Add permission check for control fd

Signed-off-by: Ncheng_jinsong <chengjinsong2@huawei.com>

interfaces/innerkits/control_fd/control_fd.h

@@ -65,7 +65,6 @@ typedef void (* CallbackControlFdProcess)(uint16_t type, const char *serviceCmd,
 typedef enum {
     ACTION_SANDBOX = 0,
     ACTION_DUMP,
-    ACTION_PARAM_SHELL,
     ACTION_MODULEMGR,
     ACTION_MAX
 } ActionType;
@@ -88,4 +87,4 @@ void CmdServiceProcessDestroyClient(void);
 #endif
 #endif
 
-#endif
\ No newline at end of file
+#endif

interfaces/innerkits/control_fd/control_fd_service.c

@@ -15,6 +15,8 @@
 
 #include <fcntl.h>
 #include <unistd.h>
+#include <sys/types.h>
+#include <sys/socket.h>
 
 #include "beget_ext.h"
 #include "control_fd.h"
@@ -34,6 +36,22 @@ static void OnClose(const TaskHandle task)
     OH_ListInit(&agent->item);
 }
 
+CONTROL_FD_STATIC int CheckSocketPermission(const TaskHandle task)
+{
+    struct ucred uc = {-1, -1, -1};
+    socklen_t len = sizeof(uc);
+    if (getsockopt(LE_GetSocketFd(task), SOL_SOCKET, SO_PEERCRED, &uc, &len) < 0) {
+        BEGET_LOGE("Failed to get socket option. err = %d", errno);
+        return -1;
+    }
+    // Only root is permitted to use control fd of init.
+    if (uc.uid != 0) { // non-root user
+        errno = EPERM;
+        return -1;
+    }
+    return 0;
+}
+
 CONTROL_FD_STATIC void CmdOnRecvMessage(const TaskHandle task, const uint8_t *buffer, uint32_t buffLen)
 {
     if (buffer == NULL) {
@@ -45,17 +63,23 @@ CONTROL_FD_STATIC void CmdOnRecvMessage(const TaskHandle task, const uint8_t *bu
     // parse msg to exec
     CmdMessage *msg = (CmdMessage *)buffer;
     if ((msg->type >= ACTION_MAX) || (msg->cmd[0] == '\0') || (msg->ptyName[0] == '\0')) {
-        BEGET_LOGE("[control_fd] Received msg is invaild");
+        BEGET_LOGE("[control_fd] Received msg is invalid");
+        return;
+    }
+
+    if (CheckSocketPermission(task) < 0) {
+        BEGET_LOGE("Check socket permission failed, err = %d", errno);
         return;
     }
+
 #ifndef STARTUP_INIT_TEST
     agent->pid = fork();
     if (agent->pid == 0) {
         OpenConsole();
         char *realPath = GetRealPath(msg->ptyName);
         BEGET_ERROR_CHECK(realPath != NULL, _exit(1), "Failed get realpath, err=%d", errno);
-        char *strl = strstr(realPath, "/dev/pts");
-        BEGET_ERROR_CHECK(strl != NULL, free(realPath); _exit(1), "pts path %s is invaild", realPath);
+        int n = strncmp(realPath, "/dev/pts/", strlen("/dev/pts/"));
+        BEGET_ERROR_CHECK(n == 0, free(realPath); _exit(1), "pts path %s is invaild", realPath);
         int fd = open(realPath, O_RDWR);
         free(realPath);
         BEGET_ERROR_CHECK(fd >= 0, _exit(1), "Failed open %s, err=%d", msg->ptyName, errno);
@@ -68,7 +92,7 @@ CONTROL_FD_STATIC void CmdOnRecvMessage(const TaskHandle task, const uint8_t *bu
         }
         _exit(0);
     } else if (agent->pid < 0) {
-        BEGET_LOGE("[control_fd] Failed fork service");
+        BEGET_LOGE("[control_fd] Failed to fork child process, err = %d", errno);
     }
 #endif
     return;

services/init/standard/init_control_fd_service.c

@@ -218,22 +218,6 @@ static void ProcessModuleMgrControlFd(uint16_t type, const char *serviceCmd)
     }
 }
 
-static void ProcessParamShellControlFd(uint16_t type, const char *serviceCmd)
-{
-    if ((type != ACTION_PARAM_SHELL) || (serviceCmd == NULL)) {
-        return;
-    }
-    (void)setuid(2000); // 2000 shell group
-    (void)setgid(2000); // 2000 shell group
-    char *args[] = {(char *)serviceCmd, NULL};
-    int ret = execv(args[0], args);
-    if (ret < 0) {
-        INIT_LOGE("error on exec %d \n", errno);
-        exit(-1);
-    }
-    exit(0);
-}
-
 void ProcessControlFd(uint16_t type, const char *serviceCmd, const void *context)
 {
     if ((type >= ACTION_MAX) || (serviceCmd == NULL)) {
@@ -246,9 +230,6 @@ void ProcessControlFd(uint16_t type, const char *serviceCmd, const void *context
         case ACTION_DUMP :
             ProcessDumpServiceControlFd(type, serviceCmd);
             break;
-        case ACTION_PARAM_SHELL :
-            ProcessParamShellControlFd(type, serviceCmd);
-            break;
         case ACTION_MODULEMGR :
             ProcessModuleMgrControlFd(type, serviceCmd);
             break;

services/loopevent/socket/le_socket.c

@@ -63,8 +63,12 @@ static int CreatePipeSocket_(const char *server)
     LE_CHECK(fd > 0, return fd, "Failed to create socket");
     SetNoBlock(fd);
 
+    int on = 1;
+    int ret = setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &on, sizeof(on));
+    LE_CHECK(ret == 0, return ret, "Failed to set socket option");
+
     struct sockaddr_un serverAddr;
-    int ret = memset_s(&serverAddr, sizeof(serverAddr), 0, sizeof(serverAddr));
+    ret = memset_s(&serverAddr, sizeof(serverAddr), 0, sizeof(serverAddr));
     LE_CHECK(ret == 0, close(fd);
         return ret, "Failed to memset_s serverAddr");
     serverAddr.sun_family = AF_UNIX;
@@ -118,9 +122,13 @@ static int CreateTcpSocket_(const char *server)
     LE_CHECK(fd > 0, return fd, "Failed to create socket");
     SetNoBlock(fd);
 
+    int on = 1;
+    int ret = setsockopt(fd, SOL_SOCKET, SO_PASSCRED, &on, sizeof(on));
+    LE_CHECK(ret == 0, return ret, "Failed to set socket option");
+
     struct sockaddr_in serverAddr;
     GetSockaddrFromServer_(server, &serverAddr);
-    int ret = connect(fd, (struct sockaddr *)&serverAddr, sizeof(serverAddr));
+    ret = connect(fd, (struct sockaddr *)&serverAddr, sizeof(serverAddr));
     LE_CHECK(ret >= 0, close(fd);
         return ret, "Failed to connect socket errno:%d", errno);
     return fd;