aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDoug Zongker <dougz@android.com>2012-03-19 15:52:03 -0700
committerDoug Zongker <dougz@android.com>2012-03-19 16:24:28 -0700
commit703ed152147d90a549a2fee7cda5771703e502a0 (patch)
tree453e0f55b5ee042862fc63e1bae86600c2754787
parent35a35a67663127e42c8048ca0dc7465068a5606f (diff)
downloadbootable_recovery-703ed152147d90a549a2fee7cda5771703e502a0.zip
bootable_recovery-703ed152147d90a549a2fee7cda5771703e502a0.tar.gz
bootable_recovery-703ed152147d90a549a2fee7cda5771703e502a0.tar.bz2
run minadbd as shell user
Make minadbd drop its root privileges after initializing. We need to make the /tmp directory writable by the shell group so that it can drop the sideloaded file there. Change-Id: I67b292cf769383f0f67fb934e5a80d408a4c131d
-rw-r--r--etc/init.rc3
-rw-r--r--minadbd/README.txt6
-rw-r--r--minadbd/adb.c10
-rw-r--r--minadbd/services.c1
-rw-r--r--minadbd/sysdeps.h25
5 files changed, 31 insertions, 14 deletions
diff --git a/etc/init.rc b/etc/init.rc
index c001a96..89a161e 100644
--- a/etc/init.rc
+++ b/etc/init.rc
@@ -15,6 +15,9 @@ on init
mkdir /cache
mount /tmp /tmp tmpfs
+ chown root shell /tmp
+ chmod 0775 /tmp
+
write /sys/class/android_usb/android0/enable 0
write /sys/class/android_usb/android0/idVendor 18D1
write /sys/class/android_usb/android0/idProduct D001
diff --git a/minadbd/README.txt b/minadbd/README.txt
index 0c190d0..1413fe2 100644
--- a/minadbd/README.txt
+++ b/minadbd/README.txt
@@ -4,7 +4,7 @@ the following changes:
adb.c
- much support for host mode and non-linux OS's stripped out; this
version only runs as adbd on the device.
- - does not setuid/setgid itself (always stays root)
+ - always setuid/setgid's itself to the shell user
- only uses USB transport
- references to JDWP removed
- main() removed
@@ -25,3 +25,7 @@ services.c
Android.mk
- only builds in adbd mode; builds as static library instead of a
standalone executable.
+
+sysdeps.h
+ - changes adb_creat() to use O_NOFOLLOW
+
diff --git a/minadbd/adb.c b/minadbd/adb.c
index d1e97b3..3052458 100644
--- a/minadbd/adb.c
+++ b/minadbd/adb.c
@@ -858,6 +858,16 @@ int adb_main()
usb_init();
}
+ if (setgid(AID_SHELL) != 0) {
+ fprintf(stderr, "failed to setgid to shell\n");
+ exit(1);
+ }
+ if (setuid(AID_SHELL) != 0) {
+ fprintf(stderr, "failed to setuid to shell\n");
+ exit(1);
+ }
+ fprintf(stderr, "userid is %d\n", getuid());
+
D("Event loop starting\n");
fdevent_loop();
diff --git a/minadbd/services.c b/minadbd/services.c
index 8fc8b3c..aef37f7 100644
--- a/minadbd/services.c
+++ b/minadbd/services.c
@@ -53,6 +53,7 @@ static void sideload_service(int s, void *cookie)
fd = adb_creat(ADB_SIDELOAD_FILENAME, 0644);
if(fd < 0) {
+ fprintf(stderr, "failed to create %s\n", ADB_SIDELOAD_FILENAME);
adb_close(s);
return;
}
diff --git a/minadbd/sysdeps.h b/minadbd/sysdeps.h
index b518076..800ddb7 100644
--- a/minadbd/sysdeps.h
+++ b/minadbd/sysdeps.h
@@ -324,6 +324,18 @@ static __inline__ int adb_open_mode( const char* pathname, int options, int
return open( pathname, options, mode );
}
+static __inline__ int adb_creat(const char* path, int mode)
+{
+ int fd = open(path, O_CREAT|O_WRONLY|O_TRUNC|O_NOFOLLOW, mode);
+
+ if ( fd < 0 )
+ return -1;
+
+ close_on_exec(fd);
+ return fd;
+}
+#undef creat
+#define creat ___xxx_creat
static __inline__ int adb_open( const char* pathname, int options )
{
@@ -380,19 +392,6 @@ static __inline__ int adb_unlink(const char* path)
#undef unlink
#define unlink ___xxx_unlink
-static __inline__ int adb_creat(const char* path, int mode)
-{
- int fd = creat(path, mode);
-
- if ( fd < 0 )
- return -1;
-
- close_on_exec(fd);
- return fd;
-}
-#undef creat
-#define creat ___xxx_creat
-
static __inline__ int adb_socket_accept(int serverfd, struct sockaddr* addr, socklen_t *addrlen)
{
int fd;