支持安卓14

wanghongenpin · Dec 8, 2023 · 80c5ff5 · 80c5ff5
1 parent bb7cfd5
commit 80c5ff5
Showing 1 changed file with 36 additions and 18 deletions.
diff --git a/post-fs-data.sh b/post-fs-data.sh
@@ -1,39 +1,57 @@
 #!/system/bin/sh
 
+set_context() {
+    [ "$(getenforce)" = "Enforcing" ] || return 0
+
+    default_selinux_context=u:object_r:system_file:s0
+    selinux_context=$(ls -Zd $1 | awk '{print $1}')
+
+    if [ -n "$selinux_context" ] && [ "$selinux_context" != "?" ]; then
+        chcon -R $selinux_context $2
+    else
+        chcon -R $default_selinux_context $2
+    fi
+}
+
+LOG_PATH="/data/local/tmp/ProxyPinCA.log"
+echo "[$(date +%F) $(date +%T)] - ProxyPinCA post-fs-data.sh start." > $LOG_PATH
+
 if [ -d /apex/com.android.conscrypt/cacerts ]; then
     # 检测到 android 14 以上，存在该证书目录
     CERT_HASH=243f0bfb
     MODDIR=${0%/*}
-    NEW_CERT_FILE=${MODDIR}/system/etc/security/cacerts/${CERT_HASH}.0
-    LOG_PATH="/cache/ProxyPinCA.log"
-    echo "Found /apex/com.android.conscrypt/cacerts." >> ${LOG_PATH}
-    echo "Adding new certificate to /apex/com.android.conscrypt/cacerts." >> ${LOG_PATH}
 
-    # 创建一个临时目录
-    TEMP_DIR="/data/local/tmp/proxypin-ca-certs"
-    mkdir -p "$TEMP_DIR"
+    CERT_FILE=${MODDIR}/system/etc/security/cacerts/${CERT_HASH}.0
+    echo "[$(date +%F) $(date +%T)] - CERT_FILE: ${CERT_FILE}" >> $LOG_PATH
+    if ! [ -e "${CERT_FILE}" ]; then
+        echo "[$(date +%F) $(date +%T)] - ProxyPinCA certificate not found." >> $LOG_PATH
+        exit 0
+    fi
 
-    # 挂载临时文件系统
+    TEMP_DIR=/data/local/tmp/cacerts-copy
+    rm -rf "$TEMP_DIR"
+    mkdir -p -m 700 "$TEMP_DIR"
     mount -t tmpfs tmpfs "$TEMP_DIR"
 
-    # 复制原始证书到临时目录
-    cp -f /apex/com.android.conscrypt/cacerts/* "$TEMP_DIR"
+    # 复制证书到临时目录
+    cp -f /apex/com.android.conscrypt/cacerts/* /data/local/tmp/cacerts-copy/
+    cp -f $CERT_FILE "$TEMP_DIR"
 
-    # 添加新证书到临时目录
-    cp -f "$NEW_CERT_FILE" "$TEMP_DIR"
+    chown -R 0:0 "$TEMP_DIR"
+    set_context /apex/com.android.conscrypt/cacerts "$TEMP_DIR"
 
     # 检查新证书是否成功添加
-    if [ -f "$TEMP_DIR/$(basename "$NEW_CERT_FILE")" ]; then
-        # 如果新证书成功添加，则挂载回原始目录
-        mount --bind "$TEMP_DIR" /apex/com.android.conscrypt/cacerts
-        echo "Mount success!" >> ${LOG_PATH}
+    CERTS_NUM="$(ls -1 /data/local/tmp/cacerts-copy | wc -l)"
+    if [ "$CERTS_NUM" -gt 10 ]; then
+        mount -o bind "$TEMP_DIR" /apex/com.android.conscrypt/cacerts
+        echo "[$(date +%F) $(date +%T)] - $CERTS_NUM Mount success!" >> $LOG_PATH
     else
-        echo "Failed to add new certificate." >> ${LOG_PATH}
+        echo "[$(date +%F) $(date +%T)] - $CERTS_NUM Mount failed!" >> $LOG_PATH
     fi
 
     # 卸载临时目录
     umount "$TEMP_DIR"
     rmdir "$TEMP_DIR"
 else
-    echo "/apex/com.android.conscrypt/cacerts not exists." >> ${LOG_PATH}
+    echo "[$(date +%F) $(date +%T)] - /apex/com.android.conscrypt/cacerts not exists."
 fi