TheArchive/Magisk
1
0
Fork 0
mirror of https://github.com/topjohnwu/Magisk.git synced 2025-08-26 12:47:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update denylist config implementation

Browse Source
This commit is contained in:
topjohnwu
2021-09-16 05:27:34 -07:00
parent c0be5383de
commit 706a492218
14 changed files with 79 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
native/jni/core/bootstages.cpp
View File

@@ -304,10 +304,8 @@ void post_fs_data(int client) {
exec_common_scripts("post-fs-data");
db_settings dbs;
get_db_settings(dbs, ZYGISK_CONFIG);
if (dbs[ZYGISK_CONFIG]) {
zygisk_enabled = true;
check_enforce_denylist();
}
zygisk_enabled = dbs[ZYGISK_CONFIG];
initialize_denylist();
handle_modules();
}

10
native/jni/core/core.hpp
View File

@@ -6,7 +6,15 @@
extern bool RECOVERY_MODE;
extern int DAEMON_STATE;
extern bool zygisk_enabled;
// Daemon state
enum : int {
STATE_NONE,
STATE_POST_FS_DATA,
STATE_POST_FS_DATA_DONE,
STATE_LATE_START_DONE,
STATE_BOOT_COMPLETE
};
void unlock_blocks();
void reboot();

1
native/jni/core/module.cpp
View File

@@ -4,6 +4,7 @@
#include <utils.hpp>
#include <magisk.hpp>
#include <daemon.hpp>
#include <selinux.hpp>
#include <resetprop.hpp>

7
native/jni/deny/cli.cpp
View File

@@ -35,11 +35,10 @@ void denylist_handler(int client, ucred *cred) {
int res = DAEMON_ERROR;
switch (req) {
case DISABLE_DENY:
case ADD_LIST:
case RM_LIST:
case LS_LIST:
if (!deny_enforced()) {
if (!denylist_enabled) {
write_int(client, DENY_NOT_ENFORCED);
close(client);
return;
@@ -48,7 +47,7 @@ void denylist_handler(int client, ucred *cred) {
switch (req) {
case ENFORCE_DENY:
res = enable_hide();
res = enable_deny();
break;
case DISABLE_DENY:
res = disable_deny();
@@ -63,7 +62,7 @@ void denylist_handler(int client, ucred *cred) {
ls_list(client);
return;
case DENY_STATUS:
res = deny_enforced() ? DENY_IS_ENFORCED : DENY_NOT_ENFORCED;
res = (zygisk_enabled && denylist_enabled) ? DENY_IS_ENFORCED : DENY_NOT_ENFORCED;
break;
}

6
native/jni/deny/deny.hpp
View File

@@ -4,26 +4,28 @@
#include <string_view>
#include <functional>
#include <map>
#include <atomic>
#include <daemon.hpp>
#define ISOLATED_MAGIC "isolated"
// CLI entries
int enable_hide();
int enable_deny();
int disable_deny();
int add_list(int client);
int rm_list(int client);
void ls_list(int client);
// Utility functions
bool deny_enforced();
bool is_deny_target(int uid, std::string_view process);
// Revert
void revert_daemon(int pid, int client);
void revert_unmount(int pid = -1);
extern std::atomic<bool> denylist_enabled;
enum : int {
ENFORCE_DENY,
DISABLE_DENY,

