Skip to content

Commit 8b77d9d

Browse files
committed
gh-152936: Make privileged functions available on Android
1 parent a90576d commit 8b77d9d

6 files changed

Lines changed: 102 additions & 23 deletions

File tree

Doc/library/os.rst

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -574,7 +574,7 @@ process and user.
574574
the groups of which the specified username is a member, plus the specified
575575
group id.
576576

577-
.. availability:: Unix, not WASI, not Android.
577+
.. availability:: Unix, not WASI.
578578

579579
.. versionadded:: 3.2
580580

@@ -610,21 +610,21 @@ process and user.
610610

611611
Set the current process's effective group id.
612612

613-
.. availability:: Unix, not WASI, not Android.
613+
.. availability:: Unix, not WASI.
614614

615615

616616
.. function:: seteuid(euid, /)
617617

618618
Set the current process's effective user id.
619619

620-
.. availability:: Unix, not WASI, not Android.
620+
.. availability:: Unix, not WASI.
621621

622622

623623
.. function:: setgid(gid, /)
624624

625625
Set the current process' group id.
626626

627-
.. availability:: Unix, not WASI, not Android.
627+
.. availability:: Unix, not WASI.
628628

629629

630630
.. function:: setgroups(groups, /)
@@ -718,14 +718,14 @@ process and user.
718718

719719
Set the current process's real and effective group ids.
720720

721-
.. availability:: Unix, not WASI, not Android.
721+
.. availability:: Unix, not WASI.
722722

723723

724724
.. function:: setresgid(rgid, egid, sgid, /)
725725

726726
Set the current process's real, effective, and saved group ids.
727727

728-
.. availability:: Unix, not WASI, not Android, not macOS, not iOS.
728+
.. availability:: Unix, not WASI, not macOS, not iOS.
729729

730730
.. versionadded:: 3.2
731731

@@ -734,7 +734,7 @@ process and user.
734734

735735
Set the current process's real, effective, and saved user ids.
736736

737-
.. availability:: Unix, not WASI, not Android, not macOS, not iOS.
737+
.. availability:: Unix, not WASI, not macOS, not iOS.
738738

739739
.. versionadded:: 3.2
740740

@@ -743,7 +743,7 @@ process and user.
743743

744744
Set the current process's real and effective user ids.
745745

746-
.. availability:: Unix, not WASI, not Android.
746+
.. availability:: Unix, not WASI.
747747

748748

749749
.. function:: getsid(pid, /)
@@ -766,7 +766,7 @@ process and user.
766766

767767
Set the current process's user id.
768768

769-
.. availability:: Unix, not WASI, not Android.
769+
.. availability:: Unix, not WASI.
770770

771771

772772
.. placed in this section since it relates to errno.... a little weak
@@ -2304,7 +2304,7 @@ features:
23042304

23052305
Change the root directory of the current process to *path*.
23062306

2307-
.. availability:: Unix, not WASI, not Android.
2307+
.. availability:: Unix, not WASI.
23082308

23092309
.. versionchanged:: 3.6
23102310
Accepts a :term:`path-like object`.

Doc/library/socket.rst

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1372,7 +1372,7 @@ The :mod:`!socket` module also offers various network-related services:
13721372

13731373
.. audit-event:: socket.sethostname name socket.sethostname
13741374

1375-
.. availability:: Unix, not Android.
1375+
.. availability:: Unix.
13761376

