TheArchive/Magisk
1
0
Fork 0
mirror of https://github.com/topjohnwu/Magisk.git synced 2025-10-25 14:00:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Prune unused UIDs from su policies

Browse Source
This commit is contained in:
topjohnwu
2022-05-18 01:55:58 -07:00
parent e11508f84d
commit 975b1a5e36
12 changed files with 165 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
native/jni/zygisk/deny/deny.hpp
View File

@@ -47,8 +47,6 @@ void ls_list(int client);
// Utility functions
bool is_deny_target(int uid, std::string_view process);
void revert_unmount();
extern std::atomic<bool> denylist_enforced;
extern std::atomic<int> cached_manager_app_id;

14
native/jni/zygisk/deny/utils.cpp
View File

@@ -32,23 +32,13 @@ atomic<bool> denylist_enforced = false;
#define do_kill (zygisk_enabled && denylist_enforced)
static unsigned long long pkg_xml_ino = 0;
static void rescan_apps() {
{
struct stat st{};
stat("/data/system/packages.xml", &st);
if (pkg_xml_ino == st.st_ino) {
// Packages has not changed, do not rescan
return;
}
pkg_xml_ino = st.st_ino;
}
if (!need_pkg_refresh())
return;
LOGD("denylist: rescanning apps\n");
app_id_to_pkgs.clear();
cached_manager_app_id = -1;
auto data_dir = xopen_dir(APP_DATA_DIR);
if (!data_dir)

14
native/jni/zygisk/entry.cpp
View File

@@ -7,7 +7,6 @@
#include <base.hpp>
#include <daemon.hpp>
#include <magisk.hpp>
#include <db.hpp>
#include "zygisk.hpp"
#include "module.hpp"
@@ -313,8 +312,6 @@ static void magiskd_passthrough(int client) {
send_fd(client, is_64_bit ? app_process_64 : app_process_32);
}
atomic<int> cached_manager_app_id = -1;
extern bool uid_granted_root(int uid);
static void get_process_info(int client, const sock_cred *cred) {
int uid = read_int(client);
@@ -322,19 +319,10 @@ static void get_process_info(int client, const sock_cred *cred) {
uint32_t flags = 0;
// This function is called on every single zygote process specialization,
// so performance is critical. get_manager_app_id() is expensive as it goes
// through a SQLite query and potentially multiple filesystem stats, so we
// really want to cache its app ID value.
if (is_deny_target(uid, process)) {
flags |= PROCESS_ON_DENYLIST;
}
int manager_app_id = cached_manager_app_id;
if (manager_app_id < 0) {
manager_app_id = get_manager_app_id();
cached_manager_app_id = manager_app_id;
}
int manager_app_id = get_manager();
if (to_app_id(uid) == manager_app_id) {
flags |= PROCESS_IS_MAGISK_APP;
}