diff options
author | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-02-21 17:01:49 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-02-21 17:01:49 +0000 |
commit | 0864773bdb83cb148446ca9410d831a75efcf7fe (patch) | |
tree | ab50f0d1f7180deb9f3c457664918317ebdf8095 | |
parent | 5e4bdfb4b694a422f3645e3efc8c68d2f8797438 (diff) | |
parent | 8d7174bc2166ac088d3e954c1306e178db028021 (diff) | |
download | platform_external_minijail-0864773bdb83cb148446ca9410d831a75efcf7fe.tar.gz platform_external_minijail-0864773bdb83cb148446ca9410d831a75efcf7fe.tar.bz2 platform_external_minijail-0864773bdb83cb148446ca9410d831a75efcf7fe.zip |
cli: support minijail_set_supplementary_gids() am: 8d7174bc21
Change-Id: Ie99a16362ceb119f7c764822d960dd9c5a157505
-rw-r--r-- | minijail0.1 | 15 | ||||
-rw-r--r-- | minijail0_cli.c | 63 | ||||
-rw-r--r-- | minijail0_cli_unittest.cc | 30 |
3 files changed, 98 insertions, 10 deletions
diff --git a/minijail0.1 b/minijail0.1 index cab94ec2..820d3ca0 100644 --- a/minijail0.1 +++ b/minijail0.1 @@ -59,15 +59,19 @@ network namespace specified by \fIfile\fR which is typically of the form \fB-f <file>\fR Write the pid of the jailed process to \fIfile\fR. .TP -\fB-g <group>\fR -Change groups to \fIgroup\fR, which may be either a group name or a numeric -group ID. +\fB-g <group|gid> +Change groups to the specified \fIgroup\fR name, or numeric group ID \fIgid\fR. .TP \fB-G\fR Inherit all the supplementary groups of the user specified with \fB-u\fR. It is an error to use this option without having specified a \fBuser name\fR to \fB-u\fR. .TP +\fB--add-suppl-group <group|gid>\fR +Add the specified \fIgroup\fR name, or numeric group ID \fIgid\fR, +to the process' supplementary groups list. Can be specified +multiple times to add several groups. Incompatible with -y and -G. +.TP \fB-h\fR Print a help message. .TP @@ -241,9 +245,8 @@ program is executed. Type 'dynamic' will force minijail0 to preload \fIlibminijailpreload.so\fR to setup hooks, but will fail on actually statically-linked binaries. .TP -\fB-u <user>\fR -Change users to \fIuser\fR, which may be either a user name or a numeric user -ID. +\fB-u <user|uid>\fR +Change users to the specified \fIuser\fR name, or numeric user ID \fIuid\fR. .TP \fB-U\fR Enter a new user namespace (implies \fB-p\fR). diff --git a/minijail0_cli.c b/minijail0_cli.c index f19a053a..c8b700b4 100644 --- a/minijail0_cli.c +++ b/minijail0_cli.c @@ -72,6 +72,41 @@ static void set_group(struct minijail *j, const char *arg, gid_t *out_gid) } } +/* + * Helper function used by --add-suppl-group (possibly more than once), + * to build the supplementary gids array. + */ +static void suppl_group_add(size_t *suppl_gids_count, gid_t **suppl_gids, + char *arg) { + char *end = NULL; + int groupid = strtod(arg, &end); + gid_t gid; + if (!*end && *arg) { + /* A gid number has been specified, proceed. */ + gid = groupid; + } else if (lookup_group(arg, &gid)) { + /* + * A group name has been specified, + * but doesn't exist: we bail out. + */ + fprintf(stderr, "Bad group: '%s'\n", arg); + exit(1); + } + + /* + * From here, gid is guaranteed to be set and valid, + * we add it to our supplementary gids array. + */ + *suppl_gids = realloc(*suppl_gids, + sizeof(gid_t) * ++(*suppl_gids_count)); + if (!suppl_gids) { + fprintf(stderr, "failed to allocate memory.\n"); + exit(1); + } + + (*suppl_gids)[*suppl_gids_count - 1] = gid; +} + static void skip_securebits(struct minijail *j, const char *arg) { uint64_t securebits_skip_mask; @@ -496,10 +531,13 @@ static void usage(const char *progn) " -e[file]: Enter new network namespace, or existing one if |file| is provided.