From 1fde74eb0bdfdb6e3e7f880532460f65bd0022d2 Mon Sep 17 00:00:00 2001 From: Sangyoon Jang Date: Wed, 21 Oct 2015 15:13:55 +0900 Subject: [PATCH] Get appid of process from smack label getting appid from cmdline is untrusted because process can modify its cmdline Change-Id: Ib3f937dc8e08dcbccff4c4b2964395a7593fd305 Signed-off-by: Sangyoon Jang --- am_daemon/amd_status.c | 79 ++++++++++++-------------------------------------- include/menu_db_util.h | 28 +++++++++--------- include/simple_util.h | 7 +++-- src/pkginfo.c | 78 ++++++++++++++++++++++++++----------------------- src/simple_util.c | 59 +++++++++++++++++++++---------------- 5 files changed, 113 insertions(+), 138 deletions(-) diff --git a/am_daemon/amd_status.c b/am_daemon/amd_status.c index 11dfc44..76dd2ec 100644 --- a/am_daemon/amd_status.c +++ b/am_daemon/amd_status.c @@ -251,10 +251,7 @@ int _status_send_running_appinfo(int fd, uid_t uid) int _status_app_is_running_v2(const char *appid, uid_t caller_uid) { - const char *app_exec; - char *apppath; int ret; - int i = 0; struct appinfo *ai; if (appid == NULL) @@ -264,48 +261,24 @@ int _status_app_is_running_v2(const char *appid, uid_t caller_uid) if (ai == NULL) return -1; - app_exec = appinfo_get_value(ai, AIT_EXEC); - if (app_exec == NULL) { - _E("invalid appinfo"); - return -1; - } - apppath = strdup(app_exec); - if (apppath == NULL) { - _E("out of memory"); - return -1; - } - - /*truncate apppath if it includes default bundles */ - while (apppath[i] != 0) { - if (apppath[i] == ' ' || apppath[i] == '\t') { - apppath[i]='\0'; - break; - } - i++; - } - - ret = __proc_iter_cmdline(NULL, apppath); - - free(apppath); + ret = __proc_iter_appid(NULL, (void *)appid); return ret; } -static int __get_pkginfo(const char *dname, const char *cmdline, void *priv,uid_t uid) +static int __get_pkginfo(const char *dname, const char *appid, void *priv, uid_t uid) { - app_info_from_db *menu_info; + app_info_from_db *menu_info = NULL; char *r_info; - char *appid; char *app_path; r_info = (char *)priv; + if (appid == NULL) + goto out; - if ((menu_info = _get_app_info_from_db_by_apppath_user(cmdline,uid)) == NULL) + if ((menu_info = _get_app_info_from_db_by_appid_user(appid, uid)) == NULL) goto out; else { - appid = _get_appid(menu_info); - if (appid == NULL) - goto out; app_path = _get_app_path(menu_info); if (app_path == NULL) goto out; @@ -329,7 +302,7 @@ int _status_send_running_appinfo_v2(int fd) int len; char buf[AUL_SOCK_MAXBUFF] = {0 ,}; - __proc_iter_cmdline(__get_pkginfo, buf); + __proc_iter_appid(__get_pkginfo, buf); len = strlen(buf); pkt = (app_pkt_t *)malloc(AUL_PKT_HEADER_SIZE + len); @@ -360,28 +333,14 @@ int _status_send_running_appinfo_v2(int fd) static int __get_appid_bypid(int pid, char *appid, int len) { - char *cmdline; - app_info_from_db *menu_info; - uid_t uid; - cmdline = __proc_get_cmdline_bypid(pid); - if (cmdline == NULL) - return -1; - - uid = __proc_get_usr_bypid(pid); - if (uid == -1) { - free(cmdline); - return -1; - } + char *result; - if ((menu_info = _get_app_info_from_db_by_apppath_user(cmdline,uid)) == NULL) { - free(cmdline); + result = __proc_get_appid_bypid(pid); + if (result == NULL) return -1; - } else { - snprintf(appid, len, "%s", _get_appid(menu_info)); - } - free(cmdline); - _free_app_info_from_db(menu_info); + snprintf(appid, len, "%s", result); + free(result); return 0; } @@ -444,27 +403,27 @@ int _status_get_appid_bypid(int fd, int pid) static