1 /*
2 * Copyright (C) 2019 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "Access.h"
18
19 #include <android-base/logging.h>
20 #include <binder/IPCThreadState.h>
21 #include <log/log_safetynet.h>
22 #include <selinux/android.h>
23 #include <selinux/avc.h>
24
25 namespace android {
26
27 #ifdef VENDORSERVICEMANAGER
28 constexpr bool kIsVendor = true;
29 #else
30 constexpr bool kIsVendor = false;
31 #endif
32
33 #ifdef __ANDROID__
getPidcon(pid_t pid)34 static std::string getPidcon(pid_t pid) {
35 android_errorWriteLog(0x534e4554, "121035042");
36
37 char* lookup = nullptr;
38 if (getpidcon(pid, &lookup) < 0) {
39 LOG(ERROR) << "SELinux: getpidcon(pid=" << pid << ") failed to retrieve pid context";
40 return "";
41 }
42 std::string result = lookup;
43 freecon(lookup);
44 return result;
45 }
46
getSehandle()47 static struct selabel_handle* getSehandle() {
48 static struct selabel_handle* gSehandle = nullptr;
49 if (gSehandle != nullptr && selinux_status_updated()) {
50 selabel_close(gSehandle);
51 gSehandle = nullptr;
52 }
53
54 if (gSehandle == nullptr) {
55 gSehandle = kIsVendor
56 ? selinux_android_vendor_service_context_handle()
57 : selinux_android_service_context_handle();
58 }
59
60 CHECK(gSehandle != nullptr);
61 return gSehandle;
62 }
63
64 struct AuditCallbackData {
65 const Access::CallingContext* context;
66 const std::string* tname;
67 };
68
auditCallback(void * data,security_class_t,char * buf,size_t len)69 static int auditCallback(void *data, security_class_t /*cls*/, char *buf, size_t len) {
70 const AuditCallbackData* ad = reinterpret_cast<AuditCallbackData*>(data);
71
72 if (!ad) {
73 LOG(ERROR) << "No service manager audit data";
74 return 0;
75 }
76
77 snprintf(buf, len, "pid=%d uid=%d name=%s", ad->context->debugPid, ad->context->uid,
78 ad->tname->c_str());
79 return 0;
80 }
81 #endif
82
Access()83 Access::Access() {
84 #ifdef __ANDROID__
85 union selinux_callback cb;
86
87 cb.func_audit = auditCallback;
88 selinux_set_callback(SELINUX_CB_AUDIT, cb);
89
90 cb.func_log = kIsVendor ? selinux_vendor_log_callback : selinux_log_callback;
91 selinux_set_callback(SELINUX_CB_LOG, cb);
92
93 CHECK(selinux_status_open(true /*fallback*/) >= 0);
94
95 CHECK(getcon(&mThisProcessContext) == 0);
96 #endif
97 }
98
~Access()99 Access::~Access() {
100 freecon(mThisProcessContext);
101 }
102
getCallingContext()103 Access::CallingContext Access::getCallingContext() {
104 #ifdef __ANDROID__
105 IPCThreadState* ipc = IPCThreadState::self();
106
107 const char* callingSid = ipc->getCallingSid();
108 pid_t callingPid = ipc->getCallingPid();
109
110 return CallingContext {
111 .debugPid = callingPid,
112 .uid = ipc->getCallingUid(),
113 .sid = callingSid ? std::string(callingSid) : getPidcon(callingPid),
114 };
115 #else
116 return CallingContext();
117 #endif
118 }
119
canFind(const CallingContext & ctx,const std::string & name)120 bool Access::canFind(const CallingContext& ctx,const std::string& name) {
121 return actionAllowedFromLookup(ctx, name, "find");
122 }
123
canAdd(const CallingContext & ctx,const std::string & name)124 bool Access::canAdd(const CallingContext& ctx, const std::string& name) {
125 return actionAllowedFromLookup(ctx, name, "add");
126 }
127
canList(const CallingContext & ctx)128 bool Access::canList(const CallingContext& ctx) {
129 return actionAllowed(ctx, mThisProcessContext, "list", "service_manager");
130 }
131
actionAllowed(const CallingContext & sctx,const char * tctx,const char * perm,const std::string & tname)132 bool Access::actionAllowed(const CallingContext& sctx, const char* tctx, const char* perm,
133 const std::string& tname) {
134 #ifdef __ANDROID__
135 const char* tclass = "service_manager";
136
137 AuditCallbackData data = {
138 .context = &sctx,
139 .tname = &tname,
140 };
141
142 return 0 == selinux_check_access(sctx.sid.c_str(), tctx, tclass, perm,
143 reinterpret_cast<void*>(&data));
144 #else
145 (void)sctx;
146 (void)tctx;
147 (void)perm;
148 (void)tname;
149
150 return true;
151 #endif
152 }
153
actionAllowedFromLookup(const CallingContext & sctx,const std::string & name,const char * perm)154 bool Access::actionAllowedFromLookup(const CallingContext& sctx, const std::string& name, const char *perm) {
155 #ifdef __ANDROID__
156 char *tctx = nullptr;
157 if (selabel_lookup(getSehandle(), &tctx, name.c_str(), SELABEL_CTX_ANDROID_SERVICE) != 0) {
158 LOG(ERROR) << "SELinux: No match for " << name << " in service_contexts.\n";
159 return false;
160 }
161
162 bool allowed = actionAllowed(sctx, tctx, perm, name);
163 freecon(tctx);
164 return allowed;
165 #else
166 (void)sctx;
167 (void)name;
168 (void)perm;
169 (void)kIsVendor;
170
171 return true;
172 #endif
173 }
174
175 } // android
176