From 3e8cb47854ab84409b406e2e057488f2c41c122b Mon Sep 17 00:00:00 2001 From: ng Date: Sat, 11 May 2024 19:21:18 +0300 Subject: [PATCH] Fix mounts cleanup in sar/2si --- native/jni/payload/executor.cpp | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/native/jni/payload/executor.cpp b/native/jni/payload/executor.cpp index e8ca00c..eab0452 100644 --- a/native/jni/payload/executor.cpp +++ b/native/jni/payload/executor.cpp @@ -46,9 +46,13 @@ #define DEBUG_EXECUTOR "/debug_ramdisk/executor" #define NEW_MAGISK_PATH "/debug_ramdisk/magisk" +#define INITRC "/init.rc" #define INITRC_SYSTEM "/system/etc/init/hw/init.rc" #define INIT_BIN_SYSTEM "/system/bin/init" +#define LIBSELINUX "/system/lib/libselinux.so" +#define LIBSELINUX64 "/system/lib64/libselinux.so" + bool check_fs_decrypted() { struct dirent *entry; @@ -79,7 +83,7 @@ int unhide_process(pid_t pid) { char buf[32]; snprintf(buf, 31, "/proc/%d", pid); - return umount(buf); + return umount2(buf, MNT_DETACH); } void block_signals() { @@ -249,11 +253,21 @@ int main(int argc, char** argv, char** envp) { delprop(svc_name.c_str()); } - // Unmount init.rc on android 11+ (if no magisk, i.e. revshell is not at debug_ramdisk) - if (access(INITRC_SYSTEM, F_OK) == 0 && access(DEBUG_REVSHELL, F_OK) != 0) { - ALOGD("Unmounting new init.rc"); - umount2(INITRC_SYSTEM, MNT_DETACH); + // Unmount init.rc in ramdisk + umount2(INITRC, MNT_DETACH); + + // Unmount SAR stuff in /system (if no magisk in debug_ramdisk) + if (access(INIT_BIN_SYSTEM, F_OK) == 0 && access(NEW_MAGISK_PATH, F_OK) != 0) { + ALOGD("Unmounting SAR stuff"); umount2(INIT_BIN_SYSTEM, MNT_DETACH); + // Unmount init.rc on android 11+ + if (access(INITRC_SYSTEM, F_OK) == 0) + umount2(INITRC_SYSTEM, MNT_DETACH); + // Unmount libselinux + if (access(LIBSELINUX64, F_OK) == 0) + umount2(LIBSELINUX64, MNT_DETACH); + else if (access(LIBSELINUX, F_OK) == 0) + umount2(LIBSELINUX, MNT_DETACH); } // Cleanup /sbin on rootfs