/* * Checks permissions for setting system properties. * Returns 1 if uid allowed, 0 otherwise. */ static int check_perms(const char *name, unsigned int uid, unsigned int gid, char *sctx) { int i; unsigned int app_id; if(!strncmp(name, "ro.", 3)) name +=3; if (uid == 0) return check_mac_perms(name, sctx); app_id = multiuser_get_app_id(uid); if (app_id == AID_BLUETOOTH) { uid = app_id; } for (i = 0; property_perms[i].prefix; i++) { if (strncmp(property_perms[i].prefix, name, strlen(property_perms[i].prefix)) == 0) { if ((uid && property_perms[i].uid == uid) || (gid && property_perms[i].gid == gid)) { return check_mac_perms(name, sctx); } } } return 0; }
static jint com_android_internal_os_Zygote_nativeForkAndSpecialize( JNIEnv* env, jclass, jint uid, jint gid, jintArray gids, jint debug_flags, jobjectArray rlimits, jint mount_external, jstring se_info, jstring se_name, jintArray fdsToClose, jstring instructionSet, jstring appDataDir) { jlong capabilities = 0; // Grant CAP_WAKE_ALARM to the Bluetooth process. if (multiuser_get_app_id(uid) == AID_BLUETOOTH) { capabilities |= (1LL << CAP_WAKE_ALARM); } // Grant CAP_BLOCK_SUSPEND to processes that belong to GID "wakelock" bool gid_wakelock_found = false; if (gid == AID_WAKELOCK) { gid_wakelock_found = true; } else if (gids != NULL) { jsize gids_num = env->GetArrayLength(gids); ScopedIntArrayRO ar(env, gids); if (ar.get() == NULL) { RuntimeAbort(env, __LINE__, "Bad gids array"); } for (int i = 0; i < gids_num; i++) { if (ar[i] == AID_WAKELOCK) { gid_wakelock_found = true; break; } } } if (gid_wakelock_found) { capabilities |= (1LL << CAP_BLOCK_SUSPEND); } return ForkAndSpecializeCommon(env, uid, gid, gids, debug_flags, rlimits, capabilities, capabilities, mount_external, se_info, se_name, false, fdsToClose, instructionSet, appDataDir); }
/* * Checks permissions for setting system properties. * Returns 1 if uid allowed, 0 otherwise. */ static int check_perms(const char *name, unsigned int uid, unsigned int gid, char *sctx) { int i; unsigned int app_id; #ifdef MTK_USER_ROOT_SWITCH if(!strcmp(name,"ro.secure") || !strcmp(name,"persist.service.atci.usermode") || !strcmp(name, "persist.user2root.root") || !strcmp(name,"ro.debuggable") || !strcmp(name,"persist.sys.usb.config") || !strcmp(name,"persist.service.adb.enable")){ return 1; } #endif if(!strncmp(name, "ro.", 3)) name +=3; if (uid == 0) return check_mac_perms(name, sctx); app_id = multiuser_get_app_id(uid); if (app_id == AID_BLUETOOTH) { uid = app_id; } for (i = 0; property_perms[i].prefix; i++) { if (strncmp(property_perms[i].prefix, name, strlen(property_perms[i].prefix)) == 0) { if ((uid && property_perms[i].uid == uid) || (gid && property_perms[i].gid == gid)) { return check_mac_perms(name, sctx); } } } return 0; }
gid_t multiuser_get_shared_app_gid(uid_t uid) { return multiuser_get_shared_gid(multiuser_get_user_id(uid), multiuser_get_app_id(uid)); }