From 0204d05316abe610ec52dc25ceccfbd532b3de6b Mon Sep 17 00:00:00 2001 From: topjohnwu Date: Fri, 8 Mar 2019 03:35:17 -0500 Subject: [PATCH] Remove Zygote notifier Temporary trigger process scan on packages.xml updates, will find better methods --- native/jni/core/applets.cpp | 2 - native/jni/core/bootstages.cpp | 9 ---- native/jni/core/daemon.cpp | 3 -- native/jni/core/magisk.cpp | 27 ---------- native/jni/include/magisk.h | 1 - native/jni/magiskhide/magiskhide.h | 2 - native/jni/magiskhide/proc_monitor.cpp | 73 +++++++------------------- 7 files changed, 18 insertions(+), 99 deletions(-) diff --git a/native/jni/core/applets.cpp b/native/jni/core/applets.cpp index c4d1ad1e5..de9f5f161 100644 --- a/native/jni/core/applets.cpp +++ b/native/jni/core/applets.cpp @@ -18,8 +18,6 @@ static int (*applet_main[]) (int, char *[]) = exit((*applet_main[i])(argc, argv)); } } - if (strncmp(basename(argv[0]), "app_process", 11) == 0) - exit(app_process_main(argc, argv)); fprintf(stderr, "%s: applet not found\n", argv[0]); exit(1); } diff --git a/native/jni/core/bootstages.cpp b/native/jni/core/bootstages.cpp index 5c6bc0412..8b63ccd30 100644 --- a/native/jni/core/bootstages.cpp +++ b/native/jni/core/bootstages.cpp @@ -577,15 +577,6 @@ static void dump_logs() { [[noreturn]] static void core_only() { auto_start_magiskhide(); - cp_afc("/sbin/magisk", MAGISKTMP "/app_process"); - struct stat st; - for (const char *app : { "app_process", "app_process32", "app_process64" }) { - sprintf(buf, "/system/bin/%s", app); - if (lstat(buf, &st) == 0 && S_ISREG(st.st_mode)) { - clone_attr(buf, MAGISKTMP "/app_process"); - bind_mount(MAGISKTMP "/app_process", buf, false); - } - } unblock_boot_process(); } diff --git a/native/jni/core/daemon.cpp b/native/jni/core/daemon.cpp index 78db0d24c..944fc990e 100644 --- a/native/jni/core/daemon.cpp +++ b/native/jni/core/daemon.cpp @@ -89,9 +89,6 @@ static void *request_handler(void *args) { case SQLITE_CMD: exec_sql(client); break; - case ZYGOTE_NOTIFY: - zygote_notify(client, &credential); - break; default: close(client); break; diff --git a/native/jni/core/magisk.cpp b/native/jni/core/magisk.cpp index 4c01776ab..b2543f6f3 100644 --- a/native/jni/core/magisk.cpp +++ b/native/jni/core/magisk.cpp @@ -112,30 +112,3 @@ int magisk_main(int argc, char *argv[]) { #endif usage(); } - -int app_process_main(int argc, char *argv[]) { - char path[512]; - bool zygote = false; - for (int i = 0; i < argc; ++i) { - if (strcmp(argv[i], "--zygote") == 0) { - zygote = true; - break; - } - } - if (zygote) { - // Notify main daemon - sprintf(path, "/system/bin/%s", basename(argv[0])); - umount2(path, MNT_DETACH); - int fd = connect_daemon(); - write_int(fd, ZYGOTE_NOTIFY); - write_string(fd, path); - read_int(fd); - close(fd); - } else { - // Redirect to system mirror - sprintf(path, MIRRDIR "/system/bin/%s", basename(argv[0])); - } - argv[0] = path; - execve(path, argv, environ); - return -1; -} diff --git a/native/jni/include/magisk.h b/native/jni/include/magisk.h index af9dd113d..8f7fd6176 100644 --- a/native/jni/include/magisk.h +++ b/native/jni/include/magisk.h @@ -50,6 +50,5 @@ int magiskhide_main(int argc, char *argv[]); int magiskpolicy_main(int argc, char *argv[]); int su_client_main(int argc, char *argv[]); int resetprop_main(int argc, char *argv[]); -int app_process_main(int argc, char *argv[]); #endif diff --git a/native/jni/magiskhide/magiskhide.h b/native/jni/magiskhide/magiskhide.h index 097e1ea6b..eaaa082f0 100644 --- a/native/jni/magiskhide/magiskhide.h +++ b/native/jni/magiskhide/magiskhide.h @@ -12,7 +12,6 @@ #include "daemon.h" #define SIGTERMTHRD