From ef62f3fcbb2189d230497f12996e25bae205245b Mon Sep 17 00:00:00 2001 From: Luis Hector Chavez Date: Wed, 27 Jun 2018 10:40:10 -0700 Subject: [PATCH 1/2] Add a way to disable run-as at runtime This change adds the ro.boot.disable_runas system property, that when set, disables the run-as command. This is done to reduce the surface area of programs that have file based capabilities in Chrome OS, and what they can do when running in non-developer mode. Bug: 31630024 Test: run-as still works in aosp_sailfish Test: run-as still works in Android in Chrome OS (in developer mode) Change-Id: Iaf1d6f9ceb65081b7a9e17b9b91d8855e4080133 --- run-as/Android.mk | 2 +- run-as/run-as.cpp | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/run-as/Android.mk b/run-as/Android.mk index 7111fbe14..0d0016c8f 100644 --- a/run-as/Android.mk +++ b/run-as/Android.mk @@ -3,6 +3,6 @@ LOCAL_PATH:= $(call my-dir) include $(CLEAR_VARS) LOCAL_CFLAGS := -Wall -Werror LOCAL_MODULE := run-as -LOCAL_SHARED_LIBRARIES := libselinux libpackagelistparser libminijail +LOCAL_SHARED_LIBRARIES := libbase libselinux libpackagelistparser libminijail LOCAL_SRC_FILES := run-as.cpp include $(BUILD_EXECUTABLE) diff --git a/run-as/run-as.cpp b/run-as/run-as.cpp index b27cfad7c..d005ecf3b 100644 --- a/run-as/run-as.cpp +++ b/run-as/run-as.cpp @@ -28,6 +28,7 @@ #include #include +#include #include #include #include @@ -40,6 +41,7 @@ // The 'run-as' binary is installed with CAP_SETUID and CAP_SETGID file // capabilities, but will check the following: // +// - that the ro.boot.disable_runas property is not set // - that it is invoked from the 'shell' or 'root' user (abort otherwise) // - that '' is the name of an installed and debuggable package // - that the package's data directory is well-formed @@ -139,6 +141,12 @@ int main(int argc, char* argv[]) { error(1, 0, "only 'shell' or 'root' users can run this program"); } + // Some devices can disable running run-as, such as Chrome OS when running in + // non-developer mode. + if (android::base::GetBoolProperty("ro.boot.disable_runas", false)) { + error(1, 0, "run-as is disabled from the kernel commandline"); + } + char* pkgname = argv[1]; int cmd_argv_offset = 2; From 5417bcb5bd65aa9d97b1756e8d08d3b79747a14b Mon Sep 17 00:00:00 2001 From: Luis Hector Chavez Date: Wed, 27 Jun 2018 11:15:23 -0700 Subject: [PATCH 2/2] run-as: Migrate to blueprint This change removes the old Makefile and adds a new blueprint file Bug: None Test: m Change-Id: I2157efc51320f64db53e61cfa669268cfca52ec3 --- run-as/Android.bp | 28 ++++++++++++++++++++++++++++ run-as/Android.mk | 8 -------- 2 files changed, 28 insertions(+), 8 deletions(-) create mode 100644 run-as/Android.bp delete mode 100644 run-as/Android.mk diff --git a/run-as/Android.bp b/run-as/Android.bp new file mode 100644 index 000000000..840a43c47 --- /dev/null +++ b/run-as/Android.bp @@ -0,0 +1,28 @@ +// +// Copyright (C) 2018 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +cc_binary { + name: "run-as", + srcs: [ + "run-as.cpp", + ], + shared_libs: [ + "libbase", + "libselinux", + "libpackagelistparser", + "libminijail", + ], +} diff --git a/run-as/Android.mk b/run-as/Android.mk deleted file mode 100644 index 0d0016c8f..000000000 --- a/run-as/Android.mk +++ /dev/null @@ -1,8 +0,0 @@ -LOCAL_PATH:= $(call my-dir) - -include $(CLEAR_VARS) -LOCAL_CFLAGS := -Wall -Werror -LOCAL_MODULE := run-as -LOCAL_SHARED_LIBRARIES := libbase libselinux libpackagelistparser libminijail -LOCAL_SRC_FILES := run-as.cpp -include $(BUILD_EXECUTABLE)