From 15cab86152736a280e9fb79618816925b5773dea Mon Sep 17 00:00:00 2001
From: LoveSy <shana@zju.edu.cn>
Date: Sun, 2 Apr 2023 17:52:07 +0800
Subject: [PATCH] Make module mirror read only

---
 app/src/main/res/raw/manager.sh | 4 ++--
 native/src/core/bootstages.cpp  | 2 +-
 native/src/core/module.cpp      | 7 +++++++
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/app/src/main/res/raw/manager.sh b/app/src/main/res/raw/manager.sh
index a412694a7..9207c4e99 100644
--- a/app/src/main/res/raw/manager.sh
+++ b/app/src/main/res/raw/manager.sh
@@ -117,8 +117,8 @@ EOF
 
 add_hosts_module() {
   # Do not touch existing hosts module
-  [ -d $MAGISKTMP/modules/hosts ] && return
-  cd $MAGISKTMP/modules
+  [ -d $NVBASE/modules/hosts ] && return
+  cd $NVBASE/modules
   mkdir -p hosts/system/etc
   cat << EOF > hosts/module.prop
 id=hosts
diff --git a/native/src/core/bootstages.cpp b/native/src/core/bootstages.cpp
index bc85e593e..1386581ad 100644
--- a/native/src/core/bootstages.cpp
+++ b/native/src/core/bootstages.cpp
@@ -54,7 +54,7 @@ static void mount_mirrors() {
         xmkdir(MODULEROOT, 0755);
         xmkdir(dest.data(), 0755);
         xmount(MODULEROOT, dest.data(), nullptr, MS_BIND, nullptr);
-        xmount(nullptr, dest.data(), nullptr, MS_REMOUNT | MS_BIND | MS_NOATIME, nullptr);
+        xmount(nullptr, dest.data(), nullptr, MS_REMOUNT | MS_BIND | MS_RDONLY, nullptr);
         xmount(nullptr, dest.data(), nullptr, MS_PRIVATE, nullptr);
         chmod(SECURE_DIR, 0700);
         restorecon();
diff --git a/native/src/core/module.cpp b/native/src/core/module.cpp
index 71df53fe1..19341de1e 100644
--- a/native/src/core/module.cpp
+++ b/native/src/core/module.cpp
@@ -147,6 +147,10 @@ void mirror_node::mount() {
 
 void module_node::mount() {
     string src = module_mnt + module + parent()->root()->prefix + node_path();
+    if (node_path() == "/system/etc/hosts") {
+        // special case for /system/etc/hosts to ensure it is writable
+        src = std::string(MODULEROOT) + module + parent()->root()->prefix + "/system/etc/hosts";
+    }
     if (exist())
         clone_attr(mirror_path().data(), src.data());
     if (isa<tmpfs_node>(parent()))
@@ -303,6 +307,9 @@ void load_modules() {
         mount_zygisk(32)
         mount_zygisk(64)
     }
+
+    auto worker_dir = MAGISKTMP + "/" WORKERDIR;
+    xmount(nullptr, worker_dir.data(), nullptr, MS_REMOUNT | MS_RDONLY, nullptr);
 }
 
 /************************