Re: [PATCHv1 11/15] android: Add cap to bind to port < 1024

Linux bluetooth development
 help / color / mirror / Atom feed

From: Szymon Janc <szymon.janc@tieto.com>
To: Andrei Emeltchenko <Andrei.Emeltchenko.news@gmail.com>
Cc: linux-bluetooth@vger.kernel.org
Subject: Re: [PATCHv1 11/15] android: Add cap to bind to port < 1024
Date: Mon, 07 Oct 2013 14:14:09 +0200	[thread overview]
Message-ID: <8033220.yHOuagLSyP@uw000953> (raw)
In-Reply-To: <1381131496-9417-12-git-send-email-Andrei.Emeltchenko.news@gmail.com>

Hi Andrei,

> From: Andrei Emeltchenko <andrei.emeltchenko@intel.com>
> 
> For SDP server we need to bind to lower port, acquire this capability.
> ---
>  android/main.c |   72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>  configure.ac   |    4 ++++
>  2 files changed, 76 insertions(+)
> 
> diff --git a/android/main.c b/android/main.c
> index 7968ed0..dab54ce 100644
> --- a/android/main.c
> +++ b/android/main.c
> @@ -32,6 +32,22 @@
>  #include <stdlib.h>
>  #include <stdbool.h>
>  #include <string.h>
> +#include <unistd.h>
> +#include <errno.h>
> +#include <sys/prctl.h>
> +#include <linux/capability.h>
> +
> +/**
> + * Include <sys/capability.h> for host build and
> + * also for Android 4.3 when it is added to bionic
> + */
> +#if !defined(__ANDROID_API__) || (__ANDROID_API__ > 17)
> +#include <sys/capability.h>
> +#endif
> +
> +#if defined(__ANDROID_API__)
> +#include <private/android_filesystem_config.h>
> +#endif
>  
>  #include <glib.h>
>  
> @@ -279,6 +295,59 @@ static void cleanup_mgmt_interface(void)
>  	mgmt_if = NULL;
>  }
>  
> +static bool android_set_aid_and_cap()

Missing void in ().

> +{
> +	struct __user_cap_header_struct header;
> +	struct __user_cap_data_struct cap;
> +#if defined(__ANDROID_API__)
> +	gid_t groups[] = {AID_NET_BT, AID_NET_BT_ADMIN, AID_BLUETOOTH,
> +								AID_NET_ADMIN};
> +#endif
> +
> +	DBG("pid %d uid %d gid %d", getpid(), getuid(), getgid());
> +
> +	header.version = _LINUX_CAPABILITY_VERSION;
> +
> +	prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
> +
> +#if defined(__ANDROID_API__)
> +	if (setgid(AID_BLUETOOTH) < 0)
> +		warn("%s: setgid(): %s", __func__, strerror(errno));
> +
> +	if (setuid(AID_BLUETOOTH) < 0)
> +		warn("%s: setuid(): %s", __func__, strerror(errno));
> +#endif
> +
> +	header.version = _LINUX_CAPABILITY_VERSION;
> +	header.pid = 0;
> +
> +	cap.effective = cap.permitted =
> +		CAP_TO_MASK(CAP_SETGID) |
> +		CAP_TO_MASK(CAP_NET_RAW) |
> +		CAP_TO_MASK(CAP_NET_ADMIN) |
> +		CAP_TO_MASK(CAP_NET_BIND_SERVICE);
> +	cap.inheritable = 0;
> +
> +	if (capset(&header, &cap) < 0) {
> +		error("%s: capset(): %s", __func__, strerror(errno));
> +		return false;
> +	}
> +
> +#if defined(__ANDROID_API__)
> +	if (setgroups(sizeof(groups)/sizeof(groups[0]), groups) < 0)
> +		warn("%s: setgroups: %s", __func__, strerror(errno));
> +#endif
> +	if (capget(&header, &cap) < 0)
> +		error("%s: capget(): %s", __func__, strerror(errno));
> +	else
> +		DBG("Caps: eff: 0x%x, perm: 0x%x, inh: 0x%x", cap.effective,
> +					cap.permitted, cap.inheritable);
> +
> +	DBG("pid %d uid %d gid %d", getpid(), getuid(), getgid());
> +
> +	return true;
> +}
> +
>  int main(int argc, char *argv[])
>  {
>  	GOptionContext *context;
> @@ -312,6 +381,9 @@ int main(int argc, char *argv[])
>  	sigaction(SIGINT, &sa, NULL);
>  	sigaction(SIGTERM, &sa, NULL);
>  
> +	if (android_set_aid_and_cap() == false)
> +		exit(EXIT_FAILURE);
> +
>  	init_mgmt_interface();
>  	sdp_start();
>  
> diff --git a/configure.ac b/configure.ac
> index 7b1f64a..5406434 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -247,4 +247,8 @@ AC_ARG_ENABLE(android, AC_HELP_STRING([--enable-android],
>  					[enable_android=${enableval}])
>  AM_CONDITIONAL(ANDROID, test "${enable_android}" = "yes")
>  
> +if (test "${android_daemon}" = "yes"); then
> +	AC_CHECK_LIB(cap, capget, dummy=yes, AC_MSG_ERROR(libcap is required))
> +fi
> +
>  AC_OUTPUT(Makefile src/bluetoothd.8 lib/bluez.pc)
> 

