Magisk/native/src/core/daemon.cpp

479 lines
13 KiB
C++
Raw Normal View History

2021-01-11 02:19:10 -08:00
#include <csignal>
2020-04-12 05:34:56 -07:00
#include <libgen.h>
2017-04-08 07:37:43 +08:00
#include <sys/un.h>
2017-11-28 04:43:46 +08:00
#include <sys/mount.h>
2017-04-08 07:37:43 +08:00
2020-03-09 01:50:30 -07:00
#include <magisk.hpp>
2022-05-12 02:03:42 -07:00
#include <base.hpp>
2020-03-09 01:50:30 -07:00
#include <daemon.hpp>
#include <selinux.hpp>
#include <db.hpp>
#include <flags.h>
2021-01-11 02:19:10 -08:00
#include "core.hpp"
2020-04-12 05:34:56 -07:00
using namespace std;
2019-01-20 17:52:19 -05:00
int SDK_INT = -1;
2021-01-11 02:19:10 -08:00
bool RECOVERY_MODE = false;
2020-05-18 05:18:49 -07:00
static struct stat self_st;
2019-01-20 17:52:19 -05:00
2021-09-18 14:40:12 -07:00
static map<int, poll_callback> *poll_map;
static vector<pollfd> *poll_fds;
static int poll_ctrl;
enum {
POLL_CTRL_NEW,
POLL_CTRL_RM,
};
void register_poll(const pollfd *pfd, poll_callback callback) {
if (gettid() == getpid()) {
// On main thread, directly modify
poll_map->try_emplace(pfd->fd, callback);
poll_fds->emplace_back(*pfd);
} else {
// Send it to poll_ctrl
write_int(poll_ctrl, POLL_CTRL_NEW);
xwrite(poll_ctrl, pfd, sizeof(*pfd));
xwrite(poll_ctrl, &callback, sizeof(callback));
}
}
void unregister_poll(int fd, bool auto_close) {
if (fd < 0)
return;
2021-09-18 14:40:12 -07:00
if (gettid() == getpid()) {
// On main thread, directly modify
poll_map->erase(fd);
for (auto &poll_fd : *poll_fds) {
if (poll_fd.fd == fd) {
if (auto_close) {
close(poll_fd.fd);
}
// Cannot modify while iterating, invalidate it instead
// It will be removed in the next poll loop
poll_fd.fd = -1;
break;
}
}
} else {
// Send it to poll_ctrl
write_int(poll_ctrl, POLL_CTRL_RM);
write_int(poll_ctrl, fd);
write_int(poll_ctrl, auto_close);
}
}
2021-10-17 04:24:25 -07:00
void clear_poll() {
if (poll_fds) {
for (auto &poll_fd : *poll_fds) {
close(poll_fd.fd);
}
}
delete poll_fds;
delete poll_map;
poll_fds = nullptr;
poll_map = nullptr;
}
2021-09-18 14:40:12 -07:00
static void poll_ctrl_handler(pollfd *pfd) {
int code = read_int(pfd->fd);
switch (code) {
2022-02-12 23:43:36 +08:00
case POLL_CTRL_NEW: {
2023-04-02 22:42:25 +08:00
pollfd new_fd{};
2022-02-12 23:43:36 +08:00
poll_callback cb;
xxread(pfd->fd, &new_fd, sizeof(new_fd));
xxread(pfd->fd, &cb, sizeof(cb));
register_poll(&new_fd, cb);
break;
}
case POLL_CTRL_RM: {
int fd = read_int(pfd->fd);
bool auto_close = read_int(pfd->fd);
unregister_poll(fd, auto_close);
break;
}
2023-04-02 22:42:25 +08:00
default:
__builtin_unreachable();
2021-09-18 14:40:12 -07:00
}
}
[[noreturn]] static void poll_loop() {
// Register poll_ctrl
2022-08-19 02:21:52 -07:00
auto pipefd = array<int, 2>{-1, -1};
2021-09-18 14:40:12 -07:00
xpipe2(pipefd, O_CLOEXEC);
poll_ctrl = pipefd[1];
pollfd poll_ctrl_pfd = { pipefd[0], POLLIN, 0 };
register_poll(&poll_ctrl_pfd, poll_ctrl_handler);
for (;;) {
if (poll(poll_fds->data(), poll_fds->size(), -1) <= 0)
continue;
// MUST iterate with index because any poll_callback could add new elements to poll_fds
for (int i = 0; i < poll_fds->size();) {
auto &pfd = (*poll_fds)[i];
if (pfd.revents) {
if (pfd.revents & POLLERR || pfd.revents & POLLNVAL) {
poll_map->erase(pfd.fd);
poll_fds->erase(poll_fds->begin() + i);
continue;
}
if (auto it = poll_map->find(pfd.fd); it != poll_map->end()) {
it->second(&pfd);
}
}
++i;
}
}
}
2022-03-01 02:13:18 -08:00
static void handle_request_async(int client, int code, const sock_cred &cred) {
2021-08-11 22:57:08 -07:00
switch (code) {
2022-03-01 02:13:18 -08:00
case MainRequest::DENYLIST:
2021-09-12 12:40:34 -07:00
denylist_handler(client, &cred);
break;
2022-03-01 02:13:18 -08:00
case MainRequest::SUPERUSER:
su_daemon_handler(client, &cred);
break;
2022-05-28 22:39:44 -07:00
case MainRequest::ZYGOTE_RESTART:
LOGI("** zygote restarted\n");
pkg_xml_ino = 0;
prune_su_access();
reset_zygisk(false);
close(client);
2022-05-28 22:39:44 -07:00
break;
2022-03-01 02:13:18 -08:00
case MainRequest::SQLITE_CMD:
exec_sql(client);
break;
case MainRequest::REMOVE_MODULES: {
int do_reboot = read_int(client);
remove_modules();
write_int(client, 0);
close(client);
if (do_reboot) reboot();
break;
}
2022-03-01 02:13:18 -08:00
case MainRequest::ZYGISK:
2021-08-18 03:44:32 -07:00
zygisk_handler(client, &cred);
break;
default:
2022-02-12 23:43:36 +08:00
__builtin_unreachable();
}
2018-10-12 21:46:09 -04:00
}
2022-03-01 02:13:18 -08:00
static void handle_request_sync(int client, int code) {
2021-08-11 22:57:08 -07:00
switch (code) {
2022-03-01 02:13:18 -08:00
case MainRequest::CHECK_VERSION:
#if MAGISK_DEBUG
write_string(client, MAGISK_VERSION ":MAGISK:D");
#else
write_string(client, MAGISK_VERSION ":MAGISK:R");
#endif
2021-08-11 22:57:08 -07:00
break;
2022-03-01 02:13:18 -08:00
case MainRequest::CHECK_VERSION_CODE:
2021-08-11 22:57:08 -07:00
write_int(client, MAGISK_VER_CODE);
break;
2022-03-01 02:13:18 -08:00
case MainRequest::START_DAEMON:
2023-05-09 18:54:38 -07:00
rust::get_magiskd().setup_logfile();
2021-08-11 22:57:08 -07:00
break;
2022-03-01 02:13:18 -08:00
case MainRequest::STOP_DAEMON:
2021-09-12 12:40:34 -07:00
denylist_handler(-1, nullptr);
2021-08-26 03:09:56 -07:00
write_int(client, 0);
// Terminate the daemon!
