1 /* 2 * Copyright (C) 2007 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include <stdio.h> 18 #include <stdlib.h> 19 #include <unistd.h> 20 #include <string.h> 21 #include <ctype.h> 22 #include <fcntl.h> 23 #include <stdarg.h> 24 #include <dirent.h> 25 #include <limits.h> 26 #include <errno.h> 27 #include <sys/poll.h> 28 29 #include <cutils/misc.h> 30 #include <cutils/sockets.h> 31 #include <cutils/multiuser.h> 32 33 #define _REALLY_INCLUDE_SYS__SYSTEM_PROPERTIES_H_ 34 #include <sys/_system_properties.h> 35 36 #include <sys/socket.h> 37 #include <sys/un.h> 38 #include <sys/select.h> 39 #include <sys/types.h> 40 #include <netinet/in.h> 41 #include <sys/mman.h> 42 #include <private/android_filesystem_config.h> 43 44 #include <selinux/selinux.h> 45 #include <selinux/label.h> 46 47 #include "property_service.h" 48 #include "init.h" 49 #include "util.h" 50 #include "log.h" 51 52 #define PERSISTENT_PROPERTY_DIR "/data/property" 53 54 static int persistent_properties_loaded = 0; 55 static int property_area_inited = 0; 56 57 static int property_set_fd = -1; 58 59 typedef struct { 60 size_t size; 61 int fd; 62 } workspace; 63 64 static int init_workspace(workspace *w, size_t size) 65 { 66 void *data; 67 int fd = open(PROP_FILENAME, O_RDONLY | O_NOFOLLOW); 68 if (fd < 0) 69 return -1; 70 71 w->size = size; 72 w->fd = fd; 73 return 0; 74 } 75 76 static workspace pa_workspace; 77 78 static int init_property_area(void) 79 { 80 if (property_area_inited) 81 return -1; 82 83 if(__system_property_area_init()) 84 return -1; 85 86 if(init_workspace(&pa_workspace, 0)) 87 return -1; 88 89 fcntl(pa_workspace.fd, F_SETFD, FD_CLOEXEC); 90 91 property_area_inited = 1; 92 return 0; 93 } 94 95 static int check_mac_perms(const char *name, char *sctx) 96 { 97 if (is_selinux_enabled() <= 0) 98 return 1; 99 100 char *tctx = NULL; 101 const char *class = "property_service"; 102 const char *perm = "set"; 103 int result = 0; 104 105 if (!sctx) 106 goto err; 107 108 if (!sehandle_prop) 109 goto err; 110 111 if (selabel_lookup(sehandle_prop, &tctx, name, 1) != 0) 112 goto err; 113 114 if (selinux_check_access(sctx, tctx, class, perm, (void*) name) == 0) 115 result = 1; 116 117 freecon(tctx); 118 err: 119 return result; 120 } 121 122 static int check_control_mac_perms(const char *name, char *sctx) 123 { 124 /* 125 * Create a name prefix out of ctl.<service name> 126 * The new prefix allows the use of the existing 127 * property service backend labeling while avoiding 128 * mislabels based on true property prefixes. 129 */ 130 char ctl_name[PROP_VALUE_MAX+4]; 131 int ret = snprintf(ctl_name, sizeof(ctl_name), "ctl.%s", name); 132 133 if (ret < 0 || (size_t) ret >= sizeof(ctl_name)) 134 return 0; 135 136 return check_mac_perms(ctl_name, sctx); 137 } 138 139 /* 140 * Checks permissions for setting system properties. 141 * Returns 1 if uid allowed, 0 otherwise. 142 */ 143 static int check_perms(const char *name, char *sctx) 144 { 145 int i; 146 unsigned int app_id; 147 148 if(!strncmp(name, "ro.", 3)) 149 name +=3; 150 151 return check_mac_perms(name, sctx); 152 } 153 154 int __property_get(const char *name, char *value) 155 { 156 return __system_property_get(name, value); 157 } 158 159 static void write_persistent_property(const char *name, const char *value) 160 { 161 char tempPath[PATH_MAX]; 162 char path[PATH_MAX]; 163 int fd; 164 165 snprintf(tempPath, sizeof(tempPath), "%s/.temp.XXXXXX", PERSISTENT_PROPERTY_DIR); 166 fd = mkstemp(tempPath); 167 if (fd < 0) { 168 ERROR("Unable to write persistent property to temp file %s errno: %d\n", tempPath, errno); 169 return; 170 } 171 