From 66bf3f699b8a1345b06919072a307ba686ec6db9 Mon Sep 17 00:00:00 2001 From: LoveSy Date: Wed, 31 Jan 2024 23:09:04 +0800 Subject: [PATCH] Use rustix to replace some unsafe calls --- userspace/ksud/Cargo.lock | 32 +++++++++++++++++--------------- userspace/ksud/Cargo.toml | 1 + userspace/ksud/src/event.rs | 1 - userspace/ksud/src/ksu.rs | 18 +++++++++++++++--- userspace/ksud/src/utils.rs | 23 ++++++++++++++--------- 5 files changed, 47 insertions(+), 28 deletions(-) diff --git a/userspace/ksud/Cargo.lock b/userspace/ksud/Cargo.lock index df1810100ee2..69bc91178168 100644 --- a/userspace/ksud/Cargo.lock +++ b/userspace/ksud/Cargo.lock @@ -256,9 +256,9 @@ dependencies = [ [[package]] name = "clang-sys" -version = "1.4.0" +version = "1.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fa2e27ae6ab525c3d369ded447057bca5438d86dc3a68f6faafb8269ba82ebf3" +checksum = "67523a3b4be3ce1989d607a828d036249522dd9c1c8de7f4dd2dae43a37369d1" dependencies = [ "glob", "libc", @@ -858,6 +858,7 @@ dependencies = [ "regex", "retry", "rust-embed", + "rustix 0.38.30", "serde", "serde_json", "sha256", @@ -908,12 +909,12 @@ dependencies = [ [[package]] name = "libloading" -version = "0.7.4" +version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b67380fd3b2fbe7527a606e18729d21c6f3951633d0500574c4dc22d2d638b9f" +checksum = "c571b676ddfc9a8c12f1f3d3085a7b163966a8fd8098a90640953ce5f6170161" dependencies = [ "cfg-if 1.0.0", - "winapi", + "windows-sys 0.48.0", ] [[package]] @@ -1376,8 +1377,10 @@ checksum = "322394588aaf33c24007e8bb3238ee3e4c5c09c084ab32bc73890b99ff326bca" dependencies = [ "bitflags 2.4.1", "errno 0.3.8", + "itoa", "libc", "linux-raw-sys 0.4.13", + "once_cell", "windows-sys 0.52.0", ] @@ -1456,9 +1459,9 @@ dependencies = [ [[package]] name = "shlex" -version = "1.1.0" +version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "43b2853a4d09f215c24cc5489c992ce46052d359b5109343cbafbf26bc62f8a3" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" [[package]] name = "smart-default" @@ -1598,11 +1601,10 @@ dependencies = [ [[package]] name = "tracing" -version = "0.1.37" +version = "0.1.40" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ce8c33a8d48bd45d624a6e523445fd21ec13d3653cd51f681abf67418f54eb8" +checksum = "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef" dependencies = [ - "cfg-if 1.0.0", "pin-project-lite", "tracing-attributes", "tracing-core", @@ -1610,20 +1612,20 @@ dependencies = [ [[package]] name = "tracing-attributes" -version = "0.1.23" +version = "0.1.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4017f8f45139870ca7e672686113917c71c7a6e02d4924eda67186083c03081a" +checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" dependencies = [ "proc-macro2", "quote", - "syn 1.0.107", + "syn 2.0.48", ] [[package]] name = "tracing-core" -version = "0.1.30" +version = "0.1.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "24eb03ba0eab1fd845050058ce5e616558e8f8d8fca633e6b163fe25c797213a" +checksum = "c06d3da6113f116aaee68e4d601191614c9053067f9ab7f6edbcb161237daa54" dependencies = [ "once_cell", ] diff --git a/userspace/ksud/Cargo.toml b/userspace/ksud/Cargo.toml index 2eaf2d065fe9..3a38b43b751e 100644 --- a/userspace/ksud/Cargo.toml +++ b/userspace/ksud/Cargo.toml @@ -40,6 +40,7 @@ hole-punch = { git = "https://github.com/tiann/hole-punch" } [target.'cfg(any(target_os = "android", target_os = "linux"))'.dependencies] sys-mount = { git = "https://github.com/tiann/sys-mount", branch = "loopfix" } +rustix = { version = "0.38", features = ["all-apis"] } # some android specific dependencies which compiles under unix are also listed here for convenience of coding android-properties = { version = "0.2.2", features = ["bionic-deprecated"] } procfs = "0.16" diff --git a/userspace/ksud/src/event.rs b/userspace/ksud/src/event.rs index 244827a6b0c8..6b1ddb3cfeb0 100644 --- a/userspace/ksud/src/event.rs +++ b/userspace/ksud/src/event.rs @@ -1,6 +1,5 @@ use anyhow::{bail, Context, Result}; use log::{info, warn}; -use std::path::PathBuf; use std::{collections::HashMap, path::Path}; use crate::module::prune_modules; diff --git a/userspace/ksud/src/ksu.rs b/userspace/ksud/src/ksu.rs index 05939922058c..3f7810ea6b77 100644 --- a/userspace/ksud/src/ksu.rs +++ b/userspace/ksud/src/ksu.rs @@ -3,6 +3,7 @@ use anyhow::{Ok, Result}; #[cfg(unix)] use anyhow::ensure; use getopts::Options; +use rustix::thread::{Gid, Uid}; use std::env; #[cfg(unix)] use std::os::unix::process::CommandExt; @@ -14,6 +15,12 @@ use crate::{ utils::{self, umask}, }; +#[cfg(any(target_os = "linux", target_os = "android"))] +use rustix::{ + process::getuid, + thread::{set_thread_res_gid, set_thread_res_uid}, +}; + pub const KERNEL_SU_OPTION: u32 = 0xDEAD_BEEF; const CMD_GRANT_ROOT: u64 = 0; @@ -65,8 +72,13 @@ fn set_identity(uid: u32, gid: u32, groups: &[u32]) { if !groups.is_empty() { libc::setgroups(groups.len(), groups.as_ptr()); } - libc::setresgid(gid, gid, gid); - libc::setresuid(uid, uid, uid); + } + #[cfg(any(target_os = "linux", target_os = "android"))] + { + let gid = unsafe { Gid::from_raw(gid) }; + let uid = unsafe { Uid::from_raw(uid) }; + set_thread_res_gid(gid, gid, gid).ok(); + set_thread_res_uid(uid, uid, uid).ok(); } } @@ -203,7 +215,7 @@ pub fn root_shell() -> Result<()> { } // use current uid if no user specified, these has been done in kernel! - let mut uid = unsafe { libc::getuid() }; + let mut uid = getuid().as_raw(); if free_idx < matches.free.len() { let name = &matches.free[free_idx]; uid = unsafe { diff --git a/userspace/ksud/src/utils.rs b/userspace/ksud/src/utils.rs index 77b1aa75bd8c..dc782475b7a1 100644 --- a/userspace/ksud/src/utils.rs +++ b/userspace/ksud/src/utils.rs @@ -15,6 +15,12 @@ use std::os::unix::prelude::PermissionsExt; use hole_punch::*; use std::io::{Read, Seek, SeekFrom}; +#[cfg(any(target_os = "linux", target_os = "android"))] +use rustix::{ + process, + thread::{move_into_link_name_space, unshare, LinkNameSpaceType, UnshareFlags}, +}; + pub fn ensure_clean_dir(dir: &str) -> Result<()> { let path = Path::new(dir); log::debug!("ensure_clean_dir: {}", path.display()); @@ -115,24 +121,23 @@ pub fn get_zip_uncompressed_size(zip_path: &str) -> Result { #[cfg(any(target_os = "linux", target_os = "android"))] pub fn switch_mnt_ns(pid: i32) -> Result<()> { - use anyhow::ensure; - use std::os::fd::AsRawFd; + use rustix::{ + fd::AsFd, + fs::{open, Mode, OFlags}, + }; let path = format!("/proc/{pid}/ns/mnt"); - let fd = std::fs::File::open(path)?; + let fd = open(path, OFlags::RDONLY, Mode::from_raw_mode(0))?; let current_dir = std::env::current_dir(); - let ret = unsafe { libc::setns(fd.as_raw_fd(), libc::CLONE_NEWNS) }; + move_into_link_name_space(fd.as_fd(), Some(LinkNameSpaceType::Mount))?; if let std::result::Result::Ok(current_dir) = current_dir { let _ = std::env::set_current_dir(current_dir); } - ensure!(ret == 0, "switch mnt ns failed"); Ok(()) } #[cfg(any(target_os = "linux", target_os = "android"))] pub fn unshare_mnt_ns() -> Result<()> { - use anyhow::ensure; - let ret = unsafe { libc::unshare(libc::CLONE_NEWNS) }; - ensure!(ret == 0, "unshare mnt ns failed"); + unshare(UnshareFlags::NEWNS)?; Ok(()) } @@ -164,7 +169,7 @@ pub fn switch_cgroups() { #[cfg(any(target_os = "linux", target_os = "android"))] pub fn umask(mask: u32) { - unsafe { libc::umask(mask) }; + process::umask(rustix::fs::Mode::from_raw_mode(mask)); } #[cfg(not(any(target_os = "linux", target_os = "android")))]