From e1279c29c29ab7e9b0e2442eaadf1f3da8c3971f Mon Sep 17 00:00:00 2001
From: Pierre-Hugues Husson <husson@archos.com>
Date: Tue, 27 Sep 2016 00:08:18 +0200
Subject: [PATCH] Add hidesu program.

This is a test program, this will probably be integrated into su daemon.
This hides su by bind-mounting something (/system) over /sbin, so that
there is no /sbin/su binary.
Usage:
hidesu /proc/<one pid of the namespace>/ns/mnt

This uses the fact that when a program wants access to /sdcard, zygote
does this using mount namespaces, so every program accessing /sdcard
will be in a custom mount namespace, that can be modified.
---
 jni/Android.mk |  9 +++++++++
 jni/hidesu.c   | 22 ++++++++++++++++++++++
 2 files changed, 31 insertions(+)
 create mode 100644 jni/hidesu.c

diff --git a/jni/Android.mk b/jni/Android.mk
index 339765878..ef1ca4c7f 100644
--- a/jni/Android.mk
+++ b/jni/Android.mk
@@ -2,6 +2,15 @@ my_path := $(call my-dir)
 
 LOCAL_PATH := $(my_path)
 
+include $(CLEAR_VARS)
+LOCAL_MODULE := hidesu
+LOCAL_MODULE_TAGS := optional
+LOCAL_FORCE_STATIC_EXECUTABLE := true
+LOCAL_LDFLAGS := -static
+LOCAL_STATIC_LIBRARIES := libc libcutils
+LOCAL_SRC_FILES := hidesu.c
+include $(BUILD_EXECUTABLE)
+
 include $(CLEAR_VARS)
 LOCAL_MODULE := bootimgtools
 LOCAL_MODULE_TAGS := optional
diff --git a/jni/hidesu.c b/jni/hidesu.c
new file mode 100644
index 000000000..4a8cc03d5
--- /dev/null
+++ b/jni/hidesu.c
@@ -0,0 +1,22 @@
+#define _GNU_SOURCE
+#include <sched.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <sys/mount.h>
+#include <sys/syscall.h>
+
+int main(int argc, char **argv) {
+	if(argc != 2) exit(5);
+	int fd = open(argv[1], O_RDONLY);
+	if(fd == -1) exit(2);
+//TODO: Fix non arm platforms
+#define SYS_setns 375
+	int res = syscall(SYS_setns, fd, 0);
+	if(res == -1) exit(3);
+
+	//XXX: What to mount to /sbin...?
+	res = mount("/system", "/sbin", "bind", MS_BIND, "");
+	if(res == -1) exit(4);
+	exit(0);
+}