summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNick Kralevich <nnk@google.com>2013-01-18 14:31:19 -0800
committerNick Kralevich <nnk@google.com>2013-01-18 14:31:19 -0800
commit51e06618dbd87c4374c56d9193a5e567aa3d02ac (patch)
treef710aa72d5c62695d0ff44a6f5aff429929c9f0f
parentd984497a8886251540a057f379e0f016ea72696b (diff)
downloadsystem_core-51e06618dbd87c4374c56d9193a5e567aa3d02ac.zip
system_core-51e06618dbd87c4374c56d9193a5e567aa3d02ac.tar.gz
system_core-51e06618dbd87c4374c56d9193a5e567aa3d02ac.tar.bz2
init: make system properties more secure.
Currently, system properties are passed via the environment variable ANDROID_PROPERTY_WORKSPACE and a file descriptor passed from parent to child. This is insecure for setuid executables, as the environment variable can be changed by the caller. Modify system property handling so that we get the properties from a root owned properties file, rather than using an environment variable. Related to bug: 8029617 Change-Id: I18610128e11c4037ed6f4dec6eba20f69fa647eb
-rwxr-xr-xinit/init.c5
-rwxr-xr-xinit/property_service.c24
-rw-r--r--init/property_service.h1
3 files changed, 4 insertions, 26 deletions
diff --git a/init/init.c b/init/init.c
index 2fbe002..bc88ba9 100755
--- a/init/init.c
+++ b/init/init.c
@@ -233,11 +233,6 @@ void service_start(struct service *svc, const char *dynamic_args)
int fd, sz;
umask(077);
- if (properties_inited()) {
- get_property_workspace(&fd, &sz);
- sprintf(tmp, "%d,%d", dup(fd), sz);
- add_environment("ANDROID_PROPERTY_WORKSPACE", tmp);
- }
for (ei = svc->envvars; ei; ei = ei->next)
add_environment(ei->name, ei->value);
diff --git a/init/property_service.c b/init/property_service.c
index 61dd86f..b608d2f 100755
--- a/init/property_service.c
+++ b/init/property_service.c
@@ -112,7 +112,6 @@ struct {
typedef struct {
void *data;
size_t size;
- int fd;
} workspace;
static int init_workspace(workspace *w, size_t size)
@@ -120,10 +119,10 @@ static int init_workspace(workspace *w, size_t size)
void *data;
int fd;
- /* dev is a tmpfs that we can use to carve a shared workspace
- * out of, so let's do that...
- */
- fd = open("/dev/__properties__", O_RDWR | O_CREAT | O_NOFOLLOW, 0600);
+ /* dev is a tmpfs that we can use to carve a shared workspace
+ * out of, so let's do that...
+ */
+ fd = open(PROP_FILENAME, O_RDWR | O_CREAT | O_NOFOLLOW, 0644);
if (fd < 0)
return -1;
@@ -136,15 +135,8 @@ static int init_workspace(workspace *w, size_t size)
close(fd);
- fd = open("/dev/__properties__", O_RDONLY | O_NOFOLLOW);
- if (fd < 0)
- return -1;
-
- unlink("/dev/__properties__");
-
w->data = data;
w->size = size;
- w->fd = fd;
return 0;
out:
@@ -174,8 +166,6 @@ static int init_property_area(void)
if(init_workspace(&pa_workspace, PA_SIZE))
return -1;
- fcntl(pa_workspace.fd, F_SETFD, FD_CLOEXEC);
-
pa_info_array = (void*) (((char*) pa_workspace.data) + PA_INFO_START);
pa = pa_workspace.data;
@@ -463,12 +453,6 @@ void handle_property_set_fd()
}
}
-void get_property_workspace(int *fd, int *sz)
-{
- *fd = pa_workspace.fd;
- *sz = pa_workspace.size;
-}
-
static void load_properties(char *data)
{
char *key, *value, *eol, *sol, *tmp;
diff --git a/init/property_service.h b/init/property_service.h
index b9d1bf6..df71f3f 100644
--- a/init/property_service.h
+++ b/init/property_service.h
@@ -24,7 +24,6 @@ extern void property_init(void);
extern void property_load_boot_defaults(void);
extern void load_persist_props(void);
extern void start_property_service(void);
-void get_property_workspace(int *fd, int *sz);
extern const char* property_get(const char *name);
extern int property_set(const char *name, const char *value);
extern int properties_inited();