1 /* 2 * Copyright (C) 2012-2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include <errno.h> 18 #include <stdio.h> 19 #include <stdlib.h> 20 #include <string.h> 21 22 #include <private/android_filesystem_config.h> 23 24 #include "LogCommand.h" 25 #include "LogUtils.h" 26 27 LogCommand::LogCommand(const char *cmd) : FrameworkCommand(cmd) { 28 } 29 30 // gets a list of supplementary group IDs associated with 31 // the socket peer. This is implemented by opening 32 // /proc/PID/status and look for the "Group:" line. 33 // 34 // This function introduces races especially since status 35 // can change 'shape' while reading, the net result is err 36 // on lack of permission. 37 // 38 // Race-free alternative is to introduce pairs of sockets 39 // and threads for each command and reading, one each that 40 // has open permissions, and one that has restricted 41 // permissions. 42 43 static bool groupIsLog(char *buf) { 44 char *ptr; 45 static const char ws[] = " \n"; 46 47 for (buf = strtok_r(buf, ws, &ptr); buf; buf = strtok_r(NULL, ws, &ptr)) { 48 errno = 0; 49 gid_t Gid = strtol(buf, NULL, 10); 50 if (errno != 0) { 51 return false; 52 } 53 if (Gid == AID_LOG) { 54 return true; 55 } 56 } 57 return false; 58 } 59 60 bool clientHasLogCredentials(uid_t uid, gid_t gid, pid_t pid) { 61 if ((uid == AID_ROOT) || (uid == AID_SYSTEM) || (uid == AID_LOG)) { 62 return true; 63 } 64 65 if ((gid == AID_ROOT) || (gid == AID_SYSTEM) || (gid == AID_LOG)) { 66 return true; 67 } 68 69 // FYI We will typically be here for 'adb logcat' 70 char filename[256]; 71 snprintf(filename, sizeof(filename), "/proc/%u/status", pid); 72 73 bool ret; 74 bool foundLog = false; 75 bool foundGid = false; 76 bool foundUid = false; 77 78 // 79 // Reading /proc/<pid>/status is rife with race conditions. All of /proc 80 // suffers from this and its use should be minimized. However, we have no 81 // choice. 82 // 83 // Notably the content from one 4KB page to the next 4KB page can be from a 84 // change in shape even if we are gracious enough to attempt to read 85 // atomically. getline can not even guarantee a page read is not split up 86 // and in effect can read from different vintages of the content. 87 // 88 // We are finding out in the field that a 'logcat -c' via adb occasionally 89 // is returned with permission denied when we did only one pass and thus 90 // breaking scripts. For security we still err on denying access if in 91 // doubt, but we expect the falses should be reduced significantly as 92 // three times is a charm. 93 // 94 for (int retry = 3; 95 !(ret = foundGid && foundUid && foundLog) && retry; 96 --retry) { 97 FILE *file = fopen(filename, "r"); 98 if (!file) { 99 continue; 100 } 101 102 char *line = NULL; 103 size_t len = 0; 104 while (getline(&line, &len, file) > 0) { 105 static const char groups_string[] = "Groups:\t"; 106 static const char uid_string[] = "Uid:\t"; 107 static const char gid_string[] = "Gid:\t"; 108 109 if (strncmp(groups_string, line, sizeof(groups_string) - 1) == 0) { 110 if (groupIsLog(line + sizeof(groups_string) - 1)) { 111 foundLog = true; 112 } 113 } else if (strncmp(uid_string, line, sizeof(uid_string) - 1) == 0) { 114 uid_t u[4] = { (uid_t) -1, (uid_t) -1, (uid_t) -1, (uid_t) -1}; 115 116 sscanf(line + sizeof(uid_string) - 1, "%u\t%u\t%u\t%u", 117 &u[0], &u[1], &u[2], &u[3]); 118 119 // Protect against PID reuse by checking that UID is the same 120 if ((uid == u[0]) 121 && (uid == u[1]) 122 && (uid == u[2]) 123 && (uid == u[3])) { 124 foundUid = true; 125 } 126 } else if (strncmp(gid_string, line, sizeof(gid_string) - 1) == 0) { 127 gid_t g[4] = { (gid_t) -1, (gid_t) -1, (gid_t) -1, (gid_t) -1}; 128 129 sscanf(line + sizeof(gid_string) - 1, "%u\t%u\t%u\t%u", 130 &g[0], &g[1], &g[2], &g[3]); 131 132 // Protect against PID reuse by checking that GID is the same 133 if ((gid == g[0]) 134 && (gid == g[1]) 135 && (gid == g[2]) 136 && (gid == g[3])) { 137 foundGid = true; 138 } 139 } 140 } 141 free(line); 142 fclose(file); 143 } 144 145 return ret; 146 } 147 148 bool clientHasLogCredentials(SocketClient *cli) { 149 return clientHasLogCredentials(cli->getUid(), cli->getGid(), cli->getPid()); 150 } 151