Skip to content
Snippets Groups Projects
Commit 6b04a774 authored by Hariprasad Dhalinarasimha's avatar Hariprasad Dhalinarasimha
Browse files

external/qrngd: Start qrng daemon upon power up 

1. Set root permissions to qrng daemon upon powerup
2. Drop all permissions except few, just enough to make ioctl calls

Point 2(above) is uploaded in this commit.

Change-Id: I30178a72abbe6f68ea22c178e36aef5e674062b2
parent dc0e701f
Branches caf/caf_migration/APSS.FSM.3.0.r5.1.1 caf/caf_migration/fsm3-3.10-4.0 caf/caf_migration/fsm3-3.10-5 caf/caf_migration/fsm3-3.10-6 caf/caf_migration/fsm3-3.10-9900-rel5_ext caf/caf_migration/fsm4-9010-1.1.0 caf/caf_migration/ics caf/caf_migration/ics_rb4.3 caf/caf_migration/ics_rb6.3 caf/caf_migration/ics_rb7.2 caf/caf_migration/jb_2.2 caf/caf_migration/jb_2.2_rb2.2 caf/caf_migration/jb_2.2_rb2_1.1 caf/caf_migration/jb_2.2_rb2_1.2 caf/caf_migration/jb_2.2_rb2_2.1 caf/caf_migration/jb_2.2_rb2_2.2 caf/caf_migration/jb_2.2_rb2_2_1.1 caf/caf_migration/jb_2.2_rb2_3.1 caf/caf_migration/jb_2.2_rb2_4.1 caf/caf_migration/jb_2.2_rb2_4.2 caf/caf_migration/jb_2.2_rb2_5_1.1 caf/caf_migration/jb_2.2_rb3.1 caf/caf_migration/jb_2.2_rb3.2 caf/caf_migration/jb_chocolate_rb1.1 caf/caf_migration/jb_rb1.10 caf/caf_migration/jb_rb1.11 caf/caf_migration/jb_rb1.12 caf/caf_migration/jb_rb1.13 caf/caf_migration/jb_rb1.14 caf/caf_migration/jb_rb1.16 caf/caf_migration/jb_rb1.6 caf/caf_migration/jb_rb1.7 caf/caf_migration/jb_rb1.8 caf/caf_migration/jb_rb1.9 caf/caf_migration/jb_rb2.1 caf/caf_migration/jb_rb2.2 caf/caf_migration/jb_rb2.3 caf/caf_migration/jb_rb2.4 caf/caf_migration/jb_rb3.1 caf/caf_migration/jb_rb3.2 caf/caf_migration/jb_rb3.3 caf/caf_migration/jb_rb4.1 caf/caf_migration/jb_rel_2.0.2 caf/caf_migration/jb_rel_2.0.3.1_rb2.1 caf/caf_migration/jb_rel_2.0.3_rb2.1 caf/caf_migration/jb_rel_2.0.3_rb3.1 caf/caf_migration/jb_rel_rb1.1 caf/caf_migration/jb_rel_rb2.1 caf/caf_migration/jb_rel_rb3_1.1 caf/caf_migration/jb_rel_rb3_2.2 caf/caf_migration/jb_rel_rb3_2.3 caf/caf_migration/jb_rel_rb4.1 caf/caf_migration/jb_rel_rb5.1 caf/caf_migration/jb_rel_rb6.1 caf_migration/caf/APSS.FSM.3.0.r5.1.1 caf_migration/caf/fsm3-3.10-4.0 caf_migration/caf/fsm3-3.10-5 caf_migration/caf/fsm3-3.10-6 caf_migration/caf/fsm3-3.10-9900-rel5_ext caf_migration/caf/fsm4-9010-1.1.0 caf_migration/caf/ics caf_migration/caf/ics_rb4.3 caf_migration/caf/ics_rb6.3 caf_migration/caf/ics_rb7.2 caf_migration/caf/jb_2.2 caf_migration/caf/jb_2.2_rb2.2 caf_migration/caf/jb_2.2_rb2_1.1 caf_migration/caf/jb_2.2_rb2_1.2 caf_migration/caf/jb_2.2_rb2_2.1 caf_migration/caf/jb_2.2_rb2_2.2 caf_migration/caf/jb_2.2_rb2_2_1.1 caf_migration/caf/jb_2.2_rb2_3.1 caf_migration/caf/jb_2.2_rb2_4.1 caf_migration/caf/jb_2.2_rb2_4.2 caf_migration/caf/jb_2.2_rb2_5_1.1 caf_migration/caf/jb_2.2_rb3.1 caf_migration/caf/jb_2.2_rb3.2 caf_migration/caf/jb_chocolate_rb1.1 caf_migration/caf/jb_rb1.10 caf_migration/caf/jb_rb1.11 caf_migration/caf/jb_rb1.12 caf_migration/caf/jb_rb1.13 caf_migration/caf/jb_rb1.14 caf_migration/caf/jb_rb1.16 caf_migration/caf/jb_rb1.6 caf_migration/caf/jb_rb1.7 caf_migration/caf/jb_rb1.8 caf_migration/caf/jb_rb1.9 caf_migration/caf/jb_rb2.1 caf_migration/caf/jb_rb2.2 caf_migration/caf/jb_rb2.3 caf_migration/caf/jb_rb2.4 caf_migration/caf/jb_rb3.1 caf_migration/caf/jb_rb3.2 caf_migration/caf/jb_rb3.3 caf_migration/caf/jb_rb4.1 caf_migration/caf/jb_rel_2.0.2 caf_migration/caf/jb_rel_2.0.3.1_rb2.1 caf_migration/caf/jb_rel_2.0.3_rb2.1 caf_migration/caf/jb_rel_2.0.3_rb3.1
Tags A8064AAAAANLYA101014 A8064AAAAANLYA101015 A8064AAAAANLYA101030 A8064AAAAANLYA101030B A8064AAAAANLYA101031 A8064AAAAANLYA101032 A8064AAAAANLYA101033 A8064AAAAANLYA101034 A8064AAAAANLYA101036 A8064AAAAANLYA10103601 A8064AAAAANLYA101037 A8064AAAAANLYA101038 A8064AAAAANLYA101039 A8064AAAAANLYA10201 A8064AAAAANLYA102011 A8064AAAAANLYA102012 A8064AAAAANLYA102012A A8064AAAAANLYA102013 A8064AAAAANLYA102014 A8064AAAAANLYA102015 A8064AAAAANLYA102030 A8064AAAAANLYA102031 A8064AAAAANLYA102032 A8064AAAAANLYA102033 A8064AAAAANLYA10203301 A8064AAAAANLYA102034 A8064AAAAANLYA102310 A8064AAAAANLYA102311 A8064AAAAANLYA102510 A8064AAAAANLYA103010 A8064AAAAANLYA103020 A8064AAAAANLYA103030 A8064AAAAANLYA12110 A8064AAAAANLYA12111 A8064AAAAANLYA12130 A8064AAAAANLYA12131 A8064AAAAANLYA12132 A8064AAAAANLYA12133 A8064AAAAANLYA1313 A8064AAAAANLYA1320 A8064AAAAANLYA1321 A8064AAAAANLYA1322 A8064AAAAANLYA1322A A8064AAAAANLYA1330 A8064AAAAANLYA1330A A8064AAAAANLYA1331 A8064AAAAANLYA1332 A8064AAAAANLYA1333 A8064AAAAANLYA1334 A8064AAAAANLYA1335 A8064AAAAANLYA1335A A8064AAAAANLYA1336 A8064AAAAANLYA133601 A8064AAAAANLYA133602 A8064AAAAANLYA1337 A8064AAAAANLYA1338 A8064AAAAANLYA1513 A8064AAAAANLYA1514 A8064AAAAANLYA1611 A8064AAAAANLYA1620 A8064AAAAANLYA1621 A8064AAAAANLYA1621A A8064AAAAANLYA1810 A8064AAAAANLYA1811 A8064AAAAANLYA1812 A8064AAAAANLYA1910 A8064AAAAANLYA20113004 A8064AAAAANLYA20136011 A8064AAAAANLYA2016014 A8064AAAAANLYA2227003 APSS.FSM.3.0.r4-00325-F9955TXE APSS.FSM.3.0.r5.1-00010-F9955FPE APSS.FSM.3.0.r5.1-00024-F9955TXE APSS.FSM.3.0.r5.1-00252-F9955FPE APSS.FSM.3.0.r5.1-00252-F9955TXE APSS.FSM.3.0.r5.1.1-00008-F9955FPE