2019-03-05 03:22:20 -05:00
|
|
|
#include <sys/types.h>
|
|
|
|
|
#include <sys/stat.h>
|
2021-09-20 04:42:06 -07:00
|
|
|
#include <sys/inotify.h>
|
2017-04-20 22:45:56 +08:00
|
|
|
#include <unistd.h>
|
2018-07-13 22:14:32 +08:00
|
|
|
#include <fcntl.h>
|
2017-07-03 00:57:20 +08:00
|
|
|
#include <dirent.h>
|
2021-01-10 19:27:54 -08:00
|
|
|
#include <set>
|
2017-04-20 22:45:56 +08:00
|
|
|
|
2023-11-08 01:46:02 -08:00
|
|
|
#include <consts.hpp>
|
2022-05-12 02:03:42 -07:00
|
|
|
#include <base.hpp>
|
2025-01-03 11:38:15 -08:00
|
|
|
#include <sqlite.hpp>
|
2023-11-08 01:46:02 -08:00
|
|
|
#include <core.hpp>
|
2019-02-10 01:05:19 -05:00
|
|
|
|
2021-09-12 12:40:34 -07:00
|
|
|
#include "deny.hpp"
|
2018-11-01 13:23:12 -04:00
|
|
|
|
2019-01-19 23:59:37 -05:00
|
|
|
using namespace std;
|
|
|
|
|
|
2022-02-07 02:46:47 -08:00
|
|
|
// For the following data structures:
|
|
|
|
|
// If package name == ISOLATED_MAGIC, or app ID == -1, it means isolated service
|
|
|
|
|
|
2022-02-07 00:17:07 -08:00
|
|
|
// Package name -> list of process names
|
2022-02-08 16:49:22 +08:00
|
|
|
static unique_ptr<map<string, set<string, StringCmp>, StringCmp>> pkg_to_procs_;
|
2022-02-07 02:46:47 -08:00
|
|
|
#define pkg_to_procs (*pkg_to_procs_)
|
2022-02-07 00:17:07 -08:00
|
|
|
|
2022-02-07 02:46:47 -08:00
|
|
|
// app ID -> list of pkg names (string_view points to a pkg_to_procs key)
|
2022-02-08 16:49:22 +08:00
|
|
|
static unique_ptr<map<int, set<string_view>>> app_id_to_pkgs_;
|
2022-02-07 02:46:47 -08:00
|
|
|
#define app_id_to_pkgs (*app_id_to_pkgs_)
|
2021-01-10 17:11:00 -08:00
|
|
|
|
2022-02-07 02:46:47 -08:00
|
|
|
// Locks the data structures above
|
2021-09-12 12:40:34 -07:00
|
|
|
static pthread_mutex_t data_lock = PTHREAD_MUTEX_INITIALIZER;
|
2021-01-10 17:11:00 -08:00
|
|
|
|
2022-01-17 19:54:33 -08:00
|
|
|
atomic<bool> denylist_enforced = false;
|
2021-08-18 02:01:54 -07:00
|
|
|
|
2024-01-30 02:58:56 +08:00
|
|
|
static int get_app_id(const vector<int> &users, const string &pkg) {
|
|
|
|
|
struct stat st{};
|
|
|
|
|
char buf[PATH_MAX];
|
|
|
|
|
for (const auto &user_id: users) {
|
|
|
|
|
ssprintf(buf, sizeof(buf), "%s/%d/%s", APP_DATA_DIR, user_id, pkg.data());
|
|
|
|
|
if (stat(buf, &st) == 0) {
|
|
|
|
|
