Zygisk failing with GrapheneOS 14 build 2024031400

[yitzhaq]

Device: Google Pixel 6 Pro Android version: GrapheneOS 14 build 2024031400 Magisk version name: R65C33E4F-kitsune (D) Magisk version code: 27001

Since updating to latest OTA GrapheneOS 14 build 2024031400, Zygisk has started failing. It is enabled, but no longer activating. Both Magisk and Zygisk were working fine with R65C33E4F-kitsune when running on the previous OTA build.

I've tried dis/re-enabling Zygisk, disabling all modules, reinstalling Magisk, all to no avail. Full debug log is attached. magisk_log_2024-03-17T14.55.55.log

Thanks in advance for looking at this, and many thanks for your efforts to keep Magisk working on GrapheneOS!

[yitzhaq]

Possibly relevant part of log - same errors are shown in non-debug log:

03-17 14:49:33.683   825   825 D : ^@zygisk64: JNIEnv->RegisterNatives [com/android/internal/os/Zygote]
03-17 14:49:33.683   825   825 E : ^@zygisk64: unknown signature of com/android/internal/os/Zygote#nativeForkAndSpecialize: (II[II[[IILjava/lang/String;Ljava/lang/String;[I[IZLjava/lang/String
;Ljava/lang/String;Z[Ljava/lang/String;[Ljava/lang/String;ZZZ[J)I
03-17 14:49:33.683   825   825 I : ^@zygisk64: replaced com/android/internal/os/Zygote#nativeForkSystemServer
03-17 14:49:33.683   825   825 E : ^@zygisk64: unknown signature of com/android/internal/os/Zygote#nativeSpecializeAppProcess: (II[II[[IILjava/lang/String;Ljava/lang/String;ZLjava/lang/String;
Ljava/lang/String;Z[Ljava/lang/String;[Ljava/lang/String;ZZZ[J)V

[...]

03-17 14:49:33.790   826   826 D : ^@zygisk32: JNIEnv->RegisterNatives [com/android/internal/os/Zygote]
03-17 14:49:33.790   826   826 E : ^@zygisk32: unknown signature of com/android/internal/os/Zygote#nativeForkAndSpecialize: (II[II[[IILjava/lang/String;Ljava/lang/String;[I[IZLjava/lang/String
;Ljava/lang/String;Z[Ljava/lang/String;[Ljava/lang/String;ZZZ[J)I
03-17 14:49:33.790   826   826 I : ^@zygisk32: replaced com/android/internal/os/Zygote#nativeForkSystemServer
03-17 14:49:33.790   826   826 E : ^@zygisk32: unknown signature of com/android/internal/os/Zygote#nativeSpecializeAppProcess: (II[II[[IILjava/lang/String;Ljava/lang/String;ZLjava/lang/String;
Ljava/lang/String;Z[Ljava/lang/String;[Ljava/lang/String;ZZZ[J)V

[lbdroid]

Looks like the grapheneos adjustment needs to be updated;

https://github.com/KitsuneMagisk/Magisk/commit/0a200bed11a7b2bd0543e54e3a4685000be9718c

[yitzhaq]

Looking at the frequency of GrapheneOS builds lately, I'm pretty sure I wasn't on the previous one before updating to 2024031400, though I'm not entirely sure which one I was running. From reading the changelog, my guess would be a recent build prior to 2024030600, and that this is the build where it broke, probably due to the Android 14 QPR2 changes.

This release is a massive overhaul of the OS almost as large as the migration from Android 13 QPR3 to Android 14 despite fewer user facing changes. This release includes a large part of the migration to Android 15.

https://grapheneos.org/releases#2024030600

So once this gets fixed, hopefully there won't be major breaking changes again for a while..

[lbdroid]

Upstream AOSP made a change in QPR2, and GrapheneOS's prior change was maintained. The issue is that the combination of the upstream and GOS changes have a unique signature. The third "Z" in "ZZZ" whereas the older was just "ZZ". They added a boolean ("Z") parameter "mount_sysprop_overrides" to forkAndSpecialize ("fas") and specializeAppProcess ("spec").

This is the upstream Magisk change for QPR2; https://github.com/topjohnwu/Magisk/commit/685a2d210101a27bdca07ca422106903244ac405

So all that's needed now is to alter the prior GOS patch (as I linked to above) for kitsunemask in the same manner. There's really no point in maintaining the earlier revision since GOS doesn't maintain older releases.

[lbdroid]

This should about do it (untested):

diff --git a/native/src/core/zygisk/gen_jni_hooks.py b/native/src/core/zygisk/gen_jni_hooks.py
index 20a47b920..6d7620dfc 100644
--- a/native/src/core/zygisk/gen_jni_hooks.py
+++ b/native/src/core/zygisk/gen_jni_hooks.py
@@ -215,11 +215,11 @@ server_samsung_q = ForkServer('samsung_q', [uid, gid, gids, runtime_flags, Anon(

 fas_grapheneos_u = ForkAndSpec('grapheneos_u', [uid, gid, gids, runtime_flags, rlimits, mount_external,
     se_info, nice_name, fds_to_close, fds_to_ignore, is_child_zygote, instruction_set, app_data_dir, 
-    is_top_app, pkg_data_info_list, whitelisted_data_info_list, mount_data_dirs, mount_storage_dirs, Anon(jlongArray)])
+    is_top_app, pkg_data_info_list, whitelisted_data_info_list, mount_data_dirs, mount_storage_dirs, mount_sysprop_overrides, Anon(jlongArray)])

 spec_grapheneos_u = SpecApp('grapheneos_u', [uid, gid, gids, runtime_flags, rlimits, mount_external,
     se_info, nice_name, is_child_zygote, instruction_set, app_data_dir, is_top_app, pkg_data_info_list,
-    whitelisted_data_info_list, mount_data_dirs, mount_storage_dirs, Anon(jlongArray)])
+    whitelisted_data_info_list, mount_data_dirs, mount_storage_dirs, mount_sysprop_overrides, Anon(jlongArray)])

