Gitiles
Code Review Sign In
gerrit-public.fairphone.software / vendor / lineage / su / refs/heads/rel/10/fp2/22.12.0-rel / . / su.c
blob: 8e3726ae9a23fb109d153d248020e9401a69e5b5 [file] [log] [blame]
/*
** Copyright 2010, Adam Shanks (@ChainsDD)
** Copyright 2008, Zinx Verituse (@zinxv)
** Copyright 2017-2018, The LineageOS Project
**
** Licensed under the Apache License, Version 2.0 (the "License");
** you may not use this file except in compliance with the License.
** You may obtain a copy of the License at
**
** http://www.apache.org/licenses/LICENSE-2.0
**
** Unless required by applicable law or agreed to in writing, software
** distributed under the License is distributed on an "AS IS" BASIS,
** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
** See the License for the specific language governing permissions and
** limitations under the License.
*/
#include <getopt.h>
#include <pwd.h>
#include <stdlib.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#include <cutils/android_filesystem_config.h>
#include <cutils/properties.h>
#include <log/log.h>
#include "binder/pm-wrapper.h"
#include "su.h"
#include "utils.h"
extern int is_daemon;
extern int daemon_from_uid;
extern int daemon_from_pid;
int fork_zero_fucks() {
int pid = fork();
if (pid) {
int status;
waitpid(pid, &status, 0);
return pid;
} else {
if ((pid = fork())) exit(0);
return 0;
}
}
static int from_init(struct su_initiator* from) {
char path[PATH_MAX], exe[PATH_MAX];
char args[4096], *argv0, *argv_rest;
int fd;
ssize_t len;
int i;
int err;
from->uid = getuid();
from->pid = getppid();
if (is_daemon) {
from->uid = daemon_from_uid;
from->pid = daemon_from_pid;
}
/* Get the command line */
snprintf(path, sizeof(path), "/proc/%d/cmdline", from->pid);
fd = open(path, O_RDONLY);
if (fd < 0) {
PLOGE("Opening command line");
return -1;
}
len = read(fd, args, sizeof(args));
err = errno;
close(fd);
if (len < 0 || len == sizeof(args)) {
PLOGEV("Reading command line", err);
return -1;
}
argv0 = args;
argv_rest = NULL;
for (i = 0; i < len; i++) {
if (args[i] == '\0') {
if (!argv_rest) {
argv_rest = &args[i + 1];
} else {
args[i] = ' ';
}
}
}
args[len] = '\0';
if (argv_rest) {
if (strlcpy(from->args, argv_rest, sizeof(from->args)) >= sizeof(from->args)) {
ALOGE("argument too long");
return -1;
}
} else {
from->args[0] = '\0';
}
/* If this isn't app_process, use the real path instead of argv[0] */
snprintf(path, sizeof(path), "/proc/%d/exe", from->pid);
len = readlink(path, exe, sizeof(exe));
if (len < 0) {
PLOGE("Getting exe path");
return -1;
}
exe[len] = '\0';
if (strcmp(exe, "/system/bin/app_process") != 0) {
argv0 = exe;
}
if (strlcpy(from->bin, argv0, sizeof(from->bin)) >= sizeof(from->bin)) {
ALOGE("binary path too long");
return -1;
}
struct passwd* pw;
pw = getpwuid(from->uid);
if (pw && pw->pw_name) {
if (strlcpy(from->name, pw->pw_name, sizeof(from->name)) >= sizeof(from->name)) {
ALOGE("name too long");
return -1;
}
}
return 0;
}
static void populate_environment(const struct su_context* ctx) {
struct passwd* pw;
if (ctx->to.keepenv) return;
pw = getpwuid(ctx->to.uid);
if (pw) {
setenv("HOME", pw->pw_dir, 1);
if (ctx->to.shell)
setenv("SHELL", ctx->to.shell, 1);
else
setenv("SHELL", DEFAULT_SHELL, 1);
if (ctx->to.login || ctx->to.uid) {
setenv("USER", pw->pw_name, 1);
setenv("LOGNAME", pw->pw_name, 1);
}
}
}
void set_identity(unsigned int uid) {
/*
* Set effective uid back to root, otherwise setres[ug]id will fail
* if uid isn't root.
