blob: 6d7c0a5dcd50e1b89b1916a8b685d57ee7f7aa20 [file] [log] [blame]
Mark Salyzyn0175b072014-02-26 09:50:16 -08001/*
Mark Salyzyn1114f182014-02-21 13:54:07 -08002 * Copyright (C) 2012-2014 The Android Open Source Project
Mark Salyzyn0175b072014-02-26 09:50:16 -08003 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Mark Salyzyn1114f182014-02-21 13:54:07 -080017#include <errno.h>
18#include <stdio.h>
19#include <stdlib.h>
Mark Salyzyn801bcec2015-04-01 09:10:04 -070020#include <string.h>
Mark Salyzyn1114f182014-02-21 13:54:07 -080021
22#include <private/android_filesystem_config.h>
23
Mark Salyzyn0175b072014-02-26 09:50:16 -080024#include "LogCommand.h"
Mark Salyzyn083b0372015-12-04 10:59:45 -080025#include "LogUtils.h"
Mark Salyzyn0175b072014-02-26 09:50:16 -080026
Mark Salyzyn501c3732017-03-10 14:31:54 -080027LogCommand::LogCommand(const char* cmd) : FrameworkCommand(cmd) {
Mark Salyzyn0175b072014-02-26 09:50:16 -080028}
Mark Salyzyn1114f182014-02-21 13:54:07 -080029
30// gets a list of supplementary group IDs associated with
31// the socket peer. This is implemented by opening
32// /proc/PID/status and look for the "Group:" line.
33//
34// This function introduces races especially since status
35// can change 'shape' while reading, the net result is err
36// on lack of permission.
37//
38// Race-free alternative is to introduce pairs of sockets
39// and threads for each command and reading, one each that
40// has open permissions, and one that has restricted
41// permissions.
42
Mark Salyzyn501c3732017-03-10 14:31:54 -080043static bool groupIsLog(char* buf) {
44 char* ptr;
Mark Salyzyn1114f182014-02-21 13:54:07 -080045 static const char ws[] = " \n";
Mark Salyzyn1114f182014-02-21 13:54:07 -080046
47 for (buf = strtok_r(buf, ws, &ptr); buf; buf = strtok_r(NULL, ws, &ptr)) {
48 errno = 0;
49 gid_t Gid = strtol(buf, NULL, 10);
50 if (errno != 0) {
51 return false;
52 }
53 if (Gid == AID_LOG) {
Mark Salyzyn86eb38f2015-09-01 08:40:39 -070054 return true;
Mark Salyzyn1114f182014-02-21 13:54:07 -080055 }
56 }
Mark Salyzyn86eb38f2015-09-01 08:40:39 -070057 return false;
Mark Salyzyn1114f182014-02-21 13:54:07 -080058}
59
Mark Salyzyn083b0372015-12-04 10:59:45 -080060bool clientHasLogCredentials(uid_t uid, gid_t gid, pid_t pid) {
61 if ((uid == AID_ROOT) || (uid == AID_SYSTEM) || (uid == AID_LOG)) {
Mark Salyzyn1114f182014-02-21 13:54:07 -080062 return true;
63 }
64
Mark Salyzyn57a0af92014-05-09 17:44:18 -070065 if ((gid == AID_ROOT) || (gid == AID_SYSTEM) || (gid == AID_LOG)) {
Mark Salyzyn1114f182014-02-21 13:54:07 -080066 return true;
67 }
68
69 // FYI We will typically be here for 'adb logcat'
Mark Salyzyn86eb38f2015-09-01 08:40:39 -070070 char filename[256];
Mark Salyzyn083b0372015-12-04 10:59:45 -080071 snprintf(filename, sizeof(filename), "/proc/%u/status", pid);
Mark Salyzyn1114f182014-02-21 13:54:07 -080072
Mark Salyzyn86eb38f2015-09-01 08:40:39 -070073 bool ret;
74 bool foundLog = false;
Mark Salyzyn1114f182014-02-21 13:54:07 -080075 bool foundGid = false;
76 bool foundUid = false;
77
Mark Salyzyn86eb38f2015-09-01 08:40:39 -070078 //
79 // Reading /proc/<pid>/status is rife with race conditions. All of /proc
80 // suffers from this and its use should be minimized. However, we have no
81 // choice.
