2 * Copyright (C) 2008 The Android Open Source Project
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 #include <stdatomic.h>
42 #include <linux/xattr.h>
43 #include <netinet/in.h>
45 #include <sys/select.h>
46 #include <sys/socket.h>
48 #include <sys/types.h>
51 #include <sys/xattr.h>
53 #define _REALLY_INCLUDE_SYS__SYSTEM_PROPERTIES_H_
54 #include <sys/_system_properties.h>
55 #include <sys/system_properties.h>
57 #include "private/ErrnoRestorer.h"
58 #include "private/bionic_futex.h"
59 #include "private/bionic_lock.h"
60 #include "private/bionic_macros.h"
61 #include "private/bionic_sdk_version.h"
62 #include "private/libc_logging.h"
64 static constexpr int PROP_FILENAME_MAX = 1024;
66 static constexpr uint32_t PROP_AREA_MAGIC = 0x504f5250;
67 static constexpr uint32_t PROP_AREA_VERSION = 0xfc6ed0ab;
69 static constexpr size_t PA_SIZE = 128 * 1024;
71 #define SERIAL_DIRTY(serial) ((serial)&1)
72 #define SERIAL_VALUE_LEN(serial) ((serial) >> 24)
74 static const char property_service_socket[] = "/dev/socket/" PROP_SERVICE_NAME;
75 static const char* kServiceVersionPropertyName = "ro.property_service.version";
78 * Properties are stored in a hybrid trie/binary tree structure.
79 * Each property's name is delimited at '.' characters, and the tokens are put
80 * into a trie structure. Siblings at each level of the trie are stored in a
81 * binary tree. For instance, "ro.secure"="1" could be stored as follows:
83 * +-----+ children +----+ children +--------+
84 * | |-------------->| ro |-------------->| secure |
85 * +-----+ +----+ +--------+
87 * left / \ right left / | prop +===========+
88 * v v v +-------->| ro.secure |
89 * +-----+ +-----+ +-----+ +-----------+
90 * | net | | sys | | com | | 1 |
91 * +-----+ +-----+ +-----+ +===========+
94 // Represents a node in the trie.
98 // The property trie is updated only by the init process (single threaded) which provides
99 // property service. And it can be read by multiple threads at the same time.
100 // As the property trie is not protected by locks, we use atomic_uint_least32_t types for the
101 // left, right, children "pointers" in the trie node. To make sure readers who see the
102 // change of "pointers" can also notice the change of prop_bt structure contents pointed by
103 // the "pointers", we always use release-consume ordering pair when accessing these "pointers".
105 // prop "points" to prop_info structure if there is a propery associated with the trie node.
106 // Its situation is similar to the left, right, children "pointers". So we use
107 // atomic_uint_least32_t and release-consume ordering to protect it as well.
109 // We should also avoid rereading these fields redundantly, since not
110 // all processor implementations ensure that multiple loads from the
111 // same field are carried out in the right order.
112 atomic_uint_least32_t prop;
114 atomic_uint_least32_t left;
115 atomic_uint_least32_t right;
117 atomic_uint_least32_t children;
121 prop_bt(const char* name, const uint32_t name_length) {
122 this->namelen = name_length;
123 memcpy(this->name, name, name_length);
124 this->name[name_length] = '\0';
128 DISALLOW_COPY_AND_ASSIGN(prop_bt);
133 prop_area(const uint32_t magic, const uint32_t version) : magic_(magic), version_(version) {
134 atomic_init(&serial_, 0);
135 memset(reserved_, 0, sizeof(reserved_));
136 // Allocate enough space for the root node.
137 bytes_used_ = sizeof(prop_bt);
140 const prop_info* find(const char* name);
141 bool add(const char* name, unsigned int namelen, const char* value, unsigned int valuelen);
143 bool foreach (void (*propfn)(const prop_info* pi, void* cookie), void* cookie);
145 atomic_uint_least32_t* serial() {
148 uint32_t magic() const {
151 uint32_t version() const {
156 void* allocate_obj(const size_t size, uint_least32_t* const off);
157 prop_bt* new_prop_bt(const char* name, uint32_t namelen, uint_least32_t* const off);
158 prop_info* new_prop_info(const char* name, uint32_t namelen, const char* value, uint32_t valuelen,
159 uint_least32_t* const off);
160 void* to_prop_obj(uint_least32_t off);
161 prop_bt* to_prop_bt(atomic_uint_least32_t* off_p);
162 prop_info* to_prop_info(atomic_uint_least32_t* off_p);
164 prop_bt* root_node();
166 prop_bt* find_prop_bt(prop_bt* const bt, const char* name, uint32_t namelen, bool alloc_if_needed);
168 const prop_info* find_property(prop_bt* const trie, const char* name, uint32_t namelen,
169 const char* value, uint32_t valuelen, bool alloc_if_needed);
171 bool foreach_property(prop_bt* const trie, void (*propfn)(const prop_info* pi, void* cookie),
174 uint32_t bytes_used_;
175 atomic_uint_least32_t serial_;
178 uint32_t reserved_[28];
181 DISALLOW_COPY_AND_ASSIGN(prop_area);
185 atomic_uint_least32_t serial;
186 // we need to keep this buffer around because the property
187 // value can be modified whereas name is constant.
188 char value[PROP_VALUE_MAX];
191 prop_info(const char* name, uint32_t namelen, const char* value, uint32_t valuelen) {
192 memcpy(this->name, name, namelen);
193 this->name[namelen] = '\0';
194 atomic_init(&this->serial, valuelen << 24);
195 memcpy(this->value, value, valuelen);
196 this->value[valuelen] = '\0';
200 DISALLOW_IMPLICIT_CONSTRUCTORS(prop_info);
203 struct find_nth_cookie {
208 explicit find_nth_cookie(uint32_t n) : count(0), n(n), pi(nullptr) {
212 // This is public because it was exposed in the NDK. As of 2017-01, ~60 apps reference this symbol.
213 prop_area* __system_property_area__ = nullptr;
215 static char property_filename[PROP_FILENAME_MAX] = PROP_FILENAME;
216 static size_t pa_data_size;
217 static size_t pa_size;
218 static bool initialized = false;
220 static prop_area* map_prop_area_rw(const char* filename, const char* context,
221 bool* fsetxattr_failed) {
222 /* dev is a tmpfs that we can use to carve a shared workspace
223 * out of, so let's do that...
225 const int fd = open(filename, O_RDWR | O_CREAT | O_NOFOLLOW | O_CLOEXEC | O_EXCL, 0444);
228 if (errno == EACCES) {
229 /* for consistency with the case where the process has already
230 * mapped the page in and segfaults when trying to write to it
238 if (fsetxattr(fd, XATTR_NAME_SELINUX, context, strlen(context) + 1, 0) != 0) {
239 __libc_format_log(ANDROID_LOG_ERROR, "libc",
240 "fsetxattr failed to set context (%s) for \"%s\"", context, filename);
242 * fsetxattr() will fail during system properties tests due to selinux policy.
243 * We do not want to create a custom policy for the tester, so we will continue in
244 * this function but set a flag that an error has occurred.
245 * Init, which is the only daemon that should ever call this function will abort
246 * when this error occurs.
247 * Otherwise, the tester will ignore it and continue, albeit without any selinux
248 * property separation.
250 if (fsetxattr_failed) {
251 *fsetxattr_failed = true;
256 if (ftruncate(fd, PA_SIZE) < 0) {
262 pa_data_size = pa_size - sizeof(prop_area);
264 void* const memory_area = mmap(nullptr, pa_size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
265 if (memory_area == MAP_FAILED) {
270 prop_area* pa = new (memory_area) prop_area(PROP_AREA_MAGIC, PROP_AREA_VERSION);
276 static prop_area* map_fd_ro(const int fd) {
278 if (fstat(fd, &fd_stat) < 0) {
282 if ((fd_stat.st_uid != 0) || (fd_stat.st_gid != 0) ||
283 ((fd_stat.st_mode & (S_IWGRP | S_IWOTH)) != 0) ||
284 (fd_stat.st_size < static_cast<off_t>(sizeof(prop_area)))) {
288 pa_size = fd_stat.st_size;
289 pa_data_size = pa_size - sizeof(prop_area);
291 void* const map_result = mmap(nullptr, pa_size, PROT_READ, MAP_SHARED, fd, 0);
292 if (map_result == MAP_FAILED) {
296 prop_area* pa = reinterpret_cast<prop_area*>(map_result);
297 if ((pa->magic() != PROP_AREA_MAGIC) || (pa->version() != PROP_AREA_VERSION)) {
305 static prop_area* map_prop_area(const char* filename) {
306 int fd = open(filename, O_CLOEXEC | O_NOFOLLOW | O_RDONLY);
307 if (fd == -1) return nullptr;
309 prop_area* map_result = map_fd_ro(fd);
315 void* prop_area::allocate_obj(const size_t size, uint_least32_t* const off) {
316 const size_t aligned = BIONIC_ALIGN(size, sizeof(uint_least32_t));
317 if (bytes_used_ + aligned > pa_data_size) {
322 bytes_used_ += aligned;
326 prop_bt* prop_area::new_prop_bt(const char* name, uint32_t namelen, uint_least32_t* const off) {
327 uint_least32_t new_offset;
328 void* const p = allocate_obj(sizeof(prop_bt) + namelen + 1, &new_offset);
330 prop_bt* bt = new (p) prop_bt(name, namelen);
338 prop_info* prop_area::new_prop_info(const char* name, uint32_t namelen, const char* value,
339 uint32_t valuelen, uint_least32_t* const off) {
340 uint_least32_t new_offset;
341 void* const p = allocate_obj(sizeof(prop_info) + namelen + 1, &new_offset);
343 prop_info* info = new (p) prop_info(name, namelen, value, valuelen);
351 void* prop_area::to_prop_obj(uint_least32_t off) {
352 if (off > pa_data_size) return nullptr;
354 return (data_ + off);
357 inline prop_bt* prop_area::to_prop_bt(atomic_uint_least32_t* off_p) {
358 uint_least32_t off = atomic_load_explicit(off_p, memory_order_consume);
359 return reinterpret_cast<prop_bt*>(to_prop_obj(off));
362 inline prop_info* prop_area::to_prop_info(atomic_uint_least32_t* off_p) {
