1 /* 2 * Copyright (C) 2008 The Android Open Source Project 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in 12 * the documentation and/or other materials provided with the 13 * distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #include <ctype.h> 30 #include <errno.h> 31 #include <grp.h> 32 #include <mntent.h> 33 #include <netdb.h> 34 #include <pthread.h> 35 #include <pwd.h> 36 #include <stdio.h> 37 #include <stdlib.h> 38 #include <string.h> 39 #include <unistd.h> 40 41 #include "private/android_filesystem_config.h" 42 #include "private/ErrnoRestorer.h" 43 #include "private/libc_logging.h" 44 #include "private/ThreadLocalBuffer.h" 45 46 // POSIX seems to envisage an implementation where the <pwd.h> functions are 47 // implemented by brute-force searching with getpwent(3), and the <grp.h> 48 // functions are implemented similarly with getgrent(3). This means that it's 49 // okay for all the <grp.h> functions to share state, and all the <passwd.h> 50 // functions to share state, but <grp.h> functions can't clobber <passwd.h> 51 // functions' state and vice versa. 52 53 struct group_state_t { 54 group group_; 55 char* group_members_[2]; 56 char group_name_buffer_[32]; 57 }; 58 59 struct passwd_state_t { 60 passwd passwd_; 61 char name_buffer_[32]; 62 char dir_buffer_[32]; 63 char sh_buffer_[32]; 64 }; 65 66 static ThreadLocalBuffer<group_state_t> g_group_tls_buffer; 67 static ThreadLocalBuffer<passwd_state_t> g_passwd_tls_buffer; 68 69 static group_state_t* __group_state() { 70 group_state_t* result = g_group_tls_buffer.get(); 71 if (result != nullptr) { 72 memset(result, 0, sizeof(group_state_t)); 73 result->group_.gr_mem = result->group_members_; 74 } 75 return result; 76 } 77 78 static int do_getpw_r(int by_name, const char* name, uid_t uid, 79 passwd* dst, char* buf, size_t byte_count, 80 passwd** result) { 81 // getpwnam_r and getpwuid_r don't modify errno, but library calls we 82 // make might. 83 ErrnoRestorer errno_restorer; 84 *result = NULL; 85 86 // Our implementation of getpwnam(3) and getpwuid(3) use thread-local 87 // storage, so we can call them as long as we copy everything out 88 // before returning. 89 const passwd* src = by_name ? getpwnam(name) : getpwuid(uid); // NOLINT: see above. 90 91 // POSIX allows failure to find a match to be considered a non-error. 92 // Reporting success (0) but with *result NULL is glibc's behavior. 93 if (src == NULL) { 94 return (errno == ENOENT) ? 0 : errno; 95 } 96 97 // Work out where our strings will go in 'buf', and whether we've got 98 // enough space. 99 size_t required_byte_count = 0; 100 dst->pw_name = buf; 101 required_byte_count += strlen(src->pw_name) + 1; 102 dst->pw_dir = buf + required_byte_count; 103 required_byte_count += strlen(src->pw_dir) + 1; 104 dst->pw_shell = buf + required_byte_count; 105 required_byte_count += strlen(src->pw_shell) + 1; 106 if (byte_count < required_byte_count) { 107 return ERANGE; 108 } 109 110 // Copy the strings. 111 snprintf(buf, byte_count, "%s%c%s%c%s", src->pw_name, 0, src->pw_dir, 0, src->pw_shell); 112 113 // pw_passwd and pw_gecos are non-POSIX and unused (always NULL) in bionic. 114 dst->pw_passwd = NULL; 115 #if defined(__LP64__) 116 dst->pw_gecos = NULL; 117 #endif 118 119 // Copy the integral fields. 