commit c49719fc5d2cf3817f6997ce40fc2dac7d411efa
author Tom Cherry <tomcherry@google.com> Wed Jan 10 11:04:34 2018 -0800
committer Tom Cherry <tomcherry@google.com> Fri Jan 12 10:35:26 2018 -0800
tree 20976b810ebb16b32d2bf125bed2df5750a1f763
parent eac86b0ea90f19f9a4116e9a1ca401f0959ceb03

init: always expand args in subcontext

Currently init expands properties in arguments only when those
commands are run in a subcontext.  This creates a hole where
properties that should not be accessible from a given subcontext of
init can be accessed when running a command in the main init
executable (for example `start`).

This change creates a callback in subcontext init that simply expands
and returns arguments back to the main init process, to ensure that
only those properties that a subcontext can access get expanded.

Bug: 62875318
Test: boot bullhead, new unit tests
Change-Id: I2850009e70da877c08e4cc83350c727b0ea98796

init/subcontext.h

diff --git a/init/subcontext.h b/init/subcontext.h
index eadabee..262440d 100644
--- a/init/subcontext.h
+++ b/init/subcontext.h
@@ -25,6 +25,7 @@
 #include <android-base/unique_fd.h>
 
 #include "builtins.h"
+#include "system/core/init/subcontext.pb.h"
 
 namespace android {
 namespace init {
@@ -39,7 +40,8 @@
         Fork();
     }
 
-    Result<Success> Execute(const std::vector<std::string>& command);
+    Result<Success> Execute(const std::vector<std::string>& args);
+    Result<std::vector<std::string>> ExpandArgs(const std::vector<std::string>& args);
     void Restart();
 
     const std::string& path_prefix() const { return path_prefix_; }
@@ -48,6 +50,7 @@
 
   private:
     void Fork();
+    Result<SubcontextReply> TransmitMessage(const SubcontextCommand& subcontext_command);
 
     std::string path_prefix_;
     std::string context_;