Improve multiuser notifications
This commit is contained in:
topjohnwu
parent
94c2fc80d2
commit
3395c84560
65
activity.c
65
activity.c
@ -39,16 +39,17 @@ static void silent_run(char* const args[]) {
|
|||||||
_exit(EXIT_FAILURE);
|
_exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void setup_user(struct su_context *ctx, char* user) {
|
static int setup_user(struct su_context *ctx, char* user) {
|
||||||
switch (ctx->user.multiuser_mode) {
|
switch (ctx->user.multiuser_mode) {
|
||||||
case MULTIUSER_MODE_OWNER_ONLY: /* Should already be denied if not owner */
|
case MULTIUSER_MODE_OWNER_ONLY: /* Should already be denied if not owner */
|
||||||
case MULTIUSER_MODE_OWNER_MANAGED:
|
case MULTIUSER_MODE_OWNER_MANAGED:
|
||||||
sprintf(user, "%d", 0);
|
sprintf(user, "%d", 0);
|
||||||
break;
|
return ctx->user.android_user_id;
|
||||||
case MULTIUSER_MODE_USER:
|
case MULTIUSER_MODE_USER:
|
||||||
sprintf(user, "%d", ctx->user.android_user_id);
|
sprintf(user, "%d", ctx->user.android_user_id);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void app_send_result(struct su_context *ctx, policy_t policy) {
|
void app_send_result(struct su_context *ctx, policy_t policy) {
|
||||||
@ -62,11 +63,17 @@ void app_send_result(struct su_context *ctx, policy_t policy) {
|
|||||||
sprintf(pid, "%d", ctx->from.pid);
|
sprintf(pid, "%d", ctx->from.pid);
|
||||||
|
|
||||||
char user[16];
|
char user[16];
|
||||||
setup_user(ctx, user);
|
int notify = setup_user(ctx, user);
|
||||||
|
|
||||||
|
// Send notice to manager, enable logging
|
||||||
char *result_command[] = {
|
char *result_command[] = {
|
||||||
AM_PATH,
|
AM_PATH,
|
||||||
ACTION_RESULT,
|
ACTION_RESULT,
|
||||||
|
"--user",
|
||||||
|
user,
|
||||||
|
"--ei",
|
||||||
|
"mode",
|
||||||
|
"0",
|
||||||
"--ei",
|
"--ei",
|
||||||
"from.uid",
|
"from.uid",
|
||||||
fromUid,
|
fromUid,
|
||||||
@ -82,27 +89,65 @@ void app_send_result(struct su_context *ctx, policy_t policy) {
|
|||||||
"--es",
|
"--es",
|
||||||
"action",
|
"action",
|
||||||
policy == ALLOW ? "allow" : "deny",
|
policy == ALLOW ? "allow" : "deny",
|
||||||
"--user",
|
|
||||||
user,
|
|
||||||
NULL
|
NULL
|
||||||
};
|
};
|
||||||
silent_run(result_command);
|
silent_run(result_command);
|
||||||
|
|
||||||
|
// Send notice to user (if needed) to create toasts
|
||||||
|
if (notify) {
|
||||||
|
sprintf(user, "%d", notify);
|
||||||
|
char *notify_command[] = {
|
||||||
|
AM_PATH,
|
||||||
|
ACTION_RESULT,
|
||||||
|
"--user",
|
||||||
|
user,
|
||||||
|
"--ei",
|
||||||
|
"mode",
|
||||||
|
"1",
|
||||||
|
"--ei",
|
||||||
|
"from.uid",
|
||||||
|
fromUid,
|
||||||
|
"--es",
|
||||||
|
"action",
|
||||||
|
policy == ALLOW ? "allow" : "deny",
|
||||||
|
NULL
|
||||||
|
};
|
||||||
|
silent_run(notify_command);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void app_send_request(struct su_context *ctx) {
|
void app_send_request(struct su_context *ctx) {
|
||||||
char user[64];
|
char user[16];
|
||||||
setup_user(ctx, user);
