From 515f346dcc21209de414032d8390b189fd893a40 Mon Sep 17 00:00:00 2001 From: topjohnwu Date: Mon, 22 Apr 2019 16:36:23 -0400 Subject: [PATCH] Monitor app_process Some stupid Samsung ROMs will spawn multiple zygote daemons. Since we switched to ptrace based process monitoring, we have to know all zygote processes to trace. This is an attempt to fix this issue. Close #1272 --- native/jni/magiskhide/hide_utils.cpp | 2 +- native/jni/magiskhide/magiskhide.h | 5 +- native/jni/magiskhide/proc_monitor.cpp | 75 ++++++++++++++++---------- 3 files changed, 49 insertions(+), 33 deletions(-) diff --git a/native/jni/magiskhide/hide_utils.cpp b/native/jni/magiskhide/hide_utils.cpp index 4166847c8..b95c40953 100644 --- a/native/jni/magiskhide/hide_utils.cpp +++ b/native/jni/magiskhide/hide_utils.cpp @@ -71,7 +71,7 @@ void crawl_procfs(DIR *dir, const function &fn) { } } -bool proc_name_match(int pid, const char *name) { +static bool proc_name_match(int pid, const char *name) { char buf[4019]; FILE *f; #if 0 diff --git a/native/jni/magiskhide/magiskhide.h b/native/jni/magiskhide/magiskhide.h index 7e0a81e0e..e60ba8a51 100644 --- a/native/jni/magiskhide/magiskhide.h +++ b/native/jni/magiskhide/magiskhide.h @@ -19,8 +19,6 @@ #define SAFETYNET_PKG "com.google.android.gms" #define MICROG_SAFETYNET "org.microg.gms.droidguard" -#define WEVENT(s) (((s) & 0xffff0000) >> 16) - // CLI entries void launch_magiskhide(int client); int stop_magiskhide(); @@ -29,15 +27,14 @@ int rm_list(int client); void ls_list(int client); // Process monitoring -void *update_uid_map(void * p = nullptr); void proc_monitor(); +void update_uid_map(); // Utility functions void manage_selinux(); void clean_magisk_props(); void crawl_procfs(const std::function &fn); void crawl_procfs(DIR *dir, const std::function &fn); -bool proc_name_match(int pid, const char *name); extern bool hide_enabled; extern pthread_mutex_t monitor_lock; diff --git a/native/jni/magiskhide/proc_monitor.cpp b/native/jni/magiskhide/proc_monitor.cpp index be6b47a63..0881112c8 100644 --- a/native/jni/magiskhide/proc_monitor.cpp +++ b/native/jni/magiskhide/proc_monitor.cpp @@ -134,18 +134,21 @@ static bool parse_packages_xml(string_view s) { return true; } +void update_uid_map() { + MutexGuard lock(monitor_lock); + uid_proc_map.clear(); + file_readline("/data/system/packages.xml", parse_packages_xml, true); +} + static void check_zygote() { int min_zyg = 1; if (access("/system/bin/app_process64", R_OK) == 0) min_zyg = 2; - for (bool first = true; zygote_map.size() < min_zyg; first = false) { - if (!first) - usleep(10000); + for (;;) { crawl_procfs([](int pid) -> bool { char buf[512]; snprintf(buf, sizeof(buf), "/proc/%d/cmdline", pid); - FILE *f = fopen(buf, "re"); - if (f) { + if (FILE *f = fopen(buf, "re"); f) { fgets(buf, sizeof(buf), f); if (strncmp(buf, "zygote", 6) == 0 && parse_ppid(pid) == 1) new_zygote(pid); @@ -153,14 +156,41 @@ static void check_zygote() { } return true; }); + if (zygote_map.size() >= min_zyg) + break; + usleep(10000); } } -void *update_uid_map(void*) { - MutexGuard lock(monitor_lock); - uid_proc_map.clear(); - file_readline("/data/system/packages.xml", parse_packages_xml, true); - return nullptr; +#define APP_PROC "/system/bin/app_process" + +static void setup_inotify() { + inotify_fd = xinotify_init1(IN_CLOEXEC); + if (inotify_fd < 0) + term_thread(); + + // Setup inotify asynchronous I/O + fcntl(inotify_fd, F_SETFL, O_ASYNC); + struct f_owner_ex ex = { + .type = F_OWNER_TID, + .pid = gettid() + }; + fcntl(inotify_fd, F_SETOWN_EX, &ex); + + // Monitor packages.xml + inotify_add_watch(inotify_fd, "/data/system", IN_CLOSE_WRITE); + + // Monitor app_process + if (access(APP_PROC "32", F_OK) == 0) { + inotify_add_watch(inotify_fd, APP_PROC "32", IN_ACCESS); + if (access(APP_PROC "64", F_OK) == 0) + inotify_add_watch(inotify_fd, APP_PROC "64", IN_ACCESS); + } else { + inotify_add_watch(inotify_fd, APP_PROC, IN_ACCESS); + } + + // First find existing zygotes + check_zygote(); } /************************* @@ -233,7 +263,10 @@ static void inotify_event(int) { read(inotify_fd, buf, sizeof(buf)); if ((event->mask & IN_CLOSE_WRITE) && strcmp(event->name, "packages.xml") == 0) { LOGD("proc_monitor: /data/system/packages.xml updated\n"); - new_daemon_thread(update_uid_map); + uid_proc_map.clear(); + file_readline("/data/system/packages.xml", parse_packages_xml, true); + } else if (event->mask & IN_ACCESS) { + check_zygote(); } } @@ -362,12 +395,10 @@ static void new_zygote(int pid) { xptrace(PTRACE_CONT, pid); } +#define WEVENT(s) (((s) & 0xffff0000) >> 16) #define DETACH_AND_CONT { detach = true; continue; } -void proc_monitor() { - inotify_fd = xinotify_init1(IN_CLOEXEC); - if (inotify_fd < 0) - term_thread(); +void proc_monitor() { // Unblock some signals sigset_t block_set; sigemptyset(&block_set); @@ -381,19 +412,7 @@ void proc_monitor() { act.sa_handler = inotify_event; sigaction(SIGIO, &act, nullptr); - // Setup inotify asynchronous I/O - fcntl(inotify_fd, F_SETFL, O_ASYNC); - struct f_owner_ex ex = { - .type = F_OWNER_TID, - .pid = gettid() - }; - fcntl(inotify_fd, F_SETOWN_EX, &ex); - - // Start monitoring packages.xml - inotify_add_watch(inotify_fd, "/data/system", IN_CLOSE_WRITE); - - // First find existing zygotes - check_zygote(); + setup_inotify(); int status;