int __get_pkgid_bypid(int pid, char *pkgid, int len) { - char *cmdline; + char *appid; app_info_from_db *menu_info; uid_t uid; - cmdline = __proc_get_cmdline_bypid(pid); - if (cmdline == NULL) + appid = __proc_get_appid_bypid(pid); + if (appid == NULL) return -1; uid = __proc_get_usr_bypid(pid); if (uid == -1) { - free(cmdline); + free(appid); return -1; } - if ((menu_info = _get_app_info_from_db_by_apppath_user(cmdline,uid)) == NULL) { - free(cmdline); + if ((menu_info = _get_app_info_from_db_by_appid_user(appid, uid)) == NULL) { + free(appid); return -1; } else { snprintf(pkgid, len, "%s", _get_pkgid(menu_info)); } - free(cmdline); + free(appid); _free_app_info_from_db(menu_info); return 0; diff --git a/include/menu_db_util.h b/include/menu_db_util.h index 888d807..da6a6fd 100644 --- a/include/menu_db_util.h +++ b/include/menu_db_util.h @@ -185,16 +185,16 @@ static inline int __appinfo_func(const pkgmgrinfo_appinfo_h appinfo, void *user_data) { app_info_from_db *menu_info = (app_info_from_db *)user_data; - char *appid; + char *apppath; char *pkgid; int ret = PMINFO_R_OK; if (!menu_info) return ret; - ret = pkgmgrinfo_appinfo_get_appid(appinfo, &appid); - if (ret == PMINFO_R_OK && appid) { - menu_info->appid = strdup(appid); + ret = pkgmgrinfo_appinfo_get_exec(appinfo, &apppath); + if (ret == PMINFO_R_OK && apppath) { + menu_info->app_path = strdup(apppath); ret = PMINFO_R_ERROR; } @@ -205,8 +205,8 @@ static inline int __appinfo_func(const pkgmgrinfo_appinfo_h appinfo, return ret; } -static inline app_info_from_db *_get_app_info_from_db_by_apppath_user( - const char *apppath, uid_t uid) +static inline app_info_from_db *_get_app_info_from_db_by_appid_user( + const char *appid, uid_t uid) { app_info_from_db *menu_info; pkgmgrinfo_appinfo_filter_h filter; @@ -217,7 +217,7 @@ static inline app_info_from_db *_get_app_info_from_db_by_apppath_user( uid = GLOBAL_USER; } - if (apppath == NULL) + if (appid == NULL) return NULL; menu_info = calloc(1, sizeof(app_info_from_db)); @@ -231,7 +231,7 @@ static inline app_info_from_db *_get_app_info_from_db_by_apppath_user( } ret = pkgmgrinfo_appinfo_filter_add_string(filter, - PMINFO_APPINFO_PROP_APP_EXEC, apppath); + PMINFO_APPINFO_PROP_APP_ID, appid); if (ret != PMINFO_R_OK) { pkgmgrinfo_appinfo_filter_destroy(filter); _free_app_info_from_db(menu_info); @@ -245,7 +245,7 @@ static inline app_info_from_db *_get_app_info_from_db_by_apppath_user( ret = pkgmgrinfo_appinfo_filter_foreach_appinfo(filter, __appinfo_func, (void *)menu_info); - if ((ret != PMINFO_R_OK) || (menu_info->appid == NULL)) { + if ((ret != PMINFO_R_OK) || (menu_info->app_path == NULL)) { pkgmgrinfo_appinfo_filter_destroy(filter); _free_app_info_from_db(menu_info); return NULL; @@ -253,17 +253,17 @@ static inline app_info_from_db *_get_app_info_from_db_by_apppath_user( pkgmgrinfo_appinfo_filter_destroy(filter); - menu_info->app_path = strdup(apppath); - menu_info->original_app_path = strdup(apppath); + menu_info->appid = strdup(appid); + menu_info->original_app_path = strdup(menu_info->app_path); return menu_info; } -static inline app_info_from_db *_get_app_info_from_db_by_apppath( - const char *apppath) +static inline app_info_from_db *_get_app_info_from_db_by_appid( + const char *appid) { - return _get_app_info_from_db_by_apppath_user(apppath, GLOBAL_USER); + return _get_app_info_from_db_by_appid_user(appid, GLOBAL_USER); } #endif diff --git a/include/simple_util.h b/include/simple_util.h