run-as: Use Minijail for privilege dropping. Arguably, we don't need a ScopedMinijail for a program that only execs, but I'd rather keep the code consistent and have all uses of Minijail be good examples. Bug: 30156807 Change-Id: I08a968835e0f3e2afcd5e7736626edbed658cde2

commit: a377ff0d4a1286b4e53b42f8a3a6731f42661a34 [log] [tgz]
author: Jorge Lucangeli Obes <jorgelo@google.com> Fri Jul 15 11:24:20 2016 -0400
committer: Jorge Lucangeli Obes <jorgelo@google.com> Tue Jul 19 11:03:52 2016 -0400
tree: 13526fc3a234092f1d597003e0e1e44b240f6297
parent: ddbcecec3a28b0916c1f7f098c3e6995d46687de [diff] [blame]
diff --git a/run-as/run-as.cpp b/run-as/run-as.cpp
index 50b47b9..aec51f4 100644
--- a/run-as/run-as.cpp
+++ b/run-as/run-as.cpp

@@ -25,6 +25,9 @@
 #include <sys/types.h>
 #include <unistd.h>
 
+#include <libminijail.h>
+#include <scoped_minijail.h>
+
 #include <packagelistparser/packagelistparser.h>
 #include <private/android_filesystem_config.h>
 #include <selinux/android.h>
@@ -136,19 +139,6 @@
     error(1, 0, "only 'shell' or 'root' users can run this program");
   }
 
-  __user_cap_header_struct capheader;
-  __user_cap_data_struct capdata[2];
-  memset(&capheader, 0, sizeof(capheader));
-  memset(&capdata, 0, sizeof(capdata));
-  capheader.version = _LINUX_CAPABILITY_VERSION_3;
-  capdata[CAP_TO_INDEX(CAP_SETUID)].effective |= CAP_TO_MASK(CAP_SETUID);
-  capdata[CAP_TO_INDEX(CAP_SETGID)].effective |= CAP_TO_MASK(CAP_SETGID);
-  capdata[CAP_TO_INDEX(CAP_SETUID)].permitted |= CAP_TO_MASK(CAP_SETUID);
-  capdata[CAP_TO_INDEX(CAP_SETGID)].permitted |= CAP_TO_MASK(CAP_SETGID);
-  if (capset(&capheader, &capdata[0]) == -1) {
-    error(1, errno, "couldn't set capabilities");
-  }
-
   char* pkgname = argv[1];
   int cmd_argv_offset = 2;
 
@@ -201,18 +191,10 @@
   // same time to avoid nasty surprises.
   uid_t uid = userAppId;
   uid_t gid = userAppId;
-  if (setresgid(gid, gid, gid) == -1) {
-    error(1, errno, "setresgid failed");
-  }
-  if (setresuid(uid, uid, uid) == -1) {
-    error(1, errno, "setresuid failed");
-  }
-
-  // Required if caller has uid and gid all non-zero.
-  memset(&capdata, 0, sizeof(capdata));
-  if (capset(&capheader, &capdata[0]) == -1) {
-    error(1, errno, "couldn't clear all capabilities");
-  }
+  ScopedMinijail j(minijail_new());
+  minijail_change_uid(j.get(), uid);
+  minijail_change_gid(j.get(), gid);
+  minijail_enter(j.get());
 
   if (selinux_android_setcontext(uid, 0, info.seinfo, pkgname) < 0) {
     error(1, errno, "couldn't set SELinux security context");
commit	a377ff0d4a1286b4e53b42f8a3a6731f42661a34	[log] [tgz]
author	Jorge Lucangeli Obes <jorgelo@google.com>	Fri Jul 15 11:24:20 2016 -0400
committer	Jorge Lucangeli Obes <jorgelo@google.com>	Tue Jul 19 11:03:52 2016 -0400
tree	13526fc3a234092f1d597003e0e1e44b240f6297
parent	ddbcecec3a28b0916c1f7f098c3e6995d46687de [diff] [blame]