TheComputerGuy96 · December 19, 2018 17:28
diff --git a/0001-jni-consider-data-app-to-the-fd-whitelist-if-Xposed-.patch b/0001-jni-consider-data-app-to-the-fd-whitelist-if-Xposed-.patch
 From 298c82e03c102b484cb46d6ca9328a78c60816ec Mon Sep 17 00:00:00 2001
 From: Park Ju Hyung <[email protected]>
 Date: Tue, 15 Nov 2016 16:59:43 +0900
 Subject: [PATCH] jni: consider /data/app to the fd whitelist if Xposed is
 detected

 Latest security update has added whitelisting routine to the Zygote.

 Since Xposed now reads from /data/app,
 it's necessary to add /data/app to the whitelist.

 Dynamically do this if XposedBridge.jar is detected.

 Change-Id: I984f9948905019d8d8c84b886270a558fae678d2
 Signed-off-by: Park Ju Hyung <[email protected]>
 ---
 dalvik/vm/native/fd_utils-inl.h | 11 +++++++++++
 1 file changed, 12 insertions(+)

 diff --git a/dalvik/vm/native/fd_utils-inl.h b/dalvik/vm/native/fd_utils-inl.h
 index 895008fbf5d..b8291475fd7 100644
 --- a/dalvik/vm/native/fd_utils-inl.h
 +++ b/dalvik/vm/native/fd_utils-inl.h
 @@ -260,6 +260,18 @@ class FileDescriptorInfo {
         path.compare(path.size() - kJarSuffix.size(), kJarSuffix.size(), kJarSuffix) == 0) {
       return true;
     }
 +
 +    if (access("/data/data/de.robv.android.xposed.installer/bin/XposedBridge.jar", F_OK ) != -1) {
 +      // Xposed-powered Zygote might read from extensions other than .apk
 +      // so skip extension check
 +      ALOGW("Xposed detected, loosening up Zygote fd check!");
 +      static const std::string kDataAppPrefix = "/data/app/";
 +      static const std::string kDataDataPrefix = "/data/data/";
 +      if (path.compare(0, kDataAppPrefix.size(), kDataAppPrefix) == 0 || path.compare(0, kDataDataPrefix.size(), kDataDataPrefix) == 0) {
 +        return true;
 +      }
 +    }
 +
     return false;
   }
 
 -- 
 2.11.1.windows.1

 From eb1a6e0d8ac89e97841e31d40b0c7745c55f5f67 Mon Sep 17 00:00:00 2001
 From: DodoGTA GT <[email protected]>
 Date: Mon, 27 Feb 2017 20:42:51 +0200
 Subject: [PATCH] jni: Whitelist old XposedBridge path

 * On KK, XposedBridge.jar is in different location (not /system/framework), and thus
 that location doesn't get whitelisted, which causes Dalvik VM to shut down (and
 that's why CM 11 bootloops after installing Xposed)

 Change-Id: I7d4ea7b0e6f2941b154eb50f84dce4a49eabbe1e
 ---
 dalvik/vm/native/fd_utils-inl.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

 diff --git a/dalvik/vm/native/fd_utils-inl.h b/dalvik/vm/native/fd_utils-inl.h
 index b8291475fd7..b87aa167deb 100644
 --- a/dalvik/vm/native/fd_utils-inl.h
 +++ b/dalvik/vm/native/fd_utils-inl.h
 @@ -59,7 +59,8 @@ static const char* kPathWhitelist[] = {
   "/system/etc/event-log-tags",
   "/sys/kernel/debug/tracing/trace_marker",
   "/system/framework/framework-res.apk",
 -  "@netlink@" /* path for netlink (AF_NETLINK) sockets */
 +  "@netlink@", /* path for netlink (AF_NETLINK) sockets */
 +  "/data/data/de.robv.android.xposed.installer/bin/XposedBridge.jar" /* Old path for XposedBridge (used in KK and below) */
 };
 
 static const char* kFdPath = "/proc/self/fd";
 -- 
 2.11.1.windows.1
	From 298c82e03c102b484cb46d6ca9328a78c60816ec Mon Sep 17 00:00:00 2001
	From: Park Ju Hyung <[email protected]>
	Date: Tue, 15 Nov 2016 16:59:43 +0900
	Subject: [PATCH] jni: consider /data/app to the fd whitelist if Xposed is
	detected

	Latest security update has added whitelisting routine to the Zygote.

