Allow execution from /sdcard

This is initial/PoC version, functionality is always enabled, there's no error checking performed, probably other things will need to be fixed #50
termux · Dec 9, 2018 · ebcfe01 · ebcfe01
1 parent df715ce
commit ebcfe01
Show file tree

Hide file tree

Showing 6 changed files with 104 additions and 7 deletions.
diff --git a/src/GNUmakefile b/src/GNUmakefile
@@ -72,6 +72,7 @@ OBJECTS += \
 	extension/fake_id0/stat.o \
         extension/fake_id0/helper_functions.o \
 	extension/fake_id0/fake_id0.o \
+	extension/force_exec/force_exec.o \
 	extension/hidden_files/hidden_files.o \
 	extension/port_switch/port_switch.o \
 	extension/link2symlink/link2symlink.o \

diff --git a/src/cli/proot.c b/src/cli/proot.c
@@ -319,6 +319,9 @@ static int post_initialize_exe(Tracee *tracee, const Cli *cli UNUSED,
 	char path[PATH_MAX];
 	int status;
 
+	/* TODO: Move to extension option  */
+	(void) initialize_extension(tracee, force_exec_callback, NULL);
+
 	/* Nothing else to do ?  */
 	if (tracee->qemu == NULL)
 		return 0;

diff --git a/src/execve/enter.c b/src/execve/enter.c
@@ -144,9 +144,9 @@ int translate_and_check_exec(Tracee *tracee, char host_path[PATH_MAX], const cha
 	if (status < 0)
 		return -ENOENT;
 
-	status = access(host_path, X_OK);
-	if (status < 0)
-		return -EACCES;
+	//status = access(host_path, X_OK);
+	//if (status < 0)
+	//	return -EACCES;
 
 	status = lstat(host_path, &statl);
 	if (status < 0)

diff --git a/src/extension/extension.h b/src/extension/extension.h
@@ -199,5 +199,6 @@ extern int hidden_files_callback(Extension *extension, ExtensionEvent event, int
 extern int port_switch_callback(Extension *extension, ExtensionEvent event, intptr_t d1, intptr_t d2);
 extern int link2symlink_callback(Extension *extension, ExtensionEvent event, intptr_t d1, intptr_t d2);
 extern int fix_symlink_size_callback(Extension *extension, ExtensionEvent event, intptr_t d1, intptr_t d2);
+extern int force_exec_callback(Extension *extension, ExtensionEvent event, intptr_t d1, intptr_t d2);
 
 #endif /* EXTENSION_H */
diff --git a/src/extension/force_exec/force_exec.c b/src/extension/force_exec/force_exec.c
@@ -0,0 +1,92 @@
+#include <errno.h>     /* E*, */
+#include <sys/mman.h>  /* PROT_*, MAP_* */
+
+#include "extension/extension.h"
+
+static int force_exec_handle_sysexit_end(Tracee *tracee)
+{
+	word_t sysnum;
+
+	sysnum = get_sysnum(tracee, ORIGINAL);
+
+	switch (sysnum) {
+	case PR_mmap:
+	case PR_mmap2: {
+		word_t ret = peek_reg(tracee, CURRENT, SYSARG_RESULT);
+		word_t prot = peek_reg(tracee, ORIGINAL, SYSARG_3);
+		word_t flags = peek_reg(tracee, ORIGINAL, SYSARG_4);
+		if (
+				ret == ((word_t)-EACCES) &&
+				prot == (PROT_READ | PROT_EXEC) &&
+				(flags & (MAP_ANONYMOUS | MAP_FIXED)) == MAP_FIXED
+				) {
+			word_t addr = peek_reg(tracee, ORIGINAL, SYSARG_1);
+			word_t len = peek_reg(tracee, ORIGINAL, SYSARG_2);
+			word_t fd = peek_reg(tracee, ORIGINAL, SYSARG_5);
+			word_t offset = peek_reg(tracee, ORIGINAL, SYSARG_6);
+			register_chained_syscall(
+					tracee,
+					sysnum,
+					addr,
+					len,
+					PROT_READ | PROT_WRITE,
+					flags | MAP_ANONYMOUS,
+					-1,
+					0
+			);
+			register_chained_syscall(
+					tracee,
+					PR_pread64,
+					fd,
+					addr,
+					len,
+					(sysnum == PR_mmap2 ? offset * 4096 : offset),
+					0,
+					0
+			);
+			register_chained_syscall(
+					tracee,
+					PR_mprotect,
+					addr,
+					len,
+					PROT_READ | PROT_EXEC,
+					0,
+					0,
+					0
+			);
+			force_chain_final_result(tracee, addr);
+		}
+		return 0;
+	}
+	default:
+		return 0;
+	}
+}
+
+/**
+ * Handler for this @extension.  It is triggered each time an @event
+ * occurred.  See ExtensionEvent for the meaning of @data1 and @data2.
+ */
+int force_exec_callback(Extension *extension, ExtensionEvent event,
+				  intptr_t data1 UNUSED, intptr_t data2 UNUSED)
+{
+	switch (event) {
+	case INITIALIZATION: {
+		/* List of syscalls handled by this extensions.	 */
+		static FilteredSysnum filtered_sysnums[] = {
+			{ PR_mmap,	   FILTER_SYSEXIT },
+			{ PR_mmap2,		FILTER_SYSEXIT },
+			FILTERED_SYSNUM_END,
+		};
+		extension->filtered_sysnums = filtered_sysnums;
+		return 0;
+	}
+
+	case SYSCALL_EXIT_END: {
+		return force_exec_handle_sysexit_end(TRACEE(extension));
+	}
+
+	default:
+		return 0;
+	}
+}
diff --git a/src/path/path.c b/src/path/path.c
@@ -137,10 +137,10 @@ int which(Tracee *tracee, const char *paths, char host_path[PATH_MAX], const cha
 			return -EACCES;
 		}
 
-		if (is_explicit && (statr.st_mode & S_IXUSR) == 0) {
-			note(tracee, ERROR, USER, "'%s' is not executable", command);
-			return -EACCES;
-		}
+		//if (is_explicit && (statr.st_mode & S_IXUSR) == 0) {
+		//	note(tracee, ERROR, USER, "'%s' is not executable", command);
+		//	return -EACCES;
+		//}
 
 		found = true;