针对应用隐藏su权限

#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
#endif

#include <sched.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/mount.h>
#include <fcntl.h>
#include <vector>
#include <string>

using namespace std;

#define str_contains(s, ss) ((ss) != NULL && (s).find(ss) != std::string::npos)

void file_readline(const char *file, vector<string>* val, bool trim = true) {
    FILE *fp = fopen(file, "re");
    if (fp == NULL)
        return;
    size_t len = 1024;
    char *buf = (char *) malloc(len);
    char *start;
    ssize_t read;
    while ((read = getline(&buf, &len, fp)) >= 0) {
        start = buf;
        if (trim) {
            while (read && (buf[read - 1] == '\n' || buf[read - 1] == ' '))
            --read;
            buf[read] = '\0';
            while (*start == ' ')
            ++start;
        }
        string newStr = start;
        
        if (str_contains(newStr, "tmpfs /system/") || str_contains(newStr, "tmpfs /vendor/") ||
            str_contains(newStr, "tmpfs /sbin")) {
            printf("mount : %s.\n", start);
            
            strtok_r(NULL, " ", &start);
            val->push_back(strtok_r(NULL, " ", &start));
        }
    }
    fclose(fp);
    free(buf);
}

int main(int argc,char *argv[]) {
    int pid;
    sscanf(argv[1], "%d", &pid);
    
    kill(pid, SIGSTOP);
    
    char path[128];
    char cmdline[1024];
   
    sprintf(path, "/proc/%d/cmdline", pid);
    
    FILE *f = fopen(path, "re");
    fgets(cmdline, sizeof(cmdline), f);
    fclose(f);
    
    sprintf(path, "/proc/%d", pid);
    struct stat st;
    lstat(path, &st);
    
    printf("uid:%d, ino:%llu, dev:%llu.\n", st.st_uid, st.st_ino, st.st_dev);
    
    char mnt[32];
    snprintf(mnt, sizeof(mnt), "/proc/%d/ns/mnt", pid);
    
    if (access(mnt, R_OK) == -1) {
        printf("%s not access.", mnt);
        return 1;
    }
    
    int fd, ret;
    
    fd = open(mnt, O_RDONLY);
    if (fd < 0) {
        printf("%s not open.\n", mnt);
        return 1;
    }
    
    ret = setns(fd, 0);
    printf("setns:%d.\n", ret);
    
    close(fd);
    
    //manage selinux
    char val;
    fd = open("/sys/fs/selinux/enforce", O_RDONLY);
    read(fd, &val, sizeof(val));
    
    close(fd);
    
    if (val == '0') {
        chmod("/sys/fs/selinux/enforce", 0640);
        chmod("/sys/fs/selinux/policy", 0440);
    }
    
    printf("manage selinux \n");
    //start unmount
    vector<string> targets;
    
    sprintf(path, "/proc/%d/mounts", pid);
    
    file_readline(path, &targets);
    
    for (auto &mountpoint : targets){
        if (umount2(mountpoint.data(), MNT_DETACH) != -1)
            printf("hide_daemon: Unmounted (%s)\n", mountpoint.data());
    }
    targets.clear();
    
    kill(pid, SIGCONT);
    
    printf("SIGCONT \n");
    
    return 0;
}