update: injection/dex2oat hardening method

This commit changes how injection hardening is made. Instead of
following denylist, it now follows targets, but instead of communicating
through the binder, which produces a lot of detections, use Zygisk
companion instead, allowing the same effect with much more convenience,
of, for example, injecting in denylisted apps.

Author: ThePedroo

app/src/main/java/org/lsposed/manager/ConfigManager.java

@@ -409,23 +409,4 @@ public static boolean setAutoInclude(String packageName, boolean enable) {
             return false;
         }
     }
-
-    public static boolean isInjectionHardeningEnabled() {
-        try {
-            return LSPManagerServiceHolder.getService().isInjectionHardeningEnabled();
-        } catch (RemoteException e) {
-            Log.e(App.TAG, Log.getStackTraceString(e));
-            return false;
-        }
-    }
-
-    public static boolean setInjectionHardening(boolean enabled) {
-        try {
-            LSPManagerServiceHolder.getService().setInjectionHardening(enabled);
-            return true;
-        } catch (RemoteException e) {
-            Log.e(App.TAG, Log.getStackTraceString(e));
-            return false;
-        }
-    }
 }

app/src/main/java/org/lsposed/manager/ui/fragment/SettingsFragment.java

@@ -169,12 +169,6 @@ public void onCreatePreferences(Bundle savedInstanceState, String rootKey) {
                 prefLogWatchDog.setOnPreferenceChangeListener((preference, newValue) -> ConfigManager.setLogWatchdog((boolean) newValue));
             }
 
-            MaterialSwitchPreference prefInjectionHardening = findPreference("disable_injection_hardening");
-            if (prefInjectionHardening != null) {
-                prefInjectionHardening.setChecked(!installed || ConfigManager.isInjectionHardeningEnabled());
-                prefInjectionHardening.setOnPreferenceChangeListener((preference, newValue) -> ConfigManager.setInjectionHardening((boolean) newValue));
-            }
-
             MaterialSwitchPreference prefDexObfuscate = findPreference("enable_dex_obfuscate");
             if (prefDexObfuscate != null) {
                 prefDexObfuscate.setEnabled(installed);

daemon/src/main/java/org/lsposed/lspd/service/ConfigManager.java

@@ -275,9 +275,6 @@ private synchronized void updateConfig() {
 
         bool = config.get("enable_log_watchdog");
         logWatchdog = bool == null || (boolean) bool;
-        
-        bool = config.get("disable_injection_hardening");
-        injectionHardening = bool == null || (boolean) bool;
 
         bool = config.get("enable_dex_obfuscate");
         dexObfuscate = bool == null || (boolean) bool;
@@ -1040,45 +1037,6 @@ public boolean isLogWatchdogEnabled() {
         return logWatchdog;
     }
 
-    public void setInjectionHardening(boolean on) {
-        File configFile = new File("/data/adb/disable_injection_hardening");
-        if (on) {
-            try {
-                if(!configFile.exists()) {
-                    configFile.createNewFile();
-                }
-                Os.chmod(configFile.getAbsolutePath(), 0644);
-                Log.d(TAG, "injection hardening enabled");
-                updateModulePrefs("lspd", 0, "config", "disable_injection_hardening", on);
-                injectionHardening = on;
-            }
-            catch (Throwable e) {
-                Log.e(TAG, "failed to create config file for injection hardening", e);
-                return;
-            }   
-        } else {
-            try {
-                if(configFile.exists()) {
-                    configFile.delete();
-                }
-                Log.d(TAG, "injection hardening disabled");
-                updateModulePrefs("lspd", 0, "config", "disable_injection_hardening", on);
-                injectionHardening = on;
-            }
-            catch (Throwable e) {
-                Log.e(TAG, "failed to delete config file for injection hardening", e);
-                return;
-            }
-        }
-    }
-
-    public boolean isInjectionHardeningEnabled() {
-        File configFile = new File("/data/adb/disable_injection_hardening");
-        injectionHardening = configFile.exists();
-        updateModulePrefs("lspd", 0, "config", "disable_injection_hardening", injectionHardening);
-        return injectionHardening;
-    }
-
     public void setDexObfuscate(boolean on) {
         updateModulePrefs("lspd", 0, "config", "enable_dex_obfuscate", on);
     }
@@ -1216,21 +1174,16 @@ private void removeModulePrefs(int uid, String packageName) throws IOException {
 
     public List<String> getDenyListPackages() {
         List<String> result = new ArrayList<>();
-        if(!isInjectionHardeningEnabled())
-        {
-            try
-            {
-                List<PackageInfo> infos = PackageService.getInstalledPackagesFromAllUsers(PackageService.MATCH_ALL_FLAGS, false).getList();
-                return infos.parallelStream()
-                    .filter(info -> DenylistManager.isInDenylist(info.packageName))
-                    .map(info -> info.packageName)
-                    .collect(Collectors.toList());
-            } catch (Throwable e) {
-                Log.e(TAG, "get denylist", e);
-            } finally {
-                DenylistManager.clearFd();
-            }
+        try {
+            List<PackageInfo> infos = PackageService.getInstalledPackagesFromAllUsers(PackageService.MATCH_ALL_FLAGS, false).getList();
+            return infos.parallelStream()
+                .filter(info -> DenylistManager.isInDenylist(info.packageName))
+                .map(info -> info.packageName)
+                .collect(Collectors.toList());
+        } catch (Throwable e) {
+            Log.e(TAG, "get denylist", e);
         }
+
         return result;
     }
 

daemon/src/main/java/org/lsposed/lspd/service/DenylistManager.java

@@ -24,7 +24,8 @@
 package org.lsposed.lspd.service;
 
 public class DenylistManager {
-    native static boolean isInDenylist(String processName);
-    native static boolean isInDenylistFromClasspathDir(String classpathDir);
-    native static void clearFd();
+
+  static native boolean isInDenylist(String processName);
+
+  static native String getPkgFromClasspathArg(String classpathDir);
 }

daemon/src/main/java/org/lsposed/lspd/service/Dex2OatService.java

@@ -25,8 +25,6 @@
 import static org.lsposed.lspd.ILSPManagerService.DEX2OAT_SELINUX_PERMISSIVE;
 import static org.lsposed.lspd.ILSPManagerService.DEX2OAT_SEPOLICY_INCORRECT;
 
-import static org.lsposed.lspd.service.DenylistManager.isInDenylistFromClasspathDir;
-
 import android.net.LocalServerSocket;
 import android.os.Build;
 import android.os.FileObserver;
@@ -36,6 +34,10 @@
 import android.system.Os;
 import android.system.OsConstants;
 import android.util.Log;
+import android.database.Cursor;
+import android.database.sqlite.SQLiteDatabase;
+import android.database.sqlite.SQLiteException;
+import android.system.StructStat;
 
