init: always expand args in subcontext

Currently init expands properties in arguments only when those
commands are run in a subcontext.  This creates a hole where
properties that should not be accessible from a given subcontext of
init can be accessed when running a command in the main init
executable (for example `start`).

This change creates a callback in subcontext init that simply expands
and returns arguments back to the main init process, to ensure that
only those properties that a subcontext can access get expanded.

Bug: 62875318
Test: boot bullhead, new unit tests
Change-Id: I2850009e70da877c08e4cc83350c727b0ea98796

1 files changed, 77 insertions, 27 deletions

diff --git a/init/subcontext.cpp b/init/subcontext.cpp
index 068be6e6f..be754da73 100644
--- a/init/subcontext.cpp
+++ b/init/subcontext.cpp
@@ -28,7 +28,6 @@
 
 #include "action.h"
 #include "selinux.h"
-#include "system/core/init/subcontext.pb.h"
 #include "util.h"
 
 using android::base::GetExecutablePath;
@@ -84,7 +83,9 @@ class SubcontextProcess {
 
   private:
     void RunCommand(const SubcontextCommand::ExecuteCommand& execute_command,
-                    SubcontextReply::ResultMessage* result_message) const;
+                    SubcontextReply* reply) const;
+    void ExpandArgs(const SubcontextCommand::ExpandArgsCommand& expand_args_command,
+                    SubcontextReply* reply) const;
 
     const KeywordFunctionMap* function_map_;
     const std::string context_;
@@ -92,7 +93,7 @@ class SubcontextProcess {
 };
 
 void SubcontextProcess::RunCommand(const SubcontextCommand::ExecuteCommand& execute_command,
-                                   SubcontextReply::ResultMessage* result_message) const {
+                                   SubcontextReply* reply) const {
     // Need to use ArraySplice instead of this code.
     auto args = std::vector<std::string>();
     for (const auto& string : execute_command.args()) {
@@ -108,11 +109,27 @@ void SubcontextProcess::RunCommand(const SubcontextCommand::ExecuteCommand& exec
     }
 
     if (result) {
-        result_message->set_success(true);
+        reply->set_success(true);
     } else {
-        result_message->set_success(false);
-        result_message->set_error_string(result.error_string());
-        result_message->set_error_errno(result.error_errno());
+        auto* failure = reply->mutable_failure();
+        failure->set_error_string(result.error_string());
+        failure->set_error_errno(result.error_errno());
+    }
+}
+
+void SubcontextProcess::ExpandArgs(const SubcontextCommand::ExpandArgsCommand& expand_args_command,
+                                   SubcontextReply* reply) const {
+    for (const auto& arg : expand_args_command.args()) {
+        auto expanded_prop = std::string{};
+        if (!expand_props(arg, &expanded_prop)) {
+            auto* failure = reply->mutable_failure();
+            failure->set_error_string("Failed to expand '" + arg + "'");
+            failure->set_error_errno(0);
+            return;
+        } else {
+            auto* expand_args_reply = reply->mutable_expand_args_reply();
+            expand_args_reply->add_expanded_args(expanded_prop);
+        }
     }
 }
 
@@ -142,7 +159,11 @@ void SubcontextProcess::MainLoop() {
         auto reply = SubcontextReply();
         switch (subcontext_command.command_case()) {
             case SubcontextCommand::kExecuteCommand: {
-                RunCommand(subcontext_command.execute_command(), reply.mutable_result());
+                RunCommand(subcontext_command.execute_command(), &reply);
+                break;
+            }
+            case SubcontextCommand::kExpandArgsCommand: {
+                ExpandArgs(subcontext_command.expand_args_command(), &reply);
                 break;
             }
             default:
@@ -219,12 +240,7 @@ void Subcontext::Restart() {
     Fork();
 }
 
-Result<Success> Subcontext::Execute(const std::vector<std::string>& args) {
-    auto subcontext_command = SubcontextCommand();
-    std::copy(
-        args.begin(), args.end(),
-        RepeatedPtrFieldBackInserter(subcontext_command.mutable_execute_command()->mutable_args()));
-
+Result<SubcontextReply> Subcontext::TransmitMessage(const SubcontextCommand& subcontext_command) {
     if (auto result = SendMessage(socket_, subcontext_command); !result) {
         Restart();
         return ErrnoError() << "Failed to send message to subcontext";
@@ -236,25 +252,59 @@ Result<Success> Subcontext::Execute(const std::vector<std::string>& args) {
         return Error() << "Failed to receive result from subcontext: " << subcontext_message.error();
     }
 
-    auto subcontext_reply = SubcontextReply();
+    auto subcontext_reply = SubcontextReply{};
     if (!subcontext_reply.ParseFromString(*subcontext_message)) {
         Restart();
         return Error() << "Unable to parse message from subcontext";
     }
+    if (subcontext_reply.reply_case() == SubcontextReply::kFailure) {
+        auto& failure = subcontext_reply.failure();
+        return ResultError(failure.error_string(), failure.error_errno());
+    }
+    return subcontext_reply;
+}
 
-    switch (subcontext_reply.reply_case()) {
-        case SubcontextReply::kResult: {
-            auto result = subcontext_reply.result();
-            if (result.success()) {
-                return Success();
-            } else {
-                return ResultError(result.error_string(), result.error_errno());
-            }
-        }
-        default:
-            return Error() << "Unknown message type from subcontext: "
-                           << subcontext_reply.reply_case();
+Result<Success> Subcontext::Execute(const std::vector<std::string>& args) {
+    auto subcontext_command = SubcontextCommand();
+    std::copy(
+        args.begin(), args.end(),
+        RepeatedPtrFieldBackInserter(subcontext_command.mutable_execute_command()->mutable_args()));
+
+    auto subcontext_reply = TransmitMessage(subcontext_command);
+    if (!subcontext_reply) {
+        return subcontext_reply.error();
+    }
+
+    if (subcontext_reply->reply_case() != SubcontextReply::kSuccess) {
+        return Error() << "Unexpected message type from subcontext: "
+                       << subcontext_reply->reply_case();
+    }
+
+    return Success();
+}
+
+Result<std::vector<std::string>> Subcontext::ExpandArgs(const std::vector<std::string>& args) {
+    auto subcontext_command = SubcontextCommand{};
+    std::copy(args.begin(), args.end(),
+              RepeatedPtrFieldBackInserter(
+                  subcontext_command.mutable_expand_args_command()->mutable_args()));
+
+    auto subcontext_reply = TransmitMessage(subcontext_command);
+    if (!subcontext_reply) {
+        return subcontext_reply.error();
+    }
+
+    if (subcontext_reply->reply_case() != SubcontextReply::kExpandArgsReply) {
+        return Error() << "Unexpected message type from subcontext: "
+                       << subcontext_reply->reply_case();
+    }
+
+    auto& reply = subcontext_reply->expand_args_reply();
+    auto expanded_args = std::vector<std::string>{};
+    for (const auto& string : reply.expanded_args()) {
+        expanded_args.emplace_back(string);
     }
+    return expanded_args;
 }
 
 static std::vector<Subcontext> subcontexts;