Allow running a shell command as an arbitrary user and group and with an arbitrary...

diff --git a/tools/helpers/arguments.py b/tools/helpers/arguments.py
index 5f1893e384e139f2d0d292c0c173c5a6671d0d42..2f3af66f1a0476b619b03f7647a071abc6fe8088 100644 (file)
--- a/tools/helpers/arguments.py
+++ b/tools/helpers/arguments.py
@@ -110,6 +110,12 @@ def arguments_firstLaunch(subparser):
 
 def arguments_shell(subparser):
     ret = subparser.add_parser("shell", help="run remote shell command")
+    ret.add_argument("-u", "--uid", help="the UID to run as (also sets GID to the same value if -g is not set)")
+    ret.add_argument("-g", "--gid", help="the GID to run as")
+    ret.add_argument("-s", "--context", help="transition to the specified SELinux or AppArmor security context. No-op if -L is supplied.")
+    ret.add_argument("-L", "--nolsm", action="store_true", help="tell LXC not to perform security domain transition related to mandatory access control (e.g. SELinux, AppArmor). If this option is supplied, LXC won't apply a container-wide seccomp filter to the executed program. This is a dangerous option that can result in leaking privileges to the container!!!")
+    ret.add_argument("-C", "--allcaps", action="store_true", help="tell LXC not to drop capabilities. This is a dangerous option that can result in leaking privileges to the container!!!")
+    ret.add_argument("-G", "--nocgroup", action="store_true", help="tell LXC not to switch to the container cgroup. This is a dangerous option that can result in leaking privileges to the container!!!")
     ret.add_argument('COMMAND', nargs='*', help="command to run")
     return ret
 

diff --git a/tools/helpers/lxc.py b/tools/helpers/lxc.py
index 68948aa96c10c2806420a747c7d88e38d68abfbb..1c51e0d9d45cf9f3c752c7b80b732154fecd5a59 100644 (file)
--- a/tools/helpers/lxc.py
+++ b/tools/helpers/lxc.py
@@ -12,7 +12,6 @@ import gbinder
 import tools.config
 import tools.helpers.run
 
-
 def get_lxc_version(args):
     if shutil.which("lxc-info") is not None:
         command = ["lxc-info", "--version"]
@@ -439,6 +438,33 @@ def shell(args):
     command = ["lxc-attach", "-P", tools.config.defaults["lxc"],
                "-n", "waydroid", "--clear-env"]
     command.extend(android_env_attach_options())
+    if args.uid!=None:
+        command.append("--uid="+str(args.uid))
+    if args.gid!=None:
+        command.append("--gid="+str(args.gid))
+    elif args.uid!=None:
+        command.append("--gid="+str(args.uid))
+    if args.nolsm or args.allcaps or args.nocgroup:
+        elevatedprivs = "--elevated-privileges="
+        addpipe = False
+        if args.nolsm:
+            if addpipe:
+                elevatedprivs+="|"
+            elevatedprivs+="LSM"
+            addpipe = True
+        if args.allcaps:
+            if addpipe:
+                elevatedprivs+="|"
+            elevatedprivs+="CAP"
+            addpipe = True
+        if args.nocgroup:
+            if addpipe:
+                elevatedprivs+="|"
+            elevatedprivs+="CGROUP"
+            addpipe = True
+        command.append(elevatedprivs)
+    if args.context!=None and not args.nolsm:
+        command.append("--context="+args.context)
     command.append("--")
     if args.COMMAND:
         command.extend(args.COMMAND)