mirror of
https://github.com/topjohnwu/Magisk.git
synced 2025-08-26 14:37:31 +00:00
topjohnwu
@@ -15,7 +15,7 @@ static size_t socket_len(sockaddr_un *sun) {
|
||||
|
||||
socklen_t setup_sockaddr(sockaddr_un *sun, const char *name) {
|
||||
memset(sun, 0, sizeof(*sun));
|
||||
sun->sun_family = AF_LOCAL;
|
||||
sun->sun_family = AF_UNIX;
|
||||
strcpy(sun->sun_path + 1, name);
|
||||
return socket_len(sun);
|
||||
}
|
||||
|
||||
@@ -4,7 +4,6 @@
|
||||
#include <sys/socket.h>
|
||||
|
||||
socklen_t setup_sockaddr(sockaddr_un *sun, const char *name);
|
||||
int create_app_socket(sockaddr_un *sun);
|
||||
int socket_accept(int sockfd, int timeout);
|
||||
void get_client_cred(int fd, struct ucred *cred);
|
||||
int recv_fd(int sockfd);
|
||||
|
||||
@@ -3,6 +3,7 @@
|
||||
|
||||
#include <daemon.hpp>
|
||||
#include <utils.hpp>
|
||||
#include <selinux.hpp>
|
||||
|
||||
#include "su.hpp"
|
||||
|
||||
@@ -179,34 +180,33 @@ void app_notify(const su_context &ctx) {
|
||||
}
|
||||
}
|
||||
|
||||
int app_socket(const char *name, const shared_ptr<su_info> &info) {
|
||||
vector<Extra> extras;
|
||||
extras.reserve(1);
|
||||
extras.emplace_back("socket", name);
|
||||
int app_request(const shared_ptr<su_info> &info) {
|
||||
// Create FIFO
|
||||
char fifo[64];
|
||||
strcpy(fifo, "/dev/socket/");
|
||||
gen_rand_str(fifo + 12, 32, true);
|
||||
mkfifo(fifo, 0600);
|
||||
chown(fifo, info->mgr_st.st_uid, info->mgr_st.st_gid);
|
||||
setfilecon(fifo, "u:object_r:" SEPOL_FILE_TYPE ":s0");
|
||||
|
||||
// Send request
|
||||
vector<Extra> extras;
|
||||
extras.reserve(2);
|
||||
extras.emplace_back("fifo", fifo);
|
||||
extras.emplace_back("uid", info->uid);
|
||||
exec_cmd("request", extras, info, PKG_ACTIVITY);
|
||||
|
||||
sockaddr_un addr;
|
||||
size_t len = setup_sockaddr(&addr, name);
|
||||
int fd = xsocket(AF_LOCAL, SOCK_STREAM | SOCK_CLOEXEC, 0);
|
||||
bool connected = false;
|
||||
// Try at most 60 seconds
|
||||
for (int i = 0; i < 600; ++i) {
|
||||
if (connect(fd, reinterpret_cast<sockaddr *>(&addr), len) == 0) {
|
||||
connected = true;
|
||||
break;
|
||||
}
|
||||
usleep(100000); // 100ms
|
||||
}
|
||||
if (connected) {
|
||||
return fd;
|
||||
} else {
|
||||
// Wait for data input for at most 70 seconds
|
||||
int fd = xopen(fifo, O_RDONLY | O_CLOEXEC);
|
||||
struct pollfd pfd = {
|
||||
.fd = fd,
|
||||
.events = POLL_IN
|
||||
};
|
||||
if (xpoll(&pfd, 1, 70 * 1000) <= 0) {
|
||||
close(fd);
|
||||
return -1;
|
||||
fd = -1;
|
||||
}
|
||||
}
|
||||
|
||||
void socket_send_request(int fd, const shared_ptr<su_info> &info) {
|
||||
write_key_token(fd, "uid", info->uid);
|
||||
write_string_be(fd, "eof");
|
||||
unlink(fifo);
|
||||
return fd;
|
||||
}
|
||||
|
||||
@@ -68,5 +68,4 @@ struct su_context {
|
||||
|
||||
void app_log(const su_context &ctx);
|
||||
void app_notify(const su_context &ctx);
|
||||