363 uint_least32_t off = atomic_load_explicit(off_p, memory_order_consume);
364 return reinterpret_cast<prop_info*>(to_prop_obj(off));
367 inline prop_bt* prop_area::root_node() {
368 return reinterpret_cast<prop_bt*>(to_prop_obj(0));
371 static int cmp_prop_name(const char* one, uint32_t one_len, const char* two, uint32_t two_len) {
372 if (one_len < two_len)
374 else if (one_len > two_len)
377 return strncmp(one, two, one_len);
380 prop_bt* prop_area::find_prop_bt(prop_bt* const bt, const char* name, uint32_t namelen,
381 bool alloc_if_needed) {
382 prop_bt* current = bt;
388 const int ret = cmp_prop_name(name, namelen, current->name, current->namelen);
394 uint_least32_t left_offset = atomic_load_explicit(¤t->left, memory_order_relaxed);
395 if (left_offset != 0) {
396 current = to_prop_bt(¤t->left);
398 if (!alloc_if_needed) {
402 uint_least32_t new_offset;
403 prop_bt* new_bt = new_prop_bt(name, namelen, &new_offset);
405 atomic_store_explicit(¤t->left, new_offset, memory_order_release);
410 uint_least32_t right_offset = atomic_load_explicit(¤t->right, memory_order_relaxed);
411 if (right_offset != 0) {
412 current = to_prop_bt(¤t->right);
414 if (!alloc_if_needed) {
418 uint_least32_t new_offset;
419 prop_bt* new_bt = new_prop_bt(name, namelen, &new_offset);
421 atomic_store_explicit(¤t->right, new_offset, memory_order_release);
429 const prop_info* prop_area::find_property(prop_bt* const trie, const char* name, uint32_t namelen,
430 const char* value, uint32_t valuelen,
431 bool alloc_if_needed) {
432 if (!trie) return nullptr;
434 const char* remaining_name = name;
435 prop_bt* current = trie;
437 const char* sep = strchr(remaining_name, '.');
438 const bool want_subtree = (sep != nullptr);
439 const uint32_t substr_size = (want_subtree) ? sep - remaining_name : strlen(remaining_name);
445 prop_bt* root = nullptr;
446 uint_least32_t children_offset = atomic_load_explicit(¤t->children, memory_order_relaxed);
447 if (children_offset != 0) {
448 root = to_prop_bt(¤t->children);
449 } else if (alloc_if_needed) {
450 uint_least32_t new_offset;
451 root = new_prop_bt(remaining_name, substr_size, &new_offset);
453 atomic_store_explicit(¤t->children, new_offset, memory_order_release);
461 current = find_prop_bt(root, remaining_name, substr_size, alloc_if_needed);
466 if (!want_subtree) break;
468 remaining_name = sep + 1;
471 uint_least32_t prop_offset = atomic_load_explicit(¤t->prop, memory_order_relaxed);
472 if (prop_offset != 0) {
473 return to_prop_info(¤t->prop);
474 } else if (alloc_if_needed) {
475 uint_least32_t new_offset;
476 prop_info* new_info = new_prop_info(name, namelen, value, valuelen, &new_offset);
478 atomic_store_explicit(¤t->prop, new_offset, memory_order_release);
487 class PropertyServiceConnection {
489 PropertyServiceConnection() : last_error_(0) {
490 socket_ = ::socket(AF_LOCAL, SOCK_STREAM | SOCK_CLOEXEC, 0);
496 const size_t namelen = strlen(property_service_socket);
498 memset(&addr, 0, sizeof(addr));
499 strlcpy(addr.sun_path, property_service_socket, sizeof(addr.sun_path));
500 addr.sun_family = AF_LOCAL;
501 socklen_t alen = namelen + offsetof(sockaddr_un, sun_path) + 1;
503 if (TEMP_FAILURE_RETRY(connect(socket_, reinterpret_cast<sockaddr*>(&addr), alen)) == -1) {
511 return socket_ != -1;
518 bool RecvInt32(int32_t* value) {
519 int result = TEMP_FAILURE_RETRY(recv(socket_, value, sizeof(*value), MSG_WAITALL));
520 return CheckSendRecvResult(result, sizeof(*value));
527 ~PropertyServiceConnection() {
534 bool CheckSendRecvResult(int result, int expected_len) {
537 } else if (result != expected_len) {
543 return last_error_ == 0;
549 friend class SocketWriter;
554 explicit SocketWriter(PropertyServiceConnection* connection)
555 : connection_(connection), iov_index_(0), uint_buf_index_(0)
558 SocketWriter& WriteUint32(uint32_t value) {
559 CHECK(uint_buf_index_ < kUintBufSize);
560 CHECK(iov_index_ < kIovSize);
561 uint32_t* ptr = uint_buf_ + uint_buf_index_;
562 uint_buf_[uint_buf_index_++] = value;
563 iov_[iov_index_].iov_base = ptr;
564 iov_[iov_index_].iov_len = sizeof(*ptr);
569 SocketWriter& WriteString(const char* value) {
570 uint32_t valuelen = strlen(value);
571 WriteUint32(valuelen);
576 CHECK(iov_index_ < kIovSize);
577 iov_[iov_index_].iov_base = const_cast<char*>(value);
