android_bootable_recovery/hijack/hijack.c
2010-08-16 18:05:55 -07:00

100 lines
2.5 KiB
C

#include <ctype.h>
#include <errno.h>
#include <fcntl.h>
#include <getopt.h>
#include <limits.h>
#include <linux/input.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/reboot.h>
#include <sys/types.h>
#include <time.h>
#include <unistd.h>
#include <sys/wait.h>
#include <sys/limits.h>
#include <dirent.h>
#include <sys/stat.h>
#include <signal.h>
#include <sys/wait.h>
#define RECOVERY_MODE_FILE "/cache/.recovery_mode"
#define UPDATE_BINARY BOARD_HIJACK_RECOVERY_PATH"/update-binary"
#define UPDATE_PACKAGE BOARD_HIJACK_RECOVERY_PATH"/recovery.zip"
#define BUSYBOX BOARD_HIJACK_RECOVERY_PATH"/busybox"
#define PREPARE_SCRIPT BOARD_HIJACK_RECOVERY_PATH"/prepare.sh"
// This was pulled from bionic: The default system command always looks
// for shell in /system/bin/sh. This is bad.
#define _PATH_BSHELL BOARD_HIJACK_RECOVERY_PATH"/sh"
extern char **environ;
int
__system(const char *command)
{
pid_t pid;
sig_t intsave, quitsave;
sigset_t mask, omask;
int pstat;
char *argp[] = {"sh", "-c", NULL, NULL};
if (!command) /* just checking... */
return(1);
argp[2] = (char *)command;
sigemptyset(&mask);
sigaddset(&mask, SIGCHLD);
sigprocmask(SIG_BLOCK, &mask, &omask);
switch (pid = vfork()) {
case -1: /* error */
sigprocmask(SIG_SETMASK, &omask, NULL);
return(-1);
case 0: /* child */
sigprocmask(SIG_SETMASK, &omask, NULL);
execve(_PATH_BSHELL, argp, environ);
_exit(127);
}
intsave = (sig_t) bsd_signal(SIGINT, SIG_IGN);
quitsave = (sig_t) bsd_signal(SIGQUIT, SIG_IGN);
pid = waitpid(pid, (int *)&pstat, 0);
sigprocmask(SIG_SETMASK, &omask, NULL);
(void)bsd_signal(SIGINT, intsave);
(void)bsd_signal(SIGQUIT, quitsave);
return (pid == -1 ? -1 : pstat);
}
int main(int argc, char** argv) {
char* hijacked_executable = argv[0];
struct stat info;
if (NULL != strstr(hijacked_executable, "hijack")) {
// no op
printf("Hijack!\n");
return 0;
}
char cmd[PATH_MAX];
if (0 == stat(RECOVERY_MODE_FILE, &info)) {
remove(RECOVERY_MODE_FILE);
kill(getppid(), SIGKILL);
sprintf(cmd, "%s 2 0 %s", UPDATE_BINARY, UPDATE_PACKAGE);
return __system(cmd);
}
sprintf(cmd, "%s.bin", hijacked_executable);
int i;
for (i = 1; i < argc; i++) {
strcat(cmd, " '");
strcat(cmd, argv[i]);
strcat(cmd, "'");
}
__system(PREPARE_SCRIPT);
return __system(cmd);
}