TheArchive/Magisk
1
0
Fork 0
mirror of https://github.com/topjohnwu/Magisk.git synced 2025-12-05 21:02:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refactor daemon connection

Browse Source
This commit is contained in:
LoveSy
2022-02-12 23:43:36 +08:00
committed by John Wu
parent c82a46c1ee
commit 7999b66c3c
14 changed files with 312 additions and 237 deletions
Download Patch File Download Diff File Expand all files Collapse all files

117
native/jni/zygisk/deny/cli.cpp
View File

@@ -32,31 +32,40 @@ void denylist_handler(int client, const sock_cred *cred) {
return;
}
int req = read_int(client);
int res = DAEMON_ERROR;
DenyResponse res = DenyResponse::ERROR;
switch (req) {
case ENFORCE_DENY:
res = enable_deny();
break;
case DISABLE_DENY:
res = disable_deny();
break;
case ADD_LIST:
res = add_list(client);
break;
case RM_LIST:
res = rm_list(client);
break;
case LS_LIST:
ls_list(client);
return;
case DENY_STATUS:
res = (zygisk_enabled && denylist_enforced) ? DENY_IS_ENFORCED : DENY_NOT_ENFORCED;
break;
int code = read_int(client);
auto req = static_cast<DenyRequest>(code);
if (code < 0 || code >= DenyRequest::END) {
goto done;
}
write_int(client, res);
switch (req) {
case DenyRequest::ENFORCE:
res = enable_deny();
break;
case DenyRequest::DISABLE:
res = disable_deny();
break;
case DenyRequest::ADD:
res = add_list(client);
break;
case DenyRequest::REMOVE:
res = rm_list(client);
break;
case DenyRequest::LIST:
ls_list(client);
return;
case DenyRequest::STATUS:
res = (zygisk_enabled && denylist_enforced) ? DenyResponse::ENFORCED
: DenyResponse::NOT_ENFORCED;
break;
case DenyRequest::END:
__builtin_unreachable();
}
done:
write_int(client, static_cast<int>(res));
close(client);
}
@@ -64,19 +73,19 @@ int denylist_cli(int argc, char **argv) {
if (argc < 2)
usage();
int req;
DenyRequest req;
if (argv[1] == "enable"sv)
req = ENFORCE_DENY;
req = DenyRequest::ENFORCE;
else if (argv[1] == "disable"sv)
req = DISABLE_DENY;
req = DenyRequest::DISABLE;
else if (argv[1] == "add"sv)
req = ADD_LIST;
req = DenyRequest::ADD;
else if (argv[1] == "rm"sv)
req = RM_LIST;
req = DenyRequest::REMOVE;
else if (argv[1] == "ls"sv)
req = LS_LIST;
req = DenyRequest::LIST;
else if (argv[1] == "status"sv)
req = DENY_STATUS;
req = DenyRequest::STATUS;
else if (argv[1] == "exec"sv && argc > 2) {
xunshare(CLONE_NEWNS);
xmount(nullptr, "/", nullptr, MS_PRIVATE | MS_REC, nullptr);
@@ -88,56 +97,54 @@ int denylist_cli(int argc, char **argv) {
}
// Send request
int fd = connect_daemon();
write_int(fd, DENYLIST);
write_int(fd, req);
if (req == ADD_LIST || req == RM_LIST) {
int fd = deny_request(req);
if (req == DenyRequest::ADD || req == DenyRequest::REMOVE) {
write_string(fd, argv[2]);
write_string(fd, argv[3] ? argv[3] : "");
}
// Get response
int code = read_int(fd);
switch (code) {
case DAEMON_SUCCESS:
break;
case DENY_NOT_ENFORCED:
auto res = (code < 0 || code >= DenyResponse::END) ? DenyResponse::ERROR
: static_cast<DenyResponse>(code);
switch (res) {
case DenyResponse::NOT_ENFORCED:
fprintf(stderr, "Denylist is not enforced\n");
goto return_code;
case DENY_IS_ENFORCED:
case DenyResponse::ENFORCED:
fprintf(stderr, "Denylist is enforced\n");
goto return_code;
case DENYLIST_ITEM_EXIST:
case DenyResponse::ITEM_EXIST:
fprintf(stderr, "Target already exists in denylist\n");
goto return_code;
case DENYLIST_ITEM_NOT_EXIST:
case DenyResponse::ITEM_NOT_EXIST:
fprintf(stderr, "Target does not exist in denylist\n");
goto return_code;
case DENY_NO_NS:
case DenyResponse::NO_NS:
fprintf(stderr, "The kernel does not support mount namespace\n");
goto return_code;
case DENYLIST_INVALID_PKG:
case DenyResponse::INVALID_PKG:
fprintf(stderr, "Invalid package / process name\n");
goto return_code;
case ROOT_REQUIRED:
fprintf(stderr, "Root is required for this operation\n");
goto return_code;
case DAEMON_ERROR:
default:
fprintf(stderr, "Daemon error\n");
return DAEMON_ERROR;
case DenyResponse::ERROR:
fprintf(stderr, "deny: Daemon error\n");
return -1;
case DenyResponse::OK:
break;
case DenyResponse::END:
__builtin_unreachable();
}
if (req == LS_LIST) {
string res;
if (req == DenyRequest::LIST) {
string out;
for (;;) {
read_string(fd, res);
if (res.empty())
read_string(fd, out);
if (out.empty())
break;
printf("%s\n", res.data());
printf("%s\n", out.data());
}
}
return_code:
return req == DENY_STATUS ? (code == DENY_IS_ENFORCED ? 0 : 1) : code != DAEMON_SUCCESS;
return req == DenyRequest::STATUS ? res != DenyResponse::ENFORCED : res != DenyResponse::OK;
}

