br0kenpixel/ReZygisk
1
0
Fork 0
mirror of https://github.com/PerformanC/ReZygisk.git synced 2025-09-06 06:37:01 +00:00
Code Issues Packages Projects Releases 1 Wiki Activity

Compare commits

base: br0kenpixel:v4-0.9.1.1
Branches Tags
br0kenpixel:main br0kenpixel:rewrite/webui br0kenpixel:add/new-webui
br0kenpixel:v1.0.0-rc.3 br0kenpixel:v1.0.0-rc.2 br0kenpixel:v1.0.0-rc.1 br0kenpixel:v4-0.9.1.1 br0kenpixel:v4-0.9.1 br0kenpixel:v4-0.9.0 br0kenpixel:v4-0.8.1 br0kenpixel:v4-0.8.0 br0kenpixel:v4-0.7.1 br0kenpixel:v4-0.7.0 br0kenpixel:v4-0.6.5 br0kenpixel:v4-0.6.4 br0kenpixel:v4-0.6.3 br0kenpixel:v4-0.6.2 br0kenpixel:v4-0.6.1 br0kenpixel:v4-0.6.0 br0kenpixel:v4-0.5.1 br0kenpixel:v4-0.5.0 br0kenpixel:v4-0.4.1 br0kenpixel:v4-0.4.0 br0kenpixel:v4-0.3.0 br0kenpixel:v4-0.2.0 br0kenpixel:v4-0.1.0
...
compare: br0kenpixel:v1.0.0-rc.2
Branches Tags
br0kenpixel:main br0kenpixel:rewrite/webui br0kenpixel:add/new-webui
br0kenpixel:v1.0.0-rc.3 br0kenpixel:v1.0.0-rc.2 br0kenpixel:v1.0.0-rc.1 br0kenpixel:v4-0.9.1.1 br0kenpixel:v4-0.9.1 br0kenpixel:v4-0.9.0 br0kenpixel:v4-0.8.1 br0kenpixel:v4-0.8.0 br0kenpixel:v4-0.7.1 br0kenpixel:v4-0.7.0 br0kenpixel:v4-0.6.5 br0kenpixel:v4-0.6.4 br0kenpixel:v4-0.6.3 br0kenpixel:v4-0.6.2 br0kenpixel:v4-0.6.1 br0kenpixel:v4-0.6.0 br0kenpixel:v4-0.5.1 br0kenpixel:v4-0.5.0 br0kenpixel:v4-0.4.1 br0kenpixel:v4-0.4.0 br0kenpixel:v4-0.3.0 br0kenpixel:v4-0.2.0 br0kenpixel:v4-0.1.0

153 Commits
v4-0.9.1.1 ... v1.0.0-rc.

Author SHA1 Message Date
ThePedroo
0c0f65998d remove: ReZygiskd dl.c 
This commit removes the "dl.c" file, which was used for using "android_dlopen_ext" in a new namespace, used to isolate libraries, which is not necessary here as they are on different processes, hence "dlopen" can be used.
 2025-04-26 06:02:03 -03:00
ThePedroo
dd38f230c0 fix: partially fd leak in Kitsune 
This commit partially fixes the issue in Kitsune where fd would leak as MagiskSU would never be found in mounts. According to Magisk Kitsune code, it is only mounted after boot is completed. It sets a callback to call "magisk --boot-completed" when "sys.boot_completed" is 1, which mounts MagiskSU. Hence we check the same prop to see if the mns of the app is appropriate to be cached, and if boot is completed, it will cache that "ns_fd". This, however, doesn't fully fix the issue, since apps that are loaded before boot is completed, will have the fds leaking, since we cannot close them (easily), see code comments.
 2025-04-26 01:54:54 -03:00
ThePedroo
d0b044a31d remove: Rooted mns state for simplification 
This commit removes the "Rooted" mount namespace state, as it wouldn't fit in the categories made by root implementations. The three major root implementations divide apps into three categories: SU, Umounted, (with) Mounts. The SU one consists of apps that are allowed to elevate privileges, those don't have their mounts modified, and keep root mounts. As for Umounted, it consists of apps that will have root-related mounts umounted before being executed. And finally (with) mounts which are apps that although are not allowed to elevate privileges, still have the root-related mounts kept.
Knowing that we can merge both SU and (with) Mounts into the same category: No modification to mounts/Keep root-related mounts. With that, "Mounts" mns state is also unmodified, compared to old "Modules" mns state.

Those changes also reflect on the issue where new apps couldn't ask Magisk for root as they would have SU mount umounted, which now, as ReZygisk leave them unmodified, they can.
 2025-04-25 02:11:57 -03:00
ThePedroo
00345eea7f improve: unify symtabs loading in elf_util.c 
This commit improves the code in "elf_util.c" by unifying the code that loads the symtabs information in ElfImg structure.
 2025-04-25 02:06:59 -03:00
ThePedroo
aac0046061 fix: memory leak in rezygisk_get_info 
This commit fixes a memory leak in "rezygisk_get_info" as it would read a string from ReZygiskd but would never "free" after using it. Also call "free_rezygisk_info" instead of manually cleanup in ptracer.
 2025-04-25 02:05:29 -03:00
ThePedroo
2f4f5af206 fix: missing vdso lead to unoperating SoList hiding 
This commit fixes the issue where the could would return when "__dl__ZL4vdso*" wasn't found, leaving traces in SoList.
 2025-04-25 02:03:58 -03:00
ThePedroo
a4c9794de0 add: error handling for UpdateMountNamespace 
This commit adds the missing error handling for "UpdateMountNamespace" in both libzygisk.so and ReZygiskd, as before it would send a -1 as unsigned, leading to issues.
 2025-04-25 02:02:29 -03:00
ThePedroo
a460c54d08 improve: update_mnt_ns logging; add: comment about "rooted denylisted" apps 
This commit improves logging for "update_mnt_ns" function, which now specifies which state it will update the mns to, for easier debugging. It also adds a note about the possibility of having apps with rooted permissions and also be denylisted in Magisk, causing weird behavior.
 2025-04-24 01:33:53 -03:00
ThePedroo
b24c74ac0d fix: not umounting KSU-specific /system mounts 
This commit fixes the issue that ReZygisk would skip all "/system" mounts, and not only the ones made by modules, leaving unexpected mounts mounted in app processes. KernelSU itself create some mounts such as "/system/app", which need to be umounted. To fix that, we will check if they come from "/data/modules", and if so, skip and not umount. That's not needed in Magisk as it doesn't create such mounts as far as I am aware.
 2025-04-23 13:55:22 -03:00
Pedro.js
2ff4cb6401 merge: port of more of the codebase; fix: memory and general mount bugs (#122) 
This commit merges the PR that both ports common, ptracer and include (SoList) to C, and also fixes memory bugs and mount bugs.
 2025-04-22 23:58:34 -03:00
ThePedroo
61ece7ee4f remove: ccache from workflows 
This commit removes ccache since it doesn't provide any benefit in workflows, and makes them slower.
 2025-04-21 20:04:16 -03:00
ThePedroo
7046c1d9c1 fix: merge conflicts 
This commit fixes merge conflicts while merging to main.
 2025-04-21 19:50:50 -03:00
ThePedroo
bd5eb4c795 fix: unexpected /data/adb umount before loading modules 
This commit fixes the issue where ReZygisk would change the mount namespace (mns) before the modules were loaded, thus failing, as "/data/adb/modules" wouldn't be mounted.
 2025-04-21 19:37:09 -03:00
ThePedroo
8949561ac8 fix: logging tag for ptracer, out-of-bounds access in allowed_fds 
This commit fixes the logging tag for ptracer command-line tool, which would show as "zygisk-core64", the one from libzygisk, and an out-of-bounds access in "allowed_fds" array, which then the readdir returned the "." and "..", the "parse_int" would return -1, and would try to access it in "allowed_fds" without checking if it is negative, or bigger, first.
 2025-04-21 15:46:28 -03:00
ThePedroo
bb8e860e3e improve: match libzygisk.so daemon action name with ReZygiskd's 
This commit makes the action name for updating mnt in ReZygiskd side to match libzygisk name one.
 2025-04-21 15:41:48 -03:00
GhostFRR
221b4fc997 add: French README.md translations (#129) 
This commit adds the translations for French of the "README.md" file.

Signed-off-by: GhostFRR <ghost.game.fr@gmail.com>
 2025-04-17 14:07:37 -03:00
Md Arif
622e23e7ec fix: wrong JNI function signature for GrapheneOS (#99) 
This commit fixes the wrong signature for JNI functions of GrapheneOS's Zygote, leading to it not working on GrapheneOS.
 2025-04-17 12:46:09 -03:00
ThePedroo
032cd68916 improve: magisk binary check code 
This commit improves and simplifies the code that checks in which path the "magisk" binary is by using loops instead of hardcoded "if"s.
 2025-04-16 02:15:52 -03:00
ThePedroo
8f70a1a451 remove: unused mazoku file 
This commit removes the "mazoku" file, which is only used by Zygisk Next/Shamiko for module integrity and signing, and is not used in ReZygisk.
 2025-04-16 02:12:34 -03:00
ThePedroo
db24c1c439 improve: not umount modules /system mounts 
This commit creates a new behavior in ReZygisk umounting system where it now ignores "/system/..." mounts, as umounting them generally leads to unbootable system.
 2025-04-16 02:06:21 -03:00
ThePedroo
b94ea0c5f5 improve: port ptracer to C 
This commit ports the C++ to C99 from zygisk-ptracer code, allowing a ~3x size reduce in its binary.
 2025-04-16 02:02:26 -03:00
ThePedroo
1a3f497e1a improve: port common code to C 
This commit ports even more C++ code to C99, now, the codes available in the "common" folder.
 2025-04-14 00:54:24 -03:00
Breathleas
c37a5b1c8e fix: missing status32 exit check (#128) 
This commit fixes the issue where 32-bit daemon wouldn't be checked for exits, as the macro hardcoded "status64".

Signed-off-by: Breathleas <39123978+Breathleas@users.noreply.github.com>
Co-authored-by: anyusec <145352653+anyusec@users.noreply.github.com>
Co-authored-by: Pedro.js <pedroolimpioguerra@gmail.com>
 2025-04-13 19:12:08 -03:00
Stillhard
2d80ce6935 fix: SELinux rules (#130) 
This commit allows Zygote to access files in /data/adb, so that it can load the Zygisk modules.

Signed-off-by: Stillhard <indofreeserver@yahoo.co.id>
 2025-04-12 23:54:35 -03:00
ThePedroo
5b3d9c75fd remove: open file helpers 
This commit remove the `open_...` and `xopen_...` helpers, making the code simpler and more direct.
 2025-04-12 23:26:17 -03:00
ThePedroo
4625587ea9 improve: ELF utils and SoList code 
This commit improves the code related to ELF and SoList, porting them to C.
 2025-04-08 16:26:19 -03:00
ThePedroo
52885faf8b remove: dl.cpp file and replace with "dlopen" 
This commit replaces DlopenMem for dlopen, removing the need for "dl.cpp" file.
 2025-04-05 15:52:47 -03:00
Pedro.js
886e2f8396 improve: mounting system, compatibility; remove: logging on release (#111) 
This commit adds numerous improvements to the state of hidden'ility of ReZygisk, and also for compatibility. Recommended to check #111 for more information.
 2025-03-29 12:17:57 -03:00
Reveny
9aafc279d5 improve: use all threads for compiling (#118) 
This commit speeds up the build process by almost 50% when building with github actions by using all system threads to compile ReZygisk.
 2025-03-23 15:11:33 -03:00
Reveny
92e2f528a9 add: Android 9 support (#117) 
This commit makes ReZygisk load Zygisk libraries directly, not utilizing memfd, as it doesn't exist in older versions of Android.
 2025-03-22 19:12:24 -03:00
Berk Mirsat
bc6cf67c7b add: Turkish README.md (#114) 
This commit adds README translations for Turkey's launguage.
 2025-01-27 08:40:28 -03:00
Pedro.js
cfd4a92b31 add: Brazilian Portuguese README.md (#112) 
This commit adds the language from Brazil to the list of available translations of README.md file
 2025-01-11 07:05:52 -03:00
Arisu: Rain
3bc3b478ff add: vietnamese README (#110) 
This commit adds Vietnam language README to the repository.
 2025-01-11 06:37:28 -03:00
Lucky Kiddos
e56cc85948 add: Indonesian README.md (#108) 
This commit adds Indonesian translation for README.

Signed-off-by: Lucky Kiddos <95188840+GuitarHeroStyles@users.noreply.github.com>
 2025-01-11 06:37:27 -03:00
ThePedroo
d8034b7bde add: Magisk Kitsune SuList support 
This commit adds support for the Kitsune SuList, a denylist in whitelist mode.
 2025-01-11 06:37:26 -03:00
Pedro.js
3605857d84 improve: companion handler fd closing; fix: PIPE signal handling (#103) 
This commit improves how we decide to close the fd that connects the injected module with the companion, avoiding both double close and fd leaks.
 2025-01-11 06:37:25 -03:00
ThePedroo
b0a296fc29 add: support for magic mount in KSU and APatch 
This commit allows ReZygisk to u(n)mount mounted paths in KSU and APatch environments using magic mount.
 2025-01-11 06:37:24 -03:00
ThePedroo
7a892e0d62 improve: companion.c, dl.c and utils.c code 
This commit improves the code for multiple files by making "read_string" function already make the string NULL-terminated, avoiding code duplication. Also for "companion.c" fixes an "if" where it would read "client_fd" and check if "fd" is equal to "-1", instead of "client_fd", also does some overall code improvements there like detaching the thread, avoiding memory leaks in the exit, of the thread itself.
 2025-01-11 06:37:22 -03:00
ThePedroo
6b0b71a690 fix: Zygiskd remote read types 
This commit fixes the mismatch between types sent by lizygisk.so and read by Zygiskd, causing issues.
 2025-01-11 06:37:21 -03:00
ThePedroo
95073d9f4a fix: checking malloc against non NULL not NULL 
This commit fixes an issue where one of the "malloc", a libc function to allocate dynamic memory, "if"s were checking its return against non-NULL instead of NULL, making it seem to have failed when it didn't.
 2024-12-18 13:07:06 -03:00
Pedro.js
4b7618ddf9 merge: Clean up injection traces of ReZygisk (#101) 
This merge commit merges the Pull Request by JingMatrix that cleans up the rest of detection points of ReZygisk in non-KSU environments.
 2024-12-18 03:26:41 -03:00
JingMatrix
0671f2e497 improve: reset linker module counters 
Two counters for module loading and unloading are introduced in the commit a2e83ab348. To remove linker traces of libzygisk.so and Zygisk modules, we should reset them properly.
 2024-12-18 07:21:03 +01:00
JingMatrix
5e072bd919 improve: cache scanned virtual maps 
Reading the file `/proc/self/maps` is detectable by the target process.
Hence, we should cache scanned virtual maps after `libart.so` is loaded for later plt hooks in the target process.
 2024-12-18 07:21:03 +01:00
JingMatrix
2814aaf67f remove: unnecessary memory mapping renaming 
Note that it is impossible to hide injecting trace of virtual memory maps from the hooked target process.
ReZygisk will only focus on removing its trace for approcess that are not hooked by modules.
 2024-12-18 07:19:41 +01:00
JingMatrix
b7138d6353 add: drop soinfo for libzygisk.so 
1. fix typo vsdo -> vdso and allow this symbol to be not found, which is the case for the 32bit linkers on some devices
2. use soinfo_free to fully remove the soinfo record of libzygisk.so
3. set `soinfo.size = 0` to avoid the library being unmapped while removing its soinfo record
4. add more debug logs for troubleshooting
 2024-12-15 16:28:49 +01:00
JingMatrix
5e43e4a71b improve: hook pthread_attr_setstacksize 
Relying on dlclose to unload libzygisk.so will block us to clean its trace in the solist.
This commit allows us to unmap libzygisk.so without using dlclose.
To call munmap, we use the function pthread_attr_setstacksize instead of pthread_attr_destroy, so that tail-call can still be applied here since it has the same signature as munmap.
 2024-12-15 16:25:06 +01:00
ThePedroo
8fb5d9197a fix: magisk file detection 
This commit fixes the detection for the "magisk" file which can be in 2 different folders, with 3 possible different names.
 2024-12-13 13:56:27 -03:00
Md Arif
060a1f3cf9 add: GrapheneOS support (#53) 
This commit adds support for devices that run GrapheneOS by hooking on JNI methods they renamed.

Signed-off-by: Md Arif <111168803+sabamdarif@users.noreply.github.com>
 2024-12-07 19:03:22 +00:00
Pedro.js
6cb8f305bc merge: Improve SoList hiding (#95, #96) 
This commit merges the pull request by JingMatrix that includes improvements for clangd users, fixes for devices which have llvm suffix in SoList related symbols, and improved hiding related to the SoList.
 2024-12-05 20:07:50 -03:00
JingMatrix
6c41a8188d improve: drop soinfo records of loaded modules 
In Bionic linker, the `soinfo` structure has a field `next`, which points to the next loaded library in a linked list consisting of all loaded libraries.
Hence, an injected process can easily find all loaded libraries.
Previously in ReZygisk, module library records are hidden by setting the `pathname` field to be empty, which is futile but easier to detect.
Current idea of dropping record can be found in the following commit:
5d635e8c66
 2024-12-06 00:02:29 +01:00
JingMatrix
3d79939d7b fix: linker64 static symbols lookup with suffix 
On Android 15+ in some devices, the symbol names of some static variables such as `solist`, has a `llvm` suffix in its exported name.
Current commit handles this case and close #63 as fixed.
 2024-12-06 00:02:26 +01:00
JingMatrix
9bcbec91aa improve: turn on CMAKE_EXPORT_COMPILE_COMMANDS 
To make `clangd` work properly, one needs to make symbolic links
```
ln -sf $PWD/loader/build/tools/debug/arm64-v8a/compile_commands.json loader/build
```
 2024-11-26 18:10:31 +01:00
JingMatrix
d498a9ab01 fix: trigger Zygisk modules service.sh in parallel (#91) 
This commit fixes 2 issues:
- service.sh of files were not being executed in parallel, a behavior described in: https://github.com/topjohnwu/Magisk/blob/master/docs/guides.md#boot-scripts . This was fixed by using "&" in the end of the command to execute the module's service.sh, telling the shell to not block.
- Gradle wrapper used in ReZygisk was old, causing failing CIs.

It also updates the NDK version to ensure we'll be operating smoothly.
 2024-11-24 15:18:50 -03:00
Fyphen
b5b5c2f9d8 add: ja_JP README (#88) 
* Create README_ja-JP.md

Signed-off-by: Fyphen <fyphensub@gmail.com>

* Update README_ja-JP.md

Signed-off-by: Fyphen <fyphensub@gmail.com>

---------

Signed-off-by: Fyphen <fyphensub@gmail.com>
 2024-11-23 20:39:46 +07:00
何意挽秋風
5d9276e9e0 add: README_zh-TW.md translation (#84) 
This commit adds Traditional Chinese translation for README.

Signed-off-by: 何意挽秋風 <94283631+RejectVanity@users.noreply.github.com>
 2024-11-16 13:32:22 -03:00
Keeperorowner
7da7b8bd07 improve: Simplified Chinese README translation (#80) 
This commit improves translations in the Simplified Chinese README.

Signed-off-by: Keeperorowner <qingfong0731@outlook.com>
 2024-11-14 19:16:23 -03:00
ThePedroo
f4af759aab fix: free in garbage data pointer; fix: Zygiskd wrong message length 
This commit fixes the issue where "free" would be executed in a pointer which has garbage data, leading to crashes. This was fixed by setting to NULL, so that it's clean.
It also fixes the issue where Zygiskd messages for "DAEMON_SET_INFO" would not count the NULL-terminator, causing crashes.
 2024-11-12 20:38:28 -03:00
SheepChef
21325ec409 fix: WebUI branch URL in READMEs (#77) 
This commit fixes the URL of the new WebUI branch in the READMEs.

Signed-off-by: SheepChef <50871867+SheepChef@users.noreply.github.com>
 2024-11-12 14:47:08 -03:00
echo
0e9307bfd6 remove: Rust dependencies information from README.md (#74) 
This commit removes information about Rust dependencies used in previous Zygiskd from "README.md" file.
 2024-11-12 13:34:03 -03:00
何意挽秋風
47566a81af update: project licensing state in Chinese README (#71) 
This commit updates the state of the license of the project, which is now AGPL-3.

Signed-off-by: 何意挽秋風 <94283631+RejectVanity@users.noreply.github.com>
 2024-11-11 10:52:51 -03:00
ThePedroo
f35680837e remove: non-working info in zygisk-ptraceXX info response 
This commit removes information given in the response of info command of "zygisk-ptrace64" or "zygisk-ptrace32" that leads to failing builds, as it is not exported from monitor.cpp.
 2024-11-10 23:28:33 -03:00
ThePedroo
b1d118d120 fix: missing pid and running in zygote_info structure 
This commit fixes the issue where the commit that added "pid" (pid_t) and "running" (bool) members to the "zygote_info" structure, a structure that stores the response given by Zygiskd about its state, wasn't added, leading to failing buildings.
 2024-11-10 23:19:21 -03:00
ThePedroo
97af7fe2da merge: add/zygiskd-c99 branch 
This commit merges the Zygiskd C99 branch, which not only adds the re-written Zygisk daemon, but also implement fixes in the ptrace command.
 2024-11-10 23:14:05 -03:00
ThePedroo
519d1db6a0 fix: space indentation in macros 
This commit fixes the space indentation done in the "ASSURE_*" macros.
 2024-11-10 23:11:50 -03:00
ThePedroo
ba7d044611 fix: additional new line in some logs 
This commit fixes the issue where some loggings would add an additional new line.
 2024-11-10 23:11:49 -03:00
ThePedroo
2c74ee3877 improve: module.prop parsing code; fix: deferecing a NULL pointer 
This commit both improves the code that parses "module.prop" file of ReZygisk, reducing its complexity greatly and also making it smaller, and also fixes an issue where ReZygisk would deference a NULL pointer, leading to crashes in Zygiskd crash.
 2024-11-10 23:11:46 -03:00
ThePedroo
66e98cf007 fix: possible out-of-bounds write; remove: unnecessary logging 
This commit both fixes a possible out-of-bounds write by using "snprintf" over "sprintf" and also removes a unnecessary logging which was meant to be removed commits ago.
 2024-11-10 23:09:51 -03:00
ThePedroo
47d46e305c fix: fd leak and out-of-bounds access in exec_command 
This commit fixes both fd leak and out-of-bounds access in the "exec_command" function, which can happen when execution of the command fails, leading to crashes on Magisk-rooted devices, and possibly APatch-rooted devices too.
 2024-11-10 23:09:50 -03:00
ThePedroo
8892eca4a7 fix: wrong longest root implementation name macro value 
This commit fixes the value of the macro that defines the size of the longest root implementation name, leading to Zygiskd crashes on Magisk Official.
 2024-11-10 23:09:49 -03:00
ThePedroo
a6124a6a5e improve: Zygiskd Magisk code 
This commit improves the Zygiskd Magisk code by avoiding redundant code and reducing complexity.
 2024-11-10 23:09:47 -03:00
ThePedroo
3265bcb581 fix: module name in Zygiskd log 
This commit fixes the module name in Zygiskd log which would only show a letter.
 2024-11-10 23:09:46 -03:00
ThePedroo
c4ab77ed9e fix: memory leak and use-after-free in APatch Zygiskd code 
This commit fixes a memory leak and a user-after-free vulnerability in APatch code of Zygiskd.
 2024-11-10 23:09:45 -03:00
ThePedroo
135ebbb9ba add: Magisk variant status; improve: KSU detection 
This commit adds the Magisk variant to module description, and also improves KernelSU detection by requiring the userspace part of it to be installed, AKA "ksud".
 2024-11-10 23:09:44 -03:00
ThePedroo
380ef011a1 improve: status description spacing 
This commit improves the spacing of the module status description.
 2024-11-10 23:09:42 -03:00
ThePedroo
e0d0bd0d76 fix: Zygiskd C99 not properly detecting Magisk DenyList 
This commit fixes the Magisk part of Zygiskd C99 which used to mark all apps as outside DenyList.
 2024-11-10 23:09:41 -03:00
ThePedroo
e23d1a53d0 remove: debug log 
This commit removes logging used in development, which is not needed anymore.
 2024-11-10 23:09:39 -03:00
ThePedroo
182c0293ca fix: compiling errors 
This commit fixes compiling errors from missing declaration of variables and missing macros.
 2024-11-10 23:09:38 -03:00
ThePedroo
ab7de49e4c improve: code robustness 
This commit improves the robustness of the code by removing debug logs, fixing a memory leak, and adding missing error handling.
 2024-11-10 23:09:36 -03:00
ThePedroo
980bf2ab4c improve: Zygiskd build.gradle.kts 
This commit improves Zygisk's build gradle file by avoiding the repetition of compiler flags.
 2024-11-10 23:09:35 -03:00
ThePedroo
0352d9378b fix: few UBs; fix: missing error handler for malloc 
This commit fixes some few UBs (Undefined Behaviors) based on numerous sanitizers, and also adds the missing error handling for a "malloc" call.
 2024-11-10 23:09:33 -03:00
ThePedroo
e11db94002 remove: logging to zygiskd.log file 
This commit removes the logging made to the zygiskd.log file.
 2024-11-10 23:09:32 -03:00
ThePedroo
d4ce0916f6 update: Zygiskd C99 LICENSE 
This commit updates the LICENSE for Zygiskd C99, using a LICENSE that doesn't allow the code to be used for closed source projects, and with more restrictions while allowing other people to fork, modify as much as wanted as long as it remains open source.
 2024-11-10 23:09:31 -03:00
ThePedroo
6ca4b72762 improve: zygisk-ptrace speed by modifying compiler flags 
This commit improves the "zygisk-ptrace" command speed by changing the compiler flags to use more brutal optimizations.
 2024-11-10 23:08:41 -03:00
ThePedroo
b252056ca0 fix: zygiskd building NDK version selection 
This commit fixes the code that selects which NDK to use.
 2024-11-10 23:08:40 -03:00
ThePedroo
6cc01fb548 improve: zygisk-ptrace's event parsing 
This commit improves ptrace's event parsing by converting more C++ code to C.
 2024-11-10 23:08:39 -03:00
ThePedroo
e31f9b3d85 remove: unused Zygiskd Makefile 
This commit removes the unused Zygiskd Makefile, superseeded by CMake file.
 2024-11-10 23:08:37 -03:00
ThePedroo
4d267aa719 fix: sending 32-bit int instead of 8-bit; fix: fd leak 
This commit fixes the issue where a 32-bit (int) number was sent instead of a 8-bit (uint8_t) number. Also fixes a fd leak when connecting to the companion.
 2024-11-10 23:08:36 -03:00
ThePedroo
7a6ca482f0 fix: close client in RequestLogcatFd; fix: not closing client in error cases 
This commit fixes the case where Zygiskd would close the client in "RequestLogcatFd" action, and also fixes the leak of closes for client when handling errors.
 2024-11-10 23:08:35 -03:00
ThePedroo
b392730366 improve: APatch detection; fix: Magisk detection and Magisk manager detection; fix: fd leak 
This commit both improves the APatch detection, making it more stricter, and fixes Magisk detection, together with its manager detection, allowing it to successfully boot. Also fixes a fd leak which makes it better at a long run.
 2024-11-10 23:08:34 -03:00
ThePedroo
05ae6941ba fix: Zygiskd APatch code 
This commit fixes the code that handles APatch based devices to allow them to boot successfully with ReZygisk.
 2024-11-10 23:08:32 -03:00
ThePedroo
c2abef8826 fix: zygiskd companion, companion responses, write fd function and early client close 
This commit fixes numerous issues in zygiskd code: The zygiskd companion code not loading the right entry, the companion not sending the correct responses, the write fd function not working properly and early client close when connecting to the companion.
 2024-11-10 23:08:30 -03:00
ThePedroo
a549f0e5ae add: Magisk support; fix: (some) zygiskd code issues 
This commit adds Magisk support to Zygiskd C99, and also fixes some code issues of it.
 2024-11-10 23:05:37 -03:00
ThePedroo
c1e45e9af6 add: zygiskd C99 APatch support 
This commit adds support for zygiskd C99 to recognize APatch rooted devices.
 2024-11-10 23:05:36 -03:00
ThePedroo
19d2a1758e fix: segmentation fault in write 
This commit fixes the segmentation fault when trying to write to /proc/.../sockcreate.
 2024-11-10 23:05:35 -03:00
ThePedroo
2ab6542a9a fix: zygiskd building 
This commit fixes the building of zygiskd.
 2024-11-10 23:05:34 -03:00
ThePedroo
c981907f36 fix: using fgets in a file descriptor 
This commit fixes the use of fgets in a file descriptor, which would make it easier to use fopen instead of using fdopen.
 2024-11-10 23:05:33 -03:00
ThePedroo
b1e217b665 improve: compiler calling code 
This commit improves the code that calls the compiler to compile zygiskd.
 2024-11-10 23:05:32 -03:00
ThePedroo
c852a2c146 fix: not properly switching mount ns 
This commit corrects mount namespace code.
 2024-11-10 23:05:31 -03:00
ThePedroo
37a667ce2a improve: compilation commands 
This commit improves the compilation commands resulting in even better sized releases.
 2024-11-10 23:05:30 -03:00
ThePedroo
41e83aec52 remove: Rust from CI 
This commit removes the setup of Rust in the CI.
 2024-11-10 23:05:29 -03:00
ThePedroo
7d29fd821f fix: zygiskd c99 building process 
This commit fixes building process of new zygiskd.
 2024-11-10 23:05:28 -03:00
ThePedroo
42a5ab989f add: base for CMake building (non-working) 
This commit will have a rebase soon.
 2024-11-10 23:05:25 -03:00
ThePedroo
5d0adacf4a improve: code readability; fix: not properly starting up companions 
This commit both improves the code readability and also fixes a bug that wouln't start companions properly.
 2024-11-10 23:03:27 -03:00
ThePedroo
da68db8a9a add: base for C99 zygiskd 
This commit adds the first base for C99 zygiskd, that is not fully working or code-ready.
 2024-11-10 23:03:26 -03:00
ThePedroo
5635c9f7c5 add: Zygiskd C99 re-write 
This commit re-writes Zygiskd to be C99.
 2024-11-10 23:03:25 -03:00
ThePedroo
3d2125d6c0 improve: ReZygisk status saving 
This commit improves how ReZygisk saves its status.
 2024-11-10 23:01:54 -03:00
ThePedroo
6187f34837 fix: code spacing 
This commit fixes a minor spacing issue in the code.
 2024-11-10 23:01:52 -03:00
SheepChef
7027e8147f add: Chinese README (#68) 
This commit adds Chinese translation for the "README.md" file.

Signed-off-by: SheepChef <50871867+SheepChef@users.noreply.github.com>
 2024-11-02 11:05:43 -03:00
WinCS
f1ba34fd29 improve: README.md grammar and information (#37) 
This commit improves "README.md" grammar and adds more information to it.

Signed-off-by: WinCS <94188592+Meltartica@users.noreply.github.com>
 2024-08-16 19:17:39 -03:00
ThePedroo
763e94b9b6 fix: Magisk app marking Zygisk as disabled 
This commit fixes the regression added (by me) that doesn't set "ZYGISK_ENABLED" environment variable, making it mark Zygisk as disabled.
 2024-08-15 00:38:25 -03:00
ThePedroo
75a004f9d5 add: additional information to ptrace command 
This commit adds more information to the ptrace command to allow better integration with external features.
 2024-08-10 13:43:14 -03:00
Pedro.js
88f1b7fdb9 fix: permission loophole 
This commit tights the permissions for `tmpfs`, removing the permission loophole.

Signed-off-by: Pedro.js <pedroolimpioguerra@gmail.com>
 2024-08-05 12:40:50 -03:00
ThePedroo
fedf7f1c40 remove: duplicated logs 
This commit removes duplication of logs in ptrace binaries.
 2024-07-25 03:13:15 -03:00
ThePedroo
d53e2af6a7 fix: memory leak in dlerror error log 
This commit fixes an memory leak when ReZygisk logs errors for "dlerror".
 2024-07-25 03:10:39 -03:00
Emmanuel Lobo
954c3a9cc5 update: GH Actions (#32) 
This commit updates GH(GitHub) Actions to its latest possible major Versions to avoid [warning or deprecation of them](https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/), Updated ones Are:

`@actions/checkout`
`@actions/setup-java`
`@gradle/gradle-build-action -> @gradle/actions/setup-gradle (was delegated/replaced)`
`@actions/upload-artifact`

Signed-off-by: Emmanuel Lobo <76094069+UnschooledGamer@users.noreply.github.com>
 2024-07-14 14:01:12 -03:00
Captain Throwback
f1fe6b4435 add: support for APatch reset su path (#26) 
This commit allows proper root detection when using multiple root solutions.

Co-authored-by: Admire <43035036+Admirepowered@users.noreply.github.com>
 2024-07-13 15:43:24 -03:00
Captain Throwback
4b7178f1ea improve: genericize partition variable name (#25) 
Since we use the same partition list for both KSU and AP,
make the vector name more generic.

Also rename the loop variable in ap function from ksu to ap
for consistency
 2024-07-13 15:42:55 -03:00
Pedro.js
22e09d41bc fix: PerformanC telegram chat URL 
This commit fixes the URL for PerformanC telegram chat and channel.

Signed-off-by: Pedro.js <pedroolimpioguerra@gmail.com>
 2024-07-02 13:11:25 -03:00
ThePedroo
1f6f45d9ce fix: GitHub issue and FR templates 
This commit fixes the templates of the repository to follow the standard and not have duplicated templates.
 2024-07-01 20:48:38 -03:00
ThePedroo
4873560420 add: Telegram chat URLs 
This commit adds the URLs for the Telegrams channels of the org and ReZygisk.
 2024-07-01 20:31:29 -03:00
ThePedroo
f68385be5d fix: ReZygisk break after first boot 
This commit fixes the issue where ReZygisk would break after rebooting after first boot after flash.
 2024-07-01 00:48:39 -03:00
ThePedroo
7399ae417d fix: Apatch -> APatch 
This commit fixes the name of APatch in "build.gradle.kts" and "customize.sh" files.
 2024-06-30 23:22:40 -03:00
ThePedroo
c9c15bf120 update: LSPlt 
This commit updates LSPlt submodule.
 2024-06-30 23:05:39 -03:00
ThePedroo
1a82399e86 improve: hiding 
This commit improves hiding by moving monitor related files to /data/adb/rezygisk, where it's not accessable without root.
 2024-06-30 23:04:45 -03:00
ThePedroo
df0f2ce5a2 update: LSPlt 
This commit updates the LSPlt submodule.
 2024-06-30 19:27:32 -03:00
ThePedroo
3451057d17 add: ignore modules in manager process 
This commit adds the code to ignore running modules in the manager process.
 2024-06-30 19:26:55 -03:00
ThePedroo
80c873c8a4 improve: TMP_PATH related code 
This commit improves the code that decides which path will be for "TMP_PATH" variable.
 2024-06-30 19:25:52 -03:00
ThePedroo
5da73dd053 fix: not umounting properly module.prop 
This commit fixes the issue where module.prop wouldn't be umounted properly.
 2024-06-30 19:25:24 -03:00
ThePedroo
c2cb29b717 fix: APatch missing in GetInfo daemon action 
This commit fixes the missing APatch root implementation detection in "GetInfo" daemon action, causing it to return none.
 2024-06-29 08:49:23 -03:00
ThePedroo
2be1ccc48e fix: README.md word 
This commit fixes a word in README.md file.
 2024-06-27 22:34:36 -03:00
ThePedroo
af23710782 update: module.prop information 
This commit updates information in module.prop.
 2024-06-26 19:52:50 -03:00
ThePedroo
51507e8627 update: README.md with more info 
This commit updates the README.md to contain more info about the existence of the project and Rust libraries used.
 2024-06-26 19:43:38 -03:00
Pedro.js
af96b85a91 add: maps hiding (#13) 
This commit adds maps hiding. This commit is taken from Reveny's PR, for more information, see #9.

solves #9
 2024-06-26 19:38:34 -03:00
Pedro.js
4aa8b2f828 fix: description changer (#11) 
This commit fixes the code that changes the description of the module.

fixes #10
 2024-06-24 20:33:08 -03:00
rainy w/rain
7d83bb311a update: project name from issue template 
This commit will replace the old project name from issue template to ReZygisk

Signed-off-by: rainy w/rain <minh15052008@gmail.com>
 2024-06-23 23:59:17 +07:00
ThePedroo
2017140e0e update: AppSpecializeArgs 
This commit updates the AppSpecializeArgs to match newest one.
 2024-06-22 23:19:37 -03:00
Matt
2047bdb1bf add: APatch support (#4) 
This commit adds support for APatch.
 2024-06-22 23:13:29 -03:00
Pedro.js
678d886343 improve: CLI and code (#3) 
This commit improves the CLI of ReZygisk, allowing the use of important information like PID of the daemons. Also improves the code of the loaders ptracer.
 2024-06-20 22:53:13 -03:00
ThePedroo
39788a9ec2 improve: README.md to be more informative 
This commit improves the README.md file with more informations and proper use of words.
 2024-06-20 20:18:51 -03:00
ThePedroo
19952e6d03 remove: telegram script for releases 
This commit removes the telegram script that sends a message in a telegram repository every release.
 2024-06-20 19:59:13 -03:00
rainy w/rain
0987e401da add: issue, FR and PR template (#2) 
This commit adds the templates for issues, feature requests and pull requests.

Signed-off-by: rainy w/rain <minh15052008@gmail.com>
 2024-06-20 19:59:00 -03:00
ThePedroo
446b475333 improve: README.md 
This commit improves the README.md file by adding dependencies information.
 2024-06-18 17:21:13 -03:00
rainy w/rain
a22c40d618 add: note about project state 
Signed-off-by: rainy w/rain <minh15052008@gmail.com>
 2024-06-18 17:19:50 -03:00
ThePedroo
47f230d0c2 update: workflows 
This commit updates the workflows for the repository.
 2024-06-16 21:24:27 -03:00
ThePedroo
d0da6efd79 update: some loader/ code to C 
This commit changes some code from "loader" folder to use C keywords and not C++ only keywords.
 2024-06-16 21:13:44 -03:00
ThePedroo
c50d89e28e update: Zygisk Next -> ReZygisk 
This commit changes the name of the project to not be the same as the original one, Zygisk Next.
 2024-06-16 15:32:24 -03:00
ThePedroo
b7adea736a fix: compiling with modern Rust 
This commit fixes compiling errors with modern Rust.
 2024-06-16 15:27:05 -03:00
ThePedroo
41414c7d71 improve: README 
This commit improves the README of the project.
 2024-06-16 15:26:41 -03:00
Ylarod
338d306501 update for version too old issue (#85) 2024-01-06 21:27:39 +08:00
5ec1cff
7979cb4b25 suppress stopping signal properly 2024-01-06 15:54:37 +08:00
5ec1cff
505e5dc4ba fix typo 2024-01-06 10:02:29 +08:00
5ec1cff
420e93f8ed fix install magisk module task 2024-01-06 09:57:34 +08:00
5ec1cff
eee424f11c make ksud more understandable 2024-01-06 09:57:31 +08:00
107 changed files with 8377 additions and 4301 deletions
Expand all files Collapse all files

73
.github/ISSUE_TEMPLATE/bug_report.yml vendored
View File

@@ -1,73 +0,0 @@
name: Bug report/反馈 Bug
description: Report errors or unexpected behavior./反馈错误或异常行为。
labels: [bug]
title: "[Bug] Short description/简单描述"
body:
- type: markdown
attributes:
value: |
Thanks for reporting issues for Zygisk Next!
To make it easier for us to help you please enter detailed information below.
Note: We will **NEVER** handle any issue related to root detection or writable system.
感谢给 Zygisk Next 汇报问题!
为了使我们更好地帮助你,请提供以下信息。
为了防止重复汇报,标题请务必使用英文。
请注意:我们**不会**处理任何有关 root 检测和 system 分区可写相关的问题。
- type: textarea
attributes:
label: Steps to reproduce/复现步骤
placeholder: |
1.
2.
3.
validations:
required: true
- type: textarea
attributes:
label: Expected behaviour/预期行为
placeholder: Tell us what should happen/正常情况下应该发生什么
validations:
required: true
- type: textarea
attributes:
label: Actual behaviour/实际行为
placeholder: Tell us what happens instead/实际上发生了什么
validations:
required: true
- type: textarea
attributes:
label: KernelSU Module List/KernelSU 模块列表
render: Shell
validations:
required: true
- type: input
attributes:
label: Zygisk Next version/Zygisk Next 版本
description: Don't use 'latest'. Specify actual version, otherwise your issue will be closed./不要填用“最新版”。给出具体版本号,不然 issue 会被关闭。
validations:
required: true
- type: input
attributes:
label: Android version/Android 版本
validations:
required: true
- type: input
attributes:
label: KernelSU version/KernelSU 版本
validations:
required: true
- type: checkboxes
id: latest
attributes:
label: Version requirement/版本要求
options:
- label: I am using latest debug CI version of Zygisk Next and enable verbose log/我正在使用最新 CI 调试版本 Zygisk Next 且启用详细日志
required: true
- type: textarea
attributes:
label: Logs/日志
description: For usage issues, please provide the log zip saved from KernelSU manager; for activation issues, please provide [bugreport](https://developer.android.com/studio/debug/bug-report). Without logs zip, the issue will be closed. /使用问题请提供从 KernelSU 管理器保存的日志压缩包;激活问题请提供 [bugreport](https://developer.android.google.cn/studio/debug/bug-report?hl=zh-cn) 日志。没有日志附件的问题会被关闭。
placeholder: Upload logs zip by clicking the bar on the bottom. Upload logs to other websites or using external links is prohibited. /点击文本框底栏上传日志压缩包,禁止上传到其它网站或使用外链提供日志。
validations:
required: true

29
.github/ISSUE_TEMPLATE/feature_request.yml vendored
View File

@@ -1,29 +0,0 @@
name: Feature request/新特性请求
description: Suggest an idea./提出建议
labels: [enhancement]
title: "[Feature Request] Short description/简单描述"
body:
- type: markdown
attributes:
value: |
Note: We will **NEVER** handle any issue related to root detection or writable system.
请注意:我们**不会**处理任何有关 root 检测和 system 分区可写相关的问题。
- type: textarea
attributes:
label: Is your feature request related to a problem?/你的请求是否与某个问题相关?
placeholder: A clear and concise description of what the problem is./请清晰准确表述该问题。
validations:
required: true
- type: textarea
attributes:
label: Describe the solution you'd like/描述你想要的解决方案
placeholder: A clear and concise description of what you want to happen./请清晰准确描述新特性的预期行为
validations:
required: true
- type: textarea
attributes:
label: Additional context/其他信息
placeholder: Add any other context or screenshots about the feature request here./其他关于新特性的信息或者截图
validations:
required: false

65
.github/ISSUE_TEMPLATE/issue_template.yml vendored Normal file
View File

@@ -0,0 +1,65 @@
name: Issue report
description: Report an issue
title: "[BUG]: "
labels: ["bug", "not confirmed"]
body:
- type: input
id: version
attributes:
label: Version
description: The version of the ReZygisk you're using.
validations:
required: true
- type: textarea
id: modules
attributes:
label: Modules
description: "The modules you're using following the format: moduleName by authorName version x.x.x"
validations:
required: true
- type: textarea
id: description
attributes:
label: Description
description: A clear and concise description of what the bug is.
validations:
required: true
- type: textarea
id: steps
attributes:
label: Steps to reproduce
description: Steps to reproduce the behavior.
validations:
required: true
- type: textarea
id: logs
attributes:
label: Logs
description: If applicable, add logs AS A FILE to help solve the issue. Most of the time it will be from logcat on boot.
validations:
required: false
- type: checkboxes
id: terms
attributes:
label: Confirmations
description: The following confirmations are required to open a bug report.
options:
- label: My environment meets the minimum requirements.
required: true
- label: I have verified that this is not a duplicate issue.
required: true
- type: checkboxes
id: code_of_conduct
attributes:
label: Code of Conduct
description: By submitting this issue, you agree to follow our [Code of Conduct](https://github.com/PerformanC/voice/blob/main/CODE_OF_CONDUCT.md)
options:
- label: I agree to follow this project's Code of Conduct
required: true

41
.github/ISSUE_TEMPLATE/pull_request.yml vendored Normal file
View File

@@ -0,0 +1,41 @@
name: Feature request
description: Ask for a new feature to be added
title: "[FR]: "
labels: ["enhancement", "not confirmed"]
body:
- type: textarea
id: description
attributes:
label: Description
description: A clear and concise description of what the feature is.
validations:
required: true
- type: textarea
id: reason
attributes:
label: Reason
description: Why should this feature be added?
validations:
required: true
- type: checkboxes
id: terms
attributes:
label: Confirmations
description: The following confirmations are required to open a feature request.
options:
- label: This feature is not already implemented.
required: true
- label: I have verified that this is not a duplicate feature request.
required: true
- type: checkboxes
id: code_of_conduct
attributes:
label: Code of Conduct
description: By submitting this issue, you agree to follow our [Code of Conduct](https://github.com/PerformanC/voice/blob/main/CODE_OF_CONDUCT.md)
options:
- label: I agree to follow this project's Code of Conduct
required: true

17
.github/PULL_REQUEST_TEMPLATE.md vendored Normal file
View File

@@ -0,0 +1,17 @@
## Changes
Write here about the changes you've made
## Why
Write here why you think this should be merged
## Checkmarks
- [ ] The modified functions have been tested.
- [ ] Used the same indentation as the rest of the project.
- [ ] Updated documentation (changelog).
## Additional information
If you have any additional information, write it here

25
.github/scripts/telegram_url.py vendored
View File

@@ -1,25 +0,0 @@
import json
import os
import urllib.parse
url = f'https://api.telegram.org/bot{os.environ["BOT_TOKEN"]}'
url += f'/sendMediaGroup?chat_id={urllib.parse.quote(os.environ["CHANNEL_ID"])}&media='
# https://core.telegram.org/bots/api#markdownv2-style
msg = os.environ["COMMIT_MESSAGE"]
for c in ['\\', '_', '*', '[', ']', '(', ')', '~', '`', '>', '#', '+', '-', '=', '|', '{', '}', '.', '!']:
msg = msg.replace(c, f'\\{c}')
commit_url = os.environ["COMMIT_URL"]
commit_id = os.environ["COMMIT_ID"][:7]
caption = f"[{commit_id}]({commit_url})\n{msg}"[:1024]
data = json.dumps([
{"type": "document", "media": "attach://Release"},
{"type": "document", "media":"attach://Debug"},
{"type": "document", "media": "attach://ReleaseSymbol"},
{"type": "document", "media": "attach://DebugSymbol","caption": caption,"parse_mode":"MarkdownV2"}
])
url += urllib.parse.quote(data)
print(url)