13771377
.. versionadded:: 3.3
13781378

Modules/posixmodule.c

Lines changed: 80 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4400,6 +4400,14 @@ static PyObject *
44004400
os_chroot_impl(PyObject *module, path_t *path)
44014401
/*[clinic end generated code: output=de80befc763a4475 input=14822965652c3dc3]*/
44024402
{
4403+
#ifdef __ANDROID__
4404+
// On Android, calling this function as a non-root user leads to a process crash
4405+
// rather than returning a permission error.
4406+
if (getuid() != 0) {
4407+
errno = EPERM;
4408+
return path_error(path);
4409+
}
4410+
#endif
44034411
int res;
44044412
Py_BEGIN_ALLOW_THREADS
44054413
res = chroot(path->narrow);
@@ -9855,6 +9863,14 @@ os_initgroups_impl(PyObject *module, PyObject *oname, gid_t gid)
98559863
/*[clinic end generated code: output=59341244521a9e3f input=7e4514dff4526a95]*/
98569864
#endif
98579865
{
9866+
#ifdef __ANDROID__
9867+
// On Android, calling this function as a non-root user leads to a process crash
9868+
// rather than returning a permission error.
9869+
if (getuid() != 0) {
9870+
errno = EPERM;
9871+
return PyErr_SetFromErrno(PyExc_OSError);
9872+
}
9873+
#endif
98589874
const char *username = PyBytes_AS_STRING(oname);
98599875

98609876
if (initgroups(username, gid) == -1)
@@ -10278,6 +10294,14 @@ static PyObject *
1027810294
os_setuid_impl(PyObject *module, uid_t uid)
1027910295
/*[clinic end generated code: output=a0a41fd0d1ec555f input=c921a3285aa22256]*/
1028010296
{
10297+
#ifdef __ANDROID__
10298+
// On Android, calling this function as a non-root user leads to a process crash
10299+
// rather than returning a permission error.
10300+
if (getuid() != 0) {
10301+
errno = EPERM;
10302+
return posix_error();
10303+
}
10304+
#endif
1028110305
if (setuid(uid) < 0)
1028210306
return posix_error();
1028310307
Py_RETURN_NONE;
@@ -10299,6 +10323,14 @@ static PyObject *
1029910323
os_seteuid_impl(PyObject *module, uid_t euid)
1030010324
/*[clinic end generated code: output=102e3ad98361519a input=ba93d927e4781aa9]*/
1030110325
{
10326+
#ifdef __ANDROID__
10327+
// On Android, calling this function as a non-root user leads to a process crash
10328+
// rather than returning a permission error.
10329+
if (getuid() != 0) {
10330+
errno = EPERM;
10331+
return posix_error();
10332+
}
10333+
#endif
1030210334
if (seteuid(euid) < 0)
1030310335
return posix_error();
1030410336
Py_RETURN_NONE;
@@ -10320,6 +10352,14 @@ static PyObject *
1032010352
os_setegid_impl(PyObject *module, gid_t egid)
1032110353
/*[clinic end generated code: output=4e4b825a6a10258d input=4080526d0ccd6ce3]*/
1032210354
{
10355+
#ifdef __ANDROID__
10356+
// On Android, calling this function as a non-root user leads to a process crash
10357+
// rather than returning a permission error.
10358+
if (getuid() != 0) {
10359+
errno = EPERM;
10360+
return posix_error();
10361+
}
10362+
#endif
1032310363
if (setegid(egid) < 0)
1032410364
return posix_error();
1032510365
Py_RETURN_NONE;
@@ -10342,6 +10382,14 @@ static PyObject *
1034210382
os_setreuid_impl(PyObject *module, uid_t ruid, uid_t euid)
1034310383
/*[clinic end generated code: output=62d991210006530a input=0ca8978de663880c]*/
1034410384
{
10385+
#ifdef __ANDROID__
10386+
// On Android, calling this function as a non-root user leads to a process crash
10387+
// rather than returning a permission error.
10388+
if (getuid() != 0) {
10389+
errno = EPERM;
10390+
return posix_error();
10391+
}
10392+
#endif
1034510393
if (setreuid(ruid, euid) < 0) {
1034610394
return posix_error();
1034710395
} else {
@@ -10366,6 +10414,14 @@ static PyObject *
1036610414
os_setregid_impl(PyObject *module, gid_t rgid, gid_t egid)
1036710415
/*[clinic end generated code: output=aa803835cf5342f3 input=c59499f72846db78]*/
1036810416
{
10417+
#ifdef __ANDROID__
10418+
// On Android, calling this function as a non-root user leads to a process crash
10419+
// rather than returning a permission error.
10420+
if (getuid() != 0) {
10421+
errno = EPERM;
10422+
return posix_error();
10423+
}
10424+
#endif
1036910425
if (setregid(rgid, egid) < 0)
1037010426
return posix_error();
1037110427
Py_RETURN_NONE;
@@ -10386,6 +10442,14 @@ static PyObject *
1038610442
os_setgid_impl(PyObject *module, gid_t gid)
1038710443
/*[clinic end generated code: output=bdccd7403f6ad8c3 input=27d30c4059045dc6]*/
1038810444
{
10445+
#ifdef __ANDROID__
10446+
// On Android, calling this function as a non-root user leads to a process crash
10447+
// rather than returning a permission error.
10448+
if (getuid() != 0) {
10449+
errno = EPERM;
10450+
return posix_error();
10451+
}
10452+
#endif
1038910453
if (setgid(gid) < 0)
1039010454
return posix_error();
1039110455
Py_RETURN_NONE;
@@ -15390,6 +15454,14 @@ static PyObject *
1539015454
os_setresuid_impl(PyObject *module, uid_t ruid, uid_t euid, uid_t suid)
1539115455
/*[clinic end generated code: output=834a641e15373e97 input=9e33cb79a82792f3]*/
1539215456
{
15457+
#ifdef __ANDROID__
15458+
// On Android, calling this function as a non-root user leads to a process crash
15459+
// rather than returning a permission error.
15460+
if (getuid() != 0) {
15461+
errno = EPERM;
15462+
return posix_error();
15463+
}
15464+
#endif
1539315465
if (setresuid(ruid, euid, suid) < 0)
1539415466
return posix_error();
1539515467
Py_RETURN_NONE;
@@ -15413,6 +15485,14 @@ static PyObject *
1541315485
os_setresgid_impl(PyObject *module, gid_t rgid, gid_t egid, gid_t sgid)
1541415486
/*[clinic end generated code: output=6aa402f3d2e514a9 input=33e9e0785ef426b1]*/
1541515487
{
15488+
#ifdef __ANDROID__
15489+
// On Android, calling this function as a non-root user leads to a process crash
15490+
// rather than returning a permission error.
15491+
if (getuid() != 0) {
15492+
errno = EPERM;
15493+
return posix_error();
15494+
}
15495+
#endif
1541615496
if (setresgid(rgid, egid, sgid) < 0)
1541715497
return posix_error();
1541815498
Py_RETURN_NONE;

