Separate libc.a hacks into its own component

native/jni/utils/compat/compat.cpp

@@ -0,0 +1,173 @@
+// This file implements all missing symbols that should exist in normal API 21
+// libc.a but missing in our extremely lean libc.a replacements.
+
+#include <cstdlib>
+#include <cstring>
+#include <cerrno>
+#include <mntent.h>
+#include <unistd.h>
+#include <sys/syscall.h>
+
+extern "C" {
+
+// Original source: https://github.com/freebsd/freebsd/blob/master/contrib/file/src/getline.c
+// License: BSD, full copyright notice please check original source
+
+ssize_t getdelim(char **buf, size_t *bufsiz, int delimiter, FILE *fp) {
+    char *ptr, *eptr;
+
+    if (*buf == nullptr || *bufsiz == 0) {
+        *bufsiz = BUFSIZ;
+        if ((*buf = (char *) malloc(*bufsiz)) == nullptr)
+            return -1;
+    }
+
+    for (ptr = *buf, eptr = *buf + *bufsiz;;) {
+        int c = fgetc(fp);
+        if (c == -1) {
+            if (feof(fp))
+                return ptr == *buf ? -1 : ptr - *buf;
+            else
+                return -1;
+        }
+        *ptr++ = c;
+        if (c == delimiter) {
+            *ptr = '\0';
+            return ptr - *buf;
+        }
+        if (ptr + 2 >= eptr) {
+            char *nbuf;
+            size_t nbufsiz = *bufsiz * 2;
+            ssize_t d = ptr - *buf;
+            if ((nbuf = (char *) realloc(*buf, nbufsiz)) == nullptr)
+                return -1;
+            *buf = nbuf;
+            *bufsiz = nbufsiz;
+            eptr = nbuf + nbufsiz;
+            ptr = nbuf + d;
+        }
+    }
+}
+
+ssize_t getline(char **buf, size_t *bufsiz, FILE *fp) {
+    return getdelim(buf, bufsiz, '\n', fp);
+}
+
+// Original source: https://android.googlesource.com/platform/bionic/+/master/libc/bionic/mntent.cpp
+// License: AOSP, full copyright notice please check original source
+
+struct mntent *getmntent_r(FILE *fp, struct mntent *e, char *buf, int buf_len) {
+    memset(e, 0, sizeof(*e));
+    while (fgets(buf, buf_len, fp) != nullptr) {
+        // Entries look like "proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0".
+        // That is: mnt_fsname mnt_dir mnt_type mnt_opts 0 0.
+        int fsname0, fsname1, dir0, dir1, type0, type1, opts0, opts1;
+        if (sscanf(buf, " %n%*s%n %n%*s%n %n%*s%n %n%*s%n %d %d",
+                   &fsname0, &fsname1, &dir0, &dir1, &type0, &type1, &opts0, &opts1,
+                   &e->mnt_freq, &e->mnt_passno) == 2) {
+            e->mnt_fsname = &buf[fsname0];
+            buf[fsname1] = '\0';
+            e->mnt_dir = &buf[dir0];
+            buf[dir1] = '\0';
+            e->mnt_type = &buf[type0];
+            buf[type1] = '\0';
+            e->mnt_opts = &buf[opts0];
+            buf[opts1] = '\0';
+            return e;
+        }
+    }
+    return nullptr;
+}
+
+FILE *setmntent(const char *path, const char *mode) {
+    return fopen(path, mode);
+}
+
+int endmntent(FILE *fp) {
+    if (fp != nullptr) {
+        fclose(fp);
+    }
+    return 1;
+}
+
+// Missing system call wrappers
+
+int setns(int fd, int nstype) {
+    return syscall(__NR_setns, fd, nstype);
+}
+
+int unshare(int flags) {
+    return syscall(__NR_unshare, flags);
+}
+
+int accept4(int sockfd, struct sockaddr *addr, socklen_t *addrlen, int flags) {
+    return syscall(__NR_accept4, sockfd, addr, addrlen, flags);
+}
+
+int dup3(int oldfd, int newfd, int flags) {
+    return syscall(__NR_dup3, oldfd, newfd, flags);
+}
+
+ssize_t readlinkat(int dirfd, const char *pathname, char *buf, size_t bufsiz) {
+    return syscall(__NR_readlinkat, dirfd, pathname, buf, bufsiz);
+}
+
+int symlinkat(const char *target, int newdirfd, const char *linkpath) {
+    return syscall(__NR_symlinkat, target, newdirfd, linkpath);
+}
+
+int linkat(int olddirfd, const char *oldpath,
+           int newdirfd, const char *newpath, int flags) {
+    return syscall(__NR_linkat, olddirfd, oldpath, newdirfd, newpath, flags);
+}
+
+int inotify_init1(int flags) {
+    return syscall(__NR_inotify_init1, flags);
+}
+
+int faccessat(int dirfd, const char *pathname, int mode, int flags) {
+    return syscall(__NR_faccessat, dirfd, pathname, mode, flags);
+}
+
+#define SPLIT_64(v) (unsigned)((v) & 0xFFFFFFFF), (unsigned)((v) >> 32)
+
+#if defined(__arm__)
+// Why the additional 0 is required: https://man7.org/linux/man-pages/man2/syscall.2.html
+int ftruncate64(int fd, off64_t length) {
+    return syscall(__NR_ftruncate64, fd, 0, SPLIT_64(length));
+}
+#elif defined(__i386__)
+int ftruncate64(int fd, off64_t length) {
+    return syscall(__NR_ftruncate64, fd, SPLIT_64(length));
+}
+#endif
+
+#if !defined(__LP64__)
+void android_set_abort_message(const char *) {}
+
+// Original source: <android/legacy_signal_inlines.h>
+int sigaddset(sigset_t *set, int signum) {
+    /* Signal numbers start at 1, but bit positions start at 0. */
+    int bit = signum - 1;
+    auto *local_set = (unsigned long *)set;
+    if (set == nullptr || bit < 0 || bit >= (int)(8 * sizeof(sigset_t))) {
+        errno = EINVAL;
+        return -1;
+    }
+    local_set[bit / LONG_BIT] |= 1UL << (bit % LONG_BIT);
+    return 0;
+}
+int sigemptyset(sigset_t *set) {
+    if (set == nullptr) {
+        errno = EINVAL;
+        return -1;
+    }
+    memset(set, 0, sizeof(sigset_t));
+    return 0;
+}
+
+#include "fortify.hpp"
+
+#endif
+
+} // extern "C"

native/jni/utils/compat/fortify.hpp

@@ -0,0 +1,110 @@
+// Original source: https://android.googlesource.com/platform/bionic/+/master/libc/bionic/fortify.cpp
+// License: AOSP, full copyright notice please check original source
+
+#include <sys/stat.h>
+#include <fcntl.h>
+
+#include <logging.hpp>
+
+#undef _FORTIFY_SOURCE
+
+static inline __noreturn __printflike(1, 2) void __fortify_fatal(const char* fmt, ...) {
+    va_list args;
+    va_start(args, fmt);
+    log_cb.e(fmt, args);
+    va_end(args);
+    abort();
+}
+static inline void __check_count(const char* fn, const char* identifier, size_t value) {
+    if (__predict_false(value > SSIZE_MAX)) {
+        __fortify_fatal("%s: %s %zu > SSIZE_MAX", fn, identifier, value);
+    }
+}
+static inline void __check_buffer_access(const char* fn, const char* action,
+                                         size_t claim, size_t actual) {
+    if (__predict_false(claim > actual)) {
+        __fortify_fatal("%s: prevented %zu-byte %s %zu-byte buffer", fn, claim, action, actual);
+    }
+}
+char* __strcpy_chk(char* dst, const char* src, size_t dst_len) {
+    // TODO: optimize so we don't scan src twice.
