Skip to content

Commit

Permalink
add: Magisk Kitsune SuList support
Browse files Browse the repository at this point in the history
This commit adds support for the Kitsune SuList, a denylist in whitelist mode.
  • Loading branch information
ThePedroo committed Dec 29, 2024
1 parent 399be08 commit f1f3cbd
Showing 1 changed file with 30 additions and 3 deletions.
33 changes: 30 additions & 3 deletions zygiskd/src/root_impl/magisk.c
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ char *magisk_managers[] = {
enum magisk_variants variant = Official;
/* INFO: Longest path */
static char path_to_magisk[sizeof(DEBUG_RAMDISK_MAGISK)];
bool is_using_sulist = false;

void magisk_get_existence(struct root_impl_state *state) {
struct stat s;
Expand Down Expand Up @@ -78,7 +79,7 @@ void magisk_get_existence(struct root_impl_state *state) {
strcpy(path_to_magisk, SBIN_MAGISK);
}

char *argv[] = { "magisk", "-v", NULL };
char *argv[4] = { "magisk", "-v", NULL, NULL };

char magisk_info[128];
if (!exec_command(magisk_info, sizeof(magisk_info), (const char *)path_to_magisk, argv)) {
Expand Down Expand Up @@ -113,6 +114,27 @@ void magisk_get_existence(struct root_impl_state *state) {
return;
}

/* INFO: Magisk Kitsune has a feature called SuList, which is a whitelist of
which processes are allowed to see root. Although only Kitsune has
this option, there are Kitsune forks without "-kitsune" suffix, so
to avoid excluding them from taking advantage of that feature, we
will not check the variant.
*/
argv[1] = "--sqlite";
argv[2] = "select value from settings where name = 'sulist' limit 1";

char sulist_enabled[32];
if (!exec_command(sulist_enabled, sizeof(sulist_enabled), (const char *)path_to_magisk, argv)) {
LOGE("Failed to execute magisk binary: %s\n", strerror(errno));
errno = 0;

state->state = Abnormal;

return;
}

is_using_sulist = sulist_enabled[0] == '1';

if (atoi(magisk_version) >= MIN_MAGISK_VERSION) state->state = Supported;
else state->state = TooOld;
}
Expand Down Expand Up @@ -158,7 +180,10 @@ bool magisk_uid_should_umount(uid_t uid) {
char *package_name = strtok(result + strlen("package:"), " ");

char sqlite_cmd[256];
snprintf(sqlite_cmd, sizeof(sqlite_cmd), "select 1 from denylist where package_name=\"%s\" limit 1", package_name);
if (is_using_sulist)
snprintf(sqlite_cmd, sizeof(sqlite_cmd), "select 1 from sulist where package_name=\"%s\" limit 1", package_name);
else
snprintf(sqlite_cmd, sizeof(sqlite_cmd), "select 1 from denylist where package_name=\"%s\" limit 1", package_name);

char *const argv[] = { "magisk", "--sqlite", sqlite_cmd, NULL };

Expand All @@ -169,7 +194,9 @@ bool magisk_uid_should_umount(uid_t uid) {
return false;
}

return result[0] != '\0';
LOGI("Checking if %s should be unmounted: %s\n", package_name, result);

return result[0] == '\0';
}

bool magisk_uid_is_manager(uid_t uid) {
Expand Down

0 comments on commit f1f3cbd

Please sign in to comment.