gitea-mirror/Magisk
1
0
Fork 0
mirror of https://github.com/topjohnwu/Magisk.git synced 2026-01-12 04:56:13 -08:00
Code Issues Packages Projects Releases Wiki Activity

Read certificate in Rust

Browse Source 
Co-authored-by: topjohnwu <topjohnwu@gmail.com>
This commit is contained in:
LoveSy
2023-06-14 22:24:42 +08:00
committed by John Wu
parent d2eaa6e6c1
commit a9c89cbbbb
7 changed files with 173 additions and 224 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
native/src/core/package.cpp
View File

@@ -25,6 +25,11 @@ static string *mgr_cert;
static int stub_apk_fd = -1;
static const string *default_cert;
static string read_certificate(int fd, int version) {
auto cert = rust::read_certificate(fd, version);
return string{cert.begin(), cert.end()};
}
void check_pkg_refresh() {
struct stat st{};
if (stat("/data/system/packages.xml", &st) == 0 &&
@@ -71,7 +76,9 @@ void preserve_stub_apk() {
string stub_path = MAGISKTMP + "/stub.apk";
stub_apk_fd = xopen(stub_path.data(), O_RDONLY | O_CLOEXEC);
unlink(stub_path.data());
default_cert = new string(read_certificate(stub_apk_fd));
auto cert = read_certificate(stub_apk_fd, -1);
if (!cert.empty())
default_cert = new string(std::move(cert));
lseek(stub_apk_fd, 0, SEEK_SET);
}
@@ -107,7 +114,8 @@ int get_manager(int user_id, string *pkg, bool install) {
LOGW("pkg: no dyn APK, ignore\n");
return false;
}
bool mismatch = default_cert && read_certificate(dyn, MAGISK_VER_CODE) != *default_cert;
auto cert = read_certificate(dyn, MAGISK_VER_CODE);
bool mismatch = default_cert && cert != *default_cert;
close(dyn);
if (mismatch) {
LOGE("pkg: dyn APK signature mismatch: %s\n", app_path);
@@ -172,12 +180,12 @@ int get_manager(int user_id, string *pkg, bool install) {
byte_array<PATH_MAX> apk;
find_apk_path(byte_view(str[SU_MANAGER]), apk);
int fd = xopen((const char *) apk.buf(), O_RDONLY | O_CLOEXEC);
string cert = read_certificate(fd);
auto cert = read_certificate(fd, -1);
close(fd);
// Verify validity
if (str[SU_MANAGER] == *mgr_pkg) {
if (app_id != mgr_app_id || cert != *mgr_cert) {
if (app_id != mgr_app_id || cert.empty() || cert != *mgr_cert) {
// app ID or cert should never change
LOGE("pkg: repackaged APK signature invalid: %s\n", apk.buf());
uninstall_pkg(mgr_pkg->data());
@@ -226,7 +234,7 @@ int get_manager(int user_id, string *pkg, bool install) {
byte_array<PATH_MAX> apk;
find_apk_path(byte_view(JAVA_PACKAGE_NAME), apk);
int fd = xopen((const char *) apk.buf(), O_RDONLY | O_CLOEXEC);
string cert = read_certificate(fd, MAGISK_VER_CODE);
auto cert = read_certificate(fd, MAGISK_VER_CODE);
close(fd);
if (default_cert && cert != *default_cert) {
// Found APK with invalid signature, force replace with stub