Commit Graph

138 Commits

Author SHA1 Message Date
topjohnwu
f24a5dfd45 More efficient xml parsing 2019-03-09 04:27:04 -05:00
topjohnwu
081074ad9d Better zygote process detection 2019-03-08 23:53:53 -05:00
topjohnwu
0204d05316 Remove Zygote notifier
Temporary trigger process scan on packages.xml updates, will find better methods
2019-03-08 03:35:17 -05:00
topjohnwu
d2cb638fcd Use our own function to parse int 2019-03-07 20:31:35 -05:00
topjohnwu
82c864d57e Make zygote notifier more reliable 2019-03-06 18:22:04 -05:00
topjohnwu
370015a853 Modernize database code (again) 2019-03-06 08:16:12 -05:00
topjohnwu
6597b7adc0 Add MicroG DroidGuardHelper as target
MicroG uses a different package to handle DroidGuard service (SafetyNet),
but still uses the same com.google.android.gms.unstable process name.
Thanks to the changes in 4e53ebfe, we can target both official GMS
and MicroG SafetyNet services at the same time.
2019-03-06 05:43:52 -05:00
topjohnwu
4e53ebfe44 Use both package name and process name as key
Different packages could potentially use the same process name,
and they shouldn't conflict with each other.
2019-03-06 05:40:52 -05:00
topjohnwu
04ef1e6405 Make parse prop file a util function 2019-03-05 20:27:09 -05:00
topjohnwu
b278d07b05 Switch to Zygote ptrace-ing
No matter if we use the old, buggy, error prone am_proc_start monitoring,
or the new APK inotify method, both methods rely on MagiskHide 'reacting'
fast enough to hijack the process before any detection has been done.

However, this is not reliable and practical. There are apps that utilize
native libraries to start detects and register SIGCONT signal handlers
to mitigate all existing MagiskHide process monitoring mechanism. So
our only solution is to hijack an app BEFORE it is started.

All Android apps' process is forked from zygote, so it is easily the
target to be monitored. All forks will be notified, and subsequent
thread spawning (Android apps are heaviliy multithreaded) from children
are also closely monitored to find the earliest possible point to
identify what the process will eventually be (before am_proc_bound).

ptrace is extremely complicated and very difficult to get right. The
current code is heaviliy tested on a stock Android 9.0 Pixel system,
so in theory it should work fine on most devices, but more tests and
potentially fixes are expected to follow this commit.
2019-03-05 20:23:27 -05:00
topjohnwu
d8cd2031c7 SIGSTOP any possible process ASAP
Shut down any UID matching process and resume if it turns out not to
be our target. Since we will record every single process we have ever
paused, this means that the same process will not be paused erroneously
for another time.

This is an optimization to hijack the app as soon as possible.
2019-03-02 04:24:41 -05:00
topjohnwu
7203e7df5c Create mapping from watch descriptor to UID 2019-03-02 03:44:24 -05:00
topjohnwu
b51feffe80 Limit process name match to cmdline only
We are only interested in Zygote forked processed
2019-03-01 18:13:41 -05:00
topjohnwu
b1afd554fc Application Component Granularity MagiskHide
Before switching to the new MagiskHide implementation (APK inotify),
logcat parsing provides us lots of information to target a process.
We were targeting components so that apps with multi-processes
can still be hidden properly.

After switching to the new implementation, our granularity is limited
to the UID of the process. This is especially dangerous since Android
allow apps signed with the same signature to share UIDs, and many system
apps utilize this for elevated permissions for some services.

This commit introduces process name matching. We could not blanketly
target an UID, so the workaround is to verify its process name before
unmounting.

The tricky thing is that any app developer is allowed to name the
process of its component to whatever they want; there is no 'one
rule to catch them all' to target a specific package. As a result,
Magisk Manager is updated to scan through all components of all apps,
and show different processes of the same app, each as a separate
hide target in the list.

The hide target database also has to be updated accordingly.
Each hide target is now a <package name, process name> pair. The
magiskhide CLI and Magisk Manager is updated to support this new
target format.
2019-03-01 17:08:08 -05:00
topjohnwu
660e0dc09a Fix MagiskHide unmount daemon
Close #1101
2019-02-19 01:50:41 -05:00
John Wu
3ebc886f8a Make sure PPID exists 2019-02-18 03:45:01 -05:00
vvb2060
5b54ef840a Skip same mount namespace 2019-02-18 03:45:01 -05:00
topjohnwu
2708c74ebe Add O_CLOEXEC to opens 2019-02-18 03:25:21 -05:00
topjohnwu
50ff11405f Swap out inotify fd before adding watch targets 2019-02-18 03:18:11 -05:00
topjohnwu
692f893e1f Monitor /data/system/packages.xml
Reinstalling system apps as data creates tons of issues.
Calling pm path <pkg> is extremely expensive and doesn't work in post-fs-data.
Parse through packages.xml to get APK path and UID at the same time.
As a bonus, we don't need to traverse /data/app for packages anymore.
2019-02-18 03:05:13 -05:00
topjohnwu
14aa6041ec Use a better function to read through files 2019-02-17 22:30:23 -05:00
topjohnwu
fb55fe184c Hide useless error message 2019-02-16 03:41:37 -05:00
topjohnwu
6412bfc7b5 Only care about the first event 2019-02-16 02:49:36 -05:00
topjohnwu
3c56f38229 Change most logs to debug logs 2019-02-16 02:30:48 -05:00
topjohnwu
f4f2274c60 Auto reinstall system apps on hide list
Since we are parsing through /data/app/ to find target APKs for
monitoring, system apps will not be covered in this case.
Automatically reinstall system apps as if they received an update
and refresh the monitor target after it's done.

As a bonus, use RAII idioms for locking pthread_mutex_t.
2019-02-16 02:24:35 -05:00
topjohnwu
9430dbb96c Make sure logcat process does not become a zombie 2019-02-14 17:36:18 -05:00
topjohnwu
4872df6a46 Support old APK paths and don't crash when not match 2019-02-14 16:38:28 -05:00
topjohnwu
b106d1c501 Fix stupid mistake 2019-02-14 04:24:30 -05:00
topjohnwu
99db0672b4 Minor MagiskHide adjustments
- Fail fast on unsupported systems
- Show proper fail message on unsupported systems
- inotify_fd shall be swapped out before closing to prevent
  the proc_monitor thread to read from incomplete inotify fd
2019-02-14 04:08:05 -05:00
topjohnwu
d584360de2 More optimized APK traversal 2019-02-14 00:52:59 -05:00
topjohnwu
4eed6794c7 More MagiskHide optimizations
- Use a general procfs traversal function with callbacks
- Much better functions for killing processes
2019-02-13 20:16:26 -05:00
topjohnwu
c66cabd80f Several MagiskHide improvements
- Directly get UID instead of traversing /data/data everytime
- Use /data/user_de/0 instead of /data/data on Android 7.0+
- Update hide_uid set incrementally when adding/initializing targets
- Guard hide_uid set with the same lock as hide_list vector
- Do not add GMS package into database; only add to in-memory list
2019-02-13 06:16:26 -05:00
Park Ju Hyung
24da3485bd Hardcode GMS unstable to MagiskHide
With the new detection method, it is impossible to check for components.

Remove additional checks for components and simply hardcode string to
proc_monitor.cpp and query cmdline to see if it's GMS unstable.

This addresses wasted resources on applying custom namespace
on all GMS processes.

Signed-off-by: Park Ju Hyung <qkrwngud825@gmail.com>
2019-02-12 23:39:57 -05:00
Park Ju Hyung
7384d2d330 Completely rework MagiskHide
Previous MagiskHide detects new app launches via listening through logcat
and filtering launch info messages.

This is extremely inefficient and prone to cause multiple issues both
theoratically and practically.

Rework this by using inotify to detect open() syscalls to target APKs.

This also solves issues related to Zygote-forked caching mechanisms such as
OnePlus OxygenOS' embryo.

Signed-off-by: Park Ju Hyung <qkrwngud825@gmail.com>
2019-02-12 23:39:57 -05:00
topjohnwu
ed027ec3ee Refactor build flags 2019-02-12 05:17:02 -05:00
topjohnwu
1321f097b8 Remove usage of magisk.img
Mounting ext4 images causes tons of issues, such as unmountable with broken F2FS drivers.
Resizing is also very complicated and does not work properly on all devices.
Each step in either measuring free space, resizing, and shrinking the image is a
point of failure, and either step's failure could cause the module system completely broken.

The new method is to directly store modules into /data/adb/modules, and for module installation
on boot /data/adb/modules_update. Several compatibility layers has been done: the new path is
bind mounted to the old path (/sbin/.magisk/img), and the helper functions in util_functions.sh
will now transparently make existing modules install to the new location without any changes.

MagiskHide is also updated to unmount module files stored in this new location.
2019-02-12 02:14:57 -05:00
topjohnwu
71ecbb3af3 Clean/refactor includes 2019-02-10 03:57:51 -05:00
topjohnwu
3a422c3f15 Remove magisklogd, use threads and BlockingQueue 2019-02-10 01:05:19 -05:00
topjohnwu
f24342f117 Disable several features in Jellybean 2019-01-20 17:52:19 -05:00
topjohnwu
3e4c12cf56 Migrate to STL 2019-01-19 23:59:37 -05:00
topjohnwu
e8cba3524e Kill target processes properly 2018-11-27 03:56:14 -05:00
topjohnwu
e67965a381 Silent some errors 2018-11-24 15:53:15 -05:00
topjohnwu
ec4723096f Prevent file descriptor from unclosed 2018-11-23 21:15:44 -05:00
topjohnwu
38fcc57bbf Use component name as targets
Services can name their process name arbitrarily, for instance the service in
com.google.android.gms that is responsible for SafetyNet is named
com.google.android.gms.unstable. There are many apps out in the wild use
dedicated services with special names to detect root, and previously the user
is expected to add all of them to the hide list.

In this commit, we change from targeting process names to component names.
On Android, component names are composed of <pkg>/<cls>. When targeting
component names, we can always know what application spawned the new process.
This means that if the user adds a package name to the hidelist, MagiskHide can
now target ALL possible processes of that specific application.

To abide with this change, the default SafetyNet target is now changed from
com.google.android.gms.unstable (process name) to
com.google.android.gms/.droidguard.DroidGuardService (component name)
2018-11-23 15:47:49 -05:00
topjohnwu
c8c57c74cc Optimize proc_monitor 2018-11-23 14:32:33 -05:00
topjohnwu
ab5fedda0b Prevent Magisk database race condition
The database should only be accessed by a single process, which is magiskd.
This means 'magisk --sqlite [SQL]' has to be updated to pass the SQL command to the daemon.
In addition, open the database connection with SQLITE_OPEN_FULLMUTEX to support multithread in magiskd.
2018-11-16 03:20:30 -05:00
topjohnwu
ba70269398 Directly print output over socket 2018-11-16 01:49:15 -05:00
topjohnwu
ab74290fe3 Move magiskhide config into database 2018-11-16 01:15:34 -05:00
topjohnwu
3aad9d8166 Add CLI to detect MagiskHide status 2018-11-16 00:37:41 -05:00
topjohnwu
89e0be0099 Fix a bug causing magiskhide CLI freezing 2018-11-13 02:22:55 -05:00
topjohnwu
ef40c1212e Prevent infinite loop if process is killed
Close #761
2018-11-13 02:11:02 -05:00
topjohnwu
3a2a2a4ffa Micro optimizations 2018-11-13 02:07:02 -05:00
topjohnwu
9592a69986 Prevent unmounting non-custom mount points 2018-11-13 01:53:48 -05:00
topjohnwu
8745c7884e Rename Array to Vector
Finally get rid of the C style vector, rename the template class to its proper name
2018-11-08 05:03:59 -05:00
topjohnwu
be5f00aa1a Prevent stack overflow when managing hide list 2018-11-07 22:46:56 -05:00
topjohnwu
7c12bf7fa1 Modernize code base 2018-11-07 02:10:38 -05:00
topjohnwu
cda57dd4b4 Fully migrate Magisk to C++ 2018-11-04 04:15:51 -05:00
topjohnwu
6339ba6bfb Upgrade libutils to C++ 2018-11-03 03:06:01 -04:00
topjohnwu
a7824af5a8 Expose persist prop API 2018-11-03 00:15:21 -04:00
topjohnwu
b8a3cc8b60 Separate magiskhide logic from main daemon 2018-11-01 14:08:33 -04:00
topjohnwu
27c688252d Store hidelist in magisk database 2018-11-01 13:23:12 -04:00
topjohnwu
2efc423cf8 Add missing flags and move debug logging logic to libutils 2018-10-28 04:25:31 -04:00
topjohnwu
1046dd5eda Default to cmdline logging 2018-10-27 18:34:38 -04:00
topjohnwu
a9121fa28f Reorganize libutils and cleanups 2018-10-12 21:46:09 -04:00
topjohnwu
acf7c0c665 Minor reorganization of daemons 2018-10-12 00:50:47 -04:00
topjohnwu
60b3b8ddce Better incremental builds 2018-09-27 03:56:56 -04:00
topjohnwu
df8b047bca Generalize logging interface 2018-09-27 03:11:10 -04:00
topjohnwu
1d53335ae5 Dynamic load libselinux 2018-09-27 00:09:59 -04:00
topjohnwu
7b5d79d313 Kill all processes using the same UID of the target
To workaround OOS embryo optimization
2018-08-08 05:47:58 +08:00
topjohnwu
5be035fd44 Try logging a little harder 2018-08-03 01:58:56 +08:00
topjohnwu
f339a087a2 Let Magisk compile against SDK 16 2018-07-13 22:14:32 +08:00
topjohnwu
c6fc0e587e Support hardlink based proc ns 2018-07-11 23:41:38 +08:00
topjohnwu
e7a2144def Optimize magiskhide to work with the log daemon 2018-07-04 01:52:23 +08:00
topjohnwu
a8030c39b1 Separate logging into its own daemon 2018-07-02 22:11:28 +08:00
topjohnwu
7243b9e72f Improve log_monitor implementation 2018-07-01 18:18:12 +08:00
osm0sis
a82ef6bd35 MagiskHide: add ro.boot.vbmeta.device_state=locked 2018-06-19 14:23:06 -07:00
topjohnwu
44395e8ff0 Fix root loss issue when MagiskHide is enabled
In previous implementations, proc_monitor checks whether the mount namespace of an app is actually separated from zygote using a list generated at startup.
However, for some unknown reason, some devices (e.g. Samsung) has multiple zygote servers running in the background.
This means that app processes spawned from the unlisted zygotes are not checked whether the separation is done or not, causing MagiskHide unmount stuffs in the namespace of zygote, and since zygote is the "mother" of all apps, all apps will no longer have root access.

Since I'm not sure of the reason why multiple zygotes exists, so instead of checking the namespace against a list, compare the current namespace against the parent process's namespace.
This will make sure the namespace is NOT the same as the parent process, which is supposed to be the zygote server.
2018-06-20 04:55:34 +08:00
topjohnwu
838f3cc01e Simplify hiding conditions 2018-06-17 05:16:52 +08:00
topjohnwu
d08fd0561a Remove invincible mode 2018-06-17 01:28:29 +08:00
topjohnwu
88fae36b8a Hide sub-services of apps for hiding
Close #383
2018-04-29 15:10:35 +08:00
topjohnwu
fb491cfdcf Add Protobuf support to resetprop 2018-04-29 01:20:48 +08:00
topjohnwu
9484ec0c17 Massive refactoring
Remove post-fs mode
2018-04-22 02:16:56 +08:00
topjohnwu
42284c5efb Test logcat instead of checking logd 2018-04-08 02:12:40 +08:00
topjohnwu
787f7b3035 Remove backwards compatibility symlinks
These links cause magiskhide unable to work ideally and add complications. I think I gave enough time for migration
2018-03-27 00:35:59 +08:00
topjohnwu
ae97d011ae Change MagiskHide state if logd is disabled 2018-03-18 12:17:10 +08:00
topjohnwu
754fafcfe9 Check logd before logging 2018-02-12 02:48:15 +08:00
topjohnwu
40b6fe03c2 Tweak enum 2018-02-11 18:50:42 +08:00
topjohnwu
328fc44194 Rename module core to native 2018-01-27 09:11:28 +08:00