Because SO_PEERCRED returns without error even when no data
is available (tcp by example), the resulting uid is now tested.
Also, for tcp, by default avoid by default to create a default
user value. Instead, return NULL. This will allow client having
an HTTP/Websocket connection to get full rights on the binder.
Change-Id: I2defb585bf79c023e2391c2e18d6de17e5112770
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
#define MAX_LABEL_LENGTH 1024
#define MAX_LABEL_LENGTH 1024
+#if !defined(NO_DEFAULT_PEERCRED) && !defined(ADD_DEFAULT_PEERCRED)
+# define NO_DEFAULT_PEERCRED
+#endif
+
#if !defined(DEFAULT_PEERSEC_LABEL)
# define DEFAULT_PEERSEC_LABEL "NoLabel"
#endif
#if !defined(DEFAULT_PEERSEC_LABEL)
# define DEFAULT_PEERSEC_LABEL "NoLabel"
#endif
/* get the credentials */
length = (socklen_t)(sizeof ucred);
rc = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &ucred, &length);
/* get the credentials */
length = (socklen_t)(sizeof ucred);
rc = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &ucred, &length);
- if (rc < 0 || length != (socklen_t)(sizeof ucred)) {
+ if (rc < 0 || length != (socklen_t)(sizeof ucred) || !~ucred.uid) {
#if !defined(NO_DEFAULT_PEERCRED)
#if !defined(NO_DEFAULT_PEERCRED)
- if (!rc)
- errno = EINVAL;
- return NULL;
-#else
ucred.uid = DEFAULT_PEERCRED_UID;
ucred.gid = DEFAULT_PEERCRED_GID;
ucred.pid = DEFAULT_PEERCRED_PID;
ucred.uid = DEFAULT_PEERCRED_UID;
ucred.gid = DEFAULT_PEERCRED_GID;
ucred.pid = DEFAULT_PEERCRED_PID;
+#else
+ if (!rc)
+ errno = EINVAL;
+ return NULL;