1 /*
2 * Copyright (C) 2019 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "Access.h"
18
19 #include <android-base/logging.h>
20 #include <binder/IPCThreadState.h>
21 #include <log/log_safetynet.h>
22 #include <selinux/android.h>
23 #include <selinux/avc.h>
24
25 #include <sstream>
26
27 namespace android {
28
29 #ifdef VENDORSERVICEMANAGER
30 constexpr bool kIsVendor = true;
31 #else
32 constexpr bool kIsVendor = false;
33 #endif
34
35 #ifdef __ANDROID__
getPidcon(pid_t pid)36 static std::string getPidcon(pid_t pid) {
37 android_errorWriteLog(0x534e4554, "121035042");
38
39 char* lookup = nullptr;
40 if (getpidcon(pid, &lookup) < 0) {
41 LOG(ERROR) << "SELinux: getpidcon(pid=" << pid << ") failed to retrieve pid context";
42 return "";
43 }
44 std::string result = lookup;
45 freecon(lookup);
46 return result;
47 }
48
getSehandle()49 static struct selabel_handle* getSehandle() {
50 static struct selabel_handle* gSehandle = nullptr;
51 if (gSehandle != nullptr && selinux_status_updated()) {
52 selabel_close(gSehandle);
53 gSehandle = nullptr;
54 }
55
56 if (gSehandle == nullptr) {
57 gSehandle = kIsVendor
58 ? selinux_android_vendor_service_context_handle()
59 : selinux_android_service_context_handle();
60 }
61
62 CHECK(gSehandle != nullptr);
63 return gSehandle;
64 }
65
66 struct AuditCallbackData {
67 const Access::CallingContext* context;
68 const std::string* tname;
69 };
70
auditCallback(void * data,security_class_t,char * buf,size_t len)71 static int auditCallback(void *data, security_class_t /*cls*/, char *buf, size_t len) {
72 const AuditCallbackData* ad = reinterpret_cast<AuditCallbackData*>(data);
73
74 if (!ad) {
75 LOG(ERROR) << "No service manager audit data";
76 return 0;
77 }
78
79 snprintf(buf, len, "pid=%d uid=%d name=%s", ad->context->debugPid, ad->context->uid,
80 ad->tname->c_str());
81 return 0;
82 }
83 #endif
84
toDebugString() const85 std::string Access::CallingContext::toDebugString() const {
86 std::stringstream ss;
87 ss << "Caller(pid=" << debugPid << ",uid=" << uid << ",sid=" << sid << ")";
88 return ss.str();
89 }
90
Access()91 Access::Access() {
92 #ifdef __ANDROID__
93 union selinux_callback cb;
94
95 cb.func_audit = auditCallback;
96 selinux_set_callback(SELINUX_CB_AUDIT, cb);
97
98 cb.func_log = kIsVendor ? selinux_vendor_log_callback : selinux_log_callback;
99 selinux_set_callback(SELINUX_CB_LOG, cb);
100
101 CHECK(selinux_status_open(true /*fallback*/) >= 0);
102
103 CHECK(getcon(&mThisProcessContext) == 0);
104 #endif
105 }
106
~Access()107 Access::~Access() {
108 freecon(mThisProcessContext);
109 }
110
getCallingContext()111 Access::CallingContext Access::getCallingContext() {
112 #ifdef __ANDROID__
113 IPCThreadState* ipc = IPCThreadState::self();
114
115 const char* callingSid = ipc->getCallingSid();
116 pid_t callingPid = ipc->getCallingPid();
117
118 return CallingContext {
119 .debugPid = callingPid,
120 .uid = ipc->getCallingUid(),
121 .sid = callingSid ? std::string(callingSid) : getPidcon(callingPid),
122 };
123 #else
124 return CallingContext();
125 #endif
126 }
127
canFind(const CallingContext & ctx,const std::string & name)128 bool Access::canFind(const CallingContext& ctx,const std::string& name) {
129 return actionAllowedFromLookup(ctx, name, "find");
130 }
131
canAdd(const CallingContext & ctx,const std::string & name)132 bool Access::canAdd(const CallingContext& ctx, const std::string& name) {
133 return actionAllowedFromLookup(ctx, name, "add");
134 }
135
canList(const CallingContext & ctx)136 bool Access::canList(const CallingContext& ctx) {
137 return actionAllowed(ctx, mThisProcessContext, "list", "service_manager");
138 }
139
actionAllowed(const CallingContext & sctx,const char * tctx,const char * perm,const std::string & tname)140 bool Access::actionAllowed(const CallingContext& sctx, const char* tctx, const char* perm,
141 const std::string& tname) {
142 #ifdef __ANDROID__
143 const char* tclass = "service_manager";
144
145 AuditCallbackData data = {
146 .context = &sctx,
147 .tname = &tname,
148 };
149
150 return 0 == selinux_check_access(sctx.sid.c_str(), tctx, tclass, perm,
151 reinterpret_cast<void*>(&data));
152 #else
153 (void)sctx;
154 (void)tctx;
155 (void)perm;
156 (void)tname;
157
158 return true;
159 #endif
160 }
161
actionAllowedFromLookup(const CallingContext & sctx,const std::string & name,const char * perm)162 bool Access::actionAllowedFromLookup(const CallingContext& sctx, const std::string& name, const char *perm) {
163 #ifdef __ANDROID__
164 char *tctx = nullptr;
165 if (selabel_lookup(getSehandle(), &tctx, name.c_str(), SELABEL_CTX_ANDROID_SERVICE) != 0) {
166 LOG(ERROR) << "SELinux: No match for " << name << " in service_contexts.\n";
167 return false;
168 }
169
170 bool allowed = actionAllowed(sctx, tctx, perm, name);
171 freecon(tctx);
172 return allowed;
173 #else
174 (void)sctx;
175 (void)name;
176 (void)perm;
177 (void)kIsVendor;
178
179 return true;
180 #endif
181 }
182
183 } // android
184