The third argument of strncat() tells how much data to append from
src, not the total size of the buffer.
Change uses of strncat() to strlcat(), which has the buffer overflow
protection behavior intended by the original author.
This fixes the following compiler warning:
In function 'strncat',
inlined from 'print_type' at system/core/toolbox/lsof.c:76:12:
bionic/libc/include/string.h:142:5: warning: call to __builtin___strncat_chk might overflow destination buffer [enabled by default]
Change-Id: Id69edc641de3cb87d1867a409cd57b04b12f90a7
Fix bug https://code.google.com/p/android/issues/detail?id=54192
which incorrectly calculated the length of a string.
Fix compiler warning:
system/core/toolbox/mount.c:59:2: warning: initializer-string for array of chars is too long [enabled by default]
system/core/toolbox/mount.c:59:2: warning: (near initialization for 'options[16].str') [enabled by default]
Change-Id: If8663f8311c6348a730fcf731d402b57fee10cb5
When a filesystem is mounted read-only, make the underlying
block device read-only too. This helps prevent an attacker
who is able to change permissions on the files in /dev
(for example, symlink attack) from modifying the block device.
In particular, this change would have stopped the LG Thrill / Optimus
3D rooting exploit
(http://vulnfactory.org/blog/2012/02/26/rooting-the-lg-thrill-optimus-3d/)
as that exploit modified the raw block device corresponding to /system.
This change also makes UID=0 less powerful. Block devices cannot
be made writable again without CAP_SYS_ADMIN, so an escalation
to UID=0 by itself doesn't give full root access.
adb/mount: Prior to mounting something read-write, remove the
read-only restrictions on the underlying block device. This avoids
messing up developer workflows.
Change-Id: I135098a8fe06f327336f045aab0d48ed9de33807
The offset variable in lseek is 32 bit and get easily overflow
when accessing with large offset in dd command.
Use lseek64 to resolve it.
Change-Id: Ib75d9dcb587004a6851365ab5bb8584ce1010b57
Set the CAP_SYS_BOOT filesystem capability on the new reboot
command and keep CAP_SYS_BOOT in adb bounding set so that the
shell user can run it.
Change-Id: I1dd6143445ee2a952254f0452ab6e544318431dd
Change setsebool syntax from name=value to name value.
This is to make it consistent with setprop and similar commands.
Update both the init built-in command and the toolbox command
for consistency.
Change-Id: I2c8e016ba26731c4a2ad4a49ae3b89362bf8f8a8
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Comparison of signed and unsigned integers. Use parenthesis around a
group of bitwise OR operations.
Change-Id: Ia404380593ce2c2a291133c07c0fc7a016a3ad3f
'df' command used to display filesystem usage statistics as integer
values, in most cases rounding the actual value down. Because of
that 'df' tended to display faulty size values.
This fix to 'df' utility calculates the fractional part of the size,
then it rounds it when needed to the nearest one-digit integer value
and displays after decimal dot.
Change-Id: I9bc52635d45d3e55ce61b3b1c6b80d1267516e75
Define /storage as top-level concept, so that we enforce permissions
uniformly. Moves external storage paths from headers to per-device
environment variables. Added missing mount flags, and we no longer
have adb-specific external storage.
Bug: 6925012
Change-Id: Ic7ca953be2f552d3f0ec9e69f89fef751daa1b29
To support runtime policy management, add support for reloading
policy from /data/system. This can be triggered by setting the
selinux.loadpolicy property to 1, whether from init.rc after
mounting /data or from the system_server (e.g. upon invocation of
a new device admin API for provisioning policy). ueventd and
installd are restarted upon policy reloads to pick up the new
policy configurations relevant to their operation.
Change-Id: I97479aecef8cec23b32f60e09cc778cc5520b691
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
The code is from NetBSD, with the -n and -h options removed to make
porting easy. Also, removed support for the BLOCKSIZE environment
variable for the same reason.
Change-Id: Ib927ff3527e02802785fdd7f75bab1f05222918e
When creating a new file using open(..., O_CREAT), it is an error
to fail to specify a creation mode. If a mode is not specified, a
random stack provided value is used as the "mode".
