dlclose on servers processes too

module/jni/main.cpp

@@ -41,22 +41,20 @@ public:
         bool isOnDenylist = (flags & zygisk::StateFlag::PROCESS_ON_DENYLIST) != 0;
         if (isRoot || !isOnDenylist || shouldSkipUid(args->uid))
         {
+            LOGD("Skipping pid=%d uid=%d", getpid(), args->uid);
             return;
         }
 
         LOGD("Unmounting in preAppSpecialize for pid=%d uid=%d", getpid(), args->uid);
 
         /*
-         * preAppSpecialize is before ensureInAppMountNamespace.
+         * Create only one namespace per zygote, child Zygotes will inherit it
-         * postAppSpecialize is after seccomp setup.
+         * But then again, why won't they also inherit the unmounts of the parent?
-         * So we unshare here to create a pseudo app mount namespace
+         * Either way, unshare in child Zygote will crash at the open FD sanity check.
          */
-        if (unshare(CLONE_NEWNS) == -1)
+        if (!*args->is_child_zygote)
         {
-            LOGE("unshare(CLONE_NEWNS) returned -1: %d (%s)", errno, strerror(errno));
+            LOGD("Creating new mount namespace for parent pid=%d uid=%d", getpid(), args->uid);
-            // Don't unmount anything in global namespace
-            return;
-        }
 
         /*
          * Mount the pseudo app mount namespace's root as MS_SLAVE, so every mount/umount from
@@ -70,6 +68,11 @@ public:
         do_unmount();
     }
 
+    void preServerSpecialize(ServerSpecializeArgs *args) override
+    {
+        api->setOption(zygisk::Option::DLCLOSE_MODULE_LIBRARY);
+    }
+
 private:
     Api *api;
     JNIEnv *env;