Merge "Revert "Reland: Soft-enable MAC address restrictions with allowlist.""

6 files changed, 4 insertions, 212 deletions

diff --git a/libc/Android.bp b/libc/Android.bp
index 4084b967f..ba51b0ea5 100644
--- a/libc/Android.bp
+++ b/libc/Android.bp
@@ -1028,9 +1028,7 @@ cc_library_static {
         "bionic/arpa_inet.cpp",
         "bionic/assert.cpp",
         "bionic/atof.cpp",
-        "bionic/bind.cpp",
         "bionic/bionic_allocator.cpp",
-        "bionic/bionic_appcompat.cpp",
         "bionic/bionic_arc4random.cpp",
         "bionic/bionic_futex.cpp",
         "bionic/bionic_netlink.cpp",
diff --git a/libc/SYSCALLS.TXT b/libc/SYSCALLS.TXT
index ec3482836..391e7af16 100644
--- a/libc/SYSCALLS.TXT
+++ b/libc/SYSCALLS.TXT
@@ -245,7 +245,7 @@ int     __signalfd4:signalfd4(int, const sigset64_t*, size_t, int)  all
 # sockets
 int           __socket:socket(int, int, int)              arm,lp64
 int           __socketpair:socketpair(int, int, int, int*)    arm,lp64
-int           __bind:bind(int, struct sockaddr*, socklen_t)  arm,lp64
+int           bind(int, struct sockaddr*, socklen_t)  arm,lp64
 int           __connect:connect(int, struct sockaddr*, socklen_t)   arm,lp64
 int           listen(int, int)                   arm,lp64
 int           __accept4:accept4(int, struct sockaddr*, socklen_t*, int)  arm,lp64
@@ -263,7 +263,7 @@ int           __sendmmsg:sendmmsg(int, struct mmsghdr*, unsigned int, int)   arm
 
