vrr/vpnhide
2
0
Fork 0
mirror of https://github.com/okhsunrog/vpnhide.git synced 2026-05-02 00:22:14 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
vpnhide/kmod/module/service.sh
okhsunrog 96dd1bf307 feat(logging): include kmod in debug-logging toggle fan-out 
The "Debug logging" toggle in Diagnostics drove three sinks: app
process (VpnHideLog.enabled), system_server hooks (/data/system/
vpnhide_debug_logging via inotify FileObserver), and the Zygisk
module (/data/adb/modules/vpnhide_zygisk/debug_logging at fork).
The kernel module's /proc/vpnhide_debug was its own little channel,
flipped only inside exportDebugZip's capture window — so a user
who enabled "Debug logging" persistently still got silent kmod,
and the kmod-flip in exportDebugZip would even reset it back to
0 at the end regardless of the user's preference.

Make kmod the fourth sink:

- writeDebugFlagFiles now drives /proc/vpnhide_debug alongside the
  other two file flags, batched into a single su invocation so the
  toggle UI doesn't pay three round-trips.
- /proc/vpnhide_debug is per-boot in-kernel state, so kmod's
  service.sh re-seeds it from the canonical /data/system/
  vpnhide_debug_logging at every boot — same model as targets.txt
  → /proc/vpnhide_targets.
- Manual echo 1/echo 0 > /proc/vpnhide_debug calls in exportDebugZip
  go away — applyDebugLoggingRuntime + the existing loggingWasForced
  save/restore block now handle kmod uniformly with the other sinks,
  fixing the "kmod stays OFF after capture even if user toggle was
  ON" bug as a side effect.
- Updated en + ru toggle description to mention dmesg, since the
  toggle is no longer logcat-only.
- docs/state.md §3 and §4 updated; new "Debug-logging fan-out"
  subsection in §3 with a diagram.

Behaviour change worth a changelog entry: a user with toggle ON
will now get verbose kmod entries in dmesg too.
2026-04-28 00:09:49 +03:00

