improve: denylist system; remove: logging by ReZygiskd for libzygisk.so

This commit both improves the umount system, by properly switching mount namespaces to avoid doing it all the time and also avoid cause gaps, and also remove logging backed by ReZygiskd, as it will later on have its connection cut and end up logging locally, making this futile.
PerformanC · Jan 6, 2025 · 11103f2 · 11103f2
1 parent c5f9b94
commit 11103f2
Show file tree

Hide file tree

Showing 11 changed files with 120 additions and 194 deletions.
diff --git a/loader/src/common/daemon.cpp b/loader/src/common/daemon.cpp
@@ -63,19 +63,6 @@ namespace zygiskd {
     return true;
   }
 
-  int RequestLogcatFd() {
-    int fd = Connect(1);
-    if (fd == -1) {
-      PLOGE("RequestLogcatFd");
-
-      return -1;
-    }
-
-    socket_utils::write_u8(fd, (uint8_t) SocketAction::RequestLogcatFd);
-
-    return fd;
-  }
-
   uint32_t GetProcessFlags(uid_t uid) {
     int fd = Connect(1);
     if (fd == -1) {

diff --git a/loader/src/common/logging.cpp b/loader/src/common/logging.cpp
diff --git a/loader/src/include/daemon.h b/loader/src/include/daemon.h
@@ -78,7 +78,6 @@ namespace zygiskd {
 
     enum class SocketAction {
         PingHeartBeat,
-        RequestLogcatFd,
         GetProcessFlags,
         GetInfo,
         ReadModules,
@@ -95,8 +94,6 @@ namespace zygiskd {
 
     bool PingHeartbeat();
 
-    int RequestLogcatFd();
-
     std::vector<ModuleInfo> ReadModules();
 
     uint32_t GetProcessFlags(uid_t uid);

diff --git a/loader/src/include/logging.h b/loader/src/include/logging.h
@@ -1,35 +1,30 @@
-#pragma once
+#ifndef LOGGING_H
+#define LOGGING_H
 
 #include <android/log.h>
 #include <errno.h>
 #include <string.h>
 
 #ifndef LOG_TAG
-#if defined(__LP64__)
-# define LOG_TAG "zygisk-core64"
-#else
-# define LOG_TAG "zygisk-core32"
-#endif
+  #ifdef __LP64__
+    #define LOG_TAG "zygisk-core64"
+  #else
+    #define LOG_TAG "zygisk-core32"
+  #endif
 #endif
 
 #ifndef NDEBUG
-#define LOGD(...)  logging::log(ANDROID_LOG_DEBUG, LOG_TAG, __VA_ARGS__)
-#define LOGV(...)  logging::log(ANDROID_LOG_VERBOSE, LOG_TAG, __VA_ARGS__)
+  #define LOGD(...) __android_log_print(ANDROID_LOG_DEBUG, LOG_TAG, __VA_ARGS__)
+  #define LOGV(...) __android_log_print(ANDROID_LOG_VERBOSE, LOG_TAG, __VA_ARGS__)
 #else
-#define LOGD(...)
-#define LOGV(...)
+  #define LOGD(...)
+  #define LOGV(...)
 #endif
-#define LOGI(...)  logging::log(ANDROID_LOG_INFO, LOG_TAG, __VA_ARGS__)
-#define LOGW(...)  logging::log(ANDROID_LOG_WARN, LOG_TAG, __VA_ARGS__)
-#define LOGE(...)  logging::log(ANDROID_LOG_ERROR, LOG_TAG, __VA_ARGS__)
-#define LOGF(...)  logging::log(ANDROID_LOG_FATAL, LOG_TAG, __VA_ARGS__)
-#define PLOGE(fmt, args...) LOGE(fmt " failed with %d: %s", ##args, errno, strerror(errno))
 
-namespace logging {
-    void setfd(int fd);
-
-    int getfd();
+#define LOGI(...) __android_log_print(ANDROID_LOG_INFO, LOG_TAG, __VA_ARGS__)
+#define LOGW(...) __android_log_print(ANDROID_LOG_WARN, LOG_TAG, __VA_ARGS__)
+#define LOGE(...) __android_log_print(ANDROID_LOG_ERROR, LOG_TAG, __VA_ARGS__)
+#define LOGF(...) __android_log_print(ANDROID_LOG_FATAL, LOG_TAG, __VA_ARGS__)
+#define PLOGE(fmt, args...) LOGE(fmt " failed with %d: %s", ##args, errno, strerror(errno))
 
-    [[gnu::format(printf, 3, 4)]]
-    void log(int prio, const char* tag, const char* fmt, ...);
-}
+#endif /* LOGGING_H */
diff --git a/loader/src/injector/entry.cpp b/loader/src/injector/entry.cpp
@@ -19,10 +19,6 @@ void entry(void* addr, size_t size, const char* path) {
         return;
     }
 
-#ifdef NDEBUG
-    logging::setfd(zygiskd::RequestLogcatFd());
-#endif
-
     LOGD("start plt hooking");
     hook_functions();
     clean_trace(path, 1, 0, false);

diff --git a/loader/src/injector/hook.cpp b/loader/src/injector/hook.cpp
@@ -175,8 +175,10 @@ DCL_HOOK_FUNC(int, unshare, int flags) {
         // This is reproducible on the official AVD running API 26 and 27.
         // Simply avoid doing any unmounts for SysUI to avoid potential issues.
         !g_ctx->flags[SERVER_FORK_AND_SPECIALIZE] && !(g_ctx->info_flags & PROCESS_IS_FIRST_STARTED)) {
-        if (g_ctx->flags[DO_REVERT_UNMOUNT]) {
-            update_mnt_ns(Clean, false);
+        if (g_ctx->info_flags & (PROCESS_IS_MANAGER | PROCESS_GRANTED_ROOT)) {
+            update_mnt_ns(Rooted, false);
+        } else if (!(g_ctx->flags[DO_REVERT_UNMOUNT])) {
+            update_mnt_ns(Module, false);
         }
 
         old_unshare(CLONE_NEWNS);
@@ -188,18 +190,6 @@ DCL_HOOK_FUNC(int, unshare, int flags) {
     return res;
 }
 
-// Close logd_fd if necessary to prevent crashing
-// For more info, check comments in zygisk_log_write
-DCL_HOOK_FUNC(void, android_log_close) {
-    if (g_ctx == nullptr) {
-        // Happens during un-managed fork like nativeForkApp, nativeForkUsap
-        logging::setfd(-1);
-    } else if (!g_ctx->flags[SKIP_FD_SANITIZATION]) {
-        logging::setfd(-1);
-    }
-    old_android_log_close();
-}
-
 // We cannot directly call `dlclose` to unload ourselves, otherwise when `dlclose` returns,
 // it will return to our code which has been unmapped, causing segmentation fault.
 // Instead, we hook `pthread_attr_setstacksize` which will be called when VM daemon threads start.
@@ -628,6 +618,10 @@ void ZygiskContext::app_specialize_pre() {
     flags[APP_SPECIALIZE] = true;
 
     info_flags = zygiskd::GetProcessFlags(g_ctx->args.app->uid);
+     if (info_flags & PROCESS_IS_FIRST_STARTED) {
+        update_mnt_ns(Clean, true);
+    }
+
     if ((info_flags & PROCESS_ON_DENYLIST) == PROCESS_ON_DENYLIST) {
         flags[DO_REVERT_UNMOUNT] = true;
     }
@@ -648,7 +642,6 @@ void ZygiskContext::app_specialize_post() {
     // Cleanups
     env->ReleaseStringUTFChars(args.app->nice_name, process);
     g_ctx = nullptr;
-    logging::setfd(-1);
 }
 
 bool ZygiskContext::exempt_fd(int fd) {
@@ -681,11 +674,10 @@ void ZygiskContext::nativeForkSystemServer_pre() {
     flags[SERVER_FORK_AND_SPECIALIZE] = true;
 
     fork_pre();
-    if (pid != 0)
-        return;
-
-    run_modules_pre();
-    zygiskd::SystemServerStarted();
+    if (is_child()) {
+        run_modules_pre();
+        zygiskd::SystemServerStarted();
+    }
 
     sanitize_fds();
 }
@@ -703,10 +695,7 @@ void ZygiskContext::nativeForkAndSpecialize_pre() {
     LOGV("pre forkAndSpecialize [%s]", process);
     flags[APP_FORK_AND_SPECIALIZE] = true;
 
-    /* Zygisksu changed: No args.app->fds_to_ignore check since we are Android 10+ */
-    if (logging::getfd() != -1) {
-        exempted_fds.push_back(logging::getfd());
-    }
+    update_mnt_ns(Clean, false);
 
     fork_pre();
     if (pid == 0) {
@@ -831,7 +820,6 @@ void hook_functions() {
     PLT_HOOK_REGISTER(android_runtime_dev, android_runtime_inode, fork);
     PLT_HOOK_REGISTER(android_runtime_dev, android_runtime_inode, unshare);
     PLT_HOOK_REGISTER(android_runtime_dev, android_runtime_inode, strdup);
-    PLT_HOOK_REGISTER_SYM(android_runtime_dev, android_runtime_inode, "__android_log_close", android_log_close);
     hook_commit();
 
     // Remove unhooked methods

diff --git a/loader/src/injector/module.hpp b/loader/src/injector/module.hpp
@@ -126,8 +126,8 @@ namespace {
         PROCESS_GRANTED_ROOT = zygisk::StateFlag::PROCESS_GRANTED_ROOT,
         PROCESS_ON_DENYLIST = zygisk::StateFlag::PROCESS_ON_DENYLIST,
 
-        PROCESS_IS_MANAGER = (1u << 28),
-        PROCESS_ROOT_IS_APATCH = (1u << 27),
+        PROCESS_IS_MANAGER = (1u << 27),
+        PROCESS_ROOT_IS_APATCH = (1u << 28),
         PROCESS_ROOT_IS_KSU = (1u << 29),
         PROCESS_ROOT_IS_MAGISK = (1u << 30),
         PROCESS_IS_FIRST_STARTED = (1u << 31),

diff --git a/zygiskd/build.gradle.kts b/zygiskd/build.gradle.kts
@@ -42,7 +42,7 @@ val CFlagsRelease = arrayOf(
 )
 
 val CFlagsDebug = arrayOf(
-  "-g", "-O0"
+  "-g", "-O0", "-DDEBUG"
 )
 
 val Files = arrayOf(

diff --git a/zygiskd/src/constants.h b/zygiskd/src/constants.h
@@ -7,12 +7,6 @@
 #define true 1
 #define false 0
 
-#if DEBUG == false
-  #define MAX_LOG_LEVEL ANDROID_LOG_VERBOSE
-#else
-  #define MAX_LOG_LEVEL ANDROID_LOG_INFO
-#endif
-
 #if (defined(__LP64__) || defined(_LP64))
   #define lp_select(a, b) b
 #else
@@ -26,22 +20,21 @@
 
 enum DaemonSocketAction {
   PingHeartbeat          = 0,
-  RequestLogcatFd        = 1,
-  GetProcessFlags        = 2,
-  GetInfo                = 3,
-  ReadModules            = 4,
-  RequestCompanionSocket = 5,
-  GetModuleDir           = 6,
-  ZygoteRestart          = 7,
-  SystemServerStarted    = 8,
-  GetCleanNamespace      = 9
+  GetProcessFlags        = 1,
+  GetInfo                = 2,
+  ReadModules            = 3,
+  RequestCompanionSocket = 4,
+  GetModuleDir           = 5,
+  ZygoteRestart          = 6,
+  SystemServerStarted    = 7,
+  GetCleanNamespace      = 8
 };
 
 enum ProcessFlags: uint32_t {
   PROCESS_GRANTED_ROOT = (1u << 0),
   PROCESS_ON_DENYLIST = (1u << 1),
-  PROCESS_IS_MANAGER = (1u << 28),
-  PROCESS_ROOT_IS_APATCH = (1u << 27),
+  PROCESS_IS_MANAGER = (1u << 27),
+  PROCESS_ROOT_IS_APATCH = (1u << 28),
   PROCESS_ROOT_IS_KSU = (1u << 29),
   PROCESS_ROOT_IS_MAGISK = (1u << 30),
   PROCESS_IS_FIRST_STARTED = (1u << 31)