1 /*
2 * Copyright (C) 2008 The Android Open Source Project
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the
13 * distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29 #include "private/grp_pwd.h"
30
31 #include <android/api-level.h>
32 #include <ctype.h>
33 #include <errno.h>
34 #include <grp.h>
35 #include <mntent.h>
36 #include <pthread.h>
37 #include <pwd.h>
38 #include <stdio.h>
39 #include <stdlib.h>
40 #include <string.h>
41 #include <sys/system_properties.h>
42 #include <sys/types.h>
43 #include <unistd.h>
44
45 #include "private/ErrnoRestorer.h"
46 #include "private/android_filesystem_config.h"
47 #include "platform/bionic/macros.h"
48
49 // Generated android_ids array
50 #include "generated_android_ids.h"
51 #include "grp_pwd_file.h"
52
53 static PasswdFile passwd_files[] = {
54 { "/system/etc/passwd", "system_" },
55 { "/vendor/etc/passwd", "vendor_" },
56 { "/odm/etc/passwd", "odm_" },
57 { "/product/etc/passwd", "product_" },
58 { "/system_ext/etc/passwd", "system_ext_" },
59 };
60
61 static GroupFile group_files[] = {
62 { "/system/etc/group", "system_" },
63 { "/vendor/etc/group", "vendor_" },
64 { "/odm/etc/group", "odm_" },
65 { "/product/etc/group", "product_" },
66 { "/system_ext/etc/group", "system_ext_" },
67 };
68
69 // POSIX seems to envisage an implementation where the <pwd.h> functions are
70 // implemented by brute-force searching with getpwent(3), and the <grp.h>
71 // functions are implemented similarly with getgrent(3). This means that it's
72 // okay for all the <grp.h> functions to share state, and all the <passwd.h>
73 // functions to share state, but <grp.h> functions can't clobber <passwd.h>
74 // functions' state and vice versa.
75 #include "bionic/pthread_internal.h"
76
init_group_state(group_state_t * state)77 static void init_group_state(group_state_t* state) {
78 memset(state, 0, sizeof(group_state_t) - sizeof(state->getgrent_idx));
79 state->group_.gr_name = state->group_name_buffer_;
80 state->group_.gr_mem = state->group_members_;
81 state->group_.gr_mem[0] = state->group_.gr_name;
82 }
83
get_group_tls_buffer()84 static group_state_t* get_group_tls_buffer() {
85 auto result = &__get_bionic_tls().group;
86 init_group_state(result);
87 return result;
88 }
89
init_passwd_state(passwd_state_t * state)90 static void init_passwd_state(passwd_state_t* state) {
91 memset(state, 0, sizeof(passwd_state_t) - sizeof(state->getpwent_idx));
92 state->passwd_.pw_name = state->name_buffer_;
93 state->passwd_.pw_dir = state->dir_buffer_;
94 state->passwd_.pw_shell = state->sh_buffer_;
95 }
96
get_passwd_tls_buffer()97 static passwd_state_t* get_passwd_tls_buffer() {
98 auto result = &__get_bionic_tls().passwd;
99 init_passwd_state(result);
100 return result;
101 }
102
android_iinfo_to_passwd(passwd_state_t * state,const android_id_info * iinfo)103 static passwd* android_iinfo_to_passwd(passwd_state_t* state,
104 const android_id_info* iinfo) {
105 snprintf(state->name_buffer_, sizeof(state->name_buffer_), "%s", iinfo->name);
106 snprintf(state->dir_buffer_, sizeof(state->dir_buffer_), "/");
107 snprintf(state->sh_buffer_, sizeof(state->sh_buffer_), "/bin/sh");
108
109 passwd* pw = &state->passwd_;
110 pw->pw_uid = iinfo->aid;
111 pw->pw_gid = iinfo->aid;
112 return pw;
113 }
114
android_iinfo_to_group(group_state_t * state,const android_id_info * iinfo)115 static group* android_iinfo_to_group(group_state_t* state,
116 const android_id_info* iinfo) {
117 snprintf(state->group_name_buffer_, sizeof(state->group_name_buffer_), "%s", iinfo->name);
118
119 group* gr = &state->group_;
120 gr->gr_gid = iinfo->aid;
121 return gr;
122 }
123
find_android_id_info(unsigned id)124 static const android_id_info* find_android_id_info(unsigned id) {
125 for (size_t n = 0; n < android_id_count; ++n) {
126 if (android_ids[n].aid == id) {
127 return &android_ids[n];
128 }
129 }
130 return nullptr;
131 }
132
find_android_id_info(const char * name)133 static const android_id_info* find_android_id_info(const char* name) {
134 for (size_t n = 0; n < android_id_count; ++n) {
135 if (!strcmp(android_ids[n].name, name)) {
136 return &android_ids[n];
137 }
138 }
139 return nullptr;
140 }
141
142 // These are a list of the reserved app ranges, and should never contain anything below
143 // AID_APP_START. They exist per user, so a given uid/gid modulo AID_USER_OFFSET will map
144 // to these ranges.
