Perfunctory fdsan support for sqlite fds. Add some basic fdsan support to sqlite, where ownership enforcement is only at a sqlite level (i.e. other code is prevented from accidentally closing sqlite's file descriptors, but sqlite can accidentally close its own file descriptors). Test: debuggerd `pidof system_server` | grep " fd " Change-Id: I8ba23fa174dabb408f92be76b5476e0fe9e6c5dc

commit: c427784c78a18efc63e36abe3f3bd3c5e66d582e [log] [tgz]
author: Josh Gao <jmgao@google.com> Tue Aug 21 18:44:26 2018 -0700
committer: Josh Gao <jmgao@google.com> Wed Aug 22 15:29:05 2018 -0700
tree: 1333a7bb0be3165be4d63a24a23854ecf8510e99
parent: 427f01927f67c4c653d3e90643ad5c170b85c411 [diff]
diff --git a/dist/Android.patch b/dist/Android.patch
index 5ff70a7..acc8ffd 100644
--- a/dist/Android.patch
+++ b/dist/Android.patch

@@ -1,6 +1,5 @@
-diff -r -u -d orig/shell.c ./shell.c
---- orig/shell.c	2018-01-22 10:57:34.000000000 -0800
-+++ ./shell.c	2018-02-13 16:03:40.927106364 -0800
+--- orig/shell.c	2018-02-18 23:53:25.407627650 -0800
++++ shell.c	2018-02-18 23:53:25.467627374 -0800
 @@ -87,6 +87,12 @@
  #endif
  #include <ctype.h>
@@ -38,10 +37,47 @@
      if( p->openMode==SHELL_OPEN_ZIPFILE ){
        char *zSql = sqlite3_mprintf(
           "CREATE VIRTUAL TABLE zip USING zipfile(%Q);", p->zDbFilename);
-diff -r -u -d orig/sqlite3.c ./sqlite3.c
---- orig/sqlite3.c	2018-01-22 10:57:34.000000000 -0800
-+++ ./sqlite3.c	2018-02-13 15:48:29.453358014 -0800
-@@ -34428,7 +34428,7 @@
+--- orig/sqlite3.c	2018-02-18 23:53:25.459627411 -0800
++++ sqlite3.c	2018-08-22 15:28:04.016188846 -0700
+@@ -30672,6 +30672,10 @@
+ # include <sys/mount.h>
+ #endif
+ 
++#if defined(__BIONIC__)
++# include <android/fdsan.h>
++#endif
++
+ #ifdef HAVE_UTIME
+ # include <utime.h>
+ #endif
+@@ -31422,6 +31426,12 @@
+ #if defined(FD_CLOEXEC) && (!defined(O_CLOEXEC) || O_CLOEXEC==0)
+     osFcntl(fd, F_SETFD, osFcntl(fd, F_GETFD, 0) | FD_CLOEXEC);
+ #endif
++
++#if defined(__BIONIC__) && __ANDROID_API__ >= __ANDROID_API_Q__
++    uint64_t tag = android_fdsan_create_owner_tag(
++        ANDROID_FDSAN_OWNER_TYPE_SQLITE, fd);
++    android_fdsan_exchange_owner_tag(fd, 0, tag);
++#endif
+   }
+   return fd;
+ }
+@@ -31954,7 +31964,13 @@
+ ** and move on.
+ */
+ static void robust_close(unixFile *pFile, int h, int lineno){
++#if defined(__BIONIC__) && __ANDROID_API__ >= __ANDROID_API_Q__
++  uint64_t tag = android_fdsan_create_owner_tag(
++      ANDROID_FDSAN_OWNER_TYPE_SQLITE, h);
++  if( android_fdsan_close_with_tag(h, tag) ){
++#else
+   if( osClose(h) ){
++#endif
+     unixLogErrorAtLine(SQLITE_IOERR_CLOSE, "close",
+                        pFile ? pFile->zPath : 0, lineno);
+   }
+@@ -34428,7 +34444,7 @@
    SimulateIOError( rc=1 );
    if( rc!=0 ){
      storeLastErrno((unixFile*)id, errno);
@@ -50,7 +86,7 @@
    }
    *pSize = buf.st_size;
  
-@@ -34464,7 +34464,7 @@
+@@ -34464,7 +34480,7 @@
      struct stat buf;              /* Used to hold return values of fstat() */
     
      if( osFstat(pFile->h, &buf) ){
@@ -59,7 +95,7 @@
      }
  
      nSize = ((nByte+pFile->szChunk-1) / pFile->szChunk) * pFile->szChunk;
-@@ -35139,7 +35139,7 @@
+@@ -35139,7 +35155,7 @@
      ** with the same permissions.
      */
      if( osFstat(pDbFd->h, &sStat) ){
@@ -68,7 +104,7 @@
        goto shm_open_err;
      }
  
-@@ -118054,7 +118054,7 @@
+@@ -118054,7 +118070,7 @@
    }
    if( pDb->pSchema->file_format>SQLITE_MAX_FILE_FORMAT ){
      sqlite3SetString(pzErrMsg, db, "unsupported file format");
@@ -77,7 +113,7 @@
      goto initone_error_out;
    }
  
-@@ -152769,13 +152769,25 @@
+@@ -152769,13 +152785,25 @@
    ** module with sqlite.
    */
    if( SQLITE_OK==rc 

diff --git a/dist/sqlite3.c b/dist/sqlite3.c
index a12fd3e..791332c 100644
--- a/dist/sqlite3.c
+++ b/dist/sqlite3.c

@@ -30672,6 +30672,10 @@
 # include <sys/mount.h>
 #endif
 
+#if defined(__BIONIC__)
+# include <android/fdsan.h>
+#endif
+
 #ifdef HAVE_UTIME
 # include <utime.h>
 #endif
@@ -31422,6 +31426,12 @@
 #if defined(FD_CLOEXEC) && (!defined(O_CLOEXEC) || O_CLOEXEC==0)
     osFcntl(fd, F_SETFD, osFcntl(fd, F_GETFD, 0) | FD_CLOEXEC);
 #endif
+
+#if defined(__BIONIC__) && __ANDROID_API__ >= __ANDROID_API_Q__
+    uint64_t tag = android_fdsan_create_owner_tag(
+        ANDROID_FDSAN_OWNER_TYPE_SQLITE, fd);
+    android_fdsan_exchange_owner_tag(fd, 0, tag);
+#endif
   }
   return fd;
 }
@@ -31954,7 +31964,13 @@
 ** and move on.
 */
 static void robust_close(unixFile *pFile, int h, int lineno){
+#if defined(__BIONIC__) && __ANDROID_API__ >= __ANDROID_API_Q__
+  uint64_t tag = android_fdsan_create_owner_tag(
+      ANDROID_FDSAN_OWNER_TYPE_SQLITE, h);
+  if( android_fdsan_close_with_tag(h, tag) ){
+#else
   if( osClose(h) ){
+#endif
     unixLogErrorAtLine(SQLITE_IOERR_CLOSE, "close",
                        pFile ? pFile->zPath : 0, lineno);
   }
commit	c427784c78a18efc63e36abe3f3bd3c5e66d582e	[log] [tgz]
author	Josh Gao <jmgao@google.com>	Tue Aug 21 18:44:26 2018 -0700
committer	Josh Gao <jmgao@google.com>	Wed Aug 22 15:29:05 2018 -0700
tree	1333a7bb0be3165be4d63a24a23854ecf8510e99
parent	427f01927f67c4c653d3e90643ad5c170b85c411 [diff]