TheArchive/Magisk
1
0
Fork 0
mirror of https://github.com/topjohnwu/Magisk.git synced 2025-04-22 11:51:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove enforcement

Browse Source 
Enforcement will be re-implemented later
This commit is contained in:
topjohnwu 2022-05-11 00:31:18 -07:00 committed by John Wu
parent 05d6d2b51b
commit 029422679c
8 changed files with 17 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/src/main/java/com/topjohnwu/magisk/core/Config.kt
View File

@ -41,7 +41,6 @@ object Config : PreferenceModel, DBConfig {
const val DENYLIST = "denylist" const val DENYLIST = "denylist"
const val SU_MANAGER = "requester" const val SU_MANAGER = "requester"
const val KEYSTORE = "keystore" const val KEYSTORE = "keystore"
const val CERTDIGEST = "cert_digest"
// prefs // prefs
const val SU_REQUEST_TIMEOUT = "su_request_timeout" const val SU_REQUEST_TIMEOUT = "su_request_timeout"
@ -153,7 +152,6 @@ object Config : PreferenceModel, DBConfig {
var denyList by DBBoolSettingsNoWrite(Key.DENYLIST, false) var denyList by DBBoolSettingsNoWrite(Key.DENYLIST, false)
var suManager by dbStrings(Key.SU_MANAGER, "", true) var suManager by dbStrings(Key.SU_MANAGER, "", true)
var keyStoreRaw by dbStrings(Key.KEYSTORE, "", true) var keyStoreRaw by dbStrings(Key.KEYSTORE, "", true)
var certDigest by dbStrings(Key.CERTDIGEST, "", true)
private const val SU_FINGERPRINT = "su_fingerprint" private const val SU_FINGERPRINT = "su_fingerprint"

1
app/src/main/java/com/topjohnwu/magisk/core/tasks/HideAPK.kt
View File

@ -121,7 +121,6 @@ object HideAPK {
val repack = File(activity.cacheDir, "patched.apk") val repack = File(activity.cacheDir, "patched.apk")
val pkg = genPackageName() val pkg = genPackageName()
Config.keyStoreRaw = "" Config.keyStoreRaw = ""
Config.certDigest = ""
if (!patch(activity, stub, FileOutputStream(repack), pkg, label)) if (!patch(activity, stub, FileOutputStream(repack), pkg, label))
return false return false

4
app/src/main/java/com/topjohnwu/magisk/core/utils/Keygen.kt
View File

@ -12,7 +12,6 @@ import java.io.ByteArrayOutputStream
import java.math.BigInteger import java.math.BigInteger
import java.security.KeyPairGenerator import java.security.KeyPairGenerator
import java.security.KeyStore import java.security.KeyStore
import java.security.MessageDigest
import java.security.PrivateKey import java.security.PrivateKey
import java.security.cert.X509Certificate import java.security.cert.X509Certificate
import java.util.* import java.util.*
@ -74,9 +73,6 @@ class Keygen : CertKeyProvider {
} }
Config.keyStoreRaw = bytes.toString("UTF-8") Config.keyStoreRaw = bytes.toString("UTF-8")
val digest = MessageDigest.getInstance("SHA-256").digest(cert.encoded)
Config.certDigest = digest.joinToString("") { "%02x".format(it) }
return ks return ks
} }
} }

2
native/jni/core/bootstages.cpp
View File

@ -20,7 +20,6 @@ using namespace std;
static bool safe_mode = false; static bool safe_mode = false;
static int stub_fd = -1; static int stub_fd = -1;
bool zygisk_enabled = false; bool zygisk_enabled = false;
string APKCERT;
/********* /*********
* Setup * * Setup *
@ -125,7 +124,6 @@ static bool magisk_env() {
LOGI("* Initializing Magisk environment\n"); LOGI("* Initializing Magisk environment\n");
string stub_path = MAGISKTMP + "/stub.apk"; string stub_path = MAGISKTMP + "/stub.apk";
APKCERT = read_certificate(stub_path);
stub_fd = xopen(stub_path.data(), O_RDONLY | O_CLOEXEC); stub_fd = xopen(stub_path.data(), O_RDONLY | O_CLOEXEC);
unlink(stub_path.data()); unlink(stub_path.data());

