def add_option(self, option, args):
if option == "user":
self.cred.uid = AID_MAP_INV.get(args[0], 9999)
elif option == "capabilities":
for cap in args:
self.cred.cap.add('ambient', cap)
elif option == "group":
self.cred.gid = AID_MAP_INV.get(args[0], 9999)
for group in args[1:]:
try:
self.cred.add_group(group)
except KeyError:
log.warning("Unabled to find AID mapping for group %s", group)
elif option == "disabled":
self.disabled = True
elif option == "class":
self.service_class = args[0]
if len(args) > 1:
self.service_groups = args[1:]
elif option == "oneshot":
self.oneshot = True
elif option == "seclabel":
self.cred.sid = SELinuxContext.FromString(args[0])
else:
self.options += [[option] + args]
def read_uevent_rc(self, path):
rc_path = self._init_rel_path(path)
rc_lines = ""
with open(rc_path, 'r') as fp:
rc_lines = fp.read()
for line_no, line in enumerate(rc_lines.split("\n")):
# ignore blank lines and comments
if re.match('^(\s*#)|(\s*$)', line):
continue
# greedly replace all whitespace with a single space for splitting
line = re.sub('\s+', " ", line)
# split by spaces, while eliminating empty components
components = list(filter(lambda x: len(x) > 0, line.split(" ")))
fn = components[0]
fn_expand = ""
if fn.startswith("/dev") and len(components) == 4:
mode = int(components[1], 8) | stat.S_IFCHR
user = components[2]
group = components[3]
fn_expand = fn
elif fn.startswith("/sys") and len(components) == 5:
node_name = components[1]
mode = int(components[2], 8) | stat.S_IFREG
user = components[3]
group = components[4]
fn_expand = fn + "/" + node_name
else:
continue
file_policy = {
"original_path": None,
"user": AID_MAP_INV.get(user, 9999),
"group": AID_MAP_INV.get(group, 9999),
"perms": mode,
"size": 0,
"link_path": "",
"capabilities": None,
"selinux": None,
}
self._add_uevent_file(fn_expand, file_policy)
log.info("Loaded %s", path)
def execute(self, cmd, args):
self.stats["commands"] += 1
if cmd == "trigger":
assert len(args) == 1
self.new_stage_trigger(args[0])
elif cmd == "mkdir":
path = args[0]
user = 0
group = 0
perm = 0o755
if len(args) > 1:
perm = int(args[1], 8)
if len(args) > 2:
user = AID_MAP_INV.get(args[2], 9999)
if len(args) > 3:
group = AID_MAP_INV.get(args[3], 9999)
self.root_fs.mkdir(path, user, group, perm)
elif cmd == "chown":
user = AID_MAP_INV.get(args[0], 9999)
group = AID_MAP_INV.get(args[1], 9999)
path = args[2]
if path.startswith("/dev"):
mode = 0o0400 | stat.S_IFCHR
elif path.startswith("/sys"):
mode = 0o0444 | stat.S_IFREG
else:
return
policy = {
"original_path": None,
"user": user,
"group": user,
"perms": mode,
"size": 0,
"link_path": "",
"capabilities": None,
"selinux": None,
}
if path not in self.root_fs.files:
self._add_uevent_file(path, policy)
self.root_fs.chown(path, user, group)
elif cmd == "chmod":
mode = int(args[0], 8)
path = args[1]
if path.startswith("/dev"):
mode = mode | stat.S_IFCHR
elif path.startswith("/sys"):
mode = mode | stat.S_IFREG
else:
return
policy = {
"original_path": None,
"user": AID_MAP_INV.get("root", 9999),
"group": AID_MAP_INV.get("root", 9999),
"perms": mode,
"size": 0,
"link_path": "",
"capabilities": None,
"selinux": None,
}
if path not in self.root_fs.files:
self._add_uevent_file(path, policy)
self.root_fs.chmod(path, mode)
elif cmd == "copy":
pass
elif cmd == "rm":
pass
elif cmd == "rmdir":
pass
elif cmd == "setprop":
pass
elif cmd == "write":
pass
elif cmd == "mount":
path = args[2]
fstype = args[0]
device = args[1]
options = []
if len(args) > 3:
for o in args[3:]:
options += o.split(",")
if path in self.root_fs.mount_points:
return
self.root_fs.add_mount_point(path, fstype, device, options)
elif cmd == "mount_all":
path = args[0]
late_mount = "--late" in args
try:
