diff --git a/module/module.prop b/module/module.prop index 33eb5a3..85ccaf3 100644 --- a/module/module.prop +++ b/module/module.prop @@ -1,6 +1,6 @@ id=adguardcert name=AdGuard Certificate -version=v2.0-beta3 -versionCode=32 +version=v2.0-beta4 +versionCode=33 author=AdGuard description=Moves AdGuard's root CA certificate from the user certificate store to the system certificate store. diff --git a/module/post-fs-data.sh b/module/post-fs-data.sh index 2e964c9..5229c6c 100644 --- a/module/post-fs-data.sh +++ b/module/post-fs-data.sh @@ -3,27 +3,22 @@ MODDIR=${0%/*} # Android hashes the subject to get the filename, field order is significant. # (`openssl x509 -in ... -noout -hash`) -# AdGuard's primary certificate is "/C=EN/O=AdGuard/CN=AdGuard Personal CA". -# AdGuard's intermediate certificate is "/C=EN/O=AdGuard/CN=AdGuard Personal Intermediate". +# AdGuard's certificate is "/C=EN/O=AdGuard/CN=AdGuard Personal CA". # The filename is then . where is an integer to disambiguate # different certs with the same hash (e.g. when the same cert is installed repeatedly). # # Due to https://github.com/AdguardTeam/AdguardForAndroid/issues/2108 -# 1. Retrieve the most recent primary and intermediate certificates with our hash from the user store. -# It is assumed that the last installed AdGuard's certs are the correct ones. -# 2. Check the existence of AdGuard's intermediate certificate. If the certificate is not present, -# the steps 3 and 4 will be skipped. -# 3. Copy the primary AdGuard certificate to the system store under the name ".0". +# 1. Retrieve the most recent certificate with our hash from the user store. +# It is assumed that the last installed AdGuard's cert is the correct one. +# 2. Copy the AdGuard certificate to the system store under the name ".0". # Note that some apps may ignore other certs. -# 4. Remove all certs with our hash from the `cacerts-removed` directory. +# 3. Remove all certs with our hash from the `cacerts-removed` directory. # They get there if a certificate is "disabled" in the security settings. # Apps will reject certs that are in the `cacerts-removed`. AG_CERT_HASH=0f4ed297 -AG_INTERMEDIATE_CERT_HASH=47ec1af8 AG_CERT_FILE=$(ls /data/misc/user/*/cacerts-added/${AG_CERT_HASH}.* | (IFS=.; while read -r left right; do echo $right $left.$right; done) | sort -nr | (read -r left right; echo $right)) -AG_INTERMEDIATE_CERT_FILE=$(ls /data/misc/user/*/cacerts-added/${AG_INTERMEDIATE_CERT_HASH}.* | (IFS=.; while read -r left right; do echo $right $left.$right; done) | sort -nr | (read -r left right; echo $right)) -if [ -e "${AG_CERT_FILE}" ] && [ -e "${AG_INTERMEDIATE_CERT_FILE}" ]; then +if [ -e "${AG_CERT_FILE}" ]; then cp -f ${AG_CERT_FILE} ${MODDIR}/system/etc/security/cacerts/${AG_CERT_HASH}.0 rm -f /data/misc/user/*/cacerts-removed/${AG_CERT_HASH}.* fi