You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
94 lines
2.8 KiB
94 lines
2.8 KiB
/*
|
|
* Copyright (C) 2023 The Android Open Source Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#include <iostream>
|
|
#include <memory>
|
|
#include <string>
|
|
|
|
#include "./command-line.h"
|
|
#include "./context.h"
|
|
#include "./execute.h"
|
|
|
|
int main(const int argc, char* const argv[]) {
|
|
bool verbose = false;
|
|
auto context = std::make_unique<shell_as::SecurityContext>();
|
|
char* const* execute_arguments = nullptr;
|
|
if (!shell_as::ParseOptions(argc, argv, &verbose, context.get(),
|
|
&execute_arguments)) {
|
|
return 1;
|
|
}
|
|
|
|
if (verbose) {
|
|
std::cerr << "Dropping privileges to:" << std::endl;
|
|
std::cerr << "\tuser ID = "
|
|
<< (context->user_id.has_value()
|
|
? std::to_string(context->user_id.value())
|
|
: "<no value>")
|
|
<< std::endl;
|
|
|
|
std::cerr << "\tgroup ID = "
|
|
<< (context->group_id.has_value()
|
|
? std::to_string(context->group_id.value())
|
|
: "<no value>")
|
|
<< std::endl;
|
|
|
|
std::cerr << "\tsupplementary group IDs = ";
|
|
if (!context->supplementary_group_ids.has_value()) {
|
|
std::cerr << "<no value>";
|
|
} else {
|
|
for (auto& id : context->supplementary_group_ids.value()) {
|
|
std::cerr << id << " ";
|
|
}
|
|
}
|
|
std::cerr << std::endl;
|
|
|
|
std::cerr << "\tSELinux = "
|
|
<< (context->selinux_context.has_value()
|
|
? context->selinux_context.value()
|
|
: "<no value>")
|
|
<< std::endl;
|
|
|
|
std::cerr << "\tseccomp = ";
|
|
if (!context->seccomp_filter.has_value()) {
|
|
std::cerr << "<no value>";
|
|
} else {
|
|
switch (context->seccomp_filter.value()) {
|
|
case shell_as::kAppFilter:
|
|
std::cerr << "app";
|
|
break;
|
|
case shell_as::kAppZygoteFilter:
|
|
std::cerr << "app-zygote";
|
|
break;
|
|
case shell_as::kSystemFilter:
|
|
std::cerr << "system";
|
|
break;
|
|
}
|
|
}
|
|
std::cerr << std::endl;
|
|
|
|
std::cerr << "\tcapabilities = ";
|
|
if (!context->capabilities.has_value()) {
|
|
std::cerr << "<no value>";
|
|
} else {
|
|
std::cerr << "'" << cap_to_text(context->capabilities.value(), nullptr)
|
|
<< "'";
|
|
}
|
|
std::cerr << std::endl;
|
|
}
|
|
|
|
return !shell_as::ExecuteInContext(execute_arguments, context.get());
|
|
}
|