return to_app_id(st.st_uid);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2022-02-14 02:57:33 -08:00
|
|
|
|
2024-01-30 02:58:56 +08:00
|
|
|
static void collect_users(vector<int> &users) {
|
2022-02-07 02:46:47 -08:00
|
|
|
auto data_dir = xopen_dir(APP_DATA_DIR);
|
|
|
|
|
if (!data_dir)
|
|
|
|
|
return;
|
|
|
|
|
dirent *entry;
|
|
|
|
|
while ((entry = xreaddir(data_dir.get()))) {
|
2024-01-30 02:58:56 +08:00
|
|
|
users.emplace_back(parse_int(entry->d_name));
|
2022-02-07 02:46:47 -08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2024-01-30 02:58:56 +08:00
|
|
|
static int get_app_id(const string &pkg) {
|
|
|
|
|
if (pkg == ISOLATED_MAGIC)
|
|
|
|
|
return -1;
|
|
|
|
|
vector<int> users;
|
|
|
|
|
collect_users(users);
|
|
|
|
|
return get_app_id(users, pkg);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void update_app_id(int app_id, const string &pkg, bool remove) {
|
|
|
|
|
if (app_id <= 0)
|
2021-09-20 05:08:25 -07:00
|
|
|
return;
|
2024-01-30 02:58:56 +08:00
|
|
|
if (remove) {
|
|
|
|
|
if (auto it = app_id_to_pkgs.find(app_id); it != app_id_to_pkgs.end()) {
|
|
|
|
|
it->second.erase(pkg);
|
|
|
|
|
if (it->second.empty()) {
|
|
|
|
|
app_id_to_pkgs.erase(it);
|
2021-01-10 17:11:00 -08:00
|
|
|
}
|
|
|
|
|
}
|
2024-01-30 02:58:56 +08:00
|
|
|
} else {
|
|
|
|
|
app_id_to_pkgs[app_id].emplace(pkg);
|
2021-01-10 17:11:00 -08:00
|
|
|
}
|
|
|
|
|
}
|
2017-07-03 00:57:20 +08:00
|
|
|
|
2019-02-13 20:16:26 -05:00
|
|
|
// Leave /proc fd opened as we're going to read from it repeatedly
|
|
|
|
|
static DIR *procfp;
|
2019-03-12 16:48:01 -04:00
|
|
|
|
2021-08-18 02:01:54 -07:00
|
|
|
template<class F>
|
2022-02-07 02:46:47 -08:00
|
|
|
static void crawl_procfs(const F &fn) {
|
2021-08-18 02:01:54 -07:00
|
|
|
rewinddir(procfp);
|
|
|
|
|
dirent *dp;
|
2020-12-30 22:11:24 -08:00
|
|
|
int pid;
|
2021-08-18 02:01:54 -07:00
|
|
|
while ((dp = readdir(procfp))) {
|
2020-12-30 22:11:24 -08:00
|
|
|
pid = parse_int(dp->d_name);
|
|
|
|
|
if (pid > 0 && !fn(pid))
|
|
|
|
|
break;
|
|
|
|
|
}
|
2018-10-12 21:46:09 -04:00
|
|
|
}
|
|
|
|
|
|
2022-07-23 00:59:50 +08:00
|
|
|
static inline bool str_eql(string_view a, string_view b) { return a == b; }
|
|
|
|
|
|
|
|
|
|
template<bool str_op(string_view, string_view) = &str_eql>
|
|
|
|
|
static bool proc_name_match(int pid, string_view name) {
|
