mirror of
https://github.com/topjohnwu/Magisk.git
synced 2025-12-12 18:42:28 +00:00
Refactor daemon connection
This commit is contained in:
LoveSy
@@ -32,31 +32,40 @@ void denylist_handler(int client, const sock_cred *cred) {
|
||||
return;
|
||||
}
|
||||
|
||||
int req = read_int(client);
|
||||
int res = DAEMON_ERROR;
|
||||
DenyResponse res = DenyResponse::ERROR;
|
||||
|
||||
switch (req) {
|
||||
case ENFORCE_DENY:
|
||||
res = enable_deny();
|
||||
break;
|
||||
case DISABLE_DENY:
|
||||
res = disable_deny();
|
||||
break;
|
||||
case ADD_LIST:
|
||||
res = add_list(client);
|
||||
break;
|
||||
case RM_LIST:
|
||||
res = rm_list(client);
|
||||
break;
|
||||
case LS_LIST:
|
||||
ls_list(client);
|
||||
return;
|
||||
case DENY_STATUS:
|
||||
res = (zygisk_enabled && denylist_enforced) ? DENY_IS_ENFORCED : DENY_NOT_ENFORCED;
|
||||
break;
|
||||
int code = read_int(client);
|
||||
auto req = static_cast<DenyRequest>(code);
|
||||
|
||||
if (code < 0 || code >= DenyRequest::END) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
write_int(client, res);
|
||||
switch (req) {
|
||||
case DenyRequest::ENFORCE:
|
||||
res = enable_deny();
|
||||
break;
|
||||
case DenyRequest::DISABLE:
|
||||
res = disable_deny();
|
||||
break;
|
||||
case DenyRequest::ADD:
|
||||
res = add_list(client);
|
||||
break;
|
||||
case DenyRequest::REMOVE:
|
||||
res = rm_list(client);
|
||||
break;
|
||||
case DenyRequest::LIST:
|
||||
ls_list(client);
|
||||
return;
|
||||
case DenyRequest::STATUS:
|
||||
res = (zygisk_enabled && denylist_enforced) ? DenyResponse::ENFORCED
|
||||
: DenyResponse::NOT_ENFORCED;
|
||||
break;
|
||||
case DenyRequest::END:
|
||||
__builtin_unreachable();
|
||||
}
|
||||
done:
|
||||
write_int(client, static_cast<int>(res));
|
||||
close(client);
|
||||
}
|
||||
|
||||
@@ -64,19 +73,19 @@ int denylist_cli(int argc, char **argv) {
|
||||
if (argc < 2)
|
||||
usage();
|
||||
|
||||
int req;
|
||||
DenyRequest req;
|
||||
if (argv[1] == "enable"sv)
|
||||
req = ENFORCE_DENY;
|
||||
req = DenyRequest::ENFORCE;
|
||||
else if (argv[1] == "disable"sv)
|
||||
req = DISABLE_DENY;
|
||||
req = DenyRequest::DISABLE;
|
||||
else if (argv[1] == "add"sv)
|
||||
req = ADD_LIST;
|
||||
req = DenyRequest::ADD;
|
||||
else if (argv[1] == "rm"sv)
|
||||
req = RM_LIST;
|
||||
req = DenyRequest::REMOVE;
|
||||
else if (argv[1] == "ls"sv)
|
||||
req = LS_LIST;
|
||||
req = DenyRequest::LIST;
|
||||
else if (argv[1] == "status"sv)
|
||||
req = DENY_STATUS;
|
||||
req = DenyRequest::STATUS;
|
||||
else if (argv[1] == "exec"sv && argc > 2) {
|
||||
xunshare(CLONE_NEWNS);
|
||||
xmount(nullptr, "/", nullptr, MS_PRIVATE | MS_REC, nullptr);
|
||||
@@ -88,56 +97,54 @@ int denylist_cli(int argc, char **argv) {
|
||||
}
|
||||
|
||||
// Send request
|
||||
int fd = connect_daemon();
|
||||
write_int(fd, DENYLIST);
|
||||
write_int(fd, req);
|
||||
if (req == ADD_LIST || req == RM_LIST) {
|
||||
int fd = deny_request(req);
|
||||
if (req == DenyRequest::ADD || req == DenyRequest::REMOVE) {
|
||||
write_string(fd, argv[2]);
|
||||
write_string(fd, argv[3] ? argv[3] : "");
|
||||
}
|
||||
|
||||
// Get response
|
||||
int code = read_int(fd);
|
||||
switch (code) {
|
||||
case DAEMON_SUCCESS:
|
||||
break;
|
||||
case DENY_NOT_ENFORCED:
|
||||
auto res = (code < 0 || code >= DenyResponse::END) ? DenyResponse::ERROR
|
||||
: static_cast<DenyResponse>(code);
|
||||
switch (res) {
|
||||
case DenyResponse::NOT_ENFORCED:
|
||||
fprintf(stderr, "Denylist is not enforced\n");
|
||||
goto return_code;
|
||||
case DENY_IS_ENFORCED:
|
||||
case DenyResponse::ENFORCED:
|
||||
fprintf(stderr, "Denylist is enforced\n");
|
||||
goto return_code;
|
||||
case DENYLIST_ITEM_EXIST:
|
||||
case DenyResponse::ITEM_EXIST:
|
||||
fprintf(stderr, "Target already exists in denylist\n");
|
||||
goto return_code;
|
||||
case DENYLIST_ITEM_NOT_EXIST:
|
||||
case DenyResponse::ITEM_NOT_EXIST:
|
||||
fprintf(stderr, "Target does not exist in denylist\n");
|
||||
goto return_code;
|
||||
case DENY_NO_NS:
|
||||
case DenyResponse::NO_NS:
|
||||
fprintf(stderr, "The kernel does not support mount namespace\n");
|
||||
goto return_code;
|
||||
case DENYLIST_INVALID_PKG:
|
||||
case DenyResponse::INVALID_PKG:
|
||||
fprintf(stderr, "Invalid package / process name\n");
|
||||
goto return_code;
|
||||
case ROOT_REQUIRED:
|
||||
fprintf(stderr, "Root is required for this operation\n");
|
||||
goto return_code;
|
||||
case DAEMON_ERROR:
|
||||
default:
|
||||
fprintf(stderr, "Daemon error\n");
|
||||
return DAEMON_ERROR;
|
||||
case DenyResponse::ERROR:
|
||||
fprintf(stderr, "deny: Daemon error\n");
|
||||
return -1;
|
||||
case DenyResponse::OK:
|
||||
break;
|
||||
case DenyResponse::END:
|
||||
__builtin_unreachable();
|
||||
}
|
||||
|
||||
if (req == LS_LIST) {
|
||||
string res;
|
||||
if (req == DenyRequest::LIST) {
|
||||
string out;
|
||||
for (;;) {
|
||||
read_string(fd, res);
|
||||
if (res.empty())
|
||||
read_string(fd, out);
|
||||
if (out.empty())
|
||||
break;
|
||||
printf("%s\n", res.data());
|
||||
printf("%s\n", out.data());
|
||||
}
|
||||
}
|
||||
|
||||
return_code:
|
||||
return req == DENY_STATUS ? (code == DENY_IS_ENFORCED ? 0 : 1) : code != DAEMON_SUCCESS;
|
||||
return req == DenyRequest::STATUS ? res != DenyResponse::ENFORCED : res != DenyResponse::OK;
|
||||
}
|
||||
|
||||
@@ -10,11 +10,36 @@
|
||||
|
||||
#define ISOLATED_MAGIC "isolated"
|
||||
|
||||
enum class DenyRequest : int {
|
||||
ENFORCE,
|
||||
DISABLE,
|
||||
ADD,
|
||||
REMOVE,
|
||||
LIST,
|
||||
STATUS,
|
||||
|
||||
END
|
||||
};
|
||||
|
||||
enum class DenyResponse: int {
|
||||
OK,
|
||||
ENFORCED,
|
||||
NOT_ENFORCED,
|
||||
ITEM_EXIST,
|
||||
ITEM_NOT_EXIST,
|
||||
INVALID_PKG,
|
||||
NO_NS,
|
||||
ERROR,
|
||||
|
||||
END
|
||||
};
|
||||
|
||||
|
||||
// CLI entries
|
||||
int enable_deny();
|
||||
int disable_deny();
|
||||
int add_list(int client);
|
||||
int rm_list(int client);
|
||||
DenyResponse enable_deny();
|
||||
DenyResponse disable_deny();
|
||||
DenyResponse add_list(int client);
|
||||
DenyResponse rm_list(int client);
|
||||
void ls_list(int client);
|
||||
|
||||
// Utility functions
|
||||
@@ -25,20 +50,8 @@ void revert_unmount();
|
||||
extern std::atomic<bool> denylist_enforced;
|
||||
extern std::atomic<int> cached_manager_app_id;
|
||||
|
||||
enum : int {
|
||||
ENFORCE_DENY,
|
||||
DISABLE_DENY,
|
||||
ADD_LIST,
|
||||
RM_LIST,
|
||||
LS_LIST,
|
||||
DENY_STATUS,
|
||||
};
|
||||
|
||||
enum : int {
|
||||
DENY_IS_ENFORCED = DAEMON_LAST + 1,
|
||||
DENY_NOT_ENFORCED,
|
||||
DENYLIST_ITEM_EXIST,
|
||||
DENYLIST_ITEM_NOT_EXIST,
|
||||
DENYLIST_INVALID_PKG,
|
||||
DENY_NO_NS,
|
||||
};
|
||||
inline int deny_request(DenyRequest req) {
|
||||
int fd = connect_daemon(DaemonRequest::DENYLIST);
|
||||
write_int(fd, static_cast<std::underlying_type_t<DenyRequest>>(req));
|
||||
return fd;
|
||||
}
|
||||
|
||||
@@ -226,20 +226,20 @@ error:
|
||||
return false;
|
||||
}
|
||||
|
||||
static int add_list(const char *pkg, const char *proc) {
|
||||
static DenyResponse add_list(const char *pkg, const char *proc) {
|
||||
if (proc[0] == '\0')
|
||||
proc = pkg;
|
||||
|
||||
if (!validate(pkg, proc))
|
||||
return DENYLIST_INVALID_PKG;
|
||||
return DenyResponse::INVALID_PKG;
|
||||
|
||||
{
|
||||
mutex_guard lock(data_lock);
|
||||
if (!ensure_data())
|
||||
return DAEMON_ERROR;
|
||||
return DenyResponse::ERROR;
|
||||
auto p = add_hide_set(pkg, proc);
|
||||
if (!p.second)
|
||||
return DENYLIST_ITEM_EXIST;
|
||||
return DenyResponse::ITEM_EXIST;
|
||||
update_pkg_uid(*p.first, false);
|
||||
}
|
||||
|
||||
@@ -248,21 +248,21 @@ static int add_list(const char *pkg, const char *proc) {
|
||||
snprintf(sql, sizeof(sql),
|
||||
"INSERT INTO denylist (package_name, process) VALUES('%s', '%s')", pkg, proc);
|
||||
char *err = db_exec(sql);
|
||||
db_err_cmd(err, return DAEMON_ERROR)
|
||||
return DAEMON_SUCCESS;
|
||||
db_err_cmd(err, return DenyResponse::ERROR)
|
||||
return DenyResponse::OK;
|
||||
}
|
||||
|
||||
int add_list(int client) {
|
||||
DenyResponse add_list(int client) {
|
||||
string pkg = read_string(client);
|
||||
string proc = read_string(client);
|
||||
return add_list(pkg.data(), proc.data());
|
||||
}
|
||||
|
||||
static int rm_list(const char *pkg, const char *proc) {
|
||||
static DenyResponse rm_list(const char *pkg, const char *proc) {
|
||||
{
|
||||
mutex_guard lock(data_lock);
|
||||
if (!ensure_data())
|
||||
return DAEMON_ERROR;
|
||||
return DenyResponse::ERROR;
|
||||
|
||||
