diff options
| author | Nick Kralevich <nnk@google.com> | 2013-02-15 14:39:15 -0800 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2013-02-15 21:22:19 -0800 |
| commit | 080427e4e2b1b72718b660e16b6cf38b3a3c4e3f (patch) | |
| tree | 8fe5959e9af28f94a8bcad9dd6837aefeaa8c1e9 /adb | |
| parent | bcfa910611b42018db580b3459101c564f802552 (diff) | |
| download | system_core-080427e4e2b1b72718b660e16b6cf38b3a3c4e3f.zip system_core-080427e4e2b1b72718b660e16b6cf38b3a3c4e3f.tar.gz system_core-080427e4e2b1b72718b660e16b6cf38b3a3c4e3f.tar.bz2 | |
adb: drop capability bounding set on user builds
run-as: don't require CAP_DAC_OVERRIDE.
Prevent an adb spawned application from acquiring capabilities
other than
* CAP_NET_RAW
* CAP_SETUID
* CAP_SETGID
The only privileged programs accessible on user builds are
* /system/bin/ping
* /system/bin/run-as
and the capabilities above are sufficient to cover those
two programs.
If the kernel doesn't support file capabilities, we ignore
a prctl(PR_CAPBSET_DROP) failure. In a future CL, this could
become a fatal error.
Change-Id: I45a56712bfda35b5ad9378dde9e04ab062fe691a
Diffstat (limited to 'adb')
| -rw-r--r-- | adb/adb.c | 29 |
1 files changed, 29 insertions, 0 deletions
@@ -1184,6 +1184,33 @@ void build_local_name(char* target_str, size_t target_size, int server_port) } #if !ADB_HOST + +static void drop_capabilities_bounding_set_if_needed() { +#ifdef ALLOW_ADBD_ROOT + char value[PROPERTY_VALUE_MAX]; + property_get("ro.debuggable", value, ""); + if (strcmp(value, "1") == 0) { + return; + } +#endif + int i; + for (i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) { + if ((i == CAP_NET_RAW) || (i == CAP_SETUID) || (i == CAP_SETGID)) { + // CAP_NET_RAW needed by /system/bin/ping + // CAP_SETUID CAP_SETGID needed by /system/bin/run-as + continue; + } + int err = prctl(PR_CAPBSET_DROP, i, 0, 0, 0); + + // Some kernels don't have file capabilities compiled in, and + // prctl(PR_CAPBSET_DROP) returns EINVAL. Don't automatically + // die when we see such misconfigured kernels. + if ((err < 0) && (errno != EINVAL)) { + exit(1); + } + } +} + static int should_drop_privileges() { #ifndef ALLOW_ADBD_ROOT return 1; @@ -1278,6 +1305,8 @@ int adb_main(int is_daemon, int server_port) exit(1); } + drop_capabilities_bounding_set_if_needed(); + /* add extra groups: ** AID_ADB to access the USB driver ** AID_LOG to read system logs (adb logcat) |