2021-01-11 02:19:10 -08:00
|
|
|
#include <csignal>
|
2020-04-12 05:34:56 -07:00
|
|
|
#include <libgen.h>
|
2017-04-08 07:37:43 +08:00
|
|
|
#include <sys/un.h>
|
2017-11-28 04:43:46 +08:00
|
|
|
#include <sys/mount.h>
|
2017-04-08 07:37:43 +08:00
|
|
|
|
2020-03-09 01:50:30 -07:00
|
|
|
#include <magisk.hpp>
|
|
|
|
#include <utils.hpp>
|
|
|
|
#include <daemon.hpp>
|
|
|
|
#include <selinux.hpp>
|
|
|
|
#include <db.hpp>
|
|
|
|
#include <resetprop.hpp>
|
2021-09-07 19:35:28 -07:00
|
|
|
#include <flags.h>
|
2017-04-16 02:42:24 +08:00
|
|
|
|
2021-01-11 02:19:10 -08:00
|
|
|
#include "core.hpp"
|
|
|
|
|
2020-04-12 05:34:56 -07:00
|
|
|
using namespace std;
|
|
|
|
|
2019-01-20 17:52:19 -05:00
|
|
|
int SDK_INT = -1;
|
2020-04-12 05:34:56 -07:00
|
|
|
string MAGISKTMP;
|
2021-01-11 02:19:10 -08:00
|
|
|
|
|
|
|
bool RECOVERY_MODE = false;
|
2020-12-15 03:40:37 -08:00
|
|
|
int DAEMON_STATE = STATE_NONE;
|
2020-05-18 05:18:49 -07:00
|
|
|
|
2019-09-17 00:21:07 -04:00
|
|
|
static struct stat self_st;
|
2019-01-20 17:52:19 -05:00
|
|
|
|
2021-09-18 14:40:12 -07:00
|
|
|
static map<int, poll_callback> *poll_map;
|
|
|
|
static vector<pollfd> *poll_fds;
|
|
|
|
static int poll_ctrl;
|
|
|
|
|
|
|
|
enum {
|
|
|
|
POLL_CTRL_NEW,
|
|
|
|
POLL_CTRL_RM,
|
|
|
|
};
|
|
|
|
|
|
|
|
void register_poll(const pollfd *pfd, poll_callback callback) {
|
|
|
|
if (gettid() == getpid()) {
|
|
|
|
// On main thread, directly modify
|
|
|
|
poll_map->try_emplace(pfd->fd, callback);
|
|
|
|
poll_fds->emplace_back(*pfd);
|
|
|
|
} else {
|
|
|
|
// Send it to poll_ctrl
|
|
|
|
write_int(poll_ctrl, POLL_CTRL_NEW);
|
|
|
|
xwrite(poll_ctrl, pfd, sizeof(*pfd));
|
|
|
|
xwrite(poll_ctrl, &callback, sizeof(callback));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void unregister_poll(int fd, bool auto_close) {
|
|
|
|
if (gettid() == getpid()) {
|
|
|
|
// On main thread, directly modify
|
|
|
|
poll_map->erase(fd);
|
|
|
|
for (auto &poll_fd : *poll_fds) {
|
|
|
|
if (poll_fd.fd == fd) {
|
|
|
|
if (auto_close) {
|
|
|
|
close(poll_fd.fd);
|
|
|
|
}
|
|
|
|
// Cannot modify while iterating, invalidate it instead
|
|
|
|
// It will be removed in the next poll loop
|
|
|
|
poll_fd.fd = -1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
// Send it to poll_ctrl
|
|
|
|
write_int(poll_ctrl, POLL_CTRL_RM);
|
|
|
|
write_int(poll_ctrl, fd);
|
|
|
|
write_int(poll_ctrl, auto_close);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void poll_ctrl_handler(pollfd *pfd) {
|
|
|
|
int code = read_int(pfd->fd);
|
|
|
|
switch (code) {
|
|
|
|
case POLL_CTRL_NEW: {
|
|
|
|
pollfd new_fd;
|
|
|
|
poll_callback cb;
|
|
|
|
xxread(pfd->fd, &new_fd, sizeof(new_fd));
|
|
|
|
xxread(pfd->fd, &cb, sizeof(cb));
|
|
|
|
register_poll(&new_fd, cb);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
case POLL_CTRL_RM: {
|
|
|
|
int fd = read_int(pfd->fd);
|
|
|
|
bool auto_close = read_int(pfd->fd);
|
|
|
|
unregister_poll(fd, auto_close);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
[[noreturn]] static void poll_loop() {
|
|
|
|
// Register poll_ctrl
|
|
|
|
int pipefd[2];
|
|
|
|
xpipe2(pipefd, O_CLOEXEC);
|
|
|
|
poll_ctrl = pipefd[1];
|
|
|
|
pollfd poll_ctrl_pfd = { pipefd[0], POLLIN, 0 };
|
|
|
|
register_poll(&poll_ctrl_pfd, poll_ctrl_handler);
