diff options
| author | Vernon Tang <vt@foilhead.net> | 2011-04-25 13:08:17 +1000 |
|---|---|---|
| committer | Vernon Tang <vt@foilhead.net> | 2011-04-27 14:17:15 +1000 |
| commit | 8405ec0e7562a370174d9973dd94984c47e49c36 (patch) | |
| tree | 8fb7faf8ccc88f72f0fd40b62160a008963f2ad2 /libcutils/uevent.c | |
| parent | 8795007a4aedb0860f6e7b838984ba8104f2febc (diff) | |
| download | system_core-8405ec0e7562a370174d9973dd94984c47e49c36.tar.gz system_core-8405ec0e7562a370174d9973dd94984c47e49c36.tar.bz2 system_core-8405ec0e7562a370174d9973dd94984c47e49c36.zip | |
Fold uevent message origin checking from init into libcutils.
Change-Id: I1a38e611a7ad990f74306ce453740a1eeed2416d
Diffstat (limited to 'libcutils/uevent.c')
| -rw-r--r-- | libcutils/uevent.c | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/libcutils/uevent.c b/libcutils/uevent.c new file mode 100644 index 000000000..3533c00f6 --- /dev/null +++ b/libcutils/uevent.c @@ -0,0 +1,70 @@ +/* + * Copyright (C) 2011 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <cutils/uevent.h> + +#include <errno.h> +#include <strings.h> + +#include <linux/netlink.h> + +/** + * Like recv(), but checks that messages actually originate from the kernel. + */ +ssize_t uevent_checked_recv(int socket, void *buffer, size_t length) { + struct iovec iov = { buffer, length }; + struct sockaddr_nl addr; + char control[CMSG_SPACE(sizeof(struct ucred))]; + struct msghdr hdr = { + &addr, + sizeof(addr), + &iov, + 1, + control, + sizeof(control), + 0, + }; + + ssize_t n = recvmsg(socket, &hdr, 0); + if (n <= 0) { + return n; + } + + if (addr.nl_groups == 0 || addr.nl_pid != 0) { + /* ignoring non-kernel or unicast netlink message */ + goto out; + } + + struct cmsghdr *cmsg = CMSG_FIRSTHDR(&hdr); + if (cmsg == NULL || cmsg->cmsg_type != SCM_CREDENTIALS) { + /* ignoring netlink message with no sender credentials */ + goto out; + } + + struct ucred *cred = (struct ucred *)CMSG_DATA(cmsg); + if (cred->uid != 0) { + /* ignoring netlink message from non-root user */ + goto out; + } + + return n; + +out: + /* clear residual potentially malicious data */ + bzero(buffer, length); + errno = EIO; + return -1; +} |