Add setpriv

[agnostic-apollo]

Added setpriv in util-linux.

Android 7 and some Android devices 8 do not support ambient capabilities and will return activate capabilities: Invalid argument when running setpriv.

strace shows "prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_IS_SET, CAP_CHOWN, 0, 0) = -1 EINVAL (Invalid argument)"

This was an issue with libcap-ng where support for PR_CAP_AMBIENT was checked at compile time, so setpriv only worked on Android > 7/8 when capng_apply() was called.

4.3 kernel PR_CAP_AMBIENT

https://github.com/util-linux/util-linux/blob/v2.37.1/sys-utils/setpriv.c#L1010
https://github.com/stevegrubb/libcap-ng/blob/v0.8.2/src/cap-ng.c#L59
https://github.com/stevegrubb/libcap-ng/blob/v0.8.2/src/cap-ng.c#L716
https://source.android.com/devices/architecture/kernel/android-common

This has been fixed in libcap-ng by checking PR_CAP_AMBIENT at runtime with 187ed535. libcap-ng 0.8.3 has not been released yet and so we use a pre release version 0.8.3~pre1.

stevegrubb/libcap-ng#28
stevegrubb/libcap-ng@187ed535

Let me know if someone is willing to test it out. I have confirmed its working on android 7, did some basic run test on android 10 avd as well and it ran fine, but since patching selinux policy isn't working on it, so can't fully test dropping to app context currently. The setrpriv binary should help people who want to run commands in termux or other app contexts from scripts running as root. nsenter is already provided by util-linux. I'll release a script soon for it as well. Check https://android.stackexchange.com/questions/217016/how-to-run-a-program-in-an-app-context-with-magisk for details.

[agnostic-apollo]

Dropping to app context is confirmed to be working on android 11 as well. But you need to patch the other untrusted_app* domains as per target app's targetSdkVersion with supolicy --live "allow untrusted_app_25 shell_exec file entrypoint" "allow untrusted_app_27 shell_exec file entrypoint" "allow untrusted_app_29 shell_exec file entrypoint" "allow untrusted_app shell_exec file entrypoint", which currently is untrusted_app_27 for com.termux. Of course use at your own risk.

W setpriv : type=1400 audit(0.0:141491): avc: denied { entrypoint } for path="/system/bin/sh" dev="dm-0" ino=973 scontext=u:r:untrusted_app_27:s0:c20,c257,c512,c768 tcontext=u:object_r:shell_exec:s0 tclass=file permissive=0 app=com.termux.tasker

Even avc is logging com.termux.tasker instead of com.termux, related issue of magisk manager showing Termux:Tasker being granted su permissions even though initiated by Termux app.