1 //
2 // Copyright (C) 2018 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 // http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16
17 #include "host_init_verifier.h"
18
19 #include <errno.h>
20 #include <getopt.h>
21 #include <pwd.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24
25 #include <fstream>
26 #include <iostream>
27 #include <iterator>
28 #include <string>
29 #include <vector>
30
31 #include <android-base/file.h>
32 #include <android-base/logging.h>
33 #include <android-base/parseint.h>
34 #include <android-base/strings.h>
35 #include <hidl/metadata.h>
36 #include <property_info_serializer/property_info_serializer.h>
37
38 #include "action.h"
39 #include "action_manager.h"
40 #include "action_parser.h"
41 #include "check_builtins.h"
42 #include "host_import_parser.h"
43 #include "host_init_stubs.h"
44 #include "interface_utils.h"
45 #include "parser.h"
46 #include "result.h"
47 #include "service.h"
48 #include "service_list.h"
49 #include "service_parser.h"
50
51 #define EXCLUDE_FS_CONFIG_STRUCTURES
52 #include "generated_android_ids.h"
53
54 using namespace std::literals;
55
56 using android::base::ParseInt;
57 using android::base::ReadFileToString;
58 using android::base::Split;
59 using android::properties::BuildTrie;
60 using android::properties::ParsePropertyInfoFile;
61 using android::properties::PropertyInfoArea;
62 using android::properties::PropertyInfoEntry;
63
64 static std::vector<std::string> passwd_files;
65
GetVendorPasswd(const std::string & passwd_file)66 static std::vector<std::pair<std::string, int>> GetVendorPasswd(const std::string& passwd_file) {
67 std::string passwd;
68 if (!ReadFileToString(passwd_file, &passwd)) {
69 return {};
70 }
71
72 std::vector<std::pair<std::string, int>> result;
73 auto passwd_lines = Split(passwd, "\n");
74 for (const auto& line : passwd_lines) {
75 auto split_line = Split(line, ":");
76 if (split_line.size() < 3) {
77 continue;
78 }
79 int uid = 0;
80 if (!ParseInt(split_line[2], &uid)) {
81 continue;
82 }
83 result.emplace_back(split_line[0], uid);
84 }
85 return result;
86 }
87
GetVendorPasswd()88 static std::vector<std::pair<std::string, int>> GetVendorPasswd() {
89 std::vector<std::pair<std::string, int>> result;
90 for (const auto& passwd_file : passwd_files) {
91 auto individual_result = GetVendorPasswd(passwd_file);
92 std::move(individual_result.begin(), individual_result.end(),
93 std::back_insert_iterator(result));
94 }
95 return result;
96 }
97
getpwnam(const char * login)98 passwd* getpwnam(const char* login) { // NOLINT: implementing bad function.
99 // This isn't thread safe, but that's okay for our purposes.
100 static char static_name[32] = "";
101 static char static_dir[32] = "/";
102 static char static_shell[32] = "/system/bin/sh";
103 static passwd static_passwd = {
104 .pw_name = static_name,
105 .pw_dir = static_dir,
106 .pw_shell = static_shell,
107 .pw_uid = 0,
108 .pw_gid = 0,
109 };
110
111 for (size_t n = 0; n < android_id_count; ++n) {
112 if (!strcmp(android_ids[n].name, login)) {
113 snprintf(static_name, sizeof(static_name), "%s", android_ids[n].name);
114 static_passwd.pw_uid = android_ids[n].aid;
115 static_passwd.pw_gid = android_ids[n].aid;
116 return &static_passwd;
117 }
118 }
119
120 static const auto vendor_passwd = GetVendorPasswd();
121
122 for (const auto& [name, uid] : vendor_passwd) {
123 if (name == login) {
124 snprintf(static_name, sizeof(static_name), "%s", name.c_str());
125 static_passwd.pw_uid = uid;
126 static_passwd.pw_gid = uid;
127 return &static_passwd;
128 }
129 }
130
131 unsigned int oem_uid;
132 if (sscanf(login, "oem_%u", &oem_uid) == 1) {
133 snprintf(static_name, sizeof(static_name), "%s", login);
134 static_passwd.pw_uid = oem_uid;
135 static_passwd.pw_gid = oem_uid;
136 return &static_passwd;
137 }
138
139 errno = ENOENT;
140 return nullptr;
141 }
142
143 namespace android {
144 namespace init {
145
check_stub(const BuiltinArguments & args)146 static Result<void> check_stub(const BuiltinArguments& args) {
147 return {};
148 }
149
150 #include "generated_stub_builtin_function_map.h"
151
PrintUsage()152 void PrintUsage() {
153 std::cout << "usage: host_init_verifier [options] <init rc file>\n"
154 "\n"
155 "Tests an init script for correctness\n"
156 "\n"
157 "-p FILE\tSearch this passwd file for users and groups\n"
158 "--property_contexts=FILE\t Use this file for property_contexts\n"
159 << std::endl;
160 }
161
ReadInterfaceInheritanceHierarchy()162 Result<InterfaceInheritanceHierarchyMap> ReadInterfaceInheritanceHierarchy() {
