Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c0808155 authored by Felipe Leme's avatar Felipe Leme
Browse files

Run iptables as root.

iptables requires root access and su is not available on user builds,
hence it must be ran before dropping uid to shell user.

BUG: 29455997

Change-Id: I10c6337b411875b061ae9556b6e9c44f83301ae1
parent e1e1e751
Loading
Loading
Loading
Loading
+12 −11
Original line number Diff line number Diff line
@@ -627,6 +627,15 @@ static bool add_text_zip_entry(const std::string& entry_name, const std::string&
    return true;
}

static void dump_iptables() {
    run_command("IPTABLES", 10, "iptables", "-L", "-nvx", NULL);
    run_command("IP6TABLES", 10, "ip6tables", "-L", "-nvx", NULL);
    run_command("IPTABLE NAT", 10, "iptables", "-t", "nat", "-L", "-nvx", NULL);
    /* no ip6 nat */
    run_command("IPTABLE RAW", 10, "iptables", "-t", "raw", "-L", "-nvx", NULL);
    run_command("IP6TABLE RAW", 10, "ip6tables", "-t", "raw", "-L", "-nvx", NULL);
}

static void dumpstate(const std::string& screenshot_path, const std::string& version) {
    DurationReporter duration_reporter("DUMPSTATE");
    unsigned long timeout;
@@ -800,16 +809,7 @@ static void dumpstate(const std::string& screenshot_path, const std::string& ver
    run_command("ARP CACHE", 10, "ip", "-4", "neigh", "show", NULL);
    run_command("IPv6 ND CACHE", 10, "ip", "-6", "neigh", "show", NULL);
    run_command("MULTICAST ADDRESSES", 10, "ip", "maddr", NULL);

    run_command("IPTABLES", 10, SU_PATH, "root", "iptables", "-L", "-nvx", NULL);
    run_command("IP6TABLES", 10, SU_PATH, "root", "ip6tables", "-L", "-nvx", NULL);
    run_command("IPTABLE NAT", 10, SU_PATH, "root", "iptables", "-t", "nat", "-L", "-nvx", NULL);
    /* no ip6 nat */
    run_command("IPTABLE RAW", 10, SU_PATH, "root", "iptables", "-t", "raw", "-L", "-nvx", NULL);
    run_command("IP6TABLE RAW", 10, SU_PATH, "root", "ip6tables", "-t", "raw", "-L", "-nvx", NULL);

    run_command("WIFI NETWORKS", 20,
            SU_PATH, "root", "wpa_cli", "IFNAME=wlan0", "list_networks", NULL);
    run_command("WIFI NETWORKS", 20, "wpa_cli", "IFNAME=wlan0", "list_networks", NULL);

#ifdef FWDUMP_bcmdhd
    run_command("ND OFFLOAD TABLE", 5,
@@ -1283,7 +1283,7 @@ int main(int argc, char *argv[]) {
    /* collect stack traces from Dalvik and native processes (needs root) */
    dump_traces_path = dump_traces();

    /* Get the tombstone fds, recovery files, and mount info here while we are running as root. */
    /* Run some operations that require root. */
    get_tombstone_fds(tombstone_data);
    add_dir(RECOVERY_DIR, true);
    add_dir(RECOVERY_DATA_DIR, true);
@@ -1293,6 +1293,7 @@ int main(int argc, char *argv[]) {
        add_dir(PROFILE_DATA_DIR_REF, true);
    }
    add_mountinfo();
    dump_iptables();

    if (!drop_root_user()) {
        return -1;