Randomize tmp path

loader/src/common/daemon.cpp

@@ -7,6 +7,10 @@
 #include "socket_utils.h"
 
 namespace zygiskd {
+    static std::string zygisk_path;
+    void Init(const char *path) {
+        zygisk_path = path;
+    }
 
     int Connect(uint8_t retry) {
         int fd = socket(PF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0);
@@ -14,13 +18,14 @@ namespace zygiskd {
                 .sun_family = AF_UNIX,
                 .sun_path={0},
         };
-        strcpy(addr.sun_path, kCPSocketPath);
+        auto socket_path = zygisk_path + kCPSocketName;
+        strcpy(addr.sun_path, socket_path.c_str());
         socklen_t socklen = sizeof(addr);
 
         while (retry--) {
             int r = connect(fd, reinterpret_cast<struct sockaddr*>(&addr), socklen);
             if (r == 0) return fd;
-            LOGW("Retrying to connect to zygiskd, sleep 1s");
+            PLOGE("Retrying to connect to zygiskd, sleep 1s");
             sleep(1);
         }
 

loader/src/include/daemon.h

@@ -11,7 +11,7 @@
 # define LP_SELECT(lp32, lp64) lp32
 #endif
 
-constexpr auto kCPSocketPath = "/dev/zygisk/" LP_SELECT("cp32", "cp64") ".sock";
+constexpr auto kCPSocketName = "/" LP_SELECT("cp32", "cp64") ".sock";
 
 class UniqueFd {
     using Fd = int;
@@ -61,6 +61,8 @@ namespace zygiskd {
         ZygoteRestart,
     };
 
+    void Init(const char *path);
+
     bool PingHeartbeat();
 
     int RequestLogcatFd();

loader/src/injector/entry.cpp

@@ -8,10 +8,11 @@ using namespace std;
 void *self_handle = nullptr;
 
 extern "C" [[gnu::visibility("default")]]
-void entry(void* handle) {
-    LOGI("Zygisk library injected");
+void entry(void* handle, const char* path) {
+    LOGI("Zygisk library injected, magic %s", path);
     self_handle = handle;
 
+    zygiskd::Init(path);
     if (!zygiskd::PingHeartbeat()) {
         LOGE("Zygisk daemon is not running");
         return;

loader/src/ptracer/ptracer.cpp

@@ -16,7 +16,8 @@
 #include <string>
 #include "utils.hpp"
 
-bool inject_on_main(int pid, const char *lib_path) {
+bool inject_on_main(int pid, const char *lib_path, const char* magic_path) {
+    LOGI("injecting %s to zygote %d", lib_path, pid);
     // parsing KernelArgumentBlock
     // https://cs.android.com/android/platform/superproject/main/+/main:bionic/libc/private/KernelArgumentBlock.h;l=30;drc=6d1ee77ee32220e4202c3066f7e1f69572967ad8
     struct user_regs_struct regs{}, backup{};
@@ -141,9 +142,11 @@ bool inject_on_main(int pid, const char *lib_path) {
             return false;
         }
 
-        // call injector entry(handle)
+        // call injector entry(handle, magic)
         args.clear();
         args.push_back(remote_handle);
+        str = push_string(pid, regs, magic_path);
+        args.push_back((long) str);
         remote_call(pid, regs, injector_entry, (uintptr_t) libc_return_addr, args);
 
         // reset pc to entry
@@ -177,7 +180,9 @@ bool trace_zygote(int pid) {
     }
     WAIT_OR_DIE
     if (STOPPED_WITH(SIGSTOP, PTRACE_EVENT_STOP)) {
-        if (!inject_on_main(pid, "/dev/zygisk/lib" LP_SELECT("", "64") "/libzygisk.so")) {
+        std::string magic_path = getenv("MAGIC_PATH");
+        std::string lib_path = magic_path + "/lib" LP_SELECT("", "64") "/libzygisk.so";
+        if (!inject_on_main(pid, lib_path.c_str(), magic_path.c_str())) {
             LOGE("failed to inject");
             return false;
         }

module/src/customize.sh

@@ -150,6 +150,10 @@ set_perm_recursive "$MODPATH/bin" 0 0 0755 0755
 set_perm_recursive "$MODPATH/lib" 0 0 0755 0644 u:object_r:system_lib_file:s0
 set_perm_recursive "$MODPATH/lib64" 0 0 0755 0644 u:object_r:system_lib_file:s0
 
+ui_print "- Generating magic"
+MAGIC=$(tr -dc 'a-f0-9' </dev/urandom | head -c 18)
+echo -n "$MAGIC" > "$MODPATH/magic"
+
 # If Huawei's Maple is enabled, system_server is created with a special way which is out of Zygisk's control
 HUAWEI_MAPLE_ENABLED=$(grep_prop ro.maple.enable)
 if [ "$HUAWEI_MAPLE_ENABLED" == "1" ]; then

module/src/post-fs-data.sh

@@ -7,6 +7,9 @@ fi
 
 cd "$MODDIR"
 
+MAGIC_PATH=/dev/zygisk_$(cat ./magic)
+export MAGIC_PATH
+
 if [ "$(which magisk)" ]; then
   for file in ../*; do
     if [ -d "$file" ] && [ -d "$file/zygisk" ] && ! [ -f "$file/disable" ]; then
@@ -26,18 +29,18 @@ create_sys_perm() {
   chcon u:object_r:system_file:s0 $1
 }
 