index f9758db..ccfd742 100644 --- a/include/simple_util.h +++ b/include/simple_util.h @@ -71,11 +71,12 @@ } \ } while (0) -int __proc_iter_cmdline(int (*iterfunc) - (const char *dname, const char *cmdline, void *priv, uid_t uid), +int __proc_iter_appid(int (*iterfunc) + (const char *dname, const char *appid, void *priv, uid_t uid), void *priv); -int __proc_iter_pgid(int pgid, int (*iterfunc) (int pid, void *priv,uid_t uid), +int __proc_iter_pgid(int pgid, int (*iterfunc) (int pid, void *priv, uid_t uid), void *priv); +char *__proc_get_appid_bypid(int pid); char *__proc_get_cmdline_bypid(int pid); char *__proc_get_exe_bypid(int pid); uid_t __proc_get_usr_bypid(int pid); diff --git a/src/pkginfo.c b/src/pkginfo.c index 7e048d1..3aa3633 100644 --- a/src/pkginfo.c +++ b/src/pkginfo.c @@ -89,16 +89,16 @@ SLPAPI int aul_app_get_running_app_info(aul_app_info_iter_fn enum_fn, static int __get_info_bypid(int pid, char *appid, int len, int cmd) { - char *cmdline; + char *result; app_info_from_db *menu_info; uid_t uid; - cmdline = __proc_get_cmdline_bypid(pid); - uid = __proc_get_usr_bypid(pid); - if (cmdline == NULL) + result = __proc_get_appid_bypid(pid); + if (result == NULL) return -1; + uid = __proc_get_usr_bypid(pid); - if ((menu_info = _get_app_info_from_db_by_apppath_user(cmdline,uid)) == NULL) { - free(cmdline); + if ((menu_info = _get_app_info_from_db_by_appid_user(result, uid)) == NULL) { + free(result); return -1; } else { if (cmd == APP_GET_APPID_BYPID) @@ -107,7 +107,7 @@ static int __get_info_bypid(int pid, char *appid, int len, int cmd) snprintf(appid, len, "%s", _get_pkgid(menu_info)); } - free(cmdline); + free(result); _free_app_info_from_db(menu_info); return 0; @@ -118,46 +118,52 @@ SLPAPI int aul_app_get_pkgname_bypid(int pid, char *pkgname, int len) return aul_app_get_appid_bypid(pid, pkgname, len); } +static int __get_appid_bypid(int pid, char *appid, int len) +{ + char *result; + + result = __proc_get_appid_bypid(pid); + if (result == NULL) + return -1; + + snprintf(appid, len, "%s", result); + free(result); + + return 0; +} + SLPAPI int aul_app_get_appid_bypid(int pid, char *appid, int len) { - app_pkt_t *pkt = NULL; + app_pkt_t *pkt; int pgid; - int cmd = APP_GET_APPID_BYPID; + int ret; - if (pid == getpid() || getuid()==0 || geteuid()==0) { - if (__get_info_bypid(pid, appid, len, cmd) == 0) { - SECURE_LOGD("appid for %d is %s", pid, appid); - return AUL_R_OK; + if (pid != getpid()) { + pkt = __app_send_cmd_with_result(AUL_UTIL_PID, + APP_GET_APPID_BYPID, (unsigned char *)&pid, + sizeof(pid)); + if (pkt == NULL) + return AUL_R_ERROR; + if (pkt->cmd == APP_GET_INFO_ERROR) { + free(pkt); + return AUL_R_ERROR; } - /* support app launched by shell script*/ + + snprintf(appid, len, "%s", pkt->data); + free(pkt); + return AUL_R_OK; + } else { + ret = __get_appid_bypid(pid, appid, len); + if (ret == 0) + return AUL_R_OK; pgid = getpgid(pid); if (pgid <= 1) return AUL_R_ERROR; - - _D("second change pgid = %d, pid = %d", pgid, pid); - if (__get_info_bypid(pgid, appid, len, cmd) == 0) - return AUL_R_OK; - - return AUL_R_ERROR; - } - - if (appid == NULL) - return AUL_R_EINVAL; - - pkt = __app_send_cmd_with_result(AUL_UTIL_PID, cmd, - (unsigned char *)&pid, sizeof(pid)); - - if (pkt == NULL) - return AUL_R_ERROR; - if (pkt->cmd == APP_GET_INFO_ERROR) { - free(pkt); - return AUL_R_ERROR; + return __get_appid_bypid(pid, appid, len); } - snprintf(appid, len, "%s", pkt->data); - free(pkt); - return