This will become a runtime error in a future version of Android.
Change-Id: I00609f37d2ea68e21b6404d542830386be354202
Replace "-" with "_" in module name. This would keep
rmmod compatible with module-init-tools version of rmmod
Change-Id: I4470d9a98bc2f299acd94859fca4403aee279d2b
Signed-off-by: Vishal Bhoj <vishal.bhoj@linaro.org>
this prevent compatibility errors in scripts (file "-f" not found)
The force flag will not return an error if the file doesnt exist.
Signed-off-by: Tanguy Pruvot <tanguy.pruvot@gmail.com>
Change-Id: I3267963284ee247629da5ab299e900c6e4a4ac68
mksh provides a kill primitive with signal names, but also offer it in
our toolbox binary. This will allow anyone to use "kill -HUP <pid>" or
"kill -l" to look at the name to number signal mapping.
Change-Id: Id683721f4ad3f2b518b4dc54a6073510290cbe04
Some versions of windows cannot handle FAT32 filesystems with less
than 65527 clusters, so make sure we don't create such beasts.
Change-Id: Id00fb02c4f8476f7dcc0ef137bd9e4975d740591
This will make it easier to add additional policies (cgroups) if needed.
Also added comments to the sched_policy APIs.
Change-Id: I33ce1cc4deae10983241f7391294b7a512d2c47c
Add -Z option to ls and ps for displaying security contexts.
Modify id to display security context.
Add new SELinux commands: chcon, getenforce, getsebool, load_policy, restorecon, runcon, setenforce, setsebool.
Change-Id: Ia20941be4a6cd706fe392fed6e38a37d880ec5f1
When the chown program fails it prints out an error message
and is describing itself as chmod. This has been corrected.
Change-Id: I2c489975f09343bdf66acbf7df6e7183c2daff78
Signed-off-by: christian bejram <christian.bejram@stericsson.com>
hd would error out on files that were not a multiple of its read
buffer size (4096). For example:
Read error on init.rc, offset 17040 len 4096, No such file or directory
The fix is to stop reading on EOF instead of treating it as an
error.
Signed-off-by: Scott Anderson <saa@google.com>
(cherry picked from commit a9fac4155f)
Change-Id: Ib2af725fc39e96c2f81559f61979d451604d4817
This command outputs the MD5 for specified files. The output is
in the same form as the md5sum command on Linux.
Change-Id: Ie0e6faf678469ac886bba8b46d98c0e54976a1ed
Signed-off-by: Scott Anderson <saa@google.com>
Adds a field to the non-long version of ls that tells what type of file
it is (i.e., regular, directory, link, fifo, etc).
This is useful for scripts that don't have direct filesystem access.
Change-Id: I54a327390f6ed403acb13c824f62ba9594ba320d
This fixes bug http://b.android.com/18419, which complains about a bogus
error check in the mount command (it also was wrong in the umount command)
and also asks for the mount command to support more than one loopback
device, as mentioned in the FIXME comments in mount.c. This required some
corresponding changes to umount.c
Change-Id: Ib796c70926395e61557e487bad64984d3295d5f3
Fixed a bug printing the event value when using labels.
Stop trying to print the available codes for EV_SYN because
we cannot actually query them. EVIOCGBIT(0, size) is a special
case that returns the set of events that are supported, and
EV_SYN == 0.
Change-Id: Iea086ba24300ca0815e4814a3bc5ff60756612c2
Added -l argument to print labels for event types, codes and values.
Added -i argument to print all device info.
Added support for printing input properties.
Change-Id: I3cacb716dbc38f50217b9dfc24ba44d08f352603
I wrote this to test my fix to support utime(2) system calls in the
sdcard fuse filesystem for stingray, and decided to finish sprucing
it up and make it part of toolbox. In an effort to keep it small,
it doesn't accept dates a la touch, but just a time_t value.
Change-Id: I5dd011cd2e34d0cc605d6f40e46b96a8c949f194
Colin Cross