write(fd, value, strlen(value)); 172 fsync(fd); 173 close(fd); 174 175 snprintf(path, sizeof(path), "%s/%s", PERSISTENT_PROPERTY_DIR, name); 176 if (rename(tempPath, path)) { 177 unlink(tempPath); 178 ERROR("Unable to rename persistent property file %s to %s\n", tempPath, path); 179 } 180 } 181 182 static bool is_legal_property_name(const char* name, size_t namelen) 183 { 184 size_t i; 185 if (namelen >= PROP_NAME_MAX) return false; 186 if (namelen < 1) return false; 187 if (name[0] == '.') return false; 188 if (name[namelen - 1] == '.') return false; 189 190 /* Only allow alphanumeric, plus '.', '-', or '_' */ 191 /* Don't allow ".." to appear in a property name */ 192 for (i = 0; i < namelen; i++) { 193 if (name[i] == '.') { 194 // i=0 is guaranteed to never have a dot. See above. 195 if (name[i-1] == '.') return false; 196 continue; 197 } 198 if (name[i] == '_' || name[i] == '-') continue; 199 if (name[i] >= 'a' && name[i] <= 'z') continue; 200 if (name[i] >= 'A' && name[i] <= 'Z') continue; 201 if (name[i] >= '0' && name[i] <= '9') continue; 202 return false; 203 } 204 205 return true; 206 } 207 208 int property_set(const char *name, const char *value) 209 { 210 prop_info *pi; 211 int ret; 212 213 size_t namelen = strlen(name); 214 size_t valuelen = strlen(value); 215 216 if (!is_legal_property_name(name, namelen)) return -1; 217 if (valuelen >= PROP_VALUE_MAX) return -1; 218 219 pi = (prop_info*) __system_property_find(name); 220 221 if(pi != 0) { 222 /* ro.* properties may NEVER be modified once set */ 223 if(!strncmp(name, "ro.", 3)) return -1; 224 225 __system_property_update(pi, value, valuelen); 226 } else { 227 ret = __system_property_add(name, namelen, value, valuelen); 228 if (ret < 0) { 229 ERROR("Failed to set '%s'='%s'\n", name, value); 230 return ret; 231 } 232 } 233 /* If name starts with "net." treat as a DNS property. */ 234 if (strncmp("net.", name, strlen("net.")) == 0) { 235 if (strcmp("net.change", name) == 0) { 236 return 0; 237 } 238 /* 239 * The 'net.change' property is a special property used track when any 240 * 'net.*' property name is updated. It is _ONLY_ updated here. Its value 241 * contains the last updated 'net.*' property. 242 */ 243 property_set("net.change", name); 244 } else if (persistent_properties_loaded && 245 strncmp("persist.", name, strlen("persist.")) == 0) { 246 /* 247 * Don't write properties to disk until after we have read all default properties 248 * to prevent them from being overwritten by default values. 249 */ 250 write_persistent_property(name, value); 251 } else if (strcmp("selinux.reload_policy", name) == 0 && 252 strcmp("1", value) == 0) { 253 selinux_reload_policy(); 254 } 255 property_changed(name, value); 256 return 0; 257 } 258 259 void handle_property_set_fd() 260 { 261 prop_msg msg; 262 int s; 263 int r; 264 int res; 265 struct ucred cr; 266 struct sockaddr_un addr; 267 socklen_t addr_size = sizeof(addr); 268 socklen_t cr_size = sizeof(cr); 269 char * source_ctx = NULL; 270 struct pollfd ufds[1]; 271 const int timeout_ms = 2 * 1000; /* Default 2 sec timeout for caller to send property. */ 272 int nr; 273 274 if ((s = accept(property_set_fd, (struct sockaddr *) &addr, &addr_size)) < 0) { 275 return; 276 } 277 278 /* Check socket options here */ 279 if (getsockopt(s, SOL_SOCKET, SO_PEERCRED, &cr, &cr_size) < 0) { 280 close(s); 281 ERROR("Unable to receive socket options\n"); 282 return; 283 } 284 285 ufds[0].fd = s; 286 ufds[0].events = POLLIN; 287 ufds[0].revents = 0; 288 nr = TEMP_FAILURE_RETRY(poll(ufds, 1, timeout_ms)); 289 if (nr == 0) { 290 ERROR("sys_prop: timeout waiting for uid=%d to send property message.