fix calling uid

refgd · May 17, 2022 · 2c75ca2 · 2c75ca2
1 parent 422cf68
commit 2c75ca2
Show file tree

Hide file tree

Showing 8 changed files with 47 additions and 7 deletions.
diff --git a/Bcore/src/main/aidl/top/niunaijun/blackbox/core/system/pm/IBPackageManagerService.aidl b/Bcore/src/main/aidl/top/niunaijun/blackbox/core/system/pm/IBPackageManagerService.aidl
@@ -17,6 +17,8 @@ import top.niunaijun.blackbox.entity.pm.InstalledPackage;
 
 
 interface IBPackageManagerService {
+    int getUidByPid(int pid);
+
     ResolveInfo resolveService(in Intent intent, int flags, String resolvedType, int userId);
     ResolveInfo resolveActivity(in Intent intent, int flags, String resolvedType, int userId);
     ProviderInfo resolveContentProvider(String authority, int flag, int userId);

diff --git a/Bcore/src/main/cpp/JniHook/JniHook.cpp b/Bcore/src/main/cpp/JniHook/JniHook.cpp
@@ -3,6 +3,7 @@
 //
 
 #include <jni.h>
+#include <cstring>
 #include "JniHook.h"
 #include "Log.h"
 #include "ArtMethod.h"
@@ -144,11 +145,11 @@ JniHook::HookJniFun(JNIEnv *env, const char *class_name, const char *method_name
     };
 
     auto artMethod = reinterpret_cast<uintptr_t *>(GetArtMethod(env, clazz, method));
-//  取消检查, 可能有其它问题, 不过目前对于部分APP是工作了
-//    if (!CheckFlags(artMethod)) {
-//        ALOGE("check flags error. class：%s, method：%s", class_name, method_name);
-//        return;
-//    }
+    //  不检查系统包
+    if (!strncmp(class_name, "android.", 8) && !CheckFlags(artMethod)) {
+        ALOGE("check flags error. class：%s, method：%s", class_name, method_name);
+        return;
+    }
     *orig_fun = reinterpret_cast<void *>(artMethod[HookEnv.art_method_native_offset]);
     if (env->RegisterNatives(clazz, gMethods, 1) < 0) {
         ALOGE("jni hook error. class：%s, method：%s", class_name, method_name);

diff --git a/Bcore/src/main/java/top/niunaijun/blackbox/core/NativeCore.java b/Bcore/src/main/java/top/niunaijun/blackbox/core/NativeCore.java
@@ -1,6 +1,7 @@
 package top.niunaijun.blackbox.core;
 
 
+import android.os.Binder;
 import android.os.Process;
 
 import androidx.annotation.Keep;
@@ -60,7 +61,11 @@ public static int getCallingUid(int origCallingUid) {
             return origCallingUid;
 
         if (origCallingUid == BlackBoxCore.getHostUid()) {
-//            Log.d(TAG, "origCallingUid: " + origCallingUid + " => " + BActivityThread.getCallingBUid());
+            int callingPid = Binder.getCallingPid();
+            int bUid = BlackBoxCore.getBPackageManager().getUidByPid(callingPid);
+            if (bUid != -1) {
+                return bUid;
+            }
             return BActivityThread.getCallingBUid();
         }
         return origCallingUid;

diff --git a/Bcore/src/main/java/top/niunaijun/blackbox/core/system/BProcessManagerService.java b/Bcore/src/main/java/top/niunaijun/blackbox/core/system/BProcessManagerService.java
@@ -101,6 +101,8 @@ public ProcessRecord startProcessLocked(String packageName, String processName,
                 app = null;
             } else {
                 app.pid = getPid(BlackBoxCore.getContext(), ProxyManifest.getProcessName(app.bpid));
+
+                Log.d(TAG, "init pid = " + app.pid);
             }
         }
         return app;

diff --git a/Bcore/src/main/java/top/niunaijun/blackbox/core/system/pm/BPackageManagerService.java b/Bcore/src/main/java/top/niunaijun/blackbox/core/system/pm/BPackageManagerService.java
@@ -17,6 +17,7 @@
 import android.os.Binder;
 import android.os.RemoteException;
 import android.text.TextUtils;
+import android.util.Log;
 
 import java.io.File;
 import java.io.InputStream;
@@ -65,6 +66,7 @@ public class BPackageManagerService extends IBPackageManagerService.Stub impleme
     private static final BUserManagerService sUserManager = BUserManagerService.get();
     private final List<PackageMonitor> mPackageMonitors = new ArrayList<>();
 
+
     final Map<String, BPackageSettings> mPackages = mSettings.mPackages;
     final Object mInstallLock = new Object();
 
@@ -269,6 +271,16 @@ private ActivityInfo getActivity(ComponentName component, int flags,
         return null;
     }
 
+    @Override
+    public int getUidByPid(int pid) {
+        ProcessRecord processByPid = BProcessManagerService.get().findProcessByPid(pid);
+        if (processByPid != null) {
+            return processByPid.buid;
+        }
+
+        return -1;
+    }
+
     @Override
     public PackageInfo getPackageInfo(String packageName, int flags, int userId) {
         if (!sUserManager.exists(userId)) return null;

diff --git a/Bcore/src/main/java/top/niunaijun/blackbox/fake/frameworks/BPackageManager.java b/Bcore/src/main/java/top/niunaijun/blackbox/fake/frameworks/BPackageManager.java
@@ -116,6 +116,15 @@ public ApplicationInfo getApplicationInfo(String packageName, int flags, int use
         return null;
     }
 
+    public int getUidByPid(int pid) {
+        try {
+            return getService().getUidByPid(pid);
+        } catch (RemoteException e) {
+            crash(e);
+        }
+        return -1;
+    }
+
     public PackageInfo getPackageInfo(String packageName, int flags, int userId) {
         try {
             return getService().getPackageInfo(packageName, flags, userId);

diff --git a/Bcore/src/main/java/top/niunaijun/blackbox/fake/service/ITelephonyManagerProxy.java b/Bcore/src/main/java/top/niunaijun/blackbox/fake/service/ITelephonyManagerProxy.java
@@ -19,6 +19,7 @@
 import top.niunaijun.blackbox.fake.hook.MethodHook;
 import top.niunaijun.blackbox.fake.hook.ProxyMethod;
 import top.niunaijun.blackbox.utils.Md5Utils;
+import top.niunaijun.blackbox.utils.MethodParameterUtils;
 
 /**
  * Created by Milk on 4/2/21.
@@ -51,6 +52,13 @@ public boolean isBadEnv() {
         return false;
     }
 
+    @Override
+    public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
+//        Log.d(TAG, "call: " + method.getName());
+//        MethodParameterUtils.replaceFirstAppPkg(args);
+        return super.invoke(proxy, method, args);
+    }
+
     @ProxyMethod("getDeviceId")
     public static class GetDeviceId extends MethodHook {
         @Override
@@ -134,6 +142,7 @@ protected Object hook(Object who, Method method, Object[] args) throws Throwable
     public static class GetAllCellInfo extends MethodHook {
         @Override
         protected Object hook(Object who, Method method, Object[] args) throws Throwable {
+            Log.d(TAG, "GetAllCellInfo");
             if (BLocationManager.isFakeLocationEnable()) {
                 List<BCell> cell = BLocationManager.get().getAllCell(BActivityThread.getUserId(), BActivityThread.getAppPackageName());
                 // TODO Transfer BCell to CdmaCellLocation/GsmCellLocation

diff --git a/app/build.gradle b/app/build.gradle
@@ -12,7 +12,7 @@ android {
         minSdkVersion 21
         targetSdkVersion rootProject.ext.targetSdkVersion
         versionCode 12
-        versionName "2.1.0"
+        versionName "2.1.1"
 
         flavorDimensions "BlackBox32"
     }