bool remove = false;
|
||||
|
||||
@@ -284,7 +284,7 @@ static int rm_list(const char *pkg, const char *proc) {
|
||||
}
|
||||
|
||||
if (!remove)
|
||||
return DENYLIST_ITEM_NOT_EXIST;
|
||||
return DenyResponse::ITEM_NOT_EXIST;
|
||||
}
|
||||
|
||||
char sql[4096];
|
||||
@@ -294,11 +294,11 @@ static int rm_list(const char *pkg, const char *proc) {
|
||||
snprintf(sql, sizeof(sql),
|
||||
"DELETE FROM denylist WHERE package_name='%s' AND process='%s'", pkg, proc);
|
||||
char *err = db_exec(sql);
|
||||
db_err_cmd(err, return DAEMON_ERROR)
|
||||
return DAEMON_SUCCESS;
|
||||
db_err_cmd(err, return DenyResponse::ERROR)
|
||||
return DenyResponse::OK;
|
||||
}
|
||||
|
||||
int rm_list(int client) {
|
||||
DenyResponse rm_list(int client) {
|
||||
string pkg = read_string(client);
|
||||
string proc = read_string(client);
|
||||
return rm_list(pkg.data(), proc.data());
|
||||
@@ -308,11 +308,11 @@ void ls_list(int client) {
|
||||
{
|
||||
mutex_guard lock(data_lock);
|
||||
if (!ensure_data()) {
|
||||
write_int(client, DAEMON_ERROR);
|
||||
write_int(client, static_cast<int>(DenyResponse::ERROR));
|
||||
return;
|
||||
}
|
||||
|
||||
write_int(client, DAEMON_SUCCESS);
|
||||
write_int(client,static_cast<int>(DenyResponse::OK));
|
||||
|
||||
for (const auto &[pkg, procs] : pkg_to_procs) {
|
||||
for (const auto &proc : procs) {
|
||||
@@ -342,19 +342,19 @@ static void update_deny_config() {
|
||||
db_err(err);
|
||||
}
|
||||
|
||||
int enable_deny() {
|
||||
DenyResponse enable_deny() {
|
||||
if (denylist_enforced) {
|
||||
return DAEMON_SUCCESS;
|
||||
return DenyResponse::OK;
|
||||
} else {
|
||||
mutex_guard lock(data_lock);
|
||||
|
||||
if (access("/proc/self/ns/mnt", F_OK) != 0) {
|
||||
LOGW("The kernel does not support mount namespace\n");
|
||||
return DENY_NO_NS;
|
||||
return DenyResponse::NO_NS;
|
||||
}
|
||||
|
||||
if (procfp == nullptr && (procfp = opendir("/proc")) == nullptr)
|
||||
return DAEMON_ERROR;
|
||||
return DenyResponse::ERROR;
|
||||
|
||||
LOGI("* Enable DenyList\n");
|
||||
|
||||
@@ -362,7 +362,7 @@ int enable_deny() {
|
||||
|
||||
if (!ensure_data()) {
|
||||
denylist_enforced = false;
|
||||
return DAEMON_ERROR;
|
||||
return DenyResponse::ERROR;
|
||||
}
|
||||
|
||||
// On Android Q+, also kill blastula pool and all app zygotes
|
||||
@@ -374,16 +374,16 @@ int enable_deny() {
|
||||
}
|
||||
|
||||
update_deny_config();
|
||||
return DAEMON_SUCCESS;
|
||||
return DenyResponse::OK;
|
||||
}
|
||||
|
||||
int disable_deny() {
|
||||
DenyResponse disable_deny() {
|
||||
if (denylist_enforced) {
|
||||
denylist_enforced = false;
|
||||
LOGI("* Disable DenyList\n");
|
||||
}
|
||||
update_deny_config();
|
||||
return DAEMON_SUCCESS;
|
||||
return DenyResponse::OK;
|
||||
}
|
||||
|
||||
void initialize_denylist() {
|
||||
|
||||
Reference in New Issue
Block a user