int app_socket(const char *name, const std::shared_ptr<su_info> &info);
|
||||
void socket_send_request(int fd, const std::shared_ptr<su_info> &info);
|
||||
int app_request(const std::shared_ptr<su_info> &info);
|
||||
|
||||
@@ -91,7 +91,7 @@ static shared_ptr<su_info> get_su_info(unsigned uid) {
|
||||
info = cached;
|
||||
}
|
||||
|
||||
auto g = info->lock();
|
||||
mutex_guard lock = info->lock();
|
||||
|
||||
if (info->access.policy == QUERY) {
|
||||
// Not cached, get data from database
|
||||
@@ -130,7 +130,7 @@ static shared_ptr<su_info> get_su_info(unsigned uid) {
|
||||
return info;
|
||||
|
||||
// If still not determined, check if manager exists
|
||||
if (info->str[SU_MANAGER][0] == '\0') {
|
||||
if (info->str[SU_MANAGER].empty()) {
|
||||
info->access = NO_SU_ACCESS;
|
||||
return info;
|
||||
}
|
||||
@@ -139,13 +139,10 @@ static shared_ptr<su_info> get_su_info(unsigned uid) {
|
||||
}
|
||||
|
||||
// If still not determined, ask manager
|
||||
char socket_name[32];
|
||||
gen_rand_str(socket_name, sizeof(socket_name));
|
||||
int fd = app_socket(socket_name, info);
|
||||
int fd = app_request(info);
|
||||
if (fd < 0) {
|
||||
info->access.policy = DENY;
|
||||
} else {
|
||||
socket_send_request(fd, info);
|
||||
int ret = read_int_be(fd);
|
||||
info->access.policy = ret < 0 ? DENY : static_cast<policy_t>(ret);
|
||||
close(fd);
|
||||
@@ -154,11 +151,8 @@ static shared_ptr<su_info> get_su_info(unsigned uid) {
|
||||
return info;
|
||||
}
|
||||
|
||||
// Set effective uid back to root, otherwise setres[ug]id will fail if uid isn't root
|
||||
static void set_identity(unsigned uid) {
|
||||
/*
|
||||
* Set effective uid back to root, otherwise setres[ug]id will fail
|
||||
* if uid isn't root.
|
||||
*/
|
||||
if (seteuid(0)) {
|
||||
PLOGE("seteuid (root)");
|
||||
}
|
||||
@@ -196,7 +190,16 @@ void su_daemon_handler(int client, struct ucred *credential) {
|
||||
write_int(client, DENY);
|
||||
close(client);
|
||||
return;
|
||||
} else if (int child = xfork(); child) {
|
||||
}
|
||||
|
||||
// Fork a child root process
|
||||
//
|
||||
// The child process will need to setsid, open a pseudo-terminal
|
||||
// if needed, and eventually exec shell.
|
||||
// The parent process will wait for the result and
|
||||
// send the return code back to our client.
|
||||
|
||||
if (int child = xfork(); child) {
|
||||
ctx.info.reset();
|
||||
|
||||
// Wait result
|
||||
@@ -214,12 +217,6 @@ void su_daemon_handler(int client, struct ucred *credential) {
|
||||
return;
|
||||
}
|
||||
|
||||
/* The child process will need to setsid, open a pseudo-terminal
|
||||
* if needed, and will eventually run exec.
|
||||
* The parent process will wait for the result and
|
||||
* send the return code back to our client
|
||||
*/
|
||||
|
||||
LOGD("su: fork handler\n");
|
||||
|
||||
// Abort upon any error occurred
|
||||
|
||||
Reference in New Issue
Block a user