2019-06-23 03:53:41 -07:00
|
|
|
#include <sys/sendfile.h>
|
|
|
|
#include <linux/fs.h>
|
2017-10-12 02:57:18 +08:00
|
|
|
#include <fcntl.h>
|
|
|
|
#include <unistd.h>
|
2017-11-27 15:37:28 +08:00
|
|
|
#include <libgen.h>
|
2017-10-14 21:10:22 +08:00
|
|
|
|
2022-05-12 02:03:42 -07:00
|
|
|
#include <base.hpp>
|
2020-03-09 01:50:30 -07:00
|
|
|
#include <selinux.hpp>
|
2017-10-12 02:57:18 +08:00
|
|
|
|
2019-01-19 23:59:37 -05:00
|
|
|
using namespace std;
|
|
|
|
|
2019-03-14 06:34:22 -04:00
|
|
|
ssize_t fd_path(int fd, char *path, size_t size) {
|
2020-12-30 22:11:24 -08:00
|
|
|
snprintf(path, size, "/proc/self/fd/%d", fd);
|
|
|
|
return xreadlink(path, path, size);
|
2018-07-13 05:41:29 +08:00
|
|
|
}
|
|
|
|
|
2019-03-14 06:34:22 -04:00
|
|
|
int fd_pathat(int dirfd, const char *name, char *path, size_t size) {
|
2020-12-30 22:11:24 -08:00
|
|
|
if (fd_path(dirfd, path, size) < 0)
|
|
|
|
return -1;
|
|
|
|
auto len = strlen(path);
|
|
|
|
path[len] = '/';
|
|
|
|
strlcpy(path + len + 1, name, size - len - 1);
|
|
|
|
return 0;
|
2017-10-14 21:10:22 +08:00
|
|
|
}
|
|
|
|
|
2021-09-16 05:27:34 -07:00
|
|
|
int mkdirs(string path, mode_t mode) {
|
2020-12-30 22:11:24 -08:00
|
|
|
errno = 0;
|
|
|
|
for (char *p = path.data() + 1; *p; ++p) {
|
|
|
|
if (*p == '/') {
|
|
|
|
*p = '\0';
|
|
|
|
if (mkdir(path.data(), mode) == -1) {
|
|
|
|
if (errno != EEXIST)
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
*p = '/';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (mkdir(path.data(), mode) == -1) {
|
|
|
|
if (errno != EEXIST)
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return 0;
|
2017-10-12 02:57:18 +08:00
|
|
|
}
|
|
|
|
|
2020-11-03 01:16:55 -08:00
|
|
|
template <typename Func>
|
|
|
|
static void post_order_walk(int dirfd, const Func &fn) {
|
2020-12-30 22:11:24 -08:00
|
|
|
auto dir = xopen_dir(dirfd);
|
|
|
|
if (!dir) return;
|
2017-10-12 02:57:18 +08:00
|
|
|
|
2020-12-30 22:11:24 -08:00
|
|
|
for (dirent *entry; (entry = xreaddir(dir.get()));) {
|
|
|
|
if (entry->d_type == DT_DIR)
|
|
|
|
post_order_walk(xopenat(dirfd, entry->d_name, O_RDONLY | O_CLOEXEC), fn);
|
|
|
|
fn(dirfd, entry);
|
|
|
|
}
|
2017-12-07 03:21:13 +08:00
|
|
|
}
|
|
|
|
|
2022-05-11 17:07:58 -07:00
|
|
|
enum walk_result {
|
|
|
|
CONTINUE, SKIP, ABORT
|
2022-04-08 18:03:58 +08:00
|
|
|
};
|
|
|
|
|
2020-11-03 01:16:55 -08:00
|
|
|
template <typename Func>
|
2022-05-11 17:07:58 -07:00
|
|
|
static walk_result pre_order_walk(int dirfd, const Func &fn) {
|
2020-12-30 22:11:24 -08:00
|
|
|
auto dir = xopen_dir(dirfd);
|
2022-04-08 18:03:58 +08:00
|
|
|
if (!dir) {
|
|
|
|
close(dirfd);
|
|
|
|
return SKIP;
|
|
|
|
}
|
2020-04-12 13:38:57 -07:00
|
|
|
|
2020-12-30 22:11:24 -08:00
|
|
|
for (dirent *entry; (entry = xreaddir(dir.get()));) {
|
2022-04-08 18:03:58 +08:00
|
|
|
switch (fn(dirfd, entry)) {
|
2022-05-11 17:07:58 -07:00
|
|
|
case CONTINUE:
|
|
|
|
break;
|
|
|
|
case SKIP:
|
|
|
|
continue;
|
|
|
|
case ABORT:
|
|
|
|
return ABORT;
|
2022-04-08 18:03:58 +08:00
|
|
|
}
|
|
|
|
if (entry->d_type == DT_DIR) {
|
|
|
|
int fd = xopenat(dirfd, entry->d_name, O_RDONLY | O_CLOEXEC);
|
2022-05-11 17:07:58 -07:00
|
|
|
if (pre_order_walk(fd, fn) == ABORT)
|
|
|
|
