From 52a23e790462695a3a31d3d218e36ab9c9b9827e Mon Sep 17 00:00:00 2001 From: topjohnwu Date: Mon, 3 Jul 2017 00:57:20 +0800 Subject: [PATCH] Add more props for hiding --- jni/Android.mk | 3 +- .../{list_manager.c => hide_utils.c} | 88 +++++++++++++++++- jni/magiskhide/pre_process.c | 90 ------------------- 3 files changed, 85 insertions(+), 96 deletions(-) rename jni/magiskhide/{list_manager.c => hide_utils.c} (57%) delete mode 100644 jni/magiskhide/pre_process.c diff --git a/jni/Android.mk b/jni/Android.mk index 19949fc68..ce1a0923b 100644 --- a/jni/Android.mk +++ b/jni/Android.mk @@ -28,8 +28,7 @@ LOCAL_SRC_FILES := \ magiskhide/magiskhide.c \ magiskhide/hide_daemon.c \ magiskhide/proc_monitor.c \ - magiskhide/pre_process.c \ - magiskhide/list_manager.c \ + magiskhide/hide_utils.c \ magiskpolicy/magiskpolicy.c \ magiskpolicy/rules.c \ magiskpolicy/sepolicy.c \ diff --git a/jni/magiskhide/list_manager.c b/jni/magiskhide/hide_utils.c similarity index 57% rename from jni/magiskhide/list_manager.c rename to jni/magiskhide/hide_utils.c index 683920a66..01d82c2ab 100644 --- a/jni/magiskhide/list_manager.c +++ b/jni/magiskhide/hide_utils.c @@ -1,14 +1,94 @@ -/* list_manager.c - Hide list management +/* hide_utils.c - Some utility functions for MagiskHide */ -#include +#include +#include #include -#include +#include +#include +#include +#include +#include +#include +#include #include "magisk.h" #include "utils.h" -#include "daemon.h" +#include "resetprop.h" #include "magiskhide.h" +#include "daemon.h" + +static char *prop_key[] = + { "ro.boot.verifiedbootstate", "ro.boot.flash.locked", "ro.boot.veritymode", "ro.boot.warranty_bit", "ro.warranty_bit", + "ro.debuggable", "ro.secure", "ro.build.type", "ro.build.tags", "ro.build.selinux", NULL }; + +static char *prop_value[] = + { "green", "1", "enforcing", "0", "0", "0", "1", "user", "release-keys", "0", NULL }; + +static int mocked = 0; + +void manage_selinux() { + if (mocked) return; + char val[1]; + int fd = xopen(SELINUX_ENFORCE, O_RDONLY); + xxread(fd, val, 1); + close(fd); + // Permissive + if (val[0] == '0') { + LOGI("hide_daemon: Permissive detected, hide the state\n"); + + chmod(SELINUX_ENFORCE, 0640); + chmod(SELINUX_POLICY, 0440); + mocked = 1; + } +} + +void hide_sensitive_props() { + LOGI("hide_pre_proc: Hiding sensitive props\n"); + + // Hide all sensitive props + char *value; + for (int i = 0; prop_key[i]; ++i) { + value = getprop(prop_key[i]); + if (value) { + if (strcmp(value, prop_value[i]) != 0) + setprop2(prop_key[i], prop_value[i], 0); + free(value); + } + } +} + +void relink_sbin() { + struct stat st; + if (stat("/sbin_orig", &st) == -1 && errno == ENOENT) { + // Re-link all binaries and bind mount + DIR *dir; + struct dirent *entry; + char from[PATH_MAX], to[PATH_MAX]; + + LOGI("hide_pre_proc: Re-linking /sbin\n"); + + xmount(NULL, "/", NULL, MS_REMOUNT, NULL); + xrename("/sbin", "/sbin_orig"); + xmkdir("/sbin", 0755); + xchmod("/sbin", 0755); + xmount(NULL, "/", NULL, MS_REMOUNT | MS_RDONLY, NULL); + xmkdir("/dev/sbin_bind", 0755); + xchmod("/dev/sbin_bind", 0755); + dir = xopendir("/sbin_orig"); + + while ((entry = xreaddir(dir))) { + snprintf(from, sizeof(from), "%s/%s", "/sbin_orig", entry->d_name); + snprintf(to, sizeof(to), "%s/%s", "/dev/sbin_bind", entry->d_name); + symlink(from, to); + lsetfilecon(to, "u:object_r:system_file:s0"); + } + + closedir(dir); + + xmount("/dev/sbin_bind", "/sbin", NULL, MS_BIND, NULL); + } +} int add_list(char *proc) { if (!hideEnabled) { diff --git a/jni/magiskhide/pre_process.c b/jni/magiskhide/pre_process.c deleted file mode 100644 index 1a71f2f59..000000000 --- a/jni/magiskhide/pre_process.c +++ /dev/null @@ -1,90 +0,0 @@ -/* pre_process.c - Some pre-processes for MagiskHide to hide properly - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "magisk.h" -#include "utils.h" -#include "resetprop.h" -#include "magiskhide.h" - -static char *prop_key[] = - { "ro.boot.verifiedbootstate", "ro.boot.flash.locked", "ro.boot.veritymode", "ro.boot.warranty_bit", "ro.warranty_bit", - "ro.debuggable", "ro.secure", NULL }; - -static char *prop_value[] = - { "green", "1", "enforcing", "0", "0", "0", "1", NULL }; - -static int isMocked = 0; - -void manage_selinux() { - if (isMocked) return; - char val[1]; - int fd = xopen(SELINUX_ENFORCE, O_RDONLY); - xxread(fd, val, 1); - close(fd); - // Permissive - if (val[0] == '0') { - LOGI("hide_daemon: Permissive detected, hide the state\n"); - - chmod(SELINUX_ENFORCE, 0640); - chmod(SELINUX_POLICY, 0440); - isMocked = 1; - } -} - -void hide_sensitive_props() { - LOGI("hide_pre_proc: Hiding sensitive props\n"); - - // Hide all sensitive props - char *value; - for (int i = 0; prop_key[i]; ++i) { - value = getprop(prop_key[i]); - if (value) { - if (strcmp(value, prop_value[i]) != 0) - setprop2(prop_key[i], prop_value[i], 0); - free(value); - } - } -} - -void relink_sbin() { - struct stat st; - if (stat("/sbin_orig", &st) == -1 && errno == ENOENT) { - // Re-link all binaries and bind mount - DIR *dir; - struct dirent *entry; - char from[PATH_MAX], to[PATH_MAX]; - - LOGI("hide_pre_proc: Re-linking /sbin\n"); - - xmount(NULL, "/", NULL, MS_REMOUNT, NULL); - xrename("/sbin", "/sbin_orig"); - xmkdir("/sbin", 0755); - xchmod("/sbin", 0755); - xmount(NULL, "/", NULL, MS_REMOUNT | MS_RDONLY, NULL); - xmkdir("/dev/sbin_bind", 0755); - xchmod("/dev/sbin_bind", 0755); - dir = xopendir("/sbin_orig"); - - while ((entry = xreaddir(dir))) { - snprintf(from, sizeof(from), "%s/%s", "/sbin_orig", entry->d_name); - snprintf(to, sizeof(to), "%s/%s", "/dev/sbin_bind", entry->d_name); - symlink(from, to); - lsetfilecon(to, "u:object_r:system_file:s0"); - } - - closedir(dir); - - xmount("/dev/sbin_bind", "/sbin", NULL, MS_BIND, NULL); - } -}