-- 
BR
Szymon Janc

next prev parent reply	other threads:[~2013-10-07 12:14 UTC|newest]

Thread overview: 91+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-10-07  7:38 [PATCHv1 00/15] Basic code for Android BlueZ Andrei Emeltchenko
2013-10-07  7:38 ` [PATCHv1 01/15] android: Supress missing initializers warnings Andrei Emeltchenko
2013-10-07  7:38 ` [PATCHv1 02/15] android: Add Adapter Bluetooth HAL template Andrei Emeltchenko
2013-10-07  7:38 ` [PATCHv1 03/15] android: Add Socket " Andrei Emeltchenko
2013-10-07  7:38 ` [PATCHv1 04/15] android: Enable Socket interface Andrei Emeltchenko
2013-10-07  7:38 ` [PATCHv1 05/15] android: Start Android Bluetooth daemon Andrei Emeltchenko
2013-10-07 12:09   ` Szymon Janc
2013-10-07  7:38 ` [PATCHv1 06/15] android: Add basic mgmt initialization sequence Andrei Emeltchenko
2013-10-07  7:38 ` [PATCHv1 07/15] android: Create HAL API header skeleton Andrei Emeltchenko
2013-10-07  7:38 ` [PATCHv1 08/15] android: Add adapter and device struct for BlueZ daemon Andrei Emeltchenko
2013-10-07  7:38 ` [PATCHv1 09/15] android: Add Android Makefile for libbluetooth Andrei Emeltchenko
2013-10-07  7:38 ` [PATCHv1 10/15] android: sdp: Reuse BlueZ SDP server in Android Andrei Emeltchenko
2013-10-07  7:38 ` [PATCHv1 11/15] android: Add cap to bind to port < 1024 Andrei Emeltchenko
2013-10-07 12:14   ` Szymon Janc [this message]
2013-10-07  7:38 ` [PATCHv1 12/15] android: Implement read_info_complete callback Andrei Emeltchenko
2013-10-07 12:26   ` Andrei Emeltchenko
2013-10-07  7:38 ` [PATCHv1 13/15] android: Handle mgmt changed events Andrei Emeltchenko
2013-10-07  7:38 ` [PATCHv1 14/15] android: Add makefile for hciconfig Andrei Emeltchenko
2013-10-07  7:38 ` [PATCHv1 15/15] android: Add makefile for hcitool Andrei Emeltchenko
2013-10-08 10:33 ` [PATCHv2 00/15] Basic code for Android BlueZ Andrei Emeltchenko
2013-10-08 10:33   ` [PATCHv2 01/15] android: Supress missing initializers warnings Andrei Emeltchenko
2013-10-08 10:33   ` [PATCHv2 02/15] android: Add Adapter Bluetooth HAL template Andrei Emeltchenko
2013-10-08 10:33   ` [PATCHv2 03/15] android: Add Socket " Andrei Emeltchenko
2013-10-08 10:33   ` [PATCHv2 04/15] android: Enable Socket interface Andrei Emeltchenko
2013-10-08 10:33   ` [PATCHv2 05/15] android: Start Android Bluetooth daemon Andrei Emeltchenko
2013-10-08 10:33   ` [PATCHv2 06/15] android: Add basic mgmt initialization sequence Andrei Emeltchenko
2013-10-08 10:33   ` [PATCHv2 07/15] android: Create HAL API header skeleton Andrei Emeltchenko
2013-10-08 10:33   ` [PATCHv2 08/15] android: Add adapter and device struct for BlueZ daemon Andrei Emeltchenko
2013-10-08 10:33   ` [PATCHv2 09/15] android: Add Android Makefile for libbluetooth Andrei Emeltchenko
2013-10-08 10:33   ` [PATCHv2 10/15] android: sdp: Reuse BlueZ SDP server in Android Andrei Emeltchenko
2013-10-08 10:33   ` [PATCHv2 11/15] android: Add cap to bind to port < 1024 Andrei Emeltchenko
2013-10-08 10:33   ` [PATCHv2 12/15] android: Implement read_info_complete callback Andrei Emeltchenko
2013-10-08 10:33   ` [PATCHv2 13/15] android: Handle mgmt changed events Andrei Emeltchenko
2013-10-08 10:33   ` [PATCHv2 14/15] android: Add makefile for hciconfig Andrei Emeltchenko
2013-10-08 10:33   ` [PATCHv2 15/15] android: Add makefile for hcitool Andrei Emeltchenko
2013-10-08 14:51 ` [PATCHv3 00/15] Basic code for Android BlueZ Andrei Emeltchenko
