From 38c90f4baaca0ec752d3ac6dae2cadfc8cf125b8 Mon Sep 17 00:00:00 2001 From: topjohnwu Date: Wed, 17 May 2023 00:08:10 -0700 Subject: [PATCH] Sync to upstream AOSP --- context_node.cpp | 98 +++++ contexts_serialized.cpp | 172 ++++++++ contexts_split.cpp | 361 +++++++++++++++++ include/api/_system_properties.h | 137 +++++++ include/api/system_properties.h | 99 +++++ include/platform/bionic/macros.h | 99 +++++ include/private/ErrnoRestorer.h | 40 ++ include/private/ScopedFd.h | 64 +++ include/private/bionic_defs.h | 47 +++ include/private/bionic_futex.h | 80 ++++ include/private/bionic_lock.h | 99 +++++ .../property_info_parser.h | 224 +++++++++++ include/system_properties/context_node.h | 67 ++++ include/system_properties/contexts.h | 45 +++ .../system_properties/contexts_pre_split.h | 69 ++++ .../system_properties/contexts_serialized.h | 61 +++ include/system_properties/contexts_split.h | 61 +++ include/system_properties/prop_area.h | 179 +++++++++ include/system_properties/prop_info.h | 89 +++++ include/system_properties/system_properties.h | 90 +++++ prop_area.cpp | 373 +++++++++++++++++ prop_info.cpp | 55 +++ property_info_parser.cpp | 246 ++++++++++++ system_properties.cpp | 375 ++++++++++++++++++ system_property_api.cpp | 131 ++++++ system_property_set.cpp | 309 +++++++++++++++ 26 files changed, 3670 insertions(+) create mode 100644 context_node.cpp create mode 100644 contexts_serialized.cpp create mode 100644 contexts_split.cpp create mode 100644 include/api/_system_properties.h create mode 100644 include/api/system_properties.h create mode 100644 include/platform/bionic/macros.h create mode 100644 include/private/ErrnoRestorer.h create mode 100644 include/private/ScopedFd.h create mode 100644 include/private/bionic_defs.h create mode 100644 include/private/bionic_futex.h create mode 100644 include/private/bionic_lock.h create mode 100644 include/property_info_parser/property_info_parser.h create mode 100644 include/system_properties/context_node.h create mode 100644 include/system_properties/contexts.h create mode 100644 include/system_properties/contexts_pre_split.h create mode 100644 include/system_properties/contexts_serialized.h create mode 100644 include/system_properties/contexts_split.h create mode 100644 include/system_properties/prop_area.h create mode 100644 include/system_properties/prop_info.h create mode 100644 include/system_properties/system_properties.h create mode 100644 prop_area.cpp create mode 100644 prop_info.cpp create mode 100644 property_info_parser.cpp create mode 100644 system_properties.cpp create mode 100644 system_property_api.cpp create mode 100644 system_property_set.cpp diff --git a/context_node.cpp b/context_node.cpp new file mode 100644 index 0000000..d392c0a --- /dev/null +++ b/context_node.cpp @@ -0,0 +1,98 @@ +/* + * Copyright (C) 2008 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "system_properties/context_node.h" + +#include +#include + +#include + +#include "system_properties/system_properties.h" + +// pthread_mutex_lock() calls into system_properties in the case of contention. +// This creates a risk of dead lock if any system_properties functions +// use pthread locks after system_property initialization. +// +// For this reason, the below three functions use a bionic Lock and static +// allocation of memory for each filename. + +bool ContextNode::Open(bool access_rw, bool* fsetxattr_failed) { + lock_.lock(); + if (pa_) { + lock_.unlock(); + return true; + } + + char filename[PROP_FILENAME_MAX]; + int len = async_safe_format_buffer(filename, sizeof(filename), "%s/%s", filename_, context_); + if (len < 0 || len >= PROP_FILENAME_MAX) { + lock_.unlock(); + return false; + } + + if (access_rw) { + pa_ = prop_area::map_prop_area_rw(filename, context_, fsetxattr_failed); + } else { + pa_ = prop_area::map_prop_area(filename); + } + lock_.unlock(); + return pa_; +} + +bool ContextNode::CheckAccessAndOpen() { + if (!pa_ && !no_access_) { + if (!CheckAccess() || !Open(false, nullptr)) { + no_access_ = true; + } + } + return pa_; +} + +void ContextNode::ResetAccess() { + if (!CheckAccess()) { + Unmap(); + no_access_ = true; + } else { + no_access_ = false; + } +} + +bool ContextNode::CheckAccess() { + char filename[PROP_FILENAME_MAX]; + int len = async_safe_format_buffer(filename, sizeof(filename), "%s/%s", filename_, context_); + if (len < 0 || len >= PROP_FILENAME_MAX) { + return false; + } + + return access(filename, R_OK) == 0; +} + +void ContextNode::Unmap() { + prop_area::unmap_prop_area(&pa_); +} diff --git a/contexts_serialized.cpp b/contexts_serialized.cpp new file mode 100644 index 0000000..6ccd46c --- /dev/null +++ b/contexts_serialized.cpp @@ -0,0 +1,172 @@ +/* + * Copyright (C) 2017 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "system_properties/contexts_serialized.h" + +#include +#include +#include +#include +#include +#include + +#include + +#include + +#include "system_properties/system_properties.h" + +bool ContextsSerialized::InitializeContextNodes() { + auto num_context_nodes = property_info_area_file_->num_contexts(); + auto context_nodes_mmap_size = sizeof(ContextNode) * num_context_nodes; + // We want to avoid malloc in system properties, so we take an anonymous map instead (b/31659220). + void* const map_result = mmap(nullptr, context_nodes_mmap_size, PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + if (map_result == MAP_FAILED) { + return false; + } + + prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, map_result, context_nodes_mmap_size, + "System property context nodes"); + + context_nodes_ = reinterpret_cast(map_result); + num_context_nodes_ = num_context_nodes; + context_nodes_mmap_size_ = context_nodes_mmap_size; + + for (size_t i = 0; i < num_context_nodes; ++i) { + new (&context_nodes_[i]) ContextNode(property_info_area_file_->context(i), filename_); + } + + return true; +} + +bool ContextsSerialized::MapSerialPropertyArea(bool access_rw, bool* fsetxattr_failed) { + char filename[PROP_FILENAME_MAX]; + int len = async_safe_format_buffer(filename, sizeof(filename), "%s/properties_serial", filename_); + if (len < 0 || len >= PROP_FILENAME_MAX) { + serial_prop_area_ = nullptr; + return false; + } + + if (access_rw) { + serial_prop_area_ = + prop_area::map_prop_area_rw(filename, "u:object_r:properties_serial:s0", fsetxattr_failed); + } else { + serial_prop_area_ = prop_area::map_prop_area(filename); + } + return serial_prop_area_; +} + +bool ContextsSerialized::InitializeProperties() { + if (!property_info_area_file_.LoadDefaultPath()) { + return false; + } + + if (!InitializeContextNodes()) { + FreeAndUnmap(); + return false; + } + + return true; +} + +bool ContextsSerialized::Initialize(bool writable, const char* filename, bool* fsetxattr_failed) { + filename_ = filename; + if (!InitializeProperties()) { + return false; + } + + if (writable) { + mkdir(filename_, S_IRWXU | S_IXGRP | S_IXOTH); + bool open_failed = false; + if (fsetxattr_failed) { + *fsetxattr_failed = false; + } + + for (size_t i = 0; i < num_context_nodes_; ++i) { + if (!context_nodes_[i].Open(true, fsetxattr_failed)) { + open_failed = true; + } + } + if (open_failed || !MapSerialPropertyArea(true, fsetxattr_failed)) { + FreeAndUnmap(); + return false; + } + } else { + if (!MapSerialPropertyArea(false, nullptr)) { + FreeAndUnmap(); + return false; + } + } + return true; +} + +prop_area* ContextsSerialized::GetPropAreaForName(const char* name) { + uint32_t index; + property_info_area_file_->GetPropertyInfoIndexes(name, &index, nullptr); + if (index == ~0u || index >= num_context_nodes_) { + async_safe_format_log(ANDROID_LOG_ERROR, "libc", "Could not find context for property \"%s\"", + name); + return nullptr; + } + auto* context_node = &context_nodes_[index]; + if (!context_node->pa()) { + // We explicitly do not check no_access_ in this case because unlike the + // case of foreach(), we want to generate an selinux audit for each + // non-permitted property access in this function. + context_node->Open(false, nullptr); + } + return context_node->pa(); +} + +void ContextsSerialized::ForEach(void (*propfn)(const prop_info* pi, void* cookie), void* cookie) { + for (size_t i = 0; i < num_context_nodes_; ++i) { + if (context_nodes_[i].CheckAccessAndOpen()) { + context_nodes_[i].pa()->foreach (propfn, cookie); + } + } +} + +void ContextsSerialized::ResetAccess() { + for (size_t i = 0; i < num_context_nodes_; ++i) { + context_nodes_[i].ResetAccess(); + } +} + +void ContextsSerialized::FreeAndUnmap() { + property_info_area_file_.Reset(); + if (context_nodes_ != nullptr) { + for (size_t i = 0; i < num_context_nodes_; ++i) { + context_nodes_[i].Unmap(); + } + munmap(context_nodes_, context_nodes_mmap_size_); + context_nodes_ = nullptr; + } + prop_area::unmap_prop_area(&serial_prop_area_); + serial_prop_area_ = nullptr; +} diff --git a/contexts_split.cpp b/contexts_split.cpp new file mode 100644 index 0000000..7ba835a --- /dev/null +++ b/contexts_split.cpp @@ -0,0 +1,361 @@ +/* + * Copyright (C) 2008 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "system_properties/contexts_split.h" + +#include +#include +#include +#include +#include + +#include + +#include "system_properties/context_node.h" +#include "system_properties/system_properties.h" + +class ContextListNode : public ContextNode { + public: + ContextListNode(ContextListNode* next, const char* context, const char* filename) + : ContextNode(strdup(context), filename), next(next) { + } + + ~ContextListNode() { + free(const_cast(context())); + } + + ContextListNode* next; +}; + +struct PrefixNode { + PrefixNode(struct PrefixNode* next, const char* prefix, ContextListNode* context) + : prefix(strdup(prefix)), prefix_len(strlen(prefix)), context(context), next(next) { + } + ~PrefixNode() { + free(prefix); + } + char* prefix; + const size_t prefix_len; + ContextListNode* context; + PrefixNode* next; +}; + +template +static inline void ListAdd(List** list, Args... args) { + *list = new List(*list, args...); +} + +static void ListAddAfterLen(PrefixNode** list, const char* prefix, ContextListNode* context) { + size_t prefix_len = strlen(prefix); + + auto next_list = list; + + while (*next_list) { + if ((*next_list)->prefix_len < prefix_len || (*next_list)->prefix[0] == '*') { + ListAdd(next_list, prefix, context); + return; + } + next_list = &(*next_list)->next; + } + ListAdd(next_list, prefix, context); +} + +template +static void ListForEach(List* list, Func func) { + while (list) { + func(list); + list = list->next; + } +} + +template +static List* ListFind(List* list, Func func) { + while (list) { + if (func(list)) { + return list; + } + list = list->next; + } + return nullptr; +} + +template +static void ListFree(List** list) { + while (*list) { + auto old_list = *list; + *list = old_list->next; + delete old_list; + } +} + +// The below two functions are duplicated from label_support.c in libselinux. + +// The read_spec_entries and read_spec_entry functions may be used to +// replace sscanf to read entries from spec files. The file and +// property services now use these. + +// Read an entry from a spec file (e.g. file_contexts) +static inline int read_spec_entry(char** entry, char** ptr, int* len) { + *entry = nullptr; + char* tmp_buf = nullptr; + + while (isspace(**ptr) && **ptr != '\0') (*ptr)++; + + tmp_buf = *ptr; + *len = 0; + + while (!isspace(**ptr) && **ptr != '\0') { + (*ptr)++; + (*len)++; + } + + if (*len) { + *entry = strndup(tmp_buf, *len); + if (!