blob: 440054eac60e4dd69eacf9156f99276b561c8f77 [file] [log] [blame]
/*
* Copyright (C) 2018 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "socket_peer_is_trusted.h"
#include <pwd.h>
#include <sys/socket.h>
#include <android-base/logging.h>
namespace art {
// Returns true if the user on the other end of the socket is root or shell.
#ifdef ART_TARGET_ANDROID
bool SocketPeerIsTrusted(int fd) {
ucred cr;
socklen_t cr_length = sizeof(cr);
if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &cr, &cr_length) != 0) {
PLOG(ERROR) << "couldn't get socket credentials";
return false;
}
passwd* shell = getpwnam("shell");
if (cr.uid != 0 && cr.uid != shell->pw_uid) {
LOG(ERROR) << "untrusted uid " << cr.uid << " on other end of socket";
return false;
}
return true;
}
#else
bool SocketPeerIsTrusted(int /* fd */) {
return true;
}
#endif
} // namespace art