12b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao/* 22b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao * Copyright (C) 2011 The Android Open Source Project 32b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao * 42b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao * Licensed under the Apache License, Version 2.0 (the "License"); 52b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao * you may not use this file except in compliance with the License. 62b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao * You may obtain a copy of the License at 72b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao * 82b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao * http://www.apache.org/licenses/LICENSE-2.0 92b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao * 102b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao * Unless required by applicable law or agreed to in writing, software 112b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao * distributed under the License is distributed on an "AS IS" BASIS, 122b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 132b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao * See the License for the specific language governing permissions and 142b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao * limitations under the License. 152b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao */ 162b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao 172b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao#include <cutils/log.h> 182b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao#include <cutils/sockets.h> 192b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao 202b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao#ifdef HAVE_ANDROID_OS 212b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao/* For the socket trust (credentials) check */ 222b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao#include <private/android_filesystem_config.h> 232b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao#endif 242b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao 252b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhaobool socket_peer_is_trusted(int fd) 262b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao{ 272b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao#ifdef HAVE_ANDROID_OS 282b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao struct ucred cr; 292b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao socklen_t len = sizeof(cr); 302b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao int n = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &cr, &len); 312b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao 322b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao if (n != 0) { 3301dda204cd28fe181691b4a44a51be7e5666d0c8Steve Block ALOGE("could not get socket credentials: %s\n", strerror(errno)); 342b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao return false; 352b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao } 362b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao 372b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao if ((cr.uid != AID_ROOT) && (cr.uid != AID_SHELL)) { 3801dda204cd28fe181691b4a44a51be7e5666d0c8Steve Block ALOGE("untrusted userid on other end of socket: userid %d\n", cr.uid); 392b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao return false; 402b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao } 412b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao#endif 422b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao 432b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao return true; 442b8f76cdbb254ac1170087a40dbf30b7627f3516jeffhao} 45