1 /*
2  * Copyright (C) 2008 The Android Open Source Project
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  *  * Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  *  * Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in
12  *    the documentation and/or other materials provided with the
13  *    distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19  * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22  * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26  * SUCH DAMAGE.
27  */
28 
29 #include <ctype.h>
30 #include <errno.h>
31 #include <grp.h>
32 #include <mntent.h>
33 #include <netdb.h>
34 #include <pthread.h>
35 #include <pwd.h>
36 #include <stdio.h>
37 #include <stdlib.h>
38 #include <string.h>
39 #include <unistd.h>
40 
41 #include "private/android_filesystem_config.h"
42 #include "private/ErrnoRestorer.h"
43 #include "private/libc_logging.h"
44 #include "private/ThreadLocalBuffer.h"
45 
46 // POSIX seems to envisage an implementation where the <pwd.h> functions are
47 // implemented by brute-force searching with getpwent(3), and the <grp.h>
48 // functions are implemented similarly with getgrent(3). This means that it's
49 // okay for all the <grp.h> functions to share state, and all the <passwd.h>
50 // functions to share state, but <grp.h> functions can't clobber <passwd.h>
51 // functions' state and vice versa.
52 
53 struct group_state_t {
54   group group_;
55   char* group_members_[2];
56   char group_name_buffer_[32];
57 };
58 
59 struct passwd_state_t {
60   passwd passwd_;
61   char name_buffer_[32];
62   char dir_buffer_[32];
63   char sh_buffer_[32];
64 };
65 
66 static ThreadLocalBuffer<group_state_t> g_group_tls_buffer;
67 static ThreadLocalBuffer<passwd_state_t> g_passwd_tls_buffer;
68 
__group_state()69 static group_state_t* __group_state() {
70   group_state_t* result = g_group_tls_buffer.get();
71   if (result != nullptr) {
72     memset(result, 0, sizeof(group_state_t));
73     result->group_.gr_mem = result->group_members_;
74   }
75   return result;
76 }
77 
do_getpw_r(int by_name,const char * name,uid_t uid,passwd * dst,char * buf,size_t byte_count,passwd ** result)78 static int do_getpw_r(int by_name, const char* name, uid_t uid,
79                       passwd* dst, char* buf, size_t byte_count,
80                       passwd** result) {
81   // getpwnam_r and getpwuid_r don't modify errno, but library calls we
82   // make might.
83   ErrnoRestorer errno_restorer;
84   *result = NULL;
85 
86   // Our implementation of getpwnam(3) and getpwuid(3) use thread-local
87   // storage, so we can call them as long as we copy everything out
88   // before returning.
89   const passwd* src = by_name ? getpwnam(name) : getpwuid(uid); // NOLINT: see above.
90 
91   // POSIX allows failure to find a match to be considered a non-error.
92   // Reporting success (0) but with *result NULL is glibc's behavior.
93   if (src == NULL) {
94     return (errno == ENOENT) ? 0 : errno;
95   }
96 
97   // Work out where our strings will go in 'buf', and whether we've got
98   // enough space.
99   size_t required_byte_count = 0;
100   dst->pw_name = buf;
101   required_byte_count += strlen(src->pw_name) + 1;
102   dst->pw_dir = buf + required_byte_count;
103   required_byte_count += strlen(src->pw_dir) + 1;
104   dst->pw_shell = buf + required_byte_count;
105   required_byte_count += strlen(src->pw_shell) + 1;
106   if (byte_count < required_byte_count) {
107     return ERANGE;
108   }
109 
110   // Copy the strings.
111   snprintf(buf, byte_count, "%s%c%s%c%s", src->pw_name, 0, src->pw_dir, 0, src->pw_shell);
112 
113   // pw_passwd and pw_gecos are non-POSIX and unused (always NULL) in bionic.
114   dst->pw_passwd = NULL;
115 #if defined(__LP64__)
116   dst->pw_gecos = NULL;
117 #endif
118 
119   // Copy the integral fields.