105
.github/workflows/ci.yml vendored
View File

@@ -1,81 +1,37 @@
name: CI
on:
workflow_dispatch:
inputs:
post_telegram:
description: 'Post to Telegram'
required: true
type: boolean
push:
branches: [ master ]
tags: [ v* ]
branches: [ main ]
pull_request:
merge_group:
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
env:
CCACHE_COMPILERCHECK: "%compiler% -dumpmachine; %compiler% -dumpversion"
CCACHE_NOHASHDIR: "true"
CCACHE_HARDLINK: "true"
CCACHE_BASEDIR: "${{ github.workspace }}"
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
submodules: "recursive"
fetch-depth: 0
- name: Write key
if: ${{ ( github.event_name != 'pull_request' && github.ref == 'refs/heads/master' ) || github.ref_type == 'tag' }}
run: |
if [ ! -z "${{ secrets.PRIVATE_KEY }}" ]; then
echo '${{ secrets.PUBLIC_KEY }}' | base64 --decode > module/public_key
echo '${{ secrets.PRIVATE_KEY }}' | base64 --decode > module/private_key
fi
- name: Setup Java
uses: actions/setup-java@v3
uses: actions/setup-java@v4
with:
distribution: "temurin"
java-version: "17"
- name: Setup Gradle
uses: gradle/gradle-build-action@v2
with:
gradle-home-cache-cleanup: true
- name: Setup rust-cache
uses: Swatinem/rust-cache@v2
with:
workspaces: zygiskd/src -> ../build/intermediates/rust
cache-targets: false
- name: Setup Rust
run: |
rustup override set nightly
rustup target add aarch64-linux-android
rustup target add x86_64-linux-android
rustup target add i686-linux-android
rustup target add armv7-linux-androideabi
- name: Set up ccache
uses: hendrikmuhs/ccache-action@v1.2
with:
max-size: 2G
key: ${{ runner.os }}
restore-keys: ${{ runner.os }}
save: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }}
uses: gradle/actions/setup-gradle@v4.2.1
- name: Build with Gradle
run: |
echo 'org.gradle.parallel=true' >> gradle.properties
echo 'org.gradle.vfs.watch=true' >> gradle.properties
echo 'org.gradle.jvmargs=-Xmx2048m' >> gradle.properties
echo 'android.native.buildOutput=verbose' >> gradle.properties
sed -i 's/org.gradle.unsafe.configuration-cache=true//g' gradle.properties
./gradlew zipRelease
./gradlew zipDebug
@@ -84,56 +40,19 @@ jobs:
if: success()
id: prepareArtifact
run: |
releaseName=`ls module/build/outputs/release/Zygisk-Next-v*-release.zip | awk -F '(/|.zip)' '{print $5}'` && echo "releaseName=$releaseName" >> $GITHUB_OUTPUT
debugName=`ls module/build/outputs/release/Zygisk-Next-v*-debug.zip | awk -F '(/|.zip)' '{print $5}'` && echo "debugName=$debugName" >> $GITHUB_OUTPUT
unzip module/build/outputs/release/Zygisk-Next-v*-release.zip -d zksu-release
unzip module/build/outputs/release/Zygisk-Next-v*-debug.zip -d zksu-debug
releaseSymbolName="SYMBOLS-$releaseName.zip"
debugSymbolName="SYMBOLS-$debugName.zip"
echo "releaseSymbolName=$releaseSymbolName" >> $GITHUB_OUTPUT
echo "debugSymbolName=$debugSymbolName" >> $GITHUB_OUTPUT
zip -r $releaseSymbolName zygiskd/build/symbols/release
zip -r $debugSymbolName zygiskd/build/symbols/debug
releaseName=`ls module/build/outputs/release/ReZygisk-v*-release.zip | awk -F '(/|.zip)' '{print $5}'` && echo "releaseName=$releaseName" >> $GITHUB_OUTPUT
debugName=`ls module/build/outputs/release/ReZygisk-v*-debug.zip | awk -F '(/|.zip)' '{print $5}'` && echo "debugName=$debugName" >> $GITHUB_OUTPUT
unzip module/build/outputs/release/ReZygisk-v*-release.zip -d zksu-release
unzip module/build/outputs/release/ReZygisk-v*-debug.zip -d zksu-debug
- name: Upload release
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: ${{ steps.prepareArtifact.outputs.releaseName }}
path: "./zksu-release/*"
- name: Upload debug
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: ${{ steps.prepareArtifact.outputs.debugName }}
path: "./zksu-debug/*"
- name: Upload release symbols
uses: actions/upload-artifact@v3
with:
name: ${{ steps.prepareArtifact.outputs.releaseName }}-symbols
path: "zygiskd/build/symbols/release"
- name: Upload debug symbols
uses: actions/upload-artifact@v3
with:
name: ${{ steps.prepareArtifact.outputs.debugName }}-symbols
path: "zygiskd/build/symbols/debug"
- name: Post to channel
if: ${{ success() && github.event_name != 'pull_request' && github.ref == 'refs/heads/master' && github.ref_type != 'tag' && inputs.post_telegram != 'false' }}
env:
CHANNEL_ID: ${{ secrets.CHANNEL_ID }}
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
COMMIT_URL: ${{ github.event.head_commit.url }}
COMMIT_ID: ${{ github.event.head_commit.id }}
run: |
if [ ! -z "${{ secrets.BOT_TOKEN }}" ]; then
OUTPUT="module/build/outputs/release"
export Release=$(find $OUTPUT -name "Zygisk-Next-v*-release.zip")
export Debug=$(find $OUTPUT -name "Zygisk-Next-v*-debug.zip")
export ReleaseSymbol="${{ steps.prepareArtifact.outputs.releaseSymbolName }}"
export DebugSymbol="${{ steps.prepareArtifact.outputs.debugSymbolName }}"
URL=$(python3 .github/scripts/telegram_url.py)
curl -v "$URL" -F Release="@$Release" -F Debug="@$Debug" -F ReleaseSymbol="@$ReleaseSymbol" -F DebugSymbol="@$DebugSymbol"
fi

23
.github/workflows/issue_moderator.yml vendored
View File

@@ -1,23 +0,0 @@
name: Issue moderator
on:
issues:
types: [opened, edited, reopened]
jobs:
autoclose:
runs-on: ubuntu-latest
steps:
- name: Check issue
uses: tachiyomiorg/issue-moderator-action@v1
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
auto-close-rules: |
[
{
"type": "title",
"regex": ".*(Short description|简单描述).*",
"message": "You did not fill out the description in the title/你没有填写标题"
}
]
auto-close-ignore-label: do-not-autoclose

1
.gitignore vendored
View File

@@ -1,6 +1,7 @@
.gradle
.idea
.cxx
.vscode
build
local.properties
Cargo.lock

2
.gitmodules vendored
View File

@@ -1,3 +1,3 @@
[submodule "loader/src/external/lsplt"]
path = loader/src/external/lsplt
url = https://github.com/LSPosed/lsplt
url = https://github.com/JingMatrix/LSPlt

65
README.md
View File

@@ -1,26 +1,61 @@
# Zygisk Next
# ReZygisk
Standalone implementation of Zygisk, providing Zygisk API support for KernelSU and a replacement of Magisk's built-in Zygisk.
[简体中文](/READMEs/README_zh-CN.md)|[繁體中文](/READMEs/README_zh-TW.md)|[Bahasa Indonesia](/READMEs/README_id-ID.md)|[Tiếng Việt](/READMEs/README_vi-VN.md)|[Português Brasileiro](/READMEs/README_pt-BR.md)|[Türkçe](/READMEs/README_tr-TR.md)|[French](/READMEs/README_fr-FR.md)
## Requirements
ReZygisk is a fork of Zygisk Next, a standalone implementation of Zygisk, providing Zygisk API support for KernelSU, Magisk (besides built-in), and APatch (Work In Progress).
### General
It aims to modernize and re-write the codebase to C (from C++ and Rust), allowing a more efficient and faster implementation of the Zygisk API with a more permissive license.
+ No multiple root implementation installed
> [!NOTE]
> This module/fork is WIP (Work In Progress); only use .zip from the Releases.
>
> Although you may install the .zip from the [Actions](https://github.com/PerformanC/ReZygisk/actions) page, it is only at your discretion to install it since your device might enter bootloop.
### KernelSU
## Why?
+ Minimal KernelSU version: 10940
+ Minimal ksud version: 11424
+ Kernel has full SELinux patch support
The latest releases of Zygisk Next are not open-source, reserving entirely the code for its developers. Not only does that limit our ability to contribute to the project, but also impossibilities the audit of the code, which is a major security concern, as Zygisk Next is a module that runs with superuser (root) privileges, having access to the entire system.
### Magisk
The Zygisk Next developers are famous and trusted in the Android community, however, this doesn't mean that the code is not malicious or vulnerable. We (PerformanC) understand they have their reasons to keep the code closed-source, but we believe the contrary.
+ Minimal version: 26402
+ Built-in Zygisk turned off
## Advantages
## Compatibility
- FOSS (Forever)
`PROCESS_ON_DENYLIST` cannot be flagged correctly for isolated processes on Magisk DenyList currently.
## Dependencies
Zygisk Next only guarantees the same behavior of Zygisk API, but will NOT ensure Magisk's internal features.
| Tool | Description |
|-----------------|----------------------------------------|
| `Android NDK` | Native Development Kit for Android |
### C++ Dependencies
| Dependency | Description |
|------------|-------------------------------|
| `lsplt` | Simple PLT Hook for Android |
## Usage
We're currently in the process of cooking. (Coming Soon)
## Installation
There are currently no available stable releases. (Coming Soon)
## Translation
As of now, we don't have integration with another platform for translations but you may contribute to the [add/new-webui](https://github.com/PerformanC/ReZygisk/tree/add/new-webui) branch. Please don't forget to include your GitHub profile in [TRANSLATOR.md](https://github.com/PerformanC/ReZygisk/blob/add/new-webui/TRANSLATOR.md) so that people can see your contribution.
## Support
For any question related to ReZygisk or other PerformanC projects, feel free to join any of the following channels below:
- Discord Channel: [PerformanC](https://discord.gg/uPveNfTuCJ)
- ReZygisk Telegram Channel: [@rezygiskchat](https://t.me/rezygiskchat)
- PerformanC Telegram Channel: [@performancorg](https://t.me/performancorg)
## Contribution
It is mandatory to follow PerformanC's [Contribution Guidelines](https://github.com/PerformanC/contributing) to contribute to ReZygisk. Following its Security Policy, Code of Conduct, and syntax standard.
## License
ReZygisk is licensed majoritaly under GPL, by Dr-TSNG, but also AGPL 3.0, by The PerformanC Organization, for re-written code. You can read more about it on [Open Source Initiative](https://opensource.org/licenses/AGPL-3.0).

61
READMEs/README_fr-FR.md Normal file
View File

@@ -0,0 +1,61 @@
# ReZygisk
[English](../README.md)
ReZygisk est un fork de Zygisk Next, une implémentation autonome de Zygisk. Il vise à fournir un support de l'API Zygisk pour KernelSU, Magisk (en plus de l'intégration existante), et pour Apatch (encore en cours de développement).
L'objectif est de moderniser et de réécrire la base du code, initialement en C, vers du C++ et du Rust. Cela permettra une meilleure efficacité et une implémentation plus rapide de l'API Zygisk, le tout sous une licence plus permissive.
> [!NOTE]
> Ce module/fork est en cours de développement ; n'utilisez que les fichiers .zip provenant des 'Releases'.
>
>Bien que vous puissiez installer les fichiers .zip provenant de la page [Actions](https://github.com/PerformanC/ReZygisk/actions), cela vous regarde et peut faire entrer votre téléphone en boucle de redémarrage (bootloop).
## Pourquoi ?
La dernière release de Zygisk Next n'est pas open source, le code est donc accessible uniquement à ses développeurs. Non seulement cela limite notre capacité à contribuer au projet, mais cela rend également impossible la vérification du code, ce qui constitue une préoccupation majeure en matière de sécurité. Zygisk Next est un module fonctionnant avec les permissions administrateur (root) et a donc accès à l'entièreté du système.
Les développeurs de Zygisk Next sont connus et reconnus dans la communauté Android. Toutefois, cela ne signifie pas que du code malveillant ou des vulnérabilités ne se cachent pas dans le code. Nous (PerfomanC) comprenons qu'ils aient des raisons de garder leur code en source fermée, mais nous pensons qu'avoir un code open source est mieux.
## Avantages
- FOSS (Pour toujours !)
## Dépendances
| Outil | Description |
|-----------------|----------------------------------------|
| `Android NDK` | Kit de développement natif d'Android |
### Dépendances C++
| Dépendance | Description |
|------------|-------------------------------|
| `lsplt` | Simple PLT Hook pour Android |
## Utilisation
Nous sommes actuellement en train de préparer cela. (Pour bientôt)
## Installation
Il n'y a actuellement pas de version (releases) stable (Pour bientôt)
## Traduction
À ce jour, nous n'avons pas d'intégration avec d'autres plateformes pour traduire, mais vous pouvez contribuer à la branche [add/new-webui](https://github.com/PerformanC/ReZygisk/tree/add/new-webui). Merci de ne pas oublier d'inclure votre profil GitHub dans le fichier [TRANSLATOR.md](https://github.com/PerformanC/ReZygisk/blob/add/new-webui/TRANSLATOR.md) afin que les autres puissent voir votre contribution.
## Support
Pour toutes questions relatives a ReZygisk ou d'autres projets de PerformanC, n'hésitez pas à nous rejoindre via les différents moyens disponibles:
- Notre Discord: [PerformanC](https://discord.gg/uPveNfTuCJ)
- Le Telegram relatif a ReZygisk: [@rezygiskchat](https://t.me/rezygiskchat)
- Notre Telegram: [@performancorg](https://t.me/performancorg)
## Contribution
Il est obligatoire de lire les instructions de PerformanC dans les [Contribution Guidelines](https://github.com/PerformanC/contributing) afin de contribuer au projet ReZygisk. Suivez la politique de sécurité, le code de conduite et les standards relatif à la syntaxe.
## License
ReZygisk est majoritairement sous la licence GPL pour la partie de Dr-TSNG, mais sous licence AGPL 3.0 pour la partie réécrite du code par PerformanC. Vous pouvez trouver plus d'information sur le lien suivant : [Open Source Initiative](https://opensource.org/licenses/AGPL-3.0).

63
READMEs/README_id-ID.md Normal file
View File

@@ -0,0 +1,63 @@
# ReZygisk
[English](https://github.com/PerformanC/ReZygisk)
ReZygisk adalah turunan dari Zygisk Next, sebuah implementasi mandiri Zygisk, yang mendukung API Zygisk untuk KernelSU, Magisk (selain versi bawaan), dan APatch (dalam tahap pengembangan).
Proyek ini bertujuan untuk memodernisasi dan menulis ulang basis kode ke dalam bahasa pemorgraman C (dari C++ dan Rust), memungkinkan implementasi API Zygisk yang lebih efisien dan cepat dengan lisensi yang lebih permisif.
> [!NOTE]
> [CATATAN]
>
> Modul/turunan ini sedang dalam tahap pengembangan. gunakan hanya file .zip dari halaman Rilis.
>
> Anda dapat menginstal file .zip dari halaman [Actions](https://github.com/PerformanC/ReZygisk/actions), namun instalan ini sepenuhnya menjadi tanggung jawab Anda karena perangkat dapat mengalami bootloop.
## Mengapa?
Rilisan terbaru dari Zygisk Next tidak bersifat open-source, dengan kode yang sepenuhnya dikendalikan oleh developernya. Hal ini tidak hanya membatasi kemampuan kami untuk berkontribusi pada proyek ini, tetapi juga membuat kode tidak dapat diaudit, yang menjadi masalah utama keamanan karena Zygisk Next adalah modul yang berjalan dengan hak superuser (root), yang memiliki akses ke seluruh sistem.
Meskipun developer Zygisk Next terkenal dan dipercaya dalam komunitas Android, hal ini tidak menjamin bahwa kode tersebut bebas dari bahaya atau kerentanan. Kami (PerformanC) memahami alasan mereka untuk menjaga kode tetap tertutup, tetapi kami memiliki pandangan yang berbeda.
## Kelebihan
- FOSS (Free and Open Source Software) Selamanya.
## Komponen Pendukung
| Alat | Deskripsi |
|-----------------|------------------------------------------|
| `Android NDK` | Native Development Kit untuk Android |
### Komponen Pendukung C++
| Komponen | Deskripsi |
|------------|---------------------------------|
| `lsplt` | Simple PLT Hook untuk Android |
## Penggunaan
Kami saat ini sedang dalam tahap pengembangan. (Segera Hadir)
## Instalasi
Saat ini belum tersedia rilisan yang stabil. (Segera Hadir)
## Terjemahan
Saat ini, kami belum terintegrasi dengan platform lain untuk penerjemahan, tetapi Anda dapat berkontribusi pada cabang [add/new-webui](https://github.com/PerformanC/ReZygisk/tree/add/new-webui). Jangan lupa untuk menyertakan profil GitHub Anda di [TRANSLATOR.md](https://github.com/PerformanC/ReZygisk/blob/add/new-webui/TRANSLATOR.md) agar orang lain dapat melihat kontribusi Anda.
## Dukungan
Untuk pertanyaan terkait ReZygisk atau proyek PerformanC lainnya, silakan bergabung ke salah satu saluran berikut:
- Saluran Discord: [PerformanC](https://discord.gg/uPveNfTuCJ)
- Saluran Telegram ReZygisk: [@rezygiskchat](https://t.me/rezygiskchat)
- Saluran Telegram PerformanC: [@performancorg](https://t.me/performancorg)
## Kontribusi
Wajib mengikuti [Pedoman Kontribusi](https://github.com/PerformanC/contributing) PerformanC untuk berkontribusi pada ReZygisk. Sesuai dengan Kebijakan Keamanan, Kode Etik, dan standar struktur dan format yang berlaku.
## Lisensi
ReZygisk sebagian besar berlisensi di bawah GPL, oleh Dr-TSNG, tetapi juga AGPL 3.0, oleh The PerformanC Organization, untuk kode yang ditulis ulang. Anda dapat juga membaca lebih lanjut di [Open Source Initiative](https://opensource.org/licenses/AGPL-3.0).

73
READMEs/README_ja-JP.md Normal file
View File

@@ -0,0 +1,73 @@
# ReZygisk
[English](https://github.com/PerformanC/ReZygisk/blob/main/README.md)|[简体中文](/READMEs/README_zh-CN.md)|[繁體中文](/READMEs/README_zh-TW.md)
ReZygiskはkernelSU、Magisk、APatchにZygiskのAPIサポートを提供するスタンドアローンZygiskであるZygisk Nextのフォークです。
ReZygiskは更に高速かつ効率的なZygisk APIとより寛容なライセンスを、コードベースをCもともとはC++とRustでしたでアップデート/書き直すことで実現することを目標としています。
> [!NOTE]
> このモジュール/フォークはWIPWork in Progress、すべての作業が進行中であることを意味します: ReleasesタブのZipのみを使用するようにしてください。
>
> GitHub [Actions](https://github.com/PerformanC/ReZygisk/actions) よりZipをダウンロードして使用することも可能ですが、デバイスがブートループなどの不具合が起きる可能性があります。ユーザー自身の裁量にて使用してください。
## ReZygiskを使う理由
Zygisk Nextの最新リリースはクローズドソースであり、コードはプロジェクトの開発者のみアクセスできるものです。これはコミュニティがコードに貢献することを妨げるだけではなく、コード監査をも難しくしています。これはZygisk Nextがルート権限で作動するアプリであるため、セキュリティ上深刻な問題です。
Zygisk Nextの開発者はAndroid Communityにて有名かつ信用されています。が、これはコード自体が悪意の無いこと/脆弱でないことを証明するものではありません。
我々PerformanCはZygisk Nextの開発者らがコードをクローズドに保つ重要な理由があることは承知していますが、我々はオープンソース/コミュニティドリブンにすることが重要だと考えています。
## メリット
- オープンソース、Free to Use、FOSS (永続的)
## 依存関係
| ツール | 説明 |
|-----------------|----------------------------------------|
| `Android NDK` | Androidのネイティブ開発環境キット |
### C++ 依存関係
| 依存 | 説明 |
|------------|-------------------------------|
| `lsplt` | シンプルなAndroidのPLTフック |
## 使い方
ただいま調理中です、しばらくお待ち下さい!(できるだけ早くお届けします)
## インストール
現状、ステーブルリリースはありません。(できるだけ早くお届けします)
## 翻訳
現状では、翻訳を他のプラットフォーム上で展開することはしていません。
が、[add/new-webui](https://github.com/PerformanC/ReZygisk/tree/add/new-webui) ブランチにて翻訳作業に参加していただくことができます。
他の開発者さんたちがあなたの貢献を確認できるように、 [TRANSLATOR.md](https://github.com/PerformanC/ReZygisk/blob/add/new-webui/TRANSLATOR.md) にあなたのプロフィールを追加することを忘れないでください!
## サポート
For any question related to ReZygisk or other PerformanC projects, feel free to join any of the following channels below:
ReZygisk/他のPerformanCのプロジェクトに対する質問がある場合は、以下のどれかに参加してください
- Discord チャンネル: [PerformanC](https://discord.gg/uPveNfTuCJ)
- ReZygisk Telegram チャンネル: [@rezygiskchat](https://t.me/rezygiskchat)
- PerformanC Telegram チャンネル: [@performancorg](https://t.me/performancorg)
## 貢献
貢献をしたい場合、PerformanCの[Contribution Guidelines](https://github.com/PerformanC/contributing)に従うことが必要になります。
セキュリティーポリシー、行動規範、シンタックススタンダードを採用してください。
## ライセンス
ReZygiskは基本的にDr-TSNGによるGPLライセンス下にてライセンスされています。
ただし、書き直しされたコードに関してはPerformanCによるAGPL3.0ライセンスにてライセンスされています。
詳細については [Open Source Initiative](https://opensource.org/licenses/AGPL-3.0) を参照してください。

62
READMEs/README_pt-BR.md Normal file
View File

@@ -0,0 +1,62 @@
# ReZygisk
[English](../README.md)
ReZygisk é uma fork do Zygisk Next, uma implementação do Zygisk independente, fornecendo a API do Zygisk para o kernelSU, Magisk (além do embutido) e APatch (a ser desenvolvido).
Ele foca em modernizar e re-escrever o código fonte para C (de C++ e Rust), permitindo uma implementação da API do Zygisk com uma licença mais permissiva.
> [!NOTE]
> Este módulo/fork ainda está em processo de desenvolvimento; apenas use .zip da aba Releases.
>
> Apesar de você poder instalar um .zip da aba [Actions](https://github.com/PerformanC/ReZygisk/actions), é de sua conta e risco, já que pode acarretar em um bootloop.
## Por quê?
Os últimos lançamentos do Zygisk Next não possuem código aberto, reservando-o para os seus desenvolvedores. Isso não só limita nossa capacidade de contribuir com o projeto, mas também impossibilita a auditoria do código, uma preocupação grave de segurança, já que o Zygisk Next é um módulo que roda como superuser (super usuário/root), tendo acesso a todo o sistema.
Os desenvolvedores do Zygisk Next são famosos e confiados pela comunidade Android, mas isso não significa que o código não seja nem malicioso nem vulnerável. Nós (PerformanC) reconhecemos seus motivos de manterem o código recluso a eles, mas a gente acredita no contrário.
## Vantagens
- FOSS (Pra sempre)
## Dependências
| Ferramenta | Descrição |
|-----------------|--------------------------------------------|
| `Android NDK` | Kit de Desenvolvimento Nativo para Android |
### Dependências C++
| Dependência | Descrição |
|-------------|-------------------------------|
| `lsplt` | PLT Hook simples para Android |
## Forma de uso
Estamos ainda em processo de desenvolvimento desta aba. (Em breve)
## Processo de instalação
Estamos ainda em processo de desenvolvimento desta aba. (Em breve)
## Tradução
Até agora, a gente não possui uma plataforma para traduções, mas você pode contribuir para a branch [add/new-webui](https://github.com/PerformanC/ReZygisk/tree/add/new-webui). Por favor, não esqueça de incluir seu perfil do GitHub no [TRANSLATOR.md](https://github.com/PerformanC/ReZygisk/blob/add/new-webui/TRANSLATOR.md) para que assim outras pessoas vejam sua contribuição.
## Suporte
Para quaisquer problemas no ReZygisk ou qualquer projeto da PerformanC, sinta-se livre para entrar em qualquer canal abaixo:
- Server do Discord: [PerformanC](https://discord.gg/uPveNfTuCJ)
- Canal do Telegram ReZygisk: [@rezygiskchat](https://t.me/rezygiskchat)
- Canal do Telegram PerformanC: [@performancorg](https://t.me/performancorg)
## Contribuição
É obrigatório seguir as [Regras de Contribuição](https://github.com/PerformanC/contributing) da PerformanC para contribuir ao ReZygisk, seguindo sua Política de Segurança, Código de Conduta, e padronização de sintaxe.
## Licença
ReZygisk é majoritamente licenciado em GPL, por Dr-TSNG, mas também em AGPL 3.0, pela A Organização PerformanC (The PerformanC Organization) para código re-escrito. Você pode ler mais em [Open Source Initiative](https://opensource.org/licenses/AGPL-3.0).

61
READMEs/README_tr-TR.md Normal file
View File

@@ -0,0 +1,61 @@
# ReZygisk
[English](../README.md)
ReZygisk, Zygisk Next'in bir forkudur ve Zygisk'in bağımsız bir uygulamasıdır. KernelSU, Magisk (yerleşik olanın dışında) ve APatch (Çalışmalar Devam Ediyor) için Zygisk API desteği sağlar.
Amacı, C++ ve Rust'tan C diline geçerek kod tabanını modernize etmek ve yeniden yazmaktır. Bu, daha verimli ve hızlı bir Zygisk API uygulaması sağlarken daha esnek bir lisans sunar.
> [!NOT]
> Bu modül/fork şu anda geliştirme aşamasındadır (WIP - Work In Progress); yalnızca Release'deki .zip dosyasını kullanın.
>
> [Actions](https://github.com/PerformanC/ReZygisk/actions) sayfasındaki .zip dosyasını yüklemek tamamen sizin sorumluluğunuzdadır; cihazınız bootloop'a girebilir.
## Neden?
Zygisk Next'in son sürümleri açık kaynaklı değildir ve tamamen geliştiricilerine ayrılmıştır. Bu durum, projeye katkıda bulunma yeteneğimizi sınırlamakla kalmaz, aynı zamanda kodun denetlenmesini imkansız hale getirir. Bu, Zygisk Next'in süper kullanıcı (root) ayrıcalıklarıyla çalışması ve tüm sisteme erişimi olması nedeniyle büyük bir güvenlik sorunudur.
Zygisk Next geliştiricileri, Android topluluğunda tanınmış ve güvenilir kişilerdir, ancak bu, kodun kötü niyetli veya hassas olmadığını garanti etmez. PerformanC olarak, kodu kapalı kaynaklı tutma nedenlerini anlasak da, bunun tersini savunuyoruz.
## Avantajlar
- Sonsuza kadar açık kaynak (FOSS)
## Bağımlılıklar
| Araç | Açıklama |
|------------------|--------------------------------------|
| `Android NDK` | Android için Yerel Geliştirme Kiti |
### C++ Bağımlılıkları
| Bağımlılık | Açıklama |
|------------|---------------------------------|
| `lsplt` | Android için Basit PLT Hook |
## Kullanım
Şu anda geliştirme aşamasındayız. (Yakında)
## Kurulum
Şu anda mevcut kararlı sürüm yoktur. (Yakında)
## Çeviri
Şu anda başka bir platformla entegre bir çeviri sistemimiz bulunmuyor, ancak [add/new-webui](https://github.com/PerformanC/ReZygisk/tree/add/new-webui) branch'ine katkıda bulunabilirsiniz. Lütfen GitHub profilinizi [TRANSLATOR.md](https://github.com/PerformanC/ReZygisk/blob/add/new-webui/TRANSLATOR.md) dosyasına eklemeyi unutmayın, böylece katkılarınız görülebilir.
## Destek
ReZygisk veya diğer PerformanC projeleriyle ilgili herhangi bir soru için aşağıdaki kanallardan herhangi birine katılabilirsiniz:
- Discord Kanalı: [PerformanC](https://discord.gg/uPveNfTuCJ)
- ReZygisk Telegram Kanalı: [@rezygiskchat](https://t.me/rezygiskchat)
- PerformanC Telegram Kanalı: [@performancorg](https://t.me/performancorg)
## Katkıda Bulunma
ReZygisk'e katkıda bulunmak için PerformanC'nin [Katkı Yönergeleri](https://github.com/PerformanC/contributing)'ni takip etmek zorunludur. Güvenlik Politikası, Davranış Kuralları ve sözdizimi standartlarına uyulmalıdır.
## Lisans
ReZygisk, büyük ölçüde Dr-TSNG tarafından GPL lisansı altında, ancak yeniden yazılmış kodlar için The PerformanC Organization tarafından AGPL 3.0 lisansı altında lisanslanmıştır. Daha fazla bilgi için [Open Source Initiative](https://opensource.org/licenses/AGPL-3.0)'e göz atabilirsiniz.

61
READMEs/README_vi-VN.md Normal file
View File

@@ -0,0 +1,61 @@
# ReZygisk
[English](../README.md)
ReZygisk làm một nhánh phát triển lấy từ ZygiskNext, một triển khai độc lập của Zygisk, cung cấp và hỗ trợ Zygisk API cho KernelSU, Magisk (bên cạnh tích hợp) và APatch (Đang trong quá trình phát triển).
Mục tiêu của ReZygisk là mô-đun hoá và viết lại toàn bộ codebase từ C++/Rust sang C, cho phép triển khai API Zygisk hiệu quả hơn và nhanh hơn với giấy phép dễ dàng tái sử dụng hơn.
> [!NOTE]
> Mô-đun này đang trong quá trình phát triển; chỉ nên sử dụng file .zip từ các bản phát hành.
>
> Mạc dù bạn có thể cài đặt mô-đun được lấy từ trang [Actions](https://github.com/PerformanC/ReZygisk/actions), nhưng sẽ chỉ phụ thuộc vào bạn có chấp nhận rủi ro hay không vì các mô-đun này có thể gây lỗi cho hệ điều hành. Ví dụ: Bootloop (Lỗi liên tục khởi động lại máy)
## Tại sao nhánh phát triển này lại xuất hiện?
Bản ra mắt mới nhất của Zygisk Next không còn là mã nguồn mở, dành toàn bộ quyền phát triển phần mềm cho những nhà phát triển gốc. Không chỉ giới hạn chúng ta đóng gốp cho dự án, mà còn bất khả thi trong việc kiểm trả độ đảm bảo của mã, điều mà có thể coi là mối quan tâm lớn về tính bảo mật và độ an toàn, bởi Zygisk Next là mô-đun chạy dưới quyền quản trị (root), có khả năng truy cập vào toàn bộ hệ thống trong thiết bị của bạn.
Các nhà phát triển Zygisk Next đều là những người nổi tiếng và được tin tưởng bởi cộng đồng sử dụng Android, tuy nhiên, điều đó không có nghĩa là mã nguồn của họ không có lỗ hổng hoặc có nguy cơ bị tấn công. Chúng tôi (PerformanC) thông cảm được lý do mà học đóng mã nguồn của họ vào, tuy nhiễn chúng tôi tin vào điều ngược lại.
## Ưu điểm
- Mã nguồn mở (Vĩnh Viễn)
## Các công cụ/thư viện được sử dụng
| Công cụ | Mô tả |
|-----------------|-------------------------------------------|
| `Android NDK` | Bộ công cụ phát triển cốt lõi cho Android |
### Các công cụ/thư viện của C++ được sử dụng
| Thư Viện | Mô Tả |
|------------|----------------------------------------------|
| `lsplt` | Công cụ **móc** vào PLT đơn giản cho Android |
## Các sử dụng
Chúng tôi đang trong quá trình phát triển (Sắp ra mắt)
## Cài Đặt
Hiện chưa có bản ra mắt ổn định (Sắp ra mắt)
## Dịch WebUI cho mô-đun
Hiện tai, chúng tôi chưa tích hợp nền táng dịch nào để dịch một cách thuận tiện nhưng bạn có thể đóng góp vào nhánh [add/new-webui](https://github.com/PerformanC/ReZygisk/tree/add/new-webui). Đừng quên thêm trang cá nhân Github của bạn vào [TRANSLATOR.md](https://github.com/PerformanC/ReZygisk/blob/add/new-webui/TRANSLATOR.md) để mọi người thâys được đóng góp của bạn
## Hỗ trợ
Nếu bạn có những câu hỏi nào dành cho ReZygisk hoặc bất kì một dự án nào của PerformanC, hãy tự nhiên tham gia các kênh trò chuyện dưới đây:
- Discord: [PerformanC](https://discord.gg/uPveNfTuCJ)
- Telegram [ReZygisk]: [@rezygiskchat](https://t.me/rezygiskchat)
- Telegram [PerformanC]: [@performancorg](https://t.me/performancorg)
## Đóng góp cho dự án này
Tuân theo [hướng dẫn đóng góp](https://github.com/PerformanC/contributing) của PerformanC là một điều tất yếu mà bạn bắt buộc phải làm. Hãy tuân theo chính sách bảo mật, quy tắc ứng xử/đóng góp mã nguồn và tiêu chuẩn cú pháp riêng.
## Bản quyền
Hầu hết các thành phần của ReZygisk để dưới bản quyền GPL (bởi Dr-TSNG) và AGPL 3.0 (bởiThe PerformanC Organization) cho những phần được viết lại. Bạn có thể xem thêm trong trang [Open Source Initiative](https://opensource.org/licenses/AGPL-3.0).

68
READMEs/README_zh-CN.md Normal file
View File

@@ -0,0 +1,68 @@
# ReZygisk
[English](https://github.com/PerformanC/ReZygisk/blob/main/README.md)
ReZygisk 是 Zygisk 的另一个独立实现,从 Zygisk Next 分叉而来,为 KernelSU、Magisk 和 APatch 提供 Zygisk API 支持(目前处于测试阶段)。
项目致力于使用 C 语言重写原本的 C++ 和 Rust 代码,从而更加现代、高效地实现 Zygisk API并使用更宽松的开源许可证。
> [!NOTE]
> 此模块还在测试阶段,请仅安装正式版本的压缩包。
>
> 您可以从 [Actions](https://github.com/PerformanC/ReZygisk/actions) 页面下载自动构建包,但要注意自负风险。使用不稳定的版本时,设备可能会陷入启动循环(Bootloop)。
## 为什么要选择 ReZygisk
最新版本的 Zygisk Next 并不开源仅其核心开发者有权查阅全部源代码。这不仅阻止了其他开发者贡献代码还阻止了他人对项目代码进行审计。Zygisk Next 是一个以超级用户(root)权限运行的模块,可以访问整个系统,闭源后存在重大安全隐患。
Zygisk Next 的开发者们在Android社区享有盛誉备受信任。但这并不意味着他们的项目就一定没有任何恶意代码和漏洞。我们(PerformanC)理解他们出于某些原因不愿保持开源,但我们坚信,开源是更好的选择。
## 优点
- 永远保持开源
## 依赖
| 工具 | 简介 |
|---------------|------------------------------------|
| `Android NDK` | Android 本地开发工具包 |
### C++ 依赖
| 依赖 | 简介 |
|---------|-----------------------------|
| `lsplt` | Android 程序链接表钩子 |
## 用法
目前正在编写中 (敬请期待)
## 安装
目前还没有发布正式版本 (敬请期待)
## 翻译
您可以向 [add/new-webui](https://github.com/PerformanC/ReZygisk/tree/add/new-webui) 分支贡献翻译。
请不要忘记在 [TRANSLATOR.md](https://github.com/PerformanC/ReZygisk/blob/add/new-webui/TRANSLATOR.md) 中添加您的 GitHub 账号信息,以便人们看到您的贡献。
## 支持
如果您有任何关于 ReZygisk 或者其他 PerformanC 项目的问题,可以随时加入以下群组:
- Discord 服务器: [PerformanC](https://discord.gg/uPveNfTuCJ)
- ReZygisk Telegram 群组: [@rezygiskchat](https://t.me/rezygiskchat)
- PerformanC Telegram 群组: [@performancorg](https://t.me/performancorg)
## 贡献
要对 ReZygisk 做出贡献,请遵守 PerformanC 的 [贡献指南](https://github.com/PerformanC/contributing) 。
请遵循其安全政策、行为准则和语法标准。
## 开源许可证
ReZygisk 项目中,旧的 Zygisk Next 部分采用 GPL 许可证,但由 PerformanC 组织重写的代码则采用 AGPL 3.0 许可证。
您可以在 [Open Source Initiative](https://opensource.org/licenses/AGPL-3.0) 上阅读更多相关信息。

62
READMEs/README_zh-TW.md Normal file
View File

@@ -0,0 +1,62 @@
# ReZygisk
> 繁體中文README_zh-TW.md是根據[英文版自述檔案README.md](https://github.com/PerformanC/ReZygisk/blob/main/README.md)翻譯,僅供參考以便理解英文內容,翻譯可能滯後。
ReZygisk 是 Zygisk Next 的一個分支,這是一個獨立實現的 Zygisk為 KernelSU、Magisk除了內建支援外和 APatch開發中提供 Zygisk API 支援。
此專案致力於用 C 語言重寫原有的 C++ 和 Rust 代碼,藉此以更現代且高效的方式實現 Zygisk API並採用更寬鬆的授權條款。
> [!NOTE]
> 此模組/分支仍在開發中WIP請僅安裝正式版本的壓縮包。
>
> 雖然你可以從 [Actions](https://github.com/PerformanC/ReZygisk/actions) 頁面安裝 .zip 檔但若因此導致裝置進入開機循環Bootloop後果須自行承擔。
## 為什麼選擇ReZygisk
最新版本的 Zygisk Next 已轉為閉源,只有核心開發者能查閱完整的原始碼。這不僅限制了其他開發者的貢獻,也無法進行代碼審計。由於 Zygisk Next 是一個以超級使用者root權限運行的模組能夠存取整個系統若閉源將帶來重大的安全風險。
雖然 Zygisk Next 的開發者在 Android 社群中享有盛譽並且備受信任但這並不代表他們的專案就完全沒有任何惡意程式碼或漏洞。我們PerformanC理解他們因某些原因選擇保持閉源但我們堅信開源才是更好的選擇。
## 優勢
- 永遠是自由及開放原始碼軟體FOSS
## 依賴項
| 工具 | 說明 |
|-----------------|---------------------------------------|
| `Android NDK` | Android 原生開發工具包 |
### C++ 依賴項
| 依賴 | 說明 |
|----------|----------------------------------------------|
| `lsplt` | Android 的簡單 PLT程式連結表 勾取 |
## 用法
我們目前正在開發中。(敬請期待)
## 安裝
目前沒有穩定版本可供下載。(敬請期待)
## 翻譯
目前我們尚未與其他平台整合進行翻譯,但您可以為 [add/new-webui](https://github.com/PerformanC/ReZygisk/tree/add/new-webui)分支做出貢獻。請別忘了在 [TRANSLATOR.md](https://github.com/PerformanC/ReZygisk/blob/add/new-webui/TRANSLATOR.md) 中包含您的 GitHub 個人檔案,讓大家能夠看到您的貢獻。
## 支援
如有關於 ReZygisk 或其他 PerformanC 專案的任何問題,歡迎加入以下任一頻道:
- Discord 頻道: [PerformanC](https://discord.gg/uPveNfTuCJ)
- ReZygisk Telegram 頻道: [@rezygiskchat](https://t.me/rezygiskchat)
- PerformanC Telegram 頻道: [@performancorg](https://t.me/performancorg)
## 貢獻
要為 ReZygisk 貢獻,必須遵循 PerformanC 的[貢獻指南](https://github.com/PerformanC/contributing),並遵守其安全政策、行為準則以及語法標準。
## 授權條款
在 ReZygisk 專案中,舊的 Zygisk Next 部分採用了 GPL 授權,而由 PerformanC 組織重寫的程式碼則採用 AGPL 3.0 授權。
您可以在[開放原始碼倡議Open Source Initiative](https://opensource.org/licenses/AGPL-3.0)上閱讀更多相關資訊。

7
build.gradle.kts
View File

@@ -19,10 +19,11 @@ val gitCommitCount = "git rev-list HEAD --count".execute().toInt()
val gitCommitHash = "git rev-parse --verify --short HEAD".execute()
val moduleId by extra("zygisksu")
val moduleName by extra("Zygisk Next")
val verName by extra("v4-0.9.1.1")
val moduleName by extra("ReZygisk")
val verName by extra("v1.0.0")
val verCode by extra(gitCommitCount)
val commitHash by extra(gitCommitHash)
val minAPatchVersion by extra(10655)
val minKsuVersion by extra(10940)
val minKsudVersion by extra(11425)
val maxKsuVersion by extra(20000)
@@ -32,7 +33,7 @@ val androidMinSdkVersion by extra(26)
val androidTargetSdkVersion by extra(34)
val androidCompileSdkVersion by extra(34)
val androidBuildToolsVersion by extra("34.0.0")
val androidCompileNdkVersion by extra("26.0.10792818")
val androidCompileNdkVersion by extra("27.2.12479018")
val androidSourceCompatibility by extra(JavaVersion.VERSION_11)
val androidTargetCompatibility by extra(JavaVersion.VERSION_11)

BIN
gradle/wrapper/gradle-wrapper.jar vendored
View File

Binary file not shown.

2
gradle/wrapper/gradle-wrapper.properties vendored
View File

@@ -1,6 +1,6 @@
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-8.4-bin.zip
distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.2-bin.zip
networkTimeout=10000
validateDistributionUrl=true
zipStoreBase=GRADLE_USER_HOME

297
gradlew vendored
View File

@@ -1,7 +1,7 @@
#!/usr/bin/env sh
#!/bin/sh
#
# Copyright 2015 the original author or authors.
# Copyright © 2015-2021 the original authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -15,69 +15,104 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0
#
##############################################################################
##
## Gradle start up script for UN*X
##
#
# Gradle start up script for POSIX generated by Gradle.
#
# Important for running:
#
# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is
# noncompliant, but you have some other compliant shell such as ksh or
# bash, then to run this script, type that shell name before the whole
# command line, like:
#
# ksh Gradle
#
# Busybox and similar reduced shells will NOT work, because this script
# requires all of these POSIX shell features:
# * functions;
# * expansions «$var», «${var}», «${var:-default}», «${var+SET}»,
# «${var#prefix}», «${var%suffix}», and «$( cmd )»;
# * compound commands having a testable exit status, especially «case»;
# * various built-in commands including «command», «set», and «ulimit».
#
# Important for patching:
#
# (2) This script targets any POSIX shell, so it avoids extensions provided
# by Bash, Ksh, etc; in particular arrays are avoided.
#
# The "traditional" practice of packing multiple parameters into a
# space-separated string is a well documented source of bugs and security
# problems, so this is (mostly) avoided, by progressively accumulating
# options in "$@", and eventually passing that to Java.
#
# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS,
# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly;
# see the in-line comments for details.
#
# There are tweaks for specific operating systems such as AIX, CygWin,
# Darwin, MinGW, and NonStop.
#
# (3) This script is generated from the Groovy template
# https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
# within the Gradle project.
#
# You can find Gradle at https://github.com/gradle/gradle/.
#
##############################################################################
# Attempt to set APP_HOME
# Resolve links: $0 may be a link
PRG="$0"
# Need this for relative symlinks.
while [ -h "$PRG" ] ; do
ls=`ls -ld "$PRG"`
link=`expr "$ls" : '.*-> \(.*\)$'`
if expr "$link" : '/.*' > /dev/null; then
PRG="$link"
else
PRG=`dirname "$PRG"`"/$link"
fi
app_path=$0
# Need this for daisy-chained symlinks.
while
APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path
[ -h "$app_path" ]
do
ls=$( ls -ld "$app_path" )
link=${ls#*' -> '}
case $link in #(
/*) app_path=$link ;; #(
*) app_path=$APP_HOME$link ;;
esac
done
SAVED="`pwd`"
cd "`dirname \"$PRG\"`/" >/dev/null
APP_HOME="`pwd -P`"
cd "$SAVED" >/dev/null
APP_NAME="Gradle"
APP_BASE_NAME=`basename "$0"`
# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
# This is normally unused
# shellcheck disable=SC2034
APP_BASE_NAME=${0##*/}
# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s
' "$PWD" ) || exit
# Use the maximum available, or set MAX_FD != -1 to use that value.
MAX_FD="maximum"
MAX_FD=maximum
warn () {
echo "$*"
}
} >&2
die () {
echo
echo "$*"
echo
exit 1
}
} >&2
# OS specific support (must be 'true' or 'false').
cygwin=false
msys=false
darwin=false
nonstop=false
case "`uname`" in
CYGWIN* )
cygwin=true
;;
Darwin* )
darwin=true
;;
MINGW* )
msys=true
;;
NONSTOP* )
nonstop=true
;;
case "$( uname )" in #(
CYGWIN* ) cygwin=true ;; #(
Darwin* ) darwin=true ;; #(
MSYS* | MINGW* ) msys=true ;; #(
NONSTOP* ) nonstop=true ;;
esac
CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
@@ -87,9 +122,9 @@ CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
if [ -n "$JAVA_HOME" ] ; then
if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
# IBM's JDK on AIX uses strange locations for the executables
JAVACMD="$JAVA_HOME/jre/sh/java"
JAVACMD=$JAVA_HOME/jre/sh/java
else
JAVACMD="$JAVA_HOME/bin/java"
JAVACMD=$JAVA_HOME/bin/java
fi
if [ ! -x "$JAVACMD" ] ; then
die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
@@ -98,88 +133,120 @@ Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
else
JAVACMD="java"
which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
JAVACMD=java
if ! command -v java >/dev/null 2>&1
then
die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
fi
# Increase the maximum file descriptors if we can.
if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
MAX_FD_LIMIT=`ulimit -H -n`
if [ $? -eq 0 ] ; then
if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
MAX_FD="$MAX_FD_LIMIT"
fi
ulimit -n $MAX_FD
if [ $? -ne 0 ] ; then
warn "Could not set maximum file descriptor limit: $MAX_FD"
fi
else
warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
fi
fi
# For Darwin, add options to specify how the application appears in the dock
if $darwin; then
GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
fi
# For Cygwin or MSYS, switch paths to Windows format before running java
if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then
APP_HOME=`cygpath --path --mixed "$APP_HOME"`
CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
JAVACMD=`cygpath --unix "$JAVACMD"`
# We build the pattern for arguments to be converted via cygpath
ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
SEP=""
for dir in $ROOTDIRSRAW ; do
ROOTDIRS="$ROOTDIRS$SEP$dir"
SEP="|"
done
OURCYGPATTERN="(^($ROOTDIRS))"
# Add a user-defined pattern to the cygpath arguments
if [ "$GRADLE_CYGPATTERN" != "" ] ; then
OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
fi
# Now convert the arguments - kludge to limit ourselves to /bin/sh
i=0
for arg in "$@" ; do
CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option
if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition
eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
else
eval `echo args$i`="\"$arg\""
fi
i=`expr $i + 1`
done
case $i in
0) set -- ;;
1) set -- "$args0" ;;
2) set -- "$args0" "$args1" ;;
3) set -- "$args0" "$args1" "$args2" ;;
4) set -- "$args0" "$args1" "$args2" "$args3" ;;
5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
case $MAX_FD in #(
max*)
# In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
# shellcheck disable=SC2039,SC3045
MAX_FD=$( ulimit -H -n ) ||
warn "Could not query maximum file descriptor limit"
esac
case $MAX_FD in #(
'' | soft) :;; #(
*)
# In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
# shellcheck disable=SC2039,SC3045
ulimit -n "$MAX_FD" ||
warn "Could not set maximum file descriptor limit to $MAX_FD"
esac
fi
# Escape application args
save () {
for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
echo " "
}
APP_ARGS=`save "$@"`
# Collect all arguments for the java command, stacking in reverse order:
# * args from the command line
# * the main class name
# * -classpath
# * -D...appname settings
# * --module-path (only if needed)
# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.
# Collect all arguments for the java command, following the shell quoting and substitution rules
eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
# For Cygwin or MSYS, switch paths to Windows format before running java
if "$cygwin" || "$msys" ; then
APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
JAVACMD=$( cygpath --unix "$JAVACMD" )
# Now convert the arguments - kludge to limit ourselves to /bin/sh
for arg do
if
case $arg in #(
-*) false ;; # don't mess with options #(
/?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath
[ -e "$t" ] ;; #(
*) false ;;
esac
then
arg=$( cygpath --path --ignore --mixed "$arg" )
fi
# Roll the args list around exactly as many times as the number of
# args, so each arg winds up back in the position where it started, but
# possibly modified.
#
# NB: a `for` loop captures its iteration list before it begins, so
# changing the positional parameters here affects neither the number of
# iterations, nor the values presented in `arg`.
shift # remove old arg
set -- "$@" "$arg" # push replacement arg
done
fi
# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
# Collect all arguments for the java command:
# * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
# and any embedded shellness will be escaped.
# * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
# treated as '${Hostname}' itself on the command line.
set -- \
"-Dorg.gradle.appname=$APP_BASE_NAME" \
-classpath "$CLASSPATH" \
org.gradle.wrapper.GradleWrapperMain \
"$@"
# Stop when "xargs" is not available.
if ! command -v xargs >/dev/null 2>&1
then
die "xargs is not available"
fi
# Use "xargs" to parse quoted args.
#
# With -n1 it outputs one arg per line, with the quotes and backslashes removed.
#
# In Bash we could simply go:
#
# readarray ARGS < <( xargs -n1 <<<"$var" ) &&
# set -- "${ARGS[@]}" "$@"
#
# but POSIX shell has neither arrays nor command substitution, so instead we
# post-process each arg (as a line of input to sed) to backslash-escape any
# character that might be a shell metacharacter, then use eval to reverse
# that process (while maintaining the separation between arguments), and wrap
# the whole thing up as a single "set" statement.
#
# This will of course break if any of these variables contains a newline or
# an unmatched quote.
#
eval "set -- $(
printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
xargs -n1 |
sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
tr '\n' ' '
)" '"$@"'
exec "$JAVACMD" "$@"

