/*
* Copyright (C) 2008 The Android Open Source Project
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
* OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
* AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <ctype.h>
#include <errno.h>
#include <grp.h>
#include <mntent.h>
#include <netdb.h>
#include <pthread.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include "private/android_filesystem_config.h"
#include "private/bionic_macros.h"
#include "private/ErrnoRestorer.h"
#include "private/libc_logging.h"
#include "private/ThreadLocalBuffer.h"
// POSIX seems to envisage an implementation where the <pwd.h> functions are
// implemented by brute-force searching with getpwent(3), and the <grp.h>
// functions are implemented similarly with getgrent(3). This means that it's
// okay for all the <grp.h> functions to share state, and all the <passwd.h>
// functions to share state, but <grp.h> functions can't clobber <passwd.h>
// functions' state and vice versa.
struct group_state_t {
group group_;
char* group_members_[2];
char group_name_buffer_[32];
};
struct passwd_state_t {
passwd passwd_;
char name_buffer_[32];
char dir_buffer_[32];
char sh_buffer_[32];
};
static ThreadLocalBuffer<group_state_t> g_group_tls_buffer;
static ThreadLocalBuffer<passwd_state_t> g_passwd_tls_buffer;
static void init_group_state(group_state_t* state) {
memset(state, 0, sizeof(group_state_t));
state->group_.gr_mem = state->group_members_;
}
static group_state_t* __group_state() {
group_state_t* result = g_group_tls_buffer.get();
if (result != nullptr) {
init_group_state(result);
}
return result;
}
static int do_getpw_r(int by_name, const char* name, uid_t uid,
passwd* dst, char* buf, size_t byte_count,
passwd** result) {
// getpwnam_r and getpwuid_r don't modify errno, but library calls we
// make might.
ErrnoRestorer errno_restorer;
*result = NULL;
// Our implementation of getpwnam(3) and getpwuid(3) use thread-local
// storage, so we can call them as long as we copy everything out
// before returning.
const passwd* src = by_name ? getpwnam(name) : getpwuid(uid); // NOLINT: see above.
// POSIX allows failure to find a match to be considered a non-error.
// Reporting success (0) but with *result NULL is glibc's behavior.
if (src == NULL) {
return (errno == ENOENT) ? 0 : errno;
}
// Work out where our strings will go in 'buf', and whether we've got
// enough space.
size_t required_byte_count = 0;
dst->pw_name = buf;
required_byte_count += strlen(src->pw_name) + 1;
dst->pw_dir = buf + required_byte_count;
required_byte_count += strlen(src->pw_dir) + 1;
dst->pw_shell = buf + required_byte_count;
required_byte_count += strlen(src->pw_shell) + 1;
if (byte_count < required_byte_count) {
return ERANGE;
}
// Copy the strings.
snprintf(buf, byte_count, "%s%c%s%c%s", src->pw_name, 0, src->pw_dir, 0, src->pw_shell);
// pw_passwd and pw_gecos are non-POSIX and unused (always NULL) in bionic.
// Note: On LP32, we define pw_gecos to pw_passwd since they're both NULL.
dst->pw_passwd = NULL;
#if defined(__LP64__)
dst->pw_gecos = NULL;
#endif
// Copy the integral fields.
