Magisk/su.c

353 lines
8.5 KiB
C
Raw Normal View History

/*
2017-04-14 21:21:31 +02:00
* Copyright 2017, John Wu (@topjohnwu)
* Copyright 2015, Pierre-Hugues Husson <phh@phh.me>
* Copyright 2010, Adam Shanks (@ChainsDD)
* Copyright 2008, Zinx Verituse (@zinxv)
*/
/* su.c - The main function running in the daemon
*/
#include <stdio.h>
#include <stdlib.h>
2017-04-14 21:21:31 +02:00
#include <string.h>
#include <unistd.h>
#include <getopt.h>
2017-04-14 21:21:31 +02:00
#include <fcntl.h>
#include <pwd.h>
2017-04-14 21:21:31 +02:00
#include <errno.h>
#include <signal.h>
#include <sys/types.h>
2017-04-14 21:21:31 +02:00
#include <sys/stat.h>
#include <sys/auxv.h>
2017-04-14 21:21:31 +02:00
#include <selinux/selinux.h>
2017-04-14 21:21:31 +02:00
#include "magisk.h"
#include "utils.h"
2017-04-14 21:21:31 +02:00
#include "resetprop.h"
#include "su.h"
struct su_context *su_ctx;
2017-04-14 21:21:31 +02:00
static void usage(int status) {
FILE *stream = (status == EXIT_SUCCESS) ? stdout : stderr;
fprintf(stream,
2017-04-27 21:26:18 +02:00
"MagiskSU v" xstr(MAGISK_VERSION) "\n\n"
2017-04-14 21:21:31 +02:00
"Usage: su [options] [--] [-] [LOGIN] [--] [args...]\n\n"
"Options:\n"
" -c, --command COMMAND pass COMMAND to the invoked shell\n"
" -h, --help display this help message and exit\n"
" -, -l, --login pretend the shell to be a login shell\n"
" -m, -p,\n"
" --preserve-environment do not change environment variables\n"
" -s, --shell SHELL use SHELL instead of the default " DEFAULT_SHELL "\n"
" -u display the multiuser mode and exit\n"
" -v, --version display version number and exit\n"
" -V display version code and exit,\n"
" this is used almost exclusively by Superuser.apk\n");
exit2(status);
}
2017-04-14 21:21:31 +02:00
static char *concat_commands(int argc, char *argv[]) {
char command[ARG_MAX];
command[0] = '\0';
for (int i = optind - 1; i < argc; ++i) {
if (strlen(command))
sprintf(command, "%s %s", command, argv[i]);
else
sprintf(command, "%s", argv[i]);
}
return strdup(command);
}
static void populate_environment(const struct su_context *ctx) {
2017-04-14 21:21:31 +02:00
struct passwd *pw;
if (ctx->to.keepenv)
return;
pw = getpwuid(ctx->to.uid);
if (pw) {
setenv("HOME", pw->pw_dir, 1);
if (ctx->to.shell)
setenv("SHELL", ctx->to.shell, 1);
else
setenv("SHELL", DEFAULT_SHELL, 1);
if (ctx->to.login || ctx->to.uid) {
setenv("USER", pw->pw_name, 1);
setenv("LOGNAME", pw->pw_name, 1);
}
}
}
2017-04-14 21:21:31 +02:00
static __attribute__ ((noreturn)) void allow() {
char *arg0;
umask(su_ctx->umask);
if (su_ctx->notify)
2017-04-14 21:21:31 +02:00
app_send_result(su_ctx, ALLOW);
char *binary = su_ctx->to.shell;
if (su_ctx->to.command) {
su_ctx->to.argv[--su_ctx->to.argc] = su_ctx->to.command;
su_ctx->to.argv[--su_ctx->to.argc] = "-c";
}
arg0 = strrchr(binary, '/');
arg0 = arg0 ? (arg0 + 1) : binary;
if (su_ctx->to.login) {
int s = strlen(arg0) + 2;
char *p = xmalloc(s);
*p = '-';
strcpy(p + 1, arg0);
arg0 = p;
}
populate_environment(su_ctx);
set_identity(su_ctx->to.uid);
setexeccon("u:r:su:s0");
su_ctx->to.argv[--su_ctx->to.argc] = arg0;
execvp(binary, su_ctx->to.argv + su_ctx->to.argc);
fprintf(stderr, "Cannot execute %s: %s\n", binary, strerror(errno));
PLOGE("exec");
exit(EXIT_FAILURE);
}
2017-04-14 21:21:31 +02:00
static __attribute__ ((noreturn)) void deny() {
if (su_ctx->notify)
2017-04-14 21:21:31 +02:00
app_send_result(su_ctx, DENY);
LOGW("su: request rejected (%u->%u)", su_ctx->info->uid, su_ctx->to.uid);
2017-04-14 21:21:31 +02:00
fprintf(stderr, "%s\n", strerror(EACCES));
exit(EXIT_FAILURE);
}
2017-04-14 21:21:31 +02:00
static void socket_cleanup() {
if (su_ctx && su_ctx->sock_path[0]) {
unlink(su_ctx->sock_path);
su_ctx->sock_path[0] = 0;
}
}
2017-04-14 21:21:31 +02:00
static void cleanup_signal(int sig) {
socket_cleanup();
exit2(EXIT_FAILURE);
}
__attribute__ ((noreturn)) void exit2(int status) {
// Handle the pipe, or the daemon will get stuck
if (su_ctx->info->policy == QUERY) {
xwrite(pipefd[1], &su_ctx->info->policy, sizeof(su_ctx->info->policy));
close(pipefd[0]);
close(pipefd[1]);
}
exit(status);
2017-01-30 19:51:22 +01:00
}
2017-04-14 21:21:31 +02:00
int su_daemon_main(int argc, char **argv) {
// Sanitize all secure environment variables (from linker_environ.c in AOSP linker).
/* The same list than GLibc at this point */
static const char* const unsec_vars[] = {
"GCONV_PATH",
"GETCONF_DIR",
"HOSTALIASES",
"LD_AUDIT",
"LD_DEBUG",
"LD_DEBUG_OUTPUT",
"LD_DYNAMIC_WEAK",
"LD_LIBRARY_PATH",
"LD_ORIGIN_PATH",
"LD_PRELOAD",
"LD_PROFILE",
"LD_SHOW_AUXV",
"LD_USE_LOAD_BIAS",
"LOCALDOMAIN",
"LOCPATH",
"MALLOC_TRACE",
"MALLOC_CHECK_",
"NIS_PATH",
"NLSPATH",
"RESOLV_HOST_CONF",
"RES_OPTIONS",
"TMPDIR",
"TZDIR",
"LD_AOUT_LIBRARY_PATH",
"LD_AOUT_PRELOAD",
// not listed in linker, used due to system() call
"IFS",
};
if(getauxval(AT_SECURE)) {
const char* const* cp = unsec_vars;
const char* const* endp = cp + sizeof(unsec_vars)/sizeof(unsec_vars[0]);
while (cp < endp) {
unsetenv(*cp);
cp++;
}
}
// Replace -cn with z, for CF compatibility
for (int i = 0; i < argc; ++i) {
if (strcmp(argv[i], "-cn") == 0) {
strcpy(argv[i], "-z");
break;
}
}
int c, socket_serv_fd, fd;
char result[64];
struct option long_opts[] = {
{ "command", required_argument, NULL, 'c' },
{ "help", no_argument, NULL, 'h' },
{ "login", no_argument, NULL, 'l' },
{ "preserve-environment", no_argument, NULL, 'p' },
{ "shell", required_argument, NULL, 's' },
{ "version", no_argument, NULL, 'v' },
{ "context", required_argument, NULL, 'z' },
{ NULL, 0, NULL, 0 },
};
while ((c = getopt_long(argc, argv, "c:hlmps:Vvuz:", long_opts, NULL)) != -1) {
switch (c) {
case 'c':
su_ctx->to.command = concat_commands(argc, argv);
2017-04-14 21:21:31 +02:00
optind = argc;
su_ctx->notify = 1;
2017-04-14 21:21:31 +02:00
break;
case 'h':
usage(EXIT_SUCCESS);
break;
case 'l':
su_ctx->to.login = 1;
2017-04-14 21:21:31 +02:00
break;
case 'm':
case 'p':
su_ctx->to.keepenv = 1;
2017-04-14 21:21:31 +02:00
break;
case 's':
su_ctx->to.shell = optarg;
2017-04-14 21:21:31 +02:00
break;
case 'V':
2017-04-18 15:09:53 +02:00
printf("%d\n", MAGISK_VER_CODE);
exit2(EXIT_SUCCESS);
2017-04-14 21:21:31 +02:00
case 'v':
2017-04-18 15:09:53 +02:00
printf("%s\n", MAGISKSU_VER_STR);
exit2(EXIT_SUCCESS);
2017-04-14 21:21:31 +02:00
case 'u':
2017-05-31 21:19:45 +02:00
switch (su_ctx->info->multiuser_mode) {
