Improve multiuser notifications

This commit is contained in:
topjohnwu 2017-05-28 01:28:18 +08:00
parent 94c2fc80d2
commit 3395c84560
2 changed files with 61 additions and 17 deletions

View File

@ -39,16 +39,17 @@ static void silent_run(char* const args[]) {
_exit(EXIT_FAILURE); _exit(EXIT_FAILURE);
} }
static void setup_user(struct su_context *ctx, char* user) { static int setup_user(struct su_context *ctx, char* user) {
switch (ctx->user.multiuser_mode) { switch (ctx->user.multiuser_mode) {
case MULTIUSER_MODE_OWNER_ONLY: /* Should already be denied if not owner */ case MULTIUSER_MODE_OWNER_ONLY: /* Should already be denied if not owner */
case MULTIUSER_MODE_OWNER_MANAGED: case MULTIUSER_MODE_OWNER_MANAGED:
sprintf(user, "%d", 0); sprintf(user, "%d", 0);
break; return ctx->user.android_user_id;
case MULTIUSER_MODE_USER: case MULTIUSER_MODE_USER:
sprintf(user, "%d", ctx->user.android_user_id); sprintf(user, "%d", ctx->user.android_user_id);
break; break;
} }
return 0;
} }
void app_send_result(struct su_context *ctx, policy_t policy) { void app_send_result(struct su_context *ctx, policy_t policy) {
@ -62,11 +63,17 @@ void app_send_result(struct su_context *ctx, policy_t policy) {
sprintf(pid, "%d", ctx->from.pid); sprintf(pid, "%d", ctx->from.pid);
char user[16]; char user[16];
setup_user(ctx, user); int notify = setup_user(ctx, user);
// Send notice to manager, enable logging
char *result_command[] = { char *result_command[] = {
AM_PATH, AM_PATH,
ACTION_RESULT, ACTION_RESULT,
"--user",
user,
"--ei",
"mode",
"0",
"--ei", "--ei",
"from.uid", "from.uid",
fromUid, fromUid,
@ -82,27 +89,65 @@ void app_send_result(struct su_context *ctx, policy_t policy) {
"--es", "--es",
"action", "action",
policy == ALLOW ? "allow" : "deny", policy == ALLOW ? "allow" : "deny",
"--user",
user,
NULL NULL
}; };
silent_run(result_command); silent_run(result_command);
// Send notice to user (if needed) to create toasts
if (notify) {
sprintf(user, "%d", notify);
char *notify_command[] = {
AM_PATH,
ACTION_RESULT,
"--user",
user,
"--ei",
"mode",
"1",
"--ei",
"from.uid",
fromUid,
"--es",
"action",
policy == ALLOW ? "allow" : "deny",
NULL
};
silent_run(notify_command);
}
} }
void app_send_request(struct su_context *ctx) { void app_send_request(struct su_context *ctx) {
char user[64]; char user[16];
setup_user(ctx, user); int notify = setup_user(ctx, user);
char *request_command[] = { char *request_command[] = {
AM_PATH, AM_PATH,
ACTION_REQUEST, ACTION_REQUEST,
"--user",
user,
"--es", "--es",
"socket", "socket",
ctx->sock_path, ctx->sock_path,
"--user", "--ez",
user, "timeout",
notify ? "false" : "true",
NULL NULL
}; };
silent_run(request_command); silent_run(request_command);
// Send notice to user to tell them root is managed by owner
if (notify) {
sprintf(user, "%d", notify);
char *notify_command[] = {
AM_PATH,
ACTION_RESULT,
"--user",
user,
"--ei",
"mode",
"2",
NULL
};
silent_run(notify_command);
}
} }

13
su.c
View File

@ -273,7 +273,7 @@ int su_daemon_main(int argc, char **argv) {
printf("Owner managed: Only owner can manage root access and receive request prompts\n"); printf("Owner managed: Only owner can manage root access and receive request prompts\n");
break; break;
case MULTIUSER_MODE_OWNER_ONLY: case MULTIUSER_MODE_OWNER_ONLY:
printf("User independent: The user has its own separate root rules\n"); printf("User independent: Each user has its own separate root rules\n");
break; break;
} }
exit(EXIT_SUCCESS); exit(EXIT_SUCCESS);
@ -336,6 +336,11 @@ int su_daemon_main(int argc, char **argv) {
// verify if Magisk Manager is installed // verify if Magisk Manager is installed
xstat(ctx.user.base_path, &st); xstat(ctx.user.base_path, &st);
// always allow if this is Magisk Manager
if (ctx.from.uid == (st.st_uid % 100000)) {
allow();
}
// odd perms on superuser data dir // odd perms on superuser data dir
if (st.st_gid != st.st_uid) { if (st.st_gid != st.st_uid) {
LOGE("Bad uid/gid %d/%d for Superuser Requestor application", LOGE("Bad uid/gid %d/%d for Superuser Requestor application",
@ -368,12 +373,6 @@ int su_daemon_main(int argc, char **argv) {
setprop(ROOT_ACCESS_PROP, xstr(ROOT_ACCESS_APPS_AND_ADB)); setprop(ROOT_ACCESS_PROP, xstr(ROOT_ACCESS_APPS_AND_ADB));
} }
// always allow if this is the superuser uid
// superuser needs to be able to reenable itself when disabled...
if (ctx.from.uid == st.st_uid) {
allow();
}
// Allow root to start root // Allow root to start root
if (ctx.from.uid == UID_ROOT) { if (ctx.from.uid == UID_ROOT) {
allow(); allow();