exit(0);
2022-02-12 23:43:36 +08:00
default:
__builtin_unreachable();
2021-08-11 22:57:08 -07:00
}
}
2021-10-19 23:46:38 -07:00
static bool is_client(pid_t pid) {
// Verify caller is the same as server
char path[32];
sprintf(path, "/proc/%d/exe", pid);
2022-02-12 23:43:36 +08:00
struct stat st{};
2021-10-19 23:46:38 -07:00
return !(stat(path, &st) || st.st_dev != self_st.st_dev || st.st_ino != self_st.st_ino);
}
2021-09-18 14:40:12 -07:00
static void handle_request(pollfd *pfd) {
int client = xaccept4(pfd->fd, nullptr, nullptr, SOCK_CLOEXEC);
// Verify client credentials
2021-10-19 23:46:38 -07:00
sock_cred cred;
bool is_root;
bool is_zygote;
2021-09-18 14:40:12 -07:00
int code;
if (!get_client_cred(client, &cred)) {
// Client died
2021-10-19 23:46:38 -07:00
goto done;
}
2022-05-30 02:09:07 -07:00
is_root = cred.uid == AID_ROOT;
2021-10-19 23:46:38 -07:00
is_zygote = cred.context == "u:r:zygote:s0";
if (!is_root && !is_zygote && !is_client(cred.pid)) {
// Unsupported client state
write_int(client, MainResponse::ACCESS_DENIED);
2021-08-11 22:57:08 -07:00
goto done;
}
2021-08-11 22:57:08 -07:00
code = read_int(client);
if (code < 0 || code >= MainRequest::END ||
code == MainRequest::_SYNC_BARRIER_ ||
code == MainRequest::_STAGE_BARRIER_) {
// Unknown request code
2021-08-11 22:57:08 -07:00
goto done;
}
// Check client permissions
2022-03-01 02:13:18 -08:00
switch (code) {
case MainRequest::POST_FS_DATA:
case MainRequest::LATE_START:
case MainRequest::BOOT_COMPLETE:
2022-05-28 22:39:44 -07:00
case MainRequest::ZYGOTE_RESTART:
2022-03-01 02:13:18 -08:00
case MainRequest::SQLITE_CMD:
case MainRequest::DENYLIST:
case MainRequest::STOP_DAEMON:
if (!is_root) {
2022-03-01 02:13:18 -08:00
write_int(client, MainResponse::ROOT_REQUIRED);
2021-08-11 22:57:08 -07:00
goto done;
}
break;
2022-03-01 02:13:18 -08:00
case MainRequest::REMOVE_MODULES:
2022-05-30 02:09:07 -07:00
if (!is_root && cred.uid != AID_SHELL) {
write_int(client, MainResponse::ACCESS_DENIED);
goto done;
}
break;
case MainRequest::ZYGISK:
2023-09-25 15:10:54 -07:00
if (!is_zygote) {
// Invalid client context
write_int(client, MainResponse::ACCESS_DENIED);
2021-08-11 22:57:08 -07:00
goto done;
}
break;
2022-02-12 23:43:36 +08:00
default:
break;
}
2022-03-01 02:13:18 -08:00
write_int(client, MainResponse::OK);
2022-02-12 23:43:36 +08:00
2022-03-01 02:13:18 -08:00
if (code < MainRequest::_SYNC_BARRIER_) {
handle_request_sync(client, code);
2021-08-11 22:57:08 -07:00
goto done;
} else if (code < MainRequest::_STAGE_BARRIER_) {
exec_task([=] { handle_request_async(client, code, cred); });
} else {
2023-03-16 10:26:27 +08:00
exec_task([=] { boot_stage_handler(client, code); });
}
return;
2020-05-18 05:18:49 -07:00
2021-08-11 22:57:08 -07:00
done:
close(client);
2017-04-08 07:37:43 +08:00
}
static void switch_cgroup(const char *cgroup, int pid) {
char buf[32];
ssprintf(buf, sizeof(buf), "%s/cgroup.procs", cgroup);
if (access(buf, F_OK) != 0)
