1 /*
2 * Copyright (C) 2017 The Android Open Source Project
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the
13 * distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29 #include <spawn.h>
30
31 #include <errno.h>
32 #include <fcntl.h>
33 #include <linux/close_range.h>
34 #include <signal.h>
35 #include <stdlib.h>
36 #include <string.h>
37 #include <sys/resource.h>
38 #include <sys/syscall.h>
39 #include <unistd.h>
40
41 #include <android/fdsan.h>
42
43 #include "private/ScopedSignalBlocker.h"
44
set_cloexec(int i)45 static int set_cloexec(int i) {
46 int v = fcntl(i, F_GETFD);
47 if (v == -1) return -1; // almost certainly: errno == EBADF
48 return fcntl(i, F_SETFD, v | FD_CLOEXEC);
49 }
50
51 // mark all open fds except stdin/out/err as close-on-exec
cloexec_except_stdioe()52 static int cloexec_except_stdioe() {
53 // requires 5.11+ or ACK 5.10-T kernel, otherwise returns ENOSYS or EINVAL
54 if (!close_range(3, ~0U, CLOSE_RANGE_CLOEXEC)) return 0;
55
56 // unfortunately getrlimit can lie:
57 // - both soft and hard limits can be lowered to 0, with fds still open, so it can underestimate
58 // - in practice it usually is some really large value (like 32K or more)
59 // even though only a handful of small fds are actually open (ie. < 500),
60 // this results in poor performance when trying to act on all possibly open fds
61 struct rlimit m;
62 int max = getrlimit(RLIMIT_NOFILE, &m) ? 1000000 : m.rlim_max;
63 for (int i = 3; i < max; ++i) set_cloexec(i);
64 return 0;
65 }
66
67 enum Action {
68 kOpen,
69 kClose,
70 kDup2,
71 kChdir,
72 kFchdir,
73 };
74
75 struct __posix_spawn_file_action {
76 __posix_spawn_file_action* next;
77
78 Action what;
79 int fd;
80 int new_fd;
81 char* path;
82 int flags;
83 mode_t mode;
84
Do__posix_spawn_file_action85 void Do() {
86 if (what == kOpen) {
87 fd = open(path, flags, mode);
88 if (fd == -1) _exit(127);
89 // If it didn't land where we wanted it, move it.
90 if (fd != new_fd) {
91 if (dup2(fd, new_fd) == -1) _exit(127);
92 close(fd);
93 }
94 } else if (what == kClose) {
95 // Failure to close is ignored.
96 close(fd);
97 } else if (what == kChdir) {
98 if (chdir(path) == -1) _exit(127);
99 } else if (what == kFchdir) {
100 if (fchdir(fd) == -1) _exit(127);
101 } else {
102 // It's a dup2.
103 if (fd == new_fd) {
104 // dup2(2) is a no-op if fd == new_fd, but POSIX suggests that we should
105 // manually remove the O_CLOEXEC flag in that case (because otherwise
106 // what use is the dup?).
107 // See https://www.austingroupbugs.net/view.php?id=411 for details.
108 int flags = fcntl(fd, F_GETFD, 0);
109 if (flags == -1 || fcntl(fd, F_SETFD, flags & ~FD_CLOEXEC) == -1) _exit(127);
110 } else {
111 if (dup2(fd, new_fd) == -1) _exit(127);
112 }
113 }
114 }
115 };
116
117 struct __posix_spawn_file_actions {
118 __posix_spawn_file_action* head;
119 __posix_spawn_file_action* last;
120
Do__posix_spawn_file_actions121 void Do() {
122 for (__posix_spawn_file_action* action = head; action != nullptr; action = action->next) {
123 action->Do();
124 }
125 }
126 };
127
128 struct __posix_spawnattr {
129 short flags;
130 pid_t pgroup;
131 sched_param schedparam;
132 int schedpolicy;
133 union {
134 sigset_t sigset;
135 sigset64_t sigset64;
136 } sigmask, sigdefault;
137 };
138
ApplyAttrs(short flags,const posix_spawnattr_t * attr)139 static void ApplyAttrs(short flags, const posix_spawnattr_t* attr) {
140 // POSIX: "If POSIX_SPAWN_SETSIGDEF is set ... signals in sigdefault ...
141 // shall be set to their default actions in the child process."
142 // POSIX: "Signals set to be caught by the calling process shall be
143 // set to the default action in the child process."
