Remove libcutils socket_peer_is_trusted dependency.
ART is the only caller of this code, and it's trivially rewritten to
just use NDK API.
Bug: N/A
Test: boots
Change-Id: I679a0f7e7ba48c6660c69629af180f04c4532c62
diff --git a/adbconnection/Android.bp b/adbconnection/Android.bp
index 95fc274..5f78278 100644
--- a/adbconnection/Android.bp
+++ b/adbconnection/Android.bp
@@ -30,11 +30,6 @@
"libbase",
],
target: {
- android: {
- shared_libs: [
- "libcutils",
- ],
- },
host: {
},
darwin: {
diff --git a/adbconnection/adbconnection.cc b/adbconnection/adbconnection.cc
index c716d92..1b907b7 100644
--- a/adbconnection/adbconnection.cc
+++ b/adbconnection/adbconnection.cc
@@ -23,6 +23,7 @@
#include "base/logging.h"
#include "base/macros.h"
#include "base/mutex.h"
+#include "base/socket_peer_is_trusted.h"
#include "jni/java_vm_ext.h"
#include "jni/jni_env_ext.h"
#include "mirror/throwable.h"
@@ -38,10 +39,6 @@
#include "poll.h"
-#ifdef ART_TARGET_ANDROID
-#include "cutils/sockets.h"
-#endif
-
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <sys/un.h>
@@ -514,11 +511,7 @@
// the debuggable flag set.
int ret = connect(sock, &control_addr_.controlAddrPlain, control_addr_len_);
if (ret == 0) {
- bool trusted = sock >= 0;
-#ifdef ART_TARGET_ANDROID
- // Needed for socket_peer_is_trusted.
- trusted = trusted && socket_peer_is_trusted(sock);
-#endif
+ bool trusted = sock >= 0 && art::SocketPeerIsTrusted(sock);
if (!trusted) {
LOG(ERROR) << "adb socket is not trusted. Aborting connection.";
if (sock >= 0 && shutdown(sock, SHUT_RDWR)) {
diff --git a/libartbase/Android.bp b/libartbase/Android.bp
index 19f1532..0c6b1a2 100644
--- a/libartbase/Android.bp
+++ b/libartbase/Android.bp
@@ -40,6 +40,7 @@
"base/safe_copy.cc",
"base/scoped_arena_allocator.cc",
"base/scoped_flock.cc",
+ "base/socket_peer_is_trusted.cc",
"base/time_utils.cc",
"base/unix_file/fd_file.cc",
"base/unix_file/random_access_file_utils.cc",
diff --git a/libartbase/base/socket_peer_is_trusted.cc b/libartbase/base/socket_peer_is_trusted.cc
new file mode 100644
index 0000000..440054e
--- /dev/null
+++ b/libartbase/base/socket_peer_is_trusted.cc
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "socket_peer_is_trusted.h"
+
+#include <pwd.h>
+#include <sys/socket.h>
+
+#include <android-base/logging.h>
+
+namespace art {
+
+// Returns true if the user on the other end of the socket is root or shell.
+#ifdef ART_TARGET_ANDROID
+bool SocketPeerIsTrusted(int fd) {
+ ucred cr;
+ socklen_t cr_length = sizeof(cr);
+ if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &cr, &cr_length) != 0) {
+ PLOG(ERROR) << "couldn't get socket credentials";
+ return false;
+ }
+
+ passwd* shell = getpwnam("shell");
+ if (cr.uid != 0 && cr.uid != shell->pw_uid) {
+ LOG(ERROR) << "untrusted uid " << cr.uid << " on other end of socket";
+ return false;
+ }
+
+ return true;
+}
+#else
+bool SocketPeerIsTrusted(int /* fd */) {
+ return true;
+}
+#endif
+
+} // namespace art
diff --git a/libartbase/base/socket_peer_is_trusted.h b/libartbase/base/socket_peer_is_trusted.h
new file mode 100644
index 0000000..4bbadd4
--- /dev/null
+++ b/libartbase/base/socket_peer_is_trusted.h
@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef ART_LIBARTBASE_BASE_SOCKET_PEER_IS_TRUSTED_H_
+#define ART_LIBARTBASE_BASE_SOCKET_PEER_IS_TRUSTED_H_
+
+namespace art {
+
+// Returns true if the user on the other end of the socket is root or shell.
+bool SocketPeerIsTrusted(int fd);
+
+} // namespace art
+
+#endif // ART_LIBARTBASE_BASE_SOCKET_PEER_IS_TRUSTED_H_
diff --git a/runtime/Android.bp b/runtime/Android.bp
index 33ad987..46ab78d 100644
--- a/runtime/Android.bp
+++ b/runtime/Android.bp
@@ -388,7 +388,7 @@
"libbacktrace",
"liblz4",
"liblog",
- // For atrace, properties, ashmem, set_sched_policy and socket_peer_is_trusted.
+ // For atrace, properties, ashmem, set_sched_policy.
"libcutils",
// For common macros.
"libbase",
diff --git a/runtime/jdwp/jdwp_adb.cc b/runtime/jdwp/jdwp_adb.cc
index 9245f1e..d64f11f 100644
--- a/runtime/jdwp/jdwp_adb.cc
+++ b/runtime/jdwp/jdwp_adb.cc
@@ -23,13 +23,10 @@
#include "android-base/stringprintf.h"
#include "base/logging.h" // For VLOG.
+#include "base/socket_peer_is_trusted.h"
#include "jdwp/jdwp_priv.h"
#include "thread-current-inl.h"
-#ifdef ART_TARGET_ANDROID
-#include "cutils/sockets.h"
-#endif
-
/*
* The JDWP <-> ADB transport protocol is explained in detail
* in system/core/adb/jdwp_service.c. Here's a summary.
@@ -265,7 +262,7 @@
if (!ret) {
int control_sock = ControlSock();
#ifdef ART_TARGET_ANDROID
- if (control_sock < 0 || !socket_peer_is_trusted(control_sock)) {
+ if (control_sock < 0 || !art::SocketPeerIsTrusted(control_sock)) {
if (control_sock >= 0 && shutdown(control_sock, SHUT_RDWR)) {
PLOG(ERROR) << "trouble shutting down socket";
}