aiden
/
appmotor
mirror of https://github.com/cutefishos/appmotor
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[launcherlib] Add checks for invoker. Fixes JB#52956

Browse Source 
Check that caller is from the same namespace as the booster and the
calling binary is /usr/bin/invoker.

Signed-off-by: Tomi Leppänen <tomi.leppanen@jolla.com>
pull/1/head
Tomi Leppänen 5 years ago
parent 92d182de05
commit 3cb9c45c41
3 changed files with 108 additions and 2 deletions
Show Stats Download Patch File Download Diff File

12
src/launcherlib/booster.cpp
Unescape Escape View File

@ -1,6 +1,8 @@
/*************************************************************************** /***************************************************************************
** **
** Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies). ** Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies).
** Copyright (C) 2013 - 2021 Jolla Ltd.
** Copyright (C) 2018 - 2020 Open Mobile Platform LLC.
** All rights reserved. ** All rights reserved.
** Contact: Nokia Corporation (directui@nokia.com) ** Contact: Nokia Corporation (directui@nokia.com)
** **
@ -58,6 +60,7 @@ Booster::Booster() :
m_spaceAvailable(0), m_spaceAvailable(0),
m_bootMode(false) m_bootMode(false)
{ {
Connection::setMountNamespace(Connection::getMountNamespace(getpid()));
} }
Booster::~Booster() Booster::~Booster()
@ -236,8 +239,15 @@ bool Booster::receiveDataFromInvoker(int socketFd)
// Accept a new invocation. // Accept a new invocation.
if (m_connection->accept(m_appData)) if (m_connection->accept(m_appData))
{ {
// Check that the caller is allowed to invoke apps
if (!m_connection->isPermitted())
{
m_connection->close();
return false;
}
// Receive application data from the invoker // Receive application data from the invoker
if(!m_connection->receiveApplicationData(m_appData)) if (!m_connection->receiveApplicationData(m_appData))
{ {
m_connection->close(); m_connection->close();
return false; return false;

84
src/launcherlib/connection.cpp
Unescape Escape View File

@ -1,6 +1,7 @@
/*************************************************************************** /***************************************************************************
** **
** Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies). ** Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies).
** Copyright (C) 2021 Jolla Ltd.
** All rights reserved. ** All rights reserved.
** Contact: Nokia Corporation (directui@nokia.com) ** Contact: Nokia Corporation (directui@nokia.com)
** **
@ -23,6 +24,8 @@
#include <sys/socket.h> #include <sys/socket.h>
#include <sys/un.h> /* for getsockopt */ #include <sys/un.h> /* for getsockopt */
#include <sys/stat.h> /* for chmod */ #include <sys/stat.h> /* for chmod */
#include <limits.h>
#include <sstream>
#include <cstring> #include <cstring>
#include <cstdlib> #include <cstdlib>
#include <cerrno> #include <cerrno>
@ -30,6 +33,10 @@
#include <stdexcept> #include <stdexcept>
#include <sys/syslog.h> #include <sys/syslog.h>
#define INVOKER_PATH "/usr/bin/invoker"
std::pair<dev_t, ino_t> Connection::s_mntNS = std::pair<dev_t, ino_t>();
Connection::Connection(int socketFd, bool testMode) : Connection::Connection(int socketFd, bool testMode) :
m_testMode(testMode), m_testMode(testMode),
m_fd(-1), m_fd(-1),
@ -71,7 +78,7 @@ int Connection::getFd() const
return m_fd; return m_fd;
} }
bool Connection::accept(AppData* appData) bool Connection::accept(AppData*)
{ {
if (!m_testMode) if (!m_testMode)
{ {
@ -105,6 +112,47 @@ void Connection::close()
} }
} }
bool Connection::isPermitted()
{
// Check that caller is in the same namespace and it is invoker
// and not something else. This is done to avoid sandboxed app
// that sees the socket from escaping the sandbox through booster
if (m_fd != -1)
{
pid_t pid = peerPid();
if (pid == 0)
{
Logger::logError("Connection: %s: getting peer pid failed", __FUNCTION__);
}
else
{
// There is a possibility for a race here: if caller can exit
// and then invoke a process with the correct binary path and
// pid at the right time they could fool us
if (!s_mntNS.first || getMountNamespace(pid) != s_mntNS)
{
Logger::logWarning("Connection: %s: invocation from %s (%d) came from different namespace", __FUNCTION__, getExecutablePath(pid), pid);
}
else
{
std::string executablePath = getExecutablePath(pid);
if (executablePath != INVOKER_PATH)
{
Logger::logWarning("Connection: %s: executable %s (%d) is not invoker", __FUNCTION__, executablePath, pid);
}
else
{
Logger::logDebug("Connection: %s: invoker (%d) called, allowing", __FUNCTION__, pid);
return true;
}
}
}
}
return false;
}
bool Connection::sendMsg(uint32_t msg) bool Connection::sendMsg(uint32_t msg)
{ {
if (!m_testMode) if (!m_testMode)
@ -545,3 +593,37 @@ pid_t Connection::peerPid()
return cr.pid; return cr.pid;
} }
void Connection::setMountNamespace(std::pair<dev_t, ino_t> mntNS)
{
s_mntNS = mntNS;
}
std::pair<dev_t, ino_t> Connection::getMountNamespace(pid_t pid)
{
struct stat sb;
std::ostringstream path;
path << "/proc/" << pid << "/ns/mnt";
if (stat(path.str().c_str(), &sb) == -1)
{
Logger::logError("Connection: %s: stat failed for pid %d: %s", __FUNCTION__, pid, strerror(errno));
return std::pair<dev_t, ino_t>();
}
return std::pair<dev_t, ino_t>(sb.st_dev, sb.st_ino);
}
std::string Connection::getExecutablePath(pid_t pid)
{
std::ostringstream path;
char exe[PATH_MAX];
ssize_t len;
static_assert(sizeof(INVOKER_PATH) < sizeof(exe));
path << "/proc/" << pid << "/exe";
len = readlink(path.str().c_str(), exe, sizeof(exe));
if (len < 0 || len >= sizeof(exe))
{
Logger::logError("Connection: %s: readlink failed for pid %d: %s", __FUNCTION__, pid, strerror(errno));
return std::string();
}
return std::string(exe, len);
}

14
src/launcherlib/connection.h
Unescape Escape View File

@ -1,6 +1,7 @@
/*************************************************************************** /***************************************************************************
** **
** Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies). ** Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies).
** Copyright (C) 2012 - 2021 Jolla Ltd.
** All rights reserved. ** All rights reserved.
** Contact: Nokia Corporation (directui@nokia.com) ** Contact: Nokia Corporation (directui@nokia.com)
** **
@ -83,6 +84,15 @@ public:
//! \brief Send application exit value //! \brief Send application exit value
bool sendExitValue(int value); bool sendExitValue(int value);
//! \brief Check if caller is permitted to invoke apps
bool isPermitted();
//! \brief Get device id and inode number pair of a mount namespace
static std::pair<dev_t, ino_t> getMountNamespace(pid_t pid);
//! \brief Set required mount namespace for invoker processes
static void setMountNamespace(std::pair<dev_t, ino_t> mntNS);
private: private:
/*! \brief Receive actions. /*! \brief Receive actions.
@ -132,6 +142,9 @@ private:
//! Send process pid //! Send process pid
bool sendPid(pid_t pid); bool sendPid(pid_t pid);
//! Helper method: Get executable path for pid
static std::string getExecutablePath(pid_t pid);
//! Send message to a socket. This is a virtual to help unit testing. //! Send message to a socket. This is a virtual to help unit testing.
virtual bool sendMsg(uint32_t msg); virtual bool sendMsg(uint32_t msg);
@ -160,6 +173,7 @@ private:
gid_t m_gid; gid_t m_gid;
uid_t m_uid; uid_t m_uid;
static std::pair<dev_t, ino_t> s_mntNS;
#ifdef UNIT_TEST #ifdef UNIT_TEST
friend class Ut_Connection; friend class Ut_Connection;

Write Preview
Loading…
Cancel
Save