|
|
|
|
|
|
|
|
for (;;) {
|
|
|
|
if (poll(poll_fds->data(), poll_fds->size(), -1) <= 0)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
// MUST iterate with index because any poll_callback could add new elements to poll_fds
|
|
|
|
for (int i = 0; i < poll_fds->size();) {
|
|
|
|
auto &pfd = (*poll_fds)[i];
|
|
|
|
if (pfd.revents) {
|
|
|
|
if (pfd.revents & POLLERR || pfd.revents & POLLNVAL) {
|
|
|
|
poll_map->erase(pfd.fd);
|
|
|
|
poll_fds->erase(poll_fds->begin() + i);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
if (auto it = poll_map->find(pfd.fd); it != poll_map->end()) {
|
|
|
|
it->second(&pfd);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
++i;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-12-04 01:07:47 -08:00
|
|
|
static bool verify_client(pid_t pid) {
|
2020-12-30 22:11:24 -08:00
|
|
|
// Verify caller is the same as server
|
|
|
|
char path[32];
|
|
|
|
sprintf(path, "/proc/%d/exe", pid);
|
|
|
|
struct stat st;
|
|
|
|
return !(stat(path, &st) || st.st_dev != self_st.st_dev || st.st_ino != self_st.st_ino);
|
2020-05-18 05:18:49 -07:00
|
|
|
}
|
|
|
|
|
2021-01-12 03:28:00 -08:00
|
|
|
static bool check_zygote(pid_t pid) {
|
|
|
|
char buf[32];
|
|
|
|
sprintf(buf, "/proc/%d/attr/current", pid);
|
2021-08-11 22:57:08 -07:00
|
|
|
if (auto fp = open_file(buf, "r")) {
|
|
|
|
fscanf(fp.get(), "%s", buf);
|
|
|
|
return buf == "u:r:zygote:s0"sv;
|
|
|
|
} else {
|
2021-01-12 03:28:00 -08:00
|
|
|
return false;
|
2021-08-11 22:57:08 -07:00
|
|
|
}
|
2021-01-12 03:28:00 -08:00
|
|
|
}
|
|
|
|
|
2021-08-11 22:57:08 -07:00
|
|
|
static void handle_request_async(int client, int code, ucred cred) {
|
|
|
|
switch (code) {
|
2021-09-12 12:40:34 -07:00
|
|
|
case DENYLIST:
|
|
|
|
denylist_handler(client, &cred);
|
2020-12-30 22:11:24 -08:00
|
|
|
break;
|
|
|
|
case SUPERUSER:
|
|
|
|
su_daemon_handler(client, &cred);
|
|
|
|
break;
|
|
|
|
case POST_FS_DATA:
|
|
|
|
post_fs_data(client);
|
|
|
|
break;
|
|
|
|
case LATE_START:
|
|
|
|
late_start(client);
|
|
|
|
break;
|
|
|
|
case BOOT_COMPLETE:
|
|
|
|
boot_complete(client);
|
|
|
|
break;
|
|
|
|
case SQLITE_CMD:
|
|
|
|
exec_sql(client);
|
|
|
|
break;
|
|
|
|
case REMOVE_MODULES:
|
|
|
|
remove_modules();
|
|
|
|
write_int(client, 0);
|
|
|
|
close(client);
|
|
|
|
reboot();
|
|
|
|
break;
|
2021-08-18 03:44:32 -07:00
|
|
|
case ZYGISK_REQUEST:
|
|
|
|
zygisk_handler(client, &cred);
|
|
|
|
break;
|
2020-12-30 22:11:24 -08:00
|
|
|
default:
|
|
|
|
close(client);
|
|
|
|
break;
|
|
|
|
}
|
2018-10-12 21:46:09 -04:00
|
|
|
}
|
|
|
|
|
2021-08-11 22:57:08 -07:00
|
|
|
static void handle_request_sync(int client, int code) {
|
|
|
|
switch (code) {
|
|
|
|
case CHECK_VERSION:
|
|
|
|
write_string(client, MAGISK_VERSION ":MAGISK");
|
|
|
|
break;
|
|
|
|
case CHECK_VERSION_CODE:
|
|
|
|
write_int(client, MAGISK_VER_CODE);
|
|
|
|
break;
|
|
|
|
case GET_PATH:
|
|
|
|
write_string(client, MAGISKTMP.data());
|
|
|
|
break;
|
|
|
|
case START_DAEMON:
|
|
|
|
setup_logfile(true);
|
|
|
|
break;
|
2021-08-26 03:09:56 -07:00
|
|
|
case STOP_DAEMON:
|
2021-09-12 12:40:34 -07:00
|
|
|
denylist_handler(-1, nullptr);
|
2021-08-26 03:09:56 -07:00
|
|
|
write_int(client, 0);
|
|
|
|
// Terminate the daemon!
