search

NVISOsecurity / MagiskTrustUserCerts

A Magisk/KernelSU module that automatically adds user certificates to the system root CA store
1.72k stars 205 forks source link

Multiple Magisk mount points, one per each system CA #6

Closed raulsiles closed 1 year ago

raulsiles commented 4 years ago

The blog post at https://blog.nviso.be/2017/12/22/intercepting-https-traffic-from-apps-on-android-7-using-magisk-burp/ details the usage of /magisk/trustusercerts/ to provide new /system contents to Android. It seems this directory structure does not exist anymore...

However, the current module v0.3 version running with the latest Magisk version in Android 8.1 uses multiple Magisk mount points, one per each system CA:

# mount
...
tmpfs on /system/etc/security/cacerts type tmpfs (rw,seclabel,relatime)
/sbin/.magisk/block/data on /system/etc/security/cacerts/9a5ba575.0 type ext4 (rw,seclabel,relatime,noauto_da_alloc,errors=panic,data=ordered,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/00673b5b.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/02756ea4.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/04f60c28.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/0d5a4e1c.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/0d69c7e1.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/10531352.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/111e6273.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/12d55845.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/17b51fe6.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/1dac3003.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/1dcd6f4c.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/1df5a75f.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/1e1eab7c.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/1e8e7201.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/1eb37bdf.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/1f58a078.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/21855f49.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/219d9499.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/23f4c490.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/27af790d.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/2add47b6.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/2d9dafe4.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/2fa87019.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/31188b5e.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/343eb6cb.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/35105088.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/3929ec9f.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/399e7759.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/3a3b02ce.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/3ad48a91.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/3c58f906.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/3c6676aa.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/3c860d51.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/3c9a4d3b.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/3d441de8.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/3e7271e8.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/40dc992e.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/418595b9.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/455f1b52.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/48a195d8.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/4be590e0.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/4e18c148.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/5046c355.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/524d9b43.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/52b525c7.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/559f7c71.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/5a250ea7.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/5a3f0ff8.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/5cf9d536.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/5e4e69e7.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/5f47b495.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/60afe812.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/6187b673.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/63a2c897.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/67495436.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/69105f4f.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/6e8bf996.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/6fcc125d.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/75680d2e.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/76579174.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/7672ac4b.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/7999be0d.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/7a7c655d.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/7a819ef2.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/7d453d8f.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/81b9768f.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/82223c44.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/85cde254.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/86212b19.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/87753b0d.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/882de061.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/89c02a45.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/8d6437c3.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/91739615.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/9282e51c.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/9339512a.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/9479c8c3.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/9576d26b.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/95aff9e3.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/9685a493.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/9772ca32.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/9c3323d4.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/9d6523ce.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/9dbefe7b.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/9f533518.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/a0bc6fbb.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/a2c66da8.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/a3896b44.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/a7605362.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/a7d2cf64.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/a81e292b.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/ab5346f4.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/aeb67534.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/b0ed035a.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/b0f3e76e.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/b3fb433b.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/b7db1890.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/b872f2b4.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/b936d1c6.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/bc3f2570.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/bdacca6f.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/bf64f35b.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/c491639e.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/c51c224c.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/c7e2a638.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/c907e29b.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/c90bc37d.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/cb156124.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/cb1c3204.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/ccc52f49.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/cf701eeb.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/d06393bb.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/d16a5865.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/d18e9066.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/d41b5e2a.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/d4c339cb.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/d59297b8.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/d66b55d9.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/d6e6eab9.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/d7746a63.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/d8317ada.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/dbc54cab.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/dc99f41e.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/dfc0fe80.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/e442e424.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/e48193cf.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/e775ed2d.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/e8651083.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/ea169617.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/ed39abd0.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/ee7cd6fb.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/facacbc6.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/fb5fa911.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/fd08c599.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/system on /system/etc/security/cacerts/fde84897.0 type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)

Would it be possible to optimise the module implementation so that a single mount point is added (the one associated to the "carets" subdirectory), somehow similarly to other Magisk mount points...?

/sbin/.magisk/block/system on /sbin/.magisk/mirror/system type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/vendor on /sbin/.magisk/mirror/vendor type ext4 (ro,seclabel,relatime,inode_readahead_blks=8)
/sbin/.magisk/block/data on /sbin/.magisk/mirror/data type ext4 (rw,seclabel,relatime,noauto_da_alloc,errors=panic,data=ordered,inode_readahead_blks=8)
/sbin/.magisk/block/data on /sbin/.magisk/modules type ext4 (rw,seclabel,relatime,noauto_da_alloc,errors=panic,data=ordered,inode_readahead_blks=8)
giacomoferretti commented 4 years ago

I think that is how Magisk works, I don't think it's the module's fault.

As you can see from the code in post-fs-data.sh, the modules relies on Magisk to handle all the mounts and copy of the various files.

$MODDIR is given by Magisk to handle all the filesystem operations: https://github.com/topjohnwu/Magisk/blob/master/docs/details.md#magic-mount

Snippet from post-fs-data.sh: cp -f /data/misc/user/0/cacerts-added/* $MODDIR/system/etc/security/cacerts/

raulsiles commented 4 years ago

Thanks for the references. The Magisk documentation mentions $MODPATH, rather than $MODDIR (local variable for this module). My point by opening this issue is to verify if there is another way of copying or merging the user imported CAs, trying to avoid all the default system CAs appearing as individual mount points.

giacomoferretti commented 4 years ago

The variable name can be whatever you want, but it must be set to ${0%/*} (example: post-fs-data.sh)