mirror of
https://github.com/topjohnwu/Magisk.git
synced 2024-12-25 19:57:39 +00:00
Move all permission check into daemon.cpp
This commit is contained in:
parent
be7586137c
commit
9968af0785
@ -160,6 +160,7 @@ static void handle_request_async(int client, int code, const sock_cred &cred) {
|
|||||||
reboot();
|
reboot();
|
||||||
break;
|
break;
|
||||||
case MainRequest::ZYGISK:
|
case MainRequest::ZYGISK:
|
||||||
|
case MainRequest::ZYGISK_PASSTHROUGH:
|
||||||
zygisk_handler(client, &cred);
|
zygisk_handler(client, &cred);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
@ -208,18 +209,24 @@ static void handle_request(pollfd *pfd) {
|
|||||||
bool is_zygote;
|
bool is_zygote;
|
||||||
int code;
|
int code;
|
||||||
|
|
||||||
if (!get_client_cred(client, &cred))
|
if (!get_client_cred(client, &cred)) {
|
||||||
|
// Client died
|
||||||
goto done;
|
goto done;
|
||||||
|
}
|
||||||
is_root = cred.uid == UID_ROOT;
|
is_root = cred.uid == UID_ROOT;
|
||||||
is_zygote = cred.context == "u:r:zygote:s0";
|
is_zygote = cred.context == "u:r:zygote:s0";
|
||||||
|
|
||||||
if (!is_root && !is_zygote && !is_client(cred.pid))
|
if (!is_root && !is_zygote && !is_client(cred.pid)) {
|
||||||
|
// Unsupported client state
|
||||||
|
write_int(client, MainResponse::ACCESS_DENIED);
|
||||||
goto done;
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
code = read_int(client);
|
code = read_int(client);
|
||||||
|
if (code < 0 || code >= MainRequest::END || code == MainRequest::_SYNC_BARRIER_) {
|
||||||
if (code < 0 || code >= MainRequest::END || code == MainRequest::_SYNC_BARRIER_)
|
// Unknown request code
|
||||||
goto done;
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
// Check client permissions
|
// Check client permissions
|
||||||
switch (code) {
|
switch (code) {
|
||||||
@ -237,7 +244,14 @@ static void handle_request(pollfd *pfd) {
|
|||||||
break;
|
break;
|
||||||
case MainRequest::REMOVE_MODULES:
|
case MainRequest::REMOVE_MODULES:
|
||||||
if (!is_root && cred.uid != UID_SHELL) {
|
if (!is_root && cred.uid != UID_SHELL) {
|
||||||
write_int(client, MainResponse::ROOT_REQUIRED);
|
write_int(client, MainResponse::ACCESS_DENIED);
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case MainRequest::ZYGISK:
|
||||||
|
if (!is_zygote) {
|
||||||
|
// Invalid client context
|
||||||
|
write_int(client, MainResponse::ACCESS_DENIED);
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
@ -252,7 +266,7 @@ static void handle_request(pollfd *pfd) {
|
|||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Handle complex requests in another thread
|
// Handle async requests in another thread
|
||||||
exec_task([=] { handle_request_async(client, code, cred); });
|
exec_task([=] { handle_request_async(client, code, cred); });
|
||||||
return;
|
return;
|
||||||
|
|
||||||
@ -422,8 +436,8 @@ int connect_daemon(int req, bool create) {
|
|||||||
case MainResponse::ROOT_REQUIRED:
|
case MainResponse::ROOT_REQUIRED:
|
||||||
LOGE("Root is required for this operation\n");
|
LOGE("Root is required for this operation\n");
|
||||||
exit(-1);
|
exit(-1);
|
||||||
case MainResponse::INVALID_REQUEST:
|
case MainResponse::ACCESS_DENIED:
|
||||||
LOGE("Invalid request\n");
|
LOGE("Access denied\n");
|
||||||
exit(-1);
|
exit(-1);
|
||||||
default:
|
default:
|
||||||