145 struct IdRange {
146 id_t start;
147 id_t end;
148 };
149
150 static constexpr IdRange user_ranges[] = {
151 { AID_APP_START, AID_APP_END },
152 { AID_ISOLATED_START, AID_ISOLATED_END },
153 };
154
155 static constexpr IdRange group_ranges[] = {
156 { AID_APP_START, AID_APP_END },
157 { AID_CACHE_GID_START, AID_CACHE_GID_END },
158 { AID_EXT_GID_START, AID_EXT_GID_END },
159 { AID_EXT_CACHE_GID_START, AID_EXT_CACHE_GID_END },
160 { AID_SHARED_GID_START, AID_SHARED_GID_END },
161 { AID_ISOLATED_START, AID_ISOLATED_END },
162 };
163
164 template <class T, size_t N>
verify_user_ranges_ascending(T (& ranges)[N])165 static constexpr bool verify_user_ranges_ascending(T (&ranges)[N]) {
166 auto array_size = N;
167 if (array_size < 2) return false;
168
169 if (ranges[0].start > ranges[0].end) return false;
170
171 for (size_t i = 1; i < array_size; ++i) {
172 if (ranges[i].start > ranges[i].end) return false;
173 if (ranges[i - 1].end > ranges[i].start) return false;
174 }
175 return true;
176 }
177
178 static_assert(verify_user_ranges_ascending(user_ranges), "user_ranges must have ascending ranges");
179 static_assert(verify_user_ranges_ascending(group_ranges), "user_ranges must have ascending ranges");
180
181 // This list comes from PackageManagerService.java, where platform AIDs are added to list of valid
182 // AIDs for packages via addSharedUserLPw().
183 static constexpr const id_t secondary_user_platform_ids[] = {
184 AID_SYSTEM, AID_RADIO, AID_LOG, AID_NFC, AID_BLUETOOTH,
185 AID_SHELL, AID_SECURE_ELEMENT, AID_NETWORK_STACK,
186 };
187
platform_id_secondary_user_allowed(id_t id)188 static bool platform_id_secondary_user_allowed(id_t id) {
189 for (const auto& allowed_id : secondary_user_platform_ids) {
190 if (allowed_id == id) {
191 return true;
192 }
193 }
194 return false;
195 }
196
is_valid_app_id(id_t id,bool is_group)197 static bool is_valid_app_id(id_t id, bool is_group) {
198 id_t appid = id % AID_USER_OFFSET;
199
200 // AID_OVERFLOWUID is never a valid app id, so we explicitly return false to ensure this.
201 // This is true across all users, as there is no reason to ever map this id into any user range.
202 if (appid == AID_OVERFLOWUID) {
203 return false;
204 }
205
206 auto ranges_size = is_group ? arraysize(group_ranges) : arraysize(user_ranges);
207 auto ranges = is_group ? group_ranges : user_ranges;
208
209 // If we're checking an appid that resolves below the user range, then it's a platform AID for a
210 // seconary user. We only allow a reduced set of these, so we must check that it is allowed.
211 if (appid < ranges[0].start && platform_id_secondary_user_allowed(appid)) {
212 return true;
213 }
214
215 // The shared GID range is only valid for the first user.
216 if (appid >= AID_SHARED_GID_START && appid <= AID_SHARED_GID_END && appid != id) {
217 return false;
218 }
219
220 // Otherwise check that the appid is in one of the reserved ranges.
