1 /*
2 * Copyright (C) 2024 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <exthandler/exthandler.h>
18
19 #include <android-base/chrono_utils.h>
20 #include <android-base/file.h>
21 #include <android-base/logging.h>
22 #include <android-base/parseint.h>
23 #include <android-base/strings.h>
24 #include <android-base/unique_fd.h>
25 #include <fnmatch.h>
26 #include <grp.h>
27 #include <pwd.h>
28 #include <sys/wait.h>
29
30 using android::base::ErrnoError;
31 using android::base::Error;
32 using android::base::ReadFdToString;
33 using android::base::Result;
34 using android::base::Split;
35 using android::base::Trim;
36 using android::base::unique_fd;
37
RunExternalHandler(const std::string & handler,uid_t uid,gid_t gid,std::unordered_map<std::string,std::string> & envs_map)38 Result<std::string> RunExternalHandler(const std::string& handler, uid_t uid, gid_t gid,
39 std::unordered_map<std::string, std::string>& envs_map) {
40 unique_fd child_stdout;
41 unique_fd parent_stdout;
42 if (!Socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0, &child_stdout, &parent_stdout)) {
43 return ErrnoError() << "Socketpair() for stdout failed";
44 }
45
46 unique_fd child_stderr;
47 unique_fd parent_stderr;
48 if (!Socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0, &child_stderr, &parent_stderr)) {
49 return ErrnoError() << "Socketpair() for stderr failed";
50 }
51
52 signal(SIGCHLD, SIG_DFL);
53
54 auto pid = fork();
55 if (pid < 0) {
56 return ErrnoError() << "fork() failed";
57 }
58
59 if (pid == 0) {
60 for (auto it = envs_map.begin(); it != envs_map.end(); ++it) {
61 setenv(it->first.c_str(), it->second.c_str(), 1);
62 }
63 parent_stdout.reset();
64 parent_stderr.reset();
65 close(STDOUT_FILENO);
66 close(STDERR_FILENO);
67 dup2(child_stdout.get(), STDOUT_FILENO);
68 dup2(child_stderr.get(), STDERR_FILENO);
69
70 auto args = Split(handler, " ");
71 std::vector<char*> c_args;
72 for (auto& arg : args) {
73 c_args.emplace_back(arg.data());
74 }
75 c_args.emplace_back(nullptr);
76
77 if (gid != 0) {
78 if (setgid(gid) != 0) {
79 fprintf(stderr, "setgid() failed: %s", strerror(errno));
80 _exit(EXIT_FAILURE);
81 }
82 }
83
84 if (setuid(uid) != 0) {
85 fprintf(stderr, "setuid() failed: %s", strerror(errno));
86 _exit(EXIT_FAILURE);
87 }
88
89 execv(c_args[0], c_args.data());
90 fprintf(stderr, "exec() failed: %s", strerror(errno));
91 _exit(EXIT_FAILURE);
92 }
93
94 child_stdout.reset();
95 child_stderr.reset();
96
97 int status;
98 pid_t waited_pid = TEMP_FAILURE_RETRY(waitpid(pid, &status, 0));
99 if (waited_pid == -1) {
100 return ErrnoError() << "waitpid() failed";
101 }
102
103 std::string stdout_content;
104 if (!ReadFdToString(parent_stdout.get(), &stdout_content)) {
105 return ErrnoError() << "ReadFdToString() for stdout failed";
106 }
107
108 std::string stderr_content;
109 if (ReadFdToString(parent_stderr.get(), &stderr_content)) {
110 auto messages = Split(stderr_content, "\n");
111 for (const auto& message : messages) {
112 if (!message.empty()) {
113 LOG(ERROR) << "External Handler: " << message;
114 }
115 }
116 } else {
117 LOG(ERROR) << "ReadFdToString() for stderr failed";
118 }
119
120 if (WIFEXITED(status)) {
121 if (WEXITSTATUS(status) == EXIT_SUCCESS) {
122 return Trim(stdout_content);
123 } else {
124 return Error() << "exited with status " << WEXITSTATUS(status);
125 }
126 } else if (WIFSIGNALED(status)) {
127 return Error() << "killed by signal " << WTERMSIG(status);
128 }
129
130 return Error() << "unexpected exit status " << status;
131 }
132