1 /*
2  * Copyright (C) 2008 The Android Open Source Project
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  *  * Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  *  * Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in
12  *    the documentation and/or other materials provided with the
13  *    distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19  * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22  * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26  * SUCH DAMAGE.
27  */
28 
29 #include "private/grp_pwd.h"
30 
31 #include <android/api-level.h>
32 #include <ctype.h>
33 #include <errno.h>
34 #include <grp.h>
35 #include <mntent.h>
36 #include <pthread.h>
37 #include <pwd.h>
38 #include <stdio.h>
39 #include <stdlib.h>
40 #include <string.h>
41 #include <sys/system_properties.h>
42 #include <sys/types.h>
43 #include <unistd.h>
44 
45 #include "private/ErrnoRestorer.h"
46 #include "private/android_filesystem_config.h"
47 #include "platform/bionic/macros.h"
48 
49 #if defined(__ANDROID__)
50 // Generated android_ids array
51 #include "generated_android_ids.h"
52 #else
53 // Empty array for host; everything is from the database files
54 #include "empty_android_ids.h"
55 #endif
56 
57 #include "grp_pwd_file.h"
58 
59 static PasswdFile passwd_files[] = {
60     {"/etc/passwd", "system_"},  // symlinks to /system/etc/passwd in Android
61     {"/vendor/etc/passwd", "vendor_"},
62     {"/odm/etc/passwd", "odm_"},
63     {"/product/etc/passwd", "product_"},
64     {"/system_ext/etc/passwd", "system_ext_"},
65 };
66 
67 static GroupFile group_files[] = {
68     {"/etc/group", "system_"},  // symlinks to /system/etc/group in Android
69     {"/vendor/etc/group", "vendor_"},
70     {"/odm/etc/group", "odm_"},
71     {"/product/etc/group", "product_"},
72     {"/system_ext/etc/group", "system_ext_"},
73 };
74 
75 // POSIX seems to envisage an implementation where the <pwd.h> functions are
76 // implemented by brute-force searching with getpwent(3), and the <grp.h>
77 // functions are implemented similarly with getgrent(3). This means that it's
78 // okay for all the <grp.h> functions to share state, and all the <passwd.h>
79 // functions to share state, but <grp.h> functions can't clobber <passwd.h>
80 // functions' state and vice versa.
81 #include "bionic/pthread_internal.h"
82 
init_group_state(group_state_t * state)83 static void init_group_state(group_state_t* state) {
84   memset(state, 0, sizeof(group_state_t) - sizeof(state->getgrent_idx));
85   state->group_.gr_name = state->group_name_buffer_;
86   state->group_.gr_mem = state->group_members_;
87   state->group_.gr_mem[0] = state->group_.gr_name;
88 }
89 
get_group_tls_buffer()90 static group_state_t* get_group_tls_buffer() {
91   auto result = &__get_bionic_tls().group;
92   init_group_state(result);
93   return result;
94 }
95 
init_passwd_state(passwd_state_t * state)96 static void init_passwd_state(passwd_state_t* state) {
97   memset(state, 0, sizeof(passwd_state_t) - sizeof(state->getpwent_idx));
98   state->passwd_.pw_name = state->name_buffer_;
99   state->passwd_.pw_dir = state->dir_buffer_;
100   state->passwd_.pw_shell = state->sh_buffer_;
101 }
102 
get_passwd_tls_buffer()103 static passwd_state_t* get_passwd_tls_buffer() {
104   auto result = &__get_bionic_tls().passwd;
105   init_passwd_state(result);
106   return result;
107 }
108 
android_iinfo_to_passwd(passwd_state_t * state,const android_id_info * iinfo)109 static passwd* android_iinfo_to_passwd(passwd_state_t* state,
110                                        const android_id_info* iinfo) {
111   snprintf(state->name_buffer_, sizeof(state->name_buffer_), "%s", iinfo->name);
112   snprintf(state->dir_buffer_, sizeof(state->dir_buffer_), "/");
113   snprintf(state->sh_buffer_, sizeof(state->sh_buffer_), "/bin/sh");
114 
115   passwd* pw = &state->passwd_;
116   pw->pw_uid   = iinfo->aid;
117   pw->pw_gid   = iinfo->aid;
118   return pw;
119 }
120 
android_iinfo_to_group(group_state_t * state,const android_id_info * iinfo)121 static group* android_iinfo_to_group(group_state_t* state,
122                                      const android_id_info* iinfo) {
123   snprintf(state->group_name_buffer_, sizeof(state->group_name_buffer_), "%s", iinfo->name);
124 
125   group* gr = &state->group_;
126   gr->gr_gid = iinfo->aid;
127   return gr;
128 }
129 
find_android_id_info(unsigned id)130 static const android_id_info* find_android_id_info(unsigned id) {
131   for (size_t n = 0; n < android_id_count; ++n) {
132     if (android_ids[n].aid == id) {
133       return &android_ids[n];
134     }
135   }
136   return nullptr;
137 }
138 
find_android_id_info(const char * name)139 static const android_id_info* find_android_id_info(const char* name) {
140   for (size_t n = 0; n < android_id_count; ++n) {
141     if (!strcmp(android_ids[n].name, name)) {
142       return &android_ids[n];
143     }
144   }
145   return nullptr;
146 }
147 
148 // These are a list of the reserved app ranges, and should never contain anything below
149 // AID_APP_START.  They exist per user, so a given uid/gid modulo AID_USER_OFFSET will map
150 // to these ranges.
