Mirrors/Magisk
1
0
Fork 0
mirror of https://github.com/topjohnwu/Magisk.git synced 2025-06-13 13:47:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

Harden socket verification

Browse Source 
- Do not allow connections to magiskd from binaries other than the one started the server
- Do not allow connections to magisklogd without root access
This commit is contained in:
topjohnwu
2019-02-09 15:02:46 -05:00
parent 9826640ae6
commit b3242322fd
4 changed files with 34 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
native/jni/core/daemon.cpp
View File

@ -23,21 +23,30 @@
#include "flags.h"
int SDK_INT = -1;
struct stat SERVER_STAT;
static void get_client_cred(int fd, struct ucred *cred) {
socklen_t ucred_length = sizeof(*cred);
if(getsockopt(fd, SOL_SOCKET, SO_PEERCRED, cred, &ucred_length))
PLOGE("getsockopt");
static void verify_client(int client, pid_t pid) {
// Verify caller is the same as server
char path[32];
sprintf(path, "/proc/%d/exe", pid);
struct stat st{};
stat(path, &st);
if (st.st_dev != SERVER_STAT.st_dev || st.st_ino != SERVER_STAT.st_ino) {
close(client);
pthread_exit(nullptr);
}
}
static void *request_handler(void *args) {
int client = *((int *) args);
delete (int *) args;
int req = read_int(client);
struct ucred credential;
get_client_cred(client, &credential);
if (credential.uid != 0)
verify_client(client, credential.pid);
int req = read_int(client);
switch (req) {
case MAGISKHIDE:
case POST_FS_DATA:
@ -103,6 +112,11 @@ static void main_daemon() {
xdup2(fd, STDIN_FILENO);
close(fd);
LOGI("Magisk v" xstr(MAGISK_VERSION) "(" xstr(MAGISK_VER_CODE) ") daemon started\n");
// Get server stat
stat("/proc/self/exe", &SERVER_STAT);
// Get API level
parse_prop_file("/system/build.prop", [](auto key, auto val) -> bool {
if (strcmp(key, "ro.build.version.sdk") == 0) {
@ -119,7 +133,6 @@ static void main_daemon() {
if (xbind(fd, (struct sockaddr*) &sun, len))
exit(1);
xlisten(fd, 10);
LOGI("Magisk v" xstr(MAGISK_VERSION) "(" xstr(MAGISK_VER_CODE) ") daemon started\n");
// Change process name
strcpy(argv0, "magiskd");
@ -138,7 +151,7 @@ static void main_daemon() {
sigaction(SIGPIPE, &act, nullptr);
// Loop forever to listen for requests
while(1) {
while(true) {
int *client = new int;
*client = xaccept4(fd, nullptr, nullptr, SOCK_CLOEXEC);
pthread_t thread;