Fix SKIP_FD_SANITIZATION false positive

Fix #6523
2025-01-11 20:53:37 +00:00 · 2023-02-11 18:08:26 +08:00 · 2023-02-11 18:08:26 +08:00 · 577b5912af
commit 577b5912af
parent 9e8c68af12
1 changed files with 5 additions and 4 deletions
--- a/native/src/zygisk/hook.cpp
+++ b/native/src/zygisk/hook.cpp
@ -520,7 +520,7 @@ void HookContext::sanitize_fds() {
    if (flags[SKIP_FD_SANITIZATION])
        return;
-    if (flags[APP_FORK_AND_SPECIALIZE]) {
+    if (flags[APP_FORK_AND_SPECIALIZE] && args.app->fds_to_ignore) {
        auto update_fd_array = [&](int off) -> jintArray {
            if (exempted_fds.empty())
                return nullptr;
@ -566,7 +566,7 @@ void HookContext::sanitize_fds() {
    int dfd = dirfd(dir.get());
    for (dirent *entry; (entry = xreaddir(dir.get()));) {
        int fd = parse_int(entry->d_name);
-        if ((fd < 0 || fd >= MAX_FD_SIZE || !allowed_fds[fd]) && fd != dfd) {
+        if ((fd < 0 || fd >= MAX_FD_SIZE || !allowed_fds[fd]) && fd != dfd && fd != logd_fd) {
            close(fd);
        }
    }
@ -746,8 +746,9 @@ void HookContext::nativeForkAndSpecialize_pre() {
    flags[APP_FORK_AND_SPECIALIZE] = true;
    if (args.app->fds_to_ignore == nullptr) {
-        // The field fds_to_ignore don't exist before Android 8.0, which FDs are not checked
+        // if fds_to_ignore does not exist and there's no FileDescriptorTable::Create,
-        flags[SKIP_FD_SANITIZATION] = true;
+        // we can skip fd sanitization
        flags[SKIP_FD_SANITIZATION] = !dlsym(RTLD_DEFAULT, "_ZN19FileDescriptorTable6CreateEv");
    } else if (logd_fd >= 0) {
        exempted_fds.push_back(logd_fd);
    }