120   dst->pw_gid = src->pw_gid;
121   dst->pw_uid = src->pw_uid;
122 
123   *result = dst;
124   return 0;
125 }
126 
getpwnam_r(const char * name,passwd * pwd,char * buf,size_t byte_count,passwd ** result)127 int getpwnam_r(const char* name, passwd* pwd,
128                char* buf, size_t byte_count, passwd** result) {
129   return do_getpw_r(1, name, -1, pwd, buf, byte_count, result);
130 }
131 
getpwuid_r(uid_t uid,passwd * pwd,char * buf,size_t byte_count,passwd ** result)132 int getpwuid_r(uid_t uid, passwd* pwd,
133                char* buf, size_t byte_count, passwd** result) {
134   return do_getpw_r(0, NULL, uid, pwd, buf, byte_count, result);
135 }
136 
android_iinfo_to_passwd(passwd_state_t * state,const android_id_info * iinfo)137 static passwd* android_iinfo_to_passwd(passwd_state_t* state,
138                                        const android_id_info* iinfo) {
139   snprintf(state->name_buffer_, sizeof(state->name_buffer_), "%s", iinfo->name);
140   snprintf(state->dir_buffer_, sizeof(state->dir_buffer_), "/");
141   snprintf(state->sh_buffer_, sizeof(state->sh_buffer_), "/system/bin/sh");
142 
143   passwd* pw = &state->passwd_;
144   pw->pw_name  = state->name_buffer_;
145   pw->pw_uid   = iinfo->aid;
146   pw->pw_gid   = iinfo->aid;
147   pw->pw_dir   = state->dir_buffer_;
148   pw->pw_shell = state->sh_buffer_;
149   return pw;
150 }
151 
android_iinfo_to_group(group_state_t * state,const android_id_info * iinfo)152 static group* android_iinfo_to_group(group_state_t* state,
153                                      const android_id_info* iinfo) {
154   snprintf(state->group_name_buffer_, sizeof(state->group_name_buffer_), "%s", iinfo->name);
155 
156   group* gr = &state->group_;
157   gr->gr_name   = state->group_name_buffer_;
158   gr->gr_gid    = iinfo->aid;
159   gr->gr_mem[0] = gr->gr_name;
160   return gr;
161 }
162 
android_id_to_passwd(passwd_state_t * state,unsigned id)163 static passwd* android_id_to_passwd(passwd_state_t* state, unsigned id) {
164   for (size_t n = 0; n < android_id_count; ++n) {
165     if (android_ids[n].aid == id) {
166       return android_iinfo_to_passwd(state, android_ids + n);
167     }
168   }
169   return NULL;
170 }
171 
android_name_to_passwd(passwd_state_t * state,const char * name)172 static passwd* android_name_to_passwd(passwd_state_t* state, const char* name) {
173   for (size_t n = 0; n < android_id_count; ++n) {
174     if (!strcmp(android_ids[n].name, name)) {
175       return android_iinfo_to_passwd(state, android_ids + n);
176     }
177   }
178   return NULL;
179 }
180 
android_id_to_group(group_state_t * state,unsigned id)181 static group* android_id_to_group(group_state_t* state, unsigned id) {
182   for (size_t n = 0; n < android_id_count; ++n) {
183     if (android_ids[n].aid == id) {
184       return android_iinfo_to_group(state, android_ids + n);
185     }
186   }
187   return NULL;
188 }
189 
android_name_to_group(group_state_t * state,const char * name)190 static group* android_name_to_group(group_state_t* state, const char* name) {
191   for (size_t n = 0; n < android_id_count; ++n) {
192     if (!strcmp(android_ids[n].name, name)) {
193       return android_iinfo_to_group(state, android_ids + n);
194     }
195   }
196   return NULL;
197 }
198 
199 // Translate a user/group name to the corresponding user/group id.
200 // all_a1234 -> 0 * AID_USER + AID_SHARED_GID_START + 1234 (group name only)
201 // u0_a1234 -> 0 * AID_USER + AID_APP + 1234
202 // u2_i1000 -> 2 * AID_USER + AID_ISOLATED_START + 1000
203 // u1_system -> 1 * AID_USER + android_ids['system']
204 // returns 0 and sets errno to ENOENT in case of error
app_id_from_name(const char * name,bool is_group)205 static id_t app_id_from_name(const char* name, bool is_group) {
206   char* end;
207   unsigned long userid;
208   bool is_shared_gid = false;
209 
210   if (is_group && name[0] == 'a' && name[1] == 'l' && name[2] == 'l') {
211     end = const_cast<char*>(name+3);
212     userid = 0;
213     is_shared_gid = true;
214   } else if (name[0] == 'u' && isdigit(name[1])) {
215     userid = strtoul(name+1, &end, 10);
216   } else {
217     errno = ENOENT;
218     return 0;
219   }
220 
221   if (end[0] != '_' || end[1] == 0) {
222     errno = ENOENT;
223     return 0;
224   }
225 
226   unsigned long appid = 0;
227   if (end[1] == 'a' && isdigit(end[2])) {
228     if (is_shared_gid) {
229       // end will point to \0 if the strtoul below succeeds.
