blob: 8365379f970c4df68844c09dbde4de08ee41ba59 [file] [log] [blame]
The Android Open Source Projecte16cb842009-03-03 19:32:58 -08001/*
2**
3** Copyright 2008, The Android Open Source Project
4**
5** Licensed under the Apache License, Version 2.0 (the "License");
6** you may not use this file except in compliance with the License.
7** You may obtain a copy of the License at
8**
9** http://www.apache.org/licenses/LICENSE-2.0
10**
11** Unless required by applicable law or agreed to in writing, software
12** distributed under the License is distributed on an "AS IS" BASIS,
13** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14** See the License for the specific language governing permissions and
15** limitations under the License.
16*/
17
The Android Open Source Project26aaac42009-03-18 17:39:49 -070018#define LOG_TAG "su"
19
The Android Open Source Projecte16cb842009-03-03 19:32:58 -080020#include <stdio.h>
21#include <stdlib.h>
22#include <string.h>
23#include <sys/types.h>
24#include <dirent.h>
25#include <errno.h>
26
27#include <unistd.h>
28#include <time.h>
29
30#include <pwd.h>
31
The Android Open Source Project26aaac42009-03-18 17:39:49 -070032#include <private/android_filesystem_config.h>
33
JP Abgralld198c422013-01-10 17:04:42 -080034
35void pwtoid(const char *tok, uid_t *uid, gid_t *gid)
36{
37 struct passwd *pw;
38 pw = getpwnam(tok);
39 if (pw) {
40 if (uid) *uid = pw->pw_uid;
41 if (gid) *gid = pw->pw_gid;
42 } else {
43 uid_t tmpid = atoi(tok);
44 if (uid) *uid = tmpid;
45 if (gid) *gid = tmpid;
46 }
47}
48
49void extract_uidgids(const char *uidgids, uid_t *uid, gid_t *gid, gid_t *gids,
50 int *gids_count)
51{
52 char *clobberablegids;
53 char *nexttok;
54 char *tok;
55 int gids_found;
56
57 if (!uidgids || !*uidgids) {
58 *gid = *uid = 0;
59 *gids_count = 0;
60 return;
61 }
62 clobberablegids = strdup(uidgids);
63 strcpy(clobberablegids, uidgids);
64 nexttok = clobberablegids;
65 tok = strsep(&nexttok, ",");
66 pwtoid(tok, uid, gid);
67 tok = strsep(&nexttok, ",");
68 if (!tok) {
69 /* gid is already set above */
70 *gids_count = 0;
71 free(clobberablegids);
72 return;
73 }
74 pwtoid(tok, NULL, gid);
75 gids_found = 0;
76 while ((gids_found < *gids_count) && (tok = strsep(&nexttok, ","))) {
77 pwtoid(tok, NULL, gids);
78 gids_found++;
79 gids++;
80 }
81 if (nexttok && gids_found == *gids_count) {
82 fprintf(stderr, "too many group ids\n");
83 }
84 *gids_count = gids_found;
85 free(clobberablegids);
86}
87
The Android Open Source Projecte16cb842009-03-03 19:32:58 -080088/*
89 * SU can be given a specific command to exec. UID _must_ be
90 * specified for this (ie argc => 3).
91 *
92 * Usage:
JP Abgralld198c422013-01-10 17:04:42 -080093 * su 1000
94 * su 1000 ls -l
95 * or
96 * su [uid[,gid[,group1]...] [cmd]]
97 * E.g.
98 * su 1000,shell,net_bw_acct,net_bw_stats id
99 * will return
100 * uid=1000(system) gid=2000(shell) groups=3006(net_bw_stats),3007(net_bw_acct)
The Android Open Source Projecte16cb842009-03-03 19:32:58 -0800101 */
102int main(int argc, char **argv)
103{
104 struct passwd *pw;
JP Abgralld198c422013-01-10 17:04:42 -0800105 uid_t uid, myuid;
106 gid_t gid, gids[10];
The Android Open Source Projecte16cb842009-03-03 19:32:58 -0800107
Nick Kralevich17928c82012-04-02 13:29:35 -0700108 /* Until we have something better, only root and the shell can use su. */
109 myuid = getuid();
110 if (myuid != AID_ROOT && myuid != AID_SHELL) {
111 fprintf(stderr,"su: uid %d not allowed to su\n", myuid);
112 return 1;
113 }
114
The Android Open Source Projecte16cb842009-03-03 19:32:58 -0800115 if(argc < 2) {
116 uid = gid = 0;
117 } else {
JP Abgralld198c422013-01-10 17:04:42 -0800118 int gids_count = sizeof(gids)/sizeof(gids[0]);
119 extract_uidgids(argv[1], &uid, &gid, gids, &gids_count);
120 if(gids_count) {
121 if(setgroups(gids_count, gids)) {
122 fprintf(stderr, "su: failed to set groups\n");
123 return 1;
124 }
The Android Open Source Projecte16cb842009-03-03 19:32:58 -0800125 }
126 }
127
The Android Open Source Projecte16cb842009-03-03 19:32:58 -0800128 if(setgid(gid) || setuid(uid)) {
129 fprintf(stderr,"su: permission denied\n");
130 return 1;
131 }
132
133 /* User specified command for exec. */
134 if (argc == 3 ) {
135 if (execlp(argv[2], argv[2], NULL) < 0) {
JP Abgralld198c422013-01-10 17:04:42 -0800136 int saved_errno = errno;
The Android Open Source Projecte16cb842009-03-03 19:32:58 -0800137 fprintf(stderr, "su: exec failed for %s Error:%s\n", argv[2],
138 strerror(errno));
JP Abgralld198c422013-01-10 17:04:42 -0800139 return -saved_errno;
The Android Open Source Projecte16cb842009-03-03 19:32:58 -0800140 }
141 } else if (argc > 3) {
142 /* Copy the rest of the args from main. */
143 char *exec_args[argc - 1];
144 memset(exec_args, 0, sizeof(exec_args));
145 memcpy(exec_args, &argv[2], sizeof(exec_args));
146 if (execvp(argv[2], exec_args) < 0) {
JP Abgralld198c422013-01-10 17:04:42 -0800147 int saved_errno = errno;
The Android Open Source Projecte16cb842009-03-03 19:32:58 -0800148 fprintf(stderr, "su: exec failed for %s Error:%s\n", argv[2],
149 strerror(errno));
JP Abgralld198c422013-01-10 17:04:42 -0800150 return -saved_errno;
The Android Open Source Projecte16cb842009-03-03 19:32:58 -0800151 }
152 }
153
154 /* Default exec shell. */
155 execlp("/system/bin/sh", "sh", NULL);
156
157 fprintf(stderr, "su: exec failed\n");
158 return 1;
159}