return ABORT;
|
2022-04-08 18:03:58 +08:00
|
|
|
}
|
2020-12-30 22:11:24 -08:00
|
|
|
}
|
2022-04-08 18:03:58 +08:00
|
|
|
return CONTINUE;
|
2020-04-12 13:38:57 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
static void remove_at(int dirfd, struct dirent *entry) {
|
2020-12-30 22:11:24 -08:00
|
|
|
unlinkat(dirfd, entry->d_name, entry->d_type == DT_DIR ? AT_REMOVEDIR : 0);
|
2019-03-31 06:32:33 -04:00
|
|
|
}
|
|
|
|
|
2017-12-07 03:21:13 +08:00
|
|
|
void rm_rf(const char *path) {
|
2020-12-30 22:11:24 -08:00
|
|
|
struct stat st;
|
|
|
|
if (lstat(path, &st) < 0)
|
|
|
|
return;
|
|
|
|
if (S_ISDIR(st.st_mode))
|
|
|
|
frm_rf(xopen(path, O_RDONLY | O_CLOEXEC));
|
|
|
|
remove(path);
|
2017-12-07 03:21:13 +08:00
|
|
|
}
|
|
|
|
|
2020-04-01 23:37:11 -07:00
|
|
|
void frm_rf(int dirfd) {
|
2020-12-30 22:11:24 -08:00
|
|
|
post_order_walk(dirfd, remove_at);
|
2017-12-07 03:21:13 +08:00
|
|
|
}
|
|
|
|
|
2020-04-02 02:17:45 -07:00
|
|
|
void mv_path(const char *src, const char *dest) {
|
2020-12-30 22:11:24 -08:00
|
|
|
file_attr attr;
|
|
|
|
getattr(src, &attr);
|
|
|
|
if (S_ISDIR(attr.st.st_mode)) {
|
|
|
|
if (access(dest, F_OK) != 0) {
|
|
|
|
xmkdirs(dest, 0);
|
|
|
|
setattr(dest, &attr);
|
|
|
|
}
|
|
|
|
mv_dir(xopen(src, O_RDONLY | O_CLOEXEC), xopen(dest, O_RDONLY | O_CLOEXEC));
|
|
|
|
} else{
|
|
|
|
xrename(src, dest);
|
|
|
|
}
|
|
|
|
rmdir(src);
|
2017-10-12 02:57:18 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
void mv_dir(int src, int dest) {
|
2020-12-30 22:11:24 -08:00
|
|
|
auto dir = xopen_dir(src);
|
|
|
|
run_finally f([=]{ close(dest); });
|
|
|
|
for (dirent *entry; (entry = xreaddir(dir.get()));) {
|
|
|
|
switch (entry->d_type) {
|
|
|
|
case DT_DIR:
|
2021-04-04 18:04:09 +08:00
|
|
|
if (xfaccessat(dest, entry->d_name) == 0) {
|
2020-12-30 22:11:24 -08:00
|
|
|
// Destination folder exists, needs recursive move
|
|
|
|
int newsrc = xopenat(src, entry->d_name, O_RDONLY | O_CLOEXEC);
|
|
|
|
int newdest = xopenat(dest, entry->d_name, O_RDONLY | O_CLOEXEC);
|
|
|
|
mv_dir(newsrc, newdest);
|
|
|
|
unlinkat(src, entry->d_name, AT_REMOVEDIR);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
// Else fall through
|
|
|
|
case DT_LNK:
|
|
|
|
case DT_REG:
|
|
|
|
renameat(src, entry->d_name, dest, entry->d_name);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
2017-10-12 02:57:18 +08:00
|
|
|
}
|
|
|
|
|
2020-04-02 02:17:45 -07:00
|
|
|
void cp_afc(const char *src, const char *dest) {
|
2020-12-30 22:11:24 -08:00
|
|
|
file_attr a;
|
|
|
|
getattr(src, &a);
|
|
|
|
|
|
|
|
if (S_ISDIR(a.st.st_mode)) {
|
|
|
|
xmkdirs(dest, 0);
|
|
|
|
clone_dir(xopen(src, O_RDONLY | O_CLOEXEC), xopen(dest, O_RDONLY | O_CLOEXEC));
|
|
|
|
} else{
|
|
|
|
unlink(dest);
|
|
|
|
if (S_ISREG(a.st.st_mode)) {
|
|
|
|
int sfd = xopen(src, O_RDONLY | O_CLOEXEC);
|
|
|
|
int dfd = xopen(dest, O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, 0);
|
|
|
|
xsendfile(dfd, sfd, nullptr, a.st.st_size);
|
|
|
|
close(sfd);
|
|
|
|
close(dfd);
|
|
|
|
} else if (S_ISLNK(a.st.st_mode)) {
|
|
|
|
char buf[4096];
|
|
|
|
xreadlink(src, buf, sizeof(buf));
|
|
|
|
xsymlink(buf, dest);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
setattr(dest, &a);
|
2017-10-12 02:57:18 +08:00
|
|
|
}
|
|
|
|
|
2020-04-02 02:17:45 -07:00
|
|
|
void clone_dir(int src, int dest) {
|
2020-12-30 22:11:24 -08:00
|
|
|
auto dir = xopen_dir(src);
|
|
|
|
run_finally f([&]{ close(dest); });
|
|
|
|
for (dirent *entry; (entry = xreaddir(dir.get()));) {
|
|
|
|
file_attr a;
|
|
|
|
getattrat(src, entry->d_name, &a);
|
|
|
|
switch (entry->d_type) {
|
|
|
|
case DT_DIR: {
|
|
|
|
xmkdirat(dest, entry->d_name, 0);
|
|
|
|
setattrat(dest, entry->d_name, &a);
|
|
|
|
int sfd = xopenat(src, entry->d_name, O_RDONLY | O_CLOEXEC);
|
|
|
|
int dst = xopenat(dest, entry->d_name, O_RDONLY | O_CLOEXEC);
|
|
|
|
clone_dir(sfd, dst);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
case DT_REG: {
|
|
|
|
int sfd = xopenat(src, entry->d_name, O_RDONLY | O_CLOEXEC);
|
|
|
|
int dfd = xopenat(dest, entry->d_name, O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, 0);
|
|
|
|
xsendfile(dfd, sfd, nullptr, a.st.st_size);
|
|
|
|
fsetattr(dfd, &a);
|
|
|
|
close(dfd);
|
|
|
|
close(sfd);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
case DT_LNK: {
|
|
|
|
char buf[4096];
|
|
|
|
xreadlinkat(src, entry->d_name, buf, sizeof(buf));
|
|
|
|
xsymlinkat(buf, dest, entry->d_name);
|
|
|
|
setattrat(dest, entry->d_name, &a);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2017-10-12 02:57:18 +08:00
|
|
|
}
|
|
|
|
|
2020-04-02 02:17:45 -07:00
|
|
|
void link_path(const char *src, const char *dest) {
|
2020-12-30 22:11:24 -08:00
|
|
|
link_dir(xopen(src, O_RDONLY | O_CLOEXEC), xopen(dest, O_RDONLY | O_CLOEXEC));
|
2020-04-02 02:17:45 -07:00
|
|
|
}
|
|
|
|
|
2018-02-02 03:22:38 +08:00
|
|
|
void link_dir(int src, int dest) {
|
2020-12-30 22:11:24 -08:00
|
|
|
auto dir = xopen_dir(src);
|
|
|
|
run_finally f([&]{ close(dest); });
|
|
|
|
for (dirent *entry; (entry = xreaddir(dir.get()));) {
|
|
|
|
if (entry->d_type == DT_DIR) {
|
|
|
|
file_attr a;
|
|
|
|
getattrat(src, entry->d_name, &a);
|
|
|
|
xmkdirat(dest, entry->d_name, 0);
|
|
|
|
setattrat(dest, entry->d_name, &a);
|
|
|
|
int sfd = xopenat(src, entry->d_name, O_RDONLY | O_CLOEXEC);
|
|
|
|
int dfd = xopenat(dest, entry->d_name, O_RDONLY | O_CLOEXEC);
|
|
|
|
link_dir(sfd, dfd);
|
|
|
|
} else {
|
|
|
|
xlinkat(src, entry->d_name, dest, entry->d_name, 0);
|
|
|
|
}
|
|
|
|
}
|
2018-02-02 03:22:38 +08:00
|
|
|
}
|
|
|
|
|
2020-04-02 02:17:45 -07:00
|
|
|
int getattr(const char *path, file_attr *a) {
|
2020-12-30 22:11:24 -08:00
|
|
|
if (xlstat(path, &a->st) == -1)
|
|
|
|
return -1;
|
|
|
|
char *con;
|
|
|
|
if (lgetfilecon(path, &con) == -1)
|
|
|
|
return -1;
|
|
|
|
strcpy(a->con, con);
|
|
|
|
freecon(con);
|
|
|
|
return 0;
|
2017-10-12 02:57:18 +08:00
|
|
|
}
|
|
|
|
|
2020-04-02 02:17:45 -07:00
|
|
|
int getattrat(int dirfd, const char *name, file_attr *a) {
|
2020-12-30 22:11:24 -08:00
|
|
|
char path[4096];
|
|
|
|
fd_pathat(dirfd, name, path, sizeof(path));
|
|
|
|
return getattr(path, a);
|
2017-10-12 02:57:18 +08:00
|
|
|
}
|
|
|
|
|
2020-04-02 02:17:45 -07:00
|
|
|
int fgetattr(int fd, file_attr *a) {
|
2020-12-30 22:11:24 -08:00
|
|
|
if (xfstat(fd, &a->st) < 0)
|
|
|
|
return -1;
|
|
|
|
char *con;
|
|
|
|
if (fgetfilecon(fd, &con) < 0)
|
|
|
|
return -1;
|
|
|
|
strcpy(a->con, con);
|
|
|
|
freecon(con);
|
|
|
|
return 0;
|
2017-10-12 02:57:18 +08:00
|
|
|
}
|
|
|
|
|
2020-04-02 02:17:45 -07:00
|
|
|
int setattr(const char *path, file_attr *a) {
|
2020-12-30 22:11:24 -08:00
|
|
|
if (chmod(path, a->st.st_mode & 0777) < 0)
|
|
|
|
return -1;
|
|
|
|
if (chown(path, a->st.st_uid, a->st.st_gid) < 0)
|
|
|
|
return -1;
|
|
|
|
if (a->con[0] && lsetfilecon(path, a->con) < 0)
|
|
|
|
return -1;
|
|
|
|
return 0;
|
2017-10-12 02:57:18 +08:00
|
|
|
}
|
|
|
|
|
2020-04-02 02:17:45 -07:00
|
|
|
int setattrat(int dirfd, const char *name, file_attr *a) {
|
2020-12-30 22:11:24 -08:00
|
|
|
char path[4096];
|
|
|
|
fd_pathat(dirfd, name, path, sizeof(path));
|
|
|
|
return setattr(path, a);
|
2017-10-12 02:57:18 +08:00
|
|
|
}
|
|
|
|
|
2020-04-02 02:17:45 -07:00
|
|
|
int fsetattr(int fd, file_attr *a) {
|
2020-12-30 22:11:24 -08:00
|
|
|
if (fchmod(fd, a->st.st_mode & 0777) < 0)
|
|
|
|
return -1;
|
|
|
|
if (fchown(fd, a->st.st_uid, a->st.st_gid) < 0)
|
|
|
|
return -1;
|
|
|
|
if (a->con[0] && fsetfilecon(fd, a->con) < 0)
|
|
|
|
return -1;
|
|
|
|
return 0;
|
2017-10-12 02:57:18 +08:00
|
|
|
}
|
|
|
|
|
2020-04-02 02:17:45 -07:00
|
|
|
void clone_attr(const char *src, const char *dest) {
|
2020-12-30 22:11:24 -08:00
|
|
|
file_attr a;
|
|
|
|
getattr(src, &a);
|
|
|
|
setattr(dest, &a);
|
2017-10-12 02:57:18 +08:00
|
|
|
}
|
|
|
|
|
2020-04-02 02:17:45 -07:00
|
|
|
void fclone_attr(int src, int dest) {
|
2020-12-30 22:11:24 -08:00
|
|
|
file_attr a;
|
|
|
|
fgetattr(src, &a);
|
|
|
|
fsetattr(dest, &a);
|
2017-10-12 02:57:18 +08:00
|
|
|
}
|
2017-10-12 03:39:39 +08:00
|
|
|
|
2022-06-17 02:36:04 -07:00
|
|
|
void full_read(int fd, string &str) {
|
2020-12-30 22:11:24 -08:00
|
|
|
char buf[4096];
|
|
|
|
for (ssize_t len; (len = xread(fd, buf, sizeof(buf))) > 0;)
|
|
|
|
str.insert(str.end(), buf, buf + len);
|
Introduce new sepolicy injection mechanism
In the current implementation, Magisk will either have to recreate
all early mount implementation (for legacy SAR and rootfs devices) or
delegate early mount to first stage init (for 2SI devices) to access
required partitions for loading sepolicy. It then has to recreate the
split sepolicy loading implementation in-house, apply patches, then
dump the compiled + patched policies into monolithic format somewhere.
Finally, it patches the original init to force it to load the sepolicy
file we just created.
With the increasing complexity involved in early mount and split
sepolicy (there is even APEX module involved in the future!),
it is about time to rethink Magisk's sepolicy strategy as rebuilding
init's functionality is not scalable and easy to maintain.
In this commit, instead of building sepolicy ourselves, we mock
selinuxfs with FIFO files connected to a pre-init daemon, waiting
for the actual init process to directly write the sepolicy file into
MagiskInit. We then patch the file and load it into the kernel. Some
FIFO tricks has to be used to hijack the original init process's
control flow and prevent race conditions, details are directly in the
comments in code.
At the moment, only system-as-root (read-only root) support is added.
Support for legacy rootfs devices will come with a follow up commit.
2022-03-16 00:31:53 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
void full_read(const char *filename, string &str) {
|
|
|
|
if (int fd = xopen(filename, O_RDONLY | O_CLOEXEC); fd >= 0) {
|
2022-06-17 02:36:04 -07:00
|
|
|
full_read(fd, str);
|
Introduce new sepolicy injection mechanism
In the current implementation, Magisk will either have to recreate
all early mount implementation (for legacy SAR and rootfs devices) or
delegate early mount to first stage init (for 2SI devices) to access
required partitions for loading sepolicy. It then has to recreate the
split sepolicy loading implementation in-house, apply patches, then
dump the compiled + patched policies into monolithic format somewhere.
Finally, it patches the original init to force it to load the sepolicy
file we just created.
With the increasing complexity involved in early mount and split
sepolicy (there is even APEX module involved in the future!),
it is about time to rethink Magisk's sepolicy strategy as rebuilding
init's functionality is not scalable and easy to maintain.
In this commit, instead of building sepolicy ourselves, we mock
selinuxfs with FIFO files connected to a pre-init daemon, waiting
for the actual init process to directly write the sepolicy file into
MagiskInit. We then patch the file and load it into the kernel. Some
FIFO tricks has to be used to hijack the original init process's
control flow and prevent race conditions, details are directly in the
comments in code.
At the moment, only system-as-root (read-only root) support is added.
Support for legacy rootfs devices will come with a follow up commit.
2022-03-16 00:31:53 -07:00
|
|
|
close(fd);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-06-17 02:36:04 -07:00
|
|
|
string full_read(int fd) {
|
Introduce new sepolicy injection mechanism
In the current implementation, Magisk will either have to recreate
all early mount implementation (for legacy SAR and rootfs devices) or
delegate early mount to first stage init (for 2SI devices) to access
required partitions for loading sepolicy. It then has to recreate the
split sepolicy loading implementation in-house, apply patches, then
dump the compiled + patched policies into monolithic format somewhere.
Finally, it patches the original init to force it to load the sepolicy
file we just created.
With the increasing complexity involved in early mount and split
sepolicy (there is even APEX module involved in the future!),
it is about time to rethink Magisk's sepolicy strategy as rebuilding
init's functionality is not scalable and easy to maintain.
In this commit, instead of building sepolicy ourselves, we mock
selinuxfs with FIFO files connected to a pre-init daemon, waiting
for the actual init process to directly write the sepolicy file into
MagiskInit. We then patch the file and load it into the kernel. Some
FIFO tricks has to be used to hijack the original init process's
control flow and prevent race conditions, details are directly in the
comments in code.
At the moment, only system-as-root (read-only root) support is added.
Support for legacy rootfs devices will come with a follow up commit.
2022-03-16 00:31:53 -07:00
|
|
|
string str;
|
2022-06-17 02:36:04 -07:00
|
|
|
full_read(fd, str);
|
2020-12-30 22:11:24 -08:00
|
|
|
return str;
|
2020-04-25 23:19:36 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
string full_read(const char *filename) {
|
Introduce new sepolicy injection mechanism
In the current implementation, Magisk will either have to recreate
all early mount implementation (for legacy SAR and rootfs devices) or
delegate early mount to first stage init (for 2SI devices) to access
required partitions for loading sepolicy. It then has to recreate the
split sepolicy loading implementation in-house, apply patches, then
dump the compiled + patched policies into monolithic format somewhere.
Finally, it patches the original init to force it to load the sepolicy
file we just created.
With the increasing complexity involved in early mount and split
sepolicy (there is even APEX module involved in the future!),
it is about time to rethink Magisk's sepolicy strategy as rebuilding
init's functionality is not scalable and easy to maintain.
In this commit, instead of building sepolicy ourselves, we mock
selinuxfs with FIFO files connected to a pre-init daemon, waiting
for the actual init process to directly write the sepolicy file into
MagiskInit. We then patch the file and load it into the kernel. Some
FIFO tricks has to be used to hijack the original init process's
control flow and prevent race conditions, details are directly in the
comments in code.
At the moment, only system-as-root (read-only root) support is added.
Support for legacy rootfs devices will come with a follow up commit.
2022-03-16 00:31:53 -07:00
|
|
|
string str;
|
|
|
|
full_read(filename, str);
|
|
|
|
return str;
|
2020-04-25 23:19:36 -07:00
|
|
|
}
|
|
|
|
|
2017-11-10 01:51:41 +08:00
|
|
|
void write_zero(int fd, size_t size) {
|
2020-12-30 22:11:24 -08:00
|
|
|
char buf[4096] = {0};
|
|
|
|
size_t len;
|
|
|
|
while (size > 0) {
|
|
|
|
len = sizeof(buf) > size ? size : sizeof(buf);
|
|
|
|
write(fd, buf, len);
|
|
|
|
size -= len;
|
|
|
|
}
|
2017-11-10 01:51:41 +08:00
|
|
|
}
|
2018-11-03 03:06:01 -04:00
|
|
|
|
Introduce new sepolicy injection mechanism
In the current implementation, Magisk will either have to recreate
all early mount implementation (for legacy SAR and rootfs devices) or
delegate early mount to first stage init (for 2SI devices) to access
required partitions for loading sepolicy. It then has to recreate the
split sepolicy loading implementation in-house, apply patches, then
dump the compiled + patched policies into monolithic format somewhere.
Finally, it patches the original init to force it to load the sepolicy
file we just created.
With the increasing complexity involved in early mount and split
sepolicy (there is even APEX module involved in the future!),
it is about time to rethink Magisk's sepolicy strategy as rebuilding
init's functionality is not scalable and easy to maintain.
In this commit, instead of building sepolicy ourselves, we mock
selinuxfs with FIFO files connected to a pre-init daemon, waiting
for the actual init process to directly write the sepolicy file into
MagiskInit. We then patch the file and load it into the kernel. Some
FIFO tricks has to be used to hijack the original init process's
control flow and prevent race conditions, details are directly in the
comments in code.
At the moment, only system-as-root (read-only root) support is added.
Support for legacy rootfs devices will come with a follow up commit.
2022-03-16 00:31:53 -07:00
|
|
|
void file_readline(bool trim, FILE *fp, const function<bool(string_view)> &fn) {
|
2020-12-30 22:11:24 -08:00
|
|
|
size_t len = 1024;
|
|
|
|
char *buf = (char *) malloc(len);
|
|
|
|
char *start;
|
|
|
|
ssize_t read;
|
|
|
|
while ((read = getline(&buf, &len, fp)) >= 0) {
|
|
|
|
start = buf;
|
|
|
|
if (trim) {
|
|
|
|
while (read && "\n\r "sv.find(buf[read - 1]) != string::npos)
|
|
|
|
--read;
|
|
|
|
buf[read] = '\0';
|
|
|
|
while (*start == ' ')
|
|
|
|
++start;
|
|
|
|
}
|
|
|
|
if (!fn(start))
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
free(buf);
|
2018-11-03 03:06:01 -04:00
|
|
|
}
|
2019-03-05 20:27:09 -05:00
|
|
|
|
2022-06-19 00:43:27 -07:00
|
|
|
void file_readline(bool trim, const char *file, const function<bool(string_view)> &fn) {
|
|
|
|
if (auto fp = open_file(file, "re"))
|
|
|
|
file_readline(trim, fp.get(), fn);
|
|
|
|
}
|
|
|
|
void file_readline(const char *file, const function<bool(string_view)> &fn) {
|
|
|
|
file_readline(false, file, fn);
|
|
|
|
}
|
|
|
|
|
|
|
|
void parse_prop_file(FILE *fp, const function<bool(string_view, string_view)> &fn) {
|
|
|
|
file_readline(true, fp, [&](string_view line_view) -> bool {
|
2020-12-30 22:11:24 -08:00
|
|
|
char *line = (char *) line_view.data();
|
|
|
|
if (line[0] == '#')
|
|
|
|
return true;
|
|
|
|
char *eql = strchr(line, '=');
|
|
|
|
if (eql == nullptr || eql == line)
|
|
|
|
return true;
|
|
|
|
*eql = '\0';
|
|
|
|
return fn(line, eql + 1);
|
|
|
|
});
|
2019-03-05 20:27:09 -05:00
|
|
|
}
|
2019-06-23 03:53:41 -07:00
|
|
|
|
2022-06-19 00:43:27 -07:00
|
|
|
void parse_prop_file(const char *file, const function<bool(string_view, string_view)> &fn) {
|
|
|
|
if (auto fp = open_file(file, "re"))
|
|
|
|
parse_prop_file(fp.get(), fn);
|
|
|
|
}
|
|
|
|
|
2022-02-05 15:19:12 +08:00
|
|
|
// Original source: https://android.googlesource.com/platform/bionic/+/master/libc/bionic/mntent.cpp
|
|
|
|
// License: AOSP, full copyright notice please check original source
|
|
|
|
static struct mntent *compat_getmntent_r(FILE *fp, struct mntent *e, char *buf, int buf_len) {
|
|
|
|
memset(e, 0, sizeof(*e));
|
|
|
|
while (fgets(buf, buf_len, fp) != nullptr) {
|
|
|
|
// Entries look like "proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0".
|
|
|
|
// That is: mnt_fsname mnt_dir mnt_type mnt_opts 0 0.
|
|
|
|
int fsname0, fsname1, dir0, dir1, type0, type1, opts0, opts1;
|
|
|
|
if (sscanf(buf, " %n%*s%n %n%*s%n %n%*s%n %n%*s%n %d %d",
|
|
|
|
&fsname0, &fsname1, &dir0, &dir1, &type0, &type1, &opts0, &opts1,
|
|
|
|
&e->mnt_freq, &e->mnt_passno) == 2) {
|
|
|
|
e->mnt_fsname = &buf[fsname0];
|
|
|
|
buf[fsname1] = '\0';
|
|
|
|
e->mnt_dir = &buf[dir0];
|
|
|
|
buf[dir1] = '\0';
|
|
|
|
e->mnt_type = &buf[type0];
|
|
|
|
buf[type1] = '\0';
|
|
|
|
e->mnt_opts = &buf[opts0];
|
|
|
|
buf[opts1] = '\0';
|
|
|
|
return e;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return nullptr;
|
|
|
|
}
|
|
|
|
|
2020-04-02 02:17:45 -07:00
|
|
|
void parse_mnt(const char *file, const function<bool(mntent*)> &fn) {
|
2020-12-30 22:11:24 -08:00
|
|
|
auto fp = sFILE(setmntent(file, "re"), endmntent);
|
|
|
|
if (fp) {
|
|
|
|
mntent mentry{};
|
|
|
|
char buf[4096];
|
2022-02-05 15:19:12 +08:00
|
|
|
// getmntent_r from system's libc.so is broken on old platform
|
|
|
|
// use the compat one instead
|
|
|
|
while (compat_getmntent_r(fp.get(), &mentry, buf, sizeof(buf))) {
|
2020-12-30 22:11:24 -08:00
|
|
|
if (!fn(&mentry))
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
2019-06-23 03:53:41 -07:00
|
|
|
}
|
2020-04-01 04:39:28 -07:00
|
|
|
|
|
|
|
void backup_folder(const char *dir, vector<raw_file> &files) {
|
2022-04-08 18:03:58 +08:00
|
|
|
char path[PATH_MAX];
|
2020-12-30 22:11:24 -08:00
|
|
|
xrealpath(dir, path);
|
|
|
|
int len = strlen(path);
|
2022-05-11 17:07:58 -07:00
|
|
|
pre_order_walk(xopen(dir, O_RDONLY), [&](int dfd, dirent *entry) -> walk_result {
|
2020-12-30 22:11:24 -08:00
|
|
|
int fd = xopenat(dfd, entry->d_name, O_RDONLY);
|
|
|
|
if (fd < 0)
|
2022-04-08 18:03:58 +08:00
|
|
|
return SKIP;
|
2020-12-30 22:11:24 -08:00
|
|
|
run_finally f([&]{ close(fd); });
|
|
|
|
if (fd_path(fd, path, sizeof(path)) < 0)
|
2022-04-08 18:03:58 +08:00
|
|
|
return SKIP;
|
2020-12-30 22:11:24 -08:00
|
|
|
raw_file file;
|
|
|
|
file.path = path + len + 1;
|
|
|
|
if (fgetattr(fd, &file.attr) < 0)
|
2022-04-08 18:03:58 +08:00
|
|
|
return SKIP;
|
2020-12-30 22:11:24 -08:00
|
|
|
if (entry->d_type == DT_REG) {
|
2022-06-17 02:36:04 -07:00
|
|
|
file.content = full_read(fd);
|
2020-12-30 22:11:24 -08:00
|
|
|
} else if (entry->d_type == DT_LNK) {
|
|
|
|
xreadlinkat(dfd, entry->d_name, path, sizeof(path));
|
2022-06-17 02:36:04 -07:00
|
|
|
file.content = path;
|
2020-12-30 22:11:24 -08:00
|
|
|
}
|
|
|
|
files.emplace_back(std::move(file));
|
2022-04-08 18:03:58 +08:00
|
|
|
return CONTINUE;
|
2020-12-30 22:11:24 -08:00
|
|
|
});
|
2020-04-01 04:39:28 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
void restore_folder(const char *dir, vector<raw_file> &files) {
|
2020-12-30 22:11:24 -08:00
|
|
|
string base(dir);
|
|
|
|
// Pre-order means folders will always be first
|
|
|
|
for (raw_file &file : files) {
|
|
|
|
string path = base + "/" + file.path;
|
|
|
|
if (S_ISDIR(file.attr.st.st_mode)) {
|
2021-09-15 01:59:43 -07:00
|
|
|
mkdirs(path, 0);
|
2020-12-30 22:11:24 -08:00
|
|
|
} else if (S_ISREG(file.attr.st.st_mode)) {
|
2022-06-17 02:36:04 -07:00
|
|
|
if (auto fp = xopen_file(path.data(), "we"))
|
|
|
|
fwrite(file.content.data(), 1, file.content.size(), fp.get());
|
2020-12-30 22:11:24 -08:00
|
|
|
} else if (S_ISLNK(file.attr.st.st_mode)) {
|
2022-06-17 02:36:04 -07:00
|
|
|
symlink(file.content.data(), path.data());
|
2020-12-30 22:11:24 -08:00
|
|
|
}
|
|
|
|
setattr(path.data(), &file.attr);
|
|
|
|
}
|
2020-04-01 04:39:28 -07:00
|
|
|
}
|
2020-12-03 20:15:18 -08:00
|
|
|
|
|
|
|
sDIR make_dir(DIR *dp) {
|
2020-12-30 22:11:24 -08:00
|
|
|
return sDIR(dp, [](DIR *dp){ return dp ? closedir(dp) : 1; });
|
2020-12-03 20:15:18 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
sFILE make_file(FILE *fp) {
|
2020-12-30 22:11:24 -08:00
|
|
|
return sFILE(fp, [](FILE *fp){ return fp ? fclose(fp) : 1; });
|
2020-12-03 20:15:18 -08:00
|
|
|
}
|
2021-01-12 22:50:55 -08:00
|
|
|
|
2021-11-30 01:50:55 -08:00
|
|
|
int byte_data::patch(bool log, str_pairs list) {
|
|
|
|
if (buf == nullptr)
|
|
|
|
return 0;
|
|
|
|
int count = 0;
|
|
|
|
for (uint8_t *p = buf, *eof = buf + sz; p < eof; ++p) {
|
|
|
|
for (auto [from, to] : list) {
|
|
|
|
if (memcmp(p, from.data(), from.length() + 1) == 0) {
|
|
|
|
if (log) LOGD("Replace [%s] -> [%s]\n", from.data(), to.data());
|
|
|
|
memset(p, 0, from.length());
|
|
|
|
memcpy(p, to.data(), to.length());
|
|
|
|
++count;
|
|
|
|
p += from.length();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return count;
|
2021-01-12 22:50:55 -08:00
|
|
|
}
|
|
|
|
|
2021-11-30 01:50:55 -08:00
|
|
|
bool byte_data::contains(string_view pattern, bool log) const {
|
|
|
|
if (buf == nullptr)
|
|
|
|
return false;
|
|
|
|
for (uint8_t *p = buf, *eof = buf + sz; p < eof; ++p) {
|
|
|
|
if (memcmp(p, pattern.data(), pattern.length() + 1) == 0) {
|
|
|
|
if (log) LOGD("Found pattern [%s]\n", pattern.data());
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
void byte_data::swap(byte_data &o) {
|
|
|
|
std::swap(buf, o.buf);
|
|
|
|
std::swap(sz, o.sz);
|
|
|
|
}
|
|
|
|
|
|
|
|
mmap_data::mmap_data(const char *name, bool rw) {
|
|
|
|
int fd = xopen(name, (rw ? O_RDWR : O_RDONLY) | O_CLOEXEC);
|
|
|
|
if (fd < 0)
|
|
|
|
return;
|
|
|
|
struct stat st;
|
|
|
|
if (fstat(fd, &st))
|
|
|
|
return;
|
|
|
|
if (S_ISBLK(st.st_mode)) {
|
|
|
|
uint64_t size;
|
|
|
|
ioctl(fd, BLKGETSIZE64, &size);
|
|
|
|
sz = size;
|
|
|
|
} else {
|
|
|
|
sz = st.st_size;
|
|
|
|
}
|
|
|
|
void *b = sz > 0
|
|
|
|
? xmmap(nullptr, sz, PROT_READ | PROT_WRITE, rw ? MAP_SHARED : MAP_PRIVATE, fd, 0)
|
|
|
|
: nullptr;
|
|
|
|
close(fd);
|
|
|
|
buf = static_cast<uint8_t *>(b);
|
2021-01-12 22:50:55 -08:00
|
|
|
}
|
2022-04-08 18:03:58 +08:00
|
|
|
|
|
|
|
string find_apk_path(const char *pkg) {
|
|
|
|
char buf[PATH_MAX];
|
2022-05-11 17:07:58 -07:00
|
|
|
pre_order_walk(xopen("/data/app", O_RDONLY), [&](int dfd, dirent *entry) -> walk_result {
|
2022-04-08 18:03:58 +08:00
|
|
|
if (entry->d_type != DT_DIR)
|
|
|
|
return SKIP;
|
|
|
|
size_t len = strlen(pkg);
|
|
|
|
if (strncmp(entry->d_name, pkg, len) == 0 && entry->d_name[len] == '-') {
|
|
|
|
fd_pathat(dfd, entry->d_name, buf, sizeof(buf));
|
2022-05-11 17:07:58 -07:00
|
|
|
return ABORT;
|
2022-04-08 18:03:58 +08:00
|
|
|
} else if (strncmp(entry->d_name, "~~", 2) == 0) {
|
|
|
|
return CONTINUE;
|
|
|
|
} else return SKIP;
|
|
|
|
});
|
|
|
|
string path(buf);
|
|
|
|
return path.append("/base.apk");
|
|
|
|
}
|