Modules/socketmodule.c

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5947,6 +5947,15 @@ socket_sethostname(PyObject *self, PyObject *args)
59475947
Py_buffer buf;
59485948
int res, flag = 0;
59495949

5950+
#ifdef __ANDROID__
5951+
// On Android, calling this function as a non-root user leads to a process crash
5952+
// rather than returning a permission error.
5953+
if (getuid() != 0) {
5954+
errno = EPERM;
5955+
return set_error();
5956+
}
5957+
#endif
5958+
59505959
#if defined(_AIX) || (defined(__sun) && defined(__SVR4) && Py_SUNOS_VERSION <= 510)
59515960
/* issue #18259, sethostname is not declared in any useful header file on AIX
59525961
* the same is true for Solaris 10 */

configure

Lines changed: 1 addition & 6 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

configure.ac

Lines changed: 1 addition & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -5381,14 +5381,9 @@ else
53815381
fi
53825382

53835383
if test "$ac_sys_system" = "Linux-android"; then
5384-
# When these functions are used in an unprivileged process, they crash rather
5385-
# than returning an error.
5386-
blocked_funcs="chroot initgroups setegid seteuid setgid sethostname
5387-
setregid setresgid setresuid setreuid setuid"
5388-
53895384
# These functions are unimplemented and always return an error
53905385
# (https://android.googlesource.com/platform/system/sepolicy/+/refs/heads/android13-release/public/domain.te#1044)
5391-
blocked_funcs="$blocked_funcs sem_open sem_unlink"
5386+
blocked_funcs="sem_open sem_unlink"
53925387

53935388
# Before API level 23, when fchmodat is called with the unimplemented flag
53945389
# AT_SYMLINK_NOFOLLOW, instead of returning ENOTSUP as it should, it actually

0 commit comments

Comments
 (0)