TheArchive/Magisk
1
0
Fork 0
mirror of https://github.com/topjohnwu/Magisk.git synced 2024-11-24 02:25:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Properly isolate mount namespace

Browse Source
This commit is contained in:
topjohnwu 2019-06-04 21:21:27 -07:00
parent d1dfda405f
commit 9f8d4e1022
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
native/jni/su/su_daemon.cpp
View File

@ -10,6 +10,7 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <sys/mount.h>
#include <magisk.h>
#include <daemon.h>
@ -308,14 +309,13 @@ void su_daemon_handler(int client, struct ucred *credential) {
break;
case NAMESPACE_MODE_REQUESTER:
LOGD("su: use namespace of pid=[%d]\n", ctx.pid);
if (switch_mnt_ns(ctx.pid)) {
LOGD("su: setns failed, fallback to isolated\n");
xunshare(CLONE_NEWNS);
}
if (switch_mnt_ns(ctx.pid))
LOGD("su: setns failed, fallback to global\n");
break;
case NAMESPACE_MODE_ISOLATE:
LOGD("su: use new isolated namespace\n");
xunshare(CLONE_NEWNS);
xmount(nullptr, "/", nullptr, MS_PRIVATE | MS_REC, nullptr);
break;
}