120 dst->pw_gid = src->pw_gid; 121 dst->pw_uid = src->pw_uid; 122 123 *result = dst; 124 return 0; 125 } 126 127 int getpwnam_r(const char* name, passwd* pwd, 128 char* buf, size_t byte_count, passwd** result) { 129 return do_getpw_r(1, name, -1, pwd, buf, byte_count, result); 130 } 131 132 int getpwuid_r(uid_t uid, passwd* pwd, 133 char* buf, size_t byte_count, passwd** result) { 134 return do_getpw_r(0, NULL, uid, pwd, buf, byte_count, result); 135 } 136 137 static passwd* android_iinfo_to_passwd(passwd_state_t* state, 138 const android_id_info* iinfo) { 139 snprintf(state->name_buffer_, sizeof(state->name_buffer_), "%s", iinfo->name); 140 snprintf(state->dir_buffer_, sizeof(state->dir_buffer_), "/"); 141 snprintf(state->sh_buffer_, sizeof(state->sh_buffer_), "/system/bin/sh"); 142 143 passwd* pw = &state->passwd_; 144 pw->pw_name = state->name_buffer_; 145 pw->pw_uid = iinfo->aid; 146 pw->pw_gid = iinfo->aid; 147 pw->pw_dir = state->dir_buffer_; 148 pw->pw_shell = state->sh_buffer_; 149 return pw; 150 } 151 152 static group* android_iinfo_to_group(group_state_t* state, 153 const android_id_info* iinfo) { 154 snprintf(state->group_name_buffer_, sizeof(state->group_name_buffer_), "%s", iinfo->name); 155 156 group* gr = &state->group_; 157 gr->gr_name = state->group_name_buffer_; 158 gr->gr_gid = iinfo->aid; 159 gr->gr_mem[0] = gr->gr_name; 160 return gr; 161 } 162 163 static passwd* android_id_to_passwd(passwd_state_t* state, unsigned id) { 164 for (size_t n = 0; n < android_id_count; ++n) { 165 if (android_ids[n].aid == id) { 166 return android_iinfo_to_passwd(state, android_ids + n); 167 } 168 } 169 return NULL; 170 } 171 172 static passwd* android_name_to_passwd(passwd_state_t* state, const char* name) { 173 for (size_t n = 0; n < android_id_count; ++n) { 174 if (!strcmp(android_ids[n].name, name)) { 175 return android_iinfo_to_passwd(state, android_ids + n); 176 } 177 } 178 return NULL; 179 } 180 181 static group* android_id_to_group(group_state_t* state, unsigned id) { 182 for (size_t n = 0; n < android_id_count; ++n) { 183 if (android_ids[n].aid == id) { 184 return android_iinfo_to_group(state, android_ids + n); 185 } 186 } 187 return NULL; 188 } 189 190 static group* android_name_to_group(group_state_t* state, const char* name) { 191 for (size_t n = 0; n < android_id_count; ++n) { 192 if (!strcmp(android_ids[n].name, name)) { 193 return android_iinfo_to_group(state, android_ids + n); 194 } 195 } 196 return NULL; 197 } 198 199 // Translate a user/group name to the corresponding user/group id. 200 // all_a1234 -> 0 * AID_USER + AID_SHARED_GID_START + 1234 (group name only) 201 // u0_a1234 -> 0 * AID_USER + AID_APP + 1234 202 // u2_i1000 -> 2 * AID_USER + AID_ISOLATED_START + 1000 203 // u1_system -> 1 * AID_USER + android_ids['system'] 204 // returns 0 and sets errno to ENOENT in case of error 205 static id_t app_id_from_name(const char* name, bool is_group) { 206 char* end; 207 unsigned long userid; 208 bool is_shared_gid = false; 209 210 if (is_group && name[0] == 'a' && name[1] == 'l' && name[2] == 'l') { 211 end = const_cast<char*>(name+3); 212 userid = 0; 213 is_shared_gid = true; 214 } else if (name[0] == 'u' && isdigit(name[1])) { 215 userid = strtoul(name+1, &end, 10); 216 } else { 217 errno = ENOENT; 218 return 0; 219 } 220 221 if (end[0] != '_' || end[1] == 0) { 222 errno = ENOENT; 223 return 0; 224 } 225 226 unsigned long appid = 0; 227 if (end[1] == 'a' && isdigit(end[2])) { 228 if (is_shared_gid) { 229 // end will point to \0 if the strtoul below succeeds. 230 appid = strtoul(end+2, &end, 10) + AID_SHARED_GID_START; 231 if (appid > AID_SHARED_GID_END) { 232 errno = ENOENT; 233 return 0; 234 } 235 } else { 236 // end will point to \0 if the strtoul below succeeds. 237 appid = strtoul(end+2, &end, 10) + AID_APP; 238 } 239 } else if (end[1] == 'i' && isdigit(end[2])) { 240 // end will point to \0 if the strtoul below succeeds. 241 appid = strtoul(end+2, &end, 10) + AID_ISOLATED_START; 242 } else { 243 for (size_t n = 0; n < android_id_count; n++) { 244 if (!strcmp(android_ids[n].name, end + 1)) { 245 appid = android_ids[n].aid; 246 // Move the end pointer to the null terminator. 247 end += strlen(android_ids[n].name) + 1; 248 break; 249 } 250 } 251 } 252 253 // Check that the entire string was consumed by one of the 3 cases above. 254 if (end[0] != 0) { 255 errno = ENOENT; 256 return 0; 257 } 258 259 // Check that user id won't overflow. 260 if (userid > 1000) { 261 errno = ENOENT; 262 return 0; 263 } 264 265 // Check that app id is within range. 266 if (appid >= AID_USER) { 267 errno = ENOENT; 268 return 0; 269 } 270 271 return (appid + userid*AID_USER); 272 } 273 274 static void print_app_name_from_uid(const uid_t uid, char* buffer, const int bufferlen) { 275 const uid_t appid = uid % AID_USER; 276 const uid_t userid = uid / AID_USER; 277 if (appid >= AID_ISOLATED_START) { 278 snprintf(buffer, bufferlen, "u%u_i%u", userid, appid - AID_ISOLATED_START); 279 } else if (appid < AID_APP) { 280 for (size_t n = 0; n < android_id_count; n++) { 281 if (android_ids[n].aid == appid) { 282 snprintf(buffer, bufferlen, "u%u_%s", userid, android_ids[n].name); 283 return; 284 } 285 } 286 } else { 287 snprintf(buffer, bufferlen, "u%u_a%u", userid, appid - AID_APP); 288 } 289 } 290 291 static void print_app_name_from_gid(const gid_t gid, char* buffer, const int bufferlen) { 292 const uid_t appid = gid % AID_USER; 293 const uid_t userid = gid / AID_USER; 294 if (appid >= AID_ISOLATED_START) { 295 snprintf(buffer, bufferlen, "u%u_i%u", userid, appid - AID_ISOLATED_START); 296 } else if (userid == 0 && appid >= AID_SHARED_GID_START && appid <= AID_SHARED_GID_END) { 297 snprintf(buffer, bufferlen, "all_a%u", appid - AID_SHARED_GID_START); 298 } else if (appid < AID_APP) { 299 for (size_t n = 0; n < android_id_count; n++) { 300 if (android_ids[n].aid == appid) { 301 snprintf(buffer, bufferlen, "u%u_%s", userid, android_ids[n].name); 302 return; 303 } 304 } 305 } else { 306 snprintf(buffer, bufferlen, "u%u_a%u", userid, appid - AID_APP); 307 } 308 } 309 310 // Translate a uid into the corresponding name. 311 // 0 to AID_APP-1 -> "system", "radio", etc. 312 // AID_APP to AID_ISOLATED_START-1 -> u0_a1234 313 // AID_ISOLATED_START to AID_USER-1 -> u0_i1234 314 // AID_USER+ -> u1_radio, u1_a1234, u2_i1234, etc. 315 // returns a passwd structure (sets errno to ENOENT on failure). 316 static passwd* app_id_to_passwd(uid_t uid, passwd_state_t* state) { 317 if (uid < AID_APP) { 318 errno = ENOENT; 319 return NULL; 320 } 321 322 print_app_name_from_uid(uid, state->name_buffer_, sizeof(state->name_buffer_)); 323 324 const uid_t appid = uid % AID_USER; 325 if (appid < AID_APP) { 326 snprintf(state->dir_buffer_, sizeof(state->dir_buffer_), "/"); 327 } else { 328 snprintf(state->dir_buffer_, sizeof(state->dir_buffer_), "/data"); 329 } 330 331 snprintf(state->sh_buffer_, sizeof(state->sh_buffer_), "/system/bin/sh"); 332 333 passwd* pw = &state->passwd_; 334 pw->pw_name = state->name_buffer_; 335 pw->pw_dir = state->dir_buffer_; 336 pw->pw_shell = state->sh_buffer_; 337 pw->pw_uid = uid; 338 pw->pw_gid = uid; 339 return pw; 340 } 341 342 // Translate a gid into the corresponding app_<gid> 343 // group structure (sets errno to ENOENT on failure). 