Magisk/native/jni/magiskhide/hide_policy.cpp

131 lines
3.6 KiB
C++
Raw Normal View History

2019-05-26 02:47:57 -07:00
#include <sys/mount.h>
2020-03-09 01:50:30 -07:00
#include <magisk.hpp>
#include <utils.hpp>
#include <selinux.hpp>
#include <resetprop.hpp>
2019-05-26 02:47:57 -07:00
2020-03-09 01:50:30 -07:00
#include "magiskhide.hpp"
2019-05-26 02:47:57 -07:00
using namespace std;
static const char *prop_key[] =
{ "ro.boot.vbmeta.device_state", "ro.boot.verifiedbootstate", "ro.boot.flash.locked",
"ro.boot.veritymode", "ro.boot.warranty_bit", "ro.warranty_bit", "ro.debuggable",
2020-05-18 03:51:41 -07:00
"ro.secure", "ro.build.type", "ro.build.tags", "vendor.boot.vbmeta.device_state",
"ro.vendor.boot.warranty_bit", "ro.vendor.warranty_bit", nullptr };
2020-05-09 06:53:32 -03:00
static const char *prop_val[] =
2019-05-26 02:47:57 -07:00
{ "locked", "green", "1",
"enforcing", "0", "0", "0",
2020-05-18 03:51:41 -07:00
"1", "user", "release-keys", "locked",
"0", "0", nullptr };
static const char *late_prop_key[] =
2020-05-18 03:51:41 -07:00
{ "vendor.boot.verifiedbootstate", nullptr };
static const char *late_prop_val[] =
2020-05-18 03:51:41 -07:00
{ "green", nullptr };
2019-05-26 02:47:57 -07:00
void hide_sensitive_props() {
LOGI("hide_policy: Hiding sensitive props\n");
for (int i = 0; prop_key[i]; ++i) {
auto value = getprop(prop_key[i]);
if (!value.empty() && value != prop_val[i])
setprop(prop_key[i], prop_val[i], false);
2019-05-26 02:47:57 -07:00
}
2020-02-18 00:44:10 +08:00
// Hide that we booted from recovery when magisk is in recovery mode
auto bootmode = getprop("ro.bootmode");
2020-05-17 15:01:20 -07:00
if (!bootmode.empty() && str_contains(bootmode, "recovery"))
setprop("ro.bootmode", "unknown", false);
bootmode = getprop("ro.boot.mode");
2020-05-17 15:01:20 -07:00
if (!bootmode.empty() && str_contains(bootmode, "recovery"))
setprop("ro.boot.mode", "unknown", false);
2020-05-18 03:51:41 -07:00
bootmode = getprop("vendor.boot.mode");
if (!bootmode.empty() && str_contains(bootmode, "recovery"))
setprop("vendor.boot.mode", "unknown", false);
2020-05-17 15:01:20 -07:00
2020-02-18 00:44:10 +08:00
// Xiaomi cross region flash
auto hwc = getprop("ro.boot.hwc");
2020-05-17 15:01:20 -07:00
if (!hwc.empty() && str_contains(hwc, "CN"))
2020-02-18 00:44:10 +08:00
setprop("ro.boot.hwc", "GLOBAL", false);
auto hwcountry = getprop("ro.boot.hwcountry");
2020-05-17 15:01:20 -07:00
if (!hwcountry.empty() && str_contains(hwcountry, "China"))
2020-02-18 00:44:10 +08:00
setprop("ro.boot.hwcountry", "GLOBAL", false);
2020-05-17 15:01:20 -07:00
auto selinux = getprop("ro.build.selinux");
2020-05-18 04:56:29 -07:00
if (!selinux.empty())
2020-05-17 15:01:20 -07:00
delprop("ro.build.selinux");
2019-05-26 02:47:57 -07:00
}
void hide_late_sensitive_props() {
LOGI("hide_policy: Hiding sensitive props (late)\n");
for (int i = 0; late_prop_key[i]; ++i) {
auto value = getprop(late_prop_key[i]);
if (!value.empty() && value != late_prop_val[i])
setprop(prop_key[i], late_prop_val[i], false);
}
}
2020-05-17 15:01:20 -07:00
static void lazy_unmount(const char* mountpoint) {
2019-05-26 02:47:57 -07:00
if (umount2(mountpoint, MNT_DETACH) != -1)
LOGD("hide_policy: Unmounted (%s)\n", mountpoint);
}
void hide_daemon(int pid) {
2020-05-17 15:01:20 -07:00
if (fork_dont_care() == 0) {
hide_unmount(pid);
2019-05-26 02:47:57 -07:00
// Send resume signal
2019-06-27 00:28:34 -07:00
kill(pid, SIGCONT);
2019-05-26 02:47:57 -07:00
_exit(0);
2020-05-17 15:01:20 -07:00
}
}
2019-05-26 02:47:57 -07:00
2019-06-23 03:53:41 -07:00
#define TMPFS_MNT(dir) (mentry->mnt_type == "tmpfs"sv && \
strncmp(mentry->mnt_dir, "/" #dir, sizeof("/" #dir) - 1) == 0)
void hide_unmount(int pid) {
2019-05-26 02:47:57 -07:00
if (switch_mnt_ns(pid))
return;
LOGD("hide_policy: handling PID=[%d]\n", pid);
2019-05-26 03:05:23 -07:00
char val;
int fd = xopen(SELINUX_ENFORCE, O_RDONLY);
xxread(fd, &val, sizeof(val));
close(fd);
// Permissive
if (val == '0') {
chmod(SELINUX_ENFORCE, 0640);
chmod(SELINUX_POLICY, 0440);
}
2019-05-26 02:47:57 -07:00
vector<string> targets;
// Unmount dummy skeletons and /sbin links
targets.push_back(MAGISKTMP);
2019-06-23 03:53:41 -07:00
parse_mnt("/proc/self/mounts", [&](mntent *mentry) {
if (TMPFS_MNT(system) || TMPFS_MNT(vendor) || TMPFS_MNT(product) || TMPFS_MNT(system_ext))
2019-06-23 03:53:41 -07:00
targets.emplace_back(mentry->mnt_dir);
2019-05-26 02:47:57 -07:00
return true;
});
for (auto &s : reversed(targets))
2019-05-26 02:47:57 -07:00
lazy_unmount(s.data());
targets.clear();
// Unmount all Magisk created mounts
2019-06-23 03:53:41 -07:00
parse_mnt("/proc/self/mounts", [&](mntent *mentry) {
if (strstr(mentry->mnt_fsname, BLOCKDIR))
targets.emplace_back(mentry->mnt_dir);
2019-05-26 02:47:57 -07:00
return true;
});
for (auto &s : reversed(targets))
2019-05-26 02:47:57 -07:00
lazy_unmount(s.data());
}