2023-06-06 17:11:42 -07:00
|
|
|
#include <sys/mman.h>
|
2019-06-23 03:53:41 -07:00
|
|
|
#include <sys/sendfile.h>
|
2022-12-27 02:01:45 +08:00
|
|
|
#include <sys/sysmacros.h>
|
2019-06-23 03:53:41 -07:00
|
|
|
#include <linux/fs.h>
|
2017-10-12 02:57:18 +08:00
|
|
|
#include <fcntl.h>
|
|
|
|
#include <unistd.h>
|
2017-11-27 15:37:28 +08:00
|
|
|
#include <libgen.h>
|
2017-10-14 21:10:22 +08:00
|
|
|
|
2022-05-12 02:03:42 -07:00
|
|
|
#include <base.hpp>
|
2017-10-12 02:57:18 +08:00
|
|
|
|
2019-01-19 23:59:37 -05:00
|
|
|
using namespace std;
|
|
|
|
|
2019-03-14 06:34:22 -04:00
|
|
|
int fd_pathat(int dirfd, const char *name, char *path, size_t size) {
|
2023-06-07 16:49:40 -07:00
|
|
|
if (fd_path(dirfd, byte_data(path, size)) < 0)
|
2020-12-30 22:11:24 -08:00
|
|
|
return -1;
|
|
|
|
auto len = strlen(path);
|
|
|
|
path[len] = '/';
|
2022-09-15 01:17:05 -07:00
|
|
|
strscpy(path + len + 1, name, size - len - 1);
|
2020-12-30 22:11:24 -08:00
|
|
|
return 0;
|
2017-10-12 02:57:18 +08:00
|
|
|
}
|
|
|
|
|
2022-06-17 02:36:04 -07:00
|
|
|
void full_read(int fd, string &str) {
|
2020-12-30 22:11:24 -08:00
|
|
|
char buf[4096];
|
|
|
|
for (ssize_t len; (len = xread(fd, buf, sizeof(buf))) > 0;)
|
|
|
|
str.insert(str.end(), buf, buf + len);
|
Introduce new sepolicy injection mechanism
In the current implementation, Magisk will either have to recreate
all early mount implementation (for legacy SAR and rootfs devices) or
delegate early mount to first stage init (for 2SI devices) to access
required partitions for loading sepolicy. It then has to recreate the
split sepolicy loading implementation in-house, apply patches, then
dump the compiled + patched policies into monolithic format somewhere.
Finally, it patches the original init to force it to load the sepolicy
file we just created.
With the increasing complexity involved in early mount and split
sepolicy (there is even APEX module involved in the future!),
it is about time to rethink Magisk's sepolicy strategy as rebuilding
init's functionality is not scalable and easy to maintain.
In this commit, instead of building sepolicy ourselves, we mock
selinuxfs with FIFO files connected to a pre-init daemon, waiting
for the actual init process to directly write the sepolicy file into
MagiskInit. We then patch the file and load it into the kernel. Some
FIFO tricks has to be used to hijack the original init process's
control flow and prevent race conditions, details are directly in the
comments in code.
At the moment, only system-as-root (read-only root) support is added.
Support for legacy rootfs devices will come with a follow up commit.
2022-03-16 00:31:53 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
void full_read(const char *filename, string &str) {
|
|
|
|
if (int fd = xopen(filename, O_RDONLY | O_CLOEXEC); fd >= 0) {
|
2022-06-17 02:36:04 -07:00
|
|
|
full_read(fd, str);
|
Introduce new sepolicy injection mechanism
In the current implementation, Magisk will either have to recreate
all early mount implementation (for legacy SAR and rootfs devices) or
delegate early mount to first stage init (for 2SI devices) to access
required partitions for loading sepolicy. It then has to recreate the
split sepolicy loading implementation in-house, apply patches, then
dump the compiled + patched policies into monolithic format somewhere.
Finally, it patches the original init to force it to load the sepolicy
file we just created.
With the increasing complexity involved in early mount and split
sepolicy (there is even APEX module involved in the future!),
it is about time to rethink Magisk's sepolicy strategy as rebuilding
init's functionality is not scalable and easy to maintain.
In this commit, instead of building sepolicy ourselves, we mock
selinuxfs with FIFO files connected to a pre-init daemon, waiting
for the actual init process to directly write the sepolicy file into
MagiskInit. We then patch the file and load it into the kernel. Some
FIFO tricks has to be used to hijack the original init process's
control flow and prevent race conditions, details are directly in the
comments in code.
At the moment, only system-as-root (read-only root) support is added.
Support for legacy rootfs devices will come with a follow up commit.
2022-03-16 00:31:53 -07:00
|
|
|
close(fd);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-06-17 02:36:04 -07:00
|
|
|
string full_read(int fd) {
|
Introduce new sepolicy injection mechanism
In the current implementation, Magisk will either have to recreate
all early mount implementation (for legacy SAR and rootfs devices) or
delegate early mount to first stage init (for 2SI devices) to access
required partitions for loading sepolicy. It then has to recreate the
split sepolicy loading implementation in-house, apply patches, then
dump the compiled + patched policies into monolithic format somewhere.
Finally, it patches the original init to force it to load the sepolicy
file we just created.
With the increasing complexity involved in early mount and split
sepolicy (there is even APEX module involved in the future!),
it is about time to rethink Magisk's sepolicy strategy as rebuilding
init's functionality is not scalable and easy to maintain.
In this commit, instead of building sepolicy ourselves, we mock
selinuxfs with FIFO files connected to a pre-init daemon, waiting
for the actual init process to directly write the sepolicy file into
MagiskInit. We then patch the file and load it into the kernel. Some
FIFO tricks has to be used to hijack the original init process's
control flow and prevent race conditions, details are directly in the
comments in code.
At the moment, only system-as-root (read-only root) support is added.
Support for legacy rootfs devices will come with a follow up commit.
2022-03-16 00:31:53 -07:00
|
|
|
string str;
|
2022-06-17 02:36:04 -07:00
|
|
|
full_read(fd, str);
|
2020-12-30 22:11:24 -08:00
|
|
|
return str;
|
2020-04-25 23:19:36 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
string full_read(const char *filename) {
|
Introduce new sepolicy injection mechanism
In the current implementation, Magisk will either have to recreate
all early mount implementation (for legacy SAR and rootfs devices) or
delegate early mount to first stage init (for 2SI devices) to access
required partitions for loading sepolicy. It then has to recreate the
split sepolicy loading implementation in-house, apply patches, then
dump the compiled + patched policies into monolithic format somewhere.
Finally, it patches the original init to force it to load the sepolicy
file we just created.
With the increasing complexity involved in early mount and split
sepolicy (there is even APEX module involved in the future!),
it is about time to rethink Magisk's sepolicy strategy as rebuilding
init's functionality is not scalable and easy to maintain.
In this commit, instead of building sepolicy ourselves, we mock
selinuxfs with FIFO files connected to a pre-init daemon, waiting
for the actual init process to directly write the sepolicy file into
MagiskInit. We then patch the file and load it into the kernel. Some
FIFO tricks has to be used to hijack the original init process's
control flow and prevent race conditions, details are directly in the
comments in code.
At the moment, only system-as-root (read-only root) support is added.
Support for legacy rootfs devices will come with a follow up commit.
2022-03-16 00:31:53 -07:00
|
|
|
string str;
|
|
|
|
full_read(filename, str);
|
|
|
|
return str;
|
2020-04-25 23:19:36 -07:00
|
|
|
}
|
|
|
|
|
2017-11-10 01:51:41 +08:00
|
|
|
void write_zero(int fd, size_t size) {
|
2020-12-30 22:11:24 -08:00
|
|
|
char buf[4096] = {0};
|
|
|
|
size_t len;
|
|
|
|
while (size > 0) {
|
|
|
|
len = sizeof(buf) > size ? size : sizeof(buf);
|
|
|
|
write(fd, buf, len);
|
|
|
|
size -= len;
|
|
|
|
}
|
2017-11-10 01:51:41 +08:00
|
|
|
}
|
2018-11-03 03:06:01 -04:00
|
|
|
|
Introduce new sepolicy injection mechanism
In the current implementation, Magisk will either have to recreate
all early mount implementation (for legacy SAR and rootfs devices) or
delegate early mount to first stage init (for 2SI devices) to access
required partitions for loading sepolicy. It then has to recreate the
split sepolicy loading implementation in-house, apply patches, then
dump the compiled + patched policies into monolithic format somewhere.
Finally, it patches the original init to force it to load the sepolicy
file we just created.
With the increasing complexity involved in early mount and split
sepolicy (there is even APEX module involved in the future!),
it is about time to rethink Magisk's sepolicy strategy as rebuilding
init's functionality is not scalable and easy to maintain.
In this commit, instead of building sepolicy ourselves, we mock
selinuxfs with FIFO files connected to a pre-init daemon, waiting
for the actual init process to directly write the sepolicy file into
MagiskInit. We then patch the file and load it into the kernel. Some
FIFO tricks has to be used to hijack the original init process's
control flow and prevent race conditions, details are directly in the
comments in code.
At the moment, only system-as-root (read-only root) support is added.
Support for legacy rootfs devices will come with a follow up commit.
2022-03-16 00:31:53 -07:00
|
|
|
void file_readline(bool trim, FILE *fp, const function<bool(string_view)> &fn) {
|
2020-12-30 22:11:24 -08:00
|
|
|
size_t len = 1024;
|
|
|
|
char *buf = (char *) malloc(len);
|
|
|
|
char *start;
|
|
|
|
ssize_t read;
|
|
|
|
while ((read = getline(&buf, &len, fp)) >= 0) {
|
|
|
|
start = buf;
|
|
|
|
if (trim) {
|
|
|
|
while (read && "\n\r "sv.find(buf[read - 1]) != string::npos)
|
|
|
|
--read;
|
|
|
|
buf[read] = '\0';
|
|
|
|
while (*start == ' ')
|
|
|
|
++start;
|
|
|
|
}
|
|
|
|
if (!fn(start))
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
free(buf);
|
2018-11-03 03:06:01 -04:00
|
|
|
}
|
2019-03-05 20:27:09 -05:00
|
|
|
|
2022-06-19 00:43:27 -07:00
|
|
|
void file_readline(bool trim, const char *file, const function<bool(string_view)> &fn) {
|
|
|
|
if (auto fp = open_file(file, "re"))
|
|
|
|
file_readline(trim, fp.get(), fn);
|
|
|
|
}
|
|
|
|
void file_readline(const char *file, const function<bool(string_view)> &fn) {
|
|
|
|
file_readline(false, file, fn);
|
|
|
|
}
|
|
|
|
|
|
|
|
void parse_prop_file(FILE *fp, const function<bool(string_view, string_view)> &fn) {
|
|
|
|
file_readline(true, fp, [&](string_view line_view) -> bool {
|
2020-12-30 22:11:24 -08:00
|
|
|
char *line = (char *) line_view.data();
|
|
|
|
if (line[0] == '#')
|
|
|
|
return true;
|
|
|
|
char *eql = strchr(line, '=');
|
|
|
|
if (eql == nullptr || eql == line)
|
|
|
|
return true;
|
|
|
|
*eql = '\0';
|
|
|
|
return fn(line, eql + 1);
|
|
|
|
});
|
2019-03-05 20:27:09 -05:00
|
|
|
}
|
2019-06-23 03:53:41 -07:00
|
|
|
|
2022-06-19 00:43:27 -07:00
|
|
|
void parse_prop_file(const char *file, const function<bool(string_view, string_view)> &fn) {
|
|
|
|
if (auto fp = open_file(file, "re"))
|
|
|
|
parse_prop_file(fp.get(), fn);
|
|
|
|
}
|
|
|
|
|
2022-12-27 02:01:45 +08:00
|
|
|
std::vector<mount_info> parse_mount_info(const char *pid) {
|
|
|
|
char buf[PATH_MAX] = {};
|
|
|
|
ssprintf(buf, sizeof(buf), "/proc/%s/mountinfo", pid);
|
|
|
|
std::vector<mount_info> result;
|
|
|
|
|
|
|
|
file_readline(buf, [&result](string_view line) -> bool {
|
|
|
|
int root_start = 0, root_end = 0;
|
|
|
|
int target_start = 0, target_end = 0;
|
|
|
|
int vfs_option_start = 0, vfs_option_end = 0;
|
|
|
|
int type_start = 0, type_end = 0;
|
|
|
|
int source_start = 0, source_end = 0;
|
|
|
|
int fs_option_start = 0, fs_option_end = 0;
|
|
|
|
int optional_start = 0, optional_end = 0;
|
|
|
|
unsigned int id, parent, maj, min;
|
|
|
|
sscanf(line.data(),
|
|
|
|
"%u " // (1) id
|
|
|
|
"%u " // (2) parent
|
|
|
|
"%u:%u " // (3) maj:min
|
|
|
|
"%n%*s%n " // (4) mountroot
|
|
|
|
"%n%*s%n " // (5) target
|
|
|
|
"%n%*s%n" // (6) vfs options (fs-independent)
|
|
|
|
"%n%*[^-]%n - " // (7) optional fields
|
|
|
|
"%n%*s%n " // (8) FS type
|
|
|
|
"%n%*s%n " // (9) source
|
|
|
|
"%n%*s%n", // (10) fs options (fs specific)
|
|
|
|
&id, &parent, &maj, &min, &root_start, &root_end, &target_start,
|
|
|
|
&target_end, &vfs_option_start, &vfs_option_end,
|
|
|
|
&optional_start, &optional_end, &type_start, &type_end,
|
|
|
|
&source_start, &source_end, &fs_option_start, &fs_option_end);
|
|
|
|
|
|
|
|
auto root = line.substr(root_start, root_end - root_start);
|
|
|
|
auto target = line.substr(target_start, target_end - target_start);
|
|
|
|
auto vfs_option =
|
|
|
|
