435 lines
12 KiB
C
435 lines
12 KiB
C
/*
|
|
* Copyright (C) 2008 The Android Open Source Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
// A simple file permissions checker. See associated README.
|
|
|
|
#define _GNU_SOURCE
|
|
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <stdarg.h>
|
|
#include <string.h>
|
|
#include <ctype.h>
|
|
#include <sys/types.h>
|
|
#include <dirent.h>
|
|
#include <errno.h>
|
|
|
|
#include <sys/stat.h>
|
|
#include <unistd.h>
|
|
#include <time.h>
|
|
|
|
#include <pwd.h>
|
|
#include <grp.h>
|
|
|
|
#include <linux/kdev_t.h>
|
|
|
|
#define DEFAULT_CONFIG_FILE "/data/local/perm_checker.conf"
|
|
|
|
#define PERMS(M) (M & ~S_IFMT)
|
|
#define MAX_NAME_LEN 4096
|
|
#define MAX_UID_LEN 256
|
|
#define MAX_GID_LEN MAX_UID_LEN
|
|
|
|
static char *config_file;
|
|
static char *executable_file;
|
|
|
|
enum perm_rule_type {EXACT_FILE = 0, EXACT_DIR, WILDCARD, RECURSIVE,
|
|
NUM_PR_TYPES};
|
|
|
|
struct perm_rule {
|
|
char *rule_text;
|
|
int rule_line;
|
|
char *spec;
|
|
mode_t min_mode;
|
|
mode_t max_mode;
|
|
uid_t min_uid;
|
|
uid_t max_uid;
|
|
gid_t min_gid;
|
|
gid_t max_gid;
|
|
enum perm_rule_type type;
|
|
struct perm_rule *next;
|
|
};
|
|
|
|
typedef struct perm_rule perm_rule_t;
|
|
|
|
static perm_rule_t *rules[NUM_PR_TYPES];
|
|
|
|
static uid_t str2uid(char *str, int line_num)
|
|
{
|
|
struct passwd *pw;
|
|
|
|
if (isdigit(str[0]))
|
|
return (uid_t) atol(str);
|
|
|
|
if (!(pw = getpwnam(str))) {
|
|
printf("# ERROR # Invalid uid '%s' reading line %d\n", str, line_num);
|
|
exit(255);
|
|
}
|
|
return pw->pw_uid;
|
|
}
|
|
|
|
static gid_t str2gid(char *str, int line_num)
|
|
{
|
|
struct group *gr;
|
|
|
|
if (isdigit(str[0]))
|
|
return (uid_t) atol(str);
|
|
|
|
if (!(gr = getgrnam(str))) {
|
|
printf("# ERROR # Invalid gid '%s' reading line %d\n", str, line_num);
|
|
exit(255);
|
|
}
|
|
return gr->gr_gid;
|
|
}
|
|
|
|
static void add_rule(int line_num, char *spec,
|
|
unsigned long min_mode, unsigned long max_mode,
|
|
char *min_uid_buf, char *max_uid_buf,
|
|
char *min_gid_buf, char *max_gid_buf) {
|
|
|
|
char rule_text_buf[MAX_NAME_LEN + 2*MAX_UID_LEN + 2*MAX_GID_LEN + 9];
|
|
perm_rule_t *pr = malloc(sizeof(perm_rule_t));
|
|
if (!pr) {
|
|
printf("Out of memory.\n");
|
|
exit(255);
|
|
}
|
|
if (snprintf(rule_text_buf, sizeof(rule_text_buf),
|
|
"%s %lo %lo %s %s %s %s", spec, min_mode, max_mode,
|
|
min_uid_buf, max_uid_buf, min_gid_buf, max_gid_buf)
|
|
>= (long int) sizeof(rule_text_buf)) {
|
|
// This should never happen, but just in case...