dst->pw_gid = src->pw_gid;
dst->pw_uid = src->pw_uid;
*result = dst;
return 0;
}
int getpwnam_r(const char* name, passwd* pwd,
char* buf, size_t byte_count, passwd** result) {
return do_getpw_r(1, name, -1, pwd, buf, byte_count, result);
}
int getpwuid_r(uid_t uid, passwd* pwd,
char* buf, size_t byte_count, passwd** result) {
return do_getpw_r(0, NULL, uid, pwd, buf, byte_count, result);
}
static passwd* android_iinfo_to_passwd(passwd_state_t* state,
const android_id_info* iinfo) {
snprintf(state->name_buffer_, sizeof(state->name_buffer_), "%s", iinfo->name);
snprintf(state->dir_buffer_, sizeof(state->dir_buffer_), "/");
snprintf(state->sh_buffer_, sizeof(state->sh_buffer_), "/system/bin/sh");
passwd* pw = &state->passwd_;
pw->pw_name = state->name_buffer_;
pw->pw_uid = iinfo->aid;
pw->pw_gid = iinfo->aid;
pw->pw_dir = state->dir_buffer_;
pw->pw_shell = state->sh_buffer_;
return pw;
}
static group* android_iinfo_to_group(group_state_t* state,
const android_id_info* iinfo) {
snprintf(state->group_name_buffer_, sizeof(state->group_name_buffer_), "%s", iinfo->name);
group* gr = &state->group_;
gr->gr_name = state->group_name_buffer_;
gr->gr_gid = iinfo->aid;
gr->gr_mem[0] = gr->gr_name;
return gr;
}
static passwd* android_id_to_passwd(passwd_state_t* state, unsigned id) {
for (size_t n = 0; n < android_id_count; ++n) {
if (android_ids[n].aid == id) {
return android_iinfo_to_passwd(state, android_ids + n);
}
}
return NULL;
}
static passwd* android_name_to_passwd(passwd_state_t* state, const char* name) {
for (size_t n = 0; n < android_id_count; ++n) {
if (!strcmp(android_ids[n].name, name)) {
return android_iinfo_to_passwd(state, android_ids + n);
}
}
return NULL;
}
static group* android_id_to_group(group_state_t* state, unsigned id) {
for (size_t n = 0; n < android_id_count; ++n) {
if (android_ids[n].aid == id) {
return android_iinfo_to_group(state, android_ids + n);
}
}
return NULL;
}
static group* android_name_to_group(group_state_t* state, const char* name) {
for (size_t n = 0; n < android_id_count; ++n) {
if (!strcmp(android_ids[n].name, name)) {
return android_iinfo_to_group(state, android_ids + n);
}
}
return NULL;
}
// Translate a user/group name to the corresponding user/group id.
// all_a1234 -> 0 * AID_USER + AID_SHARED_GID_START + 1234 (group name only)
// u0_a1234 -> 0 * AID_USER + AID_APP + 1234
// u2_i1000 -> 2 * AID_USER + AID_ISOLATED_START + 1000
// u1_system -> 1 * AID_USER + android_ids['system']
// returns 0 and sets errno to ENOENT in case of error.
static id_t app_id_from_name(const char* name, bool is_group) {
char* end;
unsigned long userid;
bool is_shared_gid = false;
if (is_group && name[0] == 'a' && name[1] == 'l' && name[2] == 'l') {
end = const_cast<char*>(name+3);
userid = 0;
is_shared_gid = true;
} else if (name[0] == 'u' && isdigit(name[1])) {
userid = strtoul(name+1, &end, 10);
} else {
errno = ENOENT;
return 0;
}
if (end[0] != '_' || end[1] == 0) {
errno = ENOENT;
return 0;
}
unsigned long appid = 0;
if (end[1] == 'a' && isdigit(end[2])) {
if (is_shared_gid) {
// end will point to \0 if the strtoul below succeeds.
appid = strtoul(end+2, &end, 10) + AID_SHARED_GID_START;
if (appid > AID_SHARED_GID_END) {
errno = ENOENT;
return 0;
}
} else {
// end will point to \0 if the strtoul below succeeds.
appid = strtoul(end+2, &end, 10) + AID_APP;
}
} else if (end[1] == 'i' && isdigit(end[2])) {
// end will point to \0 if the strtoul below succeeds.
appid = strtoul(end+2, &end, 10) + AID_ISOLATED_START;
} else {
for (size_t n = 0; n < android_id_count; n++) {
if (!strcmp(android_ids[n].name, end + 1)) {
appid = android_ids[n].aid;
// Move the end pointer to the null terminator.
end += strlen(android_ids[n].name) + 1;
break;
}
}
}
// Check that the entire string was consumed by one of the 3 cases above.
if (end[0] != 0) {
errno = ENOENT;
return 0;
}
// Check that user id won't overflow.
if (userid > 1000) {
errno = ENOENT;
return 0;
}
// Check that app id is within range.
