Commit graph

10 commits

Author SHA1 Message Date
Geremy Condra
46e8991209 am f19e045c: am c8df252f: Merge "run-as: Get seinfo from packages.list and pass to libselinux."
* commit 'f19e045c58dafbdc46e848ec5a5c935f472dea34':
  run-as: Get seinfo from packages.list and pass to libselinux.
2013-03-28 14:32:49 -07:00
Robert Craig
fced3ded83 run-as: Get seinfo from packages.list and pass to libselinux.
Change allows the proper seinfo value to be passed
to libselinux to switch to the proper app security
context before running the shell.

Change-Id: I9d7ea47c920b1bc09a19008345ed7fd0aa426e87
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
2013-03-28 06:04:39 -04:00
Colin Cross
7c646cd359 am af4ececc: am 515bed0e: Merge "run-as: set the SELinux security context."
* commit 'af4ececc7bd10aec1240acfbfe7756ab8ee16883':
  run-as:  set the SELinux security context.
2013-03-05 18:52:28 +00:00
Nick Kralevich
080427e4e2 adb: drop capability bounding set on user builds
run-as: don't require CAP_DAC_OVERRIDE.

Prevent an adb spawned application from acquiring capabilities
other than

* CAP_NET_RAW
* CAP_SETUID
* CAP_SETGID

The only privileged programs accessible on user builds are
* /system/bin/ping
* /system/bin/run-as

and the capabilities above are sufficient to cover those
two programs.

If the kernel doesn't support file capabilities, we ignore
a prctl(PR_CAPBSET_DROP) failure. In a future CL, this could
become a fatal error.

Change-Id: I45a56712bfda35b5ad9378dde9e04ab062fe691a
2013-02-15 21:22:19 -08:00
Stephen Smalley
4ead8beac8 run-as: set the SELinux security context.
Before invoking the specified command or a shell, set the
SELinux security context.

Change-Id: Ifc7f91aed9d298290b95d771484b322ed7a4c594
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2012-11-13 12:56:48 -05:00
Nick Kralevich
4ae7716072 do more checks on packages.list
Change-Id: I16d6eab5e674c860be915fde2da7877994bed314
2012-02-09 11:22:33 -08:00
Nick Kralevich
b2d8f896b6 Don't statically compile run-as
Bug: 5904033
Change-Id: Ie815f09a2bf51ad583ded82f652d162a7f70b87e
2012-01-23 11:10:06 -08:00
David 'Digit' Turner
5792ce79cc run-as: use mmap to read package list file
This patch uses mmap() to read /data/system/packages.list

This avoids depending on the size of a fixed static buffer
which may happen to be too short for systems with a lot of
packages installed.

Also avoids calling malloc() which we don't want to trust here
since run-as is a setuid program.

Change-Id: I1d640a08b5d73af2fc80546b01c8d970c7f6b514
2011-12-06 14:22:30 -08:00
David 'Digit' Turner
93d81ef7a1 run-as: Bump the size of the internal packages list buffer.
This patch increases the size of the internal buffer used by run-as
to store the content of /data/system/packages.list from 8KB to 64KB.

It has been reported that, on some systems, 8KB was too small. This
resulted in a truncated file being loaded, and the inability to debug
native applications properly (either because the application was not
found in the list, or because the tool reported a 'corrupted
installation' due to BAD_FORMAT issues when parsing the truncated
file).

See http://code.google.com/p/android/issues/detail?id=16391

Change-Id: I0c35a61b163c4abc6f1a2681adc0ef0d76493171
2011-06-06 12:43:01 +02:00
David 'Digit' Turner
1f4d95296a Add 'run-as' command implementation as set-uid program.
Typical usage is 'run-as <package-name> <command>' to run <command>
in the data directory, and the user id, of <package-name> if, and only
if <package-name> is the name of an installed and debuggable application.

This relies on the /data/system/packages.list file generated by the
PackageManager service.

BEWARE: This is intended to be available on production devices !
2010-03-17 11:02:08 -07:00