55
native/jni/zygisk/deny/deny.hpp
View File

@@ -10,11 +10,36 @@
#define ISOLATED_MAGIC "isolated"
enum class DenyRequest : int {
ENFORCE,
DISABLE,
ADD,
REMOVE,
LIST,
STATUS,
END
};
enum class DenyResponse: int {
OK,
ENFORCED,
NOT_ENFORCED,
ITEM_EXIST,
ITEM_NOT_EXIST,
INVALID_PKG,
NO_NS,
ERROR,
END
};
// CLI entries
int enable_deny();
int disable_deny();
int add_list(int client);
int rm_list(int client);
DenyResponse enable_deny();
DenyResponse disable_deny();
DenyResponse add_list(int client);
DenyResponse rm_list(int client);
void ls_list(int client);
// Utility functions
@@ -25,20 +50,8 @@ void revert_unmount();
extern std::atomic<bool> denylist_enforced;
extern std::atomic<int> cached_manager_app_id;
enum : int {
ENFORCE_DENY,
DISABLE_DENY,
ADD_LIST,
RM_LIST,
LS_LIST,
DENY_STATUS,
};
enum : int {
DENY_IS_ENFORCED = DAEMON_LAST + 1,
DENY_NOT_ENFORCED,
DENYLIST_ITEM_EXIST,
DENYLIST_ITEM_NOT_EXIST,
DENYLIST_INVALID_PKG,
DENY_NO_NS,
};
inline int deny_request(DenyRequest req) {
int fd = connect_daemon(DaemonRequest::DENYLIST);
write_int(fd, static_cast<std::underlying_type_t<DenyRequest>>(req));
return fd;
}