 hook_map = {}

diff --git a/native/src/core/zygisk/jni_hooks.hpp b/native/src/core/zygisk/jni_hooks.hpp
index 48c75ddc2..f6ecb90ca 100644
--- a/native/src/core/zygisk/jni_hooks.hpp
+++ b/native/src/core/zygisk/jni_hooks.hpp
@@ -127,7 +127,7 @@ void *nativeForkAndSpecialize_orig = nullptr;
     ctx.nativeForkAndSpecialize_post();
     return ctx.pid;
 }
-[[clang::no_stack_protector]] jint nativeForkAndSpecialize_grapheneos_u(JNIEnv *env, jclass clazz, jint uid, jint gid, jintArray gids, jint runtime_flags, jobjectArray rlimits, jint mount_external, jstring se_info, jstring nice_name, jintArray fds_to_close, jintArray fds_to_ignore, jboolean is_child_zygote, jstring instruction_set, jstring app_data_dir, jboolean is_top_app, jobjectArray pkg_data_info_list, jobjectArray whitelisted_data_info_list, jboolean mount_data_dirs, jboolean mount_storage_dirs, jlongArray _13) {
+[[clang::no_stack_protector]] jint nativeForkAndSpecialize_grapheneos_u(JNIEnv *env, jclass clazz, jint uid, jint gid, jintArray gids, jint runtime_flags, jobjectArray rlimits, jint mount_external, jstring se_info, jstring nice_name, jintArray fds_to_close, jintArray fds_to_ignore, jboolean is_child_zygote, jstring instruction_set, jstring app_data_dir, jboolean is_top_app, jobjectArray pkg_data_info_list, jobjectArray whitelisted_data_info_list, jboolean mount_data_dirs, jboolean mount_storage_dirs, jboolean mount_sysprop_overrides, jlongArray _13) {
     AppSpecializeArgs_v5 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
     args.fds_to_ignore = &fds_to_ignore;
     args.is_child_zygote = &is_child_zygote;
@@ -139,7 +139,7 @@ void *nativeForkAndSpecialize_orig = nullptr;
     HookContext ctx(env, &args);
     ctx.nativeForkAndSpecialize_pre();
     reinterpret_cast<decltype(&nativeForkAndSpecialize_grapheneos_u)>(nativeForkAndSpecialize_orig)(
-        env, clazz, uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, fds_to_close, fds_to_ignore, is_child_zygote, instruction_set, app_data_dir, is_top_app, pkg_data_info_list, whitelisted_data_info_list, mount_data_dirs, mount_storage_dirs, _13
+        env, clazz, uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, fds_to_close, fds_to_ignore, is_child_zygote, instruction_set, app_data_dir, is_top_app, pkg_data_info_list, whitelisted_data_info_list, mount_data_dirs, mount_storage_dirs, mount_sysprop_overrides, _13
     );
     ctx.nativeForkAndSpecialize_post();
     return ctx.pid;
@@ -197,7 +197,7 @@ const JNINativeMethod nativeForkAndSpecialize_methods[] = {
     },
     {
         "nativeForkAndSpecialize",
-        "(II[II[[IILjava/lang/String;Ljava/lang/String;[I[IZLjava/lang/String;Ljava/lang/String;Z[Ljava/lang/String;[Ljava/lang/String;ZZ[J)I",
+        "(II[II[[IILjava/lang/String;Ljava/lang/String;[I[IZLjava/lang/String;Ljava/lang/String;Z[Ljava/lang/String;[Ljava/lang/String;ZZZ[J)I",
         (void *) &nativeForkAndSpecialize_grapheneos_u
     },
 };
@@ -266,7 +266,7 @@ void *nativeSpecializeAppProcess_orig = nullptr;
     );
     ctx.nativeSpecializeAppProcess_post();
 }
-[[clang::no_stack_protector]] void nativeSpecializeAppProcess_grapheneos_u(JNIEnv *env, jclass clazz, jint uid, jint gid, jintArray gids, jint runtime_flags, jobjectArray rlimits, jint mount_external, jstring se_info, jstring nice_name, jboolean is_child_zygote, jstring instruction_set, jstring app_data_dir, jboolean is_top_app, jobjectArray pkg_data_info_list, jobjectArray whitelisted_data_info_list, jboolean mount_data_dirs, jboolean mount_storage_dirs, jlongArray _14) {
+[[clang::no_stack_protector]] void nativeSpecializeAppProcess_grapheneos_u(JNIEnv *env, jclass clazz, jint uid, jint gid, jintArray gids, jint runtime_flags, jobjectArray rlimits, jint mount_external, jstring se_info, jstring nice_name, jboolean is_child_zygote, jstring instruction_set, jstring app_data_dir, jboolean is_top_app, jobjectArray pkg_data_info_list, jobjectArray whitelisted_data_info_list, jboolean mount_data_dirs, jboolean mount_storage_dirs, jboolean mount_sysprop_overrides, jlongArray _14) {
     AppSpecializeArgs_v5 args(uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, instruction_set, app_data_dir);
     args.is_child_zygote = &is_child_zygote;
     args.is_top_app = &is_top_app;
@@ -277,7 +277,7 @@ void *nativeSpecializeAppProcess_orig = nullptr;
     HookContext ctx(env, &args);
     ctx.nativeSpecializeAppProcess_pre();
     reinterpret_cast<decltype(&nativeSpecializeAppProcess_grapheneos_u)>(nativeSpecializeAppProcess_orig)(
-        env, clazz, uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, is_child_zygote, instruction_set, app_data_dir, is_top_app, pkg_data_info_list, whitelisted_data_info_list, mount_data_dirs, mount_storage_dirs, _14
+        env, clazz, uid, gid, gids, runtime_flags, rlimits, mount_external, se_info, nice_name, is_child_zygote, instruction_set, app_data_dir, is_top_app, pkg_data_info_list, whitelisted_data_info_list, mount_data_dirs, mount_storage_dirs, mount_sysprop_overrides, _14
     );
     ctx.nativeSpecializeAppProcess_post();
 }
@@ -309,7 +309,7 @@ const JNINativeMethod nativeSpecializeAppProcess_methods[] = {
     },
     {
         "nativeSpecializeAppProcess",
-        "(II[II[[IILjava/lang/String;Ljava/lang/String;ZLjava/lang/String;Ljava/lang/String;Z[Ljava/lang/String;[Ljava/lang/String;ZZ[J)V",
+        "(II[II[[IILjava/lang/String;Ljava/lang/String;ZLjava/lang/String;Ljava/lang/String;Z[Ljava/lang/String;[Ljava/lang/String;ZZZ[J)V",
         (void *) &nativeSpecializeAppProcess_grapheneos_u
     },
 };

[lbdroid]

Give this a try! I have NOT tested it. Make sure to uninstall the existing magisk/kitsune application and not just patch the boot. Also rename .zip --> .apk

kitsune-debug.zip

[MordorMinion]

Thank you @lbdroid! Tested and working for me on GrapheneOS 2024031400.

[lbdroid]

Excellent!

I've created a PR for the update to KitsuneMagisk repository here; https://github.com/KitsuneMagisk/Magisk/pull/5

[educongo]

Hello. Shouldn'd the PR be done here https://github.com/HuskyDG/magisk-files/pulls? Thank you.

[rikita93]

@lbdroid. Thanks a million for this. Working on 2024032100.

[lbdroid]

Hello. Shouldn'd the PR be done here https://github.com/HuskyDG/magisk-files/pulls? Thank you.

No, this repository does not contain source code, just compiled binaries. In reality, what is housed in THIS repository should be hooked up to the "releases" component of where I made the PR.

[educongo]

Ahh! OK. Sorry for the noise. Thank you and HuskyDG for the time you put on your great work.

[yitzhaq]

I can also confirm that this fixes the issue as originally reported. Big thanks for your efforts, LGTM!

[Lyuu17]

Looking at the frequency of GrapheneOS builds lately, I'm pretty sure I wasn't on the previous one before updating to 2024031400, though I'm not entirely sure which one I was running. From reading the changelog, my guess would be a recent build prior to 2024030600, and that this is the build where it broke, probably due to the Android 14 QPR2 changes.

This release is a massive overhaul of the OS almost as large as the migration from Android 13 QPR3 to Android 14 despite fewer user facing changes. This release includes a large part of the migration to Android 15.

https://grapheneos.org/releases#2024030600

So once this gets fixed, hopefully there won't be major breaking changes again for a while..

I confirm this same issue in LineageOS now with a March build, so not a GrapheneOS issue

[lbdroid]

I confirm this same issue in LineageOS now with a March build, so not a GrapheneOS issue

As far as I can tell, LineageOS should be able to run on upstream Magisk version 27.0, unless they've added their own changes to zygote that create a unique signature.

It is unlikely that changes for GrapheneOS would be applicable there, unless they, I think that project calls it "kanged", changes from GrapheneOS.

In any case, if it doesn't work with upstream Magisk 27.0, you should file a bug report upstream here: https://github.com/topjohnwu/Magisk/issues

[senposage]

kitsune is dead HuskyDG is no longer maintaining this project the telegram channel was abandoned months ago rip

[yitzhaq]

I'm now having a different issue with this build. After a reboot, my renamed manager app no longer shows, and has reverted to "Kitsune Mask". When trying to open that, it queries the usual "Upgrade to full Magisk to finish the setup. Download and install?", as if it had not been fully set up before. Choosing OK brings up a "Downloading Kitsune Mask" dialog, but this never finishes, it just sits there. Several tries, same result, nothing appears to be downloaded (or at least the process never completes or proceeds).

I have tried flashing the boot image anew, with the same result. Android build has AFAICT not changed - it's still on 2024031400, as when I originally flashed it, and before the reboot.

Anyone seeing anything similar? Or can think of why Kitsune Mask would fail to download?

[probablypablito]

I've had this issue happen on normal Magisk. I was able to redownload the APK from GitHub (same APK you flashed) and installing it over the current one. @yitzhaq

[yitzhaq]

I've had this issue happen on normal Magisk. I was able to redownload the APK from GitHub (same APK you flashed) and installing it over the current one. @yitzhaq

Indeed, after sideloading latest OTA, uninstalling the app and re-installing the APK, and re-patching (plus flashing) the updated boot image, things seem to be back to normal now. Thanks for the pointer, @probablypablito! And sorry for raising the apparently off-topic issue here.

[olemmer]

Looks like the grapheneos adjustment needs to be updated; Give this a try! I have NOT tested it. Make sure to uninstall the existing magisk/kitsune application and not just patch the boot. Also rename .zip --> .apk

kitsune-debug.zip

Thx a lot. This works for me on GrapheneOS Build 2024042100.

[yitzhaq]

Hey the thing you have sent, where do I need to add it? I am not experienced in these things. Thanks!

Just use the APK from here instead of the regular one: https://github.com/HuskyDG/magisk-files/issues/129#issuecomment-2008071465

[rawpie2]

Does not work anymore latest build pixel 6 pro