-
Notifications
You must be signed in to change notification settings - Fork 13
Expand file tree
/
Copy pathservice.sh
More file actions
174 lines (148 loc) · 6.73 KB
/
service.sh
File metadata and controls
174 lines (148 loc) · 6.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
MODPATH=${0%/*}
MODDIR="$MODPATH"
PATH=$MODPATH/common/bin:/data/adb/ap/bin:/data/adb/ksu/bin:/data/adb/magisk:$PATH
HIDE_DIR="/data/adb/modules/.TA_enhanced"
TSPA="/data/adb/modules/tsupport-advance"
. "$MODPATH/common/common.sh"
detect_manager
_log "INFO" "Service started (manager=$MANAGER)"
# Denylist merge: Magisk reads from --denylist. KSU/APatch have no flat
# enumeration API (per-package umount profiles only), so skip with a log.
add_denylist_to_target() {
local target_file="$TS_DIR/target.txt"
local tmp_file="${target_file}.tmp"
local exclamation_target question_target existing denylist
exclamation_target=$(grep '!' "$target_file" | sed 's/!$//')
question_target=$(grep '?' "$target_file" | sed 's/?$//')
existing=$(sed 's/[!?]$//' "$target_file")
denylist=$(magisk --denylist ls 2>/dev/null | awk -F'|' '{print $1}' | grep -v "isolated")
if ! printf "%s\n" "$existing" "$denylist" | sort -u > "$tmp_file"; then
_log "ERROR" "Failed to write target.txt from denylist"
rm -f "$tmp_file"
return 1
fi
for pkg in $exclamation_target; do
sed -i "s/^${pkg}$/${pkg}!/" "$tmp_file"
done
for pkg in $question_target; do
sed -i "s/^${pkg}$/${pkg}?/" "$tmp_file"
done
mv "$tmp_file" "$target_file"
}
# Security patch is handled by the daemon's SecurityPatchTask (with retries + bulletin fetch).
# Running `set` here would overwrite bulletin-fetched dates with stale device props.
# prop.sh runs with RP_BIN pointed at the bundled resetprop-rs to keep the
# upstream calling pattern intact while sourcing the property setter from
# the module bundle.
RP_BIN="$MODPATH/bin/$ABI/resetprop-rs" sh "$MODPATH/prop.sh" &
# TSupport-A Interop
if [ -d "$TSPA" ]; then
touch "/storage/emulated/0/stop-tspa-auto-target" 2>/dev/null || true
elif [ ! -d "$TSPA" ] && [ -f "/storage/emulated/0/stop-tspa-auto-target" ]; then
rm -f "/storage/emulated/0/stop-tspa-auto-target"
fi
# Magisk Module Hiding
# Dot-prefix hides from Magisk's module list scan (stable since Magisk v24+).
# service.sh re-copies on every boot so the hidden copy is always fresh.
if [ "$MANAGER" = "MAGISK" ]; then
if [ -f "$MODPATH/action.sh" ] && [ "$MODPATH" != "$HIDE_DIR" ]; then
_log "INFO" "Module hiding (Magisk)"
rm -rf "$HIDE_DIR"
mkdir -p "$HIDE_DIR"
busybox chcon --reference="$MODPATH" "$HIDE_DIR" 2>/dev/null || true
if ! cp -af "$MODPATH/." "$HIDE_DIR/"; then
_log "ERROR" "Module hiding copy failed, using original path"
rm -rf "$HIDE_DIR"
else
MODPATH="$HIDE_DIR"
MODDIR="$MODPATH"
BIN="$MODPATH/bin/${ABI}/ta-enhanced"
fi
fi
[ -f "$TS_DIR/target_from_denylist" ] && add_denylist_to_target
else
_log "INFO" "Denylist merge skipped: $MANAGER has no flat denylist API"
[ -d "$HIDE_DIR" ] && rm -rf "$HIDE_DIR"
fi
# Ensure system_app file exists for WebUI system app display
if [ ! -f "$TS_DIR/system_app" ]; then
: > "$TS_DIR/system_app"
for app in com.google.android.gms com.google.android.gsf com.android.vending \
com.oplus.deepthinker com.heytap.speechassist com.coloros.sceneservice; do
pm list packages -s 2>/dev/null | grep -q "package:$app" && echo "$app" >> "$TS_DIR/system_app"
