Remove enforcement

Enforcement will be re-implemented later
2025-02-19 21:58:28 +00:00 · 2022-05-11 00:31:18 -07:00 · 2022-05-11 00:31:18 -07:00 · 029422679c
commit 029422679c
parent 05d6d2b51b
8 changed files with 17 additions and 76 deletions
--- a/app/src/main/java/com/topjohnwu/magisk/core/Config.kt
+++ b/app/src/main/java/com/topjohnwu/magisk/core/Config.kt
@ -41,7 +41,6 @@ object Config : PreferenceModel, DBConfig {
        const val DENYLIST = "denylist"
        const val SU_MANAGER = "requester"
        const val KEYSTORE = "keystore"
-        const val CERTDIGEST = "cert_digest"

        // prefs
        const val SU_REQUEST_TIMEOUT = "su_request_timeout"
@ -153,7 +152,6 @@ object Config : PreferenceModel, DBConfig {
    var denyList by DBBoolSettingsNoWrite(Key.DENYLIST, false)
    var suManager by dbStrings(Key.SU_MANAGER, "", true)
    var keyStoreRaw by dbStrings(Key.KEYSTORE, "", true)
-    var certDigest by dbStrings(Key.CERTDIGEST, "", true)

    private const val SU_FINGERPRINT = "su_fingerprint"

--- a/app/src/main/java/com/topjohnwu/magisk/core/tasks/HideAPK.kt
+++ b/app/src/main/java/com/topjohnwu/magisk/core/tasks/HideAPK.kt
@ -121,7 +121,6 @@ object HideAPK {
        val repack = File(activity.cacheDir, "patched.apk")
        val pkg = genPackageName()
        Config.keyStoreRaw = ""
-        Config.certDigest = ""

        if (!patch(activity, stub, FileOutputStream(repack), pkg, label))
            return false
--- a/app/src/main/java/com/topjohnwu/magisk/core/utils/Keygen.kt
+++ b/app/src/main/java/com/topjohnwu/magisk/core/utils/Keygen.kt
@ -12,7 +12,6 @@ import java.io.ByteArrayOutputStream
 import java.math.BigInteger
 import java.security.KeyPairGenerator
 import java.security.KeyStore
-import java.security.MessageDigest
 import java.security.PrivateKey
 import java.security.cert.X509Certificate
 import java.util.*
@ -74,9 +73,6 @@ class Keygen : CertKeyProvider {
        }
        Config.keyStoreRaw = bytes.toString("UTF-8")

-        val digest = MessageDigest.getInstance("SHA-256").digest(cert.encoded)
-        Config.certDigest = digest.joinToString("") { "%02x".format(it) }
-
        return ks
    }
 }
--- a/native/jni/core/bootstages.cpp
+++ b/native/jni/core/bootstages.cpp
@ -20,7 +20,6 @@ using namespace std;
 static bool safe_mode = false;
 static int stub_fd = -1;
 bool zygisk_enabled = false;
-string APKCERT;

 /*********
 * Setup *
@ -125,7 +124,6 @@ static bool magisk_env() {
    LOGI("* Initializing Magisk environment\n");

    string stub_path = MAGISKTMP + "/stub.apk";
-    APKCERT = read_certificate(stub_path);
    stub_fd = xopen(stub_path.data(), O_RDONLY | O_CLOEXEC);
    unlink(stub_path.data());

--- a/native/jni/core/db.cpp
+++ b/native/jni/core/db.cpp
@ -6,7 +6,6 @@
 #include <db.hpp>
 #include <socket.hpp>
 #include <utils.hpp>
-#include <mincrypt/sha256.h>

 #define DB_VERSION 12

@ -360,89 +359,43 @@ int get_db_strings(db_strings &str, int key) {
    return 0;
 }

-static bool is_stub_trusted(const char *pkg, const char *trust_hash) {
-    // TODO: Remove when next stable released
-    if (trust_hash[0] == 0) {
-        LOGW("su: skip check stub.apk signature\n");
-        return true;
-    }
-
-    string cert = read_certificate(find_apk_path(pkg));
-    if (cert.empty())
-        return false;
-    uint8_t hash[SHA256_DIGEST_SIZE];
-    SHA256_hash(cert.data(), cert.length(), hash);
-    char hash_hex[SHA256_DIGEST_SIZE * 2 + 1];
-    char *ptr = &hash_hex[0];
-    for (uint8_t i: hash) {
-        ptr += sprintf(ptr, "%02x", i);
-    }
-    return strcmp(trust_hash, hash_hex) == 0;
-}
-
 bool get_manager(int user_id, std::string *pkg, struct stat *st) {
    db_strings str;
    get_db_strings(str, SU_MANAGER);
-    get_db_strings(str, CERT_DIGEST);
    char app_path[128];

