Support bypass shared user verify for A11+

LSPosed · Feb 29, 2024 · fc8c3d5 · fc8c3d5
1 parent cbaad7a
commit fc8c3d5
Show file tree

Hide file tree

Showing 9 changed files with 294 additions and 60 deletions.
diff --git a/app/src/main/java/toolkit/coderstory/CorePatchForQ.java b/app/src/main/java/toolkit/coderstory/CorePatchForQ.java
@@ -28,7 +28,6 @@ public void handleLoadPackage(XC_LoadPackage.LoadPackageParam loadPackageParam)
         Class<?> packageClazz = XposedHelpers.findClass("android.content.pm.PackageParser.Package", loadPackageParam.classLoader);
         hookAllMethods("com.android.server.pm.PackageManagerService", loadPackageParam.classLoader, "checkDowngrade", new XC_MethodHook() {
             public void beforeHookedMethod(MethodHookParam methodHookParam) throws Throwable {
-                super.beforeHookedMethod(methodHookParam);
                 if (prefs.getBoolean("downgrade", true)) {
                     Object packageInfoLite = methodHookParam.args[0];
 
@@ -65,7 +64,6 @@ public void beforeHookedMethod(MethodHookParam methodHookParam) throws Throwable
         final Object newInstance = findConstructorExact.newInstance(signingDetailsArgs);
         hookAllMethods("android.util.apk.ApkSignatureVerifier", loadPackageParam.classLoader, "verifyV1Signature", new XC_MethodHook() {
             public void afterHookedMethod(MethodHookParam methodHookParam) throws Throwable {
-                super.afterHookedMethod(methodHookParam);
                 if (prefs.getBoolean("authcreak", false)) {
                     Throwable throwable = methodHookParam.getThrowable();
                     if (throwable != null) {
@@ -90,7 +88,6 @@ public void afterHookedMethod(MethodHookParam methodHookParam) throws Throwable
         hookAllMethods(signingDetails, "checkCapability", new XC_MethodHook() {
             @Override
             protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
-                super.beforeHookedMethod(param);
                 if (prefs.getBoolean("digestCreak", true)) {
                     if ((Integer) param.args[1] != 4 && prefs.getBoolean("authcreak", false)) {
                         param.setResult(Boolean.TRUE);
@@ -102,7 +99,6 @@ protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                 new XC_MethodHook() {
                     @Override
                     protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
-                        super.beforeHookedMethod(param);
                         if (prefs.getBoolean("digestCreak", true)) {
                             if ((Integer) param.args[1] != 4 && prefs.getBoolean("authcreak", false)) {
                                 param.setResult(Boolean.TRUE);
@@ -115,7 +111,6 @@ protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
         findAndHookMethod("android.content.pm.ApplicationInfo", loadPackageParam.classLoader, "isPackageWhitelistedForHiddenApis", new XC_MethodHook() {
             @Override
             protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
-                super.beforeHookedMethod(param);
                 if (prefs.getBoolean("digestCreak", true)) {
                     ApplicationInfo info = (ApplicationInfo) param.thisObject;
                     if ((info.flags & ApplicationInfo.FLAG_SYSTEM) != 0
@@ -159,7 +154,6 @@ public void initZygote(StartupParam startupParam) {
         hookAllConstructors("android.util.jar.StrictJarVerifier", new XC_MethodHook() {
             @Override
             protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
-                super.beforeHookedMethod(param);
                 if (prefs.getBoolean("enhancedMode", false)) {
                     param.args[3] = Boolean.FALSE;
                 }

diff --git a/app/src/main/java/toolkit/coderstory/CorePatchForR.java b/app/src/main/java/toolkit/coderstory/CorePatchForR.java
diff --git a/app/src/main/java/toolkit/coderstory/CorePatchForT.java b/app/src/main/java/toolkit/coderstory/CorePatchForT.java
@@ -1,7 +1,8 @@
 package toolkit.coderstory;
 
-import android.util.Log;
+import android.content.pm.Signature;
 
+import java.io.PrintWriter;
 import java.lang.reflect.InvocationTargetException;
 
 import de.robv.android.xposed.XC_MethodHook;
@@ -38,23 +39,6 @@ protected void beforeHookedMethod(MethodHookParam param) {
             }
         });
 
-        // Package " + packageName + " signatures do not match previously installed version; ignoring!"
-        // public boolean checkCapability(String sha256String, @CertCapabilities int flags) {
-        // public boolean checkCapability(SigningDetails oldDetails, @CertCapabilities int flags)
-        hookAllMethods("android.content.pm.PackageParser", loadPackageParam.classLoader, "checkCapability", new XC_MethodHook() {
-            @Override
-            protected void beforeHookedMethod(MethodHookParam param) {
-                // Don't handle PERMISSION (grant SIGNATURE permissions to pkgs with this cert)
-                // Or applications will have all privileged permissions
-                // https://cs.android.com/android/platform/superproject/+/master:frameworks/base/core/java/android/content/pm/PackageParser.java;l=5947?q=CertCapabilities
-                if (prefs.getBoolean("authcreak", false)) {
-                    if ((Integer) param.args[1] != 4) {
-                        param.setResult(true);
-                    }
-                }
-            }
-        });
-
         findAndHookMethod("com.android.server.pm.InstallPackageHelper", loadPackageParam.classLoader,
                 "doesSignatureMatchForPermissions", String.class,
                 "com.android.server.pm.parsing.pkg.ParsedPackage", int.class, new XC_MethodHook() {
@@ -97,10 +81,35 @@ protected void afterHookedMethod(MethodHookParam param) {
                 }
             });
         }
+
+        // ensure verifySignatures success
+        // https://cs.android.com/android/platform/superproject/main/+/main:frameworks/base/services/core/java/com/android/server/pm/PackageManagerServiceUtils.java;l=621;drc=2e50991320cbef77d3e8504a4b284adae8c2f4d2
+        var utils = XposedHelpers.findClassIfExists("com.android.server.pm.PackageManagerServiceUtils", loadPackageParam.classLoader);
+        if (utils != null) {
+            deoptimizeMethod(utils, "canJoinSharedUserId");
+        }
     }
 