with open(self._init_rel_path(self.expand_properties(path)), 'r') as fp:
fstab_data = fp.read()
entries = self.parse_fstab(fstab_data)
except IOError:
log.error("Unable to open fstab file %s", self._init_rel_path(self.expand_properties(path)))#path)
return
for entry in entries:
if late_mount and "latemount" not in entry["fsmgroptions"]:
continue
if not late_mount and "latemount" in entry["fsmgroptions"]:
continue
if entry["path"] in self.root_fs.mount_points:
continue
self.root_fs.add_mount_point(entry["path"], entry["fstype"], entry["device"], entry["options"])
def execute(self, cmd, args):
self.stats["commands"] += 1
if cmd == "trigger":
assert len(args) == 1
self.new_stage_trigger(args[0])
elif cmd == "mkdir":
path = args[0]
user = 0
group = 0
perm = 0o755
if len(args) > 1:
try:
perm = int(args[1], 8)
except ValueError:
log.warning("Malformed mkdir: %s", args)
return
if len(args) > 2:
user = AID_MAP_INV.get(args[2], 9999)
if len(args) > 3:
group = AID_MAP_INV.get(args[3], 9999)
if user == 9999:
log.warning("Missing AID definition for user: %s", args[2])
if group == 9999:
log.warning("Missing AID definition for group: %s", args[3])
self.root_fs.mkdir(os.path.normpath(path), user, group, perm)
elif cmd == "chown":
if len(args) < 3:
log.warning("Chown not enough arguments")
return
user = AID_MAP_INV.get(args[0], 9999)
group = AID_MAP_INV.get(args[1], 9999)
if user == 9999:
log.warning("Missing AID definition for user: %s", args[0])
if group == 9999:
log.warning("Missing AID definition for group: %s", args[1])
path = args[2]
# Try to instantiate it anyways
if path not in self.root_fs.files:
if path.startswith("/dev"):
mode = 0o0600 | stat.S_IFCHR
elif path.startswith("/sys"):
mode = 0o0644 | stat.S_IFREG
else:
return
policy = {
"original_path": None,
"user": user,
"group": group,
"perms": mode,
"size": 0,
"link_path": "",
"capabilities": None,
"selinux": None,
}
self._add_uevent_file(path, policy)
self.root_fs.chown(path, user, group)
elif cmd == "chmod":
mode = int(args[0], 8)
path = args[1]
# Try to instantiate it anyways
if path not in self.root_fs.files:
if path.startswith("/dev"):
mode = mode | stat.S_IFCHR
elif path.startswith("/sys"):
mode = mode | stat.S_IFREG
else:
return
policy = {
"original_path": None,
"user": AID_MAP_INV.get("root", 9999),
"group": AID_MAP_INV.get("root", 9999),
"perms": mode,
"size": 0,
"link_path": "",
"capabilities": None,
"selinux": None,
}
self._add_uevent_file(path, policy)
self.root_fs.chmod(path, mode)
elif cmd == "copy":
pass
elif cmd == "rm":
pass
elif cmd == "rmdir":
pass
elif cmd == "setprop":
pass
elif cmd == "enable":
if len(args) < 1:
log.warning("Enable needs an argument")
return
service = args[0]
if service in self.services:
if self.services[service].disabled:
log.info("Enabling service %s", service)
self.services[service].disabled = False
elif cmd == "write":
pass
elif cmd == "mount":
path = args[2]
fstype = args[0]
device = args[1]
options = []
if len(args) > 3:
for o in args[3:]:
options += o.split(",")
if path in self.root_fs.mount_points:
return
self.root_fs.add_mount_point(path, fstype, device, options)
elif cmd == "mount_all":
path = args[0]
late_mount = "--late" in args
try:
with open(self._init_rel_path(self.expand_properties(path)),
'r') as fp:
fstab_data = fp.read()
entries = self.parse_fstab(fstab_data)
except IOError:
log.error("Unable to open fstab file %s",
self._init_rel_path(
self.expand_properties(path))) #path)
return
for entry in entries:
if late_mount and "latemount" not in entry["fsmgroptions"]:
continue
if not late_mount and "latemount" in entry["fsmgroptions"]:
continue
if entry["path"] in self.root_fs.mount_points:
continue
self.root_fs.add_mount_point(entry["path"], entry["fstype"],
entry["device"], entry["options"])