return;
int fd = xopen(buf, O_WRONLY | O_APPEND | O_CLOEXEC);
if (fd == -1)
return;
ssprintf(buf, sizeof(buf), "%d\n", pid);
xwrite(fd, buf, strlen(buf));
close(fd);
}
2021-09-18 14:40:12 -07:00
static void daemon_entry() {
2023-05-09 18:54:38 -07:00
android_logging();
// Block all signals
sigset_t block_set;
sigfillset(&block_set);
pthread_sigmask(SIG_SETMASK, &block_set, nullptr);
// Change process name
set_nice_name("magiskd");
int fd = xopen("/dev/null", O_WRONLY);
xdup2(fd, STDOUT_FILENO);
xdup2(fd, STDERR_FILENO);
if (fd > STDERR_FILENO)
close(fd);
fd = xopen("/dev/zero", O_RDONLY);
xdup2(fd, STDIN_FILENO);
if (fd > STDERR_FILENO)
close(fd);
setsid();
2023-03-15 00:24:33 +08:00
setcon(MAGISK_PROC_CON);
2023-05-09 18:54:38 -07:00
rust::daemon_entry();
LOGI(NAME_WITH_VER(Magisk) " daemon started\n");
// Escape from cgroup
int pid = getpid();
switch_cgroup("/acct", pid);
switch_cgroup("/dev/cg2_bpf", pid);
switch_cgroup("/sys/fs/cgroup", pid);
2023-05-18 20:26:20 -07:00
if (get_prop("ro.config.per_app_memcg") != "false") {
switch_cgroup("/dev/memcg/apps", pid);
}
// Get self stat
xstat("/proc/self/exe", &self_st);
// Get API level
parse_prop_file("/system/build.prop", [](auto key, auto val) -> bool {
if (key == "ro.build.version.sdk") {
SDK_INT = parse_int(val);
return false;
}
return true;
});
if (SDK_INT < 0) {
// In case some devices do not store this info in build.prop, fallback to getprop
2023-05-18 20:26:20 -07:00
auto sdk = get_prop("ro.build.version.sdk");
if (!sdk.empty()) {
SDK_INT = parse_int(sdk);
}
}
LOGI("* Device API level: %d\n", SDK_INT);
restore_tmpcon();
2023-02-28 21:51:58 +08:00
// Cleanups
2023-11-02 15:50:36 -07:00
const char *tmp = get_magisk_tmp();
char path[64];
ssprintf(path, sizeof(path), "%s/" ROOTMNT, tmp);
if (access(path, F_OK) == 0) {
file_readline(true, path, [](string_view line) -> bool {
umount2(line.data(), MNT_DETACH);
return true;
});
}
2023-02-28 21:51:58 +08:00
if (getenv("REMOUNT_ROOT")) {
xmount(nullptr, "/", nullptr, MS_REMOUNT | MS_RDONLY, nullptr);
unsetenv("REMOUNT_ROOT");
}
2023-11-02 15:50:36 -07:00
ssprintf(path, sizeof(path), "%s/" ROOTOVL, tmp);
rm_rf(path);
2022-04-09 17:13:30 +08:00
// Load config status
2023-11-02 15:50:36 -07:00
ssprintf(path, sizeof(path), "%s/" MAIN_CONFIG, tmp);
parse_prop_file(path, [](auto key, auto val) -> bool {
if (key == "RECOVERYMODE" && val == "true")
RECOVERY_MODE = true;
return true;
});
// Use isolated devpts if kernel support
if (access("/dev/pts/ptmx", F_OK) == 0) {
2023-11-02 15:50:36 -07:00
ssprintf(path, sizeof(path), "%s/" SHELLPTS, tmp);
if (access(path, F_OK)) {
xmkdirs(path, 0755);
xmount("devpts", path, "devpts", MS_NOSUID | MS_NOEXEC, "newinstance");
char ptmx[64];
ssprintf(ptmx, sizeof(ptmx), "%s/ptmx", path);
if (access(ptmx, F_OK)) {
xumount(path);
rmdir(path);
2021-09-20 13:15:16 +08:00
}
}
}
fd = xsocket(AF_LOCAL, SOCK_STREAM | SOCK_CLOEXEC, 0);
2023-04-02 22:42:25 +08:00
sockaddr_un addr = {.sun_family = AF_LOCAL};
2023-11-02 15:50:36 -07:00
ssprintf(addr.sun_path, sizeof(addr.sun_path), "%s/" MAIN_SOCKET, tmp);
2023-04-02 22:42:25 +08:00
unlink(addr.sun_path);
if (xbind(fd, (sockaddr *) &addr, sizeof(addr)))
exit(1);
2023-04-02 22:42:25 +08:00
chmod(addr.sun_path, 0666);
setfilecon(addr.sun_path, MAGISK_FILE_CON);
xlisten(fd, 10);
2021-09-18 14:40:12 -07:00
default_new(poll_map);
default_new(poll_fds);
default_new(module_list);
2021-09-18 14:40:12 -07:00
// Register handler for main socket
pollfd main_socket_pfd = { fd, POLLIN, 0 };
register_poll(&main_socket_pfd, handle_request);
// Loop forever to listen for requests
2021-09-18 14:40:12 -07:00
poll_loop();
2017-04-08 07:37:43 +08:00
}
2023-10-29 00:47:28 -07:00
const char *get_magisk_tmp() {
static const char *path = nullptr;
if (path == nullptr) {
if (access("/debug_ramdisk/" INTLROOT, F_OK) == 0) {
path = "/debug_ramdisk";
} else if (access("/sbin/" INTLROOT, F_OK) == 0) {
path = "/sbin";
} else {
path = "";
2023-05-23 00:35:30 +08:00
}
}
2023-10-29 00:47:28 -07:00
return path;
2023-05-23 00:35:30 +08:00
}
2022-03-01 02:13:18 -08:00
int connect_daemon(int req, bool create) {
2023-04-02 22:42:25 +08:00
int fd = xsocket(AF_LOCAL, SOCK_STREAM | SOCK_CLOEXEC, 0);
sockaddr_un addr = {.sun_family = AF_LOCAL};
2023-10-29 00:47:28 -07:00
const char *tmp = get_magisk_tmp();
ssprintf(addr.sun_path, sizeof(addr.sun_path), "%s/" MAIN_SOCKET, tmp);
2023-04-02 22:42:25 +08:00
if (connect(fd, (sockaddr *) &addr, sizeof(addr))) {
2022-05-30 02:09:07 -07:00
if (!create || getuid() != AID_ROOT) {
LOGE("No daemon is currently running!\n");
2021-09-23 15:18:34 +08:00
close(fd);
2021-08-22 02:11:48 -07:00
return -1;
}
2022-05-29 14:28:56 +08:00
char buf[64];
xreadlink("/proc/self/exe", buf, sizeof(buf));
2023-10-29 00:47:28 -07:00
if (tmp[0] == '\0' || !str_starts(buf, tmp)) {
2023-04-02 22:42:25 +08:00
LOGE("Start daemon on magisk tmpfs\n");
2022-05-29 14:28:56 +08:00
close(fd);
return -1;
}
if (fork_dont_care() == 0) {
close(fd);
daemon_entry();
}
2023-04-02 22:42:25 +08:00
while (connect(fd, (sockaddr *) &addr, sizeof(addr)))
usleep(10000);
}
2022-03-01 02:13:18 -08:00
write_int(fd, req);
int res = read_int(fd);
if (res < MainResponse::ERROR || res >= MainResponse::END)
res = MainResponse::ERROR;
2022-02-12 23:43:36 +08:00
switch (res) {
2022-03-01 02:13:18 -08:00
case MainResponse::OK:
2022-02-12 23:43:36 +08:00
break;
2022-03-01 02:13:18 -08:00
case MainResponse::ERROR:
2022-02-12 23:43:36 +08:00
LOGE("Daemon error\n");
close(fd);
return -1;
2022-03-01 02:13:18 -08:00
case MainResponse::ROOT_REQUIRED:
2022-02-12 23:43:36 +08:00
LOGE("Root is required for this operation\n");
close(fd);
return -1;
case MainResponse::ACCESS_DENIED:
LOGE("Access denied\n");
close(fd);
return -1;
2022-03-01 02:13:18 -08:00
default:
2022-02-12 23:43:36 +08:00
__builtin_unreachable();
}
return fd;
2017-04-08 07:37:43 +08:00
}