183
gradlew.bat vendored
View File

@@ -1,89 +1,94 @@
@rem
@rem Copyright 2015 the original author or authors.
@rem
@rem Licensed under the Apache License, Version 2.0 (the "License");
@rem you may not use this file except in compliance with the License.
@rem You may obtain a copy of the License at
@rem
@rem https://www.apache.org/licenses/LICENSE-2.0
@rem
@rem Unless required by applicable law or agreed to in writing, software
@rem distributed under the License is distributed on an "AS IS" BASIS,
@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@rem See the License for the specific language governing permissions and
@rem limitations under the License.
@rem
@if "%DEBUG%" == "" @echo off
@rem ##########################################################################
@rem
@rem Gradle startup script for Windows
@rem
@rem ##########################################################################
@rem Set local scope for the variables with windows NT shell
if "%OS%"=="Windows_NT" setlocal
set DIRNAME=%~dp0
if "%DIRNAME%" == "" set DIRNAME=.
set APP_BASE_NAME=%~n0
set APP_HOME=%DIRNAME%
@rem Resolve any "." and ".." in APP_HOME to make it shorter.
for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
@rem Find java.exe
if defined JAVA_HOME goto findJavaFromJavaHome
set JAVA_EXE=java.exe
%JAVA_EXE% -version >NUL 2>&1
if "%ERRORLEVEL%" == "0" goto execute
echo.
echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
echo.
echo Please set the JAVA_HOME variable in your environment to match the
echo location of your Java installation.
goto fail
:findJavaFromJavaHome
set JAVA_HOME=%JAVA_HOME:"=%
set JAVA_EXE=%JAVA_HOME%/bin/java.exe
if exist "%JAVA_EXE%" goto execute
echo.
echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
echo.
echo Please set the JAVA_HOME variable in your environment to match the
echo location of your Java installation.
goto fail
:execute
@rem Setup the command line
set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
@rem Execute Gradle
"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
:end
@rem End local scope for the variables with windows NT shell
if "%ERRORLEVEL%"=="0" goto mainEnd
:fail
rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
rem the _cmd.exe /c_ return code!
if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
exit /b 1
:mainEnd
if "%OS%"=="Windows_NT" endlocal
:omega
@rem
@rem Copyright 2015 the original author or authors.
@rem
@rem Licensed under the Apache License, Version 2.0 (the "License");
@rem you may not use this file except in compliance with the License.
@rem You may obtain a copy of the License at
@rem
@rem https://www.apache.org/licenses/LICENSE-2.0
@rem
@rem Unless required by applicable law or agreed to in writing, software
@rem distributed under the License is distributed on an "AS IS" BASIS,
@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@rem See the License for the specific language governing permissions and
@rem limitations under the License.
@rem
@rem SPDX-License-Identifier: Apache-2.0
@rem
@if "%DEBUG%"=="" @echo off
@rem ##########################################################################
@rem
@rem Gradle startup script for Windows
@rem
@rem ##########################################################################
@rem Set local scope for the variables with windows NT shell
if "%OS%"=="Windows_NT" setlocal
set DIRNAME=%~dp0
if "%DIRNAME%"=="" set DIRNAME=.
@rem This is normally unused
set APP_BASE_NAME=%~n0
set APP_HOME=%DIRNAME%
@rem Resolve any "." and ".." in APP_HOME to make it shorter.
for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
@rem Find java.exe
if defined JAVA_HOME goto findJavaFromJavaHome
set JAVA_EXE=java.exe
%JAVA_EXE% -version >NUL 2>&1
if %ERRORLEVEL% equ 0 goto execute
echo. 1>&2
echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
echo. 1>&2
echo Please set the JAVA_HOME variable in your environment to match the 1>&2
echo location of your Java installation. 1>&2
goto fail
:findJavaFromJavaHome
set JAVA_HOME=%JAVA_HOME:"=%
set JAVA_EXE=%JAVA_HOME%/bin/java.exe
if exist "%JAVA_EXE%" goto execute
echo. 1>&2
echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
echo. 1>&2
echo Please set the JAVA_HOME variable in your environment to match the 1>&2
echo location of your Java installation. 1>&2
goto fail
:execute
@rem Setup the command line
set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
@rem Execute Gradle
"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
:end
@rem End local scope for the variables with windows NT shell
if %ERRORLEVEL% equ 0 goto mainEnd
:fail
rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
rem the _cmd.exe /c_ return code!
set EXIT_CODE=%ERRORLEVEL%
if %EXIT_CODE% equ 0 set EXIT_CODE=1
if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
exit /b %EXIT_CODE%
:mainEnd
if "%OS%"=="Windows_NT" endlocal
:omega

6
loader/build.gradle.kts
View File

@@ -26,6 +26,8 @@ val ccachePath by lazy {
}
val defaultCFlags = arrayOf(
"-D_GNU_SOURCE",
"-Wall", "-Wextra",
"-fno-rtti", "-fno-exceptions",
"-fno-stack-protector", "-fomit-frame-pointer",
@@ -33,7 +35,7 @@ val defaultCFlags = arrayOf(
)
val releaseFlags = arrayOf(
"-Oz", "-flto",
"-Ofast", "-flto=thin",
"-Wno-unused", "-Wno-unused-parameter",
"-fvisibility=hidden", "-fvisibility-inlines-hidden",
"-fno-unwind-tables", "-fno-asynchronous-unwind-tables",
@@ -49,12 +51,14 @@ android {
externalNativeBuild.cmake {
path("src/CMakeLists.txt")
buildStagingDirectory = layout.buildDirectory.get().asFile
}
defaultConfig {
externalNativeBuild.cmake {
arguments += "-DANDROID_STL=none"
arguments += "-DLSPLT_STANDALONE=ON"
arguments += "-DCMAKE_BUILD_PARALLEL_LEVEL=${Runtime.getRuntime().availableProcessors()}"
cFlags("-std=c18", *defaultCFlags)
cppFlags("-std=c++20", *defaultCFlags)
ccachePath?.let {

7
loader/src/CMakeLists.txt
View File

@@ -3,12 +3,14 @@ project("loader")
find_package(cxx REQUIRED CONFIG)
set(CMAKE_EXPORT_COMPILE_COMMANDS ON)
add_definitions(-DZKSU_VERSION=\"${ZKSU_VERSION}\")
aux_source_directory(common COMMON_SRC_LIST)
add_library(common STATIC ${COMMON_SRC_LIST})
target_include_directories(common PRIVATE include)
target_link_libraries(common cxx::cxx log)
target_link_libraries(common log)
aux_source_directory(injector INJECTOR_SRC_LIST)
add_library(zygisk SHARED ${INJECTOR_SRC_LIST})
@@ -18,6 +20,5 @@ target_link_libraries(zygisk cxx::cxx log common lsplt_static phmap)
aux_source_directory(ptracer PTRACER_SRC_LIST)
add_executable(libzygisk_ptrace.so ${PTRACER_SRC_LIST})
target_include_directories(libzygisk_ptrace.so PRIVATE include)
target_link_libraries(libzygisk_ptrace.so cxx::cxx log common)
target_link_libraries(libzygisk_ptrace.so log common)
add_subdirectory(external)

360
loader/src/common/daemon.c Normal file
View File

@@ -0,0 +1,360 @@
#include <stdio.h>
#include <stdlib.h>
#include <stdbool.h>
#include <sys/socket.h>
#include <linux/un.h>
#include "logging.h"
#include "socket_utils.h"
#include "daemon.h"
int rezygiskd_connect(uint8_t retry) {
retry++;
int fd = socket(PF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0);
if (fd == -1) {
PLOGE("socket create");
return -1;
}
struct sockaddr_un addr = {
.sun_family = AF_UNIX,
.sun_path = { 0 }
};
/*
INFO: Application must assume that sun_path can hold _POSIX_PATH_MAX characters.
Sources:
- https://pubs.opengroup.org/onlinepubs/009696699/basedefs/sys/un.h.html
*/
strcpy(addr.sun_path, TMP_PATH "/" SOCKET_FILE_NAME);
socklen_t socklen = sizeof(addr);
while (--retry) {
int ret = connect(fd, (struct sockaddr *)&addr, socklen);
if (ret == 0) return fd;
if (retry) {
PLOGE("Retrying to connect to ReZygiskd, sleep 1s");
sleep(1);
}
}
close(fd);
return -1;
}
bool rezygiskd_ping() {
int fd = rezygiskd_connect(5);
if (fd == -1) {
PLOGE("connection to ReZygiskd");
return false;
}
write_uint8_t(fd, (uint8_t)PingHeartbeat);
close(fd);
return true;
}
uint32_t rezygiskd_get_process_flags(uid_t uid) {
int fd = rezygiskd_connect(1);
if (fd == -1) {
PLOGE("connection to ReZygiskd");
return 0;
}
write_uint8_t(fd, (uint8_t)GetProcessFlags);
write_uint32_t(fd, (uint32_t)uid);
uint32_t res = 0;
read_uint32_t(fd, &res);
close(fd);
return res;
}
void rezygiskd_get_info(struct rezygisk_info *info) {
int fd = rezygiskd_connect(1);
if (fd == -1) {
PLOGE("connection to ReZygiskd");
info->running = false;
return;
}
info->running = true;
write_uint8_t(fd, (uint8_t)GetInfo);
uint32_t flags = 0;
read_uint32_t(fd, &flags);
if (flags & (1 << 27)) info->root_impl = ROOT_IMPL_APATCH;
else if (flags & (1 << 29)) info->root_impl = ROOT_IMPL_KERNELSU;
else if (flags & (1 << 30)) info->root_impl = ROOT_IMPL_MAGISK;
else info->root_impl = ROOT_IMPL_NONE;
read_uint32_t(fd, (uint32_t *)&info->pid);
read_size_t(fd, &info->modules->modules_count);
if (info->modules->modules_count == 0) {
info->modules->modules = NULL;
close(fd);
return;
}
info->modules->modules = (char **)malloc(sizeof(char *) * info->modules->modules_count);
if (info->modules->modules == NULL) {
PLOGE("allocating modules name memory");
free(info->modules);
info->modules = NULL;
info->modules->modules_count = 0;
close(fd);
return;
}
for (size_t i = 0; i < info->modules->modules_count; i++) {
char *module_name = read_string(fd);
if (module_name == NULL) {
PLOGE("reading module name");
info->modules->modules_count = i;
free_rezygisk_info(info);
info->modules = NULL;
info->modules->modules_count = 0;
close(fd);
return;
}
char module_path[PATH_MAX];
snprintf(module_path, sizeof(module_path), "/data/adb/modules/%s/module.prop", module_name);
free(module_name);
FILE *module_prop = fopen(module_path, "r");
if (!module_prop) {
PLOGE("failed to open module prop file %s", module_path);
info->modules->modules_count = i;
free_rezygisk_info(info);
info->modules = NULL;
info->modules->modules_count = 0;
close(fd);
return;
}
char line[1024];
while (fgets(line, sizeof(line), module_prop) != NULL) {
if (strncmp(line, "name=", strlen("name=")) != 0) continue;
info->modules->modules[i] = strndup(line + 5, strlen(line) - 6);
break;
}
fclose(module_prop);
}
close(fd);
}
void free_rezygisk_info(struct rezygisk_info *info) {
if (info->modules->modules) {
for (size_t i = 0; i < info->modules->modules_count; i++) {
free(info->modules->modules[i]);
}
free(info->modules->modules);
}
free(info->modules);
}
bool rezygiskd_read_modules(struct zygisk_modules *modules) {
int fd = rezygiskd_connect(1);
if (fd == -1) {
PLOGE("connection to ReZygiskd");
return false;
}
write_uint8_t(fd, (uint8_t)ReadModules);
size_t len = 0;
read_size_t(fd, &len);
modules->modules = malloc(len * sizeof(char *));
if (!modules->modules) {
PLOGE("allocating modules name memory");
close(fd);
return false;
}
modules->modules_count = len;
for (size_t i = 0; i < len; i++) {
char *lib_path = read_string(fd);
if (!lib_path) {
PLOGE("reading module lib_path");
close(fd);
return false;
}
modules->modules[i] = lib_path;
}
close(fd);
return true;
}
void free_modules(struct zygisk_modules *modules) {
if (modules->modules) {
for (size_t i = 0; i < modules->modules_count; i++) {
free(modules->modules[i]);
}
free(modules->modules);
}
}
int rezygiskd_connect_companion(size_t index) {
int fd = rezygiskd_connect(1);
if (fd == -1) {
PLOGE("connection to ReZygiskd");
return -1;
}
write_uint8_t(fd, (uint8_t)RequestCompanionSocket);
write_size_t(fd, index);
uint8_t res = 0;
read_uint8_t(fd, &res);
if (res == 1) return fd;
else {
close(fd);
return -1;
}
}
int rezygiskd_get_module_dir(size_t index) {
int fd = rezygiskd_connect(1);
if (fd == -1) {
PLOGE("connection to ReZygiskd");
return -1;
}
write_uint8_t(fd, (uint8_t)GetModuleDir);
write_size_t(fd, index);
int dirfd = read_fd(fd);
close(fd);
return dirfd;
}
void rezygiskd_zygote_restart() {
int fd = rezygiskd_connect(1);
if (fd == -1) {
if (errno == ENOENT) LOGD("Could not notify ZygoteRestart (maybe it hasn't been created)");
else PLOGE("Could not notify ZygoteRestart");
return;
}
if (!write_uint8_t(fd, (uint8_t)ZygoteRestart))
PLOGE("Failed to request ZygoteRestart");
close(fd);
}
void rezygiskd_system_server_started() {
int fd = rezygiskd_connect(1);
if (fd == -1) {
PLOGE("Failed to report system server started");
return;
}
if (!write_uint8_t(fd, (uint8_t)SystemServerStarted))
PLOGE("Failed to request SystemServerStarted");
close(fd);
}
bool rezygiskd_update_mns(enum mount_namespace_state nms_state, char *buf, size_t buf_size) {
int fd = rezygiskd_connect(1);
if (fd == -1) {
PLOGE("connection to ReZygiskd");
return false;
}
write_uint8_t(fd, (uint8_t)UpdateMountNamespace);
write_uint32_t(fd, (uint32_t)getpid());
write_uint8_t(fd, (uint8_t)nms_state);
uint32_t target_pid = 0;
if (read_uint32_t(fd, &target_pid) < 0) {
PLOGE("Failed to read target pid");
close(fd);
return false;
}
uint32_t target_fd = 0;
if (read_uint32_t(fd, &target_fd) < 0) {
PLOGE("Failed to read target fd");
close(fd);
return false;
}
if (target_fd == 0) {
LOGE("Failed to get target fd");
close(fd);
return false;
}
snprintf(buf, buf_size, "/proc/%u/fd/%u", target_pid, target_fd);
close(fd);
return true;
}

142
loader/src/common/daemon.cpp
View File

@@ -1,142 +0,0 @@
#include <linux/un.h>
#include <sys/socket.h>
#include <unistd.h>
#include "daemon.h"
#include "dl.h"
#include "socket_utils.h"
namespace zygiskd {
static std::string TMP_PATH;
void Init(const char *path) {
TMP_PATH = path;
}
std::string GetTmpPath() {
return TMP_PATH;
}
int Connect(uint8_t retry) {
int fd = socket(PF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0);
struct sockaddr_un addr{
.sun_family = AF_UNIX,
.sun_path={0},
};
auto socket_path = TMP_PATH + kCPSocketName;
strcpy(addr.sun_path, socket_path.c_str());
socklen_t socklen = sizeof(addr);
while (retry--) {
int r = connect(fd, reinterpret_cast<struct sockaddr*>(&addr), socklen);
if (r == 0) return fd;
if (retry) {
PLOGE("Retrying to connect to zygiskd, sleep 1s");
sleep(1);
}
}
close(fd);
return -1;
}
bool PingHeartbeat() {
UniqueFd fd = Connect(5);
if (fd == -1) {
PLOGE("Connect to zygiskd");
return false;
}
socket_utils::write_u8(fd, (uint8_t) SocketAction::PingHeartBeat);
return true;
}
int RequestLogcatFd() {
int fd = Connect(1);
if (fd == -1) {
PLOGE("RequestLogcatFd");
return -1;
}
socket_utils::write_u8(fd, (uint8_t) SocketAction::RequestLogcatFd);
return fd;
}
uint32_t GetProcessFlags(uid_t uid) {
UniqueFd fd = Connect(1);
if (fd == -1) {
PLOGE("GetProcessFlags");
return 0;
}
socket_utils::write_u8(fd, (uint8_t) SocketAction::GetProcessFlags);
socket_utils::write_u32(fd, uid);
return socket_utils::read_u32(fd);
}
std::vector<Module> ReadModules() {
std::vector<Module> modules;
UniqueFd fd = Connect(1);
if (fd == -1) {
PLOGE("ReadModules");
return modules;
}
socket_utils::write_u8(fd, (uint8_t) SocketAction::ReadModules);
size_t len = socket_utils::read_usize(fd);
for (size_t i = 0; i < len; i++) {
std::string name = socket_utils::read_string(fd);
int module_fd = socket_utils::recv_fd(fd);
modules.emplace_back(name, module_fd);
}
return modules;
}
int ConnectCompanion(size_t index) {
int fd = Connect(1);
if (fd == -1) {
PLOGE("ConnectCompanion");
return -1;
}
socket_utils::write_u8(fd, (uint8_t) SocketAction::RequestCompanionSocket);
socket_utils::write_usize(fd, index);
if (socket_utils::read_u8(fd) == 1) {
return fd;
} else {
close(fd);
return -1;
}
}
int GetModuleDir(size_t index) {
UniqueFd fd = Connect(1);
if (fd == -1) {
PLOGE("GetModuleDir");
return -1;
}
socket_utils::write_u8(fd, (uint8_t) SocketAction::GetModuleDir);
socket_utils::write_usize(fd, index);
return socket_utils::recv_fd(fd);
}
void ZygoteRestart() {
UniqueFd fd = Connect(1);
if (fd == -1) {
if (errno == ENOENT) {
LOGD("Could not notify ZygoteRestart (maybe it hasn't been created)");
} else {
PLOGE("Could not notify ZygoteRestart");
}
return;
}
if (!socket_utils::write_u8(fd, (uint8_t) SocketAction::ZygoteRestart)) {
PLOGE("Failed to request ZygoteRestart");
}
}
void SystemServerStarted() {
UniqueFd fd = Connect(1);
if (fd == -1) {
PLOGE("Failed to report system server started");
} else {
if (!socket_utils::write_u8(fd, (uint8_t) SocketAction::SystemServerStarted)) {
PLOGE("Failed to report system server started");
}
}
}
}

60
loader/src/common/dl.cpp
View File

@@ -1,60 +0,0 @@
#include <cstdio>
#include <dlfcn.h>
#include <libgen.h>
#include <climits>
#include <cstring>
#include <android/dlext.h>
#include "dl.h"
#include "logging.h"
extern "C" [[gnu::weak]] struct android_namespace_t*
//NOLINTNEXTLINE
__loader_android_create_namespace([[maybe_unused]] const char* name,
[[maybe_unused]] const char* ld_library_path,
[[maybe_unused]] const char* default_library_path,
[[maybe_unused]] uint64_t type,
[[maybe_unused]] const char* permitted_when_isolated_path,
[[maybe_unused]] android_namespace_t* parent,
[[maybe_unused]] const void* caller_addr);
void* DlopenExt(const char* path, int flags) {
auto info = android_dlextinfo{};
auto* dir = dirname(path);
auto* ns = &__loader_android_create_namespace == nullptr ? nullptr :
__loader_android_create_namespace(path, dir, nullptr,
2, /* ANDROID_NAMESPACE_TYPE_SHARED */
nullptr, nullptr,
reinterpret_cast<void*>(&DlopenExt));
if (ns) {
info.flags = ANDROID_DLEXT_USE_NAMESPACE;
info.library_namespace = ns;
LOGD("Open %s with namespace %p", path, ns);
} else {
LOGD("Cannot create namespace for %s", path);
}
auto* handle = android_dlopen_ext(path, flags, &info);
if (handle) {
LOGD("dlopen %s: %p", path, handle);
} else {
LOGE("dlopen %s: %s", path, dlerror());
}
return handle;
}
void* DlopenMem(int fd, int flags) {
auto info = android_dlextinfo{
.flags = ANDROID_DLEXT_USE_LIBRARY_FD,
.library_fd = fd
};
auto* handle = android_dlopen_ext("/jit-cache", flags, &info);
if (handle) {
LOGV("dlopen fd %d: %p", fd, handle);
} else {
LOGE("dlopen fd %d: %s", fd, dlerror());
}
return handle;
}

395
loader/src/common/elf_util.c Normal file
View File

@@ -0,0 +1,395 @@
#include <stdlib.h>
#include <stdint.h>
#include <stdbool.h>
#include <string.h>
#include <fcntl.h>
#include <sys/mman.h>
#include <sys/stat.h>
#include <unistd.h>
#include "logging.h"
#include "elf_util.h"
#define SHT_GNU_HASH 0x6ffffff6
uint32_t ElfHash(const char *name) {
uint32_t h = 0, g = 0;
while (*name) {
h = (h << 4) + (unsigned char)*name++;
g = h & 0xf0000000;
if (g) {
h ^= g >> 24;
}
h &= ~g;
}
return h;
}
uint32_t GnuHash(const char *name) {
uint32_t h = 5381;
while (*name) {
h = (h << 5) + h + (unsigned char)(*name++);
}
return h;
}
ElfW(Shdr) *offsetOf_Shdr(ElfW(Ehdr) * head, ElfW(Off) off) {
return (ElfW(Shdr) *)(((uintptr_t)head) + off);
}
char *offsetOf_char(ElfW(Ehdr) * head, ElfW(Off) off) {
return (char *)(((uintptr_t)head) + off);
}
ElfW(Sym) *offsetOf_Sym(ElfW(Ehdr) * head, ElfW(Off) off) {
return (ElfW(Sym) *)(((uintptr_t)head) + off);
}
ElfW(Word) *offsetOf_Word(ElfW(Ehdr) * head, ElfW(Off) off) {
return (ElfW(Word) *)(((uintptr_t)head) + off);
}
int dl_cb(struct dl_phdr_info *info, size_t size, void *data) {
(void) size;
if ((info)->dlpi_name == NULL) return 0;
ElfImg *img = (ElfImg *)data;
if (strstr(info->dlpi_name, img->elf)) {
img->elf = strdup(info->dlpi_name);
img->base = (void *)info->dlpi_addr;
return 1;
}
return 0;
}
bool find_module_base(ElfImg *img) {
dl_iterate_phdr(dl_cb, img);
return img->base != NULL;
}
size_t calculate_valid_symtabs_amount(ElfImg *img) {
size_t count = 0;
if (img->symtab_start == NULL || img->symstr_offset_for_symtab == 0) return count;
for (ElfW(Off) i = 0; i < img->symtab_count; i++) {
unsigned int st_type = ELF_ST_TYPE(img->symtab_start[i].st_info);
if ((st_type == STT_FUNC || st_type == STT_OBJECT) && img->symtab_start[i].st_size)
count++;
}
return count;
}
void ElfImg_destroy(ElfImg *img) {
if (img->elf) {
free(img->elf);
img->elf = NULL;
}
if (img->symtabs_) {
size_t valid_symtabs_amount = calculate_valid_symtabs_amount(img);
if (valid_symtabs_amount == 0) goto finalize;
for (size_t i = 0; i < valid_symtabs_amount; i++) {
free(img->symtabs_[i].name);
}
free(img->symtabs_);
img->symtabs_ = NULL;
}
if (img->header) {
munmap(img->header, img->size);
img->header = NULL;
}
finalize:
free(img);
img = NULL;
}
ElfImg *ElfImg_create(const char *elf) {
ElfImg *img = (ElfImg *)calloc(1, sizeof(ElfImg));
if (!img) {
LOGE("Failed to allocate memory for ElfImg");
return NULL;
}
img->bias = -4396;
img->elf = strdup(elf);
img->base = NULL;
img->symtabs_ = NULL;
if (!find_module_base(img)) {
LOGE("Failed to find module base for %s", img->elf);
ElfImg_destroy(img);
return NULL;
}
int fd = open(img->elf, O_RDONLY);
if (fd < 0) {
LOGE("failed to open %s", img->elf);
ElfImg_destroy(img);
return NULL;
}
img->size = lseek(fd, 0, SEEK_END);
if (img->size <= 0) {
LOGE("lseek() failed for %s", img->elf);
ElfImg_destroy(img);
return NULL;
}
img->header = (ElfW(Ehdr) *)mmap(NULL, img->size, PROT_READ, MAP_SHARED, fd, 0);
close(fd);
img->section_header = offsetOf_Shdr(img->header, img->header->e_shoff);
uintptr_t shoff = (uintptr_t)img->section_header;
char *section_str = offsetOf_char(img->header, img->section_header[img->header->e_shstrndx].sh_offset);
for (int i = 0; i < img->header->e_shnum; i++, shoff += img->header->e_shentsize) {
ElfW(Shdr) *section_h = (ElfW(Shdr *))shoff;
char *sname = section_h->sh_name + section_str;
size_t entsize = section_h->sh_entsize;
switch (section_h->sh_type) {
case SHT_DYNSYM: {
if (img->bias == -4396) {
img->dynsym = section_h;
img->dynsym_offset = section_h->sh_offset;
img->dynsym_start = offsetOf_Sym(img->header, img->dynsym_offset);
}
break;
}
case SHT_SYMTAB: {
if (strcmp(sname, ".symtab") == 0) {
img->symtab = section_h;
img->symtab_offset = section_h->sh_offset;
img->symtab_size = section_h->sh_size;
img->symtab_count = img->symtab_size / entsize;
img->symtab_start = offsetOf_Sym(img->header, img->symtab_offset);
}
break;
}
case SHT_STRTAB: {
if (img->bias == -4396) {
img->strtab = section_h;
img->symstr_offset = section_h->sh_offset;
img->strtab_start = offsetOf_Sym(img->header, img->symstr_offset);
}
if (strcmp(sname, ".strtab") == 0) {
img->symstr_offset_for_symtab = section_h->sh_offset;
}
break;
}
case SHT_PROGBITS: {
if (img->strtab == NULL || img->dynsym == NULL)
break;
if (img->bias == -4396) {
img->bias = (off_t)section_h->sh_addr - (off_t)section_h->sh_offset;
}
break;
}
case SHT_HASH: {
ElfW(Word) *d_un = offsetOf_Word(img->header, section_h->sh_offset);
img->nbucket_ = d_un[0];
img->bucket_ = d_un + 2;
img->chain_ = img->bucket_ + img->nbucket_;
break;
}
case SHT_GNU_HASH: {
ElfW(Word) *d_buf = (ElfW(Word) *)(((size_t)img->header) + section_h->sh_offset);
img->gnu_nbucket_ = d_buf[0];
img->gnu_symndx_ = d_buf[1];
img->gnu_bloom_size_ = d_buf[2];
img->gnu_shift2_ = d_buf[3];
img->gnu_bloom_filter_ = (uintptr_t *)(d_buf + 4);
img->gnu_bucket_ = (uint32_t *)(img->gnu_bloom_filter_ + img->gnu_bloom_size_);
img->gnu_chain_ = img->gnu_bucket_ + img->gnu_nbucket_ - img->gnu_symndx_;
break;
}
}
}
return img;
}
ElfW(Addr) ElfLookup(ElfImg *restrict img, const char *restrict name, uint32_t hash) {
if (img->nbucket_ == 0)
return 0;
char *strings = (char *)img->strtab_start;
for (size_t n = img->bucket_[hash % img->nbucket_]; n != 0; n = img->chain_[n]) {
ElfW(Sym) *sym = img->dynsym_start + n;
if (strncmp(name, strings + sym->st_name, strlen(name)) == 0)
return sym->st_value;
}
return 0;
}
ElfW(Addr) GnuLookup(ElfImg *restrict img, const char *name, uint32_t hash) {
static size_t bloom_mask_bits = sizeof(ElfW(Addr)) * 8;
if (img->gnu_nbucket_ == 0 || img->gnu_bloom_size_ == 0)
return 0;
size_t bloom_word =
img->gnu_bloom_filter_[(hash / bloom_mask_bits) % img->gnu_bloom_size_];
uintptr_t mask = 0 | (uintptr_t)1 << (hash % bloom_mask_bits) |
(uintptr_t)1 << ((hash >> img->gnu_shift2_) % bloom_mask_bits);
if ((mask & bloom_word) == mask) {
size_t sym_index = img->gnu_bucket_[hash % img->gnu_nbucket_];
if (sym_index >= img->gnu_symndx_) {
char *strings = (char *)img->strtab_start;
do {
ElfW(Sym) *sym = img->dynsym_start + sym_index;
if (((img->gnu_chain_[sym_index] ^ hash) >> 1) == 0 &&
name == strings + sym->st_name) {
return sym->st_value;
}
} while ((img->gnu_chain_[sym_index++] & 1) == 0);
}
}
return 0;
}
bool _load_symtabs(ElfImg *img) {
if (img->symtabs_) return true;
size_t valid_symtabs_amount = calculate_valid_symtabs_amount(img);
if (valid_symtabs_amount == 0) return false;
img->symtabs_ = (struct symtabs *)malloc(sizeof(struct symtabs) * valid_symtabs_amount);
if (!img->symtabs_) return false;
if (img->symtab_start != NULL && img->symstr_offset_for_symtab != 0) {
ElfW(Off) i = 0;
for (ElfW(Off) pos = 0; pos < img->symtab_count; pos++) {
unsigned int st_type = ELF_ST_TYPE(img->symtab_start[pos].st_info);
const char *st_name = offsetOf_char(img->header, img->symstr_offset_for_symtab + img->symtab_start[pos].st_name);
if ((st_type == STT_FUNC || st_type == STT_OBJECT) && img->symtab_start[pos].st_size) {
img->symtabs_[i].name = strdup(st_name);
img->symtabs_[i].sym = &img->symtab_start[pos];
i++;
}
}
}
return true;
}
ElfW(Addr) LinearLookup(ElfImg *img, const char *restrict name) {
size_t valid_symtabs_amount = calculate_valid_symtabs_amount(img);
if (valid_symtabs_amount == 0) return 0;
if (!_load_symtabs(img)) {
LOGE("Failed to load symtabs");
return 0;
}
for (size_t i = 0; i < valid_symtabs_amount; i++) {
if (strcmp(name, img->symtabs_[i].name) != 0) continue;
return img->symtabs_[i].sym->st_value;
}
return 0;
}
ElfW(Addr) LinearLookupByPrefix(ElfImg *img, const char *name) {
size_t valid_symtabs_amount = calculate_valid_symtabs_amount(img);
if (valid_symtabs_amount == 0) return 0;
if (!_load_symtabs(img)) {
LOGE("Failed to load symtabs");
return 0;
}
for (size_t i = 0; i < valid_symtabs_amount; i++) {
if (strlen(img->symtabs_[i].name) < strlen(name))
continue;
if (strncmp(img->symtabs_[i].name, name, strlen(name)) != 0)
continue;
return img->symtabs_[i].sym->st_value;
}
return 0;
}
ElfW(Addr) getSymbOffset(ElfImg *img, const char *name) {
ElfW(Addr) offset = GnuLookup(img, name, GnuHash(name));
if (offset > 0) return offset;
offset = ElfLookup(img, name, ElfHash(name));
if (offset > 0) return offset;
offset = LinearLookup(img, name);
if (offset > 0) return offset;
return 0;
}
ElfW(Addr) getSymbAddress(ElfImg *img, const char *name) {
ElfW(Addr) offset = getSymbOffset(img, name);
if (offset == 0 || !img->base) return 0;
return ((uintptr_t)img->base + offset - img->bias);
}
ElfW(Addr) getSymbAddressByPrefix(ElfImg *img, const char *prefix) {
ElfW(Addr) offset = LinearLookupByPrefix(img, prefix);
if (offset < 0 || !img->base) return 0;
return (ElfW(Addr))((uintptr_t)img->base + offset - img->bias);
}
void *getSymbValueByPrefix(ElfImg *img, const char *prefix) {
ElfW(Addr) address = getSymbAddressByPrefix(img, prefix);
return address == 0 ? NULL : *((void **)address);
}

122
loader/src/common/files.cpp
View File

@@ -1,122 +0,0 @@
#include <sys/sysmacros.h>
#include "files.hpp"
#include "misc.hpp"
using namespace std::string_view_literals;
void file_readline(bool trim, FILE *fp, const std::function<bool(std::string_view)> &fn) {
size_t len = 1024;
char *buf = (char *) malloc(len);
char *start;
ssize_t read;
while ((read = getline(&buf, &len, fp)) >= 0) {
start = buf;
if (trim) {
while (read && "\n\r "sv.find(buf[read - 1]) != std::string::npos)
--read;
buf[read] = '\0';
while (*start == ' ')
++start;
}
if (!fn(start))
break;
}
free(buf);
}
void file_readline(bool trim, const char *file, const std::function<bool(std::string_view)> &fn) {
if (auto fp = open_file(file, "re"))
file_readline(trim, fp.get(), fn);
}
void file_readline(const char *file, const std::function<bool(std::string_view)> &fn) {
file_readline(false, file, fn);
}
std::vector<mount_info> parse_mount_info(const char *pid) {
char buf[PATH_MAX] = {};
snprintf(buf, sizeof(buf), "/proc/%s/mountinfo", pid);
std::vector<mount_info> result;
file_readline(buf, [&result](std::string_view line) -> bool {
int root_start = 0, root_end = 0;
int target_start = 0, target_end = 0;
int vfs_option_start = 0, vfs_option_end = 0;
int type_start = 0, type_end = 0;
int source_start = 0, source_end = 0;
int fs_option_start = 0, fs_option_end = 0;
int optional_start = 0, optional_end = 0;
unsigned int id, parent, maj, min;
sscanf(line.data(),
"%u " // (1) id
"%u " // (2) parent
"%u:%u " // (3) maj:min
"%n%*s%n " // (4) mountroot
"%n%*s%n " // (5) target
"%n%*s%n" // (6) vfs options (fs-independent)
"%n%*[^-]%n - " // (7) optional fields
"%n%*s%n " // (8) FS type
"%n%*s%n " // (9) source
"%n%*s%n", // (10) fs options (fs specific)
&id, &parent, &maj, &min, &root_start, &root_end, &target_start,
&target_end, &vfs_option_start, &vfs_option_end,
&optional_start, &optional_end, &type_start, &type_end,
&source_start, &source_end, &fs_option_start, &fs_option_end);
auto root = line.substr(root_start, root_end - root_start);
auto target = line.substr(target_start, target_end - target_start);
auto vfs_option =
line.substr(vfs_option_start, vfs_option_end - vfs_option_start);
++optional_start;
--optional_end;
auto optional = line.substr(
optional_start,
optional_end - optional_start > 0 ? optional_end - optional_start : 0);
auto type = line.substr(type_start, type_end - type_start);
auto source = line.substr(source_start, source_end - source_start);
auto fs_option =
line.substr(fs_option_start, fs_option_end - fs_option_start);
unsigned int shared = 0;
unsigned int master = 0;
unsigned int propagate_from = 0;
if (auto pos = optional.find("shared:"); pos != std::string_view::npos) {
shared = parse_int(optional.substr(pos + 7));
}
if (auto pos = optional.find("master:"); pos != std::string_view::npos) {
master = parse_int(optional.substr(pos + 7));
}
if (auto pos = optional.find("propagate_from:");
pos != std::string_view::npos) {
propagate_from = parse_int(optional.substr(pos + 15));
}
result.emplace_back(mount_info {
.id = id,
.parent = parent,
.device = static_cast<dev_t>(makedev(maj, min)),
.root {root},
.target {target},
.vfs_option {vfs_option},
.optional {
.shared = shared,
.master = master,
.propagate_from = propagate_from,
},
.type {type},
.source {source},
.fs_option {fs_option},
});
return true;
});
return result;
}
sDIR make_dir(DIR *dp) {
return sDIR(dp, [](DIR *dp){ return dp ? closedir(dp) : 1; });
}
sFILE make_file(FILE *fp) {
return sFILE(fp, [](FILE *fp){ return fp ? fclose(fp) : 1; });
}

36
loader/src/common/logging.cpp
View File

@@ -1,36 +0,0 @@
#include <android/log.h>
#include <unistd.h>
#include "logging.h"
#include "socket_utils.h"
namespace logging {
static int logfd = -1;
void setfd(int fd) {
close(logfd);
logfd = fd;
}
int getfd() {
return logfd;
}
void log(int prio, const char* tag, const char* fmt, ...) {
if (logfd == -1) {
va_list ap;
va_start(ap, fmt);
__android_log_vprint(prio, tag, fmt, ap);
va_end(ap);
} else {
char buf[BUFSIZ];
va_list ap;
va_start(ap, fmt);
vsnprintf(buf, sizeof(buf), fmt, ap);
va_end(ap);
socket_utils::write_u8(logfd, prio);
socket_utils::write_string(logfd, tag);
socket_utils::write_string(logfd, buf);
}
}
}

14
loader/src/common/misc.c Normal file
View File

@@ -0,0 +1,14 @@
int parse_int(const char *str) {
int val = 0;
char *c = (char *)str;
while (*c) {
if (*c > '9' || *c < '0')
return -1;
val = val * 10 + *c - '0';
c++;
}
return val;
}

49
loader/src/common/misc.cpp
View File

@@ -1,49 +0,0 @@
#include "misc.hpp"
int new_daemon_thread(thread_entry entry, void *arg) {
pthread_t thread;
pthread_attr_t attr;
pthread_attr_init(&attr);
pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
errno = pthread_create(&thread, &attr, entry, arg);
if (errno) {
PLOGE("pthread_create");
}
return errno;
}
int parse_int(std::string_view s) {
int val = 0;
for (char c : s) {
if (!c) break;
if (c > '9' || c < '0')
return -1;
val = val * 10 + c - '0';
}
return val;
}
std::list<std::string> split_str(std::string_view s, std::string_view delimiter) {
std::list<std::string> ret;
size_t pos = 0;
while (pos < s.size()) {
auto next = s.find(delimiter, pos);
if (next == std::string_view::npos) {
ret.emplace_back(s.substr(pos));
break;
}
ret.emplace_back(s.substr(pos, next - pos));
pos = next + delimiter.size();
}
return ret;
}
std::string join_str(const std::list<std::string>& list, std::string_view delimiter) {
std::string ret;
for (auto& s : list) {
if (!ret.empty())
ret += delimiter;
ret += s;
}
return ret;
}

95
loader/src/common/socket_utils.c Normal file
View File

@@ -0,0 +1,95 @@
#include <stdlib.h>
#include <errno.h>
#include <sys/socket.h>
#include <unistd.h>
#include "logging.h"
#include "socket_utils.h"
/* TODO: Standardize how to log errors */
int read_fd(int fd) {
char cmsgbuf[CMSG_SPACE(sizeof(int))];
int cnt = 1;
struct iovec iov = {
.iov_base = &cnt,
.iov_len = sizeof(cnt)
};
struct msghdr msg = {
.msg_iov = &iov,
.msg_iovlen = 1,
.msg_control = cmsgbuf,
.msg_controllen = sizeof(cmsgbuf)
};
ssize_t ret = recvmsg(fd, &msg, MSG_WAITALL);
if (ret == -1) {
PLOGE("recvmsg");
return -1;
}
struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg);
if (cmsg == NULL) {
PLOGE("CMSG_FIRSTHDR");
return -1;
}
int sendfd;
memcpy(&sendfd, CMSG_DATA(cmsg), sizeof(int));
return sendfd;
}
char *read_string(int fd) {
size_t str_len = 0;
ssize_t read_bytes = read(fd, &str_len, sizeof(size_t));
if (read_bytes != (ssize_t)sizeof(size_t)) {
LOGE("Failed to read string length: Not all bytes were read (%zd != %zu).\n", read_bytes, sizeof(size_t));
return NULL;
}
char *buf = malloc(str_len + 1);
if (buf == NULL) {
PLOGE("allocate memory for string");
return NULL;
}
read_bytes = read(fd, buf, str_len);
if (read_bytes != (ssize_t)str_len) {
LOGE("Failed to read string: Promised bytes doesn't exist (%zd != %zu).\n", read_bytes, str_len);
free(buf);
return NULL;
}
if (str_len > 0) buf[str_len] = '\0';
return buf;
}
#define write_func(type) \
ssize_t write_## type(int fd, type val) { \
return write(fd, &val, sizeof(type)); \
}
#define read_func(type) \
ssize_t read_## type(int fd, type *val) { \
return read(fd, val, sizeof(type)); \
}
write_func(uint8_t)
read_func(uint8_t)
write_func(uint32_t)
read_func(uint32_t)
write_func(size_t)
read_func(size_t)

135
loader/src/common/socket_utils.cpp
View File

@@ -1,135 +0,0 @@
#include <cstddef>
#include <sys/socket.h>
#include <unistd.h>
#include "socket_utils.h"
namespace socket_utils {
ssize_t xread(int fd, void* buf, size_t count) {
size_t read_sz = 0;
ssize_t ret;
do {
ret = read(fd, (std::byte*) buf + read_sz, count - read_sz);
if (ret < 0) {
if (errno == EINTR) continue;
PLOGE("read");
return ret;
}
read_sz += ret;
} while (read_sz != count && ret != 0);
if (read_sz != count) {
PLOGE("read (%zu != %zu)", count, read_sz);
}
return read_sz;
}
size_t xwrite(int fd, const void* buf, size_t count) {
size_t write_sz = 0;
ssize_t ret;
do {
ret = write(fd, (std::byte*) buf + write_sz, count - write_sz);
if (ret < 0) {
if (errno == EINTR) continue;
PLOGE("write");
return write_sz;
}
write_sz += ret;
} while (write_sz != count && ret != 0);
if (write_sz != count) {
PLOGE("write (%zu != %zu)", count, write_sz);
}
return write_sz;
}
ssize_t xrecvmsg(int sockfd, struct msghdr* msg, int flags) {
int rec = recvmsg(sockfd, msg, flags);
if (rec < 0) PLOGE("recvmsg");
return rec;
}
void* recv_fds(int sockfd, char* cmsgbuf, size_t bufsz, int cnt) {
iovec iov = {
.iov_base = &cnt,
.iov_len = sizeof(cnt),
};
msghdr msg = {
.msg_iov = &iov,
.msg_iovlen = 1,
.msg_control = cmsgbuf,
.msg_controllen = bufsz
};
xrecvmsg(sockfd, &msg, MSG_WAITALL);
cmsghdr* cmsg = CMSG_FIRSTHDR(&msg);
if (msg.msg_controllen != bufsz ||
cmsg == nullptr ||
// TODO: pass from rust: 20, expected: 16
// cmsg->cmsg_len != CMSG_LEN(sizeof(int) * cnt) ||
cmsg->cmsg_level != SOL_SOCKET ||
cmsg->cmsg_type != SCM_RIGHTS) {
return nullptr;
}
return CMSG_DATA(cmsg);
}
template<typename T>
inline T read_exact_or(int fd, T fail) {
T res;
return sizeof(T) == xread(fd, &res, sizeof(T)) ? res : fail;
}
template<typename T>
inline bool write_exact(int fd, T val) {
return sizeof(T) == xwrite(fd, &val, sizeof(T));
}
uint8_t read_u8(int fd) {
return read_exact_or<uint8_t>(fd, 0);
}
uint32_t read_u32(int fd) {
return read_exact_or<uint32_t>(fd, 0);
}
size_t read_usize(int fd) {
return read_exact_or<size_t>(fd, 0);
}
bool write_usize(int fd, size_t val) {
return write_exact<size_t>(fd, val);
}
std::string read_string(int fd) {
auto len = read_usize(fd);
char buf[len + 1];
buf[len] = '\0';
xread(fd, buf, len);
return buf;
}
bool write_u8(int fd, uint8_t val) {
return write_exact<uint8_t>(fd, val);
}
bool write_u32(int fd, uint32_t val) {
return write_exact<uint32_t>(fd, val);
}
bool write_string(int fd, std::string_view str) {
return write_usize(fd, str.size()) && str.size() == xwrite(fd, str.data(), str.size());
}
int recv_fd(int sockfd) {
char cmsgbuf[CMSG_SPACE(sizeof(int))];
void* data = recv_fds(sockfd, cmsgbuf, sizeof(cmsgbuf), 1);
if (data == nullptr) return -1;
int result;
memcpy(&result, data, sizeof(int));
return result;
}
}

2
loader/src/external/lsplt vendored

Submodule loader/src/external/lsplt updated: 5d2b820cf9...984804293e

144
loader/src/include/daemon.h
View File

@@ -1,84 +1,90 @@
#pragma once
#ifndef DAEMON_H
#define DAEMON_H
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
#include <stdbool.h>
#include <string_view>
#include <string>
#include <unistd.h>
#include <vector>
#if defined(__LP64__)
# define LP_SELECT(lp32, lp64) lp64
#ifdef __LP64__
#define LP_SELECT(lp32, lp64) lp64
#else
# define LP_SELECT(lp32, lp64) lp32
#define LP_SELECT(lp32, lp64) lp32
#endif
constexpr auto kCPSocketName = "/" LP_SELECT("cp32", "cp64") ".sock";
#define SOCKET_FILE_NAME LP_SELECT("cp32", "cp64") ".sock"
class UniqueFd {
using Fd = int;
public:
UniqueFd() = default;
UniqueFd(Fd fd) : fd_(fd) {}
~UniqueFd() { if (fd_ >= 0) close(fd_); }
// Disallow copy
UniqueFd(const UniqueFd&) = delete;
UniqueFd& operator=(const UniqueFd&) = delete;
// Allow move
UniqueFd(UniqueFd&& other) { std::swap(fd_, other.fd_); }
UniqueFd& operator=(UniqueFd&& other) {
std::swap(fd_, other.fd_);
return *this;
}
// Implict cast to Fd
operator const Fd&() const { return fd_; }
private:
Fd fd_ = -1;
enum rezygiskd_actions {
PingHeartbeat,
GetProcessFlags,
GetInfo,
ReadModules,
RequestCompanionSocket,
GetModuleDir,
ZygoteRestart,
SystemServerStarted,
UpdateMountNamespace
};
namespace zygiskd {
struct zygisk_modules {
char **modules;
size_t modules_count;
};
struct Module {
std::string name;
UniqueFd memfd;
enum root_impl {
ROOT_IMPL_NONE,
ROOT_IMPL_APATCH,
ROOT_IMPL_KERNELSU,
ROOT_IMPL_MAGISK
};
inline explicit Module(std::string name, int memfd) : name(name), memfd(memfd) {}
};
struct rezygisk_info {
struct zygisk_modules *modules;
enum root_impl root_impl;
pid_t pid;
bool running;
};
enum class SocketAction {
PingHeartBeat,
RequestLogcatFd,
GetProcessFlags,
ReadModules,
RequestCompanionSocket,
GetModuleDir,
ZygoteRestart,
SystemServerStarted,
};
enum mount_namespace_state {
Clean,
Mounted
};
void Init(const char *path);
#define TMP_PATH "/data/adb/rezygisk"
std::string GetTmpPath();
bool PingHeartbeat();
int RequestLogcatFd();
std::vector<Module> ReadModules();
uint32_t GetProcessFlags(uid_t uid);
int ConnectCompanion(size_t index);
int GetModuleDir(size_t index);
void ZygoteRestart();
void SystemServerStarted();
static inline const char *rezygiskd_get_path() {
return TMP_PATH;
}
int rezygiskd_connect(uint8_t retry);
bool rezygiskd_ping();
uint32_t rezygiskd_get_process_flags(uid_t uid);
void rezygiskd_get_info(struct rezygisk_info *info);
void free_rezygisk_info(struct rezygisk_info *info);
bool rezygiskd_read_modules(struct zygisk_modules *modules);
void free_modules(struct zygisk_modules *modules);
int rezygiskd_connect_companion(size_t index);
int rezygiskd_get_module_dir(size_t index);
void rezygiskd_zygote_restart();
void rezygiskd_system_server_started();
bool rezygiskd_update_mns(enum mount_namespace_state nms_state, char *buf, size_t buf_size);
#ifdef __cplusplus
}
#endif /* __cplusplus */
#endif /* DAEMON_H */

7
loader/src/include/dl.h
View File

@@ -1,7 +0,0 @@
#pragma once
#include <dlfcn.h>
void *DlopenExt(const char *path, int flags);
void *DlopenMem(int memfd, int flags);

74
loader/src/include/elf_util.h Normal file
View File

@@ -0,0 +1,74 @@
#ifndef ELF_UTIL_H
#define ELF_UTIL_H
#include <string.h>
#include <link.h>
#include <linux/elf.h>
#include <sys/types.h>
#define SHT_GNU_HASH 0x6ffffff6
struct symtabs {
char *name;
ElfW(Sym) *sym;
};
typedef struct {
char *elf;
void *base;
char *buffer;
off_t size;
off_t bias;
ElfW(Ehdr) *header;
ElfW(Shdr) *section_header;
ElfW(Shdr) *symtab;
ElfW(Shdr) *strtab;
ElfW(Shdr) *dynsym;
ElfW(Sym) *symtab_start;
ElfW(Sym) *dynsym_start;
ElfW(Sym) *strtab_start;
ElfW(Off) symtab_count;
ElfW(Off) symstr_offset;
ElfW(Off) symstr_offset_for_symtab;
ElfW(Off) symtab_offset;
ElfW(Off) dynsym_offset;
ElfW(Off) symtab_size;
uint32_t nbucket_;
uint32_t *bucket_;
uint32_t *chain_;
uint32_t gnu_nbucket_;
uint32_t gnu_symndx_;
uint32_t gnu_bloom_size_;
uint32_t gnu_shift2_;
uintptr_t *gnu_bloom_filter_;
uint32_t *gnu_bucket_;
uint32_t *gnu_chain_;
struct symtabs *symtabs_;
} ElfImg;
void ElfImg_destroy(ElfImg *img);
ElfImg *ElfImg_create(const char *elf);
ElfW(Addr) ElfLookup(ElfImg *restrict img, const char *restrict name, uint32_t hash);
ElfW(Addr) GnuLookup(ElfImg *restrict img, const char *restrict name, uint32_t hash);
ElfW(Addr) LinearLookup(ElfImg *restrict img, const char *restrict name);
ElfW(Addr) LinearLookupByPrefix(ElfImg *restrict img, const char *name);
int dl_cb(struct dl_phdr_info *info, size_t size, void *data);
ElfW(Addr) getSymbOffset(ElfImg *img, const char *name);
ElfW(Addr) getSymbAddress(ElfImg *img, const char *name);
ElfW(Addr) getSymbAddressByPrefix(ElfImg *img, const char *prefix);
void *getSymbValueByPrefix(ElfImg *img, const char *prefix);
#endif /* ELF_UTIL_H */

56
loader/src/include/files.hpp
View File

@@ -1,56 +0,0 @@
#include <dirent.h>
#include <functional>
#include <string>
#include <vector>
struct mount_info {
unsigned int id;
unsigned int parent;
dev_t device;
std::string root;
std::string target;
std::string vfs_option;
struct {
unsigned int shared;
unsigned int master;
unsigned int propagate_from;
} optional;
std::string type;
std::string source;
std::string fs_option;
};
void file_readline(bool trim, FILE *fp, const std::function<bool(std::string_view)> &fn);
void file_readline(bool trim, const char *file, const std::function<bool(std::string_view)> &fn);
void file_readline(const char *file, const std::function<bool(std::string_view)> &fn);
std::vector<mount_info> parse_mount_info(const char *pid);
using sFILE = std::unique_ptr<FILE, decltype(&fclose)>;
using sDIR = std::unique_ptr<DIR, decltype(&closedir)>;
sDIR make_dir(DIR *dp);
sFILE make_file(FILE *fp);
static inline sDIR open_dir(const char *path) {
return make_dir(opendir(path));
}
static inline sDIR xopen_dir(const char *path) {
return make_dir(opendir(path));
}
static inline sDIR xopen_dir(int dirfd) {
return make_dir(fdopendir(dirfd));
}
static inline sFILE open_file(const char *path, const char *mode) {
return make_file(fopen(path, mode));
}
static inline sFILE xopen_file(const char *path, const char *mode) {
return make_file(fopen(path, mode));
}
static inline sFILE xopen_file(int fd, const char *mode) {
return make_file(fdopen(fd, mode));
}

39
loader/src/include/logging.h
View File

@@ -1,35 +1,30 @@
#pragma once
#ifndef LOGGING_H
#define LOGGING_H
#include <android/log.h>
#include <errno.h>
#include <string.h>
#ifndef LOG_TAG
#if defined(__LP64__)
# define LOG_TAG "zygisk-core64"
#else
# define LOG_TAG "zygisk-core32"
#endif
#ifdef __LP64__
#define LOG_TAG "zygisk-core64"
#else
#define LOG_TAG "zygisk-core32"
#endif
#endif
#ifndef NDEBUG
#define LOGD(...) logging::log(ANDROID_LOG_DEBUG, LOG_TAG, __VA_ARGS__)
#define LOGV(...) logging::log(ANDROID_LOG_VERBOSE, LOG_TAG, __VA_ARGS__)
#define LOGD(...) __android_log_print(ANDROID_LOG_DEBUG, LOG_TAG, __VA_ARGS__)
#define LOGV(...) __android_log_print(ANDROID_LOG_VERBOSE, LOG_TAG, __VA_ARGS__)
#else
#define LOGD(...)
#define LOGV(...)
#define LOGD(...)
#define LOGV(...)
#endif
#define LOGI(...) logging::log(ANDROID_LOG_INFO, LOG_TAG, __VA_ARGS__)
#define LOGW(...) logging::log(ANDROID_LOG_WARN, LOG_TAG, __VA_ARGS__)
#define LOGE(...) logging::log(ANDROID_LOG_ERROR, LOG_TAG, __VA_ARGS__)
#define LOGF(...) logging::log(ANDROID_LOG_FATAL, LOG_TAG, __VA_ARGS__)
#define LOGI(...) __android_log_print(ANDROID_LOG_INFO, LOG_TAG, __VA_ARGS__)
#define LOGW(...) __android_log_print(ANDROID_LOG_WARN, LOG_TAG, __VA_ARGS__)
#define LOGE(...) __android_log_print(ANDROID_LOG_ERROR, LOG_TAG, __VA_ARGS__)
#define LOGF(...) __android_log_print(ANDROID_LOG_FATAL, LOG_TAG, __VA_ARGS__)
#define PLOGE(fmt, args...) LOGE(fmt " failed with %d: %s", ##args, errno, strerror(errno))
namespace logging {
void setfd(int fd);
int getfd();
[[gnu::format(printf, 3, 4)]]
void log(int prio, const char* tag, const char* fmt, ...);
}
#endif /* LOGGING_H */

17
loader/src/include/misc.h Normal file
View File

@@ -0,0 +1,17 @@
#ifndef MISC_H
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
/*
* Bionic's atoi runs through strtol().
* Use our own implementation for faster conversion.
*/
int parse_int(const char *str);
#ifdef __cplusplus
}
#endif /* __cplusplus */
#endif /* MISC_H */

98
loader/src/include/misc.hpp
View File

@@ -1,98 +0,0 @@
#pragma once
#include <list>
#include <memory>
#include <pthread.h>
#include <string>
#include <string_view>
#include "logging.h"
#define DISALLOW_COPY_AND_MOVE(clazz) \
clazz(const clazz &) = delete; \
clazz(clazz &&) = delete;
class mutex_guard {
DISALLOW_COPY_AND_MOVE(mutex_guard)
public:
explicit mutex_guard(pthread_mutex_t &m): mutex(&m) {
pthread_mutex_lock(mutex);
}
void unlock() {
pthread_mutex_unlock(mutex);
mutex = nullptr;
}
~mutex_guard() {
if (mutex) pthread_mutex_unlock(mutex);
}
private:
pthread_mutex_t *mutex;
};
using thread_entry = void *(*)(void *);
int new_daemon_thread(thread_entry entry, void *arg);
static inline bool str_contains(std::string_view s, std::string_view ss) {
return s.find(ss) != std::string_view::npos;
}
template<typename T, typename Impl>
class stateless_allocator {
public:
using value_type = T;
T *allocate(size_t num) { return static_cast<T*>(Impl::allocate(sizeof(T) * num)); }
void deallocate(T *ptr, size_t num) { Impl::deallocate(ptr, sizeof(T) * num); }
stateless_allocator() = default;
stateless_allocator(const stateless_allocator&) = default;
stateless_allocator(stateless_allocator&&) = default;
template <typename U>
stateless_allocator(const stateless_allocator<U, Impl>&) {}
bool operator==(const stateless_allocator&) { return true; }
bool operator!=(const stateless_allocator&) { return false; }
};
template <typename T>
class reversed_container {
public:
reversed_container(T &base) : base(base) {}
decltype(std::declval<T>().rbegin()) begin() { return base.rbegin(); }
decltype(std::declval<T>().crbegin()) begin() const { return base.crbegin(); }
decltype(std::declval<T>().crbegin()) cbegin() const { return base.crbegin(); }
decltype(std::declval<T>().rend()) end() { return base.rend(); }
decltype(std::declval<T>().crend()) end() const { return base.crend(); }
decltype(std::declval<T>().crend()) cend() const { return base.crend(); }
private:
T &base;
};
template <typename T>
reversed_container<T> reversed(T &base) {
return reversed_container<T>(base);
}
template<class T>
static inline void default_new(T *&p) { p = new T(); }
template<class T>
static inline void default_new(std::unique_ptr<T> &p) { p.reset(new T()); }
struct StringCmp {
using is_transparent = void;
bool operator()(std::string_view a, std::string_view b) const { return a < b; }
};
/*
* Bionic's atoi runs through strtol().
* Use our own implementation for faster conversion.
*/
int parse_int(std::string_view s);
std::list<std::string> split_str(std::string_view s, std::string_view delimiter);
std::string join_str(const std::list<std::string>& list, std::string_view delimiter);
template <typename T>
static inline T align_to(T v, int a) {
static_assert(std::is_integral<T>::value);
return (v + a - 1) / a * a;
}

33
loader/src/include/native_bridge_callbacks.h
View File

@@ -1,33 +0,0 @@
#pragma once
#include <android/api-level.h>
#include <cstdint>
template<unsigned>
struct NativeBridgeCallbacks;
template<>
struct NativeBridgeCallbacks<__ANDROID_API_Q__> {
[[maybe_unused]] uint32_t version;
[[maybe_unused]] void *initialize;
[[maybe_unused]] void *loadLibrary;
[[maybe_unused]] void *getTrampoline;
[[maybe_unused]] void *isSupported;
[[maybe_unused]] void *getAppEnv;
[[maybe_unused]] void *isCompatibleWith;
[[maybe_unused]] void *getSignalHandler;
[[maybe_unused]] void *unloadLibrary;
[[maybe_unused]] void *getError;
[[maybe_unused]] void *isPathSupported;
[[maybe_unused]] void *initAnonymousNamespace;
[[maybe_unused]] void *createNamespace;
[[maybe_unused]] void *linkNamespaces;
[[maybe_unused]] void *loadLibraryExt;
[[maybe_unused]] void *getVendorNamespace;
[[maybe_unused]] void *getExportedNamespace;
};
template<>
struct NativeBridgeCallbacks<__ANDROID_API_R__> : NativeBridgeCallbacks<__ANDROID_API_Q__> {
[[maybe_unused]] void *preZygoteFork;
};

40
loader/src/include/socket_utils.h
View File

@@ -1,31 +1,25 @@
#pragma once
#ifndef SOCKET_UTILS_H
#define SOCKET_UTILS_H
#include <string>
#include <string_view>
#include <stdint.h>
#include "logging.h"
int read_fd(int fd);
char *read_string(int fd);
namespace socket_utils {
#define write_func_def(type) \
ssize_t write_## type(int fd, type val)
ssize_t xread(int fd, void *buf, size_t count);
#define read_func_def(type) \
ssize_t read_## type(int fd, type *val)
size_t xwrite(int fd, const void *buf, size_t count);
write_func_def(uint8_t);
read_func_def(uint8_t);
uint8_t read_u8(int fd);
write_func_def(uint32_t);
read_func_def(uint32_t);
uint32_t read_u32(int fd);
write_func_def(size_t);
read_func_def(size_t);
size_t read_usize(int fd);
std::string read_string(int fd);
bool write_u8(int fd, uint8_t val);
bool write_u32(int fd, uint32_t val);
int recv_fd(int fd);
bool write_usize(int fd, size_t val);
bool write_string(int fd, std::string_view str);
}
#endif /* SOCKET_UTILS_H */

1
loader/src/injector/art_method.hpp
View File

@@ -1,5 +1,6 @@
#pragma once
#include "logging.h"
#include "jni_helper.hpp"
template <typename T>

23
loader/src/injector/entry.cpp
View File

@@ -1,27 +1,26 @@
#include "daemon.h"
#include "logging.h"
#include "zygisk.hpp"
#include "module.hpp"
using namespace std;
void *self_handle = nullptr;
void *start_addr = nullptr;
size_t block_size = 0;
extern "C" [[gnu::visibility("default")]]
void entry(void* handle, const char* path) {
LOGI("Zygisk library injected, version %s", ZKSU_VERSION);
self_handle = handle;
zygiskd::Init(path);
void entry(void* addr, size_t size, const char* path) {
LOGD("Zygisk library injected, version %s", ZKSU_VERSION);
if (!zygiskd::PingHeartbeat()) {
start_addr = addr;
block_size = size;
if (!rezygiskd_ping()) {
LOGE("Zygisk daemon is not running");
return;
}
#ifdef NDEBUG
logging::setfd(zygiskd::RequestLogcatFd());
#endif
LOGI("Start hooking");
LOGD("start plt hooking");
hook_functions();
clean_trace(path, 1, 0, false);
}

22
loader/src/injector/gen_jni_hooks.py
View File

@@ -1,7 +1,5 @@
#!/usr/bin/env python3
# keep sync with https://github.com/topjohnwu/Magisk/blob/master/native/src/core/zygisk/gen_jni_hooks.py
primitives = ['jint', 'jboolean', 'jlong']
class JType:
@@ -79,6 +77,7 @@ jintArray = JArray(jint)
jstring = JType('jstring', 'Ljava/lang/String;')
jboolean = JType('jboolean', 'Z')
jlong = JType('jlong', 'J')
jlongArray = JArray(jlong)
void = JType('void', 'V')
class ForkAndSpec(JNIHook):
@@ -89,7 +88,7 @@ class ForkAndSpec(JNIHook):
return 'nativeForkAndSpecialize'
def init_args(self):
return 'AppSpecializeArgs_v3 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);'
return 'AppSpecializeArgs_v5 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);'
def body(self):
decl = ''
@@ -212,6 +211,17 @@ server_l = ForkServer('l', [uid, gid, gids, runtime_flags, rlimits,
server_samsung_q = ForkServer('samsung_q', [uid, gid, gids, runtime_flags, Anon(jint), Anon(jint), rlimits,
permitted_capabilities, effective_capabilities])
# GrapheneOS Android 14 Support
server_grapheneos_u = ForkServer('grapheneos_u', [uid, gid, gids, runtime_flags, rlimits, permitted_capabilities, effective_capabilities])
fas_grapheneos_u = ForkAndSpec('grapheneos_u', [uid, gid, gids, runtime_flags, rlimits, mount_external,
se_info, nice_name, fds_to_close, fds_to_ignore, is_child_zygote, instruction_set, app_data_dir,
is_top_app, pkg_data_info_list, whitelisted_data_info_list, mount_data_dirs, mount_storage_dirs, mount_sysprop_overrides, Anon(jlongArray)])
spec_grapheneos_u = SpecApp('grapheneos_u', [uid, gid, gids, runtime_flags, rlimits, mount_external,
se_info, nice_name, is_child_zygote, instruction_set, app_data_dir, is_top_app, pkg_data_info_list,
whitelisted_data_info_list, mount_data_dirs, mount_storage_dirs, mount_sysprop_overrides, Anon(jlongArray)])
hook_map = {}
def gen_jni_def(clz, methods):
@@ -247,13 +257,13 @@ with open('jni_hooks.hpp', 'w') as f:
zygote = 'com/android/internal/os/Zygote'
methods = [fas_l, fas_o, fas_p, fas_q_alt, fas_r, fas_u, fas_samsung_m, fas_samsung_n, fas_samsung_o, fas_samsung_p]
methods = [fas_l, fas_o, fas_p, fas_q_alt, fas_r, fas_u, fas_samsung_m, fas_samsung_n, fas_samsung_o, fas_samsung_p, fas_grapheneos_u]
f.write(gen_jni_def(zygote, methods))
methods = [spec_q, spec_q_alt, spec_r, spec_u, spec_samsung_q]
methods = [spec_q, spec_q_alt, spec_r, spec_u, spec_samsung_q, spec_grapheneos_u]
f.write(gen_jni_def(zygote, methods))
methods = [server_l, server_samsung_q]
methods = [server_l, server_samsung_q, server_grapheneos_u]
f.write(gen_jni_def(zygote, methods))
f.write('\n} // namespace\n')

399
loader/src/injector/hook.cpp
View File

@@ -1,4 +1,3 @@
#include <android/dlext.h>
#include <sys/mount.h>
#include <dlfcn.h>
#include <regex.h>
@@ -6,21 +5,26 @@
#include <list>
#include <map>
#include <array>
#include <vector>
#include <lsplt.hpp>
#include <fcntl.h>
#include <dirent.h>
#include <sys/types.h>
#include <sys/prctl.h>
#include <sys/stat.h>
#include <sys/mman.h>
#include <unistd.h>
#include "dl.h"
#include <unistd.h>
#include <pthread.h>
#include "daemon.h"
#include "zygisk.hpp"
#include "module.hpp"
#include "files.hpp"
#include "misc.hpp"
#include "misc.h"
#include "solist.h"
#include "art_method.hpp"
@@ -57,7 +61,7 @@ struct ZygiskContext {
JNIEnv *env;
union {
void *ptr;
AppSpecializeArgs_v3 *app;
AppSpecializeArgs_v5 *app;
ServerSpecializeArgs_v1 *server;
} args;
@@ -118,8 +122,9 @@ struct ZygiskContext {
// Global variables
vector<tuple<dev_t, ino_t, const char *, void **>> *plt_hook_list;
map<string, vector<JNINativeMethod>, StringCmp> *jni_hook_list;
map<string, vector<JNINativeMethod>> *jni_hook_list;
bool should_unmap_zygisk = false;
std::vector<lsplt::MapInfo> cached_map_infos = {};
} // namespace
@@ -134,6 +139,41 @@ DCL_HOOK_FUNC(int, fork) {
return (g_ctx && g_ctx->pid >= 0) ? g_ctx->pid : old_fork();
}
bool update_mnt_ns(enum mount_namespace_state mns_state, bool dry_run) {
char ns_path[PATH_MAX];
if (rezygiskd_update_mns(mns_state, ns_path, sizeof(ns_path)) == false) {
PLOGE("Failed to update mount namespace");
return false;
}
if (dry_run) return true;
int updated_ns = open(ns_path, O_RDONLY);
if (updated_ns == -1) {
PLOGE("Failed to open mount namespace [%s]", ns_path);
return false;
}
const char *mns_state_str = NULL;
if (mns_state == Clean) mns_state_str = "clean";
else if (mns_state == Mounted) mns_state_str = "mounted";
else mns_state_str = "unknown";
LOGD("set mount namespace to [%s] fd=[%d]: %s", ns_path, updated_ns, mns_state_str);
if (setns(updated_ns, CLONE_NEWNS) == -1) {
PLOGE("Failed to set mount namespace [%s]", ns_path);
close(updated_ns);
return false;
}
close(updated_ns);
return true;
}
// Unmount stuffs in the process's private mount namespace
DCL_HOOK_FUNC(int, unshare, int flags) {
int res = old_unshare(flags);
@@ -141,53 +181,55 @@ DCL_HOOK_FUNC(int, unshare, int flags) {
// For some unknown reason, unmounting app_process in SysUI can break.
// This is reproducible on the official AVD running API 26 and 27.
// Simply avoid doing any unmounts for SysUI to avoid potential issues.
(g_ctx->info_flags & PROCESS_IS_SYS_UI) == 0) {
if (g_ctx->flags[DO_REVERT_UNMOUNT]) {
if (g_ctx->info_flags & PROCESS_ROOT_IS_KSU) {
revert_unmount_ksu();
} else if (g_ctx->info_flags & PROCESS_ROOT_IS_MAGISK) {
revert_unmount_magisk();
}
!g_ctx->flags[SERVER_FORK_AND_SPECIALIZE] && !(g_ctx->info_flags & PROCESS_IS_FIRST_STARTED)) {
/* INFO: There might be cases, specifically in Magisk, where the app is in
DenyList but also has root privileges. For those, it is up to the
user remove it, and the weird behavior is expected, as the weird
user behavior. */
/* INFO: For cases like Magisk, where you can only give an app SU if it was
either requested before or if it's not in DenyList, we cannot
umount it, or else it will not be (easily) possible to give new
apps SU. Apps that are not marked in APatch/KernelSU to be umounted
are also expected to have AP/KSU mounts there, so we will follow the
same idea by not umounting any mount. */
if (g_ctx->info_flags & (PROCESS_IS_MANAGER | PROCESS_GRANTED_ROOT) || !(g_ctx->flags[DO_REVERT_UNMOUNT])) {
update_mnt_ns(Mounted, false);
}
/* Zygisksu changed: No umount app_process */
// Restore errno back to 0
errno = 0;
old_unshare(CLONE_NEWNS);
}
/* INFO: To spoof the errno value */
errno = 0;
return res;
}
// Close logd_fd if necessary to prevent crashing
// For more info, check comments in zygisk_log_write
DCL_HOOK_FUNC(void, android_log_close) {
if (g_ctx == nullptr) {
// Happens during un-managed fork like nativeForkApp, nativeForkUsap
logging::setfd(-1);
} else if (!g_ctx->flags[SKIP_FD_SANITIZATION]) {
logging::setfd(-1);
}
old_android_log_close();
}
// We cannot directly call `dlclose` to unload ourselves, otherwise when `dlclose` returns,
// it will return to our code which has been unmapped, causing segmentation fault.
// Instead, we hook `pthread_attr_destroy` which will be called when VM daemon threads start.
DCL_HOOK_FUNC(int, pthread_attr_destroy, void *target) {
int res = old_pthread_attr_destroy((pthread_attr_t *)target);
// Instead, we hook `pthread_attr_setstacksize` which will be called when VM daemon threads start.
DCL_HOOK_FUNC(int, pthread_attr_setstacksize, void *target, size_t size) {
int res = old_pthread_attr_setstacksize((pthread_attr_t *)target, size);
LOGV("Call pthread_attr_setstacksize in [tid, pid]: %d, %d", gettid(), getpid());
// Only perform unloading on the main thread
if (gettid() != getpid())
return res;
LOGV("pthread_attr_destroy\n");
if (should_unmap_zygisk) {
unhook_functions();
cached_map_infos.clear();
if (should_unmap_zygisk) {
// Because both `pthread_attr_destroy` and `dlclose` have the same function signature,
// Because both `pthread_attr_setstacksize` and `dlclose` have the same function signature,
// we can use `musttail` to let the compiler reuse our stack frame and thus
// `dlclose` will directly return to the caller of `pthread_attr_destroy`.
[[clang::musttail]] return dlclose(self_handle);
// `dlclose` will directly return to the caller of `pthread_attr_setstacksize`.
LOGD("unmap libzygisk.so loaded at %p with size %zu", start_addr, block_size);
[[clang::musttail]] return munmap(start_addr, block_size);
}
}
@@ -197,10 +239,13 @@ DCL_HOOK_FUNC(int, pthread_attr_destroy, void *target) {
void initialize_jni_hook();
DCL_HOOK_FUNC(char *, strdup, const char *s) {
if (s == "com.android.internal.os.ZygoteInit"sv) {
LOGV("strdup %s\n", s);
initialize_jni_hook();
if (strcmp(s, "com.android.internal.os.ZygoteInit") == 0) {
LOGV("strdup %s", s);
initialize_jni_hook();
cached_map_infos = lsplt::MapInfo::Scan();
LOGD("cached_map_infos updated");
}
return old_strdup(s);
}
@@ -262,11 +307,11 @@ void initialize_jni_hook() {
auto get_created_java_vms = reinterpret_cast<jint (*)(JavaVM **, jsize, jsize *)>(
dlsym(RTLD_DEFAULT, "JNI_GetCreatedJavaVMs"));
if (!get_created_java_vms) {
for (auto &map: lsplt::MapInfo::Scan()) {
for (auto &map: cached_map_infos) {
if (!map.path.ends_with("/libnativehelper.so")) continue;
void *h = dlopen(map.path.data(), RTLD_LAZY);
if (!h) {
LOGW("cannot dlopen libnativehelper.so: %s\n", dlerror());
LOGW("cannot dlopen libnativehelper.so: %s", dlerror());
break;
}
get_created_java_vms = reinterpret_cast<decltype(get_created_java_vms)>(dlsym(h, "JNI_GetCreatedJavaVMs"));
@@ -274,7 +319,7 @@ void initialize_jni_hook() {
break;
}
if (!get_created_java_vms) {
LOGW("JNI_GetCreatedJavaVMs not found\n");
LOGW("JNI_GetCreatedJavaVMs not found");
return;
}
}
@@ -343,7 +388,7 @@ bool ZygiskModule::RegisterModuleImpl(ApiTable *api, long *module) {
api->v2.getFlags = [](auto) { return ZygiskModule::getFlags(); };
}
if (api_version >= 4) {
api->v4.pltHookCommit = lsplt::CommitHook;
api->v4.pltHookCommit = []() { return lsplt::CommitHook(cached_map_infos); };
api->v4.pltHookRegister = [](dev_t dev, ino_t inode, const char *symbol, void *fn, void **backup) {
if (dev == 0 || inode == 0 || symbol == nullptr || fn == nullptr)
return;
@@ -361,8 +406,9 @@ void ZygiskContext::plt_hook_register(const char *regex, const char *symbol, voi
regex_t re;
if (regcomp(&re, regex, REG_NOSUB) != 0)
return;
mutex_guard lock(hook_info_lock);
pthread_mutex_lock(&hook_info_lock);
register_info.emplace_back(RegisterInfo{re, symbol, fn, backup});
pthread_mutex_unlock(&hook_info_lock);
}
void ZygiskContext::plt_hook_exclude(const char *regex, const char *symbol) {
@@ -370,14 +416,15 @@ void ZygiskContext::plt_hook_exclude(const char *regex, const char *symbol) {
regex_t re;
if (regcomp(&re, regex, REG_NOSUB) != 0)
return;
mutex_guard lock(hook_info_lock);
pthread_mutex_lock(&hook_info_lock);
ignore_info.emplace_back(IgnoreInfo{re, symbol ?: ""});
pthread_mutex_unlock(&hook_info_lock);
}
void ZygiskContext::plt_hook_process_regex() {
if (register_info.empty())
return;
for (auto &map : lsplt::MapInfo::Scan()) {
for (auto &map : cached_map_infos) {
if (map.offset != 0 || !map.is_private || !(map.perms & PROT_READ)) continue;
for (auto &reg: register_info) {
if (regexec(&reg.regex, map.path.data(), 0, nullptr, 0) != 0)
@@ -400,12 +447,14 @@ void ZygiskContext::plt_hook_process_regex() {
bool ZygiskContext::plt_hook_commit() {
{
mutex_guard lock(hook_info_lock);
pthread_mutex_lock(&hook_info_lock);
plt_hook_process_regex();
register_info.clear();
ignore_info.clear();
pthread_mutex_unlock(&hook_info_lock);
}
return lsplt::CommitHook();
return lsplt::CommitHook(cached_map_infos);
}
@@ -426,12 +475,12 @@ bool ZygiskModule::valid() const {
/* Zygisksu changed: Use own zygiskd */
int ZygiskModule::connectCompanion() const {
return zygiskd::ConnectCompanion(id);
return rezygiskd_connect_companion(id);
}
/* Zygisksu changed: Use own zygiskd */
int ZygiskModule::getModuleDir() const {
return zygiskd::GetModuleDir(id);
return rezygiskd_get_module_dir(id);
}
void ZygiskModule::setOption(zygisk::Option opt) {
@@ -461,25 +510,38 @@ int sigmask(int how, int signum) {
}
void ZygiskContext::fork_pre() {
// Do our own fork before loading any 3rd party code
// First block SIGCHLD, unblock after original fork is done
/* INFO: Do our own fork before loading any 3rd party code.
First block SIGCHLD, unblock after original fork is done.
*/
sigmask(SIG_BLOCK, SIGCHLD);
pid = old_fork();
if (pid != 0 || flags[SKIP_FD_SANITIZATION])
return;
// Record all open fds
auto dir = xopen_dir("/proc/self/fd");
for (dirent *entry; (entry = readdir(dir.get()));) {
/* INFO: Record all open fds */
DIR *dir = opendir("/proc/self/fd");
if (dir == nullptr) {
PLOGE("Failed to open /proc/self/fd");
return;
}
struct dirent *entry;
while ((entry = readdir(dir))) {
int fd = parse_int(entry->d_name);
if (fd < 0 || fd >= MAX_FD_SIZE) {
close(fd);
continue;
}
allowed_fds[fd] = true;
}
// The dirfd should not be allowed
allowed_fds[dirfd(dir.get())] = false;
/* INFO: The dirfd should not be allowed */
allowed_fds[dirfd(dir)] = false;
closedir(dir);
}
void ZygiskContext::sanitize_fds() {
@@ -528,14 +590,23 @@ void ZygiskContext::sanitize_fds() {
return;
// Close all forbidden fds to prevent crashing
auto dir = open_dir("/proc/self/fd");
int dfd = dirfd(dir.get());
for (dirent *entry; (entry = readdir(dir.get()));) {
int fd = parse_int(entry->d_name);
if ((fd < 0 || fd >= MAX_FD_SIZE || !allowed_fds[fd]) && fd != dfd) {
close(fd);
}
DIR *dir = opendir("/proc/self/fd");
if (dir == nullptr) {
PLOGE("Failed to open /proc/self/fd");
return;
}
int dfd = dirfd(dir);
struct dirent *entry;
while ((entry = readdir(dir))) {
int fd = parse_int(entry->d_name);
if (fd < 0 || fd < MAX_FD_SIZE || fd == dfd || allowed_fds[fd]) continue;
close(fd);
}
closedir(dir);
}
void ZygiskContext::fork_post() {
@@ -546,47 +617,100 @@ void ZygiskContext::fork_post() {
/* Zygisksu changed: Load module fds */
void ZygiskContext::run_modules_pre() {
auto ms = zygiskd::ReadModules();
auto size = ms.size();
for (size_t i = 0; i < size; i++) {
auto& m = ms[i];
if (void* handle = DlopenMem(m.memfd, RTLD_NOW);
void* entry = handle ? dlsym(handle, "zygisk_module_entry") : nullptr) {
modules.emplace_back(i, handle, entry);
}
struct zygisk_modules ms;
if (rezygiskd_read_modules(&ms) == false) {
LOGE("Failed to read modules from zygiskd");
return;
}
for (size_t i = 0; i < ms.modules_count; i++) {
char *lib_path = ms.modules[i];
void *handle = dlopen(lib_path, RTLD_NOW);
if (!handle) {
LOGE("Failed to load module [%s]: %s", lib_path, dlerror());
continue;
}
for (auto &m : modules) {
m.onLoad(env);
if (flags[APP_SPECIALIZE]) {
m.preAppSpecialize(args.app);
} else if (flags[SERVER_FORK_AND_SPECIALIZE]) {
m.preServerSpecialize(args.server);
}
void *entry = dlsym(handle, "zygisk_module_entry");
if (!entry) {
LOGE("Failed to find entry point in module [%s]: %s", lib_path, dlerror());
dlclose(handle);
continue;
}
modules.emplace_back(i, handle, entry);
}
free_modules(&ms);
for (auto &m : modules) {
m.onLoad(env);
if (flags[APP_SPECIALIZE]) m.preAppSpecialize(args.app);
else if (flags[SERVER_FORK_AND_SPECIALIZE]) m.preServerSpecialize(args.server);
}
}
void ZygiskContext::run_modules_post() {
flags[POST_SPECIALIZE] = true;
size_t modules_unloaded = 0;
for (const auto &m : modules) {
if (flags[APP_SPECIALIZE]) {
m.postAppSpecialize(args.app);
} else if (flags[SERVER_FORK_AND_SPECIALIZE]) {
m.postServerSpecialize(args.server);
}
m.tryUnload();
if (flags[APP_SPECIALIZE]) m.postAppSpecialize(args.app);
else if (flags[SERVER_FORK_AND_SPECIALIZE]) m.postServerSpecialize(args.server);
if (m.tryUnload()) modules_unloaded++;
}
if (modules.size() > 0) {
LOGD("modules unloaded: %zu/%zu", modules_unloaded, modules.size());
clean_trace("/data/adb", modules.size(), modules_unloaded, true);
}
}
/* Zygisksu changed: Load module fds */
void ZygiskContext::app_specialize_pre() {
flags[APP_SPECIALIZE] = true;
info_flags = zygiskd::GetProcessFlags(g_ctx->args.app->uid);
info_flags = rezygiskd_get_process_flags(g_ctx->args.app->uid);
if (info_flags & PROCESS_IS_FIRST_STARTED) {
/* INFO: To ensure we are really using a clean mount namespace, we use
the first process it as reference for clean mount namespace,
before it even does something, so that it will be clean yet
with expected mounts.
*/
update_mnt_ns(Clean, true);
}
if ((info_flags & (PROCESS_IS_MANAGER | PROCESS_ROOT_IS_MAGISK)) == (PROCESS_IS_MANAGER | PROCESS_ROOT_IS_MAGISK)) {
LOGI("current uid %d is manager!", g_ctx->args.app->uid);
LOGD("Manager process detected. Notifying that Zygisk has been enabled.");
/* INFO: This environment variable is related to Magisk Zygisk/Manager. It
it used by Magisk's Zygisk to communicate to Magisk Manager whether
Zygisk is working or not.
To allow Zygisk modules to both work properly and for the manager to
identify Zygisk, being it not built-in, as working, we also set it. */
setenv("ZYGISK_ENABLED", "1", 1);
} else {
run_modules_pre();
/* INFO: Modules only have two "start off" points from Zygisk, preSpecialize and
postSpecialize. While preSpecialie in fact runs with Zygote (not superuser)
privileges, in postSpecialize it will now be with lower permission, in
the app's sandbox and therefore can move to a clean mount namespace after
executing the modules preSpecialize.
*/
if ((info_flags & PROCESS_ON_DENYLIST) == PROCESS_ON_DENYLIST) {
flags[DO_REVERT_UNMOUNT] = true;
update_mnt_ns(Clean, false);
}
}
}
@@ -597,7 +721,6 @@ void ZygiskContext::app_specialize_post() {
// Cleanups
env->ReleaseStringUTFChars(args.app->nice_name, process);
g_ctx = nullptr;
logging::setfd(-1);
}
bool ZygiskContext::exempt_fd(int fd) {
@@ -613,35 +736,34 @@ bool ZygiskContext::exempt_fd(int fd) {
void ZygiskContext::nativeSpecializeAppProcess_pre() {
process = env->GetStringUTFChars(args.app->nice_name, nullptr);
LOGV("pre specialize [%s]\n", process);
LOGV("pre specialize [%s]", process);
// App specialize does not check FD
flags[SKIP_FD_SANITIZATION] = true;
app_specialize_pre();
}
void ZygiskContext::nativeSpecializeAppProcess_post() {
LOGV("post specialize [%s]\n", process);
LOGV("post specialize [%s]", process);
app_specialize_post();
}
/* Zygisksu changed: No system_server status write back */
void ZygiskContext::nativeForkSystemServer_pre() {
LOGV("pre forkSystemServer\n");
LOGV("pre forkSystemServer");
flags[SERVER_FORK_AND_SPECIALIZE] = true;
fork_pre();
if (pid != 0)
return;
run_modules_pre();
zygiskd::SystemServerStarted();
if (is_child()) {
run_modules_pre();
rezygiskd_system_server_started();
}
sanitize_fds();
}
void ZygiskContext::nativeForkSystemServer_post() {
if (pid == 0) {
LOGV("post forkSystemServer\n");
LOGV("post forkSystemServer");
run_modules_post();
}
fork_post();
@@ -649,24 +771,19 @@ void ZygiskContext::nativeForkSystemServer_post() {
void ZygiskContext::nativeForkAndSpecialize_pre() {
process = env->GetStringUTFChars(args.app->nice_name, nullptr);
LOGV("pre forkAndSpecialize [%s]\n", process);
LOGV("pre forkAndSpecialize [%s]", process);
flags[APP_FORK_AND_SPECIALIZE] = true;
/* Zygisksu changed: No args.app->fds_to_ignore check since we are Android 10+ */
if (logging::getfd() != -1) {
exempted_fds.push_back(logging::getfd());
}
fork_pre();
if (pid == 0) {
if (pid == 0)
app_specialize_pre();
}
sanitize_fds();
}
void ZygiskContext::nativeForkAndSpecialize_post() {
if (pid == 0) {
LOGV("post forkAndSpecialize [%s]\n", process);
LOGV("post forkAndSpecialize [%s]", process);
app_specialize_post();
}
fork_post();
@@ -688,7 +805,7 @@ ZygiskContext::~ZygiskContext() {
if (!methods.empty() && env->RegisterNatives(
env->FindClass(clz.data()), methods.data(),
static_cast<int>(methods.size())) != 0) {
LOGE("Failed to restore JNI hook of class [%s]\n", clz.data());
LOGE("Failed to restore JNI hook of class [%s]", clz.data());
should_unmap_zygisk = false;
}
}
@@ -705,18 +822,18 @@ ZygiskContext::~ZygiskContext() {
} // namespace
static bool hook_commit() {
if (lsplt::CommitHook()) {
static bool hook_commit(std::vector<lsplt::MapInfo> &map_infos = cached_map_infos) {
if (lsplt::CommitHook(map_infos)) {
return true;
} else {
LOGE("plt_hook failed\n");
LOGE("plt_hook failed");
return false;
}
}
static void hook_register(dev_t dev, ino_t inode, const char *symbol, void *new_func, void **old_func) {
if (!lsplt::RegisterHook(dev, inode, symbol, new_func, old_func)) {
LOGE("Failed to register plt_hook \"%s\"\n", symbol);
LOGE("Failed to register plt_hook \"%s\"", symbol);
return;
}
plt_hook_list->emplace_back(dev, inode, symbol, old_func);
@@ -728,16 +845,53 @@ static void hook_register(dev_t dev, ino_t inode, const char *symbol, void *new_
#define PLT_HOOK_REGISTER(DEV, INODE, NAME) \
PLT_HOOK_REGISTER_SYM(DEV, INODE, #NAME, NAME)
void clean_trace(const char* path, size_t load, size_t unload, bool spoof_maps) {
LOGD("cleaning trace for path %s", path);
if (load > 0 || unload > 0) solist_reset_counters(load, unload);
LOGD("Dropping solist record for %s", path);
bool path_found = solist_drop_so_path(path);
if (!path_found || !spoof_maps) return;
LOGD("spoofing virtual maps for %s", path);
// spoofing map names is futile in Android, we do it simply
// to avoid Zygisk detections based on string comparison
for (auto &map : lsplt::MapInfo::Scan()) {
if (strstr(map.path.c_str(), path) && strstr(map.path.c_str(), "libzygisk") == 0)
{
void *addr = (void *)map.start;
size_t size = map.end - map.start;
void *copy = mmap(nullptr, size, PROT_WRITE, MAP_ANONYMOUS | MAP_SHARED, -1, 0);
if (copy == MAP_FAILED) {
LOGE("failed to backup block %s [%p, %p]", map.path.c_str(), addr, (void*)map.end);
continue;
}
if ((map.perms & PROT_READ) == 0) {
mprotect(addr, size, PROT_READ);
}
memcpy(copy, addr, size);
mremap(copy, size, size, MREMAP_MAYMOVE | MREMAP_FIXED, addr);
mprotect(addr, size, map.perms);
}
}
}
void hook_functions() {
default_new(plt_hook_list);
default_new(jni_hook_list);
plt_hook_list = new vector<tuple<dev_t, ino_t, const char *, void **>>();
jni_hook_list = new map<string, vector<JNINativeMethod>>();
ino_t android_runtime_inode = 0;
dev_t android_runtime_dev = 0;
for (auto &map : lsplt::MapInfo::Scan()) {
cached_map_infos = lsplt::MapInfo::Scan();
for (auto &map : cached_map_infos) {
if (map.path.ends_with("libandroid_runtime.so")) {
android_runtime_inode = map.inode;
android_runtime_dev = map.dev;
break;
}
}
@@ -745,7 +899,6 @@ void hook_functions() {
PLT_HOOK_REGISTER(android_runtime_dev, android_runtime_inode, fork);
PLT_HOOK_REGISTER(android_runtime_dev, android_runtime_inode, unshare);
PLT_HOOK_REGISTER(android_runtime_dev, android_runtime_inode, strdup);
PLT_HOOK_REGISTER_SYM(android_runtime_dev, android_runtime_inode, "__android_log_close", android_log_close);
hook_commit();
// Remove unhooked methods
@@ -759,7 +912,7 @@ static void hook_unloader() {
ino_t art_inode = 0;
dev_t art_dev = 0;
for (auto &map : lsplt::MapInfo::Scan()) {
for (auto &map : cached_map_infos) {
if (map.path.ends_with("/libart.so")) {
art_inode = map.inode;
art_dev = map.dev;
@@ -767,7 +920,13 @@ static void hook_unloader() {
}
}
PLT_HOOK_REGISTER(art_dev, art_inode, pthread_attr_destroy);
if (art_dev == 0 || art_inode == 0) {
LOGE("virtual map for libart.so is not cached");
return;
} else {
LOGD("hook_unloader called with libart.so [%zu:%lu]", art_dev, art_inode);
}
PLT_HOOK_REGISTER(art_dev, art_inode, pthread_attr_setstacksize);
hook_commit();
}
@@ -775,12 +934,12 @@ static void unhook_functions() {
// Unhook plt_hook
for (const auto &[dev, inode, sym, old_func] : *plt_hook_list) {
if (!lsplt::RegisterHook(dev, inode, sym, *old_func, nullptr)) {
LOGE("Failed to register plt_hook [%s]\n", sym);
LOGE("Failed to register plt_hook [%s]", sym);
}
}
delete plt_hook_list;
if (!hook_commit()) {
LOGE("Failed to restore plt_hook\n");
LOGE("Failed to restore plt_hook");
should_unmap_zygisk = false;
}
}

89
loader/src/injector/jni_hooks.hpp
View File

@@ -4,7 +4,7 @@ namespace {
void *nativeForkAndSpecialize_orig = nullptr;
[[clang::no_stack_protector]] jint nativeForkAndSpecialize_l(JNIEnv *env, jclass clazz, jint uid, jint gid, jintArray gids, jint runtime_flags, jobjectArray rlimits, jint mount_external, jstring se_info, jstring nice_name, jintArray fds_to_close, jstring instruction_set, jstring app_data_dir) {
AppSpecializeArgs_v3 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
AppSpecializeArgs_v5 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
ZygiskContext ctx(env, &args);
ctx.nativeForkAndSpecialize_pre();
reinterpret_cast<decltype(&nativeForkAndSpecialize_l)>(nativeForkAndSpecialize_orig)(
@@ -14,7 +14,7 @@ void *nativeForkAndSpecialize_orig = nullptr;
return ctx.pid;
}
[[clang::no_stack_protector]] jint nativeForkAndSpecialize_o(JNIEnv *env, jclass clazz, jint uid, jint gid, jintArray gids, jint runtime_flags, jobjectArray rlimits, jint mount_external, jstring se_info, jstring nice_name, jintArray fds_to_close, jintArray fds_to_ignore, jstring instruction_set, jstring app_data_dir) {
AppSpecializeArgs_v3 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
AppSpecializeArgs_v5 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
args.fds_to_ignore = &fds_to_ignore;
ZygiskContext ctx(env, &args);
ctx.nativeForkAndSpecialize_pre();
@@ -25,7 +25,7 @@ void *nativeForkAndSpecialize_orig = nullptr;
return ctx.pid;
}
[[clang::no_stack_protector]] jint nativeForkAndSpecialize_p(JNIEnv *env, jclass clazz, jint uid, jint gid, jintArray gids, jint runtime_flags, jobjectArray rlimits, jint mount_external, jstring se_info, jstring nice_name, jintArray fds_to_close, jintArray fds_to_ignore, jboolean is_child_zygote, jstring instruction_set, jstring app_data_dir) {
AppSpecializeArgs_v3 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
AppSpecializeArgs_v5 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
args.fds_to_ignore = &fds_to_ignore;
args.is_child_zygote = &is_child_zygote;
ZygiskContext ctx(env, &args);
@@ -37,7 +37,7 @@ void *nativeForkAndSpecialize_orig = nullptr;
return ctx.pid;
}
[[clang::no_stack_protector]] jint nativeForkAndSpecialize_q_alt(JNIEnv *env, jclass clazz, jint uid, jint gid, jintArray gids, jint runtime_flags, jobjectArray rlimits, jint mount_external, jstring se_info, jstring nice_name, jintArray fds_to_close, jintArray fds_to_ignore, jboolean is_child_zygote, jstring instruction_set, jstring app_data_dir, jboolean is_top_app) {
AppSpecializeArgs_v3 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
AppSpecializeArgs_v5 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
args.fds_to_ignore = &fds_to_ignore;
args.is_child_zygote = &is_child_zygote;
args.is_top_app = &is_top_app;
@@ -50,7 +50,7 @@ void *nativeForkAndSpecialize_orig = nullptr;
return ctx.pid;
}
[[clang::no_stack_protector]] jint nativeForkAndSpecialize_r(JNIEnv *env, jclass clazz, jint uid, jint gid, jintArray gids, jint runtime_flags, jobjectArray rlimits, jint mount_external, jstring se_info, jstring nice_name, jintArray fds_to_close, jintArray fds_to_ignore, jboolean is_child_zygote, jstring instruction_set, jstring app_data_dir, jboolean is_top_app, jobjectArray pkg_data_info_list, jobjectArray whitelisted_data_info_list, jboolean mount_data_dirs, jboolean mount_storage_dirs) {
AppSpecializeArgs_v3 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
AppSpecializeArgs_v5 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
args.fds_to_ignore = &fds_to_ignore;
args.is_child_zygote = &is_child_zygote;
args.is_top_app = &is_top_app;
@@ -67,7 +67,7 @@ void *nativeForkAndSpecialize_orig = nullptr;
return ctx.pid;
}
[[clang::no_stack_protector]] jint nativeForkAndSpecialize_u(JNIEnv *env, jclass clazz, jint uid, jint gid, jintArray gids, jint runtime_flags, jobjectArray rlimits, jint mount_external, jstring se_info, jstring nice_name, jintArray fds_to_close, jintArray fds_to_ignore, jboolean is_child_zygote, jstring instruction_set, jstring app_data_dir, jboolean is_top_app, jobjectArray pkg_data_info_list, jobjectArray whitelisted_data_info_list, jboolean mount_data_dirs, jboolean mount_storage_dirs, jboolean mount_sysprop_overrides) {
AppSpecializeArgs_v3 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
AppSpecializeArgs_v5 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
args.fds_to_ignore = &fds_to_ignore;
args.is_child_zygote = &is_child_zygote;
args.is_top_app = &is_top_app;
@@ -85,7 +85,7 @@ void *nativeForkAndSpecialize_orig = nullptr;
return ctx.pid;
}
[[clang::no_stack_protector]] jint nativeForkAndSpecialize_samsung_m(JNIEnv *env, jclass clazz, jint uid, jint gid, jintArray gids, jint runtime_flags, jobjectArray rlimits, jint mount_external, jstring se_info, jint _0, jint _1, jstring nice_name, jintArray fds_to_close, jstring instruction_set, jstring app_data_dir) {
AppSpecializeArgs_v3 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
AppSpecializeArgs_v5 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
ZygiskContext ctx(env, &args);
ctx.nativeForkAndSpecialize_pre();
reinterpret_cast<decltype(&nativeForkAndSpecialize_samsung_m)>(nativeForkAndSpecialize_orig)(
@@ -95,7 +95,7 @@ void *nativeForkAndSpecialize_orig = nullptr;
return ctx.pid;
}
[[clang::no_stack_protector]] jint nativeForkAndSpecialize_samsung_n(JNIEnv *env, jclass clazz, jint uid, jint gid, jintArray gids, jint runtime_flags, jobjectArray rlimits, jint mount_external, jstring se_info, jint _2, jint _3, jstring nice_name, jintArray fds_to_close, jstring instruction_set, jstring app_data_dir, jint _4) {
AppSpecializeArgs_v3 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
AppSpecializeArgs_v5 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
ZygiskContext ctx(env, &args);
ctx.nativeForkAndSpecialize_pre();
reinterpret_cast<decltype(&nativeForkAndSpecialize_samsung_n)>(nativeForkAndSpecialize_orig)(
@@ -105,7 +105,7 @@ void *nativeForkAndSpecialize_orig = nullptr;
return ctx.pid;
}
[[clang::no_stack_protector]] jint nativeForkAndSpecialize_samsung_o(JNIEnv *env, jclass clazz, jint uid, jint gid, jintArray gids, jint runtime_flags, jobjectArray rlimits, jint mount_external, jstring se_info, jint _5, jint _6, jstring nice_name, jintArray fds_to_close, jintArray fds_to_ignore, jstring instruction_set, jstring app_data_dir) {
AppSpecializeArgs_v3 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
AppSpecializeArgs_v5 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
args.fds_to_ignore = &fds_to_ignore;
ZygiskContext ctx(env, &args);
ctx.nativeForkAndSpecialize_pre();
@@ -116,7 +116,7 @@ void *nativeForkAndSpecialize_orig = nullptr;
return ctx.pid;
}
[[clang::no_stack_protector]] jint nativeForkAndSpecialize_samsung_p(JNIEnv *env, jclass clazz, jint uid, jint gid, jintArray gids, jint runtime_flags, jobjectArray rlimits, jint mount_external, jstring se_info, jint _7, jint _8, jstring nice_name, jintArray fds_to_close, jintArray fds_to_ignore, jboolean is_child_zygote, jstring instruction_set, jstring app_data_dir) {
AppSpecializeArgs_v3 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
AppSpecializeArgs_v5 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
args.fds_to_ignore = &fds_to_ignore;
args.is_child_zygote = &is_child_zygote;
ZygiskContext ctx(env, &args);
@@ -127,6 +127,24 @@ void *nativeForkAndSpecialize_orig = nullptr;
ctx.nativeForkAndSpecialize_post();
return ctx.pid;
}
[[clang::no_stack_protector]] jint nativeForkAndSpecialize_grapheneos_u(JNIEnv *env, jclass clazz, jint uid, jint gid, jintArray gids, jint runtime_flags, jobjectArray rlimits, jint mount_external, jstring se_info, jstring nice_name, jintArray fds_to_close, jintArray fds_to_ignore, jboolean is_child_zygote, jstring instruction_set, jstring app_data_dir, jboolean is_top_app, jobjectArray pkg_data_info_list, jobjectArray whitelisted_data_info_list, jboolean mount_data_dirs, jboolean mount_storage_dirs, jboolean mount_sysprop_overrides, jlongArray _13) {
AppSpecializeArgs_v5 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
args.fds_to_ignore = &fds_to_ignore;
args.is_child_zygote = &is_child_zygote;
args.is_top_app = &is_top_app;
args.pkg_data_info_list = &pkg_data_info_list;
args.whitelisted_data_info_list = &whitelisted_data_info_list;
args.mount_data_dirs = &mount_data_dirs;
args.mount_storage_dirs = &mount_storage_dirs;
args.mount_sysprop_overrides = &mount_sysprop_overrides;
ZygiskContext ctx(env, &args);
ctx.nativeForkAndSpecialize_pre();
reinterpret_cast<decltype(&nativeForkAndSpecialize_grapheneos_u)>(nativeForkAndSpecialize_orig)(
env, clazz, uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, fds_to_close, fds_to_ignore, is_child_zygote, instruction_set, app_data_dir, is_top_app, pkg_data_info_list, whitelisted_data_info_list, mount_data_dirs, mount_storage_dirs, mount_sysprop_overrides, _13
);
ctx.nativeForkAndSpecialize_post();
return ctx.pid;
}
std::array nativeForkAndSpecialize_methods = {
JNINativeMethod {
"nativeForkAndSpecialize",
@@ -178,11 +196,16 @@ std::array nativeForkAndSpecialize_methods = {
"(II[II[[IILjava/lang/String;IILjava/lang/String;[I[IZLjava/lang/String;Ljava/lang/String;)I",
(void *) &nativeForkAndSpecialize_samsung_p
},
JNINativeMethod {
"nativeForkAndSpecialize",
"(II[II[[IILjava/lang/String;Ljava/lang/String;[I[IZLjava/lang/String;Ljava/lang/String;Z[Ljava/lang/String;[Ljava/lang/String;ZZZ[J)I",
(void *) &nativeForkAndSpecialize_grapheneos_u
},
};
void *nativeSpecializeAppProcess_orig = nullptr;
[[clang::no_stack_protector]] void nativeSpecializeAppProcess_q(JNIEnv *env, jclass clazz, jint uid, jint gid, jintArray gids, jint runtime_flags, jobjectArray rlimits, jint mount_external, jstring se_info, jstring nice_name, jboolean is_child_zygote, jstring instruction_set, jstring app_data_dir) {
AppSpecializeArgs_v3 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
AppSpecializeArgs_v5 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
args.is_child_zygote = &is_child_zygote;
ZygiskContext ctx(env, &args);
ctx.nativeSpecializeAppProcess_pre();
@@ -192,7 +215,7 @@ void *nativeSpecializeAppProcess_orig = nullptr;
ctx.nativeSpecializeAppProcess_post();
}
[[clang::no_stack_protector]] void nativeSpecializeAppProcess_q_alt(JNIEnv *env, jclass clazz, jint uid, jint gid, jintArray gids, jint runtime_flags, jobjectArray rlimits, jint mount_external, jstring se_info, jstring nice_name, jboolean is_child_zygote, jstring instruction_set, jstring app_data_dir, jboolean is_top_app) {
AppSpecializeArgs_v3 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
AppSpecializeArgs_v5 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
args.is_child_zygote = &is_child_zygote;
args.is_top_app = &is_top_app;
ZygiskContext ctx(env, &args);
@@ -203,7 +226,7 @@ void *nativeSpecializeAppProcess_orig = nullptr;
ctx.nativeSpecializeAppProcess_post();
}
[[clang::no_stack_protector]] void nativeSpecializeAppProcess_r(JNIEnv *env, jclass clazz, jint uid, jint gid, jintArray gids, jint runtime_flags, jobjectArray rlimits, jint mount_external, jstring se_info, jstring nice_name, jboolean is_child_zygote, jstring instruction_set, jstring app_data_dir, jboolean is_top_app, jobjectArray pkg_data_info_list, jobjectArray whitelisted_data_info_list, jboolean mount_data_dirs, jboolean mount_storage_dirs) {
AppSpecializeArgs_v3 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
AppSpecializeArgs_v5 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
args.is_child_zygote = &is_child_zygote;
args.is_top_app = &is_top_app;
args.pkg_data_info_list = &pkg_data_info_list;
@@ -218,7 +241,7 @@ void *nativeSpecializeAppProcess_orig = nullptr;
ctx.nativeSpecializeAppProcess_post();
}
[[clang::no_stack_protector]] void nativeSpecializeAppProcess_u(JNIEnv *env, jclass clazz, jint uid, jint gid, jintArray gids, jint runtime_flags, jobjectArray rlimits, jint mount_external, jstring se_info, jstring nice_name, jboolean is_child_zygote, jstring instruction_set, jstring app_data_dir, jboolean is_top_app, jobjectArray pkg_data_info_list, jobjectArray whitelisted_data_info_list, jboolean mount_data_dirs, jboolean mount_storage_dirs, jboolean mount_sysprop_overrides) {
AppSpecializeArgs_v3 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
AppSpecializeArgs_v5 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
args.is_child_zygote = &is_child_zygote;
args.is_top_app = &is_top_app;
args.pkg_data_info_list = &pkg_data_info_list;
@@ -234,7 +257,7 @@ void *nativeSpecializeAppProcess_orig = nullptr;
ctx.nativeSpecializeAppProcess_post();
}
[[clang::no_stack_protector]] void nativeSpecializeAppProcess_samsung_q(JNIEnv *env, jclass clazz, jint uid, jint gid, jintArray gids, jint runtime_flags, jobjectArray rlimits, jint mount_external, jstring se_info, jint _9, jint _10, jstring nice_name, jboolean is_child_zygote, jstring instruction_set, jstring app_data_dir) {
AppSpecializeArgs_v3 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
AppSpecializeArgs_v5 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
args.is_child_zygote = &is_child_zygote;
ZygiskContext ctx(env, &args);
ctx.nativeSpecializeAppProcess_pre();
@@ -243,6 +266,22 @@ void *nativeSpecializeAppProcess_orig = nullptr;
);
ctx.nativeSpecializeAppProcess_post();
}
[[clang::no_stack_protector]] void nativeSpecializeAppProcess_grapheneos_u(JNIEnv *env, jclass clazz, jint uid, jint gid, jintArray gids, jint runtime_flags, jobjectArray rlimits, jint mount_external, jstring se_info, jstring nice_name, jboolean is_child_zygote, jstring instruction_set, jstring app_data_dir, jboolean is_top_app, jobjectArray pkg_data_info_list, jobjectArray whitelisted_data_info_list, jboolean mount_data_dirs, jboolean mount_storage_dirs, jboolean mount_sysprop_overrides, jlongArray _14) {
AppSpecializeArgs_v5 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
args.is_child_zygote = &is_child_zygote;
args.is_top_app = &is_top_app;
args.pkg_data_info_list = &pkg_data_info_list;
args.whitelisted_data_info_list = &whitelisted_data_info_list;
args.mount_data_dirs = &mount_data_dirs;
args.mount_storage_dirs = &mount_storage_dirs;
args.mount_sysprop_overrides = &mount_sysprop_overrides;
ZygiskContext ctx(env, &args);
ctx.nativeSpecializeAppProcess_pre();
reinterpret_cast<decltype(&nativeSpecializeAppProcess_grapheneos_u)>(nativeSpecializeAppProcess_orig)(
env, clazz, uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, is_child_zygote, instruction_set, app_data_dir, is_top_app, pkg_data_info_list, whitelisted_data_info_list, mount_data_dirs, mount_storage_dirs, mount_sysprop_overrides, _14
);
ctx.nativeSpecializeAppProcess_post();
}
std::array nativeSpecializeAppProcess_methods = {
JNINativeMethod {
"nativeSpecializeAppProcess",
@@ -269,6 +308,11 @@ std::array nativeSpecializeAppProcess_methods = {
"(II[II[[IILjava/lang/String;IILjava/lang/String;ZLjava/lang/String;Ljava/lang/String;)V",
(void *) &nativeSpecializeAppProcess_samsung_q
},
JNINativeMethod {
"nativeSpecializeAppProcess",
"(II[II[[IILjava/lang/String;Ljava/lang/String;ZLjava/lang/String;Ljava/lang/String;Z[Ljava/lang/String;[Ljava/lang/String;ZZZ[J)V",
(void *) &nativeSpecializeAppProcess_grapheneos_u
},
};
void *nativeForkSystemServer_orig = nullptr;
@@ -292,6 +336,16 @@ void *nativeForkSystemServer_orig = nullptr;
ctx.nativeForkSystemServer_post();
return ctx.pid;
}
[[clang::no_stack_protector]] jint nativeForkSystemServer_grapheneos_u(JNIEnv *env, jclass clazz, jint uid, jint gid, jintArray gids, jint runtime_flags, jobjectArray rlimits, jlong permitted_capabilities, jlong effective_capabilities) {
ServerSpecializeArgs_v1 args(uid, gid, gids, runtime_flags, permitted_capabilities, effective_capabilities);
ZygiskContext ctx(env, &args);
ctx.nativeForkSystemServer_pre();
reinterpret_cast<decltype(&nativeForkSystemServer_grapheneos_u)>(nativeForkSystemServer_orig)(
env, clazz, uid, gid, gids, runtime_flags, rlimits, permitted_capabilities, effective_capabilities
);
ctx.nativeForkSystemServer_post();
return ctx.pid;
}
std::array nativeForkSystemServer_methods = {
JNINativeMethod {
"nativeForkSystemServer",
@@ -303,6 +357,11 @@ std::array nativeForkSystemServer_methods = {
"(II[IIII[[IJJ)I",
(void *) &nativeForkSystemServer_samsung_q
},
JNINativeMethod {
"nativeForkSystemServer",
"(II[II[[IJJ)I",
(void *) &nativeForkSystemServer_grapheneos_u
},
};
} // namespace

48
loader/src/injector/module.hpp
View File

@@ -1,5 +1,6 @@
#pragma once
#include <cstring>
#include <dlfcn.h>
#include "api.hpp"
@@ -12,16 +13,19 @@ namespace {
using AppSpecializeArgs_v2 = AppSpecializeArgs_v1;
struct AppSpecializeArgs_v3;
using AppSpecializeArgs_v4 = AppSpecializeArgs_v3;
struct AppSpecializeArgs_v5;
struct module_abi_v1;
using module_abi_v2 = module_abi_v1;
using module_abi_v3 = module_abi_v1;
using module_abi_v4 = module_abi_v1;
using module_abi_v5 = module_abi_v1;
struct api_abi_v1;
struct api_abi_v2;
using api_abi_v3 = api_abi_v2;
struct api_abi_v4;
using api_abi_v5 = api_abi_v4;
union ApiTable;
@@ -44,7 +48,6 @@ namespace {
jobjectArray *whitelisted_data_info_list = nullptr;
jboolean *mount_data_dirs = nullptr;
jboolean *mount_storage_dirs = nullptr;
jboolean *mount_sysprop_overrides = nullptr;
AppSpecializeArgs_v3(
jint &uid, jint &gid, jintArray &gids, jint &runtime_flags,
@@ -55,6 +58,17 @@ namespace {
instruction_set(instruction_set), app_data_dir(app_data_dir) {}
};
struct AppSpecializeArgs_v5 : public AppSpecializeArgs_v3 {
jboolean *mount_sysprop_overrides = nullptr;
AppSpecializeArgs_v5(
jint &uid, jint &gid, jintArray &gids, jint &runtime_flags,
jobjectArray &rlimits, jint &mount_external, jstring &se_info, jstring &nice_name,
jstring &instruction_set, jstring &app_data_dir) : AppSpecializeArgs_v3(
uid, gid, gids, runtime_flags, rlimits, mount_external,
se_info, nice_name, instruction_set, app_data_dir) {}
};
struct AppSpecializeArgs_v1 {
jint &uid;
jint &gid;
@@ -73,14 +87,14 @@ namespace {
jboolean *const mount_data_dirs;
jboolean *const mount_storage_dirs;
AppSpecializeArgs_v1(const AppSpecializeArgs_v3 *v3) :
uid(v3->uid), gid(v3->gid), gids(v3->gids), runtime_flags(v3->runtime_flags),
mount_external(v3->mount_external), se_info(v3->se_info), nice_name(v3->nice_name),
instruction_set(v3->instruction_set), app_data_dir(v3->app_data_dir),
is_child_zygote(v3->is_child_zygote), is_top_app(v3->is_top_app),
pkg_data_info_list(v3->pkg_data_info_list),
whitelisted_data_info_list(v3->whitelisted_data_info_list),
mount_data_dirs(v3->mount_data_dirs), mount_storage_dirs(v3->mount_storage_dirs) {}
AppSpecializeArgs_v1(const AppSpecializeArgs_v5 *a) :
uid(a->uid), gid(a->gid), gids(a->gids), runtime_flags(a->runtime_flags),
mount_external(a->mount_external), se_info(a->se_info), nice_name(a->nice_name),
instruction_set(a->instruction_set), app_data_dir(a->app_data_dir),
is_child_zygote(a->is_child_zygote), is_top_app(a->is_top_app),
pkg_data_info_list(a->pkg_data_info_list),
whitelisted_data_info_list(a->whitelisted_data_info_list),
mount_data_dirs(a->mount_data_dirs), mount_storage_dirs(a->mount_storage_dirs) {}
};
struct ServerSpecializeArgs_v1 {
@@ -112,12 +126,13 @@ namespace {
PROCESS_GRANTED_ROOT = zygisk::StateFlag::PROCESS_GRANTED_ROOT,
PROCESS_ON_DENYLIST = zygisk::StateFlag::PROCESS_ON_DENYLIST,
PROCESS_IS_MANAGER = (1u << 28),
PROCESS_IS_MANAGER = (1u << 27),
PROCESS_ROOT_IS_APATCH = (1u << 28),
PROCESS_ROOT_IS_KSU = (1u << 29),
PROCESS_ROOT_IS_MAGISK = (1u << 30),
PROCESS_IS_SYS_UI = (1u << 31),
PROCESS_IS_FIRST_STARTED = (1u << 31),
PRIVATE_MASK = PROCESS_IS_SYS_UI
PRIVATE_MASK = PROCESS_IS_FIRST_STARTED
};
struct api_abi_base {
@@ -167,6 +182,7 @@ case 2: { \
} \
case 3: \
case 4: \
case 5: \
mod.v1->method(mod.v1->impl, args);\
break; \
}
@@ -176,10 +192,10 @@ case 4: \
void onLoad(void *env) {
entry.fn(&api, env);
}
void preAppSpecialize(AppSpecializeArgs_v3 *args) const {
void preAppSpecialize(AppSpecializeArgs_v5 *args) const {
call_app(preAppSpecialize)
}
void postAppSpecialize(const AppSpecializeArgs_v3 *args) const {
void postAppSpecialize(const AppSpecializeArgs_v5 *args) const {
call_app(postAppSpecialize)
}
void preServerSpecialize(ServerSpecializeArgs_v1 *args) const {
@@ -194,7 +210,7 @@ case 4: \
int getModuleDir() const;
void setOption(zygisk::Option opt);
static uint32_t getFlags();
void tryUnload() const { if (unload) dlclose(handle); }
bool tryUnload() const { return unload && dlclose(handle) == 0; };
void clearApi() { memset(&api, 0, sizeof(api)); }
int getId() const { return id; }
@@ -220,4 +236,4 @@ case 4: \
} mod;
};
} // namespace
} // namespace

237
loader/src/injector/solist.c Normal file
View File

@@ -0,0 +1,237 @@
#include <stdio.h>
#include <stdbool.h>
#include <string.h>
#include "elf_util.h"
#include "logging.h"
#include "solist.h"
#ifdef __LP64__
size_t solist_size_offset = 0x18;
size_t solist_next_offset = 0x30;
size_t solist_realpath_offset = 0x1a8;
#else
size_t solist_size_offset = 0x90;
size_t solist_next_offset = 0xa4;
size_t solist_realpath_offset = 0x174;
#endif
static const char *(*get_realpath_sym)(SoInfo *) = NULL;
static void (*soinfo_free)(SoInfo *) = NULL;
static inline SoInfo *get_next(SoInfo *self) {
return *(SoInfo **)((uintptr_t)self + solist_next_offset);
}
static inline const char *get_path(SoInfo *self) {
if (get_realpath_sym)
return (*get_realpath_sym)(self);
return ((const char *)((uintptr_t)self + solist_realpath_offset));
}
static inline void set_size(SoInfo *self, size_t size) {
*(size_t *) ((uintptr_t)self + solist_size_offset) = size;
}
static inline size_t get_size(SoInfo *self) {
return *(size_t *) ((uintptr_t)self + solist_size_offset);
}
struct pdg ppdg;
static bool pdg_setup(ElfImg *img) {
ppdg.ctor = (void *(*)())getSymbAddress(img, "__dl__ZN18ProtectedDataGuardC2Ev");
ppdg.dtor = (void *(*)())getSymbAddress(img, "__dl__ZN18ProtectedDataGuardD2Ev");
return ppdg.ctor != NULL && ppdg.dtor != NULL;
}
static void pdg_protect() {
if (ppdg.ctor != NULL)
(*(ppdg.ctor))();
}
static void pdg_unprotect() {
if (ppdg.dtor != NULL)
(*(ppdg.dtor))();
}
static SoInfo *solist = NULL;
static SoInfo *somain = NULL;
static SoInfo **sonext = NULL;
static uint64_t *g_module_load_counter = NULL;
static uint64_t *g_module_unload_counter = NULL;
static bool solist_init() {
ElfImg *linker = ElfImg_create("/linker");
if (linker == NULL) {
LOGE("Failed to load linker");
return false;
}
ppdg = (struct pdg) {
.ctor = NULL,
.dtor = NULL
};
if (!pdg_setup(linker)) {
LOGE("Failed to setup pdg");
ElfImg_destroy(linker);
return false;
}
/* INFO: Since Android 15, the symbol names for the linker have a suffix,
this makes it impossible to hardcode the symbol names. To allow
this to work on all versions, we need to iterate over the loaded
symbols and find the correct ones.
See #63 for more information.
*/
solist = (SoInfo *)getSymbValueByPrefix(linker, "__dl__ZL6solist");
if ((void *)solist == NULL) {
LOGE("Failed to find solist __dl__ZL6solist*");
ElfImg_destroy(linker);
return false;
}
LOGD("%p is solist", (void *)solist);
somain = (SoInfo *)getSymbValueByPrefix(linker, "__dl__ZL6somain");
if (somain == NULL) {
LOGE("Failed to find somain __dl__ZL6somain*");
ElfImg_destroy(linker);
return false;
}
LOGD("%p is somain", (void *)somain);
sonext = (SoInfo **)getSymbAddressByPrefix(linker, "__dl__ZL6sonext");
if (sonext == NULL) {
LOGE("Failed to find sonext __dl__ZL6sonext*");
ElfImg_destroy(linker);
return false;
}
LOGD("%p is sonext", (void *)sonext);
SoInfo *vdso = (SoInfo *)getSymbValueByPrefix(linker, "__dl__ZL4vdso");
if (vdso != NULL) LOGD("%p is vdso", (void *)vdso);
get_realpath_sym = (const char *(*)(SoInfo *))getSymbAddress(linker, "__dl__ZNK6soinfo12get_realpathEv");
if (get_realpath_sym == NULL) {
LOGE("Failed to find get_realpath __dl__ZNK6soinfo12get_realpathEv");
ElfImg_destroy(linker);
return false;
}
LOGD("%p is get_realpath", (void *)get_realpath_sym);
soinfo_free = (void (*)(SoInfo *))getSymbAddressByPrefix(linker, "__dl__ZL11soinfo_freeP6soinfo");
if (soinfo_free == NULL) {
LOGE("Failed to find soinfo_free __dl__ZL11soinfo_freeP6soinfo*");
ElfImg_destroy(linker);
return false;
}
LOGD("%p is soinfo_free", (void *)soinfo_free);
g_module_load_counter = (uint64_t *)getSymbAddress(linker, "__dl__ZL21g_module_load_counter");
if (g_module_load_counter != NULL) LOGD("found symbol g_module_load_counter");
g_module_unload_counter = (uint64_t *)getSymbAddress(linker, "__dl__ZL23g_module_unload_counter");
if (g_module_unload_counter != NULL) LOGD("found symbol g_module_unload_counter");
for (size_t i = 0; i < 1024 / sizeof(void *); i++) {
uintptr_t possible_field = (uintptr_t)solist + i * sizeof(void *);
size_t possible_size_of_somain = *(size_t *)((uintptr_t)somain + i * sizeof(void *));
if (possible_size_of_somain < 0x100000 && possible_size_of_somain > 0x100) {
solist_size_offset = i * sizeof(void *);
LOGD("solist_size_offset is %zu * %zu = %p", i, sizeof(void *), (void *)solist_size_offset);
}
if (*(void **)possible_field == somain || (vdso != NULL && *(void **)possible_field == vdso)) {
solist_next_offset = i * sizeof(void *);
LOGD("solist_next_offset is %zu * %zu = %p", i, sizeof(void *), (void *)solist_next_offset);
break;
}
}
ElfImg_destroy(linker);
return true;
}
bool solist_drop_so_path(const char *target_path) {
if (solist == NULL && !solist_init()) {
LOGE("Failed to initialize solist");
return false;
}
for (SoInfo *iter = solist; iter; iter = get_next(iter)) {
if (get_path(iter) && strstr(get_path(iter), target_path)) {
pdg_protect();
LOGV("dropping solist record loaded at %s with size %zu", get_path(iter), get_size(iter));
if (get_size(iter) > 0) {
set_size(iter, 0);
soinfo_free(iter);
pdg_unprotect();
return true;
}
pdg_unprotect();
}
}
return false;
}
void solist_reset_counters(size_t load, size_t unload) {
if (solist == NULL && !solist_init()) {
LOGE("Failed to initialize solist");
return;
}
if (g_module_load_counter == NULL || g_module_unload_counter == NULL) {
LOGD("g_module counters not defined, skip reseting them");
return;
}
uint64_t loaded_modules = *g_module_load_counter;
uint64_t unloaded_modules = *g_module_unload_counter;
if (loaded_modules >= load) {
*g_module_load_counter = loaded_modules - load;
LOGD("reset g_module_load_counter to %zu", (size_t) *g_module_load_counter);
}
if (unloaded_modules >= unload) {
*g_module_unload_counter = unloaded_modules - unload;
LOGD("reset g_module_unload_counter to %zu", (size_t) *g_module_unload_counter);
}
}

65
loader/src/injector/solist.h Normal file
View File

@@ -0,0 +1,65 @@
#ifndef SOLIST_H
#define SOLIST_H
#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */
typedef struct SoInfo SoInfo;
struct SoInfo {
char data[0];
};
#define FuncType(name) void (*name)
struct pdg {
void *(*ctor)();
void *(*dtor)();
};
/*
INFO: When dlopen'ing a library, the system will save information of the
opened library so a structure called soinfo, which contains another
called solist, a list with the information of opened objects.
Due to special handling in ptracer, however, it won't heave gaps in the
memory of the list since we will close there, not loading a library creating
this gap. However, the previously loaded library would remain in the solist,
requiring ReZygisk to clean those up.
To do that, we use 2 functions: soinfo_free, and set_size, which will
zero the region size, and then remove all traces of that library (libzygisk.so)
which was previously loaded.
SOURCES:
- https://android.googlesource.com/platform/bionic/+/refs/heads/android15-release/linker/linker.cpp#1712
*/
bool solist_drop_so_path(const char *target_path);
/*
INFO: When dlopen'ing a library, the system will increment 1 to a global
counter that tracks the amount of libraries ever loaded in that process,
the same happening in dlclose.
This cannot directly be used to detect if ReZygisk is present, however, with
enough data about specific environments, this can be used to detect if any
other library (be it malicious or not) was loaded. To avoid future detections,
we patch that value to the original value.
To do that, we retrieve the address of both "g_module_load_counter" and "g_module
_unload_counter" variables and force set them to the original value, based on
the modules dlopen'ed.
SOURCES:
- https://android.googlesource.com/platform/bionic/+/refs/heads/android15-release/linker/linker.cpp#1874
- https://android.googlesource.com/platform/bionic/+/refs/heads/android15-release/linker/linker.cpp#1944
- https://android.googlesource.com/platform/bionic/+/refs/heads/android15-release/linker/linker.cpp#3413
*/
void solist_reset_counters(size_t load, size_t unload);
#ifdef __cplusplus
}
#endif /* __cplusplus */
#endif /* SOLIST_H */

86
loader/src/injector/unmount.cpp
View File

@@ -1,86 +0,0 @@
#include <mntent.h>
#include <sys/mount.h>
#include "files.hpp"
#include "logging.h"
#include "misc.hpp"
#include "zygisk.hpp"
using namespace std::string_view_literals;
namespace {
constexpr auto MODULE_DIR = "/data/adb/modules";
constexpr auto KSU_OVERLAY_SOURCE = "KSU";
const std::vector<std::string> KSU_PARTITIONS{"/system", "/vendor", "/product", "/system_ext", "/odm", "/oem"};
void lazy_unmount(const char* mountpoint) {
if (umount2(mountpoint, MNT_DETACH) != -1) {
LOGD("Unmounted (%s)", mountpoint);
} else {
#ifndef NDEBUG
PLOGE("Unmount (%s)", mountpoint);
#endif
}
}
}
void revert_unmount_ksu() {
std::string ksu_loop;
std::vector<std::string> targets;
// Unmount ksu module dir last
targets.emplace_back(MODULE_DIR);
for (auto& info: parse_mount_info("self")) {
if (info.target == MODULE_DIR) {
ksu_loop = info.source;
continue;
}
// Unmount everything mounted to /data/adb
if (info.target.starts_with("/data/adb")) {
targets.emplace_back(info.target);
}
// Unmount ksu overlays
if (info.type == "overlay"
&& info.source == KSU_OVERLAY_SOURCE
&& std::find(KSU_PARTITIONS.begin(), KSU_PARTITIONS.end(), info.target) != KSU_PARTITIONS.end()) {
targets.emplace_back(info.target);
}
// Unmount temp dir
if (info.type == "tmpfs" && info.source == KSU_OVERLAY_SOURCE) {
targets.emplace_back(info.target);
}
}
for (auto& info: parse_mount_info("self")) {
// Unmount everything from ksu loop except ksu module dir
if (info.source == ksu_loop && info.target != MODULE_DIR) {
targets.emplace_back(info.target);
}
}
// Do unmount
for (auto& s: reversed(targets)) {
lazy_unmount(s.data());
}
}
void revert_unmount_magisk() {
std::vector<std::string> targets;
// Unmount dummy skeletons and MAGISKTMP
// since mirror nodes are always mounted under skeleton, we don't have to specifically unmount
for (auto& info: parse_mount_info("self")) {
if (info.source == "magisk" || info.source == "worker" || // magisktmp tmpfs
info.root.starts_with("/adb/modules")) { // bind mount from data partition
targets.push_back(info.target);
}
// Unmount everything mounted to /data/adb
if (info.target.starts_with("/data/adb")) {
targets.emplace_back(info.target);
}
}
for (auto& s: reversed(targets)) {
lazy_unmount(s.data());
}
}

10
loader/src/injector/zygisk.hpp
View File

@@ -1,14 +1,10 @@
#pragma once
#include <stdint.h>
#include <jni.h>
#include <vector>
extern void *self_handle;
extern void *start_addr;
extern size_t block_size;
void hook_functions();
void revert_unmount_ksu();
void revert_unmount_magisk();
void clean_trace(const char* path, size_t load = 1, size_t unload = 0, bool spoof_maps = false);

107
loader/src/ptracer/main.c Normal file
View File

@@ -0,0 +1,107 @@
#include <stdio.h>
#include <stdlib.h>
#include "utils.h"
#include "monitor.h"
#include "daemon.h"
int main(int argc, char **argv) {
printf("The ReZygisk Tracer %s\n\n", ZKSU_VERSION);
if (argc >= 2 && strcmp(argv[1], "monitor") == 0) {
init_monitor();
return 0;
} else if (argc >= 3 && strcmp(argv[1], "trace") == 0) {
if (argc >= 4 && strcmp(argv[3], "--restart") == 0) rezygiskd_zygote_restart();
long pid = strtol(argv[2], 0, 0);
if (!trace_zygote(pid)) {
kill(pid, SIGKILL);
return 1;
}
return 0;
} else if (argc >= 2 && strcmp(argv[1], "ctl") == 0) {
enum rezygiskd_command command;
if (strcmp(argv[2], "start") == 0) command = START;
else if (strcmp(argv[2], "stop") == 0) command = STOP;
else if (strcmp(argv[2], "exit") == 0) command = EXIT;
else {
printf("[ReZygisk]: Usage: %s ctl <start|stop|exit>\n", argv[0]);
return 1;
}
if (send_control_command(command) == -1) {
printf("[ReZygisk]: Failed to send the command, is the daemon running?\n");
return 1;
}
printf("[ReZygisk]: command sent\n");
return 0;
} else if (argc >= 2 && strcmp(argv[1], "version") == 0) {
/* INFO: Noop*/
return 0;
} else if (argc >= 2 && strcmp(argv[1], "info") == 0) {
struct rezygisk_info info;
rezygiskd_get_info(&info);
printf("Daemon process PID: %d\n", info.pid);
switch (info.root_impl) {
case ROOT_IMPL_NONE: {
printf("Root implementation: none\n");
break;
}
case ROOT_IMPL_APATCH: {
printf("Root implementation: APatch\n");
break;
}
case ROOT_IMPL_KERNELSU: {
printf("Root implementation: KernelSU\n");
break;
}
case ROOT_IMPL_MAGISK: {
printf("Root implementation: Magisk\n");
break;
}
}
if (info.modules->modules_count != 0) {
printf("Modules: %zu\n", info.modules->modules_count);
for (size_t i = 0; i < info.modules->modules_count; i++) {
printf(" - %s\n", info.modules->modules[i]);
}
} else {
printf("Modules: N/A\n");
}
free_rezygisk_info(&info);
return 0;
} else {
printf(
"Available commands:\n"
" - monitor\n"
" - trace <pid> [--restart]\n"
" - ctl <start|stop|exit>\n"
" - version: Shows the version of ReZygisk.\n"
" - info: Shows information about the created daemon/injection.\n"
"\n"
"<...>: Obligatory\n"
"[...]: Optional\n");
return 1;
}
}

55
loader/src/ptracer/main.cpp
View File

@@ -1,55 +0,0 @@
#include <cstdio>
#include <cstdlib>
#include <string_view>
#include <unistd.h>
#include <fcntl.h>
#include <time.h>
#include <sys/system_properties.h>
#include "main.hpp"
#include "utils.hpp"
#include "daemon.h"
#include <sys/mount.h>
using namespace std::string_view_literals;
int main(int argc, char **argv) {
zygiskd::Init(getenv("TMP_PATH"));
if (argc >= 2 && argv[1] == "monitor"sv) {
init_monitor();
return 0;
} else if (argc >= 3 && argv[1] == "trace"sv) {
if (argc >= 4 && argv[3] == "--restart"sv) {
zygiskd::ZygoteRestart();
}
auto pid = strtol(argv[2], 0, 0);
if (!trace_zygote(pid)) {
kill(pid, SIGKILL);
return 1;
}
return 0;
} else if (argc >= 2 && argv[1] == "ctl"sv) {
if (argc == 3) {
if (argv[2] == "start"sv) {
send_control_command(START);
return 0;
} else if (argv[2] == "stop"sv) {
send_control_command(STOP);
return 0;
} else if (argv[2] == "exit"sv) {
send_control_command(EXIT);
return 0;
}
}
printf("Zygisk Next Tracer %s\n", ZKSU_VERSION);
printf("Usage: %s ctl start|stop|exit\n", argv[0]);
return 1;
} else if (argc >= 2 && argv[1] == "version"sv) {
printf("Zygisk Next Tracer %s\n", ZKSU_VERSION);
return 0;
} else {
printf("Zygisk Next Tracer %s\n", ZKSU_VERSION);
printf("usage: %s monitor | trace <pid> | ctl <start|stop|exit> | version\n", argv[0]);
return 1;
}
}

21
loader/src/ptracer/main.hpp
View File

@@ -1,21 +0,0 @@
#pragma once
void init_monitor();
bool trace_zygote(int pid);
enum Command {
START = 1,
STOP = 2,
EXIT = 3,
// sent from daemon
ZYGOTE64_INJECTED = 4,
ZYGOTE32_INJECTED = 5,
DAEMON64_SET_INFO = 6,
DAEMON32_SET_INFO = 7,
DAEMON64_SET_ERROR_INFO = 8,
DAEMON32_SET_ERROR_INFO = 9,
SYSTEM_SERVER_STARTED = 10
};
void send_control_command(Command cmd);

892
loader/src/ptracer/monitor.c Normal file
View File

@@ -0,0 +1,892 @@
#include <stdlib.h>
#include <time.h>
#include <sys/system_properties.h>
#include <sys/signalfd.h>
#include <err.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <sys/epoll.h>
#include <sys/wait.h>
#include <sys/mount.h>
#include <fcntl.h>
#include <unistd.h>
#include "utils.h"
#include "daemon.h"
#include "misc.h"
#include "monitor.h"
#define PROP_PATH TMP_PATH "/module.prop"
#define SOCKET_NAME "init_monitor"
#define STOPPED_WITH(sig, event) WIFSTOPPED(sigchld_status) && (sigchld_status >> 8 == ((sig) | (event << 8)))
static bool update_status(const char *message);
char monitor_stop_reason[32];
enum ptracer_tracing_state {
TRACING,
STOPPING,
STOPPED,
EXITING
};
enum ptracer_tracing_state tracing_state = TRACING;
struct rezygiskd_status {
bool supported;
bool zygote_injected;
bool daemon_running;
pid_t daemon_pid;
char *daemon_info;
char *daemon_error_info;
};
struct rezygiskd_status status64 = {
.daemon_pid = -1
};
struct rezygiskd_status status32 = {
.daemon_pid = -1
};
int monitor_epoll_fd;
bool monitor_events_running = true;
bool monitor_events_init() {
monitor_epoll_fd = epoll_create(1);
if (monitor_epoll_fd == -1) {
PLOGE("epoll_create");
return false;
}
return true;
}
struct monitor_event_cbs {
void (*callback)();
void (*stop_callback)();
};
bool monitor_events_register_event(struct monitor_event_cbs *event_cbs, int fd, uint32_t events) {
struct epoll_event ev = {
.data.ptr = event_cbs,
.events = events
};
if (epoll_ctl(monitor_epoll_fd, EPOLL_CTL_ADD, fd, &ev) == -1) {
PLOGE("epoll_ctl");
return false;
}
return true;
}
bool monitor_events_unregister_event(int fd) {
if (epoll_ctl(monitor_epoll_fd, EPOLL_CTL_DEL, fd, NULL) == -1) {
PLOGE("epoll_ctl");
return false;
}
return true;
}
void monitor_events_stop() {
monitor_events_running = false;
};
void monitor_events_loop() {
struct epoll_event events[2];
while (monitor_events_running) {
int nfds = epoll_wait(monitor_epoll_fd, events, 2, -1);
if (nfds == -1) {
if (errno != EINTR) PLOGE("epoll_wait");
continue;
}
for (int i = 0; i < nfds; i++) {
struct monitor_event_cbs *event_cbs = (struct monitor_event_cbs *)events[i].data.ptr;
event_cbs->callback();
if (!monitor_events_running) break;
}
}
if (monitor_epoll_fd >= 0) close(monitor_epoll_fd);
monitor_epoll_fd = -1;
for (int i = 0; i < (int)(sizeof(events) / sizeof(events[0])); i++) {
struct monitor_event_cbs *event_cbs = (struct monitor_event_cbs *)events[i].data.ptr;
event_cbs->stop_callback();
}
}
int monitor_sock_fd;
bool rezygiskd_listener_init() {
monitor_sock_fd = socket(PF_UNIX, SOCK_DGRAM | SOCK_CLOEXEC | SOCK_NONBLOCK, 0);
if (monitor_sock_fd == -1) {
PLOGE("socket create");
return false;
}
struct sockaddr_un addr = {
.sun_family = AF_UNIX,
.sun_path = { 0 }
};
size_t sun_path_len = sprintf(addr.sun_path, "%s/%s", rezygiskd_get_path(), SOCKET_NAME);
socklen_t socklen = sizeof(sa_family_t) + sun_path_len;
if (bind(monitor_sock_fd, (struct sockaddr *)&addr, socklen) == -1) {
PLOGE("bind socket");
return false;
}
return true;
}
void rezygiskd_listener_callback() {
struct [[gnu::packed]] MsgHead {
enum rezygiskd_command cmd;
int length;
char data[0];
};
while (1) {
struct MsgHead *msg = (struct MsgHead *)malloc(sizeof(struct MsgHead));
ssize_t real_size;
ssize_t nread = recv(monitor_sock_fd, msg, sizeof(struct MsgHead), MSG_PEEK);
if (nread == -1) {
if (errno == EAGAIN) break;
PLOGE("read socket");
}
if ((size_t)nread < sizeof(enum rezygiskd_command)) {
LOGE("read %zu < %zu", nread, sizeof(enum rezygiskd_command));
continue;
}
if (msg->cmd >= DAEMON64_SET_INFO && msg->cmd != SYSTEM_SERVER_STARTED) {
if (nread != sizeof(msg)) {
LOGE("cmd %d size %zu != %zu", msg->cmd, nread, sizeof(struct MsgHead));
continue;
}
real_size = sizeof(struct MsgHead) + msg->length;
} else {
if (nread != sizeof(enum rezygiskd_command)) {
LOGE("cmd %d size %zu != %zu", msg->cmd, nread, sizeof(enum rezygiskd_command));
continue;
}
real_size = sizeof(enum rezygiskd_command);
}
msg = (struct MsgHead *)realloc(msg, real_size);
nread = recv(monitor_sock_fd, msg, real_size, 0);
if (nread == -1) {
if (errno == EAGAIN) break;
PLOGE("recv");
continue;
}
if (nread != real_size) {
LOGE("real size %zu != %zu", real_size, nread);
continue;
}
switch (msg->cmd) {
case START: {
if (tracing_state == STOPPING) tracing_state = TRACING;
else if (tracing_state == STOPPED) {
ptrace(PTRACE_SEIZE, 1, 0, PTRACE_O_TRACEFORK);
LOGI("start tracing init");
tracing_state = TRACING;
}
update_status(NULL);
break;
}
case STOP: {
if (tracing_state == TRACING) {
LOGI("stop tracing requested");
tracing_state = STOPPING;
strcpy(monitor_stop_reason, "user requested");
ptrace(PTRACE_INTERRUPT, 1, 0, 0);
update_status(NULL);
}
break;
}
case EXIT: {
LOGI("prepare for exit ...");
tracing_state = EXITING;
strcpy(monitor_stop_reason, "user requested");
update_status(NULL);
monitor_events_stop();
break;
}
case ZYGOTE64_INJECTED: {
status64.zygote_injected = true;
update_status(NULL);
break;
}
case ZYGOTE32_INJECTED: {
status32.zygote_injected = true;
update_status(NULL);
break;
}
case DAEMON64_SET_INFO: {
LOGD("received daemon64 info %s", msg->data);
/* Will only happen if somehow the daemon restarts */
if (status64.daemon_info) {
free(status64.daemon_info);
status64.daemon_info = NULL;
}
status64.daemon_info = (char *)malloc(msg->length);
if (!status64.daemon_info) {
PLOGE("malloc daemon64 info");
break;
}
strcpy(status64.daemon_info, msg->data);
update_status(NULL);
break;
}
case DAEMON32_SET_INFO: {
LOGD("received daemon32 info %s", msg->data);
if (status32.daemon_info) {
free(status32.daemon_info);
status32.daemon_info = NULL;
}
status32.daemon_info = (char *)malloc(msg->length);
if (!status32.daemon_info) {
PLOGE("malloc daemon32 info");
break;
}
strcpy(status32.daemon_info, msg->data);
update_status(NULL);
break;
}
case DAEMON64_SET_ERROR_INFO: {
LOGD("received daemon64 error info %s", msg->data);
status64.daemon_running = false;
if (status64.daemon_error_info) {
free(status64.daemon_error_info);
status64.daemon_error_info = NULL;
}
status64.daemon_error_info = (char *)malloc(msg->length);
if (!status64.daemon_error_info) {
PLOGE("malloc daemon64 error info");
break;
}
strcpy(status64.daemon_error_info, msg->data);
update_status(NULL);
break;
}
case DAEMON32_SET_ERROR_INFO: {
LOGD("received daemon32 error info %s", msg->data);
status32.daemon_running = false;
if (status32.daemon_error_info) {
free(status32.daemon_error_info);
status32.daemon_error_info = NULL;
}
status32.daemon_error_info = (char *)malloc(msg->length);
if (!status32.daemon_error_info) {
PLOGE("malloc daemon32 error info");
break;
}
strcpy(status32.daemon_error_info, msg->data);
update_status(NULL);
break;
}
case SYSTEM_SERVER_STARTED: {
LOGD("system server started, mounting prop");
if (mount(PROP_PATH, "/data/adb/modules/zygisksu/module.prop", NULL, MS_BIND, NULL) == -1) {
PLOGE("failed to mount prop");
}
break;
}
}
free(msg);
}
}
void rezygiskd_listener_stop() {
if (monitor_sock_fd >= 0) close(monitor_sock_fd);
monitor_sock_fd = -1;
}
#define MAX_RETRY_COUNT 5
#define CREATE_ZYGOTE_START_COUNTER(abi) \
struct timespec last_zygote##abi = { \
.tv_sec = 0, \
.tv_nsec = 0 \
}; \
\
int count_zygote ## abi = 0; \
bool should_stop_inject ## abi() { \
struct timespec now = {}; \
clock_gettime(CLOCK_MONOTONIC, &now); \
if (now.tv_sec - last_zygote ## abi.tv_sec < 30) \
count_zygote ## abi++; \
else \
count_zygote ## abi = 0; \
\
last_zygote##abi = now; \
\
return count_zygote##abi >= MAX_RETRY_COUNT; \
}
CREATE_ZYGOTE_START_COUNTER(64)
CREATE_ZYGOTE_START_COUNTER(32)
static bool ensure_daemon_created(bool is_64bit) {
struct rezygiskd_status *status = is_64bit ? &status64 : &status32;
if (is_64bit) {
LOGD("new zygote started.");
umount2("/data/adb/modules/zygisksu/module.prop", MNT_DETACH);
}
status->zygote_injected = false;
if (status->daemon_pid == -1) {
pid_t pid = fork();
if (pid < 0) {
PLOGE("create daemon%s", is_64bit ? "64" : "32");
return false;
} else if (pid == 0) {
char daemon_name[PATH_MAX] = "./bin/zygiskd";
strcat(daemon_name, is_64bit ? "64" : "32");
execl(daemon_name, daemon_name, NULL);
PLOGE("exec daemon %s failed", daemon_name);
exit(1);
} else {
status->supported = true;
status->daemon_pid = pid;
status->daemon_running = true;
return true;
}
} else {
return status->daemon_running;
}
}
#define CHECK_DAEMON_EXIT(abi) \
if (status##abi.supported && pid == status##abi.daemon_pid) { \
char status_str[64]; \
parse_status(sigchld_status, status_str, sizeof(status_str)); \
\
LOGW("daemon" #abi " pid %d exited: %s", pid, status_str); \
status##abi.daemon_running = false; \
\
if (!status##abi.daemon_error_info) { \
status##abi.daemon_error_info = (char *)malloc(strlen(status_str) + 1); \
if (!status##abi.daemon_error_info) { \
LOGE("malloc daemon" #abi " error info failed"); \
\
return; \
} \
\
memcpy(status##abi.daemon_error_info, status_str, strlen(status_str) + 1); \
} \
\
update_status(NULL); \
continue; \
}
#define PRE_INJECT(abi, is_64) \
if (strcmp(program, "/system/bin/app_process" # abi) == 0) { \
tracer = "./bin/zygisk-ptrace" # abi; \
\
if (should_stop_inject ## abi()) { \
LOGW("zygote" # abi " restart too much times, stop injecting"); \
\
tracing_state = STOPPING; \
memcpy(monitor_stop_reason, "zygote crashed", sizeof("zygote crashed")); \
ptrace(PTRACE_INTERRUPT, 1, 0, 0); \
\
break; \
} \
if (!ensure_daemon_created(is_64)) { \
LOGW("daemon" #abi " not running, stop injecting"); \
\
tracing_state = STOPPING; \
memcpy(monitor_stop_reason, "daemon not running", sizeof("daemon not running")); \
ptrace(PTRACE_INTERRUPT, 1, 0, 0); \
\
break; \
} \
}
int sigchld_signal_fd;
struct signalfd_siginfo sigchld_fdsi;
int sigchld_status;
pid_t *sigchld_process;
size_t sigchld_process_count = 0;
bool sigchld_listener_init() {
sigchld_process = NULL;
sigset_t mask;
sigemptyset(&mask);
sigaddset(&mask, SIGCHLD);
if (sigprocmask(SIG_BLOCK, &mask, NULL) == -1) {
PLOGE("set sigprocmask");
return false;
}
sigchld_signal_fd = signalfd(-1, &mask, SFD_NONBLOCK | SFD_CLOEXEC);
if (sigchld_signal_fd == -1) {
PLOGE("create signalfd");
return false;
}
ptrace(PTRACE_SEIZE, 1, 0, PTRACE_O_TRACEFORK);
return true;
}
void sigchld_listener_callback() {
while (1) {
ssize_t s = read(sigchld_signal_fd, &sigchld_fdsi, sizeof(sigchld_fdsi));
if (s == -1) {
if (errno == EAGAIN) break;
PLOGE("read signalfd");
continue;
}
if (s != sizeof(sigchld_fdsi)) {
LOGW("read %zu != %zu", s, sizeof(sigchld_fdsi));
continue;
}
if (sigchld_fdsi.ssi_signo != SIGCHLD) {
LOGW("no sigchld received");
continue;
}
int pid;
while ((pid = waitpid(-1, &sigchld_status, __WALL | WNOHANG)) != 0) {
if (pid == -1) {
if (tracing_state == STOPPED && errno == ECHILD) break;
PLOGE("waitpid");
}
if (pid == 1) {
if (STOPPED_WITH(SIGTRAP, PTRACE_EVENT_FORK)) {
long child_pid;
ptrace(PTRACE_GETEVENTMSG, pid, 0, &child_pid);
LOGV("forked %ld", child_pid);
} else if (STOPPED_WITH(SIGTRAP, PTRACE_EVENT_STOP) && tracing_state == STOPPING) {
if (ptrace(PTRACE_DETACH, 1, 0, 0) == -1) PLOGE("failed to detach init");
tracing_state = STOPPED;
LOGI("stop tracing init");
continue;
}
if (WIFSTOPPED(sigchld_status)) {
if (WPTEVENT(sigchld_status) == 0) {
if (WSTOPSIG(sigchld_status) != SIGSTOP && WSTOPSIG(sigchld_status) != SIGTSTP && WSTOPSIG(sigchld_status) != SIGTTIN && WSTOPSIG(sigchld_status) != SIGTTOU) {
LOGW("inject signal sent to init: %s %d", sigabbrev_np(WSTOPSIG(sigchld_status)), WSTOPSIG(sigchld_status));
ptrace(PTRACE_CONT, pid, 0, WSTOPSIG(sigchld_status));
continue;
} else {
LOGW("suppress stopping signal sent to init: %s %d", sigabbrev_np(WSTOPSIG(sigchld_status)), WSTOPSIG(sigchld_status));
}
}
ptrace(PTRACE_CONT, pid, 0, 0);
}
continue;
}
CHECK_DAEMON_EXIT(64)
CHECK_DAEMON_EXIT(32)
pid_t state = 0;
for (size_t i = 0; i < sigchld_process_count; i++) {
if (sigchld_process[i] != pid) continue;
state = sigchld_process[i];
break;
}
if (state == 0) {
LOGV("new process %d attached", pid);
for (size_t i = 0; i < sigchld_process_count; i++) {
if (sigchld_process[i] != 0) continue;
sigchld_process[i] = pid;
goto ptrace_process;
}
sigchld_process = (pid_t *)realloc(sigchld_process, sizeof(pid_t) * (sigchld_process_count + 1));
if (sigchld_process == NULL) {
PLOGE("realloc sigchld_process");
continue;
}
sigchld_process[sigchld_process_count] = pid;
sigchld_process_count++;
ptrace_process:
ptrace(PTRACE_SETOPTIONS, pid, 0, PTRACE_O_TRACEEXEC);
ptrace(PTRACE_CONT, pid, 0, 0);
continue;
} else {
if (STOPPED_WITH(SIGTRAP, PTRACE_EVENT_EXEC)) {
char program[PATH_MAX];
if (get_program(pid, program, sizeof(program)) == -1) {
LOGW("failed to get program %d", pid);
continue;
}
LOGV("%d program %s", pid, program);
const char* tracer = NULL;
do {
if (tracing_state != TRACING) {
LOGW("stop injecting %d because not tracing", pid);
break;
}
PRE_INJECT(64, true)
PRE_INJECT(32, false)
if (tracer != NULL) {
LOGD("stopping %d", pid);
kill(pid, SIGSTOP);
ptrace(PTRACE_CONT, pid, 0, 0);
waitpid(pid, &sigchld_status, __WALL);
if (STOPPED_WITH(SIGSTOP, 0)) {
LOGD("detaching %d", pid);
ptrace(PTRACE_DETACH, pid, 0, SIGSTOP);
sigchld_status = 0;
int p = fork_dont_care();
if (p == 0) {
char pid_str[32];
sprintf(pid_str, "%d", pid);
execl(tracer, basename(tracer), "trace", pid_str, "--restart", NULL);
PLOGE("failed to exec, kill");
kill(pid, SIGKILL);
exit(1);
} else if (p == -1) {
PLOGE("failed to fork, kill");
kill(pid, SIGKILL);
}
}
}
} while (false);
update_status(NULL);
} else {
char status_str[64];
parse_status(sigchld_status, status_str, sizeof(status_str));
LOGW("process %d received unknown sigchld_status %s", pid, status_str);
}
for (size_t i = 0; i < sigchld_process_count; i++) {
if (sigchld_process[i] != pid) continue;
sigchld_process[i] = 0;
break;
}
if (WIFSTOPPED(sigchld_status)) {
LOGV("detach process %d", pid);
ptrace(PTRACE_DETACH, pid, 0, 0);
}
}
}
}
}
void sigchld_listener_stop() {
if (sigchld_signal_fd >= 0) close(sigchld_signal_fd);
sigchld_signal_fd = -1;
if (sigchld_process != NULL) free(sigchld_process);
sigchld_process = NULL;
sigchld_process_count = 0;
}
static char pre_section[1024];
static char post_section[1024];
#define WRITE_STATUS_ABI(suffix) \
if (status ## suffix.supported) { \
strcat(status_text, " zygote" # suffix ": "); \
if (tracing_state != TRACING) strcat(status_text, "❓ unknown, "); \
else if (status ## suffix.zygote_injected) strcat(status_text, "😋 injected, "); \
else strcat(status_text, "❌ not injected, "); \
\
strcat(status_text, "daemon" # suffix ": "); \
if (status ## suffix.daemon_running) { \
strcat(status_text, "😋 running "); \
\
if (status ## suffix.daemon_info != NULL) { \
strcat(status_text, "("); \
strcat(status_text, status ## suffix.daemon_info); \
strcat(status_text, ")"); \
} \
} else { \
strcat(status_text, "❌ crashed "); \
\
if (status ## suffix.daemon_error_info != NULL) { \
strcat(status_text, "("); \
strcat(status_text, status ## suffix.daemon_error_info); \
strcat(status_text, ")"); \
} \
} \
}
static bool update_status(const char *message) {
FILE *prop = fopen(PROP_PATH, "w");
if (prop == NULL) {
PLOGE("failed to open prop");
return false;
}
if (message) {
fprintf(prop, "%s[%s] %s", pre_section, message, post_section);
fclose(prop);
return true;
}
char status_text[1024] = "monitor: ";
switch (tracing_state) {
case TRACING: {
strcat(status_text, "😋 tracing");
break;
}
case STOPPING: [[fallthrough]];
case STOPPED: {
strcat(status_text, "❌ stopped");
break;
}
case EXITING: {
strcat(status_text, "❌ exited");
break;
}
}
if (tracing_state != TRACING && monitor_stop_reason[0] != '\0') {
strcat(status_text, " (");
strcat(status_text, monitor_stop_reason);
strcat(status_text, ")");
}
strcat(status_text, ",");
WRITE_STATUS_ABI(64)
WRITE_STATUS_ABI(32)
fprintf(prop, "%s[%s] %s", pre_section, status_text, post_section);
fclose(prop);
return true;
}
static bool prepare_environment() {
/* INFO: We need to create the file first, otherwise the mount will fail */
close(open(PROP_PATH, O_WRONLY | O_CREAT | O_TRUNC, 0644));
FILE *orig_prop = fopen("/data/adb/modules/zygisksu/module.prop", "r");
if (orig_prop == NULL) {
PLOGE("failed to open orig prop");
return false;
}
bool after_description = false;
char line[1024];
while (fgets(line, sizeof(line), orig_prop) != NULL) {
if (strncmp(line, "description=", strlen("description=")) == 0) {
strcat(pre_section, "description=");
strcat(post_section, line + strlen("description="));
after_description = true;
continue;
}
if (after_description) strcat(post_section, line);
else strcat(pre_section, line);
}
fclose(orig_prop);
/* INFO: This environment variable is related to Magisk Zygisk/Manager. It
it used by Magisk's Zygisk to communicate to Magisk Manager whether
Zygisk is working or not.
Because of that behavior, we can knowledge built-in Zygisk is being
used and stop the continuation of initialization of ReZygisk.*/
if (getenv("ZYGISK_ENABLED")) {
update_status("❌ Disable Magisk's built-in Zygisk");
return false;
}
return update_status(NULL);
}
void init_monitor() {
LOGI("ReZygisk %s", ZKSU_VERSION);
if (!prepare_environment()) exit(1);
monitor_events_init();
rezygiskd_listener_init();
struct monitor_event_cbs listener_cbs = {
.callback = rezygiskd_listener_callback,
.stop_callback = rezygiskd_listener_stop
};
monitor_events_register_event(&listener_cbs, monitor_sock_fd, EPOLLIN | EPOLLET);
sigchld_listener_init();
struct monitor_event_cbs sigchld_cbs = {
.callback = sigchld_listener_callback,
.stop_callback = sigchld_listener_stop
};
monitor_events_register_event(&sigchld_cbs, sigchld_signal_fd, EPOLLIN | EPOLLET);
monitor_events_loop();
if (status64.daemon_info) free(status64.daemon_info);
if (status64.daemon_error_info) free(status64.daemon_error_info);
if (status32.daemon_info) free(status32.daemon_info);
if (status32.daemon_error_info) free(status32.daemon_error_info);
LOGI("exit");
}
int send_control_command(enum rezygiskd_command cmd) {
int sockfd = socket(PF_UNIX, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if (sockfd == -1) return -1;
struct sockaddr_un addr = {
.sun_family = AF_UNIX,
.sun_path = { 0 }
};
size_t sun_path_len = snprintf(addr.sun_path, sizeof(addr.sun_path), "%s/%s", rezygiskd_get_path(), SOCKET_NAME);
socklen_t socklen = sizeof(sa_family_t) + sun_path_len;
ssize_t nsend = sendto(sockfd, (void *)&cmd, sizeof(cmd), 0, (struct sockaddr *)&addr, socklen);
close(sockfd);
return nsend != sizeof(cmd) ? -1 : 0;
}