 import androidx.annotation.Nullable;
 import androidx.annotation.RequiresApi;
@@ -159,6 +161,59 @@ private boolean notMounted() {
     private void doMount(boolean enabled) {
         doMountNative(enabled, dex2oatArray[0], dex2oatArray[1], dex2oatArray[2], dex2oatArray[3]);
     }
+    
+    private boolean isInDenylistFromClasspathDirJava(String classpathDirArg) {
+        // parse package using the native wrapper we added earlier
+        String pkg = DenylistManager.getPkgFromClasspathArg(classpathDirArg);
+        if (pkg == null) {
+            Log.w(TAG, "Unknown classpath dir: " + classpathDirArg);
+            return false; // match prior native behavior (JNI_FALSE)
+        }
+    
+        // ignore sandbox packages (match original C behavior)
+        if ("com.android.sdksandbox".equals(pkg) || "com.google.android.sdksandbox".equals(pkg)) {
+            return false;
+        }
+    
+        // Stat app data dir: /data/data/<pkg> or /data/user_de/0/<pkg>
+        StructStat st;
+        try {
+            try {
+                st = Os.stat("/data/data/" + pkg);
+            } catch (ErrnoException e1) {
+                st = Os.stat("/data/user_de/0/" + pkg);
+            }
+        } catch (ErrnoException e) {
+            Log.w(TAG, "Failed to stat /data/data and /data/user_de/0 for: " + pkg, e);
+            return false; // match C get_stat failure behavior
+        }
+    
+        int scopeUserId = (int) (st.st_uid / 100000);
+    
+        // Query DB via Java SQLite
+        try {
+            SQLiteDatabase db = SQLiteDatabase.openDatabase(
+                "/data/adb/lspd/config/modules_config.db",
+                null,
+                SQLiteDatabase.OPEN_READONLY
+            );
+            Cursor c = db.rawQuery(
+                "SELECT 1 FROM scope INNER JOIN modules ON scope.mid = modules.mid WHERE scope.app_pkg_name = ? AND scope.user_id = ? AND modules.enabled = 1 LIMIT 1;",
+                new String[] { pkg, String.valueOf(scopeUserId) }
+            );
+            boolean found = c.moveToFirst();
+            c.close();
+            db.close();
+    
+            // If found -> targeted by module -> NOT in denylist -> return false
+            // If not found -> NOT targeted -> in denylist -> return true
+            return !found;
+        } catch (SQLiteException e) {
+            Log.e(TAG, "Failed to open/query modules_config.db", e);
+            // Conservative: on DB error treat as in denylist (do not inject)
+            return true;
+        }
+    }
 
     public void start() {
         if (notMounted()) { // Already mounted when restart daemon
@@ -313,7 +368,7 @@ public void run() {
 
                     Log.d(TAG, "Received classpath dir: " + classpathDirArg);
 
-                    boolean isDenied = isInDenylistFromClasspathDir(classpathDirArg);
+                    boolean isDenied = isInDenylistFromClasspathDirJava(classpathDirArg);
 
                     writeInt(os, isDenied ? 1 : 0);
                     Log.d(TAG, "Process is "
@@ -334,8 +389,6 @@ public void run() {
                 doMount(false);
                 compatibility = DEX2OAT_CRASHED;
             }
-        } finally {
-            DenylistManager.clearFd();
         }
     }
 

daemon/src/main/java/org/lsposed/lspd/service/LSPManagerService.java

@@ -556,16 +556,6 @@ public void setLogWatchdog(boolean enabled) {
     public boolean isLogWatchdogEnabled() {
         return ConfigManager.getInstance().isLogWatchdogEnabled();
     }
-    
-    @Override
-    public void setInjectionHardening(boolean enabled) {
-        ConfigManager.getInstance().setInjectionHardening(enabled);
-    }
-
-    @Override
-    public boolean isInjectionHardeningEnabled() {
-        return ConfigManager.getInstance().isInjectionHardeningEnabled();
-    }
 
     @Override
     public boolean setAutoInclude(String packageName, boolean enabled) {

daemon/src/main/jni/denylist.cpp

@@ -21,20 +21,20 @@
            See https://github.com/PerformanC/ReZygisk repository for more details. */
 // ------------------------------------------------------------------------------------------------------------------------------------------------
 
+#include <stdlib.h>
+#include <string.h>
 #include <fcntl.h>
-#include <jni.h>
 #include <sys/prctl.h>
 #include <sys/wait.h>
 #include <sys/stat.h>
 #include <sys/syscall.h>
-#include <stdlib.h>
+
 #include <unistd.h>
 
-#include <string>
+#include <jni.h>
 
 #include "ksu.h"
 #include "logging.h"
-#include "packagename.h"
 
 bool exec_command(char *buf, size_t len, const char *file, const char *argv[]) {
     int link[2];
@@ -482,74 +482,6 @@ Java_org_lsposed_lspd_service_DenylistManager_isInDenylist(JNIEnv *env, jclass,
         return JNI_FALSE;
 }
 
-extern "C" JNIEXPORT jboolean JNICALL
-Java_org_lsposed_lspd_service_DenylistManager_isInDenylistFromClasspathDir(JNIEnv *env, jclass, jstring classpathDirArg) {
-    const char *classpath_dir_arg = env->GetStringUTFChars(classpathDirArg, nullptr);
-
-    if (classpath_dir_arg == nullptr) {
-        LOGE("Failed to get classpathdir string");
-        return JNI_FALSE;
-    }
-
-    int app_name_len = 0;
-    char app_name[256] = { 0 };
-    app_name_len = get_pkg_from_classpath_arg(classpath_dir_arg, app_name, sizeof(app_name));
-    
-    if(app_name_len == -1)
-    {
-        LOGE("Unknown classpath dir: %s", classpath_dir_arg);
-        return JNI_FALSE;
-    }
-    env->ReleaseStringUTFChars(classpathDirArg, classpath_dir_arg);
-
-    if (root_impl == -1 && !ksu_get_existence() && !magisk_get_existence() && !apatch_get_existence()) {
-        LOGE("No supported root implementation found, skipping denylist check");
-
-        goto app_not_in_denylist;
-    }
-
-    if (root_impl == 1) {
-        struct stat st;
-        if (get_stat(app_name, &st) == -1) goto app_not_in_denylist;
-
-        if (ksu_is_in_denylist(st.st_uid)) {
-            LOGI("App %s is in KernelSU denylist", app_name);
-
-            goto app_in_denylist;
-        }
-
-        goto app_not_in_denylist;
-    }
-
-    if (root_impl == 2) {
-        if (magisk_is_in_denylist(app_name)) {
-            LOGI("App %s is in Magisk denylist", app_name);
-
-            goto app_in_denylist;
-        }
-
-        goto app_not_in_denylist;
-    }
-
-    if (root_impl == 3) {
-        if (apatch_uid_should_umount(app_name)) {
-            LOGI("App %s is in APatch denylist", app_name);
-
-            goto app_in_denylist;
-        }
-
-        goto app_not_in_denylist;
-    }
-
-    LOGE("No supported root implementation found, skipping denylist check");
-    
-    app_not_in_denylist:
-        return JNI_FALSE;
-
-    app_in_denylist:
-        return JNI_TRUE;
-}
-
 extern "C" JNIEXPORT void JNICALL
 Java_org_lsposed_lspd_service_DenylistManager_clearFd(JNIEnv *env, jclass) {
     ksu_close_fd();

daemon/src/main/jni/packagename.cpp

@@ -12,6 +12,8 @@
 #include <errno.h>
 #include <stdbool.h>
 
+#include <jni.h>
+
 #include <rapidxml.hpp>
 
 static const std::string packages_path = "/data/system/packages.xml";
@@ -114,6 +116,30 @@ extern "C" bool get_pkg_from_classpath_arg(const char* classpath_dir, char* pack
     return false;
 }
 
+extern "C" JNIEXPORT jstring JNICALL Java_org_lsposed_lspd_service_DenylistManager_getPkgFromClasspathArg( JNIEnv *env, jclass, jstring classpathDirArg) {
+    if (classpathDirArg == NULL) {
+        LOGE("getPkgFromClasspathArg: classpathDirArg is null");
+
+        return NULL;
+    }
+
+    const char *classpath_dir = env->GetStringUTFChars(classpathDirArg, NULL);
+    if (classpath_dir == NULL) {
+        LOGE("getPkgFromClasspathArg: failed to get chars");
+
+        return NULL;
+    }
+
+    char package_name[256] = {0};
+    bool ok = get_pkg_from_classpath_arg(classpath_dir, package_name, sizeof(package_name));
+
+    env->ReleaseStringUTFChars(classpathDirArg, classpath_dir);
+
+    if (!ok) return NULL;
+
+    return env->NewStringUTF(package_name);
+}
+
 static std::vector<char> LoadFileToStdVector(std::string filename) {
 	std::vector<char> out;
 	size_t len;