Use am to send intents rather than a binder transaction.

ChainsDD · ChainsDD · commit 382d1e37c1fe · 2012-06-04T20:17:44.000+01:00
This commit is by koush and is mostly copied from the CyanogenMod fork
of su.

By using am instead of a binder transaction, we can guarantee
compatibility with current and future versions of Android.
diff --git a/activity.c b/activity.c
@@ -0,0 +1,76 @@
+/*
+** Copyright 2010, Adam Shanks (@ChainsDD)
+** Copyright 2008, Zinx Verituse (@zinxv)
+**
+** Licensed under the Apache License, Version 2.0 (the "License");
+** you may not use this file except in compliance with the License.
+** You may obtain a copy of the License at
+**
+**     http://www.apache.org/licenses/LICENSE-2.0
+**
+** Unless required by applicable law or agreed to in writing, software
+** distributed under the License is distributed on an "AS IS" BASIS,
+** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+** See the License for the specific language governing permissions and
+** limitations under the License.
+*/
+
+#include <unistd.h>
+
+#include "su.h"
+
+int send_intent(const struct su_context *ctx,
+                const char *socket_path, int allow, const char *action)
+{
+	char command[PATH_MAX];
+
+	sprintf(command, "/system/bin/am broadcast -a %s --es socket %s --ei version_code %d > /dev/null",
+			action, socket_path, VERSION_CODE);	
+
+    // before sending the intent, make sure the (uid and euid) and (gid and egid) match,
+    // otherwise LD_LIBRARY_PATH is wiped in Android 4.0+.
+    // Also, sanitize all secure environment variables (from linker_environ.c in linker).
+
+    /* The same list than GLibc at this point */
+    static const char* const unsec_vars[] = {
+        "GCONV_PATH",
+        "GETCONF_DIR",
+        "HOSTALIASES",
+        "LD_AUDIT",
+        "LD_DEBUG",
+        "LD_DEBUG_OUTPUT",
+        "LD_DYNAMIC_WEAK",
+        "LD_LIBRARY_PATH",
+        "LD_ORIGIN_PATH",
+        "LD_PRELOAD",
+        "LD_PROFILE",
+        "LD_SHOW_AUXV",
+        "LD_USE_LOAD_BIAS",
+        "LOCALDOMAIN",
+        "LOCPATH",
+        "MALLOC_TRACE",
+        "MALLOC_CHECK_",
+        "NIS_PATH",
+        "NLSPATH",
+        "RESOLV_HOST_CONF",
+        "RES_OPTIONS",
+        "TMPDIR",
+        "TZDIR",
+        "LD_AOUT_LIBRARY_PATH",
+        "LD_AOUT_PRELOAD",
+        // not listed in linker, used due to system() call
+        "IFS",
+    };
+    const char* const* cp   = unsec_vars;
+    const char* const* endp = cp + sizeof(unsec_vars)/sizeof(unsec_vars[0]);
+    while (cp < endp) {
+        unsetenv(*cp);
+        cp++;
+    }
+
+    // sane value so "am" works
+    setenv("LD_LIBRARY_PATH", "/vendor/lib:/system/lib", 1);
+    setegid(getgid());
+    seteuid(getuid());
+    return system(command);
+}
diff --git a/activity.cpp b/activity.cpp
diff --git a/su.c b/su.c
@@ -42,15 +42,6 @@
 /* Still lazt, will fix this */
 static char socket_path[PATH_MAX];
 
-
-static inline int get_sdk_version(void)
-{
-    char sdk_version_prop[PROPERTY_VALUE_MAX];
-
-    property_get("ro.build.version.sdk", sdk_version_prop, "0");
-    return atoi(sdk_version_prop); 
-}
-
 static int from_init(struct su_initiator *from)
 {
     char path[PATH_MAX], exe[PATH_MAX];
@@ -455,8 +446,6 @@ int main(int argc, char *argv[])
     }
     ctx.to.optind = optind;
 
-    ctx.sdk_version = get_sdk_version();
-
     if (from_init(&ctx.from) < 0) {
         deny(&ctx);
     }
diff --git a/su.h b/su.h
@@ -70,7 +70,6 @@ struct su_context {
     struct su_initiator from;
     struct su_request to;
     mode_t umask;
-    int sdk_version;
 };
 
 enum {
