2019-03-05 08:22:20 +00:00
|
|
|
#include <sys/types.h>
|
|
|
|
|
#include <sys/stat.h>
|
2021-09-20 11:42:06 +00:00
|
|
|
#include <sys/inotify.h>
|
2017-04-20 14:45:56 +00:00
|
|
|
#include <unistd.h>
|
2018-07-13 14:14:32 +00:00
|
|
|
#include <fcntl.h>
|
2017-07-02 16:57:20 +00:00
|
|
|
#include <dirent.h>
|
2021-01-11 03:27:54 +00:00
|
|
|
#include <set>
|
2017-04-20 14:45:56 +00:00
|
|
|
|
2020-03-09 08:50:30 +00:00
|
|
|
#include <magisk.hpp>
|
|
|
|
|
#include <utils.hpp>
|
|
|
|
|
#include <db.hpp>
|
2019-02-10 06:05:19 +00:00
|
|
|
|
2021-09-12 19:40:34 +00:00
|
|
|
#include "deny.hpp"
|
2018-11-01 17:23:12 +00:00
|
|
|
|
2019-01-20 04:59:37 +00:00
|
|
|
using namespace std;
|
|
|
|
|
|
2022-02-07 08:17:07 +00:00
|
|
|
// Package name -> list of process names
|
|
|
|
|
using str_set = set<string, StringCmp>;
|
|
|
|
|
static map<string, str_set, StringCmp> *deny_map_;
|
|
|
|
|
#define deny_map (*deny_map_)
|
|
|
|
|
|
|
|
|
|
// app ID -> list of process name
|
|
|
|
|
static map<int, vector<string_view>> *app_id_proc_map;
|
2021-09-20 11:42:06 +00:00
|
|
|
static int inotify_fd = -1;
|
2021-01-11 01:11:00 +00:00
|
|
|
|
|
|
|
|
// Locks the variables above
|
2021-09-12 19:40:34 +00:00
|
|
|
static pthread_mutex_t data_lock = PTHREAD_MUTEX_INITIALIZER;
|
2021-01-11 01:11:00 +00:00
|
|
|
|
2022-01-18 03:54:33 +00:00
|
|
|
atomic<bool> denylist_enforced = false;
|
2021-08-18 09:01:54 +00:00
|
|
|
|
2022-01-18 03:54:33 +00:00
|
|
|
#define do_kill (zygisk_enabled && denylist_enforced)
|
2022-01-16 07:46:08 +00:00
|
|
|
|
2021-09-20 12:08:25 +00:00
|
|
|
static void rebuild_map() {
|
|
|
|
|
app_id_proc_map->clear();
|
2021-01-11 01:11:00 +00:00
|
|
|
string data_path(APP_DATA_DIR);
|
|
|
|
|
size_t len = data_path.length();
|
2021-09-20 12:08:25 +00:00
|
|
|
|
|
|
|
|
// Collect all user IDs
|
|
|
|
|
vector<string> users;
|
|
|
|
|
if (auto dir = open_dir(APP_DATA_DIR)) {
|
|
|
|
|
for (dirent *entry; (entry = xreaddir(dir.get()));) {
|
|
|
|
|
users.emplace_back(entry->d_name);
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-07 08:17:07 +00:00
|
|
|
for (const auto &[pkg, procs] : deny_map) {
|
|
|
|
|
int app_id = -1;
|
|
|
|
|
if (pkg != ISOLATED_MAGIC) {
|
2021-09-20 12:08:25 +00:00
|
|
|
// Traverse the filesystem to find app ID
|
|
|
|
|
for (const auto &user_id : users) {
|
|
|
|
|
data_path.resize(len);
|
|
|
|
|
data_path += '/';
|
|
|
|
|
data_path += user_id;
|
|
|
|
|
data_path += '/';
|
2022-02-07 08:17:07 +00:00
|
|
|
data_path += pkg;
|
|
|
|
|
struct stat st{};
|
|
|
|
|
if (stat(data_path.data(), &st) != 0) {
|
|
|
|
|
app_id = to_app_id(st.st_uid);