221 for (size_t i = 0; i < ranges_size; ++i) {
222 if (appid >= ranges[i].start && appid <= ranges[i].end) {
223 return true;
224 }
225 }
226
227 return false;
228 }
229
230 // This provides an iterater for app_ids within the first user's app id's.
get_next_app_id(id_t current_id,bool is_group)231 static id_t get_next_app_id(id_t current_id, bool is_group) {
232 auto ranges_size = is_group ? arraysize(group_ranges) : arraysize(user_ranges);
233 auto ranges = is_group ? group_ranges : user_ranges;
234
235 // If current_id is below the first of the ranges, then we're uninitialized, and return the first
236 // valid id.
237 if (current_id < ranges[0].start) {
238 return ranges[0].start;
239 }
240
241 id_t incremented_id = current_id + 1;
242
243 // Check to see if our incremented_id is between two ranges, and if so, return the beginning of
244 // the next valid range.
245 for (size_t i = 1; i < ranges_size; ++i) {
246 if (incremented_id > ranges[i - 1].end && incremented_id < ranges[i].start) {
247 return ranges[i].start;
248 }
249 }
250
251 // Check to see if our incremented_id is above final range, and return -1 to indicate that we've
252 // completed if so.
253 if (incremented_id > ranges[ranges_size - 1].end) {
254 return -1;
255 }
256
257 // Otherwise the incremented_id is valid, so return it.
258 return incremented_id;
259 }
260
261 // Translate a user/group name to the corresponding user/group id.
262 // all_a1234 -> 0 * AID_USER_OFFSET + AID_SHARED_GID_START + 1234 (group name only)
263 // u0_a1234_ext_cache -> 0 * AID_USER_OFFSET + AID_EXT_CACHE_GID_START + 1234 (group name only)
264 // u0_a1234_ext -> 0 * AID_USER_OFFSET + AID_EXT_GID_START + 1234 (group name only)
265 // u0_a1234_cache -> 0 * AID_USER_OFFSET + AID_CACHE_GID_START + 1234 (group name only)
266 // u0_a1234 -> 0 * AID_USER_OFFSET + AID_APP_START + 1234
267 // u2_i1000 -> 2 * AID_USER_OFFSET + AID_ISOLATED_START + 1000
268 // u1_system -> 1 * AID_USER_OFFSET + android_ids['system']
269 // returns 0 and sets errno to ENOENT in case of error.
app_id_from_name(const char * name,bool is_group)270 static id_t app_id_from_name(const char* name, bool is_group) {
271 char* end;
272 unsigned long userid;
273 bool is_shared_gid = false;
274
275 if (is_group && name[0] == 'a' && name[1] == 'l' && name[2] == 'l') {
276 end = const_cast<char*>(name+3);
277 userid = 0;
278 is_shared_gid = true;
279 } else if (name[0] == 'u' && isdigit(name[1])) {
280 userid = strtoul(name+1, &end, 10);
281 } else {
282 errno = ENOENT;
283 return 0;
284 }
285
286 if (end[0] != '_' || end[1] == 0) {
287 errno = ENOENT;
288 return 0;
289 }
290
291 unsigned long appid = 0;
292 if (end[1] == 'a' && isdigit(end[2])) {
293 if (is_shared_gid) {
294 // end will point to \0 if the strtoul below succeeds.
295 appid = strtoul(end+2, &end, 10) + AID_SHARED_GID_START;
296 if (appid > AID_SHARED_GID_END) {
297 errno = ENOENT;
298 return 0;
299 }
300 } else {
301 // end will point to \0 if the strtoul below succeeds.
302 appid = strtoul(end+2, &end, 10);
303 if (is_group) {
304 if (!strcmp(end, "_ext_cache")) {
305 end += 10;
306 appid += AID_EXT_CACHE_GID_START;
307 } else if (!strcmp(end, "_ext")) {
308 end += 4;
309 appid += AID_EXT_GID_START;
310 } else if (!strcmp(end, "_cache")) {
311 end += 6;
312 appid += AID_CACHE_GID_START;
313 } else {
314 appid += AID_APP_START;
315 }
316 } else {
317 appid += AID_APP_START;
318 }
319 }
320 } else if (end[1] == 'i' && isdigit(end[2])) {
321 // end will point to \0 if the strtoul below succeeds.
