Monitor /data/system/packages.xml

Reinstalling system apps as data creates tons of issues.
Calling pm path <pkg> is extremely expensive and doesn't work in post-fs-data.
Parse through packages.xml to get APK path and UID at the same time.
As a bonus, we don't need to traverse /data/app for packages anymore.
This commit is contained in:
topjohnwu 2019-02-18 03:05:13 -05:00
parent 14aa6041ec
commit 692f893e1f
5 changed files with 78 additions and 117 deletions

View File

@ -20,7 +20,6 @@ using namespace std;
// Protect access to both hide_list and hide_uid // Protect access to both hide_list and hide_uid
pthread_mutex_t list_lock; pthread_mutex_t list_lock;
vector<string> hide_list; vector<string> hide_list;
set<int> hide_uid;
// Treat GMS separately as we're only interested in one component // Treat GMS separately as we're only interested in one component
int gms_uid = -1; int gms_uid = -1;
@ -60,21 +59,6 @@ static void hide_sensitive_props() {
} }
} }
/*
* Bionic's atoi runs through strtol().
* Use our own implementation for faster conversion.
*/
static inline int parse_int(const char *s) {
int val = 0;
char c;
while ((c = *(s++))) {
if (c > '9' || c < '0')
return -1;
val = val * 10 + c - '0';
}
return val;
}
// Leave /proc fd opened as we're going to read from it repeatedly // Leave /proc fd opened as we're going to read from it repeatedly
static DIR *procfp; static DIR *procfp;
void crawl_procfs(const function<bool (int)> &fn) { void crawl_procfs(const function<bool (int)> &fn) {
@ -148,22 +132,12 @@ static void kill_process(int uid) {
}); });
} }
static int add_pkg_uid(const char *pkg) { static int get_pkg_uid(const char *pkg) {
char path[4096]; char path[4096];
struct stat st; struct stat st;
const char *data = SDK_INT >= 24 ? "/data/user_de/0" : "/data/data"; const char *data = SDK_INT >= 24 ? "/data/user_de/0" : "/data/data";
sprintf(path, "%s/%s", data, pkg); sprintf(path, "%s/%s", data, pkg);
if (stat(path, &st) == 0) { return stat(path, &st) ? -1 : st.st_uid;
hide_uid.insert(st.st_uid);
return st.st_uid;
}
return -1;
}
void refresh_uid() {
hide_uid.clear();
for (auto &s : hide_list)
add_pkg_uid(s.c_str());
} }
void clean_magisk_props() { void clean_magisk_props() {
@ -192,7 +166,7 @@ int add_list(const char *pkg) {
{ {
MutexGuard lock(list_lock); MutexGuard lock(list_lock);
hide_list.emplace_back(pkg); hide_list.emplace_back(pkg);
uid = add_pkg_uid(pkg); uid = get_pkg_uid(pkg);
} }
kill_process(uid); kill_process(uid);
@ -235,17 +209,17 @@ int rm_list(int client) {
int ret = rm_list(pkg); int ret = rm_list(pkg);
free(pkg); free(pkg);
if (ret == DAEMON_SUCCESS) if (ret == DAEMON_SUCCESS)
update_inotify_mask(true); update_inotify_mask();
return ret; return ret;
} }
static int init_list(void *, int, char **data, char**) { static int init_list(void *, int, char **data, char**) {
LOGI("hide_list init: [%s]\n", *data); LOGI("hide_list init: [%s]\n", *data);
hide_list.emplace_back(*data); hide_list.emplace_back(*data);
kill_process(*data); int uid = get_pkg_uid(*data);
int uid = add_pkg_uid(*data);
if (strcmp(*data, SAFETYNET_PKG) == 0) if (strcmp(*data, SAFETYNET_PKG) == 0)
gms_uid = uid; gms_uid = uid;
kill_process(uid);
return 0; return 0;
} }

View File

@ -26,7 +26,7 @@ int rm_list(int client);
void ls_list(int client); void ls_list(int client);
// Update APK list for inotify // Update APK list for inotify
void update_inotify_mask(bool refresh = false); void update_inotify_mask();
// Process monitor // Process monitor
void proc_monitor(); void proc_monitor();
@ -34,7 +34,6 @@ void proc_monitor();
// Utility functions // Utility functions
void manage_selinux(); void manage_selinux();
void clean_magisk_props(); void clean_magisk_props();
void refresh_uid();
void crawl_procfs(const std::function<bool (int)> &fn); void crawl_procfs(const std::function<bool (int)> &fn);
static inline int get_uid(const int pid) { static inline int get_uid(const int pid) {
@ -49,10 +48,24 @@ static inline int get_uid(const int pid) {
return st.st_uid % 100000; return st.st_uid % 100000;
} }
/*
* Bionic's atoi runs through strtol().
* Use our own implementation for faster conversion.
*/
static inline int parse_int(const char *s) {
int val = 0;
char c;
while ((c = *(s++))) {
if (c > '9' || c < '0')
return -1;
val = val * 10 + c - '0';
}
return val;
}
extern bool hide_enabled; extern bool hide_enabled;
extern pthread_mutex_t list_lock; extern pthread_mutex_t list_lock;
extern std::vector<std::string> hide_list; extern std::vector<std::string> hide_list;
extern std::set<int> hide_uid;
extern int gms_uid; extern int gms_uid;
enum { enum {

