commit e7656b7200d934d6f77df422d6d3dee469230dea
author Tom Cherry <tomcherry@google.com> Mon May 01 17:10:09 2017 -0700
committer Tom Cherry <tomcherry@google.com> Mon May 01 17:22:49 2017 -0700
tree 9ef0aa7484486d201006d9dfd6f9deb03db0fc1b
parent 6a8314c8bfa4a182ddf560609ebb514ec30b32bf

ueventd: do not reference init's sehandle

Init exposes a global 'sehandle' that ueventd references as part of
devices.cpp and util.cpp.  This is particularly dangerous in
device_init() in which both uevent and init write to this global.

This change creates a separate local copy for devices.cpp and puts
restrictions on where init.h can be included to make sure the global
used by init is not reference by non-init code.  Future changes to
init should remove this global.

Test: Boot bullhead

Change-Id: Ifefa9e1932e9d647d06cca2618f5c8e5a7a85460

init/util.cpp

diff --git a/init/util.cpp b/init/util.cpp
index a101ce5..87b8d9d 100644
--- a/init/util.cpp
+++ b/init/util.cpp
@@ -40,11 +40,13 @@
 #include <cutils/android_reboot.h>
 #include <cutils/sockets.h>
 #include <selinux/android.h>
-#include <selinux/label.h>
 
-#include "init.h"
 #include "reboot.h"
 
+#ifdef _INIT_INIT_H
+#error "Do not include init.h in files used by ueventd or watchdogd; it will expose init's globals"
+#endif
+
 using android::base::boot_clock;
 
 static unsigned int do_decode_uid(const char *s)
@@ -87,9 +89,8 @@
  * daemon. We communicate the file descriptor's value via the environment
  * variable ANDROID_SOCKET_ENV_PREFIX<name> ("ANDROID_SOCKET_foo").
  */
-int create_socket(const char *name, int type, mode_t perm, uid_t uid,
-                  gid_t gid, const char *socketcon)
-{
+int create_socket(const char* name, int type, mode_t perm, uid_t uid, gid_t gid,
+                  const char* socketcon, selabel_handle* sehandle) {
     if (socketcon) {
         if (setsockcreatecon(socketcon) == -1) {
             PLOG(ERROR) << "setsockcreatecon(\"" << socketcon << "\") failed";
@@ -194,17 +195,17 @@
     return success;
 }
 
-int mkdir_recursive(const std::string& path, mode_t mode) {
+int mkdir_recursive(const std::string& path, mode_t mode, selabel_handle* sehandle) {
     std::string::size_type slash = 0;
     while ((slash = path.find('/', slash + 1)) != std::string::npos) {
         auto directory = path.substr(0, slash);
         struct stat info;
         if (stat(directory.c_str(), &info) != 0) {
-            auto ret = make_dir(directory.c_str(), mode);
+            auto ret = make_dir(directory.c_str(), mode, sehandle);
             if (ret && errno != EEXIST) return ret;
         }
     }
-    auto ret = make_dir(path.c_str(), mode);
+    auto ret = make_dir(path.c_str(), mode, sehandle);
     if (ret && errno != EEXIST) return ret;
     return 0;
 }
@@ -233,8 +234,7 @@
     }
 }
 
-int make_dir(const char *path, mode_t mode)
-{
+int make_dir(const char* path, mode_t mode, selabel_handle* sehandle) {
     int rc;
 
     char *secontext = NULL;