Update README.md

fix #4 支持安卓14以下版本

README.md

@@ -2,4 +2,7 @@
 这是一个 Magisk 模块 用于安装ProxyPin系统证书, 安装完后需要重启手机.
 
 抓包下载地址
-https://github.com/wanghongenpin/network_proxy_flutter
+https://github.com/wanghongenpin/network_proxy_flutter
+
+安装证书不成功可尝试其他模块
+如: https://github.com/ys1231/MoveCertificate

customize.sh

@@ -1,4 +1,17 @@
 #!/system/bin/sh
 
-ui_print $MODPATH
-ui_print "安装成功,重启手机后去系统证书查看ProxyPinCA是否生效."
+SKIPUNZIP=0
+
+ASH_STANDALONE=0
+
+ui_print "开始安装模块"
+
+ui_print "提取模块证书"
+
+unzip -o "$ZIPFILE" 'system/*' -d $MODPATH >&2
+
+ui_print "安装成功,重启手机后去系统证书查看ProxyPinCA是否生效."
+
+ui_print " "
+
+set_perm_recursive $MODPATH 0 0 0755 0644

module.prop

@@ -1,6 +1,6 @@
 id=ProxyPinCA
 name=ProxyPinCA
-version=1.1.0
-versionCode=2
+version=1.2.0
+versionCode=3
 author=ProxyPin
 description=ProxyPin certificate.

post-fs-data.sh

@@ -1,39 +1,70 @@
 #!/system/bin/sh
 
+
+exec > /data/local/tmp/ProxyPinCA.log
+exec 2>&1
+
+#set -x
+
+MODDIR=${0%/*}
+
+set_context() {
+    [ "$(getenforce)" = "Enforcing" ] || return 0
+
+    default_selinux_context=u:object_r:system_file:s0
+    selinux_context=$(ls -Zd $1 | awk '{print $1}')
+
+    if [ -n "$selinux_context" ] && [ "$selinux_context" != "?" ]; then
+        chcon -R $selinux_context $2
+    else
+        chcon -R $default_selinux_context $2
+    fi
+}
+
+#LOG_PATH="/data/local/tmp/ProxyPinCA.log"
+echo "[$(date +%F) $(date +%T)] - ProxyPinCA post-fs-data.sh start."
+chown -R 0:0 ${MODDIR}/system/etc/security/cacerts
 if [ -d /apex/com.android.conscrypt/cacerts ]; then
     # 检测到 android 14 以上，存在该证书目录
     CERT_HASH=243f0bfb
-    MODDIR=${0%/*}
-    NEW_CERT_FILE=${MODDIR}/system/etc/security/cacerts/${CERT_HASH}.0
-    LOG_PATH="/cache/ProxyPinCA.log"
-    echo "Found /apex/com.android.conscrypt/cacerts." >> ${LOG_PATH}
-    echo "Adding new certificate to /apex/com.android.conscrypt/cacerts." >> ${LOG_PATH}
 
-    # 创建一个临时目录
-    TEMP_DIR="/data/local/tmp/proxypin-ca-certs"
-    mkdir -p "$TEMP_DIR"
+    CERT_FILE=${MODDIR}/system/etc/security/cacerts/${CERT_HASH}.0
+    echo "[$(date +%F) $(date +%T)] - CERT_FILE: ${CERT_FILE}"
+    if ! [ -e "${CERT_FILE}" ]; then
+        echo "[$(date +%F) $(date +%T)] - ProxyPinCA certificate not found."
+        exit 0
+    fi
 
-    # 挂载临时文件系统
+    TEMP_DIR=/data/local/tmp/cacerts-copy
+    rm -rf "$TEMP_DIR"
+    mkdir -p -m 700 "$TEMP_DIR"
     mount -t tmpfs tmpfs "$TEMP_DIR"
 
-    # 复制原始证书到临时目录
+    # 复制证书到临时目录
     cp -f /apex/com.android.conscrypt/cacerts/* "$TEMP_DIR"
+    cp -f $CERT_FILE "$TEMP_DIR"
 
-    # 添加新证书到临时目录
-    cp -f "$NEW_CERT_FILE" "$TEMP_DIR"
+    chown -R 0:0 "$TEMP_DIR"
+    set_context /apex/com.android.conscrypt/cacerts "$TEMP_DIR"
 
     # 检查新证书是否成功添加
-    if [ -f "$TEMP_DIR/$(basename "$NEW_CERT_FILE")" ]; then
-        # 如果新证书成功添加，则挂载回原始目录
-        mount --bind "$TEMP_DIR" /apex/com.android.conscrypt/cacerts
-        echo "Mount success!" >> ${LOG_PATH}
+    CERTS_NUM="$(ls -1 "$TEMP_DIR" | wc -l)"
+    if [ "$CERTS_NUM" -gt 10 ]; then
+        mount -o bind "$TEMP_DIR" /apex/com.android.conscrypt/cacerts
+         for pid in 1 $(pgrep zygote) $(pgrep zygote64); do
+            nsenter --mount=/proc/${pid}/ns/mnt -- \
+                mount --bind "$TEMP_DIR" /apex/com.android.conscrypt/cacerts
+        done
+        echo "[$(date +%F) $(date +%T)] - Mount success!"
     else
-        echo "Failed to add new certificate." >> ${LOG_PATH}
+        echo "[$(date +%F) $(date +%T)] - Mount failed!"
     fi
 
     # 卸载临时目录
     umount "$TEMP_DIR"
     rmdir "$TEMP_DIR"
 else
-    echo "/apex/com.android.conscrypt/cacerts not exists." >> ${LOG_PATH}
+    echo "[$(date +%F) $(date +%T)] - Android version lower than 14 detected"
+    set_context /system/etc/security/cacerts ${MODDIR}/system/etc/security/cacerts 
+    echo "[$(date +%F) $(date +%T)] - Mount success!"
 fi