You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
242 lines
5.2 KiB
242 lines
5.2 KiB
/*
|
|
* Copyright (C) 2016 The Android Open Source Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
const char* optstr = "<1u:g:G:c:s";
|
|
const char* usage =
|
|
R"(usage: runconuid [-s] [-u UID] [-g GID] [-G GROUPS] [-c CONTEXT] COMMAND ARGS
|
|
|
|
Run a command in the specified security context, as the specified user,
|
|
with the specified group membership.
|
|
|
|
-c SELinux context
|
|
-g Group ID by name or numeric value
|
|
-G List of groups by name or numeric value
|
|
-s Set enforcing mode
|
|
-u User ID by name or numeric value
|
|
)";
|
|
|
|
#include <assert.h>
|
|
#include <errno.h>
|
|
#include <grp.h>
|
|
#include <pwd.h>
|
|
#include <selinux/selinux.h>
|
|
#include <signal.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <sys/capability.h>
|
|
#include <sys/prctl.h>
|
|
#include <sys/ptrace.h>
|
|
#include <sys/types.h>
|
|
#include <sys/wait.h>
|
|
#include <unistd.h>
|
|
|
|
static uid_t uid = -1;
|
|
static gid_t gid = -1;
|
|
static gid_t* groups = nullptr;
|
|
static size_t ngroups = 0;
|
|
static char* context = nullptr;
|
|
static bool setenforce = false;
|
|
static char** child_argv = nullptr;
|
|
|
|
[[noreturn]] void perror_exit(const char* message) {
|
|
perror(message);
|
|
exit(1);
|
|
}
|
|
|
|
void do_child(void) {
|
|
|
|
if (context && setexeccon(context) < 0) {
|
|
perror_exit("Setting context to failed");
|
|
}
|
|
|
|
// Disregard ambient capability failures, we may just be on a kernel
|
|
// that does not support them.
|
|
for (int i = 0; i < 64; ++i) {
|
|
prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, i, 0, 0);
|
|
}
|
|
|
|
if (ngroups && setgroups(ngroups, groups) < 0) {
|
|
perror_exit("Setting supplementary groups failed.");
|
|
}
|
|
|
|
if (gid != (gid_t) -1 && setresgid(gid, gid, gid) < 0) {
|
|
perror_exit("Setting group failed.");
|
|
}
|
|
|
|
if (uid != (uid_t) -1 && setresuid(uid, uid, uid) < 0) {
|
|
perror_exit("Setting user failed.");
|
|
}
|
|
|
|
ptrace(PTRACE_TRACEME, 0, 0, 0);
|
|
raise(SIGSTOP);
|
|
execvp(child_argv[0], child_argv);
|
|
perror_exit("Failed to execve");
|
|
}
|
|
|
|
uid_t lookup_uid(char* c) {
|
|
struct passwd* pw;
|
|
uid_t u;
|
|
|
|
if (sscanf(c, "%d", &u) == 1) {
|
|
return u;
|
|
}
|
|
|
|
if ((pw = getpwnam(c)) != 0) {
|
|
return pw->pw_uid;
|
|
}
|
|
|
|
perror_exit("Could not resolve user ID by name");
|
|
}
|
|
|
|
gid_t lookup_gid(char* c) {
|
|
struct group* gr;
|
|
gid_t g;
|
|
|
|
if (sscanf(c, "%d", &g) == 1) {
|
|
return g;
|
|
}
|
|
|
|
if ((gr = getgrnam(c)) != 0) {
|
|
return gr->gr_gid;
|
|
}
|
|
|
|
perror_exit("Could not resolve group ID by name");
|
|
}
|
|
|
|
void lookup_groups(char* c) {
|
|
char* group;
|
|
|
|
// Count the number of groups
|
|
for (group = c; *group; group++) {
|
|
if (*group == ',') {
|
|
ngroups++;
|
|
*group = '\0';
|
|
}
|
|
}
|
|
|
|
// The last group is not followed by a comma.
|
|
ngroups++;
|
|
|
|
// Allocate enough space for all of them
|
|
groups = (gid_t*)calloc(ngroups, sizeof(gid_t));
|
|
group = c;
|
|
|
|
// Fill in the group IDs
|
|
for (size_t n = 0; n < ngroups; n++) {
|
|
groups[n] = lookup_gid(group);
|
|
group += strlen(group) + 1;
|
|
}
|
|
}
|
|
|
|
void parse_arguments(int argc, char** argv) {
|
|
int c;
|
|
|
|
while ((c = getopt(argc, argv, optstr)) != -1) {
|
|
switch (c) {
|
|
case 'u':
|
|
uid = lookup_uid(optarg);
|
|
break;
|
|
case 'g':
|
|
gid = lookup_gid(optarg);
|
|
break;
|
|
case 'G':
|
|
lookup_groups(optarg);
|
|
break;
|
|
case 's':
|
|
setenforce = true;
|
|
break;
|
|
case 'c':
|
|
context = optarg;
|
|
break;
|
|
default:
|
|
perror_exit(usage);
|
|
break;
|
|
}
|
|
}
|
|
|
|
child_argv = &argv[optind];
|
|
|
|
if (optind == argc) {
|
|
perror_exit(usage);
|
|
}
|
|
}
|
|
|
|
int main(int argc, char** argv) {
|
|
pid_t child;
|
|
|
|
parse_arguments(argc, argv);
|
|
child = fork();
|
|
|
|
if (child < 0) {
|
|
perror_exit("Could not fork.");
|
|
}
|
|
|
|
if (setenforce && is_selinux_enabled()) {
|
|
if (security_setenforce(0) < 0) {
|
|
perror("Couldn't set enforcing status to 0");
|
|
}
|
|
}
|
|
|
|
if (child == 0) {
|
|
do_child();
|
|
}
|
|
|
|
if (ptrace(PTRACE_ATTACH, child, 0, 0) < 0) {
|
|
int err = errno;
|
|
kill(SIGKILL, child);
|
|
errno = err;
|
|
perror_exit("Could not ptrace child.");
|
|
}
|
|
|
|
// Wait for the SIGSTOP
|
|
int status = 0;
|
|
if (-1 == wait(&status)) {
|
|
perror_exit("Could not wait for child SIGSTOP");
|
|
}
|
|
|
|
// Trace all syscalls.
|
|
ptrace(PTRACE_SETOPTIONS, child, 0, PTRACE_O_TRACESYSGOOD);
|
|
|
|
while (1) {
|
|
ptrace(PTRACE_SYSCALL, child, 0, 0);
|
|
waitpid(child, &status, 0);
|
|
|
|
// Child raises SIGINT after the execve, on the first instruction.
|
|
if (WIFSTOPPED(status) && WSTOPSIG(status) == SIGTRAP) {
|
|
break;
|
|
}
|
|
|
|
// Child did some other syscall.
|
|
if (WIFSTOPPED(status) && WSTOPSIG(status) & 0x80) {
|
|
continue;
|
|
}
|
|
|
|
// Child exited.
|
|
if (WIFEXITED(status)) {
|
|
exit(WEXITSTATUS(status));
|
|
}
|
|
}
|
|
|
|
if (setenforce && is_selinux_enabled()) {
|
|
if (security_setenforce(1) < 0) {
|
|
perror("Couldn't set enforcing status to 1");
|
|
}
|
|
}
|
|
|
|
ptrace(PTRACE_DETACH, child, 0, 0);
|
|
return 0;
|
|
}
|