Revert "init: make system properties more secure."

This reverts commit 51e06618dbd87c4374c56d9193a5e567aa3d02ac.

Bug: 8045561

3 files changed, 26 insertions, 4 deletions

diff --git a/init/init.c b/init/init.c
index bc88ba9..2fbe002 100755
--- a/init/init.c
+++ b/init/init.c
@@ -233,6 +233,11 @@ void service_start(struct service *svc, const char *dynamic_args)
         int fd, sz;
 
         umask(077);
+        if (properties_inited()) {
+            get_property_workspace(&fd, &sz);
+            sprintf(tmp, "%d,%d", dup(fd), sz);
+            add_environment("ANDROID_PROPERTY_WORKSPACE", tmp);
+        }
 
         for (ei = svc->envvars; ei; ei = ei->next)
             add_environment(ei->name, ei->value);
diff --git a/init/property_service.c b/init/property_service.c
index b608d2f..61dd86f 100755
--- a/init/property_service.c
+++ b/init/property_service.c
@@ -112,6 +112,7 @@ struct {
 typedef struct {
     void *data;
     size_t size;
+    int fd;
 } workspace;
 
 static int init_workspace(workspace *w, size_t size)
@@ -119,10 +120,10 @@ static int init_workspace(workspace *w, size_t size)
     void *data;
     int fd;
 
-    /* dev is a tmpfs that we can use to carve a shared workspace
-     * out of, so let's do that...
-     */
-    fd = open(PROP_FILENAME, O_RDWR | O_CREAT | O_NOFOLLOW, 0644);
+        /* dev is a tmpfs that we can use to carve a shared workspace
+         * out of, so let's do that...
+         */
+    fd = open("/dev/__properties__", O_RDWR | O_CREAT | O_NOFOLLOW, 0600);
     if (fd < 0)
         return -1;
 
@@ -135,8 +136,15 @@ static int init_workspace(workspace *w, size_t size)
 
     close(fd);
 
+    fd = open("/dev/__properties__", O_RDONLY | O_NOFOLLOW);
+    if (fd < 0)
+        return -1;
+
+    unlink("/dev/__properties__");
+
     w->data = data;
     w->size = size;
+    w->fd = fd;
     return 0;
 
 out:
@@ -166,6 +174,8 @@ static int init_property_area(void)
     if(init_workspace(&pa_workspace, PA_SIZE))
         return -1;
 
+    fcntl(pa_workspace.fd, F_SETFD, FD_CLOEXEC);
+
     pa_info_array = (void*) (((char*) pa_workspace.data) + PA_INFO_START);
 
     pa = pa_workspace.data;
@@ -453,6 +463,12 @@ void handle_property_set_fd()
     }
 }
 
+void get_property_workspace(int *fd, int *sz)
+{
+    *fd = pa_workspace.fd;
+    *sz = pa_workspace.size;
+}
+
 static void load_properties(char *data)
 {
     char *key, *value, *eol, *sol, *tmp;
diff --git a/init/property_service.h b/init/property_service.h
index df71f3f..b9d1bf6 100644
--- a/init/property_service.h
+++ b/init/property_service.h
@@ -24,6 +24,7 @@ extern void property_init(void);
 extern void property_load_boot_defaults(void);
 extern void load_persist_props(void);
 extern void start_property_service(void);
+void get_property_workspace(int *fd, int *sz);
 extern const char* property_get(const char *name);
 extern int property_set(const char *name, const char *value);
 extern int properties_inited();