diff --git a/app/build.gradle.kts b/app/build.gradle.kts
index 7272675a..fe8d70fd 100644
--- a/app/build.gradle.kts
+++ b/app/build.gradle.kts
@@ -151,7 +151,7 @@ dependencies {
implementation("androidx.recyclerview:recyclerview:1.2.1")
implementation("androidx.swiperefreshlayout:swiperefreshlayout:1.2.0-alpha01")
implementation("com.github.bumptech.glide:glide:$glideVersion")
- implementation("com.google.android.material:material:1.7.0")
+ implementation("com.google.android.material:material:1.8.0")
implementation("com.google.code.gson:gson:2.10.1")
implementation(platform("com.squareup.okhttp3:okhttp-bom:4.10.0"))
implementation("com.squareup.okhttp3:okhttp")
diff --git a/app/src/main/java/org/lsposed/manager/ui/fragment/HomeFragment.java b/app/src/main/java/org/lsposed/manager/ui/fragment/HomeFragment.java
index 920248bf..8b1fc5cc 100644
--- a/app/src/main/java/org/lsposed/manager/ui/fragment/HomeFragment.java
+++ b/app/src/main/java/org/lsposed/manager/ui/fragment/HomeFragment.java
@@ -109,15 +109,17 @@ public class HomeFragment extends BaseFragment {
binding.updateCard.setVisibility(View.GONE);
}
boolean dex2oatAbnormal = ConfigManager.getDex2OatWrapperCompatibility() != ILSPManagerService.DEX2OAT_OK && !ConfigManager.dex2oatFlagsLoaded();
- if (!ConfigManager.isSepolicyLoaded() || !ConfigManager.systemServerRequested() || dex2oatAbnormal) {
+ var sepolicyAbnormal = !ConfigManager.isSepolicyLoaded();
+ var systemServerAbnormal = !ConfigManager.systemServerRequested();
+ if (sepolicyAbnormal || systemServerAbnormal || dex2oatAbnormal) {
binding.statusTitle.setText(R.string.partial_activated);
binding.statusIcon.setImageResource(R.drawable.ic_round_warning_24);
binding.warningCard.setVisibility(View.VISIBLE);
- if (!ConfigManager.isSepolicyLoaded()) {
+ if (sepolicyAbnormal) {
binding.warningTitle.setText(R.string.selinux_policy_not_loaded_summary);
binding.warningSummary.setText(HtmlCompat.fromHtml(getString(R.string.selinux_policy_not_loaded), HtmlCompat.FROM_HTML_MODE_LEGACY));
}
- if (!ConfigManager.systemServerRequested()) {
+ if (systemServerAbnormal) {
binding.warningTitle.setText(R.string.system_inject_fail_summary);
binding.warningSummary.setText(HtmlCompat.fromHtml(getString(R.string.system_inject_fail), HtmlCompat.FROM_HTML_MODE_LEGACY));
}
diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml
index c311a883..95404860 100644
--- a/app/src/main/res/values/strings.xml
+++ b/app/src/main/res/values/strings.xml
@@ -50,7 +50,7 @@
Activated
Partially activated
SEPolicy is not loaded properly
- Please report this to Magisk developer.]]>
+ Please report this to Magisk developer.]]>
System Framework injection failed
Magisk or some low-quality Magisk modules.
Please try to disable Magisk modules other than Riru and LSPosed or submit full log to developers.]]>
System prop incorrect
diff --git a/build.gradle.kts b/build.gradle.kts
index 0ff07233..bb583088 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -22,8 +22,8 @@ import com.android.build.api.variant.ApplicationAndroidComponentsExtension
import com.android.build.gradle.BaseExtension
import org.eclipse.jgit.api.Git
import org.eclipse.jgit.storage.file.FileRepositoryBuilder
-import java.nio.file.Paths
import org.gradle.internal.os.OperatingSystem
+import java.nio.file.Paths
plugins {
id("com.android.application") apply false
@@ -122,7 +122,7 @@ fun Project.configureBaseExtension() {
"-DINJECTED_AID=$injectedPackageUid",
)
cppFlags("-std=c++20", *flags)
- cFlags("-std=c18", *flags)
+ cFlags("-std=c2x", *flags)
arguments(
"-DANDROID_STL=none",
)
diff --git a/daemon/src/main/java/org/lsposed/lspd/service/ConfigManager.java b/daemon/src/main/java/org/lsposed/lspd/service/ConfigManager.java
index 0be41025..8268d0b4 100644
--- a/daemon/src/main/java/org/lsposed/lspd/service/ConfigManager.java
+++ b/daemon/src/main/java/org/lsposed/lspd/service/ConfigManager.java
@@ -104,8 +104,6 @@ public class ConfigManager {
private long lastScopeCacheTime = 0;
private long requestScopeCacheTime = 0;
- private boolean sepolicyLoaded = true;
-
private String api = "(???)";
static class ProcessScope {
@@ -184,7 +182,6 @@ public class ConfigManager {
// for system server, cache is not yet ready, we need to query database for it
public boolean shouldSkipSystemServer() {
if (!SELinux.checkSELinuxAccess("u:r:system_server:s0", "u:r:system_server:s0", "process", "execmem")) {
- sepolicyLoaded = false;
Log.e(TAG, "skip injecting into android because sepolicy was not loaded properly");
return true; // skip
}
@@ -1021,10 +1018,6 @@ public class ConfigManager {
ConfigFileManager.deleteFolderIfExists(path);
}
- public boolean isSepolicyLoaded() {
- return sepolicyLoaded;
- }
-
public List getDenyListPackages() {
List result = new ArrayList<>();
if (!getApi().equals("Zygisk")) return result;
diff --git a/daemon/src/main/java/org/lsposed/lspd/service/Dex2OatService.java b/daemon/src/main/java/org/lsposed/lspd/service/Dex2OatService.java
index 208863c1..a4761bac 100644
--- a/daemon/src/main/java/org/lsposed/lspd/service/Dex2OatService.java
+++ b/daemon/src/main/java/org/lsposed/lspd/service/Dex2OatService.java
@@ -26,247 +26,194 @@ import static org.lsposed.lspd.ILSPManagerService.DEX2OAT_SELINUX_PERMISSIVE;
import static org.lsposed.lspd.ILSPManagerService.DEX2OAT_SEPOLICY_INCORRECT;
import android.net.LocalServerSocket;
-import android.net.LocalSocket;
-import android.net.LocalSocketAddress;
import android.os.Build;
import android.os.FileObserver;
import android.os.SELinux;
import android.system.ErrnoException;
import android.system.Os;
import android.system.OsConstants;
-import android.text.TextUtils;
import android.util.Log;
import androidx.annotation.Nullable;
import androidx.annotation.RequiresApi;
+import java.io.File;
import java.io.FileDescriptor;
import java.io.IOException;
-import java.io.InterruptedIOException;
import java.nio.file.Files;
import java.nio.file.Paths;
-import java.util.Arrays;
-import java.util.Locale;
-import java.util.Objects;
-
-public class Dex2OatService {
+import java.util.ArrayList;
+@RequiresApi(Build.VERSION_CODES.Q)
+public class Dex2OatService implements Runnable {
public static final String PROP_NAME = "dalvik.vm.dex2oat-flags";
public static final String PROP_VALUE = "--inline-max-code-units=0";
private static final String TAG = "LSPosedDex2Oat";
+ private static final String WRAPPER32 = "bin/dex2oat32";
+ private static final String WRAPPER64 = "bin/dex2oat64";
- private String devTmpDir, magiskPath, fakeBin32, fakeBin64;
- private String[] dex2oatBinaries;
- private FileDescriptor[] stockFds;
- private LocalSocket serverSocket = null;
- private LocalServerSocket server = null;
+ private final String[] dex2oatArray = new String[4];
+ private final FileDescriptor[] fdArray = new FileDescriptor[4];
+ private final FileObserver selinuxObserver;
private int compatibility = DEX2OAT_OK;
- private final FileObserver selinuxObserver = new FileObserver("/sys/fs/selinux/enforce", FileObserver.MODIFY) {
- @Override
- public void onEvent(int i, @Nullable String s) {
- Log.d(TAG, "SELinux status changed");
- synchronized (this) {
- if (compatibility == DEX2OAT_CRASHED) stopWatching();
+ private void openDex2oat(int id, String path) {
+ try {
+ var fd = Os.open(path, OsConstants.O_RDONLY, 0);
+ dex2oatArray[id] = path;
+ fdArray[id] = fd;
+ } catch (ErrnoException ignored) {
+ }
+ }
+
+ public Dex2OatService() {
+ if (Build.VERSION.SDK_INT == Build.VERSION_CODES.Q) {
+ openDex2oat(0, "/apex/com.android.runtime/bin/dex2oat");
+ openDex2oat(1, "/apex/com.android.runtime/bin/dex2oatd");
+ } else {
+ openDex2oat(0, "/apex/com.android.art/bin/dex2oat32");
+ openDex2oat(1, "/apex/com.android.art/bin/dex2oatd32");
+ openDex2oat(2, "/apex/com.android.art/bin/dex2oat64");
+ openDex2oat(3, "/apex/com.android.art/bin/dex2oatd64");
+ }
+
+ var enforce = Paths.get("/sys/fs/selinux/enforce");
+ var policy = Paths.get("/sys/fs/selinux/policy");
+ var list = new ArrayList();
+ list.add(enforce.toFile());
+ list.add(policy.toFile());
+ selinuxObserver = new FileObserver(list, FileObserver.CLOSE_WRITE) {
+ @Override
+ public synchronized void onEvent(int i, @Nullable String s) {
+ Log.d(TAG, "SELinux status changed");
+ if (compatibility == DEX2OAT_CRASHED) {
+ stopWatching();
+ return;
+ }
+
boolean enforcing = false;
- try (var is = Files.newInputStream(Paths.get("/sys/fs/selinux/enforce"))) {
+ try (var is = Files.newInputStream(enforce)) {
enforcing = is.read() == '1';
} catch (IOException ignored) {
}
+
if (!enforcing) {
- if (compatibility == DEX2OAT_OK) setEnabled(false);
+ if (compatibility == DEX2OAT_OK) doMount(false);
compatibility = DEX2OAT_SELINUX_PERMISSIVE;
- } else if (SELinux.checkSELinuxAccess("u:r:untrusted_app:s0", "u:object_r:dex2oat_exec:s0", "file", "execute")
- || SELinux.checkSELinuxAccess("u:r:untrusted_app:s0", "u:object_r:dex2oat_exec:s0", "file", "execute_no_trans")) {
- if (compatibility == DEX2OAT_OK) setEnabled(false);
+ } else if (SELinux.checkSELinuxAccess("u:r:untrusted_app:s0",
+ "u:object_r:dex2oat_exec:s0", "file", "execute")
+ || SELinux.checkSELinuxAccess("u:r:untrusted_app:s0",
+ "u:object_r:dex2oat_exec:s0", "file", "execute_no_trans")) {