AUL_R_OK; + return AUL_R_ERROR; } SLPAPI int aul_app_get_pkgid_bypid(int pid, char *pkgid, int len) diff --git a/src/simple_util.c b/src/simple_util.c index 18dba32..1d7b10a 100644 --- a/src/simple_util.c +++ b/src/simple_util.c @@ -43,9 +43,10 @@ #define PROC_STAT_GID_POS 5 #define MAX_CMD_BUFSZ 1024 +#define APP_LABEL_PREFIX "User::App::" static inline int __read_proc(const char *path, char *buf, int size); -static inline int __find_pid_by_cmdline(const char *dname, const char *cmdline, +static inline int __find_pid_by_appid(const char *dname, const char *appid, void *priv, uid_t uid); static inline int __get_pgid_from_stat(int pid); @@ -74,14 +75,12 @@ static inline int __read_proc(const char *path, char *buf, int size) return ret; } -static inline int __find_pid_by_cmdline(const char *dname, const char *cmdline, +static inline int __find_pid_by_appid(const char *dname, const char *appid, void *priv, uid_t uid) { - char *apppath; int pid = 0; - apppath = (char *)priv; - if (strncmp(cmdline, apppath, MAX_LOCAL_BUFSZ-1) == 0) { + if (strncmp(appid, (char *)priv, MAX_LOCAL_BUFSZ-1) == 0) { pid = atoi(dname); if (pid != getpgid(pid)) pid = 0; @@ -90,8 +89,8 @@ static inline int __find_pid_by_cmdline(const char *dname, const char *cmdline, return pid; } -int __proc_iter_cmdline( - int (*iterfunc)(const char *dname, const char *cmdline, void *priv, uid_t uid), +int __proc_iter_appid( + int (*iterfunc)(const char *dname, const char *appid, void *priv, uid_t uid), void *priv) { DIR *dp; @@ -99,16 +98,15 @@ int __proc_iter_cmdline( int pid; int ret; char buf[MAX_LOCAL_BUFSZ]; - char *cmdline; + char *p; uid_t uid; - dp = opendir("/proc"); - if (dp == NULL) { + dp = opendir("/proc"); + if (dp == NULL) return -1; - } if (iterfunc == NULL) - iterfunc = __find_pid_by_cmdline; + iterfunc = __find_pid_by_appid; while ((dentry = readdir(dp)) != NULL) { if (!isdigit(dentry->d_name[0])) @@ -116,23 +114,17 @@ int __proc_iter_cmdline( uid = __proc_get_usr_bypid(atoi(dentry->d_name)); - snprintf(buf, sizeof(buf), "/proc/%s/cmdline", dentry->d_name); + snprintf(buf, sizeof(buf), "/proc/%s/attr/current", dentry->d_name); ret = __read_proc(buf, buf, sizeof(buf)); if (ret <= 0) continue; - /* support app launched by shell script*/ - cmdline = buf; - if (strncmp(buf, BINSH_NAME, BINSH_SIZE) == 0) { - cmdline = &buf[BINSH_SIZE + 1]; - } else if (strncmp(buf, BASH_NAME, BASH_SIZE) == 0) { - if (strncmp(&buf[BASH_SIZE + 1], OPROFILE_NAME, OPROFILE_SIZE) == 0) { - if (strncmp(&buf[BASH_SIZE + OPROFILE_SIZE + 2], OPTION_VALGRIND_NAME, OPTION_VALGRIND_SIZE) == 0) { - cmdline = &buf[BASH_SIZE + OPROFILE_SIZE + OPTION_VALGRIND_SIZE + 3]; - } - } - } - pid = iterfunc(dentry->d_name, cmdline, priv, uid); + p = strstr(buf, APP_LABEL_PREFIX); + /* not an app */ + if (p == NULL) + continue; + p = p + strlen(APP_LABEL_PREFIX); + pid = iterfunc(dentry->d_name, p, priv, uid); if (pid > 0) { closedir(dp); @@ -160,9 +152,26 @@ uid_t __proc_get_usr_bypid(int pid) return uid; } +char *__proc_get_appid_bypid(int pid) +{ + char buf[MAX_CMD_BUFSZ]; + char *p; + int ret; + + snprintf(buf, sizeof(buf), "/proc/%d/attr/current", pid); + ret = __read_proc(buf, buf, sizeof(buf)); + if (ret <= 0) + return NULL; + p = strstr(buf, APP_LABEL_PREFIX); + /* not an app */ + if (p == NULL) + return NULL; + p = p + strlen(APP_LABEL_PREFIX); + return strdup(p); +} char *__proc_get_cmdline_bypid(int pid) { -- 2.7.4