mirror of
https://github.com/topjohnwu/Magisk.git
synced 2025-01-13 03:13:36 +00:00
Sanitize /proc/PID/environ
This commit is contained in:
parent
4060c2107c
commit
2a257f327c
@ -2,6 +2,7 @@
|
|||||||
#include <dlfcn.h>
|
#include <dlfcn.h>
|
||||||
#include <sys/mount.h>
|
#include <sys/mount.h>
|
||||||
#include <sys/sendfile.h>
|
#include <sys/sendfile.h>
|
||||||
|
#include <sys/prctl.h>
|
||||||
#include <android/log.h>
|
#include <android/log.h>
|
||||||
#include <atomic>
|
#include <atomic>
|
||||||
|
|
||||||
@ -60,6 +61,25 @@ static void *unload_first_stage(void *) {
|
|||||||
return nullptr;
|
return nullptr;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Make sure /proc/self/environ does not reveal our secrets
|
||||||
|
// Copy all env to a contiguous memory and set the memory region as MM_ENV
|
||||||
|
static void sanitize_environ() {
|
||||||
|
static string env;
|
||||||
|
|
||||||
|
for (int i = 0; environ[i]; ++i) {
|
||||||
|
env += environ[i];
|
||||||
|
env += '\0';
|
||||||
|
}
|
||||||
|
|
||||||
|
for (int i = 0; i < 2; ++i) {
|
||||||
|
bool success = true;
|
||||||
|
success &= (0 <= prctl(PR_SET_MM, PR_SET_MM_ENV_START, env.data(), 0, 0));
|
||||||
|
success &= (0 <= prctl(PR_SET_MM, PR_SET_MM_ENV_END, env.data() + env.size(), 0, 0));
|
||||||
|
if (success)
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
__attribute__((constructor))
|
__attribute__((constructor))
|
||||||
static void inject_init() {
|
static void inject_init() {
|
||||||
inject_logging();
|
inject_logging();
|
||||||
@ -90,6 +110,8 @@ static void inject_init() {
|
|||||||
new_daemon_thread(&unload_first_stage);
|
new_daemon_thread(&unload_first_stage);
|
||||||
unsetenv(INJECT_ENV_2);
|
unsetenv(INJECT_ENV_2);
|
||||||
|
|
||||||
|
sanitize_environ();
|
||||||
|
|
||||||
// TODO: actually inject stuffs, for now we demonstrate clean self unloading
|
// TODO: actually inject stuffs, for now we demonstrate clean self unloading
|
||||||
self_unload();
|
self_unload();
|
||||||
}
|
}
|
||||||
@ -120,5 +142,5 @@ int app_process_main(int argc, char *argv[]) {
|
|||||||
// Execute real app_process
|
// Execute real app_process
|
||||||
xumount2(buf, MNT_DETACH);
|
xumount2(buf, MNT_DETACH);
|
||||||
execve(buf, argv, environ);
|
execve(buf, argv, environ);
|
||||||
exit(1);
|
return 1;
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user