2020-12-30 22:11:24 -08:00
|
|
|
char buf[4019];
|
|
|
|
|
sprintf(buf, "/proc/%d/cmdline", pid);
|
|
|
|
|
if (auto fp = open_file(buf, "re")) {
|
|
|
|
|
fgets(buf, sizeof(buf), fp.get());
|
|
|
|
|
if (str_op(buf, name)) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false;
|
2018-10-12 21:46:09 -04:00
|
|
|
}
|
|
|
|
|
|
2022-08-08 22:30:03 +08:00
|
|
|
bool proc_context_match(int pid, string_view context) {
|
2022-07-23 00:59:50 +08:00
|
|
|
char buf[PATH_MAX];
|
|
|
|
|
sprintf(buf, "/proc/%d/attr/current", pid);
|
|
|
|
|
if (auto fp = open_file(buf, "re")) {
|
|
|
|
|
fgets(buf, sizeof(buf), fp.get());
|
2022-07-23 18:06:04 +08:00
|
|
|
if (str_starts(buf, context)) {
|
2022-07-23 00:59:50 +08:00
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2020-12-30 15:55:53 -08:00
|
|
|
|
2022-07-23 00:59:50 +08:00
|
|
|
template<bool matcher(int, string_view) = &proc_name_match>
|
2021-08-18 02:01:54 -07:00
|
|
|
static void kill_process(const char *name, bool multi = false) {
|
2020-12-30 22:11:24 -08:00
|
|
|
crawl_procfs([=](int pid) -> bool {
|
2022-07-23 00:59:50 +08:00
|
|
|
if (matcher(pid, name)) {
|
2021-04-26 14:25:18 +08:00
|
|
|
kill(pid, SIGKILL);
|
2022-07-23 00:59:50 +08:00
|
|
|
LOGD("denylist: kill PID=[%d] (%s)\n", pid, name);
|
2020-12-30 22:11:24 -08:00
|
|
|
return multi;
|
|
|
|
|
}
|
|
|
|
|
return true;
|
|
|
|
|
});
|
2018-08-08 05:47:58 +08:00
|
|
|
}
|
|
|
|
|
|
2021-04-16 14:08:51 +08:00
|
|
|
static bool validate(const char *pkg, const char *proc) {
|
|
|
|
|
bool pkg_valid = false;
|
|
|
|
|
bool proc_valid = true;
|
|
|
|
|
|
|
|
|
|
if (str_eql(pkg, ISOLATED_MAGIC)) {
|
|
|
|
|
pkg_valid = true;
|
|
|
|
|
for (char c; (c = *proc); ++proc) {
|
|
|
|
|
if (isalnum(c) || c == '_' || c == '.')
|
|
|
|
|
continue;
|
|
|
|
|
if (c == ':')
|
|
|
|
|
break;
|
|
|
|
|
proc_valid = false;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
for (char c; (c = *pkg); ++pkg) {
|
|
|
|
|
if (isalnum(c) || c == '_')
|
|
|
|
|
continue;
|
|
|
|
|
if (c == '.') {
|
|
|
|
|
pkg_valid = true;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
pkg_valid = false;
|
|
|
|
|
break;
|
2020-12-30 22:11:24 -08:00
|
|
|
}
|
2021-04-16 14:08:51 +08:00
|
|
|
|
|
|
|
|
for (char c; (c = *proc); ++proc) {
|
|
|
|
|
if (isalnum(c) || c == '_' || c == ':' || c == '.')
|
|
|
|
|
continue;
|
|
|
|
|
proc_valid = false;
|
|
|
|
|
break;
|
2020-12-30 22:11:24 -08:00
|
|
|
}
|
|
|
|
|
}
|
2021-04-16 14:08:51 +08:00
|
|
|
return pkg_valid && proc_valid;
|
2019-09-01 14:16:12 +08:00
|
|
|
}
|
|
|
|
|
|
2022-08-07 19:48:47 +08:00
|
|
|
static bool add_hide_set(const char *pkg, const char *proc) {
|
2022-02-07 02:46:47 -08:00
|
|
|
auto p = pkg_to_procs[pkg].emplace(proc);
|
2022-02-07 00:17:07 -08:00
|
|
|
if (!p.second)
|
2022-08-07 19:48:47 +08:00
|
|
|
return false;
|
2021-09-12 12:40:34 -07:00
|
|
|
LOGI("denylist add: [%s/%s]\n", pkg, proc);
|
2022-08-08 22:30:03 +08:00
|
|
|
if (!denylist_enforced)
|
2022-08-07 19:48:47 +08:00
|
|
|
return true;
|
2022-01-15 23:46:08 -08:00
|
|
|
if (str_eql(pkg, ISOLATED_MAGIC)) {
|
2020-12-30 22:11:24 -08:00
|
|
|
// Kill all matching isolated processes
|
2022-07-23 00:59:50 +08:00
|
|
|
kill_process<&proc_name_match<str_starts>>(proc, true);
|
2020-12-30 22:11:24 -08:00
|
|
|
} else {
|
|
|
|
|
kill_process(proc);
|
|
|
|
|
}
|
2022-08-07 19:48:47 +08:00
|
|
|
return true;
|
2020-12-30 15:55:53 -08:00
|
|
|
}
|
|
|
|
|
|
2024-01-30 02:58:56 +08:00
|
|
|
void scan_deny_apps() {
|
|
|
|
|
if (!app_id_to_pkgs_)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
app_id_to_pkgs.clear();
|
|
|
|
|
|
|
|
|
|
char sql[4096];
|
|
|
|
|
vector<int> users;
|
|
|
|
|
collect_users(users);
|
|
|
|
|
for (auto it = pkg_to_procs.begin(); it != pkg_to_procs.end();) {
|
|
|
|
|
if (it->first == ISOLATED_MAGIC) {
|
|
|
|
|
it++;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
int app_id = get_app_id(users, it->first);
|
|
|
|
|
if (app_id == 0) {
|
|
|
|
|
LOGI("denylist rm: [%s]\n", it->first.data());
|
|
|
|
|
ssprintf(sql, sizeof(sql), "DELETE FROM denylist WHERE package_name='%s'",
|
|
|
|
|
it->first.data());
|
2024-12-29 03:52:21 -08:00
|
|
|
db_exec(sql);
|
2024-01-30 02:58:56 +08:00
|
|
|
it = pkg_to_procs.erase(it);
|
|
|
|
|
} else {
|
|
|
|
|
update_app_id(app_id, it->first, false);
|
|
|
|
|
it++;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-15 23:46:08 -08:00
|
|
|
static void clear_data() {
|
2022-02-08 16:49:22 +08:00
|
|
|
pkg_to_procs_.reset(nullptr);
|
|
|
|
|
app_id_to_pkgs_.reset(nullptr);
|
2022-01-15 23:46:08 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static bool ensure_data() {
|
2022-02-14 02:57:33 -08:00
|
|
|
if (pkg_to_procs_)
|
2022-01-15 23:46:08 -08:00
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
LOGI("denylist: initializing internal data structures\n");
|
|
|
|
|
|
2022-02-07 02:46:47 -08:00
|
|
|
default_new(pkg_to_procs_);
|
2025-01-04 01:45:23 -08:00
|
|
|
bool res = db_exec("SELECT * FROM denylist", {}, [](StringSlice columns, const DbValues &values) {
|
2024-12-31 22:52:34 -08:00
|
|
|
const char *package_name;
|
|
|
|
|
const char *process;
|
|
|
|
|
for (int i = 0; i < columns.size(); ++i) {
|
|
|
|
|
const auto &name = columns[i];
|
|
|
|
|
if (name == "package_name") {
|
2025-01-04 01:45:23 -08:00
|
|
|
package_name = values.get_text(i);
|
2024-12-31 22:52:34 -08:00
|
|
|
} else if (name == "process") {
|
2025-01-04 01:45:23 -08:00
|
|
|
process = values.get_text(i);
|
2024-12-31 22:52:34 -08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
add_hide_set(package_name, process);
|
2022-01-15 23:46:08 -08:00
|
|
|
});
|
2024-12-29 03:52:21 -08:00
|
|
|
if (!res)
|
2024-08-14 11:45:05 -07:00
|
|
|
goto error;
|
2022-01-15 23:46:08 -08:00
|
|
|
|
2022-02-07 02:46:47 -08:00
|
|
|
default_new(app_id_to_pkgs_);
|
2024-01-30 02:58:56 +08:00
|
|
|
scan_deny_apps();
|
2022-01-15 23:46:08 -08:00
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
error:
|
|
|
|
|
clear_data();
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-01 02:13:18 -08:00
|
|
|
static int add_list(const char *pkg, const char *proc) {
|
2020-12-30 22:11:24 -08:00
|
|
|
if (proc[0] == '\0')
|
|
|
|
|
proc = pkg;
|
|
|
|
|
|
2021-04-16 14:08:51 +08:00
|
|
|
if (!validate(pkg, proc))
|
2022-02-12 23:43:36 +08:00
|
|
|
return DenyResponse::INVALID_PKG;
|
2020-12-30 22:11:24 -08:00
|
|
|
|
2021-08-18 02:01:54 -07:00
|
|
|
{
|
2021-09-12 12:40:34 -07:00
|
|
|
mutex_guard lock(data_lock);
|
2022-01-15 23:46:08 -08:00
|
|
|
if (!ensure_data())
|
2022-02-12 23:43:36 +08:00
|
|
|
return DenyResponse::ERROR;
|
2024-01-30 02:58:56 +08:00
|
|
|
int app_id = get_app_id(pkg);
|
|
|
|
|
if (app_id == 0)
|
|
|
|
|
return DenyResponse::INVALID_PKG;
|
2022-08-07 19:48:47 +08:00
|
|
|
if (!add_hide_set(pkg, proc))
|
2022-02-12 23:43:36 +08:00
|
|
|
return DenyResponse::ITEM_EXIST;
|
2022-08-07 19:48:47 +08:00
|
|
|
auto it = pkg_to_procs.find(pkg);
|
2024-01-30 02:58:56 +08:00
|
|
|
update_app_id(app_id, it->first, false);
|
2021-08-18 02:01:54 -07:00
|
|
|
}
|
2020-12-30 22:11:24 -08:00
|
|
|
|
|
|
|
|
// Add to database
|
|
|
|
|
char sql[4096];
|
2022-09-09 04:29:50 -07:00
|
|
|
ssprintf(sql, sizeof(sql),
|
2021-09-12 12:40:34 -07:00
|
|
|
"INSERT INTO denylist (package_name, process) VALUES('%s', '%s')", pkg, proc);
|
2024-12-29 03:52:21 -08:00
|
|
|
return db_exec(sql) ? DenyResponse::OK : DenyResponse::ERROR;
|
2017-04-20 22:45:56 +08:00
|
|
|
}
|
|
|
|
|
|
2022-03-01 02:13:18 -08:00
|
|
|
int add_list(int client) {
|
2021-01-12 00:07:48 -08:00
|
|
|
string pkg = read_string(client);
|
|
|
|
|
string proc = read_string(client);
|
2021-08-18 02:01:54 -07:00
|
|
|
return add_list(pkg.data(), proc.data());
|
2018-11-01 14:08:33 -04:00
|
|
|
}
|
2017-04-20 22:45:56 +08:00
|
|
|
|
2022-03-01 02:13:18 -08:00
|
|
|
static int rm_list(const char *pkg, const char *proc) {
|
2020-12-30 22:11:24 -08:00
|
|
|
{
|
2021-09-12 12:40:34 -07:00
|
|
|
mutex_guard lock(data_lock);
|
2022-01-15 23:46:08 -08:00
|
|
|
if (!ensure_data())
|
2022-02-12 23:43:36 +08:00
|
|
|
return DenyResponse::ERROR;
|
2022-01-15 23:46:08 -08:00
|
|
|
|
|
|
|
|
bool remove = false;
|
2022-02-07 00:17:07 -08:00
|
|
|
|
2022-02-07 02:46:47 -08:00
|
|
|
auto it = pkg_to_procs.find(pkg);
|
|
|
|
|
if (it != pkg_to_procs.end()) {
|
|
|
|
|
if (proc[0] == '\0') {
|
2024-01-30 02:58:56 +08:00
|
|
|
update_app_id(get_app_id(pkg), it->first, true);
|
2022-02-07 02:46:47 -08:00
|
|
|
pkg_to_procs.erase(it);
|
2020-12-30 22:11:24 -08:00
|
|
|
remove = true;
|
2022-02-07 00:17:07 -08:00
|
|
|
LOGI("denylist rm: [%s]\n", pkg);
|
2022-02-07 02:46:47 -08:00
|
|
|
} else if (it->second.erase(proc) != 0) {
|
|
|
|
|
remove = true;
|
|
|
|
|
LOGI("denylist rm: [%s/%s]\n", pkg, proc);
|
|
|
|
|
if (it->second.empty()) {
|
2024-01-30 02:58:56 +08:00
|
|
|
update_app_id(get_app_id(pkg), it->first, true);
|
2022-02-07 02:46:47 -08:00
|
|
|
pkg_to_procs.erase(it);
|
2022-02-07 00:17:07 -08:00
|
|
|
}
|
2020-12-30 22:11:24 -08:00
|
|
|
}
|
|
|
|
|
}
|
2022-02-07 02:46:47 -08:00
|
|
|
|
2021-08-18 02:01:54 -07:00
|
|
|
if (!remove)
|
2022-02-12 23:43:36 +08:00
|
|
|
return DenyResponse::ITEM_NOT_EXIST;
|
2020-12-30 22:11:24 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
char sql[4096];
|
|
|
|
|
if (proc[0] == '\0')
|
2022-09-09 04:29:50 -07:00
|
|
|
ssprintf(sql, sizeof(sql), "DELETE FROM denylist WHERE package_name='%s'", pkg);
|
2020-12-30 22:11:24 -08:00
|
|
|
else
|
2022-09-09 04:29:50 -07:00
|
|
|
ssprintf(sql, sizeof(sql),
|
2021-09-12 12:40:34 -07:00
|
|
|
"DELETE FROM denylist WHERE package_name='%s' AND process='%s'", pkg, proc);
|
2024-12-29 03:52:21 -08:00
|
|
|
return db_exec(sql) ? DenyResponse::OK : DenyResponse::ERROR;
|
2017-04-20 22:45:56 +08:00
|
|
|
}
|
|
|
|
|
|
2022-03-01 02:13:18 -08:00
|
|
|
int rm_list(int client) {
|
2021-01-12 00:07:48 -08:00
|
|
|
string pkg = read_string(client);
|
|
|
|
|
string proc = read_string(client);
|
2021-08-18 02:01:54 -07:00
|
|
|
return rm_list(pkg.data(), proc.data());
|
2018-11-01 14:08:33 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void ls_list(int client) {
|
2021-08-18 02:01:54 -07:00
|
|
|
{
|
2021-09-12 12:40:34 -07:00
|
|
|
mutex_guard lock(data_lock);
|
2022-01-15 23:46:08 -08:00
|
|
|
if (!ensure_data()) {
|
2022-02-12 23:43:36 +08:00