46
native/jni/zygisk/deny/utils.cpp
View File

@@ -226,20 +226,20 @@ error:
return false;
}
static int add_list(const char *pkg, const char *proc) {
static DenyResponse add_list(const char *pkg, const char *proc) {
if (proc[0] == '\0')
proc = pkg;
if (!validate(pkg, proc))
return DENYLIST_INVALID_PKG;
return DenyResponse::INVALID_PKG;
{
mutex_guard lock(data_lock);
if (!ensure_data())
return DAEMON_ERROR;
return DenyResponse::ERROR;
auto p = add_hide_set(pkg, proc);
if (!p.second)
return DENYLIST_ITEM_EXIST;
return DenyResponse::ITEM_EXIST;
update_pkg_uid(*p.first, false);
}
@@ -248,21 +248,21 @@ static int add_list(const char *pkg, const char *proc) {
snprintf(sql, sizeof(sql),
"INSERT INTO denylist (package_name, process) VALUES('%s', '%s')", pkg, proc);
char *err = db_exec(sql);
db_err_cmd(err, return DAEMON_ERROR)
return DAEMON_SUCCESS;
db_err_cmd(err, return DenyResponse::ERROR)
return DenyResponse::OK;
}
int add_list(int client) {
DenyResponse add_list(int client) {
string pkg = read_string(client);
string proc = read_string(client);
return add_list(pkg.data(), proc.data());
}
static int rm_list(const char *pkg, const char *proc) {
static DenyResponse rm_list(const char *pkg, const char *proc) {
{
mutex_guard lock(data_lock);
if (!ensure_data())
return DAEMON_ERROR;
return DenyResponse::ERROR;
bool remove = false;
@@ -284,7 +284,7 @@ static int rm_list(const char *pkg, const char *proc) {
}
if (!remove)
return DENYLIST_ITEM_NOT_EXIST;
return DenyResponse::ITEM_NOT_EXIST;
}
char sql[4096];
@@ -294,11 +294,11 @@ static int rm_list(const char *pkg, const char *proc) {
snprintf(sql, sizeof(sql),
"DELETE FROM denylist WHERE package_name='%s' AND process='%s'", pkg, proc);
char *err = db_exec(sql);
db_err_cmd(err, return DAEMON_ERROR)
return DAEMON_SUCCESS;
db_err_cmd(err, return DenyResponse::ERROR)
return DenyResponse::OK;
}
int rm_list(int client) {
DenyResponse rm_list(int client) {
string pkg = read_string(client);
string proc = read_string(client);
return rm_list(pkg.data(), proc.data());
@@ -308,11 +308,11 @@ void ls_list(int client) {
{
mutex_guard lock(data_lock);
if (!ensure_data()) {
write_int(client, DAEMON_ERROR);
write_int(client, static_cast<int>(DenyResponse::ERROR));
return;
}
write_int(client, DAEMON_SUCCESS);
write_int(client,static_cast<int>(DenyResponse::OK));
for (const auto &[pkg, procs] : pkg_to_procs) {
for (const auto &proc : procs) {
@@ -342,19 +342,19 @@ static void update_deny_config() {
db_err(err);
}
int enable_deny() {
DenyResponse enable_deny() {
if (denylist_enforced) {
return DAEMON_SUCCESS;
return DenyResponse::OK;
} else {
mutex_guard lock(data_lock);
if (access("/proc/self/ns/mnt", F_OK) != 0) {
LOGW("The kernel does not support mount namespace\n");
return DENY_NO_NS;
return DenyResponse::NO_NS;
}
if (procfp == nullptr && (procfp = opendir("/proc")) == nullptr)
return DAEMON_ERROR;
return DenyResponse::ERROR;
LOGI("* Enable DenyList\n");
@@ -362,7 +362,7 @@ int enable_deny() {
if (!ensure_data()) {
denylist_enforced = false;
return DAEMON_ERROR;
return DenyResponse::ERROR;
}
// On Android Q+, also kill blastula pool and all app zygotes
@@ -374,16 +374,16 @@ int enable_deny() {
}
update_deny_config();
return DAEMON_SUCCESS;
return DenyResponse::OK;
}
int disable_deny() {
DenyResponse disable_deny() {
if (denylist_enforced) {
denylist_enforced = false;
LOGI("* Disable DenyList\n");
}
update_deny_config();
return DAEMON_SUCCESS;
return DenyResponse::OK;
}
void initialize_denylist() {

34
native/jni/zygisk/entry.cpp
View File

@@ -142,9 +142,7 @@ static int zygisk_log(int prio, const char *fmt, va_list ap) {
if (logd_fd < 0) {
// Change logging temporarily to prevent infinite recursion and stack overflow
android_logging();
if (int fd = connect_daemon(); fd >= 0) {
write_int(fd, ZYGISK_REQUEST);
write_int(fd, ZYGISK_GET_LOG_PIPE);
if (int fd = zygisk_request(ZygiskRequest::GET_LOG_PIPE); fd >= 0) {
if (read_int(fd) == 0) {
logd_fd = recv_fd(fd);
}
@@ -178,10 +176,7 @@ static inline bool should_load_modules(uint32_t flags) {
}
int remote_get_info(int uid, const char *process, uint32_t *flags, vector<int> &fds) {
if (int fd = connect_daemon(); fd >= 0) {
write_int(fd, ZYGISK_REQUEST);
write_int(fd, ZYGISK_GET_INFO);
if (int fd = zygisk_request(ZygiskRequest::GET_INFO); fd >= 0) {
write_int(fd, uid);
write_string(fd, process);
xxread(fd, flags, sizeof(*flags));
@@ -404,28 +399,39 @@ static void get_moddir(int client) {
}
void zygisk_handler(int client, const sock_cred *cred) {
// using enum ZYGISK_REQUEST;
int code = read_int(client);
char buf[256];
switch (code) {
case ZYGISK_SETUP:
if (code < ZygiskRequest::SETUP || code >= ZygiskRequest::END) {
write_int(client, -1);
return;
}
auto req = static_cast<ZygiskRequest>(code);
if (req != ZygiskRequest::PASSTHROUGH && cred->context != "u:r:zygote:s0") {
return;
}
switch (req) {
case ZygiskRequest::SETUP:
setup_files(client, cred);
break;
case ZYGISK_PASSTHROUGH:
case ZygiskRequest::PASSTHROUGH:
magiskd_passthrough(client);
break;
case ZYGISK_GET_INFO:
case ZygiskRequest::GET_INFO:
get_process_info(client, cred);
break;
case ZYGISK_GET_LOG_PIPE:
case ZygiskRequest::GET_LOG_PIPE:
send_log_pipe(client);
break;
case ZYGISK_CONNECT_COMPANION:
case ZygiskRequest::CONNECT_COMPANION:
get_exe(cred->pid, buf, sizeof(buf));
connect_companion(client, str_ends(buf, "64"));
break;
case ZYGISK_GET_MODDIR:
case ZygiskRequest::GET_MODDIR:
get_moddir(client);
break;
case ZygiskRequest::END:
__builtin_unreachable();
}
close(client);
}

