AdguardTeam / adguardcert

Magisk module that allows using AdGuard's HTTPS filtering for all apps
https://adguard.com/
MIT License
334 stars 21 forks source link

Doesn't work with Android 14 beta 3 #32

Closed Skalt18 closed 1 year ago

Skalt18 commented 1 year ago

Module hasn't any effect.

themerror commented 1 year ago

The same problem. Actually, the cert file has been copied to /etc/security/cacerts successfully. However, it won't appear in the settings app, which means that the system won't trust it.

Skalt18 commented 1 year ago

I believe I find the problem. From: https://www.esper.io/blog/android-14-updatable-certificates "Currently, Android loads root certificates from files stored under /system/etc/security/cacerts (left). After this change, Android will first check if the directory /apex/com.android.conscrypt/cacerts exists, and if so, will load root certificates from there. If it doesn’t, then Android will fall back to the usual system location. (right)Type image caption here (optional)" So the module need to change the directory for A14.

steupz commented 1 year ago

In nightly builds, using Android 13, the certificate is transferred to System store but Adgaurd shows Personal CA can be moved

Rtizer-9 commented 1 year ago

A well-known http request interceptor has put out a blog post titled : Android 14 blocks all modification of system certificates, even as root.

Author of an old root for Android rejects the claims on Hacker News thread though

HN post : https://news.ycombinator.com/item?id=37391521

Comment of that old root author: The title is, and forever will be wrong. When we say you're root in Android, you're actually root. You can actually do whatever you want

pimterry commented 1 year ago

Hi! I'm the original author of the above post. I've just published an update: https://httptoolkit.com/blog/android-14-install-system-ca-certificate/.

I'm not sure if it'll work for your needs here, but there's two techniques in there that do now provide working CA certificate injection on Android 14.

Rtizer-9 commented 1 year ago

@pimterry Great work. Hopefully now the certificate headache is gone.

sfionov commented 1 year ago

@pimterry Thank you for information, it really helped.

I've created pull request with working solution.

I didn't include nsenter part (since module is applied before final boot phase) but tmpfs part was useful.

I noticed that magisk just ignores module overrides with /apex path, so this workaround may not be needed with future Magisk releases if they change this policy.

Rtizer-9 commented 1 year ago

@sfionov I hope both root detection and kernelsu compatibility will also be taken of in the newer release. The previous beta4 already works perfectly with ksu.

sfionov commented 1 year ago

v2.0-beta5 is released

https://github.com/AdguardTeam/adguardcert/releases/tag/v2.0-beta5