Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_system_core / 84c99136fdcfe1f8ba11305b3bc5323649509106^! / .
commit84c99136fdcfe1f8ba11305b3bc5323649509106[log] [tgz]
authorLuis Hector Chavez <lhchavez@google.com>Mon Jan 08 13:02:18 2018 -0800
committerLuis Hector Chavez <lhchavez@google.com>Mon Jan 08 13:24:32 2018 -0800
tree8be29a72a4bc3385bb57d9b962e71c4708b93c83
parent830fd168deb7366a3af8228f8789e05ab1353453 [diff]
libcutils: Stop checking the uid of netlink messages

This is a partial revert of
https://android-review.googlesource.com/c/platform/system/core/+/528619.
The uid-check was done before
https://patchwork.kernel.org/patch/1525551/ was available, and thus is
now unnecessary to perform such check, since we can just rely on the
kernel patch now.

Bug: 71632076
Test: aosp_sailfish-userdebug still works

Change-Id: I1d1319b774483d1714ecb4dd838a20e055acc2a3

diff --git a/libcutils/uevent.cpp b/libcutils/uevent.cpp
index a84e5b0..2dfceed 100644
--- a/libcutils/uevent.cpp
+++ b/libcutils/uevent.cpp

@@ -27,54 +27,6 @@
 
 #include <linux/netlink.h>
 
-#include <fstream>
-
-#include <private/android_filesystem_config.h>
-
-namespace {
-
-// Returns the uid of root in the current user namespace.
-// Returns AID_OVERFLOWUID if the root user is not mapped in the current
-// namespace.
-// Returns 0 if the kernel is not user namespace-aware (for backwards
-// compatibility) or if AID_OVERFLOWUID could not be validated to match what the
-// kernel would return.
-uid_t GetRootUid() {
-    constexpr uid_t kParentRootUid = 0;
-
-    std::ifstream uid_map_file("/proc/self/uid_map");
-    if (!uid_map_file) {
-        // The kernel does not support user namespaces.
-        return kParentRootUid;
-    }
-
-    uid_t current_namespace_uid, parent_namespace_uid;
-    uint32_t length;
-    while (uid_map_file >> current_namespace_uid >> parent_namespace_uid >> length) {
-        // Since kParentRootUid is 0, it should be the first entry in the mapped
-        // range.
-        if (parent_namespace_uid != kParentRootUid || length < 1) continue;
-        return current_namespace_uid;
-    }
-
-    // Sanity check: verify that the overflow UID is the one to be returned by
-    // the kernel.
-    std::ifstream overflowuid_file("/proc/sys/kernel/overflowuid");
-    if (!overflowuid_file) {
-        // It's better to return 0 in case we cannot make sure that the overflow
-        // UID matches.
-        return kParentRootUid;
-    }
-    uid_t kernel_overflow_uid;
-    if (!(overflowuid_file >> kernel_overflow_uid) || kernel_overflow_uid != AID_OVERFLOWUID)
-        return kParentRootUid;
-
-    // root is unmapped, use the kernel "overflow" uid.
-    return AID_OVERFLOWUID;
-}
-
-}  // namespace
-
 extern "C" {
 
 /**
@@ -99,7 +51,6 @@
 }
 
 ssize_t uevent_kernel_recv(int socket, void* buffer, size_t length, bool require_group, uid_t* uid) {
-    static const uid_t root_uid = GetRootUid();
     struct iovec iov = {buffer, length};
     struct sockaddr_nl addr;
     char control[CMSG_SPACE(sizeof(struct ucred))];
@@ -122,10 +73,6 @@
 
     cred = (struct ucred*)CMSG_DATA(cmsg);
     *uid = cred->uid;
-    if (cred->uid != root_uid) {
-        /* ignoring netlink message from non-root user */
-        goto out;
-    }
 
     if (addr.nl_pid != 0) {
         /* ignore non-kernel */