322 appid = strtoul(end+2, &end, 10) + AID_ISOLATED_START;
323 } else if (auto* android_id_info = find_android_id_info(end + 1); android_id_info != nullptr) {
324 appid = android_id_info->aid;
325 end += strlen(android_id_info->name) + 1;
326 if (!platform_id_secondary_user_allowed(appid)) {
327 errno = ENOENT;
328 return 0;
329 }
330 }
331
332 // Check that the entire string was consumed by one of the 3 cases above.
333 if (end[0] != 0) {
334 errno = ENOENT;
335 return 0;
336 }
337
338 // Check that user id won't overflow.
339 if (userid > 1000) {
340 errno = ENOENT;
341 return 0;
342 }
343
344 // Check that app id is within range.
345 if (appid >= AID_USER_OFFSET) {
346 errno = ENOENT;
347 return 0;
348 }
349
350 return (appid + userid*AID_USER_OFFSET);
351 }
352
print_app_name_from_uid(const uid_t uid,char * buffer,const int bufferlen)353 static void print_app_name_from_uid(const uid_t uid, char* buffer, const int bufferlen) {
354 const uid_t appid = uid % AID_USER_OFFSET;
355 const uid_t userid = uid / AID_USER_OFFSET;
356 if (appid >= AID_ISOLATED_START) {
357 snprintf(buffer, bufferlen, "u%u_i%u", userid, appid - AID_ISOLATED_START);
358 } else if (appid < AID_APP_START) {
359 if (auto* android_id_info = find_android_id_info(appid); android_id_info != nullptr) {
360 snprintf(buffer, bufferlen, "u%u_%s", userid, android_id_info->name);
361 }
362 } else {
363 snprintf(buffer, bufferlen, "u%u_a%u", userid, appid - AID_APP_START);
364 }
365 }
366
print_app_name_from_gid(const gid_t gid,char * buffer,const int bufferlen)367 static void print_app_name_from_gid(const gid_t gid, char* buffer, const int bufferlen) {
368 const uid_t appid = gid % AID_USER_OFFSET;
369 const uid_t userid = gid / AID_USER_OFFSET;
370 if (appid >= AID_ISOLATED_START) {
371 snprintf(buffer, bufferlen, "u%u_i%u", userid, appid - AID_ISOLATED_START);
372 } else if (userid == 0 && appid >= AID_SHARED_GID_START && appid <= AID_SHARED_GID_END) {
373 snprintf(buffer, bufferlen, "all_a%u", appid - AID_SHARED_GID_START);
374 } else if (appid >= AID_EXT_CACHE_GID_START && appid <= AID_EXT_CACHE_GID_END) {
375 snprintf(buffer, bufferlen, "u%u_a%u_ext_cache", userid, appid - AID_EXT_CACHE_GID_START);
376 } else if (appid >= AID_EXT_GID_START && appid <= AID_EXT_GID_END) {
377 snprintf(buffer, bufferlen, "u%u_a%u_ext", userid, appid - AID_EXT_GID_START);
378 } else if (appid >= AID_CACHE_GID_START && appid <= AID_CACHE_GID_END) {
379 snprintf(buffer, bufferlen, "u%u_a%u_cache", userid, appid - AID_CACHE_GID_START);
380 } else if (appid < AID_APP_START) {
381 if (auto* android_id_info = find_android_id_info(appid); android_id_info != nullptr) {
382 snprintf(buffer, bufferlen, "u%u_%s", userid, android_id_info->name);
383 }
384 } else {
385 snprintf(buffer, bufferlen, "u%u_a%u", userid, appid - AID_APP_START);
386 }
387 }
388
device_launched_before_api_29()389 static bool device_launched_before_api_29() {
390 // Check if ro.product.first_api_level is set to a value > 0 and < 29, if so, this device was
391 // launched before API 29 (Q). Any other value is considered to be either in development or
392 // launched after.
393 // Cache the value as __system_property_get() is expensive and this may be called often.
394 static bool result = [] {
395 char value[PROP_VALUE_MAX] = { 0 };
396 if (__system_property_get("ro.product.first_api_level", value) == 0) {
397 return false;
398 }
399 int value_int = atoi(value);
400 return value_int != 0 && value_int < 29;
401 }();
402 return result;
403 }
404
405 // oem_XXXX -> uid
406 // Supported ranges:
407 // AID_OEM_RESERVED_START to AID_OEM_RESERVED_END (2900-2999)
408 // AID_OEM_RESERVED_2_START to AID_OEM_RESERVED_2_END (5000-5999)
409 // Check OEM id is within range.
is_oem_id(id_t id)410 static bool is_oem_id(id_t id) {
411 // Upgrading devices launched before API level 29 may not comply with the below check.
