Changes: pass and set gid and uid from invoker process to launcher

src/common/protocol.h

@@ -33,6 +33,7 @@ const uint32_t INVOKER_MSG_EXEC               = 0xe8ec0000;
 const uint32_t INVOKER_MSG_ARGS               = 0xa4650000;
 const uint32_t INVOKER_MSG_ENV                = 0xe5710000;
 const uint32_t INVOKER_MSG_PRIO               = 0xa1ce0000;
+const uint32_t INVOKER_MSG_IDS                = 0xb2df4000;
 const uint32_t INVOKER_MSG_IO                 = 0x10fd0000;
 const uint32_t INVOKER_MSG_END                = 0xdead0000;
 const uint32_t INVOKER_MSG_PID                = 0x1d1d0000;

src/invoker/invoker.c

@@ -296,6 +296,18 @@ static bool invoker_send_prio(int fd, int prio)
     return true;
 }
 
+static bool invoker_send_ids(int fd, int uid, int gid)
+{
+    // Send action.
+    invoke_send_msg(fd, INVOKER_MSG_IDS);
+    invoke_send_msg(fd, uid);
+    invoke_send_msg(fd, gid);
+
+    invoke_recv_ack(fd);
+
+    return true;
+}
+
 static bool invoker_send_env(int fd)
 {
     int i, n_vars;
@@ -418,6 +430,9 @@ static int invoke(int prog_argc, char **prog_argv, char *prog_name,
             prog_prio = 0;
         }
 
+        int uid = getuid();
+        int gid = getgid();
+
         int fd = invoker_init(app_type);
 
         invoker_send_magic(fd, magic_options);
@@ -425,6 +440,7 @@ static int invoke(int prog_argc, char **prog_argv, char *prog_name,
         invoker_send_exec(fd, prog_name);
         invoker_send_args(fd, prog_argc, prog_argv);
         invoker_send_prio(fd, prog_prio);
+        invoker_send_ids(fd, uid, gid);
         invoker_send_io(fd);
         invoker_send_env(fd);
         invoker_send_end(fd);

src/launcher/appdata.cpp

@@ -27,7 +27,9 @@ AppData::AppData() :
     m_fileName(""),
     m_prio(0),
     m_entry(NULL),
-    m_ioDescriptors()
+    m_ioDescriptors(),
+    m_gid(0),
+    m_uid(0)
 {}
 
 void AppData::setOptions(int newOptions)
@@ -110,6 +112,22 @@ void AppData::setIODescriptors(const vector<int> & newIODescriptors)
     m_ioDescriptors = newIODescriptors;
 }
 
+void AppData::setIDs(uid_t userId, gid_t groupId)
+{
+    m_uid = userId;
+    m_gid = groupId;
+}
+
+uid_t AppData::userId() const
+{
+    return m_uid;
+}
+
+gid_t AppData::groupId() const
+{
+    return m_gid;
+}
+
 void AppData::deleteArgv()
 {
     if (m_argv)

src/launcher/appdata.h

@@ -89,6 +89,15 @@ public:
     //! Set I/O descriptors
     void setIODescriptors(const vector<int> & ioDescriptors);
 
+    //! Set user ID and group ID of calling process
+    void setIDs(uid_t userId, gid_t groupId);
+
+    //! Get user ID of calling process
+    uid_t userId() const;
+
+    //! Get group ID of calling process
+    gid_t groupId() const;
+
     //! Frees the memory reserved for argv
     void deleteArgv();
 
@@ -105,6 +114,9 @@ private:
     int         m_prio;
     entry_t     m_entry;
     vector<int> m_ioDescriptors;
+    gid_t       m_gid;
+    uid_t       m_uid;
+
 };
 
 #endif // APPDATA_H

src/launcher/booster.cpp

@@ -168,6 +168,17 @@ int Booster::launchProcess()
     if (!errno && cur_prio < m_app.priority())
         setpriority(PRIO_PROCESS, 0, m_app.priority());
 
+    // Possible set user ID and group ID of calling process
+    uid_t uid = getuid();
+    gid_t gid = getgid();
+
+    if (uid != m_app.userId())
+        setuid(m_app.userId());
+
+    if (gid != m_app.groupId())
+        setgid(m_app.groupId());
+
+
     // Load the application and find out the address of main()
     void* handle = loadMain();
 

src/launcher/connection.cpp

@@ -310,6 +310,16 @@ bool Connection::receivePriority()
     return true;
 }
 
+bool Connection::receiveIDs()
+{
+    recvMsg(&m_uid);
+    recvMsg(&m_gid);
+
+    sendMsg(INVOKER_MSG_ACK);
+
+    return true;
+}
+
 bool Connection::receiveArgs()
 {
     // Get argc
@@ -485,6 +495,9 @@ bool Connection::receiveActions()
         case INVOKER_MSG_IO:
             receiveIO();
             break;
+        case INVOKER_MSG_IDS:
+            receiveIDs();
+            break;
         case INVOKER_MSG_END:
             sendMsg(INVOKER_MSG_ACK);
 
@@ -519,6 +532,7 @@ bool Connection::receiveApplicationData(AppData & rApp)
         rApp.setArgc(m_argc);
         rApp.setArgv(m_argv);
         rApp.setIODescriptors(vector<int>(m_io, m_io + IO_DESCRIPTOR_COUNT));
+        rApp.setIDs(m_uid, m_gid);
     }
     else
     {

src/launcher/connection.h

@@ -132,6 +132,9 @@ private:
     //! Receive I/O descriptors
     bool receiveIO();
 
+    //! Receive userId and GroupId
+    bool receiveIDs();
+
     //! Receive priority
     bool receivePriority();
 
@@ -161,6 +164,8 @@ private:
     int      m_io[IO_DESCRIPTOR_COUNT];
     uint32_t m_priority;
     bool     m_sendPid;
+    gid_t    m_gid;
+    uid_t    m_uid;
 
 #if defined (HAVE_CREDS) && ! defined (DISABLE_VERIFICATION)
     static const char * m_credsStr;