brianhansonxyz/vpnhotspotmod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Run root server in unrestricted SELinux context on Android 10+

Browse Source 
Related bug: https://github.com/Chainfire/librootjava/issues/21
This commit is contained in:
Mygod
2020-08-07 09:37:05 +08:00
parent 6305989cf7
commit 4e9561fc86
1 changed files with 45 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
mobile/src/main/java/be/mygod/librootkotlinx/RootServer.kt
View File

@@ -141,10 +141,8 @@ class RootServer @JvmOverloads constructor(private val warnLogger: (String) -> U
warnLogger(line) warnLogger(line)
} }
} }
@Suppress("BlockingMethodInNonBlockingContext") private fun doInit(context: Context, niceName: String) {
private suspend fun doInit(context: Context, niceName: String) { val (reader, writer) = try {
val init = GlobalScope.async {
try {
process = ProcessBuilder("su").start() process = ProcessBuilder("su").start()
val token1 = UUID.randomUUID().toString() val token1 = UUID.randomUUID().toString()
val writer = DataOutputStream(process.outputStream.buffered()) val writer = DataOutputStream(process.outputStream.buffered())
@@ -157,28 +155,44 @@ class RootServer @JvmOverloads constructor(private val warnLogger: (String) -> U
} catch (e: Exception) { } catch (e: Exception) {
throw NoShellException(e) throw NoShellException(e)
} }
}
val token2 = UUID.randomUUID().toString() val token2 = UUID.randomUUID().toString()
val appProcess = AppProcess.getAppProcess()
val (relocated, setup) = if (Build.VERSION.SDK_INT < 29) {
val persistence = File(context.codeCacheDir, ".librootkotlinx-uuid") val persistence = File(context.codeCacheDir, ".librootkotlinx-uuid")
val uuid = if (persistence.canRead()) persistence.readText() else UUID.randomUUID().toString().also { val uuid = context.packageName + '@' + if (persistence.canRead()) persistence.readText() else {
persistence.writeText(it) UUID.randomUUID().toString().also { persistence.writeText(it) }
} }
// workaround Samsung's stupid kernel patch: https://github.com/Chainfire/librootjava/issues/19 // to workaround Samsung's stupid kernel patch, we need to relocate outside of /data: https://github.com/Chainfire/librootjava/issues/19
val path = "/dev/app_process_$uuid" val (baseDir, relocated) = if (Build.VERSION.SDK_INT < 29) "/dev" to "/dev/app_process_$uuid" else {
path to "[ -f $path ] || cp $appProcess $path && chmod 700 $path && " val apexPath = "/apex/$uuid"
} else appProcess to "" writer.writeBytes("[ -d $apexPath ] || " +
val launchString = setup + RootJava.getLaunchString( "mkdir $apexPath && " +
// we need to mount a new tmpfs to override noexec flag
"mount -t tmpfs -o size=1M tmpfs $apexPath || exit 1\n")
// unfortunately native ld.config.txt only recognizes /data,/system,/system_ext as system directories;
// to link correctly, we need to add our path to the linker config too
val ldConfig = "$apexPath/etc/ld.config.txt"
val masterLdConfig = if (Build.VERSION.SDK_INT == 29) {
"/system/etc/ld.config.29.txt"
} else "/linkerconfig/ld.config.txt"
writer.writeBytes("[ -f $ldConfig ] || " +
"mkdir -p $apexPath/etc && " +
"echo dir.system = $apexPath >$ldConfig && " +
"cat $masterLdConfig >>$ldConfig || exit 1\n")
"$apexPath/bin" to "$apexPath/bin/app_process"
}
writer.writeBytes("[ -f $relocated ] || " +
"mkdir -p $baseDir && " +
"cp /proc/${android.os.Process.myPid()}/exe $relocated && " +
"chmod 700 $relocated || exit 1\n")
writer.writeBytes(RootJava.getLaunchString(
context.packageCodePath + " exec", // hack: plugging in exec context.packageCodePath + " exec", // hack: plugging in exec
RootServer::class.java.name, relocated, AppProcess.guessIfAppProcessIs64Bits(appProcess), RootServer::class.java.name, relocated,
AppProcess.guessIfAppProcessIs64Bits(File("/proc/self/exe").canonicalPath),
arrayOf("$token2\n"), niceName).let { result -> arrayOf("$token2\n"), niceName).let { result ->
if (Build.VERSION.SDK_INT < 24) result if (Build.VERSION.SDK_INT < 24) result
// undo the patch on newer APIs to let linker do the work // undo the patch on newer APIs to let linker do the work
else result.replaceFirst(" LD_LIBRARY_PATH=", " __SUPPRESSED_LD_LIBRARY_PATH=") else result.replaceFirst(" LD_LIBRARY_PATH=", " __SUPPRESSED_LD_LIBRARY_PATH=")
} })
val (reader, writer) = init.await()
writer.writeBytes(launchString)
writer.flush() writer.flush()
reader.lookForToken(token2) // wait for ready signal reader.lookForToken(token2) // wait for ready signal
output = writer output = writer