151 struct IdRange {
152   id_t start;
153   id_t end;
154 };
155 
156 static constexpr IdRange user_ranges[] = {
157   { AID_APP_START, AID_APP_END },
158   { AID_ISOLATED_START, AID_ISOLATED_END },
159 };
160 
161 static constexpr IdRange group_ranges[] = {
162   { AID_APP_START, AID_APP_END },
163   { AID_CACHE_GID_START, AID_CACHE_GID_END },
164   { AID_EXT_GID_START, AID_EXT_GID_END },
165   { AID_EXT_CACHE_GID_START, AID_EXT_CACHE_GID_END },
166   { AID_SHARED_GID_START, AID_SHARED_GID_END },
167   { AID_ISOLATED_START, AID_ISOLATED_END },
168 };
169 
170 template <class T, size_t N>
verify_user_ranges_ascending(T (& ranges)[N])171 static constexpr bool verify_user_ranges_ascending(T (&ranges)[N]) {
172   auto array_size = N;
173   if (array_size < 2) return false;
174 
175   if (ranges[0].start > ranges[0].end) return false;
176 
177   for (size_t i = 1; i < array_size; ++i) {
178     if (ranges[i].start > ranges[i].end) return false;
179     if (ranges[i - 1].end > ranges[i].start) return false;
180   }
181   return true;
182 }
183 
184 static_assert(verify_user_ranges_ascending(user_ranges), "user_ranges must have ascending ranges");
185 static_assert(verify_user_ranges_ascending(group_ranges), "user_ranges must have ascending ranges");
186 
187 // This list comes from PackageManagerService.java, where platform AIDs are added to list of valid
188 // AIDs for packages via addSharedUserLPw().
189 static constexpr const id_t secondary_user_platform_ids[] = {
190   AID_SYSTEM, AID_RADIO,          AID_LOG,           AID_NFC, AID_BLUETOOTH,
191   AID_SHELL,  AID_SECURE_ELEMENT, AID_NETWORK_STACK,
192 };
193 
platform_id_secondary_user_allowed(id_t id)194 static bool platform_id_secondary_user_allowed(id_t id) {
195   for (const auto& allowed_id : secondary_user_platform_ids) {
196     if (allowed_id == id) {
197       return true;
198     }
199   }
200   return false;
201 }
202 
203 #if defined(__ANDROID__)
is_valid_app_id(id_t id,bool is_group)204 static bool is_valid_app_id(id_t id, bool is_group) {
205   id_t appid = id % AID_USER_OFFSET;
206 
207   // AID_OVERFLOWUID is never a valid app id, so we explicitly return false to ensure this.
208   // This is true across all users, as there is no reason to ever map this id into any user range.
209   if (appid == AID_OVERFLOWUID) {
210     return false;
211   }
212 
213   auto ranges_size = is_group ? arraysize(group_ranges) : arraysize(user_ranges);
214   auto ranges = is_group ? group_ranges : user_ranges;
215 
216   // If we're checking an appid that resolves below the user range, then it's a platform AID for a
217   // seconary user. We only allow a reduced set of these, so we must check that it is allowed.
218   if (appid < ranges[0].start && platform_id_secondary_user_allowed(appid)) {
219     return true;
220   }
221 
222   // The shared GID range is only valid for the first user.
223   if (appid >= AID_SHARED_GID_START && appid <= AID_SHARED_GID_END && appid != id) {
224     return false;
225   }
226 
227   // Otherwise check that the appid is in one of the reserved ranges.