|
|
printf("# ERROR # Maximum length limits exceeded on line %d\n",
|
|
line_num);
|
|
exit(255);
|
|
}
|
|
pr->rule_text = strndup(rule_text_buf, sizeof(rule_text_buf));
|
|
pr->rule_line = line_num;
|
|
if (strstr(spec, "/...")) {
|
|
pr->spec = strndup(spec, strlen(spec) - 3);
|
|
pr->type = RECURSIVE;
|
|
} else if (spec[strlen(spec) - 1] == '*') {
|
|
pr->spec = strndup(spec, strlen(spec) - 1);
|
|
pr->type = WILDCARD;
|
|
} else if (spec[strlen(spec) - 1] == '/') {
|
|
pr->spec = strdup(spec);
|
|
pr->type = EXACT_DIR;
|
|
} else {
|
|
pr->spec = strdup(spec);
|
|
pr->type = EXACT_FILE;
|
|
}
|
|
if ((pr->spec == NULL) || (pr->rule_text == NULL)) {
|
|
printf("Out of memory.\n");
|
|
exit(255);
|
|
}
|
|
pr->min_mode = min_mode;
|
|
pr->max_mode = max_mode;
|
|
pr->min_uid = str2uid(min_uid_buf, line_num);
|
|
pr->max_uid = str2uid(max_uid_buf, line_num);
|
|
pr->min_gid = str2gid(min_gid_buf, line_num);
|
|
pr->max_gid = str2gid(max_gid_buf, line_num);
|
|
|
|
// Add the rule to the appropriate set
|
|
pr->next = rules[pr->type];
|
|
rules[pr->type] = pr;
|
|
#if 0 // Useful for debugging
|
|
printf("rule #%d: type = %d spec = %s min_mode = %o max_mode = %o "
|
|
"min_uid = %d max_uid = %d min_gid = %d max_gid = %d\n",
|
|
num_rules, pr->type, pr->spec, pr->min_mode, pr->max_mode,
|
|
pr->min_uid, pr->max_uid, pr->min_gid, pr->max_gid);
|
|
#endif
|
|
}
|
|
|
|
static int read_rules(FILE *fp)
|
|
{
|
|
char spec[MAX_NAME_LEN + 5]; // Allows for "/..." suffix + terminator
|
|
char min_uid_buf[MAX_UID_LEN + 1], max_uid_buf[MAX_UID_LEN + 1];
|
|
char min_gid_buf[MAX_GID_LEN + 1], max_gid_buf[MAX_GID_LEN + 1];
|
|
unsigned long min_mode, max_mode;
|
|
int res;
|
|
int num_rules = 0, num_lines = 0;
|
|
|
|
// Note: Use of an unsafe C function here is OK, since this is a test
|
|
while ((res = fscanf(fp, "%s %lo %lo %s %s %s %s\n", spec,
|
|
&min_mode, &max_mode, min_uid_buf, max_uid_buf,
|
|
min_gid_buf, max_gid_buf)) != EOF) {
|
|
num_lines++;
|
|
if (res < 7) {
|
|
printf("# WARNING # Invalid rule on line number %d\n", num_lines);
|
|
continue;
|
|
}
|
|
add_rule(num_lines, spec,
|
|
min_mode, max_mode,
|
|
min_uid_buf, max_uid_buf,
|
|
min_gid_buf, max_gid_buf);
|
|
num_rules++;
|
|
}
|
|
|
|
// Automatically add a rule to match this executable itself
|
|
add_rule(-1, executable_file,
|
|
000, 0777,
|
|
"root", "shell",
|
|
"root", "shell");
|
|
|
|
// Automatically add a rule to match the configuration file
|
|
add_rule(-1, config_file,
|
|
000, 0777,
|
|
"root", "shell",
|
|
"root", "shell");
|
|
|
|
return num_lines - num_rules;
|
|
}
|
|
|
|
static void print_failed_rule(const perm_rule_t *pr)
|
|
{
|
|
printf("# INFO # Failed rule #%d: %s\n", pr->rule_line, pr->rule_text);
|
|
}
|
|
|
|
static void print_new_rule(const char *name, mode_t mode, uid_t uid, gid_t gid)
|
|
{
|
|
struct passwd *pw;
|
|
struct group *gr;
|
|
gr = getgrgid(gid);
|
|
pw = getpwuid(uid);
|
|
printf("%s %4o %4o %s %d %s %d\n", name, mode, mode, pw->pw_name, uid,
|
|
gr->gr_name, gid);
|
|
}
|
|
|
|
// Returns 1 if the rule passes, prints the failure and returns 0 if not
|
|
static int pass_rule(const perm_rule_t *pr, mode_t mode, uid_t uid, gid_t gid)
|
|
{
|
|
if (((pr->min_mode & mode) == pr->min_mode) &&
|
|
((pr->max_mode | mode) == pr->max_mode) &&
|
|
(pr->min_gid <= gid) && (pr->max_gid >= gid) &&
|
|
(pr->min_uid <= uid) && (pr->max_uid >= uid))
|
|
return 1;
|
|
print_failed_rule(pr);
|
|
return 0;
|
|
}
|
|
|
|
// Returns 0 on success
|
|
static int validate_file(const char *name, mode_t mode, uid_t uid, gid_t gid)
|
|
{
|
|
perm_rule_t *pr;
|
|
int rules_matched = 0;
|
|
int retval = 0;
|
|
|
|
pr = rules[EXACT_FILE];
|
|
while (pr != NULL) {
|
|
if (strcmp(name, pr->spec) == 0) {
|
|
if (!pass_rule(pr, mode, uid, gid))
|
|
retval++;
|
|
else
|
|
rules_matched++; // Exact match found
|
|
}
|
|
pr = pr->next;
|
|
}
|
|
|
|
if ((retval + rules_matched) > 1)
|
|
printf("# WARNING # Multiple exact rules for file: %s\n", name);
|
|
|
|
// If any exact rule matched or failed, we are done with this file
|
|
if (retval)
|
|
print_new_rule(name, mode, uid, gid);
|
|
if (rules_matched || retval)
|
|
return retval;
|
|
|
|
pr = rules[WILDCARD];
|
|
while (pr != NULL) {
|
|
// Check if the spec is a prefix of the filename, and that the file
|
|
// is actually in the same directory as the wildcard.
|
|
if ((strstr(name, pr->spec) == name) &&
|
|
(!strchr(name + strlen(pr->spec), '/'))) {
|
|
if (!pass_rule(pr, mode, uid, gid))
|
|
retval++;
|
|
else
|
|
rules_matched++;
|
|
}
|
|
pr = pr->next;
|
|
}
|
|
|
|
pr = rules[RECURSIVE];
|
|
while (pr != NULL) {
|
|
if (strstr(name, pr->spec) == name) {
|
|
if (!pass_rule(pr, mode, uid, gid))
|
|
retval++;
|
|
else
|
|
rules_matched++;
|
|
}
|
|
pr = pr->next;
|
|
}
|
|
|
|
if (!rules_matched)
|
|
retval++; // In case no rules either matched or failed, be sure to fail
|
|
|
|
if (retval)
|
|
print_new_rule(name, mode, uid, gid);
|
|
|
|
return retval;
|
|
}
|
|
|
|
// Returns 0 on success
|
|
static int validate_link(const char *name, mode_t mode, uid_t uid, gid_t gid)
|
|
{
|
|
perm_rule_t *pr;
|
|
int rules_matched = 0;
|
|
int retval = 0;
|
|
|
|
// For now, we match links against "exact" file rules only
|
|
pr = rules[EXACT_FILE];
|
|
while (pr != NULL) {
|
|
if (strcmp(name, pr->spec) == 0) {
|
|
if (!pass_rule(pr, mode, uid, gid))
|
|
retval++;
|
|
else
|
|
rules_matched++; // Exact match found
|
|
}
|
|
pr = pr->next;
|
|
}
|
|
|
|
if ((retval + rules_matched) > 1)
|
|
printf("# WARNING # Multiple exact rules for link: %s\n", name);
|
|
if (retval)
|
|
print_new_rule(name, mode, uid, gid);
|
|
|
|
// Note: Unlike files, if no rules matches for links, retval = 0 (success).
