fix: allow su operation for SELinux Enforcing systems

This patch uses virtual resource names for IPC, which is currently not under the purview of
SELinux, for now at least :)

Superuser/jni/su/daemon.c

@@ -431,29 +431,13 @@ int run_daemon() {
 
     memset(&sun, 0, sizeof(sun));
     sun.sun_family = AF_LOCAL;
-    sprintf(sun.sun_path, "%s/server", REQUESTOR_DAEMON_PATH);
-
-    /*
-     * Delete the socket to protect from situations when
-     * something bad occured previously and the kernel reused pid from that process.
-     * Small probability, isn't it.
-     */
-    unlink(sun.sun_path);
-    unlink(REQUESTOR_DAEMON_PATH);
-
-    int previous_umask = umask(027);
-    mkdir(REQUESTOR_DAEMON_PATH, 0777);
+    sprintf(sun.sun_path, "%c%s/server", '\0', REQUESTOR_DAEMON_PATH);
 
     if (bind(fd, (struct sockaddr*)&sun, sizeof(sun)) < 0) {
         PLOGE("daemon bind");
         goto err;
     }
 
-    chmod(REQUESTOR_DAEMON_PATH, 0755);
-    chmod(sun.sun_path, 0777);
-
-    umask(previous_umask);
-
     if (listen(fd, 10) < 0) {
         PLOGE("daemon listen");
         goto err;
@@ -549,7 +533,7 @@ int connect_daemon(int argc, char *argv[], int ppid) {
 
     memset(&sun, 0, sizeof(sun));
     sun.sun_family = AF_LOCAL;
-    sprintf(sun.sun_path, "%s/server", REQUESTOR_DAEMON_PATH);
+    sprintf(sun.sun_path, "%c%s/server", '\0', REQUESTOR_DAEMON_PATH);
 
     if (0 != connect(socketfd, (struct sockaddr*)&sun, sizeof(sun))) {
         PLOGE("connect");

Superuser/jni/su/su.c

@@ -271,9 +271,7 @@ void set_identity(unsigned int uid) {
 }
 
 static void socket_cleanup(struct su_context *ctx) {
-    if (ctx && ctx->sock_path[0]) {
-        if (unlink(ctx->sock_path))
-            PLOGE("unlink (%s)", ctx->sock_path);
+    if (ctx) {
         ctx->sock_path[0] = 0;
     }
 }
@@ -313,15 +311,12 @@ static int socket_create_temp(char *path, size_t len) {
     snprintf(path, len, "%s/.socket%d", REQUESTOR_CACHE_PATH, getpid());
     memset(sun.sun_path, 0, sizeof(sun.sun_path));
     snprintf(sun.sun_path, sizeof(sun.sun_path), "%s", path);
+    /* use abstract namespace for socket path */
+    sun.sun_path[0] = '\0';
+    strcpy(&sun.sun_path[1], path);
+    size_t size = offsetof(struct sockaddr_un, sun_path) + 1 + strlen(&sun.sun_path[1]);
 
-    /*
-     * Delete the socket to protect from situations when
-     * something bad occured previously and the kernel reused pid from that process.
-     * Small probability, isn't it.
-     */
-    unlink(sun.sun_path);
-
-    if (bind(fd, (struct sockaddr*)&sun, sizeof(sun)) < 0) {
+    if (bind(fd, (struct sockaddr*)&sun, size) < 0) {
         PLOGE("bind");
         goto err;
     }

Superuser/src/com/koushikdutta/superuser/MultitaskSuRequestActivity.java

@@ -140,7 +140,6 @@ protected void onDestroy() {
         }
         catch (Exception ex) {
         }
-        new File(mSocketPath).delete();
     }
 
     public static final String PERMISSION = "android.permission.ACCESS_SUPERUSER";
@@ -303,7 +302,7 @@ void manageSocket() {
             public void run() {
                 try {
                     mSocket = new LocalSocket();
-                    mSocket.connect(new LocalSocketAddress(mSocketPath, Namespace.FILESYSTEM));
+                    mSocket.connect(new LocalSocketAddress(mSocketPath, Namespace.ABSTRACT));
 
                     DataInputStream is = new DataInputStream(mSocket.getInputStream());
 
@@ -392,21 +391,6 @@ protected void onCreate(Bundle savedInstanceState) {
 
         manageSocket();
 
-
-        // watch for the socket disappearing. that means su died.
-        new Runnable() {
-            public void run() {
-                if (isFinishing())
-                    return;
-                if (!new File(mSocketPath).exists()) {
-                    finish();
-                    return;
-                }
-
-                mHandler.postDelayed(this, 1000);
-            };
-        }.run();
-
         mHandler.postDelayed(new Runnable() {
             @Override
             public void run() {