android/SukiSU-Ultra
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

kernel: make su without any capabilities possible

Browse Source
This commit is contained in:
weishu
2023-10-21 20:32:28 +08:00
parent d4e19bb8fc
commit 75b5fdfb9d
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
kernel/core_hook.c
View File

@@ -123,8 +123,11 @@ void escape_to_root(void)
BUILD_BUG_ON(sizeof(profile->capabilities.effective) != BUILD_BUG_ON(sizeof(profile->capabilities.effective) !=
sizeof(kernel_cap_t)); sizeof(kernel_cap_t));
// capabilities // setup capabilities
memcpy(&cred->cap_effective, &profile->capabilities.effective, // we need CAP_DAC_READ_SEARCH becuase `/data/adb/ksud` is not accessible for non root process
// we add it here but don't add it to cap_inhertiable, it would be dropped automaticly after exec!
u64 cap_for_ksud = profile->capabilities.effective | CAP_DAC_READ_SEARCH;
memcpy(&cred->cap_effective, &cap_for_ksud,
sizeof(cred->cap_effective)); sizeof(cred->cap_effective));
memcpy(&cred->cap_inheritable, &profile->capabilities.effective, memcpy(&cred->cap_inheritable, &profile->capabilities.effective,
sizeof(cred->cap_inheritable)); sizeof(cred->cap_inheritable));