Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 517e1f17 authored by Tom Cherry's avatar Tom Cherry
Browse files

init: Check DecodeUid() result and use error string 

Check the result of DecodeUid() and return failure when uids/gids are
unable to be decoded.

Also, use an error string instead of logging directly such that more
context can be added when decoding fails.

Bug: 38038887
Test: Boot bullhead
Test: Init unit tests
Change-Id: I84c11aa5a8041bf5d2f754ee9af748344b789b37
parent 3d7ee068

init/builtins.cpp

+28 −11
Original line number Diff line number Diff line
@@ -215,11 +215,19 @@ static int do_mkdir(const std::vector<std::string>& args) { 
    }



    if (args.size() >= 4) {

        uid_t uid = decode_uid(args[3].c_str());

        uid_t uid;

        std::string decode_uid_err;

        if (!DecodeUid(args[3], &uid, &decode_uid_err)) {

            LOG(ERROR) << "Unable to find UID for '" << args[3] << "': " << decode_uid_err;

            return -1;

        }

        gid_t gid = -1;



        if (args.size() == 5) {

            gid = decode_uid(args[4].c_str());

            if (!DecodeUid(args[4], &gid, &decode_uid_err)) {

                LOG(ERROR) << "Unable to find GID for '" << args[3] << "': " << decode_uid_err;

                return -1;

            }

        }



        if (lchown(args[1].c_str(), uid, gid) == -1) {
@@ -655,17 +663,26 @@ static int do_copy(const std::vector<std::string>& args) { 
}



static int do_chown(const std::vector<std::string>& args) {

    /* GID is optional. */

    if (args.size() == 3) {

        if (lchown(args[2].c_str(), decode_uid(args[1].c_str()), -1) == -1)

            return -errno;

    } else if (args.size() == 4) {

        if (lchown(args[3].c_str(), decode_uid(args[1].c_str()),

                   decode_uid(args[2].c_str())) == -1)

            return -errno;

    } else {

    uid_t uid;

    std::string decode_uid_err;

    if (!DecodeUid(args[1], &uid, &decode_uid_err)) {

        LOG(ERROR) << "Unable to find UID for '" << args[1] << "': " << decode_uid_err;

        return -1;

    }



    // GID is optional and pushes the index of path out by one if specified.

    const std::string& path = (args.size() == 4) ? args[3] : args[2];

    gid_t gid = -1;



    if (args.size() == 4) {

        if (!DecodeUid(args[2], &gid, &decode_uid_err)) {

            LOG(ERROR) << "Unable to find GID for '" << args[2] << "': " << decode_uid_err;

            return -1;

        }

    }



    if (lchown(path.c_str(), uid, gid) == -1) return -errno;



    return 0;

}

init/init_parser_test.cpp

+14 −4
Original line number Diff line number Diff line
@@ -86,19 +86,29 @@ static void Test_make_exec_oneshot_service(bool dash_dash, bool seclabel, bool u 
        ASSERT_EQ("", svc->seclabel());

    }

    if (uid) {

        ASSERT_EQ(decode_uid("log"), svc->uid());

        uid_t decoded_uid;

        std::string err;

        ASSERT_TRUE(DecodeUid("log", &decoded_uid, &err));

        ASSERT_EQ(decoded_uid, svc->uid());

    } else {

        ASSERT_EQ(0U, svc->uid());

    }

    if (gid) {

        ASSERT_EQ(decode_uid("shell"), svc->gid());

        uid_t decoded_uid;

        std::string err;

        ASSERT_TRUE(DecodeUid("shell", &decoded_uid, &err));

        ASSERT_EQ(decoded_uid, svc->gid());

    } else {

        ASSERT_EQ(0U, svc->gid());

    }

    if (supplementary_gids) {

        ASSERT_EQ(2U, svc->supp_gids().size());

        ASSERT_EQ(decode_uid("system"), svc->supp_gids()[0]);

        ASSERT_EQ(decode_uid("adb"), svc->supp_gids()[1]);

        uid_t decoded_uid;

        std::string err;

        ASSERT_TRUE(DecodeUid("system", &decoded_uid, &err));

        ASSERT_EQ(decoded_uid, svc->supp_gids()[0]);

        ASSERT_TRUE(DecodeUid("adb", &decoded_uid, &err));

        ASSERT_EQ(decoded_uid, svc->supp_gids()[1]);

    } else {

        ASSERT_EQ(0U, svc->supp_gids().size());

    }

init/service.cpp

+49 −8
Original line number Diff line number Diff line
@@ -380,9 +380,18 @@ bool Service::ParseDisabled(const std::vector<std::string>& args, std::string* e 
}



bool Service::ParseGroup(const std::vector<std::string>& args, std::string* err) {

    gid_ = decode_uid(args[1].c_str());

    std::string decode_uid_err;

    if (!DecodeUid(args[1], &gid_, &decode_uid_err)) {

        *err = "Unable to find GID for '" + args[1] + "': " + decode_uid_err;

        return false;

    }

    for (std::size_t n = 2; n < args.size(); n++) {

        supp_gids_.emplace_back(decode_uid(args[n].c_str()));

        gid_t gid;

        if (!DecodeUid(args[n], &gid, &decode_uid_err)) {

            *err = "Unable to find GID for '" + args[n] + "': " + decode_uid_err;

            return false;

        }

        supp_gids_.emplace_back(gid);

    }

    return true;

}
@@ -480,10 +489,25 @@ bool Service::ParseSetenv(const std::vector<std::string>& args, std::string* err 
template <typename T>

bool Service::AddDescriptor(const std::vector<std::string>& args, std::string* err) {

    int perm = args.size() > 3 ? std::strtoul(args[3].c_str(), 0, 8) : -1;

    uid_t uid = args.size() > 4 ? decode_uid(args[4].c_str()) : 0;

    gid_t gid = args.size() > 5 ? decode_uid(args[5].c_str()) : 0;

    uid_t uid = 0;

    gid_t gid = 0;

    std::string context = args.size() > 6 ? args[6] : "";



    std::string decode_uid_err;

    if (args.size() > 4) {

        if (!DecodeUid(args[4], &uid, &decode_uid_err)) {

            *err = "Unable to find UID for '" + args[4] + "': " + decode_uid_err;

            return false;

        }

    }



    if (args.size() > 5) {

        if (!DecodeUid(args[5], &gid, &decode_uid_err)) {

            *err = "Unable to find GID for '" + args[5] + "': " + decode_uid_err;

            return false;

        }

    }



    auto descriptor = std::make_unique<T>(args[1], args[2], uid, gid, perm, context);



    auto old =
@@ -522,7 +546,11 @@ bool Service::ParseFile(const std::vector<std::string>& args, std::string* err) 
}



bool Service::ParseUser(const std::vector<std::string>& args, std::string* err) {

    uid_ = decode_uid(args[1].c_str());

    std::string decode_uid_err;

    if (!DecodeUid(args[1], &uid_, &decode_uid_err)) {

        *err = "Unable to find UID for '" + args[1] + "': " + decode_uid_err;

        return false;

    }

    return true;

}
@@ -936,15 +964,28 @@ Service* ServiceManager::MakeExecOneshotService(const std::vector<std::string>& 
    }

    uid_t uid = 0;

    if (command_arg > 3) {

        uid = decode_uid(args[2].c_str());

        std::string decode_uid_err;

        if (!DecodeUid(args[2], &uid, &decode_uid_err)) {

            LOG(ERROR) << "Unable to find UID for '" << args[2] << "': " << decode_uid_err;

            return nullptr;

        }

    }

    gid_t gid = 0;

    std::vector<gid_t> supp_gids;

    if (command_arg > 4) {

        gid = decode_uid(args[3].c_str());

        std::string decode_uid_err;

        if (!DecodeUid(args[3], &gid, &decode_uid_err)) {

            LOG(ERROR) << "Unable to find GID for '" << args[3] << "': " << decode_uid_err;

            return nullptr;

        }

        std::size_t nr_supp_gids = command_arg - 1 /* -- */ - 4 /* exec SECLABEL UID GID */;

        for (size_t i = 0; i < nr_supp_gids; ++i) {

            supp_gids.push_back(decode_uid(args[4 + i].c_str()));

            gid_t supp_gid;

            if (!DecodeUid(args[4 + i], &supp_gid, &decode_uid_err)) {

                LOG(ERROR) << "Unable to find UID for '" << args[4 + i] << "': " << decode_uid_err;

                return nullptr;

            }

            supp_gids.push_back(supp_gid);

        }

    }

init/util.cpp

+23 −29
Original line number Diff line number Diff line
@@ -48,39 +48,33 @@ 
#endif



using android::base::boot_clock;



static unsigned int do_decode_uid(const char *s)

{

    unsigned int v;



    if (!s || *s == '\0')

        return UINT_MAX;



    if (isalpha(s[0])) {

        struct passwd* pwd = getpwnam(s);

        if (!pwd)

            return UINT_MAX;

        return pwd->pw_uid;

using namespace std::literals::string_literals;



// DecodeUid() - decodes and returns the given string, which can be either the

// numeric or name representation, into the integer uid or gid. Returns

// UINT_MAX on error.

bool DecodeUid(const std::string& name, uid_t* uid, std::string* err) {

    *uid = UINT_MAX;

    *err = "";



    if (isalpha(name[0])) {

        passwd* pwd = getpwnam(name.c_str());

        if (!pwd) {

            *err = "getpwnam failed: "s + strerror(errno);

            return false;

        }



    errno = 0;

    v = (unsigned int) strtoul(s, 0, 0);

    if (errno)

        return UINT_MAX;

    return v;

        *uid = pwd->pw_uid;

        return true;

    }



/*

 * decode_uid - decodes and returns the given string, which can be either the

 * numeric or name representation, into the integer uid or gid. Returns

 * UINT_MAX on error.

 */

unsigned int decode_uid(const char *s) {

    unsigned int v = do_decode_uid(s);

    if (v == UINT_MAX) {

        LOG(ERROR) << "decode_uid: Unable to find UID for '" << s << "'; returning UINT_MAX";

    errno = 0;

    uid_t result = static_cast<uid_t>(strtoul(name.c_str(), 0, 0));

    if (errno) {

        *err = "strtoul failed: "s + strerror(errno);

        return false;

    }

    return v;

    *uid = result;

    return true;

}



/*

init/util.h

+1 −1
Original line number Diff line number Diff line
@@ -61,7 +61,7 @@ class Timer { 


std::ostream& operator<<(std::ostream& os, const Timer& t);



unsigned int decode_uid(const char *s);

bool DecodeUid(const std::string& name, uid_t* uid, std::string* err);



int mkdir_recursive(const std::string& pathname, mode_t mode, selabel_handle* sehandle);

int wait_for_file(const char *filename, std::chrono::nanoseconds timeout);