412 // Due to the difficulty in changing uids after launch, it is waived for these devices.
413 // The legacy range:
414 // AID_OEM_RESERVED_START to AID_EVERYBODY (2900-9996), excluding builtin AIDs.
415 if (device_launched_before_api_29() && id >= AID_OEM_RESERVED_START && id < AID_EVERYBODY &&
416 find_android_id_info(id) == nullptr) {
417 return true;
418 }
419
420 return (id >= AID_OEM_RESERVED_START && id <= AID_OEM_RESERVED_END) ||
421 (id >= AID_OEM_RESERVED_2_START && id <= AID_OEM_RESERVED_2_END);
422 }
423
424 // Translate an OEM name to the corresponding user/group id.
oem_id_from_name(const char * name)425 static id_t oem_id_from_name(const char* name) {
426 unsigned int id;
427 if (sscanf(name, "oem_%u", &id) != 1) {
428 return 0;
429 }
430 if (!is_oem_id(id)) {
431 return 0;
432 }
433 return static_cast<id_t>(id);
434 }
435
oem_id_to_passwd(uid_t uid,passwd_state_t * state)436 static passwd* oem_id_to_passwd(uid_t uid, passwd_state_t* state) {
437 for (auto& passwd_file : passwd_files) {
438 if (passwd_file.FindById(uid, state)) {
439 return &state->passwd_;
440 }
441 }
442
443 if (!is_oem_id(uid)) {
444 return nullptr;
445 }
446
447 snprintf(state->name_buffer_, sizeof(state->name_buffer_), "oem_%u", uid);
448 snprintf(state->dir_buffer_, sizeof(state->dir_buffer_), "/");
449 snprintf(state->sh_buffer_, sizeof(state->sh_buffer_), "/bin/sh");
450
451 passwd* pw = &state->passwd_;
452 pw->pw_uid = uid;
453 pw->pw_gid = uid;
454 return pw;
455 }
456
oem_id_to_group(gid_t gid,group_state_t * state)457 static group* oem_id_to_group(gid_t gid, group_state_t* state) {
458 for (auto& group_file : group_files) {
459 if (group_file.FindById(gid, state)) {
460 return &state->group_;
461 }
462 }
463
464 if (!is_oem_id(gid)) {
465 return nullptr;
466 }
467
468 snprintf(state->group_name_buffer_, sizeof(state->group_name_buffer_),
469 "oem_%u", gid);
470
471 group* gr = &state->group_;
472 gr->gr_gid = gid;
473 return gr;
474 }
475
476 // Translate a uid into the corresponding name.
477 // 0 to AID_APP_START-1 -> "system", "radio", etc.
478 // AID_APP_START to AID_ISOLATED_START-1 -> u0_a1234
479 // AID_ISOLATED_START to AID_USER_OFFSET-1 -> u0_i1234
480 // AID_USER_OFFSET+ -> u1_radio, u1_a1234, u2_i1234, etc.
481 // returns a passwd structure (sets errno to ENOENT on failure).
app_id_to_passwd(uid_t uid,passwd_state_t * state)482 static passwd* app_id_to_passwd(uid_t uid, passwd_state_t* state) {
483 if (uid < AID_APP_START || !is_valid_app_id(uid, false)) {
484 errno = ENOENT;
485 return nullptr;
486 }
487
488 print_app_name_from_uid(uid, state->name_buffer_, sizeof(state->name_buffer_));
489
490 const uid_t appid = uid % AID_USER_OFFSET;
491 if (appid < AID_APP_START) {
492 snprintf(state->dir_buffer_, sizeof(state->dir_buffer_), "/");
493 } else {
494 snprintf(state->dir_buffer_, sizeof(state->dir_buffer_), "/data");
495 }
496
497 snprintf(state->sh_buffer_, sizeof(state->sh_buffer_), "/bin/sh");
498
499 passwd* pw = &state->passwd_;
500 pw->pw_uid = uid;
501 pw->pw_gid = uid;
502 return pw;
503 }
504
505 // Translate a gid into the corresponding app_<gid>
506 // group structure (sets errno to ENOENT on failure).