578 iov_[iov_index_].iov_len = valuelen;
585 if (!connection_->IsValid()) {
589 if (writev(connection_->socket(), iov_, iov_index_) == -1) {
590 connection_->last_error_ = errno;
594 iov_index_ = uint_buf_index_ = 0;
599 static constexpr size_t kUintBufSize = 8;
600 static constexpr size_t kIovSize = 8;
602 PropertyServiceConnection* connection_;
603 iovec iov_[kIovSize];
605 uint32_t uint_buf_[kUintBufSize];
606 size_t uint_buf_index_;
608 DISALLOW_IMPLICIT_CONSTRUCTORS(SocketWriter);
613 char name[PROP_NAME_MAX];
614 char value[PROP_VALUE_MAX];
617 static int send_prop_msg(const prop_msg* msg) {
618 PropertyServiceConnection connection;
619 if (!connection.IsValid()) {
620 return connection.GetLastError();
624 int s = connection.socket();
626 const int num_bytes = TEMP_FAILURE_RETRY(send(s, msg, sizeof(prop_msg), 0));
627 if (num_bytes == sizeof(prop_msg)) {
628 // We successfully wrote to the property server but now we
629 // wait for the property server to finish its work. It
630 // acknowledges its completion by closing the socket so we
631 // poll here (on nothing), waiting for the socket to close.
632 // If you 'adb shell setprop foo bar' you'll see the POLLHUP
633 // once the socket closes. Out of paranoia we cap our poll
637 pollfds[0].events = 0;
638 const int poll_result = TEMP_FAILURE_RETRY(poll(pollfds, 1, 250 /* ms */));
639 if (poll_result == 1 && (pollfds[0].revents & POLLHUP) != 0) {
642 // Ignore the timeout and treat it like a success anyway.
643 // The init process is single-threaded and its property
644 // service is sometimes slow to respond (perhaps it's off
645 // starting a child process or something) and thus this
646 // times out and the caller thinks it failed, even though
647 // it's still getting around to it. So we fake it here,
648 // mostly for ctl.* properties, but we do try and wait 250
649 // ms so callers who do read-after-write can reliably see
650 // what they've written. Most of the time.
651 // TODO: fix the system properties design.
652 __libc_format_log(ANDROID_LOG_WARN, "libc",
653 "Property service has timed out while trying to set \"%s\" to \"%s\"",
654 msg->name, msg->value);
662 static void find_nth_fn(const prop_info* pi, void* ptr) {
663 find_nth_cookie* cookie = reinterpret_cast<find_nth_cookie*>(ptr);
665 if (cookie->n == cookie->count) cookie->pi = pi;
670 bool prop_area::foreach_property(prop_bt* const trie,
671 void (*propfn)(const prop_info* pi, void* cookie), void* cookie) {
672 if (!trie) return false;
674 uint_least32_t left_offset = atomic_load_explicit(&trie->left, memory_order_relaxed);
675 if (left_offset != 0) {
676 const int err = foreach_property(to_prop_bt(&trie->left), propfn, cookie);
677 if (err < 0) return false;
679 uint_least32_t prop_offset = atomic_load_explicit(&trie->prop, memory_order_relaxed);
680 if (prop_offset != 0) {
681 prop_info* info = to_prop_info(&trie->prop);
682 if (!info) return false;
683 propfn(info, cookie);
685 uint_least32_t children_offset = atomic_load_explicit(&trie->children, memory_order_relaxed);
686 if (children_offset != 0) {
687 const int err = foreach_property(to_prop_bt(&trie->children), propfn, cookie);
688 if (err < 0) return false;
690 uint_least32_t right_offset = atomic_load_explicit(&trie->right, memory_order_relaxed);
691 if (right_offset != 0) {
692 const int err = foreach_property(to_prop_bt(&trie->right), propfn, cookie);
693 if (err < 0) return false;
699 const prop_info* prop_area::find(const char* name) {
700 return find_property(root_node(), name, strlen(name), nullptr, 0, false);
703 bool prop_area::add(const char* name, unsigned int namelen, const char* value,
704 unsigned int valuelen) {
705 return find_property(root_node(), name, namelen, value, valuelen, true);
708 bool prop_area::foreach (void (*propfn)(const prop_info* pi, void* cookie), void* cookie) {
709 return foreach_property(root_node(), propfn, cookie);
714 context_node(context_node* next, const char* context, prop_area* pa)
715 : next(next), context_(strdup(context)), pa_(pa), no_access_(false) {
722 bool open(bool access_rw, bool* fsetxattr_failed);
723 bool check_access_and_open();
726 const char* context() const {
746 prefix_node(struct prefix_node* next, const char* prefix, context_node* context)
747 : prefix(strdup(prefix)), prefix_len(strlen(prefix)), context(context), next(next) {
753 const size_t prefix_len;
754 context_node* context;
755 struct prefix_node* next;
758 template <typename List, typename... Args>
759 static inline void list_add(List** list, Args... args) {
760 *list = new List(*list, args...);
763 static void list_add_after_len(prefix_node** list, const char* prefix, context_node* context) {
764 size_t prefix_len = strlen(prefix);
766 auto next_list = list;
769 if ((*next_list)->prefix_len < prefix_len || (*next_list)->prefix[0] == '*') {
770 list_add(next_list, prefix, context);
773 next_list = &(*next_list)->next;
775 list_add(next_list, prefix, context);
778 template <typename List, typename Func>
779 static void list_foreach(List* list, Func func) {
786 template <typename List, typename Func>
787 static List* list_find(List* list, Func func) {
797 template <typename List>
798 static void list_free(List** list) {
800 auto old_list = *list;
801 *list = old_list->next;
806 static prefix_node* prefixes = nullptr;
807 static context_node* contexts = nullptr;
810 * pthread_mutex_lock() calls into system_properties in the case of contention.
811 * This creates a risk of dead lock if any system_properties functions
812 * use pthread locks after system_property initialization.
814 * For this reason, the below three functions use a bionic Lock and static
815 * allocation of memory for each filename.
818 bool context_node::open(bool access_rw, bool* fsetxattr_failed) {
825 char filename[PROP_FILENAME_MAX];
826 int len = __libc_format_buffer(filename, sizeof(filename), "%s/%s", property_filename, context_);
827 if (len < 0 || len > PROP_FILENAME_MAX) {
833 pa_ = map_prop_area_rw(filename, context_, fsetxattr_failed);
835 pa_ = map_prop_area(filename);
841 bool context_node::check_access_and_open() {
842 if (!pa_ && !no_access_) {
843 if (!check_access() || !open(false, nullptr)) {
850 void context_node::reset_access() {
851 if (!check_access()) {
859 bool context_node::check_access() {
860 char filename[PROP_FILENAME_MAX];
861 int len = __libc_format_buffer(filename, sizeof(filename), "%s/%s", property_filename, context_);
862 if (len < 0 || len > PROP_FILENAME_MAX) {
866 return access(filename, R_OK) == 0;
869 void context_node::unmap() {
874 munmap(pa_, pa_size);
875 if (pa_ == __system_property_area__) {
876 __system_property_area__ = nullptr;
881 static bool map_system_property_area(bool access_rw, bool* fsetxattr_failed) {
882 char filename[PROP_FILENAME_MAX];
884 __libc_format_buffer(filename, sizeof(filename), "%s/properties_serial", property_filename);
885 if (len < 0 || len > PROP_FILENAME_MAX) {
886 __system_property_area__ = nullptr;
891 __system_property_area__ =
892 map_prop_area_rw(filename, "u:object_r:properties_serial:s0", fsetxattr_failed);
894 __system_property_area__ = map_prop_area(filename);
896 return __system_property_area__;
899 static prop_area* get_prop_area_for_name(const char* name) {
900 auto entry = list_find(prefixes, [name](prefix_node* l) {
901 return l->prefix[0] == '*' || !strncmp(l->prefix, name, l->prefix_len);
907 auto cnode = entry->context;
910 * We explicitly do not check no_access_ in this case because unlike the
911 * case of foreach(), we want to generate an selinux audit for each
912 * non-permitted property access in this function.
914 cnode->open(false, nullptr);
920 * The below two functions are duplicated from label_support.c in libselinux.
921 * TODO: Find a location suitable for these functions such that both libc and
922 * libselinux can share a common source file.
926 * The read_spec_entries and read_spec_entry functions may be used to
927 * replace sscanf to read entries from spec files. The file and
928 * property services now use these.
931 /* Read an entry from a spec file (e.g. file_contexts) */
932 static inline int read_spec_entry(char** entry, char** ptr, int* len) {
934 char* tmp_buf = nullptr;
936 while (isspace(**ptr) && **ptr != '\0') (*ptr)++;
941 while (!isspace(**ptr) && **ptr != '\0') {
947 *entry = strndup(tmp_buf, *len);
948 if (!*entry) return -1;
955 * line_buf - Buffer containing the spec entries .
956 * num_args - The number of spec parameter entries to process.
957 * ... - A 'char **spec_entry' for each parameter.
958 * returns - The number of items processed.
