Merge "init: add "+passcred" for socket to set SO_PASSCRED" am: 9811cd33ac

am: 00d97b2327 Change-Id: Ifcf163361dac257634e7dea60950792dbb054f2e
2017-05-08 23:25:56 +00:00 · 2017-05-08 23:25:56 +00:00 · a650c328f1
commit a650c328f1
parent 9886b1aa4a 00d97b2327
5 changed files with 25 additions and 12 deletions
--- a/init/descriptors.cpp
+++ b/init/descriptors.cpp
@ -23,6 +23,7 @@

 #include <android-base/logging.h>
 #include <android-base/stringprintf.h>
+#include <android-base/strings.h>
 #include <android-base/unique_fd.h>
 #include <cutils/android_get_control_file.h>
 #include <cutils/sockets.h>
@ -77,10 +78,12 @@ void SocketInfo::Clean() const {
 }

 int SocketInfo::Create(const std::string& context) const {
-  int flags = ((type() == "stream" ? SOCK_STREAM :
-                (type() == "dgram" ? SOCK_DGRAM :
-                 SOCK_SEQPACKET)));
-  return create_socket(name().c_str(), flags, perm(), uid(), gid(), context.c_str(), sehandle);
+    auto types = android::base::Split(type(), "+");
+    int flags =
+        ((types[0] == "stream" ? SOCK_STREAM : (types[0] == "dgram" ? SOCK_DGRAM : SOCK_SEQPACKET)));
+    bool passcred = types.size() > 1 && types[1] == "passcred";
+    return CreateSocket(name().c_str(), flags, passcred, perm(), uid(), gid(), context.c_str(),
+                        sehandle);
 }

 const std::string SocketInfo::key() const {
--- a/init/property_service.cpp
+++ b/init/property_service.cpp
@ -659,8 +659,8 @@ void load_system_props() {
 void start_property_service() {
    property_set("ro.property_service.version", "2");

-    property_set_fd = create_socket(PROP_SERVICE_NAME, SOCK_STREAM | SOCK_CLOEXEC | SOCK_NONBLOCK,
-                                    0666, 0, 0, nullptr, sehandle);
+    property_set_fd = CreateSocket(PROP_SERVICE_NAME, SOCK_STREAM | SOCK_CLOEXEC | SOCK_NONBLOCK,
+                                   false, 0666, 0, 0, nullptr, sehandle);
    if (property_set_fd == -1) {
        PLOG(ERROR) << "start_property_service socket creation failed";
        exit(1);
--- a/init/service.cpp
+++ b/init/service.cpp
@ -525,7 +525,9 @@ bool Service::AddDescriptor(const std::vector<std::string>& args, std::string* e

 // name type perm [ uid gid context ]
 bool Service::ParseSocket(const std::vector<std::string>& args, std::string* err) {
-    if (args[2] != "dgram" && args[2] != "stream" && args[2] != "seqpacket") {
+    if (!android::base::StartsWith(args[2], "dgram") &&
+        !android::base::StartsWith(args[2], "stream") &&
+        !android::base::StartsWith(args[2], "seqpacket")) {
        *err = "socket type must be 'dgram', 'stream' or 'seqpacket'";
        return false;
    }
--- a/init/util.cpp
+++ b/init/util.cpp
@ -78,13 +78,13 @@ bool DecodeUid(const std::string& name, uid_t* uid, std::string* err) {
 }

 /*
- * create_socket - creates a Unix domain socket in ANDROID_SOCKET_DIR
+ * CreateSocket - creates a Unix domain socket in ANDROID_SOCKET_DIR
 * ("/dev/socket") as dictated in init.rc. This socket is inherited by the
 * daemon. We communicate the file descriptor's value via the environment
 * variable ANDROID_SOCKET_ENV_PREFIX<name> ("ANDROID_SOCKET_foo").
 */
-int create_socket(const char* name, int type, mode_t perm, uid_t uid, gid_t gid,
-                  const char* socketcon, selabel_handle* sehandle) {
+int CreateSocket(const char* name, int type, bool passcred, mode_t perm, uid_t uid, gid_t gid,
+                 const char* socketcon, selabel_handle* sehandle) {
    if (socketcon) {
        if (setsockcreatecon(socketcon) == -1) {
            PLOG(ERROR) << "setsockcreatecon(\"" << socketcon << "\") failed";
@ -118,6 +118,14 @@ int create_socket(const char* name, int type, mode_t perm, uid_t uid, gid_t gid,
        }
    }

+    if (passcred) {
+        int on = 1;
+        if (setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &on, sizeof(on))) {
+            PLOG(ERROR) << "Failed to set SO_PASSCRED '" << name << "'";
+            return -1;
+        }
+    }
+
    int ret = bind(fd, (struct sockaddr *) &addr, sizeof (addr));
    int savederrno = errno;

--- a/init/util.h
+++ b/init/util.h
@ -35,8 +35,8 @@ const std::string kAndroidDtDir("/proc/device-tree/firmware/android/");
 using android::base::boot_clock;
 using namespace std::chrono_literals;

-int create_socket(const char* name, int type, mode_t perm, uid_t uid, gid_t gid,
-                  const char* socketcon, selabel_handle* sehandle);
+int CreateSocket(const char* name, int type, bool passcred, mode_t perm, uid_t uid, gid_t gid,
+                 const char* socketcon, selabel_handle* sehandle);

 bool ReadFile(const std::string& path, std::string* content, std::string* err);
 bool WriteFile(const std::string& path, const std::string& content, std::string* err);