163 InterfaceInheritanceHierarchyMap result;
164 for (const HidlInterfaceMetadata& iface : HidlInterfaceMetadata::all()) {
165 std::set<FQName> inherited_interfaces;
166 for (const std::string& intf : iface.inherited) {
167 FQName fqname;
168 if (!fqname.setTo(intf)) {
169 return Error() << "Unable to parse interface '" << intf << "'";
170 }
171 inherited_interfaces.insert(fqname);
172 }
173 FQName fqname;
174 if (!fqname.setTo(iface.name)) {
175 return Error() << "Unable to parse interface '" << iface.name << "'";
176 }
177 result[fqname] = inherited_interfaces;
178 }
179
180 return result;
181 }
182
183 const PropertyInfoArea* property_info_area;
184
HandlePropertyContexts(const std::string & filename,std::vector<PropertyInfoEntry> * property_infos)185 void HandlePropertyContexts(const std::string& filename,
186 std::vector<PropertyInfoEntry>* property_infos) {
187 auto file_contents = std::string();
188 if (!ReadFileToString(filename, &file_contents)) {
189 PLOG(ERROR) << "Could not read properties from '" << filename << "'";
190 exit(EXIT_FAILURE);
191 }
192
193 auto errors = std::vector<std::string>{};
194 ParsePropertyInfoFile(file_contents, true, property_infos, &errors);
195 for (const auto& error : errors) {
196 LOG(ERROR) << "Could not read line from '" << filename << "': " << error;
197 }
198 if (!errors.empty()) {
199 exit(EXIT_FAILURE);
200 }
201 }
202
main(int argc,char ** argv)203 int main(int argc, char** argv) {
204 android::base::InitLogging(argv, &android::base::StdioLogger);
205 android::base::SetMinimumLogSeverity(android::base::ERROR);
206
207 auto property_infos = std::vector<PropertyInfoEntry>();
208
209 while (true) {
210 static const char kPropertyContexts[] = "property-contexts=";
211 static const struct option long_options[] = {
212 {"help", no_argument, nullptr, 'h'},
213 {kPropertyContexts, required_argument, nullptr, 0},
214 {nullptr, 0, nullptr, 0},
215 };
216
217 int option_index;
218 int arg = getopt_long(argc, argv, "p:", long_options, &option_index);
219
220 if (arg == -1) {
221 break;
222 }
223
224 switch (arg) {
225 case 0:
226 if (long_options[option_index].name == kPropertyContexts) {
227 HandlePropertyContexts(optarg, &property_infos);
228 }
229 break;
230 case 'h':
231 PrintUsage();
232 return EXIT_FAILURE;
233 case 'p':
234 passwd_files.emplace_back(optarg);
235 break;
236 default:
237 std::cerr << "getprop: getopt returned invalid result: " << arg << std::endl;
238 return EXIT_FAILURE;
239 }
240 }
241
242 argc -= optind;
243 argv += optind;
244
245 if (argc != 1) {
246 PrintUsage();
247 return EXIT_FAILURE;
248 }
249
250 auto interface_inheritance_hierarchy_map = ReadInterfaceInheritanceHierarchy();
251 if (!interface_inheritance_hierarchy_map.ok()) {
252 LOG(ERROR) << interface_inheritance_hierarchy_map.error();
253 return EXIT_FAILURE;
254 }
255 SetKnownInterfaces(*interface_inheritance_hierarchy_map);
256
257 std::string serialized_contexts;
258 std::string trie_error;
259 if (!BuildTrie(property_infos, "u:object_r:default_prop:s0", "string", &serialized_contexts,
260 &trie_error)) {
261 LOG(ERROR) << "Unable to serialize property contexts: " << trie_error;
262 return EXIT_FAILURE;
263 }
264
265 property_info_area = reinterpret_cast<const PropertyInfoArea*>(serialized_contexts.c_str());
266
267 const BuiltinFunctionMap& function_map = GetBuiltinFunctionMap();
268 Action::set_function_map(&function_map);
269 ActionManager& am = ActionManager::GetInstance();
270 ServiceList& sl = ServiceList::GetInstance();
271 Parser parser;
272 parser.AddSectionParser("service", std::make_unique<ServiceParser>(
273 &sl, nullptr, *interface_inheritance_hierarchy_map));
274 parser.AddSectionParser("on", std::make_unique<ActionParser>(&am, nullptr));
275 parser.AddSectionParser("import", std::make_unique<HostImportParser>());
276
277 if (!parser.ParseConfigFileInsecure(*argv)) {
278 LOG(ERROR) << "Failed to open init rc script '" << *argv << "'";
279 return EXIT_FAILURE;
280 }
281 size_t failures = parser.parse_error_count() + am.CheckAllCommands() + sl.CheckAllCommands();
282 if (failures > 0) {
283 LOG(ERROR) << "Failed to parse init script '" << *argv << "' with " << failures
284 << " errors";
285 return EXIT_FAILURE;
286 }
287 return EXIT_SUCCESS;
288 }
289
290 } // namespace init
291 } // namespace android
292
main(int argc,char ** argv)293 int main(int argc, char** argv) {
294 return android::init::main(argc, argv);
295 }
296