mirror of
https://github.com/topjohnwu/Magisk.git
synced 2024-12-25 09:37:38 +00:00
Make sanitize_environ work properly
This commit is contained in:
parent
db590091b3
commit
63cfe7b47b
@ -165,6 +165,9 @@ void sepolicy::magisk_rules() {
|
|||||||
// For changing file context
|
// For changing file context
|
||||||
allow("rootfs", "tmpfs", "filesystem", "associate");
|
allow("rootfs", "tmpfs", "filesystem", "associate");
|
||||||
|
|
||||||
|
// Allow Zygisk to prctl PR_SET_MM
|
||||||
|
allow("zygote", "zygote", "capability", "sys_resource");
|
||||||
|
|
||||||
// Allow update_engine/addon.d-v2 to run permissive on all ROMs
|
// Allow update_engine/addon.d-v2 to run permissive on all ROMs
|
||||||
permissive("update_engine");
|
permissive("update_engine");
|
||||||
|
|
||||||
|
@ -54,25 +54,26 @@ static void *unload_first_stage(void *v) {
|
|||||||
return nullptr;
|
return nullptr;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Make sure /proc/self/environ does not reveal our secrets
|
// Make sure /proc/self/environ is sanitized
|
||||||
// Copy all env to a contiguous memory and set the memory region as MM_ENV
|
// Filter env and reset MM_ENV_END
|
||||||
static void sanitize_environ() {
|
static void sanitize_environ() {
|
||||||
static string env;
|
char *cur = environ[0];
|
||||||
|
|
||||||
for (int i = 0; environ[i]; ++i) {
|
for (int i = 0; environ[i]; ++i) {
|
||||||
if (str_starts(environ[i], INJECT_ENV_1 "="))
|
if (str_starts(environ[i], INJECT_ENV_1 "=")) {
|
||||||
|
// This specific env has to live in heap
|
||||||
|
environ[i] = strdup(environ[i]);
|
||||||
continue;
|
continue;
|
||||||
env += environ[i];
|
}
|
||||||
env += '\0';
|
|
||||||
|
// Copy all filtered env onto the original stack
|
||||||
|
int len = strlen(environ[i]);
|
||||||
|
memmove(cur, environ[i], len + 1);
|
||||||
|
environ[i] = cur;
|
||||||
|
cur += len + 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
for (int i = 0; i < 2; ++i) {
|
prctl(PR_SET_MM, PR_SET_MM_ENV_END, cur, 0, 0);
|
||||||
bool success = true;
|
|
||||||
success &= (0 <= prctl(PR_SET_MM, PR_SET_MM_ENV_START, env.data(), 0, 0));
|
|
||||||
success &= (0 <= prctl(PR_SET_MM, PR_SET_MM_ENV_END, env.data() + env.size(), 0, 0));
|
|
||||||
if (success)
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
__attribute__((destructor))
|
__attribute__((destructor))
|
||||||
@ -108,24 +109,23 @@ static void inject_init() {
|
|||||||
// Update path to 1st stage lib
|
// Update path to 1st stage lib
|
||||||
*(strrchr(env, '.') - 1) = '1';
|
*(strrchr(env, '.') - 1) = '1';
|
||||||
|
|
||||||
// Some cleanup
|
|
||||||
sanitize_environ();
|
|
||||||
active_threads++;
|
active_threads++;
|
||||||
new_daemon_thread(&unload_first_stage, env);
|
new_daemon_thread(&unload_first_stage, env);
|
||||||
} else if (getenv(INJECT_ENV_1)) {
|
} else if (getenv(INJECT_ENV_1)) {
|
||||||
android_logging();
|
android_logging();
|
||||||
LOGD("zygisk: inject 1st stage\n");
|
LOGD("zygisk: inject 1st stage\n");
|
||||||
|
|
||||||
char *ld = getenv("LD_PRELOAD");
|
string ld = getenv("LD_PRELOAD");
|
||||||
char *path;
|
char *path;
|
||||||
if (char *c = strrchr(ld, ':')) {
|
if (char *c = strrchr(ld.data(), ':')) {
|
||||||
*c = '\0';
|
*c = '\0';
|
||||||
setenv("LD_PRELOAD", ld, 1); // Restore original LD_PRELOAD
|
setenv("LD_PRELOAD", ld.data(), 1); // Restore original LD_PRELOAD
|
||||||
path = c + 1;
|
path = c + 1;
|
||||||
} else {
|
} else {
|
||||||
unsetenv("LD_PRELOAD");
|
unsetenv("LD_PRELOAD");
|
||||||
path = ld;
|
path = ld.data();
|
||||||
}
|
}
|
||||||
|
sanitize_environ();
|
||||||
|
|
||||||
// Update path to 2nd stage lib
|
// Update path to 2nd stage lib
|
||||||
*(strrchr(path, '.') - 1) = '2';
|
*(strrchr(path, '.') - 1) = '2';
|
||||||
|
Loading…
x
Reference in New Issue
Block a user