46 lines
1.5 KiB
Bash
46 lines
1.5 KiB
Bash
|
#!/system/bin/sh
|
||
|
|
# Vigil — post-fs-data stage (runs before Zygote/apps)
|
||
|
|
# This is the earliest stage — used for file integrity checks and forensic shield
|
||
|
|
|
||
|
|
MODDIR="${0%/*}"
|
||
|
|
VIGIL_DATA="/data/adb/vigil"
|
||
|
|
VIGIL_LIB="$MODDIR/vigil/lib"
|
||
|
|
VIGIL_LOG="$VIGIL_DATA/vigil.log"
|
||
|
|
|
||
|
|
log_vigil() {
|
||
|
|
echo "[$(date '+%Y-%m-%d %H:%M:%S')] [post-fs] $1" >> "$VIGIL_LOG"
|
||
|
|
}
|
||
|
|
|
||
|
|
log_vigil "Vigil post-fs-data stage starting"
|
||
|
|
|
||
|
|
# Load config
|
||
|
|
[ -f "$VIGIL_DATA/vigil.conf" ] && . "$VIGIL_DATA/vigil.conf"
|
||
|
|
|
||
|
|
# --- FILE INTEGRITY CHECK (FrostGuard) ---
|
||
|
|
# Check critical system files before anything else loads
|
||
|
|
if [ "${FROSTGUARD_ENABLED:-1}" = "1" ]; then
|
||
|
|
log_vigil "FrostGuard: Running early integrity check"
|
||
|
|
"$VIGIL_LIB/integrity.sh" verify-critical 2>/dev/null
|
||
|
|
INTEGRITY_RESULT=$?
|
||
|
|
if [ $INTEGRITY_RESULT -ne 0 ]; then
|
||
|
|
log_vigil "FrostGuard: INTEGRITY VIOLATION DETECTED (code: $INTEGRITY_RESULT)"
|
||
|
|
# Write alert for daemon to pick up
|
||
|
|
echo "integrity_violation:$(date +%s):post-fs-data" >> "$VIGIL_DATA/alerts/pending"
|
||
|
|
fi
|
||
|
|
fi
|
||
|
|
|
||
|
|
# --- FORENSIC SHIELD: Early USB monitoring ---
|
||
|
|
# Disable ADB if forensic shield is in lockdown mode
|
||
|
|
if [ -f "$VIGIL_DATA/.lockdown" ]; then
|
||
|
|
log_vigil "LOCKDOWN MODE: Disabling ADB and USB debugging"
|
||
|
|
settings put global adb_enabled 0 2>/dev/null
|
||
|
|
setprop persist.sys.usb.config "charging" 2>/dev/null
|
||
|
|
fi
|
||
|
|
|
||
|
|
# --- ANTI-FORENSIC: Disable safe boot if configured ---
|
||
|
|
if [ "${BLOCK_SAFE_MODE:-1}" = "1" ]; then
|
||
|
|
settings put global safe_boot_disallowed 1 2>/dev/null
|
||
|
|
fi
|
||
|
|
|
||
|
|
log_vigil "Vigil post-fs-data stage complete"
|