|
|
return retval;
|
|
}
|
|
|
|
// Returns 0 on success
|
|
static int validate_dir(const char *name, mode_t mode, uid_t uid, gid_t gid)
|
|
{
|
|
perm_rule_t *pr;
|
|
int rules_matched = 0;
|
|
int retval = 0;
|
|
|
|
pr = rules[EXACT_DIR];
|
|
while (pr != NULL) {
|
|
if (strcmp(name, pr->spec) == 0) {
|
|
if (!pass_rule(pr, mode, uid, gid))
|
|
retval++;
|
|
else
|
|
rules_matched++; // Exact match found
|
|
}
|
|
pr = pr->next;
|
|
}
|
|
|
|
if ((retval + rules_matched) > 1)
|
|
printf("# WARNING # Multiple exact rules for directory: %s\n", name);
|
|
|
|
// If any exact rule matched or failed, we are done with this directory
|
|
if (retval)
|
|
print_new_rule(name, mode, uid, gid);
|
|
if (rules_matched || retval)
|
|
return retval;
|
|
|
|
pr = rules[RECURSIVE];
|
|
while (pr != NULL) {
|
|
if (strstr(name, pr->spec) == name) {
|
|
if (!pass_rule(pr, mode, uid, gid))
|
|
retval++;
|
|
else
|
|
rules_matched++;
|
|
}
|
|
pr = pr->next;
|
|
}
|
|
|
|
if (!rules_matched)
|
|
retval++; // In case no rules either matched or failed, be sure to fail
|
|
|
|
if (retval)
|
|
print_new_rule(name, mode, uid, gid);
|
|
|
|
return retval;
|
|
}
|
|
|
|
// Returns 0 on success
|
|
static int check_path(const char *name)
|
|
{
|
|
char namebuf[MAX_NAME_LEN + 1];
|
|
char tmp[MAX_NAME_LEN + 1];
|
|
DIR *d;
|
|
struct dirent *de;
|
|
struct stat s;
|
|
int err;
|
|
int retval = 0;
|
|
|
|
err = lstat(name, &s);
|
|
if (err < 0) {
|
|
if (errno != ENOENT)
|
|
{
|
|
perror(name);
|
|
return 1;
|
|
}
|
|
return 0; // File doesn't exist anymore
|
|
}
|
|
|
|
if (S_ISDIR(s.st_mode)) {
|
|
if (name[strlen(name) - 1] != '/')
|
|
snprintf(namebuf, sizeof(namebuf), "%s/", name);
|
|
else
|
|
snprintf(namebuf, sizeof(namebuf), "%s", name);
|
|
|
|
retval |= validate_dir(namebuf, PERMS(s.st_mode), s.st_uid, s.st_gid);
|
|
d = opendir(namebuf);
|
|
if(d == 0) {
|
|
printf("%s : opendir failed: %s\n", namebuf, strerror(errno));
|
|
return 1;
|
|
}
|
|
|
|
while ((de = readdir(d)) != 0) {
|
|
if (!strcmp(de->d_name, ".") || !strcmp(de->d_name, ".."))
|
|
continue;
|
|
snprintf(tmp, sizeof(tmp), "%s%s", namebuf, de->d_name);
|
|
retval |= check_path(tmp);
|
|
}
|
|
closedir(d);
|
|
return retval;
|
|
} else if (S_ISLNK(s.st_mode)) {
|
|
return validate_link(name, PERMS(s.st_mode), s.st_uid, s.st_gid);
|
|
} else {
|
|
return validate_file(name, PERMS(s.st_mode), s.st_uid, s.st_gid);
|
|
}
|
|
}
|
|
|
|
int main(int argc, char **argv)
|
|
{
|
|
FILE *fp;
|
|
int i;
|
|
|
|
if (argc > 2) {
|
|
printf("\nSyntax: %s [configfilename]\n", argv[0]);
|
|
}
|
|
config_file = (argc == 2) ? argv[1] : DEFAULT_CONFIG_FILE;
|
|
executable_file = argv[0];
|
|
|
|
// Initialize ruleset pointers
|
|
for (i = 0; i < NUM_PR_TYPES; i++)
|
|
rules[i] = NULL;
|
|
|
|
if (!(fp = fopen(config_file, "r"))) {
|
|
printf("Error opening %s\n", config_file);
|
|
exit(255);
|
|
}
|
|
read_rules(fp);
|
|
fclose(fp);
|
|
|
|
if (check_path("/"))
|
|
return 255;
|
|
|
|
printf("Passed.\n");
|
|
return 0;
|
|
}
|