From f723427b8b253e4d0631891cf3af787e64c8b8fc Mon Sep 17 00:00:00 2001
From: topjohnwu <topjohnwu@gmail.com>
Date: Wed, 28 Nov 2018 01:27:32 -0500
Subject: [PATCH] Add built-in procfs protection on SDK 24+

More information in the Medium Post:
https://medium.com/@topjohnwu/from-anime-game-to-android-system-security-vulnerability-9b955a182f20
---
 native/jni/daemon/bootstages.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/native/jni/daemon/bootstages.cpp b/native/jni/daemon/bootstages.cpp
index 2d6c6658a..c9b1f703a 100644
--- a/native/jni/daemon/bootstages.cpp
+++ b/native/jni/daemon/bootstages.cpp
@@ -432,6 +432,9 @@ static bool magisk_env() {
 	xmkdir(SECURE_DIR "/post-fs-data.d", 0755);
 	xmkdir(SECURE_DIR "/service.d", 0755);
 
+	CharArray sdk_prop = getprop("ro.build.version.sdk");
+	int sdk = sdk_prop.empty() ? -1 : atoi(sdk_prop);
+
 	LOGI("* Mounting mirrors");
 	Vector<CharArray> mounts;
 	file_to_vector("/proc/mounts", mounts);
@@ -462,6 +465,9 @@ static bool magisk_env() {
 #else
 			LOGI("mount: %s\n", MIRRDIR "/vendor");
 #endif
+		} else if (sdk >= 24 && line.contains(" /proc ") && !line.contains("hidepid=2")) {
+			// Enforce hidepid
+			xmount(nullptr, "/proc", nullptr, MS_REMOUNT, "hidepid=2,gid=3009");
 		}
 	}
 	if (!seperate_vendor) {