Skip to content

Commit

Permalink
Initial commit
Browse files Browse the repository at this point in the history
  • Loading branch information
Bloody-Badboy committed Sep 5, 2023
0 parents commit aabb414
Show file tree
Hide file tree
Showing 9 changed files with 120 additions and 0 deletions.
30 changes: 30 additions & 0 deletions .github/workflows/workflow.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
name: Build and deploy

on:
push:
branches:
- "*"
tags:
- v*
pull_request:
workflow_dispatch:

jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3

- name: build dist
run: |
git submodule init && git submodule update
./dist.sh
ls -la
- name: create release
uses: ncipollo/release-action@v1
if: startsWith(github.ref, 'refs/tags/v')
with:
artifacts: "move-user-certs-*.zip"
token: ${{ secrets.GITHUB_TOKEN }}
generateReleaseNotes: true
11 changes: 11 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
*.iml
.gradle
/local.properties
/.idea
.DS_Store
/build
/captures
.externalNativeBuild
.cxx
local.properties
*.zip
Empty file added .gitmodules
Empty file.
31 changes: 31 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# Magisk - Move User Certificates

This module makes all installed user certificates part of the system certificate store, so that they will automatically be used when building the trust chain. This module makes it unnecessary to add the network_security_config property to an application's manifest.

### Installation

1. Install [Magisk](https://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445)
2. Download zip from [latest release](https://github.com/Bloody-Badboy/Move-User-Certificates/releases/latest/) or build using `dist.sh`
3. Install in Magisk
4. Install client certificates through [normal flow](https://support.portswigger.net/customer/portal/articles/1841102-installing-burp-s-ca-certificate-in-an-android-device)
5. Restart your device. Certificate copying happens during boot.
6. The installed user certificates can now be found in the system store.

### Adding certificates

Install the certificate as a user certificate and restart the device.

### Removing certificates

Remove the certificate from the user store through the settings, and restart the device.

## Building

```shell
./dist.sh
```

How to release a new version:

1. Push a new tag with a name like `v*`.
2. A new release will be automatically created.
16 changes: 16 additions & 0 deletions dist.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
#!/bin/bash

UPDATE_BINARY_URL="https://raw.githubusercontent.com/topjohnwu/Magisk/master/scripts/module_installer.sh"

mkdir -p ./module/META-INF/com/google/android
curl "${UPDATE_BINARY_URL}" > ./module/META-INF/com/google/android/update-binary
echo "#MAGISK" > ./module/META-INF/com/google/android/updater-script

VERSION=$(sed -ne "s/version=\(.*\)/\1/gp" ./module/module.prop)
NAME=$(sed -ne "s/id=\(.*\)/\1/gp" ./module/module.prop)

rm -f ${NAME}-${VERSION}.zip
(
cd ./module
zip ../${NAME}-${VERSION}.zip -r * -x ".*" "*/.*"
)
2 changes: 2 additions & 0 deletions module/.gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
/zygisk
/META-INF
6 changes: 6 additions & 0 deletions module/module.prop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
id=move-user-certs
name=Move User Certificates
version=v0.1
versionCode=1
author=Arpan
description=Moves certificates from the user certificate store to the system certificate store.
24 changes: 24 additions & 0 deletions module/post-fs-data.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
#!/system/bin/sh
# Do NOT assume where your module will be located.
# ALWAYS use $MODDIR if you need to know where this script
# and module is placed.
# This will make sure your module will still work
# if Magisk change its mount point in the future
MODDIR=${0%/*}

mv -f /data/misc/user/0/cacerts-added/* $MODDIR/system/etc/security/cacerts

touch -t 200901010000.00 ${MODDIR}/system/etc/security/cacerts*
chown -R root:root ${MODDIR}/system/etc/security/cacerts
chmod -R ugo-rwx,ugo+rX,u+w ${MODDIR}/system/etc/security/cacerts

[ "$(getenforce)" = "Enforcing" ] || exit 0

default_selinux_context=u:object_r:system_file:s0
selinux_context=$(ls -Zd /system/etc/security/cacerts | awk '{print $1}')

if [ -n "$selinux_context" ] && [ "$selinux_context" != "?" ]; then
chcon -R $selinux_context $MODDIR/system/etc/security/cacerts
else
chcon -R $default_selinux_context $MODDIR/system/etc/security/cacerts
fi
Empty file.

0 comments on commit aabb414

Please sign in to comment.