228   for (size_t i = 0; i < ranges_size; ++i) {
229     if (appid >= ranges[i].start && appid <= ranges[i].end) {
230       return true;
231     }
232   }
233 
234   return false;
235 }
236 #else
is_valid_app_id(id_t,bool)237 static bool is_valid_app_id(id_t, bool) {
238   // Host doesn't have the concept of app_id
239   return false;
240 }
241 #endif  // if defined(__ANDROID__)
242 
243 // This provides an iterater for app_ids within the first user's app id's.
get_next_app_id(id_t current_id,bool is_group)244 static id_t get_next_app_id(id_t current_id, bool is_group) {
245   auto ranges_size = is_group ? arraysize(group_ranges) : arraysize(user_ranges);
246   auto ranges = is_group ? group_ranges : user_ranges;
247 
248   // If current_id is below the first of the ranges, then we're uninitialized, and return the first
249   // valid id.
250   if (current_id < ranges[0].start) {
251     return ranges[0].start;
252   }
253 
254   id_t incremented_id = current_id + 1;
255 
256   // Check to see if our incremented_id is between two ranges, and if so, return the beginning of
257   // the next valid range.
258   for (size_t i = 1; i < ranges_size; ++i) {
259     if (incremented_id > ranges[i - 1].end && incremented_id < ranges[i].start) {
260       return ranges[i].start;
261     }
262   }
263 
264   // Check to see if our incremented_id is above final range, and return -1 to indicate that we've
265   // completed if so.
266   if (incremented_id > ranges[ranges_size - 1].end) {
267     return -1;
268   }
269 
270   // Otherwise the incremented_id is valid, so return it.
271   return incremented_id;
272 }
273 
274 // Translate a user/group name to the corresponding user/group id.
275 // all_a1234 -> 0 * AID_USER_OFFSET + AID_SHARED_GID_START + 1234 (group name only)
276 // u0_a1234_ext_cache -> 0 * AID_USER_OFFSET + AID_EXT_CACHE_GID_START + 1234 (group name only)
277 // u0_a1234_ext -> 0 * AID_USER_OFFSET + AID_EXT_GID_START + 1234 (group name only)
278 // u0_a1234_cache -> 0 * AID_USER_OFFSET + AID_CACHE_GID_START + 1234 (group name only)
279 // u0_a1234 -> 0 * AID_USER_OFFSET + AID_APP_START + 1234
280 // u2_i1000 -> 2 * AID_USER_OFFSET + AID_ISOLATED_START + 1000
281 // u1_system -> 1 * AID_USER_OFFSET + android_ids['system']
282 // returns 0 and sets errno to ENOENT in case of error.
app_id_from_name(const char * name,bool is_group)283 static id_t app_id_from_name(const char* name, bool is_group) {
284   char* end;
285   unsigned long userid;
286   bool is_shared_gid = false;
287 
288   if (is_group && name[0] == 'a' && name[1] == 'l' && name[2] == 'l') {
289     end = const_cast<char*>(name+3);
290     userid = 0;
291     is_shared_gid = true;
292   } else if (name[0] == 'u' && isdigit(name[1])) {
293     userid = strtoul(name+1, &end, 10);
294   } else {
295     errno = ENOENT;
296     return 0;
297   }
298 
299   if (end[0] != '_' || end[1] == 0) {
300     errno = ENOENT;
301     return 0;
302   }
303 
304   unsigned long appid = 0;
305   if (end[1] == 'a' && isdigit(end[2])) {
306     if (is_shared_gid) {
307       // end will point to \0 if the strtoul below succeeds.
308       appid = strtoul(end+2, &end, 10) + AID_SHARED_GID_START;
309       if (appid > AID_SHARED_GID_END) {
310         errno = ENOENT;
311         return 0;
312       }
313     } else {
314       // end will point to \0 if the strtoul below succeeds.
315       appid = strtoul(end+2, &end, 10);
316       if (is_group) {
317         if (!strcmp(end, "_ext_cache")) {
318           end += 10;
319           appid += AID_EXT_CACHE_GID_START;
320         } else if (!strcmp(end, "_ext")) {
321           end += 4;
322           appid += AID_EXT_GID_START;
323         } else if (!strcmp(end, "_cache")) {
324           end += 6;
325           appid += AID_CACHE_GID_START;
326         } else {
327           appid += AID_APP_START;
328         }
329       } else {
330         appid += AID_APP_START;
331       }
332     }
333   } else if (end[1] == 'i' && isdigit(end[2])) {
334     // end will point to \0 if the strtoul below succeeds.
