From 7dd171b2bba135b15f41fce63080ea211df41b1f Mon Sep 17 00:00:00 2001
From: LoveSy <shana@zju.edu.cn>
Date: Wed, 10 Mar 2021 01:11:59 +0800
Subject: [PATCH] [core] Check sepolicy in backend & try livepatch

---
 core/src/main/cpp/main/src/context.cpp        | 16 +-------
 core/src/main/cpp/main/src/context.h          |  6 ---
 .../lsposed/lspd/core/yahfa/HookMain.java     |  1 -
 .../lsposed/lspd/service/ConfigManager.java   | 37 +++++++++++++++++--
 .../lspd/service/LSPManagerService.java       |  5 +++
 core/template_override/customize.sh           |  2 -
 core/template_override/post-fs-data.sh        |  9 -----
 core/template_override/sepolicy.rule          |  1 -
 .../src/main/java/android/os/SELinux.java     |  7 ++++
 .../lsposed/lspd/ILSPManagerService.aidl      |  2 +
 10 files changed, 48 insertions(+), 38 deletions(-)
 create mode 100644 hiddenapi-stubs/src/main/java/android/os/SELinux.java

diff --git a/core/src/main/cpp/main/src/context.cpp b/core/src/main/cpp/main/src/context.cpp
index ee5c74dc..0cf9ff90 100644
--- a/core/src/main/cpp/main/src/context.cpp
+++ b/core/src/main/cpp/main/src/context.cpp
@@ -175,21 +175,7 @@ namespace lspd {
         LoadDex(env);
         Service::instance()->HookBridge(*this, env);
         auto binder = Service::instance()->RequestBinderForSystemServer(env);
-        if (binder) {
-            if (void *buf = mmap(nullptr, 1, PROT_READ | PROT_WRITE | PROT_EXEC,
-                                 MAP_ANONYMOUS | MAP_PRIVATE, -1,
-                                 0);
-                    buf == MAP_FAILED) {
-                 skip_ = true;
-                LOGE("skip injecting into android because sepolicy was not loaded properly");
-            } else {
-                munmap(buf, 1);
-            }
-        } else {
-            skip_ = true;
-            LOGD("skip injecting into android because no module is hooking it");
-        }
-        if (!skip_) {
+        if (binder && !skip_) {
             InstallInlineHooks();
             Init(env);
             FindAndCall(env, "forkSystemServerPost", "(Landroid/os/IBinder;)V", binder);
diff --git a/core/src/main/cpp/main/src/context.h b/core/src/main/cpp/main/src/context.h
index a3908be0..e00bf376 100644
--- a/core/src/main/cpp/main/src/context.h
+++ b/core/src/main/cpp/main/src/context.h
@@ -29,12 +29,6 @@
 #include "utils.h"
 
 namespace lspd {
-    enum Variant {
-        NONE = 0,
-        YAHFA = 1,
-        SANDHOOK = 2,
-    };
-
     class Context {
 
     public:
diff --git a/core/src/main/java/io/github/lsposed/lspd/core/yahfa/HookMain.java b/core/src/main/java/io/github/lsposed/lspd/core/yahfa/HookMain.java
index 17b5285c..ab7728d2 100644
--- a/core/src/main/java/io/github/lsposed/lspd/core/yahfa/HookMain.java
+++ b/core/src/main/java/io/github/lsposed/lspd/core/yahfa/HookMain.java
@@ -55,7 +55,6 @@ public class HookMain {
         if(!Yahfa.backupAndHookNative(target, hook, backup)){
             throw new RuntimeException("Failed to hook " + target + " with " + hook);
         } else {
-            Logger.e(target.toString());
             Yahfa.recordHooked(target);
         }
     }
diff --git a/core/src/main/java/io/github/lsposed/lspd/service/ConfigManager.java b/core/src/main/java/io/github/lsposed/lspd/service/ConfigManager.java
index 71a58c85..dc59bd4c 100644
--- a/core/src/main/java/io/github/lsposed/lspd/service/ConfigManager.java
+++ b/core/src/main/java/io/github/lsposed/lspd/service/ConfigManager.java
@@ -28,6 +28,8 @@ import android.os.Handler;
 import android.os.HandlerThread;
 import android.os.ParcelFileDescriptor;
 import android.os.RemoteException;
+import android.os.SELinux;
+import android.os.SharedMemory;
 import android.os.SystemClock;
 import android.system.ErrnoException;
 import android.system.Os;
@@ -56,6 +58,7 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.TimeUnit;
 
 import io.github.lsposed.lspd.Application;
 import io.github.lsposed.lspd.BuildConfig;
@@ -96,11 +99,15 @@ public class ConfigManager {
 
     private final Handler cacheHandler;
 
-    long lastModuleCacheTime = 0;
-    long requestModuleCacheTime = 0;
+    private final ConcurrentHashMap<String, SharedMemory> moduleDexes = new ConcurrentHashMap<>();
 
-    long lastScopeCacheTime = 0;
-    long requestScopeCacheTime = 0;
+    private long lastModuleCacheTime = 0;
+    private long requestModuleCacheTime = 0;
+
+    private long lastScopeCacheTime = 0;
+    private long requestScopeCacheTime = 0;
+
+    private boolean sepolicyLoaded = true;
 
     static class ProcessScope {
         String processName;
@@ -157,8 +164,26 @@ public class ConfigManager {
         }
     }
 
