X-Git-Url: https://glassweightruler.freedombox.rocks/gitweb/waydroid.git/blobdiff_plain/c49dfd272d994b1cdaa14107fee66be84b80c06b..2a2097f4ff99287c84bee69f5116cffdc90e73b1:/tools/helpers/lxc.py

diff --git a/tools/helpers/lxc.py b/tools/helpers/lxc.py
index 0221d0b..6be7b7d 100644
--- a/tools/helpers/lxc.py
+++ b/tools/helpers/lxc.py
@@ -12,7 +12,6 @@ import gbinder
 import tools.config
 import tools.helpers.run
 
-
 def get_lxc_version(args):
     if shutil.which("lxc-info") is not None:
         command = ["lxc-info", "--version"]
@@ -47,6 +46,7 @@ def generate_nodes_lxc_config(args):
     make_entry("/dev/ashmem")
     make_entry("/dev/fuse")
     make_entry("/dev/ion")
+    make_entry("/dev/tty")
     make_entry("/dev/char", options="bind,create=dir,optional 0 0")
 
     # Graphic dev nodes
@@ -74,7 +74,7 @@ def generate_nodes_lxc_config(args):
     if args.vendor_type != "MAINLINE":
         if not make_entry("/dev/hwbinder", "dev/host_hwbinder"):
             raise OSError('Binder node "hwbinder" of host not found')
-        make_entry("/vendor", "vendor_extra", options="bind,optional 0 0")
+        make_entry("/vendor", "vendor_extra", options="rbind,optional 0 0")
 
     # Necessary device nodes for adb
     make_entry("none", "dev/pts", "devpts", "defaults,mode=644,ptmxmode=666,create=dir 0 0", False)
@@ -181,11 +181,11 @@ def generate_session_lxc_config(args, session):
     nodes = []
     def make_entry(src, dist=None, mnt_type="none", options="rbind,create=file 0 0"):
         if any(x in src for x in ["\n", "\r"]):
-            logging.warning("User-provided mount path contains illegal character")
+            logging.warning("User-provided mount path contains illegal character: " + src)
             return False
         if dist is None and (not os.path.exists(src) or
                              str(os.stat(src).st_uid) != session["user_id"]):
-            logging.warning("User-provided mount path is not owned by user")
+            logging.warning("User-provided mount path is not owned by user: " + src)
             return False
         return add_node_entry(nodes, src, dist, mnt_type, options, check=False)
 
@@ -372,8 +372,11 @@ def setup_host_perms(args):
 
 def status(args):
     command = ["lxc-info", "-P", tools.config.defaults["lxc"], "-n", "waydroid", "-sH"]
-    out = subprocess.run(command, stdout=subprocess.PIPE).stdout.decode('utf-8').strip()
-    return out
+    try:
+        return tools.helpers.run.user(args, command, output_return=True).strip()
+    except:
+        logging.info("Couldn't get LXC status. Assuming STOPPED.")
+        return "STOPPED"
 
 def wait_for_running(args):
     lxc_status = status(args)
@@ -418,6 +421,7 @@ ANDROID_ENV = {
     "ANDROID_I18N_ROOT": "/apex/com.android.i18n",
     "ANDROID_TZDATA_ROOT": "/apex/com.android.tzdata",
     "ANDROID_RUNTIME_ROOT": "/apex/com.android.runtime",
+    "BOOTCLASSPATH": "/apex/com.android.art/javalib/core-oj.jar:/apex/com.android.art/javalib/core-libart.jar:/apex/com.android.art/javalib/core-icu4j.jar:/apex/com.android.art/javalib/okhttp.jar:/apex/com.android.art/javalib/bouncycastle.jar:/apex/com.android.art/javalib/apache-xml.jar:/system/framework/framework.jar:/system/framework/ext.jar:/system/framework/telephony-common.jar:/system/framework/voip-common.jar:/system/framework/ims-common.jar:/system/framework/framework-atb-backward-compatibility.jar:/apex/com.android.conscrypt/javalib/conscrypt.jar:/apex/com.android.media/javalib/updatable-media.jar:/apex/com.android.mediaprovider/javalib/framework-mediaprovider.jar:/apex/com.android.os.statsd/javalib/framework-statsd.jar:/apex/com.android.permission/javalib/framework-permission.jar:/apex/com.android.sdkext/javalib/framework-sdkextensions.jar:/apex/com.android.wifi/javalib/framework-wifi.jar:/apex/com.android.tethering/javalib/framework-tethering.jar"
 }
 
 def android_env_attach_options():
@@ -434,6 +438,33 @@ def shell(args):
     command = ["lxc-attach", "-P", tools.config.defaults["lxc"],
                "-n", "waydroid", "--clear-env"]
     command.extend(android_env_attach_options())
+    if args.uid!=None:
+        command.append("--uid="+str(args.uid))
+    if args.gid!=None:
+        command.append("--gid="+str(args.gid))
+    elif args.uid!=None:
+        command.append("--gid="+str(args.uid))
+    if args.nolsm or args.allcaps or args.nocgroup:
+        elevatedprivs = "--elevated-privileges="
+        addpipe = False
+        if args.nolsm:
+            if addpipe:
+                elevatedprivs+="|"
+            elevatedprivs+="LSM"
+            addpipe = True
+        if args.allcaps:
+            if addpipe:
+                elevatedprivs+="|"
+            elevatedprivs+="CAP"
+            addpipe = True
+        if args.nocgroup:
+            if addpipe:
+                elevatedprivs+="|"
+            elevatedprivs+="CGROUP"
+            addpipe = True
+        command.append(elevatedprivs)
+    if args.context!=None and not args.nolsm:
+        command.append("--context="+args.context)
     command.append("--")
     if args.COMMAND:
         command.extend(args.COMMAND)
@@ -445,4 +476,10 @@ def shell(args):
 
 def logcat(args):
     args.COMMAND = ["/system/bin/logcat"]
+    args.uid = None
+    args.gid = None
+    args.nolsm = None
+    args.allcaps = None
+    args.nocgroup = None
+    args.context = None
     shell(args)