*entry) return -1; + } + + return 0; +} + +// line_buf - Buffer containing the spec entries . +// num_args - The number of spec parameter entries to process. +// ... - A 'char **spec_entry' for each parameter. +// returns - The number of items processed. +// +// This function calls read_spec_entry() to do the actual string processing. +static int read_spec_entries(char* line_buf, int num_args, ...) { + char **spec_entry, *buf_p; + int len, rc, items, entry_len = 0; + va_list ap; + + len = strlen(line_buf); + if (line_buf[len - 1] == '\n') + line_buf[len - 1] = '\0'; + else + // Handle case if line not \n terminated by bumping + // the len for the check below (as the line is NUL + // terminated by getline(3)) + len++; + + buf_p = line_buf; + while (isspace(*buf_p)) buf_p++; + + // Skip comment lines and empty lines. + if (*buf_p == '#' || *buf_p == '\0') return 0; + + // Process the spec file entries + va_start(ap, num_args); + + items = 0; + while (items < num_args) { + spec_entry = va_arg(ap, char**); + + if (len - 1 == buf_p - line_buf) { + va_end(ap); + return items; + } + + rc = read_spec_entry(spec_entry, &buf_p, &entry_len); + if (rc < 0) { + va_end(ap); + return rc; + } + if (entry_len) items++; + } + va_end(ap); + return items; +} + +bool ContextsSplit::MapSerialPropertyArea(bool access_rw, bool* fsetxattr_failed) { + char filename[PROP_FILENAME_MAX]; + int len = async_safe_format_buffer(filename, sizeof(filename), "%s/properties_serial", filename_); + if (len < 0 || len >= PROP_FILENAME_MAX) { + serial_prop_area_ = nullptr; + return false; + } + + if (access_rw) { + serial_prop_area_ = + prop_area::map_prop_area_rw(filename, "u:object_r:properties_serial:s0", fsetxattr_failed); + } else { + serial_prop_area_ = prop_area::map_prop_area(filename); + } + return serial_prop_area_; +} + +bool ContextsSplit::InitializePropertiesFromFile(const char* filename) { + FILE* file = fopen(filename, "re"); + if (!file) { + return false; + } + + char* buffer = nullptr; + size_t line_len; + char* prop_prefix = nullptr; + char* context = nullptr; + + while (getline(&buffer, &line_len, file) > 0) { + int items = read_spec_entries(buffer, 2, &prop_prefix, &context); + if (items <= 0) { + continue; + } + if (items == 1) { + free(prop_prefix); + continue; + } + + // init uses ctl.* properties as an IPC mechanism and does not write them + // to a property file, therefore we do not need to create property files + // to store them. + if (!strncmp(prop_prefix, "ctl.", 4)) { + free(prop_prefix); + free(context); + continue; + } + + auto old_context = ListFind( + contexts_, [context](ContextListNode* l) { return !strcmp(l->context(), context); }); + if (old_context) { + ListAddAfterLen(&prefixes_, prop_prefix, old_context); + } else { + ListAdd(&contexts_, context, filename_); + ListAddAfterLen(&prefixes_, prop_prefix, contexts_); + } + free(prop_prefix); + free(context); + } + + free(buffer); + fclose(file); + + return true; +} + +bool ContextsSplit::InitializeProperties() { + // If we do find /property_contexts, then this is being + // run as part of the OTA updater on older release that had + // /property_contexts - b/34370523 + if (InitializePropertiesFromFile("/property_contexts")) { + return true; + } + + // Use property_contexts from /system & /vendor, fall back to those from / + if (access("/system/etc/selinux/plat_property_contexts", R_OK) != -1) { + if (!InitializePropertiesFromFile("/system/etc/selinux/plat_property_contexts")) { + return false; + } + // Don't check for failure here, since we don't always have all of these partitions. + // E.g. In case of recovery, the vendor partition will not have mounted and we + // still need the system / platform properties to function. + if (access("/vendor/etc/selinux/vendor_property_contexts", R_OK) != -1) { + InitializePropertiesFromFile("/vendor/etc/selinux/vendor_property_contexts"); + } + } else { + if (!InitializePropertiesFromFile("/plat_property_contexts")) { + return false; + } + if (access("/vendor_property_contexts", R_OK) != -1) { + InitializePropertiesFromFile("/vendor_property_contexts"); + } + } + + return true; +} + +bool ContextsSplit::Initialize(bool writable, const char* filename, bool* fsetxattr_failed) { + filename_ = filename; + if (!InitializeProperties()) { + return false; + } + + if (writable) { + mkdir(filename_, S_IRWXU | S_IXGRP | S_IXOTH); + bool open_failed = false; + if (fsetxattr_failed) { + *fsetxattr_failed = false; + } + + ListForEach(contexts_, [&fsetxattr_failed, &open_failed](ContextListNode* l) { + if (!l->Open(true, fsetxattr_failed)) { + open_failed = true; + } + }); + if (open_failed || !MapSerialPropertyArea(true, fsetxattr_failed)) { + FreeAndUnmap(); + return false; + } + } else { + if (!MapSerialPropertyArea(false, nullptr)) { + FreeAndUnmap(); + return false; + } + } + return true; +} + +PrefixNode* ContextsSplit::GetPrefixNodeForName(const char* name) { + auto entry = ListFind(prefixes_, [name](PrefixNode* l) { + return l->prefix[0] == '*' || !strncmp(l->prefix, name, l->prefix_len); + }); + + return entry; +} + +prop_area* ContextsSplit::GetPropAreaForName(const char* name) { + auto entry = GetPrefixNodeForName(name); + if (!entry) { + return nullptr; + } + + auto cnode = entry->context; + if (!cnode->pa()) { + // We explicitly do not check no_access_ in this case because unlike the + // case of foreach(), we want to generate an selinux audit for each + // non-permitted property access in this function. + cnode->Open(false, nullptr); + } + return cnode->pa(); +} + +void ContextsSplit::ForEach(void (*propfn)(const prop_info* pi, void* cookie), void* cookie) { + ListForEach(contexts_, [propfn, cookie](ContextListNode* l) { + if (l->CheckAccessAndOpen()) { + l->pa()->foreach (propfn, cookie); + } + }); +} + +void ContextsSplit::ResetAccess() { + ListForEach(contexts_, [](ContextListNode* l) { l->ResetAccess(); }); +} + +void ContextsSplit::FreeAndUnmap() { + ListFree(&prefixes_); + ListFree(&contexts_); + prop_area::unmap_prop_area(&serial_prop_area_); +} diff --git a/include/api/_system_properties.h b/include/api/_system_properties.h new file mode 100644 index 0000000..744a45b --- /dev/null +++ b/include/api/_system_properties.h @@ -0,0 +1,137 @@ +/* + * Copyright (C) 2008 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef _INCLUDE_SYS__SYSTEM_PROPERTIES_H +#define _INCLUDE_SYS__SYSTEM_PROPERTIES_H + +#include +#include + +#ifndef _REALLY_INCLUDE_SYS__SYSTEM_PROPERTIES_H_ +#error you should #include instead +#endif + +#include + +__BEGIN_DECLS + +#define PROP_SERVICE_NAME "property_service" +#define PROP_FILENAME "/dev/__properties__" + +#define PROP_MSG_SETPROP 1 +#define PROP_MSG_SETPROP2 0x00020001 + +#define PROP_SUCCESS 0 +#define PROP_ERROR_READ_CMD 0x0004 +#define PROP_ERROR_READ_DATA 0x0008 +#define PROP_ERROR_READ_ONLY_PROPERTY 0x000B +#define PROP_ERROR_INVALID_NAME 0x0010 +#define PROP_ERROR_INVALID_VALUE 0x0014 +#define PROP_ERROR_PERMISSION_DENIED 0x0018 +#define PROP_ERROR_INVALID_CMD 0x001B +#define PROP_ERROR_HANDLE_CONTROL_MESSAGE 0x0020 +#define PROP_ERROR_SET_FAILED 0x0024 + +/* +** This was previously for testing, but now that SystemProperties is its own testable class, +** there is never a reason to call this function and its implementation simply returns -1. +*/ +int __system_property_set_filename(const char* __filename); + +/* +** Initialize the area to be used to store properties. Can +** only be done by a single process that has write access to +** the property area. +*/ +int __system_property_area_init(void); + +/* Read the global serial number of the system properties +** +** Called to predict if a series of cached __system_property_find +** objects will have seen __system_property_serial values change. +** But also aids the converse, as changes in the global serial can +** also be used to predict if a failed __system_property_find +** could in-turn now find a new object; thus preventing the +** cycles of effort to poll __system_property_find. +** +** Typically called at beginning of a cache cycle to signal if _any_ possible +** changes have occurred since last. If there is, one may check each individual +** __system_property_serial to confirm dirty, or __system_property_find +** to check if the property now exists. If a call to __system_property_add +** or __system_property_update has completed between two calls to +** __system_property_area_serial then the second call will return a larger +** value than the first call. Beware of race conditions as changes to the +** properties are not atomic, the main value of this call is to determine +** whether the expensive __system_property_find is worth retrying to see if +** a property now exists. +** +** Returns the serial number on success, -1 on error. +*/ +uint32_t __system_property_area_serial(void); + +/* Add a new system property. Can only be done by a single +** process that has write access to the property area, and +** that process must handle sequencing to ensure the property +** does not already exist and that only one property is added +** or updated at a time. +** +** Returns 0 on success, -1 if the property area is full. +*/ +int __system_property_add(const char* __name, unsigned int __name_length, const char* __value, unsigned int __value_length); + +/* Update the value of a system property returned by +** __system_property_find. Can only be done by a single process +** that has write access to the property area, and that process +** must handle sequencing to ensure that only one property is +** updated at a time. +** +** Returns 0 on success, -1 if the parameters are incorrect. +*/ +int __system_property_update(prop_info* __pi, const char* __value, unsigned int __value_length); + +/* Read the serial number of a system property returned by +** __system_property_find. +** +** Returns the serial number on success, -1 on error. +*/ +uint32_t __system_property_serial(const prop_info* __pi); + +/* Initialize the system properties area in read only mode. + * Should be done by all processes that need to read system + * properties. + * + * Returns 0 on success, -1 otherwise. + */ +int __system_properties_init(void); + +/* Deprecated: use __system_property_wait instead. */ +uint32_t __system_property_wait_any(uint32_t __old_serial); + +__END_DECLS + +#endif diff --git a/include/api/system_properties.h b/include/api/system_properties.h new file mode 100644 index 0000000..a2e1923 --- /dev/null +++ b/include/api/system_properties.h @@ -0,0 +1,99 @@ +/* + * Copyright (C) 2008 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef _INCLUDE_SYS_SYSTEM_PROPERTIES_H +#define _INCLUDE_SYS_SYSTEM_PROPERTIES_H + +#include +#include +#include +#include + +__BEGIN_DECLS + +typedef struct prop_info prop_info; + +#define PROP_VALUE_MAX 92 + +/* + * Sets system property `name` to `value`, creating the system property if it doesn't already exist. + */ +int __system_property_set(const char* __name, const char* __value); + +/* + * Returns a `prop_info` corresponding system property `name`, or nullptr if it doesn't exist. + * Use __system_property_read_callback to query the current value. + * + * Property lookup is expensive, so it can be useful to cache the result of this function. + */ +const prop_info* __system_property_find(const char* __name); + +/* + * Calls `callback` with a consistent trio of name, value, and serial number for property `pi`. + */ +void __system_property_read_callback(const prop_info* __pi, + void (*__callback)(void* __cookie, const char* __name, const char* __value, uint32_t __serial), + void* __cookie) __INTRODUCED_IN(26); + +/* + * Passes a `prop_info` for each system property to the provided + * callback. Use __system_property_read_callback() to read the value. + * + * This method is for inspecting and debugging the property system, and not generally useful. + */ +int __system_property_foreach(void (*__callback)(const prop_info* __pi, void* __cookie), void* __cookie) + __INTRODUCED_IN(19); + +/* + * Waits for the specific system property identified by `pi` to be updated + * past `old_serial`. Waits no longer than `relative_timeout`, or forever + * if `relaive_timeout` is null. + * + * If `pi` is null, waits for the global serial number instead. + * + * If you don't know the current serial, use 0. + * + * Returns true and updates `*new_serial_ptr` on success, or false if the call + * timed out. + */ +struct timespec; +bool __system_property_wait(const prop_info* __pi, uint32_t __old_serial, uint32_t* __new_serial_ptr, const struct timespec* __relative_timeout) + __INTRODUCED_IN(26); + +/* Deprecated. In Android O and above, there's no limit on property name length. */ +#define PROP_NAME_MAX 32 +/* Deprecated. Use __system_property_read_callback instead. */ +int __system_property_read(const prop_info* __pi, char* __name, char* __value); +/* Deprecated. Use __system_property_read_callback instead. */ +int __system_property_get(const char* __name, char* __value); +/* Deprecated. Use __system_property_foreach instead. */ +const prop_info* __system_property_find_nth(unsigned __n); + +__END_DECLS + +#endif diff --git a/include/platform/bionic/macros.h b/include/platform/bionic/macros.h new file mode 100644 index 0000000..9e13e0d --- /dev/null +++ b/include/platform/bionic/macros.h @@ -0,0 +1,99 @@ +/* + * Copyright (C) 2010 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include + +#define BIONIC_DISALLOW_COPY_AND_ASSIGN(TypeName) \ + TypeName(const TypeName&) = delete; \ + void operator=(const TypeName&) = delete + +#define BIONIC_DISALLOW_IMPLICIT_CONSTRUCTORS(TypeName) \ + TypeName() = delete; \ + BIONIC_DISALLOW_COPY_AND_ASSIGN(TypeName) + +#define BIONIC_ROUND_UP_POWER_OF_2(value) \ + ((sizeof(value) == 8) \ + ? (1UL << (64 - __builtin_clzl(static_cast(value)))) \ + : (1UL << (32 - __builtin_clz(static_cast(value))))) + +static constexpr uintptr_t align_down(uintptr_t p, size_t align) { + return p & ~(align - 1); +} + +static constexpr uintptr_t align_up(uintptr_t p, size_t align) { + return (p + align - 1) & ~(align - 1); +} + +template +static inline T* align_down(T* p, size_t align) { + return reinterpret_cast(align_down(reinterpret_cast(p), align)); +} + +template +static inline T* align_up(T* p, size_t align) { + return reinterpret_cast(align_up(reinterpret_cast(p), align)); +} + +#if defined(__arm__) +#define BIONIC_STOP_UNWIND asm volatile(".cfi_undefined r14") +#elif defined(__aarch64__) +#define BIONIC_STOP_UNWIND asm volatile(".cfi_undefined x30") +#elif defined(__i386__) +#define BIONIC_STOP_UNWIND asm volatile(".cfi_undefined \%eip") +#elif defined(__riscv) +#define BIONIC_STOP_UNWIND asm volatile(".cfi_undefined ra") +#elif defined(__x86_64__) +#define BIONIC_STOP_UNWIND asm volatile(".cfi_undefined \%rip") +#endif + +// The arraysize(arr) macro returns the # of elements in an array arr. +// The expression is a compile-time constant, and therefore can be +// used in defining new arrays, for example. If you use arraysize on +// a pointer by mistake, you will get a compile-time error. +// +// One caveat is that arraysize() doesn't accept any array of an +// anonymous type or a type defined inside a function. +// +// This template function declaration is used in defining arraysize. +// Note that the function doesn't need an implementation, as we only +// use its type. +template +char (&ArraySizeHelper(T (&array)[N]))[N]; // NOLINT(readability/casting) + +#define arraysize(array) (sizeof(ArraySizeHelper(array))) + +// Used to inform clang's -Wimplicit-fallthrough that a fallthrough is intended. There's no way to +// silence (or enable, apparently) -Wimplicit-fallthrough in C yet. +#ifdef __cplusplus +#define __BIONIC_FALLTHROUGH [[clang::fallthrough]] +#else +#define __BIONIC_FALLTHROUGH +#endif + +static inline uintptr_t untag_address(uintptr_t p) { +#if defined(__aarch64__) + return p & ((1ULL << 56) - 1); +#else + return p; +#endif +} + +template +static inline T* untag_address(T* p) { + return reinterpret_cast(untag_address(reinterpret_cast(p))); +} diff --git a/include/private/ErrnoRestorer.h b/include/private/ErrnoRestorer.h new file mode 100644 index 0000000..cecf103 --- /dev/null +++ b/include/private/ErrnoRestorer.h @@ -0,0 +1,40 @@ +/* + * Copyright (C) 2013 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include + +#include "platform/bionic/macros.h" + +class ErrnoRestorer { + public: + explicit ErrnoRestorer() : saved_errno_(errno) { + } + + ~ErrnoRestorer() { + errno = saved_errno_; + } + + void override(int new_errno) { + saved_errno_ = new_errno; + } + + private: + int saved_errno_; + + BIONIC_DISALLOW_COPY_AND_ASSIGN(ErrnoRestorer); +}; diff --git a/include/private/ScopedFd.h b/include/private/ScopedFd.h new file mode 100644 index 0000000..ea7f59e --- /dev/null +++ b/include/private/ScopedFd.h @@ -0,0 +1,64 @@ +/* + * Copyright (C) 2019 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#pragma once + +#include + +#include "platform/bionic/macros.h" +#include "private/ErrnoRestorer.h" + +class ScopedFd final { + public: + explicit ScopedFd(int fd) : fd_(fd) { + } + + ScopedFd() : fd_(-1) { + } + + ~ScopedFd() { + reset(-1); + } + + void reset(int fd = -1) { + if (fd_ != -1) { + ErrnoRestorer e; + close(fd_); + } + fd_ = fd; + } + + int get() const { + return fd_; + } + + private: + int fd_; + + BIONIC_DISALLOW_COPY_AND_ASSIGN(ScopedFd); +}; diff --git a/include/private/bionic_defs.h b/include/private/bionic_defs.h new file mode 100644 index 0000000..5a48f25 --- /dev/null +++ b/include/private/bionic_defs.h @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2017 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef __BIONIC_PRIVATE_BIONIC_DEFS_H_ +#define __BIONIC_PRIVATE_BIONIC_DEFS_H_ + +/* + * This label is used to mark libc/libdl symbols that may need to be replaced + * by native bridge implementation. + */ +#ifdef __ANDROID_NATIVE_BRIDGE__ +#define __BIONIC_WEAK_FOR_NATIVE_BRIDGE __attribute__((__weak__, __noinline__)) +#define __BIONIC_WEAK_VARIABLE_FOR_NATIVE_BRIDGE __attribute__((__weak__)) +#define __BIONIC_WEAK_FOR_NATIVE_BRIDGE_INLINE \ + __BIONIC_WEAK_FOR_NATIVE_BRIDGE extern "C" __LIBC_HIDDEN__ +#else +#define __BIONIC_WEAK_FOR_NATIVE_BRIDGE +#define __BIONIC_WEAK_VARIABLE_FOR_NATIVE_BRIDGE +#define __BIONIC_WEAK_FOR_NATIVE_BRIDGE_INLINE static inline +#endif + +#endif /* __BIONIC_PRIVATE_BIONIC_DEFS_H_ */ diff --git a/include/private/bionic_futex.h b/include/private/bionic_futex.h new file mode 100644 index 0000000..b340690 --- /dev/null +++ b/include/private/bionic_futex.h @@ -0,0 +1,80 @@ +/* + * Copyright (C) 2008 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ +#ifndef _BIONIC_FUTEX_H +#define _BIONIC_FUTEX_H + +#include +#include +#include +#include +#include +#include +#include + +struct timespec; + +static inline __always_inline int __futex(volatile void* ftx, int op, int value, + const timespec* timeout, int bitset) { + // Our generated syscall assembler sets errno, but our callers (pthread functions) don't want to. + int saved_errno = errno; + int result = syscall(__NR_futex, ftx, op, value, timeout, NULL, bitset); + if (__predict_false(result == -1)) { + result = -errno; + errno = saved_errno; + } + return result; +} + +static inline int __futex_wake(volatile void* ftx, int count) { + return __futex(ftx, FUTEX_WAKE, count, nullptr, 0); +} + +static inline int __futex_wake_ex(volatile void* ftx, bool shared, int count) { + return __futex(ftx, shared ? FUTEX_WAKE : FUTEX_WAKE_PRIVATE, count, nullptr, 0); +} + +static inline int __futex_wait(volatile void* ftx, int value, const timespec* timeout) { + return __futex(ftx, FUTEX_WAIT, value, timeout, 0); +} + +static inline int __futex_wait_ex(volatile void* ftx, bool shared, int value) { + return __futex(ftx, (shared ? FUTEX_WAIT_BITSET : FUTEX_WAIT_BITSET_PRIVATE), value, nullptr, + FUTEX_BITSET_MATCH_ANY); +} + +__LIBC_HIDDEN__ int __futex_wait_ex(volatile void* ftx, bool shared, int value, + bool use_realtime_clock, const timespec* abs_timeout); + +static inline int __futex_pi_unlock(volatile void* ftx, bool shared) { + return __futex(ftx, shared ? FUTEX_UNLOCK_PI : FUTEX_UNLOCK_PI_PRIVATE, 0, nullptr, 0); +} + +__LIBC_HIDDEN__ int __futex_pi_lock_ex(volatile void* ftx, bool shared, bool use_realtime_clock, + const timespec* abs_timeout); + +#endif /* _BIONIC_FUTEX_H */ diff --git a/include/private/bionic_lock.h b/include/private/bionic_lock.h new file mode 100644 index 0000000..8ed4939 --- /dev/null +++ b/include/private/bionic_lock.h @@ -0,0 +1,99 @@ +/* + * Copyright (C) 2015 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#pragma once + +#include +#include "private/bionic_futex.h" +#include "platform/bionic/macros.h" + +// Lock is used in places like pthread_rwlock_t, which can be initialized without calling +// an initialization function. So make sure Lock can be initialized by setting its memory to 0. +class Lock { + private: + enum LockState { + Unlocked = 0, + LockedWithoutWaiter, + LockedWithWaiter, + }; + _Atomic(LockState) state; + bool process_shared; + + public: + void init(bool process_shared) { + atomic_init(&state, Unlocked); + this->process_shared = process_shared; + } + + bool trylock() { + LockState old_state = Unlocked; + return __predict_true(atomic_compare_exchange_strong_explicit(&state, &old_state, + LockedWithoutWaiter, memory_order_acquire, memory_order_relaxed)); + } + + void lock() { + LockState old_state = Unlocked; + if (__predict_true(atomic_compare_exchange_strong_explicit(&state, &old_state, + LockedWithoutWaiter, memory_order_acquire, memory_order_relaxed))) { + return; + } + while (atomic_exchange_explicit(&state, LockedWithWaiter, memory_order_acquire) != Unlocked) { + // TODO: As the critical section is brief, it is a better choice to spin a few times befor sleeping. + __futex_wait_ex(&state, process_shared, LockedWithWaiter); + } + return; + } + + void unlock() { + bool shared = process_shared; /* cache to local variable */ + if (atomic_exchange_explicit(&state, Unlocked, memory_order_release) == LockedWithWaiter) { + // The Lock object may have been deallocated between the atomic exchange and the futex wake + // call, so avoid accessing any fields of Lock here. In that case, the wake call may target + // unmapped memory or trigger a spurious futex wakeup. The same situation happens with + // pthread mutexes. References: + // - https://lkml.org/lkml/2014/11/27/472 + // - http://austingroupbugs.net/view.php?id=811#c2267 + __futex_wake_ex(&state, shared, 1); + } + } +}; + +class LockGuard { + public: + explicit LockGuard(Lock& lock) : lock_(lock) { + lock_.lock(); + } + ~LockGuard() { + lock_.unlock(); + } + + BIONIC_DISALLOW_COPY_AND_ASSIGN(LockGuard); + + private: + Lock& lock_; +}; diff --git a/include/property_info_parser/property_info_parser.h b/include/property_info_parser/property_info_parser.h new file mode 100644 index 0000000..0548021 --- /dev/null +++ b/include/property_info_parser/property_info_parser.h @@ -0,0 +1,224 @@ +// +// Copyright (C) 2017 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +#ifndef PROPERTY_INFO_PARSER_H +#define PROPERTY_INFO_PARSER_H + +#include +#include + +namespace android { +namespace properties { + +// The below structs intentionally do not end with char name[0] or other tricks to allocate +// with a dynamic size, such that they can be added onto in the future without breaking +// backwards compatibility. +struct PropertyEntry { + uint32_t name_offset; + uint32_t namelen; + + // This is the context match for this node_; ~0u if it doesn't correspond to any. + uint32_t context_index; + // This is the type for this node_; ~0u if it doesn't correspond to any. + uint32_t type_index; +}; + +struct TrieNodeInternal { + // This points to a property entry struct, which includes the name for this node + uint32_t property_entry; + + // Children are a sorted list of child nodes_; binary search them. + uint32_t num_child_nodes; + uint32_t child_nodes; + + // Prefixes are terminating prefix matches at this node, sorted longest to smallest + // Take the first match sequentially found with StartsWith(). + uint32_t num_prefixes; + uint32_t prefix_entries; + + // Exact matches are a sorted list of exact matches at this node_; binary search them. + uint32_t num_exact_matches; + uint32_t exact_match_entries; +}; + +struct PropertyInfoAreaHeader { + // The current version of this data as created by property service. + uint32_t current_version; + // The lowest version of libc that can properly parse this data. + uint32_t minimum_supported_version; + uint32_t size; + uint32_t contexts_offset; + uint32_t types_offset; + uint32_t root_offset; +}; + +class SerializedData { + public: + uint32_t size() const { + return reinterpret_cast(data_base_)->size; + } + + const char* c_string(uint32_t offset) const { + if (offset != 0 && offset > size()) return nullptr; + return static_cast(data_base_ + offset); + } + + const uint32_t* uint32_array(uint32_t offset) const { + if (offset != 0 && offset > size()) return nullptr; + return reinterpret_cast(data_base_ + offset); + } + + uint32_t uint32(uint32_t offset) const { + if (offset != 0 && offset > size()) return ~0u; + return *reinterpret_cast(data_base_ + offset); + } + + const char* data_base() const { return data_base_; } + + private: + const char data_base_[0]; +}; + +class TrieNode { + public: + TrieNode() : serialized_data_(nullptr), trie_node_base_(nullptr) {} + TrieNode(const SerializedData* data_base, const TrieNodeInternal* trie_node_base) + : serialized_data_(data_base), trie_node_base_(trie_node_base) {} + + const char* name() const { + return serialized_data_->c_string(node_property_entry()->name_offset); + } + + uint32_t context_index() const { return node_property_entry()->context_index; } + uint32_t type_index() const { return node_property_entry()->type_index; } + + uint32_t num_child_nodes() const { return trie_node_base_->num_child_nodes; } + TrieNode child_node(int n) const { + uint32_t child_node_offset = serialized_data_->uint32_array(trie_node_base_->child_nodes)[n]; + const TrieNodeInternal* trie_node_base = + reinterpret_cast(serialized_data_->data_base() + child_node_offset); + return TrieNode(serialized_data_, trie_node_base); + } + + bool FindChildForString(const char* input, uint32_t namelen, TrieNode* child) const; + + uint32_t num_prefixes() const { return trie_node_base_->num_prefixes; } + const PropertyEntry* prefix(int n) const { + uint32_t prefix_entry_offset = + serialized_data_->uint32_array(trie_node_base_->prefix_entries)[n]; + return reinterpret_cast(serialized_data_->data_base() + + prefix_entry_offset); + } + + uint32_t num_exact_matches() const { return trie_node_base_->num_exact_matches; } + const PropertyEntry* exact_match(int n) const { + uint32_t exact_match_entry_offset = + serialized_data_->uint32_array(trie_node_base_->exact_match_entries)[n]; + return reinterpret_cast(serialized_data_->data_base() + + exact_match_entry_offset); + } + + private: + const PropertyEntry* node_property_entry() const { + return reinterpret_cast(serialized_data_->data_base() + + trie_node_base_->property_entry); + } + + const SerializedData* serialized_data_; + const TrieNodeInternal* trie_node_base_; +}; + +class PropertyInfoArea : private SerializedData { + public: + void GetPropertyInfoIndexes(const char* name, uint32_t* context_index, uint32_t* type_index) const; + void GetPropertyInfo(const char* property, const char** context, const char** type) const; + + int FindContextIndex(const char* context) const; + int FindTypeIndex(const char* type) const; + + const char* context(uint32_t index) const { + uint32_t context_array_size_offset = contexts_offset(); + const uint32_t* context_array = uint32_array(context_array_size_offset + sizeof(uint32_t)); + return data_base() + context_array[index]; + } + + const char* type(uint32_t index) const { + uint32_t type_array_size_offset = types_offset(); + const uint32_t* type_array = uint32_array(type_array_size_offset + sizeof(uint32_t)); + return data_base() + type_array[index]; + } + + uint32_t current_version() const { return header()->current_version; } + uint32_t minimum_supported_version() const { return header()->minimum_supported_version; } + + uint32_t size() const { return SerializedData::size(); } + + uint32_t num_contexts() const { return uint32_array(contexts_offset())[0]; } + uint32_t num_types() const { return uint32_array(types_offset())[0]; } + + TrieNode root_node() const { return trie(header()->root_offset); } + + private: + void CheckPrefixMatch(const char* remaining_name, const TrieNode& trie_node, + uint32_t* context_index, uint32_t* type_index) const; + + const PropertyInfoAreaHeader* header() const { + return reinterpret_cast(data_base()); + } + uint32_t contexts_offset() const { return header()->contexts_offset; } + uint32_t contexts_array_offset() const { return contexts_offset() + sizeof(uint32_t); } + uint32_t types_offset() const { return header()->types_offset; } + uint32_t types_array_offset() const { return types_offset() + sizeof(uint32_t); } + + TrieNode trie(uint32_t offset) const { + if (offset != 0 && offset > size()) return TrieNode(); + const TrieNodeInternal* trie_node_base = + reinterpret_cast(data_base() + offset); + return TrieNode(this, trie_node_base); + } +}; + +// This is essentially a smart pointer for read only mmap region for property contexts. +class PropertyInfoAreaFile { + public: + PropertyInfoAreaFile() : mmap_base_(nullptr), mmap_size_(0) {} + ~PropertyInfoAreaFile() { Reset(); } + + PropertyInfoAreaFile(const PropertyInfoAreaFile&) = delete; + void operator=(const PropertyInfoAreaFile&) = delete; + PropertyInfoAreaFile(PropertyInfoAreaFile&&) = default; + PropertyInfoAreaFile& operator=(PropertyInfoAreaFile&&) = default; + + bool LoadDefaultPath(); + bool LoadPath(const char* filename); + + const PropertyInfoArea* operator->() const { + return reinterpret_cast(mmap_base_); + } + + explicit operator bool() const { return mmap_base_ != nullptr; } + + void Reset(); + + private: + void* mmap_base_; + size_t mmap_size_; +}; + +} // namespace properties +} // namespace android + +#endif diff --git a/include/system_properties/context_node.h b/include/system_properties/context_node.h new file mode 100644 index 0000000..20f4013 --- /dev/null +++ b/include/system_properties/context_node.h @@ -0,0 +1,67 @@ +/* + * Copyright (C) 2008 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#pragma once + +#include "private/bionic_lock.h" + +#include "prop_area.h" + +class ContextNode { + public: + ContextNode(const char* context, const char* filename) + : context_(context), pa_(nullptr), no_access_(false), filename_(filename) { + lock_.init(false); + } + ~ContextNode() { + Unmap(); + } + + BIONIC_DISALLOW_COPY_AND_ASSIGN(ContextNode); + + bool Open(bool access_rw, bool* fsetxattr_failed); + bool CheckAccessAndOpen(); + void ResetAccess(); + void Unmap(); + + const char* context() const { + return context_; + } + prop_area* pa() { + return pa_; + } + + private: + bool CheckAccess(); + + Lock lock_; + const char* context_; + prop_area* pa_; + bool no_access_; + const char* filename_; +}; diff --git a/include/system_properties/contexts.h b/include/system_properties/contexts.h new file mode 100644 index 0000000..670f808 --- /dev/null +++ b/include/system_properties/contexts.h @@ -0,0 +1,45 @@ +/* + * Copyright (C) 2008 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#pragma once + +#include "prop_area.h" +#include "prop_info.h" + +class Contexts { + public: + virtual ~Contexts() { + } + + virtual bool Initialize(bool writable, const char* filename, bool* fsetxattr_failed) = 0; + virtual prop_area* GetPropAreaForName(const char* name) = 0; + virtual prop_area* GetSerialPropArea() = 0; + virtual void ForEach(void (*propfn)(const prop_info* pi, void* cookie), void* cookie) = 0; + virtual void ResetAccess() = 0; + virtual void FreeAndUnmap() = 0; +}; diff --git a/include/system_properties/contexts_pre_split.h b/include/system_properties/contexts_pre_split.h new file mode 100644 index 0000000..6e695e9 --- /dev/null +++ b/include/system_properties/contexts_pre_split.h @@ -0,0 +1,69 @@ +/* + * Copyright (C) 2008 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#pragma once + +#include "contexts.h" +#include "prop_area.h" +#include "prop_info.h" + +class ContextsPreSplit : public Contexts { + public: + virtual ~ContextsPreSplit() override { + } + + // We'll never initialize this legacy option as writable, so don't even check the arg. + virtual bool Initialize(bool, const char* filename, bool*) override { + pre_split_prop_area_ = prop_area::map_prop_area(filename); + return pre_split_prop_area_ != nullptr; + } + + virtual prop_area* GetPropAreaForName(const char*) override { + return pre_split_prop_area_; + } + + virtual prop_area* GetSerialPropArea() override { + return pre_split_prop_area_; + } + + virtual void ForEach(void (*propfn)(const prop_info* pi, void* cookie), void* cookie) override { + pre_split_prop_area_->foreach (propfn, cookie); + } + + // This is a no-op for pre-split properties as there is only one property file and it is + // accessible by all domains + virtual void ResetAccess() override { + } + + virtual void FreeAndUnmap() override { + prop_area::unmap_prop_area(&pre_split_prop_area_); + } + + private: + prop_area* pre_split_prop_area_ = nullptr; +}; diff --git a/include/system_properties/contexts_serialized.h b/include/system_properties/contexts_serialized.h new file mode 100644 index 0000000..93d6ac1 --- /dev/null +++ b/include/system_properties/contexts_serialized.h @@ -0,0 +1,61 @@ +/* + * Copyright (C) 2017 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#pragma once + +#include + +#include "context_node.h" +#include "contexts.h" + +class ContextsSerialized : public Contexts { + public: + virtual ~ContextsSerialized() override { + } + + virtual bool Initialize(bool writable, const char* filename, bool* fsetxattr_failed) override; + virtual prop_area* GetPropAreaForName(const char* name) override; + virtual prop_area* GetSerialPropArea() override { + return serial_prop_area_; + } + virtual void ForEach(void (*propfn)(const prop_info* pi, void* cookie), void* cookie) override; + virtual void ResetAccess() override; + virtual void FreeAndUnmap() override; + + private: + bool InitializeContextNodes(); + bool InitializeProperties(); + bool MapSerialPropertyArea(bool access_rw, bool* fsetxattr_failed); + + const char* filename_; + android::properties::PropertyInfoAreaFile property_info_area_file_; + ContextNode* context_nodes_ = nullptr; + size_t num_context_nodes_ = 0; + size_t context_nodes_mmap_size_ = 0; + prop_area* serial_prop_area_ = nullptr; +}; diff --git a/include/system_properties/contexts_split.h b/include/system_properties/contexts_split.h new file mode 100644 index 0000000..1d954cc --- /dev/null +++ b/include/system_properties/contexts_split.h @@ -0,0 +1,61 @@ +/* + * Copyright (C) 2008 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#pragma once + +#include "contexts.h" + +struct PrefixNode; +class ContextListNode; + +class ContextsSplit : public Contexts { + public: + virtual ~ContextsSplit() override { + } + + virtual bool Initialize(bool writable, const char* filename, bool* fsetxattr_failed) override; + virtual prop_area* GetPropAreaForName(const char* name) override; + virtual prop_area* GetSerialPropArea() override { + return serial_prop_area_; + } + virtual void ForEach(void (*propfn)(const prop_info* pi, void* cookie), void* cookie) override; + virtual void ResetAccess() override; + virtual void FreeAndUnmap() override; + + PrefixNode* GetPrefixNodeForName(const char* name); + + protected: + bool MapSerialPropertyArea(bool access_rw, bool* fsetxattr_failed); + bool InitializePropertiesFromFile(const char* filename); + bool InitializeProperties(); + + PrefixNode* prefixes_ = nullptr; + ContextListNode* contexts_ = nullptr; + prop_area* serial_prop_area_ = nullptr; + const char* filename_ = nullptr; +}; diff --git a/include/system_properties/prop_area.h b/include/system_properties/prop_area.h new file mode 100644 index 0000000..e32a8d7 --- /dev/null +++ b/include/system_properties/prop_area.h @@ -0,0 +1,179 @@ +/* + * Copyright (C) 2008 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#pragma once + +#include +#include +#include +#include + +#include "platform/bionic/macros.h" + +#include "prop_info.h" + +// Properties are stored in a hybrid trie/binary tree structure. +// Each property's name is delimited at '.' characters, and the tokens are put +// into a trie structure. Siblings at each level of the trie are stored in a +// binary tree. For instance, "ro.secure"="1" could be stored as follows: +// +// +-----+ children +----+ children +--------+ +// | |-------------->| ro |-------------->| secure | +// +-----+ +----+ +--------+ +// / \ / | +// left / \ right left / | prop +===========+ +// v v v +-------->| ro.secure | +// +-----+ +-----+ +-----+ +-----------+ +// | net | | sys | | com | | 1 | +// +-----+ +-----+ +-----+ +===========+ + +// Represents a node in the trie. +struct prop_bt { + uint32_t namelen; + + // The property trie is updated only by the init process (single threaded) which provides + // property service. And it can be read by multiple threads at the same time. + // As the property trie is not protected by locks, we use atomic_uint_least32_t types for the + // left, right, children "pointers" in the trie node. To make sure readers who see the + // change of "pointers" can also notice the change of prop_bt structure contents pointed by + // the "pointers", we always use release-consume ordering pair when accessing these "pointers". + + // prop "points" to prop_info structure if there is a propery associated with the trie node. + // Its situation is similar to the left, right, children "pointers". So we use + // atomic_uint_least32_t and release-consume ordering to protect it as well. + + // We should also avoid rereading these fields redundantly, since not + // all processor implementations ensure that multiple loads from the + // same field are carried out in the right order. + atomic_uint_least32_t prop; + + atomic_uint_least32_t left; + atomic_uint_least32_t