generate a random name for libmemtrack_real to temporarily make SafetyNet happy

Author: RikkaW

module/build.gradle

@@ -9,8 +9,8 @@ def apiVersion = 6
 def moduleProp = [
         id         : "riru-core",
         name       : "Riru (Riru - Core)",
-        version    : "v21.0",
-        versionCode: "33",
+        version    : "v21.1",
+        versionCode: "34",
         author     : "Rikka",
         description: "Inject zygote process by replace libmemtrack.so, provide interface to other Riru modules."
 ]

module/src/main/cpp/redirect_memtrack.cpp

@@ -1,14 +1,36 @@
 #include <dlfcn.h>
 #include <sys/types.h>
+#include <fcntl.h>
+#include <zconf.h>
+#include <unistd.h>
+#include <cstring>
+#include <cstdio>
+#include "logging.h"
 
 #ifdef __LP64__
-#define MEMTRACK_LIBRARY "/system/lib64/libmemtrack_real.so"
+#define LIB_PATH "/system/lib64"
 #else
-#define MEMTRACK_LIBRARY "/system/lib/libmemtrack_real.so"
+#define LIB_PATH "/system/lib"
 #endif
 
+static void *init() {
+    char path[PATH_MAX] = {0}, buf[64] = {0};
+
+    int fd = open("/data/adb/riru/random_name", O_RDONLY);
+    if (fd > 0 && read(fd, buf, 64)) {
+        read(fd, buf, 64);
+        snprintf(path, PATH_MAX, "%s/lib%s.so", LIB_PATH, buf);
+        close(fd);
+        if (access(path, F_OK) == 0) {
+            return dlopen(path, RTLD_NOW | RTLD_GLOBAL);
+        }
+    }
+    return nullptr;
+}
+
+static void *handle = init();
+
 extern "C" {
-static void *handle = dlopen(MEMTRACK_LIBRARY, RTLD_NOW | RTLD_GLOBAL);
 
 #define FUNC_DEF(NAME, RET, ...)                                                    \
     static void* sym_##NAME = handle ? dlsym(handle, #NAME) : NULL;                 \
@@ -161,56 +183,66 @@ FUNC_DEF(_ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9a
     if (!sym__ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEE8__appendEm)
         return;
 
-    return ((_ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEE8__appendEm_t) sym__ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEE8__appendEm)(a1, a2);
+    return ((_ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEE8__appendEm_t) sym__ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEE8__appendEm)(
+            a1, a2);
 }
 
 FUNC_DEF(_ZNSt3__114__split_bufferIN7android8hardware8memtrack4V1_014MemtrackRecordERNS_9allocatorIS5_EEEC2EjjS8_, int, uint a1, uint a2, void *a3) {
     if (!sym__ZNSt3__114__split_bufferIN7android8hardware8memtrack4V1_014MemtrackRecordERNS_9allocatorIS5_EEEC2EjjS8_)
         return 0;
 
-    return ((_ZNSt3__114__split_bufferIN7android8hardware8memtrack4V1_014MemtrackRecordERNS_9allocatorIS5_EEEC2EjjS8__t) sym__ZNSt3__114__split_bufferIN7android8hardware8memtrack4V1_014MemtrackRecordERNS_9allocatorIS5_EEEC2EjjS8_)(a1, a2, a3);
+    return ((_ZNSt3__114__split_bufferIN7android8hardware8memtrack4V1_014MemtrackRecordERNS_9allocatorIS5_EEEC2EjjS8__t) sym__ZNSt3__114__split_bufferIN7android8hardware8memtrack4V1_014MemtrackRecordERNS_9allocatorIS5_EEEC2EjjS8_)(
+            a1, a2, a3);
 }
 
 FUNC_DEF(_ZNSt3__113__vector_baseIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEED2Ev, void, void **a1) {
     if (!sym__ZNSt3__113__vector_baseIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEED2Ev)
         return;
 
-    return ((_ZNSt3__113__vector_baseIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEED2Ev_t) sym__ZNSt3__113__vector_baseIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEED2Ev)(a1);
+    return ((_ZNSt3__113__vector_baseIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEED2Ev_t) sym__ZNSt3__113__vector_baseIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEED2Ev)(
+            a1);
 }
 