|
|
|
write_int(client, static_cast<int>(DenyResponse::ERROR));
|
2022-01-15 23:46:08 -08:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2024-01-30 02:58:56 +08:00
|
|
|
scan_deny_apps();
|
2022-02-12 23:43:36 +08:00
|
|
|
write_int(client,static_cast<int>(DenyResponse::OK));
|
2022-02-07 00:17:07 -08:00
|
|
|
|
2022-02-07 02:46:47 -08:00
|
|
|
for (const auto &[pkg, procs] : pkg_to_procs) {
|
2022-02-07 00:17:07 -08:00
|
|
|
for (const auto &proc : procs) {
|
|
|
|
|
write_int(client, pkg.size() + proc.size() + 1);
|
|
|
|
|
xwrite(client, pkg.data(), pkg.size());
|
|
|
|
|
xwrite(client, "|", 1);
|
|
|
|
|
xwrite(client, proc.data(), proc.size());
|
|
|
|
|
}
|
2021-08-18 02:01:54 -07:00
|
|
|
}
|
2021-01-12 00:07:48 -08:00
|
|
|
}
|
|
|
|
|
write_int(client, 0);
|
2020-12-30 22:11:24 -08:00
|
|
|
close(client);
|
2017-09-06 02:25:40 +08:00
|
|
|
}
|
2018-11-16 01:15:34 -05:00
|
|
|
|
2022-03-01 02:13:18 -08:00
|
|
|
int enable_deny() {
|
2022-01-17 19:54:33 -08:00
|
|
|
if (denylist_enforced) {
|
2022-02-12 23:43:36 +08:00
|
|
|
return DenyResponse::OK;
|
2021-09-16 05:27:34 -07:00
|
|
|
} else {
|
|
|
|
|
mutex_guard lock(data_lock);
|
2018-11-16 01:15:34 -05:00
|
|
|
|
2021-09-16 05:27:34 -07:00
|
|
|
if (access("/proc/self/ns/mnt", F_OK) != 0) {
|
|
|
|
|
LOGW("The kernel does not support mount namespace\n");
|
2022-02-12 23:43:36 +08:00
|
|
|
return DenyResponse::NO_NS;
|
2021-09-16 05:27:34 -07:00
|
|
|
}
|
2020-05-17 14:45:08 -07:00
|
|
|
|
2021-09-16 05:27:34 -07:00
|
|
|
if (procfp == nullptr && (procfp = opendir("/proc")) == nullptr)
|
2022-02-12 23:43:36 +08:00
|
|
|
return DenyResponse::ERROR;
|
2019-02-14 04:08:05 -05:00
|
|
|
|
2021-09-16 05:27:34 -07:00
|
|
|
LOGI("* Enable DenyList\n");
|
2018-11-16 01:15:34 -05:00
|
|
|
|
2024-04-08 22:59:52 -07:00
|
|
|
if (!ensure_data())
|
2022-02-12 23:43:36 +08:00
|
|
|
return DenyResponse::ERROR;
|
2024-04-08 22:59:52 -07:00
|
|
|
|
|
|
|
|
denylist_enforced = true;
|
2021-09-20 04:42:06 -07:00
|
|
|
|
2025-01-30 00:47:01 +08:00
|
|
|
if (!MagiskD().zygisk_enabled()) {
|
2024-04-08 22:59:52 -07:00
|
|
|
if (new_daemon_thread(&logcat)) {
|
|
|
|
|
denylist_enforced = false;
|
2022-08-08 22:30:03 +08:00
|
|
|
return DenyResponse::ERROR;
|
2024-04-08 22:59:52 -07:00
|
|
|
}
|
2022-08-08 22:30:03 +08:00
|
|
|
}
|
|
|
|
|
|
2022-01-15 23:46:08 -08:00
|
|
|
// On Android Q+, also kill blastula pool and all app zygotes
|
2022-08-08 22:30:03 +08:00
|
|
|
if (SDK_INT >= 29) {
|
2022-01-15 23:46:08 -08:00
|
|
|
kill_process("usap32", true);
|
|
|
|
|
kill_process("usap64", true);
|
2022-07-23 18:06:04 +08:00
|
|
|
