5 files changed, 99 insertions, 67 deletions
diff --git a/benchmarks/ctype_benchmark.cpp b/benchmarks/ctype_benchmark.cpp
index eab01332a..c6c23b02d 100644
--- a/benchmarks/ctype_benchmark.cpp
+++ b/benchmarks/ctype_benchmark.cpp
@@ -19,65 +19,78 @@
 #include <benchmark/benchmark.h>
 #include "util.h"
 
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isalnum_y1, isalnum('A'));
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isalnum_y2, isalnum('a'));
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isalnum_y3, isalnum('0'));
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isalnum_n, isalnum('_'));
-
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isalpha_y1, isalpha('A'));
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isalpha_y2, isalpha('a'));
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isalpha_n, isalpha('_'));
-
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isascii_y, isascii('x'));
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isascii_n, isascii(0x88));
-
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isblank_y1, isblank(' '));
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isblank_y2, isblank('\t'));
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isblank_n, isblank('_'));
-
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_iscntrl_y1, iscntrl('\b'));
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_iscntrl_y2, iscntrl('\x7f'));
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_iscntrl_n, iscntrl('_'));
-
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isdigit_y, iscntrl('0'));
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isdigit_n, iscntrl('_'));
-
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isgraph_y1, isgraph('A'));
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isgraph_y2, isgraph('a'));
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isgraph_y3, isgraph('0'));
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isgraph_y4, isgraph('_'));
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isgraph_n, isgraph(' '));
-
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_islower_y, islower('x'));
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_islower_n, islower('X'));
-
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isprint_y1, isprint('A'));
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isprint_y2, isprint('a'));
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isprint_y3, isprint('0'));
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isprint_y4, isprint('_'));
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isprint_y5, isprint(' '));
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isprint_n, isprint('\b'));
-
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_ispunct_y, ispunct('_'));
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_ispunct_n, ispunct('A'));
-
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isspace_y1, isspace(' '));
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isspace_y2, isspace('\t'));
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isspace_n, isspace('A'));
-
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isupper_y, isupper('X'));
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isupper_n, isupper('x'));
-
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isxdigit_y1, isxdigit('0'));
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isxdigit_y2, isxdigit('a'));
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isxdigit_y3, isxdigit('A'));
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isxdigit_n, isxdigit('_'));
-
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_toascii_y, isascii('x'));
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_toascii_n, isascii(0x88));
-
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_tolower_y, tolower('X'));
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_tolower_n, tolower('x'));
-
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_toupper_y, toupper('x'));
-BIONIC_TRIVIAL_BENCHMARK(BM_ctype_toupper_n, toupper('X'));
+// Avoid optimization.
+volatile int A = 'A';
+volatile int a = 'a';
+volatile int X = 'X';
+volatile int x = 'x';
+volatile int backspace = '\b';
+volatile int del = '\x7f';
+volatile int space = ' ';
+volatile int tab = '\t';
+volatile int zero = '0';
+volatile int underscore = '_';
+volatile int top_bit_set = 0x88;
+
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isalnum_y1, isalnum(A));
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isalnum_y2, isalnum(a));
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isalnum_y3, isalnum(zero));
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isalnum_n, isalnum(underscore));
+
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isalpha_y1, isalpha(A));
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isalpha_y2, isalpha(a));
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isalpha_n, isalpha(underscore));
+
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isascii_y, isascii(x));
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isascii_n, isascii(top_bit_set));
+
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isblank_y1, isblank(space));
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isblank_y2, isblank(tab));
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isblank_n, isblank(underscore));
+
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_iscntrl_y1, iscntrl(backspace));
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_iscntrl_y2, iscntrl(del));
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_iscntrl_n, iscntrl(underscore));
+
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isdigit_y, iscntrl(zero));
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isdigit_n, iscntrl(underscore));
+
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isgraph_y1, isgraph(A));
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isgraph_y2, isgraph(a));
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isgraph_y3, isgraph(zero));
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isgraph_y4, isgraph(underscore));
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isgraph_n, isgraph(space));
+
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_islower_y, islower(x));
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_islower_n, islower(X));
+
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isprint_y1, isprint(A));
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isprint_y2, isprint(a));
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isprint_y3, isprint(zero));
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isprint_y4, isprint(underscore));
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isprint_y5, isprint(space));
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isprint_n, isprint(backspace));
+
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_ispunct_y, ispunct(underscore));
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_ispunct_n, ispunct(A));
+
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isspace_y1, isspace(space));
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isspace_y2, isspace(tab));
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isspace_n, isspace(A));
+
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isupper_y, isupper(X));
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isupper_n, isupper(x));
+
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isxdigit_y1, isxdigit(zero));
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isxdigit_y2, isxdigit(a));
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isxdigit_y3, isxdigit(A));
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_isxdigit_n, isxdigit(underscore));
+
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_toascii_y, isascii(x));
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_toascii_n, isascii(top_bit_set));
+
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_tolower_y, tolower(X));
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_tolower_n, tolower(x));
+
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_toupper_y, toupper(x));
+BIONIC_TRIVIAL_BENCHMARK(BM_ctype_toupper_n, toupper(X));
diff --git a/libc/bionic/fdsan.cpp b/libc/bionic/fdsan.cpp
index 84d2c94a4..0b0678bab 100644
--- a/libc/bionic/fdsan.cpp
+++ b/libc/bionic/fdsan.cpp
@@ -219,6 +219,8 @@ const char* android_fdsan_get_tag_type(uint64_t tag) {
       return "ZipArchive";
     case ANDROID_FDSAN_OWNER_TYPE_NATIVE_HANDLE:
       return "native_handle_t";
+    case ANDROID_FDSAN_OWNER_TYPE_PARCEL:
+      return "Parcel";
 
