make ping runnable only to AID_INET
Applications which don't have the internet permission
(AID_INET) should not be able to use ping to communicate over
the network. Enforce this in the ping code.
Bug: 1424756
Change-Id: I289ded5cbe56368b9245d246d650e4792840a363
diff --git a/ping.c b/ping.c
index 2afca98..80d9663 100644
--- a/ping.c
+++ b/ping.c
@@ -63,6 +63,8 @@
#include <netinet/ip.h>
#include <linux/icmp.h>
#include <sched.h>
+#include <sys/types.h>
+#include <private/android_filesystem_config.h>
#define bzero(b,sz) memset(b, 0, sz)
@@ -1669,6 +1671,40 @@
exit(2);
}
+int isInSupplementaryGroup(gid_t group) {
+ long ngroups_max;
+ gid_t *groups;
+ int ngroups;
+ int i;
+
+ if (getuid() == 0) {
+ // root is presumed to be in every group
+ return 1;
+ }
+
+ ngroups_max = sysconf(_SC_NGROUPS_MAX) + 1;
+ groups = (gid_t *) malloc(ngroups_max * sizeof(gid_t));
+ if (groups == NULL) {
+ fprintf(stderr, "ping: unable to allocate memory. Aborting\n");
+ exit(2);
+ }
+ ngroups = getgroups(ngroups_max, groups);
+ if (ngroups < 0) {
+ perror("ping: getgroups failed");
+ exit(2);
+ }
+
+ for (i = 0; i < ngroups; i++) {
+ if (group == groups[i]) {
+ free(groups);
+ return 1;
+ }
+ }
+
+ free(groups);
+ return 0;
+}
+
int main(int argc, char *argv[])
{
struct hostent *hp;
@@ -1684,6 +1720,11 @@
/* if we were setuid root, undo that */
if (setuid(getuid())) return -1;
+ if (!isInSupplementaryGroup(AID_INET)) {
+ fprintf(stderr, "You must have internet permissions to use ping. Aborting.\n");
+ exit(2);
+ }
+
source.sin_family = AF_INET;
preload = 1;