• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2012-2014 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include <errno.h>
18 #include <stdio.h>
19 #include <stdlib.h>
20 #include <string.h>
21 
22 #include <private/android_filesystem_config.h>
23 
24 #include "LogCommand.h"
25 #include "LogUtils.h"
26 
LogCommand(const char * cmd)27 LogCommand::LogCommand(const char *cmd) : FrameworkCommand(cmd) {
28 }
29 
30 // gets a list of supplementary group IDs associated with
31 // the socket peer.  This is implemented by opening
32 // /proc/PID/status and look for the "Group:" line.
33 //
34 // This function introduces races especially since status
35 // can change 'shape' while reading, the net result is err
36 // on lack of permission.
37 //
38 // Race-free alternative is to introduce pairs of sockets
39 // and threads for each command and reading, one each that
40 // has open permissions, and one that has restricted
41 // permissions.
42 
groupIsLog(char * buf)43 static bool groupIsLog(char *buf) {
44     char *ptr;
45     static const char ws[] = " \n";
46 
47     for (buf = strtok_r(buf, ws, &ptr); buf; buf = strtok_r(NULL, ws, &ptr)) {
48         errno = 0;
49         gid_t Gid = strtol(buf, NULL, 10);
50         if (errno != 0) {
51             return false;
52         }
53         if (Gid == AID_LOG) {
54             return true;
55         }
56     }
57     return false;
58 }
59 
clientHasLogCredentials(uid_t uid,gid_t gid,pid_t pid)60 bool clientHasLogCredentials(uid_t uid, gid_t gid, pid_t pid) {
61     if ((uid == AID_ROOT) || (uid == AID_SYSTEM) || (uid == AID_LOG)) {
62         return true;
63     }
64 
65     if ((gid == AID_ROOT) || (gid == AID_SYSTEM) || (gid == AID_LOG)) {
66         return true;
67     }
68 
69     // FYI We will typically be here for 'adb logcat'
70     char filename[256];
71     snprintf(filename, sizeof(filename), "/proc/%u/status", pid);
72 
73     bool ret;
74     bool foundLog = false;
75     bool foundGid = false;
76     bool foundUid = false;
77 
78     //
79     // Reading /proc/<pid>/status is rife with race conditions. All of /proc
80     // suffers from this and its use should be minimized. However, we have no
81     // choice.
82     //
83     // Notably the content from one 4KB page to the next 4KB page can be from a
84     // change in shape even if we are gracious enough to attempt to read
85     // atomically. getline can not even guarantee a page read is not split up
86     // and in effect can read from different vintages of the content.
87     //
88     // We are finding out in the field that a 'logcat -c' via adb occasionally
89     // is returned with permission denied when we did only one pass and thus
90     // breaking scripts. For security we still err on denying access if in
91     // doubt, but we expect the falses  should be reduced significantly as
92     // three times is a charm.
93     //
94     for (int retry = 3;
95             !(ret = foundGid && foundUid && foundLog) && retry;
96             --retry) {
97         FILE *file = fopen(filename, "r");
98         if (!file) {
99             continue;
100         }
101 
102         char *line = NULL;
103         size_t len = 0;
104         while (getline(&line, &len, file) > 0) {
105             static const char groups_string[] = "Groups:\t";
106             static const char uid_string[] = "Uid:\t";
107             static const char gid_string[] = "Gid:\t";
108 
109             if (strncmp(groups_string, line, sizeof(groups_string) - 1) == 0) {
110                 if (groupIsLog(line + sizeof(groups_string) - 1)) {
111                     foundLog = true;
112                 }
113             } else if (strncmp(uid_string, line, sizeof(uid_string) - 1) == 0) {
114                 uid_t u[4] = { (uid_t) -1, (uid_t) -1, (uid_t) -1, (uid_t) -1};
115 
116                 sscanf(line + sizeof(uid_string) - 1, "%u\t%u\t%u\t%u",
117                        &u[0], &u[1], &u[2], &u[3]);
118 
119                 // Protect against PID reuse by checking that UID is the same
120                 if ((uid == u[0])
121                         && (uid == u[1])
122                         && (uid == u[2])
123                         && (uid == u[3])) {
124                     foundUid = true;
125                 }
126             } else if (strncmp(gid_string, line, sizeof(gid_string) - 1) == 0) {
127                 gid_t g[4] = { (gid_t) -1, (gid_t) -1, (gid_t) -1, (gid_t) -1};
128 
129                 sscanf(line + sizeof(gid_string) - 1, "%u\t%u\t%u\t%u",
130                        &g[0], &g[1], &g[2], &g[3]);
131 
132                 // Protect against PID reuse by checking that GID is the same
133                 if ((gid == g[0])
134                         && (gid == g[1])
135                         && (gid == g[2])
136                         && (gid == g[3])) {
137                     foundGid = true;
138                 }
139             }
140         }
141         free(line);
142         fclose(file);
143     }
144 
145     return ret;
146 }
147 
clientHasLogCredentials(SocketClient * cli)148 bool clientHasLogCredentials(SocketClient *cli) {
149     return clientHasLogCredentials(cli->getUid(), cli->getGid(), cli->getPid());
150 }
151