Multi-user support with 3 modes

ChainsDD · ChainsDD · commit 794fb0047ac0 · 2012-11-20T20:43:49.000Z
diff --git a/activity.c b/activity.c
@@ -91,7 +91,7 @@ int send_intent(struct su_context *ctx, allow_t allow, const char *action)
             "exec /system/bin/am broadcast --user %d -a %s --es socket '%s' "
             "--ei caller_uid %d --ei allow %d --es desired_cmd '%s' "
             "--ei all %d --ei version_code %d",
-            ctx->from.user, action, socket_path, uid, allow, get_command(&ctx->to),
+            ctx->user.userid, action, socket_path, uid, allow, get_command(&ctx->to),
             ctx->to.all, VERSION_CODE);
         char *args[] = { "sh", "-c", command, NULL, };
 
diff --git a/db.c b/db.c
@@ -26,9 +26,14 @@ int database_check(struct su_context *ctx)
     char filename[PATH_MAX];
     char allow[7];
     int last = 0;
+    int from_uid = ctx->from.uid;
+    
+    if (ctx->user.owner_mode) {
+        from_uid = from_uid % 100000;
+    }
 
     snprintf(filename, sizeof(filename),
-                REQUESTOR_STORED_PATH "/%u-%u", ctx->from.uid, ctx->to.uid);
+                "%s/%u-%u", ctx->user.store_path, from_uid, ctx->to.uid);
     if ((fp = fopen(filename, "r"))) {
         LOGD("Found file %s", filename);
         
@@ -55,8 +60,8 @@ int database_check(struct su_context *ctx)
                 strcpy(allow, "prompt");
         }
         fclose(fp);
-    } else if ((fp = fopen(REQUESTOR_STORED_DEFAULT, "r"))) {
-        LOGD("Using default file %s", REQUESTOR_STORED_DEFAULT);
+    } else if ((fp = fopen(ctx->user.store_default, "r"))) {
+        LOGD("Using default file %s", ctx->user.store_default);
         fgets(allow, sizeof(allow), fp);
         last = strlen(allow) - 1;
         if (last >=0)
@@ -70,6 +75,10 @@ int database_check(struct su_context *ctx)
     } else if (strcmp(allow, "deny") == 0) {
         return DENY;
     } else {
-        return INTERACTIVE;
+        if (ctx->user.userid != 0 && ctx->user.owner_mode) {
+            return DENY;
+        } else {
+            return INTERACTIVE;
+        }
     }
 }
diff --git a/su.c b/su.c
@@ -101,6 +101,35 @@ static int from_init(struct su_initiator *from)
     return 0;
 }
 
+static void read_options(struct su_context *ctx)
+{
+    char mode[12];
+    FILE *fp;
+    if ((fp = fopen(REQUESTOR_OPTIONS, "r"))) {
+        fgets(mode, sizeof(mode), fp);
+        if (strcmp(mode, "user\n") == 0) {
+            ctx->user.owner_mode = 0;
+        } else if (strcmp(mode, "owner\n") == 0) {
+            ctx->user.owner_mode = 1;
+        }
+    }
+}
+
+static void user_init(struct su_context *ctx)
+{
+    if (ctx->from.uid > 99999) {
+    	ctx->user.userid = ctx->from.uid / 100000;
+    	if (!ctx->user.owner_mode) {
+        	snprintf(ctx->user.data_path, PATH_MAX, "/data/user/%d/%s",
+        	        ctx->user.userid, REQUESTOR);
+    	    snprintf(ctx->user.store_path, PATH_MAX, "/data/user/%d/%s/files/stored",
+    	            ctx->user.userid, REQUESTOR);
+        	snprintf(ctx->user.store_default, PATH_MAX, "/data/user/%d/%s/files/stored/default",
+        	        ctx->user.userid, REQUESTOR);
+    	}
+    }
+}
+
 static void populate_environment(const struct su_context *ctx)
 {
     struct passwd *pw;
@@ -452,6 +481,7 @@ int access_disabled(const struct su_initiator *from)
                  "enable it under settings -> developer options");
             return 1;
         }
+        
     }
     return 0;
 }
@@ -475,6 +505,13 @@ int main(int argc, char *argv[])
             .argc = argc,
             .optind = 0,
         },
+        .user = {
+            .userid = 0,
+            .owner_mode = -1,
+            .data_path = REQUESTOR_DATA_PATH,
+            .store_path = REQUESTOR_STORED_PATH,
+            .store_default = REQUESTOR_STORED_DEFAULT,
+        },
         .child = 0,
     };
     struct stat st;
@@ -554,6 +591,12 @@ int main(int argc, char *argv[])
     if (from_init(&ctx.from) < 0) {
         deny(&ctx);
     }
+    
+    read_options(&ctx);
+    user_init(&ctx);
+    
+    if (ctx.user.owner_mode == -1 && ctx.user.userid != 0)
+        deny(&ctx);
 
     if (access_disabled(&ctx.from))
         deny(&ctx);
@@ -568,7 +611,7 @@ int main(int argc, char *argv[])
     if (ctx.from.uid == AID_ROOT || ctx.from.uid == AID_SHELL)
         allow(&ctx);
 
-    if (stat(REQUESTOR_DATA_PATH, &st) < 0) {
+    if (stat(ctx.user.data_path, &st) < 0) {
         PLOGE("stat");
         deny(&ctx);
     }
diff --git a/su.h b/su.h
@@ -29,6 +29,7 @@
 
 #define REQUESTOR_STORED_PATH REQUESTOR_DATA_PATH "/files/stored"
 #define REQUESTOR_STORED_DEFAULT REQUESTOR_STORED_PATH "/default"
+#define REQUESTOR_OPTIONS REQUESTOR_STORED_PATH "/options"
 
 /* intent actions */
 #define ACTION_REQUEST REQUESTOR ".REQUEST"
@@ -51,6 +52,7 @@
 struct su_initiator {
     pid_t pid;
     unsigned uid;
+    unsigned user;
     char bin[PATH_MAX];
     char args[4096];
 };
@@ -68,9 +70,18 @@ struct su_request {
     int all;
 };
 
+struct su_user_info {
+    unsigned userid;
+    int owner_mode;
+    char data_path[PATH_MAX];
+    char store_path[PATH_MAX];
+    char store_default[PATH_MAX];
+};
+
 struct su_context {
     struct su_initiator from;
     struct su_request to;
+    struct su_user_info user;
     mode_t umask;
     volatile pid_t child;
     char sock_path[PATH_MAX];
