Use C++ smart pointer for caching su_info
This commit is contained in:
parent
4f206fd918
commit
ab90901793
@ -10,6 +10,8 @@
|
|||||||
|
|
||||||
#include "su.h"
|
#include "su.h"
|
||||||
|
|
||||||
|
using namespace std;
|
||||||
|
|
||||||
bool CONNECT_BROADCAST;
|
bool CONNECT_BROADCAST;
|
||||||
|
|
||||||
#define START_ACTIVITY \
|
#define START_ACTIVITY \
|
||||||
@ -33,21 +35,21 @@ static inline const char *get_command(const su_request *to) {
|
|||||||
return DEFAULT_SHELL;
|
return DEFAULT_SHELL;
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline void get_user(char *user, su_info *info) {
|
static inline void get_user(char *user, const su_info *info) {
|
||||||
sprintf(user, "%d",
|
sprintf(user, "%d",
|
||||||
info->cfg[SU_MULTIUSER_MODE] == MULTIUSER_MODE_USER
|
info->cfg[SU_MULTIUSER_MODE] == MULTIUSER_MODE_USER
|
||||||
? info->uid / 100000
|
? info->uid / 100000
|
||||||
: 0);
|
: 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline void get_uid(char *uid, su_info *info) {
|
static inline void get_uid(char *uid, const su_info *info) {
|
||||||
sprintf(uid, "%d",
|
sprintf(uid, "%d",
|
||||||
info->cfg[SU_MULTIUSER_MODE] == MULTIUSER_MODE_OWNER_MANAGED
|
info->cfg[SU_MULTIUSER_MODE] == MULTIUSER_MODE_OWNER_MANAGED
|
||||||
? info->uid % 100000
|
? info->uid % 100000
|
||||||
: info->uid);
|
: info->uid);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void exec_am_cmd(const char **args, su_info *info) {
|
static void exec_am_cmd(const char **args, const su_info *info) {
|
||||||
char component[128];
|
char component[128];
|
||||||
sprintf(component, "%s/%s", info->str[SU_MANAGER].data(), args[3][0] == 'b' ? "a.h" : "a.m");
|
sprintf(component, "%s/%s", info->str[SU_MANAGER].data(), args[3][0] == 'b' ? "a.h" : "a.m");
|
||||||
char user[8];
|
char user[8];
|
||||||
@ -76,29 +78,29 @@ static void exec_am_cmd(const char **args, su_info *info) {
|
|||||||
"--ei", "to.uid", toUid, \
|
"--ei", "to.uid", toUid, \
|
||||||
"--ei", "pid", pid, \
|
"--ei", "pid", pid, \
|
||||||
"--ei", "policy", policy, \
|
"--ei", "policy", policy, \
|
||||||
"--es", "command", get_command(&ctx->req), \
|
"--es", "command", get_command(&ctx.req), \
|
||||||
"--ez", "notify", ctx->info->access.notify ? "true" : "false", \
|
"--ez", "notify", ctx.info->access.notify ? "true" : "false", \
|
||||||
nullptr
|
nullptr
|
||||||
|
|
||||||
void app_log(su_context *ctx) {
|
void app_log(const su_context &ctx) {
|
||||||
char fromUid[8];
|
char fromUid[8];
|
||||||
get_uid(fromUid, ctx->info);
|
get_uid(fromUid, ctx.info.get());
|
||||||
|
|
||||||
char toUid[8];
|
char toUid[8];
|
||||||
sprintf(toUid, "%d", ctx->req.uid);
|
sprintf(toUid, "%d", ctx.req.uid);
|
||||||
|
|
||||||
char pid[8];
|
char pid[8];
|
||||||
sprintf(pid, "%d", ctx->pid);
|
sprintf(pid, "%d", ctx.pid);
|
||||||
|
|
||||||
char policy[2];
|
char policy[2];
|
||||||
sprintf(policy, "%d", ctx->info->access.policy);
|
sprintf(policy, "%d", ctx.info->access.policy);
|
||||||
|
|
||||||
if (CONNECT_BROADCAST) {
|
if (CONNECT_BROADCAST) {
|
||||||
const char *cmd[] = { START_BROADCAST, LOG_BODY };
|
const char *cmd[] = { START_BROADCAST, LOG_BODY };
|
||||||
exec_am_cmd(cmd, ctx->info);
|
exec_am_cmd(cmd, ctx.info.get());
|
||||||
} else {
|
} else {
|
||||||
const char *cmd[] = { START_ACTIVITY, LOG_BODY };
|
const char *cmd[] = { START_ACTIVITY, LOG_BODY };
|
||||||
exec_am_cmd(cmd, ctx->info);
|
exec_am_cmd(cmd, ctx.info.get());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -108,30 +110,30 @@ void app_log(su_context *ctx) {
|
|||||||
"--ei", "policy", policy, \
|
"--ei", "policy", policy, \
|
||||||
nullptr
|
nullptr
|
||||||
|
|
||||||
void app_notify(su_context *ctx) {
|
void app_notify(const su_context &ctx) {
|
||||||
char fromUid[8];
|
char fromUid[8];
|
||||||
get_uid(fromUid, ctx->info);
|
get_uid(fromUid, ctx.info.get());
|
||||||
|
|
||||||
char policy[2];
|
char policy[2];
|
||||||
sprintf(policy, "%d", ctx->info->access.policy);
|
sprintf(policy, "%d", ctx.info->access.policy);
|
||||||
|
|
||||||
if (CONNECT_BROADCAST) {
|
if (CONNECT_BROADCAST) {
|
||||||
const char *cmd[] = { START_BROADCAST, NOTIFY_BODY };
|
const char *cmd[] = { START_BROADCAST, NOTIFY_BODY };
|
||||||
exec_am_cmd(cmd, ctx->info);
|
exec_am_cmd(cmd, ctx.info.get());
|
||||||
} else {
|
} else {
|
||||||
const char *cmd[] = { START_ACTIVITY, NOTIFY_BODY };
|
const char *cmd[] = { START_ACTIVITY, NOTIFY_BODY };
|
||||||
exec_am_cmd(cmd, ctx->info);
|
exec_am_cmd(cmd, ctx.info.get());
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void app_connect(const char *socket, su_info *info) {
|
void app_connect(const char *socket, const shared_ptr<su_info> &info) {
|
||||||
const char *cmd[] = {
|
const char *cmd[] = {
|
||||||
START_ACTIVITY, "request",
|
START_ACTIVITY, "request",
|
||||||
"--es", "socket", socket,
|
"--es", "socket", socket,
|
||||||
nullptr
|
nullptr
|
||||||
};
|
};
|
||||||
exec_am_cmd(cmd, info);
|
exec_am_cmd(cmd, info.get());
|
||||||
}
|
}
|
||||||
|
|
||||||
void broadcast_test() {
|
void broadcast_test() {
|
||||||
@ -144,7 +146,7 @@ void broadcast_test() {
|
|||||||
exec_am_cmd(cmd, &info);
|
exec_am_cmd(cmd, &info);
|
||||||
}
|
}
|
||||||
|
|
||||||
void socket_send_request(int fd, su_info *info) {
|
void socket_send_request(int fd, const shared_ptr<su_info> &info) {
|
||||||
write_key_token(fd, "uid", info->uid);
|
write_key_token(fd, "uid", info->uid);
|
||||||
write_string_be(fd, "eof");
|
write_string_be(fd, "eof");
|
||||||
}
|
}
|
||||||
|
@ -1,44 +1,39 @@
|
|||||||
/* su.h - Store all general su info
|
#pragma once
|
||||||
*/
|
|
||||||
|
|
||||||
#ifndef _SU_H_
|
|
||||||
#define _SU_H_
|
|
||||||
|
|
||||||
#include <limits.h>
|
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
#include <sys/stat.h>
|
#include <sys/stat.h>
|
||||||
|
#include <limits.h>
|
||||||
|
#include <memory>
|
||||||
|
|
||||||
#include <db.h>
|
#include <db.h>
|
||||||
|
|
||||||
#define DEFAULT_SHELL "/system/bin/sh"
|
#define DEFAULT_SHELL "/system/bin/sh"
|
||||||
|
|
||||||
// Constants for atty
|
// Constants for atty
|
||||||
#define ATTY_IN 1
|
#define ATTY_IN (1 << 0)
|
||||||
#define ATTY_OUT 2
|
#define ATTY_OUT (1 << 1)
|
||||||
#define ATTY_ERR 4
|
#define ATTY_ERR (1 << 2)
|
||||||
|
|
||||||
class su_info {
|
class su_info {
|
||||||
public:
|
public:
|
||||||
unsigned uid; /* Unique key to find su_info */
|
/* Unique key */
|
||||||
int count; /* Just a count for debugging purpose */
|
const unsigned uid;
|
||||||
|
|
||||||
/* These values should be guarded with internal lock */
|
/* These should be guarded with internal lock */
|
||||||
db_settings cfg;
|
db_settings cfg;
|
||||||
db_strings str;
|
db_strings str;
|
||||||
su_access access;
|
su_access access;
|
||||||
struct stat mgr_st;
|
struct stat mgr_st;
|
||||||
|
|
||||||
/* These should be guarded with global cache lock */
|
/* This should be guarded with global cache lock */
|
||||||
int ref;
|
long timestamp;
|
||||||
time_t timestamp;
|
|
||||||
|
|
||||||
su_info(unsigned uid = 0);
|
su_info(unsigned uid = 0);
|
||||||
~su_info();
|
~su_info();
|
||||||
void lock();
|
void lock();
|
||||||
void unlock();
|
void unlock();
|
||||||
bool isFresh();
|
bool is_fresh();
|
||||||
void newRef();
|
void refresh();
|
||||||
void deRef();
|
|
||||||
|
|
||||||
private:
|
private:
|
||||||
pthread_mutex_t _lock; /* Internal lock */
|
pthread_mutex_t _lock; /* Internal lock */
|
||||||
@ -60,16 +55,14 @@ struct su_request : public su_req_base {
|
|||||||
} __attribute__((packed));
|
} __attribute__((packed));
|
||||||
|
|
||||||
struct su_context {
|
struct su_context {
|
||||||
su_info *info;
|
std::shared_ptr<su_info> info;
|
||||||
su_request req;
|
su_request req;
|
||||||
pid_t pid;
|
pid_t pid;
|
||||||
};
|
};
|
||||||
|
|
||||||
// connect.c
|
// connect.c
|
||||||
|
|
||||||
void app_log(su_context *ctx);
|
void app_log(const su_context &ctx);
|
||||||
void app_notify(su_context *ctx);
|
void app_notify(const su_context &ctx);
|
||||||
void app_connect(const char *socket, su_info *info);
|
void app_connect(const char *socket, const std::shared_ptr<su_info> &info);
|
||||||
void socket_send_request(int fd, su_info *info);
|
void socket_send_request(int fd, const std::shared_ptr<su_info> &info);
|
||||||
|
|
||||||
#endif
|
|
||||||
|
@ -20,14 +20,16 @@
|
|||||||
#include "su.h"
|
#include "su.h"
|
||||||
#include "pts.h"
|
#include "pts.h"
|
||||||
|
|
||||||
|
using namespace std;
|
||||||
|
|
||||||
#define LOCK_CACHE() pthread_mutex_lock(&cache_lock)
|
#define LOCK_CACHE() pthread_mutex_lock(&cache_lock)
|
||||||
#define UNLOCK_CACHE() pthread_mutex_unlock(&cache_lock)
|
#define UNLOCK_CACHE() pthread_mutex_unlock(&cache_lock)
|
||||||
|
|
||||||
static pthread_mutex_t cache_lock = PTHREAD_MUTEX_INITIALIZER;
|
static pthread_mutex_t cache_lock = PTHREAD_MUTEX_INITIALIZER;
|
||||||
static su_info *cache;
|
static shared_ptr<su_info> cached;
|
||||||
|
|
||||||
su_info::su_info(unsigned uid) :
|
su_info::su_info(unsigned uid) :
|
||||||
uid(uid), count(0), access(DEFAULT_SU_ACCESS), mgr_st({}), ref(0),
|
uid(uid), access(DEFAULT_SU_ACCESS), mgr_st({}),
|
||||||
timestamp(0), _lock(PTHREAD_MUTEX_INITIALIZER) {}
|
timestamp(0), _lock(PTHREAD_MUTEX_INITIALIZER) {}
|
||||||
|
|
||||||
su_info::~su_info() {
|
su_info::~su_info() {
|
||||||
@ -42,27 +44,20 @@ void su_info::unlock() {
|
|||||||
pthread_mutex_unlock(&_lock);
|
pthread_mutex_unlock(&_lock);
|
||||||
}
|
}
|
||||||
|
|
||||||
bool su_info::isFresh() {
|
bool su_info::is_fresh() {
|
||||||
return time(nullptr) - timestamp < 3; /* 3 seconds */
|
timespec ts;
|
||||||
|
clock_gettime(CLOCK_MONOTONIC, &ts);
|
||||||
|
long current = ts.tv_sec * 1000L + ts.tv_nsec / 1000L;
|
||||||
|
return current - timestamp < 3000; /* 3 seconds */
|
||||||
}
|
}
|
||||||
|
|
||||||
void su_info::newRef() {
|
void su_info::refresh() {
|
||||||
timestamp = time(nullptr);
|
timespec ts;
|
||||||
++ref;
|
clock_gettime(CLOCK_MONOTONIC, &ts);
|
||||||
|
timestamp = ts.tv_sec * 1000L + ts.tv_nsec / 1000L;
|
||||||
}
|
}
|
||||||
|
|
||||||
void su_info::deRef() {
|
static void database_check(const shared_ptr<su_info> &info) {
|
||||||
LOCK_CACHE();
|
|
||||||
--ref;
|
|
||||||
if (ref == 0 && !isFresh()) {
|
|
||||||
if (cache == this)
|
|
||||||
cache = nullptr;
|
|
||||||
delete this;
|
|
||||||
}
|
|
||||||
UNLOCK_CACHE();
|
|
||||||
}
|
|
||||||
|
|
||||||
static void database_check(su_info *info) {
|
|
||||||
int uid = info->uid;
|
int uid = info->uid;
|
||||||
get_db_settings(info->cfg);
|
get_db_settings(info->cfg);
|
||||||