 # sockets for x86. These are done as an "indexed" call to socketcall syscall.
 int           __socket:socketcall:1(int, int, int) x86
-int           __bind:socketcall:2(int, struct sockaddr*, int)  x86
+int           bind:socketcall:2(int, struct sockaddr*, int)  x86
 int           __connect:socketcall:3(int, struct sockaddr*, socklen_t)   x86
 int           listen:socketcall:4(int, int)                   x86
 int           getsockname:socketcall:6(int, struct sockaddr*, socklen_t*)  x86
diff --git a/libc/bionic/bind.cpp b/libc/bionic/bind.cpp
deleted file mode 100644
index 79e80209e..000000000
--- a/libc/bionic/bind.cpp
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *  * Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *  * Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-// b/170214442: Intercept bind calls on NETLINK_ROUTE sockets.
-// This entire file will be reverted before release.
-
-#include <async_safe/log.h>
-#include <errno.h>
-#include <linux/rtnetlink.h>
-#include <string.h>
-#include <sys/socket.h>
-
-#include "bionic_appcompat.h"
-
-extern "C" int __bind(int fd, const struct sockaddr* addr, socklen_t addr_length);
-
-int bind(int fd, const struct sockaddr* addr, socklen_t addr_length) {
-  if (should_apply_soft_mac_bind_restrictions()) {
-    int sock_domain, sock_protocol;
-    socklen_t sock_domain_length = sizeof(sock_domain);
-    socklen_t sock_protocol_length = sizeof(sock_protocol);
-    if (getsockopt(fd, SOL_SOCKET, SO_DOMAIN, &sock_domain, &sock_domain_length) < 0 ||
-        getsockopt(fd, SOL_SOCKET, SO_PROTOCOL, &sock_protocol, &sock_protocol_length) < 0) {
-      async_safe_format_log(ANDROID_LOG_ERROR, "mac-restrictions",
-                            "Could not get socket type/protocol: %s", strerror(errno));
-    } else if (AF_NETLINK == sock_domain && NETLINK_ROUTE == sock_protocol) {
-      char package_name[MAX_PACKAGE_NAME_LENGTH + 1];
-      get_package_name(package_name, sizeof(package_name));
-      async_safe_format_log(
-          ANDROID_LOG_ERROR, "mac-restrictions",
-          "%s tried to call bind() on a NETLINK_ROUTE socket, which is not allowed. Please follow "
-          "instructions at go/netlink-bug if this app behaves incorrectly.",
-          package_name);
-      errno = EACCES;
-      return -1;
-    }
-  }
-
-  return __bind(fd, addr, addr_length);
-}
diff --git a/libc/bionic/bionic_appcompat.cpp b/libc/bionic/bionic_appcompat.cpp
deleted file mode 100644
index dcca0dad5..000000000
--- a/libc/bionic/bionic_appcompat.cpp
+++ /dev/null
@@ -1,91 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *  * Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *  * Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-// b/170214442: Intercept bind calls on NETLINK_ROUTE sockets and getifaddrs() calls.
-// This entire file will be reverted before release.
-
-#include <async_safe/log.h>
-#include <cutils/misc.h>
-#include <fcntl.h>
-#include <string.h>
-#include <unistd.h>
-
-#include "bionic_appcompat.h"
-
-bool should_apply_soft_mac_restrictions(const char* const allowlist[]) {
-  if (getuid() < FIRST_APPLICATION_UID) {
-    // System app. No restrictions should be applied.
-    return false;
-  }
-  if (android_get_application_target_sdk_version() >= __ANDROID_API_R__) {
-    // Restrictions already applied by SELinux. Behave as normally.
-    return false;
-  }
-
-  char package_name[MAX_PACKAGE_NAME_LENGTH + 1];
-  if (get_package_name(package_name, sizeof(package_name)) < 0) {
-    // Error in getting own package name. Apply restrictions by default.
-    async_safe_format_log(ANDROID_LOG_ERROR, "mac-restrictions",
-                          "Could not determine own package name for uid %d", getuid());
-    return true;
-  }
-  for (int i = 0; allowlist[i] != nullptr; i++) {
-    if (strcmp(package_name, allowlist[i]) == 0) {
-      async_safe_format_log(ANDROID_LOG_WARN, "mac-restrictions",
-                            "Temporarily allowing %s to bypass MAC address restrictions.",
-                            package_name);
-      return false;
-    }
-  }
-  return true;
-}
-
-bool should_apply_soft_mac_bind_restrictions() {
-  return should_apply_soft_mac_restrictions(soft_mac_bind_allowlist);
-}
-
-bool should_apply_soft_mac_getlink_restrictions() {
-  return should_apply_soft_mac_restrictions(soft_mac_getlink_allowlist);
-}
-
-int get_package_name(char* buffer, const int bufferlen) {
-  int file = open("/proc/self/cmdline", O_RDONLY | O_CLOEXEC);
-  if (file < 0) {
-    return file;
-  }
-
-  ssize_t len = read(file, buffer, bufferlen - 1);
-  if (len < 0) {
-    close(file);
-    return -1;
-  }
-  buffer[len] = 0;
-
-  close(file);
-  return 0;
-}
diff --git a/libc/bionic/bionic_appcompat.h b/libc/bionic/bionic_appcompat.h
deleted file mode 100644
index e67e50c29..000000000
--- a/libc/bionic/bionic_appcompat.h
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *  * Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *  * Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
- * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
- * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
- * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
- * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#pragma once
-
-constexpr int MAX_PACKAGE_NAME_LENGTH = 230;
-
-static inline const char* const soft_mac_bind_allowlist[] = {
-    "com.cisco.anyconnect.vpn.android.avf:nchs",
-    "com.skype.raider",
-    nullptr,
-};
-
-static inline const char* const soft_mac_getlink_allowlist[] = {
-    "com.cisco.anyconnect.vpn.android.avf:nchs",
-    nullptr,
-};
-
-int get_package_name(char* buffer, const int bufferlen);
-bool should_apply_soft_mac_bind_restrictions();
-bool should_apply_soft_mac_getlink_restrictions();
diff --git a/libc/bionic/ifaddrs.cpp b/libc/bionic/ifaddrs.cpp
index 22ecdb436..153633353 100644
--- a/libc/bionic/ifaddrs.cpp
+++ b/libc/bionic/ifaddrs.cpp
@@ -42,7 +42,6 @@
 
 #include "private/ErrnoRestorer.h"
 
-#include "bionic_appcompat.h"
 #include "bionic_netlink.h"
 
 // The public ifaddrs struct is full of pointers. Rather than track several
@@ -311,12 +310,9 @@ int getifaddrs(ifaddrs** out) {
   // - System apps
   // - Apps with a target SDK version lower than R
   bool getlink_success = false;
-  if (!should_apply_soft_mac_getlink_restrictions()) {
+  if (getuid() < FIRST_APPLICATION_UID ||
+      android_get_application_target_sdk_version() < __ANDROID_API_R__) {
     getlink_success = nc.SendRequest(RTM_GETLINK) && nc.ReadResponses(__getifaddrs_callback, out);
-  } else if (android_get_application_target_sdk_version() < __ANDROID_API_R__) {
-    async_safe_format_log(ANDROID_LOG_WARN, "mac-restrictions",
-                          "ifaddr no longer returns link info. Please follow instructions at "
-                          "go/netlink-bug if this app behaves incorrectly.");
   }
   bool getaddr_success =
     nc.SendRequest(RTM_GETADDR) && nc.ReadResponses(__getifaddrs_callback, out);