335     appid = strtoul(end+2, &end, 10) + AID_ISOLATED_START;
336   } else if (auto* android_id_info = find_android_id_info(end + 1); android_id_info != nullptr) {
337     appid = android_id_info->aid;
338     end += strlen(android_id_info->name) + 1;
339     if (!platform_id_secondary_user_allowed(appid)) {
340       errno = ENOENT;
341       return 0;
342     }
343   }
344 
345   // Check that the entire string was consumed by one of the 3 cases above.
346   if (end[0] != 0) {
347     errno = ENOENT;
348     return 0;
349   }
350 
351   // Check that user id won't overflow.
352   if (userid > 1000) {
353     errno = ENOENT;
354     return 0;
355   }
356 
357   // Check that app id is within range.
358   if (appid >= AID_USER_OFFSET) {
359     errno = ENOENT;
360     return 0;
361   }
362 
363   return (appid + userid*AID_USER_OFFSET);
364 }
365 
print_app_name_from_uid(const uid_t uid,char * buffer,const int bufferlen)366 static void print_app_name_from_uid(const uid_t uid, char* buffer, const int bufferlen) {
367   const uid_t appid = uid % AID_USER_OFFSET;
368   const uid_t userid = uid / AID_USER_OFFSET;
369   if (appid >= AID_ISOLATED_START) {
370     snprintf(buffer, bufferlen, "u%u_i%u", userid, appid - AID_ISOLATED_START);
371   } else if (appid < AID_APP_START) {
372     if (auto* android_id_info = find_android_id_info(appid); android_id_info != nullptr) {
373       snprintf(buffer, bufferlen, "u%u_%s", userid, android_id_info->name);
374     }
375   } else {
376     snprintf(buffer, bufferlen, "u%u_a%u", userid, appid - AID_APP_START);
377   }
378 }
379 
print_app_name_from_gid(const gid_t gid,char * buffer,const int bufferlen)380 static void print_app_name_from_gid(const gid_t gid, char* buffer, const int bufferlen) {
381   const uid_t appid = gid % AID_USER_OFFSET;
382   const uid_t userid = gid / AID_USER_OFFSET;
383   if (appid >= AID_ISOLATED_START) {
384     snprintf(buffer, bufferlen, "u%u_i%u", userid, appid - AID_ISOLATED_START);
385   } else if (userid == 0 && appid >= AID_SHARED_GID_START && appid <= AID_SHARED_GID_END) {
386     snprintf(buffer, bufferlen, "all_a%u", appid - AID_SHARED_GID_START);
387   } else if (appid >= AID_EXT_CACHE_GID_START && appid <= AID_EXT_CACHE_GID_END) {
388     snprintf(buffer, bufferlen, "u%u_a%u_ext_cache", userid, appid - AID_EXT_CACHE_GID_START);
389   } else if (appid >= AID_EXT_GID_START && appid <= AID_EXT_GID_END) {
390     snprintf(buffer, bufferlen, "u%u_a%u_ext", userid, appid - AID_EXT_GID_START);
391   } else if (appid >= AID_CACHE_GID_START && appid <= AID_CACHE_GID_END) {
392     snprintf(buffer, bufferlen, "u%u_a%u_cache", userid, appid - AID_CACHE_GID_START);
393   } else if (appid < AID_APP_START) {
394     if (auto* android_id_info = find_android_id_info(appid); android_id_info != nullptr) {
395       snprintf(buffer, bufferlen, "u%u_%s", userid, android_id_info->name);
396     }
397   } else {
398     snprintf(buffer, bufferlen, "u%u_a%u", userid, appid - AID_APP_START);
399   }
400 }
401 
402 #if defined(__ANDROID__)
device_launched_before_api_29()403 static bool device_launched_before_api_29() {
404   // Check if ro.product.first_api_level is set to a value > 0 and < 29, if so, this device was
405   // launched before API 29 (Q). Any other value is considered to be either in development or
406   // launched after.
407   // Cache the value as __system_property_get() is expensive and this may be called often.
408   static bool result = [] {
409     char value[PROP_VALUE_MAX] = { 0 };
410     if (__system_property_get("ro.product.first_api_level", value) == 0) {
411       return false;
412     }
413     int value_int = atoi(value);
414     return value_int != 0 && value_int < 29;
415   }();
416   return result;
417 }
418 
419 // oem_XXXX -> uid
420 //  Supported ranges:
421 //   AID_OEM_RESERVED_START to AID_OEM_RESERVED_END (2900-2999)
422 //   AID_OEM_RESERVED_2_START to AID_OEM_RESERVED_2_END (5000-5999)
423 // Check OEM id is within range.
is_oem_id(id_t id)424 static bool is_oem_id(id_t id) {
425   // Upgrading devices launched before API level 29 may not comply with the below check.
426   // Due to the difficulty in changing uids after launch, it is waived for these devices.
427   // The legacy range:
428   // AID_OEM_RESERVED_START to AID_EVERYBODY (2900-9996), excluding builtin AIDs.
429   if (device_launched_before_api_29() && id >= AID_OEM_RESERVED_START && id < AID_EVERYBODY &&
430       find_android_id_info(id) == nullptr) {
431     return true;
432   }
433 
434   return (id >= AID_OEM_RESERVED_START && id <= AID_OEM_RESERVED_END) ||
435          (id >= AID_OEM_RESERVED_2_START && id <= AID_OEM_RESERVED_2_END);
436 }
437 #else
is_oem_id(id_t)438 static bool is_oem_id(id_t) {
439   // no OEM ids in host
440   return false;
441 }
442 #endif  // if defined(__ANDROID__)
443 
444 // Translate an OEM name to the corresponding user/group id.
oem_id_from_name(const char * name)445 static id_t oem_id_from_name(const char* name) {
446   unsigned int id;
447   if (sscanf(name, "oem_%u", &id) != 1) {
448     return 0;
449   }
450   if (!is_oem_id(id)) {
451     return 0;
452   }
453   return static_cast<id_t>(id);
454 }
455 
oem_id_to_passwd(uid_t uid,passwd_state_t * state)456 static passwd* oem_id_to_passwd(uid_t uid, passwd_state_t* state) {
457   for (auto& passwd_file : passwd_files) {
458     if (passwd_file.FindById(uid, state)) {
459       return &state->passwd_;
460     }
461   }
462 
463   if (!is_oem_id(uid)) {
464     return nullptr;
465   }
466 
467   snprintf(state->name_buffer_, sizeof(state->name_buffer_), "oem_%u", uid);
468   snprintf(state->dir_buffer_, sizeof(state->dir_buffer_), "/");
469   snprintf(state->sh_buffer_, sizeof(state->sh_buffer_), "/bin/sh");
470 
471   passwd* pw = &state->passwd_;
472   pw->pw_uid   = uid;
473   pw->pw_gid   = uid;
474   return pw;
475 }
476 
oem_id_to_group(gid_t gid,group_state_t * state)477 static group* oem_id_to_group(gid_t gid, group_state_t* state) {
478   for (auto& group_file : group_files) {
479     if (group_file.FindById(gid, state)) {
480       return &state->group_;
481     }
482   }
483 
484   if (!is_oem_id(gid)) {
485     return nullptr;
486   }
487 
488   snprintf(state->group_name_buffer_, sizeof(state->group_name_buffer_),
489            "oem_%u", gid);
490 
491   group* gr = &state->group_;
492   gr->gr_gid = gid;
493   return gr;
494 }
495 
496 // Translate a uid into the corresponding name.
497 // 0 to AID_APP_START-1                    -> "system", "radio", etc.
498 // AID_APP_START to AID_ISOLATED_START-1   -> u0_a1234
499 // AID_ISOLATED_START to AID_USER_OFFSET-1 -> u0_i1234
500 // AID_USER_OFFSET+                        -> u1_radio, u1_a1234, u2_i1234, etc.
501 // returns a passwd structure (sets errno to ENOENT on failure).
app_id_to_passwd(uid_t uid,passwd_state_t * state)502 static passwd* app_id_to_passwd(uid_t uid, passwd_state_t* state) {
503   if (uid < AID_APP_START || !is_valid_app_id(uid, false)) {
504     errno = ENOENT;
505     return nullptr;
506   }
507 
508   print_app_name_from_uid(uid, state->name_buffer_, sizeof(state->name_buffer_));
509 
510   const uid_t appid = uid % AID_USER_OFFSET;
511   if (appid < AID_APP_START) {
512       snprintf(state->dir_buffer_, sizeof(state->dir_buffer_), "/");
513   } else {
514       snprintf(state->dir_buffer_, sizeof(state->dir_buffer_), "/data");
515   }
516 
517   snprintf(state->sh_buffer_, sizeof(state->sh_buffer_), "/bin/sh");
518 
519   passwd* pw = &state->passwd_;
520   pw->pw_uid   = uid;
521   pw->pw_gid   = uid;
522   return pw;
523 }
524 
525 // Translate a gid into the corresponding app_<gid>
526 // group structure (sets errno to ENOENT on failure).