right; + + atomic_uint_least32_t children; + + char name[0]; + + prop_bt(const char* name, const uint32_t name_length) { + this->namelen = name_length; + memcpy(this->name, name, name_length); + this->name[name_length] = '\0'; + } + + private: + BIONIC_DISALLOW_COPY_AND_ASSIGN(prop_bt); +}; + +class prop_area { + public: + static prop_area* map_prop_area_rw(const char* filename, const char* context, + bool* fsetxattr_failed); + static prop_area* map_prop_area(const char* filename); + static void unmap_prop_area(prop_area** pa) { + if (*pa) { + munmap(*pa, pa_size_); + *pa = nullptr; + } + } + + prop_area(const uint32_t magic, const uint32_t version) : magic_(magic), version_(version) { + atomic_init(&serial_, 0u); + memset(reserved_, 0, sizeof(reserved_)); + // Allocate enough space for the root node. + bytes_used_ = sizeof(prop_bt); + // To make property reads wait-free, we reserve a + // PROP_VALUE_MAX-sized block of memory, the "dirty backup area", + // just after the root node. When we're about to modify a + // property, we copy the old value into the dirty backup area and + // copy the new value into the prop_info structure. Before + // starting the latter copy, we mark the property's serial as + // being dirty. If a reader comes along while we're doing the + // property update and sees a dirty serial, the reader copies from + // the dirty backup area instead of the property value + // proper. After the copy, the reader checks whether the property + // serial is the same: if it is, the dirty backup area hasn't been + // reused for something else and we can complete the + // read immediately. + bytes_used_ += __BIONIC_ALIGN(PROP_VALUE_MAX, sizeof(uint_least32_t)); + } + + const prop_info* find(const char* name); + bool add(const char* name, unsigned int namelen, const char* value, unsigned int valuelen); + + bool foreach (void (*propfn)(const prop_info* pi, void* cookie), void* cookie); + + atomic_uint_least32_t* serial() { + return &serial_; + } + uint32_t magic() const { + return magic_; + } + uint32_t version() const { + return version_; + } + char* dirty_backup_area() { + return data_ + sizeof (prop_bt); + } + + private: + static prop_area* map_fd_ro(const int fd); + + void* allocate_obj(const size_t size, uint_least32_t* const off); + prop_bt* new_prop_bt(const char* name, uint32_t namelen, uint_least32_t* const off); + prop_info* new_prop_info(const char* name, uint32_t namelen, const char* value, uint32_t valuelen, + uint_least32_t* const off); + void* to_prop_obj(uint_least32_t off); + prop_bt* to_prop_bt(atomic_uint_least32_t* off_p); + prop_info* to_prop_info(atomic_uint_least32_t* off_p); + + prop_bt* root_node(); + + prop_bt* find_prop_bt(prop_bt* const bt, const char* name, uint32_t namelen, bool alloc_if_needed); + + const prop_info* find_property(prop_bt* const trie, const char* name, uint32_t namelen, + const char* value, uint32_t valuelen, bool alloc_if_needed); + + bool foreach_property(prop_bt* const trie, void (*propfn)(const prop_info* pi, void* cookie), + void* cookie); + + // The original design doesn't include pa_size or pa_data_size in the prop_area struct itself. + // Since we'll need to be backwards compatible with that design, we don't gain much by adding it + // now, especially since we don't have any plans to make different property areas different sizes, + // and thus we share these two variables among all instances. + static size_t pa_size_; + static size_t pa_data_size_; + + uint32_t bytes_used_; + atomic_uint_least32_t serial_; + uint32_t magic_; + uint32_t version_; + uint32_t reserved_[28]; + char data_[0]; + + BIONIC_DISALLOW_COPY_AND_ASSIGN(prop_area); +}; diff --git a/include/system_properties/prop_info.h b/include/system_properties/prop_info.h new file mode 100644 index 0000000..3ebe7c5 --- /dev/null +++ b/include/system_properties/prop_info.h @@ -0,0 +1,89 @@ +/* + * Copyright (C) 2008 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#pragma once + +#include +#include +#include + +#include "platform/bionic/macros.h" + +// The C11 standard doesn't allow atomic loads from const fields, +// though C++11 does. Fudge it until standards get straightened out. +static inline uint_least32_t load_const_atomic(const atomic_uint_least32_t* s, memory_order mo) { + atomic_uint_least32_t* non_const_s = const_cast(s); + return atomic_load_explicit(non_const_s, mo); +} + +struct prop_info { + // Read only properties will not set anything but the bottom most bit of serial and the top byte. + // We borrow the 2nd from the top byte for extra flags, and use the bottom most bit of that for + // our first user, kLongFlag. + constexpr static uint32_t kLongFlag = 1 << 16; + + // The error message fits in part of a union with the previous 92 char property value so there + // must be room left over after the error message for the offset to the new longer property value + // and future expansion fields if needed. Note that this value cannot ever increase. The offset + // to the new longer property value appears immediately after it, so an increase of this size will + // break compatibility. + constexpr static size_t kLongLegacyErrorBufferSize = 56; + + public: + atomic_uint_least32_t serial; + // we need to keep this buffer around because the property + // value can be modified whereas name is constant. + union { + char value[PROP_VALUE_MAX]; + struct { + char error_message[kLongLegacyErrorBufferSize]; + uint32_t offset; + } long_property; + }; + char name[0]; + + bool is_long() const { + return (load_const_atomic(&serial, memory_order_relaxed) & kLongFlag) != 0; + } + + const char* long_value() const { + // We can't store pointers here since this is shared memory that will have different absolute + // pointers in different processes. We don't have data_ from prop_area, but since we know + // `this` is data_ + some offset and long_value is data_ + some other offset, we calculate the + // offset from `this` to long_value and store it as long_property.offset. + return reinterpret_cast(this) + long_property.offset; + } + + prop_info(const char* name, uint32_t namelen, const char* value, uint32_t valuelen); + prop_info(const char* name, uint32_t namelen, uint32_t long_offset); + + private: + BIONIC_DISALLOW_IMPLICIT_CONSTRUCTORS(prop_info); +}; + +static_assert(sizeof(prop_info) == 96, "sizeof struct prop_info must be 96 bytes"); diff --git a/include/system_properties/system_properties.h b/include/system_properties/system_properties.h new file mode 100644 index 0000000..0666e28 --- /dev/null +++ b/include/system_properties/system_properties.h @@ -0,0 +1,90 @@ +/* + * Copyright (C) 2008 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#pragma once + +#include +#include +#include + +#include "contexts.h" +#include "contexts_pre_split.h" +#include "contexts_serialized.h" +#include "contexts_split.h" + +constexpr int PROP_FILENAME_MAX = 1024; + +class SystemProperties { + public: + friend struct LocalPropertyTestState; + friend class SystemPropertiesTest; + // Note that system properties are initialized before libc calls static initializers, so + // doing any initialization in this constructor is an error. Even a Constructor that zero + // initializes this class will clobber the previous property initialization. + // We rely on the static SystemProperties in libc to be placed in .bss and zero initialized. + SystemProperties() = default; + // Special constructor for testing that also zero initializes the important members. + explicit SystemProperties(bool initialized) : initialized_(initialized) { + } + + BIONIC_DISALLOW_COPY_AND_ASSIGN(SystemProperties); + + bool Init(const char* filename); + bool AreaInit(const char* filename, bool* fsetxattr_failed); + uint32_t AreaSerial(); + const prop_info* Find(const char* name); + int Read(const prop_info* pi, char* name, char* value); + void ReadCallback(const prop_info* pi, + void (*callback)(void* cookie, const char* name, const char* value, + uint32_t serial), + void* cookie); + int Get(const char* name, char* value); + int Update(prop_info* pi, const char* value, unsigned int len); + int Add(const char* name, unsigned int namelen, const char* value, unsigned int valuelen); + uint32_t WaitAny(uint32_t old_serial); + bool Wait(const prop_info* pi, uint32_t old_serial, uint32_t* new_serial_ptr, + const timespec* relative_timeout); + const prop_info* FindNth(unsigned n); + int Foreach(void (*propfn)(const prop_info* pi, void* cookie), void* cookie); + + private: + uint32_t ReadMutablePropertyValue(const prop_info* pi, char* value); + + // We don't want to use new or malloc in properties (b/31659220), and we don't want to waste a + // full page by using mmap(), so we set aside enough space to create any context of the three + // contexts. + static constexpr size_t kMaxContextsAlign = + MAX(alignof(ContextsSerialized), MAX(alignof(ContextsSplit), alignof(ContextsPreSplit))); + static constexpr size_t kMaxContextsSize = + MAX(sizeof(ContextsSerialized), MAX(sizeof(ContextsSplit), sizeof(ContextsPreSplit))); + alignas(kMaxContextsAlign) char contexts_data_[kMaxContextsSize]; + Contexts* contexts_; + + bool initialized_; + char property_filename_[PROP_FILENAME_MAX]; +}; diff --git a/prop_area.cpp b/prop_area.cpp new file mode 100644 index 0000000..42bee9f --- /dev/null +++ b/prop_area.cpp @@ -0,0 +1,373 @@ +/* + * Copyright (C) 2008 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "system_properties/prop_area.h" + +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include + +constexpr size_t PA_SIZE = 128 * 1024; +constexpr uint32_t PROP_AREA_MAGIC = 0x504f5250; +constexpr uint32_t PROP_AREA_VERSION = 0xfc6ed0ab; + +size_t prop_area::pa_size_ = 0; +size_t prop_area::pa_data_size_ = 0; + +prop_area* prop_area::map_prop_area_rw(const char* filename, const char* context, + bool* fsetxattr_failed) { + /* dev is a tmpfs that we can use to carve a shared workspace + * out of, so let's do that... + */ + const int fd = open(filename, O_RDWR | O_CREAT | O_NOFOLLOW | O_CLOEXEC | O_EXCL, 0444); + + if (fd < 0) { + if (errno == EACCES) { + /* for consistency with the case where the process has already + * mapped the page in and segfaults when trying to write to it + */ + abort(); + } + return nullptr; + } + + if (context) { + if (fsetxattr(fd, XATTR_NAME_SELINUX, context, strlen(context) + 1, 0) != 0) { + async_safe_format_log(ANDROID_LOG_ERROR, "libc", + "fsetxattr failed to set context (%s) for \"%s\"", context, filename); + /* + * fsetxattr() will fail during system properties tests due to selinux policy. + * We do not want to create a custom policy for the tester, so we will continue in + * this function but set a flag that an error has occurred. + * Init, which is the only daemon that should ever call this function will abort + * when this error occurs. + * Otherwise, the tester will ignore it and continue, albeit without any selinux + * property separation. + */ + if (fsetxattr_failed) { + *fsetxattr_failed = true; + } + } + } + + if (ftruncate(fd, PA_SIZE) < 0) { + close(fd); + return nullptr; + } + + pa_size_ = PA_SIZE; + pa_data_size_ = pa_size_ - sizeof(prop_area); + + void* const memory_area = mmap(nullptr, pa_size_, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); + if (memory_area == MAP_FAILED) { + close(fd); + return nullptr; + } + + prop_area* pa = new (memory_area) prop_area(PROP_AREA_MAGIC, PROP_AREA_VERSION); + + close(fd); + return pa; +} + +prop_area* prop_area::map_fd_ro(const int fd) { + struct stat fd_stat; + if (fstat(fd, &fd_stat) < 0) { + return nullptr; + } + + if ((fd_stat.st_uid != 0) || (fd_stat.st_gid != 0) || + ((fd_stat.st_mode & (S_IWGRP | S_IWOTH)) != 0) || + (fd_stat.st_size < static_cast(sizeof(prop_area)))) { + return nullptr; + } + + pa_size_ = fd_stat.st_size; + pa_data_size_ = pa_size_ - sizeof(prop_area); + + void* const map_result = mmap(nullptr, pa_size_, PROT_READ, MAP_SHARED, fd, 0); + if (map_result == MAP_FAILED) { + return nullptr; + } + + prop_area* pa = reinterpret_cast(map_result); + if ((pa->magic() != PROP_AREA_MAGIC) || (pa->version() != PROP_AREA_VERSION)) { + munmap(pa, pa_size_); + return nullptr; + } + + return pa; +} + +prop_area* prop_area::map_prop_area(const char* filename) { + int fd = open(filename, O_CLOEXEC | O_NOFOLLOW | O_RDONLY); + if (fd == -1) return nullptr; + + prop_area* map_result = map_fd_ro(fd); + close(fd); + + return map_result; +} + +void* prop_area::allocate_obj(const