Allow setxattr even when fake uid isn't zero

Remap -EACCES to -EOPNOTSUPP on ioctl(FICLONE) #266
termux · Apr 3, 2023 · f30ce3e · f30ce3e
1 parent d4658fc
commit f30ce3e
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 7 deletions.
diff --git a/src/extension/fake_id0/fake_id0.c b/src/extension/fake_id0/fake_id0.c
@@ -500,7 +500,7 @@ static int adjust_elf_auxv(Tracee *tracee, Config *config)
 	return 0;
 }
 
-static int handle_perm_err_exit_end(Tracee *tracee, Config *config) {
+static int handle_perm_err_exit_end(Tracee *tracee, Config *config, bool even_if_not_root) {
 	word_t result;
 
 	/* Override only permission errors.  */
@@ -521,7 +521,7 @@ static int handle_perm_err_exit_end(Tracee *tracee, Config *config) {
 
 	/* Force success if the tracee was supposed to have
 	 * the capability.  */
-	if (config->euid == 0) /* TODO: || HAS_CAP(...) */
+	if (even_if_not_root || config->euid == 0) /* TODO: || HAS_CAP(...) */
 		poke_reg(tracee, SYSARG_RESULT, 0);
 
 	return 0;
@@ -908,9 +908,6 @@ static int handle_sysexit_end(Tracee *tracee, Config *config)
 	case PR_mknod:
 	case PR_mknodat:
 	case PR_capset:
-	case PR_setxattr:
-	case PR_lsetxattr:
-	case PR_fsetxattr:
 	case PR_chmod:
 	case PR_chown:
 	case PR_fchmod:
@@ -921,7 +918,12 @@ static int handle_sysexit_end(Tracee *tracee, Config *config)
 	case PR_lchown32:
 	case PR_fchmodat:
 	case PR_fchownat: 
-		return handle_perm_err_exit_end(tracee, config);
+		return handle_perm_err_exit_end(tracee, config, false);
+
+	case PR_setxattr:
+	case PR_lsetxattr:
+	case PR_fsetxattr:
+		return handle_perm_err_exit_end(tracee, config, true);
 
 	case PR_socket: 
 		return handle_socket_exit_end(tracee, config);

diff --git a/src/syscall/exit.c b/src/syscall/exit.c
@@ -23,6 +23,7 @@
 #include <errno.h>       /* errno(3), E* */
 #include <sys/utsname.h> /* struct utsname, */
 #include <linux/net.h>   /* SYS_*, */
+#include <linux/ioctl.h> /* _IOW, */
 #include <string.h>      /* strlen(3), */
 
 #include "cli/note.h"
@@ -536,6 +537,13 @@ void translate_syscall_exit(Tracee *tracee)
 		status = handle_statx_syscall(tracee, false);
 		break;
 
+	case PR_ioctl:
+		if (peek_reg(tracee, ORIGINAL, SYSARG_2) == _IOW(0x94, 9, int) /* FICLONE */ &&
+				(int) peek_reg(tracee, CURRENT, SYSARG_RESULT) == -EACCES) {
+			poke_reg(tracee, SYSARG_RESULT, -EOPNOTSUPP);
+		}
+		goto end;
+
 	default:
 		goto end;
 	}

diff --git a/src/syscall/seccomp.c b/src/syscall/seccomp.c
@@ -356,7 +356,7 @@ static FilteredSysnum proot_sysnums[] = {
 	{ PR_getxattr,		0 },
 	{ PR_inotify_add_watch,	0 },
 #ifdef __ANDROID__
-	{ PR_ioctl,		0 },
+	{ PR_ioctl,		FILTER_SYSEXIT },
 #endif
 	{ PR_lchown,		0 },
 	{ PR_lchown32,		0 },