\n" " -f <file>: Write the pid of the jailed process to <file>.\n" " -g <group>: Change gid to <group>.\n" - " -G: Inherit supplementary groups from uid.\n" - " Not compatible with -y.\n" - " -y: Keep uid's supplementary groups.\n" - " Not compatible with -G.\n" + " -G: Inherit supplementary groups from new uid.\n" + " Not compatible with -y or --add-suppl-group.\n" + " -y: Keep original uid's supplementary groups.\n" + " Not compatible with -G or --add-suppl-group.\n" + " --add-suppl-group <g>:Add <g> to the proccess' supplementary groups,\n" + " can be specified multiple times to add several groups.\n" + " Not compatible with -y or -G.\n" " -h: Help (this message).\n" " -H: Seccomp filter help message.\n" " -i: Exit immediately after fork(2). The jailed process will run\n" @@ -592,6 +630,8 @@ int parse_args(struct minijail *j, int argc, char *const argv[], bool use_uid = false, use_gid = false; uid_t uid = 0; gid_t gid = 0; + gid_t *suppl_gids = NULL; + size_t suppl_gids_count = 0; char *uidmap = NULL, *gidmap = NULL; int set_uidmap = 0, set_gidmap = 0; size_t tmp_size = 0; @@ -610,6 +650,7 @@ int parse_args(struct minijail *j, int argc, char *const argv[], {"profile", required_argument, 0, 131}, {"preload-library", required_argument, 0, 132}, {"seccomp-bpf-binary", required_argument, 0, 133}, + {"add-suppl-group", required_argument, 0, 134}, {0, 0, 0, 0}, }; /* clang-format on */ @@ -863,6 +904,10 @@ int parse_args(struct minijail *j, int argc, char *const argv[], filter_path = optarg; use_seccomp_filter_binary = 1; break; + case 134: + suppl_group_add(&suppl_gids_count, &suppl_gids, + optarg); + break; default: usage(argv[0]); exit(opt == 'h' ? 0 : 1); @@ -925,6 +970,16 @@ int parse_args(struct minijail *j, int argc, char *const argv[], } /* + * Proceed in setting the supplementary gids specified on the + * cmdline options. + */ + if (suppl_gids_count) { + minijail_set_supplementary_gids(j, suppl_gids_count, + suppl_gids); + free(suppl_gids); + } + + /* * We parse seccomp filters here to make sure we've collected all * cmdline options. */ diff --git a/minijail0_cli_unittest.cc b/minijail0_cli_unittest.cc index 077f5f77..a9d739b5 100644 --- a/minijail0_cli_unittest.cc +++ b/minijail0_cli_unittest.cc @@ -158,6 +158,36 @@ TEST_F(CliTest, invalid_set_group) { "-g provided multiple times"); } +// Valid calls to the add-suppl-group option. +TEST_F(CliTest, valid_add_supp_group) { + std::vector<std::string> argv = {"--add-suppl-group", "", "/bin/sh"}; + + argv[1] = kValidGroup; + ASSERT_TRUE(parse_args_(argv)); + + argv[1] = kValidGid; + ASSERT_TRUE(parse_args_(argv)); + + std::vector<std::string> argv2 = {"--add-suppl-group", "", + "--add-suppl-group", "", "/bin/sh"}; + argv[1] = kValidGroup; + argv[2] = kValidGid; + ASSERT_TRUE(parse_args_(argv)); +} + +// Invalid calls to the add-suppl-group option. +TEST_F(CliTest, invalid_add_supp_group) { + std::vector<std::string> argv = {"--add-suppl-group", "", "/bin/sh"}; + + ASSERT_EXIT(parse_args_(argv), testing::ExitedWithCode(1), ""); + + argv[1] = "j;lX:J*Pj;oijfs;jdlkjC;j"; + ASSERT_EXIT(parse_args_(argv), testing::ExitedWithCode(1), ""); + + argv[1] = "1000x"; + ASSERT_EXIT(parse_args_(argv), testing::ExitedWithCode(1), ""); +} + // Valid calls to the skip securebits option. TEST_F(CliTest, valid_skip_securebits) { // An empty string is the same as 0. |