Add prop checks for root access management

This commit is contained in:
topjohnwu 2017-01-28 05:30:02 +08:00
parent 54827cacb9
commit 1716452203
2 changed files with 33 additions and 7 deletions

28
su.c
View File

@ -39,6 +39,7 @@
#include <selinux/selinux.h> #include <selinux/selinux.h>
#include <arpa/inet.h> #include <arpa/inet.h>
#include <sys/auxv.h> #include <sys/auxv.h>
#include <sys/system_properties.h>
#include "su.h" #include "su.h"
#include "utils.h" #include "utils.h"
@ -754,7 +755,6 @@ int su_main_nodaemon(int argc, char **argv) {
usage(2); usage(2);
} }
} }
hacks_init();
if (optind < argc && !strcmp(argv[optind], "-")) { if (optind < argc && !strcmp(argv[optind], "-")) {
ctx.to.login = 1; ctx.to.login = 1;
optind++; optind++;
@ -789,6 +789,8 @@ int su_main_nodaemon(int argc, char **argv) {
deny(&ctx); deny(&ctx);
} }
hacks_init();
read_options(&ctx); read_options(&ctx);
user_init(&ctx); user_init(&ctx);
@ -825,6 +827,30 @@ int su_main_nodaemon(int argc, char **argv) {
deny(&ctx); deny(&ctx);
} }
// Add prop check
char value[PROP_VALUE_MAX];
__system_property_get(ROOT_ACCESS_PROP, value);
if(strlen(value)) {
int prop_status = atoi(value);
switch(prop_status) {
case ROOT_ACCESS_DISABLED:
exit(EXIT_FAILURE);
case ROOT_ACCESS_APPS_ONLY:
if (ctx.from.uid == AID_SHELL)
exit(EXIT_FAILURE);
break;
case ROOT_ACCESS_ADB_ONLY:
if (ctx.from.uid != AID_SHELL)
exit(EXIT_FAILURE);
break;
case ROOT_ACCESS_APPS_AND_ADB:
default:
break;
}
} else {
exit(EXIT_FAILURE);
}
ctx.umask = umask(027); ctx.umask = umask(027);
mkdir(REQUESTOR_CACHE_PATH, 0770); mkdir(REQUESTOR_CACHE_PATH, 0770);

12
su.h
View File

@ -39,11 +39,11 @@
#define AID_RADIO (get_radio_uid()) #define AID_RADIO (get_radio_uid())
#endif #endif
// CyanogenMod-specific behavior #define ROOT_ACCESS_PROP "persist.sys.root_access"
#define CM_ROOT_ACCESS_DISABLED 0 #define ROOT_ACCESS_DISABLED 0
#define CM_ROOT_ACCESS_APPS_ONLY 1 #define ROOT_ACCESS_APPS_ONLY 1
#define CM_ROOT_ACCESS_ADB_ONLY 2 #define ROOT_ACCESS_ADB_ONLY 2
#define CM_ROOT_ACCESS_APPS_AND_ADB 3 #define ROOT_ACCESS_APPS_AND_ADB 3
// DO NOT CHANGE LINE BELOW, java package name will always be the same // DO NOT CHANGE LINE BELOW, java package name will always be the same
#define JAVA_PACKAGE_NAME "com.topjohnwu.magisk" #define JAVA_PACKAGE_NAME "com.topjohnwu.magisk"
@ -76,7 +76,7 @@
#define str(a) #a #define str(a) #a
#ifndef VERSION_CODE #ifndef VERSION_CODE
#define VERSION_CODE 1 #define VERSION_CODE 6
#endif #endif
#define VERSION "MAGISKSU:" xstr(VERSION_CODE) #define VERSION "MAGISKSU:" xstr(VERSION_CODE)