 FUNC_DEF(_ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEE8__appendEj, int, int a1, uint a2) {
     if (!sym__ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEE8__appendEj)
         return 0;
 
-    return ((_ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEE8__appendEj_t) sym__ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEE8__appendEj)(a1, a2);
+    return ((_ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEE8__appendEj_t) sym__ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEE8__appendEj)(
+            a1, a2);
 }
 
-FUNC_DEF(_ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEE26__swap_out_circular_bufferERNS_14__split_bufferIS5_RS7_EE, int, int *a1, void *a2) {
+FUNC_DEF(
+        _ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEE26__swap_out_circular_bufferERNS_14__split_bufferIS5_RS7_EE,
+        int, int *a1, void *a2) {
     if (!sym__ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEE26__swap_out_circular_bufferERNS_14__split_bufferIS5_RS7_EE)
         return 0;
 
-    return ((_ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEE26__swap_out_circular_bufferERNS_14__split_bufferIS5_RS7_EE_t) sym__ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEE26__swap_out_circular_bufferERNS_14__split_bufferIS5_RS7_EE)(a1, a2);
+    return ((_ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEE26__swap_out_circular_bufferERNS_14__split_bufferIS5_RS7_EE_t) sym__ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEE26__swap_out_circular_bufferERNS_14__split_bufferIS5_RS7_EE)(
+            a1, a2);
 }
 
 FUNC_DEF(_ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEE8allocateEj, int, void *a1, uint a2) {
     if (!sym__ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEE8allocateEj)
         return 0;
 
-    return ((_ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEE8allocateEj_t) sym__ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEE8allocateEj)(a1, a2);
+    return ((_ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEE8allocateEj_t) sym__ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEE8allocateEj)(
+            a1, a2);
 }
 
 FUNC_DEF(_ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEE6resizeEj, int, int a1, uint a2) {
     if (!sym__ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEE6resizeEj)
         return 0;
 
-    return ((_ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEE6resizeEj_t) sym__ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEE6resizeEj)(a1, a2);
+    return ((_ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEE6resizeEj_t) sym__ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEE6resizeEj)(
+            a1, a2);
 }
 
 FUNC_DEF(_ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEEC2ERKS8_, int, void *a1, void *a2) {
     if (!sym__ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEEC2ERKS8_)
         return 0;
 
-    return ((_ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEEC2ERKS8__t) sym__ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEEC2ERKS8_)(a1, a2);
+    return ((_ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEEC2ERKS8__t) sym__ZNSt3__16vectorIN7android8hardware8memtrack4V1_014MemtrackRecordENS_9allocatorIS5_EEEC2ERKS8_)(
+            a1, a2);
 }
 
 struct memtrack_proc;

module/src/main/cpp/zygote_restart.cpp

@@ -9,11 +9,11 @@
 #include "pmparser.h"
 
 #ifdef __LP64__
-#define CHECK_LIB_NAME      "/system/lib64/libmemtrack_real.so"
+#define LIB_PATH            "/system/lib64"
 #define ZYGOTE_NAME         "zygote64"
 #define RESTART_NAME        "zygote_secondary"
 #else
-#define CHECK_LIB_NAME      "/system/lib/libmemtrack_real.so"
+#define LIB_PATH            "/system/lib"
 #define ZYGOTE_NAME         "zygote"
 #define RESTART_NAME        "zygote"
 #endif
@@ -117,7 +117,7 @@ static int is_path_in_maps(int pid, const char *path) {
     return false;
 }
 
-static bool should_restart() {
+static bool should_restart(const char* name) {
     // It is said that some wired devices (Samsung? or other) have multiply zygote, get all processes called zygote
     std::vector<pid_t> pids;
     while ((pids = grep_pid(ZYGOTE_NAME, 0)).empty()) {
@@ -132,7 +132,7 @@ static bool should_restart() {
 
     int riru_count = 0;
     for (auto pid : pids) {
-        if (!is_path_in_maps(pid, CHECK_LIB_NAME)) {
+        if (!is_path_in_maps(pid, name)) {
             LOGW("no Riru found in %s (pid=%d), restart required", ZYGOTE_NAME, pid);
         } else {
             LOGI("found Riru in %s (pid=%d)", ZYGOTE_NAME, pid);
@@ -143,9 +143,9 @@ static bool should_restart() {
     return riru_count != count;
 }
 
