From 703ed152147d90a549a2fee7cda5771703e502a0 Mon Sep 17 00:00:00 2001 From: Doug Zongker Date: Mon, 19 Mar 2012 15:52:03 -0700 Subject: run minadbd as shell user Make minadbd drop its root privileges after initializing. We need to make the /tmp directory writable by the shell group so that it can drop the sideloaded file there. Change-Id: I67b292cf769383f0f67fb934e5a80d408a4c131d --- minadbd/README.txt | 6 +++++- minadbd/adb.c | 10 ++++++++++ minadbd/services.c | 1 + minadbd/sysdeps.h | 25 ++++++++++++------------- 4 files changed, 28 insertions(+), 14 deletions(-) (limited to 'minadbd') diff --git a/minadbd/README.txt b/minadbd/README.txt index 0c190d05d..1413fe25f 100644 --- a/minadbd/README.txt +++ b/minadbd/README.txt @@ -4,7 +4,7 @@ the following changes: adb.c - much support for host mode and non-linux OS's stripped out; this version only runs as adbd on the device. - - does not setuid/setgid itself (always stays root) + - always setuid/setgid's itself to the shell user - only uses USB transport - references to JDWP removed - main() removed @@ -25,3 +25,7 @@ services.c Android.mk - only builds in adbd mode; builds as static library instead of a standalone executable. + +sysdeps.h + - changes adb_creat() to use O_NOFOLLOW + diff --git a/minadbd/adb.c b/minadbd/adb.c index d1e97b31f..3052458be 100644 --- a/minadbd/adb.c +++ b/minadbd/adb.c @@ -858,6 +858,16 @@ int adb_main() usb_init(); } + if (setgid(AID_SHELL) != 0) { + fprintf(stderr, "failed to setgid to shell\n"); + exit(1); + } + if (setuid(AID_SHELL) != 0) { + fprintf(stderr, "failed to setuid to shell\n"); + exit(1); + } + fprintf(stderr, "userid is %d\n", getuid()); + D("Event loop starting\n"); fdevent_loop(); diff --git a/minadbd/services.c b/minadbd/services.c index 8fc8b3ccb..aef37f7e4 100644 --- a/minadbd/services.c +++ b/minadbd/services.c @@ -53,6 +53,7 @@ static void sideload_service(int s, void *cookie) fd = adb_creat(ADB_SIDELOAD_FILENAME, 0644); if(fd < 0) { + fprintf(stderr, "failed to create %s\n", ADB_SIDELOAD_FILENAME); adb_close(s); return; } diff --git a/minadbd/sysdeps.h b/minadbd/sysdeps.h index b51807615..800ddb753 100644 --- a/minadbd/sysdeps.h +++ b/minadbd/sysdeps.h @@ -324,6 +324,18 @@ static __inline__ int adb_open_mode( const char* pathname, int options, int return open( pathname, options, mode ); } +static __inline__ int adb_creat(const char* path, int mode) +{ + int fd = open(path, O_CREAT|O_WRONLY|O_TRUNC|O_NOFOLLOW, mode); + + if ( fd < 0 ) + return -1; + + close_on_exec(fd); + return fd; +} +#undef creat +#define creat ___xxx_creat static __inline__ int adb_open( const char* pathname, int options ) { @@ -380,19 +392,6 @@ static __inline__ int adb_unlink(const char* path) #undef unlink #define unlink ___xxx_unlink -static __inline__ int adb_creat(const char* path, int mode) -{ - int fd = creat(path, mode); - - if ( fd < 0 ) - return -1; - - close_on_exec(fd); - return fd; -} -#undef creat -#define creat ___xxx_creat - static __inline__ int adb_socket_accept(int serverfd, struct sockaddr* addr, socklen_t *addrlen) { int fd; -- cgit v1.2.3