230       appid = strtoul(end+2, &end, 10) + AID_SHARED_GID_START;
231       if (appid > AID_SHARED_GID_END) {
232         errno = ENOENT;
233         return 0;
234       }
235     } else {
236       // end will point to \0 if the strtoul below succeeds.
237       appid = strtoul(end+2, &end, 10) + AID_APP;
238     }
239   } else if (end[1] == 'i' && isdigit(end[2])) {
240     // end will point to \0 if the strtoul below succeeds.
241     appid = strtoul(end+2, &end, 10) + AID_ISOLATED_START;
242   } else {
243     for (size_t n = 0; n < android_id_count; n++) {
244       if (!strcmp(android_ids[n].name, end + 1)) {
245         appid = android_ids[n].aid;
246         // Move the end pointer to the null terminator.
247         end += strlen(android_ids[n].name) + 1;
248         break;
249       }
250     }
251   }
252 
253   // Check that the entire string was consumed by one of the 3 cases above.
254   if (end[0] != 0) {
255     errno = ENOENT;
256     return 0;
257   }
258 
259   // Check that user id won't overflow.
260   if (userid > 1000) {
261     errno = ENOENT;
262     return 0;
263   }
264 
265   // Check that app id is within range.
266   if (appid >= AID_USER) {
267     errno = ENOENT;
268     return 0;
269   }
270 
271   return (appid + userid*AID_USER);
272 }
273 
print_app_name_from_uid(const uid_t uid,char * buffer,const int bufferlen)274 static void print_app_name_from_uid(const uid_t uid, char* buffer, const int bufferlen) {
275   const uid_t appid = uid % AID_USER;
276   const uid_t userid = uid / AID_USER;
277   if (appid >= AID_ISOLATED_START) {
278     snprintf(buffer, bufferlen, "u%u_i%u", userid, appid - AID_ISOLATED_START);
279   } else if (appid < AID_APP) {
280     for (size_t n = 0; n < android_id_count; n++) {
281       if (android_ids[n].aid == appid) {
282         snprintf(buffer, bufferlen, "u%u_%s", userid, android_ids[n].name);
283         return;
284       }
285     }
286   } else {
287     snprintf(buffer, bufferlen, "u%u_a%u", userid, appid - AID_APP);
288   }
289 }
290 
print_app_name_from_gid(const gid_t gid,char * buffer,const int bufferlen)291 static void print_app_name_from_gid(const gid_t gid, char* buffer, const int bufferlen) {
292   const uid_t appid = gid % AID_USER;
293   const uid_t userid = gid / AID_USER;
294   if (appid >= AID_ISOLATED_START) {
295     snprintf(buffer, bufferlen, "u%u_i%u", userid, appid - AID_ISOLATED_START);
296   } else if (userid == 0 && appid >= AID_SHARED_GID_START && appid <= AID_SHARED_GID_END) {
297     snprintf(buffer, bufferlen, "all_a%u", appid - AID_SHARED_GID_START);
298   } else if (appid < AID_APP) {
299     for (size_t n = 0; n < android_id_count; n++) {
300       if (android_ids[n].aid == appid) {
301         snprintf(buffer, bufferlen, "u%u_%s", userid, android_ids[n].name);
302         return;
303       }
304     }
305   } else {
306     snprintf(buffer, bufferlen, "u%u_a%u", userid, appid - AID_APP);
307   }
308 }
309 
310 // Translate a uid into the corresponding name.
311 // 0 to AID_APP-1                   -> "system", "radio", etc.
312 // AID_APP to AID_ISOLATED_START-1  -> u0_a1234
313 // AID_ISOLATED_START to AID_USER-1 -> u0_i1234
314 // AID_USER+                        -> u1_radio, u1_a1234, u2_i1234, etc.
315 // returns a passwd structure (sets errno to ENOENT on failure).
app_id_to_passwd(uid_t uid,passwd_state_t * state)316 static passwd* app_id_to_passwd(uid_t uid, passwd_state_t* state) {
317   if (uid < AID_APP) {
318     errno = ENOENT;
319     return NULL;
320   }
321 
322   print_app_name_from_uid(uid, state->name_buffer_, sizeof(state->name_buffer_));
323 
324   const uid_t appid = uid % AID_USER;
325   if (appid < AID_APP) {
326       snprintf(state->dir_buffer_, sizeof(state->dir_buffer_), "/");
327   } else {
328       snprintf(state->dir_buffer_, sizeof(state->dir_buffer_), "/data");
329   }
330 
331   snprintf(state->sh_buffer_, sizeof(state->sh_buffer_), "/system/bin/sh");
332 
333   passwd* pw = &state->passwd_;
334   pw->pw_name  = state->name_buffer_;
335   pw->pw_dir   = state->dir_buffer_;
336   pw->pw_shell = state->sh_buffer_;
337   pw->pw_uid   = uid;
338   pw->pw_gid   = uid;
339   return pw;
340 }
341 
342 // Translate a gid into the corresponding app_<gid>
343 // group structure (sets errno to ENOENT on failure).
app_id_to_group(gid_t gid,group_state_t * state)344 static group* app_id_to_group(gid_t gid, group_state_t* state) {
345   if (gid < AID_APP) {
346     errno = ENOENT;
347     return NULL;
348   }
349 
350   print_app_name_from_gid(gid, state->group_name_buffer_, sizeof(state->group_name_buffer_));
351 
352   group* gr = &state->group_;
353   gr->gr_name   = state->group_name_buffer_;
354   gr->gr_gid    = gid;
355   gr->gr_mem[0] = gr->gr_name;
356   return gr;
357 }
358 
getpwuid(uid_t uid)359 passwd* getpwuid(uid_t uid) { // NOLINT: implementing bad function.
360   passwd_state_t* state = g_passwd_tls_buffer.get();
361   if (state == NULL) {
362     return NULL;
363   }
364 
365   passwd* pw = android_id_to_passwd(state, uid);
366   if (pw != NULL) {
367     return pw;
368   }
369   return app_id_to_passwd(uid, state);
370 }
371 
getpwnam(const char * login)372 passwd* getpwnam(const char* login) { // NOLINT: implementing bad function.
373   passwd_state_t* state = g_passwd_tls_buffer.get();
374   if (state == NULL) {
375     return NULL;
376   }
377 
378   passwd* pw = android_name_to_passwd(state, login);
379   if (pw != NULL) {
380     return pw;
381   }
382   return app_id_to_passwd(app_id_from_name(login, false), state);
383 }
384 
385 // All users are in just one group, the one passed in.
getgrouplist(const char *,gid_t group,gid_t * groups,int * ngroups)386 int getgrouplist(const char* /*user*/, gid_t group, gid_t* groups, int* ngroups) {
387   if (*ngroups < 1) {
388     *ngroups = 1;
389     return -1;
390   }
391   groups[0] = group;
392   return (*ngroups = 1);
393 }
394 
getlogin()395 char* getlogin() { // NOLINT: implementing bad function.
396   passwd *pw = getpwuid(getuid()); // NOLINT: implementing bad function in terms of bad function.
397   return (pw != NULL) ? pw->pw_name : NULL;
398 }
399 
getgrgid(gid_t gid)400 group* getgrgid(gid_t gid) { // NOLINT: implementing bad function.
401   group_state_t* state = __group_state();
402   if (state == NULL) {
403     return NULL;
404   }
405 
406   group* gr = android_id_to_group(state, gid);
407   if (gr != NULL) {
408     return gr;
409   }
410   return app_id_to_group(gid, state);
411 }
412 
getgrnam(const char * name)413 group* getgrnam(const char* name) { // NOLINT: implementing bad function.
414   group_state_t* state = __group_state();
415   if (state == NULL) {
416     return NULL;
417   }
418 
419   if (android_name_to_group(state, name) != 0) {
420     return &state->group_;
421   }
422   return app_id_to_group(app_id_from_name(name, true), state);
423 }
424 
425 // We don't have an /etc/networks, so all inputs return NULL.
getnetbyname(const char *)426 netent* getnetbyname(const char* /*name*/) {
427   return NULL;
428 }
429 
430 // We don't have an /etc/networks, so all inputs return NULL.
getnetbyaddr(uint32_t,int)431 netent* getnetbyaddr(uint32_t /*net*/, int /*type*/) {
432   return NULL;
433 }
434 
435 // We don't have an /etc/protocols, so all inputs return NULL.
getprotobyname(const char *)436 protoent* getprotobyname(const char* /*name*/) {
437   return NULL;
438 }
439 
440 // We don't have an /etc/protocols, so all inputs return NULL.
getprotobynumber(int)441 protoent* getprotobynumber(int /*proto*/) {
442   return NULL;
443 }
444 
445 // Portable code should use sysconf(_SC_PAGE_SIZE) directly instead.
getpagesize()446 int getpagesize() {
447   // We dont use sysconf(3) here because that drags in stdio, which makes static binaries fat.
448   return PAGE_SIZE;
449 }
450