Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2b8f76cd authored by jeffhao's avatar jeffhao Committed by Brian Carlstrom
Browse files

Tracking merge of dalvik-dev to master 

Reordered bootclasspath to allow verification of all framework methods.
  git cherry-pick --no-commit  ec164a0170955fe63106c2576a65bc4ffb1df425

Address CVE-2011-1090.
  git cherry-pick --no-commit  3365288d3c00072689cd9d733e055561cadc87b5

Change-Id: I6a89bc600ced06a0cb84ae1670cb7a6ea39de9c8
parent e555f549

include/cutils/sockets.h

+13 −1
Original line number Diff line number Diff line
@@ -20,6 +20,7 @@ 
#include <errno.h>

#include <stdlib.h>

#include <string.h>

#include <stdbool.h>



#ifdef HAVE_WINSOCK

#include <winsock2.h>
@@ -93,6 +94,17 @@ extern int socket_local_client_connect(int fd, 
extern int socket_local_client(const char *name, int namespaceId, int type);

extern int socket_inaddr_any_server(int port, int type);



/*

 * socket_peer_is_trusted - Takes a socket which is presumed to be a

 * connected local socket (e.g. AF_LOCAL) and returns whether the peer

 * (the userid that owns the process on the other end of that socket)

 * is one of the two trusted userids, root or shell.

 *

 * Note: This only works as advertised on the Android OS and always

 * just returns true when called on other operating systems.

 */

extern bool socket_peer_is_trusted(int fd);



#ifdef __cplusplus

}

#endif

libcutils/Android.mk

+1 −0
Original line number Diff line number Diff line
@@ -35,6 +35,7 @@ commonSources := \ 
	socket_loopback_client.c \

	socket_loopback_server.c \

	socket_network_client.c \

	sockets.c \

	config_utils.c \

	cpu_info.c \

	load_file.c \

libcutils/sockets.c

0 → 100644
+44 −0
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2011 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */



#include <cutils/log.h>

#include <cutils/sockets.h>



#ifdef HAVE_ANDROID_OS

/* For the socket trust (credentials) check */

#include <private/android_filesystem_config.h>

#endif



bool socket_peer_is_trusted(int fd)

{

#ifdef HAVE_ANDROID_OS

    struct ucred cr;

    socklen_t len = sizeof(cr);

    int n = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &cr, &len);



    if (n != 0) {

        LOGE("could not get socket credentials: %s\n", strerror(errno));

        return false;

    }



    if ((cr.uid != AID_ROOT) && (cr.uid != AID_SHELL)) {

        LOGE("untrusted userid on other end of socket: userid %d\n", cr.uid);

        return false;

    }

#endif



    return true;

}

rootdir/init.rc

+1 −1
Original line number Diff line number Diff line
@@ -19,7 +19,7 @@ loglevel 3 
    export ANDROID_DATA /data

    export ASEC_MOUNTPOINT /mnt/asec

    export LOOP_MOUNTPOINT /mnt/obb

    export BOOTCLASSPATH /system/framework/core.jar:/system/framework/apache-xml.jar:/system/framework/bouncycastle.jar:/system/framework/ext.jar:/system/framework/framework.jar:/system/framework/android.policy.jar:/system/framework/services.jar:/system/framework/core-junit.jar

    export BOOTCLASSPATH /system/framework/core.jar:/system/framework/core-junit.jar:/system/framework/bouncycastle.jar:/system/framework/ext.jar:/system/framework/framework.jar:/system/framework/android.policy.jar:/system/framework/services.jar:/system/framework/apache-xml.jar



# Backward compatibility

    symlink /system/etc /etc