commit d106d9f871c957286ccdeb79c1c2a5ed41f859a6
author David Sehr <sehr@google.com> Tue Aug 16 19:22:57 2016 -0700
committer David Sehr <sehr@google.com> Tue Aug 30 09:32:49 2016 -0700
tree dc61a7fd80e1289777f6a991102b0fe4a2ef032d
parent 99fd9f39f2cd74864bdc750a3444ddd776da534c

Save environment snapshot and use at fork/exec

Some applications may inadvertently or maliciously set of environment
variables such as LD_LIBRARY_PATH before spawning subprocesses.
To make this more difficult, save the environment at the time the
runtime starts and use the saved copy anytime Exec is called.

BUG: 30160149
TEST: make test-art-{host,target}

Change-Id: I887b78bdb21ab20855636a96da14a74c767bbfef

runtime/runtime.h

diff --git a/runtime/runtime.h b/runtime/runtime.h
index 6da60f2..5f89d6a 100644
--- a/runtime/runtime.h
+++ b/runtime/runtime.h
@@ -642,6 +642,12 @@
   // optimization that makes it impossible to deoptimize.
   bool IsDeoptimizeable(uintptr_t code) const SHARED_REQUIRES(Locks::mutator_lock_);
 
+  // Returns a saved copy of the environment (getenv/setenv values).
+  // Used by Fork to protect against overwriting LD_LIBRARY_PATH, etc.
+  char** GetEnvSnapshot() const {
+    return env_snapshot_.GetSnapshot();
+  }
+
  private:
   static void InitPlatformSignalHandlers();
 
@@ -864,6 +870,20 @@
   // Whether zygote code is in a section that should not start threads.
   bool zygote_no_threads_;
 
+  // Saved environment.
+  class EnvSnapshot {
+   public:
+    EnvSnapshot() = default;
+    void TakeSnapshot();
+    char** GetSnapshot() const;
+
+   private:
+    std::unique_ptr<char*[]> c_env_vector_;
+    std::vector<std::unique_ptr<std::string>> name_value_pairs_;
+
+    DISALLOW_COPY_AND_ASSIGN(EnvSnapshot);
+  } env_snapshot_;
+
   DISALLOW_COPY_AND_ASSIGN(Runtime);
 };
 std::ostream& operator<<(std::ostream& os, const Runtime::CalleeSaveType& rhs);