+ if (compatibility == DEX2OAT_OK) doMount(false);
compatibility = DEX2OAT_SEPOLICY_INCORRECT;
- } else {
- if (compatibility != DEX2OAT_OK) {
- setEnabled(true);
- if (checkMount()) compatibility = DEX2OAT_OK;
- else {
- setEnabled(false);
- compatibility = DEX2OAT_MOUNT_FAILED;
- stopWatching();
- }
+ } else if (compatibility != DEX2OAT_OK) {
+ doMount(true);
+ if (notMounted()) {
+ doMount(false);
+ compatibility = DEX2OAT_MOUNT_FAILED;
+ stopWatching();
+ } else {
+ compatibility = DEX2OAT_OK;
}
}
}
- }
- @Override
- public void stopWatching() {
- super.stopWatching();
- Log.w(TAG, "SELinux observer stopped");
- }
- };
+ @Override
+ public void stopWatching() {
+ super.stopWatching();
+ Log.w(TAG, "SELinux observer stopped");
+ }
+ };
+ }
- @RequiresApi(Build.VERSION_CODES.Q)
- public Dex2OatService() {
- initNative();
- try {
- Files.walk(Paths.get(magiskPath).resolve("dex2oat")).forEach(path -> SELinux.setFileContext(path.toString(), "u:object_r:magisk_file:s0"));
- } catch (IOException e) {
- Log.e(TAG, "Error setting sepolicy", e);
- }
- if (Arrays.stream(dex2oatBinaries).noneMatch(Objects::nonNull)) {
- Log.e(TAG, "Failed to find dex2oat binaries");
- compatibility = DEX2OAT_MOUNT_FAILED;
- return;
+ private boolean notMounted() {
+ for (int i = 0; i < dex2oatArray.length; i++) {
+ var bin = dex2oatArray[i];
+ if (bin == null) continue;
+ try {
+ var apex = Os.stat("/proc/1/root" + bin);
+ var wrapper = Os.stat(i < 2 ? WRAPPER32 : WRAPPER64);
+ if (apex.st_dev != wrapper.st_dev || apex.st_ino != wrapper.st_ino) {
+ Log.w(TAG, "Check mount failed for " + bin);
+ return true;
+ }
+ } catch (ErrnoException e) {
+ Log.e(TAG, "Check mount failed for " + bin, e);
+ return true;
+ }
}
+ Log.d(TAG, "Check mount succeeded");
+ return false;
+ }
- if (!checkMount()) { // Already mounted when restart daemon
- setEnabled(true);
- if (!checkMount()) {
- setEnabled(false);
+ private void doMount(boolean enabled) {
+ doMountNative(enabled, dex2oatArray[0], dex2oatArray[1], dex2oatArray[2], dex2oatArray[3]);
+ }
+
+ public void start() {
+ if (notMounted()) { // Already mounted when restart daemon
+ doMount(true);
+ if (notMounted()) {
+ doMount(false);
compatibility = DEX2OAT_MOUNT_FAILED;
return;
}
}
- Thread daemonThread = new Thread(() -> {
- var devPath = Paths.get(devTmpDir);
- var sockPath = devPath.resolve("dex2oat.sock");
- try {
- Log.i(TAG, "Dex2oat wrapper daemon start");
- if (setSocketCreateContext("u:r:dex2oat:s0")) {
- Log.d(TAG, "Set socket context to u:r:dex2oat:s0");
- } else {
- throw new IOException("Failed to set socket context");
- }
- Files.createDirectories(devPath);
- Log.d(TAG, "Dev path: " + devPath);
-
- serverSocket = new LocalSocket(LocalSocket.SOCKET_STREAM);
- serverSocket.bind(new LocalSocketAddress(sockPath.toString(), LocalSocketAddress.Namespace.FILESYSTEM));
- server = new LocalServerSocket(serverSocket.getFileDescriptor());
- SELinux.setFileContext(sockPath.toString(), "u:object_r:magisk_file:s0");
- stockFds = new FileDescriptor[dex2oatBinaries.length];
- for (int i = 0; i < dex2oatBinaries.length; i++) {
- if (dex2oatBinaries[i] != null) {
- stockFds[i] = Os.open(dex2oatBinaries[i], OsConstants.O_RDONLY, 0);
- }
- }
-
- while (true) {
- var client = server.accept();
- try (var is = client.getInputStream();
- var os = client.getOutputStream()) {
- var id = is.read();
- client.setFileDescriptorsForSend(new FileDescriptor[]{stockFds[id]});
- os.write(1);
- Log.d(TAG, String.format("Sent stock fd: is64 = %b, isDebug = %b", (id & 0b10) != 0, (id & 0b01) != 0));
- }
- }
- } catch (Throwable e) {
- Log.e(TAG, "Dex2oat wrapper daemon crashed", e);
- try {
- server.close();
- Files.delete(sockPath);
- } catch (IOException ignored) {
- }
- try {
- for (var fd : stockFds) {
- if (fd != null && fd.valid()) Os.close(fd);
- }
- } catch (ErrnoException ignored) {
- }
- synchronized (this) {
- selinuxObserver.stopWatching();
- if (compatibility == DEX2OAT_OK) {
- setEnabled(false);
- compatibility = DEX2OAT_CRASHED;
- }
- }
- }
- });
-
- daemonThread.start();
+ var thread = new Thread(this);
+ thread.setName("dex2oat");
+ thread.start();
selinuxObserver.startWatching();
}
- @RequiresApi(Build.VERSION_CODES.Q)
+ @Override
+ public void run() {
+ Log.i(TAG, "Dex2oat wrapper daemon start");
+ var sockPath = getSockPath();
+ Log.d(TAG, "wrapper path: " + sockPath);
+ var magisk_file = "u:object_r:magisk_file:s0";
+ var dex2oat_exec = "u:object_r:dex2oat_exec:s0";
+ if (SELinux.checkSELinuxAccess("u:r:dex2oat:s0", dex2oat_exec,
+ "file", "execute_no_trans")) {
+ SELinux.setFileContext(WRAPPER32, dex2oat_exec);
+ SELinux.setFileContext(WRAPPER64, dex2oat_exec);
+ setSockCreateContext("u:r:dex2oat:s0");
+ } else {
+ SELinux.setFileContext(WRAPPER32, magisk_file);
+ SELinux.setFileContext(WRAPPER64, magisk_file);
+ setSockCreateContext("u:r:installd:s0");
+ }
+ try (var server = new LocalServerSocket(sockPath)) {
+ setSockCreateContext(null);
+ while (true) {
+ try (var client = server.accept();
+ var is = client.getInputStream();
+ var os = client.getOutputStream()) {
+ var id = is.read();
+ var fd = new FileDescriptor[]{fdArray[id]};
+ client.setFileDescriptorsForSend(fd);
+ os.write(1);
+ Log.d(TAG, "Sent stock fd: is64 = " + ((id & 0b10) != 0) +
+ ", isDebug = " + ((id & 0b01) != 0));
+ }
+ }
+ } catch (IOException e) {
+ Log.e(TAG, "Dex2oat wrapper daemon crashed", e);
+ if (compatibility == DEX2OAT_OK) {
+ doMount(false);
+ compatibility = DEX2OAT_CRASHED;
+ }
+ }
+ }
+
public int getCompatibility() {
return compatibility;
}
- private native void initNative();
+ private native void doMountNative(boolean enabled,
+ String r32, String d32, String r64, String d64);
- private native void setEnabled(boolean enabled);
+ private static native boolean setSockCreateContext(String context);
- private boolean checkMount() {
- for (int i = 0; i < dex2oatBinaries.length; i++) {
- var bin = dex2oatBinaries[i];
- if (bin == null) continue;
- try {
- var apex = Os.stat("/proc/1/root" + bin);
- var fake = Os.stat(i < 2 ? fakeBin32 : fakeBin64);
- if (apex.st_ino != fake.st_ino) {
- Log.w(TAG, "Check mount failed for " + bin);
- return false;
- }
- } catch (ErrnoException e) {
- Log.e(TAG, "Check mount failed for " + bin, e);
- return false;
- }
- }
- Log.d(TAG, "Check mount succeeded");
- return true;
- }
-
- private boolean setSocketCreateContext(String context) {
- FileDescriptor fd = null;
- try {
- fd = Os.open("/proc/thread-self/attr/sockcreate", OsConstants.O_RDWR, 0);
- } catch (ErrnoException e) {
- if (e.errno == OsConstants.ENOENT) {
- int tid = Os.gettid();
- try {
- fd = Os.open(String.format(Locale.ENGLISH, "/proc/self/task/%d/attr/sockcreate", tid), OsConstants.O_RDWR, 0);
- } catch (ErrnoException ignored) {
- }
- }
- }
-
- if (fd == null) {
- return false;
- }
-
- byte[] bytes;
- int length;
- int remaining;
- if (!TextUtils.isEmpty(context)) {
- byte[] stringBytes = context.getBytes();
- bytes = new byte[stringBytes.length + 1];
- System.arraycopy(stringBytes, 0, bytes, 0, stringBytes.length);
- bytes[stringBytes.length] = '\0';
-
- length = bytes.length;
- remaining = bytes.length;
- } else {
- bytes = null;
- length = 0;
- remaining = 0;
- }
-
- do {
- try {
- remaining -= Os.write(fd, bytes, length - remaining, remaining);
- if (remaining <= 0) {
- break;
- }
- } catch (ErrnoException e) {
- break;
- } catch (InterruptedIOException e) {
- remaining -= e.bytesTransferred;
- }
- } while (true);
-
- try {
- Os.close(fd);
- } catch (ErrnoException e) {
- Log.w(TAG, Log.getStackTraceString(e));
- }
- return true;
- }
+ private native String getSockPath();
}
diff --git a/daemon/src/main/java/org/lsposed/lspd/service/LSPManagerService.java b/daemon/src/main/java/org/lsposed/lspd/service/LSPManagerService.java
index d09b600e..8b32cf52 100644
--- a/daemon/src/main/java/org/lsposed/lspd/service/LSPManagerService.java
+++ b/daemon/src/main/java/org/lsposed/lspd/service/LSPManagerService.java
@@ -469,7 +469,8 @@ public class LSPManagerService extends ILSPManagerService.Stub {
@Override
public boolean isSepolicyLoaded() {
- return ConfigManager.getInstance().isSepolicyLoaded();
+ return SELinux.checkSELinuxAccess("u:r:dex2oat:s0", "u:object_r:dex2oat_exec:s0",
+ "file", "execute_no_trans");
}
@Override
diff --git a/daemon/src/main/java/org/lsposed/lspd/service/ServiceManager.java b/daemon/src/main/java/org/lsposed/lspd/service/ServiceManager.java
index 8d118172..580be54b 100644
--- a/daemon/src/main/java/org/lsposed/lspd/service/ServiceManager.java
+++ b/daemon/src/main/java/org/lsposed/lspd/service/ServiceManager.java
@@ -117,6 +117,7 @@ public class ServiceManager {
systemServerService = new LSPSystemServerService(systemServerMaxRetry);
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) {
dex2OatService = new Dex2OatService();
+ dex2OatService.start();
}
systemServerService.putBinderForSystemServer();
diff --git a/daemon/src/main/jni/dex2oat.cpp b/daemon/src/main/jni/dex2oat.cpp
index 6e2c1984..202c99ff 100644
--- a/daemon/src/main/jni/dex2oat.cpp
+++ b/daemon/src/main/jni/dex2oat.cpp
@@ -14,131 +14,105 @@
* You should have received a copy of the GNU General Public License
* along with LSPosed. If not, see .
*
- * Copyright (C) 2022 LSPosed Contributors
+ * Copyright (C) 2023 LSPosed Contributors
*/
-//
-// Created by Nullptr on 2022/4/2.
-//
-
-#include
#include
#include
-#include
#include
-#include
-#include
#include
-#include
-#include
-#include
#include
#include
#include "logging.h"
-#include "utils.h"
-
-using namespace std::string_literals;
-
-const char *kDex2oat32Path, *kDex2oatDebug32Path;
-const char *kDex2oat64Path, *kDex2oatDebug64Path;
-
-char kFakeBin32[PATH_MAX], kFakeBin64[PATH_MAX];
-char kTmpDir[] = "placeholder_/dev/0123456789abcdef\0";
extern "C"
JNIEXPORT void JNICALL
-Java_org_lsposed_lspd_service_Dex2OatService_initNative(JNIEnv *env, jobject thiz) {
- char magisk_path[PATH_MAX], cwd[PATH_MAX], *module_name;
- FILE *fp = popen("magisk --path", "r");
- fscanf(fp, "%s", magisk_path);
- fclose(fp);
- getcwd(cwd, PATH_MAX);
- module_name = cwd + std::string_view(cwd).find_last_of('/') + 1;
- sprintf(kFakeBin32, "%s/.magisk/modules/%s/bin/dex2oat32", magisk_path, module_name);
- sprintf(kFakeBin64, "%s/.magisk/modules/%s/bin/dex2oat64", magisk_path, module_name);
+Java_org_lsposed_lspd_service_Dex2OatService_doMountNative(JNIEnv *env, jobject,
+ jboolean enabled,
+ jstring r32, jstring d32,
+ jstring r64, jstring d64) {
+ char dex2oat32[PATH_MAX], dex2oat64[PATH_MAX];
+ realpath("bin/dex2oat32", dex2oat32);
+ realpath("bin/dex2oat64", dex2oat64);
- if (GetAndroidApiLevel() == 29) {
- kDex2oat32Path = "/apex/com.android.runtime/bin/dex2oat";
- kDex2oatDebug32Path = "/apex/com.android.runtime/bin/dex2oatd";
- } else {
- kDex2oat32Path = "/apex/com.android.art/bin/dex2oat32";
- kDex2oatDebug32Path = "/apex/com.android.art/bin/dex2oatd32";
- kDex2oat64Path = "/apex/com.android.art/bin/dex2oat64";
- kDex2oatDebug64Path = "/apex/com.android.art/bin/dex2oatd64";
- }
-
- std::string copy_dir = magisk_path + "/dex2oat"s;
- mkdir(copy_dir.c_str(), 0755);
- auto CopyAndMount = [&](const char *src, const std::string &target) -> bool {
- int stock = open(src, O_RDONLY);
- if (stock == -1) return false;
- struct stat st{};
- fstat(stock, &st);
- int copy = open(target.c_str(), O_WRONLY | O_CREAT, st.st_mode);
- sendfile(copy, stock, nullptr, st.st_size);
- close(stock);
- close(copy);
- mount(target.c_str(), src, nullptr, MS_BIND, nullptr);
- return true;
- };
- bool done[4] = {false};
- done[0] = CopyAndMount(kDex2oat32Path, copy_dir + "/dex2oat32");
- done[1] = CopyAndMount(kDex2oatDebug32Path, copy_dir + "/dex2oatd32");
- if (GetAndroidApiLevel() >= 30) {
- done[2] = CopyAndMount(kDex2oat64Path, copy_dir + "/dex2oat64");
- done[3] = CopyAndMount(kDex2oatDebug64Path, copy_dir + "/dex2oatd64");
- }
-
- auto clazz = env->GetObjectClass(thiz);
- auto dev_path_field = env->GetFieldID(clazz, "devTmpDir", "Ljava/lang/String;");
- auto magisk_path_field = env->GetFieldID(clazz, "magiskPath", "Ljava/lang/String;");
- auto fake_bin32_field = env->GetFieldID(clazz, "fakeBin32", "Ljava/lang/String;");
- auto fake_bin64_field = env->GetFieldID(clazz, "fakeBin64", "Ljava/lang/String;");
- auto binaries_field = env->GetFieldID(clazz, "dex2oatBinaries", "[Ljava/lang/String;");
- env->SetObjectField(thiz, dev_path_field, env->NewStringUTF(kTmpDir + 12));
- env->SetObjectField(thiz, magisk_path_field, env->NewStringUTF(magisk_path));
- env->SetObjectField(thiz, fake_bin32_field, env->NewStringUTF(kFakeBin32));
- env->SetObjectField(thiz, fake_bin64_field, env->NewStringUTF(kFakeBin64));
- auto arr = env->NewObjectArray(4, env->FindClass("java/lang/String"), nullptr);
- if (done[0]) env->SetObjectArrayElement(arr, 0, env->NewStringUTF(kDex2oat32Path));
- if (done[1]) env->SetObjectArrayElement(arr, 1, env->NewStringUTF(kDex2oatDebug32Path));
- if (GetAndroidApiLevel() >= 30) {
- if (done[2]) env->SetObjectArrayElement(arr, 2, env->NewStringUTF(kDex2oat64Path));
- if (done[3]) env->SetObjectArrayElement(arr, 3, env->NewStringUTF(kDex2oatDebug64Path));
- }
- env->SetObjectField(thiz, binaries_field, arr);
-}
-
-extern "C"
-JNIEXPORT void JNICALL
-Java_org_lsposed_lspd_service_Dex2OatService_setEnabled(JNIEnv *env, jobject thiz, jboolean enabled) {
if (pid_t pid = fork(); pid > 0) { // parent
waitpid(pid, nullptr, 0);
} else { // child
int ns = open("/proc/1/ns/mnt", O_RDONLY);
setns(ns, CLONE_NEWNS);
close(ns);
+
+ const char *r32p, *d32p, *r64p, *d64p;
+ if (r32) r32p = env->GetStringUTFChars(r32, nullptr);
+ if (d32) d32p = env->GetStringUTFChars(d32, nullptr);
+ if (r64) r64p = env->GetStringUTFChars(r64, nullptr);
+ if (d64) d64p = env->GetStringUTFChars(d64, nullptr);
+
if (enabled) {
LOGI("Enable dex2oat wrapper");
- mount(kFakeBin32, kDex2oat32Path, nullptr, MS_BIND, nullptr);
- mount(kFakeBin32, kDex2oatDebug32Path, nullptr, MS_BIND, nullptr);
- if (GetAndroidApiLevel() >= 30) {
- mount(kFakeBin64, kDex2oat64Path, nullptr, MS_BIND, nullptr);
- mount(kFakeBin64, kDex2oatDebug64Path, nullptr, MS_BIND, nullptr);
+ if (r32) {
+ mount(dex2oat32, r32p, nullptr, MS_BIND, nullptr);
+ mount(nullptr, r32p, nullptr, MS_BIND | MS_REMOUNT | MS_RDONLY, nullptr);
+ }
+ if (d32) {
+ mount(dex2oat32, d32p, nullptr, MS_BIND, nullptr);
+ mount(nullptr, d32p, nullptr, MS_BIND | MS_REMOUNT | MS_RDONLY, nullptr);
+ }
+ if (r64) {
+ mount(dex2oat64, r64p, nullptr, MS_BIND, nullptr);
+ mount(nullptr, r64p, nullptr, MS_BIND | MS_REMOUNT | MS_RDONLY, nullptr);
+ }
+ if (d64) {
+ mount(dex2oat64, d64p, nullptr, MS_BIND, nullptr);
+ mount(nullptr, d64p, nullptr, MS_BIND | MS_REMOUNT | MS_RDONLY, nullptr);
}
execlp("resetprop", "resetprop", "--delete", "dalvik.vm.dex2oat-flags", nullptr);
} else {
LOGI("Disable dex2oat wrapper");
- umount(kDex2oat32Path);
- umount(kDex2oatDebug32Path);
- if (GetAndroidApiLevel() >= 30) {
- umount(kDex2oat64Path);
- umount(kDex2oatDebug64Path);
- }
- execlp("resetprop", "resetprop", "dalvik.vm.dex2oat-flags", "--inline-max-code-units=0", nullptr);
+ if (r32) umount(r32p);
+ if (d32) umount(d32p);
+ if (r64) umount(r64p);
+ if (d64) umount(d64p);
+ execlp("resetprop", "resetprop", "dalvik.vm.dex2oat-flags", "--inline-max-code-units=0",
+ nullptr);
}
+
PLOGE("Failed to resetprop");
- exit(0);
+ exit(1);
}
}
+
+static int setsockcreatecon_raw(const char *context) {
+ std::string path = "/proc/self/task/" + std::to_string(gettid()) + "/attr/sockcreate";
+ int fd = open(path.c_str(), O_RDWR | O_CLOEXEC);
+ if (fd < 0) return -1;
+ int ret;
+ if (context) {
+ do {
+ ret = write(fd, context, strlen(context) + 1);
+ } while (ret < 0 && errno == EINTR);
+ } else {
+ do {
+ ret = write(fd, nullptr, 0); // clear
+ } while (ret < 0 && errno == EINTR);
+ }
+ close(fd);
+ return ret < 0 ? -1 : 0;
+}
+
+extern "C"
+JNIEXPORT jboolean JNICALL
+Java_org_lsposed_lspd_service_Dex2OatService_setSockCreateContext(JNIEnv *env, jclass,
+ jstring contextStr) {
+ const char *context = env->GetStringUTFChars(contextStr, nullptr);
+ int ret = setsockcreatecon_raw(context);
+ env->ReleaseStringUTFChars(contextStr, context);
+ return ret == 0;
+}
+
+extern "C"
+JNIEXPORT jstring JNICALL
+Java_org_lsposed_lspd_service_Dex2OatService_getSockPath(JNIEnv *env, jobject) {
+ return env->NewStringUTF("5291374ceda0aef7c5d86cd2a4f6a3ac\0");
+}
diff --git a/daemon/src/main/jni/utils.h b/daemon/src/main/jni/utils.h
deleted file mode 100644
index fb0eaf12..00000000
--- a/daemon/src/main/jni/utils.h
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- * This file is part of LSPosed.
