/proc/self/cmdline returns zygote64 in nativeForkAndSpecializePost

[mylylyl]

It should return the app name right?

[mylylyl]

nvm it takes couple seconds to return the real app name. Guess it's better to put a note?

[RikkaW]

Process name is set here, I don't know where the delay comes from.

By the way, if you want the process name, you should read niceName in nativeForkAndSpecializePre instead.

Process should never be used as "real app name" since it is fully customizable (use a name without the lead ":" for android:process). To get package name , it's better to read appData. Here is an example, https://github.com/RikkaApps/Riru-LocationReportEnabler/blob/master/jni/main/main.cpp#L28-L46. Note packageName only exists in beta versions of Android 10, so it has been removed in Riru. It is not updated because the project has been archived.

Even "package name" in appData is not 100% reliable. Multiple apps use android:sharedUserId plus android:process could run in the same process.

The best solution should be to maintain a "uid -> packages" map by self.

[mylylyl]

Thanks for the detailed explanation! I'm doing the following:

static bool isApp = false;

EXPORT void nativeForkAndSpecializePre(
        JNIEnv *env, jclass clazz, jint *_uid, jint *gid, jintArray *gids, jint *runtimeFlags,
        jobjectArray *rlimits, jint *mountExternal, jstring *seInfo, jstring *niceName,
        jintArray *fdsToClose, jintArray *fdsToIgnore, jboolean *is_child_zygote,
        jstring *instructionSet, jstring *appDataDir, jboolean *isTopApp, jobjectArray *pkgDataInfoList,
        jobjectArray *whitelistedDataInfoList, jboolean *bindMountAppDataDirs, jboolean *bindMountAppStorageDirs) {
    isApp = checkIsApp(env, appDataDir);
}

EXPORT int nativeForkAndSpecializePost(JNIEnv *env, jclass clazz, jint res) {
    if (res == 0) {
        // in app process
        if (isApp) {
            isApp = false;
            do::my_stuff();
        }
    } else {
        // in zygote process, res is child pid
        // don't print log here, see https://github.com/RikkaApps/Riru/blob/77adfd6a4a6a81bfd20569c910bc4854f2f84f5e/riru-core/jni/main/jni_native_method.cpp#L55-L66
    }
    return 0;
}

What I found weird is I'm getting multiple calls on do::my_stuff(); and later I found it's the child process that zygote64 forked. Thus I'm trying to get a "real name" to distinguish if I'm in the main process(in my understanding). I found the main process will have the app's package name WITH SOME DELAY. Currently I'm just waiting for 10 seconds and read /proc/self/cmdline

[RikkaW]

What makes you think do::my_stuff() is called multiple times?

[mylylyl]

I have LOGD in it and it's fired multiple times