SIGUSR1 -#define SIGZYGOTE SIGUSR2 #define SAFETYNET_COMPONENT "com.google.android.gms/.droidguard.DroidGuardService" #define SAFETYNET_PROCESS "com.google.android.gms.unstable" @@ -42,7 +41,6 @@ extern pthread_t proc_monitor_thread; extern bool hide_enabled; extern pthread_mutex_t monitor_lock; extern std::set> hide_set; -extern int next_zygote; enum { LAUNCH_MAGISKHIDE, diff --git a/native/jni/magiskhide/proc_monitor.cpp b/native/jni/magiskhide/proc_monitor.cpp index e8133c76e..f3c9842c6 100644 --- a/native/jni/magiskhide/proc_monitor.cpp +++ b/native/jni/magiskhide/proc_monitor.cpp @@ -114,8 +114,22 @@ static bool parse_packages_xml(string_view s) { return true; } +static void check_zygote() { + crawl_procfs([](int pid) -> bool { + char buf[512]; + snprintf(buf, sizeof(buf), "/proc/%d/cmdline", pid); + FILE *f = fopen(buf, "re"); + if (f) { + fgets(buf, sizeof(buf), f); + if (strncmp(buf, "zygote", 6) == 0) + new_zygote(pid); + fclose(f); + } + return true; + }); +} + void *update_uid_map(void*) { - LOGD("proc_monitor: Updating uid maps\n"); MutexGuard lock(monitor_lock); uid_proc_map.clear(); file_readline("/data/system/packages.xml", parse_packages_xml, true); @@ -194,22 +208,11 @@ static void inotify_event(int) { read(inotify_fd, buf, sizeof(buf)); if ((event->mask & IN_CLOSE_WRITE) && strcmp(event->name, "packages.xml") == 0) { LOGD("proc_monitor: /data/system/packages.xml updated\n"); - // Use new thread to parse xml, don't block zygote tracing - new_daemon_thread(update_uid_map); + check_zygote(); + update_uid_map(); } } -static void zygote_sig(int) { - int pid; - { - MutexGuard lock(monitor_lock); - pid = next_zygote; - next_zygote = -1; - } - if (pid > 0) - new_zygote(pid); -} - // Workaround for the lack of pthread_cancel static void term_thread(int) { LOGD("proc_monitor: cleaning up\n"); @@ -241,32 +244,6 @@ static void term_thread(int) { //#define PTRACE_LOG(fmt, args...) LOGD("PID=[%d] " fmt, pid, ##args) #define PTRACE_LOG(...) -int next_zygote = -1; - -void zygote_notify(int client, struct ucred *cred) { - char *path = read_string(client); - - xptrace(PTRACE_ATTACH, cred->pid); - // Wait for attach - waitpid(cred->pid, nullptr, __WALL | __WNOTHREAD); - xptrace(PTRACE_CONT, cred->pid); - write_int(client, 0); - close(client); - // Wait for exec - waitpid(cred->pid, nullptr, __WALL | __WNOTHREAD); - xptrace(PTRACE_DETACH, cred->pid); - - if (hide_enabled) { - MutexGuard lock(monitor_lock); - next_zygote = cred->pid; - pthread_kill(proc_monitor_thread, SIGZYGOTE); - } - - // Remount zygote notifier ASAP - xmount(MAGISKTMP "/app_process", path, nullptr, MS_BIND, nullptr); - free(path); -} - static bool check_pid(int pid) { char path[128]; char cmdline[1024]; @@ -357,15 +334,12 @@ void proc_monitor() { sigset_t block_set; sigemptyset(&block_set); sigaddset(&block_set, SIGTERMTHRD); - sigaddset(&block_set, SIGZYGOTE); sigaddset(&block_set, SIGIO); pthread_sigmask(SIG_UNBLOCK, &block_set, nullptr); struct sigaction act{}; act.sa_handler = term_thread; sigaction(SIGTERMTHRD, &act, nullptr); - act.sa_handler = zygote_sig; - sigaction(SIGZYGOTE, &act, nullptr); act.sa_handler = inotify_event; sigaction(SIGIO, &act, nullptr); @@ -381,18 +355,7 @@ void proc_monitor() { inotify_add_watch(inotify_fd, "/data/system", IN_CLOSE_WRITE); // First find existing zygotes - crawl_procfs([](int pid) -> bool { - char buf[512]; - snprintf(buf, sizeof(buf), "/proc/%d/cmdline", pid); - FILE *f = fopen(buf, "re"); - if (f) { - fgets(buf, sizeof(buf), f); - if (strncmp(buf, "zygote", 6) == 0) - new_zygote(pid); - fclose(f); - } - return true; - }); + check_zygote(); int status;