133 lines
5.4 KiB
Bash
Raw Blame History

#!/system/bin/sh
# Resolves package names → UIDs for kmod and lsposed at boot.
# kmod targets → /proc/vpnhide_targets
# lsposed targets → /data/system/vpnhide_uids.txt
KMOD_TARGETS="/data/adb/vpnhide_kmod/targets.txt"
LSPOSED_TARGETS="/data/adb/vpnhide_lsposed/targets.txt"
PROC_TARGETS="/proc/vpnhide_targets"
SS_UIDS_FILE="/data/system/vpnhide_uids.txt"
# Wait for the proc entry (kernel module must be loaded)
for i in 1 2 3 4 5 6 7 8 9 10; do
[ -f "$PROC_TARGETS" ] && break
sleep 1
done
# Wait until PackageManager has actually indexed user-installed apps.
# `pm list packages` starts responding very early in boot but returns
# only system packages for several more seconds — if we resolve during
# that window, `dev.okhsunrog.vpnhide` (and any other user-installed
# target) silently drops from the UID file and the LSPosed hook caches
# an empty target set for the rest of the session. Gate on our own
# package being visible, with a 60s budget.
for i in $(seq 1 60); do
if pm list packages -U 2>/dev/null | grep -q "^package:dev.okhsunrog.vpnhide "; then
break
fi
sleep 1
done
if [ ! -f "$PROC_TARGETS" ]; then
log -t vpnhide "kernel module not loaded, skipping kmod UID resolution"
fi
# Migration: if lsposed targets don't exist yet, seed from kmod targets
if [ ! -f "$LSPOSED_TARGETS" ] && [ -f "$KMOD_TARGETS" ]; then
cp "$KMOD_TARGETS" "$LSPOSED_TARGETS"
log -t vpnhide "migrated kmod targets to lsposed targets"
fi
# Get all packages with UIDs across every profile in one call.
# `--user all` emits comma-separated UIDs per package line for apps
# present in multiple profiles, e.g.
# package:com.android.chrome uid:10187,1010187
# so work-profile / secondary-user installs get targeted too.
ALL_PACKAGES="$(pm list packages -U --user all 2>/dev/null)"
# resolve_uids <targets_file> — prints one UID per line to stdout.
# Splits the comma-separated UID list so every profile's copy of the
# target package ends up individually in /proc/vpnhide_targets.
resolve_uids() {
local targets_file="$1"
[ -f "$targets_file" ] || return
local uids=""
while IFS= read -r line || [ -n "$line" ]; do
pkg="$(echo "$line" | tr -d '[:space:]')"
[ -z "$pkg" ] && continue
case "$pkg" in \#*) continue ;; esac
# Literal match on $1 — grep would treat dots in `pkg` as regex
# wildcards (e.g. `com.x.y` matching `comXxXy` if such a package
# ever existed). awk's `$1 == p` compares fields literally.
uid_csv="$(echo "$ALL_PACKAGES" | awk -v p="package:${pkg}" '$1 == p { sub(/uid:/, "", $2); print $2; exit }')"
if [ -n "$uid_csv" ]; then
expanded="$(echo "$uid_csv" | tr ',' '\n')"
if [ -z "$uids" ]; then uids="$expanded"; else uids="${uids}
${expanded}"; fi
else
log -t vpnhide "package not found: $pkg"
fi
done < "$targets_file"
[ -n "$uids" ] && echo "$uids"
}
# Resolve kmod targets → /proc/vpnhide_targets
if [ -f "$PROC_TARGETS" ] && [ -f "$KMOD_TARGETS" ]; then
KMOD_UIDS="$(resolve_uids "$KMOD_TARGETS")"
if [ -n "$KMOD_UIDS" ]; then
echo "$KMOD_UIDS" > "$PROC_TARGETS"
count="$(echo "$KMOD_UIDS" | wc -l)"
log -t vpnhide "kmod: loaded $count target UIDs"
else
log -t vpnhide "kmod: no UIDs resolved"
fi
fi
# Resolve lsposed targets → /data/system/vpnhide_uids.txt
# Create persist dir if needed (for first-time installs)
mkdir -p /data/adb/vpnhide_lsposed 2>/dev/null
# Mode 0640 + group=system: system_server (UID 1000, in group `system`)
# reads via the group bit; untrusted apps fall to "other" and get EACCES.
# Default 0644 was a fingerprint vector — `/data/system/` itself is mode
# 0775 traversable by untrusted, so any o+r file is enumerable + readable.
if [ -f "$LSPOSED_TARGETS" ]; then
LSPOSED_UIDS="$(resolve_uids "$LSPOSED_TARGETS")"
if [ -n "$LSPOSED_UIDS" ]; then
echo "$LSPOSED_UIDS" > "$SS_UIDS_FILE"
chmod 640 "$SS_UIDS_FILE"
chown root:system "$SS_UIDS_FILE"
chcon u:object_r:system_data_file:s0 "$SS_UIDS_FILE" 2>/dev/null
count="$(echo "$LSPOSED_UIDS" | wc -l)"
log -t vpnhide "lsposed: wrote $count UIDs to $SS_UIDS_FILE"
else
echo > "$SS_UIDS_FILE"
chmod 640 "$SS_UIDS_FILE"
chown root:system "$SS_UIDS_FILE"
log -t vpnhide "lsposed: no UIDs resolved"
fi
fi
# Migrate pre-PR files written by older versions with mode 0644: any
# vpnhide_*.txt the lsposed app may have left in /data/system/. Touch
# only files that already exist; don't create new ones here.
for f in "$SS_UIDS_FILE" \
/data/system/vpnhide_hidden_pkgs.txt \
/data/system/vpnhide_observer_uids.txt; do
if [ -f "$f" ]; then
chmod 640 "$f"
chown root:system "$f"
chcon u:object_r:system_data_file:s0 "$f" 2>/dev/null
fi
done
# Re-seed /proc/vpnhide_debug from the persistent toggle flag the app
# maintains. /proc/vpnhide_debug is per-boot in-kernel state — without
# this re-seed, a user with "Debug logging" turned ON would silently
# get OFF after every reboot until they re-opened the app (which is
# what triggers the in-app re-propagation in MainActivity.onCreate).
# Same model as targets.txt → /proc/vpnhide_targets above: persistent
# file is canonical, /proc gets reseeded each boot.
SS_DEBUG_LOGGING="/data/system/vpnhide_debug_logging"
if [ -e /proc/vpnhide_debug ] && [ -f "$SS_DEBUG_LOGGING" ]; then
cat "$SS_DEBUG_LOGGING" > /proc/vpnhide_debug 2>/dev/null
fi
Reference in a new issue View git blame Copy permalink