|
int notify = setup_user(ctx, user);
|
||||||
|
|
||||||
char *request_command[] = {
|
char *request_command[] = {
|
||||||
AM_PATH,
|
AM_PATH,
|
||||||
ACTION_REQUEST,
|
ACTION_REQUEST,
|
||||||
|
"--user",
|
||||||
|
user,
|
||||||
"--es",
|
"--es",
|
||||||
"socket",
|
"socket",
|
||||||
ctx->sock_path,
|
ctx->sock_path,
|
||||||
"--user",
|
"--ez",
|
||||||
user,
|
"timeout",
|
||||||
|
notify ? "false" : "true",
|
||||||
NULL
|
NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
silent_run(request_command);
|
silent_run(request_command);
|
||||||
|
|
||||||
|
// Send notice to user to tell them root is managed by owner
|
||||||
|
if (notify) {
|
||||||
|
sprintf(user, "%d", notify);
|
||||||
|
char *notify_command[] = {
|
||||||
|
AM_PATH,
|
||||||
|
ACTION_RESULT,
|
||||||
|
"--user",
|
||||||
|
user,
|
||||||
|
"--ei",
|
||||||
|
"mode",
|
||||||
|
"2",
|
||||||
|
NULL
|
||||||
|
};
|
||||||
|
silent_run(notify_command);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
13
su.c
13
su.c
@ -273,7 +273,7 @@ int su_daemon_main(int argc, char **argv) {
|
|||||||
printf("Owner managed: Only owner can manage root access and receive request prompts\n");
|
printf("Owner managed: Only owner can manage root access and receive request prompts\n");
|
||||||
break;
|
break;
|
||||||
case MULTIUSER_MODE_OWNER_ONLY:
|
case MULTIUSER_MODE_OWNER_ONLY:
|
||||||
printf("User independent: The user has its own separate root rules\n");
|
printf("User independent: Each user has its own separate root rules\n");
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
exit(EXIT_SUCCESS);
|
exit(EXIT_SUCCESS);
|
||||||
@ -336,6 +336,11 @@ int su_daemon_main(int argc, char **argv) {
|
|||||||
// verify if Magisk Manager is installed
|
// verify if Magisk Manager is installed
|
||||||
xstat(ctx.user.base_path, &st);
|
xstat(ctx.user.base_path, &st);
|
||||||
|
|
||||||
|
// always allow if this is Magisk Manager
|
||||||
|
if (ctx.from.uid == (st.st_uid % 100000)) {
|
||||||
|
allow();
|
||||||
|
}
|
||||||
|
|
||||||
// odd perms on superuser data dir
|
// odd perms on superuser data dir
|
||||||
if (st.st_gid != st.st_uid) {
|
if (st.st_gid != st.st_uid) {
|
||||||
LOGE("Bad uid/gid %d/%d for Superuser Requestor application",
|
LOGE("Bad uid/gid %d/%d for Superuser Requestor application",
|
||||||
@ -368,12 +373,6 @@ int su_daemon_main(int argc, char **argv) {
|
|||||||
setprop(ROOT_ACCESS_PROP, xstr(ROOT_ACCESS_APPS_AND_ADB));
|
setprop(ROOT_ACCESS_PROP, xstr(ROOT_ACCESS_APPS_AND_ADB));
|
||||||
}
|
}
|
||||||
|
|
||||||
// always allow if this is the superuser uid
|
|
||||||
// superuser needs to be able to reenable itself when disabled...
|
|
||||||
if (ctx.from.uid == st.st_uid) {
|
|
||||||
allow();
|
|
||||||
}
|
|
||||||
|
|
||||||
// Allow root to start root
|
// Allow root to start root
|
||||||
if (ctx.from.uid == UID_ROOT) {
|
if (ctx.from.uid == UID_ROOT) {
|
||||||
allow();
|
allow();
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user