diff --git a/native/jni/core/cert.cpp b/native/jni/core/cert.cpp index dec5c4233..cee7db5a5 100644 --- a/native/jni/core/cert.cpp +++ b/native/jni/core/cert.cpp @@ -1,5 +1,4 @@ #include -#include using namespace std; @@ -96,7 +95,7 @@ struct EOCD { * This method extracts the first certificate of the first signer * within the APK v2 signature block. */ -string read_certificate(int fd, bool check_version) { +string read_certificate(int fd, int version) { uint32_t size4; uint64_t size8; @@ -131,13 +130,13 @@ string read_certificate(int fd, bool check_version) { read(fd, ¢ral_dir_off, sizeof(central_dir_off)); // Read comment - if (check_version) { + if (version >= 0) { uint16_t comment_sz = 0; read(fd, &comment_sz, sizeof(comment_sz)); string comment; comment.resize(comment_sz); read(fd, comment.data(), comment_sz); - if (MAGISK_VER_CODE > parse_int(comment)) { + if (version > parse_int(comment)) { // Older version of magisk app is not supported return {}; } diff --git a/native/jni/core/core.hpp b/native/jni/core/core.hpp index 4492d52dd..78f417f6f 100644 --- a/native/jni/core/core.hpp +++ b/native/jni/core/core.hpp @@ -21,7 +21,7 @@ void reboot(); void start_log_daemon(); void setup_logfile(bool reset); void magisk_logging(); -std::string read_certificate(int fd, bool check_version = false); +std::string read_certificate(int fd, int version = -1); // Module stuffs void handle_modules(); diff --git a/native/jni/core/package.cpp b/native/jni/core/package.cpp index 1b6e1cda6..0ca1b3aba 100644 --- a/native/jni/core/package.cpp +++ b/native/jni/core/package.cpp @@ -105,7 +105,7 @@ int get_manager(int user_id, string *pkg, bool install) { int dyn = open(app_path, O_RDONLY | O_CLOEXEC); if (dyn < 0) return false; - bool mismatch = default_cert && read_certificate(dyn, true) != *default_cert; + bool mismatch = default_cert && read_certificate(dyn, MAGISK_VER_CODE) != *default_cert; close(dyn); if (mismatch) { LOGE("pkg: dyn APK signature mismatch: %s\n", app_path); @@ -226,7 +226,7 @@ int get_manager(int user_id, string *pkg, bool install) { #if ENFORCE_SIGNATURE string apk = find_apk_path(JAVA_PACKAGE_NAME); int fd = xopen(apk.data(), O_RDONLY | O_CLOEXEC); - string cert = read_certificate(fd, true); + string cert = read_certificate(fd, MAGISK_VER_CODE); close(fd); if (default_cert && cert != *default_cert) { // Found APK with invalid signature, force replace with stub