Fix checking order

This commit is contained in:
topjohnwu 2017-04-16 23:10:18 +08:00
parent 743c4f554d
commit 222c31b306

60
su.c
View File

@ -311,6 +311,36 @@ int su_daemon_main(int argc, char **argv) {
optind++; optind++;
} }
// The su_context setup is done, now every error leads to deny
err_handler = deny;
// It's in multiuser mode
if (ctx.from.uid > 99999) {
ctx.user.android_user_id = ctx.from.uid / 100000;
if (ctx.user.multiuser_mode == MULTIUSER_MODE_USER) {
snprintf(ctx.user.database_path, PATH_MAX, "%s/%d/%s",
USER_DATA_PATH, ctx.user.android_user_id, REQUESTOR_DATABASE_PATH);
snprintf(ctx.user.base_path, PATH_MAX, "%s/%d/%s",
USER_DATA_PATH, ctx.user.android_user_id, REQUESTOR);
}
}
// verify superuser is installed
xstat(ctx.user.base_path, &st);
// odd perms on superuser data dir
if (st.st_gid != st.st_uid) {
LOGE("Bad uid/gid %d/%d for Superuser Requestor application",
(int)st.st_uid, (int)st.st_gid);
deny();
}
// always allow if this is the superuser uid
// superuser needs to be able to reenable itself when disabled...
if (ctx.from.uid == st.st_uid) {
allow();
}
// Check property of root configuration // Check property of root configuration
char *root_prop = getprop(ROOT_ACCESS_PROP); char *root_prop = getprop(ROOT_ACCESS_PROP);
if (root_prop) { if (root_prop) {
@ -335,41 +365,11 @@ int su_daemon_main(int argc, char **argv) {
} }
free(root_prop); free(root_prop);
// The su_context setup is done, now every error leads to deny
err_handler = deny;
// It's in multiuser mode
if (ctx.from.uid > 99999) {
ctx.user.android_user_id = ctx.from.uid / 100000;
if (ctx.user.multiuser_mode == MULTIUSER_MODE_USER) {
snprintf(ctx.user.database_path, PATH_MAX, "%s/%d/%s",
USER_DATA_PATH, ctx.user.android_user_id, REQUESTOR_DATABASE_PATH);
snprintf(ctx.user.base_path, PATH_MAX, "%s/%d/%s",
USER_DATA_PATH, ctx.user.android_user_id, REQUESTOR);
}
}
// Allow root to start root // Allow root to start root
if (ctx.from.uid == UID_ROOT) { if (ctx.from.uid == UID_ROOT) {
allow(); allow();
} }
// verify superuser is installed
xstat(ctx.user.base_path, &st);
// odd perms on superuser data dir
if (st.st_gid != st.st_uid) {
LOGE("Bad uid/gid %d/%d for Superuser Requestor application",
(int)st.st_uid, (int)st.st_gid);
deny();
}
// always allow if this is the superuser uid
// superuser needs to be able to reenable itself when disabled...
if (ctx.from.uid == st.st_uid) {
allow();
}
// deny if this is a non owner request and owner mode only // deny if this is a non owner request and owner mode only
if (ctx.user.multiuser_mode == MULTIUSER_MODE_OWNER_ONLY && ctx.user.android_user_id != 0) { if (ctx.user.multiuser_mode == MULTIUSER_MODE_OWNER_ONLY && ctx.user.android_user_id != 0) {
deny(); deny();