if (appid >= AID_USER) {
errno = ENOENT;
return 0;
}
return (appid + userid*AID_USER);
}
static void print_app_name_from_uid(const uid_t uid, char* buffer, const int bufferlen) {
const uid_t appid = uid % AID_USER;
const uid_t userid = uid / AID_USER;
if (appid >= AID_ISOLATED_START) {
snprintf(buffer, bufferlen, "u%u_i%u", userid, appid - AID_ISOLATED_START);
} else if (appid < AID_APP) {
for (size_t n = 0; n < android_id_count; n++) {
if (android_ids[n].aid == appid) {
snprintf(buffer, bufferlen, "u%u_%s", userid, android_ids[n].name);
return;
}
}
} else {
snprintf(buffer, bufferlen, "u%u_a%u", userid, appid - AID_APP);
}
}
static void print_app_name_from_gid(const gid_t gid, char* buffer, const int bufferlen) {
const uid_t appid = gid % AID_USER;
const uid_t userid = gid / AID_USER;
if (appid >= AID_ISOLATED_START) {
snprintf(buffer, bufferlen, "u%u_i%u", userid, appid - AID_ISOLATED_START);
} else if (userid == 0 && appid >= AID_SHARED_GID_START && appid <= AID_SHARED_GID_END) {
snprintf(buffer, bufferlen, "all_a%u", appid - AID_SHARED_GID_START);
} else if (appid < AID_APP) {
for (size_t n = 0; n < android_id_count; n++) {
if (android_ids[n].aid == appid) {
snprintf(buffer, bufferlen, "u%u_%s", userid, android_ids[n].name);
return;
}
}
} else {
snprintf(buffer, bufferlen, "u%u_a%u", userid, appid - AID_APP);
}
}
// Translate an OEM name to the corresponding user/group id.
// oem_XXX -> AID_OEM_RESERVED_2_START + XXX, iff XXX is within range.
static id_t oem_id_from_name(const char* name) {
unsigned int id;
if (sscanf(name, "oem_%u", &id) != 1) {
return 0;
}
// Check OEM id is within range.
if (id > (AID_OEM_RESERVED_2_END - AID_OEM_RESERVED_2_START)) {
return 0;
}
return AID_OEM_RESERVED_2_START + static_cast<id_t>(id);
}
static passwd* oem_id_to_passwd(uid_t uid, passwd_state_t* state) {
if (uid < AID_OEM_RESERVED_2_START || uid > AID_OEM_RESERVED_2_END) {
return NULL;
}
snprintf(state->name_buffer_, sizeof(state->name_buffer_), "oem_%u",
uid - AID_OEM_RESERVED_2_START);
snprintf(state->dir_buffer_, sizeof(state->dir_buffer_), "/");
snprintf(state->sh_buffer_, sizeof(state->sh_buffer_), "/system/bin/sh");
passwd* pw = &state->passwd_;
pw->pw_name = state->name_buffer_;
pw->pw_dir = state->dir_buffer_;
pw->pw_shell = state->sh_buffer_;
pw->pw_uid = uid;
pw->pw_gid = uid;
return pw;
}
static group* oem_id_to_group(gid_t gid, group_state_t* state) {
if (gid < AID_OEM_RESERVED_2_START || gid > AID_OEM_RESERVED_2_END) {
return NULL;
}
snprintf(state->group_name_buffer_, sizeof(state->group_name_buffer_),
"oem_%u", gid - AID_OEM_RESERVED_2_START);
group* gr = &state->group_;
gr->gr_name = state->group_name_buffer_;
gr->gr_gid = gid;
gr->gr_mem[0] = gr->gr_name;
return gr;
}
// Translate a uid into the corresponding name.
// 0 to AID_APP-1 -> "system", "radio", etc.
// AID_APP to AID_ISOLATED_START-1 -> u0_a1234
// AID_ISOLATED_START to AID_USER-1 -> u0_i1234
// AID_USER+ -> u1_radio, u1_a1234, u2_i1234, etc.
// returns a passwd structure (sets errno to ENOENT on failure).
static passwd* app_id_to_passwd(uid_t uid, passwd_state_t* state) {
if (uid < AID_APP) {
errno = ENOENT;
return NULL;
}
print_app_name_from_uid(uid, state->name_buffer_, sizeof(state->name_buffer_));
const uid_t appid = uid % AID_USER;
if (appid < AID_APP) {
snprintf(state->dir_buffer_, sizeof(state->dir_buffer_), "/");
} else {
snprintf(state->dir_buffer_, sizeof(state->dir_buffer_), "/data");
}
snprintf(state->sh_buffer_, sizeof(state->sh_buffer_), "/system/bin/sh");
passwd* pw = &state->passwd_;
pw->pw_name = state->name_buffer_;
pw->pw_dir = state->dir_buffer_;
pw->pw_shell = state->sh_buffer_;
pw->pw_uid = uid;
pw->pw_gid = uid;
return pw;
}
// Translate a gid into the corresponding app_<gid>
// group structure (sets errno to ENOENT on failure).
static group* app_id_to_group(gid_t gid, group_state_t* state) {
if (gid < AID_APP) {
errno = ENOENT;
return NULL;
}
print_app_name_from_gid(gid, state->group_name_buffer_, sizeof(state->group_name_buffer_));
group* gr = &state->group_;
gr->gr_name = state->group_name_buffer_;
gr->gr_gid = gid;
gr->gr_mem[0] = gr->gr_name;
return gr;
}
passwd* getpwuid(uid_t uid) { // NOLINT: implementing bad function.
passwd_state_t* state = g_passwd_tls_buffer.get();
if (state == NULL) {
return NULL;
}
passwd* pw = android_id_to_passwd(state, uid);
if (pw != NULL) {
return pw;
}
// Handle OEM range.
pw = oem_id_to_passwd(uid, state);
if (pw != NULL) {
return pw;
}
return app_id_to_passwd(uid, state);
}
passwd* getpwnam(const char* login) { // NOLINT: implementing bad function.
passwd_state_t* state = g_passwd_tls_buffer.get();
if (state == NULL) {
return NULL;
}
passwd* pw = android_name_to_passwd(state, login);
if (pw != NULL) {
return pw;
}
// Handle OEM range.
pw = oem_id_to_passwd(oem_id_from_name(login), state);
if (pw != NULL) {
return pw;
}
return app_id_to_passwd(app_id_from_name(login, false), state);
}
// All users are in just one group, the one passed in.
int getgrouplist(const char* /*user*/, gid_t group, gid_t* groups, int* ngroups) {
if (*ngroups < 1) {
*ngroups = 1;
return -1;
}
groups[0] = group;
return (*ngroups = 1);
}
char* getlogin() { // NOLINT: implementing bad function.
passwd *pw = getpwuid(getuid()); // NOLINT: implementing bad function in terms of bad function.
return (pw != NULL) ? pw->pw_name : NULL;
}
static group* getgrgid_internal(gid_t gid, group_state_t* state) {
group* grp = android_id_to_group(state, gid);
if (grp != NULL) {
return grp;
}
// Handle OEM range.
grp = oem_id_to_group(gid, state);
if (grp != NULL) {
return grp;
}
return app_id_to_group(gid, state);
}
group* getgrgid(gid_t gid) { // NOLINT: implementing bad function.
group_state_t* state = __group_state();
if (state == NULL) {
return NULL;
}
return getgrgid_internal(gid, state);
}
static group* getgrnam_internal(const char* name, group_state_t* state) {
group* grp = android_name_to_group(state, name);
if (grp != NULL) {
return grp;
}
// Handle OEM range.
grp = oem_id_to_group(oem_id_from_name(name), state);
if (grp != NULL) {
return grp;
}
return app_id_to_group(app_id_from_name(name, true), state);
}
group* getgrnam(const char* name) { // NOLINT: implementing bad function.
group_state_t* state = __group_state();
if (state == NULL) {
return NULL;
}
return getgrnam_internal(name, state);
}
static int getgroup_r(bool by_name, const char* name, gid_t gid, struct group* grp, char* buf,
size_t buflen, struct group** result) {
ErrnoRestorer errno_restorer;
*result = NULL;
char* p = reinterpret_cast<char*>(
BIONIC_ALIGN(reinterpret_cast<uintptr_t>(buf), sizeof(uintptr_t)));
if (p + sizeof(group_state_t) > buf + buflen) {
return ERANGE;
}
group_state_t* state = reinterpret_cast<group_state_t*>(p);
init_group_state(state);
group* retval = (by_name ? getgrnam_internal(name, state) : getgrgid_internal(gid, state));
if (retval != NULL) {
*grp = *retval;
*result = grp;
return 0;
}
return errno;
}
int getgrgid_r(gid_t gid, struct group* grp, char* buf, size_t buflen, struct group** result) {
return getgroup_r(false, NULL, gid, grp, buf, buflen, result);
}
int getgrnam_r(const char* name, struct group* grp, char* buf, size_t buflen,
struct group **result) {
return getgroup_r(true, name, 0, grp, buf, buflen, result);
}
// We don't have an /etc/networks, so all inputs return NULL.
netent* getnetbyname(const char* /*name*/) {
return NULL;
}
// We don't have an /etc/networks, so all inputs return NULL.
netent* getnetbyaddr(uint32_t /*net*/, int /*type*/) {
return NULL;
}
// We don't have an /etc/protocols, so all inputs return NULL.
protoent* getprotobyname(const char* /*name*/) {
return NULL;
}
// We don't have an /etc/protocols, so all inputs return NULL.
protoent* getprotobynumber(int /*proto*/) {
return NULL;
}
// Portable code should use sysconf(_SC_PAGE_SIZE) directly instead.
int getpagesize() {
// We dont use sysconf(3) here because that drags in stdio, which makes static binaries fat.
return PAGE_SIZE;
}