From e8ba671fc26fb50d73af8bbc6830cd45f47297cf Mon Sep 17 00:00:00 2001 From: topjohnwu Date: Wed, 13 Jan 2021 20:07:23 -0800 Subject: [PATCH] Guard all injection features behind a global flag --- native/jni/Android.mk | 19 +++++++++++++++---- native/jni/core/applets.cpp | 3 ++- native/jni/include/daemon.hpp | 2 ++ native/jni/magiskhide/hide_utils.cpp | 12 +++++++----- native/jni/magiskhide/magiskhide.cpp | 6 +++++- native/jni/magiskhide/magiskhide.hpp | 9 ++++----- 6 files changed, 35 insertions(+), 16 deletions(-) diff --git a/native/jni/Android.mk b/native/jni/Android.mk index 732a3b9f8..1caa32d1b 100644 --- a/native/jni/Android.mk +++ b/native/jni/Android.mk @@ -4,11 +4,14 @@ LOCAL_PATH := $(call my-dir) # Binaries ######################## +# Global toggle for the WIP zygote injection features +ENABLE_INJECT := 0 + ifdef B_MAGISK include $(CLEAR_VARS) LOCAL_MODULE := magisk -LOCAL_STATIC_LIBRARIES := libnanopb libsystemproperties libutils libxhook +LOCAL_STATIC_LIBRARIES := libnanopb libsystemproperties libutils LOCAL_C_INCLUDES := jni/include LOCAL_SRC_FILES := \ @@ -22,7 +25,6 @@ LOCAL_SRC_FILES := \ core/restorecon.cpp \ core/module.cpp \ magiskhide/magiskhide.cpp \ - magiskhide/proc_monitor.cpp \ magiskhide/hide_utils.cpp \ magiskhide/hide_policy.cpp \ resetprop/persist_properties.cpp \ @@ -30,12 +32,21 @@ LOCAL_SRC_FILES := \ su/su.cpp \ su/connect.cpp \ su/pts.cpp \ - su/su_daemon.cpp \ + su/su_daemon.cpp + +LOCAL_LDLIBS := -llog +LOCAL_CPPFLAGS := -DENABLE_INJECT=$(ENABLE_INJECT) + +ifeq ($(ENABLE_INJECT),1) +LOCAL_STATIC_LIBRARIES += libxhook +LOCAL_SRC_FILES += \ inject/entry.cpp \ inject/utils.cpp \ inject/hook.cpp +else +LOCAL_SRC_FILES += magiskhide/proc_monitor.cpp +endif -LOCAL_LDLIBS := -llog include $(BUILD_EXECUTABLE) endif diff --git a/native/jni/core/applets.cpp b/native/jni/core/applets.cpp index ec3a06668..03b69d5cc 100644 --- a/native/jni/core/applets.cpp +++ b/native/jni/core/applets.cpp @@ -20,10 +20,11 @@ static int call_applet(int argc, char *argv[]) { return (*applet_main[i])(argc, argv); } } +#if ENABLE_INJECT if (str_starts(base, "app_process")) { return app_process_main(argc, argv); } - +#endif fprintf(stderr, "%s: applet not found\n", base.data()); return 1; } diff --git a/native/jni/include/daemon.hpp b/native/jni/include/daemon.hpp index 35baac204..4c855322f 100644 --- a/native/jni/include/daemon.hpp +++ b/native/jni/include/daemon.hpp @@ -51,6 +51,8 @@ void su_daemon_handler(int client, ucred *credential); void auto_start_magiskhide(bool late_props); int stop_magiskhide(); +#if ENABLE_INJECT // For injected process to access daemon int remote_check_hide(int uid, const char *process); void remote_request_hide(); +#endif diff --git a/native/jni/magiskhide/hide_utils.cpp b/native/jni/magiskhide/hide_utils.cpp index be5784834..92e5a66bd 100644 --- a/native/jni/magiskhide/hide_utils.cpp +++ b/native/jni/magiskhide/hide_utils.cpp @@ -20,7 +20,7 @@ map> uid_proc_map; /* uid -> list of process */ // Locks the variables above pthread_mutex_t hide_state_lock = PTHREAD_MUTEX_INITIALIZER; -#if ENABLE_PTRACE_MONITOR +#if !ENABLE_INJECT static pthread_t monitor_thread; #endif @@ -290,7 +290,7 @@ int launch_magiskhide(bool late_props) { if (late_props) hide_late_sensitive_props(); -#if ENABLE_PTRACE_MONITOR +#if !ENABLE_INJECT // Start monitoring if (new_daemon_thread(&proc_monitor)) return DAEMON_ERROR; @@ -313,7 +313,7 @@ int stop_magiskhide() { LOGI("* Disable MagiskHide\n"); uid_proc_map.clear(); hide_set.clear(); -#if ENABLE_PTRACE_MONITOR +#if !ENABLE_INJECT pthread_kill(monitor_thread, SIGTERMTHRD); #endif } @@ -325,7 +325,7 @@ int stop_magiskhide() { void auto_start_magiskhide(bool late_props) { if (hide_enabled()) { -#if ENABLE_PTRACE_MONITOR +#if !ENABLE_INJECT pthread_kill(monitor_thread, SIGALRM); #endif hide_late_sensitive_props(); @@ -337,7 +337,7 @@ void auto_start_magiskhide(bool late_props) { } } -#if ENABLE_PTRACE_MONITOR +#if !ENABLE_INJECT void test_proc_monitor() { if (procfp == nullptr && (procfp = opendir("/proc")) == nullptr) exit(1); @@ -345,6 +345,7 @@ void test_proc_monitor() { } #endif +#if ENABLE_INJECT int check_uid_map(int client) { mutex_guard lock(hide_state_lock); @@ -377,3 +378,4 @@ int check_uid_map(int client) { return 0; } +#endif diff --git a/native/jni/magiskhide/magiskhide.cpp b/native/jni/magiskhide/magiskhide.cpp index 7b7406786..fccf4d1ac 100644 --- a/native/jni/magiskhide/magiskhide.cpp +++ b/native/jni/magiskhide/magiskhide.cpp @@ -62,6 +62,7 @@ void magiskhide_handler(int client, ucred *cred) { case HIDE_STATUS: res = hide_enabled() ? HIDE_IS_ENABLED : HIDE_NOT_ENABLED; break; +#if ENABLE_INJECT case REMOTE_CHECK_HIDE: res = check_uid_map(client); break; @@ -71,6 +72,7 @@ void magiskhide_handler(int client, ucred *cred) { hide_daemon(cred->pid); close(client); return; +#endif } write_int(client, res); @@ -106,7 +108,7 @@ int magiskhide_main(int argc, char *argv[]) { execvp(argv[2], argv + 2); exit(1); } -#if 0 && ENABLE_PTRACE_MONITOR +#if 0 && !ENABLE_INJECT else if (opt == "test"sv) test_proc_monitor(); #endif @@ -168,6 +170,7 @@ return_code: return req == HIDE_STATUS ? (code == HIDE_IS_ENABLED ? 0 : 1) : code != DAEMON_SUCCESS; } +#if ENABLE_INJECT int remote_check_hide(int uid, const char *process) { int fd = connect_daemon(); write_int(fd, MAGISKHIDE); @@ -190,3 +193,4 @@ void remote_request_hide() { close(fd); } +#endif diff --git a/native/jni/magiskhide/magiskhide.hpp b/native/jni/magiskhide/magiskhide.hpp index 061a35710..6afe1fb2c 100644 --- a/native/jni/magiskhide/magiskhide.hpp +++ b/native/jni/magiskhide/magiskhide.hpp @@ -14,21 +14,20 @@ #define SIGTERMTHRD SIGUSR1 #define ISOLATED_MAGIC "isolated" -// Global toggle for ptrace monitor -#define ENABLE_PTRACE_MONITOR 0 - // CLI entries int launch_magiskhide(bool late_props); int stop_magiskhide(); int add_list(int client); int rm_list(int client); void ls_list(int client); -int check_uid_map(int client); -#if ENABLE_PTRACE_MONITOR +#if !ENABLE_INJECT // Process monitoring [[noreturn]] void proc_monitor(); [[noreturn]] void test_proc_monitor(); +#else +// Response whether target process should be hidden +int check_uid_map(int client); #endif // Utility functions