Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 10 additions & 10 deletions Doc/library/os.rst
Original file line number Diff line number Diff line change
Expand Up @@ -574,7 +574,7 @@ process and user.
the groups of which the specified username is a member, plus the specified
group id.

.. availability:: Unix, not WASI, not Android.
.. availability:: Unix, not WASI.

.. versionadded:: 3.2

Expand Down Expand Up @@ -610,21 +610,21 @@ process and user.

Set the current process's effective group id.

.. availability:: Unix, not WASI, not Android.
.. availability:: Unix, not WASI.


.. function:: seteuid(euid, /)

Set the current process's effective user id.

.. availability:: Unix, not WASI, not Android.
.. availability:: Unix, not WASI.


.. function:: setgid(gid, /)

Set the current process' group id.

.. availability:: Unix, not WASI, not Android.
.. availability:: Unix, not WASI.


.. function:: setgroups(groups, /)
Expand Down Expand Up @@ -718,14 +718,14 @@ process and user.

Set the current process's real and effective group ids.

.. availability:: Unix, not WASI, not Android.
.. availability:: Unix, not WASI.


.. function:: setresgid(rgid, egid, sgid, /)

Set the current process's real, effective, and saved group ids.

.. availability:: Unix, not WASI, not Android, not macOS, not iOS.
.. availability:: Unix, not WASI, not macOS, not iOS.

.. versionadded:: 3.2

Expand All @@ -734,7 +734,7 @@ process and user.

Set the current process's real, effective, and saved user ids.

.. availability:: Unix, not WASI, not Android, not macOS, not iOS.
.. availability:: Unix, not WASI, not macOS, not iOS.

.. versionadded:: 3.2

Expand All @@ -743,7 +743,7 @@ process and user.

Set the current process's real and effective user ids.

.. availability:: Unix, not WASI, not Android.
.. availability:: Unix, not WASI.


.. function:: getsid(pid, /)
Expand All @@ -766,7 +766,7 @@ process and user.

Set the current process's user id.

.. availability:: Unix, not WASI, not Android.
.. availability:: Unix, not WASI.


.. placed in this section since it relates to errno.... a little weak
Expand Down Expand Up @@ -2304,7 +2304,7 @@ features:

Change the root directory of the current process to *path*.

.. availability:: Unix, not WASI, not Android.
.. availability:: Unix, not WASI.

.. versionchanged:: 3.6
Accepts a :term:`path-like object`.
Expand Down
2 changes: 1 addition & 1 deletion Doc/library/socket.rst
Original file line number Diff line number Diff line change
Expand Up @@ -1372,7 +1372,7 @@ The :mod:`!socket` module also offers various network-related services:

.. audit-event:: socket.sethostname name socket.sethostname

.. availability:: Unix, not Android.
.. availability:: Unix.

.. versionadded:: 3.3

Expand Down
80 changes: 80 additions & 0 deletions Modules/posixmodule.c
Original file line number Diff line number Diff line change
Expand Up @@ -4400,6 +4400,14 @@ static PyObject *
os_chroot_impl(PyObject *module, path_t *path)
/*[clinic end generated code: output=de80befc763a4475 input=14822965652c3dc3]*/
{
#ifdef __ANDROID__
// On Android, calling this function as a non-root user leads to a process crash
// rather than returning a permission error.
if (getuid() != 0) {
errno = EPERM;
return path_error(path);
}
#endif
int res;
Py_BEGIN_ALLOW_THREADS
res = chroot(path->narrow);
Expand Down Expand Up @@ -9855,6 +9863,14 @@ os_initgroups_impl(PyObject *module, PyObject *oname, gid_t gid)
/*[clinic end generated code: output=59341244521a9e3f input=7e4514dff4526a95]*/
#endif
{
#ifdef __ANDROID__
// On Android, calling this function as a non-root user leads to a process crash
// rather than returning a permission error.
if (getuid() != 0) {
errno = EPERM;
return PyErr_SetFromErrno(PyExc_OSError);
}
#endif
const char *username = PyBytes_AS_STRING(oname);

