Detect permissive selinux (#45)
This commit is contained in:
LoveSy
GitHub
parent
2b3dcef993
commit
97ddb596d3
|
|
@ -128,12 +128,13 @@ namespace lspd {
|
|||
resources_hook_enabled_(path_exists(GetConfigPath("enable_resources"))),
|
||||
modules_list_(GetModuleList()),
|
||||
last_write_time_(GetLastWriteTime()),
|
||||
variant_(GetVariant(GetMiscPath() / "variant")) {
|
||||
// use_white_list snapshot
|
||||
variant_(ReadInt(GetVariantPath())),
|
||||
selinux_permissive_(ReadInt(GetSelinuxStatusPath()) != 1) {
|
||||
LOGI("base config path: %s", base_config_path_.c_str());
|
||||
LOGI(" using installer package name: %s", installer_pkg_name_.c_str());
|
||||
LOGI(" no module log: %s", BoolToString(no_module_log_enabled_));
|
||||
LOGI(" resources hook: %s", BoolToString(resources_hook_enabled_));
|
||||
LOGI(" selinux permissive: %s", BoolToString(selinux_permissive_));
|
||||
LOGI(" module list: \n %s", ([this]() {
|
||||
std::ostringstream join;
|
||||
std::vector<std::string> module_list;
|
||||
|
|
@ -146,14 +147,17 @@ namespace lspd {
|
|||
})().c_str());
|
||||
}
|
||||
|
||||
int ConfigManager::GetVariant(const fs::path &dir) {
|
||||
int ConfigManager::ReadInt(const fs::path &dir) {
|
||||
if (!path_exists(dir)) {
|
||||
return 0;
|
||||
}
|
||||
std::ifstream ifs(dir);
|
||||
if (!ifs.good()) {
|
||||
return 0;
|
||||
}
|
||||
int variant;
|
||||
ifs >> variant;
|
||||
return variant;
|
||||
int result;
|
||||
ifs >> result;
|
||||
return result;
|
||||
}
|
||||
|
||||
auto ConfigManager::GetModuleList() -> std::remove_const_t<decltype(modules_list_)> {
|
||||
|
|
@ -271,13 +275,15 @@ namespace lspd {
|
|||
if (!path_exists<true>(log_path)) {
|
||||
fs::create_directories(log_path);
|
||||
}
|
||||
recursive_permissions(conf_path, fs::perms::owner_all | fs::perms::group_all | fs::perms::set_gid);
|
||||
recursive_permissions(log_path, fs::perms::owner_all | fs::perms::group_all | fs::perms::set_gid);
|
||||
recursive_permissions(conf_path, fs::perms::owner_all | fs::perms::group_all |
|
||||
fs::perms::set_gid);
|
||||
recursive_permissions(log_path, fs::perms::owner_all | fs::perms::group_all |
|
||||
fs::perms::set_gid);
|
||||
if (pkg_name == "android") uid = -1;
|
||||
path_chown(conf_path, uid, 1000u, true);
|
||||
path_chown(log_path, uid, 1000u, true);
|
||||
if (current_user_ == 0) {
|
||||
auto variant = GetMiscPath() / "variant";
|
||||
auto variant = GetVariantPath();
|
||||
fs::permissions(variant, fs::perms::owner_all | fs::perms::group_all);
|
||||
path_chown(variant, uid, 1000u);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -77,6 +77,14 @@ namespace lspd {
|
|||
return base_config_path_ / "prefs" / pkg_name;
|
||||
}
|
||||
|
||||
inline static auto GetVariantPath() {
|
||||
return misc_path_ / "variant";
|
||||
}
|
||||
|
||||
inline static std::filesystem::path GetSelinuxStatusPath() {
|
||||
return "/sys/fs/selinux/enforce";
|
||||
}
|
||||
|
||||
std::vector<std::string> GetAppModuleList(const std::string &pkg_name) const;
|
||||
|
||||
bool NeedUpdateConfig() const {
|
||||
|
|
@ -91,6 +99,10 @@ namespace lspd {
|
|||
return pkg_name == installer_pkg_name_ || pkg_name == kPrimaryInstallerPkgName;
|
||||
}
|
||||
|
||||
bool IsPermissive() const {
|
||||
return selinux_permissive_;
|
||||
}
|
||||
|
||||
|
||||
private:
|
||||
inline static std::unordered_map<uid_t, std::unique_ptr<ConfigManager>> instances_{};
|
||||
|
|
@ -106,6 +118,7 @@ namespace lspd {
|
|||
const std::filesystem::path installer_pkg_name_;
|
||||
const bool no_module_log_enabled_ = false;
|
||||
const bool resources_hook_enabled_ = false;
|
||||
const bool selinux_permissive_ = false;
|
||||
|
||||
const std::unordered_map<std::string, std::pair<std::string, std::unordered_set<std::string>>> modules_list_;
|
||||
|
||||
|
|
@ -131,7 +144,7 @@ namespace lspd {
|
|||
|
||||
std::filesystem::path RetrieveBaseConfigPath() const;
|
||||
|
||||
static int GetVariant(const std::filesystem::path &dir);
|
||||
static int ReadInt(const std::filesystem::path &dir);
|
||||
};
|
||||
|
||||
} // namespace lspd
|
||||
|
|
|
|||
|
|
@ -64,6 +64,10 @@ namespace lspd {
|
|||
return env->NewStringUTF(list.c_str());
|
||||
}
|
||||
|
||||
LSP_DEF_NATIVE_METHOD(jboolean, ConfigManager, isPermissive) {
|
||||
return ConfigManager::GetInstance()->IsPermissive();
|
||||
}
|
||||
|
||||
static JNINativeMethod gMethods[] = {
|
||||
LSP_NATIVE_METHOD(ConfigManager, isResourcesHookEnabled, "()Z"),
|
||||
LSP_NATIVE_METHOD(ConfigManager, isNoModuleLogEnabled, "()Z"),
|
||||
|
|
@ -75,6 +79,7 @@ namespace lspd {
|
|||
"(Ljava/lang/String;)Ljava/lang/String;"),
|
||||
LSP_NATIVE_METHOD(ConfigManager, getBaseConfigPath, "()Ljava/lang/String;"),
|
||||
LSP_NATIVE_METHOD(ConfigManager, getModulesList, "()Ljava/lang/String;"),
|
||||
LSP_NATIVE_METHOD(ConfigManager, isPermissive, "()Z"),
|
||||
};
|
||||
|
||||
void RegisterConfigManagerMethods(JNIEnv *env) {
|
||||
|
|
|
|||
|
|
@ -68,6 +68,12 @@ public class XposedInstallerHooker {
|
|||
return ConfigManager.getBaseConfigPath() + "/";
|
||||
}
|
||||
});
|
||||
XposedHelpers.findAndHookMethod(ConstantsClass, "isPermissive", new XC_MethodReplacement() {
|
||||
@Override
|
||||
protected Object replaceHookedMethod(MethodHookParam param) {
|
||||
return ConfigManager.isPermissive();
|
||||
}
|
||||
});
|
||||
Utils.logI("Hooked LSPosed Manager");
|
||||
} catch (Throwable t) {
|
||||
Utils.logW("Could not hook LSPosed Manager", t);
|
||||
|
|
|
|||
|
|
@ -21,4 +21,6 @@ public class ConfigManager {
|
|||
public static native String getDataPathPrefix();
|
||||
|
||||
public static native String getModulesList();
|
||||
|
||||
public static native boolean isPermissive();
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue