Merge pull request #5 from qiuyuyang910/main

fix #4 支持安卓14以下版本
wanghongenpin · Jun 27, 2024 · 8aa5113 · 8aa5113
2 parents 80c5ff5 + 0171e49
commit 8aa5113
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 15 deletions.
diff --git a/customize.sh b/customize.sh
@@ -1,4 +1,17 @@
 #!/system/bin/sh
 
-ui_print $MODPATH
-ui_print "安装成功,重启手机后去系统证书查看ProxyPinCA是否生效."
+SKIPUNZIP=0
+
+ASH_STANDALONE=0
+
+ui_print "开始安装模块"
+
+ui_print "提取模块证书"
+
+unzip -o "$ZIPFILE" 'system/*' -d $MODPATH >&2
+
+ui_print "安装成功,重启手机后去系统证书查看ProxyPinCA是否生效."
+
+ui_print " "
+
+set_perm_recursive $MODPATH 0 0 0755 0644
diff --git a/module.prop b/module.prop
@@ -1,6 +1,6 @@
 id=ProxyPinCA
 name=ProxyPinCA
-version=1.1.0
-versionCode=2
+version=1.2.0
+versionCode=3
 author=ProxyPin
 description=ProxyPin certificate.
diff --git a/post-fs-data.sh b/post-fs-data.sh
@@ -1,5 +1,13 @@
 #!/system/bin/sh
 
+
+exec > /data/local/tmp/ProxyPinCA.log
+exec 2>&1
+
+#set -x
+
+MODDIR=${0%/*}
+
 set_context() {
     [ "$(getenforce)" = "Enforcing" ] || return 0
 
@@ -13,18 +21,17 @@ set_context() {
     fi
 }
 
-LOG_PATH="/data/local/tmp/ProxyPinCA.log"
-echo "[$(date +%F) $(date +%T)] - ProxyPinCA post-fs-data.sh start." > $LOG_PATH
-
+#LOG_PATH="/data/local/tmp/ProxyPinCA.log"
+echo "[$(date +%F) $(date +%T)] - ProxyPinCA post-fs-data.sh start."
+chown -R 0:0 ${MODDIR}/system/etc/security/cacerts
 if [ -d /apex/com.android.conscrypt/cacerts ]; then
     # 检测到 android 14 以上，存在该证书目录
     CERT_HASH=243f0bfb
-    MODDIR=${0%/*}
 
     CERT_FILE=${MODDIR}/system/etc/security/cacerts/${CERT_HASH}.0
-    echo "[$(date +%F) $(date +%T)] - CERT_FILE: ${CERT_FILE}" >> $LOG_PATH
+    echo "[$(date +%F) $(date +%T)] - CERT_FILE: ${CERT_FILE}"
     if ! [ -e "${CERT_FILE}" ]; then
-        echo "[$(date +%F) $(date +%T)] - ProxyPinCA certificate not found." >> $LOG_PATH
+        echo "[$(date +%F) $(date +%T)] - ProxyPinCA certificate not found."
         exit 0
     fi
 
@@ -34,24 +41,30 @@ if [ -d /apex/com.android.conscrypt/cacerts ]; then
     mount -t tmpfs tmpfs "$TEMP_DIR"
 
     # 复制证书到临时目录
-    cp -f /apex/com.android.conscrypt/cacerts/* /data/local/tmp/cacerts-copy/
+    cp -f /apex/com.android.conscrypt/cacerts/* "$TEMP_DIR"
     cp -f $CERT_FILE "$TEMP_DIR"
 
     chown -R 0:0 "$TEMP_DIR"
     set_context /apex/com.android.conscrypt/cacerts "$TEMP_DIR"
 
     # 检查新证书是否成功添加
-    CERTS_NUM="$(ls -1 /data/local/tmp/cacerts-copy | wc -l)"
+    CERTS_NUM="$(ls -1 "$TEMP_DIR" | wc -l)"
     if [ "$CERTS_NUM" -gt 10 ]; then
         mount -o bind "$TEMP_DIR" /apex/com.android.conscrypt/cacerts
-        echo "[$(date +%F) $(date +%T)] - $CERTS_NUM Mount success!" >> $LOG_PATH
+         for pid in 1 $(pgrep zygote) $(pgrep zygote64); do
+            nsenter --mount=/proc/${pid}/ns/mnt -- \
+                mount --bind "$TEMP_DIR" /apex/com.android.conscrypt/cacerts
+        done
+        echo "[$(date +%F) $(date +%T)] - Mount success!"
     else
-        echo "[$(date +%F) $(date +%T)] - $CERTS_NUM Mount failed!" >> $LOG_PATH
+        echo "[$(date +%F) $(date +%T)] - Mount failed!"
     fi
 
     # 卸载临时目录
     umount "$TEMP_DIR"
     rmdir "$TEMP_DIR"
 else
-    echo "[$(date +%F) $(date +%T)] - /apex/com.android.conscrypt/cacerts not exists."
+    echo "[$(date +%F) $(date +%T)] - Android version lower than 14 detected"
+    set_context /system/etc/security/cacerts ${MODDIR}/system/etc/security/cacerts 
+    echo "[$(date +%F) $(date +%T)] - Mount success!"
 fi