app_id_to_group(gid_t gid,group_state_t * state)527 static group* app_id_to_group(gid_t gid, group_state_t* state) {
528   if (gid < AID_APP_START || !is_valid_app_id(gid, true)) {
529     errno = ENOENT;
530     return nullptr;
531   }
532 
533   print_app_name_from_gid(gid, state->group_name_buffer_, sizeof(state->group_name_buffer_));
534 
535   group* gr = &state->group_;
536   gr->gr_gid = gid;
537   return gr;
538 }
539 
getpwuid_internal(uid_t uid,passwd_state_t * state)540 passwd* getpwuid_internal(uid_t uid, passwd_state_t* state) {
541   if (auto* android_id_info = find_android_id_info(uid); android_id_info != nullptr) {
542     return android_iinfo_to_passwd(state, android_id_info);
543   }
544 
545   // Find an entry from the database file
546   passwd* pw = oem_id_to_passwd(uid, state);
547   if (pw != nullptr) {
548     return pw;
549   }
550   return app_id_to_passwd(uid, state);
551 }
552 
getpwuid(uid_t uid)553 passwd* getpwuid(uid_t uid) {  // NOLINT: implementing bad function.
554   passwd_state_t* state = get_passwd_tls_buffer();
555   return getpwuid_internal(uid, state);
556 }
557 
getpwnam_internal(const char * login,passwd_state_t * state)558 passwd* getpwnam_internal(const char* login, passwd_state_t* state) {
559   if (auto* android_id_info = find_android_id_info(login); android_id_info != nullptr) {
560     return android_iinfo_to_passwd(state, android_id_info);
561   }
562 
563   // Find an entry from the database file
564   for (auto& passwd_file : passwd_files) {
565     if (passwd_file.FindByName(login, state)) {
566       return &state->passwd_;
567     }
568   }
569 
570   // Handle OEM range.
571   passwd* pw = oem_id_to_passwd(oem_id_from_name(login), state);
572   if (pw != nullptr) {
573     return pw;
574   }
575   return app_id_to_passwd(app_id_from_name(login, false), state);
576 }
577 
getpwnam(const char * login)578 passwd* getpwnam(const char* login) {  // NOLINT: implementing bad function.
579   passwd_state_t* state = get_passwd_tls_buffer();
580   return getpwnam_internal(login, state);
581 }
582 
getpasswd_r(bool by_name,const char * name,uid_t uid,struct passwd * pwd,char * buf,size_t buflen,struct passwd ** result)583 static int getpasswd_r(bool by_name, const char* name, uid_t uid, struct passwd* pwd, char* buf,
584                        size_t buflen, struct passwd** result) {
585   ErrnoRestorer errno_restorer;
586   *result = nullptr;
587   char* p =
588       reinterpret_cast<char*>(__BIONIC_ALIGN(reinterpret_cast<uintptr_t>(buf), sizeof(uintptr_t)));
589   if (p + sizeof(passwd_state_t) > buf + buflen) {
590     return ERANGE;
591   }
592   passwd_state_t* state = reinterpret_cast<passwd_state_t*>(p);
593   init_passwd_state(state);
594   passwd* retval = (by_name ? getpwnam_internal(name, state) : getpwuid_internal(uid, state));
595   if (retval != nullptr) {
596     *pwd = *retval;
597     *result = pwd;
598     return 0;
599   }
600   return errno;
601 }
602 
getpwnam_r(const char * name,passwd * pwd,char * buf,size_t byte_count,passwd ** result)603 int getpwnam_r(const char* name, passwd* pwd, char* buf, size_t byte_count, passwd** result) {
604   return getpasswd_r(true, name, -1, pwd, buf, byte_count, result);
605 }
606 
getpwuid_r(uid_t uid,passwd * pwd,char * buf,size_t byte_count,passwd ** result)607 int getpwuid_r(uid_t uid, passwd* pwd, char* buf, size_t byte_count, passwd** result) {
608   return getpasswd_r(false, nullptr, uid, pwd, buf, byte_count, result);
609 }
610 
611 // All users are in just one group, the one passed in.