-create_sys_perm /dev/zygisk
+create_sys_perm $MAGIC_PATH
 
 if [ -f $MODDIR/lib64/libzygisk.so ];then
-  create_sys_perm /dev/zygisk/lib64
-  cp $MODDIR/lib64/libzygisk.so /dev/zygisk/lib64/libzygisk.so
-  chcon u:object_r:system_file:s0 /dev/zygisk/lib64/libzygisk.so
+  create_sys_perm $MAGIC_PATH/lib64
+  cp $MODDIR/lib64/libzygisk.so $MAGIC_PATH/lib64/libzygisk.so
+  chcon u:object_r:system_file:s0 $MAGIC_PATH/lib64/libzygisk.so
 fi
 
 if [ -f $MODDIR/lib/libzygisk.so ];then
-  create_sys_perm /dev/zygisk/lib
-  cp $MODDIR/lib/libzygisk.so /dev/zygisk/lib/libzygisk.so
-  chcon u:object_r:system_file:s0 /dev/zygisk/lib/libzygisk.so
+  create_sys_perm $MAGIC_PATH/lib
+  cp $MODDIR/lib/libzygisk.so $MAGIC_PATH/lib/libzygisk.so
+  chcon u:object_r:system_file:s0 $MAGIC_PATH/lib/libzygisk.so
 fi
 
 unshare -m sh -c "./bin/zygisk-ptrace64 monitor &"

module/src/service.sh

@@ -7,15 +7,11 @@ if [ "$ZYGISK_ENABLED" ]; then
   exit 0
 fi
 
-# temporary fix for AVD 30
-if [ -f /dev/zygisk/wd ]; then
-  log -p i -t "zygisk-sh" "prevent from instance duplicated"
-  exit
-fi
-touch /dev/zygisk/wd
-
 cd "$MODDIR"
 
+MAGIC_PATH=/dev/zygisk_$(cat ./magic)
+export MAGIC_PATH
+
 if [ "$(which magisk)" ]; then
   for file in ../*; do
     if [ -d "$file" ] && [ -d "$file/zygisk" ] && ! [ -f "$file/disable" ]; then

zygiskd/src/constants.rs

@@ -15,14 +15,8 @@ pub const MAX_LOG_LEVEL: LevelFilter = LevelFilter::Trace;
 #[cfg(not(debug_assertions))]
 pub const MAX_LOG_LEVEL: LevelFilter = LevelFilter::Info;
 
-pub const PROP_CTL_RESTART: &str = "ctl.restart";
-pub const PROP_CTL_SIGSTOP_OFF: &str = "ctl.sigstop_off";
 
-pub const PATH_WORK_DIR: &str = "/dev/zygisk"; // TODO: Replace with /debug_ramdisk/zygisk
-pub const PATH_PROP_OVERLAY: &str = concatcp!(PATH_WORK_DIR, "/module.prop");
-pub const PATH_CP_SOCKET: &str = concatcp!(PATH_WORK_DIR, lp_select!("/cp32.sock", "/cp64.sock"));
-pub const PATH_PT_LOCK32: &str = concatcp!(PATH_WORK_DIR, "/lock32");
-pub const PATH_PT_LOCK64: &str = concatcp!(PATH_WORK_DIR, "/lock64");
+pub const PATH_CP_NAME: &str = lp_select!("/cp32.sock", "/cp64.sock");
 
 pub const PATH_MODULES_DIR: &str = "..";
 pub const PATH_MODULE_PROP: &str = "module.prop";
@@ -31,16 +25,7 @@ pub const PATH_CP_BIN64: &str = "bin/zygisk-cp64";
 pub const PATH_PT_BIN32: &str = "bin/zygisk-ptracer32";
 pub const PATH_PT_BIN64: &str = "bin/zygisk-ptracer64";
 
-
-pub const STATUS_LOADED: &str = "😋 Zygisk Next is loaded";
-pub const STATUS_CRASHED: &str = "❌ Zygisk Next has crashed";
-pub const STATUS_ROOT_IMPL_NONE: &str = "❌ Unknown root implementation";
-pub const STATUS_ROOT_IMPL_TOO_OLD: &str = "❌ Root implementation version too old";
-pub const STATUS_ROOT_IMPL_ABNORMAL: &str = "❌ Abnormal root implementation version";
-pub const STATUS_ROOT_IMPL_MULTIPLE: &str = "❌ Multiple root implementations installed";
-
 pub const MAX_RESTART_COUNT: i32 = 5;
-pub const ZYGOTE_SERVICE_PROP: &str = "init.svc.zygote";
 
 #[derive(Debug, Eq, PartialEq, TryFromPrimitive)]
 #[repr(u8)]

zygiskd/src/zygiskd.rs

@@ -132,8 +132,10 @@ fn create_library_fd(so_path: &PathBuf) -> Result<OwnedFd> {
 
 fn create_daemon_socket() -> Result<UnixListener> {
     utils::set_socket_create_context("u:r:zygote:s0")?;
-    log::debug!("Daemon socket: {}", constants::PATH_CP_SOCKET);
-    let listener = utils::unix_listener_from_path(constants::PATH_CP_SOCKET)?;
+    let magic_path = std::env::var("MAGIC_PATH")?;
+    let socket_path = magic_path + constants::PATH_CP_NAME;
+    log::debug!("Daemon socket: {}", socket_path);
+    let listener = utils::unix_listener_from_path(&socket_path)?;
     Ok(listener)
 }