aiden
/
appmotor
mirror of https://github.com/cutefishos/appmotor
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'jb53620' into 'master'

Browse Source 
[launcherlib] Revert: Add checks for invoker. JB#53620

See merge request mer-core/mapplauncherd!29
pull/1/head
Raine Makelainen 5 years ago
parent b7de66d551 75c156112a
commit 92d182de05
3 changed files with 2 additions and 104 deletions
Show Stats Download Patch File Download Diff File

10
src/launcherlib/booster.cpp
Unescape Escape View File

@ -58,7 +58,6 @@ Booster::Booster() :
m_spaceAvailable(0), m_spaceAvailable(0),
m_bootMode(false) m_bootMode(false)
{ {
Connection::setMountNamespace(Connection::getMountNamespace(getpid()));
} }
Booster::~Booster() Booster::~Booster()
@ -237,15 +236,8 @@ bool Booster::receiveDataFromInvoker(int socketFd)
// Accept a new invocation. // Accept a new invocation.
if (m_connection->accept(m_appData)) if (m_connection->accept(m_appData))
{ {
// Check that the caller is allowed to invoke apps
if (!m_connection->isPermitted())
{
m_connection->close();
return false;
}
// Receive application data from the invoker // Receive application data from the invoker
if (!m_connection->receiveApplicationData(m_appData)) if(!m_connection->receiveApplicationData(m_appData))
{ {
m_connection->close(); m_connection->close();
return false; return false;

83
src/launcherlib/connection.cpp
Unescape Escape View File

@ -23,8 +23,6 @@
#include <sys/socket.h> #include <sys/socket.h>
#include <sys/un.h> /* for getsockopt */ #include <sys/un.h> /* for getsockopt */
#include <sys/stat.h> /* for chmod */ #include <sys/stat.h> /* for chmod */
#include <limits.h>
#include <sstream>
#include <cstring> #include <cstring>
#include <cstdlib> #include <cstdlib>
#include <cerrno> #include <cerrno>
@ -32,10 +30,6 @@
#include <stdexcept> #include <stdexcept>
#include <sys/syslog.h> #include <sys/syslog.h>
#define INVOKER_PATH "/usr/bin/invoker"
std::pair<dev_t, ino_t> Connection::s_mntNS = std::pair<dev_t, ino_t>();
Connection::Connection(int socketFd, bool testMode) : Connection::Connection(int socketFd, bool testMode) :
m_testMode(testMode), m_testMode(testMode),
m_fd(-1), m_fd(-1),
@ -77,7 +71,7 @@ int Connection::getFd() const
return m_fd; return m_fd;
} }
bool Connection::accept(AppData*) bool Connection::accept(AppData* appData)
{ {
if (!m_testMode) if (!m_testMode)
{ {
@ -111,47 +105,6 @@ void Connection::close()
} }
} }
bool Connection::isPermitted()
{
// Check that caller is in the same namespace and it is invoker
// and not something else. This is done to avoid sandboxed app
// that sees the socket from escaping the sandbox through booster
if (m_fd != -1)
{
pid_t pid = peerPid();
if (pid == 0)
{
Logger::logError("Connection: %s: getting peer pid failed", __FUNCTION__);
}
else
{
// There is a possibility for a race here: if caller can exit
// and then invoke a process with the correct binary path and
// pid at the right time they could fool us
if (!s_mntNS.first || getMountNamespace(pid) != s_mntNS)
{
Logger::logWarning("Connection: %s: invocation from %s (%d) came from different namespace", __FUNCTION__, getExecutablePath(pid), pid);
}
else
{
std::string executablePath = getExecutablePath(pid);
if (executablePath != INVOKER_PATH)
{
Logger::logWarning("Connection: %s: executable %s (%d) is not invoker", __FUNCTION__, executablePath, pid);
}
else
{
Logger::logDebug("Connection: %s: invoker (%d) called, allowing", __FUNCTION__, pid);
return true;
}
}
}
}
return false;
}
bool Connection::sendMsg(uint32_t msg) bool Connection::sendMsg(uint32_t msg)
{ {
if (!m_testMode) if (!m_testMode)
@ -592,37 +545,3 @@ pid_t Connection::peerPid()
return cr.pid; return cr.pid;
} }
void Connection::setMountNamespace(std::pair<dev_t, ino_t> mntNS)
{
s_mntNS = mntNS;
}
std::pair<dev_t, ino_t> Connection::getMountNamespace(pid_t pid)
{
struct stat sb;
std::ostringstream path;
path << "/proc/" << pid << "/ns/mnt";
if (stat(path.str().c_str(), &sb) == -1)
{
Logger::logError("Connection: %s: stat failed for pid %d: %s", __FUNCTION__, pid, strerror(errno));
return std::pair<dev_t, ino_t>();
}
return std::pair<dev_t, ino_t>(sb.st_dev, sb.st_ino);
}
std::string Connection::getExecutablePath(pid_t pid)
{
std::ostringstream path;
char exe[PATH_MAX];
ssize_t len;
static_assert(sizeof(INVOKER_PATH) < sizeof(exe));
path << "/proc/" << pid << "/exe";
len = readlink(path.str().c_str(), exe, sizeof(exe));
if (len < 0 || len >= sizeof(exe))
{
Logger::logError("Connection: %s: readlink failed for pid %d: %s", __FUNCTION__, pid, strerror(errno));
return std::string();
}
return std::string(exe, len);
}

13
src/launcherlib/connection.h
Unescape Escape View File

@ -83,15 +83,6 @@ public:
//! \brief Send application exit value //! \brief Send application exit value
bool sendExitValue(int value); bool sendExitValue(int value);
//! \brief Check if caller is permitted to invoke apps
bool isPermitted();
//! \brief Get device id and inode number pair of a mount namespace
static std::pair<dev_t, ino_t> getMountNamespace(pid_t pid);
//! \brief Set required mount namespace for invoker processes
static void setMountNamespace(std::pair<dev_t, ino_t> mntNS);
private: private:
/*! \brief Receive actions. /*! \brief Receive actions.
@ -141,9 +132,6 @@ private:
//! Send process pid //! Send process pid
bool sendPid(pid_t pid); bool sendPid(pid_t pid);
//! Helper method: Get executable path for pid
static std::string getExecutablePath(pid_t pid);
//! Send message to a socket. This is a virtual to help unit testing. //! Send message to a socket. This is a virtual to help unit testing.
virtual bool sendMsg(uint32_t msg); virtual bool sendMsg(uint32_t msg);
@ -172,7 +160,6 @@ private:
gid_t m_gid; gid_t m_gid;
uid_t m_uid; uid_t m_uid;
static std::pair<dev_t, ino_t> s_mntNS;
#ifdef UNIT_TEST #ifdef UNIT_TEST
friend class Ut_Connection; friend class Ut_Connection;

Write Preview
Loading…
Cancel
Save