diff options
author | Nick Kralevich <nnk@google.com> | 2013-02-11 15:14:55 -0800 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2013-03-01 13:18:41 -0800 |
commit | fe8135739c5a9195e74786205c077964ba4f9c44 (patch) | |
tree | 348c4ca3d27cd7a8f815e3c85a300365adc7b5bb /include/private | |
parent | cc4499b6fa9ad4cbe285d78754edcb6dd30ab893 (diff) | |
download | system_core-fe8135739c5a9195e74786205c077964ba4f9c44.zip system_core-fe8135739c5a9195e74786205c077964ba4f9c44.tar.gz system_core-fe8135739c5a9195e74786205c077964ba4f9c44.tar.bz2 |
android_filesystem_config.h: change ping and run-as
/system/bin/ping no longer requires CAP_NET_RAW, as we're now
using IPPROTO_ICMP. Please see the following for more details:
* http://lwn.net/Articles/443051/
* https://android-review.googlesource.com/52090
* https://android-review.googlesource.com/52072
We can now make ping a normal, unprivileged program.
/system/bin/run-as only requires CAP_SETUID and CAP_SETGID.
Explicitly set the capabilities of this file, and remove
the setuid bit.
This is equivalent to running the following commands:
* chmod 750 /system/bin/run-as
* chown root:shell /system/bin/run-as
* setcap cap_setgid,cap_setuid+ep /system/bin/run-as
Change-Id: I65df858b45e6de4e2190ac9d6d592c06ea9d28cf
Diffstat (limited to 'include/private')
-rw-r--r-- | include/private/android_filesystem_capability.h | 117 | ||||
-rw-r--r-- | include/private/android_filesystem_config.h | 25 |
2 files changed, 134 insertions, 8 deletions
diff --git a/include/private/android_filesystem_capability.h b/include/private/android_filesystem_capability.h new file mode 100644 index 0000000..0505cda --- /dev/null +++ b/include/private/android_filesystem_capability.h @@ -0,0 +1,117 @@ +/* + * Copyright (C) 2013 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* + * Taken from linux/capability.h, with minor modifications + */ + +#ifndef _SYSTEM_CORE_INCLUDE_PRIVATE_ANDROID_FILESYSTEM_CAPABILITY_H +#define _SYSTEM_CORE_INCLUDE_PRIVATE_ANDROID_FILESYSTEM_CAPABILITY_H + +#include <stdint.h> + +#define __user +#define __u32 uint32_t +#define __le32 uint32_t + +#define _LINUX_CAPABILITY_VERSION_1 0x19980330 +#define _LINUX_CAPABILITY_U32S_1 1 +#define _LINUX_CAPABILITY_VERSION_2 0x20071026 +#define _LINUX_CAPABILITY_U32S_2 2 +#define _LINUX_CAPABILITY_VERSION_3 0x20080522 +#define _LINUX_CAPABILITY_U32S_3 2 + +typedef struct __user_cap_header_struct { + __u32 version; + int pid; +} __user *cap_user_header_t; + +typedef struct __user_cap_data_struct { + __u32 effective; + __u32 permitted; + __u32 inheritable; +} __user *cap_user_data_t; + +#define VFS_CAP_REVISION_MASK 0xFF000000 +#define VFS_CAP_REVISION_SHIFT 24 +#define VFS_CAP_FLAGS_MASK ~VFS_CAP_REVISION_MASK +#define VFS_CAP_FLAGS_EFFECTIVE 0x000001 +#define VFS_CAP_REVISION_1 0x01000000 +#define VFS_CAP_U32_1 1 +#define XATTR_CAPS_SZ_1 (sizeof(__le32)*(1 + 2*VFS_CAP_U32_1)) +#define VFS_CAP_REVISION_2 0x02000000 +#define VFS_CAP_U32_2 2 +#define XATTR_CAPS_SZ_2 (sizeof(__le32)*(1 + 2*VFS_CAP_U32_2)) +#define XATTR_CAPS_SZ XATTR_CAPS_SZ_2 +#define VFS_CAP_U32 VFS_CAP_U32_2 +#define VFS_CAP_REVISION VFS_CAP_REVISION_2 + +struct vfs_cap_data { + __le32 magic_etc; + struct { + __le32 permitted; + __le32 inheritable; + } data[VFS_CAP_U32]; +}; + +#define _LINUX_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_1 +#define _LINUX_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_1 +#define CAP_CHOWN 0 +#define CAP_DAC_OVERRIDE 1 +#define CAP_DAC_READ_SEARCH 2 +#define CAP_FOWNER 3 +#define CAP_FSETID 4 +#define CAP_KILL 5 +#define CAP_SETGID 6 +#define CAP_SETUID 7 +#define CAP_SETPCAP 8 +#define CAP_LINUX_IMMUTABLE 9 +#define CAP_NET_BIND_SERVICE 10 +#define CAP_NET_BROADCAST 11 +#define CAP_NET_ADMIN 12 +#define CAP_NET_RAW 13 +#define CAP_IPC_LOCK 14 +#define CAP_IPC_OWNER 15 +#define CAP_SYS_MODULE 16 +#define CAP_SYS_RAWIO 17 +#define CAP_SYS_CHROOT 18 +#define CAP_SYS_PTRACE 19 +#define CAP_SYS_PACCT 20 +#define CAP_SYS_ADMIN 21 +#define CAP_SYS_BOOT 22 +#define CAP_SYS_NICE 23 +#define CAP_SYS_RESOURCE 24 +#define CAP_SYS_TIME 25 +#define CAP_SYS_TTY_CONFIG 26 +#define CAP_MKNOD 27 +#define CAP_LEASE 28 +#define CAP_AUDIT_WRITE 29 +#define CAP_AUDIT_CONTROL 30 +#define CAP_SETFCAP 31 +#define CAP_MAC_OVERRIDE 32 +#define CAP_MAC_ADMIN 33 +#define CAP_SYSLOG 34 +#define CAP_WAKE_ALARM 35 +#define CAP_LAST_CAP CAP_WAKE_ALARM +#define cap_valid(x) ((x) >= 0 && (x) <= CAP_LAST_CAP) +#define CAP_TO_INDEX(x) ((x) >> 5) +#define CAP_TO_MASK(x) (1 << ((x) & 31)) + +#undef __user +#undef __u32 +#undef __le32 + +#endif diff --git a/include/private/android_filesystem_config.h b/include/private/android_filesystem_config.h index 03df585..53bd166 100644 --- a/include/private/android_filesystem_config.h +++ b/include/private/android_filesystem_config.h @@ -27,6 +27,12 @@ #include <sys/types.h> #include <stdint.h> +#ifdef HAVE_ANDROID_OS +#include <linux/capability.h> +#else +#include "android_filesystem_capability.h" +#endif + /* This is the master Users and Groups config for the platform. ** DO NOT EVER RENUMBER. */ @@ -206,21 +212,24 @@ static const struct fs_path_config android_files[] = { { 00644, AID_MEDIA_RW, AID_MEDIA_RW, 0, "data/media/*" }, { 00644, AID_SYSTEM, AID_SYSTEM, 0, "data/app-private/*" }, { 00644, AID_APP, AID_APP, 0, "data/data/*" }, - /* the following two files are INTENTIONALLY set-gid and not set-uid. - * Do not change. */ - { 02755, AID_ROOT, AID_NET_RAW, 0, "system/bin/ping" }, + { 00755, AID_ROOT, AID_ROOT, 0, "system/bin/ping" }, + + /* the following file is INTENTIONALLY set-gid and not set-uid. + * Do not change. */ { 02750, AID_ROOT, AID_INET, 0, "system/bin/netcfg" }, - /* the following five files are INTENTIONALLY set-uid, but they - * are NOT included on user builds. */ + + /* the following five files are INTENTIONALLY set-uid, but they + * are NOT included on user builds. */ { 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/su" }, { 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/librank" }, { 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/procrank" }, { 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/procmem" }, { 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/tcpdump" }, { 04770, AID_ROOT, AID_RADIO, 0, "system/bin/pppd-ril" }, - /* the following file is INTENTIONALLY set-uid, and IS included - * in user builds. */ - { 06750, AID_ROOT, AID_SHELL, 0, "system/bin/run-as" }, + + /* the following file has enhanced capabilities and IS included in user builds. */ + { 00750, AID_ROOT, AID_SHELL, (1 << CAP_SETUID) | (1 << CAP_SETGID), "system/bin/run-as" }, + { 00755, AID_ROOT, AID_SHELL, 0, "system/bin/*" }, { 00755, AID_ROOT, AID_ROOT, 0, "system/lib/valgrind/*" }, { 00755, AID_ROOT, AID_SHELL, 0, "system/xbin/*" }, |