960 * This function calls read_spec_entry() to do the actual string processing.
962 static int read_spec_entries(char* line_buf, int num_args, ...) {
963 char **spec_entry, *buf_p;
964 int len, rc, items, entry_len = 0;
967 len = strlen(line_buf);
968 if (line_buf[len - 1] == '\n')
969 line_buf[len - 1] = '\0';
971 /* Handle case if line not \n terminated by bumping
972 * the len for the check below (as the line is NUL
973 * terminated by getline(3)) */
977 while (isspace(*buf_p)) buf_p++;
979 /* Skip comment lines and empty lines. */
980 if (*buf_p == '#' || *buf_p == '\0') return 0;
982 /* Process the spec file entries */
983 va_start(ap, num_args);
986 while (items < num_args) {
987 spec_entry = va_arg(ap, char**);
989 if (len - 1 == buf_p - line_buf) {
994 rc = read_spec_entry(spec_entry, &buf_p, &entry_len);
999 if (entry_len) items++;
1005 static bool initialize_properties_from_file(const char* filename) {
1006 FILE* file = fopen(filename, "re");
1011 char* buffer = nullptr;
1013 char* prop_prefix = nullptr;
1014 char* context = nullptr;
1016 while (getline(&buffer, &line_len, file) > 0) {
1017 int items = read_spec_entries(buffer, 2, &prop_prefix, &context);
1026 * init uses ctl.* properties as an IPC mechanism and does not write them
1027 * to a property file, therefore we do not need to create property files
1030 if (!strncmp(prop_prefix, "ctl.", 4)) {
1037 list_find(contexts, [context](context_node* l) { return !strcmp(l->context(), context); });
1039 list_add_after_len(&prefixes, prop_prefix, old_context);
1041 list_add(&contexts, context, nullptr);
1042 list_add_after_len(&prefixes, prop_prefix, contexts);
1054 static bool initialize_properties() {
1055 // If we do find /property_contexts, then this is being
1056 // run as part of the OTA updater on older release that had
1057 // /property_contexts - b/34370523
1058 if (initialize_properties_from_file("/property_contexts")) {
1062 // Use property_contexts from /system & /vendor, fall back to those from /
1063 if (access("/system/etc/selinux/plat_property_contexts", R_OK) != -1) {
1064 if (!initialize_properties_from_file("/system/etc/selinux/plat_property_contexts")) {
1067 if (!initialize_properties_from_file("/vendor/etc/selinux/nonplat_property_contexts")) {
1071 if (!initialize_properties_from_file("/plat_property_contexts")) {
1074 if (!initialize_properties_from_file("/nonplat_property_contexts")) {
1082 static bool is_dir(const char* pathname) {
1084 if (stat(pathname, &info) == -1) {
1087 return S_ISDIR(info.st_mode);
1090 static void free_and_unmap_contexts() {
1091 list_free(&prefixes);
1092 list_free(&contexts);
1093 if (__system_property_area__) {
1094 munmap(__system_property_area__, pa_size);
1095 __system_property_area__ = nullptr;
1099 int __system_properties_init() {
1100 // This is called from __libc_init_common, and should leave errno at 0 (http://b/37248982).
1101 ErrnoRestorer errno_restorer;
1104 list_foreach(contexts, [](context_node* l) { l->reset_access(); });
1107 if (is_dir(property_filename)) {
1108 if (!initialize_properties()) {
1111 if (!map_system_property_area(false, nullptr)) {
1112 free_and_unmap_contexts();
1116 __system_property_area__ = map_prop_area(property_filename);
1117 if (!__system_property_area__) {
1120 list_add(&contexts, "legacy_system_prop_area", __system_property_area__);
1121 list_add_after_len(&prefixes, "*", contexts);
1127 int __system_property_set_filename(const char* filename) {
1128 size_t len = strlen(filename);
1129 if (len >= sizeof(property_filename)) return -1;
1131 strcpy(property_filename, filename);
1135 int __system_property_area_init() {
1136 free_and_unmap_contexts();
1137 mkdir(property_filename, S_IRWXU | S_IXGRP | S_IXOTH);
1138 if (!initialize_properties()) {
1141 bool open_failed = false;
1142 bool fsetxattr_failed = false;
1143 list_foreach(contexts, [&fsetxattr_failed, &open_failed](context_node* l) {
1144 if (!l->open(true, &fsetxattr_failed)) {
1148 if (open_failed || !map_system_property_area(true, &fsetxattr_failed)) {
1149 free_and_unmap_contexts();
1153 return fsetxattr_failed ? -2 : 0;
1156 uint32_t __system_property_area_serial() {
1157 prop_area* pa = __system_property_area__;
1161 // Make sure this read fulfilled before __system_property_serial
1162 return atomic_load_explicit(pa->serial(), memory_order_acquire);
1165 const prop_info* __system_property_find(const char* name) {
1166 if (!__system_property_area__) {
1170 prop_area* pa = get_prop_area_for_name(name);
1172 __libc_format_log(ANDROID_LOG_ERROR, "libc", "Access denied finding property \"%s\"", name);
1176 return pa->find(name);
1179 // The C11 standard doesn't allow atomic loads from const fields,
1180 // though C++11 does. Fudge it until standards get straightened out.