-    @Override
     Class<?> getSigningDetails(ClassLoader classLoader) {
         return XposedHelpers.findClassIfExists("android.content.pm.SigningDetails", classLoader);
     }
+
+    @Override
+    protected void dumpSigningDetails(Object signingDetails, PrintWriter pw) {
+        var i = 0;
+        for (var sign : (Signature[]) XposedHelpers.callMethod(signingDetails, "getSignatures")) {
+            i++;
+            pw.println(i + ": " + sign.toCharsString());
+        }
+    }
+
+    @Override
+    protected Object SharedUserSetting_packages(Object sharedUser) {
+        return XposedHelpers.getObjectField(sharedUser, "mPackages");
+    }
+
+    @Override
+    protected Object SigningDetails_mergeLineageWith(Object self, Object other) {
+        return XposedHelpers.callMethod(self, "mergeLineageWith", other, 2 /*MERGE_RESTRICTED_CAPABILITY*/);
+    }
 }
diff --git a/app/src/main/java/toolkit/coderstory/ReturnConstant.java b/app/src/main/java/toolkit/coderstory/ReturnConstant.java
@@ -16,7 +16,6 @@ public ReturnConstant(XSharedPreferences prefs, String prefsKey, Object value) {
 
     @Override
     protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
-        super.beforeHookedMethod(param);
         prefs.reload();
         if (prefs.getBoolean(prefsKey, true)) {
             param.setResult(value);

diff --git a/app/src/main/java/toolkit/coderstory/SettingsActivity.java b/app/src/main/java/toolkit/coderstory/SettingsActivity.java
@@ -5,17 +5,13 @@
 import android.app.AlertDialog;
 import android.content.Context;
 import android.content.SharedPreferences;
-import android.graphics.Color;
 import android.graphics.Insets;
-import android.graphics.drawable.ColorDrawable;
 import android.os.Build;
 import android.os.Bundle;
 import android.preference.PreferenceFragment;
 import android.view.View;
 import android.view.ViewGroup;
-import android.view.Window;
 import android.view.WindowInsets;
-import android.view.WindowInsetsController;
 
 import com.coderstory.toolkit.R;
 

diff --git a/app/src/main/java/toolkit/coderstory/XposedHelper.java b/app/src/main/java/toolkit/coderstory/XposedHelper.java
@@ -21,6 +21,7 @@ public static void findAndHookMethod(String className, ClassLoader classLoader,
                 XposedBridge.log("E/" + MainHook.TAG + " " + Log.getStackTraceString(e));
         }
     }
+
     public static void findAndHookMethod(Class<?> clazz, String methodName, Object... parameterTypesAndCallback) {
         try {
             if (clazz != null) {
@@ -31,6 +32,7 @@ public static void findAndHookMethod(Class<?> clazz, String methodName, Object..
                 XposedBridge.log("E/" + MainHook.TAG + " " + Log.getStackTraceString(e));
         }
     }
+
     public static void hookAllMethods(String className, ClassLoader classLoader, String methodName, XC_MethodHook callback) {
         try {
             Class<?> packageParser = findClass(className, classLoader);
@@ -39,7 +41,6 @@ public static void hookAllMethods(String className, ClassLoader classLoader, Str
             if (BuildConfig.DEBUG)
                 XposedBridge.log("E/" + MainHook.TAG + " " + Log.getStackTraceString(e));
         }
-
     }
 
     public void hookAllMethods(Class<?> hookClass, String methodName, XC_MethodHook callback) {

diff --git a/app/src/main/res/values-zh-rCN/strings.xml b/app/src/main/res/values-zh-rCN/strings.xml
@@ -20,4 +20,6 @@
     <string name="bypassBlock">绕过黑名单</string>
     <string name="bypassBlock_summary">绕过某些设备如 Nothing Phone 上的黑名单</string>
     <string name="config_error">配置初始化失败</string>
+    <string name="shared_user_title">绕过共享用户签名验证</string>
+    <string name="shared_user_summary">允许安装与其共享用户签名不同的 app（<b>需要同时打开“禁用APK签名验证”</b>）</string>
 </resources>
diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml
@@ -20,4 +20,6 @@
     <string name="bypassBlock_summary">Bypass blocklist in some devices like Nothing Phone</string>
     <string name="miui_usepresig_warn">UsePreSig won\'t work on MiUI because its framework changes too much.\nWe don\'t have time to track the case.</string>
     <string name="usepresig_warn">!! Any apk can override the installed one !!\nBe carefully when installing unknown apk</string>
+    <string name="shared_user_title">Bypass shared user verify</string>
+    <string name="shared_user_summary">Allow install app with signature differ from its shared user (<b>\'Disable compare signatures\' must be enabled too</b>)</string>
 </resources>
diff --git a/app/src/main/res/xml/prefs.xml b/app/src/main/res/xml/prefs.xml
@@ -34,6 +34,12 @@
             android:title="@string/bypassBlock"
             android:summary="@string/bypassBlock_summary"
             android:defaultValue="true" />
+
+        <SwitchPreference
+            android:key="sharedUser"
+            android:title="@string/shared_user_title"
+            android:summary="@string/shared_user_summary"
+            android:defaultValue="false" />
     </PreferenceCategory>
 
 </PreferenceScreen>