This commit removes the "dl.c" file, which was used for using "android_dlopen_ext" in a new namespace, used to isolate libraries, which is not necessary here as they are on different processes, hence "dlopen" can be used.
This commit partially fixes the issue in Kitsune where fd would leak as MagiskSU would never be found in mounts. According to Magisk Kitsune code, it is only mounted after boot is completed. It sets a callback to call "magisk --boot-completed" when "sys.boot_completed" is 1, which mounts MagiskSU. Hence we check the same prop to see if the mns of the app is appropriate to be cached, and if boot is completed, it will cache that "ns_fd". This, however, doesn't fully fix the issue, since apps that are loaded before boot is completed, will have the fds leaking, since we cannot close them (easily), see code comments.
This commit removes the "Rooted" mount namespace state, as it wouldn't fit in the categories made by root implementations. The three major root implementations divide apps into three categories: SU, Umounted, (with) Mounts. The SU one consists of apps that are allowed to elevate privileges, those don't have their mounts modified, and keep root mounts. As for Umounted, it consists of apps that will have root-related mounts umounted before being executed. And finally (with) mounts which are apps that although are not allowed to elevate privileges, still have the root-related mounts kept.
Knowing that we can merge both SU and (with) Mounts into the same category: No modification to mounts/Keep root-related mounts. With that, "Mounts" mns state is also unmodified, compared to old "Modules" mns state.
Those changes also reflect on the issue where new apps couldn't ask Magisk for root as they would have SU mount umounted, which now, as ReZygisk leave them unmodified, they can.
This commit fixes a memory leak in "rezygisk_get_info" as it would read a string from ReZygiskd but would never "free" after using it. Also call "free_rezygisk_info" instead of manually cleanup in ptracer.
This commit adds the missing error handling for "UpdateMountNamespace" in both libzygisk.so and ReZygiskd, as before it would send a -1 as unsigned, leading to issues.
This commit improves logging for "update_mnt_ns" function, which now specifies which state it will update the mns to, for easier debugging. It also adds a note about the possibility of having apps with rooted permissions and also be denylisted in Magisk, causing weird behavior.
This commit fixes the issue that ReZygisk would skip all "/system" mounts, and not only the ones made by modules, leaving unexpected mounts mounted in app processes. KernelSU itself create some mounts such as "/system/app", which need to be umounted. To fix that, we will check if they come from "/data/modules", and if so, skip and not umount. That's not needed in Magisk as it doesn't create such mounts as far as I am aware.
This commit fixes the issue where ReZygisk would change the mount namespace (mns) before the modules were loaded, thus failing, as "/data/adb/modules" wouldn't be mounted.
This commit fixes the logging tag for ptracer command-line tool, which would show as "zygisk-core64", the one from libzygisk, and an out-of-bounds access in "allowed_fds" array, which then the readdir returned the "." and "..", the "parse_int" would return -1, and would try to access it in "allowed_fds" without checking if it is negative, or bigger, first.
This commit creates a new behavior in ReZygisk umounting system where it now ignores "/system/..." mounts, as umounting them generally leads to unbootable system.
This commit adds numerous improvements to the state of hidden'ility of ReZygisk, and also for compatibility. Recommended to check #111 for more information.
This commit improves the code for multiple files by making "read_string" function already make the string NULL-terminated, avoiding code duplication. Also for "companion.c" fixes an "if" where it would read "client_fd" and check if "fd" is equal to "-1", instead of "client_fd", also does some overall code improvements there like detaching the thread, avoiding memory leaks in the exit, of the thread itself.
This commit fixes an issue where one of the "malloc", a libc function to allocate dynamic memory, "if"s were checking its return against non-NULL instead of NULL, making it seem to have failed when it didn't.
Two counters for module loading and unloading are introduced in the commit a2e83ab348. To remove linker traces of libzygisk.so and Zygisk modules, we should reset them properly.
Reading the file `/proc/self/maps` is detectable by the target process.
Hence, we should cache scanned virtual maps after `libart.so` is loaded for later plt hooks in the target process.
Note that it is impossible to hide injecting trace of virtual memory maps from the hooked target process.
ReZygisk will only focus on removing its trace for approcess that are not hooked by modules.
1. fix typo vsdo -> vdso and allow this symbol to be not found, which is the case for the 32bit linkers on some devices
2. use soinfo_free to fully remove the soinfo record of libzygisk.so
3. set `soinfo.size = 0` to avoid the library being unmapped while removing its soinfo record
4. add more debug logs for troubleshooting
Relying on dlclose to unload libzygisk.so will block us to clean its trace in the solist.
This commit allows us to unmap libzygisk.so without using dlclose.
To call munmap, we use the function pthread_attr_setstacksize instead of pthread_attr_destroy, so that tail-call can still be applied here since it has the same signature as munmap.
This commit merges the pull request by JingMatrix that includes improvements for clangd users, fixes for devices which have llvm suffix in SoList related symbols, and improved hiding related to the SoList.
In Bionic linker, the `soinfo` structure has a field `next`, which points to the next loaded library in a linked list consisting of all loaded libraries.
Hence, an injected process can easily find all loaded libraries.
Previously in ReZygisk, module library records are hidden by setting the `pathname` field to be empty, which is futile but easier to detect.
Current idea of dropping record can be found in the following commit:
5d635e8c66