\n", cr.uid); 291 close(s); 292 return; 293 } else if (nr < 0) { 294 ERROR("sys_prop: error waiting for uid=%d to send property message. err=%d %s\n", cr.uid, errno, strerror(errno)); 295 close(s); 296 return; 297 } 298 299 r = TEMP_FAILURE_RETRY(recv(s, &msg, sizeof(msg), MSG_DONTWAIT)); 300 if(r != sizeof(prop_msg)) { 301 ERROR("sys_prop: mis-match msg size received: %d expected: %zu errno: %d\n", 302 r, sizeof(prop_msg), errno); 303 close(s); 304 return; 305 } 306 307 switch(msg.cmd) { 308 case PROP_MSG_SETPROP: 309 msg.name[PROP_NAME_MAX-1] = 0; 310 msg.value[PROP_VALUE_MAX-1] = 0; 311 312 if (!is_legal_property_name(msg.name, strlen(msg.name))) { 313 ERROR("sys_prop: illegal property name. Got: \"%s\"\n", msg.name); 314 close(s); 315 return; 316 } 317 318 getpeercon(s, &source_ctx); 319 320 if(memcmp(msg.name,"ctl.",4) == 0) { 321 // Keep the old close-socket-early behavior when handling 322 // ctl.* properties. 323 close(s); 324 if (check_control_mac_perms(msg.value, source_ctx)) { 325 handle_control_message((char*) msg.name + 4, (char*) msg.value); 326 } else { 327 ERROR("sys_prop: Unable to %s service ctl [%s] uid:%d gid:%d pid:%d\n", 328 msg.name + 4, msg.value, cr.uid, cr.gid, cr.pid); 329 } 330 } else { 331 if (check_perms(msg.name, source_ctx)) { 332 property_set((char*) msg.name, (char*) msg.value); 333 } else { 334 ERROR("sys_prop: permission denied uid:%d name:%s\n", 335 cr.uid, msg.name); 336 } 337 338 // Note: bionic's property client code assumes that the 339 // property server will not close the socket until *AFTER* 340 // the property is written to memory. 341 close(s); 342 } 343 freecon(source_ctx); 344 break; 345 346 default: 347 close(s); 348 break; 349 } 350 } 351 352 void get_property_workspace(int *fd, int *sz) 353 { 354 *fd = pa_workspace.fd; 355 *sz = pa_workspace.size; 356 } 357 358 static void load_properties_from_file(const char *, const char *); 359 360 /* 361 * Filter is used to decide which properties to load: NULL loads all keys, 362 * "ro.foo.*" is a prefix match, and "ro.foo.bar" is an exact match. 363 */ 364 static void load_properties(char *data, const char *filter) 365 { 366 char *key, *value, *eol, *sol, *tmp, *fn; 367 size_t flen = 0; 368 369 if (filter) { 370 flen = strlen(filter); 371 } 372 373 sol = data; 374 while ((eol = strchr(sol, '\n'))) { 375 key = sol; 376 *eol++ = 0; 377 sol = eol; 378 379 while (isspace(*key)) key++; 380 if (*key == '#') continue; 381 382 tmp = eol - 2; 383 while ((tmp > key) && isspace(*tmp)) *tmp-- = 0; 384 385 if (!strncmp(key, "import ", 7) && flen == 0) { 386 fn = key + 7; 387 while (isspace(*fn)) fn++; 388 389 key = strchr(fn, ' '); 390 if (key) { 391 *key++ = 0; 392 while (isspace(*key)) key++; 393 } 394 395 load_properties_from_file(fn, key); 396 397 } else { 398 value = strchr(key, '='); 399 if (!value) continue; 400 *value++ = 0; 401 402 tmp = value - 2; 403 while ((tmp > key) && isspace(*tmp)) *tmp-- = 0; 404 405 while (isspace(*value)) value++; 406 407 if (flen > 0) { 408 if (filter[flen - 1] == '*') { 409 if (strncmp(key, filter, flen - 1)) continue; 410 } else { 411 if (strcmp(key, filter)) continue; 412 } 413 } 414 415 property_set(key, value); 416 } 417 } 418 } 419 420 /* 421 * Filter is used to decide which properties to load: NULL loads all keys, 422 * "ro.foo.*" is a prefix match, and "ro.foo.bar" is an exact match. 