612 // In practice, id(1) will show you in a lot more groups, because adbd
613 // adds you to a lot of supplementary groups when dropping privileges.
getgrouplist(const char *,gid_t group,gid_t * groups,int * ngroups)614 int getgrouplist(const char* /*user*/, gid_t group, gid_t* groups, int* ngroups) {
615   if (*ngroups < 1) {
616     *ngroups = 1;
617     return -1;
618   }
619   groups[0] = group;
620   return (*ngroups = 1);
621 }
622 
623 // See getgrouplist() to understand why we don't call it.
initgroups(const char *,gid_t group)624 int initgroups(const char* /*user*/, gid_t group) {
625   gid_t groups[] = {group};
626   return setgroups(1, groups);
627 }
628 
getlogin()629 char* getlogin() { // NOLINT: implementing bad function.
630   passwd *pw = getpwuid(getuid()); // NOLINT: implementing bad function in terms of bad function.
631   return pw ? pw->pw_name : nullptr;
632 }
633 
getlogin_r(char * buf,size_t size)634 int getlogin_r(char* buf, size_t size) {
635   char* login = getlogin();
636   if (login == nullptr) return errno;
637   size_t login_length = strlen(login) + 1;
638   if (login_length > size) return ERANGE;
639   memcpy(buf, login, login_length);
640   return 0;
641 }
642 
setpwent()643 void setpwent() {
644   passwd_state_t* state = get_passwd_tls_buffer();
645   if (state) {
646     state->getpwent_idx = 0;
647   }
648 }
649 
endpwent()650 void endpwent() {
651   setpwent();
652 }
653 
getpwent()654 passwd* getpwent() {
655   passwd_state_t* state = get_passwd_tls_buffer();
656   if (state->getpwent_idx < 0) {
657     return nullptr;
658   }
659 
660   size_t start = 0;
661   ssize_t end = android_id_count;
662   if (state->getpwent_idx < end) {
663     return android_iinfo_to_passwd(state, android_ids + state->getpwent_idx++);
664   }
665 
666   start = end;
667   end += AID_OEM_RESERVED_END - AID_OEM_RESERVED_START + 1;
668 
669   if (state->getpwent_idx < end) {
670     return oem_id_to_passwd(
671         state->getpwent_idx++ - start + AID_OEM_RESERVED_START, state);
672   }
673 
674   start = end;
675   end += AID_OEM_RESERVED_2_END - AID_OEM_RESERVED_2_START + 1;
676 
677   if (state->getpwent_idx < end) {
678     return oem_id_to_passwd(
679         state->getpwent_idx++ - start + AID_OEM_RESERVED_2_START, state);
680   }
681 
682   start = end;
683   end += AID_SYSTEM_EXT_RESERVED_END - AID_SYSTEM_RESERVED_START + 1;
684 
685   if (state->getpwent_idx < end) {
686     // No one calls this enough to worry about how inefficient the below is.
687     auto* oem_passwd =
688         oem_id_to_passwd(state->getpwent_idx++ - start + AID_SYSTEM_RESERVED_START, state);
689     while (oem_passwd == nullptr && state->getpwent_idx < end) {
690       oem_passwd =
691           oem_id_to_passwd(state->getpwent_idx++ - start + AID_SYSTEM_RESERVED_START, state);
692     }
693     if (oem_passwd != nullptr) {
694       return oem_passwd;
695     }
696   }
697 
698   state->getpwent_idx = get_next_app_id(state->getpwent_idx, false);
699 
700   if (state->getpwent_idx != -1) {
701     return app_id_to_passwd(state->getpwent_idx, state);
702   }
703 
704   // We are not reporting u1_a* and higher or we will be here forever
705   return nullptr;
706 }
707 
getgrgid_internal(gid_t gid,group_state_t * state)708 static group* getgrgid_internal(gid_t gid, group_state_t* state) {
709   if (auto* android_id_info = find_android_id_info(gid); android_id_info != nullptr) {
710     return android_iinfo_to_group(state, android_id_info);
711   }
712 
713   // Find an entry from the database file
714   group* grp = oem_id_to_group(gid, state);
715   if (grp != nullptr) {
716     return grp;
717   }
718   return app_id_to_group(gid, state);
719 }
720 
getgrgid(gid_t gid)721 group* getgrgid(gid_t gid) { // NOLINT: implementing bad function.
722   group_state_t* state = get_group_tls_buffer();
723   return getgrgid_internal(gid, state);
724 }
725 
getgrnam_internal(const char * name,group_state_t * state)726 static group* getgrnam_internal(const char* name, group_state_t* state) {
727   if (auto* android_id_info = find_android_id_info(name); android_id_info != nullptr) {
728     return android_iinfo_to_group(state, android_id_info);
729   }
730 
731   // Find an entry from the database file
732   for (auto& group_file : group_files) {
733     if (group_file.FindByName(name, state)) {
734       return &state->group_;
735     }
736   }
737 
738   // Handle OEM range.