__builtin_unreachable();
|
__builtin_unreachable();
|
||||||
|
@ -28,6 +28,7 @@ enum : int {
|
|||||||
SQLITE_CMD,
|
SQLITE_CMD,
|
||||||
REMOVE_MODULES,
|
REMOVE_MODULES,
|
||||||
ZYGISK,
|
ZYGISK,
|
||||||
|
ZYGISK_PASSTHROUGH,
|
||||||
END,
|
END,
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
@ -38,7 +39,7 @@ enum : int {
|
|||||||
ERROR = -1,
|
ERROR = -1,
|
||||||
OK = 0,
|
OK = 0,
|
||||||
ROOT_REQUIRED,
|
ROOT_REQUIRED,
|
||||||
INVALID_REQUEST,
|
ACCESS_DENIED,
|
||||||
END
|
END
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -35,10 +35,6 @@ void denylist_handler(int client, const sock_cred *cred) {
|
|||||||
int req = read_int(client);
|
int req = read_int(client);
|
||||||
int res = DenyResponse::ERROR;
|
int res = DenyResponse::ERROR;
|
||||||
|
|
||||||
if (req < 0 || req >= DenyRequest::END) {
|
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
|
|
||||||
switch (req) {
|
switch (req) {
|
||||||
case DenyRequest::ENFORCE:
|
case DenyRequest::ENFORCE:
|
||||||
res = enable_deny();
|
res = enable_deny();
|
||||||
@ -60,9 +56,9 @@ void denylist_handler(int client, const sock_cred *cred) {
|
|||||||
? DenyResponse::ENFORCED : DenyResponse::NOT_ENFORCED;
|
? DenyResponse::ENFORCED : DenyResponse::NOT_ENFORCED;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
__builtin_unreachable();
|
// Unknown request code
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
done:
|
|
||||||
write_int(client, res);
|
write_int(client, res);
|
||||||
close(client);
|
close(client);
|
||||||
}
|
}
|
||||||
|
@ -401,13 +401,6 @@ static void get_moddir(int client) {
|
|||||||
void zygisk_handler(int client, const sock_cred *cred) {
|
void zygisk_handler(int client, const sock_cred *cred) {
|
||||||
int code = read_int(client);
|
int code = read_int(client);
|
||||||
char buf[256];
|
char buf[256];
|
||||||
if (code < ZygiskRequest::SETUP || code >= ZygiskRequest::END) {
|
|
||||||
write_int(client, -1);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
if (code != ZygiskRequest::PASSTHROUGH && cred->context != "u:r:zygote:s0") {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
switch (code) {
|
switch (code) {
|
||||||
case ZygiskRequest::SETUP:
|
case ZygiskRequest::SETUP:
|
||||||
setup_files(client, cred);
|
setup_files(client, cred);
|
||||||
@ -429,7 +422,8 @@ void zygisk_handler(int client, const sock_cred *cred) {
|
|||||||
get_moddir(client);
|
get_moddir(client);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
__builtin_unreachable();
|
// Unknown code
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
close(client);
|
close(client);
|
||||||
}
|
}
|
||||||
|
@ -173,7 +173,8 @@ int zygisk_main(int argc, char *argv[]) {
|
|||||||
int is_64_bit = parse_int(argv[3]);
|
int is_64_bit = parse_int(argv[3]);
|
||||||
if (fcntl(client, F_GETFD) < 0)
|
if (fcntl(client, F_GETFD) < 0)
|
||||||
return 1;
|
return 1;
|
||||||
if (int magiskd = zygisk_request(ZygiskRequest::PASSTHROUGH); magiskd >= 0) {
|
if (int magiskd = connect_daemon(MainRequest::ZYGISK_PASSTHROUGH); magiskd >= 0) {
|
||||||
|
write_int(magiskd, ZygiskRequest::PASSTHROUGH);
|
||||||
write_int(magiskd, is_64_bit);
|
write_int(magiskd, is_64_bit);
|
||||||
|
|
||||||
if (read_int(magiskd) != 0) {
|
if (read_int(magiskd) != 0) {
|
||||||
|
Loading…
x
Reference in New Issue
Block a user