diff options
| author | Nick Kralevich <nnk@google.com> | 2011-04-27 12:24:47 -0700 |
|---|---|---|
| committer | Android Code Review <code-review@android.com> | 2011-04-27 12:24:47 -0700 |
| commit | a2842b68548c8cdfbf6b3c14480ab04bab9010ea (patch) | |
| tree | a04943dff52d809db2b9fc9d9bdd9709a80b6d65 /libcutils/uevent.c | |
| parent | ab6e55f72b975b4fc61c436d4540ba7416166262 (diff) | |
| parent | 3f582e92f07d358f3d0941b86407b39e2e7e67cc (diff) | |
| download | system_core-a2842b68548c8cdfbf6b3c14480ab04bab9010ea.zip system_core-a2842b68548c8cdfbf6b3c14480ab04bab9010ea.tar.gz system_core-a2842b68548c8cdfbf6b3c14480ab04bab9010ea.tar.bz2 | |
Merge "Fold uevent message origin checking from init into libcutils."
Diffstat (limited to 'libcutils/uevent.c')
| -rw-r--r-- | libcutils/uevent.c | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/libcutils/uevent.c b/libcutils/uevent.c new file mode 100644 index 0000000..3533c00 --- /dev/null +++ b/libcutils/uevent.c @@ -0,0 +1,70 @@ +/* + * Copyright (C) 2011 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <cutils/uevent.h> + +#include <errno.h> +#include <strings.h> + +#include <linux/netlink.h> + +/** + * Like recv(), but checks that messages actually originate from the kernel. + */ +ssize_t uevent_checked_recv(int socket, void *buffer, size_t length) { + struct iovec iov = { buffer, length }; + struct sockaddr_nl addr; + char control[CMSG_SPACE(sizeof(struct ucred))]; + struct msghdr hdr = { + &addr, + sizeof(addr), + &iov, + 1, + control, + sizeof(control), + 0, + }; + + ssize_t n = recvmsg(socket, &hdr, 0); + if (n <= 0) { + return n; + } + + if (addr.nl_groups == 0 || addr.nl_pid != 0) { + /* ignoring non-kernel or unicast netlink message */ + goto out; + } + + struct cmsghdr *cmsg = CMSG_FIRSTHDR(&hdr); + if (cmsg == NULL || cmsg->cmsg_type != SCM_CREDENTIALS) { + /* ignoring netlink message with no sender credentials */ + goto out; + } + + struct ucred *cred = (struct ucred *)CMSG_DATA(cmsg); + if (cred->uid != 0) { + /* ignoring netlink message from non-root user */ + goto out; + } + + return n; + +out: + /* clear residual potentially malicious data */ + bzero(buffer, length); + errno = EIO; + return -1; +} |