Remove randomness from Magisk

2024-12-21 23:47:39 +00:00 · 2023-06-14 17:05:49 -07:00 · 2023-06-14 17:05:49 -07:00 · d7d0a44693
commit d7d0a44693
parent 9d6f6764cb
7 changed files with 19 additions and 58 deletions
--- a/app/src/main/java/com/topjohnwu/magisk/core/su/SuRequestHandler.kt
+++ b/app/src/main/java/com/topjohnwu/magisk/core/su/SuRequestHandler.kt
@ -57,31 +57,36 @@ class SuRequestHandler(
            runCatching { output.close() }
    }

-    private suspend fun init(intent: Intent) = withContext(Dispatchers.IO) {
+    private suspend fun init(intent: Intent): Boolean {
+        val uid = intent.getIntExtra("uid", -1)
+        if (uid <= 0) {
+            return false;
+        }
+        policy = SuPolicy(uid)
+        val pid = intent.getIntExtra("pid", -1)
+        if (pid <= 0) {
+            return false;
+        }
+        val fifo = intent.getStringExtra("fifo") ?: "/dev/socket/magisk_su_request_$pid"
+
        try {
-            val fifo = intent.getStringExtra("fifo") ?: throw IOException("fifo == null")
            output = DataOutputStream(FileOutputStream(fifo))
-            val uid = intent.getIntExtra("uid", -1)
-            if (uid <= 0) {
-                throw IOException("uid == $uid")
-            }
-            policy = SuPolicy(uid)
-            val pid = intent.getIntExtra("pid", -1)
            try {
                pkgInfo = pm.getPackageInfo(uid, pid) ?: PackageInfo().apply {
                    val name = pm.getNameForUid(uid) ?: throw PackageManager.NameNotFoundException()
                    // We only fill in sharedUserId and leave other fields uninitialized
                    sharedUserId = name.split(":")[0]
                }
-                return@withContext true
            } catch (e: PackageManager.NameNotFoundException) {
+                Timber.e(e)
                respond(SuPolicy.DENY, -1)
-                return@withContext false
+                return false
            }
+            return true
        } catch (e: IOException) {
            Timber.e(e)
            close()
-            return@withContext false
+            return false
        }
    }

--- a/native/src/base/misc.cpp
+++ b/native/src/base/misc.cpp
@ -70,38 +70,6 @@ int fork_no_orphan() {
    return 0;
 }

-mt19937_64 &get_rand(const void *seed_buf) {
-    static mt19937_64 gen([&] {
-        mt19937_64::result_type seed;
-        if (seed_buf == nullptr) {
-            int fd = xopen("/dev/urandom", O_RDONLY | O_CLOEXEC);
-            xxread(fd, &seed, sizeof(seed));
-            close(fd);
-        } else {
-            memcpy(&seed, seed_buf, sizeof(seed));
-        }
-        return seed;
-    }());
-    return gen;
-}
-
-int gen_rand_str(char *buf, int len, bool varlen) {
-    auto gen = get_rand();
-
-    if (len == 0)
-        return 0;
-    if (varlen) {
-        std::uniform_int_distribution<int> len_dist(len / 2, len);
-        len = len_dist(gen);
-    }
-    std::uniform_int_distribution<int> alphabet('a', 'z');
-    for (int i = 0; i < len - 1; ++i) {
-        buf[i] = static_cast<char>(alphabet(gen));
-    }
-    buf[len - 1] = '\0';
-    return len - 1;
-}
-
 int exec_command(exec_t &exec) {
    auto pipefd = array<int, 2>{-1, -1};
    int outfd = -1;
--- a/native/src/base/misc.hpp
+++ b/native/src/base/misc.hpp
@ -251,8 +251,6 @@ void init_argv0(int argc, char **argv);
 void set_nice_name(const char *name);
 uint32_t binary_gcd(uint32_t u, uint32_t v);
 int switch_mnt_ns(int pid);
-std::mt19937_64 &get_rand(const void *seed_buf = nullptr);
-int gen_rand_str(char *buf, int len, bool varlen = true);
 std::string &replace_all(std::string &str, std::string_view from, std::string_view to);
 std::vector<std::string> split(std::string_view s, std::string_view delims);
 std::vector<std::string_view> split_view(std::string_view, std::string_view delims);
--- a/native/src/core/su/connect.cpp
+++ b/native/src/core/su/connect.cpp
@ -193,16 +193,14 @@ void app_notify(const su_context &ctx) {
 int app_request(const su_context &ctx) {
    // Create FIFO
    char fifo[64];
-    strcpy(fifo, "/dev/socket/");
-    gen_rand_str(fifo + 12, 32);
+    ssprintf(fifo, sizeof(fifo), "/dev/socket/magisk_su_request_%d", ctx.pid);
    mkfifo(fifo, 0600);
    chown(fifo, ctx.info->mgr_uid, ctx.info->mgr_uid);
    setfilecon(fifo, MAGISK_FILE_CON);

    // Send request
    vector<Extra> extras;
-    extras.reserve(3);
-    extras.emplace_back("fifo", fifo);
+    extras.reserve(2);
    extras.emplace_back("uid", ctx.info->eval_uid);
    extras.emplace_back("pid", ctx.pid);
    exec_cmd("request", extras, ctx.info, false);
--- a/native/src/init/rootdir.cpp
+++ b/native/src/init/rootdir.cpp
@ -190,17 +190,13 @@ static void extract_files(bool sbin) {
 }

 void MagiskInit::parse_config_file() {
-    uint64_t seed = 0;
    parse_prop_file("/data/.backup/.magisk", [&](auto key, auto value) -> bool {
        if (key == "PREINITDEVICE") {
            preinit_dev = value;
-        } else if (key == "RANDOMSEED") {
-            value.remove_prefix(2); // 0x
-            seed = parse_uint64_hex(value);
+            return false;
        }
        return true;
    });
-    get_rand(&seed);
 }

 #define ROOTMIR     MIRRDIR "/system_root"
--- a/scripts/avd_patch.sh
+++ b/scripts/avd_patch.sh
@ -65,8 +65,6 @@ fi
 # For API 28, we also patch advancedFeatures.ini to disable SAR
 # Manually override skip_initramfs by setting RECOVERYMODE=true
 [ $API = "28" ] && echo 'RECOVERYMODE=true' >> config
-RANDOMSEED=$(tr -dc 'a-f0-9' < /dev/urandom | head -c 16)
-echo "RANDOMSEED=0x$RANDOMSEED" >> config
 cat config

 SKIP32="#"
--- a/scripts/boot_patch.sh
+++ b/scripts/boot_patch.sh
@ -184,8 +184,6 @@ if [ -n "$PREINITDEVICE" ]; then
  echo "PREINITDEVICE=$PREINITDEVICE" >> config
 fi
 [ -n "$SHA1" ] && echo "SHA1=$SHA1" >> config
-RANDOMSEED=$(tr -dc 'a-f0-9' < /dev/urandom | head -c 16)
-echo "RANDOMSEED=0x$RANDOMSEED" >> config

 ./magiskboot cpio ramdisk.cpio \
 "add 0750 $INIT magiskinit" \