size_t size, uint_least32_t* const off) { + const size_t aligned = __BIONIC_ALIGN(size, sizeof(uint_least32_t)); + if (bytes_used_ + aligned > pa_data_size_) { + return nullptr; + } + + *off = bytes_used_; + bytes_used_ += aligned; + return data_ + *off; +} + +prop_bt* prop_area::new_prop_bt(const char* name, uint32_t namelen, uint_least32_t* const off) { + uint_least32_t new_offset; + void* const p = allocate_obj(sizeof(prop_bt) + namelen + 1, &new_offset); + if (p != nullptr) { + prop_bt* bt = new (p) prop_bt(name, namelen); + *off = new_offset; + return bt; + } + + return nullptr; +} + +prop_info* prop_area::new_prop_info(const char* name, uint32_t namelen, const char* value, + uint32_t valuelen, uint_least32_t* const off) { + uint_least32_t new_offset; + void* const p = allocate_obj(sizeof(prop_info) + namelen + 1, &new_offset); + if (p == nullptr) return nullptr; + + prop_info* info; + if (valuelen >= PROP_VALUE_MAX) { + uint32_t long_value_offset = 0; + char* long_location = reinterpret_cast(allocate_obj(valuelen + 1, &long_value_offset)); + if (!long_location) return nullptr; + + memcpy(long_location, value, valuelen); + long_location[valuelen] = '\0'; + + // Both new_offset and long_value_offset are offsets based off of data_, however prop_info + // does not know what data_ is, so we change this offset to be an offset from the prop_info + // pointer that contains it. + long_value_offset -= new_offset; + + info = new (p) prop_info(name, namelen, long_value_offset); + } else { + info = new (p) prop_info(name, namelen, value, valuelen); + } + *off = new_offset; + return info; +} + +void* prop_area::to_prop_obj(uint_least32_t off) { + if (off > pa_data_size_) return nullptr; + + return (data_ + off); +} + +inline prop_bt* prop_area::to_prop_bt(atomic_uint_least32_t* off_p) { + uint_least32_t off = atomic_load_explicit(off_p, memory_order_consume); + return reinterpret_cast(to_prop_obj(off)); +} + +inline prop_info* prop_area::to_prop_info(atomic_uint_least32_t* off_p) { + uint_least32_t off = atomic_load_explicit(off_p, memory_order_consume); + return reinterpret_cast(to_prop_obj(off)); +} + +inline prop_bt* prop_area::root_node() { + return reinterpret_cast(to_prop_obj(0)); +} + +static int cmp_prop_name(const char* one, uint32_t one_len, const char* two, uint32_t two_len) { + if (one_len < two_len) + return -1; + else if (one_len > two_len) + return 1; + else + return strncmp(one, two, one_len); +} + +prop_bt* prop_area::find_prop_bt(prop_bt* const bt, const char* name, uint32_t namelen, + bool alloc_if_needed) { + prop_bt* current = bt; + while (true) { + if (!current) { + return nullptr; + } + + const int ret = cmp_prop_name(name, namelen, current->name, current->namelen); + if (ret == 0) { + return current; + } + + if (ret < 0) { + uint_least32_t left_offset = atomic_load_explicit(¤t->left, memory_order_relaxed); + if (left_offset != 0) { + current = to_prop_bt(¤t->left); + } else { + if (!alloc_if_needed) { + return nullptr; + } + + uint_least32_t new_offset; + prop_bt* new_bt = new_prop_bt(name, namelen, &new_offset); + if (new_bt) { + atomic_store_explicit(¤t->left, new_offset, memory_order_release); + } + return new_bt; + } + } else { + uint_least32_t right_offset = atomic_load_explicit(¤t->right, memory_order_relaxed); + if (right_offset != 0) { + current = to_prop_bt(¤t->right); + } else { + if (!alloc_if_needed) { + return nullptr; + } + + uint_least32_t new_offset; + prop_bt* new_bt = new_prop_bt(name, namelen, &new_offset); + if (new_bt) { + atomic_store_explicit(¤t->right, new_offset, memory_order_release); + } + return new_bt; + } + } + } +} + +const prop_info* prop_area::find_property(prop_bt* const trie, const char* name, uint32_t namelen, + const char* value, uint32_t valuelen, + bool alloc_if_needed) { + if (!trie) return nullptr; + + const char* remaining_name = name; + prop_bt* current = trie; + while (true) { + const char* sep = strchr(remaining_name, '.'); + const bool want_subtree = (sep != nullptr); + const uint32_t substr_size = (want_subtree) ? sep - remaining_name : strlen(remaining_name); + + if (!substr_size) { + return nullptr; + } + + prop_bt* root = nullptr; + uint_least32_t children_offset = atomic_load_explicit(¤t->children, memory_order_relaxed); + if (children_offset != 0) { + root = to_prop_bt(¤t->children); + } else if (alloc_if_needed) { + uint_least32_t new_offset; + root = new_prop_bt(remaining_name, substr_size, &new_offset); + if (root) { + atomic_store_explicit(¤t->children, new_offset, memory_order_release); + } + } + + if (!root) { + return nullptr; + } + + current = find_prop_bt(root, remaining_name, substr_size, alloc_if_needed); + if (!current) { + return nullptr; + } + + if (!want_subtree) break; + + remaining_name = sep + 1; + } + + uint_least32_t prop_offset = atomic_load_explicit(¤t->prop, memory_order_relaxed); + if (prop_offset != 0) { + return to_prop_info(¤t->prop); + } else if (alloc_if_needed) { + uint_least32_t new_offset; + prop_info* new_info = new_prop_info(name, namelen, value, valuelen, &new_offset); + if (new_info) { + atomic_store_explicit(¤t->prop, new_offset, memory_order_release); + } + + return new_info; + } else { + return nullptr; + } +} + +bool prop_area::foreach_property(prop_bt* const trie, + void (*propfn)(const prop_info* pi, void* cookie), void* cookie) { + if (!trie) return false; + + uint_least32_t left_offset = atomic_load_explicit(&trie->left, memory_order_relaxed); + if (left_offset != 0) { + const int err = foreach_property(to_prop_bt(&trie->left), propfn, cookie); + if (err < 0) return false; + } + uint_least32_t prop_offset = atomic_load_explicit(&trie->prop, memory_order_relaxed); + if (prop_offset != 0) { + prop_info* info = to_prop_info(&trie->prop); + if (!info) return false; + propfn(info, cookie); + } + uint_least32_t children_offset = atomic_load_explicit(&trie->children, memory_order_relaxed); + if (children_offset != 0) { + const int err = foreach_property(to_prop_bt(&trie->children), propfn, cookie); + if (err < 0) return false; + } + uint_least32_t right_offset = atomic_load_explicit(&trie->right, memory_order_relaxed); + if (right_offset != 0) { + const int err = foreach_property(to_prop_bt(&trie->right), propfn, cookie); + if (err < 0) return false; + } + + return true; +} + +const prop_info* prop_area::find(const char* name) { + return find_property(root_node(), name, strlen(name), nullptr, 0, false); +} + +bool prop_area::add(const char* name, unsigned int namelen, const char* value, + unsigned int valuelen) { + return find_property(root_node(), name, namelen, value, valuelen, true); +} + +bool prop_area::foreach (void (*propfn)(const prop_info* pi, void* cookie), void* cookie) { + return foreach_property(root_node(), propfn, cookie); +} diff --git a/prop_info.cpp b/prop_info.cpp new file mode 100644 index 0000000..890d1cf --- /dev/null +++ b/prop_info.cpp @@ -0,0 +1,55 @@ +/* + * Copyright (C) 2008 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "system_properties/prop_info.h" + +#include + +constexpr static const char kLongLegacyError[] = + "Must use __system_property_read_callback() to read"; +static_assert(sizeof(kLongLegacyError) < prop_info::kLongLegacyErrorBufferSize, + "Error message for long properties read by legacy libc must fit within 56 chars"); + +prop_info::prop_info(const char* name, uint32_t namelen, const char* value, uint32_t valuelen) { + memcpy(this->name, name, namelen); + this->name[namelen] = '\0'; + atomic_init(&this->serial, valuelen << 24); + memcpy(this->value, value, valuelen); + this->value[valuelen] = '\0'; +} + +prop_info::prop_info(const char* name, uint32_t namelen, uint32_t long_offset) { + memcpy(this->name, name, namelen); + this->name[namelen] = '\0'; + + auto error_value_len = sizeof(kLongLegacyError) - 1; + atomic_init(&this->serial, error_value_len << 24 | kLongFlag); + memcpy(this->long_property.error_message, kLongLegacyError, sizeof(kLongLegacyError)); + + this->long_property.offset = long_offset; +} diff --git a/property_info_parser.cpp b/property_info_parser.cpp new file mode 100644 index 0000000..489d81a --- /dev/null +++ b/property_info_parser.cpp @@ -0,0 +1,246 @@ +// +// Copyright (C) 2017 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +#include "property_info_parser/property_info_parser.h" + +#include +#include +#include +#include +#include +#include + +namespace android { +namespace properties { + +namespace { + +// Binary search to find index of element in an array compared via f(search). +template +int Find(uint32_t array_length, F&& f) { + int bottom = 0; + int top = array_length - 1; + while (top >= bottom) { + int search = (top + bottom) / 2; + + auto cmp = f(search); + + if (cmp == 0) return search; + if (cmp < 0) bottom = search + 1; + if (cmp > 0) top = search - 1; + } + return -1; +} + +} // namespace + +// Binary search the list of contexts to find the index of a given context string. +// Only should be used for TrieSerializer to construct the Trie. +int PropertyInfoArea::FindContextIndex(const char* context) const { + return Find(num_contexts(), [this, context](auto array_offset) { + auto string_offset = uint32_array(contexts_array_offset())[array_offset]; + return strcmp(c_string(string_offset), context); + }); +} + +// Binary search the list of types to find the index of a given type string. +// Only should be used for TrieSerializer to construct the Trie. +int PropertyInfoArea::FindTypeIndex(const char* type) const { + return Find(num_types(), [this, type](auto array_offset) { + auto string_offset = uint32_array(types_array_offset())[array_offset]; + return strcmp(c_string(string_offset), type); + }); +} + +// Binary search the list of children nodes to find a TrieNode for a given property piece. +// Used to traverse the Trie in GetPropertyInfoIndexes(). +bool TrieNode::FindChildForString(const char* name, uint32_t namelen, TrieNode* child) const { + auto node_index = Find(trie_node_base_->num_child_nodes, [this, name, namelen](auto array_offset) { + const char* child_name = child_node(array_offset).name(); + int cmp = strncmp(child_name, name, namelen); + if (cmp == 0 && child_name[namelen] != '\0') { + // We use strncmp() since name isn't null terminated, but we don't want to match only a + // prefix of a child node's name, so we check here if we did only match a prefix and + // return 1, to indicate to the binary search to search earlier in the array for the real + // match. + return 1; + } + return cmp; + }); + + if (node_index == -1) { + return false; + } + *child = child_node(node_index); + return true; +} + +void PropertyInfoArea::CheckPrefixMatch(const char* remaining_name, const TrieNode& trie_node, + uint32_t* context_index, uint32_t* type_index) const { + const uint32_t remaining_name_size = strlen(remaining_name); + for (uint32_t i = 0; i < trie_node.num_prefixes(); ++i) { + auto prefix_len = trie_node.prefix(i)->namelen; + if (prefix_len > remaining_name_size) continue; + + if (!strncmp(c_string(trie_node.prefix(i)->name_offset), remaining_name, prefix_len)) { + if (trie_node.prefix(i)->context_index != ~0u) { + *context_index = trie_node.prefix(i)->context_index; + } + if (trie_node.prefix(i)->type_index != ~0u) { + *type_index = trie_node.prefix(i)->type_index; + } + return; + } + } +} + +void PropertyInfoArea::GetPropertyInfoIndexes(const char* name, uint32_t* context_index, + uint32_t* type_index) const { + uint32_t return_context_index = ~0u; + uint32_t return_type_index = ~0u; + const char* remaining_name = name; + auto trie_node = root_node(); + while (true) { + const char* sep = strchr(remaining_name, '.'); + + // Apply prefix match for prefix deliminated with '.' + if (trie_node.context_index() != ~0u) { + return_context_index = trie_node.context_index(); + } + if (trie_node.type_index() != ~0u) { + return_type_index = trie_node.type_index(); + } + + // Check prefixes at this node. This comes after the node check since these prefixes are by + // definition longer than the node itself. + CheckPrefixMatch(remaining_name, trie_node, &return_context_index, &return_type_index); + + if (sep == nullptr) { + break; + } + + const uint32_t substr_size = sep - remaining_name; + TrieNode child_node; + if (!trie_node.FindChildForString(remaining_name, substr_size, &child_node)) { + break; + } + + trie_node = child_node; + remaining_name = sep + 1; + } + + // We've made it to a leaf node, so check