423 */ 424 static void load_properties_from_file(const char *fn, const char *filter) 425 { 426 char *data; 427 unsigned sz; 428 429 data = read_file(fn, &sz); 430 431 if(data != 0) { 432 load_properties(data, filter); 433 free(data); 434 } 435 } 436 437 static void load_persistent_properties() 438 { 439 DIR* dir = opendir(PERSISTENT_PROPERTY_DIR); 440 int dir_fd; 441 struct dirent* entry; 442 char value[PROP_VALUE_MAX]; 443 int fd, length; 444 struct stat sb; 445 446 if (dir) { 447 dir_fd = dirfd(dir); 448 while ((entry = readdir(dir)) != NULL) { 449 if (strncmp("persist.", entry->d_name, strlen("persist."))) 450 continue; 451 #if HAVE_DIRENT_D_TYPE 452 if (entry->d_type != DT_REG) 453 continue; 454 #endif 455 /* open the file and read the property value */ 456 fd = openat(dir_fd, entry->d_name, O_RDONLY | O_NOFOLLOW); 457 if (fd < 0) { 458 ERROR("Unable to open persistent property file \"%s\" errno: %d\n", 459 entry->d_name, errno); 460 continue; 461 } 462 if (fstat(fd, &sb) < 0) { 463 ERROR("fstat on property file \"%s\" failed errno: %d\n", entry->d_name, errno); 464 close(fd); 465 continue; 466 } 467 468 // File must not be accessible to others, be owned by root/root, and 469 // not be a hard link to any other file. 470 if (((sb.st_mode & (S_IRWXG | S_IRWXO)) != 0) 471 || (sb.st_uid != 0) 472 || (sb.st_gid != 0) 473 || (sb.st_nlink != 1)) { 474 ERROR("skipping insecure property file %s (uid=%u gid=%u nlink=%d mode=%o)\n", 475 entry->d_name, (unsigned int)sb.st_uid, (unsigned int)sb.st_gid, 476 sb.st_nlink, sb.st_mode); 477 close(fd); 478 continue; 479 } 480 481 length = read(fd, value, sizeof(value) - 1); 482 if (length >= 0) { 483 value[length] = 0; 484 property_set(entry->d_name, value); 485 } else { 486 ERROR("Unable to read persistent property file %s errno: %d\n", 487 entry->d_name, errno); 488 } 489 close(fd); 490 } 491 closedir(dir); 492 } else { 493 ERROR("Unable to open persistent property directory %s errno: %d\n", PERSISTENT_PROPERTY_DIR, errno); 494 } 495 496 persistent_properties_loaded = 1; 497 } 498 499 void property_init(void) 500 { 501 init_property_area(); 502 } 503 504 void property_load_boot_defaults(void) 505 { 506 load_properties_from_file(PROP_PATH_RAMDISK_DEFAULT, NULL); 507 } 508 509 int properties_inited(void) 510 { 511 return property_area_inited; 512 } 513 514 static void load_override_properties() { 515 #ifdef ALLOW_LOCAL_PROP_OVERRIDE 516 char debuggable[PROP_VALUE_MAX]; 517 int ret; 518 519 ret = property_get("ro.debuggable", debuggable); 520 if (ret && (strcmp(debuggable, "1") == 0)) { 521 load_properties_from_file(PROP_PATH_LOCAL_OVERRIDE, NULL); 522 } 523 #endif /* ALLOW_LOCAL_PROP_OVERRIDE */ 524 } 525 526 527 /* When booting an encrypted system, /data is not mounted when the 528 * property service is started, so any properties stored there are 529 * not loaded. Vold triggers init to load these properties once it 530 * has mounted /data. 531 */ 532 void load_persist_props(void) 533 { 534 load_override_properties(); 535 /* Read persistent properties after all default values have been loaded. */ 536 load_persistent_properties(); 537 } 538 539 void load_all_props(void) 540 { 541 load_properties_from_file(PROP_PATH_SYSTEM_BUILD, NULL); 542 load_properties_from_file(PROP_PATH_SYSTEM_DEFAULT, NULL); 543 load_properties_from_file(PROP_PATH_FACTORY, "ro.*"); 544 545 load_override_properties(); 546 547 /* Read persistent properties after all default values have been loaded. */ 548 load_persistent_properties(); 549 } 550 551 void start_property_service(void) 552 { 553 int fd; 554 555 fd = create_socket(PROP_SERVICE_NAME, SOCK_STREAM, 0666, 0, 0, NULL); 556 if(fd < 0) return; 557 fcntl(fd, F_SETFD, FD_CLOEXEC); 558 fcntl(fd, F_SETFL, O_NONBLOCK); 559 560 listen(fd, 8); 561 property_set_fd = fd; 562 } 563 564 int get_property_set_fd() 565 { 566 return property_set_fd; 567 } 568
