Oprmastro

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "Widgets"]
+	path = Widgets
+	url = https://github.com/phhusson/Widgets.git

Android.mk

@@ -3,25 +3,15 @@
 
 my_path := $(call my-dir)
 
-ifdef SUPERUSER_EMBEDDED
-SUPERUSER_PACKAGE := com.android.settings
-else
-ifeq ($(SUPERUSER_PACKAGE),)
-SUPERUSER_PACKAGE := com.thirdparty.superuser
-endif
-include $(my_path)/Superuser/Android.mk
-endif
-
-
 LOCAL_PATH := $(my_path)
 include $(CLEAR_VARS)
 
 LOCAL_MODULE := su
 LOCAL_MODULE_TAGS := eng debug optional
 LOCAL_FORCE_STATIC_EXECUTABLE := true
-LOCAL_STATIC_LIBRARIES := libc libcutils
+LOCAL_STATIC_LIBRARIES := libc libcutils libselinux
 LOCAL_C_INCLUDES := external/sqlite/dist
-LOCAL_SRC_FILES := Superuser/jni/su/su.c Superuser/jni/su/daemon.c Superuser/jni/su/activity.c Superuser/jni/su/db.c Superuser/jni/su/utils.c Superuser/jni/su/pts.c ../../sqlite/dist/sqlite3.c
+LOCAL_SRC_FILES := Superuser/jni/su/su.c Superuser/jni/su/daemon.c Superuser/jni/su/activity.c Superuser/jni/su/db.c Superuser/jni/su/utils.c Superuser/jni/su/pts.c Superuser/jni/sqlite3/sqlite3.c
 LOCAL_CFLAGS := -DSQLITE_OMIT_LOAD_EXTENSION -DREQUESTOR=\"$(SUPERUSER_PACKAGE)\"
 
 ifdef SUPERUSER_PACKAGE_PREFIX
@@ -32,33 +22,13 @@ ifdef SUPERUSER_EMBEDDED
   LOCAL_CFLAGS += -DSUPERUSER_EMBEDDED
 endif
 
-LOCAL_MODULE_PATH := $(TARGET_OUT_OPTIONAL_EXECUTABLES)
+LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT_SBIN)
 include $(BUILD_EXECUTABLE)
 
-
-SYMLINKS := $(addprefix $(TARGET_OUT)/bin/,su)
-$(SYMLINKS):
-	@echo "Symlink: $@ -> /system/xbin/su"
-	@mkdir -p $(dir $@)
-	@rm -rf $@
-	$(hide) ln -sf ../xbin/su $@
-
-ALL_DEFAULT_INSTALLED_MODULES += $(SYMLINKS)
-
-# We need this so that the installed files could be picked up based on the
-# local module name
-ALL_MODULES.$(LOCAL_MODULE).INSTALLED := \
-    $(ALL_MODULES.$(LOCAL_MODULE).INSTALLED) $(SYMLINKS)
+include $(CLEAR_VARS)
 
 ifdef SUPERUSER_EMBEDDED
 
-# make sure init.superuser.rc is imported from
-# init.rc or similar
-
-SUPERUSER_RC := $(TARGET_ROOT_OUT)/init.superuser.rc
-$(SUPERUSER_RC): $(LOCAL_PATH)/init.superuser.rc | $(ACP)
-	$(copy-file-to-new-target)
-
 SUPERUSER_MARKER := $(TARGET_OUT_ETC)/.has_su_daemon
 $(SUPERUSER_MARKER): $(LOCAL_INSTALLED_MODULE)
 	@mkdir -p $(dir $@)

README.md

@@ -1,117 +1,127 @@
 ## Why another Superuser?
-* Superuser should be open source. It's the gateway to root on your device. It must be open for independent security analysis. Obscurity (closed source) is not security.
-* Superuser should be NDK buildable. No internal Android references.
+* Superuser should be open source.
+  It's the gateway to root on your device.
+  It must be open for independent security analysis. Obscurity (closed source) is not security.
+* Superuser should be NDK buildable.
+  No internal Android references.
 * Superuser should also be AOSP buildable for those that want to embed it in their ROM.
 * Superuser should also be AOSP _embeddable_, meaning a ROM can easily embed it into their Settings app.
 * Maintenance and updates on both the market and source repositories should be timely.
 * I want to be able to point users of my app to a Superuser solution that I wrote, that I know works, and that I can fix if something is wrong.
 * Handle multiuser (4.2+) properly
 * Handle concurrent su requests properly
 
-## Translations
-
-Translations are very much appreciated, but please do not submit translations on Github! Instead, use the review submission process on [CyanogenMod's gerrit instance](http://review.cyanogenmod.org/#/q/status:open,n,z).
-
-
+## Why NOT use this Superuser?
+* If you have any doubt about how to go recover from a critical failure, DON'T TRY THIS
+* Don't use it if you're afraid of a brick
 
 ## Checking out the source
 
 You'll need the "Widgets" dependency.
 
-* $ mkdir /path/to/src
-* $ cd /path/to/src
-* $ git clone git://github.com/koush/Superuser
-* $ git clone git://github.com/koush/Widgets
+* `$ mkdir /path/to/src`
+* `$ cd /path/to/src`
+* `$ git clone git://github.com/phhusson/Superuser`
+* `$ cd Superuser`
+* `$ git clone git://github.com/phhusson/Widgets`
 
 These repositories do not keep the actual projects in the top level directory.
 This is because they contain tests, libs, and samples.
 
-Make sure the SDK Platform for API 19 is installed, through the Android SDK Manager.  Install NDK Revision 9b from [here](http://developer.android.com/tools/sdk/ndk/index.html).
+Make sure the SDK Platform for API 19 is installed, through the Android SDK Manager.
+Install NDK Revision 9b from [developer.android.com](https://developer.android.com/tools/sdk/ndk/index.html) or use the latest and set `NDK_TOOLCHAIN_VERSION=4.9`.
 
-## Eclipse
+## Building the su and placeholder binaries
 
-In Eclipse, import Widgets/Widgets and Superuser/Superuser. It should Just Work (TM).
-
-## Ant
+Make sure you have the android-ndk downloaded with the tool "ndk-build" in your path.
 
-* $ mkdir /path/to/src
-* $ cd /path/to/src
-* $ cd Superuser/Superuser
+* `$ cd /path/to/src/`
+* `$ cd Superuser/Superuser`
+* `$ ndk-build`
 
-In this directory, create a file called local.properties. This file is used by ant for custom properties. You need to specify the location of the ndk directory and your keystore parameters:
+The su binary will built into Superuser/Superuser/libs/armeabi/su, and the placeholder will be built into Superuser/Superuser/libs/armeabi/placeholder
 
-```
-ndk.dir=/Users/koush/src/android-ndk
-key.store=/Users/koush/.keystore
-key.alias=mykey
-```
+## Building the application
 
-If you do not have a release key yet, [create one using keytool](http://developer.android.com/tools/publishing/app-signing.html).
+* `$ ./gradlew assembleDebug`
 
-Set up your SDK path (this is the directory containing platform-tools/, tools/, etc.):
+(Yes I use debug builds for the moment.)
 
-* $ export ANDROID_HOME=/Users/koush/src/sdk
+#### Configuring the Package Name
+//The Superuser distributed on Google Play is in the package name com.koushikdutta.superuser. (To be changed)
+To prevent conflicts with the Play store version, the build process changes the package
+name to com.thirdparty.superuser. You can configure this value by setting the following
+in your build.gradle
 
-Then you can build:
+```
+applicationId "com.thirdparty.superuser"
+```
 
-* $ ant release
+## How to install?
 
-Outputs:
-* bin/update.zip - Recovery installable zip
-* bin/Superuser-release.apk - Superuser Android app
-* libs/armeabi/su - ARM su binary
-* libs/x86/su - x86 su binary
-* libs/mips/su - MIPS su binary
+You can install su in various different ways.
+All are not listed here.
 