|
|
|
|
exit(0);
|
2021-08-11 22:57:08 -07:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-09-18 14:40:12 -07:00
|
|
|
static void handle_request(pollfd *pfd) {
|
|
|
|
int client = xaccept4(pfd->fd, nullptr, nullptr, SOCK_CLOEXEC);
|
2020-12-30 22:11:24 -08:00
|
|
|
|
|
|
|
// Verify client credentials
|
|
|
|
ucred cred;
|
|
|
|
get_client_cred(client, &cred);
|
2021-01-12 03:28:00 -08:00
|
|
|
|
2021-08-12 03:26:54 -07:00
|
|
|
bool is_root = cred.uid == UID_ROOT;
|
2021-01-12 03:28:00 -08:00
|
|
|
bool is_client = verify_client(cred.pid);
|
2021-08-11 22:57:08 -07:00
|
|
|
bool is_zygote = !is_client && check_zygote(cred.pid);
|
2021-09-18 14:40:12 -07:00
|
|
|
int code;
|
2021-01-12 03:28:00 -08:00
|
|
|
|
|
|
|
if (!is_root && !is_zygote && !is_client)
|
2021-08-11 22:57:08 -07:00
|
|
|
goto done;
|
2020-12-30 22:11:24 -08:00
|
|
|
|
2021-08-11 22:57:08 -07:00
|
|
|
code = read_int(client);
|
|
|
|
if (code < 0 || (code & DAEMON_CODE_MASK) >= DAEMON_CODE_END)
|
|
|
|
goto done;
|
2020-12-30 22:11:24 -08:00
|
|
|
|
|
|
|
// Check client permissions
|
2021-08-11 22:57:08 -07:00
|
|
|
switch (code) {
|
2020-12-30 22:11:24 -08:00
|
|
|
case POST_FS_DATA:
|
|
|
|
case LATE_START:
|
|
|
|
case BOOT_COMPLETE:
|
|
|
|
case SQLITE_CMD:
|
|
|
|
case GET_PATH:
|
2021-09-12 12:40:34 -07:00
|
|
|
case DENYLIST:
|
2021-08-26 03:09:56 -07:00
|
|
|
case STOP_DAEMON:
|
2021-01-12 03:28:00 -08:00
|
|
|
if (!is_root) {
|
2020-12-30 22:11:24 -08:00
|
|
|
write_int(client, ROOT_REQUIRED);
|
2021-08-11 22:57:08 -07:00
|
|
|
goto done;
|
2020-12-30 22:11:24 -08:00
|
|
|
}
|
|
|
|
break;
|
|
|
|
case REMOVE_MODULES:
|
2021-08-11 22:57:08 -07:00
|
|
|
if (!is_root && cred.uid != UID_SHELL) {
|
2020-12-30 22:11:24 -08:00
|
|
|
write_int(client, 1);
|
2021-08-11 22:57:08 -07:00
|
|
|
goto done;
|
2020-12-30 22:11:24 -08:00
|
|
|
}
|
|
|
|
break;
|
2021-08-18 03:44:32 -07:00
|
|
|
case ZYGISK_REQUEST:
|
|
|
|
if (!is_zygote) {
|
|
|
|
write_int(client, DAEMON_ERROR);
|
2021-08-11 22:57:08 -07:00
|
|
|
goto done;
|
2021-01-12 03:28:00 -08:00
|
|
|
}
|
|
|
|
break;
|
2020-12-30 22:11:24 -08:00
|
|
|
}
|
|
|
|
|
2021-08-11 22:57:08 -07:00
|
|
|
if (code & SYNC_FLAG) {
|
|
|
|
handle_request_sync(client, code);
|
|
|
|
goto done;
|
2020-12-30 22:11:24 -08:00
|
|
|
}
|
|
|
|
|
2021-08-24 02:39:54 -07:00
|
|
|
// Handle complex requests in another thread
|
|
|
|
exec_task([=] { handle_request_async(client, code, cred); });
|
2020-12-30 22:11:24 -08:00
|
|
|
return;
|
2020-05-18 05:18:49 -07:00
|
|
|
|
2021-08-11 22:57:08 -07:00
|
|
|
done:
|
2020-12-30 22:11:24 -08:00
|
|
|
close(client);
|
2017-04-08 07:37:43 +08:00
|
|
|
}
|
|
|
|
|
2021-02-27 23:40:55 +08:00
|
|
|
static int switch_cgroup(const char *cgroup, int pid) {
