From c9286624d49df94c4967a678db0ac1f08e6f9469 Mon Sep 17 00:00:00 2001
From: topjohnwu <topjohnwu@gmail.com>
Date: Thu, 8 Jun 2017 22:50:39 +0800
Subject: [PATCH] Add namespace mode support

---
 db.c        |  3 +++
 su.h        | 11 +++++++++--
 su_daemon.c | 19 +++++++++++++++++++
 3 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/db.c b/db.c
index e3f5cb9c7..6a6f85013 100644
--- a/db.c
+++ b/db.c
@@ -46,6 +46,8 @@ static int settings_callback(void *v, int argc, char **argv, char **azColName) {
 				target = &ctx->info->root_access;
 			else if (strcmp(argv[i], MULTIUSER_MODE_ENTRY) == 0)
 				target = &ctx->info->multiuser_mode;
+			else if (strcmp(argv[i], NAMESPACE_MODE_ENTRY) == 0)
+				target = &ctx->info->mnt_ns;
 			entry = argv[i];
 		} else if (strcmp(azColName[i], "value") == 0) {
 			value = atoi(argv[i]);
@@ -62,6 +64,7 @@ void database_check(struct su_context *ctx) {
 	// Set default values
 	ctx->info->root_access = ROOT_ACCESS_APPS_AND_ADB;
 	ctx->info->multiuser_mode = MULTIUSER_MODE_OWNER_ONLY;
+	ctx->info->mnt_ns = NAMESPACE_MODE_REQUESTER;
 	ctx->info->policy = QUERY;
 
 	// Check if file is readable
diff --git a/su.h b/su.h
index b815acd8a..4c8775cbf 100644
--- a/su.h
+++ b/su.h
@@ -11,19 +11,25 @@
 
 #define MAGISKSU_VER_STR  xstr(MAGISK_VERSION) ":MAGISKSU (topjohnwu)"
 
-// Property check for root access
+// DB settings for root access
 #define ROOT_ACCESS_ENTRY         "root_access"
 #define ROOT_ACCESS_DISABLED      0
 #define ROOT_ACCESS_APPS_ONLY     1
 #define ROOT_ACCESS_ADB_ONLY      2
 #define ROOT_ACCESS_APPS_AND_ADB  3
 
-// Property for multiuser
+// DB settings for multiuser
 #define MULTIUSER_MODE_ENTRY            "multiuser_mode"
 #define MULTIUSER_MODE_OWNER_ONLY       0
 #define MULTIUSER_MODE_OWNER_MANAGED    1
 #define MULTIUSER_MODE_USER             2
 
+// DB settings for namespace seperation
+#define NAMESPACE_MODE_ENTRY      "mnt_ns"
+#define NAMESPACE_MODE_GLOBAL     0
+#define NAMESPACE_MODE_REQUESTER  1
+#define NAMESPACE_MODE_ISOLATE    2
+
 // DO NOT CHANGE LINE BELOW, java package name will always be the same
 #define JAVA_PACKAGE_NAME "com.topjohnwu.magisk"
 
@@ -59,6 +65,7 @@ struct su_info {
     int clock;
     int multiuser_mode;
     int root_access;
+    int mnt_ns;
     struct list_head pos;
 };
 
diff --git a/su_daemon.c b/su_daemon.c
index ece0b50bb..05d627ba9 100644
--- a/su_daemon.c
+++ b/su_daemon.c
@@ -10,6 +10,7 @@
 #include <fcntl.h>
 #include <string.h>
 #include <signal.h>
+#include <sched.h>
 #include <sys/socket.h>
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -260,6 +261,24 @@ void su_daemon_receiver(int client) {
 	// Become session leader
 	xsetsid();
 
+	// Handle namespaces
+	switch (info->mnt_ns) {
+	case NAMESPACE_MODE_GLOBAL:
+		LOGD("su: use global namespace\n");
+		break;
+	case NAMESPACE_MODE_REQUESTER:
+		LOGD("su: use namespace of pid=[%d]\n", su_ctx->pid);
+		if (switch_mnt_ns(su_ctx->pid)) {
+			LOGD("su: setns failed, fallback to isolated\n");
+			unshare(CLONE_NEWNS);
+		}
+		break;
+	case NAMESPACE_MODE_ISOLATE:
+		LOGD("su: use new isolated namespace\n");
+		unshare(CLONE_NEWNS);
+		break;
+	}
+
 	// Let's read some info from the socket
 	int argc = read_int(client);
 	if (argc < 0 || argc > 512) {