HACK: fs/proc: block access to mounts for "IsolatedService"

Prevents Magisk mount leakage and root detection by apps with unmodified detection code from here: https://darvincitech.wordpress.com/2019/11/04/detecting-magisk-hide/ Example: https://play.google.com/store/apps/details?id=ua.gov.diia.app
acroreiser · Apr 25, 2020 · d17c01f · d17c01f
1 parent 38f94ef
commit d17c01f
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/fs/proc_namespace.c b/fs/proc_namespace.c
@@ -237,6 +237,12 @@ static int mounts_open_common(struct inode *inode, struct file *file,
 	if (!task)
 		goto err;
 
+	if(!strncmp("IsolatedService", task->comm, 15))
+	{
+		ret = -EINVAL;
+		goto err;
+	}
+
 	rcu_read_lock();
 	nsp = task_nsproxy(task);
 	if (!nsp) {