Add namespace mode support
This commit is contained in:
topjohnwu
parent
1ddd746862
commit
c9286624d4
3
db.c
3
db.c
@ -46,6 +46,8 @@ static int settings_callback(void *v, int argc, char **argv, char **azColName) {
|
||||
target = &ctx->info->root_access;
|
||||
else if (strcmp(argv[i], MULTIUSER_MODE_ENTRY) == 0)
|
||||
target = &ctx->info->multiuser_mode;
|
||||
else if (strcmp(argv[i], NAMESPACE_MODE_ENTRY) == 0)
|
||||
target = &ctx->info->mnt_ns;
|
||||
entry = argv[i];
|
||||
} else if (strcmp(azColName[i], "value") == 0) {
|
||||
value = atoi(argv[i]);
|
||||
@ -62,6 +64,7 @@ void database_check(struct su_context *ctx) {
|
||||
// Set default values
|
||||
ctx->info->root_access = ROOT_ACCESS_APPS_AND_ADB;
|
||||
ctx->info->multiuser_mode = MULTIUSER_MODE_OWNER_ONLY;
|
||||
ctx->info->mnt_ns = NAMESPACE_MODE_REQUESTER;
|
||||
ctx->info->policy = QUERY;
|
||||
|
||||
// Check if file is readable
|
||||
|
||||
11
su.h
11
su.h
@ -11,19 +11,25 @@
|
||||
|
||||
#define MAGISKSU_VER_STR xstr(MAGISK_VERSION) ":MAGISKSU (topjohnwu)"
|
||||
|
||||
// Property check for root access
|
||||
// DB settings for root access
|
||||
#define ROOT_ACCESS_ENTRY "root_access"
|
||||
#define ROOT_ACCESS_DISABLED 0
|
||||
#define ROOT_ACCESS_APPS_ONLY 1
|
||||
#define ROOT_ACCESS_ADB_ONLY 2
|
||||
#define ROOT_ACCESS_APPS_AND_ADB 3
|
||||
|
||||
// Property for multiuser
|
||||
// DB settings for multiuser
|
||||
#define MULTIUSER_MODE_ENTRY "multiuser_mode"
|
||||
#define MULTIUSER_MODE_OWNER_ONLY 0
|
||||
#define MULTIUSER_MODE_OWNER_MANAGED 1
|
||||
#define MULTIUSER_MODE_USER 2
|
||||
|
||||
// DB settings for namespace seperation
|
||||
#define NAMESPACE_MODE_ENTRY "mnt_ns"
|
||||
#define NAMESPACE_MODE_GLOBAL 0
|
||||
#define NAMESPACE_MODE_REQUESTER 1
|
||||
#define NAMESPACE_MODE_ISOLATE 2
|
||||
|
||||
// DO NOT CHANGE LINE BELOW, java package name will always be the same
|
||||
#define JAVA_PACKAGE_NAME "com.topjohnwu.magisk"
|
||||
|
||||
@ -59,6 +65,7 @@ struct su_info {
|
||||
int clock;
|
||||
int multiuser_mode;
|
||||
int root_access;
|
||||
int mnt_ns;
|
||||
struct list_head pos;
|
||||
};
|
||||
|
||||
|
||||
19
su_daemon.c
19
su_daemon.c
@ -10,6 +10,7 @@
|
||||
#include <fcntl.h>
|
||||
#include <string.h>
|
||||
#include <signal.h>
|
||||
#include <sched.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
@ -260,6 +261,24 @@ void su_daemon_receiver(int client) {
|
||||
// Become session leader
|
||||
xsetsid();
|
||||
|
||||
// Handle namespaces
|
||||
switch (info->mnt_ns) {
|
||||
case NAMESPACE_MODE_GLOBAL:
|
||||
LOGD("su: use global namespace\n");
|
||||
break;
|
||||
case NAMESPACE_MODE_REQUESTER:
|
||||
LOGD("su: use namespace of pid=[%d]\n", su_ctx->pid);
|
||||
if (switch_mnt_ns(su_ctx->pid)) {
|
||||
LOGD("su: setns failed, fallback to isolated\n");
|
||||
unshare(CLONE_NEWNS);
|
||||
}
|
||||
break;
|
||||
case NAMESPACE_MODE_ISOLATE:
|
||||
LOGD("su: use new isolated namespace\n");
|
||||
unshare(CLONE_NEWNS);
|
||||
break;
|
||||
}
|
||||
|
||||
// Let's read some info from the socket
|
||||
int argc = read_int(client);
|
||||
if (argc < 0 || argc > 512) {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user