APSS.FSM.3.0.r5.1.1-00035-F9955FPE AU_LINUX_ANDROID_JB.04.01.01.00.195 AU_LINUX_ANDROID_JB.04.01.01.00.196 AU_LINUX_ANDROID_JB.04.01.01.00.198 AU_LINUX_ANDROID_JB.04.01.01.00.200 AU_LINUX_ANDROID_JB.04.01.01.00.209 AU_LINUX_ANDROID_JB.04.01.01.00.218 AU_LINUX_ANDROID_JB.04.01.01.00.219 AU_LINUX_ANDROID_JB.04.01.01.00.223 AU_LINUX_ANDROID_JB.04.01.01.00.224 AU_LINUX_ANDROID_JB.04.01.01.00.226 AU_LINUX_ANDROID_JB.04.01.01.00.228 AU_LINUX_ANDROID_JB.04.01.01.00.229 AU_LINUX_ANDROID_JB.04.01.01.00.234 AU_LINUX_ANDROID_JB.04.01.01.00.235 AU_LINUX_ANDROID_JB.04.01.01.00.237 AU_LINUX_ANDROID_JB.04.01.01.00.238 AU_LINUX_ANDROID_JB.04.01.01.00.259 AU_LINUX_ANDROID_JB.04.01.01.00.260 AU_LINUX_ANDROID_JB.04.01.01.00.261 AU_LINUX_ANDROID_JB.04.01.01.00.262 AU_LINUX_ANDROID_JB.04.01.01.00.263 AU_LINUX_ANDROID_JB.04.01.01.00.264 AU_LINUX_ANDROID_JB.04.01.01.00.272
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 41 additions and 0 deletions
qrngd.c 100755 → 100644
+ 41
0
View file @ 6b04a774
......@@ -42,6 +42,9 @@
#include <sys/time.h>
#include <sys/types.h>
#include <sys/poll.h>
#include <linux/capability.h>
#include <sys/prctl.h>
#include <private/android_filesystem_config.h>
#ifdef ANDROID_CHANGES
#include <android/log.h>
......@@ -266,6 +269,37 @@ static int read_src(int fd, void *buf, size_t size)
return 0;
}
/*Hold minimal permissions, so as to get IOCTL working*/
static int qrng_update_cap()
{
int retvalue = 0;
struct __user_cap_header_struct header;
struct __user_cap_data_struct cap;
memset(&header, 0, sizeof(header));
memset(&cap, 0, sizeof(cap));
prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
if( 0 != setgid(AID_SYSTEM)){
fprintf(stderr, "setgid error\n");
return -1;
}
if( 0 != setuid(AID_SYSTEM)){
fprintf(stderr, "setuid error\n");
return -1;
}
header.version = _LINUX_CAPABILITY_VERSION;
header.pid = 0;
cap.effective = (1 << CAP_SYS_ADMIN) | (1 << CAP_NET_RAW);
cap.permitted = cap.effective;
cap.inheritable = 0;
retvalue = capset(&header, &cap);
if(retvalue != 0){
fprintf(stderr, "capset error\n");
return -1;
}
return 0;
}
/* The beginning of everything */
int main(int argc, char **argv)
{
......@@ -279,6 +313,13 @@ int main(int argc, char **argv)
int ret;
int exitval = 0;
/*Hold minimal permissions, just enough to get IOCTL working*/
if(0 != qrng_update_cap()){
log_print(ERROR, "qrngd permission reset failed, exiting\n");
exitval = 1;
goto exit;
}
/* set default parameters */
user_ops.run_as_daemon = TRUE;
strcpy(user_ops.input_device_name, RANDOM_DEVICE_HW);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment