Resolve vulnerability about untrusted string

The sceanario of bootup-trace has vulnerability about
untrusted string loaded and execution.
This patch changes how to execution and remove system() calling.
And change open permission 0666 to 0600.

Change-Id: Ibfc19a9c8c7ef43af084e8d6b7496bf59c12dfe5
Signed-off-by: joon.c.baek <joon.c.baek@samsung.com>
(cherry picked from commit 37138335b180b9c610c671c2103a00fd8a9fca82)

2 files changed, 108 insertions, 78 deletions

diff --git a/packaging/atrace-bootup.sh b/packaging/atrace-bootup.sh
index 3610485..0713a4e 100755
--- a/packaging/atrace-bootup.sh
+++ b/packaging/atrace-bootup.sh
@@ -5,7 +5,8 @@ SCRIPT=`basename ${BASH_SOURCE[0]}`
 #Help function
 function HELP {
   echo -e \\n"Help documentation for ${SCRIPT}."\\n
-  echo -e "Basic usage: $SCRIPT file.ext"\\n
+  echo -e "Basic usage: $SCRIPT <tag> ..."\\n
+  echo -e "Example: $SCRIPT sched freq wm am"\\n
   echo -e "-h  --Displays this help message. No further functions are performed."\\n
   exit 1
 }
@@ -13,23 +14,23 @@ function HELP {
 CONF="/etc/ttrace.conf"
 
 SPACE=" "
-COMMAND="atrace --async_start --append"
+TAGLIST=""
 DEFTAGS=""
 
 NUMARGS=$#
 if [ $NUMARGS -eq 0 ]; then
-  COMMAND=$COMMAND$SPACE$DEFTAGS
+  TAGLIST=$DEFTAGS
 else
 	shift $((OPTIND-1))  #This tells getopts to move on to the next argument.
 	while [ $# -ne 0 ]; do
 		PARAM=$1
-		COMMAND=$COMMAND$SPACE$PARAM
+		TAGLIST=$TAGLIST$SPACE$PARAM
 		shift
 	done
 fi
 
-echo "COMMAND is: $COMMAND"
-echo "$COMMAND" > "$CONF"
+echo "TAGLIST is: $TAGLIST"
+echo "$TAGLIST" > "$CONF"
 
 sync
 sleep 1
diff --git a/src/atrace/atrace.cpp b/src/atrace/atrace.cpp
index 324d4da..ea2758a 100755
--- a/src/atrace/atrace.cpp
+++ b/src/atrace/atrace.cpp
@@ -146,14 +146,14 @@ static const char* g_debugAppCmdLine = "";
 /* Global state */
 static bool g_traceAborted = false;
 static bool g_categoryEnables[NELEM(k_categories)] = {};
-
-static bool g_init_exec = false;
 static bool g_append_trace = false;
 static bool g_backup_trace = false;
 
 /* Save excluded tags list */
 uint64_t excludedTags;
 
+static bool setCategoryEnable(const char* name, bool enable);
+
 /* Sys file paths */
 static const char* k_traceClockPath =
     "/sys/kernel/debug/tracing/trace_clock";
@@ -358,83 +358,100 @@ static bool setPrintTgidEnableIfPresent(bool enable)
     return true;
 }
 
-// Set the trace tags that userland tracing uses, and poke the running
-// processes to pick up the new value.
-static bool setTagsProperty(uint64_t tags)
+static bool getBootupTagStr(char* bootupTagStr, int strSize)
+{
+    if(fileExists(BOOTUP_TRACE)) {
+        FILE *bootupTagFile = NULL;
+
+        bootupTagFile = fopen(BOOTUP_TRACE, "r");
+        if (bootupTagFile == NULL) {
+            return false;
+        }
+        if (fgets(bootupTagStr, strSize, bootupTagFile) == NULL) {
+            fclose(bootupTagFile);
+            return false;
+        }
+        fclose(bootupTagFile);
+        fprintf(stderr, "[Info] Loaded tags: %s, bufsize: %d\n",\
+                bootupTagStr, strSize);
+        return true;
+    }
+    return false;
+}
+
+static void setBootupTags(char* bootupTagStr)
+{
+    char* tagPtr;
+    char* nextTagPtr;
+    tagPtr = strtok_r(bootupTagStr, " \n", &nextTagPtr);
+    while (tagPtr != NULL) {
+        setCategoryEnable(tagPtr, true);
+        fprintf(stderr, "[Info] Tag %s enabled\n", tagPtr);
+        tagPtr = strtok_r(NULL, " \n", &nextTagPtr);
+    }
+    return;
+}
+
+static bool initEnabledTagFile()
 {
 	uint64_t *sm_for_enabled_tag = NULL;
 	int fd = -1;
 
-	// atrace "--init_exec" mode
-	if(g_init_exec) {
-		if(fileExists(ENABLED_TAG_FILE)) {
-			fprintf(stderr, "[Info] T-trace has been already initailized\n");
-			return false; //atrace has been already initailized.
-		}
+    if(fileExists(ENABLED_TAG_FILE)) {
+        fprintf(stderr, "[Info] T-trace has been already initailized\n");
+        return false; //atrace has been already initailized.
+    }
 
-		fd = open("/tmp/tmp_tag", O_CREAT | O_RDWR | O_CLOEXEC, 0666);				
-		if(fd < 0){
-			fprintf(stderr, "Fail to open enabled_tag file: %s(%d)\n", strerror_r(errno, str_error, sizeof(str_error)), errno);
-			return false;
-		}
+    fd = open("/tmp/tmp_tag", O_CREAT | O_RDWR | O_CLOEXEC, 0600);
+    if(fd < 0){
+        fprintf(stderr, "Fail to open enabled_tag file: %s(%d)\n", strerror_r(errno, str_error, sizeof(str_error)), errno);
+        return false;
+    }
 
-		if (ftruncate(fd, sizeof(uint64_t)) < 0) {
-			fprintf(stderr, "ftruncate() failed(%s)\n", strerror_r(errno, str_error, sizeof(str_error)));
-			close(fd);
-			return false;
-		}
-		sm_for_enabled_tag = (uint64_t*)mmap(NULL, sizeof(uint64_t), PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
+    if (ftruncate(fd, sizeof(uint64_t)) < 0) {
+        fprintf(stderr, "ftruncate() failed(%s)\n", strerror_r(errno, str_error, sizeof(str_error)));
+        close(fd);
+        return false;
+    }
+    sm_for_enabled_tag = (uint64_t*)mmap(NULL, sizeof(uint64_t), PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
 
-		if(sm_for_enabled_tag == MAP_FAILED) {
-			fprintf(stderr, "mmap() failed(%s)\n", strerror_r(errno, str_error, sizeof(str_error)));
-			close(fd);
-			return false;
-		}
+    if(sm_for_enabled_tag == MAP_FAILED) {
+        fprintf(stderr, "mmap() failed(%s)\n", strerror_r(errno, str_error, sizeof(str_error)));
+        close(fd);
+        return false;
+    }
 
-		memset(sm_for_enabled_tag, 0, sizeof(uint64_t));
-		if(-1 == rename("/tmp/tmp_tag", ENABLED_TAG_FILE)) {
-			fprintf(stderr, "Fail to rename enabled_tag file: %s(%d)\n", strerror_r(errno, str_error, sizeof(str_error)), errno);
-		}
+    memset(sm_for_enabled_tag, 0, sizeof(uint64_t));
+    if(-1 == rename("/tmp/tmp_tag", ENABLED_TAG_FILE)) {
+        fprintf(stderr, "Fail to rename enabled_tag file: %s(%d)\n", strerror_r(errno, str_error, sizeof(str_error)), errno);
+    }
+
+	munmap(sm_for_enabled_tag, sizeof(uint64_t));
+	close(fd);
+    return true;
+}
+
+// Set the trace tags that userland tracing uses, and poke the running
+// processes to pick up the new value.
+static bool setTagsProperty(uint64_t tags)
+{
+	uint64_t *sm_for_enabled_tag = NULL;
+	int fd = -1;
 
-		if(fileExists(BOOTUP_TRACE)) {
-			FILE *ifile = NULL;
-			char bootup_cmd[128];
-			ifile = fopen(BOOTUP_TRACE, "r");
-			if (ifile == NULL) {
-				munmap(sm_for_enabled_tag, sizeof(uint64_t));
-				close(fd);
-				return false;
-			}
-			if (fgets(bootup_cmd, sizeof(bootup_cmd), ifile) == NULL) {
-				munmap(sm_for_enabled_tag, sizeof(uint64_t));
-				close(fd);
-				fclose(ifile);
-				return false;
-			}
-			fclose(ifile);
-			remove(BOOTUP_TRACE);
-			if (0 > system(bootup_cmd)) {
-				munmap(sm_for_enabled_tag, sizeof(uint64_t));
-				close(fd);
-				return false;
-			}
-		}
-	}
 	// atrace normal mode
-	else {
-		fd = open(ENABLED_TAG_FILE, O_RDWR | O_CLOEXEC, 0666);		
-		if(fd < 0){
-			fprintf(stderr, "Fail to open enabled_tag file: %s(%d)\n", strerror_r(errno, str_error, sizeof(str_error)), errno);
-			return false;
-		}
-		sm_for_enabled_tag = (uint64_t*)mmap(NULL, sizeof(uint64_t), PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
-		if(sm_for_enabled_tag == MAP_FAILED) {
-			fprintf(stderr, "mmap() failed(%s)\n", strerror_r(errno, str_error, sizeof(str_error)));
-			close(fd);
-			return false;
-		}
-		*sm_for_enabled_tag = tags;
+	fd = open(ENABLED_TAG_FILE, O_RDWR | O_CLOEXEC, 0600);
+	if(fd < 0){
+		fprintf(stderr, "Fail to open enabled_tag file: %s(%d)\n", strerror_r(errno, str_error, sizeof(str_error)), errno);
+		return false;
+	}
+	sm_for_enabled_tag = (uint64_t*)mmap(NULL, sizeof(uint64_t), PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
+	if(sm_for_enabled_tag == MAP_FAILED) {
+		fprintf(stderr, "mmap() failed(%s)\n", strerror_r(errno, str_error, sizeof(str_error)));
+		close(fd);
+		return false;
 	}
+	*sm_for_enabled_tag = tags;
+
 	// For debug
 	// fprintf(stderr, "Enabled TAGs: %u\n", (uint32_t)*sm_for_enabled_tag);
 	//
@@ -602,7 +619,7 @@ static void dumpTrace(bool startup)
     int traceFD = open(k_tracePath, O_RDWR);
 
     if(startup) {
-	backup_fd = open(BACKUP_TRACE, O_CREAT|O_RDWR|O_TRUNC, 0666);
+	backup_fd = open(BACKUP_TRACE, O_CREAT|O_RDWR|O_TRUNC, 0600);
 
     	if (backup_fd == -1) {
         	fprintf(stderr, "error opening %s: %s (%d)\n", BACKUP_TRACE,
@@ -815,6 +832,8 @@ int main(int argc, char **argv)
     bool traceStop = true;
     bool traceDump = true;
 
+    char strBuf[128];
+
     // Global Variable Initialization
     excludedTags = 0ULL;
 
@@ -914,9 +933,19 @@ int main(int argc, char **argv)
                     exit(0);
                 } else if (!strcmp(long_options[option_index].name, "init_exec")) {
                     fprintf(stderr, "[Info] Initailize T-trace\n");
-                    g_init_exec = true;
-                    setTagsProperty(0);
-                    exit(0);
+                    if(!initEnabledTagFile()) {
+                        exit(-1);
+                    }
+                    if (getBootupTagStr(strBuf, sizeof(strBuf))) {
+                        async = true;
+                        traceStop = false;
+                        traceDump = false;
+                        g_traceOverwrite = true;
+                        setBootupTags(strBuf);
+                    }
+                    else {
+                        exit(0);
+                    }
 		} else if (!strcmp(long_options[option_index].name, "append")) {
                     g_append_trace = true;
 		} else if (!strcmp(long_options[option_index].name, "backup")) {