From 6b3dc583eed15d96bfadd1e98d5d97c9b0e304b5 Mon Sep 17 00:00:00 2001 From: tornaco Date: Sun, 13 Feb 2022 21:31:34 +0800 Subject: [PATCH] [magisk] hook lifecycle of accessibility service --- .../AccessibilityManagerServiceHelper.kt | 7 ++++ .../AccessibilityManagerServiceHooks.java | 33 +++++++++++++++---- android/internal/Thanox-Internal | 2 +- 3 files changed, 34 insertions(+), 8 deletions(-) diff --git a/android/android_framework/patch-common/src/main/java/github/tornaco/android/thanos/services/patch/common/accessibility/AccessibilityManagerServiceHelper.kt b/android/android_framework/patch-common/src/main/java/github/tornaco/android/thanos/services/patch/common/accessibility/AccessibilityManagerServiceHelper.kt index 1691030c2..ac6021a3b 100644 --- a/android/android_framework/patch-common/src/main/java/github/tornaco/android/thanos/services/patch/common/accessibility/AccessibilityManagerServiceHelper.kt +++ b/android/android_framework/patch-common/src/main/java/github/tornaco/android/thanos/services/patch/common/accessibility/AccessibilityManagerServiceHelper.kt @@ -10,4 +10,11 @@ object AccessibilityManagerServiceHelper { classLoader ) } + + fun lifeCycleClass(classLoader: ClassLoader): Class<*> { + return XposedHelpers.findClass( + "com.android.server.accessibility.AccessibilityManagerService\$Lifecycle", + classLoader + ) + } } \ No newline at end of file diff --git a/android/android_framework/patch-magisk/patch-framework/src/main/java/github/tornaco/thanox/android/server/patch/framework/hooks/accessibility/AccessibilityManagerServiceHooks.java b/android/android_framework/patch-magisk/patch-framework/src/main/java/github/tornaco/thanox/android/server/patch/framework/hooks/accessibility/AccessibilityManagerServiceHooks.java index 9dda2bab2..4fb52c011 100644 --- a/android/android_framework/patch-magisk/patch-framework/src/main/java/github/tornaco/thanox/android/server/patch/framework/hooks/accessibility/AccessibilityManagerServiceHooks.java +++ b/android/android_framework/patch-magisk/patch-framework/src/main/java/github/tornaco/thanox/android/server/patch/framework/hooks/accessibility/AccessibilityManagerServiceHooks.java @@ -9,6 +9,21 @@ import github.tornaco.thanox.android.server.patch.framework.hooks.ContextProxy; import util.XposedHelpers; +/** + * Mainly want to fix(Acc service may be bypassed by AMS when checkService): + *

+ * : Caused by: java.lang.SecurityException: Not allowed to bind to service Intent { cmp=com.xiaomi.scanner/.qrcodeautoprocessing.MyAccessibilityService (has extras) } + * 02-13 19:47:26.327 5086 5086 E AndroidRuntime: at android.app.ContextImpl.bindServiceCommon(ContextImpl.java:1994) + * 02-13 19:47:26.327 5086 5086 E AndroidRuntime: at android.app.ContextImpl.bindServiceAsUser(ContextImpl.java:1929) + * 02-13 19:47:26.327 5086 5086 E AndroidRuntime: at com.android.server.accessibility.AccessibilityServiceConnection.bindLocked(AccessibilityServiceConnection.java:112) + * 02-13 19:47:26.327 5086 5086 E AndroidRuntime: at com.android.server.accessibility.AccessibilityManagerService.updateServicesLocked(AccessibilityManagerService.java:1938) + * 02-13 19:47:26.327 5086 5086 E AndroidRuntime: at com.android.server.accessibility.AccessibilityManagerService.onUserStateChangedLocked(AccessibilityManagerService.java:2162) + * 02-13 19:47:26.327 5086 5086 E AndroidRuntime: at com.android.server.accessibility.AccessibilityManagerService.unlockUser(AccessibilityManagerService.java:1426) + * 02-13 19:47:26.327 5086 5086 E AndroidRuntime: at com.android.server.accessibility.AccessibilityManagerService.access$1000(AccessibilityManagerService.java:150) + * 02-13 19:47:26.327 5086 5086 E AndroidRuntime: at com.android.server.accessibility.AccessibilityManagerService$2.onReceive(AccessibilityManagerService.java:594) + * 02-13 19:47:26.327 5086 5086 E AndroidRuntime: at android.app.LoadedApk$ReceiverDispatcher$Args.lambda$getRunnable$0$LoadedApk$ReceiverDispatcher$Args(LoadedApk.java:1694) + * 02-13 19:47:26.327 5086 5086 E AndroidRuntime: ... 10 more + */ public class AccessibilityManagerServiceHooks { public static void install(ClassLoader classLoader) { try { @@ -18,15 +33,19 @@ public static void install(ClassLoader classLoader) { } } + // FIXME: + // Currently this hook can not retrieve AccService, maybe the service lifecycle + // later added after Thanox bootstrap systemReady. private static void installContextForAccService(ClassLoader classLoader) { - XLog.w("AccessibilityManagerServiceHooks installContextForSyncManager"); - new LocalServices(classLoader).getService(AccessibilityManagerServiceHelper - .INSTANCE.accessibilityManagerServiceClass(classLoader)).ifPresent(service -> { - XLog.w("AccessibilityManagerServiceHooks service: %s", service); + XLog.w("AccessibilityManagerServiceHooks installContextForAccService"); + new LocalServices(classLoader).getService(AccessibilityManagerServiceHelper.INSTANCE.lifeCycleClass(classLoader)).ifPresent(lifecycle -> { + XLog.i("AccessibilityManagerServiceHooks AccService.Lifecycle: %s", lifecycle); + Object accService = XposedHelpers.getObjectField(lifecycle, "mService"); + XLog.i("AccessibilityManagerServiceHooks accService: %s", accService); // Update mContext. - Context context = (Context) XposedHelpers.getObjectField(service, "mContext"); - XLog.w("AccessibilityManagerServiceHooks service.context: %s", context); - XposedHelpers.setObjectField(service, "mContext", new ContextProxy(context, "AccessibilityManagerService")); + Context context = (Context) XposedHelpers.getObjectField(accService, "mContext"); + XLog.i("AccessibilityManagerServiceHooks accService.context: %s", context); + XposedHelpers.setObjectField(accService, "mContext", new ContextProxy(context, "AccService")); }); } diff --git a/android/internal/Thanox-Internal b/android/internal/Thanox-Internal index 33df1bd64..cf2af97a9 160000 --- a/android/internal/Thanox-Internal +++ b/android/internal/Thanox-Internal @@ -1 +1 @@ -Subproject commit 33df1bd645ec027df011b4d096443341f8fbafa4 +Subproject commit cf2af97a9369a59873beade877da6d00b0b373c8