vrr/vpnhide
2
0
Fork 0
mirror of https://github.com/okhsunrog/vpnhide.git synced 2026-04-28 06:31:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

security: restrict target list visibility from apps

Browse source 
- /proc/vpnhide_targets: change from 0644 to 0600 (root only).
  Apps could read the UID list and discover which apps are targeted.
- Remove /data/local/tmp/vpnhide_targets.txt copies from service.sh
  and WebUI (no longer needed after get_module_dir() fix).
This commit is contained in:
okhsunrog 2026-04-12 02:06:39 +03:00
parent 6a4862fb69
commit a8bed7e044
3 changed files with 5 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

6
kmod/vpnhide_kmod.c
View file

@ -631,9 +631,9 @@ static int __init vpnhide_init(void)
}
}
/* 0644: root writes, everyone reads (system_server needs read
* access to load target UIDs for Java-level VPN filtering). */
targets_entry = proc_create("vpnhide_targets", 0644, NULL,
/* 0600: root-only read/write. UIDs are written here by service.sh
* and WebUI (both root). Apps must not see the target list. */
targets_entry = proc_create("vpnhide_targets", 0600, NULL,
&targets_proc_ops);
pr_info(MODNAME ": loaded — write UIDs to /proc/vpnhide_targets\n");