From 41b01003fde347f34d53c9d2ee16fe051b583893 Mon Sep 17 00:00:00 2001 From: topjohnwu Date: Sat, 20 Oct 2018 16:12:08 -0400 Subject: [PATCH] Always ACK before doing anything --- native/jni/su/su.c | 14 +++++++------- native/jni/su/su_daemon.c | 10 ++++++---- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/native/jni/su/su.c b/native/jni/su/su.c index 051d3c243..018e22140 100644 --- a/native/jni/su/su.c +++ b/native/jni/su/su.c @@ -192,6 +192,13 @@ int su_client_main(int argc, char *argv[]) { // Tell the daemon we are su write_int(fd, SUPERUSER); + // Wait for ack from daemon + if (read_int(fd)) { + // Fast fail + fprintf(stderr, "%s\n", strerror(EACCES)); + return DENY; + } + // Send su_request xwrite(fd, &su_req, 4 * sizeof(unsigned)); write_string(fd, su_req.shell); @@ -220,13 +227,6 @@ int su_client_main(int argc, char *argv[]) { // Send stderr send_fd(fd, (atty & ATTY_ERR) ? -1 : STDERR_FILENO); - // Wait for ack from daemon - if (read_int(fd)) { - // Fast fail - fprintf(stderr, "%s\n", strerror(EACCES)); - return DENY; - } - if (atty & ATTY_IN) { setup_sighandlers(sighandler); pump_stdin_async(ptmx); diff --git a/native/jni/su/su_daemon.c b/native/jni/su/su_daemon.c index 40bb5d401..61a0a9117 100644 --- a/native/jni/su/su_daemon.c +++ b/native/jni/su/su_daemon.c @@ -227,8 +227,10 @@ void su_daemon_handler(int client, struct ucred *credential) { struct su_info *info = get_su_info(credential->uid); // Fail fast - if (info->access.policy == DENY && !info->access.log && !info->access.notify) { + if (info->access.policy == DENY && DB_STR(info, SU_MANAGER)[0] == '\0') { + LOGD("su: fast deny\n"); write_int(client, DENY); + close(client); return; } @@ -264,6 +266,9 @@ void su_daemon_handler(int client, struct ucred *credential) { .pid = credential->pid }; + // ack + write_int(client, 0); + // Become session leader xsetsid(); @@ -334,9 +339,6 @@ void su_daemon_handler(int client, struct ucred *credential) { xdup2(errfd, STDERR_FILENO); close(ptsfd); - - // ack and close - write_int(client, 0); close(client); // Handle namespaces