Android-x86
Fork
Faire un don

  • R/O
  • HTTP
  • SSH
  • HTTPS

system-extras: Commit

system/extras


Commit MetaInfo

Révision1ea6c03c1e65a9d4e275354d50100dc959b19438 (tree)
l'heure2012-07-07 15:48:13
AuteurChih-Wei Huang <cwhuang@linu...>
CommiterChih-Wei Huang

Message de Log

su: update CyanogenMod's latest version

Update to commit 5369a56c0e1ddd4d080b0d90db47921d0eded862 but
disable static executable since we don't have libsqlite.a.

Change Summary

Modification

--- a/su/Android.mk
+++ b/su/Android.mk
@@ -2,9 +2,10 @@ LOCAL_PATH := $(call my-dir)
22 include $(CLEAR_VARS)
33
44 LOCAL_SRC_FILES := \
5- activity.cpp \
5+ activity.c \
66 db.c \
77 su.c\
8+ utils.c \
89
910 LOCAL_MODULE := su
1011
@@ -13,9 +14,6 @@ LOCAL_C_INCLUDES += external/sqlite/dist
1314 LOCAL_SHARED_LIBRARIES := \
1415 liblog \
1516 libsqlite \
16- libcutils \
17- libbinder \
18- libutils \
1917
2018 LOCAL_MODULE_PATH := $(TARGET_OUT_OPTIONAL_EXECUTABLES)
2119 LOCAL_MODULE_TAGS := optional
--- /dev/null
+++ b/su/activity.c
@@ -0,0 +1,79 @@
1+/*
2+** Copyright 2010, Adam Shanks (@ChainsDD)
3+** Copyright 2008, Zinx Verituse (@zinxv)
4+**
5+** Licensed under the Apache License, Version 2.0 (the "License");
6+** you may not use this file except in compliance with the License.
7+** You may obtain a copy of the License at
8+**
9+** http://www.apache.org/licenses/LICENSE-2.0
10+**
11+** Unless required by applicable law or agreed to in writing, software
12+** distributed under the License is distributed on an "AS IS" BASIS,
13+** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14+** See the License for the specific language governing permissions and
15+** limitations under the License.
16+*/
17+
18+#include <unistd.h>
19+
20+#include "su.h"
21+#include "utils.h"
22+
23+int send_intent(struct su_initiator *from, struct su_request *to, const char *socket_path, int allow, int type)
24+{
25+ char command[PATH_MAX];
26+ char action[PATH_MAX];
27+ if (type == 0) {
28+ strcpy(action, "com.noshufou.android.su.REQUEST");
29+ } else {
30+ strcpy(action, "com.noshufou.android.su.RESULT");
31+ }
32+ sprintf(command, "/system/bin/am broadcast -a '%s' --es socket '%s' --ei caller_uid '%d' --es caller_bin '%s' --ei desired_uid '%d' --es desired_cmd '%s' --ei allow '%d' --ei version_code '%d' > /dev/null", action, socket_path, from->uid, from->bin, to->uid, to->command, allow, VERSION_CODE);
33+ // before sending the intent, make sure the (uid and euid) and (gid and egid) match,
34+ // otherwise LD_LIBRARY_PATH is wiped in Android 4.0+.
35+ // Also, sanitize all secure environment variables (from linker_environ.c in linker).
36+
37+ /* The same list than GLibc at this point */
38+ static const char* const unsec_vars[] = {
39+ "GCONV_PATH",
40+ "GETCONF_DIR",
41+ "HOSTALIASES",
42+ "LD_AUDIT",
43+ "LD_DEBUG",
44+ "LD_DEBUG_OUTPUT",
45+ "LD_DYNAMIC_WEAK",
46+ "LD_LIBRARY_PATH",
47+ "LD_ORIGIN_PATH",
48+ "LD_PRELOAD",
49+ "LD_PROFILE",
50+ "LD_SHOW_AUXV",
51+ "LD_USE_LOAD_BIAS",
52+ "LOCALDOMAIN",
53+ "LOCPATH",
54+ "MALLOC_TRACE",
55+ "MALLOC_CHECK_",
56+ "NIS_PATH",
57+ "NLSPATH",
58+ "RESOLV_HOST_CONF",
59+ "RES_OPTIONS",
60+ "TMPDIR",
61+ "TZDIR",
62+ "LD_AOUT_LIBRARY_PATH",
63+ "LD_AOUT_PRELOAD",
64+ // not listed in linker, used due to system() call
65+ "IFS",
66+ };
67+ const char* const* cp = unsec_vars;
68+ const char* const* endp = cp + sizeof(unsec_vars)/sizeof(unsec_vars[0]);
69+ while (cp < endp) {
70+ unsetenv(*cp);
71+ cp++;
72+ }
73+
74+ // sane value so "am" works
75+ setenv("LD_LIBRARY_PATH", "/vendor/lib:/system/lib", 1);
76+ setresgid(0, 0, 0);
77+ setresuid(0, 0, 0);
78+ return system(command);
79+}
--- a/su/activity.cpp
+++ /dev/null
@@ -1,149 +0,0 @@
1-/*