     case ANDROID_FDSAN_OWNER_TYPE_GENERIC_00:
     default:
diff --git a/libc/bionic/system_property_set.cpp b/libc/bionic/system_property_set.cpp
index f7999dbf7..6e49bced6 100644
--- a/libc/bionic/system_property_set.cpp
+++ b/libc/bionic/system_property_set.cpp
@@ -49,21 +49,34 @@
 #include "private/ScopedFd.h"
 
 static const char property_service_socket[] = "/dev/socket/" PROP_SERVICE_NAME;
+static const char property_service_for_system_socket[] =
+    "/dev/socket/" PROP_SERVICE_FOR_SYSTEM_NAME;
 static const char* kServiceVersionPropertyName = "ro.property_service.version";
 
 class PropertyServiceConnection {
  public:
-  PropertyServiceConnection() : last_error_(0) {
+  PropertyServiceConnection(const char* name) : last_error_(0) {
     socket_.reset(::socket(AF_LOCAL, SOCK_STREAM | SOCK_CLOEXEC, 0));
     if (socket_.get() == -1) {
       last_error_ = errno;
       return;
     }
 
-    const size_t namelen = strlen(property_service_socket);
+    // If we're trying to set "sys.powerctl" from a privileged process, use the special
+    // socket. Because this socket is only accessible to privileged processes, it can't
+    // be DoSed directly by malicious apps. (The shell user should be able to reboot,
+    // though, so we don't just always use the special socket for "sys.powerctl".)
+    // See b/262237198 for context
+    const char* socket = property_service_socket;
+    if (strcmp(name, "sys.powerctl") == 0 &&
+        access(property_service_for_system_socket, W_OK) == 0) {
+      socket = property_service_for_system_socket;
+    }
+
+    const size_t namelen = strlen(socket);
     sockaddr_un addr;
     memset(&addr, 0, sizeof(addr));
-    strlcpy(addr.sun_path, property_service_socket, sizeof(addr.sun_path));
+    strlcpy(addr.sun_path, socket, sizeof(addr.sun_path));
     addr.sun_family = AF_LOCAL;
     socklen_t alen = namelen + offsetof(sockaddr_un, sun_path) + 1;
 
@@ -176,7 +189,7 @@ struct prop_msg {
 };
 
 static int send_prop_msg(const prop_msg* msg) {
-  PropertyServiceConnection connection;
+  PropertyServiceConnection connection(msg->name);
   if (!connection.IsValid()) {
     return connection.GetLastError();
   }
@@ -269,7 +282,7 @@ int __system_property_set(const char* key, const char* value) {
     // New protocol only allows long values for ro. properties only.
     if (strlen(value) >= PROP_VALUE_MAX && strncmp(key, "ro.", 3) != 0) return -1;
     // Use proper protocol
-    PropertyServiceConnection connection;
+    PropertyServiceConnection connection(key);
     if (!connection.IsValid()) {
       errno = connection.GetLastError();
       async_safe_format_log(ANDROID_LOG_WARN, "libc",
diff --git a/libc/include/android/fdsan.h b/libc/include/android/fdsan.h
index 3de064914..4540498d8 100644
--- a/libc/include/android/fdsan.h
+++ b/libc/include/android/fdsan.h
@@ -126,6 +126,9 @@ enum android_fdsan_owner_type {
 
   /* native_handle_t */
   ANDROID_FDSAN_OWNER_TYPE_NATIVE_HANDLE = 13,
+
+  /* android::Parcel */
+  ANDROID_FDSAN_OWNER_TYPE_PARCEL = 14,
 };
 
 /*
diff --git a/libc/include/sys/_system_properties.h b/libc/include/sys/_system_properties.h
index 079c82577..078e85763 100644
--- a/libc/include/sys/_system_properties.h
+++ b/libc/include/sys/_system_properties.h
@@ -41,6 +41,7 @@
 __BEGIN_DECLS
 
 #define PROP_SERVICE_NAME "property_service"
+#define PROP_SERVICE_FOR_SYSTEM_NAME "property_service_for_system"
 #define PROP_DIRNAME "/dev/__properties__"
 
 #define PROP_MSG_SETPROP 1