344 static group* app_id_to_group(gid_t gid, group_state_t* state) { 345 if (gid < AID_APP) { 346 errno = ENOENT; 347 return NULL; 348 } 349 350 print_app_name_from_gid(gid, state->group_name_buffer_, sizeof(state->group_name_buffer_)); 351 352 group* gr = &state->group_; 353 gr->gr_name = state->group_name_buffer_; 354 gr->gr_gid = gid; 355 gr->gr_mem[0] = gr->gr_name; 356 return gr; 357 } 358 359 passwd* getpwuid(uid_t uid) { // NOLINT: implementing bad function. 360 passwd_state_t* state = g_passwd_tls_buffer.get(); 361 if (state == NULL) { 362 return NULL; 363 } 364 365 passwd* pw = android_id_to_passwd(state, uid); 366 if (pw != NULL) { 367 return pw; 368 } 369 return app_id_to_passwd(uid, state); 370 } 371 372 passwd* getpwnam(const char* login) { // NOLINT: implementing bad function. 373 passwd_state_t* state = g_passwd_tls_buffer.get(); 374 if (state == NULL) { 375 return NULL; 376 } 377 378 passwd* pw = android_name_to_passwd(state, login); 379 if (pw != NULL) { 380 return pw; 381 } 382 return app_id_to_passwd(app_id_from_name(login, false), state); 383 } 384 385 // All users are in just one group, the one passed in. 386 int getgrouplist(const char* /*user*/, gid_t group, gid_t* groups, int* ngroups) { 387 if (*ngroups < 1) { 388 *ngroups = 1; 389 return -1; 390 } 391 groups[0] = group; 392 return (*ngroups = 1); 393 } 394 395 char* getlogin() { // NOLINT: implementing bad function. 396 passwd *pw = getpwuid(getuid()); // NOLINT: implementing bad function in terms of bad function. 397 return (pw != NULL) ? pw->pw_name : NULL; 398 } 399 400 group* getgrgid(gid_t gid) { // NOLINT: implementing bad function. 401 group_state_t* state = __group_state(); 402 if (state == NULL) { 403 return NULL; 404 } 405 406 group* gr = android_id_to_group(state, gid); 407 if (gr != NULL) { 408 return gr; 409 } 410 return app_id_to_group(gid, state); 411 } 412 413 group* getgrnam(const char* name) { // NOLINT: implementing bad function. 414 group_state_t* state = __group_state(); 415 if (state == NULL) { 416 return NULL; 417 } 418 419 if (android_name_to_group(state, name) != 0) { 420 return &state->group_; 421 } 422 return app_id_to_group(app_id_from_name(name, true), state); 423 } 424 425 // We don't have an /etc/networks, so all inputs return NULL. 426 netent* getnetbyname(const char* /*name*/) { 427 return NULL; 428 } 429 430 // We don't have an /etc/networks, so all inputs return NULL. 431 netent* getnetbyaddr(uint32_t /*net*/, int /*type*/) { 432 return NULL; 433 } 434 435 // We don't have an /etc/protocols, so all inputs return NULL. 436 protoent* getprotobyname(const char* /*name*/) { 437 return NULL; 438 } 439 440 // We don't have an /etc/protocols, so all inputs return NULL. 441 protoent* getprotobynumber(int /*proto*/) { 442 return NULL; 443 } 444 445 // Portable code should use sysconf(_SC_PAGE_SIZE) directly instead. 446 int getpagesize() { 447 // We dont use sysconf(3) here because that drags in stdio, which makes static binaries fat. 448 return PAGE_SIZE; 449 } 450