+    size_t src_len = __builtin_strlen(src) + 1;
+    __check_buffer_access("strcpy", "write into", src_len, dst_len);
+    return __builtin_strcpy(dst, src);
+}
+size_t __strlcpy_chk(char* dst, const char* src,
+                     size_t supplied_size, size_t dst_len_from_compiler) {
+    __check_buffer_access("strlcpy", "write into", supplied_size, dst_len_from_compiler);
+    return __call_bypassing_fortify(strlcpy)(dst, src, supplied_size);
+}
+char* __strchr_chk(const char* p, int ch, size_t s_len) {
+    for (;; ++p, s_len--) {
+        if (__predict_false(s_len == 0)) {
+            __fortify_fatal("strchr: prevented read past end of buffer");
+        }
+        if (*p == static_cast<char>(ch)) {
+            return const_cast<char*>(p);
+        }
+        if (*p == '\0') {
+            return nullptr;
+        }
+    }
+}
+char* __strcat_chk(char* dst, const char* src, size_t dst_buf_size) {
+    char* save = dst;
+    size_t dst_len = __strlen_chk(dst, dst_buf_size);
+    dst += dst_len;
+    dst_buf_size -= dst_len;
+    while ((*dst++ = *src++) != '\0') {
+        dst_buf_size--;
+        if (__predict_false(dst_buf_size == 0)) {
+            __fortify_fatal("strcat: prevented write past end of %zu-byte buffer", dst_buf_size);
+        }
+    }
+    return save;
+}
+size_t __strlen_chk(const char* s, size_t s_len) {
+    // TODO: "prevented" here would be a lie because this strlen can run off the end.
+    // strlen is too important to be expensive, so we wanted to be able to call the optimized
+    // implementation, but I think we need to implement optimized assembler __strlen_chk routines.
+    size_t ret = __builtin_strlen(s);
+    if (__predict_false(ret >= s_len)) {
+        __fortify_fatal("strlen: detected read past end of buffer");
+    }
+    return ret;
+}
+int __vsprintf_chk(char* dst, int /*flags*/,
+                   size_t dst_len_from_compiler, const char* format, va_list va) {
+    // The compiler uses SIZE_MAX to mean "no idea", but our vsnprintf rejects sizes that large.
+    int result = __call_bypassing_fortify(vsnprintf)(dst,
+                           dst_len_from_compiler == SIZE_MAX ? SSIZE_MAX : dst_len_from_compiler,
+                           format, va);
+    // Try to catch failures after the fact...
+    __check_buffer_access("vsprintf", "write into", result + 1, dst_len_from_compiler);
+    return result;
+}
+mode_t __umask_chk(mode_t mode) {
+    if (__predict_false((mode & 0777) != mode)) {
+        __fortify_fatal("umask: called with invalid mask %o", mode);
+    }
+    return __umask_real(mode);
+}
+ssize_t __read_chk(int fd, void* buf, size_t count, size_t buf_size) {
+    __check_count("read", "count", count);
+    __check_buffer_access("read", "write into", count, buf_size);
+    return __call_bypassing_fortify(read)(fd, buf, count);
+}
+static inline bool needs_mode(int flags) {
+    return ((flags & O_CREAT) == O_CREAT) || ((flags & O_TMPFILE) == O_TMPFILE);
+}
+static inline int force_O_LARGEFILE(int flags) {
+    return flags | O_LARGEFILE;
+}
+int __open_2(const char* pathname, int flags) {
+    if (needs_mode(flags)) __fortify_fatal("open: called with O_CREAT/O_TMPFILE but no mode");
+    return __openat_real(AT_FDCWD, pathname, force_O_LARGEFILE(flags), 0);
+}
+int __openat_2(int fd, const char* pathname, int flags) {
+    if (needs_mode(flags)) __fortify_fatal("open: called with O_CREAT/O_TMPFILE but no mode");
+    return __openat_real(fd, pathname, force_O_LARGEFILE(flags), 0);
+}