From de9e65dd6586a1c62fe010f9512e326591a4863d Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Wed, 27 Apr 2011 10:21:24 -0700
Subject: [PATCH] Revert "Fold uevent message origin checking from init into
 libcutils."

This reverts commit 8405ec0e7562a370174d9973dd94984c47e49c36.

The original change does not compile.
---
 include/cutils/uevent.h | 32 -------------------
 init/devices.c          | 34 +++++++++++++++++---
 libcutils/Android.mk    |  1 -
 libcutils/uevent.c      | 70 -----------------------------------------
 4 files changed, 29 insertions(+), 108 deletions(-)
 delete mode 100644 include/cutils/uevent.h
 delete mode 100644 libcutils/uevent.c

diff --git a/include/cutils/uevent.h b/include/cutils/uevent.h
deleted file mode 100644
index 587149c7d1f0..000000000000
--- a/include/cutils/uevent.h
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Copyright (C) 2011 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef __CUTILS_UEVENT_H
-#define __CUTILS_UEVENT_H
-
-#include <sys/socket.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-ssize_t uevent_checked_recv(int socket, void *buffer, size_t length);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __CUTILS_UEVENT_H */
diff --git a/init/devices.c b/init/devices.c
index eb5d84e05238..e73efdf03b17 100644
--- a/init/devices.c
+++ b/init/devices.c
@@ -33,8 +33,6 @@
 #include <asm/page.h>
 #include <sys/wait.h>
 
-#include <cutils/uevent.h>
-
 #include "devices.h"
 #include "util.h"
 #include "log.h"
@@ -591,9 +589,35 @@ static void handle_firmware_event(struct uevent *uevent)
 #define UEVENT_MSG_LEN  1024
 void handle_device_fd()
 {
-    char msg[UEVENT_MSG_LEN+2];
-    int n;
-    while ((n = uevent_checked_recv(device_fd, msg, UEVENT_MSG_LEN)) > 0) {
+    for(;;) {
+        char msg[UEVENT_MSG_LEN+2];
+        char cred_msg[CMSG_SPACE(sizeof(struct ucred))];
+        struct iovec iov = {msg, sizeof(msg)};
+        struct sockaddr_nl snl;
+        struct msghdr hdr = {&snl, sizeof(snl), &iov, 1, cred_msg, sizeof(cred_msg), 0};
+
+        ssize_t n = recvmsg(device_fd, &hdr, 0);
+        if (n <= 0) {
+            break;
+        }
+
+        if ((snl.nl_groups != 1) || (snl.nl_pid != 0)) {
+            /* ignoring non-kernel netlink multicast message */
+            continue;
+        }
+
+        struct cmsghdr * cmsg = CMSG_FIRSTHDR(&hdr);
+        if (cmsg == NULL || cmsg->cmsg_type != SCM_CREDENTIALS) {
+            /* no sender credentials received, ignore message */
+            continue;
+        }
+
+        struct ucred * cred = (struct ucred *)CMSG_DATA(cmsg);
+        if (cred->uid != 0) {
+            /* message from non-root user, ignore */
+            continue;
+        }
+
         if(n >= UEVENT_MSG_LEN)   /* overflow -- discard */
             continue;
 
diff --git a/libcutils/Android.mk b/libcutils/Android.mk
index 1951c1df0a63..3dc3d694abe4 100644
--- a/libcutils/Android.mk
+++ b/libcutils/Android.mk
@@ -74,7 +74,6 @@ else
         mspace.c \
         selector.c \
         tztime.c \
-        uevent.c \
         zygote.c
 
     commonHostSources += \
diff --git a/libcutils/uevent.c b/libcutils/uevent.c
deleted file mode 100644
index 3533c00f6949..000000000000
--- a/libcutils/uevent.c
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright (C) 2011 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <cutils/uevent.h>
-
-#include <errno.h>
-#include <strings.h>
-
-#include <linux/netlink.h>
-
-/**
- * Like recv(), but checks that messages actually originate from the kernel.
- */
-ssize_t uevent_checked_recv(int socket, void *buffer, size_t length) {
-    struct iovec iov = { buffer, length };
-    struct sockaddr_nl addr;
-    char control[CMSG_SPACE(sizeof(struct ucred))];
-    struct msghdr hdr = {
-        &addr,
-        sizeof(addr),
-        &iov,
-        1,
-        control,
-        sizeof(control),
-        0,
-    };
-
-    ssize_t n = recvmsg(socket, &hdr, 0);
-    if (n <= 0) {
-        return n;
-    }
-
-    if (addr.nl_groups == 0 || addr.nl_pid != 0) {
-        /* ignoring non-kernel or unicast netlink message */
-        goto out;
-    }
-
-    struct cmsghdr *cmsg = CMSG_FIRSTHDR(&hdr);
-    if (cmsg == NULL || cmsg->cmsg_type != SCM_CREDENTIALS) {
-        /* ignoring netlink message with no sender credentials */
-        goto out;
-    }
-
-    struct ucred *cred = (struct ucred *)CMSG_DATA(cmsg);
-    if (cred->uid != 0) {
-        /* ignoring netlink message from non-root user */
-        goto out;
-    }
-
-    return n;
-
-out:
-    /* clear residual potentially malicious data */
-    bzero(buffer, length);
-    errno = EIO;
-    return -1;
-}