get_db_strings(info->str);
|
get_db_strings(info->str);
|
||||||
@ -91,28 +86,24 @@ static void database_check(su_info *info) {
|
|||||||
validate_manager(info->str[SU_MANAGER], uid / 100000, &info->mgr_st);
|
validate_manager(info->str[SU_MANAGER], uid / 100000, &info->mgr_st);
|
||||||
}
|
}
|
||||||
|
|
||||||
static su_info *get_su_info(unsigned uid) {
|
static shared_ptr<su_info> get_su_info(unsigned uid) {
|
||||||
su_info *info = nullptr;
|
shared_ptr<su_info> info;
|
||||||
|
|
||||||
// Get from cache or new instance
|
// Get from cache or new instance
|
||||||
LOCK_CACHE();
|
LOCK_CACHE();
|
||||||
if (cache && cache->uid == uid && cache->isFresh()) {
|
if (!cached || cached->uid != uid || !cached->is_fresh())
|
||||||
info = cache;
|
cached = make_shared<su_info>(uid);
|
||||||
} else {
|
info = cached;
|
||||||
if (cache && cache->ref == 0)
|
info->refresh();
|
||||||
delete cache;
|
|
||||||
cache = info = new su_info(uid);
|
|
||||||
}
|
|
||||||
info->newRef();
|
|
||||||
UNLOCK_CACHE();
|
UNLOCK_CACHE();
|
||||||
|
|
||||||
LOGD("su: request from uid=[%d] (#%d)\n", info->uid, ++info->count);
|
LOGD("su: request from uid=[%d]\n", info->uid);
|
||||||
|
|
||||||
// Lock before the policy is determined
|
// Lock before the policy is determined
|
||||||
info->lock();
|
info->lock();
|
||||||
|
|
||||||
if (info->access.policy == QUERY) {
|
if (info->access.policy == QUERY) {
|
||||||
// Not cached, get data from database
|
// Not cached, get data from database
|
||||||
database_check(info);
|
database_check(info);
|
||||||
|
|
||||||
// Check su access settings
|
// Check su access settings
|
||||||
@ -196,12 +187,11 @@ static void set_identity(unsigned uid) {
|
|||||||
void su_daemon_handler(int client, struct ucred *credential) {
|
void su_daemon_handler(int client, struct ucred *credential) {
|
||||||
LOGD("su: request from pid=[%d], client=[%d]\n", credential->pid, client);
|
LOGD("su: request from pid=[%d], client=[%d]\n", credential->pid, client);
|
||||||
|
|
||||||
su_info *info = get_su_info(credential->uid);
|
auto info = get_su_info(credential->uid);
|
||||||
|
|
||||||
// Fail fast
|
// Fail fast
|
||||||
if (info->access.policy == DENY && info->str[SU_MANAGER][0] == '\0') {
|
if (info->access.policy == DENY && info->str[SU_MANAGER][0] == '\0') {
|
||||||
LOGD("su: fast deny\n");
|
LOGD("su: fast deny\n");
|
||||||
info->deRef();
|
|
||||||
write_int(client, DENY);
|
write_int(client, DENY);
|
||||||
close(client);
|
close(client);
|
||||||
return;
|
return;
|
||||||
@ -214,7 +204,7 @@ void su_daemon_handler(int client, struct ucred *credential) {
|
|||||||
*/
|
*/
|
||||||
int child = xfork();
|
int child = xfork();
|
||||||
if (child) {
|
if (child) {
|
||||||
info->deRef();
|
info.reset();
|
||||||
|
|
||||||
// Wait result
|
// Wait result
|
||||||
LOGD("su: waiting child pid=[%d]\n", child);
|
LOGD("su: waiting child pid=[%d]\n", child);
|
||||||
@ -320,9 +310,9 @@ void su_daemon_handler(int client, struct ucred *credential) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (info->access.log)
|
if (info->access.log)
|
||||||
app_log(&ctx);
|
app_log(ctx);
|
||||||
else if (info->access.notify)
|
else if (info->access.notify)
|
||||||
app_notify(&ctx);
|
app_notify(ctx);
|
||||||
|
|
||||||
if (info->access.policy == ALLOW) {
|
if (info->access.policy == ALLOW) {
|
||||||
const char *argv[] = { nullptr, nullptr, nullptr, nullptr };
|
const char *argv[] = { nullptr, nullptr, nullptr, nullptr };
|
||||||
|
Loading…
Reference in New Issue
Block a user