if (initgroups(username, gid) == -1)
Expand Down Expand Up @@ -10278,6 +10294,14 @@ static PyObject *
os_setuid_impl(PyObject *module, uid_t uid)
/*[clinic end generated code: output=a0a41fd0d1ec555f input=c921a3285aa22256]*/
{
#ifdef __ANDROID__
// On Android, calling this function as a non-root user leads to a process crash
// rather than returning a permission error.
if (getuid() != 0) {
errno = EPERM;
return posix_error();
}
#endif
if (setuid(uid) < 0)
return posix_error();
Py_RETURN_NONE;
Expand All @@ -10299,6 +10323,14 @@ static PyObject *
os_seteuid_impl(PyObject *module, uid_t euid)
/*[clinic end generated code: output=102e3ad98361519a input=ba93d927e4781aa9]*/
{
#ifdef __ANDROID__
// On Android, calling this function as a non-root user leads to a process crash
// rather than returning a permission error.
if (getuid() != 0) {
errno = EPERM;
return posix_error();
}
#endif
if (seteuid(euid) < 0)
return posix_error();
Py_RETURN_NONE;
Expand All @@ -10320,6 +10352,14 @@ static PyObject *
os_setegid_impl(PyObject *module, gid_t egid)
/*[clinic end generated code: output=4e4b825a6a10258d input=4080526d0ccd6ce3]*/
{
#ifdef __ANDROID__
// On Android, calling this function as a non-root user leads to a process crash
// rather than returning a permission error.
if (getuid() != 0) {
errno = EPERM;
return posix_error();
}
#endif
if (setegid(egid) < 0)
return posix_error();
Py_RETURN_NONE;
Expand All @@ -10342,6 +10382,14 @@ static PyObject *
os_setreuid_impl(PyObject *module, uid_t ruid, uid_t euid)
/*[clinic end generated code: output=62d991210006530a input=0ca8978de663880c]*/
{
#ifdef __ANDROID__
// On Android, calling this function as a non-root user leads to a process crash
// rather than returning a permission error.
if (getuid() != 0) {
errno = EPERM;
return posix_error();
}
#endif
if (setreuid(ruid, euid) < 0) {
return posix_error();
} else {
Expand All @@ -10366,6 +10414,14 @@ static PyObject *
os_setregid_impl(PyObject *module, gid_t rgid, gid_t egid)
/*[clinic end generated code: output=aa803835cf5342f3 input=c59499f72846db78]*/
{
#ifdef __ANDROID__
// On Android, calling this function as a non-root user leads to a process crash
// rather than returning a permission error.
if (getuid() != 0) {
errno = EPERM;
return posix_error();
}
#endif
if (setregid(rgid, egid) < 0)
return posix_error();
Py_RETURN_NONE;
Expand All @@ -10386,6 +10442,14 @@ static PyObject *
os_setgid_impl(PyObject *module, gid_t gid)
/*[clinic end generated code: output=bdccd7403f6ad8c3 input=27d30c4059045dc6]*/
{
#ifdef __ANDROID__
// On Android, calling this function as a non-root user leads to a process crash
// rather than returning a permission error.
if (getuid() != 0) {
errno = EPERM;
return posix_error();
}
#endif
if (setgid(gid) < 0)
return posix_error();
Py_RETURN_NONE;
Expand Down Expand Up @@ -15390,6 +15454,14 @@ static PyObject *
os_setresuid_impl(PyObject *module, uid_t ruid, uid_t euid, uid_t suid)
/*[clinic end generated code: output=834a641e15373e97 input=9e33cb79a82792f3]*/
{
#ifdef __ANDROID__
// On Android, calling this function as a non-root user leads to a process crash
// rather than returning a permission error.
if (getuid() != 0) {
errno = EPERM;
return posix_error();
}
#endif
if (setresuid(ruid, euid, suid) < 0)
return posix_error();
Py_RETURN_NONE;
Expand All @@ -15413,6 +15485,14 @@ static PyObject *
os_setresgid_impl(PyObject *module, gid_t rgid, gid_t egid, gid_t sgid)
/*[clinic end generated code: output=6aa402f3d2e514a9 input=33e9e0785ef426b1]*/
{
#ifdef __ANDROID__
// On Android, calling this function as a non-root user leads to a process crash
// rather than returning a permission error.
if (getuid() != 0) {
errno = EPERM;
return posix_error();
}
#endif
if (setresgid(rgid, egid, sgid) < 0)
return posix_error();
Py_RETURN_NONE;
Expand Down
9 changes: 9 additions & 0 deletions Modules/socketmodule.c
Original file line number Diff line number Diff line change
Expand Up @@ -5947,6 +5947,15 @@ socket_sethostname(PyObject *self, PyObject *args)
Py_buffer buf;
int res, flag = 0;

#ifdef __ANDROID__
// On Android, calling this function as a non-root user leads to a process crash
// rather than returning a permission error.
if (getuid() != 0) {
errno = EPERM;
return set_error();
}
#endif

#if defined(_AIX) || (defined(__sun) && defined(__SVR4) && Py_SUNOS_VERSION <= 510)
/* issue #18259, sethostname is not declared in any useful header file on AIX
* the same is true for Solaris 10 */
Expand Down
7 changes: 1 addition & 6 deletions configure

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 1 addition & 6 deletions configure.ac
Original file line number Diff line number Diff line change
Expand Up @@ -5381,14 +5381,9 @@ else
fi

if test "$ac_sys_system" = "Linux-android"; then
# When these functions are used in an unprivileged process, they crash rather
# than returning an error.
blocked_funcs="chroot initgroups setegid seteuid setgid sethostname
setregid setresgid setresuid setreuid setuid"

# These functions are unimplemented and always return an error
# (https://android.googlesource.com/platform/system/sepolicy/+/refs/heads/android13-release/public/domain.te#1044)
blocked_funcs="$blocked_funcs sem_open sem_unlink"
blocked_funcs="sem_open sem_unlink"

# Before API level 23, when fchmodat is called with the unimplemented flag
# AT_SYMLINK_NOFOLLOW, instead of returning ENOTSUP as it should, it actually
Expand Down
Loading