-static bool should_restart(int retries) {
+static bool should_restart(const char* name, int retries) {
     for (int i = 0; i < retries; ++i) {
-        if (should_restart())
+        if (should_restart(name))
             return true;
 
         if (i != retries - 1)
@@ -160,17 +160,27 @@ int main(int argc, char **argv) {
     if (fork() != 0)
         return 1;
 
-    if (!should_restart(3))
-        return 0;
+    // read random name
+    char name[PATH_MAX] = {0}, buf[64] = {0};
+    int fd = open("/data/adb/riru/random_name", O_RDONLY);
+    if (fd > 0 && read(fd, buf, 64)) {
+        read(fd, buf, 64);
+        snprintf(name, PATH_MAX, "%s/lib%s.so", LIB_PATH, buf);
+        close(fd);
+        LOGI("libmemtrack: %s", name);
+    }
 
     // wait for magisk mount
-    while (access(CHECK_LIB_NAME, F_OK) != 0) {
+    if (!should_restart(name, 3))
+        return 0;
+
+    while (access(name, F_OK) != 0) {
         LOGV("not mounted, wait 1s");
         sleep(1);
     }
 
     // check again
-    if (!should_restart(3)) {
+    if (!should_restart(name, 3)) {
         LOGI("found Riru, abort restart");
         return 0;
     }

template/magisk_module/customize.sh

@@ -32,6 +32,7 @@ ui_print "- Extracting Magisk files"
 extract "$ZIPFILE" 'module.prop' "$MODPATH"
 extract "$ZIPFILE" 'post-fs-data.sh' "$MODPATH"
 extract "$ZIPFILE" 'uninstall.sh' "$MODPATH"
+extract "$ZIPFILE" 'sepolicy.rule' "$MODPATH"
 
 if [ "$ARCH" = "x86" ] || [ "$ARCH" = "x64" ]; then
   ui_print "- Extracting x86 libraries"

template/magisk_module/post-fs-data.sh

@@ -14,13 +14,34 @@ move_new_file "$RIRU_PATH/api_version"
 move_new_file "$RIRU_PATH/version_name"
 move_new_file "$RIRU_PATH/version_code"
 
+# generate a random name
+RANDOM_NAME_FILE="/data/adb/riru/random_name"
+RANDOM_NAME=""
+if [ -f "$RANDOM_NAME_FILE" ]; then
+  RANDOM_NAME=$(cat "$RANDOM_NAME_FILE")
+else
+  while true; do
+    RANDOM_NAME=$(mktemp -u XXXXXXXX)
+    [ -f "/system/lib/lib$RANDOM_NAME.so" ] || break
+  done
+  mkdir "/data/adb/riru"
+  printf "%s" "$RANDOM_NAME" > "$RANDOM_NAME_FILE"
+fi
+
+# use magisk contextr
+chcon -R u:object_r:magisk_file:s0 "/data/adb/riru"
+
+# remove old libmemtrack_real
+rm "$MODDIR/system/lib64/libmemtrack_real.so"
+rm "$MODDIR/system/lib/libmemtrack_real.so"
+
 # Copy libmemtrack.so
-cp -f "/system/lib/libmemtrack.so" "$MODDIR/system/lib/libmemtrack_real.so"
-[ -f "/system/lib64/libmemtrack.so" ] && cp -f "/system/lib64/libmemtrack.so" "$MODDIR/system/lib64/libmemtrack_real.so"
+cp -f "/system/lib/libmemtrack.so" "$MODDIR/system/lib/lib$RANDOM_NAME.so"
+[ -f "/system/lib64/libmemtrack.so" ] && cp -f "/system/lib64/libmemtrack.so" "$MODDIR/system/lib64/lib$RANDOM_NAME.so"
 
 # Reset context in case
 chcon -R u:object_r:system_file:s0 "$MODDIR"
 
 # Restart zygote if needed
 ZYGOTE_RESTART=$RIRU_PATH/bin/zygote_restart
-[ ! -f "$RIRU_PATH/config/disable_auto_restart" ] && $ZYGOTE_RESTART
+[ ! -f "$RIRU_PATH/config/disable_auto_restart" ] && $ZYGOTE_RESTART

template/magisk_module/sepolicy.rule

@@ -0,0 +1,2 @@
+# allow zygote to enter /data/adb
+allow zygote adb_data_file dir search