contents and return appropriately. + // Check exact matches + for (uint32_t i = 0; i < trie_node.num_exact_matches(); ++i) { + if (!strcmp(c_string(trie_node.exact_match(i)->name_offset), remaining_name)) { + if (context_index != nullptr) { + if (trie_node.exact_match(i)->context_index != ~0u) { + *context_index = trie_node.exact_match(i)->context_index; + } else { + *context_index = return_context_index; + } + } + if (type_index != nullptr) { + if (trie_node.exact_match(i)->type_index != ~0u) { + *type_index = trie_node.exact_match(i)->type_index; + } else { + *type_index = return_type_index; + } + } + return; + } + } + // Check prefix matches for prefixes not deliminated with '.' + CheckPrefixMatch(remaining_name, trie_node, &return_context_index, &return_type_index); + // Return previously found prefix match. + if (context_index != nullptr) *context_index = return_context_index; + if (type_index != nullptr) *type_index = return_type_index; + return; +} + +void PropertyInfoArea::GetPropertyInfo(const char* property, const char** context, + const char** type) const { + uint32_t context_index; + uint32_t type_index; + GetPropertyInfoIndexes(property, &context_index, &type_index); + if (context != nullptr) { + if (context_index == ~0u) { + *context = nullptr; + } else { + *context = this->context(context_index); + } + } + if (type != nullptr) { + if (type_index == ~0u) { + *type = nullptr; + } else { + *type = this->type(type_index); + } + } +} + +bool PropertyInfoAreaFile::LoadDefaultPath() { + return LoadPath("/dev/__properties__/property_info"); +} + +bool PropertyInfoAreaFile::LoadPath(const char* filename) { + int fd = open(filename, O_CLOEXEC | O_NOFOLLOW | O_RDONLY); + + struct stat fd_stat; + if (fstat(fd, &fd_stat) < 0) { + close(fd); + return false; + } + + if ((fd_stat.st_uid != 0) || (fd_stat.st_gid != 0) || + ((fd_stat.st_mode & (S_IWGRP | S_IWOTH)) != 0) || + (fd_stat.st_size < static_cast(sizeof(PropertyInfoArea)))) { + close(fd); + return false; + } + + auto mmap_size = fd_stat.st_size; + + void* map_result = mmap(nullptr, mmap_size, PROT_READ, MAP_SHARED, fd, 0); + if (map_result == MAP_FAILED) { + close(fd); + return false; + } + + auto property_info_area = reinterpret_cast(map_result); + if (property_info_area->minimum_supported_version() > 1 || + property_info_area->size() != mmap_size) { + munmap(map_result, mmap_size); + close(fd); + return false; + } + + close(fd); + mmap_base_ = map_result; + mmap_size_ = mmap_size; + return true; +} + +void PropertyInfoAreaFile::Reset() { + if (mmap_size_ > 0) { + munmap(mmap_base_, mmap_size_); + } + mmap_base_ = nullptr; + mmap_size_ = 0; +} + +} // namespace properties +} // namespace android diff --git a/system_properties.cpp b/system_properties.cpp new file mode 100644 index 0000000..1cb15c3 --- /dev/null +++ b/system_properties.cpp @@ -0,0 +1,375 @@ +/* + * Copyright (C) 2008 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "system_properties/system_properties.h" + +#include +#include +#include +#include +#include +#include +#include + +#include + +#include + +#include "private/ErrnoRestorer.h" +#include "private/bionic_futex.h" + +#include "system_properties/context_node.h" +#include "system_properties/prop_area.h" +#include "system_properties/prop_info.h" + +#define SERIAL_DIRTY(serial) ((serial)&1) +#define SERIAL_VALUE_LEN(serial) ((serial) >> 24) + +static bool is_dir(const char* pathname) { + struct stat info; + if (stat(pathname, &info) == -1) { + return false; + } + return S_ISDIR(info.st_mode); +} + +bool SystemProperties::Init(const char* filename) { + // This is called from __libc_init_common, and should leave errno at 0 (http://b/37248982). + ErrnoRestorer errno_restorer; + + if (initialized_) { + contexts_->ResetAccess(); + return true; + } + + if (strlen(filename) >= PROP_FILENAME_MAX) { + return false; + } + strcpy(property_filename_, filename); + + if (is_dir(property_filename_)) { + if (access("/dev/__properties__/property_info", R_OK) == 0) { + contexts_ = new (contexts_data_) ContextsSerialized(); + if (!contexts_->Initialize(false, property_filename_, nullptr)) { + return false; + } + } else { + contexts_ = new (contexts_data_) ContextsSplit(); + if (!contexts_->Initialize(false, property_filename_, nullptr)) { + return false; + } + } + } else { + contexts_ = new (contexts_data_) ContextsPreSplit(); + if (!contexts_->Initialize(false, property_filename_, nullptr)) { + return false; + } + } + initialized_ = true; + return true; +} + +bool SystemProperties::AreaInit(const char* filename, bool* fsetxattr_failed) { + if (strlen(filename) >= PROP_FILENAME_MAX) { + return false; + } + strcpy(property_filename_, filename); + + contexts_ = new (contexts_data_) ContextsSerialized(); + if (!contexts_->Initialize(true, property_filename_, fsetxattr_failed)) { + return false; + } + initialized_ = true; + return true; +} + +uint32_t SystemProperties::AreaSerial() { + if (!initialized_) { + return -1; + } + + prop_area* pa = contexts_->GetSerialPropArea(); + if (!pa) { + return -1; + } + + // Make sure this read fulfilled before __system_property_serial + return atomic_load_explicit(pa->serial(), memory_order_acquire); +} + +const prop_info* SystemProperties::Find(const char* name) { + if (!initialized_) { + return nullptr; + } + + prop_area* pa = contexts_->GetPropAreaForName(name); + if (!pa) { + async_safe_format_log(ANDROID_LOG_WARN, "libc", "Access denied finding property \"%s\"", name); + return nullptr; + } + + return pa->find(name); +} + +static bool is_read_only(const char* name) { + return strncmp(name, "ro.", 3) == 0; +} + +uint32_t SystemProperties::ReadMutablePropertyValue(const prop_info* pi, char* value) { + // We assume the memcpy below gets serialized by the acquire fence. + uint32_t new_serial = load_const_atomic(&pi->serial, memory_order_acquire); + uint32_t serial; + unsigned int len; + for (;;) { + serial = new_serial; + len = SERIAL_VALUE_LEN(serial); + if (__predict_false(SERIAL_DIRTY(serial))) { + // See the comment in the prop_area constructor. + prop_area* pa = contexts_->GetPropAreaForName(pi->name); + memcpy(value, pa->dirty_backup_area(), len + 1); + } else { + memcpy(value, pi->value, len + 1); + } + atomic_thread_fence(memory_order_acquire); + new_serial = load_const_atomic(&pi->serial, memory_order_relaxed); + if (__predict_true(serial == new_serial)) { + break; + } + // We need another fence here because we want to ensure that the memcpy in the + // next iteration of the loop occurs after the load of new_serial above. We could + // get this guarantee by making the load_const_atomic of new_serial + // memory_order_acquire instead of memory_order_relaxed, but then we'd pay the + // penalty of the memory_order_acquire even in the overwhelmingly common case + // that the serial number didn't change. + atomic_thread_fence(memory_order_acquire); + } + return serial; +} + +int SystemProperties::Read(const prop_info* pi, char* name, char* value) { + uint32_t serial = ReadMutablePropertyValue(pi, value); + if (name != nullptr) { + size_t namelen = strlcpy(name, pi->name, PROP_NAME_MAX); + if (namelen >= PROP_NAME_MAX) { + async_safe_format_log(ANDROID_LOG_ERROR, "libc", + "The property name length for \"%s\" is >= %d;" + " please use __system_property_read_callback" + " to read this property. (the name is truncated to \"%s\")", + pi->name, PROP_NAME_MAX - 1, name); + } + } + if (is_read_only(pi->name) && pi->is_long()) { + async_safe_format_log( + ANDROID_LOG_ERROR, "libc", + "The property \"%s\" has a value with length %zu that is too large for" + " __system_property_get()/__system_property_read(); use" + " __system_property_read_callback() instead.", + pi->name, strlen(pi->long_value())); + } + return SERIAL_VALUE_LEN(serial); +} + +void SystemProperties::ReadCallback(const prop_info* pi, + void (*callback)(void* cookie, const char* name, + const char* value, uint32_t serial), + void* cookie) { + // Read only properties don't need to copy the value to a temporary buffer, since it can never + // change. We use relaxed memory order on the serial load for the same reason. + if (is_read_only(pi->name)) { + uint32_t serial = load_const_atomic(&pi->serial, memory_order_relaxed); + if (pi->is_long()) { + callback(cookie, pi->name, pi->long_value(), serial); + } else { + callback(cookie, pi->name, pi->value, serial); + } + return; + } + + char value_buf[PROP_VALUE_MAX]; + uint32_t serial = ReadMutablePropertyValue(pi, value_buf); + callback(cookie, pi->name, value_buf, serial); +} + +int SystemProperties::Get(const char* name, char* value) { + const prop_info* pi = Find(name); + + if (pi != nullptr) { + return Read(pi, nullptr, value); + } else { + value[0] = 0; + return 0; + } +} + +int SystemProperties::Update(prop_info* pi, const char* value, unsigned int len) { + if (len >= PROP_VALUE_MAX) { + return -1; + } + + if (!initialized_) { + return -1; + } + + prop_area* serial_pa = contexts_->GetSerialPropArea(); + if (!serial_pa) { + return -1; + } + prop_area* pa = contexts_->GetPropAreaForName(pi->name); + if (__predict_false(!pa)) { + async_safe_format_log(ANDROID_LOG_ERROR, "libc", "Could not find area for \"%s\"", pi->name); + return -1; + } + + uint32_t serial = atomic_load_explicit(&pi->serial, memory_order_relaxed); + unsigned int old_len = SERIAL_VALUE_LEN(serial); + + // The contract with readers is that whenever the dirty bit is set, an undamaged copy + // of the pre-dirty value is available in the dirty backup area. The fence ensures + // that we publish our dirty area update before allowing readers to see a + // dirty serial. + memcpy(pa->dirty_backup_area(), pi->value, old_len + 1); + atomic_thread_fence(memory_order_release); + serial |= 1; + atomic_store_explicit(&pi->serial, serial, memory_order_relaxed); + strlcpy(pi->value, value, len + 1); + // Now the primary value property area is up-to-date. Let readers know that they should + // look at the property value instead of the backup area. + atomic_thread_fence(memory_order_release); + atomic_store_explicit(&pi->serial, (len << 24) | ((serial + 1) & 0xffffff), memory_order_relaxed); + __futex_wake(&pi->serial, INT32_MAX); // Fence by side effect + atomic_store_explicit(serial_pa->serial(), + atomic_load_explicit(serial_pa->serial(), memory_order_relaxed) + 1, + memory_order_release); + __futex_wake(serial_pa->serial(), INT32_MAX); + + return 0; +} + +int SystemProperties::Add(const char* name, unsigned int namelen, const char* value, + unsigned int valuelen) { + if (valuelen >= PROP_VALUE_MAX && !is_read_only(name)) { + return -1; + } + + if (namelen < 1) { + return -1; + } + + if (!initialized_) { + return -1; + } + + prop_area* serial_pa = contexts_->GetSerialPropArea(); + if (serial_pa == nullptr) { + return -1; + } + + prop_area* pa = contexts_->GetPropAreaForName(name); + if (!pa) { + async_safe_format_log(ANDROID_LOG_ERROR, "libc", "Access denied adding property \"%s\"", name); + return -1; + } + + bool ret = pa->add(name, namelen, value, valuelen); + if (!ret) { + return -1; + } + + // There is only a single mutator, but we want to make sure that + // updates are visible to a reader waiting for the update. + atomic_store_explicit(serial_pa->serial(), + atomic_load_explicit(serial_pa->serial(), memory_order_relaxed) + 1, + memory_order_release); + __futex_wake(serial_pa->serial(), INT32_MAX); + return 0; +} + +uint32_t SystemProperties::WaitAny(uint32_t old_serial) { + uint32_t new_serial; + Wait(nullptr, old_serial, &new_serial, nullptr); + return new_serial; +} + +bool SystemProperties::Wait(const prop_info* pi, uint32_t old_serial, uint32_t* new_serial_ptr, + const timespec* relative_timeout) { + // Are we waiting on the global serial or a specific serial? + atomic_uint_least32_t* serial_ptr; + if (pi == nullptr) { + if (!initialized_) { + return -1; + } + + prop_area* serial_pa = contexts_->GetSerialPropArea(); + if (serial_pa == nullptr) { + return -1; + } + + serial_ptr = serial_pa->serial(); + } else { + serial_ptr = const_cast(&pi->serial); + } + + uint32_t new_serial; + do { + int rc; + if ((rc = __futex_wait(serial_ptr, old_serial, relative_timeout)) != 0 && rc == -ETIMEDOUT) { + return false; + } + new_serial = load_const_atomic(serial_ptr, memory_order_acquire); + } while (new_serial == old_serial); + + *new_serial_ptr = new_serial; + return true; +} + +const prop_info* SystemProperties::FindNth(unsigned n) { + struct find_nth { + const uint32_t sought; + uint32_t current; + const prop_info* result; + + explicit find_nth(uint32_t n) : sought(n), current(0), result(nullptr) { + } + static void fn(const prop_info* pi, void* ptr) { + find_nth* self = reinterpret_cast(ptr); + if (self->current++ == self->sought) self->result = pi; + } + } state(n); + Foreach(find_nth::fn, &state); + return state.result; +} + +int SystemProperties::Foreach(void (*propfn)(const prop_info* pi, void* cookie), void* cookie) { + if (!initialized_) { + return -1; + } + + contexts_->ForEach(propfn, cookie); + + return 0; +} diff --git a/system_property_api.cpp b/system_property_api.cpp new file mode 100644 index 0000000..a641f12 --- /dev/null +++ b/system_property_api.cpp @@ -0,0 +1,131 @@ +/* + * Copyright (C) 2017 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#define _REALLY_INCLUDE_SYS__SYSTEM_PROPERTIES_H_ +#include + +#include +#include + +#include "private/bionic_defs.h" + +static SystemProperties system_properties; +static_assert(__is_trivially_constructible(SystemProperties), + "System Properties must be trivially constructable"); + +// This is public because it was exposed in the NDK. As of 2017-01, ~60 apps reference this symbol. +// It is set to nullptr and never modified. +__BIONIC_WEAK_VARIABLE_FOR_NATIVE_BRIDGE +prop_area* __system_property_area__ = nullptr; + +__BIONIC_WEAK_FOR_NATIVE_BRIDGE +int __system_properties_init() { + return system_properties.Init(PROP_FILENAME) ? 0 : -1; +} + +__BIONIC_WEAK_FOR_NATIVE_BRIDGE +int __system_property_set_filename(const char*) { + return -1; +} + +__BIONIC_WEAK_FOR_NATIVE_BRIDGE +int __system_property_area_init() { + bool fsetxattr_failed = false; + return system_properties.AreaInit(PROP_FILENAME, &fsetxattr_failed) && !fsetxattr_failed ? 0 : -1; +} + +__BIONIC_WEAK_FOR_NATIVE_BRIDGE +uint32_t __system_property_area_serial() { + return system_properties.AreaSerial(); +} + +__BIONIC_WEAK_FOR_NATIVE_BRIDGE +const prop_info* __system_property_find(const char* name) { + return system_properties.Find(name); +} + +__BIONIC_WEAK_FOR_NATIVE_BRIDGE +int __system_property_read(const prop_info* pi, char* name, char* value) { + return system_properties.Read(pi, name, value); +} + +__BIONIC_WEAK_FOR_NATIVE_BRIDGE +void __system_property_read_callback(const prop_info* pi, + void (*callback)(void* cookie, const char* name, + const char* value, uint32_t serial), + void* cookie) { + return system_properties.ReadCallback(pi, callback, cookie); +} + +__BIONIC_WEAK_FOR_NATIVE_BRIDGE +int __system_property_get(const char* name, char* value) { + return system_properties.Get(name, value); +} + +__BIONIC_WEAK_FOR_NATIVE_BRIDGE +int __system_property_update(prop_info* pi, const char* value, unsigned int len) { + return system_properties.Update(pi, value, len); +} + +__BIONIC_WEAK_FOR_NATIVE_BRIDGE +int __system_property_add(const char* name, unsigned int namelen, const char* value, + unsigned int valuelen) { + return system_properties.Add(name, namelen, value, valuelen); +} + +__BIONIC_WEAK_FOR_NATIVE_BRIDGE +uint32_t __system_property_serial(const prop_info* pi) { + // N.B. a previous version of this function was much heavier-weight + // and enforced acquire semantics, so give our load here acquire + // semantics just in case somebody depends on + // __system_property_serial enforcing memory order, e.g., in case + // someone spins on the result of this function changing before + // loading some value. + return atomic_load_explicit(&pi->serial, memory_order_acquire); +} + +__BIONIC_WEAK_FOR_NATIVE_BRIDGE +uint32_t __system_property_wait_any(uint32_t old_serial) { + return system_properties.WaitAny(old_serial); +} + +__BIONIC_WEAK_FOR_NATIVE_BRIDGE +bool __system_property_wait(const prop_info* pi, uint32_t old_serial, uint32_t* new_serial_ptr, + const timespec* relative_timeout) { + return system_properties.Wait(pi, old_serial, new_serial_ptr, relative_timeout); +} + +__BIONIC_WEAK_FOR_NATIVE_BRIDGE +const prop_info* __system_property_find_nth(unsigned n) { + return system_properties.FindNth(n); +} + +__BIONIC_WEAK_FOR_NATIVE_BRIDGE +int __system_property_foreach(void (*propfn)(const prop_info* pi, void* cookie), void* cookie) { + return system_properties.Foreach(propfn, cookie); +} diff --git a/system_property_set.cpp b/system_property_set.cpp new file mode 100644 index 0000000..212aafc --- /dev/null +++ b/system_property_set.cpp @@ -0,0 +1,309 @@ +/* + * Copyright (C) 2017 The Android Open Source Project + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS + * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED + * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, + * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT + * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#define _REALLY_INCLUDE_SYS__SYSTEM_PROPERTIES_H_ +#include +#include + +#include +#include + +#include "private/bionic_defs.h" +#include "platform/bionic/macros.h" +#include "private/ScopedFd.h" + +static const char property_service_socket[] = "/dev/socket/" PROP_SERVICE_NAME; +static const char* kServiceVersionPropertyName = "ro.property_service.version"; + +class PropertyServiceConnection { + public: + PropertyServiceConnection() : last_error_(0) { + socket_.reset(::socket(AF_LOCAL, SOCK_STREAM | SOCK_CLOEXEC, 0)); + if (socket_.get() == -1) { + last_error_ = errno; + return; + } + + const size_t namelen = strlen(property_service_socket); + sockaddr_un addr; + memset(&addr, 0, sizeof(addr)); + strlcpy(addr.sun_path, property_service_socket, sizeof(addr.sun_path)); + addr.sun_family = AF_LOCAL; + socklen_t alen = namelen + offsetof(sockaddr_un, sun_path) + 1; + + if (TEMP_FAILURE_RETRY(connect(socket_.get(), + reinterpret_cast(&addr), alen)) == -1) { + last_error_ = errno; + socket_.reset(); + } + } + + bool IsValid() { + return socket_.get() != -1; + } + + int GetLastError() { + return last_error_; + } + + bool RecvInt32(int32_t* value) { + int result = TEMP_FAILURE_RETRY(recv(socket_.get(), value, sizeof(*value), MSG_WAITALL)); + return CheckSendRecvResult(result, sizeof(*value)); + } + + int socket() { + return socket_.get(); + } + + private: + bool CheckSendRecvResult(int result, int expected_len) { + if (result == -1) { + last_error_ = errno; + } else if (result != expected_len) { + last_error_ = -1; + } else { + last_error_ = 0; + } + + return last_error_ == 0; + } + + ScopedFd socket_; + int last_error_; + + friend class SocketWriter; +}; + +class SocketWriter { + public: + explicit SocketWriter(PropertyServiceConnection* connection) + : connection_(connection), iov_index_(0), uint_buf_index_(0) { + } + + SocketWriter& WriteUint32(uint32_t value) { + CHECK(uint_buf_index_ < kUintBufSize); + CHECK(iov_index_ < kIovSize); + uint32_t* ptr = uint_buf_ + uint_buf_index_; + uint_buf_[uint_buf_index_++] = value; + iov_[iov_index_].iov_base = ptr; + iov_[iov_index_].iov_len = sizeof(*ptr); + ++iov_index_; + return *this; + } + + SocketWriter& WriteString(const char* value) { + uint32_t valuelen = strlen(value); + WriteUint32(valuelen); + if (valuelen == 0) { + return *this; + } + + CHECK(iov_index_ < kIovSize); + iov_[iov_index_].iov_base = const_cast(value); + iov_[iov_index_].iov_len = valuelen; + ++iov_index_; + + return *this; + } + + bool Send() { + if (!connection_->IsValid()) { + return false; + } + + if (writev(connection_->socket(), iov_, iov_index_) == -1) { + connection_->last_error_ = errno; + return false; + } + + iov_index_ = uint_buf_index_ = 0; + return true; + } + + private: + static constexpr size_t kUintBufSize = 8; + static constexpr size_t kIovSize = 8; + + PropertyServiceConnection* connection_; + iovec iov_[kIovSize]; + size_t iov_index_; + uint32_t uint_buf_[kUintBufSize]; + size_t uint_buf_index_; + + BIONIC_DISALLOW_IMPLICIT_CONSTRUCTORS(SocketWriter); +}; + +struct prop_msg { + unsigned cmd; + char name[PROP_NAME_MAX]; + char value[PROP_VALUE_MAX]; +}; + +static int send_prop_msg(const prop_msg* msg) { + PropertyServiceConnection connection; + if (!connection.IsValid()) { + return connection.GetLastError(); + } + + int result = -1; + int s = connection.socket(); + + const int num_bytes = TEMP_FAILURE_RETRY(send(s, msg, sizeof(prop_msg), 0)); + if (num_bytes == sizeof(prop_msg)) { + // We successfully wrote to the property server but now we + // wait for the property server to finish its work. It + // acknowledges its completion by closing the socket so we + // poll here (on nothing), waiting for the socket to close. + // If you 'adb shell setprop foo bar' you'll see the POLLHUP + // once the socket closes. Out of paranoia we cap our poll + // at 250 ms. + pollfd pollfds[1]; + pollfds[0].fd = s; + pollfds[0].events = 0; + const int poll_result = TEMP_FAILURE_RETRY(poll(pollfds, 1, 250 /* ms */)); + if (poll_result == 1 && (pollfds[0].revents & POLLHUP) != 0) { + result = 0; + } else { + // Ignore the timeout and treat it like a success anyway. + // The init process is single-threaded and its property + // service is sometimes slow to respond (perhaps it's off + // starting a child process or something) and thus this + // times out and the caller thinks it failed, even though + // it's still getting around to it. So we fake it here, + // mostly for ctl.* properties, but we do try and wait 250 + // ms so callers who do read-after-write can reliably see + // what they've written. Most of the time. + async_safe_format_log(ANDROID_LOG_WARN, "libc", + "Property service has timed out while trying to set \"%s\" to \"%s\"", + msg->name, msg->value); + result = 0; + } + } + + return result; +} + +static constexpr uint32_t kProtocolVersion1 = 1; +static constexpr uint32_t kProtocolVersion2 = 2; // current + +static atomic_uint_least32_t g_propservice_protocol_version = 0; + +static void detect_protocol_version() { + char value[PROP_VALUE_MAX]; + if (__system_property_get(kServiceVersionPropertyName, value) == 0) { + g_propservice_protocol_version = kProtocolVersion1; + async_safe_format_log(ANDROID_LOG_WARN, "libc", + "Using old property service protocol (\"%s\" is not set)", + kServiceVersionPropertyName); + } else { + uint32_t version = static_cast(atoll(value)); + if (version >= kProtocolVersion2) { + g_propservice_protocol_version = kProtocolVersion2; + } else { + async_safe_format_log(ANDROID_LOG_WARN, "libc", + "Using old property service protocol (\"%s\"=\"%s\")", + kServiceVersionPropertyName, value); + g_propservice_protocol_version = kProtocolVersion1; + } + } +} + +__BIONIC_WEAK_FOR_NATIVE_BRIDGE +int __system_property_set(const char* key, const char* value) { + if (key == nullptr) return -1; + if (value == nullptr) value = ""; + + if (g_propservice_protocol_version == 0) { + detect_protocol_version(); + } + + if (g_propservice_protocol_version == kProtocolVersion1) { + // Old protocol does not support long names or values + if (strlen(key) >= PROP_NAME_MAX) return -1; + if (strlen(value) >= PROP_VALUE_MAX) return -1; + + prop_msg msg; + memset(&msg, 0, sizeof msg); + msg.cmd = PROP_MSG_SETPROP; + strlcpy(msg.name, key, sizeof msg.name); + strlcpy(msg.value, value, sizeof msg.value); + + return send_prop_msg(&msg); + } else { + // New protocol only allows long values for ro. properties only. + if (strlen(value) >= PROP_VALUE_MAX && strncmp(key, "ro.", 3) != 0) return -1; + // Use proper protocol + PropertyServiceConnection connection; + if (!connection.IsValid()) { + errno = connection.GetLastError(); + async_safe_format_log( + ANDROID_LOG_WARN, "libc", + "Unable to set property \"%s\" to \"%s\": connection failed; errno=%d (%s)", key, value, + errno, strerror(errno)); + return -1; + } + + SocketWriter writer(&connection); + if (!writer.WriteUint32(PROP_MSG_SETPROP2).WriteString(key).WriteString(value).Send()) { + errno = connection.GetLastError(); + async_safe_format_log(ANDROID_LOG_WARN, "libc", + "Unable to set property \"%s\" to \"%s\": write failed; errno=%d (%s)", + key, value, errno, strerror(errno)); + return -1; + } + + int result = -1; + if (!connection.RecvInt32(&result)) { + errno = connection.GetLastError(); + async_safe_format_log(ANDROID_LOG_WARN, "libc", + "Unable to set property \"%s\" to \"%s\": recv failed; errno=%d (%s)", + key, value, errno, strerror(errno)); + return -1; + } + + if (result != PROP_SUCCESS) { + async_safe_format_log(ANDROID_LOG_WARN, "libc", + "Unable to set property \"%s\" to \"%s\": error code: 0x%x", key, value, + result); + return -1; + } + + return 0; + } +}