2-** Copyright 2010, Adam Shanks (@ChainsDD)
3-** Copyright 2008, Zinx Verituse (@zinxv)
4-**
5-** Licensed under the Apache License, Version 2.0 (the "License");
6-** you may not use this file except in compliance with the License.
7-** You may obtain a copy of the License at
8-**
9-** http://www.apache.org/licenses/LICENSE-2.0
10-**
11-** Unless required by applicable law or agreed to in writing, software
12-** distributed under the License is distributed on an "AS IS" BASIS,
13-** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14-** See the License for the specific language governing permissions and
15-** limitations under the License.
16-*/
17-
18-#include <unistd.h>
19-#include <android_runtime/ActivityManager.h>
20-#include <binder/IBinder.h>
21-#include <binder/IServiceManager.h>
22-#include <binder/Parcel.h>
23-#include <utils/String8.h>
24-#include <assert.h>
25-
26-extern "C" {
27-#include "su.h"
28-#include <private/android_filesystem_config.h>
29-#include <cutils/properties.h>
30-}
31-
32-using namespace android;
33-
34-static const int BROADCAST_INTENT_TRANSACTION = IBinder::FIRST_CALL_TRANSACTION + 13;
35-
36-static const int NULL_TYPE_ID = 0;
37-
38-static const int VAL_STRING = 0;
39-static const int VAL_INTEGER = 1;
40-
41-static const int START_SUCCESS = 0;
42-
43-int send_intent(struct su_initiator *from, struct su_request *to, const char *socket_path, int allow, int type)
44-{
45- char sdk_version_prop[PROPERTY_VALUE_MAX] = "0";
46- property_get("ro.build.version.sdk", sdk_version_prop, "0");
47-
48- int sdk_version = atoi(sdk_version_prop);
49-
50- sp<IServiceManager> sm = defaultServiceManager();
51- sp<IBinder> am = sm->checkService(String16("activity"));
52- assert(am != NULL);
53-
54- Parcel data, reply;
55- data.writeInterfaceToken(String16("android.app.IActivityManager"));
56-
57- data.writeStrongBinder(NULL); /* caller */
58-
59- /* intent */
60- if (type == 0) {
61- data.writeString16(String16("com.noshufou.android.su.REQUEST")); /* action */
62- } else {
63- data.writeString16(String16("com.noshufou.android.su.RESULT")); /* action */
64- }
65- data.writeInt32(NULL_TYPE_ID); /* Uri - data */
66- data.writeString16(NULL, 0); /* type */
67- data.writeInt32(0); /* flags */
68- if (sdk_version >= 4) {
69- // added in donut
70- data.writeString16(NULL, 0); /* package name - DONUT ONLY, NOT IN CUPCAKE. */
71- }
72- data.writeString16(NULL, 0); /* ComponentName - package */
73- data.writeInt32(0); /* Categories - size */
74- if (sdk_version >= 7) {
75- // added in eclair rev 7
76- data.writeInt32(0);
77- }
78- if (sdk_version >= 15) {
79- // added in IceCreamSandwich 4.0.3
80- data.writeInt32(0); /* Selector */
81- }
82- { /* Extras */
83- data.writeInt32(-1); /* dummy, will hold length */
84- int oldPos = data.dataPosition();
85- data.writeInt32(0x4C444E42); // 'B' 'N' 'D' 'L'
86- { /* writeMapInternal */
87- data.writeInt32(7); /* writeMapInternal - size */
88-
89- data.writeInt32(VAL_STRING);
90- data.writeString16(String16("caller_uid"));
91- data.writeInt32(VAL_INTEGER);
92- data.writeInt32(from->uid);
93-
94- data.writeInt32(VAL_STRING);
95- data.writeString16(String16("caller_bin"));
96- data.writeInt32(VAL_STRING);
97- data.writeString16(String16(from->bin));
98-
99- data.writeInt32(VAL_STRING);
100- data.writeString16(String16("desired_uid"));
101- data.writeInt32(VAL_INTEGER);
102- data.writeInt32(to->uid);
103-
104- data.writeInt32(VAL_STRING);
105- data.writeString16(String16("desired_cmd"));
106- data.writeInt32(VAL_STRING);
107- data.writeString16(String16(to->command));
108-
109- data.writeInt32(VAL_STRING);
110- data.writeString16(String16("socket"));
111- data.writeInt32(VAL_STRING);
112- data.writeString16(String16(socket_path));
113-
114- data.writeInt32(VAL_STRING);
115- data.writeString16(String16("allow"));
116- data.writeInt32(VAL_INTEGER);
117- data.writeInt32(allow);
118-
119- data.writeInt32(VAL_STRING);
120- data.writeString16(String16("version_code"));
121- data.writeInt32(VAL_INTEGER);
122- data.writeInt32(VERSION_CODE);
123- }
124- int newPos = data.dataPosition();
125- data.setDataPosition(oldPos - 4);
126- data.writeInt32(newPos - oldPos); /* length */
127- data.setDataPosition(newPos);
128- }
129-
130- data.writeString16(NULL, 0); /* resolvedType */
131-
132- data.writeInt32(-1); /* Not sure what this is for, but it prevents a warning */
133-
134- data.writeStrongBinder(NULL); /* resultTo */
135- data.writeInt32(-1); /* resultCode */
136- data.writeString16(NULL, 0); /* resultData */
137-
138- data.writeInt32(-1); /* resultExtras */
139-
140- data.writeString16(String16("com.noshufou.android.su.RESPOND")); /* perm */
141- data.writeInt32(0); /* serialized */
142- data.writeInt32(0); /* sticky */
143- data.writeInt32(-1);
144-
145- status_t ret = am->transact(BROADCAST_INTENT_TRANSACTION, data, &reply);
146- if (ret < START_SUCCESS) return -1;
147-
148- return 0;
149-}
--- a/su/su.c
+++ b/su/su.c
@@ -38,9 +38,11 @@
3838
3939 #include <private/android_filesystem_config.h>
4040 #include <cutils/log.h>
41+#include <cutils/properties.h>
4142
4243 #include <sqlite3.h>
4344
45+#include "utils.h"
4446 #include "su.h"
4547
4648 //extern char* _mktemp(char*); /* mktemp doesn't link right. Don't ask me why. */
@@ -294,9 +296,13 @@ int main(int argc, char *argv[])
294296 {
295297 struct stat st;
296298 static int socket_serv_fd = -1;
297- char buf[64], shell[PATH_MAX], *result;
298- int i, dballow;
299+ char buf[64], shell[PATH_MAX], *result, debuggable[PROPERTY_VALUE_MAX];
300+ char enabled[PROPERTY_VALUE_MAX], build_type[PROPERTY_VALUE_MAX];
301+ char cm_version[PROPERTY_VALUE_MAX];
302+ int i, dballow, len;
299303 mode_t orig_umask;
304+ char *data;
305+ unsigned sz;
300306
301307 for (i = 1; i < argc; i++) {
302308 if (!strcmp(argv[i], "-c") || !strcmp(argv[i], "--command")) {
@@ -345,8 +351,52 @@ int main(int argc, char *argv[])
345351 deny();
346352 }
347353
354+ // we can't simply use the property service, since we aren't launched from init and
355+ // can't trust the location of the property workspace. find the properties ourselves.
356+ data = read_file("/default.prop", &sz);
357+ get_property(data, debuggable, "ro.debuggable", "0");
358+ free(data);
359+
360+ data = read_file("/system/build.prop", &sz);
361+ get_property(data, cm_version, "ro.cm.version", "");
362+ get_property(data, build_type, "ro.build.type", "");
363+ free(data);
364+
365+ data = read_file("/data/property/persist.sys.root_access", &sz);
366+ if (data != NULL) {
367+ len = strlen(data);
368+ if (len >= PROPERTY_VALUE_MAX)
369+ memcpy(enabled, "1", 2);
370+ else
371+ memcpy(enabled, data, len + 1);
372+ free(data);
373+ } else
374+ memcpy(enabled, "1", 2);
375+
348376 orig_umask = umask(027);
349377
378+ // CyanogenMod-specific behavior
379+ if (strlen(cm_version) > 0) {
380+ // only allow su on debuggable builds
381+ if (strcmp("1", debuggable) != 0) {
382+ LOGE("Root access is disabled on non-debug builds");
383+ deny();
384+ }
385+
386+ // enforce persist.sys.root_access on non-eng builds
387+ if (strcmp("eng", build_type) != 0 &&
388+ (atoi(enabled) & 1) != 1 ) {
389+ LOGE("Root access is disabled by system setting - enable it under settings -> developer options");
390+ deny();
391+ }
392+
393+ // disallow su in a shell if appropriate
394+ if (su_from.uid == AID_SHELL && (atoi(enabled) == 1)) {
395+ LOGE("Root access is disabled by a system setting - enable it under settings -> developer options");
