TheArchive/Magisk
1
0
Fork 0
mirror of https://github.com/topjohnwu/Magisk.git synced 2025-10-19 08:12:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Application Component Granularity MagiskHide

Browse Source 
Before switching to the new MagiskHide implementation (APK inotify),
logcat parsing provides us lots of information to target a process.
We were targeting components so that apps with multi-processes
can still be hidden properly.

After switching to the new implementation, our granularity is limited
to the UID of the process. This is especially dangerous since Android
allow apps signed with the same signature to share UIDs, and many system
apps utilize this for elevated permissions for some services.

This commit introduces process name matching. We could not blanketly
target an UID, so the workaround is to verify its process name before
unmounting.

The tricky thing is that any app developer is allowed to name the
process of its component to whatever they want; there is no 'one
rule to catch them all' to target a specific package. As a result,
Magisk Manager is updated to scan through all components of all apps,
and show different processes of the same app, each as a separate
hide target in the list.

The hide target database also has to be updated accordingly.
Each hide target is now a <package name, process name> pair. The
magiskhide CLI and Magisk Manager is updated to support this new
target format.
This commit is contained in:
topjohnwu
2019-03-01 17:08:08 -05:00
parent 885e3c574b
commit b1afd554fc
11 changed files with 337 additions and 245 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
native/jni/magiskhide/magiskhide.cpp
View File

@@ -20,12 +20,12 @@ bool hide_enabled = false;
FULL_VER(MagiskHide) "\n\n"
"Usage: %s [--option [arguments...] ]\n\n"
"Options:\n"
" --status Return the status of magiskhide\n"
" --enable Start magiskhide\n"
" --disable Stop magiskhide\n"
" --add PKG Add PKG to the hide list\n"
" --rm PKG Remove PKG from the hide list\n"
" --ls List the current hide list\n"
" --status Return the status of magiskhide\n"
" --enable Start magiskhide\n"
" --disable Stop magiskhide\n"
" --add PKG [PROC] Add a new target to the hide list\n"
" --rm PKG [PROC] Remove from the hide list\n"
" --ls List the current hide list\n"
, arg0);
exit(1);
}
@@ -96,8 +96,10 @@ int magiskhide_main(int argc, char *argv[]) {
int fd = connect_daemon();
write_int(fd, MAGISKHIDE);
write_int(fd, req);
if (req == ADD_HIDELIST || req == RM_HIDELIST)
if (req == ADD_HIDELIST || req == RM_HIDELIST) {
write_string(fd, argv[2]);
write_string(fd, argv[3] ? argv[3] : "");
}
if (req == LS_HIDELIST)
send_fd(fd, STDOUT_FILENO);
@@ -113,10 +115,10 @@ int magiskhide_main(int argc, char *argv[]) {
fprintf(stderr, "MagiskHide is enabled\n");
break;
case HIDE_ITEM_EXIST:
fprintf(stderr, "[%s] already exists in hide list\n", argv[2]);
fprintf(stderr, "Target already exists in hide list\n");
break;
case HIDE_ITEM_NOT_EXIST:
fprintf(stderr, "[%s] does not exist in hide list\n", argv[2]);
fprintf(stderr, "Target does not exist in hide list\n");
break;
case HIDE_NO_NS:
fprintf(stderr, "Your kernel doesn't support mount namespace\n");