8
native/jni/zygisk/hook.cpp
View File

@@ -317,9 +317,7 @@ bool ZygiskModule::RegisterModule(ApiTable *table, long *module) {
}
int ZygiskModule::connectCompanion() const {
if (int fd = connect_daemon(); fd >= 0) {
write_int(fd, ZYGISK_REQUEST);
write_int(fd, ZYGISK_CONNECT_COMPANION);
if (int fd = zygisk_request(ZygiskRequest::CONNECT_COMPANION); fd >= 0) {
write_int(fd, id);
return fd;
}
@@ -327,9 +325,7 @@ int ZygiskModule::connectCompanion() const {
}
int ZygiskModule::getModuleDir() const {
if (int fd = connect_daemon(); fd >= 0) {
write_int(fd, ZYGISK_REQUEST);
write_int(fd, ZYGISK_GET_MODDIR);
if (int fd = zygisk_request(ZygiskRequest::GET_MODDIR); fd >= 0) {
write_int(fd, id);
int dfd = recv_fd(fd);
close(fd);

9
native/jni/zygisk/main.cpp
View File

@@ -57,11 +57,8 @@ int app_process_main(int argc, char *argv[]) {
return 1;
}
if (int socket = connect_daemon(); socket >= 0) {
if (int socket = zygisk_request(ZygiskRequest::SETUP); socket >= 0) {
do {
write_int(socket, ZYGISK_REQUEST);
write_int(socket, ZYGISK_SETUP);
if (read_int(socket) != 0)
break;
@@ -176,9 +173,7 @@ int zygisk_main(int argc, char *argv[]) {
int is_64_bit = parse_int(argv[3]);
if (fcntl(client, F_GETFD) < 0)
return 1;
if (int magiskd = connect_daemon(); magiskd >= 0) {
write_int(magiskd, ZYGISK_PASSTHROUGH);
write_int(magiskd, ZYGISK_PASSTHROUGH);
if (int magiskd = zygisk_request(ZygiskRequest::PASSTHROUGH); magiskd >= 0) {
write_int(magiskd, is_64_bit);
if (read_int(magiskd) != 0) {

22
native/jni/zygisk/zygisk.hpp
View File

@@ -3,18 +3,21 @@
#include <stdint.h>
#include <jni.h>
#include <vector>
#include <daemon.hpp>
#define INJECT_ENV_1 "MAGISK_INJ_1"
#define INJECT_ENV_2 "MAGISK_INJ_2"
#define MAGISKFD_ENV "MAGISKFD"
#define MAGISKTMP_ENV "MAGISKTMP"
enum : int {
ZYGISK_SETUP,
ZYGISK_GET_INFO,
ZYGISK_GET_LOG_PIPE,
ZYGISK_CONNECT_COMPANION,
ZYGISK_GET_MODDIR,
enum class ZygiskRequest : int {
SETUP,
GET_INFO,
GET_LOG_PIPE,
CONNECT_COMPANION,
GET_MODDIR,
PASSTHROUGH,
END
};
#if defined(__LP64__)
@@ -47,3 +50,10 @@ extern void *self_handle;
void hook_functions();
int remote_get_info(int uid, const char *process, uint32_t *flags, std::vector<int> &fds);
int remote_request_unmount();
inline int zygisk_request(ZygiskRequest req) {
int fd = connect_daemon(DaemonRequest::ZYGISK_REQUEST, false);
write_int(fd, static_cast<int>(req));
return fd;
}