|
|
|
|
char buf[32];
|
|
|
|
snprintf(buf, sizeof(buf), "%s/cgroup.procs", cgroup);
|
|
|
|
int fd = open(buf, O_WRONLY | O_APPEND | O_CLOEXEC);
|
|
|
|
if (fd == -1)
|
|
|
|
return -1;
|
|
|
|
snprintf(buf, sizeof(buf), "%d\n", pid);
|
|
|
|
if (xwrite(fd, buf, strlen(buf)) == -1) {
|
|
|
|
close(fd);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
close(fd);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2021-09-18 14:40:12 -07:00
|
|
|
static void daemon_entry() {
|
2021-03-13 16:34:41 -08:00
|
|
|
magisk_logging();
|
|
|
|
|
2021-03-09 02:40:12 -08:00
|
|
|
// Block all signals
|
|
|
|
sigset_t block_set;
|
|
|
|
sigfillset(&block_set);
|
|
|
|
pthread_sigmask(SIG_SETMASK, &block_set, nullptr);
|
|
|
|
|
|
|
|
// Change process name
|
|
|
|
set_nice_name("magiskd");
|
|
|
|
|
2020-12-30 22:11:24 -08:00
|
|
|
int fd = xopen("/dev/null", O_WRONLY);
|
|
|
|
xdup2(fd, STDOUT_FILENO);
|
|
|
|
xdup2(fd, STDERR_FILENO);
|
|
|
|
if (fd > STDERR_FILENO)
|
|
|
|
close(fd);
|
|
|
|
fd = xopen("/dev/zero", O_RDONLY);
|
|
|
|
xdup2(fd, STDIN_FILENO);
|
|
|
|
if (fd > STDERR_FILENO)
|
|
|
|
close(fd);
|
|
|
|
|
|
|
|
setsid();
|
|
|
|
setcon("u:r:" SEPOL_PROC_DOMAIN ":s0");
|
|
|
|
|
2021-03-13 16:34:41 -08:00
|
|
|
start_log_daemon();
|
|
|
|
|
2020-12-30 22:11:24 -08:00
|
|
|
LOGI(NAME_WITH_VER(Magisk) " daemon started\n");
|
|
|
|
|
2021-02-27 23:40:55 +08:00
|
|
|
// Escape from cgroup
|
|
|
|
int pid = getpid();
|
|
|
|
if (switch_cgroup("/acct", pid) && switch_cgroup("/sys/fs/cgroup", pid))
|
|
|
|
LOGW("Can't switch cgroup\n");
|
2020-12-30 22:11:24 -08:00
|
|
|
|
|
|
|
// Get self stat
|
2021-02-27 23:40:55 +08:00
|
|
|
char buf[64];
|
|
|
|
xreadlink("/proc/self/exe", buf, sizeof(buf));
|
|
|
|
MAGISKTMP = dirname(buf);
|
2020-12-30 22:11:24 -08:00
|
|
|
xstat("/proc/self/exe", &self_st);
|
|
|
|
|
|
|
|
// Get API level
|
|
|
|
parse_prop_file("/system/build.prop", [](auto key, auto val) -> bool {
|
|
|
|
if (key == "ro.build.version.sdk") {
|
|
|
|
SDK_INT = parse_int(val);
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
return true;
|
|
|
|
});
|
|
|
|
if (SDK_INT < 0) {
|
|
|
|
// In case some devices do not store this info in build.prop, fallback to getprop
|
|
|
|
auto sdk = getprop("ro.build.version.sdk");
|
|
|
|
if (!sdk.empty()) {
|
|
|
|
SDK_INT = parse_int(sdk);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
LOGI("* Device API level: %d\n", SDK_INT);
|
|
|
|
|
|
|
|
restore_tmpcon();
|
|
|
|
|
|
|
|
// SAR cleanups
|
|
|
|
auto mount_list = MAGISKTMP + "/" ROOTMNT;
|
|
|
|
if (access(mount_list.data(), F_OK) == 0) {
|
|
|
|
file_readline(true, mount_list.data(), [](string_view line) -> bool {
|
|
|
|
umount2(line.data(), MNT_DETACH);
|
|
|
|
return true;
