1 /* 2 * Copyright (C) 2023 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef SHELL_AS_CONTEXT_H_ 18 #define SHELL_AS_CONTEXT_H_ 19 20 #include <selinux/selinux.h> 21 #include <sys/capability.h> 22 23 #include <memory> 24 #include <optional> 25 #include <vector> 26 27 namespace shell_as { 28 29 // Enumeration of the possible seccomp filters that Android may apply to a 30 // process. 31 // 32 // This should be kept in sync with the policies defined in: 33 // bionic/libc/seccomp/include/seccomp_policy.h 34 enum SeccompFilter { 35 kAppFilter = 0, 36 kAppZygoteFilter = 1, 37 kSystemFilter = 2, 38 }; 39 40 typedef struct SecurityContext { 41 std::optional<uid_t> user_id; 42 std::optional<gid_t> group_id; 43 std::optional<std::vector<gid_t>> supplementary_group_ids; 44 std::optional<char *> selinux_context; 45 std::optional<SeccompFilter> seccomp_filter; 46 std::optional<cap_t> capabilities; 47 } SecurityContext; 48 49 // Infers the appropriate seccomp filter from a user ID. 50 // 51 // This mimics the behavior of the zygote process and provides a sane default 52 // method of picking a filter. However, it is not 100% accurate since it does 53 // not assign the app zygote filter and would not return an appropriate value 54 // for processes not started by the zygote. 55 SeccompFilter SeccompFilterFromUserId(uid_t user_id); 56 57 // Derives a complete security context from a given process. 58 // 59 // If unable to determine any field of the context this method will return false 60 // and not modify the given context. 61 bool SecurityContextFromProcess(pid_t process_id, SecurityContext* context); 62 63 // Derives a complete security context from the bundled test app. 64 // 65 // If unable to determine any field of the context this method will return false 66 // and not modify the given context. 67 bool SecurityContextFromTestApp(SecurityContext* context); 68 69 } // namespace shell_as 70 71 #endif // SHELL_AS_CONTEXT_H_ 72