mirror of
https://github.com/topjohnwu/Magisk.git
synced 2024-11-30 13:35:27 +00:00
Reimplement su -z
This commit is contained in:
parent
0e36e86dbf
commit
af5bdee78f
@ -30,6 +30,7 @@ int quit_signals[] = { SIGALRM, SIGABRT, SIGHUP, SIGPIPE, SIGQUIT, SIGTERM, SIGI
|
||||
"Usage: su [options] [-] [user[:group,...] [argument...]]\n\n"
|
||||
"Options:\n"
|
||||
" -c, --command COMMAND pass COMMAND to the invoked shell\n"
|
||||
" -z, --context CONTEXT change SELinux context\n"
|
||||
" -h, --help display this help message and exit\n"
|
||||
" -, -l, --login pretend the shell to be a login shell\n"
|
||||
" -m, -p,\n"
|
||||
@ -127,7 +128,7 @@ int su_client_main(int argc, char *argv[]) {
|
||||
printf("%s\n", MAGISK_VERSION ":MAGISKSU");
|
||||
exit(EXIT_SUCCESS);
|
||||
case 'z':
|
||||
// Do nothing, placed here for legacy support :)
|
||||
su_req.context = optarg;
|
||||
break;
|
||||
case 'M':
|
||||
su_req.mount_master = true;
|
||||
@ -170,6 +171,7 @@ int su_client_main(int argc, char *argv[]) {
|
||||
xwrite(fd, &su_req, sizeof(su_req_base));
|
||||
write_string(fd, su_req.shell);
|
||||
write_string(fd, su_req.command);
|
||||
write_string(fd, su_req.context);
|
||||
write_vector(fd, su_req.gids);
|
||||
|
||||
// Wait for ack from daemon
|
||||
|
@ -51,6 +51,7 @@ struct su_req_base {
|
||||
struct su_request : public su_req_base {
|
||||
std::string shell = DEFAULT_SHELL;
|
||||
std::string command;
|
||||
std::string context;
|
||||
std::vector<gid_t> gids;
|
||||
};
|
||||
|
||||
|
@ -264,6 +264,7 @@ void su_daemon_handler(int client, const sock_cred *cred) {
|
||||
if (xxread(client, &ctx.req, sizeof(su_req_base)) < 0
|
||||
|| !read_string(client, ctx.req.shell)
|
||||
|| !read_string(client, ctx.req.command)
|
||||
|| !read_string(client, ctx.req.context)
|
||||
|| !read_vector(client, ctx.req.gids)) {
|
||||
LOGW("su: remote process probably died, abort\n");
|
||||
ctx.info.reset();
|
||||
@ -453,6 +454,10 @@ void su_daemon_handler(int client, const sock_cred *cred) {
|
||||
sigset_t block_set;
|
||||
sigemptyset(&block_set);
|
||||
sigprocmask(SIG_SETMASK, &block_set, nullptr);
|
||||
if (!ctx.req.context.empty() && selinux_enabled()) {
|
||||
auto f = xopen_file("/proc/self/attr/exec", "we");
|
||||
if (f) fprintf(f.get(), "%s", ctx.req.context.data());
|
||||
}
|
||||
set_identity(ctx.req.uid, ctx.req.gids);
|
||||
execvp(ctx.req.shell.data(), (char **) argv);
|
||||
fprintf(stderr, "Cannot execute %s: %s\n", ctx.req.shell.data(), strerror(errno));
|
||||
|
Loading…
Reference in New Issue
Block a user