am b0d0e260: resolved conflicts for merge of 2baeb898 to honeycomb-plus-aosp

* commit 'b0d0e260bd6118959fa0e2d3c84037b3e0178551':
  Fold uevent message origin checking from init into libcutils.
This commit is contained in:
Nick Kralevich 2011-04-27 13:49:59 -07:00 committed by Android Git Automerger
commit 4682abaaa6
4 changed files with 108 additions and 30 deletions

32
include/cutils/uevent.h Normal file
View File

@ -0,0 +1,32 @@
/*
* Copyright (C) 2011 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef __CUTILS_UEVENT_H
#define __CUTILS_UEVENT_H
#include <sys/socket.h>
#ifdef __cplusplus
extern "C" {
#endif
ssize_t uevent_checked_recv(int socket, void *buffer, size_t length);
#ifdef __cplusplus
}
#endif
#endif /* __CUTILS_UEVENT_H */

View File

@ -34,6 +34,8 @@
#include <asm/page.h>
#include <sys/wait.h>
#include <cutils/uevent.h>
#include "devices.h"
#include "util.h"
#include "log.h"
@ -770,35 +772,9 @@ static void handle_firmware_event(struct uevent *uevent)
#define UEVENT_MSG_LEN 1024
void handle_device_fd()
{
for(;;) {
char msg[UEVENT_MSG_LEN+2];
char cred_msg[CMSG_SPACE(sizeof(struct ucred))];
struct iovec iov = {msg, sizeof(msg)};
struct sockaddr_nl snl;
struct msghdr hdr = {&snl, sizeof(snl), &iov, 1, cred_msg, sizeof(cred_msg), 0};
ssize_t n = recvmsg(device_fd, &hdr, 0);
if (n <= 0) {
break;
}
if ((snl.nl_groups != 1) || (snl.nl_pid != 0)) {
/* ignoring non-kernel netlink multicast message */
continue;
}
struct cmsghdr * cmsg = CMSG_FIRSTHDR(&hdr);
if (cmsg == NULL || cmsg->cmsg_type != SCM_CREDENTIALS) {
/* no sender credentials received, ignore message */
continue;
}
struct ucred * cred = (struct ucred *)CMSG_DATA(cmsg);
if (cred->uid != 0) {
/* message from non-root user, ignore */
continue;
}
char msg[UEVENT_MSG_LEN+2];
int n;
while ((n = uevent_checked_recv(device_fd, msg, UEVENT_MSG_LEN)) > 0) {
if(n >= UEVENT_MSG_LEN) /* overflow -- discard */
continue;

View File

@ -109,7 +109,7 @@ else #!sim
# ========================================================
include $(CLEAR_VARS)
LOCAL_MODULE := libcutils
LOCAL_SRC_FILES := $(commonSources) ashmem-dev.c mq.c android_reboot.c
LOCAL_SRC_FILES := $(commonSources) ashmem-dev.c mq.c android_reboot.c uevent.c
ifeq ($(TARGET_ARCH),arm)
LOCAL_SRC_FILES += arch-arm/memset32.S

70
libcutils/uevent.c Normal file
View File

@ -0,0 +1,70 @@
/*
* Copyright (C) 2011 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <cutils/uevent.h>
#include <errno.h>
#include <strings.h>
#include <linux/netlink.h>
/**
* Like recv(), but checks that messages actually originate from the kernel.
*/
ssize_t uevent_checked_recv(int socket, void *buffer, size_t length) {
struct iovec iov = { buffer, length };
struct sockaddr_nl addr;
char control[CMSG_SPACE(sizeof(struct ucred))];
struct msghdr hdr = {
&addr,
sizeof(addr),
&iov,
1,
control,
sizeof(control),
0,
};
ssize_t n = recvmsg(socket, &hdr, 0);
if (n <= 0) {
return n;
}
if (addr.nl_groups == 0 || addr.nl_pid != 0) {
/* ignoring non-kernel or unicast netlink message */
goto out;
}
struct cmsghdr *cmsg = CMSG_FIRSTHDR(&hdr);
if (cmsg == NULL || cmsg->cmsg_type != SCM_CREDENTIALS) {
/* ignoring netlink message with no sender credentials */
goto out;
}
struct ucred *cred = (struct ucred *)CMSG_DATA(cmsg);
if (cred->uid != 0) {
/* ignoring netlink message from non-root user */
goto out;
}
return n;
out:
/* clear residual potentially malicious data */
bzero(buffer, length);
errno = EIO;
return -1;
}