2013-10-08 14:51   ` [PATCHv3 01/15] android: Supress missing initializers warnings Andrei Emeltchenko
2013-10-09 19:11     ` Marcel Holtmann
2013-10-09 22:55       ` Lucas De Marchi
2013-10-10  6:58       ` Andrei Emeltchenko
2013-10-10  7:35         ` Marcel Holtmann
2013-10-10  8:07           ` Andrei Emeltchenko
2013-10-10  8:10             ` Marcel Holtmann
2013-10-10  8:16               ` Andrei Emeltchenko
2013-10-08 14:51   ` [PATCHv3 02/15] android: Add Adapter Bluetooth HAL template Andrei Emeltchenko
2013-10-08 14:51   ` [PATCHv3 03/15] android: Add Socket " Andrei Emeltchenko
2013-10-09 19:14     ` Marcel Holtmann
2013-10-10  6:56       ` Andrei Emeltchenko
2013-10-10  7:33         ` Marcel Holtmann
2013-10-08 14:51   ` [PATCHv3 04/15] android: Enable Socket interface Andrei Emeltchenko
2013-10-09 19:15     ` Marcel Holtmann
2013-10-08 14:51   ` [PATCHv3 05/15] android: Start Android Bluetooth daemon Andrei Emeltchenko
2013-10-09 19:19     ` Marcel Holtmann
2013-10-08 14:51   ` [PATCHv3 06/15] android: Add basic mgmt initialization sequence Andrei Emeltchenko
2013-10-09 19:30     ` Marcel Holtmann
2013-10-10  9:59       ` Andrei Emeltchenko
2013-10-10 12:38         ` Marcel Holtmann
2013-10-08 14:51   ` [PATCHv3 07/15] android: Create HAL API header skeleton Andrei Emeltchenko
2013-10-09 19:34     ` Marcel Holtmann
2013-10-10 12:29       ` Andrei Emeltchenko
2013-10-10 12:35         ` Marcel Holtmann
2013-10-10 12:48           ` Andrei Emeltchenko
2013-10-10 13:02             ` Marcel Holtmann
2013-10-08 14:51   ` [PATCHv3 08/15] android: Add adapter and device struct for BlueZ daemon Andrei Emeltchenko
2013-10-09 19:39     ` Marcel Holtmann
2013-10-10 12:36       ` Andrei Emeltchenko
2013-10-10 12:40         ` Marcel Holtmann
2013-10-10  9:07     ` Marcin Kraglak
2013-10-10 12:30       ` Andrei Emeltchenko
2013-10-10 13:18         ` Marcin Kraglak
2013-10-10 13:27           ` Andrei Emeltchenko
2013-10-08 14:51   ` [PATCHv3 09/15] android: Add Android Makefile for libbluetooth Andrei Emeltchenko
2013-10-09 19:43     ` Marcel Holtmann
2013-10-10 12:43       ` Andrei Emeltchenko
2013-10-10 12:45         ` Marcel Holtmann
2013-10-10 12:52           ` Andrei Emeltchenko
2013-10-08 14:51   ` [PATCHv3 10/15] android: sdp: Reuse BlueZ SDP server in Android Andrei Emeltchenko
2013-10-09 19:45     ` Marcel Holtmann
2013-10-08 14:51   ` [PATCHv3 11/15] android: Add cap to bind to port < 1024 Andrei Emeltchenko
2013-10-09 19:48     ` Marcel Holtmann
2013-10-10 13:01       ` Andrei Emeltchenko
2013-10-08 14:51   ` [PATCHv3 12/15] android: Implement read_info_complete callback Andrei Emeltchenko
2013-10-09 19:54     ` Marcel Holtmann
2013-10-08 14:51   ` [PATCHv3 13/15] android: Handle mgmt changed events Andrei Emeltchenko
2013-10-09 19:58     ` Marcel Holtmann
2013-10-08 14:51   ` [PATCHv3 14/15] android: Add makefile for hciconfig Andrei Emeltchenko
2013-10-09 19:59     ` Marcel Holtmann
2013-10-14 11:51       ` Andrei Emeltchenko
2013-10-14 12:06         ` Marcel Holtmann
2013-10-14 13:39           ` Michal Labedzki
2013-10-08 14:51   ` [PATCHv3 15/15] android: Add makefile for hcitool Andrei Emeltchenko

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=8033220.yHOuagLSyP@uw000953 \
    --to=szymon.janc@tieto.com \
    --cc=Andrei.Emeltchenko.news@gmail.com \
    --cc=linux-bluetooth@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox