Magisk/native/src/base/files.hpp

#pragma once

#include <sys/stat.h>
#include <functional>
#include <string_view>
#include <string>
#include <vector>

#include <linux/fs.h>
#include "misc.hpp"

template <typename T>
static inline T align_to(T v, int a) {
    static_assert(std::is_integral<T>::value);
    return (v + a - 1) / a * a;
}

template <typename T>
static inline T align_padding(T v, int a) {
    return align_to(v, a) - v;
}

struct mmap_data : public byte_data {
    static_assert((sizeof(void *) == 8 && BLKGETSIZE64 == 0x80081272) ||
                  (sizeof(void *) == 4 && BLKGETSIZE64 == 0x80041272));
    ALLOW_MOVE_ONLY(mmap_data)

    explicit mmap_data(const char *name, bool rw = false);
    mmap_data(int dirfd, const char *name, bool rw = false);
    mmap_data(int fd, size_t sz, bool rw = false);
    ~mmap_data();
};

extern "C" {

int mkdirs(const char *path, mode_t mode);
ssize_t canonical_path(const char * __restrict__ path, char * __restrict__ buf, size_t bufsiz);
bool rm_rf(const char *path);
bool frm_rf(int dirfd);
bool cp_afc(const char *src, const char *dest);
bool mv_path(const char *src, const char *dest);
bool link_path(const char *src, const char *dest);
bool clone_attr(const char *src, const char *dest);
bool fclone_attr(int src, int dest);

} // extern "C"

static inline ssize_t realpath(
        const char * __restrict__ path, char * __restrict__ buf, size_t bufsiz) {
    return canonical_path(path, buf, bufsiz);
}
void full_read(int fd, std::string &str);
void full_read(const char *filename, std::string &str);
std::string full_read(int fd);
std::string full_read(const char *filename);
void write_zero(int fd, size_t size);
std::string resolve_preinit_dir(const char *base_dir);

// Functor = function<bool(string_view)>
template <typename Functor>
void file_readline(int fd, Functor &&fn) {
    file_readline_rs(fd, [&](rust::String &line) -> bool {
        return fn(std::string_view(line.c_str(), line.size()));
    });
}

// Functor = function<bool(string_view, string_view)>
template <typename Functor>
void parse_prop_file(const char *file, Functor &&fn) {
    parse_prop_file_rs(file, [&](rust::Str key, rust::Str val) -> bool {
        // Null terminate all strings
        *(const_cast<char *>(key.data()) + key.size()) = '\0';
        *(const_cast<char *>(val.data()) + val.size()) = '\0';
        return fn(std::string_view(key.data(), key.size()), std::string_view(val.data(), val.size()));
    });
}

using sFILE = std::unique_ptr<FILE, decltype(&fclose)>;
using sDIR = std::unique_ptr<DIR, decltype(&closedir)>;
sDIR make_dir(DIR *dp);
sFILE make_file(FILE *fp);

static inline sDIR open_dir(const char *path) {
    return make_dir(opendir(path));
}

static inline sDIR xopen_dir(const char *path) {
    return make_dir(xopendir(path));
}

static inline sDIR xopen_dir(int dirfd) {
    return make_dir(xfdopendir(dirfd));
}

static inline sFILE open_file(const char *path, const char *mode) {
    return make_file(fopen(path, mode));
}

static inline sFILE xopen_file(const char *path, const char *mode) {
    return make_file(xfopen(path, mode));
}

static inline sFILE xopen_file(int fd, const char *mode) {
    return make_file(xfdopen(fd, mode));
}
Split util headers 2019-07-01 22:58:19 -07:00			`#pragma once`

General QoL changes 2019-12-13 00:37:06 -05:00			`#include <sys/stat.h>`
Cleanup headers 2019-11-19 02:04:47 -05:00			`#include <functional>`
			`#include <string_view>`
Introduce new boot flow to handle SAR 2SI The existing method for handling legacy SAR is: 1. Mount /sbin tmpfs overlay 2. Dump all patched/new files into /sbin 3. Magic mount root dir and re-exec patched stock init With Android 11 removing the /sbin folder, it is quite obvious that things completely break down right in step 1. To overcome this issue, we have to find a way to swap out the init binary AFTER we re-exec stock init. This is where 2SI comes to rescue! 2SI normal boot procedure is: 1st stage -> Load sepolicy -> 2nd stage -> boot continue... 2SI Magisk boot procedure is: MagiskInit 1st stage -> Stock 1st stage -> MagiskInit 2nd Stage -> -> Stock init load sepolicy -> Stock 2nd stage -> boot continue... As you can see, the trick is to make stock 1st stage init re-exec back into MagiskInit so we can do our setup. This is possible by manipulating some ramdisk files on initramfs based 2SI devices (old ass non SAR devices AND super modern devices like Pixel 3/4), but not possible on device that are stuck using legacy SAR (device that are not that modern but not too old, like Pixel 1/2. Fucking Google logic!!) This commit introduces a new way to intercept stock init re-exec flow: ptrace init with forked tracer, monitor PTRACE_EVENT_EXEC, then swap out the init file with bind mounts right before execv returns! Going through this flow however will lose some necessary backup files, so some bookkeeping has to be done by making the tracer hold these files in memory and act as a daemon. 2nd stage MagiskInit will ack the daemon to release these files at the correct time. It just works™ ¯\_(ツ)_/¯ 2020-04-01 04:39:28 -07:00			`#include <string>`
			`#include <vector>`
Cleanup headers 2019-11-19 02:04:47 -05:00
Fix mmap block device 2023-06-25 07:21:35 +08:00			`#include <linux/fs.h>`
Bridge C++ bytes with Rust &[u8] 2023-06-07 16:49:40 -07:00			`#include "misc.hpp"`
General QoL changes 2019-12-13 00:37:06 -05:00
Macro -> template 2021-11-29 19:56:37 -08:00			`template <typename T>`
			`static inline T align_to(T v, int a) {`
			`static_assert(std::is_integral<T>::value);`
			`return (v + a - 1) / a * a;`
			`}`

			`template <typename T>`
			`static inline T align_padding(T v, int a) {`
			`return align_to(v, a) - v;`
			`}`
Split util headers 2019-07-01 22:58:19 -07:00
Use mmap_data more widely 2021-11-30 01:50:55 -08:00			`struct mmap_data : public byte_data {`
Fix mmap block device 2023-06-25 07:21:35 +08:00			`static_assert((sizeof(void *) == 8 && BLKGETSIZE64 == 0x80081272) \|\|`
			`(sizeof(void *) == 4 && BLKGETSIZE64 == 0x80041272));`
Bridge C++ bytes with Rust &[u8] 2023-06-07 16:49:40 -07:00			`ALLOW_MOVE_ONLY(mmap_data)`
Cleanup byte_channel implementation 2023-05-20 14:19:40 -07:00
Better bytes support in C++ 2023-06-06 17:11:42 -07:00			`explicit mmap_data(const char *name, bool rw = false);`
Support vendor boot unpack/repack Fix #6460, close #6620 2024-07-30 04:00:12 -07:00			`mmap_data(int dirfd, const char *name, bool rw = false);`
Improve Rust implementation - Move mmap_file implementation into Rust - Introduce Utf8CStr as the better c-string type to use 2023-06-12 01:07:43 -07:00			`mmap_data(int fd, size_t sz, bool rw = false);`
Better bytes support in C++ 2023-06-06 17:11:42 -07:00			`~mmap_data();`
Introduce new boot flow to handle SAR 2SI The existing method for handling legacy SAR is: 1. Mount /sbin tmpfs overlay 2. Dump all patched/new files into /sbin 3. Magic mount root dir and re-exec patched stock init With Android 11 removing the /sbin folder, it is quite obvious that things completely break down right in step 1. To overcome this issue, we have to find a way to swap out the init binary AFTER we re-exec stock init. This is where 2SI comes to rescue! 2SI normal boot procedure is: 1st stage -> Load sepolicy -> 2nd stage -> boot continue... 2SI Magisk boot procedure is: MagiskInit 1st stage -> Stock 1st stage -> MagiskInit 2nd Stage -> -> Stock init load sepolicy -> Stock 2nd stage -> boot continue... As you can see, the trick is to make stock 1st stage init re-exec back into MagiskInit so we can do our setup. This is possible by manipulating some ramdisk files on initramfs based 2SI devices (old ass non SAR devices AND super modern devices like Pixel 3/4), but not possible on device that are stuck using legacy SAR (device that are not that modern but not too old, like Pixel 1/2. Fucking Google logic!!) This commit introduces a new way to intercept stock init re-exec flow: ptrace init with forked tracer, monitor PTRACE_EVENT_EXEC, then swap out the init file with bind mounts right before execv returns! Going through this flow however will lose some necessary backup files, so some bookkeeping has to be done by making the tracer hold these files in memory and act as a daemon. 2nd stage MagiskInit will ack the daemon to release these files at the correct time. It just works™ ¯\_(ツ)_/¯ 2020-04-01 04:39:28 -07:00			`};`

Move all xwrap to Rust 2022-09-15 01:17:05 -07:00			`extern "C" {`

Ensure parent folders exist before extract 2022-08-07 04:06:18 -07:00			`int mkdirs(const char *path, mode_t mode);`
Restrict pointer aliasing Close #6354, close #6353 2022-10-31 16:35:33 -07:00			`ssize_t canonical_path(const char * __restrict__ path, char * __restrict__ buf, size_t bufsiz);`
Introduce directory traversal 2023-06-09 02:00:37 -07:00			`bool rm_rf(const char *path);`
			`bool frm_rf(int dirfd);`
Fix wrong cxx_extern return value This fix UB 2024-08-07 23:39:41 +08:00			`bool cp_afc(const char src, const char dest);`
			`bool mv_path(const char src, const char dest);`
			`bool link_path(const char src, const char dest);`
			`bool clone_attr(const char src, const char dest);`
			`bool fclone_attr(int src, int dest);`
Move all xwrap to Rust 2022-09-15 01:17:05 -07:00
			`} // extern "C"`

Restrict pointer aliasing Close #6354, close #6353 2022-10-31 16:35:33 -07:00			`static inline ssize_t realpath(`
			`const char * __restrict__ path, char * __restrict__ buf, size_t bufsiz) {`
Minor refactoring 2022-09-21 03:09:46 +02:00			`return canonical_path(path, buf, bufsiz);`
			`}`
Cleanup libbase 2022-06-17 02:36:04 -07:00			`void full_read(int fd, std::string &str);`
Introduce new sepolicy injection mechanism In the current implementation, Magisk will either have to recreate all early mount implementation (for legacy SAR and rootfs devices) or delegate early mount to first stage init (for 2SI devices) to access required partitions for loading sepolicy. It then has to recreate the split sepolicy loading implementation in-house, apply patches, then dump the compiled + patched policies into monolithic format somewhere. Finally, it patches the original init to force it to load the sepolicy file we just created. With the increasing complexity involved in early mount and split sepolicy (there is even APEX module involved in the future!), it is about time to rethink Magisk's sepolicy strategy as rebuilding init's functionality is not scalable and easy to maintain. In this commit, instead of building sepolicy ourselves, we mock selinuxfs with FIFO files connected to a pre-init daemon, waiting for the actual init process to directly write the sepolicy file into MagiskInit. We then patch the file and load it into the kernel. Some FIFO tricks has to be used to hijack the original init process's control flow and prevent race conditions, details are directly in the comments in code. At the moment, only system-as-root (read-only root) support is added. Support for legacy rootfs devices will come with a follow up commit. 2022-03-16 00:31:53 -07:00			`void full_read(const char *filename, std::string &str);`
Cleanup libbase 2022-06-17 02:36:04 -07:00			`std::string full_read(int fd);`
Fix SAR support for overlay.d 2020-04-25 23:19:36 -07:00			`std::string full_read(const char *filename);`
Split util headers 2019-07-01 22:58:19 -07:00			`void write_zero(int fd, size_t size);`
Rename rules to preinit It is possible that we will allow more preinit files for modules. Rename the partition and folders from rules to preinit. 2023-03-16 04:07:00 -07:00			`std::string resolve_preinit_dir(const char *base_dir);`
Verify app signature 2022-04-08 18:03:58 +08:00
Consolidate for_each implementation into Rust 2025-08-24 15:13:56 -07:00			`// Functor = function<bool(string_view)>`
			`template <typename Functor>`
			`void file_readline(int fd, Functor &&fn) {`
			`file_readline_rs(fd, [&](rust::String &line) -> bool {`
			`return fn(std::string_view(line.c_str(), line.size()));`
			`});`
			`}`

			`// Functor = function<bool(string_view, string_view)>`
			`template <typename Functor>`
			`void parse_prop_file(const char *file, Functor &&fn) {`
			`parse_prop_file_rs(file, [&](rust::Str key, rust::Str val) -> bool {`
			`// Null terminate all strings`
			`(const_cast<char >(key.data()) + key.size()) = '\0';`
			`(const_cast<char >(val.data()) + val.size()) = '\0';`
			`return fn(std::string_view(key.data(), key.size()), std::string_view(val.data(), val.size()));`
			`});`
			`}`

General QoL changes 2019-12-13 00:37:06 -05:00			`using sFILE = std::unique_ptr<FILE, decltype(&fclose)>;`
			`using sDIR = std::unique_ptr<DIR, decltype(&closedir)>;`
Directly log to log file 2020-12-03 20:15:18 -08:00			`sDIR make_dir(DIR *dp);`
			`sFILE make_file(FILE *fp);`
General QoL changes 2019-12-13 00:37:06 -05:00
			`static inline sDIR open_dir(const char *path) {`
Convert indentation to spaces The tab war is lost 2020-12-30 22:11:24 -08:00			`return make_dir(opendir(path));`
General QoL changes 2019-12-13 00:37:06 -05:00			`}`

			`static inline sDIR xopen_dir(const char *path) {`
Convert indentation to spaces The tab war is lost 2020-12-30 22:11:24 -08:00			`return make_dir(xopendir(path));`
General QoL changes 2019-12-13 00:37:06 -05:00			`}`

Introduce new boot flow to handle SAR 2SI The existing method for handling legacy SAR is: 1. