Add <sys/random.h>.

iOS 10 has <sys/random.h> with getentropy, glibc >= 2.25 has
<sys/random.h> with getentropy and getrandom. (glibc also pollutes
<unistd.h>, but that seems like a bad idea.)

Also, all supported devices now have kernels with the getrandom system
call.

We've had these available internally for a while, but it seems like the
time is ripe to expose them.

Bug: http://b/67014255
Test: ran tests
Change-Id: I76dde1e3a2d0bc82777eea437ac193f96964f138

19 files changed, 319 insertions, 5 deletions

diff --git a/libc/SECCOMP_WHITELIST.TXT b/libc/SECCOMP_WHITELIST.TXT
index 2c4767bc9..36a579ba1 100644
--- a/libc/SECCOMP_WHITELIST.TXT
+++ b/libc/SECCOMP_WHITELIST.TXT
@@ -35,7 +35,6 @@ int	clone:clone(int (*fn)(void *), void *child_stack, int flags, void *arg, ..)
 int	rt_sigreturn:rt_sigreturn(unsigned long __unused)	all
 int	rt_tgsigqueueinfo:int rt_tgsigqueueinfo(pid_t tgid, pid_t tid, int sig, siginfo_t *uinfo)	all
 int	restart_syscall:int restart_syscall()	all
-int	getrandom:int getrandom(void *buf, size_t buflen, unsigned int flags) all
 int	fstatat64|fstatat:newfstatat(int, const char*, struct stat*, int)	mips64
 int	fstat64|fstat:fstat(int, struct stat*)	mips64
 int	_flush_cache:cacheflush(char* addr, const int nbytes, const int op)	mips64
diff --git a/libc/SYSCALLS.TXT b/libc/SYSCALLS.TXT
index a1d1af09d..f8be0b00b 100644
--- a/libc/SYSCALLS.TXT
+++ b/libc/SYSCALLS.TXT
@@ -353,3 +353,6 @@ int     __set_thread_area:set_thread_area(void*) x86
 # vdso stuff.
 int __clock_gettime:clock_gettime(clockid_t, timespec*) all
 int __gettimeofday:gettimeofday(timeval*, timezone*) all
+
+# <sys/random.h>
+ssize_t getrandom(void*, size_t, unsigned) all
diff --git a/libc/arch-arm/syscalls/getrandom.S b/libc/arch-arm/syscalls/getrandom.S
new file mode 100644
index 000000000..3f28af6f0
--- /dev/null
+++ b/libc/arch-arm/syscalls/getrandom.S
@@ -0,0 +1,16 @@
+/* Generated by gensyscalls.py. Do not edit. */
+
+#include <private/bionic_asm.h>
+
+ENTRY(getrandom)
+    mov     ip, r7
+    .cfi_register r7, ip
+    ldr     r7, =__NR_getrandom
+    swi     #0
+    mov     r7, ip
+    .cfi_restore r7
+    cmn     r0, #(MAX_ERRNO + 1)
+    bxls    lr
+    neg     r0, r0
+    b       __set_errno_internal
+END(getrandom)
diff --git a/libc/arch-arm64/syscalls/getrandom.S b/libc/arch-arm64/syscalls/getrandom.S
new file mode 100644
index 000000000..c8fe41ffd
--- /dev/null
+++ b/libc/arch-arm64/syscalls/getrandom.S
@@ -0,0 +1,14 @@
+/* Generated by gensyscalls.py. Do not edit. */
+
+#include <private/bionic_asm.h>
+
+ENTRY(getrandom)
+    mov     x8, __NR_getrandom
+    svc     #0
+
+    cmn     x0, #(MAX_ERRNO + 1)
+    cneg    x0, x0, hi
+    b.hi    __set_errno_internal
+
+    ret
+END(getrandom)
diff --git a/libc/arch-mips/syscalls/getrandom.S b/libc/arch-mips/syscalls/getrandom.S
new file mode 100644
index 000000000..7a2f3b978
--- /dev/null
+++ b/libc/arch-mips/syscalls/getrandom.S
@@ -0,0 +1,19 @@
+/* Generated by gensyscalls.py. Do not edit. */
+
+#include <private/bionic_asm.h>
+
+ENTRY(getrandom)
+    .set noreorder
+    .cpload t9
+    li v0, __NR_getrandom
+    syscall
+    bnez a3, 1f
+    move a0, v0
+    j ra
+    nop
+1:
+    la t9,__set_errno_internal
+    j t9
+    nop
+    .set reorder
+END(getrandom)
diff --git a/libc/arch-mips64/syscalls/getrandom.S b/libc/arch-mips64/syscalls/getrandom.S
new file mode 100644
index 000000000..3c5b4673f
--- /dev/null
+++ b/libc/arch-mips64/syscalls/getrandom.S
@@ -0,0 +1,25 @@
+/* Generated by gensyscalls.py. Do not edit. */
+
+#include <private/bionic_asm.h>
+
+ENTRY(getrandom)
+    .set push
+    .set noreorder
+    li v0, __NR_getrandom
+    syscall
+    bnez a3, 1f
+    move a0, v0
+    j ra
+    nop
+1:
+    move t0, ra
+    bal     2f
+    nop
+2:
+    .cpsetup ra, t1, 2b
+    LA t9,__set_errno_internal
+    .cpreturn
+    j t9
+    move ra, t0
+    .set pop
+END(getrandom)
diff --git a/libc/arch-x86/syscalls/getrandom.S b/libc/arch-x86/syscalls/getrandom.S
new file mode 100644
index 000000000..2e8ebc955
--- /dev/null
+++ b/libc/arch-x86/syscalls/getrandom.S
@@ -0,0 +1,39 @@
+/* Generated by gensyscalls.py. Do not edit. */
+
+#include <private/bionic_asm.h>
+
+ENTRY(getrandom)
+    pushl   %ebx
+    .cfi_def_cfa_offset 8
+    .cfi_rel_offset ebx, 0
+    pushl   %ecx
+    .cfi_adjust_cfa_offset 4
+    .cfi_rel_offset ecx, 0
+    pushl   %edx
+    .cfi_adjust_cfa_offset 4
+    .cfi_rel_offset edx, 0
+
+    call    __kernel_syscall
+    pushl   %eax
+    .cfi_adjust_cfa_offset 4
+    .cfi_rel_offset eax, 0
+
+    mov     20(%esp), %ebx
+    mov     24(%esp), %ecx
+    mov     28(%esp), %edx
+    movl    $__NR_getrandom, %eax
+    call    *(%esp)
+    addl    $4, %esp
+
+    cmpl    $-MAX_ERRNO, %eax
+    jb      1f
+    negl    %eax
+    pushl   %eax
+    call    __set_errno_internal
+    addl    $4, %esp
+1:
+    popl    %edx
+    popl    %ecx
+    popl    %ebx
+    ret
+END(getrandom)
diff --git a/libc/arch-x86_64/syscalls/getrandom.S b/libc/arch-x86_64/syscalls/getrandom.S
new file mode 100644
index 000000000..c5e44a966
--- /dev/null
+++ b/libc/arch-x86_64/syscalls/getrandom.S
@@ -0,0 +1,15 @@
+/* Generated by gensyscalls.py. Do not edit. */
+
+#include <private/bionic_asm.h>
+
+ENTRY(getrandom)
+    movl    $__NR_getrandom, %eax
+    syscall
+    cmpq    $-MAX_ERRNO, %rax
+    jb      1f
+    negl    %eax
+    movl    %eax, %edi
+    call    __set_errno_internal
+1:
+    ret
+END(getrandom)
diff --git a/libc/include/sys/random.h b/libc/include/sys/random.h
new file mode 100644
index 000000000..34756520e
--- /dev/null
+++ b/libc/include/sys/random.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *  * Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  * Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef _SYS_RANDOM_H_
+#define _SYS_RANDOM_H_
+
+#include <sys/cdefs.h>
+#include <sys/types.h>
+
+#include <linux/random.h>
+
+__BEGIN_DECLS
+
+/* See also arc4random_buf in <stdlib.h>, which is available in all API levels. */
+
+int getentropy(void* __buffer, size_t __buffer_size) __wur __INTRODUCED_IN_FUTURE;
+
+ssize_t getrandom(void* __buffer, size_t __buffer_size, unsigned int __flags) __wur __INTRODUCED_IN_FUTURE;
+
+__END_DECLS
+
+#endif
diff --git a/libc/libc.arm.map b/libc/libc.arm.map
index 501895173..0c2abffba 100644
--- a/libc/libc.arm.map
+++ b/libc/libc.arm.map
@@ -1322,6 +1322,8 @@ LIBC_P {
   global:
     __freading; # future
     __fwriting; # future
+    getentropy; # future
+    getrandom; # future
     getlogin_r; # future
     hcreate; # future
     hcreate_r; # future
diff --git a/libc/libc.arm64.map b/libc/libc.arm64.map
index 4ea589663..3184c03b6 100644
--- a/libc/libc.arm64.map
+++ b/libc/libc.arm64.map
@@ -1242,6 +1242,8 @@ LIBC_P {
   global:
     __freading; # future
     __fwriting; # future
+    getentropy; # future
+    getrandom; # future
     getlogin_r; # future
     hcreate; # future
     hcreate_r; # future
diff --git a/libc/libc.map.txt b/libc/libc.map.txt
index a0ac50aca..19ec041f3 100644
--- a/libc/libc.map.txt
+++ b/libc/libc.map.txt
@@ -1347,6 +1347,8 @@ LIBC_P {
   global:
     __freading; # future
     __fwriting; # future
+    getentropy; # future
+    getrandom; # future
     getlogin_r; # future
     hcreate; # future
     hcreate_r; # future
diff --git a/libc/libc.mips.map b/libc/libc.mips.map
index 897054933..580ee720b 100644
--- a/libc/libc.mips.map
+++ b/libc/libc.mips.map
@@ -1306,6 +1306,8 @@ LIBC_P {
   global:
     __freading; # future
     __fwriting; # future
+    getentropy; # future
+    getrandom; # future
     getlogin_r; # future
     hcreate; # future
     hcreate_r; # future
diff --git a/libc/libc.mips64.map b/libc/libc.mips64.map
index 4ea589663..3184c03b6 100644
--- a/libc/libc.mips64.map
+++ b/libc/libc.mips64.map
@@ -1242,6 +1242,8 @@ LIBC_P {
   global:
     __freading; # future
     __fwriting; # future
+    getentropy; # future
+    getrandom; # future
     getlogin_r; # future
     hcreate; # future
     hcreate_r; # future
diff --git a/libc/libc.x86.map b/libc/libc.x86.map
index 543985258..1eb9c0793 100644
--- a/libc/libc.x86.map
+++ b/libc/libc.x86.map
@@ -1304,6 +1304,8 @@ LIBC_P {
   global:
     __freading; # future
     __fwriting; # future
+    getentropy; # future
+    getrandom; # future
     getlogin_r; # future
     hcreate; # future
     hcreate_r; # future
diff --git a/libc/libc.x86_64.map b/libc/libc.x86_64.map
index 4ea589663..3184c03b6 100644
--- a/libc/libc.x86_64.map
+++ b/libc/libc.x86_64.map
@@ -1242,6 +1242,8 @@ LIBC_P {
   global:
     __freading; # future
     __fwriting; # future
+    getentropy; # future
+    getrandom; # future
     getlogin_r; # future
     hcreate; # future
     hcreate_r; # future
diff --git a/libc/upstream-openbsd/android/include/openbsd-compat.h b/libc/upstream-openbsd/android/include/openbsd-compat.h
index d83143583..f17814931 100644
--- a/libc/upstream-openbsd/android/include/openbsd-compat.h
+++ b/libc/upstream-openbsd/android/include/openbsd-compat.h
@@ -18,10 +18,15 @@
 #define _BIONIC_OPENBSD_COMPAT_H_included
 
 #define _BSD_SOURCE
-
 #include <sys/cdefs.h>
+
 #include <stddef.h> // For size_t.
 
+// TODO: libandroid_support uses this file, so we need to wait for
+// <sys/random.h> to be in the NDK headers before we can lose this declaration.
+//#include <sys/random.h> // For getentropy.
+int getentropy(void*, size_t);
+
 #define __BEGIN_HIDDEN_DECLS _Pragma("GCC visibility push(hidden)")
 #define __END_HIDDEN_DECLS _Pragma("GCC visibility pop")
 
@@ -75,9 +80,6 @@ extern const char* __progname;
 __LIBC_HIDDEN__ extern const char* __bionic_get_shell_path();
 #define _PATH_BSHELL __bionic_get_shell_path()
 
-/* We have OpenBSD's getentropy_linux.c, but we don't mention getentropy in any header. */
-__LIBC_HIDDEN__ extern int getentropy(void*, size_t);
-
 /* OpenBSD has this as API, but we just use it internally. */
 __LIBC_HIDDEN__ void* reallocarray(void*, size_t, size_t);
 
diff --git a/tests/Android.bp b/tests/Android.bp
index 37311563a..74ae441f4 100644
--- a/tests/Android.bp
+++ b/tests/Android.bp
@@ -131,6 +131,7 @@ cc_test_library {
         "sys_procfs_test.cpp",
         "sys_ptrace_test.cpp",
         "sys_quota_test.cpp",
+        "sys_random_test.cpp",
         "sys_resource_test.cpp",
         "sys_select_test.cpp",
         "sys_sem_test.cpp",
diff --git a/tests/sys_random_test.cpp b/tests/sys_random_test.cpp
new file mode 100644
index 000000000..a25490c67
--- /dev/null
+++ b/tests/sys_random_test.cpp
@@ -0,0 +1,120 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// <sys/random.h> was only added as of glibc version 2.25.
+// Don't try to compile this code on older glibc versions.
+
+#include <sys/cdefs.h>
+#if defined(__BIONIC__)
+  #define HAVE_SYS_RANDOM 1
+#elif defined(__GLIBC_PREREQ)
+  #if __GLIBC_PREREQ(2, 25)
+    #define HAVE_SYS_RANDOM 1
+  #endif
+#endif
+
+
+#if defined(HAVE_SYS_RANDOM)
+#include <sys/random.h>
+#endif
+
+#include <errno.h>
+#include <gtest/gtest.h>
+
+TEST(sys_random, getentropy) {
+#if defined(HAVE_SYS_RANDOM)
+  char buf1[64];
+  char buf2[64];
+
+  ASSERT_EQ(0, getentropy(buf1, sizeof(buf1)));
+  ASSERT_EQ(0, getentropy(buf2, sizeof(buf2)));
+  ASSERT_TRUE(memcmp(buf1, buf2, sizeof(buf1)) != 0);
+#else
+  GTEST_LOG_(INFO) << "This test requires a C library with <sys/random.h>.\n";
+#endif
+}
+
+TEST(sys_random, getentropy_EFAULT) {
+#if defined(HAVE_SYS_RANDOM)
+  errno = 0;
+  ASSERT_EQ(-1, getentropy(nullptr, 1));
+  ASSERT_EQ(EFAULT, errno);
+#else
+  GTEST_LOG_(INFO) << "This test requires a C library with <sys/random.h>.\n";
+#endif
+}
+
+TEST(sys_random, getentropy_EIO) {
+#if defined(HAVE_SYS_RANDOM)
+  char buf[BUFSIZ];
+  static_assert(BUFSIZ > 256, "BUFSIZ <= 256!");
+
+  errno = 0;
+  ASSERT_EQ(-1, getentropy(buf, sizeof(buf)));
+  ASSERT_EQ(EIO, errno);
+#else
+  GTEST_LOG_(INFO) << "This test requires a C library with <sys/random.h>.\n";
+#endif
+}
+
+TEST(sys_random, getrandom) {
+#if defined(HAVE_SYS_RANDOM)
+  if (getrandom(nullptr, 0, 0) == -1 && errno == ENOSYS) {
+    GTEST_LOG_(INFO) << "This test requires a >= 3.17 kernel with getrandom(2).\n";
+    return;
+  }
+
+  char buf1[64];
+  char buf2[64];
+
+  ASSERT_EQ(64, getrandom(buf1, sizeof(buf1), 0));
+  ASSERT_EQ(64, getrandom(buf2, sizeof(buf2), 0));
+  ASSERT_TRUE(memcmp(buf1, buf2, sizeof(buf1)) != 0);
+#else
+  GTEST_LOG_(INFO) << "This test requires a C library with <sys/random.h>.\n";
+#endif
+}
+
+TEST(sys_random, getrandom_EFAULT) {
+#if defined(HAVE_SYS_RANDOM)
+  if (getrandom(nullptr, 0, 0) == -1 && errno == ENOSYS) {
+    GTEST_LOG_(INFO) << "This test requires a >= 3.17 kernel with getrandom(2).\n";
+    return;
+  }
+
+  errno = 0;
+  ASSERT_EQ(-1, getrandom(nullptr, 256, 0));
+  ASSERT_EQ(EFAULT, errno);
+#else
+  GTEST_LOG_(INFO) << "This test requires a C library with <sys/random.h>.\n";
+#endif
+}
+
+TEST(sys_random, getrandom_EINVAL) {
+#if defined(HAVE_SYS_RANDOM)
+  if (getrandom(nullptr, 0, 0) == -1 && errno == ENOSYS) {
+    GTEST_LOG_(INFO) << "This test requires a >= 3.17 kernel with getrandom(2).\n";
+    return;
+  }
+
+  errno = 0;
+  char buf[64];
+  ASSERT_EQ(-1, getrandom(buf, sizeof(buf), ~0));
+  ASSERT_EQ(EINVAL, errno);
+#else
+  GTEST_LOG_(INFO) << "This test requires a C library with <sys/random.h>.\n";
+#endif
+}