Reworking fdwrapper

Co-authored-by: 5ec1cff <ewtqyqyewtqyqy@gmail.com>
Co-authored-by: 5ec1cff <56485584+5ec1cff@users.noreply.github.com>
Co-authored-by: Ylarod <me@ylarod.cn>

userspace/ksud/src/ksucalls.rs

@@ -15,7 +15,7 @@ const KSU_IOCTL_SET_SEPOLICY: u32 = 0xc0004b04; // _IOC(_IOC_READ|_IOC_WRITE, 'K
 const KSU_IOCTL_CHECK_SAFEMODE: u32 = 0x80004b05; // _IOC(_IOC_READ, 'K', 5, 0)
 const KSU_IOCTL_GET_FEATURE: u32 = 0xc0004b0d; // _IOC(_IOC_READ|_IOC_WRITE, 'K', 13, 0)
 const KSU_IOCTL_SET_FEATURE: u32 = 0x40004b0e; // _IOC(_IOC_WRITE, 'K', 14, 0)
-const KSU_IOCTL_PROXY_FILE: u32 = 0x00004b0f; // _IOC(_IOC_NONE, 'K', 15, 0)
+const KSU_IOCTL_GET_WRAPPER_FD: u32 = 0x40004b0f; // _IOC(_IOC_WRITE, 'K', 15, 0)
 #[allow(dead_code)]
 const KSU_IOCTL_KPM: u32 = 0xc0004bc8; // _IOC(_IOC_READ|_IOC_WRITE, 'K', 200, 0)
 #[allow(dead_code)]
@@ -63,7 +63,7 @@ struct SetFeatureCmd {
 
 #[repr(C)]
 #[derive(Clone, Copy, Default)]
-struct ProxyFileCmd {
+struct GetWrapperFdCmd {
     fd: i32,
     flags: u32,
 }
@@ -233,9 +233,10 @@ pub fn set_feature(feature_id: u32, value: u64) -> std::io::Result<()> {
     Ok(())
 }
 
-pub fn proxy_file(fd: RawFd) -> std::io::Result<RawFd> {
-    let mut cmd = ProxyFileCmd { fd, flags: 0 };
-    let result = ksuctl(KSU_IOCTL_PROXY_FILE, &mut cmd as *mut _)?;
+#[cfg(any(target_os = "linux", target_os = "android"))]
+pub fn get_wrapped_fd(fd: RawFd) -> std::io::Result<RawFd> {
+    let mut cmd = GetWrapperFdCmd { fd, flags: 0 };
+    let result = ksuctl(KSU_IOCTL_GET_WRAPPER_FD, &mut cmd as *mut _)?;
     Ok(result)
 }
 

userspace/ksud/src/su.rs

@@ -1,6 +1,5 @@
 use crate::{
     defs,
-    ksucalls::proxy_file,
     utils::{self, umask},
 };
 use anyhow::{Context, Ok, Result, bail};
@@ -11,6 +10,9 @@ use log::{error, warn};
 use std::os::unix::process::CommandExt;
 use std::{env, ffi::CStr, path::PathBuf, process::Command};
 
+#[cfg(any(target_os = "linux", target_os = "android"))]
+use crate::ksucalls::get_wrapped_fd;
+
 #[cfg(any(target_os = "linux", target_os = "android"))]
 use rustix::{
     process::getuid,
@@ -71,7 +73,7 @@ fn wrap_tty(fd: c_int) {
             warn!("not a tty: {fd}");
             return Ok(());
         }
-        let new_fd = proxy_file(fd).context("proxy_file")?;
+        let new_fd = get_wrapped_fd(fd).context("get_wrapped_fd")?;
         if unsafe { libc::dup2(new_fd, fd) } == -1 {
             bail!("dup {new_fd} -> {fd} errno: {}", unsafe {
                 *libc::__errno()
@@ -147,6 +149,7 @@ pub fn root_shell() -> Result<()> {
         "Specify a supplementary group. The first specified supplementary group is also used as a primary group if the option -g is not specified.",
         "GROUP",
     );
+    opts.optflag("W", "no-wrapper", "don't use ksu fd wrapper");
 
     // Replace -cn with -z, -mm with -M for supporting getopt_long
     let args = args
@@ -190,6 +193,7 @@ pub fn root_shell() -> Result<()> {
     let mut is_login = matches.opt_present("l");
     let preserve_env = matches.opt_present("p");
     let mount_master = matches.opt_present("M");
+    let use_fd_wrapper = !matches.opt_present("W");
 
     let groups = matches
         .opt_strs("G")
@@ -289,7 +293,7 @@ pub fn root_shell() -> Result<()> {
             }
 
             #[cfg(target_os = "android")]
-            if true {
+            if use_fd_wrapper {
                 wrap_tty(0);
                 wrap_tty(1);
                 wrap_tty(2);