From 13fbf397d12f234c3d4a626f1b1d8c5873337ca1 Mon Sep 17 00:00:00 2001
From: topjohnwu <topjohnwu@gmail.com>
Date: Fri, 15 Jan 2021 20:22:49 -0800
Subject: [PATCH] Isolated processes might still be hide-able

---
 native/jni/magiskhide/hide_utils.cpp   | 54 +++++++++++++-------------
 native/jni/magiskhide/magiskhide.hpp   |  1 +
 native/jni/magiskhide/proc_monitor.cpp | 51 +++++++++---------------
 3 files changed, 47 insertions(+), 59 deletions(-)

diff --git a/native/jni/magiskhide/hide_utils.cpp b/native/jni/magiskhide/hide_utils.cpp
index 92e5a66bd..8f82c7604 100644
--- a/native/jni/magiskhide/hide_utils.cpp
+++ b/native/jni/magiskhide/hide_utils.cpp
@@ -337,6 +337,32 @@ void auto_start_magiskhide(bool late_props) {
     }
 }
 
+bool is_hide_target(int uid, string_view process) {
+    mutex_guard lock(hide_state_lock);
+
+    if (uid % 100000 >= 90000) {
+        // Isolated processes
+        auto it = uid_proc_map.find(-1);
+        if (it == uid_proc_map.end())
+            return false;
+
+        for (auto &s : it->second) {
+            if (str_starts(process, s))
+                return true;
+        }
+    } else {
+        auto it = uid_proc_map.find(uid);
+        if (it == uid_proc_map.end())
+            return false;
+
+        for (auto &s : it->second) {
+            if (s == process)
+                return true;
+        }
+    }
+    return false;
+}
+
 #if !ENABLE_INJECT
 void test_proc_monitor() {
     if (procfp == nullptr && (procfp = opendir("/proc")) == nullptr)
@@ -347,35 +373,11 @@ void test_proc_monitor() {
 
 #if ENABLE_INJECT
 int check_uid_map(int client) {
-    mutex_guard lock(hide_state_lock);
-
-    if (!hide_state)
+    if (!hide_enabled())
         return 0;
 
     int uid = read_int(client);
     string process = read_string(client);
-
-    if (uid % 100000 > 90000) {
-        // Isolated process
-        auto it = uid_proc_map.find(-1);
-        if (it == uid_proc_map.end())
-            return 0;
-
-        for (auto &s : it->second) {
-            if (str_starts(process, s))
-                return 1;
-        }
-    } else {
-        auto it = uid_proc_map.find(uid);
-        if (it == uid_proc_map.end())
-            return 0;
-
-        for (auto &s : it->second) {
-            if (process == s)
-                return 1;
-        }
-    }
-
-    return 0;
+    return is_hide_target(uid, process) ? 1 : 0;
 }
 #endif
diff --git a/native/jni/magiskhide/magiskhide.hpp b/native/jni/magiskhide/magiskhide.hpp
index 6afe1fb2c..fbe34b3f8 100644
--- a/native/jni/magiskhide/magiskhide.hpp
+++ b/native/jni/magiskhide/magiskhide.hpp
@@ -35,6 +35,7 @@ void crawl_procfs(const std::function<bool (int)> &fn);
 void crawl_procfs(DIR *dir, const std::function<bool (int)> &fn);
 bool hide_enabled();
 void update_uid_map();
+bool is_hide_target(int uid, std::string_view process);
 
 // Hide policies
 void hide_daemon(int pid);
diff --git a/native/jni/magiskhide/proc_monitor.cpp b/native/jni/magiskhide/proc_monitor.cpp
index 5dea39e90..552c3a2c9 100644
--- a/native/jni/magiskhide/proc_monitor.cpp
+++ b/native/jni/magiskhide/proc_monitor.cpp
@@ -183,8 +183,10 @@ static bool check_pid(int pid) {
         return true;
     }
 
+    int uid = st.st_uid;
+
     // UID hasn't changed
-    if (st.st_uid == 0)
+    if (uid == 0)
         return false;
 
     sprintf(path, "/proc/%d/cmdline", pid);
@@ -200,43 +202,26 @@ static bool check_pid(int pid) {
         cmdline == "usap32"sv || cmdline == "usap64"sv)
         return false;
 
-    int uid = st.st_uid;
-
-    // Start accessing uid_proc_map
-    mutex_guard lock(hide_state_lock);
-    auto it = uid_proc_map.end();
-
-    if (uid % 100000 > 90000) {
-        // No way to handle isolated process
+    if (!is_hide_target(uid, cmdline))
         goto not_target;
-    }
 
-    it = uid_proc_map.find(uid);
-    if (it == uid_proc_map.end())
-        goto not_target;
-    for (auto &s : it->second) {
-        if (s != cmdline)
-            continue;
-
-        // Check if ns is separated (could be app zygote)
-        read_ns(pid, &st);
-        for (auto &zit : zygote_map) {
-            if (zit.second.st_ino == st.st_ino &&
-                zit.second.st_dev == st.st_dev) {
-                // ns not separated, abort
-                goto not_target;
-            }
+    // Ensure ns is separated
+    read_ns(pid, &st);
+    for (auto &zit : zygote_map) {
+        if (zit.second.st_ino == st.st_ino &&
+            zit.second.st_dev == st.st_dev) {
+            // ns not separated, abort
+            goto not_target;
         }
-
-        // Finally this is our target!
-        // Detach from ptrace but should still remain stopped.
-        // The hide daemon will resume the process.
-        LOGI("proc_monitor: [%s] PID=[%d] UID=[%d]\n", cmdline, pid, uid);
-        detach_pid(pid, SIGSTOP);
-        hide_daemon(pid);
-        return true;
     }
 
+    // Detach but the process should still remain stopped
+    // The hide daemon will resume the process after hiding it
+    LOGI("proc_monitor: [%s] PID=[%d] UID=[%d]\n", cmdline, pid, uid);
+    detach_pid(pid, SIGSTOP);
+    hide_daemon(pid);
+    return true;
+
 not_target:
     PTRACE_LOG("[%s] is not our target\n", cmdline);
     detach_pid(pid);