	Since Xposed now reads from /data/app,
	it's necessary to add /data/app to the whitelist.

	Dynamically do this if XposedBridge.jar is detected.

	Change-Id: I984f9948905019d8d8c84b886270a558fae678d2
	Signed-off-by: Park Ju Hyung <[email protected]>
	---
	dalvik/vm/native/fd_utils-inl.h \| 11 +++++++++++
	1 file changed, 12 insertions(+)

	diff --git a/dalvik/vm/native/fd_utils-inl.h b/dalvik/vm/native/fd_utils-inl.h
	index 895008fbf5d..b8291475fd7 100644
	--- a/dalvik/vm/native/fd_utils-inl.h
	+++ b/dalvik/vm/native/fd_utils-inl.h
	@@ -260,6 +260,18 @@ class FileDescriptorInfo {
	path.compare(path.size() - kJarSuffix.size(), kJarSuffix.size(), kJarSuffix) == 0) {
	return true;
	}
	+
	+ if (access("/data/data/de.robv.android.xposed.installer/bin/XposedBridge.jar", F_OK ) != -1) {
	+ // Xposed-powered Zygote might read from extensions other than .apk
	+ // so skip extension check
	+ ALOGW("Xposed detected, loosening up Zygote fd check!");
	+ static const std::string kDataAppPrefix = "/data/app/";
	+ static const std::string kDataDataPrefix = "/data/data/";
	+ if (path.compare(0, kDataAppPrefix.size(), kDataAppPrefix) == 0 \|\| path.compare(0, kDataDataPrefix.size(), kDataDataPrefix) == 0) {
	+ return true;
	+ }
	+ }
	+
	return false;
	}

	--
	2.11.1.windows.1

	From eb1a6e0d8ac89e97841e31d40b0c7745c55f5f67 Mon Sep 17 00:00:00 2001
	From: DodoGTA GT <[email protected]>
	Date: Mon, 27 Feb 2017 20:42:51 +0200
	Subject: [PATCH] jni: Whitelist old XposedBridge path

	* On KK, XposedBridge.jar is in different location (not /system/framework), and thus
	that location doesn't get whitelisted, which causes Dalvik VM to shut down (and
	that's why CM 11 bootloops after installing Xposed)

	Change-Id: I7d4ea7b0e6f2941b154eb50f84dce4a49eabbe1e
	---
	dalvik/vm/native/fd_utils-inl.h \| 3 ++-
	1 file changed, 2 insertions(+), 1 deletion(-)

	diff --git a/dalvik/vm/native/fd_utils-inl.h b/dalvik/vm/native/fd_utils-inl.h
	index b8291475fd7..b87aa167deb 100644
	--- a/dalvik/vm/native/fd_utils-inl.h
	+++ b/dalvik/vm/native/fd_utils-inl.h
	@@ -59,7 +59,8 @@ static const char* kPathWhitelist[] = {
	"/system/etc/event-log-tags",
	"/sys/kernel/debug/tracing/trace_marker",
	"/system/framework/framework-res.apk",
	- "@netlink@" /* path for netlink (AF_NETLINK) sockets */
	+ "@netlink@", /* path for netlink (AF_NETLINK) sockets */
	+ "/data/data/de.robv.android.xposed.installer/bin/XposedBridge.jar" /* Old path for XposedBridge (used in KK and below) */
	};

	static const char* kFdPath = "/proc/self/fd";
	--
	2.11.1.windows.1