55
native/jni/core/db.cpp
View File

@ -6,7 +6,6 @@
#include <db.hpp> #include <db.hpp>
#include <socket.hpp> #include <socket.hpp>
#include <utils.hpp> #include <utils.hpp>
#include <mincrypt/sha256.h>
#define DB_VERSION 12 #define DB_VERSION 12
@ -360,89 +359,43 @@ int get_db_strings(db_strings &str, int key) {
return 0; return 0;
} }
static bool is_stub_trusted(const char *pkg, const char *trust_hash) {
// TODO: Remove when next stable released
if (trust_hash[0] == 0) {
LOGW("su: skip check stub.apk signature\n");
return true;
}
string cert = read_certificate(find_apk_path(pkg));
if (cert.empty())
return false;
uint8_t hash[SHA256_DIGEST_SIZE];
SHA256_hash(cert.data(), cert.length(), hash);
char hash_hex[SHA256_DIGEST_SIZE * 2 + 1];
char *ptr = &hash_hex[0];
for (uint8_t i: hash) {
ptr += sprintf(ptr, "%02x", i);
}
return strcmp(trust_hash, hash_hex) == 0;
}
bool get_manager(int user_id, std::string *pkg, struct stat *st) { bool get_manager(int user_id, std::string *pkg, struct stat *st) {
db_strings str; db_strings str;
get_db_strings(str, SU_MANAGER); get_db_strings(str, SU_MANAGER);
get_db_strings(str, CERT_DIGEST);
char app_path[128]; char app_path[128];
if (APKCERT.empty())
LOGW("su: skip check app signature\n");
if (!str[SU_MANAGER].empty()) { if (!str[SU_MANAGER].empty()) {
// App is repackaged // App is repackaged
sprintf(app_path, "%s/%d/%s", APP_DATA_DIR, user_id, str[SU_MANAGER].data()); sprintf(app_path, "%s/%d/%s", APP_DATA_DIR, user_id, str[SU_MANAGER].data());
if (stat(app_path, st) == 0) { if (stat(app_path, st) == 0) {
if (is_stub_trusted(str[SU_MANAGER].data(), str[CERT_DIGEST].data())) {
strcpy(app_path, "/dyn/current.apk");
if (!APKCERT.empty() && access(app_path, F_OK) == 0) {
if (read_certificate(app_path) == APKCERT) {
if (pkg) if (pkg)
pkg->swap(str[SU_MANAGER]); pkg->swap(str[SU_MANAGER]);
return true; return true;
} else {
LOGW("su: current.apk signature mismatch\n");
}
} else {
if (pkg)
pkg->swap(str[SU_MANAGER]);
return true;
}
} else {
LOGW("su: stub.apk signature mismatch\n");
}
} }
} }
// Check the official package name // Check the official package name
sprintf(app_path, "%s/%d/" JAVA_PACKAGE_NAME, APP_DATA_DIR, user_id); sprintf(app_path, "%s/%d/" JAVA_PACKAGE_NAME, APP_DATA_DIR, user_id);
if (stat(app_path, st) == 0) { if (stat(app_path, st) == 0) {
string cert = read_certificate(find_apk_path(JAVA_PACKAGE_NAME));
if (APKCERT.empty())
cert.clear();
if (cert == APKCERT) {
if (pkg) if (pkg)
*pkg = JAVA_PACKAGE_NAME; *pkg = JAVA_PACKAGE_NAME;
return true; return true;
} else { } else {
LOGW("su: app signature mismatch\n"); LOGE("su: cannot find manager\n");
}
}
LOGE("su: cannot find trusted app\n");
memset(st, 0, sizeof(*st)); memset(st, 0, sizeof(*st));
if (pkg) if (pkg)
pkg->clear(); pkg->clear();
return false; return false;
}
} }
bool get_manager(string *pkg) { bool get_manager(string *pkg) {
struct stat st{}; struct stat st;
return get_manager(0, pkg, &st); return get_manager(0, pkg, &st);
} }
int get_manager_app_id() { int get_manager_app_id() {
struct stat st{}; struct stat st;
if (get_manager(0, nullptr, &st)) if (get_manager(0, nullptr, &st))
return to_app_id(st.st_uid); return to_app_id(st.st_uid);
return -1; return -1;

3
native/jni/core/scripting.cpp
View File

@ -152,7 +152,6 @@ void exec_module_scripts(const char *stage, const vector<string_view> &modules)
constexpr char install_script[] = R"EOF( constexpr char install_script[] = R"EOF(
APK=%s APK=%s
log -t Magisk "apk_uninstall: $(pm uninstall %s 2>&1)"
log -t Magisk "apk_install: $APK" log -t Magisk "apk_install: $APK"
log -t Magisk "apk_install: $(pm install -r $APK 2>&1)" log -t Magisk "apk_install: $(pm install -r $APK 2>&1)"
rm -f $APK rm -f $APK
@ -164,7 +163,7 @@ void install_apk(const char *apk) {
.fork = fork_no_orphan .fork = fork_no_orphan
}; };
char cmds[sizeof(install_script) + 4096]; char cmds[sizeof(install_script) + 4096];
sprintf(cmds, install_script, apk, JAVA_PACKAGE_NAME); sprintf(cmds, install_script, apk);
exec_command_sync(exec, "/system/bin/sh", "-c", cmds); exec_command_sync(exec, "/system/bin/sh", "-c", cmds);
} }

5
native/jni/include/db.hpp
View File

@ -84,12 +84,11 @@ protected:
* DB Strings * * DB Strings *
**************/ **************/
constexpr const char *DB_STRING_KEYS[] = { "requester", "cert_digest" }; constexpr const char *DB_STRING_KEYS[] = { "requester" };
// Strings keys indices // Strings keys indices
enum { enum {
SU_MANAGER = 0, SU_MANAGER = 0
CERT_DIGEST
}; };
class db_strings : public db_dict<std::string, std::size(DB_STRING_KEYS)> { class db_strings : public db_dict<std::string, std::size(DB_STRING_KEYS)> {

1
native/jni/include/magisk.hpp
View File

@ -35,7 +35,6 @@ constexpr const char *applet_names[] = { "su", "resetprop", nullptr };
extern int SDK_INT; extern int SDK_INT;
#define APP_DATA_DIR (SDK_INT >= 24 ? "/data/user_de" : "/data/user") #define APP_DATA_DIR (SDK_INT >= 24 ? "/data/user_de" : "/data/user")
extern std::string APKCERT;
// Multi-call entrypoints // Multi-call entrypoints
int magisk_main(int argc, char *argv[]); int magisk_main(int argc, char *argv[]);