396+ deny();
397+ }
398+ }
399+
350400 if (su_from.uid == AID_ROOT || su_from.uid == AID_SHELL)
351401 allow(shell, orig_umask);
352402
--- /dev/null
+++ b/su/utils.c
@@ -0,0 +1,104 @@
1+/*
2+** Copyright 2012, The CyanogenMod Project
3+**
4+** Licensed under the Apache License, Version 2.0 (the "License");
5+** you may not use this file except in compliance with the License.
6+** You may obtain a copy of the License at
7+**
8+** http://www.apache.org/licenses/LICENSE-2.0
9+**
10+** Unless required by applicable law or agreed to in writing, software
11+** distributed under the License is distributed on an "AS IS" BASIS,
12+** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+** See the License for the specific language governing permissions and
14+** limitations under the License.
15+*/
16+
17+#include <unistd.h>
18+#include <limits.h>
19+#include <fcntl.h>
20+#include <errno.h>
21+#include <endian.h>
22+#include <ctype.h>
23+
24+#include <stdio.h>
25+#include <stdlib.h>
26+#include <string.h>
27+#include <cutils/properties.h>
28+
29+/* reads a file, making sure it is terminated with \n \0 */
30+char* read_file(const char *fn, unsigned *_sz)
31+{
32+ char *data;
33+ int sz;
34+ int fd;
35+
36+ data = 0;
37+ fd = open(fn, O_RDONLY);
38+ if(fd < 0) return 0;
39+
40+ sz = lseek(fd, 0, SEEK_END);
41+ if(sz < 0) goto oops;
42+
43+ if(lseek(fd, 0, SEEK_SET) != 0) goto oops;
44+
45+ data = (char*) malloc(sz + 2);
46+ if(data == 0) goto oops;
47+
48+ if(read(fd, data, sz) != sz) goto oops;
49+ close(fd);
50+ data[sz] = '\n';
51+ data[sz+1] = 0;
52+ if(_sz) *_sz = sz;
53+ return data;
54+
55+oops:
56+ close(fd);
57+ if(data != 0) free(data);
58+ return 0;
59+}
60+
61+int get_property(const char *data, char *found, const char *searchkey, const char *not_found)
62+{
63+ char *key, *value, *eol, *sol, *tmp;
64+ if (data == NULL) goto defval;
65+ int matched = 0;
66+ sol = strdup(data);
67+ while((eol = strchr(sol, '\n'))) {
68+ key = sol;
69+ *eol++ = 0;
70+ sol = eol;
71+
72+ value = strchr(key, '=');
73+ if(value == 0) continue;
74+ *value++ = 0;
75+
76+ while(isspace(*key)) key++;
77+ if(*key == '#') continue;
78+ tmp = value - 2;
79+ while((tmp > key) && isspace(*tmp)) *tmp-- = 0;
80+
81+ while(isspace(*value)) value++;
82+ tmp = eol - 2;
83+ while((tmp > value) && isspace(*tmp)) *tmp-- = 0;
84+
85+ if (strncmp(searchkey, key, strlen(searchkey)) == 0) {
86+ matched = 1;
87+ break;
88+ }
89+ }
90+ int len;
91+ if (matched) {
92+ len = strlen(value);
93+ if (len >= PROPERTY_VALUE_MAX)
94+ return -1;
95+ memcpy(found, value, len + 1);
96+ } else goto defval;
97+ return len;
98+
99+defval:
100+ len = strlen(not_found);
101+ memcpy(found, not_found, len + 1);
102+ return len;
103+}
104+
--- /dev/null
+++ b/su/utils.h
@@ -0,0 +1,24 @@
1+/*
2+** Copyright 2012, The CyanogenMod Project
3+**
4+** Licensed under the Apache License, Version 2.0 (the "License");
5+** you may not use this file except in compliance with the License.
6+** You may obtain a copy of the License at
7+**
8+** http://www.apache.org/licenses/LICENSE-2.0
9+**
10+** Unless required by applicable law or agreed to in writing, software
11+** distributed under the License is distributed on an "AS IS" BASIS,
12+** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+** See the License for the specific language governing permissions and
14+** limitations under the License.
15+*/
16+
17+#ifndef _UTILS_H_
18+#define _UTILS_H_
19+
20+/* reads a file, making sure it is terminated with \n \0 */
21+char* read_file(const char *fn, unsigned *_sz);
22+
23+int get_property(const char *data, char *found, const char *searchkey, const char *not_found);
24+#endif
Afficher sur ancien navigateur de dépôt.