diff --git a/customize.sh b/customize.sh index cbc18b6..e591c53 100644 --- a/customize.sh +++ b/customize.sh @@ -1,4 +1,17 @@ #!/system/bin/sh -ui_print $MODPATH -ui_print "安装成功,重启手机后去系统证书查看ProxyPinCA是否生效." \ No newline at end of file +SKIPUNZIP=0 + +ASH_STANDALONE=0 + +ui_print "开始安装模块" + +ui_print "提取模块证书" + +unzip -o "$ZIPFILE" 'system/*' -d $MODPATH >&2 + +ui_print "安装成功,重启手机后去系统证书查看ProxyPinCA是否生效." + +ui_print " " + +set_perm_recursive $MODPATH 0 0 0755 0644 \ No newline at end of file diff --git a/module.prop b/module.prop index 0fb72b3..46e4646 100644 --- a/module.prop +++ b/module.prop @@ -1,6 +1,6 @@ id=ProxyPinCA name=ProxyPinCA -version=1.1.0 -versionCode=2 +version=1.2.0 +versionCode=3 author=ProxyPin description=ProxyPin certificate. diff --git a/post-fs-data.sh b/post-fs-data.sh index 73b4b46..daf52d0 100644 --- a/post-fs-data.sh +++ b/post-fs-data.sh @@ -1,5 +1,13 @@ #!/system/bin/sh + +exec > /data/local/tmp/ProxyPinCA.log +exec 2>&1 + +#set -x + +MODDIR=${0%/*} + set_context() { [ "$(getenforce)" = "Enforcing" ] || return 0 @@ -13,18 +21,17 @@ set_context() { fi } -LOG_PATH="/data/local/tmp/ProxyPinCA.log" -echo "[$(date +%F) $(date +%T)] - ProxyPinCA post-fs-data.sh start." > $LOG_PATH - +#LOG_PATH="/data/local/tmp/ProxyPinCA.log" +echo "[$(date +%F) $(date +%T)] - ProxyPinCA post-fs-data.sh start." +chown -R 0:0 ${MODDIR}/system/etc/security/cacerts if [ -d /apex/com.android.conscrypt/cacerts ]; then # 检测到 android 14 以上,存在该证书目录 CERT_HASH=243f0bfb - MODDIR=${0%/*} CERT_FILE=${MODDIR}/system/etc/security/cacerts/${CERT_HASH}.0 - echo "[$(date +%F) $(date +%T)] - CERT_FILE: ${CERT_FILE}" >> $LOG_PATH + echo "[$(date +%F) $(date +%T)] - CERT_FILE: ${CERT_FILE}" if ! [ -e "${CERT_FILE}" ]; then - echo "[$(date +%F) $(date +%T)] - ProxyPinCA certificate not found." >> $LOG_PATH + echo "[$(date +%F) $(date +%T)] - ProxyPinCA certificate not found." exit 0 fi @@ -34,24 +41,30 @@ if [ -d /apex/com.android.conscrypt/cacerts ]; then mount -t tmpfs tmpfs "$TEMP_DIR" # 复制证书到临时目录 - cp -f /apex/com.android.conscrypt/cacerts/* /data/local/tmp/cacerts-copy/ + cp -f /apex/com.android.conscrypt/cacerts/* "$TEMP_DIR" cp -f $CERT_FILE "$TEMP_DIR" chown -R 0:0 "$TEMP_DIR" set_context /apex/com.android.conscrypt/cacerts "$TEMP_DIR" # 检查新证书是否成功添加 - CERTS_NUM="$(ls -1 /data/local/tmp/cacerts-copy | wc -l)" + CERTS_NUM="$(ls -1 "$TEMP_DIR" | wc -l)" if [ "$CERTS_NUM" -gt 10 ]; then mount -o bind "$TEMP_DIR" /apex/com.android.conscrypt/cacerts - echo "[$(date +%F) $(date +%T)] - $CERTS_NUM Mount success!" >> $LOG_PATH + for pid in 1 $(pgrep zygote) $(pgrep zygote64); do + nsenter --mount=/proc/${pid}/ns/mnt -- \ + mount --bind "$TEMP_DIR" /apex/com.android.conscrypt/cacerts + done + echo "[$(date +%F) $(date +%T)] - Mount success!" else - echo "[$(date +%F) $(date +%T)] - $CERTS_NUM Mount failed!" >> $LOG_PATH + echo "[$(date +%F) $(date +%T)] - Mount failed!" fi # 卸载临时目录 umount "$TEMP_DIR" rmdir "$TEMP_DIR" else - echo "[$(date +%F) $(date +%T)] - /apex/com.android.conscrypt/cacerts not exists." + echo "[$(date +%F) $(date +%T)] - Android version lower than 14 detected" + set_context /system/etc/security/cacerts ${MODDIR}/system/etc/security/cacerts + echo "[$(date +%F) $(date +%T)] - Mount success!" fi \ No newline at end of file