run minadbd as shell user

Make minadbd drop its root privileges after initializing. We need to make the /tmp directory writable by the shell group so that it can drop the sideloaded file there. Change-Id: I67b292cf769383f0f67fb934e5a80d408a4c131d
2024-11-27 12:10:35 +00:00 · 2012-03-19 15:52:03 -07:00 · 2012-03-19 15:52:03 -07:00 · 703ed15214
commit 703ed15214
parent 35a35a6766
5 changed files with 31 additions and 14 deletions
--- a/etc/init.rc
+++ b/etc/init.rc
@ -15,6 +15,9 @@ on init
    mkdir /cache
    mount /tmp /tmp tmpfs

+    chown root shell /tmp
+    chmod 0775 /tmp
+
    write /sys/class/android_usb/android0/enable 0
    write /sys/class/android_usb/android0/idVendor 18D1
    write /sys/class/android_usb/android0/idProduct D001
--- a/minadbd/README.txt
+++ b/minadbd/README.txt
@ -4,7 +4,7 @@ the following changes:
 adb.c
  - much support for host mode and non-linux OS's stripped out; this
    version only runs as adbd on the device.
-  - does not setuid/setgid itself (always stays root)
+  - always setuid/setgid's itself to the shell user
  - only uses USB transport
  - references to JDWP removed
  - main() removed
@ -25,3 +25,7 @@ services.c
 Android.mk
  - only builds in adbd mode; builds as static library instead of a
    standalone executable.
+
+sysdeps.h
+  - changes adb_creat() to use O_NOFOLLOW
+
--- a/minadbd/adb.c
+++ b/minadbd/adb.c
@ -858,6 +858,16 @@ int adb_main()
        usb_init();
    }

+    if (setgid(AID_SHELL) != 0) {
+        fprintf(stderr, "failed to setgid to shell\n");
+        exit(1);
+    }
+    if (setuid(AID_SHELL) != 0) {
+        fprintf(stderr, "failed to setuid to shell\n");
+        exit(1);
+    }
+    fprintf(stderr, "userid is %d\n", getuid());
+
    D("Event loop starting\n");

    fdevent_loop();
--- a/minadbd/services.c
+++ b/minadbd/services.c
@ -53,6 +53,7 @@ static void sideload_service(int s, void *cookie)

    fd = adb_creat(ADB_SIDELOAD_FILENAME, 0644);
    if(fd < 0) {
+        fprintf(stderr, "failed to create %s\n", ADB_SIDELOAD_FILENAME);
        adb_close(s);
        return;
    }
--- a/minadbd/sysdeps.h
+++ b/minadbd/sysdeps.h
@ -324,6 +324,18 @@ static __inline__ int  adb_open_mode( const char*  pathname, int  options, int
    return open( pathname, options, mode );
 }

+static __inline__  int  adb_creat(const char*  path, int  mode)
+{
+    int  fd = open(path, O_CREAT|O_WRONLY|O_TRUNC|O_NOFOLLOW, mode);
+
+    if ( fd < 0 )
+        return -1;
+
+    close_on_exec(fd);
+    return fd;
+}
+#undef   creat
+#define  creat  ___xxx_creat

 static __inline__ int  adb_open( const char*  pathname, int  options )
 {
@ -380,19 +392,6 @@ static __inline__  int    adb_unlink(const char*  path)
 #undef  unlink
 #define unlink  ___xxx_unlink

-static __inline__  int  adb_creat(const char*  path, int  mode)
-{
-    int  fd = creat(path, mode);
-
-    if ( fd < 0 )
-        return -1;
-
-    close_on_exec(fd);
-    return fd;
-}
-#undef   creat
-#define  creat  ___xxx_creat
-
 static __inline__ int  adb_socket_accept(int  serverfd, struct sockaddr*  addr, socklen_t  *addrlen)
 {
    int fd;