done
fi
# Snapshot module.prop for WebUI version display, then hide from manager UI.
# At boot the manager already registered the module before service.sh ran,
# so synchronous rm is safe. At hot-install the install transaction is still
# in flight, so defer rm until our installer parent exits (PPID polling
# matches upstream Tricky-Addon-Update-Target-List).
cp -f "$MODPATH/module.prop" "/data/adb/tricky_store/ta-enhanced/module.prop" 2>/dev/null || true
if [ "$(getprop sys.boot_completed)" = "1" ]; then
nohup sh -c "while kill -0 $PPID 2>/dev/null; do sleep 1; done; rm -f '$MODPATH/module.prop'" >/dev/null 2>&1 &
else
rm -f "$MODPATH/module.prop"
fi
# Publish resetprop-rs to the daemon's expected path (rust/src/platform/props.rs:3).
# Re-copies on every boot so updates land.
mkdir -p /data/adb/tricky_store/ta-enhanced/bin
cp -f "$MODPATH/bin/$ABI/resetprop-rs" /data/adb/tricky_store/ta-enhanced/bin/resetprop-rs
chmod 755 /data/adb/tricky_store/ta-enhanced/bin/resetprop-rs
# Symlink Management
if [ -f "$MODPATH/action.sh" ] && [ ! -e "$TS/action.sh" ]; then
ln -s "$MODPATH/action.sh" "$TS/action.sh" 2>/dev/null || true
fi
if [ ! -e "$TS/webroot" ]; then
ln -s "$MODPATH/webui" "$TS/webroot" 2>/dev/null || true
fi
if [ ! -e "$TS/banner.png" ] && [ -f "$MODPATH/banner.png" ]; then
ln -s "$MODPATH/banner.png" "$TS/banner.png" 2>/dev/null || true
fi
if [ -f "$TS/module.prop" ] && ! grep -q "^banner=" "$TS/module.prop"; then
sed -i '$ a\banner=banner.png' "$TS/module.prop" 2>/dev/null || true
fi
# Heavy support work waits for boot completion in a background subshell —
# pm and the rust binary are not prop-spoof critical, so backgrounding them
# never affects stealth.
(
_log "INFO" "Waiting for boot completion"
timeout 120 getprop -w sys.boot_completed 2>/dev/null || {
until [ "$(getprop sys.boot_completed)" = "1" ]; do
sleep 5
done
}
_log "INFO" "Boot completed"
pm list packages -s 2>/dev/null | sed 's/^package://' | sort > "/data/adb/tricky_store/ta-enhanced/system_packages.txt"
vbhash_enabled=$(read_config vbhash.enabled true)
if [ "$vbhash_enabled" = "true" ]; then
_log "INFO" "Running VBHash extraction"
"$BIN" vbhash extract 2>/dev/null || _log "WARN" "VBHash extraction failed"
else
_log "INFO" "VBHash extraction disabled"
fi
_log "INFO" "Checking for conflicts at boot"
"$BIN" conflict check 2>/dev/null || _log "WARN" "Conflicts detected, check conflict.log"
) &
# Create tmp directory (needed by action.sh for KSU WebUI APK download)
mkdir -p "$MODPATH/common/tmp"
# Xposed Detection (background)
"$BIN" status xposed-scan >> "$LOG_BASE_DIR/main.log" 2>&1 &
# Magisk: clean up unhidden module dir
[ -f "$MODPATH/action.sh" ] && rm -rf "/data/adb/modules/TA_enhanced"
# Launch Daemon
_log "INFO" "Starting ta-enhanced daemon"
"$BIN" daemon --manager "$MANAGER" &
_log "INFO" "Daemon launched"
# Keybox boot-time retry burst (background): exponential backoff, daemon
# takes over on the configured schedule once these attempts exhaust.
if [ ! -f "/data/adb/tricky_store/keybox.xml" ]; then
(
for _delay in 30 60 120 240; do
sleep "$_delay"
[ -f "/data/adb/tricky_store/keybox.xml" ] && exit 0
timeout 10 "$BIN" keybox fetch 2>/dev/null && exit 0
done
) &
fi
# Magisk also gets the dot-prefix copy at $HIDE_DIR for belt-and-braces hiding;
# KSU/APatch rely solely on the module.prop deletion above.