commit f1061854e83a35ce658e11db7f6cedb8a2be473e
author Mark Salyzyn <salyzyn@google.com> Tue Jan 26 23:17:35 2016 +0000
committer android-build-merger <android-build-merger@google.com> Tue Jan 26 23:17:35 2016 +0000
tree 40269762549fdbfd911104778dfee80dae31e3ad
parent 0ce22ab2bfff19f518a221216bb443f5044be0f4
parent dccb52c421e15e0104d4aec6ae92387ca93682da

Merge "liblog: check getgroups for AID_LOG for AID_LOG_SECURITY" am: 7f136a7eca
am: dccb52c421

* commit 'dccb52c421e15e0104d4aec6ae92387ca93682da':
  liblog: check getgroups for AID_LOG for AID_LOG_SECURITY

liblog/logd_write.c

diff --git a/liblog/logd_write.c b/liblog/logd_write.c
index 55b965b..4946073 100644
--- a/liblog/logd_write.c
+++ b/liblog/logd_write.c
@@ -204,14 +204,36 @@
         if (vec[0].iov_len < 4) {
             return -EINVAL;
         }
-        if ((last_uid != AID_SYSTEM) && (last_uid != AID_ROOT)) {
+        /* Matches clientHasLogCredentials() in logd */
+        if ((last_uid != AID_SYSTEM) && (last_uid != AID_ROOT) && (last_uid != AID_LOG)) {
             uid_t uid = geteuid();
-            if ((uid != AID_SYSTEM) && (uid != AID_ROOT)) {
+            if ((uid != AID_SYSTEM) && (uid != AID_ROOT) && (uid != AID_LOG)) {
                 gid_t gid = getgid();
-                if ((gid != AID_SYSTEM) && (gid != AID_ROOT)) {
+                if ((gid != AID_SYSTEM) && (gid != AID_ROOT) && (gid != AID_LOG)) {
                     gid = getegid();
-                    if ((gid != AID_SYSTEM) && (gid != AID_ROOT)) {
-                        return -EPERM;
+                    if ((gid != AID_SYSTEM) && (gid != AID_ROOT) && (gid != AID_LOG)) {
+                        int num_groups;
+                        gid_t *groups;
+
+                        num_groups = getgroups(0, NULL);
+                        if (num_groups <= 0) {
+                            return -EPERM;
+                        }
+                        groups = calloc(num_groups, sizeof(gid_t));
+                        if (!groups) {
+                            return -ENOMEM;
+                        }
+                        num_groups = getgroups(num_groups, groups);
+                        while (num_groups > 0) {
+                            if (groups[num_groups - 1] == AID_LOG) {
+                                break;
+                            }
+                            --num_groups;
+                        }
+                        free(groups);
+                        if (num_groups <= 0) {
+                            return -EPERM;
+                        }
                     }
                 }
             }