app_id_to_group(gid_t gid,group_state_t * state)507 static group* app_id_to_group(gid_t gid, group_state_t* state) {
508 if (gid < AID_APP_START || !is_valid_app_id(gid, true)) {
509 errno = ENOENT;
510 return nullptr;
511 }
512
513 print_app_name_from_gid(gid, state->group_name_buffer_, sizeof(state->group_name_buffer_));
514
515 group* gr = &state->group_;
516 gr->gr_gid = gid;
517 return gr;
518 }
519
getpwuid_internal(uid_t uid,passwd_state_t * state)520 passwd* getpwuid_internal(uid_t uid, passwd_state_t* state) {
521 if (auto* android_id_info = find_android_id_info(uid); android_id_info != nullptr) {
522 return android_iinfo_to_passwd(state, android_id_info);
523 }
524
525 // Handle OEM range.
526 passwd* pw = oem_id_to_passwd(uid, state);
527 if (pw != nullptr) {
528 return pw;
529 }
530 return app_id_to_passwd(uid, state);
531 }
532
getpwuid(uid_t uid)533 passwd* getpwuid(uid_t uid) { // NOLINT: implementing bad function.
534 passwd_state_t* state = get_passwd_tls_buffer();
535 return getpwuid_internal(uid, state);
536 }
537
getpwnam_internal(const char * login,passwd_state_t * state)538 passwd* getpwnam_internal(const char* login, passwd_state_t* state) {
539 if (auto* android_id_info = find_android_id_info(login); android_id_info != nullptr) {
540 return android_iinfo_to_passwd(state, android_id_info);
541 }
542
543 for (auto& passwd_file : passwd_files) {
544 if (passwd_file.FindByName(login, state)) {
545 return &state->passwd_;
546 }
547 }
548
549 // Handle OEM range.
550 passwd* pw = oem_id_to_passwd(oem_id_from_name(login), state);
551 if (pw != nullptr) {
552 return pw;
553 }
554 return app_id_to_passwd(app_id_from_name(login, false), state);
555 }
556
getpwnam(const char * login)557 passwd* getpwnam(const char* login) { // NOLINT: implementing bad function.
558 passwd_state_t* state = get_passwd_tls_buffer();
559 return getpwnam_internal(login, state);
560 }
561
getpasswd_r(bool by_name,const char * name,uid_t uid,struct passwd * pwd,char * buf,size_t buflen,struct passwd ** result)562 static int getpasswd_r(bool by_name, const char* name, uid_t uid, struct passwd* pwd, char* buf,
563 size_t buflen, struct passwd** result) {
564 ErrnoRestorer errno_restorer;
565 *result = nullptr;
566 char* p =
567 reinterpret_cast<char*>(__BIONIC_ALIGN(reinterpret_cast<uintptr_t>(buf), sizeof(uintptr_t)));
568 if (p + sizeof(passwd_state_t) > buf + buflen) {
569 return ERANGE;
570 }
571 passwd_state_t* state = reinterpret_cast<passwd_state_t*>(p);
572 init_passwd_state(state);
573 passwd* retval = (by_name ? getpwnam_internal(name, state) : getpwuid_internal(uid, state));
574 if (retval != nullptr) {
575 *pwd = *retval;
576 *result = pwd;
577 return 0;
578 }
579 return errno;
580 }
581
getpwnam_r(const char * name,passwd * pwd,char * buf,size_t byte_count,passwd ** result)582 int getpwnam_r(const char* name, passwd* pwd, char* buf, size_t byte_count, passwd** result) {
583 return getpasswd_r(true, name, -1, pwd, buf, byte_count, result);
584 }
585
getpwuid_r(uid_t uid,passwd * pwd,char * buf,size_t byte_count,passwd ** result)586 int getpwuid_r(uid_t uid, passwd* pwd, char* buf, size_t byte_count, passwd** result) {
587 return getpasswd_r(false, nullptr, uid, pwd, buf, byte_count, result);
588 }
589
590 // All users are in just one group, the one passed in.
getgrouplist(const char *,gid_t group,gid_t * groups,int * ngroups)591 int getgrouplist(const char* /*user*/, gid_t group, gid_t* groups, int* ngroups) {
592 if (*ngroups < 1) {
593 *ngroups = 1;
594 return -1;
595 }
596 groups[0] = group;
597 return (*ngroups = 1);
598 }
599
getlogin()600 char* getlogin() { // NOLINT: implementing bad function.
601 passwd *pw = getpwuid(getuid()); // NOLINT: implementing bad function in terms of bad function.
602 return pw ? pw->pw_name : nullptr;
603 }
604
getlogin_r(char * buf,size_t size)605 int getlogin_r(char* buf, size_t size) {
606 char* login = getlogin();
607 if (login == nullptr) return errno;
608 size_t login_length = strlen(login) + 1;
609 if (login_length > size) return ERANGE;
610 memcpy(buf, login, login_length);
611 return 0;
612 }
613
setpwent()614 void setpwent() {
615 passwd_state_t* state = get_passwd_tls_buffer();
616 if (state) {
617 state->getpwent_idx = 0;
618 }
619 }
620
endpwent()621 void endpwent() {
622 setpwent();
623 }
624
getpwent()625 passwd* getpwent() {
626 passwd_state_t* state = get_passwd_tls_buffer();
627 if (state->getpwent_idx < 0) {
628 return nullptr;
629 }
630
631 size_t start = 0;
632 ssize_t end = android_id_count;
633 if (state->getpwent_idx < end) {
634 return android_iinfo_to_passwd(state, android_ids + state->getpwent_idx++);
635 }
636
637 start = end;
638 end += AID_OEM_RESERVED_END - AID_OEM_RESERVED_START + 1;
639
640 if (state->getpwent_idx < end) {
641 return oem_id_to_passwd(
642 state->getpwent_idx++ - start + AID_OEM_RESERVED_START, state);
643 }
644
645 start = end;
646 end += AID_OEM_RESERVED_2_END - AID_OEM_RESERVED_2_START + 1;
647
648 if (state->getpwent_idx < end) {
649 return oem_id_to_passwd(
650 state->getpwent_idx++ - start + AID_OEM_RESERVED_2_START, state);
651 }
652
653 start = end;
654 end += AID_SYSTEM_EXT_RESERVED_END - AID_SYSTEM_RESERVED_START + 1;
655
656 if (state->getpwent_idx < end) {
657 // No one calls this enough to worry about how inefficient the below is.
658 auto* oem_passwd =
659 oem_id_to_passwd(state->getpwent_idx++ - start + AID_SYSTEM_RESERVED_START, state);
660 while (oem_passwd == nullptr && state->getpwent_idx < end) {
661 oem_passwd =
662 oem_id_to_passwd(state->getpwent_idx++ - start + AID_SYSTEM_RESERVED_START, state);
663 }
664 if (oem_passwd != nullptr) {
665 return oem_passwd;
666 }
667 }
668
669 state->getpwent_idx = get_next_app_id(state->getpwent_idx, false);
670
671 if (state->getpwent_idx != -1) {
672 return app_id_to_passwd(state->getpwent_idx, state);
673 }
674
675 // We are not reporting u1_a* and higher or we will be here forever
676 return nullptr;
677 }
678
getgrgid_internal(gid_t gid,group_state_t * state)679 static group* getgrgid_internal(gid_t gid, group_state_t* state) {
680 if (auto* android_id_info = find_android_id_info(gid); android_id_info != nullptr) {
681 return android_iinfo_to_group(state, android_id_info);
682 }
683
684 // Handle OEM range.
685 group* grp = oem_id_to_group(gid, state);
686 if (grp != nullptr) {
687 return grp;
688 }
689 return app_id_to_group(gid, state);
690 }
691
getgrgid(gid_t gid)692 group* getgrgid(gid_t gid) { // NOLINT: implementing bad function.
693 group_state_t* state = get_group_tls_buffer();
694 return getgrgid_internal(gid, state);
695 }
696
getgrnam_internal(const char * name,group_state_t * state)697 static group* getgrnam_internal(const char* name, group_state_t* state) {
698 if (auto* android_id_info = find_android_id_info(name); android_id_info != nullptr) {
699 return android_iinfo_to_group(state, android_id_info);
700 }
701
702 for (auto& group_file : group_files) {
703 if (group_file.FindByName(name, state)) {
704 return &state->group_;
705 }
706 }
707
708 // Handle OEM range.
