From 585fc3e5541ca8764820b5a15196dc2811541941 Mon Sep 17 00:00:00 2001
From: Josh Gao <jmgao@google.com>
Date: Thu, 10 Nov 2016 16:26:44 -0800
Subject: [PATCH 1/2] Add __libc_arc4random_unlimited_entropy.

Let the caller know when libc has an entropy source and arc4random is safe.
This is useful for the callers that want entropy, but don't absolutely need it.

Bug: http://b/27729263
Test: booted angler-userdebug w/ safestack
Change-Id: Iab3050bd19f23518e1676629573eebc656ba1090
---
 libc/bionic/bionic_arc4random.cpp | 10 +++++++---
 libc/private/bionic_arc4random.h  |  7 ++++++-
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/libc/bionic/bionic_arc4random.cpp b/libc/bionic/bionic_arc4random.cpp
index 4ff18abb8..ba3b4e113 100644
--- a/libc/bionic/bionic_arc4random.cpp
+++ b/libc/bionic/bionic_arc4random.cpp
@@ -29,6 +29,7 @@
 #include "private/bionic_arc4random.h"
 
 #include <errno.h>
+#include <stdatomic.h>
 #include <stdlib.h>
 #include <sys/auxv.h>
 #include <syscall.h>
@@ -37,17 +38,20 @@
 #include "private/KernelArgumentBlock.h"
 #include "private/libc_logging.h"
 
-void __libc_safe_arc4random_buf(void* buf, size_t n, KernelArgumentBlock& args) {
+bool __libc_arc4random_has_unlimited_entropy() {
   static bool have_urandom = access("/dev/urandom", R_OK) == 0;
-  static size_t at_random_bytes_consumed = 0;
+  return have_urandom;
+}
 
+void __libc_safe_arc4random_buf(void* buf, size_t n, KernelArgumentBlock& args) {
   // Only call arc4random_buf once we `have_urandom', since in getentropy_getrandom we may fallback
   // to use /dev/urandom, if the kernel entropy pool hasn't been initialized or not enough bytes
-  if (have_urandom) {
+  if (__libc_arc4random_has_unlimited_entropy()) {
     arc4random_buf(buf, n);
     return;
   }
 
+  static size_t at_random_bytes_consumed = 0;
   if (at_random_bytes_consumed + n > 16) {
     __libc_fatal("ran out of AT_RANDOM bytes, have %zu, requested %zu",
                  16 - at_random_bytes_consumed, n);
diff --git a/libc/private/bionic_arc4random.h b/libc/private/bionic_arc4random.h
index d26a4e755..b51f818d8 100644
--- a/libc/private/bionic_arc4random.h
+++ b/libc/private/bionic_arc4random.h
@@ -39,7 +39,12 @@
  * created yet. Provide a wrapper function that falls back to AT_RANDOM if
  * we don't have getrandom and /dev/urandom is missing.
  */
-
 void __libc_safe_arc4random_buf(void* buf, size_t n, KernelArgumentBlock& args);
 
+/*
+ * Return true if libc has an unlimited entropy source (something other than
+ * AT_RANDOM), and arc4random* calls will always succeed.
+ */
+bool __libc_arc4random_has_unlimited_entropy();
+
 #endif

From bc232b9f3430734c5fcd965962e80cc2a6d2a31e Mon Sep 17 00:00:00 2001
From: Evgenii Stepanov <eugenis@google.com>
Date: Tue, 22 Nov 2016 17:36:25 -0800
Subject: [PATCH 2/2] Cleanup: replace sanitize:never with address:false.

Bug: 33091541
Test: NFC
Change-Id: Iade6a1852e7b1f34e06c26ccadcc17bac5d81c14
---
 libm/Android.bp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libm/Android.bp b/libm/Android.bp
index 11017f6ec..558e93f66 100644
--- a/libm/Android.bp
+++ b/libm/Android.bp
@@ -526,7 +526,7 @@ cc_library {
 
     native_coverage: bionic_coverage,
     sanitize: {
-        never: true,
+        address: false,
     },
     stl: "none",
 }