739   group* grp = oem_id_to_group(oem_id_from_name(name), state);
740   if (grp != nullptr) {
741     return grp;
742   }
743   return app_id_to_group(app_id_from_name(name, true), state);
744 }
745 
getgrnam(const char * name)746 group* getgrnam(const char* name) { // NOLINT: implementing bad function.
747   group_state_t* state = get_group_tls_buffer();
748   return getgrnam_internal(name, state);
749 }
750 
getgroup_r(bool by_name,const char * name,gid_t gid,struct group * grp,char * buf,size_t buflen,struct group ** result)751 static int getgroup_r(bool by_name, const char* name, gid_t gid, struct group* grp, char* buf,
752                       size_t buflen, struct group** result) {
753   ErrnoRestorer errno_restorer;
754   *result = nullptr;
755   char* p = reinterpret_cast<char*>(
756       __BIONIC_ALIGN(reinterpret_cast<uintptr_t>(buf), sizeof(uintptr_t)));
757   if (p + sizeof(group_state_t) > buf + buflen) {
758     return ERANGE;
759   }
760   group_state_t* state = reinterpret_cast<group_state_t*>(p);
761   init_group_state(state);
762   group* retval = (by_name ? getgrnam_internal(name, state) : getgrgid_internal(gid, state));
763   if (retval != nullptr) {
764     *grp = *retval;
765     *result = grp;
766     return 0;
767   }
768   return errno;
769 }
770 
getgrgid_r(gid_t gid,struct group * grp,char * buf,size_t buflen,struct group ** result)771 int getgrgid_r(gid_t gid, struct group* grp, char* buf, size_t buflen, struct group** result) {
772   return getgroup_r(false, nullptr, gid, grp, buf, buflen, result);
773 }
774 
getgrnam_r(const char * name,struct group * grp,char * buf,size_t buflen,struct group ** result)775 int getgrnam_r(const char* name, struct group* grp, char* buf, size_t buflen,
776                struct group **result) {
777   return getgroup_r(true, name, 0, grp, buf, buflen, result);
778 }
779 
setgrent()780 void setgrent() {
781   group_state_t* state = get_group_tls_buffer();
782   if (state) {
783     state->getgrent_idx = 0;
784   }
785 }
786 
endgrent()787 void endgrent() {
788   setgrent();
789 }
790 
getgrent()791 group* getgrent() {
792   group_state_t* state = get_group_tls_buffer();
793   if (state->getgrent_idx < 0) {
794     return nullptr;
795   }
796 
797   size_t start = 0;
798   ssize_t end = android_id_count;
799   if (state->getgrent_idx < end) {
800     return android_iinfo_to_group(state, android_ids + state->getgrent_idx++);
801   }
802 
803   start = end;
804   end += AID_OEM_RESERVED_END - AID_OEM_RESERVED_START + 1;
805 
806   if (state->getgrent_idx < end) {
807     return oem_id_to_group(
808         state->getgrent_idx++ - start + AID_OEM_RESERVED_START, state);
809   }
810 
811   start = end;
812   end += AID_OEM_RESERVED_2_END - AID_OEM_RESERVED_2_START + 1;
813 
814   if (state->getgrent_idx < end) {
815     return oem_id_to_group(
816         state->getgrent_idx++ - start + AID_OEM_RESERVED_2_START, state);
817   }
818 
819   start = end;
820   end += AID_SYSTEM_EXT_RESERVED_END - AID_SYSTEM_RESERVED_START + 1;
821 
822   if (state->getgrent_idx < end) {
823     // No one calls this enough to worry about how inefficient the below is.
824     init_group_state(state);
825     auto* oem_group =
826         oem_id_to_group(state->getgrent_idx++ - start + AID_SYSTEM_RESERVED_START, state);
827     while (oem_group == nullptr && state->getgrent_idx < end) {
828       oem_group = oem_id_to_group(state->getgrent_idx++ - start + AID_SYSTEM_RESERVED_START, state);
829     }
830     if (oem_group != nullptr) {
831       return oem_group;
832     }
833   }
834 
835   start = end;
836   end += AID_USER_OFFSET - AID_APP_START; // Do not expose higher groups
837 
838   state->getgrent_idx = get_next_app_id(state->getgrent_idx, true);
839 
840   if (state->getgrent_idx != -1) {
841     return app_id_to_group(state->getgrent_idx, state);
842   }
843 
844   // We are not reporting u1_a* and higher or we will be here forever
845   return nullptr;
846 }
847