Consider changing uid format and identity bounds #18

New Issue

ophestra · 2025-10-13T01:20:52+09:00

ophestra commented

2025-10-13 01:20:52 +09:00

The current format is not very well thought out, and just did roughly what android bionic libc did. The bionic code surrounding this is in C++ however and highly unreadable. This format should be better thought out to avoid imposing unnecessary arbitrary limits on the identity value.

👍 1 ❤️ 1

ophestra added this to the v0.3 milestone 2025-10-13 01:21:18 +09:00

ophestra commented

2025-10-13 01:21:36 +09:00

Adding this to v0.3.0 but no guarantees it will stay this way.

👍 1

ophestra commented

2025-10-25 18:59:32 +09:00

Turns out the relevant piece of bionic code is quite simple and the lookup table can be avoided altogether:

static void print_app_name_from_uid(const uid_t uid, char* buffer, const int bufferlen) {
  const uid_t appid = uid % AID_USER_OFFSET;
  const uid_t userid = uid / AID_USER_OFFSET;
  if (appid >= AID_ISOLATED_START) {
    snprintf(buffer, bufferlen, "u%u_i%u", userid, appid - AID_ISOLATED_START);
  } else if (appid < AID_APP_START) {
    if (auto* android_id_info = find_android_id_info(appid); android_id_info != nullptr) {
      snprintf(buffer, bufferlen, "u%u_%s", userid, android_id_info->name);
    }
  } else {
    snprintf(buffer, bufferlen, "u%u_a%u", userid, appid - AID_APP_START);
  }
}

Where the constants are:

#define AID_APP 10000       /* TODO: switch users over to AID_APP_START */
#define AID_APP_START 10000 /* first app user */
#define AID_APP_END 19999   /* last app user */

/* ... */

/* use the ranges below to determine whether a process is isolated */
#define AID_ISOLATED_START 90000 /* start of uids for fully isolated sandboxed processes */
#define AID_ISOLATED_END 99999   /* end of uids for fully isolated sandboxed processes */
#define AID_USER 100000        /* TODO: switch users over to AID_USER_OFFSET */
#define AID_USER_OFFSET 100000 /* offset for uid ranges for each user */

Turns out the relevant piece of bionic code is quite simple and the lookup table can be avoided altogether: ```cpp static void print_app_name_from_uid(const uid_t uid, char* buffer, const int bufferlen) { const uid_t appid = uid % AID_USER_OFFSET; const uid_t userid = uid / AID_USER_OFFSET; if (appid >= AID_ISOLATED_START) { snprintf(buffer, bufferlen, "u%u_i%u", userid, appid - AID_ISOLATED_START); } else if (appid < AID_APP_START) { if (auto* android_id_info = find_android_id_info(appid); android_id_info != nullptr) { snprintf(buffer, bufferlen, "u%u_%s", userid, android_id_info->name); } } else { snprintf(buffer, bufferlen, "u%u_a%u", userid, appid - AID_APP_START); } } ``` Where the constants are: ```cpp #define AID_APP 10000 /* TODO: switch users over to AID_APP_START */ #define AID_APP_START 10000 /* first app user */ #define AID_APP_END 19999 /* last app user */ /* ... */ /* use the ranges below to determine whether a process is isolated */ #define AID_ISOLATED_START 90000 /* start of uids for fully isolated sandboxed processes */ #define AID_ISOLATED_END 99999 /* end of uids for fully isolated sandboxed processes */ #define AID_USER 100000 /* TODO: switch users over to AID_USER_OFFSET */ #define AID_USER_OFFSET 100000 /* offset for uid ranges for each user */ ```

👍 1 🎉 1

cat referenced this issue from a commit

2025-11-04 08:19:10 +09:00

hst/grp_pwd: specify new uid format

cat referenced this issue from a commit

2025-11-04 08:24:46 +09:00

hst/grp_pwd: specify new uid format

cat closed this issue

2025-11-04 08:28:08 +09:00

ophestra added the

Compat

Breaking