From 43029f37b1d00f64e3b62d401919917a3473d1c6 Mon Sep 17 00:00:00 2001 From: topjohnwu Date: Sun, 19 Apr 2020 03:33:25 -0700 Subject: [PATCH] Cleanup our tracks --- native/jni/core/daemon.cpp | 32 +++++++++++++--------------- native/jni/core/magisk.cpp | 1 - native/jni/core/restorecon.cpp | 7 ++++-- native/jni/utils/include/selinux.hpp | 2 +- 4 files changed, 21 insertions(+), 21 deletions(-) diff --git a/native/jni/core/daemon.cpp b/native/jni/core/daemon.cpp index f38583c12..729ab26f7 100644 --- a/native/jni/core/daemon.cpp +++ b/native/jni/core/daemon.cpp @@ -50,6 +50,7 @@ static void *request_handler(void *args) { case LATE_START: case BOOT_COMPLETE: case SQLITE_CMD: + case GET_PATH: if (credential.uid != 0) { write_int(client, ROOT_REQUIRED); close(client); @@ -106,7 +107,7 @@ static void *request_handler(void *args) { return nullptr; } -static void main_daemon() { +static void daemon_entry(int ppid) { android_logging(); int fd = xopen("/dev/null", O_WRONLY); @@ -118,20 +119,24 @@ static void main_daemon() { xdup2(fd, STDIN_FILENO); if (fd > STDERR_FILENO) close(fd); - close(fd); setsid(); setcon("u:r:" SEPOL_PROC_DOMAIN ":s0"); + // Make sure ppid is not in acct + char src[64], dest[64]; + sprintf(src, "/acct/uid_0/pid_%d", ppid); + sprintf(dest, "/acct/uid_0/pid_%d", getpid()); + rename(src, dest); + // Get self stat - char path[4096]; - xreadlink("/proc/self/exe", path, sizeof(path)); - MAGISKTMP = dirname(path); + xreadlink("/proc/self/exe", src, sizeof(src)); + MAGISKTMP = dirname(src); xstat("/proc/self/exe", &self_st); - restore_rootcon(); + restore_tmpcon(); - // Unmount pre-init patches + // SAR cleanups auto mount_list = MAGISKTMP + "/" ROOTMNT; if (access(mount_list.data(), F_OK) == 0) { file_readline(true, mount_list.data(), [](string_view line) -> bool { @@ -139,13 +144,13 @@ static void main_daemon() { return true; }); } + unlink("/dev/.se"); LOGI(NAME_WITH_VER(Magisk) " daemon started\n"); // Get API level parse_prop_file("/system/build.prop", [](auto key, auto val) -> bool { if (key == "ro.build.version.sdk") { - LOGI("* Device API level: %s\n", val.data()); SDK_INT = parse_int(val); return false; } @@ -155,10 +160,10 @@ static void main_daemon() { // In case some devices do not store this info in build.prop, fallback to getprop auto sdk = getprop("ro.build.version.sdk"); if (!sdk.empty()) { - LOGI("* Device API level: %s\n", sdk.data()); SDK_INT = parse_int(sdk); } } + LOGI("* Device API level: %d\n", SDK_INT); // Load config status auto config = MAGISKTMP + "/" INTLROOT "/config"; @@ -204,14 +209,7 @@ int connect_daemon(bool create) { LOGD("client: launching new main daemon process\n"); if (fork_dont_care() == 0) { close(fd); - - // Make sure ppid is not in acct - char src[64], dest[64]; - sprintf(src, "/acct/uid_0/pid_%d", ppid); - sprintf(dest, "/acct/uid_0/pid_%d", getpid()); - rename(src, dest); - - main_daemon(); + daemon_entry(ppid); } while (connect(fd, (struct sockaddr*) &sun, len)) diff --git a/native/jni/core/magisk.cpp b/native/jni/core/magisk.cpp index 418778098..269b435cd 100644 --- a/native/jni/core/magisk.cpp +++ b/native/jni/core/magisk.cpp @@ -74,7 +74,6 @@ int magisk_main(int argc, char *argv[]) { unlock_blocks(); return 0; } else if (argv[1] == "--restorecon"sv) { - restore_rootcon(); restorecon(); return 0; } else if (argc >= 4 && argv[1] == "--clone-attr"sv) {; diff --git a/native/jni/core/restorecon.cpp b/native/jni/core/restorecon.cpp index 406600231..66984fe14 100644 --- a/native/jni/core/restorecon.cpp +++ b/native/jni/core/restorecon.cpp @@ -76,8 +76,11 @@ void restorecon() { close(fd); } -void restore_rootcon() { - setfilecon(MAGISKTMP.data(), ROOT_CON); +void restore_tmpcon() { + if (MAGISKTMP == "/sbin") + setfilecon(MAGISKTMP.data(), ROOT_CON); + else + chmod(MAGISKTMP.data(), 0700); auto dir = xopen_dir(MAGISKTMP.data()); int dfd = dirfd(dir.get()); diff --git a/native/jni/utils/include/selinux.hpp b/native/jni/utils/include/selinux.hpp index 3df8c06ec..2b660142a 100644 --- a/native/jni/utils/include/selinux.hpp +++ b/native/jni/utils/include/selinux.hpp @@ -33,4 +33,4 @@ void setfilecon_at(int dirfd, const char *name, const char *con); void selinux_builtin_impl(); void dload_selinux(); void restorecon(); -void restore_rootcon(); +void restore_tmpcon();