Skip to content
This repository has been archived by the owner on Sep 6, 2019. It is now read-only.

Commit

Permalink
Play services 5.0 restrictions - proof of concept
Browse files Browse the repository at this point in the history
Refs #1774
Refs #1778
  • Loading branch information
M66B committed Aug 15, 2014
1 parent ca10814 commit 82e71af
Show file tree
Hide file tree
Showing 5 changed files with 169 additions and 37 deletions.
28 changes: 16 additions & 12 deletions src/biz/bokhorst/xprivacy/Meta.java
Original file line number Diff line number Diff line change
Expand Up @@ -480,6 +480,10 @@ public static List<Hook> get() {
mListHook.add(new Hook(null, "startActivityIfNeeded", "", 1, null, null).notAOSP(19));
mListHook.add(new Hook(null, "startNextMatchingActivity", "", 1, null, null).notAOSP(19));

// ActivityThread / MessageQueue
mListHook.add(new Hook(null, "next", "", 1, null, null).notAOSP(19).optional());
mListHook.add(new Hook(null, "handleReceiver", "", 1, null, null).notAOSP(19).optional());

// ActivityManager(Service)
mListHook.add(new Hook(null, "Srv_startActivities", "", 19, null, null).AOSP(19));
mListHook.add(new Hook(null, "Srv_startActivity", "", 19, null, null).AOSP(19));
Expand Down Expand Up @@ -524,9 +528,18 @@ public static List<Hook> get() {
// ContextImpl / Activity
mListHook.add(new Hook(null, "getSystemService", "", 1, null, null).notAOSP(19));

// GoogleApiClient.Builder
mListHook.add(new Hook(null, "GAC.addConnectionCallbacks", "", 1, null, null).optional());
mListHook.add(new Hook(null, "GAC.onConnected", "", 1, null, null));

// IntentFirewall
mListHook.add(new Hook(null, "checkIntent", "", 19, null, null));

// LocationClient / ActivityRecognitionClient
mListHook.add(new Hook(null, "GMS.removeActivityUpdates", "", 1, null, null));
mListHook.add(new Hook(null, "GMS.removeGeofences", "", 1, null, null).optional());
mListHook.add(new Hook(null, "GMS.removeLocationUpdates", "", 1, null, null).optional());

// LocationManager/Service
mListHook.add(new Hook(null, "removeUpdates", "", 3, null, null).notAOSP(19));
mListHook.add(new Hook(null, "Srv_removeUpdates", "", 19, null, null));
Expand All @@ -545,25 +558,16 @@ public static List<Hook> get() {
mListHook.add(new Hook(null, "disableLocationUpdates", "", 10, null, null).notAOSP(19));
mListHook.add(new Hook(null, "Srv_disableLocationUpdates", "", 19, null, null));

// UtilHook
mListHook.add(new Hook(null, "isXposedEnabled", "", 15, null, null));

// WebView
mListHook.add(new Hook(null, "getSettings", "", 1, null, null));

// WindowManagerImpl
mListHook.add(new Hook(null, "removeView", "", 1, null, null));
mListHook.add(new Hook(null, "updateViewLayout", "", 1, null, null));

// LocationClient / ActivityRecognitionClient
mListHook.add(new Hook(null, "GMS.removeActivityUpdates", "", 1, null, null));
mListHook.add(new Hook(null, "GMS.removeGeofences", "", 1, null, null).optional());
mListHook.add(new Hook(null, "GMS.removeLocationUpdates", "", 1, null, null).optional());

// ActivityThread / MessageQueue
mListHook.add(new Hook(null, "next", "", 1, null, null).notAOSP(19).optional());
mListHook.add(new Hook(null, "handleReceiver", "", 1, null, null).notAOSP(19).optional());

// UtilHook
mListHook.add(new Hook(null, "isXposedEnabled", "", 15, null, null));

