mirror of
https://github.com/okhsunrog/vpnhide.git
synced 2026-04-28 06:31:27 +00:00
c571e59afd
The three files written under /data/system/ to coordinate state between the LSPosed system_server hook and the app — vpnhide_uids.txt, vpnhide_hidden_pkgs.txt, vpnhide_observer_uids.txt — were chmodded 0644 root:root. /data/system/ itself is mode 0775 system:system, traversable by untrusted apps, so any "other"-readable file there is both enumerable (`ls /data/system/`) and openable by name. Untrusted apps could: cat /data/system/vpnhide_uids.txt # all target UIDs cat /data/system/vpnhide_hidden_pkgs.txt # the hide list cat /data/system/vpnhide_observer_uids.txt # observer UIDs If the reader's own UID is in vpnhide_uids.txt, that's a positive "vpnhide is filtering me right now" detection — strictly stronger than the presence-of-marker fingerprint we already closed for vpnhide_hook_active in PR #100. Switch every write site to mode 0640 + chown root:system. system_server runs as UID 1000 with `system` (GID 1000) in its supplementary groups, so it still gets read via the group bit. Untrusted apps fall to the "other" octet (now ---) and get EACCES on open. Empirically verified on Pixel: before: 644 root:root → `cat` from untrusted shell succeeds after: 640 root:system → untrusted shell EACCES; `su system -c cat` (uid=1000) reads fine, mirroring what system_server sees Boot-time service.sh in both kmod and zygisk modules also include an idempotent migration block that re-stamps any pre-PR files left at 0644 by an older version on the next boot. Closes #36 in REVIEW. |
||
|---|---|---|
| .. | ||
| META-INF/com/google/android | ||
| customize.sh | ||
| module.prop | ||
| post-fs-data.sh | ||
| service.sh | ||