kill_process<&proc_context_match>("u:r:app_zygote:s0", true);
|
2021-09-20 04:42:06 -07:00
|
|
|
}
|
2021-09-16 05:27:34 -07:00
|
|
|
}
|
2021-01-12 00:07:48 -08:00
|
|
|
|
2025-01-03 11:38:15 -08:00
|
|
|
MagiskD().set_db_setting(DbEntryKey::DenylistConfig, true);
|
2022-02-12 23:43:36 +08:00
|
|
|
return DenyResponse::OK;
|
2018-11-16 01:15:34 -05:00
|
|
|
}
|
|
|
|
|
|
2022-03-01 02:13:18 -08:00
|
|
|
int disable_deny() {
|
2024-04-08 22:59:52 -07:00
|
|
|
if (denylist_enforced.exchange(false)) {
|
2021-09-12 12:40:34 -07:00
|
|
|
LOGI("* Disable DenyList\n");
|
2020-12-30 22:11:24 -08:00
|
|
|
}
|
2025-01-03 11:38:15 -08:00
|
|
|
MagiskD().set_db_setting(DbEntryKey::DenylistConfig, false);
|
2022-02-12 23:43:36 +08:00
|
|
|
return DenyResponse::OK;
|
2018-11-16 01:15:34 -05:00
|
|
|
}
|
|
|
|
|
|
2021-09-16 05:27:34 -07:00
|
|
|
void initialize_denylist() {
|
2022-01-17 19:54:33 -08:00
|
|
|
if (!denylist_enforced) {
|
2025-01-03 11:38:15 -08:00
|
|
|
if (MagiskD().get_db_setting(DbEntryKey::DenylistConfig))
|
2021-09-16 05:27:34 -07:00
|
|
|
enable_deny();
|
2020-12-30 22:11:24 -08:00
|
|
|
}
|
2018-11-16 01:15:34 -05:00
|
|
|
}
|
2019-05-25 16:08:53 -07:00
|
|
|
|
2021-09-12 12:40:34 -07:00
|
|
|
bool is_deny_target(int uid, string_view process) {
|
|
|
|
|
mutex_guard lock(data_lock);
|
2022-01-15 23:46:08 -08:00
|
|
|
if (!ensure_data())
|
|
|
|
|
return false;
|
2021-01-12 03:28:00 -08:00
|
|
|
|
2021-09-20 05:08:25 -07:00
|
|
|
int app_id = to_app_id(uid);
|
|
|
|
|
if (app_id >= 90000) {
|
2022-02-08 16:49:22 +08:00
|
|
|
if (auto it = pkg_to_procs.find(ISOLATED_MAGIC); it != pkg_to_procs.end()) {
|
|
|
|
|
for (const auto &s : it->second) {
|
2022-02-07 02:46:47 -08:00
|
|
|
if (str_starts(process, s))
|
|
|
|
|
return true;
|
|
|
|
|
}
|
2021-01-12 03:28:00 -08:00
|
|
|
}
|
2022-02-08 16:49:22 +08:00
|
|
|
return false;
|
2021-01-12 03:28:00 -08:00
|
|
|
} else {
|
2022-02-07 02:46:47 -08:00
|
|
|
auto it = app_id_to_pkgs.find(app_id);
|
|
|
|
|
if (it == app_id_to_pkgs.end())
|
|
|
|
|
return false;
|
|
|
|
|
for (const auto &pkg : it->second) {
|
|
|
|
|
if (pkg_to_procs.find(pkg)->second.count(process))
|
2021-01-15 20:22:49 -08:00
|
|
|
return true;
|
2021-01-12 03:28:00 -08:00
|
|
|
}
|
|
|
|
|
}
|
2021-01-15 20:22:49 -08:00
|
|
|
return false;
|
|
|
|
|
}
|
2025-01-29 20:16:48 +08:00
|
|
|
|
|
|
|
|
void update_deny_flags(int uid, rust::Str process, uint32_t &flags) {
|
|
|
|
|
if (is_deny_target(uid, { process.begin(), process.end() })) {
|
|
|
|
|
flags |= +ZygiskStateFlags::ProcessOnDenyList;
|
|
|
|
|
}
|
|
|
|
|
if (denylist_enforced) {
|
|
|
|
|
flags |= +ZygiskStateFlags::DenyListEnforced;
|
|
|
|
|
}
|
|
|
|
|
}
|
