android/SukiSU-Ultra
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Use rustix for prctl (#1333)

Browse Source
This commit is contained in:
LoveSy
2024-02-01 23:28:56 +08:00
committed by GitHub
parent 9f04482b90
commit 64269c8c4f
4 changed files with 38 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

84
userspace/ksud/src/ksu.rs
View File

@@ -1,7 +1,4 @@
use anyhow::{Ok, Result};
#[cfg(unix)]
use anyhow::ensure;
use getopts::Options;
use std::env;
#[cfg(unix)]
@@ -20,39 +17,14 @@ use rustix::{
thread::{set_thread_res_gid, set_thread_res_uid, Gid, Uid},
};
pub const KERNEL_SU_OPTION: u32 = 0xDEAD_BEEF;
const CMD_GRANT_ROOT: u64 = 0;
// const CMD_BECOME_MANAGER: u64 = 1;
const CMD_GET_VERSION: u64 = 2;
// const CMD_ALLOW_SU: u64 = 3;
// const CMD_DENY_SU: u64 = 4;
// const CMD_GET_ALLOW_LIST: u64 = 5;
// const CMD_GET_DENY_LIST: u64 = 6;
const CMD_REPORT_EVENT: u64 = 7;
pub const CMD_SET_SEPOLICY: u64 = 8;
pub const CMD_CHECK_SAFEMODE: u64 = 9;
const EVENT_POST_FS_DATA: u64 = 1;
const EVENT_BOOT_COMPLETED: u64 = 2;
const EVENT_MODULE_MOUNTED: u64 = 3;
#[cfg(any(target_os = "linux", target_os = "android"))]
pub fn grant_root() -> Result<()> {
let mut result: u32 = 0;
unsafe {
#[allow(clippy::cast_possible_wrap)]
libc::prctl(
KERNEL_SU_OPTION as i32, // supposed to overflow
CMD_GRANT_ROOT,
0,
0,
std::ptr::addr_of_mut!(result).cast::<libc::c_void>(),
);
}
ensure!(result == KERNEL_SU_OPTION, "grant root failed");
Err(std::process::Command::new("sh").exec().into())
rustix::process::ksu_grant_root()?;
Ok(())
}
#[cfg(not(any(target_os = "linux", target_os = "android")))]
@@ -302,46 +274,32 @@ fn add_path_to_env(path: &str) -> Result<()> {
Ok(())
}
#[cfg(any(target_os = "linux", target_os = "android"))]
pub fn get_version() -> i32 {
let mut result: i32 = 0;
#[cfg(any(target_os = "linux", target_os = "android"))]
unsafe {
#[allow(clippy::cast_possible_wrap)]
libc::prctl(
KERNEL_SU_OPTION as i32, // supposed to overflow
CMD_GET_VERSION,
std::ptr::addr_of_mut!(result).cast::<libc::c_void>(),
);
}
result
rustix::process::ksu_get_version()
}
#[cfg(not(any(target_os = "linux", target_os = "android")))]
pub fn get_version() -> i32 {
0
}
#[cfg(any(target_os = "linux", target_os = "android"))]
fn report_event(event: u64) {
#[cfg(any(target_os = "linux", target_os = "android"))]
unsafe {
#[allow(clippy::cast_possible_wrap)]
libc::prctl(
KERNEL_SU_OPTION as i32, // supposed to overflow
CMD_REPORT_EVENT,
event,
);
}
rustix::process::ksu_report_event(event)
}
#[cfg(not(any(target_os = "linux", target_os = "android")))]
fn report_event(_event: u64) {}
#[cfg(any(target_os = "linux", target_os = "android"))]
pub fn check_kernel_safemode() -> bool {
let mut result: i32 = 0;
#[cfg(any(target_os = "linux", target_os = "android"))]
unsafe {
#[allow(clippy::cast_possible_wrap)]
libc::prctl(
KERNEL_SU_OPTION as i32, // supposed to overflow
CMD_CHECK_SAFEMODE,
0,
0,
std::ptr::addr_of_mut!(result).cast::<libc::c_void>(),
);
}
result == KERNEL_SU_OPTION as i32
rustix::process::ksu_check_kernel_safemode()
}
#[cfg(not(any(target_os = "linux", target_os = "android")))]
pub fn check_kernel_safemode() -> bool {
false
}
pub fn report_post_fs_data() {

15
userspace/ksud/src/sepolicy.rs
View File

@@ -696,20 +696,7 @@ fn apply_one_rule<'a>(statement: &'a PolicyStatement<'a>, strict: bool) -> Resul
let policies: Vec<AtomicStatement> = statement.try_into()?;
for policy in policies {
let mut result: u32 = 0;
let cpolicy = FfiPolicy::from(policy);
unsafe {
#[allow(clippy::cast_possible_wrap)]
libc::prctl(
crate::ksu::KERNEL_SU_OPTION as i32, // supposed to overflow
crate::ksu::CMD_SET_SEPOLICY,
0,
std::ptr::addr_of!(cpolicy).cast::<libc::c_void>(),
std::ptr::addr_of_mut!(result).cast::<libc::c_void>(),
);
}
if result != crate::ksu::KERNEL_SU_OPTION {
if !rustix::process::ksu_set_policy(&FfiPolicy::from(policy)) {
log::warn!("apply rule: {:?} failed.", statement);
if strict {
return Err(anyhow::anyhow!("apply rule {:?} failed.", statement));