Hook not called for android.app.ActivityManagerProxy.clearApplicationU serData

11 posts
Thanks Meter: 2
By cweiske, Junior Member on 29th January 2020, 05:42 PM
Post Reply Email Thread
Square Enix's Final Fantasy 3 is known to crash when any xposed modules are enabled.
I would like to work around the problem by preventing the failing method to be called at all.

When starting FF3, it crashes with:
    java.lang.SecurityException: 1317 does not have permission:android.permission.CLEAR_APP_USER_DATA to clear datafor process:org.example.xposed.module
        at android.os.Parcel.readException(Parcel.java:1425)
        at android.os.Parcel.readException(Parcel.java:1379)
        at android.app.ActivityManagerProxy.clearApplicationUserData(ActivityManagerNative.java:2889)
        at com.android.commands.pm.Pm.runClear(Pm.java:1126)
        at com.android.commands.pm.Pm.run(Pm.java:116)
        at com.android.commands.pm.Pm.main(Pm.java:75)
        at com.android.internal.os.RuntimeInit.nativeFinishInit(Native Method)
        at com.android.internal.os.RuntimeInit.main(RuntimeInit.java:235)
        at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:135)
        at dalvik.system.NativeStart.main(Native Method)
Now I would like to make "android.app.ActivityManagerProxy.clearApplicationU serData" simply return true if the package name is one of the xposed modules that are running here.

I tried that with:
    public void initZygote(StartupParam startupParam) throws Throwable
            "android.app.ActivityManagerProxy", null, "clearApplicationUserData",
            String.class, "android.content.pm.IPackageDataObserver", int.class,
            new XC_MethodHook() {
                protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
Unfortunately, the method is never called (I do not see the log message), and the crash still occurs.

I tried it both in initZygote and handleLoadPackage.
I'm running on Android 4.1.2 with xposed v50 (bridge v47).

Am I missing something? Does "android.app.ActivityManagerProxy" need some special handling/registration?
29th January 2020, 11:19 PM |#2  
OP Junior Member
Thanks Meter: 2
Hooking into command line tools needs IXposedHookCmdInit which is not supported anymore:
30th January 2020, 09:41 PM |#3  
OP Junior Member
Thanks Meter: 2
@rovo89 wrote

Only two modules used it, both got rid of it without any loss of functionality.

This here is an exception: The command init hook is needed, because ActivityManagerProxy.clearApplicationUserData() already does security checks before it hands the command off to PackageManagerService.clearApplicationUserData.

So I had to go the hard way and find an old XposedBridgeApi-52.jar that let me compile an xposed module with IXposedHookCmdInit and initCmdApp inside it, just to hook into the clearApplicationUserData used by the "pm" cli tool.

It actually worked and I can now run "pm clear mypackage" from every user and always get a "success" message.

Unfortunately, Final Fantasy 3 still exits:

I/Xposed: clearApplicationUserData: de.cweiske.ouya.plainpurchases
D/AndroidRuntime: Shutting down VM
I/AndroidRuntime: NOTE: attach of thread 'Binder_3' failed
D/dalvikvm: JIT code cache reset in 0 ms (86452 bytes 1/0)
D/dalvikvm: Debugger has detached; object registry had 1 entries
D/Zygote: Process 1572 exited cleanly (1)
I/ActivityManager: Process com.square_enix.android_OUYA.FFIII (pid 1572) has died.
W/ActivityManager: Force removing ActivityRecord{420f33f0 com.square_enix.android_OUYA.FFIII/com.square_enix.FFIII_J.MainActivity}: app died, no saved state

I am beginning to think that the lib is Square Enix' xposed protection, and that the forced crash was only a red herring so that I could waste time
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes