Global hook for customized AOSP

[zhifeng-wang]

It would be fantastic if the Android rom customizer can make frida a build-in feature, so that one can inject frida into every apk laterly installed without repacking them.

I tried following steps without luck:

1. put libfrida-gadget.so and libfrida-gadget.config.so(the config json file) in to system/lib and system/lib64;
2. register libfrida-gadget.so in /system/etc/public.libraries.txt;
3. call System.loadLibrary('frida-gadget') in newApplication in [Aosp souce code]\frameworks\base\core\java\android\app\Instrumentation.java.

related log: frida-gadget: type=1400 audit(0.0:8): avc: denied { read } for name="primary" dev="tmpfs" ino=19137 scontext=u:r:zygote:s0 tcontext=u:object_r:storage_file:s0 tclass=lnk_file permissive=0

[tacesrever]

by errorlog, frida-gadget is injected into zygote, so it use this sepolicy:
https://android.googlesource.com/platform/system/sepolicy/+/master/private/zygote.te

this happened when frida-gadget try to read somefile at storage_file, which not allowed by zygote.te.

as reference, there may be two way to solve:

1. if use script-directory, set path to where zygote and all apps can read,
   or modify zygote.te, allow zygote to read storage_file or other filesystem frida-gadget should use.
2. don't load frida-gadget in zygote process. may can be done by do not register libfrida-gadget, and setenforce 0, then put dlopen at somewhere zygote don't use but in real app's start routine.

[zhifeng-wang]

@tacesrever Very intuitive. Thanks so much!

[gitWK86]

@tacesrever Very intuitive. Thanks so much!

hello， I have the same problem. use script-directory, set path to where can work?

frida-gadget: type=1400 audit(0.0:11): avc: denied { read } for name="primary" dev="tmpfs" ino=30102 scontext=u:r:mediaprovider_app:s0:c100,c256,c512,c768 tcontext=u:object_r:mnt_pass_through_file:s0 tclass=lnk_file permissive=0 app=com.android.providers.media.module