Fix checking order
This commit is contained in:
parent
743c4f554d
commit
222c31b306
60
su.c
60
su.c
@ -311,6 +311,36 @@ int su_daemon_main(int argc, char **argv) {
|
|||||||
optind++;
|
optind++;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// The su_context setup is done, now every error leads to deny
|
||||||
|
err_handler = deny;
|
||||||
|
|
||||||
|
// It's in multiuser mode
|
||||||
|
if (ctx.from.uid > 99999) {
|
||||||
|
ctx.user.android_user_id = ctx.from.uid / 100000;
|
||||||
|
if (ctx.user.multiuser_mode == MULTIUSER_MODE_USER) {
|
||||||
|
snprintf(ctx.user.database_path, PATH_MAX, "%s/%d/%s",
|
||||||
|
USER_DATA_PATH, ctx.user.android_user_id, REQUESTOR_DATABASE_PATH);
|
||||||
|
snprintf(ctx.user.base_path, PATH_MAX, "%s/%d/%s",
|
||||||
|
USER_DATA_PATH, ctx.user.android_user_id, REQUESTOR);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// verify superuser is installed
|
||||||
|
xstat(ctx.user.base_path, &st);
|
||||||
|
|
||||||
|
// odd perms on superuser data dir
|
||||||
|
if (st.st_gid != st.st_uid) {
|
||||||
|
LOGE("Bad uid/gid %d/%d for Superuser Requestor application",
|
||||||
|
(int)st.st_uid, (int)st.st_gid);
|
||||||
|
deny();
|
||||||
|
}
|
||||||
|
|
||||||
|
// always allow if this is the superuser uid
|
||||||
|
// superuser needs to be able to reenable itself when disabled...
|
||||||
|
if (ctx.from.uid == st.st_uid) {
|
||||||
|
allow();
|
||||||
|
}
|
||||||
|
|
||||||
// Check property of root configuration
|
// Check property of root configuration
|
||||||
char *root_prop = getprop(ROOT_ACCESS_PROP);
|
char *root_prop = getprop(ROOT_ACCESS_PROP);
|
||||||
if (root_prop) {
|
if (root_prop) {
|
||||||
@ -335,41 +365,11 @@ int su_daemon_main(int argc, char **argv) {
|
|||||||
}
|
}
|
||||||
free(root_prop);
|
free(root_prop);
|
||||||
|
|
||||||
// The su_context setup is done, now every error leads to deny
|
|
||||||
err_handler = deny;
|
|
||||||
|
|
||||||
// It's in multiuser mode
|
|
||||||
if (ctx.from.uid > 99999) {
|
|
||||||
ctx.user.android_user_id = ctx.from.uid / 100000;
|
|
||||||
if (ctx.user.multiuser_mode == MULTIUSER_MODE_USER) {
|
|
||||||
snprintf(ctx.user.database_path, PATH_MAX, "%s/%d/%s",
|
|
||||||
USER_DATA_PATH, ctx.user.android_user_id, REQUESTOR_DATABASE_PATH);
|
|
||||||
snprintf(ctx.user.base_path, PATH_MAX, "%s/%d/%s",
|
|
||||||
USER_DATA_PATH, ctx.user.android_user_id, REQUESTOR);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Allow root to start root
|
// Allow root to start root
|
||||||
if (ctx.from.uid == UID_ROOT) {
|
if (ctx.from.uid == UID_ROOT) {
|
||||||
allow();
|
allow();
|
||||||
}
|
}
|
||||||
|
|
||||||
// verify superuser is installed
|
|
||||||
xstat(ctx.user.base_path, &st);
|
|
||||||
|
|
||||||
// odd perms on superuser data dir
|
|
||||||
if (st.st_gid != st.st_uid) {
|
|
||||||
LOGE("Bad uid/gid %d/%d for Superuser Requestor application",
|
|
||||||
(int)st.st_uid, (int)st.st_gid);
|
|
||||||
deny();
|
|
||||||
}
|
|
||||||
|
|
||||||
// always allow if this is the superuser uid
|
|
||||||
// superuser needs to be able to reenable itself when disabled...
|
|
||||||
if (ctx.from.uid == st.st_uid) {
|
|
||||||
allow();
|
|
||||||
}
|
|
||||||
|
|
||||||
// deny if this is a non owner request and owner mode only
|
// deny if this is a non owner request and owner mode only
|
||||||
if (ctx.user.multiuser_mode == MULTIUSER_MODE_OWNER_ONLY && ctx.user.android_user_id != 0) {
|
if (ctx.user.multiuser_mode == MULTIUSER_MODE_OWNER_ONLY && ctx.user.android_user_id != 0) {
|
||||||
deny();
|
deny();
|
||||||
|
Loading…
Reference in New Issue
Block a user