144 bool use_sigdefault = ((flags & POSIX_SPAWN_SETSIGDEF) != 0);
145 const struct sigaction64 default_sa = { .sa_handler = SIG_DFL };
146 for (int s = 1; s < _NSIG; ++s) {
147 bool reset = false;
148 if (use_sigdefault && sigismember64(&(*attr)->sigdefault.sigset64, s)) {
149 reset = true;
150 } else {
151 struct sigaction64 current;
152 if (sigaction64(s, nullptr, ¤t) == -1) _exit(127);
153 reset = (current.sa_handler != SIG_IGN && current.sa_handler != SIG_DFL);
154 }
155 if (reset && sigaction64(s, &default_sa, nullptr) == -1) _exit(127);
156 }
157
158 if ((flags & POSIX_SPAWN_SETPGROUP) != 0 && setpgid(0, (*attr)->pgroup) == -1) _exit(127);
159 if ((flags & POSIX_SPAWN_SETSID) != 0 && setsid() == -1) _exit(127);
160
161 // POSIX_SPAWN_SETSCHEDULER overrides POSIX_SPAWN_SETSCHEDPARAM, but it is not an error
162 // to set both.
163 if ((flags & POSIX_SPAWN_SETSCHEDULER) != 0) {
164 if (sched_setscheduler(0, (*attr)->schedpolicy, &(*attr)->schedparam) == -1) _exit(127);
165 } else if ((flags & POSIX_SPAWN_SETSCHEDPARAM) != 0) {
166 if (sched_setparam(0, &(*attr)->schedparam) == -1) _exit(127);
167 }
168
169 if ((flags & POSIX_SPAWN_RESETIDS) != 0) {
170 if (seteuid(getuid()) == -1 || setegid(getgid()) == -1) _exit(127);
171 }
172
173 if ((flags & POSIX_SPAWN_SETSIGMASK) != 0) {
174 if (sigprocmask64(SIG_SETMASK, &(*attr)->sigmask.sigset64, nullptr)) _exit(127);
175 }
176
177 if ((flags & POSIX_SPAWN_CLOEXEC_DEFAULT) != 0) {
178 if (cloexec_except_stdioe()) _exit(127);
179 }
180 }
181
posix_spawn(pid_t * pid_ptr,const char * path,const posix_spawn_file_actions_t * actions,const posix_spawnattr_t * attr,char * const argv[],char * const env[],int exec_fn (const char * path,char * const argv[],char * const env[]))182 static int posix_spawn(pid_t* pid_ptr,
183 const char* path,
184 const posix_spawn_file_actions_t* actions,
185 const posix_spawnattr_t* attr,
186 char* const argv[],
187 char* const env[],
188 int exec_fn(const char* path, char* const argv[], char* const env[])) {
189 // See http://man7.org/linux/man-pages/man3/posix_spawn.3.html
190 // and http://pubs.opengroup.org/onlinepubs/9699919799/functions/posix_spawn.html
191
192 ScopedSignalBlocker ssb;
193
194 short flags = attr ? (*attr)->flags : 0;
195 bool use_vfork = ((flags & POSIX_SPAWN_USEVFORK) != 0) || (actions == nullptr && flags == 0);
196
197 pid_t pid = use_vfork ? vfork() : fork();
198 if (pid == -1) return errno;
199
200 if (pid == 0) {
201 // Child.
202 ApplyAttrs(flags, attr);
203 if (actions) (*actions)->Do();
204 if ((flags & POSIX_SPAWN_SETSIGMASK) == 0) ssb.reset();
205 exec_fn(path, argv, env ? env : environ);
206 _exit(127);
207 }
208
209 // Parent.
210 if (pid_ptr) *pid_ptr = pid;
211 return 0;
212 }
213
posix_spawn(pid_t * pid,const char * path,const posix_spawn_file_actions_t * actions,const posix_spawnattr_t * attr,char * const argv[],char * const env[])214 int posix_spawn(pid_t* pid, const char* path, const posix_spawn_file_actions_t* actions,
215 const posix_spawnattr_t* attr, char* const argv[], char* const env[]) {
216 return posix_spawn(pid, path, actions, attr, argv, env, execve);
217 }
218
posix_spawnp(pid_t * pid,const char * file,const posix_spawn_file_actions_t * actions,const posix_spawnattr_t * attr,char * const argv[],char * const env[])219 int posix_spawnp(pid_t* pid, const char* file, const posix_spawn_file_actions_t* actions,
220 const posix_spawnattr_t* attr, char* const argv[], char* const env[]) {
221 return posix_spawn(pid, file, actions, attr, argv, env, execvpe);
222 }
223
posix_spawnattr_init(posix_spawnattr_t * attr)224 int posix_spawnattr_init(posix_spawnattr_t* attr) {
225 *attr = reinterpret_cast<__posix_spawnattr*>(calloc(1, sizeof(__posix_spawnattr)));
226 return (*attr == nullptr) ? errno : 0;
227 }
228
posix_spawnattr_destroy(posix_spawnattr_t * attr)229 int posix_spawnattr_destroy(posix_spawnattr_t* attr) {
230 free(*attr);
231 *attr = nullptr;
232 return 0;
233 }
234
posix_spawnattr_setflags(posix_spawnattr_t * attr,short flags)235 int posix_spawnattr_setflags(posix_spawnattr_t* attr, short flags) {
236 if ((flags & ~(POSIX_SPAWN_RESETIDS | POSIX_SPAWN_SETPGROUP | POSIX_SPAWN_SETSIGDEF |
237 POSIX_SPAWN_SETSIGMASK | POSIX_SPAWN_SETSCHEDPARAM | POSIX_SPAWN_SETSCHEDULER |
238 POSIX_SPAWN_USEVFORK | POSIX_SPAWN_SETSID | POSIX_SPAWN_CLOEXEC_DEFAULT)) != 0) {
239 return EINVAL;
240 }
241 (*attr)->flags = flags;
242 return 0;
243 }
244
posix_spawnattr_getflags(const posix_spawnattr_t * attr,short * flags)245 int posix_spawnattr_getflags(const posix_spawnattr_t* attr, short* flags) {
246 *flags = (*attr)->flags;
247 return 0;
248 }
249
posix_spawnattr_setpgroup(posix_spawnattr_t * attr,pid_t pgroup)250 int posix_spawnattr_setpgroup(posix_spawnattr_t* attr, pid_t pgroup) {
251 (*attr)->pgroup = pgroup;
252 return 0;
253 }
254
posix_spawnattr_getpgroup(const posix_spawnattr_t * attr,pid_t * pgroup)255 int posix_spawnattr_getpgroup(const posix_spawnattr_t* attr, pid_t* pgroup) {
256 *pgroup = (*attr)->pgroup;
257 return 0;
258 }
259
posix_spawnattr_setsigmask(posix_spawnattr_t * attr,const sigset_t * mask)260 int posix_spawnattr_setsigmask(posix_spawnattr_t* attr, const sigset_t* mask) {
261 (*attr)->sigmask.sigset = *mask;
262 return 0;
263 }
264
posix_spawnattr_setsigmask64(posix_spawnattr_t * attr,const sigset64_t * mask)265 int posix_spawnattr_setsigmask64(posix_spawnattr_t* attr, const sigset64_t* mask) {
266 (*attr)->sigmask.sigset64 = *mask;
267 return 0;
268 }
269
posix_spawnattr_getsigmask(const posix_spawnattr_t * attr,sigset_t * mask)270 int posix_spawnattr_getsigmask(const posix_spawnattr_t* attr, sigset_t* mask) {
271 *mask = (*attr)->sigmask.sigset;
272 return 0;
273 }
274
posix_spawnattr_getsigmask64(const posix_spawnattr_t * attr,sigset64_t * mask)275 int posix_spawnattr_getsigmask64(const posix_spawnattr_t* attr, sigset64_t* mask) {
276 *mask = (*attr)->sigmask.sigset64;
277 return 0;
278 }
279
posix_spawnattr_setsigdefault(posix_spawnattr_t * attr,const sigset_t * mask)280 int posix_spawnattr_setsigdefault(posix_spawnattr_t* attr, const sigset_t* mask) {
281 (*attr)->sigdefault.sigset = *mask;
282 return 0;
283 }
284
posix_spawnattr_setsigdefault64(posix_spawnattr_t * attr,const sigset64_t * mask)285 int posix_spawnattr_setsigdefault64(posix_spawnattr_t* attr, const sigset64_t* mask) {
286 (*attr)->sigdefault.sigset64 = *mask;
287 return 0;
288 }
289
posix_spawnattr_getsigdefault(const posix_spawnattr_t * attr,sigset_t * mask)290 int posix_spawnattr_getsigdefault(const posix_spawnattr_t* attr, sigset_t* mask) {
291 *mask = (*attr)->sigdefault.sigset;
292 return 0;
293 }
294
posix_spawnattr_getsigdefault64(const posix_spawnattr_t * attr,sigset64_t * mask)295 int posix_spawnattr_getsigdefault64(const posix_spawnattr_t* attr, sigset64_t* mask) {
296 *mask = (*attr)->sigdefault.sigset64;
297 return 0;
298 }
299
posix_spawnattr_setschedparam(posix_spawnattr_t * attr,const struct sched_param * param)300 int posix_spawnattr_setschedparam(posix_spawnattr_t* attr, const struct sched_param* param) {
301 (*attr)->schedparam = *param;
302 return 0;
303 }
304
posix_spawnattr_getschedparam(const posix_spawnattr_t * attr,struct sched_param * param)305 int posix_spawnattr_getschedparam(const posix_spawnattr_t* attr, struct sched_param* param) {
306 *param = (*attr)->schedparam;
307 return 0;
308 }
309
posix_spawnattr_setschedpolicy(posix_spawnattr_t * attr,int policy)310 int posix_spawnattr_setschedpolicy(posix_spawnattr_t* attr, int policy) {
311 (*attr)->schedpolicy = policy;
312 return 0;
313 }
314
posix_spawnattr_getschedpolicy(const posix_spawnattr_t * attr,int * policy)315 int posix_spawnattr_getschedpolicy(const posix_spawnattr_t* attr, int* policy) {
316 *policy = (*attr)->schedpolicy;
317 return 0;
318 }
319
posix_spawn_file_actions_init(posix_spawn_file_actions_t * actions)320 int posix_spawn_file_actions_init(posix_spawn_file_actions_t* actions) {
321 *actions = reinterpret_cast<__posix_spawn_file_actions*>(calloc(1, sizeof(**actions)));
322 return (*actions == nullptr) ? errno : 0;
323 }
324
posix_spawn_file_actions_destroy(posix_spawn_file_actions_t * actions)325 int posix_spawn_file_actions_destroy(posix_spawn_file_actions_t* actions) {
326 __posix_spawn_file_action* a = (*actions)->head;
327 while (a) {
328 __posix_spawn_file_action* last = a;
329 a = a->next;
330 free(last->path);
331 free(last);
332 }
333 free(*actions);
334 *actions = nullptr;
335 return 0;
336 }
337
posix_spawn_add_file_action(posix_spawn_file_actions_t * actions,Action what,int fd,int new_fd,const char * path,int flags,mode_t mode)338 static int posix_spawn_add_file_action(posix_spawn_file_actions_t* actions,
339 Action what,
340 int fd,
341 int new_fd,
342 const char* path,
343 int flags,
344 mode_t mode) {
345 __posix_spawn_file_action* action =
346 reinterpret_cast<__posix_spawn_file_action*>(malloc(sizeof(*action)));
347 if (action == nullptr) return errno;
348
349 action->next = nullptr;
350 if (what == kOpen || what == kChdir) {
351 action->path = strdup(path);
352 if (action->path == nullptr) {
353 free(action);
354 return errno;
355 }
356 } else {
357 action->path = nullptr;
358 }
359 action->what = what;
360 action->fd = fd;
361 action->new_fd = new_fd;
362 action->flags = flags;
363 action->mode = mode;
364
365 if ((*actions)->head == nullptr) {
366 (*actions)->head = (*actions)->last = action;
367 } else {
368 (*actions)->last->next = action;
369 (*actions)->last = action;
370 }
371
372 return 0;
373 }
374
posix_spawn_file_actions_addopen(posix_spawn_file_actions_t * actions,int fd,const char * path,int flags,mode_t mode)375 int posix_spawn_file_actions_addopen(posix_spawn_file_actions_t* actions,
376 int fd, const char* path, int flags, mode_t mode) {
377 if (fd < 0) return EBADF;
378 return posix_spawn_add_file_action(actions, kOpen, -1, fd, path, flags, mode);
379 }
380
posix_spawn_file_actions_addclose(posix_spawn_file_actions_t * actions,int fd)381 int posix_spawn_file_actions_addclose(posix_spawn_file_actions_t* actions, int fd) {
382 if (fd < 0) return EBADF;
383 return posix_spawn_add_file_action(actions, kClose, fd, -1, nullptr, 0, 0);
384 }
385
posix_spawn_file_actions_adddup2(posix_spawn_file_actions_t * actions,int fd,int new_fd)386 int posix_spawn_file_actions_adddup2(posix_spawn_file_actions_t* actions, int fd, int new_fd) {
387 if (fd < 0 || new_fd < 0) return EBADF;
388 return posix_spawn_add_file_action(actions, kDup2, fd, new_fd, nullptr, 0, 0);
389 }
390
posix_spawn_file_actions_addchdir_np(posix_spawn_file_actions_t * actions,const char * path)391 int posix_spawn_file_actions_addchdir_np(posix_spawn_file_actions_t* actions, const char* path) {
392 return posix_spawn_add_file_action(actions, kChdir, -1, -1, path, 0, 0);
393 }
394
posix_spawn_file_actions_addfchdir_np(posix_spawn_file_actions_t * actions,int fd)395 int posix_spawn_file_actions_addfchdir_np(posix_spawn_file_actions_t* actions, int fd) {
396 if (fd < 0) return EBADF;
397 return posix_spawn_add_file_action(actions, kFchdir, fd, -1, nullptr, 0, 0);
398 }
399