*/
if (seteuid(0)) {
PLOGE("seteuid (root)");
exit(EXIT_FAILURE);
}
if (setresgid(uid, uid, uid)) {
PLOGE("setresgid (%u)", uid);
exit(EXIT_FAILURE);
}
if (setresuid(uid, uid, uid)) {
PLOGE("setresuid (%u)", uid);
exit(EXIT_FAILURE);
}
}
static void usage(int status) {
FILE* stream = (status == EXIT_SUCCESS) ? stdout : stderr;
fprintf(stream,
"Usage: su [options] [--] [-] [LOGIN] [--] [args...]\n\n"
"Options:\n"
" --daemon start the su daemon agent\n"
" -c, --command COMMAND pass COMMAND to the invoked shell\n"
" -h, --help display this help message and exit\n"
" -, -l, --login pretend the shell to be a login shell\n"
" -m, -p,\n"
" --preserve-environment do not change environment variables\n"
" -s, --shell SHELL use SHELL instead of the default " DEFAULT_SHELL
"\n"
" -v, --version display version number and exit\n"
" -V display version code and exit,\n"
" this is used almost exclusively by Superuser.apk\n");
exit(status);
}
static __attribute__((noreturn)) void deny(struct su_context* ctx) {
char* cmd = get_command(&ctx->to);
ALOGW("request rejected (%u->%u %s)", ctx->from.uid, ctx->to.uid, cmd);
fprintf(stderr, "%s\n", strerror(EACCES));
exit(EXIT_FAILURE);
}
static __attribute__((noreturn)) void allow(struct su_context* ctx, const char* packageName) {
char* arg0;
int argc, err;
umask(ctx->umask);
char* binary;
argc = ctx->to.optind;
if (ctx->to.command) {
binary = ctx->to.shell;
ctx->to.argv[--argc] = ctx->to.command;
ctx->to.argv[--argc] = "-c";
} else if (ctx->to.shell) {
binary = ctx->to.shell;
} else {
if (ctx->to.argv[argc]) {
binary = ctx->to.argv[argc++];
} else {
binary = DEFAULT_SHELL;
}
}
arg0 = strrchr(binary, '/');
arg0 = (arg0) ? arg0 + 1 : binary;
if (ctx->to.login) {
int s = strlen(arg0) + 2;
char* p = malloc(s);
if (!p) exit(EXIT_FAILURE);
*p = '-';
strcpy(p + 1, arg0);
arg0 = p;
}
populate_environment(ctx);
set_identity(ctx->to.uid);
#define PARG(arg) \
(argc + (arg) < ctx->to.argc) ? " " : "", \
(argc + (arg) < ctx->to.argc) ? ctx->to.argv[argc + (arg)] : ""
ALOGD("%u %s executing %u %s using binary %s : %s%s%s%s%s%s%s%s%s%s%s%s%s%s", ctx->from.uid,
ctx->from.bin, ctx->to.uid, get_command(&ctx->to), binary, arg0, PARG(0), PARG(1),
PARG(2), PARG(3), PARG(4), PARG(5), (ctx->to.optind + 6 < ctx->to.argc) ? " ..." : "");
ctx->to.argv[--argc] = arg0;
int pid = fork();
if (!pid) {
execvp(binary, ctx->to.argv + argc);
err = errno;
PLOGE("exec");
fprintf(stderr, "Cannot execute %s: %s\n", binary, strerror(err));
exit(EXIT_FAILURE);
} else {
int status, code;
ALOGD("Waiting for pid %d.", pid);
waitpid(pid, &status, 0);
ALOGD("pid %d returned %d.", pid, status);
code = WIFSIGNALED(status) ? WTERMSIG(status) + 128 : WEXITSTATUS(status);
if (packageName) {
appops_finish_op_su(ctx->from.uid, packageName);
}
exit(code);
}
}
int access_disabled(const struct su_initiator* from) {
char build_type[PROPERTY_VALUE_MAX];
int enabled;
/* Only allow su on debuggable builds */
if (!property_get_bool("ro.debuggable", false)) {
ALOGE("Root access is disabled on non-debug builds");
return 1;
}
/* Enforce persist.sys.root_access on non-eng builds for apps */
enabled = property_get_int32("persist.sys.root_access", 2);
property_get("ro.build.type", build_type, "");
if (strcmp("eng", build_type) != 0 && from->uid != AID_SHELL && from->uid != AID_ROOT &&
(enabled & LINEAGE_ROOT_ACCESS_APPS_ONLY) != LINEAGE_ROOT_ACCESS_APPS_ONLY) {
ALOGE(
"Apps root access is disabled by system setting - "
"enable it under settings -> developer options");
return 1;
}
/* disallow su in a shell if appropriate */
if (from->uid == AID_SHELL &&
(enabled & LINEAGE_ROOT_ACCESS_ADB_ONLY) != LINEAGE_ROOT_ACCESS_ADB_ONLY) {
ALOGE(
"Shell root access is disabled by a system setting - "
"enable it under settings -> developer options");
return 1;
}
return 0;
}
int main(int argc, char* argv[]) {
if (getuid() != geteuid()) {
ALOGE("must not be a setuid binary");
return 1;
}
return su_main(argc, argv, 1);
}
int su_main(int argc, char* argv[], int need_client) {
// start up in daemon mode if prompted
if (argc == 2 && strcmp(argv[1], "--daemon") == 0) {
return run_daemon();
}
int ppid = getppid();
// Sanitize all secure environment variables (from linker_environ.c in AOSP linker).
