From 1716452203cf7a536bfc04bc63192622c9c2e2c5 Mon Sep 17 00:00:00 2001 From: topjohnwu Date: Sat, 28 Jan 2017 05:30:02 +0800 Subject: [PATCH] Add prop checks for root access management --- su.c | 28 +++++++++++++++++++++++++++- su.h | 12 ++++++------ 2 files changed, 33 insertions(+), 7 deletions(-) diff --git a/su.c b/su.c index b60dac9b0..e06bd9c09 100644 --- a/su.c +++ b/su.c @@ -39,6 +39,7 @@ #include #include #include +#include #include "su.h" #include "utils.h" @@ -754,7 +755,6 @@ int su_main_nodaemon(int argc, char **argv) { usage(2); } } - hacks_init(); if (optind < argc && !strcmp(argv[optind], "-")) { ctx.to.login = 1; optind++; @@ -789,6 +789,8 @@ int su_main_nodaemon(int argc, char **argv) { deny(&ctx); } + + hacks_init(); read_options(&ctx); user_init(&ctx); @@ -825,6 +827,30 @@ int su_main_nodaemon(int argc, char **argv) { deny(&ctx); } + // Add prop check + char value[PROP_VALUE_MAX]; + __system_property_get(ROOT_ACCESS_PROP, value); + if(strlen(value)) { + int prop_status = atoi(value); + switch(prop_status) { + case ROOT_ACCESS_DISABLED: + exit(EXIT_FAILURE); + case ROOT_ACCESS_APPS_ONLY: + if (ctx.from.uid == AID_SHELL) + exit(EXIT_FAILURE); + break; + case ROOT_ACCESS_ADB_ONLY: + if (ctx.from.uid != AID_SHELL) + exit(EXIT_FAILURE); + break; + case ROOT_ACCESS_APPS_AND_ADB: + default: + break; + } + } else { + exit(EXIT_FAILURE); + } + ctx.umask = umask(027); mkdir(REQUESTOR_CACHE_PATH, 0770); diff --git a/su.h b/su.h index 70ba08400..90ef8ea97 100644 --- a/su.h +++ b/su.h @@ -39,11 +39,11 @@ #define AID_RADIO (get_radio_uid()) #endif -// CyanogenMod-specific behavior -#define CM_ROOT_ACCESS_DISABLED 0 -#define CM_ROOT_ACCESS_APPS_ONLY 1 -#define CM_ROOT_ACCESS_ADB_ONLY 2 -#define CM_ROOT_ACCESS_APPS_AND_ADB 3 +#define ROOT_ACCESS_PROP "persist.sys.root_access" +#define ROOT_ACCESS_DISABLED 0 +#define ROOT_ACCESS_APPS_ONLY 1 +#define ROOT_ACCESS_ADB_ONLY 2 +#define ROOT_ACCESS_APPS_AND_ADB 3 // DO NOT CHANGE LINE BELOW, java package name will always be the same #define JAVA_PACKAGE_NAME "com.topjohnwu.magisk" @@ -76,7 +76,7 @@ #define str(a) #a #ifndef VERSION_CODE -#define VERSION_CODE 1 +#define VERSION_CODE 6 #endif #define VERSION "MAGISKSU:" xstr(VERSION_CODE)