|
2021-09-20 12:08:25 +00:00
|
|
|
break;
|
|
|
|
|
}
|
2021-01-11 01:11:00 +00:00
|
|
|
}
|
2022-02-07 08:17:07 +00:00
|
|
|
if (app_id < 0)
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (const auto &proc : procs) {
|
|
|
|
|
(*app_id_proc_map)[app_id].emplace_back(proc);
|
2021-01-11 01:11:00 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2017-07-02 16:57:20 +00:00
|
|
|
|
2019-02-14 01:16:26 +00:00
|
|
|
// Leave /proc fd opened as we're going to read from it repeatedly
|
|
|
|
|
static DIR *procfp;
|
2019-03-12 20:48:01 +00:00
|
|
|
|
2021-08-18 09:01:54 +00:00
|
|
|
template<class F>
|
|
|
|
|
static void crawl_procfs(F &&fn) {
|
|
|
|
|
rewinddir(procfp);
|
|
|
|
|
dirent *dp;
|
2020-12-31 06:11:24 +00:00
|
|
|
int pid;
|
2021-08-18 09:01:54 +00:00
|
|
|
while ((dp = readdir(procfp))) {
|
2020-12-31 06:11:24 +00:00
|
|
|
pid = parse_int(dp->d_name);
|
|
|
|
|
if (pid > 0 && !fn(pid))
|
|
|
|
|
break;
|
|
|
|
|
}
|
2018-10-13 01:46:09 +00:00
|
|
|
}
|
|
|
|
|
|
2020-12-30 23:55:53 +00:00
|
|
|
template <bool str_op(string_view, string_view)>
|
2019-04-22 20:36:23 +00:00
|
|
|
static bool proc_name_match(int pid, const char *name) {
|
2020-12-31 06:11:24 +00:00
|
|
|
char buf[4019];
|
|
|
|
|
sprintf(buf, "/proc/%d/cmdline", pid);
|
|
|
|
|
if (auto fp = open_file(buf, "re")) {
|
|
|
|
|
fgets(buf, sizeof(buf), fp.get());
|
|
|
|
|
if (str_op(buf, name)) {
|
2021-09-12 19:40:34 +00:00
|
|
|
LOGD("denylist: kill PID=[%d] (%s)\n", pid, buf);
|
2020-12-31 06:11:24 +00:00
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false;
|
2018-10-13 01:46:09 +00:00
|
|
|
}
|
|
|
|
|
|
2021-08-18 09:01:54 +00:00
|
|
|
static inline bool str_eql(string_view a, string_view b) { return a == b; }
|
2020-12-30 23:55:53 +00:00
|
|
|
|
2021-08-18 09:01:54 +00:00
|
|
|
template<bool str_op(string_view, string_view) = &str_eql>
|
|
|
|
|
static void kill_process(const char *name, bool multi = false) {
|
2020-12-31 06:11:24 +00:00
|
|
|
crawl_procfs([=](int pid) -> bool {
|
2021-08-18 09:01:54 +00:00
|
|
|
if (proc_name_match<str_op>(pid, name)) {
|
2021-04-26 06:25:18 +00:00
|
|
|
kill(pid, SIGKILL);
|
2020-12-31 06:11:24 +00:00
|
|
|
return multi;
|
|
|
|
|
}
|
|
|
|
|
return true;
|
|
|
|
|
});
|
2018-08-07 21:47:58 +00:00
|
|
|
}
|
|
|
|
|
|
2021-04-16 06:08:51 +00:00
|
|
|
static bool validate(const char *pkg, const char *proc) {
|
|
|
|
|
bool pkg_valid = false;
|
|
|
|
|
bool proc_valid = true;
|
|
|
|
|
|
|
|
|
|
if (str_eql(pkg, ISOLATED_MAGIC)) {
|
|
|
|
|
pkg_valid = true;
|
|
|
|
|
for (char c; (c = *proc); ++proc) {
|
|
|
|
|
if (isalnum(c) || c == '_' || c == '.')
