From 846da873b4f3bd7c00cc3b4bbadd1e4d2accdf10 Mon Sep 17 00:00:00 2001 From: Tri Vo Date: Fri, 15 Jul 2022 10:23:03 -0700 Subject: [PATCH] storageproxyd: Remove setuid, setgid, and capset These operations require excessive SELinux and UNIX permissions. Instead of dropping privileges after starting we will start storageproxyd as "system" user. Bug: 205904330 Test: com.android.storage-unittest.td Change-Id: I0b2503a746c52474c8cc2e1f7a2fbe17c98d6d8b --- trusty/storage/proxy/proxy.c | 50 ++++-------------------------------- 1 file changed, 5 insertions(+), 45 deletions(-) diff --git a/trusty/storage/proxy/proxy.c b/trusty/storage/proxy/proxy.c index 262003427..7cbc24ffe 100644 --- a/trusty/storage/proxy/proxy.c +++ b/trusty/storage/proxy/proxy.c @@ -70,49 +70,6 @@ static void show_usage_and_exit(int code) { exit(code); } -static int drop_privs(void) { - struct __user_cap_header_struct capheader; - struct __user_cap_data_struct capdata[2]; - - if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0) { - return -1; - } - - /* - * ensure we're running as the system user - */ - if (setgid(AID_SYSTEM) != 0) { - return -1; - } - - if (setuid(AID_SYSTEM) != 0) { - return -1; - } - - /* - * drop all capabilities except SYS_RAWIO - */ - memset(&capheader, 0, sizeof(capheader)); - memset(&capdata, 0, sizeof(capdata)); - capheader.version = _LINUX_CAPABILITY_VERSION_3; - capheader.pid = 0; - - capdata[CAP_TO_INDEX(CAP_SYS_RAWIO)].permitted = CAP_TO_MASK(CAP_SYS_RAWIO); - capdata[CAP_TO_INDEX(CAP_SYS_RAWIO)].effective = CAP_TO_MASK(CAP_SYS_RAWIO); - - if (capset(&capheader, &capdata[0]) < 0) { - return -1; - } - - /* - * No access for group and other. We need execute access for user to create - * an accessible directory. - */ - umask(S_IRWXG | S_IRWXO); - - return 0; -} - static int handle_req(struct storage_msg* msg, const void* req, size_t req_len) { int rc; @@ -260,8 +217,11 @@ static void parse_args(int argc, char* argv[]) { int main(int argc, char* argv[]) { int rc; - /* drop privileges */ - if (drop_privs() < 0) return EXIT_FAILURE; + /* + * No access for group and other. We need execute access for user to create + * an accessible directory. + */ + umask(S_IRWXG | S_IRWXO); /* parse arguments */ parse_args(argc, argv);