1 /*
2 * Copyright (C) 2011 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <cutils/uevent.h>
18
19 #include <errno.h>
20 #include <stdint.h>
21 #include <stdio.h>
22 #include <string.h>
23 #include <strings.h>
24 #include <sys/socket.h>
25 #include <sys/un.h>
26 #include <unistd.h>
27
28 #include <linux/netlink.h>
29
30 extern "C" {
31
32 /**
33 * Like recv(), but checks that messages actually originate from the kernel.
34 */
uevent_kernel_multicast_recv(int socket,void * buffer,size_t length)35 ssize_t uevent_kernel_multicast_recv(int socket, void* buffer, size_t length) {
36 uid_t uid = -1;
37 return uevent_kernel_multicast_uid_recv(socket, buffer, length, &uid);
38 }
39
40 /**
41 * Like the above, but passes a uid_t in by pointer. In the event that this
42 * fails due to a bad uid check, the uid_t will be set to the uid of the
43 * socket's peer.
44 *
45 * If this method rejects a netlink message from outside the kernel, it
46 * returns -1, sets errno to EIO, and sets "user" to the UID associated with the
47 * message. If the peer UID cannot be determined, "user" is set to -1."
48 */
uevent_kernel_multicast_uid_recv(int socket,void * buffer,size_t length,uid_t * uid)49 ssize_t uevent_kernel_multicast_uid_recv(int socket, void* buffer, size_t length, uid_t* uid) {
50 return uevent_kernel_recv(socket, buffer, length, true, uid);
51 }
52
uevent_kernel_recv(int socket,void * buffer,size_t length,bool require_group,uid_t * uid)53 ssize_t uevent_kernel_recv(int socket, void* buffer, size_t length, bool require_group, uid_t* uid) {
54 struct iovec iov = {buffer, length};
55 struct sockaddr_nl addr;
56 char control[CMSG_SPACE(sizeof(struct ucred))];
57 struct msghdr hdr = {
58 &addr, sizeof(addr), &iov, 1, control, sizeof(control), 0,
59 };
60 struct ucred* cred;
61
62 *uid = -1;
63 ssize_t n = TEMP_FAILURE_RETRY(recvmsg(socket, &hdr, 0));
64 if (n <= 0) {
65 return n;
66 }
67
68 struct cmsghdr* cmsg = CMSG_FIRSTHDR(&hdr);
69 if (cmsg == NULL || cmsg->cmsg_type != SCM_CREDENTIALS) {
70 /* ignoring netlink message with no sender credentials */
71 goto out;
72 }
73
74 cred = (struct ucred*)CMSG_DATA(cmsg);
75 *uid = cred->uid;
76
77 if (addr.nl_pid != 0) {
78 /* ignore non-kernel */
79 goto out;
80 }
81 if (require_group && addr.nl_groups == 0) {
82 /* ignore unicast messages when requested */
83 goto out;
84 }
85
86 return n;
87
88 out:
89 /* clear residual potentially malicious data */
90 bzero(buffer, length);
91 errno = EIO;
92 return -1;
93 }
94
95 /*
96 * Creates an unbound netlink socket for receiving uevent messages.
97 * @buf_sz: socket receive buffer size.
98 * @passcred: whether or not to enable receiving the SCM_CREDENTIALS control
99 * message.
100 *
101 * Returns: a socket descriptor upon success or -1 upon failure.
102 */
uevent_create_socket(int buf_sz,bool passcred)103 int uevent_create_socket(int buf_sz, bool passcred) {
104 int s = socket(PF_NETLINK, SOCK_DGRAM | SOCK_CLOEXEC, NETLINK_KOBJECT_UEVENT);
105 if (s < 0) {
106 return -1;
107 }
108
109 int buf_sz_readback = 0;
110 socklen_t optlen = sizeof(buf_sz_readback);
111
112 if (setsockopt(s, SOL_SOCKET, SO_RCVBUF, &buf_sz, sizeof(buf_sz)) < 0 ||
113 getsockopt(s, SOL_SOCKET, SO_RCVBUF, &buf_sz_readback, &optlen) < 0) {
114 close(s);
115 return -1;
116 }
117 /* Only if SO_RCVBUF was not effective, try SO_RCVBUFFORCE. Generally, we
118 * want to avoid SO_RCVBUFFORCE, because it generates SELinux denials in
119 * case we don't have CAP_NET_ADMIN. This is the case, for example, for
120 * healthd. */
121 if (buf_sz_readback < 2 * buf_sz) {
122 if (setsockopt(s, SOL_SOCKET, SO_RCVBUFFORCE, &buf_sz, sizeof(buf_sz)) < 0) {
123 close(s);
124 return -1;
125 }
126 }
127
128 int on = passcred;
129
130 setsockopt(s, SOL_SOCKET, SO_PASSCRED, &on, sizeof(on));
131
132 return s;
133 }
134
135 /*
136 * Binds a netlink socket. Binding a netlink socket makes the kernel start
137 * sending netlink messages to that netlink socket.
138 *
139 * Returns: 0 upon success; -1 upon error.
140 */
uevent_bind(int socket)141 int uevent_bind(int socket) {
142 struct sockaddr_nl addr = {
143 .nl_family = AF_NETLINK,
144 .nl_pid = 0,
145 .nl_groups = 0xffffffff,
146 };
147 return bind(socket, (struct sockaddr*)&addr, sizeof(addr));
148 }
149
150 /*
151 * Creates a bound netlink socket for receiving uevent messages.
152 * @buf_sz: socket receive buffer size.
153 * @passcred: whether or not to enable receiving the SCM_CREDENTIALS control
154 * message.
155 *
156 * Returns: a socket descriptor upon success or -1 upon failure.
157 */
uevent_open_socket(int buf_sz,bool passcred)158 int uevent_open_socket(int buf_sz, bool passcred) {
159 int s = uevent_create_socket(buf_sz, passcred);
160 if (s < 0) {
161 return -1;
162 }
163
164 if (uevent_bind(s) < 0) {
165 close(s);
166 return -1;
167 }
168
169 return s;
170 }
171
172 } // extern "C"
173