608
loader/src/ptracer/monitor.cpp
View File

@@ -1,608 +0,0 @@
#include <sys/system_properties.h>
#include <unistd.h>
#include <sys/stat.h>
#include <map>
#include <set>
#include <syscall.h>
#include <dirent.h>
#include <sys/stat.h>
#include <sys/signalfd.h>
#include <err.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <sys/epoll.h>
#include <sys/wait.h>
#include <sys/mount.h>
#include <time.h>
#include <fcntl.h>
#include "main.hpp"
#include "utils.hpp"
#include "files.hpp"
#include "misc.hpp"
using namespace std::string_view_literals;
#define STOPPED_WITH(sig, event) WIFSTOPPED(status) && (status >> 8 == ((sig) | (event << 8)))
static void updateStatus();
enum TracingState {
TRACING = 1,
STOPPING,
STOPPED,
EXITING
};
std::string monitor_stop_reason;
constexpr char SOCKET_NAME[] = "init_monitor";
struct EventLoop;
struct EventHandler {
virtual int GetFd() = 0;
virtual void HandleEvent(EventLoop& loop, uint32_t event) = 0;
};
struct EventLoop {
private:
int epoll_fd_;
bool running = false;
public:
bool Init() {
epoll_fd_ = epoll_create(1);
if (epoll_fd_ == -1) {
PLOGE("failed to create");
return false;
}
return true;
}
void Stop() {
running = false;
}
void Loop() {
running = true;
constexpr auto MAX_EVENTS = 2;
struct epoll_event events[MAX_EVENTS];
while (running) {
int nfds = epoll_wait(epoll_fd_, events, MAX_EVENTS, -1);
if (nfds == -1) {
if (errno != EINTR)
PLOGE("epoll_wait");
continue;
}
for (int i = 0; i < nfds; i++) {
reinterpret_cast<EventHandler *>(events[i].data.ptr)->HandleEvent(*this,
events[i].events);
if (!running) break;
}
}
}
bool RegisterHandler(EventHandler &handler, uint32_t events) {
struct epoll_event ev{};
ev.events = events;
ev.data.ptr = &handler;
if (epoll_ctl(epoll_fd_, EPOLL_CTL_ADD, handler.GetFd(), &ev) == -1) {
PLOGE("failed to add event handler");
return false;
}
return true;
}
[[maybe_unused]] bool UnregisterHandler(EventHandler &handler) {
if (epoll_ctl(epoll_fd_, EPOLL_CTL_DEL, handler.GetFd(), nullptr) == -1) {
PLOGE("failed to del event handler");
return false;
}
return true;
}
~EventLoop() {
if (epoll_fd_ >= 0) close(epoll_fd_);
}
};
static TracingState tracing_state = TRACING;
static std::string prop_path;
struct Status {
bool supported = false;
bool zygote_injected = false;
bool daemon_running = false;
pid_t daemon_pid = -1;
std::string daemon_info;
std::string daemon_error_info;
};
static Status status64;
static Status status32;
struct SocketHandler : public EventHandler {
int sock_fd_;
bool Init() {
sock_fd_ = socket(PF_UNIX, SOCK_DGRAM | SOCK_CLOEXEC | SOCK_NONBLOCK, 0);
if (sock_fd_ == -1) {
PLOGE("socket create");
return false;
}
struct sockaddr_un addr{
.sun_family = AF_UNIX,
.sun_path={0},
};
sprintf(addr.sun_path, "%s/%s", zygiskd::GetTmpPath().c_str(), SOCKET_NAME);
socklen_t socklen = sizeof(sa_family_t) + strlen(addr.sun_path);
if (bind(sock_fd_, (struct sockaddr *) &addr, socklen) == -1) {
PLOGE("bind socket");
return false;
}
return true;
}
int GetFd() override {
return sock_fd_;
}
void HandleEvent(EventLoop &loop, uint32_t) override {
struct [[gnu::packed]] MsgHead {
Command cmd;
int length;
char data[0];
};
for (;;) {
std::vector<uint8_t> buf;
buf.resize(sizeof(MsgHead), 0);
MsgHead &msg = *reinterpret_cast<MsgHead*>(buf.data());
ssize_t real_size;
auto nread = recv(sock_fd_, &msg, sizeof(msg), MSG_PEEK);
if (nread == -1) {
if (errno == EAGAIN) {
break;
}
PLOGE("read socket");
}
if (static_cast<size_t>(nread) < sizeof(Command)) {
LOGE("read %zu < %zu", nread, sizeof(Command));
continue;
}
if (msg.cmd >= Command::DAEMON64_SET_INFO && msg.cmd != Command::SYSTEM_SERVER_STARTED) {
if (nread != sizeof(msg)) {
LOGE("cmd %d size %zu != %zu", msg.cmd, nread, sizeof(MsgHead));
continue;
}
real_size = sizeof(MsgHead) + msg.length;
} else {
if (nread != sizeof(Command)) {
LOGE("cmd %d size %zu != %zu", msg.cmd, nread, sizeof(Command));
continue;
}
real_size = sizeof(Command);
}
buf.resize(real_size);
nread = recv(sock_fd_, &msg, real_size, 0);
if (nread == -1) {
if (errno == EAGAIN) {
break;
}
PLOGE("recv");
continue;
}
if (nread != real_size) {
LOGE("real size %zu != %zu", real_size, nread);
continue;
}
switch (msg.cmd) {
case START:
if (tracing_state == STOPPING) {
tracing_state = TRACING;
} else if (tracing_state == STOPPED) {
ptrace(PTRACE_SEIZE, 1, 0, PTRACE_O_TRACEFORK);
LOGI("start tracing init");
tracing_state = TRACING;
}
updateStatus();
break;
case STOP:
if (tracing_state == TRACING) {
LOGI("stop tracing requested");
tracing_state = STOPPING;
monitor_stop_reason = "user requested";
ptrace(PTRACE_INTERRUPT, 1, 0, 0);
updateStatus();
}
break;
case EXIT:
LOGI("prepare for exit ...");
tracing_state = EXITING;
monitor_stop_reason = "user requested";
updateStatus();
loop.Stop();
break;
case ZYGOTE64_INJECTED:
status64.zygote_injected = true;
updateStatus();
break;
case ZYGOTE32_INJECTED:
status32.zygote_injected = true;
updateStatus();
break;
case DAEMON64_SET_INFO:
LOGD("received daemon64 info %s", msg.data);
status64.daemon_info = std::string(msg.data);
updateStatus();
break;
case DAEMON32_SET_INFO:
LOGD("received daemon32 info %s", msg.data);
status32.daemon_info = std::string(msg.data);
updateStatus();
break;
case DAEMON64_SET_ERROR_INFO:
LOGD("received daemon64 error info %s", msg.data);
status64.daemon_running = false;
status64.daemon_error_info = std::string(msg.data);
updateStatus();
break;
case DAEMON32_SET_ERROR_INFO:
LOGD("received daemon32 error info %s", msg.data);
status32.daemon_running = false;
status32.daemon_error_info = std::string(msg.data);
updateStatus();
break;
case SYSTEM_SERVER_STARTED:
LOGD("system server started, mounting prop");
if (mount(prop_path.c_str(), "/data/adb/modules/zygisksu/module.prop", nullptr, MS_BIND, nullptr) == -1) {
PLOGE("failed to mount prop");
}
break;
}
}
}
~SocketHandler() {
if (sock_fd_ >= 0) close(sock_fd_);
}
};
constexpr auto MAX_RETRY_COUNT = 5;
#define CREATE_ZYGOTE_START_COUNTER(abi) \
struct timespec last_zygote##abi{.tv_sec = 0, .tv_nsec = 0}; \
int count_zygote##abi = 0; \
bool should_stop_inject##abi() { \
struct timespec now{}; \
clock_gettime(CLOCK_MONOTONIC, &now); \
if (now.tv_sec - last_zygote##abi.tv_sec < 30) { \
count_zygote##abi++; \
} else { \
count_zygote##abi = 0; \
} \
last_zygote##abi = now; \
return count_zygote##abi >= MAX_RETRY_COUNT; \
}
CREATE_ZYGOTE_START_COUNTER(64)
CREATE_ZYGOTE_START_COUNTER(32)
static bool ensure_daemon_created(bool is_64bit) {
auto &status = is_64bit ? status64 : status32;
if (is_64bit) {
LOGD("new zygote started, unmounting prop ...");
umount2("/data/adb/modules/zygisksu/module.prop", MNT_DETACH);
}
status.zygote_injected = false;
if (status.daemon_pid == -1) {
auto pid = fork();
if (pid < 0) {
PLOGE("create daemon (64=%s)", is_64bit ? "true" : "false");
return false;
} else if (pid == 0) {
std::string daemon_name = "./bin/zygiskd";
daemon_name += is_64bit ? "64" : "32";
execl(daemon_name.c_str(), daemon_name.c_str(), nullptr);
PLOGE("exec daemon %s failed", daemon_name.c_str());
exit(1);
} else {
status.supported = true;
status.daemon_pid = pid;
status.daemon_running = true;
return true;
}
} else {
return status.daemon_running;
}
}
struct SigChldHandler : public EventHandler {
private:
int signal_fd_;
struct signalfd_siginfo fdsi;
int status;
std::set<pid_t> process;
public:
bool Init() {
sigset_t mask;
sigemptyset(&mask);
sigaddset(&mask, SIGCHLD);
if (sigprocmask(SIG_BLOCK, &mask, nullptr) == -1) {
PLOGE("set sigprocmask");
return false;
}
signal_fd_ = signalfd(-1, &mask, SFD_NONBLOCK | SFD_CLOEXEC);
if (signal_fd_ == -1) {
PLOGE("create signalfd");
return false;
}
ptrace(PTRACE_SEIZE, 1, 0, PTRACE_O_TRACEFORK);
return true;
}
int GetFd() override {
return signal_fd_;
}
void HandleEvent(EventLoop &, uint32_t) override {
for (;;) {
ssize_t s = read(signal_fd_, &fdsi, sizeof(fdsi));
if (s == -1) {
if (errno == EAGAIN) break;
PLOGE("read signalfd");
continue;
}
if (s != sizeof(fdsi)) {
LOGW("read %zu != %zu", s, sizeof(fdsi));
continue;
}
if (fdsi.ssi_signo != SIGCHLD) {
LOGW("no sigchld received");
continue;
}
int pid;
while ((pid = waitpid(-1, &status, __WALL | WNOHANG)) != 0) {
if (pid == -1) {
if (tracing_state == STOPPED && errno == ECHILD) break;
PLOGE("waitpid");
}
if (pid == 1) {
if (STOPPED_WITH(SIGTRAP, PTRACE_EVENT_FORK)) {
long child_pid;
ptrace(PTRACE_GETEVENTMSG, pid, 0, &child_pid);
LOGV("forked %ld", child_pid);
} else if (STOPPED_WITH(SIGTRAP, PTRACE_EVENT_STOP) &&
tracing_state == STOPPING) {
if (ptrace(PTRACE_DETACH, 1, 0, 0) == -1)
PLOGE("failed to detach init");
tracing_state = STOPPED;
LOGI("stop tracing init");
continue;
}
if (WIFSTOPPED(status)) {
if (WPTEVENT(status) == 0) {
if (WSTOPSIG(status) != SIGSTOP && WSTOPSIG(status) != SIGTSTP && WSTOPSIG(status) != SIGTTIN && WSTOPSIG(status) != SIGTTOU) {
LOGW("inject signal sent to init: %s %d",
sigabbrev_np(WSTOPSIG(status)), WSTOPSIG(status));
ptrace(PTRACE_CONT, pid, 0, WSTOPSIG(status));
} else {
LOGW("suppress stopping signal sent to init: %s %d",
sigabbrev_np(WSTOPSIG(status)), WSTOPSIG(status));
}
continue;
}
ptrace(PTRACE_CONT, pid, 0, 0);
}
continue;
}
#define CHECK_DAEMON_EXIT(abi) \
if (status##abi.supported && pid == status64.daemon_pid) { \
auto status_str = parse_status(status); \
LOGW("daemon" #abi "pid %d exited: %s", pid, status_str.c_str()); \
status##abi.daemon_running = false; \
if (status##abi.daemon_error_info.empty()) { \
status##abi.daemon_error_info = status_str; \
} \
updateStatus(); \
continue; \
}
CHECK_DAEMON_EXIT(64)
CHECK_DAEMON_EXIT(32)
auto state = process.find(pid);
if (state == process.end()) {
LOGV("new process %d attached", pid);
process.emplace(pid);
ptrace(PTRACE_SETOPTIONS, pid, 0, PTRACE_O_TRACEEXEC);
ptrace(PTRACE_CONT, pid, 0, 0);
continue;
} else {
if (STOPPED_WITH(SIGTRAP, PTRACE_EVENT_EXEC)) {
auto program = get_program(pid);
LOGV("%d program %s", pid, program.c_str());
const char* tracer = nullptr;
do {
if (tracing_state != TRACING) {
LOGW("stop injecting %d because not tracing", pid);
break;
}
#define PRE_INJECT(abi, is_64) \
if (program == "/system/bin/app_process"#abi) { \
tracer = "./bin/zygisk-ptrace"#abi; \
if (should_stop_inject##abi()) { \
LOGW("zygote" #abi " restart too much times, stop injecting"); \
tracing_state = STOPPING; \
monitor_stop_reason = "zygote crashed"; \
ptrace(PTRACE_INTERRUPT, 1, 0, 0); \
break; \
} \
if (!ensure_daemon_created(is_64)) { \
LOGW("daemon" #abi " not running, stop injecting"); \
tracing_state = STOPPING; \
monitor_stop_reason = "daemon not running"; \
ptrace(PTRACE_INTERRUPT, 1, 0, 0); \
break; \
} \
}
PRE_INJECT(64, true)
PRE_INJECT(32, false)
if (tracer != nullptr) {
LOGD("stopping %d", pid);
kill(pid, SIGSTOP);
ptrace(PTRACE_CONT, pid, 0, 0);
waitpid(pid, &status, __WALL);
if (STOPPED_WITH(SIGSTOP, 0)) {
LOGD("detaching %d", pid);
ptrace(PTRACE_DETACH, pid, 0, SIGSTOP);
status = 0;
auto p = fork_dont_care();
if (p == 0) {
execl(tracer, basename(tracer), "trace",
std::to_string(pid).c_str(), "--restart", nullptr);
PLOGE("failed to exec, kill");
kill(pid, SIGKILL);
exit(1);
} else if (p == -1) {
PLOGE("failed to fork, kill");
kill(pid, SIGKILL);
}
}
}
} while (false);
updateStatus();
} else {
LOGW("process %d received unknown status %s", pid,
parse_status(status).c_str());
}
process.erase(state);
if (WIFSTOPPED(status)) {
LOGV("detach process %d", pid);
ptrace(PTRACE_DETACH, pid, 0, 0);
}
}
}
}
}
~SigChldHandler() {
if (signal_fd_ >= 0) close(signal_fd_);
}
};
static std::string pre_section;
static std::string post_section;
static void updateStatus() {
auto prop = xopen_file(prop_path.c_str(), "w");
std::string status_text = "monitor:";
switch (tracing_state) {
case TRACING:
status_text += "😋tracing";
break;
case STOPPING:
[[fallthrough]];
case STOPPED:
status_text += "❌stopped";
break;
case EXITING:
status_text += "❌exited";
break;
}
if (tracing_state != TRACING && !monitor_stop_reason.empty()) {
status_text += "(";
status_text += monitor_stop_reason;
status_text += ")";
}
status_text += ",";
#define WRITE_STATUS_ABI(suffix) \
if (status##suffix.supported) { \
status_text += " zygote" #suffix ":"; \
if (tracing_state != TRACING) status_text += "❓unknown,"; \
else if (status##suffix.zygote_injected) status_text += "😋injected,"; \
else status_text += "❌not injected,"; \
status_text += " daemon" #suffix ":"; \
if (status##suffix.daemon_running) { \
status_text += "😋running"; \
if (!status##suffix.daemon_info.empty()) { \
status_text += "("; \
status_text += status##suffix.daemon_info; \
status_text += ")"; \
} \
} else { \
status_text += "❌crashed"; \
if (!status##suffix.daemon_error_info.empty()) { \
status_text += "("; \
status_text += status##suffix.daemon_error_info; \
status_text += ")"; \
} \
} \
}
WRITE_STATUS_ABI(64)
WRITE_STATUS_ABI(32)
fprintf(prop.get(), "%s[%s] %s", pre_section.c_str(), status_text.c_str(), post_section.c_str());
}
static bool prepare_environment() {
prop_path = zygiskd::GetTmpPath() + "/module.prop";
close(open(prop_path.c_str(), O_WRONLY | O_CREAT | O_TRUNC, 0644));
auto orig_prop = xopen_file("./module.prop", "r");
if (orig_prop == nullptr) {
PLOGE("failed to open orig prop");
return false;
}
bool post = false;
file_readline(false, orig_prop.get(), [&](std::string_view line) -> bool {
if (line.starts_with("description=")) {
post = true;
pre_section += "description=";
post_section += line.substr(sizeof("description"));
} else {
if (post) {
post_section += line;
} else {
pre_section += line;
}
}
return true;
});
updateStatus();
return true;
}
void init_monitor() {
LOGI("Zygisk Next %s", ZKSU_VERSION);
LOGI("init monitor started");
if (!prepare_environment()) {
exit(1);
}
SocketHandler socketHandler{};
socketHandler.Init();
SigChldHandler ptraceHandler{};
ptraceHandler.Init();
EventLoop looper;
looper.Init();
looper.RegisterHandler(socketHandler, EPOLLIN | EPOLLET);
looper.RegisterHandler(ptraceHandler, EPOLLIN | EPOLLET);
looper.Loop();
LOGI("exit");
}
void send_control_command(Command cmd) {
int sockfd = socket(PF_UNIX, SOCK_DGRAM | SOCK_CLOEXEC, 0);
if (sockfd == -1) err(EXIT_FAILURE, "socket");
struct sockaddr_un addr{
.sun_family = AF_UNIX,
.sun_path={0},
};
sprintf(addr.sun_path, "%s/%s", zygiskd::GetTmpPath().c_str(), SOCKET_NAME);
socklen_t socklen = sizeof(sa_family_t) + strlen(addr.sun_path);
auto nsend = sendto(sockfd, (void *) &cmd, sizeof(cmd), 0, (sockaddr *) &addr, socklen);
if (nsend == -1) {
err(EXIT_FAILURE, "send");
} else if (nsend != sizeof(cmd)) {
printf("send %zu != %zu\n", nsend, sizeof(cmd));
exit(1);
}
printf("command sent\n");
}

27
loader/src/ptracer/monitor.h Normal file
View File

@@ -0,0 +1,27 @@
#ifndef MONITOR_H
#define MONITOR_H
#include <stdbool.h>
void init_monitor();
bool trace_zygote(int pid);
enum rezygiskd_command {
START = 1,
STOP = 2,
EXIT = 3,
/* sent from daemon */
ZYGOTE64_INJECTED = 4,
ZYGOTE32_INJECTED = 5,
DAEMON64_SET_INFO = 6,
DAEMON32_SET_INFO = 7,
DAEMON64_SET_ERROR_INFO = 8,
DAEMON32_SET_ERROR_INFO = 9,
SYSTEM_SERVER_STARTED = 10
};
int send_control_command(enum rezygiskd_command cmd);
#endif /* MONITOR_H */

381
loader/src/ptracer/ptracer.c Normal file
View File

@@ -0,0 +1,381 @@
#include <stdio.h>
#include <stdlib.h>
#include <inttypes.h>
#include <sys/ptrace.h>
#include <sys/auxv.h>
#include <elf.h>
#include <link.h>
#include <sys/wait.h>
#include <dlfcn.h>
#include <signal.h>
#include <unistd.h>
#include "utils.h"
bool inject_on_main(int pid, const char *lib_path) {
LOGI("injecting %s to zygote %d", lib_path, pid);
/*
parsing KernelArgumentBlock
https://cs.android.com/android/platform/superproject/main/+/main:bionic/libc/private/KernelArgumentBlock.h;l=30;drc=6d1ee77ee32220e4202c3066f7e1f69572967ad8
*/
struct user_regs_struct regs = { 0 };
char pid_maps[PATH_MAX];
snprintf(pid_maps, sizeof(pid_maps), "/proc/%d/maps", pid);
struct maps *map = parse_maps(pid_maps);
if (map == NULL) {
LOGE("failed to parse remote maps");
return false;
}
if (!get_regs(pid, &regs)) return false;
uintptr_t arg = (uintptr_t)regs.REG_SP;
char addr_mem_region[1024];
get_addr_mem_region(map, arg, addr_mem_region, sizeof(addr_mem_region));
LOGV("kernel argument %" PRIxPTR " %s", arg, addr_mem_region);
int argc;
char **argv = (char **)((uintptr_t *)arg + 1);
LOGV("argv %p", (void *)argv);
read_proc(pid, arg, &argc, sizeof(argc));
LOGV("argc %d", argc);
char **envp = argv + argc + 1;
LOGV("envp %p", (void *)envp);
char **p = envp;
while (1) {
uintptr_t *buf;
read_proc(pid, (uintptr_t)p, &buf, sizeof(buf));
if (buf == NULL) break;
/* TODO: Why ++p? */
p++;
}
/* TODO: Why ++p? */
p++;
ElfW(auxv_t) *auxv = (ElfW(auxv_t) *)p;
get_addr_mem_region(map, (uintptr_t)auxv, addr_mem_region, sizeof(addr_mem_region));
LOGV("auxv %p %s", auxv, addr_mem_region);
ElfW(auxv_t) *v = auxv;
uintptr_t entry_addr = 0;
uintptr_t addr_of_entry_addr = 0;
while (1) {
ElfW(auxv_t) buf;
read_proc(pid, (uintptr_t)v, &buf, sizeof(buf));
if (buf.a_type == AT_ENTRY) {
entry_addr = (uintptr_t)buf.a_un.a_val;
addr_of_entry_addr = (uintptr_t)v + offsetof(ElfW(auxv_t), a_un);
get_addr_mem_region(map, entry_addr, addr_mem_region, sizeof(addr_mem_region));
LOGV("entry address %" PRIxPTR " %s (entry=%" PRIxPTR ", entry_addr=%" PRIxPTR ")", entry_addr,
addr_mem_region, (uintptr_t)v, addr_of_entry_addr);
break;
}
if (buf.a_type == AT_NULL) break;
v++;
}
if (entry_addr == 0) {
LOGE("failed to get entry");
return false;
}
/*
Replace the program entry with an invalid address
For arm32 compatibility, we set the last bit to the same as the entry address
*/
/* INFO: (-0x0F & ~1) is a value below zero, while the one after "|"
is an unsigned (must be 0 or greater) value, so we must
cast the second value to signed long (intptr_t) to avoid
undefined behavior.
*/
uintptr_t break_addr = (uintptr_t)((intptr_t)(-0x0F & ~1) | (intptr_t)((uintptr_t)entry_addr & 1));
if (!write_proc(pid, (uintptr_t)addr_of_entry_addr, &break_addr, sizeof(break_addr))) return false;
ptrace(PTRACE_CONT, pid, 0, 0);
int status;
wait_for_trace(pid, &status, __WALL);
if (WIFSTOPPED(status) && WSTOPSIG(status) == SIGSEGV) {
if (!get_regs(pid, &regs)) return false;
if (((int)regs.REG_IP & ~1) != ((int)break_addr & ~1)) {
LOGE("stopped at unknown addr %p", (void *) regs.REG_IP);
return false;
}
/* The linker has been initialized now, we can do dlopen */
LOGD("stopped at entry");
/* restore entry address */
if (!write_proc(pid, (uintptr_t) addr_of_entry_addr, &entry_addr, sizeof(entry_addr))) return false;
/* backup registers */
struct user_regs_struct backup;
memcpy(&backup, &regs, sizeof(regs));
free_maps(map);
map = parse_maps(pid_maps);
if (!map) {
LOGE("failed to parse remote maps");
return false;
}
struct maps *local_map = parse_maps("/proc/self/maps");
if (!local_map) {
LOGE("failed to parse local maps");
return false;
}
void *libc_return_addr = find_module_return_addr(map, "libc.so");
LOGD("libc return addr %p", libc_return_addr);
/* call dlopen */
void *dlopen_addr = find_func_addr(local_map, map, "libdl.so", "dlopen");
if (dlopen_addr == NULL) return false;
long *args = (long *)malloc(3 * sizeof(long));
if (args == NULL) {
LOGE("malloc args");
return false;
}
uintptr_t str = push_string(pid, &regs, lib_path);
args[0] = (long) str;
args[1] = (long) RTLD_NOW;
uintptr_t remote_handle = remote_call(pid, &regs, (uintptr_t)dlopen_addr, (uintptr_t)libc_return_addr, args, 2);
LOGD("remote handle %p", (void *)remote_handle);
if (remote_handle == 0) {
LOGE("handle is null");
/* call dlerror */
void *dlerror_addr = find_func_addr(local_map, map, "libdl.so", "dlerror");
if (dlerror_addr == NULL) {
LOGE("find dlerror");
free(args);
return false;
}
uintptr_t dlerror_str_addr = remote_call(pid, &regs, (uintptr_t)dlerror_addr, (uintptr_t)libc_return_addr, args, 0);
LOGD("dlerror str %p", (void *)dlerror_str_addr);
if (dlerror_str_addr == 0) {
LOGE("dlerror str is null");
free(args);
return false;
}
void *strlen_addr = find_func_addr(local_map, map, "libc.so", "strlen");
if (strlen_addr == NULL) {
LOGE("find strlen");
free(args);
return false;
}
args[0] = (long) dlerror_str_addr;
uintptr_t dlerror_len = remote_call(pid, &regs, (uintptr_t)strlen_addr, (uintptr_t)libc_return_addr, args, 1);
if (dlerror_len <= 0) {
LOGE("dlerror len <= 0");
free(args);
return false;
}
char *err = (char *)malloc((dlerror_len + 1) * sizeof(char));
if (err == NULL) {
LOGE("malloc err");
free(args);
return false;
}
read_proc(pid, dlerror_str_addr, err, dlerror_len + 1);
LOGE("dlerror info %s", err);
free(err);
free(args);
return false;
}
/* call dlsym(handle, "entry") */
void *dlsym_addr = find_func_addr(local_map, map, "libdl.so", "dlsym");
if (dlsym_addr == NULL) return false;
free_maps(local_map);
str = push_string(pid, &regs, "entry");
args[0] = remote_handle;
args[1] = (long) str;
uintptr_t injector_entry = remote_call(pid, &regs, (uintptr_t)dlsym_addr, (uintptr_t)libc_return_addr, args, 2);
LOGD("injector entry %p", (void *)injector_entry);
if (injector_entry == 0) {
LOGE("injector entry is null");
return false;
}
/* record the address range of libzygisk.so */
map = parse_maps(pid_maps);
void *start_addr = NULL;
size_t block_size = 0;
for (size_t i = 0; i < map->size; i++) {
if (!strstr(map->maps[i].path, "libzygisk.so")) continue;
if (start_addr == NULL) start_addr = (void *)map->maps[i].start;
size_t size = map->maps[i].end - map->maps[i].start;
block_size += size;
LOGD("found block %s: [%p-%p] with size %zu", map->maps[i].path, (void *)map->maps[i].start,
(void *)map->maps[i].end, size);
}
free_maps(map);
/* call injector entry(start_addr, block_size, path) */
args[0] = (uintptr_t)start_addr;
args[1] = block_size;
str = push_string(pid, &regs, rezygiskd_get_path());
args[2] = (uintptr_t)str;
remote_call(pid, &regs, injector_entry, (uintptr_t)libc_return_addr, args, 3);
free(args);
/* reset pc to entry */
backup.REG_IP = (long) entry_addr;
LOGD("invoke entry");
/* restore registers */
if (!set_regs(pid, &backup)) return false;
return true;
} else {
char status_str[64];
parse_status(status, status_str, sizeof(status_str));
LOGE("stopped by other reason: %s", status_str);
}
return false;
}
#define STOPPED_WITH(sig, event) (WIFSTOPPED(status) && WSTOPSIG(status) == (sig) && (status >> 16) == (event))
#define WAIT_OR_DIE wait_for_trace(pid, &status, __WALL);
#define CONT_OR_DIE \
if (ptrace(PTRACE_CONT, pid, 0, 0) == -1) { \
PLOGE("cont"); \
\
return false; \
}
bool trace_zygote(int pid) {
LOGI("start tracing %d (tracer %d)", pid, getpid());
int status;
if (ptrace(PTRACE_SEIZE, pid, 0, PTRACE_O_EXITKILL) == -1) {
PLOGE("seize");
return false;
}
WAIT_OR_DIE
if (STOPPED_WITH(SIGSTOP, PTRACE_EVENT_STOP)) {
char lib_path[PATH_MAX];
snprintf(lib_path, sizeof(lib_path), "%s/lib" LP_SELECT("", "64") "/libzygisk.so", rezygiskd_get_path());
if (!inject_on_main(pid, lib_path)) {
LOGE("failed to inject");
return false;
}
LOGD("inject done, continue process");
if (kill(pid, SIGCONT)) {
PLOGE("kill");
return false;
}
CONT_OR_DIE
WAIT_OR_DIE
if (STOPPED_WITH(SIGTRAP, PTRACE_EVENT_STOP)) {
CONT_OR_DIE
WAIT_OR_DIE
if (STOPPED_WITH(SIGCONT, 0)) {
LOGD("received SIGCONT");
ptrace(PTRACE_DETACH, pid, 0, SIGCONT);
}
} else {
char status_str[64];
parse_status(status, status_str, sizeof(status_str));
LOGE("unknown state %s, not SIGTRAP + EVENT_STOP", status_str);
ptrace(PTRACE_DETACH, pid, 0, 0);
return false;
}
} else {
char status_str[64];
parse_status(status, status_str, sizeof(status_str));
LOGE("unknown state %s, not SIGSTOP + EVENT_STOP", status_str);
ptrace(PTRACE_DETACH, pid, 0, 0);
return false;
}
return true;
}

218
loader/src/ptracer/ptracer.cpp
View File

@@ -1,218 +0,0 @@
#include <sys/ptrace.h>
#include <unistd.h>
#include <sys/uio.h>
#include <sys/auxv.h>
#include <elf.h>
#include <link.h>
#include <vector>
#include <string>
#include <sys/mman.h>
#include <sys/wait.h>
#include <cstdlib>
#include <cstdio>
#include <dlfcn.h>
#include <signal.h>
#include <sys/system_properties.h>
#include <string>
#include <cinttypes>
#include "utils.hpp"
bool inject_on_main(int pid, const char *lib_path) {
LOGI("injecting %s to zygote %d", lib_path, pid);
// parsing KernelArgumentBlock
// https://cs.android.com/android/platform/superproject/main/+/main:bionic/libc/private/KernelArgumentBlock.h;l=30;drc=6d1ee77ee32220e4202c3066f7e1f69572967ad8
struct user_regs_struct regs{}, backup{};
auto map = MapInfo::Scan(std::to_string(pid));
if (!get_regs(pid, regs)) return false;
auto arg = static_cast<uintptr_t>(regs.REG_SP);
LOGV("kernel argument %" PRIxPTR " %s", arg, get_addr_mem_region(map, arg).c_str());
int argc;
auto argv = reinterpret_cast<char **>(reinterpret_cast<uintptr_t *>(arg) + 1);
LOGV("argv %p", argv);
read_proc(pid, arg, &argc, sizeof(argc));
LOGV("argc %d", argc);
auto envp = argv + argc + 1;
LOGV("envp %p", envp);
auto p = envp;
while (true) {
uintptr_t *buf;
read_proc(pid, (uintptr_t) p, &buf, sizeof(buf));
if (buf != nullptr) ++p;
else break;
}
++p;
auto auxv = reinterpret_cast<ElfW(auxv_t) *>(p);
LOGV("auxv %p %s", auxv, get_addr_mem_region(map, (uintptr_t) auxv).c_str());
auto v = auxv;
uintptr_t entry_addr = 0;
uintptr_t addr_of_entry_addr = 0;
while (true) {
ElfW(auxv_t) buf;
read_proc(pid, (uintptr_t) v, &buf, sizeof(buf));
if (buf.a_type == AT_ENTRY) {
entry_addr = (uintptr_t) buf.a_un.a_val;
addr_of_entry_addr = (uintptr_t) v + offsetof(ElfW(auxv_t), a_un);
LOGV("entry address %" PRIxPTR " %s (entry=%" PRIxPTR ", entry_addr=%" PRIxPTR ")", entry_addr,
get_addr_mem_region(map, entry_addr).c_str(), (uintptr_t) v, addr_of_entry_addr);
break;
}
if (buf.a_type == AT_NULL) break;
v++;
}
if (entry_addr == 0) {
LOGE("failed to get entry");
return false;
}
// Replace the program entry with an invalid address
// For arm32 compatibility, we set the last bit to the same as the entry address
uintptr_t break_addr = (-0x05ec1cff & ~1) | ((uintptr_t) entry_addr & 1);
if (!write_proc(pid, (uintptr_t) addr_of_entry_addr, &break_addr, sizeof(break_addr))) return false;
ptrace(PTRACE_CONT, pid, 0, 0);
int status;
wait_for_trace(pid, &status, __WALL);
if (WIFSTOPPED(status) && WSTOPSIG(status) == SIGSEGV) {
if (!get_regs(pid, regs)) return false;
if (static_cast<uintptr_t>(regs.REG_IP & ~1) != (break_addr & ~1)) {
LOGE("stopped at unknown addr %p", (void *) regs.REG_IP);
return false;
}
// The linker has been initialized now, we can do dlopen
LOGD("stopped at entry");
// restore entry address
if (!write_proc(pid, (uintptr_t) addr_of_entry_addr, &entry_addr, sizeof(entry_addr))) return false;
// backup registers
memcpy(&backup, &regs, sizeof(regs));
map = MapInfo::Scan(std::to_string(pid));
auto local_map = MapInfo::Scan();
auto libc_return_addr = find_module_return_addr(map, "libc.so");
LOGD("libc return addr %p", libc_return_addr);
// call dlopen
auto dlopen_addr = find_func_addr(local_map, map, "libdl.so", "dlopen");
if (dlopen_addr == nullptr) return false;
std::vector<long> args;
auto str = push_string(pid, regs, lib_path);
args.clear();
args.push_back((long) str);
args.push_back((long) RTLD_NOW);
auto remote_handle = remote_call(pid, regs, (uintptr_t) dlopen_addr, (uintptr_t) libc_return_addr, args);
LOGD("remote handle %p", (void *) remote_handle);
if (remote_handle == 0) {
LOGE("handle is null");
// call dlerror
auto dlerror_addr = find_func_addr(local_map, map, "libdl.so", "dlerror");
if (dlerror_addr == nullptr) {
LOGE("find dlerror");
return false;
}
args.clear();
auto dlerror_str_addr = remote_call(pid, regs, (uintptr_t) dlerror_addr, (uintptr_t) libc_return_addr, args);
LOGD("dlerror str %p", (void*) dlerror_str_addr);
if (dlerror_str_addr == 0) return false;
auto strlen_addr = find_func_addr(local_map, map, "libc.so", "strlen");
if (strlen_addr == nullptr) {
LOGE("find strlen");
return false;
}
args.clear();
args.push_back(dlerror_str_addr);
auto dlerror_len = remote_call(pid, regs, (uintptr_t) strlen_addr, (uintptr_t) libc_return_addr, args);
if (dlerror_len <= 0) {
LOGE("dlerror len <= 0");
return false;
}
std::string err;
err.resize(dlerror_len + 1, 0);
read_proc(pid, (uintptr_t) dlerror_str_addr, err.data(), dlerror_len);
LOGE("dlerror info %s", err.c_str());
return false;
}
// call dlsym(handle, "entry")
auto dlsym_addr = find_func_addr(local_map, map, "libdl.so", "dlsym");
if (dlsym_addr == nullptr) return false;
args.clear();
str = push_string(pid, regs, "entry");
args.push_back(remote_handle);
args.push_back((long) str);
auto injector_entry = remote_call(pid, regs, (uintptr_t) dlsym_addr, (uintptr_t) libc_return_addr, args);
LOGD("injector entry %p", (void*) injector_entry);
if (injector_entry == 0) {
LOGE("injector entry is null");
return false;
}
// call injector entry(handle, path)
args.clear();
args.push_back(remote_handle);
str = push_string(pid, regs, zygiskd::GetTmpPath().c_str());
args.push_back((long) str);
remote_call(pid, regs, injector_entry, (uintptr_t) libc_return_addr, args);
// reset pc to entry
backup.REG_IP = (long) entry_addr;
LOGD("invoke entry");
// restore registers
if (!set_regs(pid, backup)) return false;
return true;
} else {
LOGE("stopped by other reason: %s", parse_status(status).c_str());
}
return false;
}
#define STOPPED_WITH(sig, event) (WIFSTOPPED(status) && WSTOPSIG(status) == (sig) && (status >> 16) == (event))
bool trace_zygote(int pid) {
LOGI("start tracing %d", pid);
#define WAIT_OR_DIE wait_for_trace(pid, &status, __WALL);
#define CONT_OR_DIE \
if (ptrace(PTRACE_CONT, pid, 0, 0) == -1) { \
PLOGE("cont"); \
return false; \
}
int status;
LOGI("tracing %d (tracer %d)", pid, getpid());
if (ptrace(PTRACE_SEIZE, pid, 0, PTRACE_O_EXITKILL) == -1) {
PLOGE("seize");
return false;
}
WAIT_OR_DIE
if (STOPPED_WITH(SIGSTOP, PTRACE_EVENT_STOP)) {
std::string lib_path = zygiskd::GetTmpPath();
lib_path += "/lib" LP_SELECT("", "64") "/libzygisk.so";
if (!inject_on_main(pid, lib_path.c_str())) {
LOGE("failed to inject");
return false;
}
LOGD("inject done, continue process");
if (kill(pid, SIGCONT)) {
PLOGE("kill");
return false;
}
CONT_OR_DIE
WAIT_OR_DIE
if (STOPPED_WITH(SIGTRAP, PTRACE_EVENT_STOP)) {
CONT_OR_DIE
WAIT_OR_DIE
if (STOPPED_WITH(SIGCONT, 0)) {
LOGD("received SIGCONT");
ptrace(PTRACE_DETACH, pid, 0, SIGCONT);
}
} else {
LOGE("unknown state %s, not SIGTRAP + EVENT_STOP", parse_status(status).c_str());
ptrace(PTRACE_DETACH, pid, 0, 0);
return false;
}
} else {
LOGE("unknown state %s, not SIGSTOP + EVENT_STOP", parse_status(status).c_str());
ptrace(PTRACE_DETACH, pid, 0, 0);
return false;
}
return true;
}

583
loader/src/ptracer/utils.c Normal file
View File

@@ -0,0 +1,583 @@
#include <stdio.h>
#include <stdlib.h>
#include <inttypes.h>
#include <ctype.h>
#include <sys/sysmacros.h>
#include <sys/ptrace.h>
#include <sys/mman.h>
#include <sys/wait.h>
#include <sys/stat.h>
#include <sys/auxv.h>
#include <sys/uio.h>
#include <signal.h>
#include <dlfcn.h>
#include <sched.h>
#include <fcntl.h>
#include <link.h>
#include <unistd.h>
#include <linux/limits.h>
#include "utils.h"
/* INFO: utils.h must be before logging.h so that it defined LOG_TAG first */
#include "logging.h"
bool switch_mnt_ns(int pid, int *fd) {
int nsfd, old_nsfd = -1;
char path[PATH_MAX];
if (pid == 0) {
if (fd != NULL) {
nsfd = *fd;
*fd = -1;
} else return false;
snprintf(path, sizeof(path), "/proc/self/fd/%d", nsfd);
} else {
if (fd != NULL) {
old_nsfd = open("/proc/self/ns/mnt", O_RDONLY | O_CLOEXEC);
if (old_nsfd == -1) {
PLOGE("get old nsfd");
return false;
}
*fd = old_nsfd;
}
snprintf(path, sizeof(path), "/proc/%d/ns/mnt", pid);
nsfd = open(path, O_RDONLY | O_CLOEXEC);
if (nsfd == -1) {
PLOGE("open nsfd %s", path);
close(old_nsfd);
return false;
}
}
if (setns(nsfd, CLONE_NEWNS) == -1) {
PLOGE("set ns to %s", path);
close(nsfd);
close(old_nsfd);
return false;
}
close(nsfd);
return true;
}
struct maps *parse_maps(const char *filename) {
FILE *fp = fopen(filename, "r");
if (!fp) {
LOGE("Failed to open %s", filename);
return NULL;
}
struct maps *maps = (struct maps *)malloc(sizeof(struct maps));
if (!maps) {
LOGE("Failed to allocate memory for maps");
fclose(fp);
return NULL;
}
/* INFO: To ensure in the realloc the libc will know it is meant
to allocate, and not reallocate from a garbage address. */
maps->maps = NULL;
char line[4096 * 2];
size_t i = 0;
while (fgets(line, sizeof(line), fp) != NULL) {
/* INFO: Remove line ending at the end */
line[strlen(line) - 1] = '\0';
uintptr_t addr_start;
uintptr_t addr_end;
uintptr_t addr_offset;
ino_t inode;
unsigned int dev_major;
unsigned int dev_minor;
char permissions[5] = "";
int path_offset;
sscanf(line,
"%" PRIxPTR "-%" PRIxPTR " %4s %" PRIxPTR " %x:%x %lu %n%*s",
&addr_start, &addr_end, permissions, &addr_offset, &dev_major, &dev_minor,
&inode, &path_offset);
while (isspace(line[path_offset])) {
path_offset++;
}
maps->maps = (struct map *)realloc(maps->maps, (i + 1) * sizeof(struct map));
if (!maps->maps) {
LOGE("Failed to allocate memory for maps->maps");
maps->size = i;
fclose(fp);
free_maps(maps);
return NULL;
}
maps->maps[i].start = addr_start;
maps->maps[i].end = addr_end;
maps->maps[i].offset = addr_offset;
maps->maps[i].perms = 0;
if (permissions[0] == 'r') maps->maps[i].perms |= PROT_READ;
if (permissions[1] == 'w') maps->maps[i].perms |= PROT_WRITE;
if (permissions[2] == 'x') maps->maps[i].perms |= PROT_EXEC;
maps->maps[i].is_private = permissions[3] == 'p';
maps->maps[i].dev = makedev(dev_major, dev_minor);
maps->maps[i].inode = inode;
maps->maps[i].path = strdup(line + path_offset);
if (!maps->maps[i].path) {
LOGE("Failed to allocate memory for maps->maps[%zu].path", i);
maps->size = i;
fclose(fp);
free_maps(maps);
return NULL;
}
i++;
}
fclose(fp);
maps->size = i;
return maps;
}
void free_maps(struct maps *maps) {
if (!maps) {
return;
}
for (size_t i = 0; i < maps->size; i++) {
free((void *)maps->maps[i].path);
}
free(maps->maps);
free(maps);
}
ssize_t write_proc(int pid, uintptr_t remote_addr, const void *buf, size_t len) {
LOGV("write to remote addr %" PRIxPTR " size %zu", remote_addr, len);
struct iovec local = {
.iov_base = (void *)buf,
.iov_len = len
};
struct iovec remote = {
.iov_base = (void *)remote_addr,
.iov_len = len
};
ssize_t l = process_vm_writev(pid, &local, 1, &remote, 1, 0);
if (l == -1) PLOGE("process_vm_writev");
else if ((size_t)l != len) LOGW("not fully written: %zu, excepted %zu", l, len);
return l;
}
ssize_t read_proc(int pid, uintptr_t remote_addr, void *buf, size_t len) {
struct iovec local = {
.iov_base = (void *)buf,
.iov_len = len
};
struct iovec remote = {
.iov_base = (void *)remote_addr,
.iov_len = len
};
ssize_t l = process_vm_readv(pid, &local, 1, &remote, 1, 0);
if (l == -1) PLOGE("process_vm_readv");
else if ((size_t)l != len) LOGW("not fully read: %zu, excepted %zu", l, len);
return l;
}
bool get_regs(int pid, struct user_regs_struct *regs) {
#if defined(__x86_64__) || defined(__i386__)
if (ptrace(PTRACE_GETREGS, pid, 0, regs) == -1) {
PLOGE("getregs");
return false;
}
#elif defined(__aarch64__) || defined(__arm__)
struct iovec iov = {
.iov_base = regs,
.iov_len = sizeof(struct user_regs_struct),
};
if (ptrace(PTRACE_GETREGSET, pid, NT_PRSTATUS, &iov) == -1) {
PLOGE("getregs");
return false;
}
#endif
return true;
}
bool set_regs(int pid, struct user_regs_struct *regs) {
#if defined(__x86_64__) || defined(__i386__)
if (ptrace(PTRACE_SETREGS, pid, 0, regs) == -1) {
PLOGE("setregs");
return false;
}
#elif defined(__aarch64__) || defined(__arm__)
struct iovec iov = {
.iov_base = regs,
.iov_len = sizeof(struct user_regs_struct),
};
if (ptrace(PTRACE_SETREGSET, pid, NT_PRSTATUS, &iov) == -1) {
PLOGE("setregs");
return false;
}
#endif
return true;
}
void get_addr_mem_region(struct maps *info, uintptr_t addr, char *buf, size_t buf_size) {
for (size_t i = 0; i < info->size; i++) {
/* TODO: Early "leave" */
if (info->maps[i].start <= addr && info->maps[i].end > addr) {
snprintf(buf, buf_size, "%s %s%s%s",
info->maps[i].path,
info->maps[i].perms & PROT_READ ? "r" : "-",
info->maps[i].perms & PROT_WRITE ? "w" : "-",
info->maps[i].perms & PROT_EXEC ? "x" : "-");
return;
}
}
snprintf(buf, buf_size, "<unknown>");
}
/* INFO: strrchr but without modifying the string */
const char *position_after(const char *str, const char needle) {
const char *positioned = str + strlen(str);
int i = strlen(str);
while (i != 0) {
i--;
if (str[i] == needle) {
positioned = str + i + 1;
break;
}
}
return positioned;
}
void *find_module_return_addr(struct maps *map, const char *suffix) {
for (size_t i = 0; i < map->size; i++) {
/* TODO: Make it NULL in 1 length path */
if (map->maps[i].path == NULL) continue;
const char *file_name = position_after(map->maps[i].path, '/');
if (!file_name) continue;
if (strlen(file_name) < strlen(suffix) || (map->maps[i].perms & PROT_EXEC) != 0 || strncmp(file_name, suffix, strlen(suffix)) != 0) continue;
return (void *)map->maps[i].start;
}
return NULL;
}
void *find_module_base(struct maps *map, const char *suffix) {
for (size_t i = 0; i < map->size; i++) {
/* TODO: Make it NULL in 1 length path */
if (map->maps[i].path == NULL) continue;
const char *file_name = position_after(map->maps[i].path, '/');
if (!file_name) continue;
if (strlen(file_name) < strlen(suffix) || map->maps[i].offset != 0 || strncmp(file_name, suffix, strlen(suffix)) != 0) continue;
return (void *)map->maps[i].start;
}
return NULL;
}
void *find_func_addr(struct maps *local_info, struct maps *remote_info, const char *module, const char *func) {
void *lib = dlopen(module, RTLD_NOW);
if (lib == NULL) {
LOGE("failed to open lib %s: %s", module, dlerror());
return NULL;
}
uint8_t *sym = (uint8_t *)dlsym(lib, func);
if (sym == NULL) {
LOGE("failed to find sym %s in %s: %s", func, module, dlerror());
dlclose(lib);
return NULL;
}
LOGD("sym %s: %p", func, sym);
dlclose(lib);
uint8_t *local_base = (uint8_t *)find_module_base(local_info, module);
if (local_base == NULL) {
LOGE("failed to find local base for module %s", module);
return NULL;
}
uint8_t *remote_base = (uint8_t *)find_module_base(remote_info, module);
if (remote_base == NULL) {
LOGE("failed to find remote base for module %s", module);
return NULL;
}
LOGD("found local base %p remote base %p", local_base, remote_base);
uint8_t *addr = (sym - local_base) + remote_base;
LOGD("addr %p", addr);
return addr;
}
void align_stack(struct user_regs_struct *regs, long preserve) {
/* INFO: ~0xf is a negative value, and REG_SP is unsigned,
so we must cast REG_SP to signed type before subtracting
then cast back to unsigned type.
*/
regs->REG_SP = (uintptr_t)((intptr_t)(regs->REG_SP - preserve) & ~0xf);
}
uintptr_t push_string(int pid, struct user_regs_struct *regs, const char *str) {
size_t len = strlen(str) + 1;
regs->REG_SP -= len;
align_stack(regs, 0);
uintptr_t addr = (uintptr_t)regs->REG_SP;
if (!write_proc(pid, addr, str, len)) LOGE("failed to write string %s", str);
LOGD("pushed string %" PRIxPTR, addr);
return addr;
}
uintptr_t remote_call(int pid, struct user_regs_struct *regs, uintptr_t func_addr, uintptr_t return_addr, long *args, size_t args_size) {
align_stack(regs, 0);
LOGV("calling remote function %" PRIxPTR " args %zu", func_addr, args_size);
for (size_t i = 0; i < args_size; i++) {
LOGV("arg %p", (void *)args[i]);
}
#if defined(__x86_64__)
if (args_size >= 1) regs->rdi = args[0];
if (args_size >= 2) regs->rsi = args[1];
if (args_size >= 3) regs->rdx = args[2];
if (args_size >= 4) regs->rcx = args[3];
if (args_size >= 5) regs->r8 = args[4];
if (args_size >= 6) regs->r9 = args[5];
if (args_size > 6) {
long remain = (args_size - 6L) * sizeof(long);
align_stack(regs, remain);
if (!write_proc(pid, (uintptr_t) regs->REG_SP, args, remain)) LOGE("failed to push arguments");
}
regs->REG_SP -= sizeof(long);
if (!write_proc(pid, (uintptr_t) regs->REG_SP, &return_addr, sizeof(return_addr))) LOGE("failed to write return addr");
regs->REG_IP = func_addr;
#elif defined(__i386__)
if (args_size > 0) {
long remain = (args_size) * sizeof(long);
align_stack(regs, remain);
if (!write_proc(pid, (uintptr_t) regs->REG_SP, args, remain)) LOGE("failed to push arguments");
}
regs->REG_SP -= sizeof(long);
if (!write_proc(pid, (uintptr_t) regs->REG_SP, &return_addr, sizeof(return_addr))) LOGE("failed to write return addr");
regs->REG_IP = func_addr;
#elif defined(__aarch64__)
for (size_t i = 0; i < args_size && i < 8; i++) {
regs->regs[i] = args[i];
}
if (args_size > 8) {
long remain = (args_size - 8) * sizeof(long);
align_stack(regs, remain);
write_proc(pid, (uintptr_t)regs->REG_SP, args, remain);
}
regs->regs[30] = return_addr;
regs->REG_IP = func_addr;
#elif defined(__arm__)
for (size_t i = 0; i < args_size && i < 4; i++) {
regs->uregs[i] = args[i];
}
if (args_size > 4) {
long remain = (args_size - 4) * sizeof(long);
align_stack(regs, remain);
write_proc(pid, (uintptr_t)regs->REG_SP, args, remain);
}
regs->uregs[14] = return_addr;
regs->REG_IP = func_addr;
unsigned long CPSR_T_MASK = 1lu << 5;
if ((regs->REG_IP & 1) != 0) {
regs->REG_IP = regs->REG_IP & ~1;
regs->uregs[16] = regs->uregs[16] | CPSR_T_MASK;
} else {
regs->uregs[16] = regs->uregs[16] & ~CPSR_T_MASK;
}
#endif
if (!set_regs(pid, regs)) {
LOGE("failed to set regs");
return 0;
}
ptrace(PTRACE_CONT, pid, 0, 0);
int status;
wait_for_trace(pid, &status, __WALL);
if (!get_regs(pid, regs)) {
LOGE("failed to get regs after call");
return 0;
}
if (WSTOPSIG(status) == SIGSEGV) {
if ((uintptr_t)regs->REG_IP != return_addr) {
LOGE("wrong return addr %p", (void *) regs->REG_IP);
return 0;
}
return regs->REG_RET;
} else {
char status_str[64];
parse_status(status, status_str, sizeof(status_str));
LOGE("stopped by other reason %s at addr %p", status_str, (void *)regs->REG_IP);
}
return 0;
}
int fork_dont_care() {
pid_t pid = fork();
if (pid < 0) PLOGE("fork 1");
else if (pid == 0) {
pid = fork();
if (pid < 0) PLOGE("fork 2");
else if (pid > 0) exit(0);
} else {
int status;
waitpid(pid, &status, __WALL);
}
return pid;
}
void wait_for_trace(int pid, int *status, int flags) {
while (1) {
pid_t result = waitpid(pid, status, flags);
if (result == -1) {
if (errno == EINTR) continue;
PLOGE("wait %d failed", pid);
exit(1);
}
if (!WIFSTOPPED(*status)) {
char status_str[64];
parse_status(*status, status_str, sizeof(status_str));
LOGE("process %d not stopped for trace: %s, exit", pid, status_str);
exit(1);
}
return;
}
}
void parse_status(int status, char *buf, size_t len) {
snprintf(buf, len, "0x%x ", status);
if (WIFEXITED(status)) {
snprintf(buf + strlen(buf), len - strlen(buf), "exited with %d", WEXITSTATUS(status));
} else if (WIFSIGNALED(status)) {
snprintf(buf + strlen(buf), len - strlen(buf), "signaled with %s(%d)", sigabbrev_np(WTERMSIG(status)), WTERMSIG(status));
} else if (WIFSTOPPED(status)) {
snprintf(buf + strlen(buf), len - strlen(buf), "stopped by ");
int stop_sig = WSTOPSIG(status);
snprintf(buf + strlen(buf), len - strlen(buf), "signal=%s(%d),", sigabbrev_np(stop_sig), stop_sig);
snprintf(buf + strlen(buf), len - strlen(buf), "event=%s", parse_ptrace_event(status));
} else {
snprintf(buf + strlen(buf), len - strlen(buf), "unknown");
}
}
int get_program(int pid, char *buf, size_t size) {
char path[PATH_MAX];
snprintf(path, sizeof(path), "/proc/%d/exe", pid);
ssize_t sz = readlink(path, buf, size);
if (sz == -1) {
PLOGE("readlink /proc/%d/exe", pid);
return -1;
}
buf[sz] = '\0';
return 0;
}

435
loader/src/ptracer/utils.cpp
View File

@@ -1,435 +0,0 @@
#include <vector>
#include <sys/mman.h>
#include <sys/sysmacros.h>
#include <array>
#include <cinttypes>
#include <sys/ptrace.h>
#include <unistd.h>
#include <sys/uio.h>
#include <sys/auxv.h>
#include <elf.h>
#include <link.h>
#include <vector>
#include <string>
#include <sys/mman.h>
#include <sys/wait.h>
#include <cstdlib>
#include <cstdio>
#include <dlfcn.h>
#include <signal.h>
#include <sstream>
#include <ios>
#include <cstring>
#include <sys/stat.h>
#include "utils.hpp"
#include "logging.h"
#include <sched.h>
#include <fcntl.h>
bool switch_mnt_ns(int pid, int *fd) {
int nsfd, old_nsfd = -1;
std::string path;
if (pid == 0) {
if (fd != nullptr) {
nsfd = *fd;
*fd = -1;
} else return false;
path = "/proc/self/fd/";
path += std::to_string(nsfd);
} else {
if (fd != nullptr) {
old_nsfd = open("/proc/self/ns/mnt", O_RDONLY | O_CLOEXEC);
if (old_nsfd == -1) {
PLOGE("get old nsfd");
return false;
}
*fd = old_nsfd;
}
path = std::string("/proc/") + std::to_string(pid) + "/ns/mnt";
nsfd = open(path.c_str(), O_RDONLY | O_CLOEXEC);
if (nsfd == -1) {
PLOGE("open nsfd %s", path.c_str());
close(old_nsfd);
return false;
}
}
if (setns(nsfd, CLONE_NEWNS) == -1) {
PLOGE("set ns to %s", path.c_str());
close(nsfd);
close(old_nsfd);
return false;
}
close(nsfd);
return true;
}
std::vector<MapInfo> MapInfo::Scan(const std::string& pid) {
constexpr static auto kPermLength = 5;
constexpr static auto kMapEntry = 7;
std::vector<MapInfo> info;
std::string file_name = std::string("/proc/") + pid + "/maps";
auto maps = std::unique_ptr<FILE, decltype(&fclose)>{fopen(file_name.c_str(), "r"), &fclose};
if (maps) {
char *line = nullptr;
size_t len = 0;
ssize_t read;
while ((read = getline(&line, &len, maps.get())) > 0) {
line[read - 1] = '\0';
uintptr_t start = 0;
uintptr_t end = 0;
uintptr_t off = 0;
ino_t inode = 0;
unsigned int dev_major = 0;
unsigned int dev_minor = 0;
std::array<char, kPermLength> perm{'\0'};
int path_off;
if (sscanf(line, "%" PRIxPTR "-%" PRIxPTR " %4s %" PRIxPTR " %x:%x %lu %n%*s", &start,
&end, perm.data(), &off, &dev_major, &dev_minor, &inode,
&path_off) != kMapEntry) {
continue;
}
while (path_off < read && isspace(line[path_off])) path_off++;
auto &ref = info.emplace_back(MapInfo{start, end, 0, perm[3] == 'p', off,
static_cast<dev_t>(makedev(dev_major, dev_minor)),
inode, line + path_off});
if (perm[0] == 'r') ref.perms |= PROT_READ;
if (perm[1] == 'w') ref.perms |= PROT_WRITE;
if (perm[2] == 'x') ref.perms |= PROT_EXEC;
}
free(line);
}
return info;
}
ssize_t write_proc(int pid, uintptr_t remote_addr, const void *buf, size_t len) {
LOGV("write to remote addr %" PRIxPTR " size %zu", remote_addr, len);
struct iovec local{
.iov_base = (void *) buf,
.iov_len = len
};
struct iovec remote{
.iov_base = (void *) remote_addr,
.iov_len = len
};
auto l = process_vm_writev(pid, &local, 1, &remote, 1, 0);
if (l == -1) {
PLOGE("process_vm_writev");
} else if (static_cast<size_t>(l) != len) {
LOGW("not fully written: %zu, excepted %zu", l, len);
}
return l;
}
ssize_t read_proc(int pid, uintptr_t remote_addr, void *buf, size_t len) {
struct iovec local{
.iov_base = (void *) buf,
.iov_len = len
};
struct iovec remote{
.iov_base = (void *) remote_addr,
.iov_len = len
};
auto l = process_vm_readv(pid, &local, 1, &remote, 1, 0);
if (l == -1) {
PLOGE("process_vm_readv");
} else if (static_cast<size_t>(l) != len) {
LOGW("not fully read: %zu, excepted %zu", l, len);
}
return l;
}
bool get_regs(int pid, struct user_regs_struct &regs) {
#if defined(__x86_64__) || defined(__i386__)
if (ptrace(PTRACE_GETREGS, pid, 0, &regs) == -1) {
PLOGE("getregs");
return false;
}
#elif defined(__aarch64__) || defined(__arm__)
struct iovec iov = {
.iov_base = &regs,
.iov_len = sizeof(struct user_regs_struct),
};
if (ptrace(PTRACE_GETREGSET, pid, NT_PRSTATUS, &iov) == -1) {
PLOGE("getregs");
return false;
}
#endif
return true;
}
bool set_regs(int pid, struct user_regs_struct &regs) {
#if defined(__x86_64__) || defined(__i386__)
if (ptrace(PTRACE_SETREGS, pid, 0, &regs) == -1) {
PLOGE("setregs");
return false;
}
#elif defined(__aarch64__) || defined(__arm__)
struct iovec iov = {
.iov_base = &regs,
.iov_len = sizeof(struct user_regs_struct),
};
if (ptrace(PTRACE_SETREGSET, pid, NT_PRSTATUS, &iov) == -1) {
PLOGE("setregs");
return false;
}
#endif
return true;
}
std::string get_addr_mem_region(std::vector<MapInfo> &info, uintptr_t addr) {
for (auto &map: info) {
if (map.start <= addr && map.end > addr) {
auto s = std::string(map.path);
s += ' ';
s += map.perms & PROT_READ ? 'r' : '-';
s += map.perms & PROT_WRITE ? 'w' : '-';
s += map.perms & PROT_EXEC ? 'x' : '-';
return s;
}
}
return "<unknown>";
}
void *find_module_return_addr(std::vector<MapInfo> &info, std::string_view suffix) {
for (auto &map: info) {
if ((map.perms & PROT_EXEC) == 0 && map.path.ends_with(suffix)) {
return (void *) map.start;
}
}
return nullptr;
}
void *find_module_base(std::vector<MapInfo> &info, std::string_view suffix) {
for (auto &map: info) {
if (map.offset == 0 && map.path.ends_with(suffix)) {
return (void *) map.start;
}
}
return nullptr;
}
void *find_func_addr(
std::vector<MapInfo> &local_info,
std::vector<MapInfo> &remote_info,
std::string_view module,
std::string_view func) {
auto lib = dlopen(module.data(), RTLD_NOW);
if (lib == nullptr) {
LOGE("failed to open lib %s: %s", module.data(), dlerror());
return nullptr;
}
auto sym = reinterpret_cast<uint8_t *>(dlsym(lib, func.data()));
if (sym == nullptr) {
LOGE("failed to find sym %s in %s: %s", func.data(), module.data(), dlerror());
dlclose(lib);
return nullptr;
}
LOGD("sym %s: %p", func.data(), sym);
dlclose(lib);
auto local_base = reinterpret_cast<uint8_t *>(find_module_base(local_info, module));
if (local_base == nullptr) {
LOGE("failed to find local base for module %s", module.data());
return nullptr;
}
auto remote_base = reinterpret_cast<uint8_t *>(find_module_base(remote_info, module));
if (remote_base == nullptr) {
LOGE("failed to find remote base for module %s", module.data());
return nullptr;
}
LOGD("found local base %p remote base %p", local_base, remote_base);
auto addr = (sym - local_base) + remote_base;
LOGD("addr %p", addr);
return addr;
}
void align_stack(struct user_regs_struct &regs, long preserve) {
regs.REG_SP = (regs.REG_SP - preserve) & ~0xf;
}
uintptr_t push_string(int pid, struct user_regs_struct &regs, const char *str) {
auto len = strlen(str) + 1;
regs.REG_SP -= len;
align_stack(regs);
auto addr = static_cast<uintptr_t>(regs.REG_SP);
if (!write_proc(pid, addr, str, len)) {
LOGE("failed to write string %s", str);
}
LOGD("pushed string %" PRIxPTR, addr);
return addr;
}
uintptr_t remote_call(int pid, struct user_regs_struct &regs, uintptr_t func_addr, uintptr_t return_addr,
std::vector<long> &args) {
align_stack(regs);
LOGV("calling remote function %" PRIxPTR " args %zu", func_addr, args.size());
for (auto &a: args) {
LOGV("arg %p", (void *) a);
}
#if defined(__x86_64__)
if (args.size() >= 1) {
regs.rdi = args[0];
}
if (args.size() >= 2) {
regs.rsi = args[1];
}
if (args.size() >= 3) {
regs.rdx = args[2];
}
if (args.size() >= 4) {
regs.rcx = args[3];
}
if (args.size() >= 5) {
regs.r8 = args[4];
}
if (args.size() >= 6) {
regs.r9 = args[5];
}
if (args.size() > 6) {
auto remain = (args.size() - 6) * sizeof(long);
align_stack(regs, remain);
if (!write_proc(pid, (uintptr_t) regs.REG_SP, args.data(), remain)) {
LOGE("failed to push arguments");
}
}
regs.REG_SP -= sizeof(long);
if (!write_proc(pid, (uintptr_t) regs.REG_SP, &return_addr, sizeof(return_addr))) {
LOGE("failed to write return addr");
}
regs.REG_IP = func_addr;
#elif defined(__i386__)
if (args.size() > 0) {
auto remain = (args.size()) * sizeof(long);
align_stack(regs, remain);
if (!write_proc(pid, (uintptr_t) regs.REG_SP, args.data(), remain)) {
LOGE("failed to push arguments");
}
}
regs.REG_SP -= sizeof(long);
if (!write_proc(pid, (uintptr_t) regs.REG_SP, &return_addr, sizeof(return_addr))) {
LOGE("failed to write return addr");
}
regs.REG_IP = func_addr;
#elif defined(__aarch64__)
for (size_t i = 0; i < args.size() && i < 8; i++) {
regs.regs[i] = args[i];
}
if (args.size() > 8) {
auto remain = (args.size() - 8) * sizeof(long);
align_stack(regs, remain);
write_proc(pid, (uintptr_t)regs.REG_SP, args.data(), remain);
}
regs.regs[30] = return_addr;
regs.REG_IP = func_addr;
#elif defined(__arm__)
for (size_t i = 0; i < args.size() && i < 4; i++) {
regs.uregs[i] = args[i];
}
if (args.size() > 4) {
auto remain = (args.size() - 4) * sizeof(long);
align_stack(regs, remain);
write_proc(pid, (uintptr_t)regs.REG_SP, args.data(), remain);
}
regs.uregs[14] = return_addr;
regs.REG_IP = func_addr;
constexpr auto CPSR_T_MASK = 1lu << 5;
if ((regs.REG_IP & 1) != 0) {
regs.REG_IP = regs.REG_IP & ~1;
regs.uregs[16] = regs.uregs[16] | CPSR_T_MASK;
} else {
regs.uregs[16] = regs.uregs[16] & ~CPSR_T_MASK;
}
#endif
if (!set_regs(pid, regs)) {
LOGE("failed to set regs");
return 0;
}
ptrace(PTRACE_CONT, pid, 0, 0);
int status;
wait_for_trace(pid, &status, __WALL);
if (!get_regs(pid, regs)) {
LOGE("failed to get regs after call");
return 0;
}
if (WSTOPSIG(status) == SIGSEGV) {
if (static_cast<uintptr_t>(regs.REG_IP) != return_addr) {
LOGE("wrong return addr %p", (void *) regs.REG_IP);
return 0;
}
return regs.REG_RET;
} else {
LOGE("stopped by other reason %s at addr %p", parse_status(status).c_str(), (void*) regs.REG_IP);
}
return 0;
}
int fork_dont_care() {
auto pid = fork();
if (pid < 0) {
PLOGE("fork 1");
} else if (pid == 0) {
pid = fork();
if (pid < 0) {
PLOGE("fork 2");
} else if (pid > 0) {
exit(0);
}
} else {
int status;
waitpid(pid, &status, __WALL);
}
return pid;
}
void wait_for_trace(int pid, int* status, int flags) {
while (true) {
auto result = waitpid(pid, status, flags);
if (result == -1) {
if (errno == EINTR) {
continue;
} else {
PLOGE("wait %d failed", pid);
exit(1);
}
}
if (!WIFSTOPPED(*status)) {
LOGE("process %d not stopped for trace: %s, exit", pid, parse_status(*status).c_str());
exit(1);
}
return;
}
}
std::string parse_status(int status) {
std::ostringstream os;
os << "0x" << std::hex << status << std::dec << " ";
if (WIFEXITED(status)) {
os << "exited with " << WEXITSTATUS(status);
} else if (WIFSIGNALED(status)) {
os << "signaled with " << sigabbrev_np(WTERMSIG(status)) << "(" << WTERMSIG(status) << ")";
} else if (WIFSTOPPED(status)) {
os << "stopped by ";
auto stop_sig = WSTOPSIG(status);
os << "signal=" << sigabbrev_np(stop_sig) << "(" << stop_sig << "),";
os << "event=" << parse_ptrace_event(status);
} else {
os << "unknown";
}
return os.str();
}
std::string get_program(int pid) {
std::string path = "/proc/";
path += std::to_string(pid);
path += "/exe";
constexpr const auto SIZE = 256;
char buf[SIZE + 1];
auto sz = readlink(path.c_str(), buf, SIZE);
if (sz == -1) {
PLOGE("readlink /proc/%d/exe", pid);
return "";
}
buf[sz] = 0;
return buf;
}

115
loader/src/ptracer/utils.h Normal file
View File

@@ -0,0 +1,115 @@
#ifndef UTILS_H
#define UTILS_H
#include <sys/ptrace.h>
#include "daemon.h"
#ifdef __LP64__
#define LOG_TAG "zygisk-ptrace64"
#else
#define LOG_TAG "zygisk-ptrace32"
#endif
#include "logging.h"
struct map {
uintptr_t start;
uintptr_t end;
uint8_t perms;
bool is_private;
uintptr_t offset;
dev_t dev;
ino_t inode;
const char *path;
};
struct maps {
struct map *maps;
size_t size;
};
struct maps *parse_maps(const char *filename);
void free_maps(struct maps *maps);
#if defined(__x86_64__)
#define REG_SP rsp
#define REG_IP rip
#define REG_RET rax
#elif defined(__i386__)
#define REG_SP esp
#define REG_IP eip
#define REG_RET eax
#elif defined(__aarch64__)
#define REG_SP sp
#define REG_IP pc
#define REG_RET regs[0]
#elif defined(__arm__)
#define REG_SP uregs[13]
#define REG_IP uregs[15]
#define REG_RET uregs[0]
#define user_regs_struct user_regs
#endif
ssize_t write_proc(int pid, uintptr_t remote_addr, const void *buf, size_t len);
ssize_t read_proc(int pid, uintptr_t remote_addr, void *buf, size_t len);
bool get_regs(int pid, struct user_regs_struct *regs);
bool set_regs(int pid, struct user_regs_struct *regs);
void get_addr_mem_region(struct maps *map, uintptr_t addr, char *buf, size_t buf_size);
void *find_module_return_addr(struct maps *map, const char *suffix);
void *find_func_addr(struct maps *local_info, struct maps *remote_info, const char *module, const char *func);
void align_stack(struct user_regs_struct *regs, long preserve);
uintptr_t push_string(int pid, struct user_regs_struct *regs, const char *str);
uintptr_t remote_call(int pid, struct user_regs_struct *regs, uintptr_t func_addr, uintptr_t return_addr, long *args, size_t args_size);
int fork_dont_care();
void wait_for_trace(int pid, int* status, int flags);
void parse_status(int status, char *buf, size_t len);
#define WPTEVENT(x) (x >> 16)
#define CASE_CONST_RETURN(x) case x: return #x;
static inline const char *parse_ptrace_event(int status) {
status = status >> 16;
switch (status) {
CASE_CONST_RETURN(PTRACE_EVENT_FORK)
CASE_CONST_RETURN(PTRACE_EVENT_VFORK)
CASE_CONST_RETURN(PTRACE_EVENT_CLONE)
CASE_CONST_RETURN(PTRACE_EVENT_EXEC)
CASE_CONST_RETURN(PTRACE_EVENT_VFORK_DONE)
CASE_CONST_RETURN(PTRACE_EVENT_EXIT)
CASE_CONST_RETURN(PTRACE_EVENT_SECCOMP)
CASE_CONST_RETURN(PTRACE_EVENT_STOP)
default:
return "(no event)";
}
}
static inline const char *sigabbrev_np(int sig) {
if (sig > 0 && sig < NSIG) return sys_signame[sig];
return "(unknown)";
}
int get_program(int pid, char *buf, size_t size);
/* INFO: pid = 0, fd != nullptr -> set to fd
pid != 0, fd != nullptr -> set to pid ns, give orig ns in fd
*/
bool switch_mnt_ns(int pid, int *fd);
#endif /* UTILS_H */

124
loader/src/ptracer/utils.hpp
View File

@@ -1,124 +0,0 @@
#pragma once
#include <string>
#include <sys/ptrace.h>
#include <map>
#include "daemon.h"
#ifdef __LP64__
#define LOG_TAG "zygisk-ptrace64"
#else
#define LOG_TAG "zygisk-ptrace32"
#endif
#include "logging.h"
struct MapInfo {
/// \brief The start address of the memory region.
uintptr_t start;
/// \brief The end address of the memory region.
uintptr_t end;
/// \brief The permissions of the memory region. This is a bit mask of the following values:
/// - PROT_READ
/// - PROT_WRITE
/// - PROT_EXEC
uint8_t perms;
/// \brief Whether the memory region is private.
bool is_private;
/// \brief The offset of the memory region.
uintptr_t offset;
/// \brief The device number of the memory region.
/// Major can be obtained by #major()
/// Minor can be obtained by #minor()
dev_t dev;
/// \brief The inode number of the memory region.
ino_t inode;
/// \brief The path of the memory region.
std::string path;
/// \brief Scans /proc/self/maps and returns a list of \ref MapInfo entries.
/// This is useful to find out the inode of the library to hook.
/// \return A list of \ref MapInfo entries.
static std::vector<MapInfo> Scan(const std::string& pid = "self");
};
#if defined(__x86_64__)
#define REG_SP rsp
#define REG_IP rip
#define REG_RET rax
#elif defined(__i386__)
#define REG_SP esp
#define REG_IP eip
#define REG_RET eax
#elif defined(__aarch64__)
#define REG_SP sp
#define REG_IP pc
#define REG_RET regs[0]
#elif defined(__arm__)
#define REG_SP uregs[13]
#define REG_IP uregs[15]
#define REG_RET uregs[0]
#define user_regs_struct user_regs
#endif
ssize_t write_proc(int pid, uintptr_t remote_addr, const void *buf, size_t len);
ssize_t read_proc(int pid, uintptr_t remote_addr, void *buf, size_t len);
bool get_regs(int pid, struct user_regs_struct &regs);
bool set_regs(int pid, struct user_regs_struct &regs);
std::string get_addr_mem_region(std::vector<MapInfo> &info, uintptr_t addr);
void *find_module_base(std::vector<MapInfo> &info, std::string_view suffix);
void *find_func_addr(
std::vector<MapInfo> &local_info,
std::vector<MapInfo> &remote_info,
std::string_view module,
std::string_view func);
void align_stack(struct user_regs_struct &regs, long preserve = 0);
uintptr_t push_string(int pid, struct user_regs_struct &regs, const char *str);
uintptr_t remote_call(int pid, struct user_regs_struct &regs, uintptr_t func_addr, uintptr_t return_addr,
std::vector<long> &args);
int fork_dont_care();
void wait_for_trace(int pid, int* status, int flags);
std::string parse_status(int status);
#define WPTEVENT(x) (x >> 16)
#define CASE_CONST_RETURN(x) case x: return #x;
inline const char* parse_ptrace_event(int status) {
status = status >> 16;
switch (status) {
CASE_CONST_RETURN(PTRACE_EVENT_FORK)
CASE_CONST_RETURN(PTRACE_EVENT_VFORK)
CASE_CONST_RETURN(PTRACE_EVENT_CLONE)
CASE_CONST_RETURN(PTRACE_EVENT_EXEC)
CASE_CONST_RETURN(PTRACE_EVENT_VFORK_DONE)
CASE_CONST_RETURN(PTRACE_EVENT_EXIT)
CASE_CONST_RETURN(PTRACE_EVENT_SECCOMP)
CASE_CONST_RETURN(PTRACE_EVENT_STOP)
default:
return "(no event)";
}
}
inline const char* sigabbrev_np(int sig) {
if (sig > 0 && sig < NSIG) return sys_signame[sig];
return "(unknown)";
}
std::string get_program(int pid);
void *find_module_return_addr(std::vector<MapInfo> &info, std::string_view suffix);
// pid = 0, fd != nullptr -> set to fd
// pid != 0, fd != nullptr -> set to pid ns, give orig ns in fd
bool switch_mnt_ns(int pid, int *fd);

33
module/build.gradle.kts
View File

@@ -24,6 +24,7 @@ val moduleId: String by rootProject.extra
val moduleName: String by rootProject.extra
val verCode: Int by rootProject.extra
val verName: String by rootProject.extra
val minAPatchVersion: Int by rootProject.extra
val minKsuVersion: Int by rootProject.extra
val minKsudVersion: Int by rootProject.extra
val maxKsuVersion: Int by rootProject.extra
@@ -52,7 +53,7 @@ androidComponents.onVariants { variant ->
into(moduleDir)
from("${rootProject.projectDir}/README.md")
from("$projectDir/src") {
exclude("module.prop", "customize.sh", "post-fs-data.sh", "service.sh", "zygisk-ctl.sh", "mazoku")
exclude("module.prop", "customize.sh", "post-fs-data.sh", "service.sh", "uninstall.sh")
filter<FixCrLfFilter>("eol" to FixCrLfFilter.CrLf.newInstance("lf"))
}
from("$projectDir/src") {
@@ -64,11 +65,11 @@ androidComponents.onVariants { variant ->
"versionCode" to verCode
)
}
from("$projectDir/src/mazoku")
from("$projectDir/src") {
include("customize.sh", "post-fs-data.sh", "service.sh", "zygisk-ctl.sh")
include("customize.sh", "post-fs-data.sh", "service.sh", "uninstall.sh")
val tokens = mapOf(
"DEBUG" to if (buildTypeLowered == "debug") "true" else "false",
"MIN_APATCH_VERSION" to "$minAPatchVersion",
"MIN_KSU_VERSION" to "$minKsuVersion",
"MIN_KSUD_VERSION" to "$minKsudVersion",
"MAX_KSU_VERSION" to "$maxKsuVersion",
@@ -78,7 +79,7 @@ androidComponents.onVariants { variant ->
filter<FixCrLfFilter>("eol" to FixCrLfFilter.CrLf.newInstance("lf"))
}
into("bin") {
from(project(":zygiskd").layout.buildDirectory.file("rustJniLibs/android"))
from(project(":zygiskd").layout.buildDirectory.getAsFile().get())
include("**/zygiskd")
}
into("lib") {
@@ -89,7 +90,7 @@ androidComponents.onVariants { variant ->
doLast {
if (file("private_key").exists()) {
println("=== machikado intergity signing ===")
println("=== Guards the peace of Machikado ===")
val privateKey = file("private_key").readBytes()
val publicKey = file("public_key").readBytes()
val namedSpec = NamedParameterSpec("ed25519")
@@ -98,7 +99,6 @@ androidComponents.onVariants { variant ->
val privKey = kf.generatePrivate(privKeySpec);
val sig = Signature.getInstance("ed25519")
fun File.sha(realFile: File? = null) {
val path = this.path.replace("\\", "/")
sig.update(this.name.toByteArray())
sig.update(0) // null-terminated string
val real = realFile ?: this
@@ -121,7 +121,6 @@ androidComponents.onVariants { variant ->
set.add(Pair(root.file("sepolicy.rule").asFile, null))
set.add(Pair(root.file("post-fs-data.sh").asFile, null))
set.add(Pair(root.file("service.sh").asFile, null))
set.add(Pair(root.file("mazoku").asFile, null))
set.add(
Pair(
root.file("lib/libzygisk.so").asFile,
@@ -158,12 +157,6 @@ androidComponents.onVariants { variant ->
root.file("bin/$abi64/zygiskd").asFile
)
)
set.add(
Pair(
root.file("bin/zygisk-ctl").asFile,
root.file("zygisk-ctl.sh").asFile
)
)
sig.initSign(privKey)
set.forEach { it.first.sha(it.second) }
val signFile = root.file(name).asFile
@@ -220,10 +213,22 @@ androidComponents.onVariants { variant ->
}
}
val installAPatchTask = task<Exec>("installAPatch$variantCapped") {
group = "module"
dependsOn(pushTask)
commandLine("adb", "shell", "su", "-c", "/data/adb/apd module install /data/local/tmp/$zipFileName")
}
val installMagiskTask = task<Exec>("installMagisk$variantCapped") {
group = "module"
dependsOn(pushTask)
commandLine("adb", "shell", "su", "-c", "magisk --install-module /data/local/tmp/$zipFileName")
commandLine("adb", "shell", "su", "-M", "-c", "magisk --install-module /data/local/tmp/$zipFileName")
}
task<Exec>("installAPatchAndReboot$variantCapped") {
group = "module"
dependsOn(installAPatchTask)
commandLine("adb", "reboot")
}
task<Exec>("installKsuAndReboot$variantCapped") {

17
module/src/customize.sh
View File

@@ -6,6 +6,7 @@ MIN_KSU_VERSION=@MIN_KSU_VERSION@
MIN_KSUD_VERSION=@MIN_KSUD_VERSION@
MAX_KSU_VERSION=@MAX_KSU_VERSION@
MIN_MAGISK_VERSION=@MIN_MAGISK_VERSION@
MIN_APATCH_VERSION=@MIN_APATCH_VERSION@
if [ "$BOOTMODE" ] && [ "$KSU" ]; then
ui_print "- Installing from KernelSU app"
@@ -31,9 +32,17 @@ if [ "$BOOTMODE" ] && [ "$KSU" ]; then
if [ "$(which magisk)" ]; then
ui_print "*********************************************************"
ui_print "! Multiple root implementation is NOT supported!"
ui_print "! Please uninstall Magisk before installing Zygisk Next"
ui_print "! Please uninstall Magisk before installing ReZygisk"
abort "*********************************************************"
fi
elif [ "$BOOTMODE" ] && [ "$APATCH" ]; then
ui_print "- Installing from APatch app"
if ! [ "$APATCH_VER_CODE" ] || [ "$APATCH_VER_CODE" -lt "$MIN_APATCH_VERSION" ]; then
ui_print "*********************************************************"
ui_print "! APatch version is too old!"
ui_print "! Please update APatch to latest version"
abort "*********************************************************"
fi
elif [ "$BOOTMODE" ] && [ "$MAGISK_VER_CODE" ]; then
ui_print "- Installing from Magisk app"
if [ "$MAGISK_VER_CODE" -lt "$MIN_MAGISK_VERSION" ]; then
@@ -50,7 +59,7 @@ else
fi
VERSION=$(grep_prop version "${TMPDIR}/module.prop")
ui_print "- Installing Zygisk Next $VERSION"
ui_print "- Installing ReZygisk $VERSION"
# check android
if [ "$API" -lt 26 ]; then
@@ -94,14 +103,12 @@ ui_print "- Extracting module files"
extract "$ZIPFILE" 'module.prop' "$MODPATH"
extract "$ZIPFILE" 'post-fs-data.sh' "$MODPATH"
extract "$ZIPFILE" 'service.sh' "$MODPATH"
extract "$ZIPFILE" 'zygisk-ctl.sh' "$MODPATH"
extract "$ZIPFILE" 'mazoku' "$MODPATH"
extract "$ZIPFILE" 'uninstall.sh' "$MODPATH"
mv "$TMPDIR/sepolicy.rule" "$MODPATH"
mkdir "$MODPATH/bin"
mkdir "$MODPATH/lib"
mkdir "$MODPATH/lib64"
mv "$MODPATH/zygisk-ctl.sh" "$MODPATH/bin/zygisk-ctl"
if [ "$ARCH" = "x86" ] || [ "$ARCH" = "x64" ]; then
ui_print "- Extracting x86 libraries"

1
module/src/mazoku
View File

@@ -1 +0,0 @@
c<EFBFBD><EFBFBD><EFBFBD>]<5D><> <20>[<11>B<EFBFBD>u<EFBFBD>5=<3D>rEU<45>Z<>ʿ<EFBFBD><CABF><<3C>5<EFBFBD>_o<><6F>M<>L<>l<EFBFBD><6C><EFBFBD>Q#<23><><EFBFBD>C<EFBFBD>}<7D> e<><65>fjق/<2F>7<EFBFBD><11><>(<28><>g<b<>Rg<07>m<EFBFBD>d

3
module/src/module.prop
View File

@@ -2,6 +2,5 @@ id=${moduleId}
name=${moduleName}
version=${versionName}
versionCode=${versionCode}
author=Nullptr, 5ec1cff
author=The PerformanC Organization
description=Standalone implementation of Zygisk.
updateJson=https://api.nullptr.icu/android/zygisk-next/static/update.json

7
module/src/post-fs-data.sh
View File

@@ -26,8 +26,11 @@ create_sys_perm() {
chcon u:object_r:system_file:s0 $1
}
export TMP_PATH=/sbin
[ -d /sbin ] || export TMP_PATH=/debug_ramdisk
export TMP_PATH=/data/adb/rezygisk
if [ -d $TMP_PATH ]; then
rm -rf $TMP_PATH
fi
create_sys_perm $TMP_PATH

28
module/src/sepolicy.rule
View File

@@ -1,20 +1,16 @@
allow * tmpfs * *
allow zygote appdomain_tmpfs dir *
allow zygote appdomain_tmpfs file *
type zygisk_file file_type
typeattribute zygisk_file mlstrustedobject
allow zygote zygisk_file sock_file {read write}
type magisk_file file_type
typeattribute magisk_file mlstrustedobject
allow * magisk_file file *
allow * magisk_file dir *
allow * magisk_file fifo_file *
allow * magisk_file chr_file *
allow * magisk_file lnk_file *
allow * magisk_file sock_file *
allow zygote magisk lnk_file read
allow zygote unlabeled file {read open}
allow zygote zygote capability sys_chroot
allow zygote su dir search
allow zygote su {lnk_file file} read
allow system_server system_server process execmem
allow zygote adb_data_file dir search
allow zygote mnt_vendor_file dir search
allow zygote system_file dir mounton
allow zygote labeledfs filesystem mount
allow zygote fs_type filesystem unmount
allow zygote adb_data_file file *
allow zygote zygote process execmem
allow system_server system_server process execmem
allow zygote tmpfs file *
allow zygote appdomain_tmpfs file *

2
module/src/service.sh
View File

@@ -15,7 +15,7 @@ if [ "$(which magisk)" ]; then
if [ -f "$file/service.sh" ]; then
cd "$file"
log -p i -t "zygisk-sh" "Manually trigger service.sh for $file"
sh "$(realpath ./service.sh)"
sh "$(realpath ./service.sh)" &
cd "$MODDIR"
fi
fi

5
module/src/uninstall.sh Normal file
View File

@@ -0,0 +1,5 @@
#!/system/bin/sh
export TMP_PATH=/data/adb/rezygisk
rm -rf $TMP_PATH

6
module/src/zygisk-ctl.sh
View File

@@ -1,6 +0,0 @@
MODDIR=${0%/*}/..
export TMP_PATH=/sbin
[ -d /sbin ] || export TMP_PATH=/debug_ramdisk
exec $MODDIR/bin/zygisk-ptrace64 ctl $*

2
settings.gradle.kts
View File

@@ -16,7 +16,7 @@ dependencyResolutionManagement {
}
}
rootProject.name = "ZygiskNext"
rootProject.name = "ReZygisk"
include(
":loader",
":module",

3
zygiskd/.cargo/config.toml
View File

@@ -1,3 +0,0 @@
[build]
target-dir = "build/intermediates/rust"
target = "aarch64-linux-android"

35
zygiskd/Cargo.toml
View File

@@ -1,35 +0,0 @@
[package]
name = "zygiskd"
authors = ["Nullptr"]
version = "1.0.0"
edition = "2021"
rust-version = "1.69"
[dependencies]
android_logger = "0.13"
anyhow = { version = "1.0", features = ["backtrace"] }
bitflags = { version = "2.3" }
const_format = "0.2"
futures = "0.3"
konst = "0.3"
lazy_static = "1.4"
libc = "0.2"
log = "0.4"
memfd = "0.6"
num_enum = "0.5"
passfd = "0.1"
proc-maps = "0.3"
rustix = { version = "0.38", features = [ "fs", "process", "mount", "net", "thread" ] }
tokio = { version = "1.28", features = ["full"] }
[profile.dev]
strip = false
panic = "abort"
[profile.release]
strip = false
debug = true
panic = "abort"
opt-level = "z"
lto = true

164
zygiskd/build.gradle.kts
View File

@@ -1,8 +1,24 @@
plugins {
alias(libs.plugins.agp.lib)
alias(libs.plugins.rust.android)
import java.nio.file.Paths
import org.gradle.internal.os.OperatingSystem
fun getLatestNDKPath(): String {
val android_home = System.getenv("ANDROID_HOME")
if (android_home == null) {
throw Exception("ANDROID_HOME not set")
}
val ndkPath = android_home + "/ndk"
val ndkDir = Paths.get(ndkPath)
if (!ndkDir.toFile().exists()) {
throw Exception("NDK not found at $ndkPath")
}
val ndkVersion = ndkDir.toFile().listFiles().filter { it.isDirectory }.map { it.name }.sorted().last()
return ndkPath + "/" + ndkVersion
}
val minAPatchVersion: Int by rootProject.extra
val minKsuVersion: Int by rootProject.extra
val maxKsuVersion: Int by rootProject.extra
val minMagiskVersion: Int by rootProject.extra
@@ -10,58 +26,94 @@ val verCode: Int by rootProject.extra
val verName: String by rootProject.extra
val commitHash: String by rootProject.extra
android.buildFeatures {
androidResources = false
buildConfig = false
val CStandardFlags = arrayOf(
"-D_GNU_SOURCE", "-std=c99", "-Wpedantic", "-Wall", "-Wextra", "-Werror",
"-Wformat", "-Wuninitialized", "-Wshadow", "-Wno-zero-length-array",
"-Wconversion", "-Wno-fixed-enum-extension", "-Iroot_impl", "-llog",
"-DMIN_APATCH_VERSION=$minAPatchVersion",
"-DMIN_KSU_VERSION=$minKsuVersion",
"-DMAX_KSU_VERSION=$maxKsuVersion",
"-DMIN_MAGISK_VERSION=$minMagiskVersion",
"-DZKSU_VERSION=\"$verName\""
)
val CFlagsRelease = arrayOf(
"-Wl,--strip-all", "-flto=thin", "-Ofast"
)
val CFlagsDebug = arrayOf(
"-g", "-O0", "-DDEBUG"
)
val Files = arrayOf(
"root_impl/apatch.c",
"root_impl/common.c",
"root_impl/kernelsu.c",
"root_impl/magisk.c",
"companion.c",
"main.c",
"utils.c",
"zygiskd.c"
)
task("buildAndStrip") {
group = "build"
description = "Build the native library and strip the debug symbols."
val isDebug = gradle.startParameter.taskNames.any { it.lowercase().contains("debug") }
doLast {
val ndkPath = getLatestNDKPath()
val aarch64Compiler = Paths.get(ndkPath, "toolchains", "llvm", "prebuilt", "linux-x86_64", "bin", "aarch64-linux-android34-clang").toString()
val armv7aCompiler = Paths.get(ndkPath, "toolchains", "llvm", "prebuilt", "linux-x86_64", "bin", "armv7a-linux-androideabi34-clang").toString()
val x86Compiler = Paths.get(ndkPath, "toolchains", "llvm", "prebuilt", "linux-x86_64", "bin", "i686-linux-android34-clang").toString()
val x86_64Compiler = Paths.get(ndkPath, "toolchains", "llvm", "prebuilt", "linux-x86_64", "bin", "x86_64-linux-android34-clang").toString()
if (!Paths.get(aarch64Compiler).toFile().exists()) {
throw Exception("aarch64 compiler not found at $aarch64Compiler")
}
if (!Paths.get(armv7aCompiler).toFile().exists()) {
throw Exception("armv7a compiler not found at $armv7aCompiler")
}
if (!Paths.get(x86Compiler).toFile().exists()) {
throw Exception("x86 compiler not found at $x86Compiler")
}
if (!Paths.get(x86_64Compiler).toFile().exists()) {
throw Exception("x86_64 compiler not found at $x86_64Compiler")
}
val Files = Files.map { Paths.get(project.projectDir.toString(), "src", it).toString() }.toTypedArray()
val buildDir = getLayout().getBuildDirectory().getAsFile().get()
buildDir.mkdirs()
val aarch64OutputDir = Paths.get(buildDir.toString(), "arm64-v8a").toFile()
val armv7aOutputDir = Paths.get(buildDir.toString(), "armeabi-v7a").toFile()
val x86OutputDir = Paths.get(buildDir.toString(), "x86").toFile()
val x86_64OutputDir = Paths.get(buildDir.toString(), "x86_64").toFile()
aarch64OutputDir.mkdirs()
armv7aOutputDir.mkdirs()
x86OutputDir.mkdirs()
x86_64OutputDir.mkdirs()
val compileArgs = (if (isDebug) CFlagsDebug else CFlagsRelease) + CStandardFlags
exec {
commandLine(aarch64Compiler, "-o", Paths.get(aarch64OutputDir.toString(), "zygiskd").toString(), *compileArgs, *Files)
}
exec {
commandLine(armv7aCompiler, "-o", Paths.get(armv7aOutputDir.toString(), "zygiskd").toString(), *compileArgs, *Files)
}
exec {
commandLine(x86Compiler, "-o", Paths.get(x86OutputDir.toString(), "zygiskd").toString(), *compileArgs, *Files)
}
exec {
commandLine(x86_64Compiler, "-o", Paths.get(x86_64OutputDir.toString(), "zygiskd").toString(), *compileArgs, *Files)
}
}
}
cargo {
module = "."
libname = "zygiskd"
targetIncludes = arrayOf("zygiskd")
targets = listOf("arm64", "arm", "x86", "x86_64")
targetDirectory = "build/intermediates/rust"
val isDebug = gradle.startParameter.taskNames.any { it.toLowerCase().contains("debug") }
profile = if (isDebug) "debug" else "release"
exec = { spec, _ ->
spec.environment("ANDROID_NDK_HOME", android.ndkDirectory.path)
spec.environment("MIN_KSU_VERSION", minKsuVersion)
spec.environment("MAX_KSU_VERSION", maxKsuVersion)
spec.environment("MIN_MAGISK_VERSION", minMagiskVersion)
spec.environment("ZKSU_VERSION", "$verName-$verCode-$commitHash-$profile")
}
}
afterEvaluate {
task<Task>("buildAndStrip") {
dependsOn(":zygiskd:cargoBuild")
val isDebug = gradle.startParameter.taskNames.any { it.toLowerCase().contains("debug") }
doLast {
val dir = File(buildDir, "rustJniLibs/android")
val prebuilt = File(android.ndkDirectory, "toolchains/llvm/prebuilt").listFiles()!!.first()
val binDir = File(prebuilt, "bin")
val symbolDir = File(buildDir, "symbols/${if (isDebug) "debug" else "release"}")
symbolDir.mkdirs()
val suffix = if (prebuilt.name.contains("windows")) ".exe" else ""
val strip = File(binDir, "llvm-strip$suffix")
val objcopy = File(binDir, "llvm-objcopy$suffix")
dir.listFiles()!!.forEach {
if (!it.isDirectory) return@forEach
val symbolPath = File(symbolDir, "${it.name}/zygiskd.debug")
symbolPath.parentFile.mkdirs()
exec {
workingDir = it
commandLine(objcopy, "--only-keep-debug", "zygiskd", symbolPath)
}
exec {
workingDir = it
commandLine(strip, "--strip-all", "zygiskd")
}
exec {
workingDir = it
commandLine(objcopy, "--add-gnu-debuglink", symbolPath, "zygiskd")
}
}
}
}
}

661
zygiskd/src/LICENSE Normal file
View File

@@ -0,0 +1,661 @@
GNU AFFERO GENERAL PUBLIC LICENSE
Version 3, 19 November 2007
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU Affero General Public License is a free, copyleft license for
software and other kinds of works, specifically designed to ensure
cooperation with the community in the case of network server software.
The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
our General Public Licenses are intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.
Developers that use our General Public Licenses protect your rights
with two steps: (1) assert copyright on the software, and (2) offer
you this License which gives you legal permission to copy, distribute
and/or modify the software.
A secondary benefit of defending all users' freedom is that
improvements made in alternate versions of the program, if they
receive widespread use, become available for other developers to
incorporate. Many developers of free software are heartened and
encouraged by the resulting cooperation. However, in the case of
software used on network servers, this result may fail to come about.
The GNU General Public License permits making a modified version and
letting the public access it on a server without ever releasing its
source code to the public.
The GNU Affero General Public License is designed specifically to
ensure that, in such cases, the modified source code becomes available
to the community. It requires the operator of a network server to
provide the source code of the modified version running there to the
users of that server. Therefore, public use of a modified version, on
a publicly accessible server, gives the public access to the source
code of the modified version.
An older license, called the Affero General Public License and
published by Affero, was designed to accomplish similar goals. This is
a different license, not a version of the Affero GPL, but Affero has
released a new version of the Affero GPL which permits relicensing under
this license.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU Affero General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this
License. Each licensee is addressed as "you". "Licensees" and
"recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy. The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based
on the Program.
To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work
for making modifications to it. "Object code" means any non-source
form of a work.
A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.
The Corresponding Source for a work in source code form is that
same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force. You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright. Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under
the conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.
b) The work must carry prominent notices stating that it is
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no
permission to license the work in any other way, but it does not
invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.
A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:
a) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium
customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a
written offer, valid for at least three years and valid for as
long as you offer spare parts or customer support for that product
model, to give anyone who possesses the object code either (1) a
copy of the Corresponding Source for all the software in the
product that is covered by this License, on a durable physical
medium customarily used for software interchange, for a price no
more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the
written offer to provide the Corresponding Source. This
alternative is allowed only occasionally and noncommercially, and
only if you received the object code with such an offer, in accord
with subsection 6b.
d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided
you inform other peers where the object code and Corresponding
Source of the work are being offered to the general public at no
charge under subsection 6d.
A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling. In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage. For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product. A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.
"Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source. The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.
If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information. But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).
The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed. Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law. If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it. (Additional permissions may be written to require their own
removal in certain cases when you modify the work.) You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the
terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or
author attributions in that material or in the Appropriate Legal
Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or
authors of the material; or
e) Declining to grant rights under trademark law for use of some
trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that
material by anyone who conveys the material (or modified versions of
it) with contractual assumptions of liability to the recipient, for
any liability that these contractual assumptions directly impose on
those licensors and authors.
All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10. If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term. If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly
provided under this License. Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly and
finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or
run a copy of the Program. Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance. However,
nothing other than this License grants you permission to propagate or
modify any covered work. These actions infringe copyright if you do
not accept this License. Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License. You are not responsible
for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version. For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement). To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.
If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients. "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.
A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.
13. Remote Network Interaction; Use with the GNU General Public License.
Notwithstanding any other provision of this License, if you modify the
Program, your modified version must prominently offer all users
interacting with it remotely through a computer network (if your version
supports such interaction) an opportunity to receive the Corresponding
Source of your version by providing access to the Corresponding Source
from a network server at no charge, through some standard or customary
means of facilitating copying of software. This Corresponding Source
shall include the Corresponding Source for any work covered by version 3
of the GNU General Public License that is incorporated pursuant to the
following paragraph.
Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU General Public License into a single
combined work, and to convey the resulting work. The terms of this
License will continue to apply to the part which is the covered work,
but the work with which it is combined will remain governed by version
3 of the GNU General Public License.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of
the GNU Affero General Public License from time to time. Such new versions
will be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the
Program specifies that a certain numbered version of the GNU Affero General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of the
GNU Affero General Public License, you may choose any version ever published
by the Free Software Foundation.
If the Program specifies that a proxy can decide which future
versions of the GNU Affero General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.
Later license versions may give you additional or different
permissions. However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If your software can interact with users remotely through a computer
network, you should also make sure that it provides a way for users to
get its source. For example, if your program is a web application, its
interface could display a "Source" link that leads users to an archive
of the code. There are many ways you could offer source, and different
solutions will be better for different programs; see section 13 for the
specific requirements.
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU AGPL, see
<https://www.gnu.org/licenses/>.

179
zygiskd/src/companion.c Normal file
View File

@@ -0,0 +1,179 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <dlfcn.h>
#include <errno.h>
#include <fcntl.h>
#include <signal.h>
#include <unistd.h>
#include <linux/limits.h>
#include <pthread.h>
#include <android/log.h>
#include "utils.h"
#undef LOG_TAG
#define LOG_TAG lp_select("zygiskd-companion32", "zygiskd-companion64")
typedef void (*zygisk_companion_entry)(int);
struct companion_module_thread_args {
int fd;
zygisk_companion_entry entry;
};
zygisk_companion_entry load_module(int fd) {
char path[PATH_MAX];
snprintf(path, sizeof(path), "/proc/self/fd/%d", fd);
void *handle = dlopen(path, RTLD_NOW);
if (!handle) return NULL;
void *entry = dlsym(handle, "zygisk_companion_entry");
if (!entry) {
LOGE("Failed to dlsym zygisk_companion_entry: %s\n", dlerror());
dlclose(handle);
return NULL;
}
return (zygisk_companion_entry)entry;
}
/* WARNING: Dynamic memory based */
void *entry_thread(void *arg) {
struct companion_module_thread_args *args = (struct companion_module_thread_args *)arg;
int fd = args->fd;
zygisk_companion_entry module_entry = args->entry;
struct stat st0 = { 0 };
if (fstat(fd, &st0) == -1) {
LOGE(" - Failed to get initial client fd stats: %s\n", strerror(errno));
free(args);
return NULL;
}
module_entry(fd);
/* INFO: Only attempt to close the client fd if it appears to be the same file
and if we can successfully stat it again. This prevents double closes
if the module companion already closed the fd.
*/
struct stat st1;
if (fstat(fd, &st1) != -1 || st0.st_ino == st1.st_ino) {
LOGI(" - Client fd changed after module entry\n");
close(fd);
}
free(args);
return NULL;
}
/* WARNING: Dynamic memory based */
void companion_entry(int fd) {
LOGI("New companion entry.\n - Client fd: %d\n", fd);
char name[256 + 1];
ssize_t ret = read_string(fd, name, sizeof(name));
if (ret == -1) {
LOGE("Failed to read module name\n");
goto cleanup;
}
LOGI(" - Module name: \"%s\"\n", name);
int library_fd = read_fd(fd);
if (library_fd == -1) {
LOGE("Failed to receive library fd\n");
goto cleanup;
}
LOGI(" - Library fd: %d\n", library_fd);
zygisk_companion_entry module_entry = load_module(library_fd);
close(library_fd);
if (module_entry == NULL) {
LOGE(" - No companion module entry for module: %s\n", name);
ret = write_uint8_t(fd, 0);
ASSURE_SIZE_WRITE("ZygiskdCompanion", "module_entry", ret, sizeof(uint8_t));
goto cleanup;
} else {
LOGI(" - Module entry found\n");
ret = write_uint8_t(fd, 1);
ASSURE_SIZE_WRITE("ZygiskdCompanion", "module_entry", ret, sizeof(uint8_t));
}
struct sigaction sa;
memset(&sa, 0, sizeof(sa));
sigemptyset(&sa.sa_mask);
sa.sa_handler = SIG_IGN;
sigaction(SIGPIPE, &sa, NULL);
while (1) {
if (!check_unix_socket(fd, true)) {
LOGE("Something went wrong in companion. Bye!\n");
break;
}
int client_fd = read_fd(fd);
if (client_fd == -1) {
LOGE("Failed to receive client fd\n");
break;
}
struct companion_module_thread_args *args = malloc(sizeof(struct companion_module_thread_args));
if (args == NULL) {
LOGE("Failed to allocate memory for thread args\n");
close(client_fd);
break;
}
args->fd = client_fd;
args->entry = module_entry;
LOGI("New companion request.\n - Module name: %s\n - Client fd: %d\n", name, client_fd);
ret = write_uint8_t(client_fd, 1);
ASSURE_SIZE_WRITE("ZygiskdCompanion", "client_fd", ret, sizeof(uint8_t));
pthread_t thread;
if (pthread_create(&thread, NULL, entry_thread, (void *)args) == 0)
continue;
LOGE(" - Failed to create thread for companion module\n");
close(client_fd);
free(args);
break;
}
cleanup:
close(fd);
LOGE("Companion thread exited\n");
exit(0);
}

6
zygiskd/src/companion.h Normal file
View File

@@ -0,0 +1,6 @@
#ifndef COMPANION_H
#define COMPANION_H
void companion_entry(int fd);
#endif /* COMPANION_H */

73
zygiskd/src/companion.rs
View File

@@ -1,73 +0,0 @@
use crate::dl;
use crate::utils::{check_unix_socket, UnixStreamExt};
use anyhow::Result;
use passfd::FdPassingExt;
use rustix::fs::fstat;
use std::ffi::c_void;
use std::os::fd::{AsRawFd, FromRawFd, RawFd};
use std::os::unix::net::UnixStream;
use std::thread;
type ZygiskCompanionEntryFn = unsafe extern "C" fn(i32);
pub fn entry(fd: i32) {
log::info!("companion entry fd={}", fd);
let mut stream = unsafe { UnixStream::from_raw_fd(fd) };
let name = stream.read_string().expect("read name");
let library = stream.recv_fd().expect("receive library fd");
let entry = load_module(library).expect("load module");
unsafe { libc::close(library) };
let entry = match entry {
Some(entry) => {
log::debug!("Companion process created for `{name}`");
stream.write_u8(1).expect("reply 1");
entry
}
None => {
log::debug!("No companion entry for `{name}`");
stream.write_u8(0).expect("reply 0");
std::process::exit(0);
}
};
loop {
if !check_unix_socket(&stream, true) {
log::info!("Something bad happened in zygiskd, terminate companion");
std::process::exit(0);
}
let fd = stream.recv_fd().expect("recv fd");
log::trace!("New companion request from module `{name}` fd=`{fd}`");
let mut stream = unsafe { UnixStream::from_raw_fd(fd) };
stream.write_u8(1).expect("reply success");
thread::spawn(move || {
let st0 = fstat(&stream).expect("failed to stat stream");
unsafe {
entry(stream.as_raw_fd());
}
// Only close client if it is the same file so we don't
// accidentally close a re-used file descriptor.
// This check is required because the module companion
// handler could've closed the file descriptor already.
if let Ok(st1) = fstat(&stream) {
if st0.st_dev != st1.st_dev || st0.st_ino != st1.st_ino {
std::mem::forget(stream);
}
}
});
}
}
fn load_module(fd: RawFd) -> Result<Option<ZygiskCompanionEntryFn>> {
unsafe {
let path = format!("/proc/self/fd/{fd}");
let handle = dl::dlopen(&path, libc::RTLD_NOW)?;
let symbol = std::ffi::CString::new("zygisk_companion_entry")?;
let entry = libc::dlsym(handle, symbol.as_ptr());
if entry.is_null() {
return Ok(None);
}
let fnptr = std::mem::transmute::<*mut c_void, ZygiskCompanionEntryFn>(entry);
Ok(Some(fnptr))
}
}

55
zygiskd/src/constants.h Normal file
View File

@@ -0,0 +1,55 @@
#ifndef CONSTANTS_H
#define CONSTANTS_H
#include <android/log.h>
#define bool _Bool
#define true 1
#define false 0
#if (defined(__LP64__) || defined(_LP64))
#define lp_select(a, b) b
#else
#define lp_select(a, b) a
#endif
#define ZYGOTE_INJECTED lp_select(5, 4)
#define DAEMON_SET_INFO lp_select(7, 6)
#define DAEMON_SET_ERROR_INFO lp_select(9, 8)
#define SYSTEM_SERVER_STARTED 10
enum DaemonSocketAction {
PingHeartbeat = 0,
GetProcessFlags = 1,
GetInfo = 2,
ReadModules = 3,
RequestCompanionSocket = 4,
GetModuleDir = 5,
ZygoteRestart = 6,
SystemServerStarted = 7,
UpdateMountNamespace = 8
};
enum ProcessFlags: uint32_t {
PROCESS_GRANTED_ROOT = (1u << 0),
PROCESS_ON_DENYLIST = (1u << 1),
PROCESS_IS_MANAGER = (1u << 27),
PROCESS_ROOT_IS_APATCH = (1u << 28),
PROCESS_ROOT_IS_KSU = (1u << 29),
PROCESS_ROOT_IS_MAGISK = (1u << 30),
PROCESS_IS_FIRST_STARTED = (1u << 31)
};
enum RootImplState {
Supported,
TooOld,
Inexistent,
Abnormal
};
enum MountNamespaceState {
Clean,
Mounted
};
#endif /* CONSTANTS_H */

48
zygiskd/src/constants.rs
View File

@@ -1,48 +0,0 @@
use crate::lp_select;
use bitflags::bitflags;
use konst::primitive::parse_i32;
use konst::unwrap_ctx;
use log::LevelFilter;
use num_enum::TryFromPrimitive;
pub const MIN_KSU_VERSION: i32 = unwrap_ctx!(parse_i32(env!("MIN_KSU_VERSION")));
pub const MAX_KSU_VERSION: i32 = unwrap_ctx!(parse_i32(env!("MAX_KSU_VERSION")));
pub const MIN_MAGISK_VERSION: i32 = unwrap_ctx!(parse_i32(env!("MIN_MAGISK_VERSION")));
pub const ZKSU_VERSION: &str = env!("ZKSU_VERSION");
#[cfg(debug_assertions)]
pub const MAX_LOG_LEVEL: LevelFilter = LevelFilter::Trace;
#[cfg(not(debug_assertions))]
pub const MAX_LOG_LEVEL: LevelFilter = LevelFilter::Info;
pub const PATH_MODULES_DIR: &str = "..";
pub const ZYGOTE_INJECTED: i32 = lp_select!(5, 4);
pub const DAEMON_SET_INFO: i32 = lp_select!(7, 6);
pub const DAEMON_SET_ERROR_INFO: i32 = lp_select!(9, 8);
pub const SYSTEM_SERVER_STARTED: i32 = 10;
#[derive(Debug, Eq, PartialEq, TryFromPrimitive)]
#[repr(u8)]
pub enum DaemonSocketAction {
PingHeartbeat,
RequestLogcatFd,
GetProcessFlags,
ReadModules,
RequestCompanionSocket,
GetModuleDir,
ZygoteRestart,
SystemServerStarted,
}
// Zygisk process flags
bitflags! {
#[derive(Clone, Copy, Debug, PartialEq, Eq, Hash)]
pub struct ProcessFlags: u32 {
const PROCESS_GRANTED_ROOT = 1 << 0;
const PROCESS_ON_DENYLIST = 1 << 1;
const PROCESS_IS_MANAGER = 1 << 28;
const PROCESS_ROOT_IS_KSU = 1 << 29;
const PROCESS_ROOT_IS_MAGISK = 1 << 30;
const PROCESS_IS_SYSUI = 1 << 31;
}
}

85
zygiskd/src/dl.rs
View File

@@ -1,85 +0,0 @@
use anyhow::{bail, Result};
use std::ffi::{c_char, c_void};
pub const ANDROID_NAMESPACE_TYPE_SHARED: u64 = 0x2;
pub const ANDROID_DLEXT_USE_NAMESPACE: u64 = 0x200;
#[repr(C)]
#[derive(Debug, Copy, Clone)]
pub struct AndroidNamespace {
_unused: [u8; 0],
}
#[repr(C)]
pub struct AndroidDlextinfo {
pub flags: u64,
pub reserved_addr: *mut c_void,
pub reserved_size: libc::size_t,
pub relro_fd: libc::c_int,
pub library_fd: libc::c_int,
pub library_fd_offset: libc::off64_t,
pub library_namespace: *mut AndroidNamespace,
}
extern "C" {
pub fn android_dlopen_ext(
filename: *const c_char,
flags: libc::c_int,
extinfo: *const AndroidDlextinfo,
) -> *mut c_void;
}
type AndroidCreateNamespaceFn = unsafe extern "C" fn(
*const c_char, // name
*const c_char, // ld_library_path
*const c_char, // default_library_path
u64, // type
*const c_char, // permitted_when_isolated_path
*mut AndroidNamespace, // parent
*const c_void, // caller_addr
) -> *mut AndroidNamespace;
pub unsafe fn dlopen(path: &str, flags: i32) -> Result<*mut c_void> {
let filename = std::ffi::CString::new(path)?;
let filename = filename.as_ptr() as *mut _;
let dir = libc::dirname(filename);
let mut info = AndroidDlextinfo {
flags: 0,
reserved_addr: std::ptr::null_mut(),
reserved_size: 0,
relro_fd: 0,
library_fd: 0,
library_fd_offset: 0,
library_namespace: std::ptr::null_mut(),
};
let android_create_namespace_fn = libc::dlsym(
libc::RTLD_DEFAULT,
std::ffi::CString::new("__loader_android_create_namespace")?.as_ptr(),
);
let android_create_namespace_fn: AndroidCreateNamespaceFn =
std::mem::transmute(android_create_namespace_fn);
let ns = android_create_namespace_fn(
filename,
dir,
std::ptr::null(),
ANDROID_NAMESPACE_TYPE_SHARED,
std::ptr::null(),
std::ptr::null_mut(),
&dlopen as *const _ as *const c_void,
);
if ns != std::ptr::null_mut() {
info.flags = ANDROID_DLEXT_USE_NAMESPACE;
info.library_namespace = ns;
log::debug!("Open {} with namespace {:p}", path, ns);
} else {
log::debug!("Cannot create namespace for {}", path);
};
let result = android_dlopen_ext(filename, flags, &info);
if result.is_null() {
let e = std::ffi::CStr::from_ptr(libc::dlerror()).to_string_lossy();
bail!(e);
}
Ok(result)
}

73
zygiskd/src/main.c Normal file
View File

@@ -0,0 +1,73 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <android/log.h>
#include "root_impl/common.h"
#include "companion.h"
#include "zygiskd.h"
#include "utils.h"
int __android_log_print(int prio, const char *tag, const char *fmt, ...);
int main(int argc, char *argv[]) {
#ifdef __LP64__
LOGI("Welcome to ReZygisk %s Zygiskd64!\n", ZKSU_VERSION);
#else
LOGI("Welcome to ReZygisk %s Zygiskd32!\n", ZKSU_VERSION);
#endif
if (argc > 1) {
if (strcmp(argv[1], "companion") == 0) {
if (argc < 3) {
LOGI("Usage: zygiskd companion <fd>\n");
return 1;
}
int fd = atoi(argv[2]);
companion_entry(fd);
return 0;
}
else if (strcmp(argv[1], "version") == 0) {
LOGI("ReZygisk Daemon %s\n", ZKSU_VERSION);
return 0;
}
else if (strcmp(argv[1], "root") == 0) {
root_impls_setup();
struct root_impl impl;
get_impl(&impl);
char impl_name[LONGEST_ROOT_IMPL_NAME];
stringify_root_impl_name(impl, impl_name);
LOGI("Root implementation: %s\n", impl_name);
return 0;
}
else {
LOGI("Usage: zygiskd [companion|version|root]\n");
return 0;
}
}
if (switch_mount_namespace((pid_t)1) == false) {
LOGE("Failed to switch mount namespace\n");
return 1;
}
root_impls_setup();
zygiskd_start(argv);
return 0;
}

45
zygiskd/src/main.rs
View File

@@ -1,45 +0,0 @@
mod companion;
mod constants;
mod dl;
mod root_impl;
mod utils;
mod zygiskd;
use crate::constants::ZKSU_VERSION;
fn init_android_logger(tag: &str) {
android_logger::init_once(
android_logger::Config::default()
.with_max_level(constants::MAX_LOG_LEVEL)
.with_tag(tag),
);
}
fn start() {
let args: Vec<String> = std::env::args().collect();
if args.len() == 3 && args[1] == "companion" {
let fd: i32 = args[2].parse().unwrap();
companion::entry(fd);
return;
} else if args.len() == 2 && args[1] == "version" {
println!("Zygisk Next daemon {}", ZKSU_VERSION);
return;
} else if args.len() == 2 && args[1] == "root" {
root_impl::setup();
println!("root impl: {:?}", root_impl::get_impl());
return;
}
utils::switch_mount_namespace(1).expect("switch mnt ns");
root_impl::setup();
log::info!("current root impl: {:?}", root_impl::get_impl());
zygiskd::main().expect("zygiskd main");
}
fn main() {
let process = std::env::args().next().unwrap();
let nice_name = process.split('/').last().unwrap();
init_android_logger(nice_name);
start();
}

194
zygiskd/src/root_impl/apatch.c Normal file
View File

@@ -0,0 +1,194 @@
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <unistd.h>
#include <errno.h>
#include "../constants.h"
#include "../utils.h"
#include "common.h"
#include "apatch.h"
void apatch_get_existence(struct root_impl_state *state) {
struct stat s;
if (stat("/data/adb/apd", &s) != 0) {
if (errno != ENOENT) {
LOGE("Failed to stat APatch apd binary: %s\n", strerror(errno));
}
errno = 0;
state->state = Inexistent;
return;
}
char *PATH = getenv("PATH");
if (PATH == NULL) {
LOGE("Failed to get PATH environment variable: %s\n", strerror(errno));
errno = 0;
state->state = Inexistent;
return;
}
if (strstr(PATH, "/data/adb/ap/bin") == NULL) {
LOGE("APatch's APD binary is not in PATH\n");
state->state = Inexistent;
return;
}
char apatch_version[32];
char *const argv[] = { "apd", "-V", NULL };
if (!exec_command(apatch_version, sizeof(apatch_version), "/data/adb/apd", argv)) {
LOGE("Failed to execute apd binary: %s\n", strerror(errno));
errno = 0;
state->state = Inexistent;
return;
}
int version = atoi(apatch_version + strlen("apd "));
if (version == 0) state->state = Abnormal;
else if (version >= MIN_APATCH_VERSION && version <= 999999) state->state = Supported;
else if (version >= 1 && version <= MIN_APATCH_VERSION - 1) state->state = TooOld;
else state->state = Abnormal;
}
struct package_config {
uid_t uid;
bool root_granted;
bool umount_needed;
};
struct packages_config {
struct package_config *configs;
size_t size;
};
/* WARNING: Dynamic memory based */
bool _apatch_get_package_config(struct packages_config *restrict config) {
config->configs = NULL;
config->size = 0;
FILE *fp = fopen("/data/adb/ap/package_config", "r");
if (fp == NULL) {
LOGE("Failed to open APatch's package_config: %s\n", strerror(errno));
return false;
}
char line[1048];
/* INFO: Skip the CSV header */
if (fgets(line, sizeof(line), fp) == NULL) {
LOGE("Failed to read APatch's package_config header: %s\n", strerror(errno));
fclose(fp);
return false;
}
while (fgets(line, sizeof(line), fp) != NULL) {
config->configs = realloc(config->configs, (config->size + 1) * sizeof(struct package_config));
if (config->configs == NULL) {
LOGE("Failed to realloc APatch config struct: %s\n", strerror(errno));
fclose(fp);
return false;
}
strtok(line, ",");
char *exclude_str = strtok(NULL, ",");
if (exclude_str == NULL) continue;
char *allow_str = strtok(NULL, ",");
if (allow_str == NULL) continue;
char *uid_str = strtok(NULL, ",");
if (uid_str == NULL) continue;
config->configs[config->size].uid = (uid_t)atoi(uid_str);
config->configs[config->size].root_granted = strcmp(allow_str, "1") == 0;
config->configs[config->size].umount_needed = strcmp(exclude_str, "1") == 0;
config->size++;
}
fclose(fp);
return true;
}
void _apatch_free_package_config(struct packages_config *restrict config) {
free(config->configs);
}
bool apatch_uid_granted_root(uid_t uid) {
struct packages_config config;
if (!_apatch_get_package_config(&config)) {
_apatch_free_package_config(&config);
return false;
}
for (size_t i = 0; i < config.size; i++) {
if (config.configs[i].uid != uid) continue;
/* INFO: This allow us to copy the information to avoid use-after-free */
bool root_granted = config.configs[i].root_granted;
_apatch_free_package_config(&config);
return root_granted;
}
_apatch_free_package_config(&config);
return false;
}
bool apatch_uid_should_umount(uid_t uid) {
struct packages_config config;
if (!_apatch_get_package_config(&config)) {
_apatch_free_package_config(&config);
return false;
}
for (size_t i = 0; i < config.size; i++) {
if (config.configs[i].uid != uid) continue;
/* INFO: This allow us to copy the information to avoid use-after-free */
bool umount_needed = config.configs[i].umount_needed;
_apatch_free_package_config(&config);
return umount_needed;
}
_apatch_free_package_config(&config);
return false;
}
bool apatch_uid_is_manager(uid_t uid) {
struct stat s;
if (stat("/data/user_de/0/me.bmax.apatch", &s) == -1) {
if (errno != ENOENT) {
LOGE("Failed to stat APatch manager data directory: %s\n", strerror(errno));
}
errno = 0;
return false;
}
return s.st_uid == uid;
}

14
zygiskd/src/root_impl/apatch.h Normal file
View File

@@ -0,0 +1,14 @@
#ifndef APATCH_H
#define APATCH_H
#include "../constants.h"
void apatch_get_existence(struct root_impl_state *state);
bool apatch_uid_granted_root(uid_t uid);
bool apatch_uid_should_umount(uid_t uid);
bool apatch_uid_is_manager(uid_t uid);
#endif

129
zygiskd/src/root_impl/common.c Normal file
View File

@@ -0,0 +1,129 @@
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <sys/types.h>
#include <sys/stat.h>
#include "../utils.h"
#include "kernelsu.h"
#include "apatch.h"
#include "magisk.h"
#include "common.h"
static struct root_impl impl;
void root_impls_setup(void) {
struct root_impl_state state_ksu;
ksu_get_existence(&state_ksu);
struct root_impl_state state_apatch;
apatch_get_existence(&state_apatch);
struct root_impl_state state_magisk;
magisk_get_existence(&state_magisk);
/* INFO: Check if it's only one supported, if not, it's multile and that's bad.
Remember that true here is equal to the integer 1. */
if ((state_ksu.state == Supported ? 1 : 0) + (state_apatch.state == Supported ? 1 : 0) + (state_magisk.state == Supported ? 1 : 0) >= 2) {
impl.impl = Multiple;
} else if (state_ksu.state == Supported) {
impl.impl = KernelSU;
} else if (state_apatch.state == Supported) {
impl.impl = APatch;
} else if (state_magisk.state == Supported) {
impl.impl = Magisk;
impl.variant = state_magisk.variant;
} else {
impl.impl = None;
}
switch (impl.impl) {
case None: {
LOGI("No root implementation found.\n");
break;
}
case Multiple: {
LOGI("Multiple root implementations found.\n");
break;
}
case KernelSU: {
LOGI("KernelSU root implementation found.\n");
break;
}
case APatch: {
LOGI("APatch root implementation found.\n");
break;
}
case Magisk: {
if (state_magisk.variant == 0) {
LOGI("Magisk Official root implementation found.\n");
} else {
LOGI("Magisk Kitsune root implementation found.\n");
}
break;
}
}
}
void get_impl(struct root_impl *uimpl) {
uimpl->impl = impl.impl;
uimpl->variant = impl.variant;
}
bool uid_granted_root(uid_t uid) {
switch (impl.impl) {
case KernelSU: {
return ksu_uid_granted_root(uid);
}
case APatch: {
return apatch_uid_granted_root(uid);
}
case Magisk: {
return magisk_uid_granted_root(uid);
}
default: {
return false;
}
}
}
bool uid_should_umount(uid_t uid) {
switch (impl.impl) {
case KernelSU: {
return ksu_uid_should_umount(uid);
}
case APatch: {
return apatch_uid_should_umount(uid);
}
case Magisk: {
return magisk_uid_should_umount(uid);
}
default: {
return false;
}
}
}
bool uid_is_manager(uid_t uid) {
switch (impl.impl) {
case KernelSU: {
return ksu_uid_is_manager(uid);
}
case APatch: {
return apatch_uid_is_manager(uid);
}
case Magisk: {
return magisk_uid_is_manager(uid);
}
default: {
return false;
}
}
}

38
zygiskd/src/root_impl/common.h Normal file
View File

@@ -0,0 +1,38 @@
#ifndef COMMON_H
#define COMMON_H
#include <stdint.h>
#include "../constants.h"
enum root_impls {
None,
Multiple,
KernelSU,
APatch,
Magisk
};
struct root_impl_state {
enum RootImplState state;
uint8_t variant;
};
struct root_impl {
enum root_impls impl;
uint8_t variant;
};
#define LONGEST_ROOT_IMPL_NAME sizeof("Magisk Official")
void root_impls_setup(void);
void get_impl(struct root_impl *uimpl);
bool uid_granted_root(uid_t uid);
bool uid_should_umount(uid_t uid);
bool uid_is_manager(uid_t uid);
#endif /* COMMON_H */

82
zygiskd/src/root_impl/kernelsu.c Normal file
View File

@@ -0,0 +1,82 @@
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/prctl.h>
#include <errno.h>
#include "../constants.h"
#include "../utils.h"
#include "common.h"
#include "kernelsu.h"
/* INFO: It would be presumed it is a unsigned int,
so we need to cast it to signed int to
avoid any potential UB.
*/
#define KERNEL_SU_OPTION (int)0xdeadbeef
#define CMD_GET_VERSION 2
#define CMD_UID_GRANTED_ROOT 12
#define CMD_UID_SHOULD_UMOUNT 13
void ksu_get_existence(struct root_impl_state *state) {
int version = 0;
prctl((signed int)KERNEL_SU_OPTION, CMD_GET_VERSION, &version, 0, 0);
if (version == 0) state->state = Abnormal;
else if (version >= MIN_KSU_VERSION && version <= MAX_KSU_VERSION) {
/* INFO: Some custom kernels for custom ROMs have pre-installed KernelSU.
Some users don't want to use KernelSU, but, for example, Magisk.
This if allows this to happen, as it checks if "ksud" exists,
which in case it doesn't, it won't be considered as supported. */
struct stat s;
if (stat("/data/adb/ksud", &s) == -1) {
if (errno != ENOENT) {
LOGE("Failed to stat KSU daemon: %s\n", strerror(errno));
}
errno = 0;
state->state = Abnormal;
return;
}
state->state = Supported;
}
else if (version >= 1 && version <= MIN_KSU_VERSION - 1) state->state = TooOld;
else state->state = Abnormal;
}
bool ksu_uid_granted_root(uid_t uid) {
uint32_t result = 0;
bool granted = false;
prctl(KERNEL_SU_OPTION, CMD_UID_GRANTED_ROOT, uid, &granted, &result);
if ((int)result != KERNEL_SU_OPTION) return false;
return granted;
}
bool ksu_uid_should_umount(uid_t uid) {
uint32_t result = 0;
bool umount = false;
prctl(KERNEL_SU_OPTION, CMD_UID_SHOULD_UMOUNT, uid, &umount, &result);
if ((int)result != KERNEL_SU_OPTION) return false;
return umount;
}
bool ksu_uid_is_manager(uid_t uid) {
struct stat s;
if (stat("/data/user_de/0/me.weishu.kernelsu", &s) == -1) {
if (errno != ENOENT) {
LOGE("Failed to stat KSU manager data directory: %s\n", strerror(errno));
}
errno = 0;
return false;
}
return s.st_uid == uid;
}

14
zygiskd/src/root_impl/kernelsu.h Normal file
View File

@@ -0,0 +1,14 @@
#ifndef KERNELSU_H
#define KERNELSU_H
#include "../constants.h"
void ksu_get_existence(struct root_impl_state *state);
bool ksu_uid_granted_root(uid_t uid);
bool ksu_uid_should_umount(uid_t uid);
bool ksu_uid_is_manager(uid_t uid);
#endif

77
zygiskd/src/root_impl/kernelsu.rs
View File

@@ -1,77 +0,0 @@
use crate::constants::{MAX_KSU_VERSION, MIN_KSU_VERSION};
const KERNEL_SU_OPTION: u32 = 0xdeadbeefu32;
const CMD_GET_VERSION: usize = 2;
const CMD_UID_GRANTED_ROOT: usize = 12;
const CMD_UID_SHOULD_UMOUNT: usize = 13;
pub enum Version {
Supported,
TooOld,
Abnormal,
}
pub fn get_kernel_su() -> Option<Version> {
let mut version = 0;
unsafe {
libc::prctl(
KERNEL_SU_OPTION as i32,
CMD_GET_VERSION,
&mut version as *mut i32,
0,
0,
)
};
const MAX_OLD_VERSION: i32 = MIN_KSU_VERSION - 1;
match version {
0 => None,
MIN_KSU_VERSION..=MAX_KSU_VERSION => Some(Version::Supported),
1..=MAX_OLD_VERSION => Some(Version::TooOld),
_ => Some(Version::Abnormal),
}
}
pub fn uid_granted_root(uid: i32) -> bool {
let mut result: u32 = 0;
let mut granted = false;
unsafe {
libc::prctl(
KERNEL_SU_OPTION as i32,
CMD_UID_GRANTED_ROOT,
uid,
&mut granted as *mut bool,
&mut result as *mut u32,
)
};
if result != KERNEL_SU_OPTION {
log::warn!("uid_granted_root failed");
}
granted
}
pub fn uid_should_umount(uid: i32) -> bool {
let mut result: u32 = 0;
let mut umount = false;
unsafe {
libc::prctl(
KERNEL_SU_OPTION as i32,
CMD_UID_SHOULD_UMOUNT,
uid,
&mut umount as *mut bool,
&mut result as *mut u32,
)
};
if result != KERNEL_SU_OPTION {
log::warn!("uid_granted_root failed");
}
umount
}
// TODO: signature
pub fn uid_is_manager(uid: i32) -> bool {
if let Ok(s) = rustix::fs::stat("/data/user_de/0/me.weishu.kernelsu") {
return s.st_uid == uid as u32;
}
false
}

210
zygiskd/src/root_impl/magisk.c Normal file
View File

@@ -0,0 +1,210 @@
#include <stdlib.h>
#include <string.h>
#include <fcntl.h>
#include <dirent.h>
#include <sys/stat.h>
#include <sys/prctl.h>
#include <errno.h>
#include <unistd.h>
#include "../constants.h"
#include "../utils.h"
#include "common.h"
#include "magisk.h"
char *supported_variants[] = {
"kitsune"
};
char *magisk_managers[] = {
"com.topjohnwu.magisk",
"io.github.huskydg.magisk"
};
#define SBIN_MAGISK lp_select("/sbin/magisk32", "/sbin/magisk64")
#define BITLESS_SBIN_MAGISK "/sbin/magisk"
#define DEBUG_RAMDISK_MAGISK lp_select("/debug_ramdisk/magisk32", "/debug_ramdisk/magisk64")
#define BITLESS_DEBUG_RAMDISK_MAGISK "/debug_ramdisk/magisk"
enum magisk_variants variant = Official;
/* INFO: Longest path */
static char path_to_magisk[sizeof(DEBUG_RAMDISK_MAGISK)] = { 0 };
bool is_using_sulist = false;
void magisk_get_existence(struct root_impl_state *state) {
const char *magisk_files[] = {
SBIN_MAGISK,
BITLESS_SBIN_MAGISK,
DEBUG_RAMDISK_MAGISK,
BITLESS_DEBUG_RAMDISK_MAGISK
};
for (size_t i = 0; i < sizeof(magisk_files) / sizeof(magisk_files[0]); i++) {
if (access(magisk_files[i], F_OK) != 0) {
if (errno != ENOENT) {
LOGE("Failed to access Magisk binary: %s\n", strerror(errno));
}
errno = 0;
continue;
}
strcpy(path_to_magisk, magisk_files[i]);
break;
}
if (path_to_magisk[0] == '\0') {
state->state = Inexistent;
return;
}
char *argv[4] = { "magisk", "-v", NULL, NULL };
char magisk_info[128];
if (!exec_command(magisk_info, sizeof(magisk_info), (const char *)path_to_magisk, argv)) {
LOGE("Failed to execute magisk binary: %s\n", strerror(errno));
errno = 0;
state->state = Abnormal;
return;
}
state->variant = (uint8_t)Official;
for (unsigned long i = 0; i < sizeof(supported_variants) / sizeof(supported_variants[0]); i++) {
if (strstr(magisk_info, supported_variants[i])) {
variant = (enum magisk_variants)(i + 1);
state->variant = (uint8_t)variant;
break;
}
}
argv[1] = "-V";
char magisk_version[32];
if (!exec_command(magisk_version, sizeof(magisk_version), (const char *)path_to_magisk, argv)) {
LOGE("Failed to execute magisk binary: %s\n", strerror(errno));
errno = 0;
state->state = Abnormal;
return;
}
/* INFO: Magisk Kitsune has a feature called SuList, which is a whitelist of
which processes are allowed to see root. Although only Kitsune has
this option, there are Kitsune forks without "-kitsune" suffix, so
to avoid excluding them from taking advantage of that feature, we
will not check the variant.
*/
argv[1] = "--sqlite";
argv[2] = "select value from settings where key = 'sulist' limit 1";
char sulist_enabled[32];
if (!exec_command(sulist_enabled, sizeof(sulist_enabled), (const char *)path_to_magisk, argv)) {
LOGE("Failed to execute magisk binary: %s\n", strerror(errno));
errno = 0;
state->state = Abnormal;
return;
}
is_using_sulist = strcmp(sulist_enabled, "value=1") == 0;
if (atoi(magisk_version) >= MIN_MAGISK_VERSION) state->state = Supported;
else state->state = TooOld;
}
bool magisk_uid_granted_root(uid_t uid) {
char sqlite_cmd[256];
snprintf(sqlite_cmd, sizeof(sqlite_cmd), "select 1 from policies where uid=%d and policy=2 limit 1", uid);
char *const argv[] = { "magisk", "--sqlite", sqlite_cmd, NULL };
char result[32];
if (!exec_command(result, sizeof(result), (const char *)path_to_magisk, argv)) {
LOGE("Failed to execute magisk binary: %s\n", strerror(errno));
errno = 0;
return false;
}
return result[0] != '\0';
}
bool magisk_uid_should_umount(uid_t uid) {
char uid_str[16];
snprintf(uid_str, sizeof(uid_str), "%d", uid);
char *const argv_pm[] = { "pm", "list", "packages", "--uid", uid_str, NULL };
char result[256];
if (!exec_command(result, sizeof(result), "/system/bin/pm", argv_pm)) {
LOGE("Failed to execute pm binary: %s\n", strerror(errno));
errno = 0;
/* INFO: It's better if we do NOT umount than the opposite */
return false;
}
if (result[0] == '\0') {
LOGE("Failed to get package name from UID %d\n", uid);
return false;
}
char *package_name = strtok(result + strlen("package:"), " ");
char sqlite_cmd[256];
if (is_using_sulist)
snprintf(sqlite_cmd, sizeof(sqlite_cmd), "select 1 from sulist where package_name=\"%s\" limit 1", package_name);
else
snprintf(sqlite_cmd, sizeof(sqlite_cmd), "select 1 from denylist where package_name=\"%s\" limit 1", package_name);
char *const argv[] = { "magisk", "--sqlite", sqlite_cmd, NULL };
if (!exec_command(result, sizeof(result), (const char *)path_to_magisk, argv)) {
LOGE("Failed to execute magisk binary: %s\n", strerror(errno));
errno = 0;
return false;
}
if (is_using_sulist) return result[0] == '\0';
else return result[0] != '\0';
}
bool magisk_uid_is_manager(uid_t uid) {
char *const argv[] = { "magisk", "--sqlite", "select value from strings where key=\"requester\" limit 1", NULL };
char output[128];
if (!exec_command(output, sizeof(output), (const char *)path_to_magisk, argv)) {
LOGE("Failed to execute magisk binary: %s\n", strerror(errno));
errno = 0;
return false;
}
char stat_path[PATH_MAX];
if (output[0] == '\0')
snprintf(stat_path, sizeof(stat_path), "/data/user_de/0/%s", magisk_managers[(int)variant]);
else
snprintf(stat_path, sizeof(stat_path), "/data/user_de/0/%s", output + strlen("value="));
struct stat s;
if (stat(stat_path, &s) == -1) {
LOGE("Failed to stat %s: %s\n", stat_path, strerror(errno));
errno = 0;
return false;
}
return s.st_uid == uid;
}

19
zygiskd/src/root_impl/magisk.h Normal file
View File

@@ -0,0 +1,19 @@
#ifndef MAGISK_H
#define MAGISK_H
#include "../constants.h"
enum magisk_variants {
Official,
Kitsune
};
void magisk_get_existence(struct root_impl_state *state);
bool magisk_uid_granted_root(uid_t uid);
bool magisk_uid_should_umount(uid_t uid);
bool magisk_uid_is_manager(uid_t uid);
#endif

124
zygiskd/src/root_impl/magisk.rs
View File

@@ -1,124 +0,0 @@
use std::fs;
use std::os::android::fs::MetadataExt;
use crate::constants::MIN_MAGISK_VERSION;
use std::process::{Command, Stdio};
use log::info;
use crate::utils::LateInit;
const MAGISK_OFFICIAL: &str = "com.topjohnwu.magisk";
const MAGISK_THIRD_PARTIES: &[(&str, &str)] = &[
("alpha", "io.github.vvb2060.magisk"),
("kitsune", "io.github.huskydg.magisk"),
];
pub enum Version {
Supported,
TooOld,
}
static VARIANT: LateInit<&str> = LateInit::new();
pub fn get_magisk() -> Option<Version> {
if !VARIANT.initiated() {
Command::new("magisk")
.arg("-v")
.stdout(Stdio::piped())
.spawn()
.ok()
.and_then(|child| child.wait_with_output().ok())
.and_then(|output| String::from_utf8(output.stdout).ok())
.map(|version| {
let third_party = MAGISK_THIRD_PARTIES.iter().find_map(|v| {
version.contains(v.0).then_some(v.1)
});
VARIANT.init(third_party.unwrap_or(MAGISK_OFFICIAL));
info!("Magisk variant: {}", *VARIANT);
});
}
Command::new("magisk")
.arg("-V")
.stdout(Stdio::piped())
.spawn()
.ok()
.and_then(|child| child.wait_with_output().ok())
.and_then(|output| String::from_utf8(output.stdout).ok())
.and_then(|output| output.trim().parse::<i32>().ok())
.map(|version| {
if version >= MIN_MAGISK_VERSION {
Version::Supported
} else {
Version::TooOld
}
})
}
pub fn uid_granted_root(uid: i32) -> bool {
Command::new("magisk")
.arg("--sqlite")
.arg(format!(
"select 1 from policies where uid={uid} and policy=2 limit 1"
))
.stdout(Stdio::piped())
.spawn()
.ok()
.and_then(|child| child.wait_with_output().ok())
.and_then(|output| String::from_utf8(output.stdout).ok())
.map(|output| output.is_empty())
== Some(false)
}
pub fn uid_should_umount(uid: i32) -> bool {
let output = Command::new("pm")
.args(["list", "packages", "--uid", &uid.to_string()])
.stdout(Stdio::piped())
.spawn()
.ok()
.and_then(|child| child.wait_with_output().ok())
.and_then(|output| String::from_utf8(output.stdout).ok());
let line = match output {
Some(line) => line,
None => return false,
};
let pkg = line
.strip_prefix("package:")
.and_then(|line| line.split(' ').next());
let pkg = match pkg {
Some(pkg) => pkg,
None => return false,
};
Command::new("magisk")
.arg("--sqlite")
.arg(format!(
"select 1 from denylist where package_name=\"{pkg}\" limit 1"
))
.stdout(Stdio::piped())
.spawn()
.ok()
.and_then(|child| child.wait_with_output().ok())
.and_then(|output| String::from_utf8(output.stdout).ok())
.map(|output| output.is_empty())
== Some(false)
}
// TODO: signature
pub fn uid_is_manager(uid: i32) -> bool {
let output = Command::new("magisk")
.arg("--sqlite")
.arg(format!("select value from strings where key=\"requester\" limit 1"))
.stdout(Stdio::piped())
.spawn()
.ok()
.and_then(|child| child.wait_with_output().ok())
.and_then(|output| String::from_utf8(output.stdout).ok())
.map(|output| output.trim().to_string());
if let Some(output) = output {
if let Some(manager) = output.strip_prefix("value=") {
return fs::metadata(format!("/data/user_de/0/{}", manager))
.map(|s| s.st_uid() == uid as u32)
.unwrap_or(false);
}
}
fs::metadata(format!("/data/user_de/0/{}", *VARIANT))
.map(|s| s.st_uid() == uid as u32)
.unwrap_or(false)
}

Some files were not shown because too many files have changed in this diff Show More