Commit Graph

8 Commits

Author SHA1 Message Date
Elliott Hughes a372f6f241 Fix the run-as environment to better match su.
$USER and $LOGNAME along with $HOME were just plain wrong (leading to a
misleading interactive prompt), and it probably makes sense to reset the
variables that su would reset.

Bug: https://code.google.com/p/android/issues/detail?id=187438
Change-Id: I0404511453d371f36801f0212a8d72d93f0bc8ac
2015-11-03 14:31:46 -08:00
Oleksiy Vyalov a08d313bb8 Extend run-as with optional --user argument.
1. Calculate AID for spawned process as (100000 * $user) + uid_from_packages.list
2. Use /data/user/$user/$packageDir as a root of a new process if $user != 0.

Change-Id: I761dfb481114bd51e5a950307fcaf403e96eef10
(cherry picked from commit da31778f3b)
2015-06-10 12:09:10 -07:00
Mark Salyzyn db5334ad03 run-as: bracket capability
- do not assume that caller has granted effective bits in capabilities
- only elevate capabilities when needed
- suppress capabilities before exec when called as shell,shell,shell
- some Android coding standard cleanup

Bug: 19908228
Change-Id: Ibe3d1c1a0fdcb54c41d7a72395e50ad749df98ce
2015-03-31 09:44:48 -07:00
Alex Klyubin b0739c662d Fix run-as which was broken in Android 4.3
In Android 4.3 the run-as binary no longer has the SUID/SGID bits
set. Instead, it requires to be installed with setuid and setgid
file-based capabilities. As a result of the above two changes, the
binary no longer executes as root when invoked by the "shell" user
but can still change its UID/GID to that of the target package.

Unfortunately, run-as attempts to chdir into the target package's
data directory before changing its effective UID/GID. As a result,
when run-as is invoked by the "shell" user, the chdir operation
fails.

The fix is for run-as to chdir after changing the effective UID/GID
to those of the target package.

Bug: 10154652

(cherry picked from commit f2904a7b63)

Change-Id: I0f6cb9efd49f5c2c491f7aa1d614d700a5ec2304
2013-08-21 12:15:27 -07:00
Robert Craig fced3ded83 run-as: Get seinfo from packages.list and pass to libselinux.
Change allows the proper seinfo value to be passed
to libselinux to switch to the proper app security
context before running the shell.

Change-Id: I9d7ea47c920b1bc09a19008345ed7fd0aa426e87
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
2013-03-28 06:04:39 -04:00
Stephen Smalley 4ead8beac8 run-as: set the SELinux security context.
Before invoking the specified command or a shell, set the
SELinux security context.

Change-Id: Ifc7f91aed9d298290b95d771484b322ed7a4c594
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2012-11-13 12:56:48 -05:00
Nick Kralevich b2d8f896b6 Don't statically compile run-as
Bug: 5904033
Change-Id: Ie815f09a2bf51ad583ded82f652d162a7f70b87e
2012-01-23 11:10:06 -08:00
David 'Digit' Turner 1f4d95296a Add 'run-as' command implementation as set-uid program.
Typical usage is 'run-as <package-name> <command>' to run <command>
in the data directory, and the user id, of <package-name> if, and only
if <package-name> is the name of an installed and debuggable application.

This relies on the /data/system/packages.list file generated by the
PackageManager service.

BEWARE: This is intended to be available on production devices !
2010-03-17 11:02:08 -07:00