1181 static inline uint_least32_t load_const_atomic(const atomic_uint_least32_t* s, memory_order mo) {
1182 atomic_uint_least32_t* non_const_s = const_cast<atomic_uint_least32_t*>(s);
1183 return atomic_load_explicit(non_const_s, mo);
1186 int __system_property_read(const prop_info* pi, char* name, char* value) {
1188 uint32_t serial = __system_property_serial(pi); // acquire semantics
1189 size_t len = SERIAL_VALUE_LEN(serial);
1190 memcpy(value, pi->value, len + 1);
1191 // TODO: Fix the synchronization scheme here.
1192 // There is no fully supported way to implement this kind
1193 // of synchronization in C++11, since the memcpy races with
1194 // updates to pi, and the data being accessed is not atomic.
1195 // The following fence is unintuitive, but would be the
1196 // correct one if memcpy used memory_order_relaxed atomic accesses.
1197 // In practice it seems unlikely that the generated code would
1198 // would be any different, so this should be OK.
1199 atomic_thread_fence(memory_order_acquire);
1200 if (serial == load_const_atomic(&(pi->serial), memory_order_relaxed)) {
1201 if (name != nullptr) {
1202 size_t namelen = strlcpy(name, pi->name, PROP_NAME_MAX);
1203 if (namelen >= PROP_NAME_MAX) {
1204 __libc_format_log(ANDROID_LOG_ERROR, "libc",
1205 "The property name length for \"%s\" is >= %d;"
1206 " please use __system_property_read_callback"
1207 " to read this property. (the name is truncated to \"%s\")",
1208 pi->name, PROP_NAME_MAX - 1, name);
1216 void __system_property_read_callback(const prop_info* pi,
1217 void (*callback)(void* cookie,
1223 uint32_t serial = __system_property_serial(pi); // acquire semantics
1224 size_t len = SERIAL_VALUE_LEN(serial);
1225 char value_buf[len + 1];
1227 memcpy(value_buf, pi->value, len);
1228 value_buf[len] = '\0';
1230 // TODO: see todo in __system_property_read function
1231 atomic_thread_fence(memory_order_acquire);
1232 if (serial == load_const_atomic(&(pi->serial), memory_order_relaxed)) {
1233 callback(cookie, pi->name, value_buf, serial);
1239 int __system_property_get(const char* name, char* value) {
1240 const prop_info* pi = __system_property_find(name);
1243 return __system_property_read(pi, nullptr, value);
1250 static constexpr uint32_t kProtocolVersion1 = 1;
1251 static constexpr uint32_t kProtocolVersion2 = 2; // current
1253 static atomic_uint_least32_t g_propservice_protocol_version = 0;
1255 static void detect_protocol_version() {
1256 char value[PROP_VALUE_MAX];
1257 if (__system_property_get(kServiceVersionPropertyName, value) == 0) {
1258 g_propservice_protocol_version = kProtocolVersion1;
1259 __libc_format_log(ANDROID_LOG_WARN, "libc",
1260 "Using old property service protocol (\"%s\" is not set)",
1261 kServiceVersionPropertyName);
1263 uint32_t version = static_cast<uint32_t>(atoll(value));
1264 if (version >= kProtocolVersion2) {
1265 g_propservice_protocol_version = kProtocolVersion2;
1267 __libc_format_log(ANDROID_LOG_WARN, "libc",
1268 "Using old property service protocol (\"%s\"=\"%s\")",
1269 kServiceVersionPropertyName, value);
1270 g_propservice_protocol_version = kProtocolVersion1;
1275 int __system_property_set(const char* key, const char* value) {
1276 if (key == nullptr) return -1;
1277 if (value == nullptr) value = "";
1278 if (strlen(value) >= PROP_VALUE_MAX) return -1;
1280 if (g_propservice_protocol_version == 0) {
1281 detect_protocol_version();
1284 if (g_propservice_protocol_version == kProtocolVersion1) {
1285 // Old protocol does not support long names
1286 if (strlen(key) >= PROP_NAME_MAX) return -1;
1289 memset(&msg, 0, sizeof msg);
1290 msg.cmd = PROP_MSG_SETPROP;
1291 strlcpy(msg.name, key, sizeof msg.name);
1292 strlcpy(msg.value, value, sizeof msg.value);
1294 return send_prop_msg(&msg);
1296 // Use proper protocol
1297 PropertyServiceConnection connection;
1298 if (!connection.IsValid()) {
1299 errno = connection.GetLastError();
1300 __libc_format_log(ANDROID_LOG_WARN,
1302 "Unable to set property \"%s\" to \"%s\": connection failed; errno=%d (%s)",
1310 SocketWriter writer(&connection);
1311 if (!writer.WriteUint32(PROP_MSG_SETPROP2).WriteString(key).WriteString(value).Send()) {
1312 errno = connection.GetLastError();
1313 __libc_format_log(ANDROID_LOG_WARN,
1315 "Unable to set property \"%s\" to \"%s\": write failed; errno=%d (%s)",
1324 if (!connection.RecvInt32(&result)) {
1325 errno = connection.GetLastError();
1326 __libc_format_log(ANDROID_LOG_WARN,
1328 "Unable to set property \"%s\" to \"%s\": recv failed; errno=%d (%s)",
1336 if (result != PROP_SUCCESS) {
1337 __libc_format_log(ANDROID_LOG_WARN,
1339 "Unable to set property \"%s\" to \"%s\": error code: 0x%x",
1350 int __system_property_update(prop_info* pi, const char* value, unsigned int len) {
1351 if (len >= PROP_VALUE_MAX) {
1355 prop_area* pa = __system_property_area__;
1361 uint32_t serial = atomic_load_explicit(&pi->serial, memory_order_relaxed);
1363 atomic_store_explicit(&pi->serial, serial, memory_order_relaxed);
1364 // The memcpy call here also races. Again pretend it
1365 // used memory_order_relaxed atomics, and use the analogous
1366 // counterintuitive fence.