|
|
|
|
});
|
|
|
|
}
|
|
|
|
unlink("/dev/.se");
|
2021-09-21 23:23:25 +08:00
|
|
|
unlink(mount_list.data());
|
2020-12-30 22:11:24 -08:00
|
|
|
|
|
|
|
// Load config status
|
|
|
|
auto config = MAGISKTMP + "/" INTLROOT "/config";
|
|
|
|
parse_prop_file(config.data(), [](auto key, auto val) -> bool {
|
|
|
|
if (key == "RECOVERYMODE" && val == "true")
|
|
|
|
RECOVERY_MODE = true;
|
|
|
|
return true;
|
|
|
|
});
|
|
|
|
|
2021-07-22 23:35:14 +08:00
|
|
|
// Use isolated devpts if kernel support
|
|
|
|
if (access("/dev/pts/ptmx", F_OK) == 0) {
|
|
|
|
auto pts = MAGISKTMP + "/" SHELLPTS;
|
2021-09-20 13:15:16 +08:00
|
|
|
if (access(pts.data(), F_OK)) {
|
|
|
|
xmkdirs(pts.data(), 0755);
|
|
|
|
xmount("devpts", pts.data(), "devpts",
|
|
|
|
MS_NOSUID | MS_NOEXEC, "newinstance");
|
|
|
|
auto ptmx = pts + "/ptmx";
|
|
|
|
if (access(ptmx.data(), F_OK)) {
|
|
|
|
xumount(pts.data());
|
|
|
|
rmdir(pts.data());
|
|
|
|
}
|
2021-07-22 23:35:14 +08:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-08-12 03:26:54 -07:00
|
|
|
sockaddr_un sun;
|
2020-12-30 22:11:24 -08:00
|
|
|
socklen_t len = setup_sockaddr(&sun, MAIN_SOCKET);
|
|
|
|
fd = xsocket(AF_LOCAL, SOCK_STREAM | SOCK_CLOEXEC, 0);
|
2021-08-12 03:26:54 -07:00
|
|
|
if (xbind(fd, (sockaddr*) &sun, len))
|
2020-12-30 22:11:24 -08:00
|
|
|
exit(1);
|
|
|
|
xlisten(fd, 10);
|
|
|
|
|
2021-09-18 14:40:12 -07:00
|
|
|
default_new(poll_map);
|
|
|
|
default_new(poll_fds);
|
|
|
|
|
|
|
|
// Register handler for main socket
|
|
|
|
pollfd main_socket_pfd = { fd, POLLIN, 0 };
|
|
|
|
register_poll(&main_socket_pfd, handle_request);
|
|
|
|
|
2020-12-30 22:11:24 -08:00
|
|
|
// Loop forever to listen for requests
|
2021-09-18 14:40:12 -07:00
|
|
|
poll_loop();
|
2017-04-08 07:37:43 +08:00
|
|
|
}
|
|
|
|
|
2019-03-04 16:45:18 -05:00
|
|
|
int connect_daemon(bool create) {
|
2021-03-06 13:55:30 -08:00
|
|
|
sockaddr_un sun;
|
2020-12-30 22:11:24 -08:00
|
|
|
socklen_t len = setup_sockaddr(&sun, MAIN_SOCKET);
|
2021-03-09 02:40:12 -08:00
|
|
|
int fd = xsocket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0);
|
2021-08-12 03:26:54 -07:00
|
|
|
if (connect(fd, (sockaddr*) &sun, len)) {
|
|
|
|
if (!create || getuid() != UID_ROOT) {
|
2020-12-30 22:11:24 -08:00
|
|
|
LOGE("No daemon is currently running!\n");
|
2021-08-22 02:11:48 -07:00
|
|
|
return -1;
|
2020-12-30 22:11:24 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
if (fork_dont_care() == 0) {
|
|
|
|
close(fd);
|
2021-02-27 23:40:55 +08:00
|
|
|
daemon_entry();
|
2020-12-30 22:11:24 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
while (connect(fd, (struct sockaddr*) &sun, len))
|
|
|
|
usleep(10000);
|
|
|
|
}
|
|
|
|
return fd;
|
2017-04-08 07:37:43 +08:00
|
|
|
}
|