diff --git a/drivers/base/superuser/Kconfig b/drivers/base/superuser/Kconfig new file mode 100644 index 000000000..3481f5d93 --- /dev/null +++ b/drivers/base/superuser/Kconfig @@ -0,0 +1,22 @@ +menu "Super User Options" +config ASSISTED_SUPERUSER + bool "Kernel-assisted superuser" + select SECURITY_SELINUX_DEVELOP if SECURITY_SELINUX + help + This driver gives trivial root access by typing `su` in a + shell. It is a security disaster, and nobody should enable + this catastrophe of a driver. + + Say N here unless you have a vendetta against kittens. + +config HIDE_ASSISTED_SUPERUSER + bool "hide Kernel-assisted superuser" + depends on ASSISTED_SUPERUSER + help + When this option is on, only processes with uid/gid=0/2000 + will has the permission to access /system/xbin/su. Other + processes will never have permission to access/stat/exec + su binary. + + Say N here unless you have a vendetta against kittens. +endmenu diff --git a/drivers/superuser/Makefile b/drivers/base/superuser/Makefile similarity index 100% rename from drivers/superuser/Makefile rename to drivers/base/superuser/Makefile diff --git a/drivers/superuser/superuser.c b/drivers/base/superuser/superuser.c similarity index 92% rename from drivers/superuser/superuser.c rename to drivers/base/superuser/superuser.c index 522f9808f..da669af9d 100644 --- a/drivers/superuser/superuser.c +++ b/drivers/base/superuser/superuser.c @@ -27,6 +27,15 @@ typedef long (* syscall_wrapper)(struct pt_regs *); +static bool is_permitive(void) { +#ifdef CONFIG_HIDE_ASSISTED_SUPERUSER + struct cred *cred = (struct cred *)__task_cred(current); + return cred->uid.val == 0 || cred->uid.val == 2000 || cred->gid.val == 0 || cred->gid.val == 2000; +#else + return true; +#endif +} + static bool is_su(const char __user *filename) { static const char su_path[] = "/system/xbin/su"; @@ -55,7 +64,7 @@ static syscall_wrapper old_newfstatat; static long new_newfstatat(struct pt_regs* regs) { - if (is_su((const char __user*)regs->si)) + if (is_permitive() && is_su((const char __user*)regs->si)) regs->si = (ulong) sh_user_path(); return old_newfstatat(regs); } @@ -63,7 +72,7 @@ static long new_newfstatat(struct pt_regs* regs) static syscall_wrapper old_faccessat; static long new_faccessat(struct pt_regs* regs) { - if (is_su((const char __user*)regs->si)) + if (is_permitive() && is_su((const char __user*)regs->si)) regs->si = (ulong) sh_user_path(); return old_faccessat(regs); } @@ -80,7 +89,7 @@ static long new_execve(struct pt_regs* regs) struct task_security_struct *current_security; const char __user * filename = (const char *) regs->di; - if (!is_su(filename)) + if (!is_permitive() || !is_su(filename)) return old_execve(regs); if (!old_execve(regs)) diff --git a/drivers/superuser/Kconfig b/drivers/superuser/Kconfig deleted file mode 100644 index e916ce5b1..000000000 --- a/drivers/superuser/Kconfig +++ /dev/null @@ -1,11 +0,0 @@ -menu "Super User Options" -config ASSISTED_SUPERUSER - bool "Kernel-assisted superuser" - select SECURITY_SELINUX_DEVELOP if SECURITY_SELINUX - help - This driver gives trivial root access by typing `su` in a - shell. It is a security disaster, and nobody should enable - this catastrophe of a driver. - - Say N here unless you have a vendetta against kittens. -endmenu