82 //
83 // Notably the content from one 4KB page to the next 4KB page can be from a
84 // change in shape even if we are gracious enough to attempt to read
85 // atomically. getline can not even guarantee a page read is not split up
86 // and in effect can read from different vintages of the content.
87 //
88 // We are finding out in the field that a 'logcat -c' via adb occasionally
89 // is returned with permission denied when we did only one pass and thus
90 // breaking scripts. For security we still err on denying access if in
91 // doubt, but we expect the falses should be reduced significantly as
92 // three times is a charm.
93 //
Mark Salyzyn501c3732017-03-10 14:31:54 -080094 for (int retry = 3; !(ret = foundGid && foundUid && foundLog) && retry;
95 --retry) {
96 FILE* file = fopen(filename, "r");
Mark Salyzyn86eb38f2015-09-01 08:40:39 -070097 if (!file) {
98 continue;
Mark Salyzyn1114f182014-02-21 13:54:07 -080099 }
Mark Salyzyn1114f182014-02-21 13:54:07 -0800100
Mark Salyzyn501c3732017-03-10 14:31:54 -0800101 char* line = NULL;
Mark Salyzyn86eb38f2015-09-01 08:40:39 -0700102 size_t len = 0;
103 while (getline(&line, &len, file) > 0) {
104 static const char groups_string[] = "Groups:\t";
105 static const char uid_string[] = "Uid:\t";
106 static const char gid_string[] = "Gid:\t";
Mark Salyzyn1114f182014-02-21 13:54:07 -0800107
Mark Salyzyn86eb38f2015-09-01 08:40:39 -0700108 if (strncmp(groups_string, line, sizeof(groups_string) - 1) == 0) {
109 if (groupIsLog(line + sizeof(groups_string) - 1)) {
110 foundLog = true;
111 }
112 } else if (strncmp(uid_string, line, sizeof(uid_string) - 1) == 0) {
Mark Salyzyn501c3732017-03-10 14:31:54 -0800113 uid_t u[4] = { (uid_t)-1, (uid_t)-1, (uid_t)-1, (uid_t)-1 };
Mark Salyzyn86eb38f2015-09-01 08:40:39 -0700114
Mark Salyzyn501c3732017-03-10 14:31:54 -0800115 sscanf(line + sizeof(uid_string) - 1, "%u\t%u\t%u\t%u", &u[0],
116 &u[1], &u[2], &u[3]);
Mark Salyzyn86eb38f2015-09-01 08:40:39 -0700117
118 // Protect against PID reuse by checking that UID is the same
Mark Salyzyn501c3732017-03-10 14:31:54 -0800119 if ((uid == u[0]) && (uid == u[1]) && (uid == u[2]) &&
120 (uid == u[3])) {
Mark Salyzyn86eb38f2015-09-01 08:40:39 -0700121 foundUid = true;
122 }
123 } else if (strncmp(gid_string, line, sizeof(gid_string) - 1) == 0) {
Mark Salyzyn501c3732017-03-10 14:31:54 -0800124 gid_t g[4] = { (gid_t)-1, (gid_t)-1, (gid_t)-1, (gid_t)-1 };
Mark Salyzyn86eb38f2015-09-01 08:40:39 -0700125
Mark Salyzyn501c3732017-03-10 14:31:54 -0800126 sscanf(line + sizeof(gid_string) - 1, "%u\t%u\t%u\t%u", &g[0],
127 &g[1], &g[2], &g[3]);
Mark Salyzyn86eb38f2015-09-01 08:40:39 -0700128
129 // Protect against PID reuse by checking that GID is the same
Mark Salyzyn501c3732017-03-10 14:31:54 -0800130 if ((gid == g[0]) && (gid == g[1]) && (gid == g[2]) &&
131 (gid == g[3])) {
Mark Salyzyn86eb38f2015-09-01 08:40:39 -0700132 foundGid = true;
133 }
134 }
135 }
136 free(line);
137 fclose(file);
Mark Salyzyn1114f182014-02-21 13:54:07 -0800138 }
139
140 return ret;
141}
Mark Salyzyn083b0372015-12-04 10:59:45 -0800142
Mark Salyzyn501c3732017-03-10 14:31:54 -0800143bool clientHasLogCredentials(SocketClient* cli) {
Mark Salyzyn083b0372015-12-04 10:59:45 -0800144 return clientHasLogCredentials(cli->getUid(), cli->getGid(), cli->getPid());
145}