v5.1.0-mod-0.12: --mute-setxid

README.md

@@ -13,6 +13,21 @@ Defaults are `../libexec/proot/loader` / `../libexec/proot/loader32` respectivel
 
 * `--tcsetsf2tcsetsw` as `TCSETSW` looks even better. `tcsetattr(TCSAFLUSH, ...)` => `tcsetattr(TCSADRAIN, ...)` in other words.
 
+* `--mute-setxid` return `0` for calls
+  - `setuid()`
+  - `setuid32()`
+  - `setgid()`
+  - `setgid32()`
+  - `setreuid()`
+  - `setreuid32()`
+  - `setregid()`
+  - `setregid32()`
+  - `setresuid()`
+  - `setresuid32()`
+  - `setresgid()`
+  - `setresgid32()`
+if they trigger `SIGSYS` (Android related).
+
 * `--bind-memfd=<pattern>` option as long as Android does not provide access to *tmpfs* for regular apps. It uses `memfd_create()`.
 Pattern acts like the `fnmatch()` one with the `FNM_PATHNAME` and `FNM_EXTMATCH` flags.
 *Experimental. No `open_by_handle_at` syscall support yet.*

src/GNUmakefile

@@ -90,6 +90,7 @@ OBJECTS += \
 	extension/link2symlink/link2symlink.o \
 	extension/fix_symlink_size/fix_symlink_size.o \
 	extension/tcsetsf2tcsets/tcsetsf2tcsets.o \
+	extension/mute_setxid/mute_setxid.o \
 	extension/memfd/memfd.o
 
 define define_from_arch.h

src/cli/proot.c

@@ -326,6 +326,21 @@ static int handle_option_tcsetsf2tcsets_v(Tracee *tracee, const Cli *cli UNUSED,
 	return 0;
 }
 
+static int handle_option_mute_setxid(Tracee *tracee, const Cli *cli UNUSED, const char *value)
+{
+	void *extension = get_extension(tracee, mute_setxid_callback);
+	if (extension != NULL) {
+		note(tracee, WARNING, USER, "option --mute-setxid was already specified");
+		TALLOC_FREE(extension);
+	}
+
+	const int status = initialize_extension(tracee, mute_setxid_callback, value);
+	if (status < 0)
+		note(tracee, WARNING, INTERNAL, "mute-setxid not initialized");
+
+	return 0;
+}
+
 static int handle_option_memfd(Tracee *tracee, const Cli *cli UNUSED, const char *value)
 {
 	void *extension = get_extension(tracee, memfd_callback);

src/cli/proot.h

@@ -6,7 +6,7 @@
 #include "cli/cli.h"
 
 #ifndef VERSION
-#define VERSION "5.1.0-mod-0.11"
+#define VERSION "5.1.0-mod-0.12"
 #endif
 
 static const char *recommended_bindings[] = {
@@ -67,6 +67,7 @@ static int handle_option_H(Tracee *tracee, const Cli *cli, const char *value);
 static int handle_option_p(Tracee *tracee, const Cli *cli, const char *value);
 static int handle_option_tcsetsf2tcsets(Tracee *tracee, const Cli *cli, const char *value);
 static int handle_option_tcsetsf2tcsetsw(Tracee *tracee, const Cli *cli, const char *value);
+static int handle_option_mute_setxid(Tracee *tracee, const Cli *cli, const char *value);
 static int handle_option_memfd(Tracee *tracee, const Cli *cli, const char *value);
 
 static int pre_initialize_bindings(Tracee *, const Cli *, size_t, char *const *, size_t);
@@ -286,6 +287,14 @@ Copyright (C) 2015 STMicroelectronics, licensed under GPL v2 or later.\n\
           .description = "TCSETSF is forbidden in Android. Substitute with TCSETSW.",
           .detail = "tcsetattr(TCSAFLUSH, ...) => tcsetattr(TCSDRAIN, ...) in other words.",
         },
+        { .class = "Extension options",
+          .arguments = {
+                { .name = "--mute-setxid", .separator = '\0', .value = NULL },
+                { .name = NULL, .separator = '\0', .value = NULL } },
+          .handler = handle_option_mute_setxid,
+          .description = "setXid() calls can be disabled in Android. Return success unconditionally.",
+          .detail = "",
+        },
         { .class = "Extension options",
           .arguments = {
                 { .name = "--bind-memfd", .separator = '=', .value = "string" },

src/extension/extension.h

@@ -200,6 +200,7 @@ extern int port_switch_callback(Extension *extension, ExtensionEvent event, intp
 extern int link2symlink_callback(Extension *extension, ExtensionEvent event, intptr_t d1, intptr_t d2);
 extern int fix_symlink_size_callback(Extension *extension, ExtensionEvent event, intptr_t d1, intptr_t d2);
 extern int tcsetsf2tcsets_callback(Extension *extension, ExtensionEvent event, intptr_t data1 UNUSED, intptr_t data2 UNUSED);
+extern int mute_setxid_callback(Extension *extension, ExtensionEvent event, intptr_t data1 UNUSED, intptr_t data2 UNUSED);
 extern int memfd_callback(Extension *extension, ExtensionEvent event, intptr_t data1, intptr_t data2 UNUSED);
 
 #endif /* EXTENSION_H */

src/extension/mute_setxid/mute_setxid.c

@@ -0,0 +1,63 @@
+#include <assert.h>      /* assert(3), */
+#include <stdint.h>      /* intptr_t, */
+#include <errno.h>       /* E*, */
+
+#include "extension/extension.h"
+#include "syscall/syscall.h"
+#include "syscall/sysnum.h"
+#include "syscall/seccomp.h"
+#include "syscall/chain.h"
+#include "execve/execve.h"
+#include "tracee/tracee.h"
+#include "tracee/abi.h"
+#include "tracee/mem.h"
+#include "execve/auxv.h"
+#include "path/binding.h"
+#include "path/f2fs-bug.h"
+#include "arch.h"
+
+int mute_setxid_callback(Extension *extension, ExtensionEvent event, intptr_t data1, intptr_t data2) {
+	switch (event) {
+		case INITIALIZATION: {
+			static const FilteredSysnum filtered_sysnums[] = {
+				{ PR_setuid,		FILTER_SYSEXIT },
+				{ PR_setuid32,		FILTER_SYSEXIT },
+				{ PR_setgid,		FILTER_SYSEXIT },
+				{ PR_setgid32,		FILTER_SYSEXIT },
+				{ PR_setreuid,		FILTER_SYSEXIT },
+				{ PR_setreuid32,	FILTER_SYSEXIT },
+				{ PR_setregid,		FILTER_SYSEXIT },
+				{ PR_setregid32,	FILTER_SYSEXIT },
+				{ PR_setresuid,		FILTER_SYSEXIT },
+				{ PR_setresuid32,	FILTER_SYSEXIT },
+				{ PR_setresgid,		FILTER_SYSEXIT },
+				{ PR_setresgid32,	FILTER_SYSEXIT },
+				FILTERED_SYSNUM_END
+			};
+			extension->filtered_sysnums = filtered_sysnums;
+			return 0;
+		}
+		case SIGSYS_OCC: {
+			Tracee *const tracee = TRACEE(extension);
+			const word_t sysnum = get_sysnum(tracee, CURRENT);
+			switch (sysnum) {
+				case PR_setuid:
+				case PR_setuid32:
+				case PR_setgid:
+				case PR_setgid32:
+				case PR_setreuid:
+				case PR_setreuid32:
+				case PR_setregid:
+				case PR_setregid32:
+				case PR_setresuid:
+				case PR_setresuid32:
+				case PR_setresgid:
+				case PR_setresgid32:
+					poke_reg(tracee, SYSARG_RESULT, 0);
+					return 1;
+			}
+			return 0;
+		}
+	}
+	return 0;
+}