View File

@ -21,6 +21,7 @@
#include <vector> #include <vector>
#include <string> #include <string>
#include <map> #include <map>
#include <algorithm>
#include <magisk.h> #include <magisk.h>
#include <utils.h> #include <utils.h>
@ -32,6 +33,7 @@ using namespace std;
extern char *system_block, *vendor_block, *data_block; extern char *system_block, *vendor_block, *data_block;
static int inotify_fd = -1; static int inotify_fd = -1;
static set<int> hide_uid;
// Workaround for the lack of pthread_cancel // Workaround for the lack of pthread_cancel
static void term_thread(int) { static void term_thread(int) {
@ -189,102 +191,67 @@ static int xinotify_add_watch(int fd, const char* path, uint32_t mask) {
return ret; return ret;
} }
static char *append_path(char *eof, const char *name) {
*(eof++) = '/';
char c;
while ((c = *(name++)))
*(eof++) = c;
*eof = '\0';
return eof;
}
#define DATA_APP "/data/app"
static int new_inotify; static int new_inotify;
static int data_app_wd; static const string_view APK_EXT(".apk");
static vector<bool> app_in_data;
static void find_apks(char *path, char *eof) {
DIR *dir = opendir(path);
if (dir == nullptr)
return;
struct dirent *entry; static bool parse_packages_xml(string_view &s) {
char *dash; if (!str_starts(s, "<package "))
for (; (entry = xreaddir(dir)); *eof = '\0') { return true;
if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0) /* <package key1="value1" key2="value2"....> */
continue; char *start = (char *) s.data();
if (entry->d_type == DT_DIR) { start[s.length() - 2] = '\0'; /* Remove trailing '>' */
find_apks(path, append_path(eof, entry->d_name)); char key[32], value[1024];
} else if (strend(entry->d_name, ".apk") == 0) { char *tok;
append_path(eof, entry->d_name); start += 9; /* Skip '<package ' */
/* Supported path will be in either format: while ((tok = strtok_r(nullptr, " ", &start))) {
* /data/app/[pkg]-[hash or 1 or 2]/base.apk sscanf(tok, "%[^=]=\"%[^\"]", key, value);
* /data/app/[pkg]-[1 or 2].apk */ string_view value_view(value);
if ((dash = strchr(path, '-')) == nullptr) if (strcmp(key, "name") == 0) {
continue; if (std::count(hide_list.begin(), hide_list.end(), value_view) == 0)
*dash = '\0'; return true;
for (int i = 0; i < hide_list.size(); ++i) { } else if (strcmp(key, "codePath") == 0) {
if (hide_list[i] == path + sizeof(DATA_APP)) { if (ends_with(value_view, APK_EXT)) {
*dash = '-'; // Directly add to inotify list
append_path(eof, entry->d_name); xinotify_add_watch(new_inotify, value, IN_OPEN);
xinotify_add_watch(new_inotify, path, IN_OPEN | IN_DELETE); } else {
app_in_data[i] = true; DIR *dir = opendir(value);
break; if (dir == nullptr)
return true;
struct dirent *entry;
while ((entry = xreaddir(dir))) {
if (ends_with(entry->d_name, APK_EXT)) {
strcpy(value + value_view.length(), "/");
strcpy(value + value_view.length() + 1, entry->d_name);
xinotify_add_watch(new_inotify, value, IN_OPEN);
break;
}
} }
closedir(dir);
} }
*dash = '-'; } else if (strcmp(key, "userId") == 0 || strcmp(key, "sharedUserId") == 0) {
break; hide_uid.insert(parse_int(value));
} }
} }
closedir(dir); return true;
} }
// Iterate through /data/app and search all .apk files void update_inotify_mask() {
void update_inotify_mask(bool refresh) {
char buf[4096];
new_inotify = inotify_init(); new_inotify = inotify_init();
if (new_inotify < 0) { if (new_inotify < 0) {
LOGE("proc_monitor: Cannot initialize inotify: %s\n", strerror(errno)); LOGE("proc_monitor: Cannot initialize inotify: %s\n", strerror(errno));
term_thread(TERM_THREAD); term_thread(TERM_THREAD);
} }
fcntl(new_inotify, F_SETFD, FD_CLOEXEC);
LOGD("proc_monitor: Updating inotify list\n"); LOGD("proc_monitor: Updating inotify list\n");
strcpy(buf, DATA_APP);
app_in_data.clear();
bool reinstall = false;
{ {
MutexGuard lock(list_lock); MutexGuard lock(list_lock);
app_in_data.resize(hide_list.size(), false); hide_uid.clear();
find_apks(buf, buf + sizeof(DATA_APP) - 1); file_readline("/data/system/packages.xml", parse_packages_xml, true);
// Stop monitoring /data/app
if (inotify_fd >= 0)
inotify_rm_watch(inotify_fd, data_app_wd);
// All apps on the hide list should be installed in data
auto it = hide_list.begin();
for (bool in_data : app_in_data) {
if (!in_data) {
if (reinstall_apk(it->c_str()) != 0) {
// Reinstallation failed, remove from hide list
hide_list.erase(it);
refresh = true;
continue;
}
reinstall = true;
}
it++;
}
if (refresh && !reinstall)
refresh_uid();
}
if (reinstall) {
// Rerun detection
close(new_inotify);
update_inotify_mask(refresh);
return;
} }
// Add /data/app itself to the watch list to detect app (un)installations/updates // Add /data/system to monitor /data/system/packages.xml
data_app_wd = xinotify_add_watch(new_inotify, DATA_APP, IN_CLOSE_WRITE | IN_MOVED_TO | IN_DELETE); xinotify_add_watch(new_inotify, "/data/system", IN_CLOSE_WRITE);
int tmp = inotify_fd; int tmp = inotify_fd;
inotify_fd = new_inotify; inotify_fd = new_inotify;
@ -306,20 +273,19 @@ void proc_monitor() {
// Read inotify events // Read inotify events
ssize_t len; ssize_t len;
char buf[4096]; char buf[512];
auto event = reinterpret_cast<inotify_event *>(buf); auto event = reinterpret_cast<inotify_event *>(buf);
while ((len = read(inotify_fd, buf, sizeof(buf))) >= 0) { while ((len = read(inotify_fd, buf, sizeof(buf))) >= 0) {
if (len < sizeof(*event)) if (len < sizeof(*event))
continue; continue;
if (event->mask & IN_OPEN) { if (event->mask & IN_OPEN) {
// Since we're just watching files, // Since we're just watching files,
// extracting file name is not possible from querying event // extracting file name is not possible from querying event
MutexGuard lock(list_lock); MutexGuard lock(list_lock);
crawl_procfs(process_pid); crawl_procfs(process_pid);
} else if (!(event->mask & IN_IGNORED)) { } else if ((event->mask & IN_CLOSE_WRITE) && strcmp(event->name, "packages.xml") == 0) {
LOGD("proc_monitor: inotify: /data/app change detected\n"); LOGD("proc_monitor: /data/system/packages.xml updated\n");
update_inotify_mask(true); update_inotify_mask();
} }
} }
PLOGE("proc_monitor: read inotify"); PLOGE("proc_monitor: read inotify");

View File

@ -201,6 +201,8 @@ int exec_command_sync(Args &&...args) {
return exec_command_sync(exec, args...); return exec_command_sync(exec, args...);
} }
bool ends_with(const std::string_view &s1, const std::string_view &s2);
#endif #endif
#endif #endif

View File

@ -236,3 +236,9 @@ void set_nice_name(const char *name) {
strlcpy(argv0, name, name_len); strlcpy(argv0, name, name_len);
prctl(PR_SET_NAME, name); prctl(PR_SET_NAME, name);
} }
bool ends_with(const std::string_view &s1, const std::string_view &s2) {
unsigned l1 = s1.length();
unsigned l2 = s2.length();
return l1 < l2 ? false : s1.compare(l1 - l2, l2, s2) == 0;
}