2017-04-14 21:21:31 +02:00
case MULTIUSER_MODE_USER:
2017-05-26 20:40:12 +02:00
printf("Owner only: Only owner has root access\n");
2017-04-14 21:21:31 +02:00
break;
case MULTIUSER_MODE_OWNER_MANAGED:
2017-05-26 20:40:12 +02:00
printf("Owner managed: Only owner can manage root access and receive request prompts\n");
2017-04-14 21:21:31 +02:00
break;
case MULTIUSER_MODE_OWNER_ONLY:
2017-05-27 19:28:18 +02:00
printf("User independent: Each user has its own separate root rules\n");
2017-04-14 21:21:31 +02:00
break;
}
exit2(EXIT_SUCCESS);
2017-04-14 21:21:31 +02:00
case 'z':
// Do nothing, placed here for legacy support :)
break;
default:
/* Bionic getopt_long doesn't terminate its error output by newline */
fprintf(stderr, "\n");
usage(2);
}
}
su_ctx->to.argc = argc;
su_ctx->to.argv = argv;
2017-04-14 21:21:31 +02:00
if (optind < argc && !strcmp(argv[optind], "-")) {
su_ctx->to.login = 1;
2017-04-14 21:21:31 +02:00
optind++;
}
/* username or uid */
if (optind < argc && strcmp(argv[optind], "--")) {
struct passwd *pw;
pw = getpwnam(argv[optind]);
if (!pw) {
char *endptr;
/* It seems we shouldn't do this at all */
errno = 0;
su_ctx->to.uid = strtoul(argv[optind], &endptr, 10);
2017-04-14 21:21:31 +02:00
if (errno || *endptr) {
LOGE("Unknown id: %s\n", argv[optind]);
fprintf(stderr, "Unknown id: %s\n", argv[optind]);
exit(EXIT_FAILURE);
}
} else {
su_ctx->to.uid = pw->pw_uid;
2017-04-14 21:21:31 +02:00
}
optind++;
}
if (optind < argc && !strcmp(argv[optind], "--")) {
optind++;
}
// Setup done, now every error leads to deny
2017-04-14 21:21:31 +02:00
err_handler = deny;
2017-05-31 21:19:45 +02:00
// Check root_access configuration
switch (su_ctx->info->root_access) {
case ROOT_ACCESS_DISABLED:
LOGE("Root access is disabled!\n");
exit(EXIT_FAILURE);
case ROOT_ACCESS_APPS_ONLY:
if (su_ctx->info->uid == UID_SHELL) {
LOGE("Root access is disabled for ADB!\n");
exit(EXIT_FAILURE);
}
break;
case ROOT_ACCESS_ADB_ONLY:
if (su_ctx->info->uid != UID_SHELL) {
LOGE("Root access limited to ADB only!\n");
2017-04-16 17:10:18 +02:00
exit(EXIT_FAILURE);
}
2017-05-31 21:19:45 +02:00
break;
case ROOT_ACCESS_APPS_AND_ADB:
default:
break;
2017-04-16 17:10:18 +02:00
}
// New request or no db exist, notify user for response
if (su_ctx->info->policy == QUERY) {
socket_serv_fd = socket_create_temp(su_ctx->sock_path, sizeof(su_ctx->sock_path));
setup_sighandlers(cleanup_signal);
2017-04-14 21:21:31 +02:00
// Start activity
app_send_request(su_ctx);
2017-04-14 21:21:31 +02:00
atexit(socket_cleanup);
2017-04-14 21:21:31 +02:00
fd = socket_accept(socket_serv_fd);
socket_send_request(fd, su_ctx);
socket_receive_result(fd, result, sizeof(result));
2017-04-14 21:21:31 +02:00
close(fd);
close(socket_serv_fd);
socket_cleanup();
2017-04-14 21:21:31 +02:00
if (strcmp(result, "socket:ALLOW") == 0)
su_ctx->info->policy = ALLOW;
else
su_ctx->info->policy = DENY;
2017-04-14 21:21:31 +02:00
// Report the policy to main daemon
xwrite(pipefd[1], &su_ctx->info->policy, sizeof(su_ctx->info->policy));
close(pipefd[0]);
close(pipefd[1]);
}
2017-04-14 21:21:31 +02:00
if (su_ctx->info->policy == ALLOW)
2017-04-14 21:21:31 +02:00
allow();
else
2017-04-14 21:21:31 +02:00
deny();
}