- *
- * LSPosed is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * LSPosed is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with LSPosed. If not, see .
- *
- * Copyright (C) 2022 LSPosed Contributors
- */
-
-//
-// Created by Nullptr on 2022/4/20.
-//
-
-#pragma once
-
-inline int32_t GetAndroidApiLevel() {
- static int32_t api_level = []() {
- char prop_value[PROP_VALUE_MAX];
- __system_property_get("ro.build.version.sdk", prop_value);
- int base = atoi(prop_value);
- __system_property_get("ro.build.version.preview_sdk", prop_value);
- return base + atoi(prop_value);
- }();
- return api_level;
-}
diff --git a/dex2oat/src/main/cpp/dex2oat.c b/dex2oat/src/main/cpp/dex2oat.c
index 0a8b6d87..1e120623 100644
--- a/dex2oat/src/main/cpp/dex2oat.c
+++ b/dex2oat/src/main/cpp/dex2oat.c
@@ -38,7 +38,7 @@
#define ID_VEC(is64, is_debug) (((is64) << 1) | (is_debug))
-char kTmpDir[] = "placeholder_/dev/0123456789abcdef";
+const char kSockName[] = "5291374ceda0aef7c5d86cd2a4f6a3ac\0";
static ssize_t xrecvmsg(int sockfd, struct msghdr *msg, int flags) {
int rec = recvmsg(sockfd, msg, flags);
@@ -99,20 +99,21 @@ static void write_int(int fd, int val) {
}
int main(int argc, char **argv) {
- LOGD("dex2oat wrapper");
- struct sockaddr_un sock;
+ LOGD("dex2oat wrapper ppid=%d", getppid());
+ struct sockaddr_un sock = {};
sock.sun_family = AF_UNIX;
- snprintf(sock.sun_path, sizeof(sock.sun_path), "%s/dex2oat.sock", kTmpDir + 12);
+ strlcpy(sock.sun_path + 1, kSockName, sizeof(sock.sun_path) - 1);
int sock_fd = socket(AF_UNIX, SOCK_STREAM, 0);
- if (-1 == connect(sock_fd, (struct sockaddr *) &sock, sizeof(sock))) {
- PLOGE("failed to connect to %s", sock.sun_path);
+ size_t len = sizeof(sa_family_t) + strlen(sock.sun_path + 1) + 1;
+ if (connect(sock_fd, (struct sockaddr *) &sock, len)) {
+ PLOGE("failed to connect to %s", sock.sun_path + 1);
return 1;
}
write_int(sock_fd, ID_VEC(LP_SELECT(0, 1), strstr(argv[0], "dex2oatd") != NULL));
int stock_fd = recv_fd(sock_fd);
read_int(sock_fd);
close(sock_fd);
- LOGD("sock: %s %d", sock.sun_path, stock_fd);
+ LOGD("sock: %s %d", sock.sun_path + 1, stock_fd);
const char *new_argv[argc + 2];
for (int i = 0; i < argc; i++) new_argv[i] = argv[i];
diff --git a/gradle.properties b/gradle.properties
index 0dfa0785..080ba356 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -20,4 +20,4 @@ android.useAndroidX=true
agpVersion=7.4.1
navVersion=2.5.3
-kotlinVersion=1.8.0
+kotlinVersion=1.8.10
diff --git a/magisk-loader/build.gradle.kts b/magisk-loader/build.gradle.kts
index 4a7b0137..f05a7a78 100644
--- a/magisk-loader/build.gradle.kts
+++ b/magisk-loader/build.gradle.kts
@@ -22,7 +22,7 @@ import org.apache.tools.ant.filters.FixCrLfFilter
import org.apache.tools.ant.filters.ReplaceTokens
import java.io.ByteArrayOutputStream
import java.security.MessageDigest
-import java.util.*
+import java.util.Locale
plugins {
id("com.android.application")
@@ -87,7 +87,6 @@ android {
arguments += "-DAPI=${name.toLowerCase()}"
}
}
- buildConfigField("String", "API", """"$name"""")
}
create("Riru") {
@@ -148,7 +147,7 @@ fun afterEval() = android.applicationVariants.forEach { variant ->
into(magiskDir)
from("${rootProject.projectDir}/README.md")
from("$projectDir/magisk_module") {
- exclude("riru.sh", "module.prop", "customize.sh", "sepolicy.rule", "daemon")
+ exclude("riru.sh", "module.prop", "customize.sh", "daemon")
}
from("$projectDir/magisk_module") {
include("module.prop")
@@ -178,7 +177,7 @@ fun afterEval() = android.applicationVariants.forEach { variant ->
}
if (flavorLowered == "riru") {
from("${projectDir}/magisk_module") {
- include("riru.sh", "sepolicy.rule")
+ include("riru.sh")
val tokens = mapOf(
"RIRU_MODULE_LIB_NAME" to "lspd",
"RIRU_MODULE_API_VERSION" to moduleMaxRiruApiVersion.toString(),
@@ -294,7 +293,7 @@ val reRunDaemon = task("reRunDaemon") {
dependsOn(pushDaemon, pushDaemonNative, killLspd)
// tricky to pass a minus number to avoid the injection warning
commandLine(
- adb, "shell", "ASH_STANDALONE=1", "su", "-pc",
+ adb, "shell", "ASH_STANDALONE=1", "su", "-mm", "-pc",
"/data/adb/magisk/busybox sh /data/adb/modules/*_lsposed/service.sh --system-server-max-retry=-1&"
)
isIgnoreExitValue = true
diff --git a/magisk-loader/magisk_module/customize.sh b/magisk-loader/magisk_module/customize.sh
index 733d684c..c920331b 100644
--- a/magisk-loader/magisk_module/customize.sh
+++ b/magisk-loader/magisk_module/customize.sh
@@ -82,6 +82,7 @@ extract "$ZIPFILE" 'module.prop' "$MODPATH"
extract "$ZIPFILE" 'post-fs-data.sh' "$MODPATH"
extract "$ZIPFILE" 'service.sh' "$MODPATH"
extract "$ZIPFILE" 'uninstall.sh' "$MODPATH"
+extract "$ZIPFILE" 'sepolicy.rule' "$MODPATH"
extract "$ZIPFILE" 'framework/lspd.dex' "$MODPATH"
extract "$ZIPFILE" 'daemon.apk' "$MODPATH"
extract "$ZIPFILE" 'daemon' "$MODPATH"
@@ -110,7 +111,6 @@ if [ "$FLAVOR" == "zygisk" ]; then
fi
fi
elif [ "$FLAVOR" == "riru" ]; then
- extract "$ZIPFILE" 'sepolicy.rule' "$MODPATH"
mkdir "$MODPATH/riru"
mkdir "$MODPATH/riru/lib"
mkdir "$MODPATH/riru/lib64"
@@ -172,19 +172,16 @@ if [ "$API" -ge 29 ]; then
fi
ui_print "- Patching binaries"
- DEV_PATH=$(tr -dc 'a-f0-9' < /dev/urandom | head -c 16)
- while [ -d "/dev/$DEV_PATH" ]; do
- DEV_PATH=$(tr -dc 'a-f0-9' < /dev/urandom | head -c 16)
- done
- sed -i "s/placeholder_\/dev\/................/placeholder_\/dev\/$DEV_PATH/g" "$MODPATH/daemon.apk"
- sed -i "s/placeholder_\/dev\/................/placeholder_\/dev\/$DEV_PATH/" "$MODPATH/bin/dex2oat32"
- sed -i "s/placeholder_\/dev\/................/placeholder_\/dev\/$DEV_PATH/" "$MODPATH/bin/dex2oat64"
+ DEV_PATH=$(tr -dc 'a-z0-9' < /dev/urandom | head -c 32)
+ sed -i "s/5291374ceda0aef7c5d86cd2a4f6a3ac/$DEV_PATH/g" "$MODPATH/daemon.apk"
+ sed -i "s/5291374ceda0aef7c5d86cd2a4f6a3ac/$DEV_PATH/" "$MODPATH/bin/dex2oat32"
+ sed -i "s/5291374ceda0aef7c5d86cd2a4f6a3ac/$DEV_PATH/" "$MODPATH/bin/dex2oat64"
else
extract "$ZIPFILE" 'system.prop' "$MODPATH"
fi
set_perm_recursive "$MODPATH" 0 0 0755 0644
-set_perm_recursive "$MODPATH/bin" 0 2000 0755 0755 u:object_r:dex2oat_exec:s0
+set_perm_recursive "$MODPATH/bin" 0 2000 0755 0755 u:object_r:magisk_file:s0
chmod 0744 "$MODPATH/daemon"
if [ "$(grep_prop ro.maple.enable)" == "1" ] && [ "$FLAVOR" == "zygisk" ]; then
diff --git a/magisk-loader/magisk_module/daemon b/magisk-loader/magisk_module/daemon
index 8187d2aa..fa00052b 100644
--- a/magisk-loader/magisk_module/daemon
+++ b/magisk-loader/magisk_module/daemon
@@ -1,7 +1,6 @@
#!/system/bin/sh
dir=${0%/*}
-magiskPath=$(magisk --path)
tmpLspdApk="/data/local/tmp/daemon.apk"
debug=@DEBUG@
flavor=@FLAVOR@
diff --git a/magisk-loader/magisk_module/sepolicy.rule b/magisk-loader/magisk_module/sepolicy.rule
index c7efd94a..e0b8c560 100644
--- a/magisk-loader/magisk_module/sepolicy.rule
+++ b/magisk-loader/magisk_module/sepolicy.rule
@@ -1 +1 @@
-allow system_server system_server process execmem
+allow dex2oat dex2oat_exec file execute_no_trans
diff --git a/magisk-loader/src/main/java/org/lsposed/lspd/service/BridgeService.java b/magisk-loader/src/main/java/org/lsposed/lspd/service/BridgeService.java
index 71fcd4e1..5e292450 100644
--- a/magisk-loader/src/main/java/org/lsposed/lspd/service/BridgeService.java
+++ b/magisk-loader/src/main/java/org/lsposed/lspd/service/BridgeService.java
@@ -85,7 +85,7 @@ public class BridgeService {
try {
IApplicationThread at = ActivityThread.currentActivityThread().getApplicationThread();
Context ctx = ActivityThread.currentActivityThread().getSystemContext();
- service.dispatchSystemServerContext(at.asBinder(), Context_getActivityToken(ctx), BuildConfig.API);
+ service.dispatchSystemServerContext(at.asBinder(), Context_getActivityToken(ctx), BuildConfig.FLAVOR);
} catch (Throwable e) {
Log.e(TAG, "dispatch context: ", e);
}