|
|
|
|
|
continue;
|
|
|
|
|
if (c == ':')
|
|
|
|
|
break;
|
|
|
|
|
proc_valid = false;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
for (char c; (c = *pkg); ++pkg) {
|
|
|
|
|
if (isalnum(c) || c == '_')
|
|
|
|
|
continue;
|
|
|
|
|
if (c == '.') {
|
|
|
|
|
pkg_valid = true;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
pkg_valid = false;
|
|
|
|
|
break;
|
2020-12-31 06:11:24 +00:00
|
|
|
}
|
2021-04-16 06:08:51 +00:00
|
|
|
|
|
|
|
|
for (char c; (c = *proc); ++proc) {
|
|
|
|
|
if (isalnum(c) || c == '_' || c == ':' || c == '.')
|
|
|
|
|
continue;
|
|
|
|
|
proc_valid = false;
|
|
|
|
|
break;
|
2020-12-31 06:11:24 +00:00
|
|
|
}
|
|
|
|
|
}
|
2021-04-16 06:08:51 +00:00
|
|
|
return pkg_valid && proc_valid;
|
2019-09-01 06:16:12 +00:00
|
|
|
}
|
|
|
|
|
|
2022-02-07 08:17:07 +00:00
|
|
|
static bool add_hide_set(const char *pkg, const char *proc) {
|
|
|
|
|
auto p = deny_map[pkg].emplace(proc);
|
|
|
|
|
if (!p.second)
|
|
|
|
|
return false;
|
2021-09-12 19:40:34 +00:00
|
|
|
LOGI("denylist add: [%s/%s]\n", pkg, proc);
|
2022-01-16 07:46:08 +00:00
|
|
|
if (!do_kill)
|
2022-02-07 08:17:07 +00:00
|
|
|
return true;
|
2022-01-16 07:46:08 +00:00
|
|
|
if (str_eql(pkg, ISOLATED_MAGIC)) {
|
2020-12-31 06:11:24 +00:00
|
|
|
// Kill all matching isolated processes
|
2021-08-18 09:01:54 +00:00
|
|
|
kill_process<&str_starts>(proc, true);
|
2020-12-31 06:11:24 +00:00
|
|
|
} else {
|
|
|
|
|
kill_process(proc);
|
|
|
|
|
}
|
2022-02-07 08:17:07 +00:00
|
|
|
return true;
|
2020-12-30 23:55:53 +00:00
|
|
|
}
|
|
|
|
|
|
2022-01-16 07:46:08 +00:00
|
|
|
static void clear_data() {
|
2022-02-07 08:17:07 +00:00
|
|
|
delete deny_map_;
|
2022-01-16 07:46:08 +00:00
|
|
|
delete app_id_proc_map;
|
2022-02-07 08:17:07 +00:00
|
|
|
deny_map_ = nullptr;
|
2022-01-16 07:46:08 +00:00
|
|
|
app_id_proc_map = nullptr;
|
|
|
|
|
unregister_poll(inotify_fd, true);
|
|
|
|
|
inotify_fd = -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void inotify_handler(pollfd *pfd) {
|
|
|
|
|
union {
|
|
|
|
|
inotify_event event;
|
|
|
|
|
char buf[512];
|
|
|
|
|
} u{};
|
|
|
|
|
read(pfd->fd, u.buf, sizeof(u.buf));
|
|
|
|
|
if (u.event.name == "packages.xml"sv) {
|
|
|
|
|
cached_manager_app_id = -1;
|
|
|
|
|
exec_task([] {
|
|
|
|
|
mutex_guard lock(data_lock);
|
|
|
|
|
rebuild_map();
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static bool ensure_data() {
|
|
|
|
|
if (app_id_proc_map)
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
LOGI("denylist: initializing internal data structures\n");
|
|
|
|
|
|
2022-02-07 08:17:07 +00:00
|
|
|
default_new(deny_map_);
|
2022-01-16 07:46:08 +00:00
|
|
|
char *err = db_exec("SELECT * FROM denylist", [](db_row &row) -> bool {
|
|
|
|
|
add_hide_set(row["package_name"].data(), row["process"].data());
|
|
|
|
|
return true;
|
|
|
|
|
});
|
|
|
|
|
db_err_cmd(err, goto error);
|
|
|
|
|
|
|
|
|
|
default_new(app_id_proc_map);
|
|
|
|
|
rebuild_map();
|
|
|
|
|
|
|
|
|
|
inotify_fd = xinotify_init1(IN_CLOEXEC);
|
|
|
|
|
if (inotify_fd < 0) {
|
|
|
|
|
goto error;
|
|
|
|
|
} else {
|
|
|
|
|
// Monitor packages.xml
|
|
|
|
|
inotify_add_watch(inotify_fd, "/data/system", IN_CLOSE_WRITE);
|
|
|
|
|
pollfd inotify_pfd = { inotify_fd, POLLIN, 0 };
|
|
|
|
|
register_poll(&inotify_pfd, inotify_handler);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
error:
|
|
|
|
|
clear_data();
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-30 23:55:53 +00:00
|
|
|
static int add_list(const char *pkg, const char *proc) {
|
2020-12-31 06:11:24 +00:00
|
|
|
if (proc[0] == '\0')
|
|
|
|
|
proc = pkg;
|
|
|
|
|
|
2021-04-16 06:08:51 +00:00
|
|
|
if (!validate(pkg, proc))
|
2021-09-12 19:40:34 +00:00
|
|
|
return DENYLIST_INVALID_PKG;
|
2020-12-31 06:11:24 +00:00
|
|
|
|
2021-08-18 09:01:54 +00:00
|
|
|
{
|
2021-09-12 19:40:34 +00:00
|
|
|
mutex_guard lock(data_lock);
|
2022-01-16 07:46:08 +00:00
|
|
|
if (!ensure_data())
|
|
|
|
|
return DAEMON_ERROR;
|
2022-02-07 08:17:07 +00:00
|
|
|
if (!add_hide_set(pkg, proc))
|
|
|
|
|
return DENYLIST_ITEM_EXIST;
|
2021-09-20 12:08:25 +00:00
|
|
|
rebuild_map();
|
2021-08-18 09:01:54 +00:00
|
|
|
}
|
2020-12-31 06:11:24 +00:00
|
|
|
|
|
|
|
|
// Add to database
|
|
|
|
|
char sql[4096];
|
|
|
|
|
snprintf(sql, sizeof(sql),
|
2021-09-12 19:40:34 +00:00
|
|
|
"INSERT INTO denylist (package_name, process) VALUES('%s', '%s')", pkg, proc);
|
2020-12-31 06:11:24 +00:00
|
|
|
char *err = db_exec(sql);
|
|
|
|
|
db_err_cmd(err, return DAEMON_ERROR);
|
|
|
|
|
return DAEMON_SUCCESS;
|
2017-04-20 14:45:56 +00:00
|
|
|
}
|
|
|
|
|
|
2018-11-01 18:08:33 +00:00
|
|
|
int add_list(int client) {
|
2021-01-12 08:07:48 +00:00
|
|
|
string pkg = read_string(client);
|
|
|
|
|
string proc = read_string(client);
|
2021-08-18 09:01:54 +00:00
|
|
|
return add_list(pkg.data(), proc.data());
|
2018-11-01 18:08:33 +00:00
|
|
|
}
|
2017-04-20 14:45:56 +00:00
|
|
|
|
2020-12-30 23:55:53 +00:00
|
|
|
static int rm_list(const char *pkg, const char *proc) {
|
2020-12-31 06:11:24 +00:00
|
|
|
{
|
2021-09-12 19:40:34 +00:00
|
|
|
mutex_guard lock(data_lock);
|
2022-01-16 07:46:08 +00:00
|
|
|
if (!ensure_data())
|
|
|
|
|
return DAEMON_ERROR;
|
|
|
|
|
|
|
|
|
|
bool remove = false;
|
2022-02-07 08:17:07 +00:00
|
|
|
|
|
|
|
|
if (proc[0] == '\0') {
|
|
|
|
|
if (deny_map.erase(pkg) != 0) {
|
2020-12-31 06:11:24 +00:00
|
|
|
remove = true;
|
2022-02-07 08:17:07 +00:00
|
|
|
LOGI("denylist rm: [%s]\n", pkg);
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
auto it = deny_map.find(pkg);
|
|
|
|
|
if (it != deny_map.end()) {
|
|
|
|
|
if (it->second.erase(proc) != 0) {
|
|
|
|
|
remove = true;
|
|
|
|
|
LOGI("denylist rm: [%s/%s]\n", pkg, proc);
|
|
|
|
|
}
|
2020-12-31 06:11:24 +00:00
|
|
|
}
|
|
|
|
|
}
|
2021-08-18 09:01:54 +00:00
|
|
|
if (!remove)
|
2021-09-12 19:40:34 +00:00
|
|
|
return DENYLIST_ITEM_NOT_EXIST;
|
2021-09-20 12:08:25 +00:00
|
|
|
rebuild_map();
|
2020-12-31 06:11:24 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
char sql[4096];
|
|
|
|
|
if (proc[0] == '\0')
|
2021-09-12 19:40:34 +00:00
|
|
|
snprintf(sql, sizeof(sql), "DELETE FROM denylist WHERE package_name='%s'", pkg);
|
2020-12-31 06:11:24 +00:00
|
|
|
else
|
|
|
|
|
snprintf(sql, sizeof(sql),
|
2021-09-12 19:40:34 +00:00
|
|
|
"DELETE FROM denylist WHERE package_name='%s' AND process='%s'", pkg, proc);
|
2020-12-31 06:11:24 +00:00
|
|
|
char *err = db_exec(sql);
|
2021-08-18 09:01:54 +00:00
|
|
|
db_err_cmd(err, return DAEMON_ERROR);
|
2020-12-31 06:11:24 +00:00
|
|
|
return DAEMON_SUCCESS;
|
2017-04-20 14:45:56 +00:00
|
|
|
}
|
|
|
|
|
|
2018-11-01 18:08:33 +00:00
|
|
|
int rm_list(int client) {
|
2021-01-12 08:07:48 +00:00
|
|
|
string pkg = read_string(client);
|
|
|
|
|
string proc = read_string(client);
|
2021-08-18 09:01:54 +00:00
|
|
|
return rm_list(pkg.data(), proc.data());
|
2018-11-01 18:08:33 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void ls_list(int client) {
|
2021-08-18 09:01:54 +00:00
|
|
|
{
|
2021-09-12 19:40:34 +00:00
|
|
|
mutex_guard lock(data_lock);
|
2022-01-16 07:46:08 +00:00
|
|
|
if (!ensure_data()) {
|
|
|
|
|
write_int(client, DAEMON_ERROR);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
write_int(client, DAEMON_SUCCESS);
|
2022-02-07 08:17:07 +00:00
|
|
|
|
|
|
|
|
for (const auto &[pkg, procs] : deny_map) {
|
|
|
|
|
for (const auto &proc : procs) {
|
|
|
|
|
write_int(client, pkg.size() + proc.size() + 1);
|
|
|
|
|
xwrite(client, pkg.data(), pkg.size());
|
|
|
|
|
xwrite(client, "|", 1);
|
|
|
|
|
xwrite(client, proc.data(), proc.size());
|
|
|
|
|
}
|
2021-08-18 09:01:54 +00:00
|
|
|
}
|
2021-01-12 08:07:48 +00:00
|
|
|
}
|
|
|
|
|
write_int(client, 0);
|
2020-12-31 06:11:24 +00:00
|
|
|
close(client);
|
2017-09-05 18:25:40 +00:00
|
|
|
}
|
2018-11-16 06:15:34 +00:00
|
|
|
|
2022-01-16 07:46:08 +00:00
|
|
|
static bool str_ends_safe(string_view s, string_view ss) {
|
|
|
|
|
// Never kill webview zygote
|
|
|
|
|
if (s == "webview_zygote")
|
|
|
|
|
return false;
|
|
|
|
|
return str_ends(s, ss);
|
|
|
|
|
}
|
|
|
|
|
|
2021-09-16 12:27:34 +00:00
|
|
|
static void update_deny_config() {
|
2020-12-31 06:11:24 +00:00
|
|
|
char sql[64];
|
|
|
|
|
sprintf(sql, "REPLACE INTO settings (key,value) VALUES('%s',%d)",
|
2022-01-18 03:54:33 +00:00
|
|
|
DB_SETTING_KEYS[DENYLIST_CONFIG], denylist_enforced.load());
|
2020-12-31 06:11:24 +00:00
|
|
|
char *err = db_exec(sql);
|
|
|
|
|
db_err(err);
|
2018-11-16 06:15:34 +00:00
|
|
|
}
|
|
|
|
|
|
2021-09-16 12:27:34 +00:00
|
|
|
int enable_deny() {
|
2022-01-18 03:54:33 +00:00
|
|
|
if (denylist_enforced) {
|
2021-09-16 12:27:34 +00:00
|
|
|
return DAEMON_SUCCESS;
|
|
|
|
|
} else {
|
|
|
|
|
mutex_guard lock(data_lock);
|
2018-11-16 06:15:34 +00:00
|
|
|
|
2021-09-16 12:27:34 +00:00
|
|
|
if (access("/proc/self/ns/mnt", F_OK) != 0) {
|
|
|
|
|
LOGW("The kernel does not support mount namespace\n");
|
|
|
|
|
return DENY_NO_NS;
|
|
|
|
|
}
|
2020-05-17 21:45:08 +00:00
|
|
|
|
2021-09-16 12:27:34 +00:00
|
|
|
if (procfp == nullptr && (procfp = opendir("/proc")) == nullptr)
|
|
|
|
|
return DAEMON_ERROR;
|
2019-02-14 09:08:05 +00:00
|
|
|
|
2021-09-16 12:27:34 +00:00
|
|
|
LOGI("* Enable DenyList\n");
|
2018-11-16 06:15:34 +00:00
|
|
|
|
2022-01-18 03:54:33 +00:00
|
|
|
denylist_enforced = true;
|
2019-02-14 01:16:26 +00:00
|
|
|
|
2022-01-16 07:46:08 +00:00
|
|
|
if (!ensure_data()) {
|
2022-01-18 03:54:33 +00:00
|
|
|
denylist_enforced = false;
|
2022-01-16 07:46:08 +00:00
|
|
|
return DAEMON_ERROR;
|
|
|
|
|
}
|
2021-09-20 11:42:06 +00:00
|
|
|
|
2022-01-16 07:46:08 +00:00
|
|
|
// On Android Q+, also kill blastula pool and all app zygotes
|
|
|
|
|
if (SDK_INT >= 29 && zygisk_enabled) {
|
|
|
|
|
kill_process("usap32", true);
|
|
|
|
|
kill_process("usap64", true);
|
|
|
|
|
kill_process<&str_ends_safe>("_zygote", true);
|
2021-09-20 11:42:06 +00:00
|
|
|
}
|
2021-09-16 12:27:34 +00:00
|
|
|
}