/* The same list than GLibc at this point */
static const char* const unsec_vars[] = {
"GCONV_PATH",
"GETCONF_DIR",
"HOSTALIASES",
"LD_AUDIT",
"LD_DEBUG",
"LD_DEBUG_OUTPUT",
"LD_DYNAMIC_WEAK",
"LD_LIBRARY_PATH",
"LD_ORIGIN_PATH",
"LD_PRELOAD",
"LD_PROFILE",
"LD_SHOW_AUXV",
"LD_USE_LOAD_BIAS",
"LOCALDOMAIN",
"LOCPATH",
"MALLOC_TRACE",
"MALLOC_CHECK_",
"NIS_PATH",
"NLSPATH",
"RESOLV_HOST_CONF",
"RES_OPTIONS",
"TMPDIR",
"TZDIR",
"LD_AOUT_LIBRARY_PATH",
"LD_AOUT_PRELOAD",
// not listed in linker, used due to system() call
"IFS",
};
const char* const* cp = unsec_vars;
const char* const* endp = cp + sizeof(unsec_vars) / sizeof(unsec_vars[0]);
while (cp < endp) {
unsetenv(*cp);
cp++;
}
ALOGD("su invoked.");
struct su_context ctx = {
.from =
{
.pid = -1,
.uid = 0,
.bin = "",
.args = "",
.name = "",
},
.to =
{
.uid = AID_ROOT,
.login = 0,
.keepenv = 0,
.shell = NULL,
.command = NULL,
.argv = argv,
.argc = argc,
.optind = 0,
.name = "",
},
};
int c;
struct option long_opts[] = {
{"command", required_argument, NULL, 'c'},
{"help", no_argument, NULL, 'h'},
{"login", no_argument, NULL, 'l'},
{"preserve-environment", no_argument, NULL, 'p'},
{"shell", required_argument, NULL, 's'},
{"version", no_argument, NULL, 'v'},
{NULL, 0, NULL, 0},
};
while ((c = getopt_long(argc, argv, "+c:hlmps:Vv", long_opts, NULL)) != -1) {
switch (c) {
case 'c':
ctx.to.shell = DEFAULT_SHELL;
ctx.to.command = optarg;
break;
case 'h':
usage(EXIT_SUCCESS);
break;
case 'l':
ctx.to.login = 1;
break;
case 'm':
case 'p':
ctx.to.keepenv = 1;
break;
case 's':
ctx.to.shell = optarg;
break;
case 'V':
printf("%d\n", VERSION_CODE);
exit(EXIT_SUCCESS);
case 'v':
printf("%s\n", VERSION);
exit(EXIT_SUCCESS);
default:
/* Bionic getopt_long doesn't terminate its error output by newline */
fprintf(stderr, "\n");
usage(2);
}
}
if (need_client) {
// attempt to connect to daemon...
ALOGD("starting daemon client %d %d", getuid(), geteuid());
return connect_daemon(argc, argv, ppid);
}
if (optind < argc && !strcmp(argv[optind], "-")) {
ctx.to.login = 1;
optind++;
}
/* username or uid */
if (optind < argc && strcmp(argv[optind], "--") != 0) {
struct passwd* pw;
pw = getpwnam(argv[optind]);
if (!pw) {
char* endptr;
/* It seems we shouldn't do this at all */
errno = 0;
ctx.to.uid = strtoul(argv[optind], &endptr, 10);
if (errno || *endptr) {
ALOGE("Unknown id: %s\n", argv[optind]);
fprintf(stderr, "Unknown id: %s\n", argv[optind]);
exit(EXIT_FAILURE);
}
} else {
ctx.to.uid = pw->pw_uid;
if (pw->pw_name) {
if (strlcpy(ctx.to.name, pw->pw_name, sizeof(ctx.to.name)) >= sizeof(ctx.to.name)) {
ALOGE("name too long");
exit(EXIT_FAILURE);
}
}
}
optind++;
}
if (optind < argc && !strcmp(argv[optind], "--")) {
optind++;
}
ctx.to.optind = optind;
if (from_init(&ctx.from) < 0) {
deny(&ctx);
}
ALOGE("SU from: %s", ctx.from.name);
if (ctx.from.uid == AID_ROOT) {
ALOGD("Allowing root.");
allow(&ctx, NULL);
}
// check if superuser is disabled completely
if (access_disabled(&ctx.from)) {
ALOGD("access_disabled");
deny(&ctx);
}
// autogrant shell at this point
if (ctx.from.uid == AID_SHELL) {
ALOGD("Allowing shell.");
allow(&ctx, NULL);
}
char* packageName = resolve_package_name(ctx.from.uid);
if (packageName) {
if (!appops_start_op_su(ctx.from.uid, packageName)) {
ALOGD("Allowing via appops.");
allow(&ctx, packageName);
}
free(packageName);
}
ALOGE("Allow chain exhausted, denying request");
deny(&ctx);
}