TheArchive/Magisk
1
0
Fork 0
mirror of https://github.com/topjohnwu/Magisk.git synced 2025-10-15 22:13:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Prevent any SELinux issues of root shell streams

Browse Source
This commit is contained in:
topjohnwu
2018-11-23 20:59:14 -05:00
parent 38fcc57bbf
commit 762b678d24
2 changed files with 16 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
native/jni/su/su_daemon.cpp
View File

@@ -267,7 +267,6 @@ void su_daemon_handler(int client, struct ucred *credential) {
int infd = recv_fd(client);
int outfd = recv_fd(client);
int errfd = recv_fd(client);
int ptsfd = -1;
if (pts_slave[0]) {
LOGD("su: pts_slave=[%s]\n", pts_slave);
@@ -279,13 +278,10 @@ void su_daemon_handler(int client, struct ucred *credential) {
if(st.st_uid != info->uid && info->uid != 0)
LOGE("su: Wrong permission of pts_slave");
// Set our pts_slave to devpts, same restriction as adb shell
lsetfilecon(pts_slave, "u:object_r:devpts:s0");
// Opening the TTY has to occur after the
// fork() and setsid() so that it becomes
// our controlling TTY and not the daemon's
ptsfd = xopen(pts_slave, O_RDWR);
int ptsfd = xopen(pts_slave, O_RDWR);
if (infd < 0)
infd = ptsfd;
@@ -302,7 +298,14 @@ void su_daemon_handler(int client, struct ucred *credential) {
xdup2(outfd, STDOUT_FILENO);
xdup2(errfd, STDERR_FILENO);
close(ptsfd);
// Unleash all streams from SELinux hell
setfilecon("/proc/self/fd/0", "u:object_r:" SEPOL_FILE_DOMAIN ":s0");
setfilecon("/proc/self/fd/1", "u:object_r:" SEPOL_FILE_DOMAIN ":s0");
setfilecon("/proc/self/fd/2", "u:object_r:" SEPOL_FILE_DOMAIN ":s0");
close(infd);
close(outfd);
close(errfd);
close(client);
// Handle namespaces