line.substr(vfs_option_start, vfs_option_end - vfs_option_start);
|
|
|
|
++optional_start;
|
|
|
|
--optional_end;
|
|
|
|
auto optional = line.substr(
|
|
|
|
optional_start,
|
|
|
|
optional_end - optional_start > 0 ? optional_end - optional_start : 0);
|
|
|
|
|
|
|
|
auto type = line.substr(type_start, type_end - type_start);
|
|
|
|
auto source = line.substr(source_start, source_end - source_start);
|
|
|
|
auto fs_option =
|
|
|
|
line.substr(fs_option_start, fs_option_end - fs_option_start);
|
|
|
|
|
|
|
|
unsigned int shared = 0;
|
|
|
|
unsigned int master = 0;
|
|
|
|
unsigned int propagate_from = 0;
|
|
|
|
if (auto pos = optional.find("shared:"); pos != std::string_view::npos) {
|
|
|
|
shared = parse_int(optional.substr(pos + 7));
|
|
|
|
}
|
|
|
|
if (auto pos = optional.find("master:"); pos != std::string_view::npos) {
|
|
|
|
master = parse_int(optional.substr(pos + 7));
|
|
|
|
}
|
|
|
|
if (auto pos = optional.find("propagate_from:");
|
|
|
|
pos != std::string_view::npos) {
|
|
|
|
propagate_from = parse_int(optional.substr(pos + 15));
|
|
|
|
}
|
|
|
|
|
|
|
|
result.emplace_back(mount_info {
|
|
|
|
.id = id,
|
|
|
|
.parent = parent,
|
|
|
|
.device = static_cast<dev_t>(makedev(maj, min)),
|
|
|
|
.root {root},
|
|
|
|
.target {target},
|
|
|
|
.vfs_option {vfs_option},
|
|
|
|
.optional {
|
|
|
|
.shared = shared,
|
|
|
|
.master = master,
|
|
|
|
.propagate_from = propagate_from,
|
|
|
|
},
|
|
|
|
.type {type},
|
|
|
|
.source {source},
|
|
|
|
.fs_option {fs_option},
|
|
|
|
});
|
|
|
|
return true;
|
|
|
|
});
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
2020-12-03 20:15:18 -08:00
|
|
|
sDIR make_dir(DIR *dp) {
|
2020-12-30 22:11:24 -08:00
|
|
|
return sDIR(dp, [](DIR *dp){ return dp ? closedir(dp) : 1; });
|
2020-12-03 20:15:18 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
sFILE make_file(FILE *fp) {
|
2020-12-30 22:11:24 -08:00
|
|
|
return sFILE(fp, [](FILE *fp){ return fp ? fclose(fp) : 1; });
|
2020-12-03 20:15:18 -08:00
|
|
|
}
|
2021-01-12 22:50:55 -08:00
|
|
|
|
2021-11-30 01:50:55 -08:00
|
|
|
mmap_data::mmap_data(const char *name, bool rw) {
|
2023-06-12 01:07:43 -07:00
|
|
|
auto slice = rust::map_file(byte_view(name), rw);
|
|
|
|
if (!slice.empty()) {
|
|
|
|
_buf = slice.data();
|
|
|
|
_sz = slice.size();
|
2021-11-30 01:50:55 -08:00
|
|
|
}
|
2023-06-06 17:11:42 -07:00
|
|
|
}
|
|
|
|
|
2023-06-12 01:07:43 -07:00
|
|
|
mmap_data::mmap_data(int fd, size_t sz, bool rw) {
|
|
|
|
auto slice = rust::map_fd(fd, sz, rw);
|
|
|
|
if (!slice.empty()) {
|
|
|
|
_buf = slice.data();
|
|
|
|
_sz = slice.size();
|
|
|
|
}
|
2021-01-12 22:50:55 -08:00
|
|
|
}
|
2022-04-08 18:03:58 +08:00
|
|
|
|
2023-06-06 17:11:42 -07:00
|
|
|
mmap_data::~mmap_data() {
|
|
|
|
if (_buf)
|
|
|
|
munmap(_buf, _sz);
|
|
|
|
}
|
|
|
|
|
2023-03-16 04:07:00 -07:00
|
|
|
string resolve_preinit_dir(const char *base_dir) {
|
|
|
|
string dir = base_dir;
|
|
|
|
if (access((dir + "/unencrypted").data(), F_OK) == 0) {
|
|
|
|
dir += "/unencrypted/magisk";
|
|
|
|
} else if (access((dir + "/adb").data(), F_OK) == 0) {
|
|
|
|
dir += "/adb/modules";
|
2023-03-08 14:42:54 +08:00
|
|
|
} else {
|
2023-03-16 04:07:00 -07:00
|
|
|
dir += "/magisk";
|
2023-03-08 14:42:54 +08:00
|
|
|
}
|
2023-03-16 04:07:00 -07:00
|
|
|
return dir;
|
2023-03-08 14:42:54 +08:00
|
|
|
}
|