TheArchive/Magisk
1
0
Fork 0
mirror of https://github.com/topjohnwu/Magisk.git synced 2024-11-23 18:15:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Deny init relabel to adb_data_file

Browse Source 
Co-authored-by: 残页 <a1364259@163.com>
Co-authored-by: LoveSy <shana@zju.edu.cn>
This commit is contained in:
南宫雪珊 2023-03-02 18:20:38 +08:00 committed by GitHub
parent 6e918ffd68
commit 3726eb6032
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
native/src/core/restorecon.cpp
View File

@ -18,7 +18,7 @@ static void restore_syscon(int dirfd) {
char *con;
if (fgetfilecon(dirfd, &con) >= 0) {
if (strlen(con) == 0 || strcmp(con, UNLABEL_CON) == 0 || strcmp(con, ADB_CON) == 0)
if (strlen(con) == 0 || strcmp(con, UNLABEL_CON) == 0)
fsetfilecon(dirfd, SYSTEM_CON);
freecon(con);
}
@ -31,13 +31,13 @@ static void restore_syscon(int dirfd) {
continue;
} else if (entry->d_type == DT_REG) {
if (fgetfilecon(fd, &con) >= 0) {
if (con[0] == '\0' || strcmp(con, UNLABEL_CON) == 0 || strcmp(con, ADB_CON) == 0)
if (con[0] == '\0' || strcmp(con, UNLABEL_CON) == 0)
fsetfilecon(fd, SYSTEM_CON);
freecon(con);
}
} else if (entry->d_type == DT_LNK) {
getfilecon_at(dirfd, entry->d_name, &con);
if (con[0] == '\0' || strcmp(con, UNLABEL_CON) == 0 || strcmp(con, ADB_CON) == 0)
if (con[0] == '\0' || strcmp(con, UNLABEL_CON) == 0)
setfilecon_at(dirfd, entry->d_name, con);
freecon(con);
}

6
native/src/sepolicy/rules.cpp
View File

@ -137,8 +137,6 @@ void sepolicy::magisk_rules() {
// Let init run stuffs
allow("kernel", SEPOL_PROC_DOMAIN, "fd", "use");
allow("init", SEPOL_PROC_DOMAIN, "process", ALL);
allow("init", "tmpfs", "file", "getattr");
allow("init", "tmpfs", "file", "execute");
// suRights
allow("servicemanager", SEPOL_PROC_DOMAIN, "dir", "search");
@ -187,6 +185,10 @@ void sepolicy::magisk_rules() {
dontaudit("llkd", SEPOL_PROC_DOMAIN, "process", "ptrace");
dontaudit("llkd", SEPOL_CLIENT_DOMAIN, "process", "ptrace");
// Keep /data/adb/* context
deny("init", "adb_data_file", "dir", "search");
deny("vendor_init", "adb_data_file", "dir", "search");
// Allow update_engine/addon.d-v2 to run permissive on all ROMs
permissive("update_engine");