// @formatter:on
return mListHook;
}
Expand Down
64 changes: 64 additions & 0 deletions src/biz/bokhorst/xprivacy/XConnectionCallbacks.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
package biz.bokhorst.xprivacy;

import java.util.ArrayList;
import java.util.List;

import android.os.Binder;
import android.util.Log;

public class XConnectionCallbacks extends XHook {
private Methods mMethod;
private String mClassName;

private XConnectionCallbacks(Methods method, String restrictionName, String className) {
super(restrictionName, method.name(), "GAC." + method.name());
mMethod = method;
mClassName = className;
}

public String getClassName() {
return mClassName;
}

// @formatter:off

// abstract void onConnected(Bundle connectionHint)
// https://developer.android.com/reference/com/google/android/gms/common/api/GoogleApiClient.ConnectionCallbacks.html

// @formatter:on

private enum Methods {
onConnected
};

public static List<XHook> getInstances(Object instance) {
String className = instance.getClass().getName();
Util.log(null, Log.INFO, "Hooking class=" + className + " uid=" + Binder.getCallingUid());

List<XHook> listHook = new ArrayList<XHook>();
listHook.add(new XConnectionCallbacks(Methods.onConnected, null, className));
return listHook;
}

@Override
protected void before(XParam param) throws Throwable {
switch (mMethod) {
case onConnected:
ClassLoader loader = param.thisObject.getClass().getClassLoader();
Class<?> cLoc = Class.forName("com.google.android.gms.location.LocationServices", false, loader);
Object fusedLocationApi = cLoc.getDeclaredField("FusedLocationApi").get(null);
Util.log(this, Log.WARN, "FusedLocationApi class=" + fusedLocationApi.getClass());

Class<?> cRec = Class.forName("com.google.android.gms.location.ActivityRecognition", false, loader);
Object activityRecognitionApi = cRec.getDeclaredField("ActivityRecognitionApi").get(null);
Util.log(this, Log.WARN, "ActivityRecognitionApi class=" + activityRecognitionApi.getClass());

break;
}
}

@Override
protected void after(XParam param) throws Throwable {
// Do nothing
}
}
56 changes: 56 additions & 0 deletions src/biz/bokhorst/xprivacy/XGoogleApiClient.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
package biz.bokhorst.xprivacy;

import java.util.ArrayList;
import java.util.List;

public class XGoogleApiClient extends XHook {
private Methods mMethod;

private XGoogleApiClient(Methods method, String restrictionName) {
super(restrictionName, method.name(), "GAC." + method.name());
mMethod = method;
}

public String getClassName() {
return "com.google.android.gms.common.api.GoogleApiClient$Builder";
}

// @formatter:off

// GoogleApiClient.Builder addConnectionCallbacks(GoogleApiClient.ConnectionCallbacks listener)
// https://developer.android.com/reference/com/google/android/gms/common/api/GoogleApiClient.Builder.html

// @formatter:on

private enum Methods {
addConnectionCallbacks
};

public static List<XHook> getInstances() {
Util.log(null, android.util.Log.WARN, "Loaded GAC");
List<XHook> listHook = new ArrayList<XHook>();
listHook.add(new XGoogleApiClient(Methods.addConnectionCallbacks, null));
return listHook;
}

@Override
protected void before(XParam param) throws Throwable {
switch (mMethod) {
case addConnectionCallbacks:
if (param.args.length > 0 && param.args[0] != null) {
Class<?> clazz = param.args[0].getClass();
if (PrivacyManager.getTransient(clazz.getName(), null) == null) {
PrivacyManager.setTransient(clazz.getName(), Boolean.toString(true));
XPrivacy.hookAll(XConnectionCallbacks.getInstances(param.args[0]), clazz.getClassLoader(),
getSecret());
}
}
break;
}
}

@Override
protected void after(XParam param) throws Throwable {
// Do nothing
}
}
56 changes: 32 additions & 24 deletions src/biz/bokhorst/xprivacy/XPrivacy.java
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,7 @@ public void classLoaded(Class<?> clazz) {

// TODO: Cydia: Build.SERIAL
// TODO: Cydia: android.provider.Settings.Secure
// TODO: Cydia: Phone instances

// Providers
for (final String className : XContentResolver.cProviderClassName)
Expand All @@ -108,14 +109,6 @@ public void classLoaded(Class<?> clazz) {
}
});

// Phone interface manager
MS.hookClassLoad("com.android.phone", new MS.ClassLoadHook() {
@Override
public void classLoaded(Class<?> clazz) {
hookAll(XTelephonyManager.getPhoneInstances(), clazz.getClassLoader(), mSecret);
}
});

// Advertising Id
MS.hookClassLoad("com.google.android.gms.ads.identifier.AdvertisingIdClient", new MS.ClassLoadHook() {
@Override
Expand All @@ -132,6 +125,14 @@ public void classLoaded(Class<?> clazz) {
}
});

// GoogleApiClient.Builder
MS.hookClassLoad("com.google.android.gms.common.api.GoogleApiClient", new MS.ClassLoadHook() {
@Override
public void classLoaded(Class<?> clazz) {
hookAll(XGoogleApiClient.getInstances(), clazz.getClassLoader(), mSecret);
}
});

// Google auth
MS.hookClassLoad("com.google.android.gms.auth.GoogleAuthUtil", new MS.ClassLoadHook() {
@Override
Expand Down Expand Up @@ -358,24 +359,17 @@ private static void handleLoadPackage(String packageName, ClassLoader classLoade
Util.bug(null, ex);
}

// Providers
hookAll(XContentResolver.getPackageInstances(packageName, classLoader), classLoader, secret);

// Phone interface manager
if ("com.android.phone".equals(packageName))
hookAll(XTelephonyManager.getPhoneInstances(), classLoader, secret);

// Advertising Id
// Activity recognition
try {
Class.forName("com.google.android.gms.ads.identifier.AdvertisingIdClient$Info", false, classLoader);
hookAll(XAdvertisingIdClientInfo.getInstances(), classLoader, secret);
Class.forName("com.google.android.gms.location.ActivityRecognitionClient", false, classLoader);
hookAll(XActivityRecognitionClient.getInstances(), classLoader, secret);
} catch (Throwable ignored) {
}

// User activity
// Advertising Id
try {
Class.forName("com.google.android.gms.location.ActivityRecognitionClient", false, classLoader);
hookAll(XActivityRecognitionClient.getInstances(), classLoader, secret);
Class.forName("com.google.android.gms.ads.identifier.AdvertisingIdClient$Info", false, classLoader);
hookAll(XAdvertisingIdClientInfo.getInstances(), classLoader, secret);
} catch (Throwable ignored) {
}

Expand All @@ -386,10 +380,10 @@ private static void handleLoadPackage(String packageName, ClassLoader classLoade
} catch (Throwable ignored) {
}

// Location client
// GoogleApiClient.Builder
try {
Class.forName("com.google.android.gms.location.LocationClient", false, classLoader);
hookAll(XLocationClient.getInstances(), classLoader, secret);
Class.forName("com.google.android.gms.common.api.GoogleApiClient", false, classLoader);
hookAll(XGoogleApiClient.getInstances(), classLoader, secret);
} catch (Throwable ignored) {
}

Expand All @@ -406,6 +400,20 @@ private static void handleLoadPackage(String packageName, ClassLoader classLoade
hookAll(XGoogleMapV2.getInstances(), classLoader, secret);
} catch (Throwable ignored) {
}

// Location client
try {
Class.forName("com.google.android.gms.location.LocationClient", false, classLoader);
hookAll(XLocationClient.getInstances(), classLoader, secret);
} catch (Throwable ignored) {
}

// Phone interface manager
if ("com.android.phone".equals(packageName))
hookAll(XTelephonyManager.getPhoneInstances(), classLoader, secret);

// Providers
hookAll(XContentResolver.getPackageInstances(packageName, classLoader), classLoader, secret);
}

public static void handleGetSystemService(String name, String className, String secret) {
Expand Down
2 changes: 1 addition & 1 deletion src/biz/bokhorst/xprivacy/XWebView.java
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ protected void after(XParam param) throws Throwable {
Class<?> clazz = param.getResult().getClass();
if (PrivacyManager.getTransient(clazz.getName(), null) == null) {
PrivacyManager.setTransient(clazz.getName(), Boolean.toString(true));
XPrivacy.hookAll(XWebSettings.getInstances(param.getResult()), null, getSecret());
XPrivacy.hookAll(XWebSettings.getInstances(param.getResult()), clazz.getClassLoader(), getSecret());
}
}
break;
Expand Down

0 comments on commit 82e71af

Please sign in to comment.