| /* |
| * Copyright (C) 2018 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| #include "socket_peer_is_trusted.h" |
| |
| #include <pwd.h> |
| #include <sys/socket.h> |
| |
| #include <android-base/logging.h> |
| |
| namespace art { |
| |
| // Returns true if the user on the other end of the socket is root or shell. |
| #ifdef ART_TARGET_ANDROID |
| bool SocketPeerIsTrusted(int fd) { |
| ucred cr; |
| socklen_t cr_length = sizeof(cr); |
| if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &cr, &cr_length) != 0) { |
| PLOG(ERROR) << "couldn't get socket credentials"; |
| return false; |
| } |
| |
| passwd* shell = getpwnam("shell"); |
| if (cr.uid != 0 && cr.uid != shell->pw_uid) { |
| LOG(ERROR) << "untrusted uid " << cr.uid << " on other end of socket"; |
| return false; |
| } |
| |
| return true; |
| } |
| #else |
| bool SocketPeerIsTrusted(int /* fd */) { |
| return true; |
| } |
| #endif |
| |
| } // namespace art |