Resolve side-channel detection from com.reveny.nativecheck

daemon/src/main/kotlin/org/matrix/vector/daemon/ipc/ManagerService.kt

@@ -239,8 +239,8 @@ object ManagerService : ILSPManagerService.Stub() {
   override fun isVerboseLog() = PreferenceStore.isVerboseLogEnabled() || BuildConfig.DEBUG
 
   override fun setVerboseLog(enabled: Boolean) {
-    if (isVerboseLog()) LogcatMonitor.startVerbose() else LogcatMonitor.stopVerbose()
     PreferenceStore.setVerboseLog(enabled)
+    if (isVerboseLog()) LogcatMonitor.startVerbose() else LogcatMonitor.stopVerbose()
   }
 
   override fun getVerboseLog() =

zygisk/src/main/cpp/ipc_bridge.cpp

@@ -476,8 +476,11 @@ jboolean IPCBridge::ExecTransact_Replace(jboolean *res, JNIEnv *env, jobject obj
         if (*res == JNI_FALSE) {
             uint64_t caller_id = BinderCaller::GetId();
             if (caller_id != 0) {
+                // LOGV("Caller {} rejected by bridge service.", caller_id);
                 g_last_failed_id.store(caller_id, std::memory_order_relaxed);
             }
+        } else {
+            g_last_failed_id.store(~0, std::memory_order_relaxed);
         }
         return true;  // Return true to indicate we handled the call.
     }
@@ -486,23 +489,17 @@ jboolean IPCBridge::ExecTransact_Replace(jboolean *res, JNIEnv *env, jobject obj
 
 jboolean JNICALL IPCBridge::CallBooleanMethodV_Hook(JNIEnv *env, jobject obj, jmethodID methodId,
                                                     va_list args) {
-    uint64_t current_caller_id = BinderCaller::GetId();
-    if (current_caller_id != 0) {
-        uint64_t last_failed = g_last_failed_id.load(std::memory_order_relaxed);
-        // If this caller is the one that just failed,
-        // skip interception and go straight to the original function.
-        if (current_caller_id == last_failed) {
-            // We "consume" the failed state by resetting it, so the *next* call is not skipped.
-            g_last_failed_id.store(~0, std::memory_order_relaxed);
-            return GetInstance().call_boolean_method_v_backup_(env, obj, methodId, args);
-        }
-    }
-
     // Check if the method being called is the one we want to intercept: Binder.execTransact()
     if (methodId == GetInstance().exec_transact_backup_method_id_) {
+        uint64_t current_caller_id = BinderCaller::GetId();
+
         jboolean res = false;
         // Attempt to handle the transaction with our replacement logic.
-        if (ExecTransact_Replace(&res, env, obj, args)) {
+        if (current_caller_id != 0 &&
+            // If this caller is the one that just failed,
+            // skip interception and go straight to the original function.
+            current_caller_id != g_last_failed_id.load(std::memory_order_relaxed) &&
+            ExecTransact_Replace(&res, env, obj, args)) {
             return res;  // If we handled it, return the result directly.
         }
         // If not handled, fall through to call the original method.

zygisk/src/main/cpp/module.cpp

@@ -288,7 +288,7 @@ void VectorModule::preAppSpecialize(zygisk::AppSpecializeArgs *args) {
     if ((app_id >= FIRST_ISOLATED_UID && app_id <= LAST_ISOLATED_UID) ||
         (app_id >= FIRST_APP_ZYGOTE_ISOLATED_UID && app_id <= LAST_APP_ZYGOTE_ISOLATED_UID) ||
         app_id == SHARED_RELRO_UID) {
-        LOGV("Skipping injection for '{}': is an isolated process (UID: %d).", nice_name_str.get(),
+        LOGV("Skipping injection for '{}': is an isolated process (UID: {}).", nice_name_str.get(),
              app_id);
         return;
     }