpolicy
-posix_spawnattr_setsigdefault
-posix_spawnattr_setsigmask
-posix_spawnp
 pthread_attr_getinheritsched
 pthread_attr_setinheritsched
 pthread_cancel
diff --git a/libc/Android.bp b/libc/Android.bp
index 87291d4..e37ae08 100644
--- a/libc/Android.bp
+++ b/libc/Android.bp
@@ -1530,6 +1530,7 @@
         "bionic/sigwait.cpp",
         "bionic/sigwaitinfo.cpp",
         "bionic/socket.cpp",
+        "bionic/spawn.cpp",
         "bionic/stat.cpp",
         "bionic/statvfs.cpp",
         "bionic/stdlib_l.cpp",
diff --git a/libc/bionic/spawn.cpp b/libc/bionic/spawn.cpp
new file mode 100644
index 0000000..7015ad9
--- /dev/null
+++ b/libc/bionic/spawn.cpp
@@ -0,0 +1,316 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *  * Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  * Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <spawn.h>
+
+#include <fcntl.h>
+#include <signal.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include "private/ScopedSignalBlocker.h"
+
+enum Action {
+  kOpen,
+  kClose,
+  kDup2
+};
+
+struct __posix_spawn_file_action {
+  __posix_spawn_file_action* next;
+
+  Action what;
+  int fd;
+  int new_fd;
+  char* path;
+  int flags;
+  mode_t mode;
+
+  void Do() {
+    if (what == kOpen) {
+      fd = open(path, flags, mode);
+      if (fd == -1) _exit(127);
+      // If it didn't land where we wanted it, move it.
+      if (fd != new_fd) {
+        if (dup2(fd, new_fd) == -1) _exit(127);
+        close(fd);
+      }
+    } else if (what == kClose) {
+      // Failure to close is ignored.
+      close(fd);
+    } else {
+      if (dup2(fd, new_fd) == -1) _exit(127);
+    }
+  }
+};
+
+struct __posix_spawn_file_actions {
+  __posix_spawn_file_action* head;
+  __posix_spawn_file_action* last;
+
+  void Do() {
+    for (__posix_spawn_file_action* action = head; action != nullptr; action = action->next) {
+      action->Do();
+    }
+  }
+};
+
+struct __posix_spawnattr {
+  short flags;
+  pid_t pgroup;
+  sched_param schedparam;
+  int schedpolicy;
+  sigset_t sigmask;
+  sigset_t sigdefault;
+
+  void Do() {
+    bool use_sigdefault = ((flags & POSIX_SPAWN_SETSIGDEF) != 0);
+
+    for (int s = 1; s < _NSIG; ++s) {
+      struct sigaction sa;
+      if (sigaction(s, nullptr, &sa) == -1) _exit(127);
+      if (sa.sa_handler == SIG_DFL) continue;
+      // POSIX: "Signals set to be caught by the calling process shall be set to the default
+      // action in the child process."
+      // POSIX: "If POSIX_SPAWN_SETSIGDEF is set ... signals in sigdefault ... shall be set to
+      // their default actions in the child process."
+      if (sa.sa_handler != SIG_IGN || (use_sigdefault && sigismember(&sigdefault, s))) {
+        sa.sa_handler = SIG_DFL;
+        if (sigaction(s, &sa, nullptr) == -1) _exit(127);
+      }
+    }
+
+    if ((flags & POSIX_SPAWN_SETPGROUP) != 0 && setpgid(0, pgroup) == -1) _exit(127);
+    if ((flags & POSIX_SPAWN_SETSID) != 0 && setsid() == -1) _exit(127);
+
+    // POSIX_SPAWN_SETSCHEDULER overrides POSIX_SPAWN_SETSCHEDPARAM, but it is not an error
+    // to set both.
+    if ((flags & POSIX_SPAWN_SETSCHEDULER) != 0) {
+      if (sched_setscheduler(0, schedpolicy, &schedparam) == -1) _exit(127);
+    } else if ((flags & POSIX_SPAWN_SETSCHEDPARAM) != 0) {
+      if (sched_setparam(0, &schedparam) == -1) _exit(127);
+    }
+
+    if ((flags & POSIX_SPAWN_RESETIDS) != 0) {
+      if (seteuid(getuid()) == -1 || setegid(getgid()) == -1) _exit(127);
+    }
+
+    if ((flags & POSIX_SPAWN_SETSIGMASK) != 0) {
+      if (sigprocmask(SIG_SETMASK, &sigmask, nullptr)) _exit(127);
+    }
+  }
+};
+
+static int posix_spawn(pid_t* pid_ptr,
+                       const char* path,
+                       const posix_spawn_file_actions_t* actions,
+                       const posix_spawnattr_t* attr,
+                       char* const argv[],
+                       char* const env[],
+                       int exec_fn(const char* path, char* const argv[], char* const env[])) {
+  // See http://man7.org/linux/man-pages/man3/posix_spawn.3.html
+  // and http://pubs.opengroup.org/onlinepubs/9699919799/functions/posix_spawn.html
+
+  ScopedSignalBlocker ssb;
+
+  short flags = attr ? (*attr)->flags : 0;
+  bool use_vfork = ((flags & POSIX_SPAWN_USEVFORK) != 0) || (actions == nullptr && flags == 0);
+
+  pid_t pid = use_vfork ? vfork() : fork();
+  if (pid == -1) return errno;
+
+  if (pid == 0) {
+    // Child.
+    if (attr) (*attr)->Do();
+    if (actions) (*actions)->Do();
+    if ((flags & POSIX_SPAWN_SETSIGMASK) == 0) ssb.reset();
+    exec_fn(path, argv, env ? env : environ);
+    _exit(127);
+  }
+
+  // Parent.
+  if (pid_ptr) *pid_ptr = pid;
+  return 0;
+}
+
+int posix_spawn(pid_t* pid, const char* path, const posix_spawn_file_actions_t* actions,
+                const posix_spawnattr_t* attr, char* const argv[], char* const env[]) {
+  return posix_spawn(pid, path, actions, attr, argv, env, execve);
+}
+
+int posix_spawnp(pid_t* pid, const char* file, const posix_spawn_file_actions_t* actions,
+                 const posix_spawnattr_t* attr, char* const argv[], char* const env[]) {
+  return posix_spawn(pid, file, actions, attr, argv, env, execvpe);
+}
+
+int posix_spawnattr_init(posix_spawnattr_t* attr) {
+  *attr = reinterpret_cast<__posix_spawnattr*>(calloc(1, sizeof(__posix_spawnattr)));
+  return (*attr == nullptr) ? errno : 0;
+}
+
+int posix_spawnattr_destroy(posix_spawnattr_t* attr) {
+  free(*attr);
+  *attr = nullptr;
+  return 0;
+}
+
+int posix_spawnattr_setflags(posix_spawnattr_t* attr, short flags) {
+  if ((flags & ~(POSIX_SPAWN_RESETIDS | POSIX_SPAWN_SETPGROUP | POSIX_SPAWN_SETSIGDEF |
+                 POSIX_SPAWN_SETSIGMASK | POSIX_SPAWN_SETSCHEDPARAM | POSIX_SPAWN_SETSCHEDULER |
+                 POSIX_SPAWN_USEVFORK | POSIX_SPAWN_SETSID)) != 0) {
+    return EINVAL;
+  }
+  (*attr)->flags = flags;
+  return 0;
+}
+
+int posix_spawnattr_getflags(const posix_spawnattr_t* attr, short* flags) {
+  *flags = (*attr)->flags;
+  return 0;
+}
+
+int posix_spawnattr_setpgroup(posix_spawnattr_t* attr, pid_t pgroup) {
+  (*attr)->pgroup = pgroup;
+  return 0;
+}
+
+int posix_spawnattr_getpgroup(const posix_spawnattr_t* attr, pid_t* pgroup) {
+  *pgroup = (*attr)->pgroup;
+  return 0;
+}
+
+int posix_spawnattr_setsigmask(posix_spawnattr_t* attr, const sigset_t* mask) {
+  (*attr)->sigmask = *mask;
+  return 0;
+}
+
+int posix_spawnattr_getsigmask(const posix_spawnattr_t* attr, sigset_t* mask) {
+  *mask = (*attr)->sigmask;
+  return 0;
+}
+
+int posix_spawnattr_setsigdefault(posix_spawnattr_t* attr, const sigset_t* mask) {
+  (*attr)->sigdefault = *mask;
+  return 0;
+}
+
+int posix_spawnattr_getsigdefault(const posix_spawnattr_t* attr, sigset_t* mask) {
+  *mask = (*attr)->sigdefault;
+  return 0;
+}
+
+int posix_spawnattr_setschedparam(posix_spawnattr_t* attr, const struct sched_param* param) {
+  (*attr)->schedparam = *param;
+  return 0;
+}
+
+int posix_spawnattr_getschedparam(const posix_spawnattr_t* attr, struct sched_param* param) {
+  *param = (*attr)->schedparam;
+  return 0;
+}
+
+int posix_spawnattr_setschedpolicy(posix_spawnattr_t* attr, int policy) {
+  (*attr)->schedpolicy = policy;
+  return 0;
+}
+
+int posix_spawnattr_getschedpolicy(const posix_spawnattr_t* attr, int* policy) {
+  *policy = (*attr)->schedpolicy;
+  return 0;
+}
+
+int posix_spawn_file_actions_init(posix_spawn_file_actions_t* actions) {
+  *actions = reinterpret_cast<__posix_spawn_file_actions*>(calloc(1, sizeof(**actions)));
+  return (*actions == nullptr) ? errno : 0;
+}
+
+int posix_spawn_file_actions_destroy(posix_spawn_file_actions_t* actions) {
+  __posix_spawn_file_action* a = (*actions)->head;
+  while (a) {
+    __posix_spawn_file_action* last = a;
+    a = a->next;
+    free(last->path);
+    free(last);
+  }
+  free(*actions);
+  *actions = nullptr;
+  return 0;
+}
+
+static int posix_spawn_add_file_action(posix_spawn_file_actions_t* actions,
+                                       Action what,
+                                       int fd,
+                                       int new_fd,
+                                       const char* path,
+                                       int flags,
+                                       mode_t mode) {
+  __posix_spawn_file_action* action =
+      reinterpret_cast<__posix_spawn_file_action*>(malloc(sizeof(*action)));
+  if (action == nullptr) return errno;
+
+  action->next = nullptr;
+  if (path != nullptr) {
+    action->path = strdup(path);
+    if (action->path == nullptr) {
+      free(action);
+      return errno;
+    }
+  } else {
+    action->path = nullptr;
+  }
+  action->what = what;
+  action->fd = fd;
+  action->new_fd = new_fd;
+  action->flags = flags;
+  action->mode = mode;
+
+  if ((*actions)->head == nullptr) {
+    (*actions)->head = (*actions)->last = action;
+  } else {
+    (*actions)->last->next = action;
+    (*actions)->last = action;
+  }
+
+  return 0;
+}
+
+int posix_spawn_file_actions_addopen(posix_spawn_file_actions_t* actions,
+                                     int fd, const char* path, int flags, mode_t mode) {
+  if (fd < 0) return EBADF;
+  return posix_spawn_add_file_action(actions, kOpen, -1, fd, path, flags, mode);
+}
+
+int posix_spawn_file_actions_addclose(posix_spawn_file_actions_t* actions, int fd) {
+  if (fd < 0) return EBADF;
+  return posix_spawn_add_file_action(actions, kClose, fd, -1, nullptr, 0, 0);
+}
+
+int posix_spawn_file_actions_adddup2(posix_spawn_file_actions_t* actions, int fd, int new_fd) {
+  if (fd < 0 || new_fd < 0) return EBADF;
+  return posix_spawn_add_file_action(actions, kDup2, fd, new_fd, nullptr, 0, 0);
+}
diff --git a/libc/bionic/system_properties.cpp b/libc/bionic/system_properties.cpp
index b781ea3..b87d7e8 100644
--- a/libc/bionic/system_properties.cpp
+++ b/libc/bionic/system_properties.cpp
@@ -71,9 +71,27 @@
 #define SERIAL_DIRTY(serial) ((serial)&1)
 #define SERIAL_VALUE_LEN(serial) ((serial) >> 24)
 
+constexpr static const char kLongLegacyError[] = "Must use __system_property_read_callback() to read";
+
+// The error message fits in part of a union with the previous 92 char property value so there must
+// be room left over after the error message for the offset to the new longer property value and
+// future expansion fields if needed.
+// Note that this value cannot ever increase.  The offset to the new longer property value appears
+// immediately after it, so an increase of this size will break compatibility.
+constexpr size_t kLongLegacyErrorBufferSize = 56;
+static_assert(sizeof(kLongLegacyError) < kLongLegacyErrorBufferSize,
+              "Error message for long properties read by legacy libc must fit within 56 chars");
+
 static const char property_service_socket[] = "/dev/socket/" PROP_SERVICE_NAME;
 static const char* kServiceVersionPropertyName = "ro.property_service.version";
 
+// The C11 standard doesn't allow atomic loads from const fields,
+// though C++11 does.  Fudge it until standards get straightened out.
+static inline uint_least32_t load_const_atomic(const atomic_uint_least32_t* s, memory_order mo) {
+  atomic_uint_least32_t* non_const_s = const_cast<atomic_uint_least32_t*>(s);
+  return atomic_load_explicit(non_const_s, mo);
+}
+
 /*
  * Properties are stored in a hybrid trie/binary tree structure.
  * Each property's name is delimited at '.' characters, and the tokens are put
@@ -182,12 +200,34 @@
 };
 
 struct prop_info {
+  // Read only properties will not set anything but the bottom most bit of serial and the top byte.
+  // We borrow the 2nd from the top byte for extra flags, and use the bottom most bit of that for
+  // our first user, kLongFlag.
+  constexpr static uint32_t kLongFlag = 1 << 16;
   atomic_uint_least32_t serial;
   // we need to keep this buffer around because the property
   // value can be modified whereas name is constant.
-  char value[PROP_VALUE_MAX];
+  union {
+    char value[PROP_VALUE_MAX];
+    struct {
+      char error_message[kLongLegacyErrorBufferSize];
+      uint32_t offset;
+    } long_property;
+  };
   char name[0];
 
+  bool is_long() const {
+    return (load_const_atomic(&serial, memory_order_relaxed) & kLongFlag) != 0;
+  }
+
+  const char* long_value() const {
+    // We can't store pointers here since this is shared memory that will have different absolute
+    // pointers in different processes.  We don't have data_ from prop_area, but since we know
+    // `this` is data_ + some offset and long_value is data_ + some other offset, we calculate the
+    // offset from `this` to long_value and store it as long_property.offset.
+    return reinterpret_cast<const char*>(this) + long_property.offset;
+  }
+
   prop_info(const char* name, uint32_t namelen, const char* value, uint32_t valuelen) {
     memcpy(this->name, name, namelen);
     this->name[namelen] = '\0';
@@ -196,10 +236,23 @@
     this->value[valuelen] = '\0';
   }
 
+  prop_info(const char* name, uint32_t namelen, uint32_t long_offset) {
+    memcpy(this->name, name, namelen);
+    this->name[namelen] = '\0';
+
+    auto error_value_len = sizeof(kLongLegacyError) - 1;
+    atomic_init(&this->serial, error_value_len << 24 | kLongFlag);
+    memcpy(this->long_property.error_message, kLongLegacyError, sizeof(kLongLegacyError));
+
+    this->long_property.offset = long_offset;
+  }
+
  private:
   DISALLOW_IMPLICIT_CONSTRUCTORS(prop_info);
 };
 
+static_assert(sizeof(prop_info) == 96, "size of struct prop_info must be 96 bytes");
+
 // This is public because it was exposed in the NDK. As of 2017-01, ~60 apps reference this symbol.
 prop_area* __system_property_area__ = nullptr;
 
@@ -330,13 +383,28 @@
                                     uint32_t valuelen, uint_least32_t* const off) {
   uint_least32_t new_offset;
   void* const p = allocate_obj(sizeof(prop_info) + namelen + 1, &new_offset);
-  if (p != nullptr) {
-    prop_info* info = new (p) prop_info(name, namelen, value, valuelen);
-    *off = new_offset;
-    return info;
-  }
+  if (p == nullptr) return nullptr;
 
-  return nullptr;
+  prop_info* info;
+  if (valuelen >= PROP_VALUE_MAX) {
+    uint32_t long_value_offset = 0;
+    char* long_location = reinterpret_cast<char*>(allocate_obj(valuelen + 1, &long_value_offset));
+    if (!long_location) return nullptr;
+
+    memcpy(long_location, value, valuelen);
+    long_location[valuelen] = '\0';
+
+    // Both new_offset and long_value_offset are offsets based off of data_, however prop_info
+    // does not know what data_ is, so we change this offset to be an offset from the prop_info
+    // pointer that contains it.
+    long_value_offset -= new_offset;
+
+    info = new (p) prop_info(name, namelen, long_value_offset);
+  } else {
+    info = new (p) prop_info(name, namelen, value, valuelen);
+  }
+  *off = new_offset;
+  return info;
 }
 
 void* prop_area::to_prop_obj(uint_least32_t off) {
@@ -1161,11 +1229,8 @@
   return pa->find(name);
 }
 
-// The C11 standard doesn't allow atomic loads from const fields,
-// though C++11 does.  Fudge it until standards get straightened out.
-static inline uint_least32_t load_const_atomic(const atomic_uint_least32_t* s, memory_order mo) {
-  atomic_uint_least32_t* non_const_s = const_cast<atomic_uint_least32_t*>(s);
-  return atomic_load_explicit(non_const_s, mo);
+static bool is_read_only(const char* name) {
+  return strncmp(name, "ro.", 3) == 0;
 }
 
 int __system_property_read(const prop_info* pi, char* name, char* value) {
@@ -1193,6 +1258,13 @@
                                 pi->name, PROP_NAME_MAX - 1, name);
         }
       }
+      if (is_read_only(pi->name) && pi->is_long()) {
+        async_safe_format_log(ANDROID_LOG_ERROR, "libc",
+                              "The property \"%s\" has a value with length %zu that is too large for"
+                              " __system_property_get()/__system_property_read(); use"
+                              " __system_property_read_callback() instead.",
+                              pi->name, strlen(pi->long_value()));
+      }
       return len;
     }
   }
@@ -1204,6 +1276,18 @@
                                                       const char* value,
                                                       uint32_t serial),
                                      void* cookie) {
+  // Read only properties don't need to copy the value to a temporary buffer, since it can never
+  // change.
+  if (is_read_only(pi->name)) {
+    uint32_t serial = __system_property_serial(pi);
+    if (pi->is_long()) {
+      callback(cookie, pi->name, pi->long_value(), serial);
+    } else {
+      callback(cookie, pi->name, pi->value, serial);
+    }
+    return;
+  }
+
   while (true) {
     uint32_t serial = __system_property_serial(pi);  // acquire semantics
     size_t len = SERIAL_VALUE_LEN(serial);
@@ -1260,15 +1344,15 @@
 int __system_property_set(const char* key, const char* value) {
   if (key == nullptr) return -1;
   if (value == nullptr) value = "";
-  if (strlen(value) >= PROP_VALUE_MAX) return -1;
 
   if (g_propservice_protocol_version == 0) {
     detect_protocol_version();
   }
 
   if (g_propservice_protocol_version == kProtocolVersion1) {
-    // Old protocol does not support long names
+    // Old protocol does not support long names or values
     if (strlen(key) >= PROP_NAME_MAX) return -1;
+    if (strlen(value) >= PROP_VALUE_MAX) return -1;
 
     prop_msg msg;
     memset(&msg, 0, sizeof msg);
@@ -1278,6 +1362,8 @@
 
     return send_prop_msg(&msg);
   } else {
+    // New protocol only allows long values for ro. properties only.
+    if (strlen(value) >= PROP_VALUE_MAX && !is_read_only(key)) return -1;
     // Use proper protocol
     PropertyServiceConnection connection;
     if (!connection.IsValid()) {
@@ -1364,7 +1450,7 @@
 
 int __system_property_add(const char* name, unsigned int namelen, const char* value,
                           unsigned int valuelen) {
-  if (valuelen >= PROP_VALUE_MAX) {
+  if (valuelen >= PROP_VALUE_MAX && !is_read_only(name)) {
     return -1;
   }
 
diff --git a/libc/bionic/tmpfile.cpp b/libc/bionic/tmpfile.cpp
index dc142a9..bda3566 100644
--- a/libc/bionic/tmpfile.cpp
+++ b/libc/bionic/tmpfile.cpp
@@ -39,22 +39,7 @@
 #include <unistd.h>
 
 #include "private/ErrnoRestorer.h"
-
-class ScopedSignalBlocker {
- public:
-  ScopedSignalBlocker() {
-    sigset_t set;
-    sigfillset(&set);
-    sigprocmask(SIG_BLOCK, &set, &old_set_);
-  }
-
-  ~ScopedSignalBlocker() {
-    sigprocmask(SIG_SETMASK, &old_set_, NULL);
-  }
-
- private:
-  sigset_t old_set_;
-};
+#include "private/ScopedSignalBlocker.h"
 
 static FILE* __tmpfile_dir(const char* tmp_dir) {
   char* path = NULL;
diff --git a/libc/include/bits/posix_limits.h b/libc/include/bits/posix_limits.h
index 4038c3a..e5846d6 100644
--- a/libc/include/bits/posix_limits.h
+++ b/libc/include/bits/posix_limits.h
@@ -68,7 +68,7 @@
 #define _POSIX_SEMAPHORES _POSIX_VERSION /* sem_*. */
 #define _POSIX_SHARED_MEMORY_OBJECTS __BIONIC_POSIX_FEATURE_MISSING /* mmap/munmap are implemented, but shm_open/shm_unlink are not. */
 #define _POSIX_SHELL 1 /* system. */
-#define _POSIX_SPAWN __BIONIC_POSIX_FEATURE_MISSING /* <spawn.h> */
+#define _POSIX_SPAWN __BIONIC_POSIX_FEATURE_SINCE(28) /* <spawn.h> */
 #define _POSIX_SPIN_LOCKS __BIONIC_POSIX_FEATURE_SINCE(24) /* pthread_spin_*. */
 #define _POSIX_SPORADIC_SERVER _POSIX_VERSION /* sched_setparam/sched_setscheduler. */
 #define _POSIX_SYNCHRONIZED_IO _POSIX_VERSION
diff --git a/libc/include/spawn.h b/libc/include/spawn.h
new file mode 100644
index 0000000..ea4bb19
--- /dev/null
+++ b/libc/include/spawn.h
@@ -0,0 +1,86 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *  * Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  * Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef _SPAWN_H_
+#define _SPAWN_H_
+
+#include <sys/cdefs.h>
+#include <sys/types.h>
+#include <sched.h>
+#include <signal.h>
+
+__BEGIN_DECLS
+
+#define POSIX_SPAWN_RESETIDS 1
+#define POSIX_SPAWN_SETPGROUP 2
+#define POSIX_SPAWN_SETSIGDEF 4
+#define POSIX_SPAWN_SETSIGMASK 8
+#define POSIX_SPAWN_SETSCHEDPARAM 16
+#define POSIX_SPAWN_SETSCHEDULER 32
+#if defined(__USE_GNU)
+#define POSIX_SPAWN_USEVFORK 64
+#define POSIX_SPAWN_SETSID 128
+#endif
+
+typedef struct __posix_spawnattr* posix_spawnattr_t;
+typedef struct __posix_spawn_file_actions* posix_spawn_file_actions_t;
+
+int posix_spawn(pid_t* __pid, const char* __path, const posix_spawn_file_actions_t* __actions, const posix_spawnattr_t* __attr, char* const __argv[], char* const __env[]) __INTRODUCED_IN_FUTURE;
+int posix_spawnp(pid_t* __pid, const char* __file, const posix_spawn_file_actions_t* __actions, const posix_spawnattr_t* __attr, char* const __argv[], char* const __env[]) __INTRODUCED_IN_FUTURE;
+
+int posix_spawnattr_init(posix_spawnattr_t* __attr) __INTRODUCED_IN_FUTURE;
+int posix_spawnattr_destroy(posix_spawnattr_t* __attr) __INTRODUCED_IN_FUTURE;
+
+int posix_spawnattr_setflags(posix_spawnattr_t* __attr, short __flags) __INTRODUCED_IN_FUTURE;
+int posix_spawnattr_getflags(const posix_spawnattr_t* __attr, short* __flags) __INTRODUCED_IN_FUTURE;
+
+int posix_spawnattr_setpgroup(posix_spawnattr_t* __attr, pid_t __pgroup) __INTRODUCED_IN_FUTURE;
+int posix_spawnattr_getpgroup(const posix_spawnattr_t* __attr, pid_t* __pgroup) __INTRODUCED_IN_FUTURE;
+
+int posix_spawnattr_setsigmask(posix_spawnattr_t* __attr, const sigset_t* __mask) __INTRODUCED_IN_FUTURE;
+int posix_spawnattr_getsigmask(const posix_spawnattr_t* __attr, sigset_t* __mask) __INTRODUCED_IN_FUTURE;
+
+int posix_spawnattr_setsigdefault(posix_spawnattr_t* __attr, const sigset_t* __mask) __INTRODUCED_IN_FUTURE;
+int posix_spawnattr_getsigdefault(const posix_spawnattr_t* __attr, sigset_t* __mask) __INTRODUCED_IN_FUTURE;
+
+int posix_spawnattr_setschedparam(posix_spawnattr_t* __attr, const struct sched_param* __param) __INTRODUCED_IN_FUTURE;
+int posix_spawnattr_getschedparam(const posix_spawnattr_t* __attr, struct sched_param* __param) __INTRODUCED_IN_FUTURE;
+
+int posix_spawnattr_setschedpolicy(posix_spawnattr_t* __attr, int __policy) __INTRODUCED_IN_FUTURE;
+int posix_spawnattr_getschedpolicy(const posix_spawnattr_t* __attr, int* __policy) __INTRODUCED_IN_FUTURE;
+
+int posix_spawn_file_actions_init(posix_spawn_file_actions_t* __actions) __INTRODUCED_IN_FUTURE;
+int posix_spawn_file_actions_destroy(posix_spawn_file_actions_t* __actions) __INTRODUCED_IN_FUTURE;
+
+int posix_spawn_file_actions_addopen(posix_spawn_file_actions_t* __actions, int __fd, const char* __path, int __flags, mode_t __mode) __INTRODUCED_IN_FUTURE;
+int posix_spawn_file_actions_addclose(posix_spawn_file_actions_t* __actions, int __fd) __INTRODUCED_IN_FUTURE;
+int posix_spawn_file_actions_adddup2(posix_spawn_file_actions_t* __actions, int __fd, int __new_fd) __INTRODUCED_IN_FUTURE;
+
+__END_DECLS
+
+#endif
diff --git a/libc/libc.arm.map b/libc/libc.arm.map
index 13c267a..08ba59f 100644
--- a/libc/libc.arm.map
+++ b/libc/libc.arm.map
@@ -1336,6 +1336,27 @@
     iconv;
     iconv_close;
     iconv_open;
+    posix_spawn;
+    posix_spawnattr_destroy;
+    posix_spawnattr_getflags;
+    posix_spawnattr_getpgroup;
+    posix_spawnattr_getschedparam;
+    posix_spawnattr_getschedpolicy;
+    posix_spawnattr_getsigdefault;
+    posix_spawnattr_getsigmask;
+    posix_spawnattr_init;
+    posix_spawnattr_setflags;
+    posix_spawnattr_setpgroup;
+    posix_spawnattr_setschedparam;
+    posix_spawnattr_setschedpolicy;
+    posix_spawnattr_setsigdefault;
+    posix_spawnattr_setsigmask;
+    posix_spawn_file_actions_addclose;
+    posix_spawn_file_actions_adddup2;
+    posix_spawn_file_actions_addopen;
+    posix_spawn_file_actions_destroy;
+    posix_spawn_file_actions_init;
+    posix_spawnp;
     syncfs;
 } LIBC_O;
 
diff --git a/libc/libc.arm64.map b/libc/libc.arm64.map
index 9d8c1b7..400c95f 100644
--- a/libc/libc.arm64.map
+++ b/libc/libc.arm64.map
@@ -1256,6 +1256,27 @@
     iconv;
     iconv_close;
     iconv_open;
+    posix_spawn;
+    posix_spawnattr_destroy;
+    posix_spawnattr_getflags;
+    posix_spawnattr_getpgroup;
+    posix_spawnattr_getschedparam;
+    posix_spawnattr_getschedpolicy;
+    posix_spawnattr_getsigdefault;
+    posix_spawnattr_getsigmask;
+    posix_spawnattr_init;
+    posix_spawnattr_setflags;
+    posix_spawnattr_setpgroup;
+    posix_spawnattr_setschedparam;
+    posix_spawnattr_setschedpolicy;
+    posix_spawnattr_setsigdefault;
+    posix_spawnattr_setsigmask;
+    posix_spawn_file_actions_addclose;
+    posix_spawn_file_actions_adddup2;
+    posix_spawn_file_actions_addopen;
+    posix_spawn_file_actions_destroy;
+    posix_spawn_file_actions_init;
+    posix_spawnp;
     syncfs;
 } LIBC_O;
 
diff --git a/libc/libc.map.txt b/libc/libc.map.txt
index da462d3..eb5c1e4 100644
--- a/libc/libc.map.txt
+++ b/libc/libc.map.txt
@@ -1361,6 +1361,27 @@
     iconv;
     iconv_close;
     iconv_open;
+    posix_spawn;
+    posix_spawnattr_destroy;
+    posix_spawnattr_getflags;
+    posix_spawnattr_getpgroup;
+    posix_spawnattr_getschedparam;
+    posix_spawnattr_getschedpolicy;
+    posix_spawnattr_getsigdefault;
+    posix_spawnattr_getsigmask;
+    posix_spawnattr_init;
+    posix_spawnattr_setflags;
+    posix_spawnattr_setpgroup;
+    posix_spawnattr_setschedparam;
+    posix_spawnattr_setschedpolicy;
+    posix_spawnattr_setsigdefault;
+    posix_spawnattr_setsigmask;
+    posix_spawn_file_actions_addclose;
+    posix_spawn_file_actions_adddup2;
+    posix_spawn_file_actions_addopen;
+    posix_spawn_file_actions_destroy;
+    posix_spawn_file_actions_init;
+    posix_spawnp;
     syncfs;
 } LIBC_O;
 
diff --git a/libc/libc.mips.map b/libc/libc.mips.map
index 3e41f95..16f1209 100644
--- a/libc/libc.mips.map
+++ b/libc/libc.mips.map
@@ -1320,6 +1320,27 @@
     iconv;
     iconv_close;
     iconv_open;
+    posix_spawn;
+    posix_spawnattr_destroy;
+    posix_spawnattr_getflags;
+    posix_spawnattr_getpgroup;
+    posix_spawnattr_getschedparam;
+    posix_spawnattr_getschedpolicy;
+    posix_spawnattr_getsigdefault;
+    posix_spawnattr_getsigmask;
+    posix_spawnattr_init;
+    posix_spawnattr_setflags;
+    posix_spawnattr_setpgroup;
+    posix_spawnattr_setschedparam;
+    posix_spawnattr_setschedpolicy;
+    posix_spawnattr_setsigdefault;
+    posix_spawnattr_setsigmask;
+    posix_spawn_file_actions_addclose;
+    posix_spawn_file_actions_adddup2;
+    posix_spawn_file_actions_addopen;
+    posix_spawn_file_actions_destroy;
+    posix_spawn_file_actions_init;
+    posix_spawnp;
     syncfs;
 } LIBC_O;
 
diff --git a/libc/libc.mips64.map b/libc/libc.mips64.map
index 9d8c1b7..400c95f 100644
--- a/libc/libc.mips64.map
+++ b/libc/libc.mips64.map
@@ -1256,6 +1256,27 @@
     iconv;
     iconv_close;
     iconv_open;
+    posix_spawn;
+    posix_spawnattr_destroy;
+    posix_spawnattr_getflags;
+    posix_spawnattr_getpgroup;
+    posix_spawnattr_getschedparam;
+    posix_spawnattr_getschedpolicy;
+    posix_spawnattr_getsigdefault;
+    posix_spawnattr_getsigmask;
+    posix_spawnattr_init;
+    posix_spawnattr_setflags;
+    posix_spawnattr_setpgroup;
+    posix_spawnattr_setschedparam;
+    posix_spawnattr_setschedpolicy;
+    posix_spawnattr_setsigdefault;
+    posix_spawnattr_setsigmask;
+    posix_spawn_file_actions_addclose;
+    posix_spawn_file_actions_adddup2;
+    posix_spawn_file_actions_addopen;
+    posix_spawn_file_actions_destroy;
+    posix_spawn_file_actions_init;
+    posix_spawnp;
     syncfs;
 } LIBC_O;
 
diff --git a/libc/libc.x86.map b/libc/libc.x86.map
index c3d678c..94ee319 100644
--- a/libc/libc.x86.map
+++ b/libc/libc.x86.map
@@ -1318,6 +1318,27 @@
     iconv;
     iconv_close;
     iconv_open;
+    posix_spawn;
+    posix_spawnattr_destroy;
+    posix_spawnattr_getflags;
+    posix_spawnattr_getpgroup;
+    posix_spawnattr_getschedparam;
+    posix_spawnattr_getschedpolicy;
+    posix_spawnattr_getsigdefault;
+    posix_spawnattr_getsigmask;
+    posix_spawnattr_init;
+    posix_spawnattr_setflags;
+    posix_spawnattr_setpgroup;
+    posix_spawnattr_setschedparam;
+    posix_spawnattr_setschedpolicy;
+    posix_spawnattr_setsigdefault;
+    posix_spawnattr_setsigmask;
+    posix_spawn_file_actions_addclose;
+    posix_spawn_file_actions_adddup2;
+    posix_spawn_file_actions_addopen;
+    posix_spawn_file_actions_destroy;
+    posix_spawn_file_actions_init;
+    posix_spawnp;
     syncfs;
 } LIBC_O;
 
diff --git a/libc/libc.x86_64.map b/libc/libc.x86_64.map
index 9d8c1b7..400c95f 100644
--- a/libc/libc.x86_64.map
+++ b/libc/libc.x86_64.map
@@ -1256,6 +1256,27 @@
     iconv;
     iconv_close;
     iconv_open;
+    posix_spawn;
+    posix_spawnattr_destroy;
+    posix_spawnattr_getflags;
+    posix_spawnattr_getpgroup;
+    posix_spawnattr_getschedparam;
+    posix_spawnattr_getschedpolicy;
+    posix_spawnattr_getsigdefault;
+    posix_spawnattr_getsigmask;
+    posix_spawnattr_init;
+    posix_spawnattr_setflags;
+    posix_spawnattr_setpgroup;
+    posix_spawnattr_setschedparam;
+    posix_spawnattr_setschedpolicy;
+    posix_spawnattr_setsigdefault;
+    posix_spawnattr_setsigmask;
+    posix_spawn_file_actions_addclose;
+    posix_spawn_file_actions_adddup2;
+    posix_spawn_file_actions_addopen;
+    posix_spawn_file_actions_destroy;
+    posix_spawn_file_actions_init;
+    posix_spawnp;
     syncfs;
 } LIBC_O;
 
diff --git a/libc/private/ScopedSignalBlocker.h b/libc/private/ScopedSignalBlocker.h
new file mode 100644
index 0000000..35d1c58
--- /dev/null
+++ b/libc/private/ScopedSignalBlocker.h
@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef SCOPED_SIGNAL_BLOCKER_H
+#define SCOPED_SIGNAL_BLOCKER_H
+
+#include <signal.h>
+
+#include "bionic_macros.h"
+
+class ScopedSignalBlocker {
+ public:
+  explicit ScopedSignalBlocker() {
+    sigset_t set;
+    sigfillset(&set);
+    sigprocmask(SIG_BLOCK, &set, &old_set_);
+  }
+
+  ~ScopedSignalBlocker() {
+    reset();
+  }
+
+  void reset() {
+    sigprocmask(SIG_SETMASK, &old_set_, nullptr);
+  }
+
+ private:
+  sigset_t old_set_;
+
+  DISALLOW_COPY_AND_ASSIGN(ScopedSignalBlocker);
+};
+
+#endif
diff --git a/tests/Android.bp b/tests/Android.bp
index fb8b886..7094d77 100644
--- a/tests/Android.bp
+++ b/tests/Android.bp
@@ -105,6 +105,7 @@
         "semaphore_test.cpp",
         "setjmp_test.cpp",
         "signal_test.cpp",
+        "spawn_test.cpp",
         "stack_protector_test.cpp",
         "stack_protector_test_helper.cpp",
         "stack_unwinding_test.cpp",
diff --git a/tests/dlext_test.cpp b/tests/dlext_test.cpp
index 0dc54d0..7028ca7 100644
--- a/tests/dlext_test.cpp
+++ b/tests/dlext_test.cpp
@@ -1635,6 +1635,7 @@
 
   uintptr_t addr_start = 0;
   uintptr_t addr_end = 0;
+  bool has_executable_segment = false;
   std::vector<map_record> maps_to_copy;
 
   for (const auto& rec : maps) {
@@ -1643,6 +1644,7 @@
         addr_start = rec.addr_start;
       }
       addr_end = rec.addr_end;
+      has_executable_segment = has_executable_segment || (rec.perms & PROT_EXEC) != 0;
 
       maps_to_copy.push_back(rec);
     }
@@ -1655,6 +1657,16 @@
   ASSERT_TRUE(ns_get_dlopened_string_addr > addr_start);
   ASSERT_TRUE(ns_get_dlopened_string_addr < addr_end);
 
+  if (!has_executable_segment) {
+    // For some natively bridged environments this code might be missing
+    // the executable flag. This is because the guest code is not supposed
+    // to be executed directly and making it non-executable is more secure.
+    // If this is the case we assume that the first segment is the one that
+    // has this flag.
+    ASSERT_TRUE((maps_to_copy[0].perms & PROT_WRITE) == 0);
+    maps_to_copy[0].perms |= PROT_EXEC;
+  }
+
   // copy
   uintptr_t reserved_addr = reinterpret_cast<uintptr_t>(mmap(nullptr, addr_end - addr_start,
                                                              PROT_NONE, MAP_ANON | MAP_PRIVATE,
diff --git a/tests/spawn_test.cpp b/tests/spawn_test.cpp
new file mode 100644
index 0000000..6a3920e
--- /dev/null
+++ b/tests/spawn_test.cpp
@@ -0,0 +1,388 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <spawn.h>
+
+#include <errno.h>
+#include <fcntl.h>
+#include <gtest/gtest.h>
+
+#include "utils.h"
+
+#include <android-base/file.h>
+#include <android-base/strings.h>
+
+// Old versions of glibc didn't have POSIX_SPAWN_SETSID.
+#if __GLIBC__
+# if !defined(POSIX_SPAWN_SETSID)
+#  define POSIX_SPAWN_SETSID 0
+# endif
+#endif
+
+TEST(spawn, posix_spawnattr_init_posix_spawnattr_destroy) {
+  posix_spawnattr_t sa;
+  ASSERT_EQ(0, posix_spawnattr_init(&sa));
+  ASSERT_EQ(0, posix_spawnattr_destroy(&sa));
+}
+
+TEST(spawn, posix_spawnattr_setflags_EINVAL) {
+  posix_spawnattr_t sa;
+  ASSERT_EQ(0, posix_spawnattr_init(&sa));
+  ASSERT_EQ(EINVAL, posix_spawnattr_setflags(&sa, ~0));
+  ASSERT_EQ(0, posix_spawnattr_destroy(&sa));
+}
+
+TEST(spawn, posix_spawnattr_setflags_posix_spawnattr_getflags) {
+  posix_spawnattr_t sa;
+  ASSERT_EQ(0, posix_spawnattr_init(&sa));
+
+  ASSERT_EQ(0, posix_spawnattr_setflags(&sa, POSIX_SPAWN_RESETIDS));
+  short flags;
+  ASSERT_EQ(0, posix_spawnattr_getflags(&sa, &flags));
+  ASSERT_EQ(POSIX_SPAWN_RESETIDS, flags);
+
+  constexpr short all_flags = POSIX_SPAWN_RESETIDS | POSIX_SPAWN_SETPGROUP | POSIX_SPAWN_SETSIGDEF |
+                              POSIX_SPAWN_SETSIGMASK | POSIX_SPAWN_SETSCHEDPARAM |
+                              POSIX_SPAWN_SETSCHEDULER | POSIX_SPAWN_USEVFORK | POSIX_SPAWN_SETSID;
+  ASSERT_EQ(0, posix_spawnattr_setflags(&sa, all_flags));
+  ASSERT_EQ(0, posix_spawnattr_getflags(&sa, &flags));
+  ASSERT_EQ(all_flags, flags);
+
+  ASSERT_EQ(0, posix_spawnattr_destroy(&sa));
+}
+
+TEST(spawn, posix_spawnattr_setpgroup_posix_spawnattr_getpgroup) {
+  posix_spawnattr_t sa;
+  ASSERT_EQ(0, posix_spawnattr_init(&sa));
+
+  ASSERT_EQ(0, posix_spawnattr_setpgroup(&sa, 123));
+  pid_t g;
+  ASSERT_EQ(0, posix_spawnattr_getpgroup(&sa, &g));
+  ASSERT_EQ(123, g);
+
+  ASSERT_EQ(0, posix_spawnattr_destroy(&sa));
+}
+
+TEST(spawn, posix_spawnattr_setsigmask_posix_spawnattr_getsigmask) {
+  posix_spawnattr_t sa;
+  ASSERT_EQ(0, posix_spawnattr_init(&sa));
+
+  sigset_t sigs;
+  ASSERT_EQ(0, posix_spawnattr_getsigmask(&sa, &sigs));
+  ASSERT_FALSE(sigismember(&sigs, SIGALRM));
+
+  sigset_t just_SIGALRM;
+  sigemptyset(&just_SIGALRM);
+  sigaddset(&just_SIGALRM, SIGALRM);
+  ASSERT_EQ(0, posix_spawnattr_setsigmask(&sa, &just_SIGALRM));
+
+  ASSERT_EQ(0, posix_spawnattr_getsigmask(&sa, &sigs));
+  ASSERT_TRUE(sigismember(&sigs, SIGALRM));
+
+  ASSERT_EQ(0, posix_spawnattr_destroy(&sa));
+}
+
+TEST(spawn, posix_spawnattr_setsigdefault_posix_spawnattr_getsigdefault) {
+  posix_spawnattr_t sa;
+  ASSERT_EQ(0, posix_spawnattr_init(&sa));
+
+  sigset_t sigs;
+  ASSERT_EQ(0, posix_spawnattr_getsigdefault(&sa, &sigs));
+  ASSERT_FALSE(sigismember(&sigs, SIGALRM));
+
+  sigset_t just_SIGALRM;
+  sigemptyset(&just_SIGALRM);
+  sigaddset(&just_SIGALRM, SIGALRM);
+  ASSERT_EQ(0, posix_spawnattr_setsigdefault(&sa, &just_SIGALRM));
+
+  ASSERT_EQ(0, posix_spawnattr_getsigdefault(&sa, &sigs));
+  ASSERT_TRUE(sigismember(&sigs, SIGALRM));
+
+  ASSERT_EQ(0, posix_spawnattr_destroy(&sa));
+}
+
+TEST(spawn, posix_spawnattr_setsschedparam_posix_spawnattr_getsschedparam) {
+  posix_spawnattr_t sa;
+  ASSERT_EQ(0, posix_spawnattr_init(&sa));
+
+  sched_param sp;
+  ASSERT_EQ(0, posix_spawnattr_getschedparam(&sa, &sp));
+  ASSERT_EQ(0, sp.sched_priority);
+
+  sched_param sp123 = { .sched_priority = 123 };
+  ASSERT_EQ(0, posix_spawnattr_setschedparam(&sa, &sp123));
+
+  ASSERT_EQ(0, posix_spawnattr_getschedparam(&sa, &sp));
+  ASSERT_EQ(123, sp.sched_priority);
+
+  ASSERT_EQ(0, posix_spawnattr_destroy(&sa));
+}
+
+TEST(spawn, posix_spawnattr_setschedpolicy_posix_spawnattr_getschedpolicy) {
+  posix_spawnattr_t sa;
+  ASSERT_EQ(0, posix_spawnattr_init(&sa));
+
+  int p;
+  ASSERT_EQ(0, posix_spawnattr_getschedpolicy(&sa, &p));
+  ASSERT_EQ(0, p);
+
+  ASSERT_EQ(0, posix_spawnattr_setschedpolicy(&sa, SCHED_FIFO));
+
+  ASSERT_EQ(0, posix_spawnattr_getschedpolicy(&sa, &p));
+  ASSERT_EQ(SCHED_FIFO, p);
+
+  ASSERT_EQ(0, posix_spawnattr_destroy(&sa));
+}
+
+TEST(spawn, posix_spawn) {
+  ExecTestHelper eth;
+  eth.SetArgs({BIN_DIR "true", nullptr});
+  pid_t pid;
+  ASSERT_EQ(0, posix_spawn(&pid, eth.GetArg0(), nullptr, nullptr, eth.GetArgs(), nullptr));
+  AssertChildExited(pid, 0);
+}
+
+TEST(spawn, posix_spawn_not_found) {
+  ExecTestHelper eth;
+  eth.SetArgs({"true", nullptr});
+  pid_t pid;
+  ASSERT_EQ(0, posix_spawn(&pid, eth.GetArg0(), nullptr, nullptr, eth.GetArgs(), nullptr));
+  AssertChildExited(pid, 127);
+}
+
+TEST(spawn, posix_spawnp) {
+  ExecTestHelper eth;
+  eth.SetArgs({"true", nullptr});
+  pid_t pid;
+  ASSERT_EQ(0, posix_spawnp(&pid, eth.GetArg0(), nullptr, nullptr, eth.GetArgs(), nullptr));
+  AssertChildExited(pid, 0);
+}
+
+TEST(spawn, posix_spawnp_not_found) {
+  ExecTestHelper eth;
+  eth.SetArgs({"does-not-exist", nullptr});
+  pid_t pid;
+  ASSERT_EQ(0, posix_spawnp(&pid, eth.GetArg0(), nullptr, nullptr, eth.GetArgs(), nullptr));
+  AssertChildExited(pid, 127);
+}
+
+TEST(spawn, posix_spawn_environment) {
+  ExecTestHelper eth;
+  eth.SetArgs({"sh", "-c", "exit $posix_spawn_environment_test", nullptr});
+  eth.SetEnv({"posix_spawn_environment_test=66", nullptr});
+  pid_t pid;
+  ASSERT_EQ(0, posix_spawnp(&pid, eth.GetArg0(), nullptr, nullptr, eth.GetArgs(), eth.GetEnv()));
+  AssertChildExited(pid, 66);
+}
+
+TEST(spawn, posix_spawn_file_actions) {
+  int fds[2];
+  ASSERT_NE(-1, pipe(fds));
+
+  posix_spawn_file_actions_t fa;
+  ASSERT_EQ(0, posix_spawn_file_actions_init(&fa));
+
+  ASSERT_EQ(0, posix_spawn_file_actions_addclose(&fa, fds[0]));
+  ASSERT_EQ(0, posix_spawn_file_actions_adddup2(&fa, fds[1], 1));
+  ASSERT_EQ(0, posix_spawn_file_actions_addclose(&fa, fds[1]));
+  // Check that close(2) failures are ignored by closing the same fd again.
+  ASSERT_EQ(0, posix_spawn_file_actions_addclose(&fa, fds[1]));
+  ASSERT_EQ(0, posix_spawn_file_actions_addopen(&fa, 56, "/proc/version", O_RDONLY, 0));
+
+  ExecTestHelper eth;
+  eth.SetArgs({"ls", "-l", "/proc/self/fd", nullptr});
+  pid_t pid;
+  ASSERT_EQ(0, posix_spawnp(&pid, eth.GetArg0(), &fa, nullptr, eth.GetArgs(), eth.GetEnv()));
+  ASSERT_EQ(0, posix_spawn_file_actions_destroy(&fa));
+
+  ASSERT_EQ(0, close(fds[1]));
+  std::string content;
+  ASSERT_TRUE(android::base::ReadFdToString(fds[0], &content));
+  ASSERT_EQ(0, close(fds[0]));
+
+  AssertChildExited(pid, 0);
+
+  // We'll know the dup2 worked if we see any ls(1) output in our pipe.
+  // The open we can check manually...
+  bool open_to_fd_56_worked = false;
+  for (const auto& line : android::base::Split(content, "\n")) {
+    if (line.find(" 56 -> /proc/version") != std::string::npos) open_to_fd_56_worked = true;
+  }
+  ASSERT_TRUE(open_to_fd_56_worked);
+}
+
+static void CatFileToString(posix_spawnattr_t* sa, const char* path, std::string* content) {
+  int fds[2];
+  ASSERT_NE(-1, pipe(fds));
+
+  posix_spawn_file_actions_t fa;
+  ASSERT_EQ(0, posix_spawn_file_actions_init(&fa));
+  ASSERT_EQ(0, posix_spawn_file_actions_addclose(&fa, fds[0]));
+  ASSERT_EQ(0, posix_spawn_file_actions_adddup2(&fa, fds[1], 1));
+  ASSERT_EQ(0, posix_spawn_file_actions_addclose(&fa, fds[1]));
+
+  ExecTestHelper eth;
+  eth.SetArgs({"cat", path, nullptr});
+  pid_t pid;
+  ASSERT_EQ(0, posix_spawnp(&pid, eth.GetArg0(), &fa, sa, eth.GetArgs(), nullptr));
+  ASSERT_EQ(0, posix_spawn_file_actions_destroy(&fa));
+
+  ASSERT_EQ(0, close(fds[1]));
+  ASSERT_TRUE(android::base::ReadFdToString(fds[0], content));
+  ASSERT_EQ(0, close(fds[0]));
+  AssertChildExited(pid, 0);
+}
+
+struct ProcStat {
+  pid_t pid;
+  pid_t ppid;
+  pid_t pgrp;
+  pid_t sid;
+};
+
+static void GetChildStat(posix_spawnattr_t* sa, ProcStat* ps) {
+  std::string content;
+  CatFileToString(sa, "/proc/self/stat", &content);
+
+  ASSERT_EQ(4, sscanf(content.c_str(), "%d (cat) %*c %d %d %d", &ps->pid, &ps->ppid, &ps->pgrp,
+                      &ps->sid));
+
+  ASSERT_EQ(getpid(), ps->ppid);
+}
+
+struct ProcStatus {
+  uint64_t sigblk;
+  uint64_t sigign;
+};
+
+static void GetChildStatus(posix_spawnattr_t* sa, ProcStatus* ps) {
+  std::string content;
+  CatFileToString(sa, "/proc/self/status", &content);
+
+  bool saw_blk = false;
+  bool saw_ign = false;
+  for (const auto& line : android::base::Split(content, "\n")) {
+    if (sscanf(line.c_str(), "SigBlk: %" SCNx64, &ps->sigblk) == 1) saw_blk = true;
+    if (sscanf(line.c_str(), "SigIgn: %" SCNx64, &ps->sigign) == 1) saw_ign = true;
+  }
+  ASSERT_TRUE(saw_blk);
+  ASSERT_TRUE(saw_ign);
+}
+
+TEST(spawn, posix_spawn_POSIX_SPAWN_SETSID_clear) {
+  pid_t parent_sid = getsid(0);
+
+  posix_spawnattr_t sa;
+  ASSERT_EQ(0, posix_spawnattr_init(&sa));
+  ASSERT_EQ(0, posix_spawnattr_setflags(&sa, 0));
+
+  ProcStat ps = {};
+  GetChildStat(&sa, &ps);
+  ASSERT_EQ(parent_sid, ps.sid);
+  ASSERT_EQ(0, posix_spawnattr_destroy(&sa));
+}
+
+TEST(spawn, posix_spawn_POSIX_SPAWN_SETSID_set) {
+  pid_t parent_sid = getsid(0);
+
+  posix_spawnattr_t sa;
+  ASSERT_EQ(0, posix_spawnattr_init(&sa));
+  ASSERT_EQ(0, posix_spawnattr_setflags(&sa, POSIX_SPAWN_SETSID));
+
+  ProcStat ps = {};
+  GetChildStat(&sa, &ps);
+  ASSERT_NE(parent_sid, ps.sid);
+  ASSERT_EQ(0, posix_spawnattr_destroy(&sa));
+}
+
+TEST(spawn, posix_spawn_POSIX_SPAWN_SETPGROUP_clear) {
+  pid_t parent_pgrp = getpgrp();
+
+  posix_spawnattr_t sa;
+  ASSERT_EQ(0, posix_spawnattr_init(&sa));
+  ASSERT_EQ(0, posix_spawnattr_setflags(&sa, 0));
+
+  ProcStat ps = {};
+  GetChildStat(&sa, &ps);
+  ASSERT_EQ(parent_pgrp, ps.pgrp);
+  ASSERT_EQ(0, posix_spawnattr_destroy(&sa));
+}
+
+TEST(spawn, posix_spawn_POSIX_SPAWN_SETPGROUP_set) {
+  pid_t parent_pgrp = getpgrp();
+
+  posix_spawnattr_t sa;
+  ASSERT_EQ(0, posix_spawnattr_init(&sa));
+  ASSERT_EQ(0, posix_spawnattr_setpgroup(&sa, 0));
+  ASSERT_EQ(0, posix_spawnattr_setflags(&sa, POSIX_SPAWN_SETPGROUP));
+
+  ProcStat ps = {};
+  GetChildStat(&sa, &ps);
+  ASSERT_NE(parent_pgrp, ps.pgrp);
+  // Setting pgid 0 means "the same as the caller's pid".
+  ASSERT_EQ(ps.pid, ps.pgrp);
+  ASSERT_EQ(0, posix_spawnattr_destroy(&sa));
+}
+
+TEST(spawn, posix_spawn_POSIX_SPAWN_SETSIGMASK) {
+  // Block SIGBUS in the parent...
+  sigset_t just_SIGBUS;
+  sigemptyset(&just_SIGBUS);
+  sigaddset(&just_SIGBUS, SIGBUS);
+  ASSERT_EQ(0, sigprocmask(SIG_BLOCK, &just_SIGBUS, nullptr));
+
+  posix_spawnattr_t sa;
+  ASSERT_EQ(0, posix_spawnattr_init(&sa));
+
+  // Ask for only SIGALRM to be blocked in the child...
+  sigset_t just_SIGALRM;
+  sigemptyset(&just_SIGALRM);
+  sigaddset(&just_SIGALRM, SIGALRM);
+  ASSERT_EQ(0, posix_spawnattr_setsigmask(&sa, &just_SIGALRM));
+  ASSERT_EQ(0, posix_spawnattr_setflags(&sa, POSIX_SPAWN_SETSIGMASK));
+
+  // Check that's what happens...
+  ProcStatus ps = {};
+  GetChildStatus(&sa, &ps);
+  EXPECT_EQ(static_cast<uint64_t>(1 << (SIGALRM - 1)), ps.sigblk);
+  EXPECT_EQ(static_cast<uint64_t>(0), ps.sigign);
+
+  ASSERT_EQ(0, posix_spawnattr_destroy(&sa));
+}
+
+TEST(spawn, posix_spawn_POSIX_SPAWN_SETSIGDEF) {
+  // Ignore SIGALRM and SIGCONT in the parent...
+  ASSERT_NE(SIG_ERR, signal(SIGALRM, SIG_IGN));
+  ASSERT_NE(SIG_ERR, signal(SIGCONT, SIG_IGN));
+
+  posix_spawnattr_t sa;
+  ASSERT_EQ(0, posix_spawnattr_init(&sa));
+
+  // Ask for SIGALRM to be defaulted in the child...
+  sigset_t just_SIGALRM;
+  sigemptyset(&just_SIGALRM);
+  sigaddset(&just_SIGALRM, SIGALRM);
+  ASSERT_EQ(0, posix_spawnattr_setsigdefault(&sa, &just_SIGALRM));
+  ASSERT_EQ(0, posix_spawnattr_setflags(&sa, POSIX_SPAWN_SETSIGDEF));
+
+  // Check that's what happens...
+  ProcStatus ps = {};
+  GetChildStatus(&sa, &ps);
+  EXPECT_EQ(static_cast<uint64_t>(0), ps.sigblk);
+  EXPECT_EQ(static_cast<uint64_t>(1 << (SIGCONT - 1)), ps.sigign);
+
+  ASSERT_EQ(0, posix_spawnattr_destroy(&sa));
+}
diff --git a/tests/system_properties_test.cpp b/tests/system_properties_test.cpp
index 7415b3c..69647bf 100644
--- a/tests/system_properties_test.cpp
+++ b/tests/system_properties_test.cpp
@@ -24,6 +24,8 @@
 #include <string>
 #include <thread>
 
+using namespace std::literals;
+
 #if defined(__BIONIC__)
 
 #define _REALLY_INCLUDE_SYS__SYSTEM_PROPERTIES_H_
@@ -452,3 +454,89 @@
   GTEST_LOG_(INFO) << "This test does nothing.\n";
 #endif // __BIONIC__
 }
+
+TEST(properties, __system_property_extra_long_read_only) {
+#if defined(__BIONIC__)
+  LocalPropertyTestState pa;
+  ASSERT_TRUE(pa.valid);
+
+  std::vector<std::pair<std::string, std::string>> short_properties = {
+    { "ro.0char", std::string() },
+    { "ro.50char", std::string(50, 'x') },
+    { "ro.91char", std::string(91, 'x') },
+  };
+
+  std::vector<std::pair<std::string, std::string>> long_properties = {
+    { "ro.92char", std::string(92, 'x') },
+    { "ro.93char", std::string(93, 'x') },
+    { "ro.1000char", std::string(1000, 'x') },
+  };
+
+  for (const auto& property : short_properties) {
+    const std::string& name = property.first;
+    const std::string& value = property.second;
+    ASSERT_EQ(0, __system_property_add(name.c_str(), name.size(), value.c_str(), value.size()));
+  }
+
+  for (const auto& property : long_properties) {
+    const std::string& name = property.first;
+    const std::string& value = property.second;
+    ASSERT_EQ(0, __system_property_add(name.c_str(), name.size(), value.c_str(), value.size()));
+  }
+
+  auto check_with_legacy_read = [](const std::string& name, const std::string& expected_value) {
+    char value[PROP_VALUE_MAX];
+    EXPECT_EQ(static_cast<int>(expected_value.size()), __system_property_get(name.c_str(), value))
+        << name;
+    EXPECT_EQ(expected_value, value) << name;
+  };
+
+  auto check_with_read_callback = [](const std::string& name, const std::string& expected_value) {
+    const prop_info* pi = __system_property_find(name.c_str());
+    ASSERT_NE(nullptr, pi);
+    std::string value;
+    __system_property_read_callback(pi,
+                                    [](void* cookie, const char*, const char* value, uint32_t) {
+                                      std::string* out_value =
+                                          reinterpret_cast<std::string*>(cookie);
+                                      *out_value = value;
+                                    },
+                                    &value);
+    EXPECT_EQ(expected_value, value) << name;
+  };
+
+  for (const auto& property : short_properties) {
+    const std::string& name = property.first;
+    const std::string& value = property.second;
+    check_with_legacy_read(name, value);
+    check_with_read_callback(name, value);
+  }
+
+  constexpr static const char* kExtraLongLegacyError =
+      "Must use __system_property_read_callback() to read";
+  for (const auto& property : long_properties) {
+    const std::string& name = property.first;
+    const std::string& value = property.second;
+    check_with_legacy_read(name, kExtraLongLegacyError);
+    check_with_read_callback(name, value);
+  }
+
+#else   // __BIONIC__
+  GTEST_LOG_(INFO) << "This test does nothing.\n";
+#endif  // __BIONIC__
+}
+
+// pa_size is 128 * 1024 currently, if a property is longer then we expect it to fail gracefully.
+TEST(properties, __system_property_extra_long_read_only_too_long) {
+#if defined(__BIONIC__)
+  LocalPropertyTestState pa;
+  ASSERT_TRUE(pa.valid);
+
+  auto name = "ro.super_long_property"s;
+  auto value = std::string(128 * 1024 + 1, 'x');
+  ASSERT_NE(0, __system_property_add(name.c_str(), name.size(), value.c_str(), value.size()));
+
+#else   // __BIONIC__
+  GTEST_LOG_(INFO) << "This test does nothing.\n";
+#endif  // __BIONIC__
+}
diff --git a/tests/unistd_test.cpp b/tests/unistd_test.cpp
index 9203215..ced0315 100644
--- a/tests/unistd_test.cpp
+++ b/tests/unistd_test.cpp
@@ -736,6 +736,7 @@
   EXPECT_GT(_POSIX_SEM_VALUE_MAX, 0);
   EXPECT_GT(_POSIX_SHELL, 0);
   EXPECT_GT(_POSIX_SIGQUEUE_MAX, 0);
+  EXPECT_EQ(_POSIX_VERSION, _POSIX_SPAWN);
   EXPECT_EQ(_POSIX_VERSION, _POSIX_SPORADIC_SERVER);
   EXPECT_GT(_POSIX_SSIZE_MAX, 0);
   EXPECT_GT(_POSIX_STREAM_MAX, 0);
@@ -791,7 +792,6 @@
   EXPECT_EQ(-1, _POSIX_MESSAGE_PASSING);
   EXPECT_EQ(-1, _POSIX_PRIORITIZED_IO);
   EXPECT_EQ(-1, _POSIX_SHARED_MEMORY_OBJECTS);
-  EXPECT_EQ(-1, _POSIX_SPAWN);
   EXPECT_EQ(-1, _POSIX_THREAD_ROBUST_PRIO_INHERIT);
 
   EXPECT_EQ(-1, _POSIX2_CHAR_TERM);
@@ -915,6 +915,7 @@
   VERIFY_SYSCONF_POSIX_VERSION(_SC_READER_WRITER_LOCKS);
   VERIFY_SYSCONF_POSITIVE(_SC_REGEXP);
   VERIFY_SYSCONF_POSITIVE(_SC_SHELL);
+  VERIFY_SYSCONF_POSIX_VERSION(_SC_SPAWN);
   VERIFY_SYSCONF_POSIX_VERSION(_SC_SPORADIC_SERVER);
   VERIFY_SYSCONF_POSITIVE(_SC_SYMLOOP_MAX);
   VERIFY_SYSCONF_POSIX_VERSION(_SC_THREAD_CPUTIME);
@@ -954,7 +955,6 @@
   VERIFY_SYSCONF_UNSUPPORTED(_SC_MESSAGE_PASSING);
   VERIFY_SYSCONF_UNSUPPORTED(_SC_PRIORITIZED_IO);
   VERIFY_SYSCONF_UNSUPPORTED(_SC_SHARED_MEMORY_OBJECTS);
-  VERIFY_SYSCONF_UNSUPPORTED(_SC_SPAWN);
   VERIFY_SYSCONF_UNSUPPORTED(_SC_THREAD_ROBUST_PRIO_INHERIT);
   VERIFY_SYSCONF_UNSUPPORTED(_SC_THREAD_ROBUST_PRIO_PROTECT);
 
@@ -1212,12 +1212,6 @@
   }
 }
 
-#if defined(__GLIBC__)
-#define BIN_DIR "/bin/"
-#else
-#define BIN_DIR "/system/bin/"
-#endif
-
 TEST(UNISTD_TEST, execve_failure) {
   ExecTestHelper eth;
   errno = 0;
diff --git a/tests/utils.h b/tests/utils.h
index daf382e..ba006f1 100644
--- a/tests/utils.h
+++ b/tests/utils.h
@@ -38,6 +38,12 @@
 #define PATH_TO_SYSTEM_LIB "/system/lib/"
 #endif
 
+#if defined(__GLIBC__)
+#define BIN_DIR "/bin/"
+#else
+#define BIN_DIR "/system/bin/"
+#endif
+
 #if defined(__BIONIC__)
 #define KNOWN_FAILURE_ON_BIONIC(x) xfail_ ## x
 #else
@@ -159,6 +165,9 @@
   char** GetArgs() {
     return const_cast<char**>(args_.data());
   }
+  const char* GetArg0() {
+    return args_[0];
+  }
   char** GetEnv() {
     return const_cast<char**>(env_.data());
   }