am 5b44655f: am 7e6a5773: Merge "Use the AT_SECURE auxv flag to determine whether to enable secure mode."
* commit '5b44655f22dd05c7cd8afcd218102616a6f5f4da':
Use the AT_SECURE auxv flag to determine whether to enable secure mode.
diff --git a/linker/linker.c b/linker/linker.c
index a692d62..2b3a7c0 100644
--- a/linker/linker.c
+++ b/linker/linker.c
@@ -2135,7 +2135,7 @@
int argc = (int) *elfdata;
char **argv = (char**) (elfdata + 1);
- unsigned *vecs = (unsigned*) (argv + argc + 1);
+ unsigned *vecs = (unsigned*) (argv + argc + 1), *v;
soinfo *si;
struct link_map * map;
const char *ldpath_env = NULL;
@@ -2163,12 +2163,23 @@
*/
__tls_area[TLS_SLOT_BIONIC_PREINIT] = elfdata;
- /* Are we setuid? */
- program_is_setuid = (getuid() != geteuid()) || (getgid() != getegid());
-
/* Initialize environment functions, and get to the ELF aux vectors table */
vecs = linker_env_init(vecs);
+ /* Check auxv for AT_SECURE first to see if program is setuid, setgid,
+ has file caps, or caused a SELinux/AppArmor domain transition. */
+ for (v = vecs; v[0]; v += 2) {
+ if (v[0] == AT_SECURE) {
+ /* kernel told us whether to enable secure mode */
+ program_is_setuid = v[1];
+ goto sanitize;
+ }
+ }
+
+ /* Kernel did not provide AT_SECURE - fall back on legacy test. */
+ program_is_setuid = (getuid() != geteuid()) || (getgid() != getegid());
+
+sanitize:
/* Sanitize environment if we're loading a setuid program */
if (program_is_setuid)
linker_env_secure();