-## Building the su binary
+### Editing /system partition, and using placeholder binary
 
-You can use ant as shown above, to build the binary, but it can also be built without building the APK.
+One way is through placeholder binary.
+It doesn't require to modify boot.img, only system partition.
+This doesn't work on Android M, and is considered obsolete.
+(SELinux policies aren't keeping up)
 
-Make sure you have the android-ndk downloaded with the tool "ndk-build" in your path.
+To install it this way, here are the needed steps:
+* Rename /system/bin/app_process32 to /system/bin/app_process32.old
+* Copy placeholder to system/bin/app_process32
+* Ensure permissions of app_process32 are the same as of app_process32.old, including SELinux attributes (should be 0755 u:object_r:zygote_exec:s0)
+* Put su file in system/xbin/
+* Add /system/xbin/su --daemon in install-recovery.sh
 
-* $ cd /path/to/src/
-* $ cd Superuser/Superuser
-* $ ndk-build
+### From sources
 
-The su binary will built into Superuser/Superuser/libs/armeabi/su.
+Please refer to https://github.com/seSuperuser/AOSP-SU-PATCH/
 
+### Editing boot partition
 
+Please refer to https://github.com/phhusson/super-bootimg/
 
-## Building with AOSP, CyanogenMod, etc
+## TODO List
 
-ROM developers are welcome to distribute the official Superuser APK and binary that I publish. That will
-allow them to receive updates with Google Play. However, you can also build Superuser as part of your
-build, if you choose to.
+Here is a list of what's left to do, to be compatible with Chainfire's SuperSU (as documented at [su.chainfire.eu](https://su.chainfire.eu)):
+* --mount-master
 
-There are two ways to include Superuser in your build. The easiest is to build the APK as a separate app.
-To do that, simply add the local_manifest.xml as described below. The second way is by embedding it
-into the native Android System Settings.
+Here is an additional TODO list:
+* Create restricted domains, which should match of basic needs.
+  So that we can tell users "this app is not as bad as it might"
+* Safer su --bind/su --init (should be package-name based, not uid-based)
 
-#### Repo Setup
-Add the [local_manifest.xml](https://github.com/koush/Superuser/blob/master/local_manifest.xml) to your .repo/local_manifests
+## Contact me
+* IRC: #superuser-phh @ Freenode
+* mail: [email protected]
 
-#### Configuring the Package Name
-The Superuser distributed on Google Play is in the package name com.koushikdutta.superuser.
-To prevent conflicts with the Play store version, the build process changes the package
-name to com.thirdparty.superuser. You can configure this value by setting the following
-in your vendor makefile or BoardConfig:
+## Communication
 
-```
-SUPERUSER_PACKAGE := com.mypackagename.superuser
-```
+This project is in REALLY early state, though some points have to be mentioned:
+* For development purposes, please use the project's IRC: #superuser-phh @ Freenode
+* Any issue discussed MUST have an entry in GitHub's bugtracker
+* There will be security flaws.
+  If you find one, please first discuss it with me privately (<[email protected]>, phh on IRC).
+* If you feel you need to be aware of security flaws before disclosure, please contact me.
+  I might create a dedicated security mailing list.
 
-#### Advanced - Embedding Superuser into System Settings
+## Organisation
 
-You will not need to change the package name as described above. Superuser will simply go
-into the com.android.settings package.
+https://trello.com/b/adDbOmV0/superuser
 
-First, in a product makefile (like vendor/cm/config/common.mk), specify the following:
+## Prebuilt images
 
-```
-SUPERUSER_EMBEDDED := true
-```
+I setup a robot to build rooted boot.img.
+The result is available at [superuser.phh.me](https://superuser.phh.me/).
+Each boot.img is signed with the keystore at [superuser.phh.me/keystore.img](https://superuser.phh.me/keystore.img).
+Every boot.img contains the latest su and SELinux policy.
+* orig-boot.img is extracted from the ROM and is provided **for reference only**.
+* boot-su-eng.img is generated by calling `su` with the `eng` option.
+* boot-su-user.img is generated by calling `su` without any arguments.
 
-To modify packages/apps/Settings, you will need this [patch](http://review.cyanogenmod.org/#/c/32957/2//COMMIT_MSG,unified).
-The patch simply references the sources checked out to external/koush and makes changes
-to XML preference files and the AndroidManifest.xml. It is a very minimal change.
+The matching APK is available at [play.google.com/store/apps/details?id=me.phh.superuser](https://play.google.com/store/apps/details?id=me.phh.superuser).
 
+If you want to add some ROMs or boot.img configurations into the auto-builder, open a pull-request or create an issue at [github.com/phhusson/super-bootimg/tree/master/known-imgs](https://github.com/phhusson/super-bootimg/tree/master/known-imgs).

SELinux/Policy.md

@@ -0,0 +1,44 @@
+The aim of this file is to explain the SELinux policy rules have been decided for implementation, either as a patch on AOSP, or a binary modification with sepolicy-inject.
+
+
+## Mentioned domains:
+
+- su //The domain of the su daemon itself.
+- su\_sensitive //A "super domain", heavily protected, with greater power
+- untrusted\_app //The domain of an app. Most roots apps will come from there
+- shell //The domain when in adb shell
+
+
+## su domain should be able to:
+- Access audio devices
+- Access network, incl. configuration
+
+## su domain MUST NOT be able to:
+- have direct access to any partition
+- be able to remount a partition
+- write to cache partition/reboot to recovery
+- access to another app's folder
+- maintain su context "forever" (except daemon obviously)
+
+## su\_sensitive should be able to:
+- remount system partition (only if verity is disabled?)
+
+## su\_sensitive MUST NOT be able to:
+- Rewrite keystore/boot.img
+
+## Evolutions which would make SU more powerful, but needs deeper changes:
+- Some files in system/etc could be mount --bindable from su-context (mixer\_paths, hosts, ...?)
+- Another domain whose only aim would be to resign keystore/boot.img/system.img
+
+## Special case of su\_sensitive:
+su\_sensitive activation MUST get full user attention, and remind him everyday he granted this right to an app.
+For such a context, doing on-execution popup is almost dangerous, because user might/will believe this is a one-time permission.
+Getting su\_sensitive context means the app is able to stay root forever, and this is how it must be reported to the user.
+The user have to go in SuperUser's settings, explicitly select the app to get su\_sensitive, and type his password.
+
+
+
+## Variations:
+- There will always be an "eng" build with "su\_sensitive" permissive
+- The full lists mentioned before refers to "user" build
+- A "cts" build can be added, which would have "user" settings, minus the one breaking neverallow/CTS

Superuser/AndroidManifest.xml

@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="utf-8"?>
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
     package="com.koushikdutta.superuser"
-    android:versionCode="1030"
-    android:versionName="1.0.3.0" >
+    android:versionCode="1033"
+    android:versionName="1.0.3.3" >
 
     <permission
         android:name="android.permission.REQUEST_SUPERUSER"
@@ -11,23 +11,6 @@
         android:name="android.permission.REPORT_SUPERUSER"
         android:protectionLevel="signature" />
 
-    <permission-group
-        android:name="android.permission-group.SUPERUSER"
-        android:description="@string/superuser_description_more"
-        android:icon="@drawable/ic_action_permission"
-        android:label="@string/superuser"
-        android:priority="10000" />
-
-    <permission
-        android:name="android.permission.ACCESS_SUPERUSER"
-        android:description="@string/superuser_description_more"
-        android:icon="@drawable/ic_action_permission"
-        android:label="@string/superuser_description"
-        android:logo="@drawable/ic_action_permission"
-        android:permissionGroup="android.permission-group.SUPERUSER"
-        android:protectionLevel="dangerous" />
-
-    <uses-permission android:name="android.permission.ACCESS_SUPERUSER" />
     <uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />
 
     <application
@@ -100,7 +83,6 @@
             </intent-filter>
             <intent-filter>
                 <action android:name="android.intent.action.BOOT_COMPLETED" />
-                <data android:scheme="package" />
             </intent-filter>
             <intent-filter>
                 <action android:name="android.intent.action.PACKAGE_REMOVED" />