709 group* grp = oem_id_to_group(oem_id_from_name(name), state);
710 if (grp != nullptr) {
711 return grp;
712 }
713 return app_id_to_group(app_id_from_name(name, true), state);
714 }
715
getgrnam(const char * name)716 group* getgrnam(const char* name) { // NOLINT: implementing bad function.
717 group_state_t* state = get_group_tls_buffer();
718 return getgrnam_internal(name, state);
719 }
720
getgroup_r(bool by_name,const char * name,gid_t gid,struct group * grp,char * buf,size_t buflen,struct group ** result)721 static int getgroup_r(bool by_name, const char* name, gid_t gid, struct group* grp, char* buf,
722 size_t buflen, struct group** result) {
723 ErrnoRestorer errno_restorer;
724 *result = nullptr;
725 char* p = reinterpret_cast<char*>(
726 __BIONIC_ALIGN(reinterpret_cast<uintptr_t>(buf), sizeof(uintptr_t)));
727 if (p + sizeof(group_state_t) > buf + buflen) {
728 return ERANGE;
729 }
730 group_state_t* state = reinterpret_cast<group_state_t*>(p);
731 init_group_state(state);
732 group* retval = (by_name ? getgrnam_internal(name, state) : getgrgid_internal(gid, state));
733 if (retval != nullptr) {
734 *grp = *retval;
735 *result = grp;
736 return 0;
737 }
738 return errno;
739 }
740
getgrgid_r(gid_t gid,struct group * grp,char * buf,size_t buflen,struct group ** result)741 int getgrgid_r(gid_t gid, struct group* grp, char* buf, size_t buflen, struct group** result) {
742 return getgroup_r(false, nullptr, gid, grp, buf, buflen, result);
743 }
744
getgrnam_r(const char * name,struct group * grp,char * buf,size_t buflen,struct group ** result)745 int getgrnam_r(const char* name, struct group* grp, char* buf, size_t buflen,
746 struct group **result) {
747 return getgroup_r(true, name, 0, grp, buf, buflen, result);
748 }
749
setgrent()750 void setgrent() {
751 group_state_t* state = get_group_tls_buffer();
752 if (state) {
753 state->getgrent_idx = 0;
754 }
755 }
756
endgrent()757 void endgrent() {
758 setgrent();
759 }
760
getgrent()761 group* getgrent() {
762 group_state_t* state = get_group_tls_buffer();
763 if (state->getgrent_idx < 0) {
764 return nullptr;
765 }
766
767 size_t start = 0;
768 ssize_t end = android_id_count;
769 if (state->getgrent_idx < end) {
770 return android_iinfo_to_group(state, android_ids + state->getgrent_idx++);
771 }
772
773 start = end;
774 end += AID_OEM_RESERVED_END - AID_OEM_RESERVED_START + 1;
775
776 if (state->getgrent_idx < end) {
777 return oem_id_to_group(
778 state->getgrent_idx++ - start + AID_OEM_RESERVED_START, state);
779 }
780
781 start = end;
782 end += AID_OEM_RESERVED_2_END - AID_OEM_RESERVED_2_START + 1;
783
784 if (state->getgrent_idx < end) {
785 return oem_id_to_group(
786 state->getgrent_idx++ - start + AID_OEM_RESERVED_2_START, state);
787 }
788
789 start = end;
790 end += AID_SYSTEM_EXT_RESERVED_END - AID_SYSTEM_RESERVED_START + 1;
791
792 if (state->getgrent_idx < end) {
793 // No one calls this enough to worry about how inefficient the below is.
794 init_group_state(state);
795 auto* oem_group =
796 oem_id_to_group(state->getgrent_idx++ - start + AID_SYSTEM_RESERVED_START, state);
797 while (oem_group == nullptr && state->getgrent_idx < end) {
798 oem_group = oem_id_to_group(state->getgrent_idx++ - start + AID_SYSTEM_RESERVED_START, state);
799 }
800 if (oem_group != nullptr) {
801 return oem_group;
802 }
803 }
804
805 start = end;
806 end += AID_USER_OFFSET - AID_APP_START; // Do not expose higher groups
807
808 state->getgrent_idx = get_next_app_id(state->getgrent_idx, true);
809
810 if (state->getgrent_idx != -1) {
811 return app_id_to_group(state->getgrent_idx, state);
812 }
813
814 // We are not reporting u1_a* and higher or we will be here forever
815 return nullptr;
816 }
817