|
2021-01-12 08:07:48 +00:00
|
|
|
|
2021-09-16 12:27:34 +00:00
|
|
|
update_deny_config();
|
2020-12-31 06:11:24 +00:00
|
|
|
return DAEMON_SUCCESS;
|
2018-11-16 06:15:34 +00:00
|
|
|
}
|
|
|
|
|
|
2021-09-12 19:40:34 +00:00
|
|
|
int disable_deny() {
|
2022-01-18 03:54:33 +00:00
|
|
|
if (denylist_enforced) {
|
|
|
|
|
denylist_enforced = false;
|
2021-09-12 19:40:34 +00:00
|
|
|
LOGI("* Disable DenyList\n");
|
2021-09-16 12:27:34 +00:00
|
|
|
|
|
|
|
|
mutex_guard lock(data_lock);
|
2022-01-16 07:46:08 +00:00
|
|
|
clear_data();
|
2020-12-31 06:11:24 +00:00
|
|
|
}
|
2021-09-16 12:27:34 +00:00
|
|
|
update_deny_config();
|
2020-12-31 06:11:24 +00:00
|
|
|
return DAEMON_SUCCESS;
|
2018-11-16 06:15:34 +00:00
|
|
|
}
|
|
|
|
|
|
2021-09-16 12:27:34 +00:00
|
|
|
void initialize_denylist() {
|
2022-01-18 03:54:33 +00:00
|
|
|
if (!denylist_enforced) {
|
2020-12-31 06:11:24 +00:00
|
|
|
db_settings dbs;
|
2021-09-12 19:40:34 +00:00
|
|
|
get_db_settings(dbs, DENYLIST_CONFIG);
|
|
|
|
|
if (dbs[DENYLIST_CONFIG])
|
2021-09-16 12:27:34 +00:00
|
|
|
enable_deny();
|
2020-12-31 06:11:24 +00:00
|
|
|
}
|
2018-11-16 06:15:34 +00:00
|
|
|
}
|
2019-05-25 23:08:53 +00:00
|
|
|
|
2021-09-12 19:40:34 +00:00
|
|
|
bool is_deny_target(int uid, string_view process) {
|
|
|
|
|
mutex_guard lock(data_lock);
|
2022-01-16 07:46:08 +00:00
|
|
|
if (!ensure_data())
|
|
|
|
|
return false;
|
2021-01-12 11:28:00 +00:00
|
|
|
|
2021-09-20 12:08:25 +00:00
|
|
|
int app_id = to_app_id(uid);
|
|
|
|
|
if (app_id >= 90000) {
|
2021-01-16 04:22:49 +00:00
|
|
|
// Isolated processes
|
2021-09-20 12:08:25 +00:00
|
|
|
auto it = app_id_proc_map->find(-1);
|
|
|
|
|
if (it == app_id_proc_map->end())
|
2021-01-16 04:22:49 +00:00
|
|
|
return false;
|
2021-01-12 11:28:00 +00:00
|
|
|
|
2021-09-20 12:08:25 +00:00
|
|
|
for (const auto &s : it->second) {
|
2021-01-12 11:28:00 +00:00
|
|
|
if (str_starts(process, s))
|
2021-01-16 04:22:49 +00:00
|
|
|
return true;
|
2021-01-12 11:28:00 +00:00
|
|
|
}
|
|
|
|
|
} else {
|
2021-09-20 12:08:25 +00:00
|
|
|
auto it = app_id_proc_map->find(app_id);
|
|
|
|
|
if (it == app_id_proc_map->end())
|
2021-01-16 04:22:49 +00:00
|
|
|
return false;
|
2021-01-12 11:28:00 +00:00
|
|
|
|
2021-09-20 12:08:25 +00:00
|
|
|
for (const auto &s : it->second) {
|
2021-01-16 04:22:49 +00:00
|
|
|
if (s == process)
|
|
|
|
|
return true;
|
2021-01-12 11:28:00 +00:00
|
|
|
}
|
|
|
|
|
}
|
2021-01-16 04:22:49 +00:00
|
|
|
return false;
|
|
|
|
|
}
|
