Closed WandersonKalil closed 1 year ago
WandersonKalil
commented
1 year ago This issue is fixed by commit e0329cee5f18171ac7a4e89e42a0bb763a1f30a8
since we cannot call setenv("LD_LIBRARY_PATH", "/system/lib", 1) from su binary on Android 12, the solution is to inherit the environment of the caller process for a new process image and call execve().
WandersonKalil
commented
1 year ago Update: It's impossible to call /system/bin/supolicy from the daemon through execve(), even stealing zygote's environment. @topjohnwu could you add the sepolicy patch fix for su binary into magiskpolicy?
Update: Android 12 removes LD_LIBRARY_PATH from the execve() syscall!
As the daemon cannot set LD_LIBRARY_PATH, the only solution is to call supolicy from SuperPower's su's shell, whose environment is inherited from the caller process (SuperPower in this case). Consider this issue as Fixed!
WandersonKalil
commented
1 year ago Since Android 12 is arm64-v8a bit/abi by default, by setting the LD_LIBRARY_PATH to /system/lib, the kernel will use /system/lib/libc.so instead of /system/lib64/libc.so, causing the following error/bug in the daemon:
02-09 14:10:10.862 20350 20350 F linker : CANNOT LINK EXECUTABLE "sh": library "libc.so" needed or dlopened by "/system/bin/sh" is not accessible for the namespace "(default)"
02-09 14:25:21.068 24232 24232 E linker : library "libc.so" ("/apex/com.android.runtime/lib/bionic/libc.so") needed or dlopened by "/system/bin/sh" is not accessible for the namespace: [name="(default)", ld_library_paths="/vendor/lib:/vendor/lib64:/system/lib:/system/lib64", default_library_paths="/system/lib64:/system/system_ext/lib64", permitted_paths="/system/lib64/drm:/system/lib64/extractors:/system/lib64/hw:/system/system_ext/lib64:/system/framework:/system/app:/system/priv-app:/system/system_ext/framework:/system/system_ext/app:/system/system_ext/priv-app:/vendor/framework:/vendor/app:/vendor/priv-app:/system/vendor/framework:/system/vendor/app:/system/vendor/priv-app:/odm/framework:/odm/app:/odm/priv-app:/oem/app:/product/framework:/product/app:/product/priv-app:/data:/mnt/expand:/apex/com.android.runtime/lib64/bionic:/system/lib64/bootstrap"]
/system/lib64 needs to be the first path to be searched/dlopened by /system/bin/sh instead of /system/lib in order to fix the above bug in su daemon on Android 12 onwards.
@topjohnwu @osmOsis I'm the author of SuperPower - Root Access Manager!
After trying to run magiskpolicy from SuperPower's su binary, I get the following error/bug: CANNOT LINK EXECUTABLE "/system/bin/supolicy" : library "libc.so" needed or dlopened by "/system/bin/magiskpolicy" is not accessible for the namespace "default"
My guess is that calling setenv("LD_LIBRARY_PATH", "/system/lib"); no longer works. Android 12 doesn't allow setting LD_LIBRARY_PATH from c code.
@topjohnwu SuperPower 's su binary needs to patch sepolicy in order to work properly: also, there is a policy that is not patched by magiskpolicy that will prevent the su's daemon socket connection: supolicy --live "allow unstrusted_app_all magisk unix_stream_socket connectto". Could you add that policy patch into magiskpolicy?
@topjohnwu would you like to implement SuperPower's full command logging into magiskSU in order to be more complete and compatible with SuperPower?