From 081074ad9d5c02e589f265373c0dfa867c9eeaff Mon Sep 17 00:00:00 2001 From: topjohnwu Date: Fri, 8 Mar 2019 23:53:53 -0500 Subject: [PATCH] Better zygote process detection --- native/jni/include/daemon.h | 1 - native/jni/magiskhide/hide_utils.cpp | 3 +- native/jni/magiskhide/magiskhide.h | 1 - native/jni/magiskhide/proc_monitor.cpp | 52 ++++++++++++++++++-------- 4 files changed, 38 insertions(+), 19 deletions(-) diff --git a/native/jni/include/daemon.h b/native/jni/include/daemon.h index 77b1a7166..f8edcd5b0 100644 --- a/native/jni/include/daemon.h +++ b/native/jni/include/daemon.h @@ -79,7 +79,6 @@ void install_apk(const char *apk); **************/ void magiskhide_handler(int client); -void zygote_notify(int client, struct ucred *cred); /************* * Superuser * diff --git a/native/jni/magiskhide/hide_utils.cpp b/native/jni/magiskhide/hide_utils.cpp index 1bab2a6e5..4e9d89e9c 100644 --- a/native/jni/magiskhide/hide_utils.cpp +++ b/native/jni/magiskhide/hide_utils.cpp @@ -18,7 +18,7 @@ using namespace std; -pthread_t proc_monitor_thread; +static pthread_t proc_monitor_thread; static const char *prop_key[] = { "ro.boot.vbmeta.device_state", "ro.boot.verifiedbootstate", "ro.boot.flash.locked", @@ -327,4 +327,3 @@ void auto_start_magiskhide() { }); } } - diff --git a/native/jni/magiskhide/magiskhide.h b/native/jni/magiskhide/magiskhide.h index eaaa082f0..4cb69ed1e 100644 --- a/native/jni/magiskhide/magiskhide.h +++ b/native/jni/magiskhide/magiskhide.h @@ -37,7 +37,6 @@ void clean_magisk_props(); void crawl_procfs(const std::function &fn); bool proc_name_match(int pid, const char *name); -extern pthread_t proc_monitor_thread; extern bool hide_enabled; extern pthread_mutex_t monitor_lock; extern std::set> hide_set; diff --git a/native/jni/magiskhide/proc_monitor.cpp b/native/jni/magiskhide/proc_monitor.cpp index f3c9842c6..6b6a55322 100644 --- a/native/jni/magiskhide/proc_monitor.cpp +++ b/native/jni/magiskhide/proc_monitor.cpp @@ -63,6 +63,22 @@ static inline void lazy_unmount(const char* mountpoint) { LOGD("hide_daemon: Unmounted (%s)\n", mountpoint); } +static int parse_ppid(int pid) { + char path[32]; + int ppid; + + sprintf(path, "/proc/%d/stat", pid); + FILE *stat = fopen(path, "re"); + if (stat == nullptr) + return -1; + + /* PID COMM STATE PPID ..... */ + fscanf(stat, "%*d %*s %*c %d", &ppid); + fclose(stat); + + return ppid; +} + static long xptrace(bool log, int request, pid_t pid, void *addr, void *data) { long ret = ptrace(request, pid, addr, data); if (log && ret == -1) @@ -115,18 +131,25 @@ static bool parse_packages_xml(string_view s) { } static void check_zygote() { - crawl_procfs([](int pid) -> bool { - char buf[512]; - snprintf(buf, sizeof(buf), "/proc/%d/cmdline", pid); - FILE *f = fopen(buf, "re"); - if (f) { - fgets(buf, sizeof(buf), f); - if (strncmp(buf, "zygote", 6) == 0) - new_zygote(pid); - fclose(f); - } - return true; - }); + int min_zyg = 1; + if (access("/system/bin/app_process64", R_OK) == 0) + min_zyg = 2; + for (bool first = true; zygote_map.size() < min_zyg; first = false) { + if (!first) + usleep(10000); + crawl_procfs([](int pid) -> bool { + char buf[512]; + snprintf(buf, sizeof(buf), "/proc/%d/cmdline", pid); + FILE *f = fopen(buf, "re"); + if (f) { + fgets(buf, sizeof(buf), f); + if (strncmp(buf, "zygote", 6) == 0 && parse_ppid(pid) == 1) + new_zygote(pid); + fclose(f); + } + return true; + }); + } } void *update_uid_map(void*) { @@ -138,7 +161,7 @@ void *update_uid_map(void*) { /************************* * The actual hide daemon - **************************/ + *************************/ static void hide_daemon(int pid) { RunFinally fin([=]() -> void { @@ -208,8 +231,7 @@ static void inotify_event(int) { read(inotify_fd, buf, sizeof(buf)); if ((event->mask & IN_CLOSE_WRITE) && strcmp(event->name, "packages.xml") == 0) { LOGD("proc_monitor: /data/system/packages.xml updated\n"); - check_zygote(); - update_uid_map(); + new_daemon_thread(update_uid_map); } }