fix: ReZygiskd Magisk DenyList not checking against process

This commit improves the precision of ReZygiskd check for Magisk if a process is in DenyList/SuList, as previously it used "package_name" instead of the correct "process" field.

zygiskd/src/constants.h

@@ -13,6 +13,8 @@
   #define lp_select(a, b) a
 #endif
 
+#define PROCESS_NAME_MAX_LEN 256 + 1
+
 #define ZYGOTE_INJECTED lp_select(5, 4)
 #define DAEMON_SET_INFO lp_select(7, 6)
 #define DAEMON_SET_ERROR_INFO lp_select(9, 8)

zygiskd/src/root_impl/common.c

@@ -94,7 +94,7 @@ bool uid_granted_root(uid_t uid) {
   }
 }
 
-bool uid_should_umount(uid_t uid) {
+bool uid_should_umount(uid_t uid, const char *const process) {
   switch (impl.impl) {
     case KernelSU: {
       return ksu_uid_should_umount(uid);
@@ -103,7 +103,7 @@ bool uid_should_umount(uid_t uid) {
       return apatch_uid_should_umount(uid);
     }
     case Magisk: {
-      return magisk_uid_should_umount(uid);
+      return magisk_uid_should_umount(process);
     }
     default: {
       return false;

zygiskd/src/root_impl/common.h

@@ -31,7 +31,7 @@ void get_impl(struct root_impl *uimpl);
 
 bool uid_granted_root(uid_t uid);
 
-bool uid_should_umount(uid_t uid);
+bool uid_should_umount(uid_t uid, const char *const process);
 
 bool uid_is_manager(uid_t uid);
 

zygiskd/src/root_impl/magisk.c

@@ -139,37 +139,17 @@ bool magisk_uid_granted_root(uid_t uid) {
   return result[0] != '\0';
 }
 
-bool magisk_uid_should_umount(uid_t uid) {
-  char uid_str[16];
-  snprintf(uid_str, sizeof(uid_str), "%d", uid);
-
-  char *const argv_pm[] = { "pm", "list", "packages", "--uid", uid_str, NULL };
-
-  char result[256];
-  if (!exec_command(result, sizeof(result), "/system/bin/pm", argv_pm)) {
-    LOGE("Failed to execute pm binary: %s\n", strerror(errno));
-    errno = 0;
-
-    /* INFO: It's better if we do NOT umount than the opposite */
-    return false;
-  }
-
-  if (result[0] == '\0') {
-    LOGE("Failed to get package name from UID %d\n", uid);
-
-    return false;
-  }
-
-  char *package_name = strtok(result + strlen("package:"), " ");
-
-  char sqlite_cmd[256];
+bool magisk_uid_should_umount(const char *const process) {
+  /* INFO: PROCESS_NAME_MAX_LEN already has a +1 for NULL */
+  char sqlite_cmd[51 + PROCESS_NAME_MAX_LEN];
   if (is_using_sulist)
-    snprintf(sqlite_cmd, sizeof(sqlite_cmd), "select 1 from sulist where package_name=\"%s\" limit 1", package_name);
+    snprintf(sqlite_cmd, sizeof(sqlite_cmd), "SELECT 1 FROM sulist WHERE process=\"%s\" LIMIT 1", process);
   else
-    snprintf(sqlite_cmd, sizeof(sqlite_cmd), "select 1 from denylist where package_name=\"%s\" limit 1", package_name);
+    snprintf(sqlite_cmd, sizeof(sqlite_cmd), "SELECT 1 FROM denylist WHERE process=\"%s\" LIMIT 1", process);
 
   char *const argv[] = { "magisk", "--sqlite", sqlite_cmd, NULL };
 
+  char result[sizeof("1=1")];
   if (!exec_command(result, sizeof(result), (const char *)path_to_magisk, argv)) {
     LOGE("Failed to execute magisk binary: %s\n", strerror(errno));
     errno = 0;

zygiskd/src/root_impl/magisk.h

@@ -12,7 +12,7 @@ void magisk_get_existence(struct root_impl_state *state);
 
 bool magisk_uid_granted_root(uid_t uid);
 
-bool magisk_uid_should_umount(uid_t uid);
+bool magisk_uid_should_umount(const char *const process);
 
 bool magisk_uid_is_manager(uid_t uid);
 

zygiskd/src/zygiskd.c

@@ -415,6 +415,15 @@ void zygiskd_start(char *restrict argv[]) {
         ssize_t ret = read_uint32_t(client_fd, &uid);
         ASSURE_SIZE_READ_BREAK("GetProcessFlags", "uid", ret, sizeof(uid));
 
+        /* INFO: Only used for Magisk, as it saves process names and not UIDs. */
+        char process[PROCESS_NAME_MAX_LEN];
+        ret = read_string(client_fd, process, sizeof(process));
+        if (ret == -1) {
+          LOGE("Failed reading process name.\n");
+
+          break;
+        }
+
         uint32_t flags = 0;
         if (first_process) {
           flags |= PROCESS_IS_FIRST_STARTED;
@@ -427,7 +436,7 @@ void zygiskd_start(char *restrict argv[]) {
             if (uid_granted_root(uid)) {
               flags |= PROCESS_GRANTED_ROOT;
             }
-            if (uid_should_umount(uid)) {
+            if (uid_should_umount(uid, (const char *const)process)) {
               flags |= PROCESS_ON_DENYLIST;
             }
           }