-    if (APKCERT.empty())
-        LOGW("su: skip check app signature\n");
-
    if (!str[SU_MANAGER].empty()) {
        // App is repackaged
        sprintf(app_path, "%s/%d/%s", APP_DATA_DIR, user_id, str[SU_MANAGER].data());
        if (stat(app_path, st) == 0) {
-            if (is_stub_trusted(str[SU_MANAGER].data(), str[CERT_DIGEST].data())) {
-                strcpy(app_path, "/dyn/current.apk");
-                if (!APKCERT.empty() && access(app_path, F_OK) == 0) {
-                    if (read_certificate(app_path) == APKCERT) {
-                        if (pkg)
-                            pkg->swap(str[SU_MANAGER]);
-                        return true;
-                    } else {
-                        LOGW("su: current.apk signature mismatch\n");
-                    }
-                } else {
-                    if (pkg)
-                        pkg->swap(str[SU_MANAGER]);
-                    return true;
-                }
-            } else {
-                LOGW("su: stub.apk signature mismatch\n");
-            }
+            if (pkg)
+                pkg->swap(str[SU_MANAGER]);
+            return true;
        }
    }

    // Check the official package name
    sprintf(app_path, "%s/%d/" JAVA_PACKAGE_NAME, APP_DATA_DIR, user_id);
    if (stat(app_path, st) == 0) {
-        string cert = read_certificate(find_apk_path(JAVA_PACKAGE_NAME));
-        if (APKCERT.empty())
-            cert.clear();
-        if (cert == APKCERT) {
-            if (pkg)
-                *pkg = JAVA_PACKAGE_NAME;
-            return true;
-        } else {
-            LOGW("su: app signature mismatch\n");
-        }
+        if (pkg)
+            *pkg = JAVA_PACKAGE_NAME;
+        return true;
+    } else {
+        LOGE("su: cannot find manager\n");
+        memset(st, 0, sizeof(*st));
+        if (pkg)
+            pkg->clear();
+        return false;
    }
-
-    LOGE("su: cannot find trusted app\n");
-    memset(st, 0, sizeof(*st));
-    if (pkg)
-        pkg->clear();
-    return false;
 }

 bool get_manager(string *pkg) {
-    struct stat st{};
+    struct stat st;
    return get_manager(0, pkg, &st);
 }

 int get_manager_app_id() {
-    struct stat st{};
+    struct stat st;
    if (get_manager(0, nullptr, &st))
        return to_app_id(st.st_uid);
    return -1;
--- a/native/jni/core/scripting.cpp
+++ b/native/jni/core/scripting.cpp
@ -152,7 +152,6 @@ void exec_module_scripts(const char *stage, const vector<string_view> &modules)

 constexpr char install_script[] = R"EOF(
 APK=%s
-log -t Magisk "apk_uninstall: $(pm uninstall %s 2>&1)"
 log -t Magisk "apk_install: $APK"
 log -t Magisk "apk_install: $(pm install -r $APK 2>&1)"
 rm -f $APK
@ -164,7 +163,7 @@ void install_apk(const char *apk) {
        .fork = fork_no_orphan
    };
    char cmds[sizeof(install_script) + 4096];
-    sprintf(cmds, install_script, apk, JAVA_PACKAGE_NAME);
+    sprintf(cmds, install_script, apk);
    exec_command_sync(exec, "/system/bin/sh", "-c", cmds);
 }

--- a/native/jni/include/db.hpp
+++ b/native/jni/include/db.hpp
@ -84,12 +84,11 @@ protected:
 * DB Strings *
 **************/

-constexpr const char *DB_STRING_KEYS[] = { "requester", "cert_digest" };
+constexpr const char *DB_STRING_KEYS[] = { "requester" };

 // Strings keys indices
 enum {
-    SU_MANAGER = 0,
-    CERT_DIGEST
+    SU_MANAGER = 0
 };

 class db_strings : public db_dict<std::string, std::size(DB_STRING_KEYS)> {
--- a/native/jni/include/magisk.hpp
+++ b/native/jni/include/magisk.hpp
@ -35,7 +35,6 @@ constexpr const char *applet_names[] = { "su", "resetprop", nullptr };

 extern int SDK_INT;
 #define APP_DATA_DIR (SDK_INT >= 24 ? "/data/user_de" : "/data/user")
-extern std::string APKCERT;

 // Multi-call entrypoints
 int magisk_main(int argc, char *argv[]);