From d7d0a446937629206baf0148948ef97a80df4c35 Mon Sep 17 00:00:00 2001
From: topjohnwu <topjohnwu@gmail.com>
Date: Wed, 14 Jun 2023 17:05:49 -0700
Subject: [PATCH] Remove randomness from Magisk

---
 .../magisk/core/su/SuRequestHandler.kt        | 27 +++++++++-------
 native/src/base/misc.cpp                      | 32 -------------------
 native/src/base/misc.hpp                      |  2 --
 native/src/core/su/connect.cpp                |  6 ++--
 native/src/init/rootdir.cpp                   |  6 +---
 scripts/avd_patch.sh                          |  2 --
 scripts/boot_patch.sh                         |  2 --
 7 files changed, 19 insertions(+), 58 deletions(-)

diff --git a/app/src/main/java/com/topjohnwu/magisk/core/su/SuRequestHandler.kt b/app/src/main/java/com/topjohnwu/magisk/core/su/SuRequestHandler.kt
index 7ed990a0a..947f8f30b 100644
--- a/app/src/main/java/com/topjohnwu/magisk/core/su/SuRequestHandler.kt
+++ b/app/src/main/java/com/topjohnwu/magisk/core/su/SuRequestHandler.kt
@@ -57,31 +57,36 @@ class SuRequestHandler(
             runCatching { output.close() }
     }
 
-    private suspend fun init(intent: Intent) = withContext(Dispatchers.IO) {
+    private suspend fun init(intent: Intent): Boolean {
+        val uid = intent.getIntExtra("uid", -1)
+        if (uid <= 0) {
+            return false;
+        }
+        policy = SuPolicy(uid)
+        val pid = intent.getIntExtra("pid", -1)
+        if (pid <= 0) {
+            return false;
+        }
+        val fifo = intent.getStringExtra("fifo") ?: "/dev/socket/magisk_su_request_$pid"
+
         try {
-            val fifo = intent.getStringExtra("fifo") ?: throw IOException("fifo == null")
             output = DataOutputStream(FileOutputStream(fifo))
-            val uid = intent.getIntExtra("uid", -1)
-            if (uid <= 0) {
-                throw IOException("uid == $uid")
-            }
-            policy = SuPolicy(uid)
-            val pid = intent.getIntExtra("pid", -1)
             try {
                 pkgInfo = pm.getPackageInfo(uid, pid) ?: PackageInfo().apply {
                     val name = pm.getNameForUid(uid) ?: throw PackageManager.NameNotFoundException()
                     // We only fill in sharedUserId and leave other fields uninitialized
                     sharedUserId = name.split(":")[0]
                 }
-                return@withContext true
             } catch (e: PackageManager.NameNotFoundException) {
+                Timber.e(e)
                 respond(SuPolicy.DENY, -1)
-                return@withContext false
+                return false
             }
+            return true
         } catch (e: IOException) {
             Timber.e(e)
             close()
-            return@withContext false
+            return false
         }
     }
 
diff --git a/native/src/base/misc.cpp b/native/src/base/misc.cpp
index c96dccf04..1aec02d05 100644
--- a/native/src/base/misc.cpp
+++ b/native/src/base/misc.cpp
@@ -70,38 +70,6 @@ int fork_no_orphan() {
     return 0;
 }
 
-mt19937_64 &get_rand(const void *seed_buf) {
-    static mt19937_64 gen([&] {
-        mt19937_64::result_type seed;
-        if (seed_buf == nullptr) {
-            int fd = xopen("/dev/urandom", O_RDONLY | O_CLOEXEC);
-            xxread(fd, &seed, sizeof(seed));
-            close(fd);
-        } else {
-            memcpy(&seed, seed_buf, sizeof(seed));
-        }
-        return seed;
-    }());
-    return gen;
-}
-
-int gen_rand_str(char *buf, int len, bool varlen) {
-    auto gen = get_rand();
-
-    if (len == 0)
-        return 0;
-    if (varlen) {
-        std::uniform_int_distribution<int> len_dist(len / 2, len);
-        len = len_dist(gen);
-    }
-    std::uniform_int_distribution<int> alphabet('a', 'z');
-    for (int i = 0; i < len - 1; ++i) {
-        buf[i] = static_cast<char>(alphabet(gen));
-    }
-    buf[len - 1] = '\0';
-    return len - 1;
-}
-
 int exec_command(exec_t &exec) {
     auto pipefd = array<int, 2>{-1, -1};
     int outfd = -1;
diff --git a/native/src/base/misc.hpp b/native/src/base/misc.hpp
index 70ec9ae33..f82b54499 100644
--- a/native/src/base/misc.hpp
+++ b/native/src/base/misc.hpp
@@ -251,8 +251,6 @@ void init_argv0(int argc, char **argv);
 void set_nice_name(const char *name);
 uint32_t binary_gcd(uint32_t u, uint32_t v);
 int switch_mnt_ns(int pid);
-std::mt19937_64 &get_rand(const void *seed_buf = nullptr);
-int gen_rand_str(char *buf, int len, bool varlen = true);
 std::string &replace_all(std::string &str, std::string_view from, std::string_view to);
 std::vector<std::string> split(std::string_view s, std::string_view delims);
 std::vector<std::string_view> split_view(std::string_view, std::string_view delims);
diff --git a/native/src/core/su/connect.cpp b/native/src/core/su/connect.cpp
index 4d53f2fdb..c16cd2746 100644
--- a/native/src/core/su/connect.cpp
+++ b/native/src/core/su/connect.cpp
@@ -193,16 +193,14 @@ void app_notify(const su_context &ctx) {
 int app_request(const su_context &ctx) {
     // Create FIFO
     char fifo[64];
-    strcpy(fifo, "/dev/socket/");
-    gen_rand_str(fifo + 12, 32);
+    ssprintf(fifo, sizeof(fifo), "/dev/socket/magisk_su_request_%d", ctx.pid);
     mkfifo(fifo, 0600);
     chown(fifo, ctx.info->mgr_uid, ctx.info->mgr_uid);
     setfilecon(fifo, MAGISK_FILE_CON);
 
     // Send request
     vector<Extra> extras;
-    extras.reserve(3);
-    extras.emplace_back("fifo", fifo);
+    extras.reserve(2);
     extras.emplace_back("uid", ctx.info->eval_uid);
     extras.emplace_back("pid", ctx.pid);
     exec_cmd("request", extras, ctx.info, false);
diff --git a/native/src/init/rootdir.cpp b/native/src/init/rootdir.cpp
index 99dabb1fd..9b2d3d649 100644
--- a/native/src/init/rootdir.cpp
+++ b/native/src/init/rootdir.cpp
@@ -190,17 +190,13 @@ static void extract_files(bool sbin) {
 }
 
 void MagiskInit::parse_config_file() {
-    uint64_t seed = 0;
     parse_prop_file("/data/.backup/.magisk", [&](auto key, auto value) -> bool {
         if (key == "PREINITDEVICE") {
             preinit_dev = value;
-        } else if (key == "RANDOMSEED") {
-            value.remove_prefix(2); // 0x
-            seed = parse_uint64_hex(value);
+            return false;
         }
         return true;
     });
-    get_rand(&seed);
 }
 
 #define ROOTMIR     MIRRDIR "/system_root"
diff --git a/scripts/avd_patch.sh b/scripts/avd_patch.sh
index 219bea98b..0f60fe9e2 100644
--- a/scripts/avd_patch.sh
+++ b/scripts/avd_patch.sh
@@ -65,8 +65,6 @@ fi
 # For API 28, we also patch advancedFeatures.ini to disable SAR
 # Manually override skip_initramfs by setting RECOVERYMODE=true
 [ $API = "28" ] && echo 'RECOVERYMODE=true' >> config
-RANDOMSEED=$(tr -dc 'a-f0-9' < /dev/urandom | head -c 16)
-echo "RANDOMSEED=0x$RANDOMSEED" >> config
 cat config
 
 SKIP32="#"
diff --git a/scripts/boot_patch.sh b/scripts/boot_patch.sh
index 004f6781b..41f5df822 100644
--- a/scripts/boot_patch.sh
+++ b/scripts/boot_patch.sh
@@ -184,8 +184,6 @@ if [ -n "$PREINITDEVICE" ]; then
   echo "PREINITDEVICE=$PREINITDEVICE" >> config
 fi
 [ -n "$SHA1" ] && echo "SHA1=$SHA1" >> config
-RANDOMSEED=$(tr -dc 'a-f0-9' < /dev/urandom | head -c 16)
-echo "RANDOMSEED=0x$RANDOMSEED" >> config
 
 ./magiskboot cpio ramdisk.cpio \
 "add 0750 $INIT magiskinit" \