+    private static boolean checkSepolicy() {
+        return SELinux.checkSELinuxAccess("u:r:system_server:s0", "u:r:system_server:s0", "process", "execmem");
+    }
+
     // for system server, cache is not yet ready, we need to query database for it
     public boolean shouldSkipSystemServer() {
+        if (!checkSepolicy()) {
+            Log.d(TAG, "sepolicy is not loaded, trying livepatch");
+            try {
+                Process p = Runtime.getRuntime().exec(new String[]{"supolicy", "--live",
+                        "allow system_server system_server process execmem"});
+                p.waitFor(5, TimeUnit.SECONDS);
+            } catch (Throwable ignored) {
+            }
+        }
+        if (!checkSepolicy()) {
+            sepolicyLoaded = false;
+            Log.e(TAG, "skip injecting into android because sepolicy was not loaded properly");
+            return true; // skip
+        }
         try (Cursor cursor = db.query("scope INNER JOIN modules ON scope.mid = modules.mid", new String[]{"modules.mid"}, "app_pkg_name=? AND enabled=1", new String[]{"android"}, null, null, null)) {
             return cursor == null || !cursor.moveToNext();
         }
@@ -722,4 +747,8 @@ public class ConfigManager {
     public String getManagerPackageName() {
         return manager;
     }
+
+    public boolean isSepolicyLoaded() {
+        return sepolicyLoaded;
+    }
 }
diff --git a/core/src/main/java/io/github/lsposed/lspd/service/LSPManagerService.java b/core/src/main/java/io/github/lsposed/lspd/service/LSPManagerService.java
index 7cdba2e6..2e3f1023 100644
--- a/core/src/main/java/io/github/lsposed/lspd/service/LSPManagerService.java
+++ b/core/src/main/java/io/github/lsposed/lspd/service/LSPManagerService.java
@@ -161,4 +161,9 @@ public class LSPManagerService extends ILSPManagerService.Stub {
             return false;
         }
     }
+
+    @Override
+    public boolean isSepolicyLoaded() throws RemoteException {
+        return ConfigManager.getInstance().isSepolicyLoaded();
+    }
 }
diff --git a/core/template_override/customize.sh b/core/template_override/customize.sh
index 06a75daa..5df17806 100644
--- a/core/template_override/customize.sh
+++ b/core/template_override/customize.sh
@@ -210,8 +210,6 @@ fi
 echo "rm -rf /data/misc/$MISC_PATH" >> "${MODPATH}/uninstall.sh" || abortC "! ${LANG_CUST_ERR_CONF_UNINST}"
 echo "[[ -f /data/adb/lspd/new_install ]] || rm -rf /data/adb/lspd" >> "${MODPATH}/uninstall.sh" || abortC "! ${LANG_CUST_ERR_CONF_UNINST}"
 
-echo "1" > /data/adb/lspd/config/variant
-
 if [[ ! -e /data/adb/lspd/config/verbose_log ]]; then
     echo "0" > /data/adb/lspd/config/verbose_log
 fi
diff --git a/core/template_override/post-fs-data.sh b/core/template_override/post-fs-data.sh
index 35711e17..359f2e12 100644
--- a/core/template_override/post-fs-data.sh
+++ b/core/template_override/post-fs-data.sh
@@ -57,12 +57,6 @@ RIRU_APICODE=$(cat "${RIRU_PATH}/api_version")
 MAGISK_VERSION=$(magisk -v)
 MAGISK_VERCODE=$(magisk -V)
 
-livePatch() {
-    # Should be deprecated now. This is for debug only.
-    supolicy --live "allow system_server system_server process execmem" \
-                    "allow system_server system_server memprotect mmap_zero"
-}
-
 MISC_PATH=$(cat /data/adb/lspd/misc_path)
 BASE_PATH="/data/misc/$MISC_PATH"
 
@@ -135,9 +129,6 @@ start_log_catcher () {
     echo "${LOG_PID}">"${LOG_PATH}/${LOG_FILE_NAME}.pid"
 }
 
-# execute live patch if rule not found
-[[ -f "${MODDIR}/sepolicy.rule" ]] || livePatch
-
 if [[ -f "/data/adb/riru/modules/lspd.prop" ]]; then
     CONFIG=$(cat "/data/adb/riru/modules/lspd.prop")
     [[ -d "${TARGET}/${CONFIG}" ]] || mkdir -p "${TARGET}/${CONFIG}"
diff --git a/core/template_override/sepolicy.rule b/core/template_override/sepolicy.rule
index 518630b6..c7efd94a 100644
--- a/core/template_override/sepolicy.rule
+++ b/core/template_override/sepolicy.rule
@@ -1,2 +1 @@
 allow system_server system_server process execmem
-allow system_server system_server memprotect mmap_zero
diff --git a/hiddenapi-stubs/src/main/java/android/os/SELinux.java b/hiddenapi-stubs/src/main/java/android/os/SELinux.java
new file mode 100644
index 00000000..78786849
--- /dev/null
+++ b/hiddenapi-stubs/src/main/java/android/os/SELinux.java
@@ -0,0 +1,7 @@
+package android.os;
+
+public class SELinux {
+    public static final boolean checkSELinuxAccess(String scon, String tcon, String tclass, String perm){
+        throw new UnsupportedOperationException("Stub");
+    }
+}
diff --git a/manager-service/src/main/aidl/io/github/lsposed/lspd/ILSPManagerService.aidl b/manager-service/src/main/aidl/io/github/lsposed/lspd/ILSPManagerService.aidl
index 2d717e9d..66469d09 100644
--- a/manager-service/src/main/aidl/io/github/lsposed/lspd/ILSPManagerService.aidl
+++ b/manager-service/src/main/aidl/io/github/lsposed/lspd/ILSPManagerService.aidl
@@ -46,4 +46,6 @@ interface ILSPManagerService {
     void reboot(boolean confirm, String reason, boolean wait) = 24;
 
     boolean uninstallPackage(String packageName) = 25;
+
+    boolean isSepolicyLoaded() = 26;
 }