1367 atomic_thread_fence(memory_order_release);
1368 strlcpy(pi->value, value, len + 1);
1370 atomic_store_explicit(&pi->serial, (len << 24) | ((serial + 1) & 0xffffff), memory_order_release);
1371 __futex_wake(&pi->serial, INT32_MAX);
1373 atomic_store_explicit(pa->serial(), atomic_load_explicit(pa->serial(), memory_order_relaxed) + 1,
1374 memory_order_release);
1375 __futex_wake(pa->serial(), INT32_MAX);
1380 int __system_property_add(const char* name, unsigned int namelen, const char* value,
1381 unsigned int valuelen) {
1382 if (valuelen >= PROP_VALUE_MAX) {
1390 if (!__system_property_area__) {
1394 prop_area* pa = get_prop_area_for_name(name);
1397 __libc_format_log(ANDROID_LOG_ERROR, "libc", "Access denied adding property \"%s\"", name);
1401 bool ret = pa->add(name, namelen, value, valuelen);
1406 // There is only a single mutator, but we want to make sure that
1407 // updates are visible to a reader waiting for the update.
1408 atomic_store_explicit(
1409 __system_property_area__->serial(),
1410 atomic_load_explicit(__system_property_area__->serial(), memory_order_relaxed) + 1,
1411 memory_order_release);
1412 __futex_wake(__system_property_area__->serial(), INT32_MAX);
1416 // Wait for non-locked serial, and retrieve it with acquire semantics.
1417 uint32_t __system_property_serial(const prop_info* pi) {
1418 uint32_t serial = load_const_atomic(&pi->serial, memory_order_acquire);
1419 while (SERIAL_DIRTY(serial)) {
1420 __futex_wait(const_cast<_Atomic(uint_least32_t)*>(&pi->serial), serial, nullptr);
1421 serial = load_const_atomic(&pi->serial, memory_order_acquire);
1426 uint32_t __system_property_wait_any(uint32_t old_serial) {
1427 uint32_t new_serial;
1428 __system_property_wait(nullptr, old_serial, &new_serial, nullptr);
1432 bool __system_property_wait(const prop_info* pi,
1433 uint32_t old_serial,
1434 uint32_t* new_serial_ptr,
1435 const timespec* relative_timeout) {
1436 // Are we waiting on the global serial or a specific serial?
1437 atomic_uint_least32_t* serial_ptr;
1438 if (pi == nullptr) {
1439 if (__system_property_area__ == nullptr) return -1;
1440 serial_ptr = __system_property_area__->serial();
1442 serial_ptr = const_cast<atomic_uint_least32_t*>(&pi->serial);
1445 uint32_t new_serial;
1448 if ((rc = __futex_wait(serial_ptr, old_serial, relative_timeout)) != 0 && rc == -ETIMEDOUT) {
1451 new_serial = load_const_atomic(serial_ptr, memory_order_acquire);
1452 } while (new_serial == old_serial);
1454 *new_serial_ptr = new_serial;
1458 const prop_info* __system_property_find_nth(unsigned n) {
1459 if (bionic_get_application_target_sdk_version() >= __ANDROID_API_O__) {
1461 "__system_property_find_nth is not supported since Android O,"
1462 " please use __system_property_foreach instead.");
1465 find_nth_cookie cookie(n);
1467 const int err = __system_property_foreach(find_nth_fn, &cookie);
1475 int __system_property_foreach(void (*propfn)(const prop_info* pi, void* cookie), void* cookie) {
1476 if (!__system_property_area__) {
1480 list_foreach(contexts, [propfn, cookie](context_node* l) {
1481 if (l->check_access_and_open()) {
1482 l->pa()->foreach (propfn, cookie);