71
native/jni/deny/utils.cpp
View File

@@ -19,7 +19,7 @@ static map<int, vector<string_view>> *uid_proc_map; /* uid -> list of process *
// Locks the variables above
static pthread_mutex_t data_lock = PTHREAD_MUTEX_INITIALIZER;
static atomic<bool> enforcement_status = false;
atomic<bool> denylist_enabled = false;
static void rebuild_uid_map() {
uid_proc_map->clear();
@@ -147,7 +147,6 @@ static int add_list(const char *pkg, const char *proc) {
return DENYLIST_INVALID_PKG;
{
// Critical region
mutex_guard lock(data_lock);
for (const auto &hide : *deny_set)
if (hide.first == pkg && hide.second == proc)
@@ -172,9 +171,8 @@ int add_list(int client) {
}
static int rm_list(const char *pkg, const char *proc) {
bool remove = false;
{
// Critical region
bool remove = false;
mutex_guard lock(data_lock);
for (auto it = deny_set->begin(); it != deny_set->end();) {
if (it->first == pkg && (proc[0] == '\0' || it->second == proc)) {
@@ -248,63 +246,68 @@ void ls_list(int client) {
close(client);
}
static void update_hide_config() {
static void update_deny_config() {
char sql[64];
sprintf(sql, "REPLACE INTO settings (key,value) VALUES('%s',%d)",
DB_SETTING_KEYS[DENYLIST_CONFIG], enforcement_status.load());
DB_SETTING_KEYS[DENYLIST_CONFIG], denylist_enabled.load());
char *err = db_exec(sql);
db_err(err);
}
int enable_hide() {
if (enforcement_status)
return DENY_IS_ENFORCED;
int enable_deny() {
if (denylist_enabled) {
return DAEMON_SUCCESS;
} else {
mutex_guard lock(data_lock);
if (access("/proc/self/ns/mnt", F_OK) != 0)
return DENY_NO_NS;
if (access("/proc/self/ns/mnt", F_OK) != 0) {
LOGW("The kernel does not support mount namespace\n");
return DENY_NO_NS;
}
if (procfp == nullptr && (procfp = opendir("/proc")) == nullptr)
return DAEMON_ERROR;
if (procfp == nullptr && (procfp = opendir("/proc")) == nullptr)
return DAEMON_ERROR;
LOGI("* Enforce DenyList\n");
LOGI("* Enable DenyList\n");
mutex_guard lock(data_lock);
default_new(deny_set);
default_new(uid_proc_map);
default_new(deny_set);
if (!init_list()) {
delete deny_set;
deny_set = nullptr;
return DAEMON_ERROR;
}
// Initialize the hide list
if (!init_list())
return DAEMON_ERROR;
denylist_enabled = true;
enforcement_status = true;
update_hide_config();
default_new(uid_proc_map);
rebuild_uid_map();
}
rebuild_uid_map();
update_deny_config();
return DAEMON_SUCCESS;
}
int disable_deny() {
mutex_guard lock(data_lock);
if (enforcement_status) {
if (denylist_enabled) {
denylist_enabled = false;
LOGI("* Disable DenyList\n");
mutex_guard lock(data_lock);
delete uid_proc_map;
delete deny_set;
uid_proc_map = nullptr;
deny_set = nullptr;
}
enforcement_status = false;
update_hide_config();
update_deny_config();
return DAEMON_SUCCESS;
}
void check_enforce_denylist() {
if (!enforcement_status) {
void initialize_denylist() {
if (!denylist_enabled) {
db_settings dbs;
get_db_settings(dbs, DENYLIST_CONFIG);
if (dbs[DENYLIST_CONFIG])
enable_hide();
enable_deny();
}
}
@@ -333,7 +336,3 @@ bool is_deny_target(int uid, string_view process) {
}
return false;
}
bool deny_enforced() {
return enforcement_status;
}

11
native/jni/include/daemon.hpp
View File

@@ -39,14 +39,7 @@ enum : int {
DAEMON_LAST
};
// Daemon state
enum : int {
STATE_NONE,
STATE_POST_FS_DATA,
STATE_POST_FS_DATA_DONE,
STATE_LATE_START_DONE,
STATE_BOOT_COMPLETE
};
extern bool zygisk_enabled;
int connect_daemon(bool create = false);
@@ -63,6 +56,6 @@ void su_daemon_handler(int client, ucred *credential);
void zygisk_handler(int client, ucred *cred);
// Denylist
void check_enforce_denylist();
void initialize_denylist();
int disable_deny();
int denylist_cli(int argc, char **argv);

2
native/jni/utils/files.cpp
View File

@@ -26,7 +26,7 @@ int fd_pathat(int dirfd, const char *name, char *path, size_t size) {
return 0;
}
int mkdirs(string_view path, mode_t mode) {
int mkdirs(string path, mode_t mode) {
errno = 0;
for (char *p = path.data() + 1; *p; ++p) {
if (*p == '/') {

2
native/jni/utils/files.hpp
View File

@@ -32,7 +32,7 @@ struct raw_file {
ssize_t fd_path(int fd, char *path, size_t size);
int fd_pathat(int dirfd, const char *name, char *path, size_t size);
int mkdirs(std::string_view path, mode_t mode);
int mkdirs(std::string path, mode_t mode);
void rm_rf(const char *path);
void mv_path(const char *src, const char *dest);
void mv_dir(int src, int dest);

4
native/jni/zygisk/entry.cpp
View File

@@ -255,7 +255,7 @@ static void setup_files(int client, ucred *cred) {
}
static void check_denylist(int client) {
if (!deny_enforced()) {
if (!denylist_enabled) {
write_int(client, DENY_NOT_ENFORCED);
return;
}
@@ -266,7 +266,7 @@ static void check_denylist(int client) {
}
static void do_unmount(int client, ucred *cred) {
if (deny_enforced()) {
if (denylist_enabled) {
LOGD("zygisk: cleanup mount namespace for pid=[%d]\n", cred->pid);
revert_daemon(cred->pid, client);
} else {