init: always expand args in subcontext
Currently init expands properties in arguments only when those
commands are run in a subcontext. This creates a hole where
properties that should not be accessible from a given subcontext of
init can be accessed when running a command in the main init
executable (for example `start`).
This change creates a callback in subcontext init that simply expands
and returns arguments back to the main init process, to ensure that
only those properties that a subcontext can access get expanded.
Bug: 62875318
Test: boot bullhead, new unit tests
Change-Id: I2850009e70da877c08e4cc83350c727b0ea98796
diff --git a/init/subcontext.cpp b/init/subcontext.cpp
index 068be6e..be754da 100644
--- a/init/subcontext.cpp
+++ b/init/subcontext.cpp
@@ -28,7 +28,6 @@
#include "action.h"
#include "selinux.h"
-#include "system/core/init/subcontext.pb.h"
#include "util.h"
using android::base::GetExecutablePath;
@@ -84,7 +83,9 @@
private:
void RunCommand(const SubcontextCommand::ExecuteCommand& execute_command,
- SubcontextReply::ResultMessage* result_message) const;
+ SubcontextReply* reply) const;
+ void ExpandArgs(const SubcontextCommand::ExpandArgsCommand& expand_args_command,
+ SubcontextReply* reply) const;
const KeywordFunctionMap* function_map_;
const std::string context_;
@@ -92,7 +93,7 @@
};
void SubcontextProcess::RunCommand(const SubcontextCommand::ExecuteCommand& execute_command,
- SubcontextReply::ResultMessage* result_message) const {
+ SubcontextReply* reply) const {
// Need to use ArraySplice instead of this code.
auto args = std::vector<std::string>();
for (const auto& string : execute_command.args()) {
@@ -108,11 +109,27 @@
}
if (result) {
- result_message->set_success(true);
+ reply->set_success(true);
} else {
- result_message->set_success(false);
- result_message->set_error_string(result.error_string());
- result_message->set_error_errno(result.error_errno());
+ auto* failure = reply->mutable_failure();
+ failure->set_error_string(result.error_string());
+ failure->set_error_errno(result.error_errno());
+ }
+}
+
+void SubcontextProcess::ExpandArgs(const SubcontextCommand::ExpandArgsCommand& expand_args_command,
+ SubcontextReply* reply) const {
+ for (const auto& arg : expand_args_command.args()) {
+ auto expanded_prop = std::string{};
+ if (!expand_props(arg, &expanded_prop)) {
+ auto* failure = reply->mutable_failure();
+ failure->set_error_string("Failed to expand '" + arg + "'");
+ failure->set_error_errno(0);
+ return;
+ } else {
+ auto* expand_args_reply = reply->mutable_expand_args_reply();
+ expand_args_reply->add_expanded_args(expanded_prop);
+ }
}
}
@@ -142,7 +159,11 @@
auto reply = SubcontextReply();
switch (subcontext_command.command_case()) {
case SubcontextCommand::kExecuteCommand: {
- RunCommand(subcontext_command.execute_command(), reply.mutable_result());
+ RunCommand(subcontext_command.execute_command(), &reply);
+ break;
+ }
+ case SubcontextCommand::kExpandArgsCommand: {
+ ExpandArgs(subcontext_command.expand_args_command(), &reply);
break;
}
default:
@@ -219,12 +240,7 @@
Fork();
}
-Result<Success> Subcontext::Execute(const std::vector<std::string>& args) {
- auto subcontext_command = SubcontextCommand();
- std::copy(
- args.begin(), args.end(),
- RepeatedPtrFieldBackInserter(subcontext_command.mutable_execute_command()->mutable_args()));
-
+Result<SubcontextReply> Subcontext::TransmitMessage(const SubcontextCommand& subcontext_command) {
if (auto result = SendMessage(socket_, subcontext_command); !result) {
Restart();
return ErrnoError() << "Failed to send message to subcontext";
@@ -236,25 +252,59 @@
return Error() << "Failed to receive result from subcontext: " << subcontext_message.error();
}
- auto subcontext_reply = SubcontextReply();
+ auto subcontext_reply = SubcontextReply{};
if (!subcontext_reply.ParseFromString(*subcontext_message)) {
Restart();
return Error() << "Unable to parse message from subcontext";
}
-
- switch (subcontext_reply.reply_case()) {
- case SubcontextReply::kResult: {
- auto result = subcontext_reply.result();
- if (result.success()) {
- return Success();
- } else {
- return ResultError(result.error_string(), result.error_errno());
- }
- }
- default:
- return Error() << "Unknown message type from subcontext: "
- << subcontext_reply.reply_case();
+ if (subcontext_reply.reply_case() == SubcontextReply::kFailure) {
+ auto& failure = subcontext_reply.failure();
+ return ResultError(failure.error_string(), failure.error_errno());
}
+ return subcontext_reply;
+}
+
+Result<Success> Subcontext::Execute(const std::vector<std::string>& args) {
+ auto subcontext_command = SubcontextCommand();
+ std::copy(
+ args.begin(), args.end(),
+ RepeatedPtrFieldBackInserter(subcontext_command.mutable_execute_command()->mutable_args()));
+
+ auto subcontext_reply = TransmitMessage(subcontext_command);
+ if (!subcontext_reply) {
+ return subcontext_reply.error();
+ }
+
+ if (subcontext_reply->reply_case() != SubcontextReply::kSuccess) {
+ return Error() << "Unexpected message type from subcontext: "
+ << subcontext_reply->reply_case();
+ }
+
+ return Success();
+}
+
+Result<std::vector<std::string>> Subcontext::ExpandArgs(const std::vector<std::string>& args) {
+ auto subcontext_command = SubcontextCommand{};
+ std::copy(args.begin(), args.end(),
+ RepeatedPtrFieldBackInserter(
+ subcontext_command.mutable_expand_args_command()->mutable_args()));
+
+ auto subcontext_reply = TransmitMessage(subcontext_command);
+ if (!subcontext_reply) {
+ return subcontext_reply.error();
+ }
+
+ if (subcontext_reply->reply_case() != SubcontextReply::kExpandArgsReply) {
+ return Error() << "Unexpected message type from subcontext: "
+ << subcontext_reply->reply_case();
+ }
+
+ auto& reply = subcontext_reply->expand_args_reply();
+ auto expanded_args = std::vector<std::string>{};
+ for (const auto& string : reply.expanded_args()) {
+ expanded_args.emplace_back(string);
+ }
+ return expanded_args;
}
static std::vector<Subcontext> subcontexts;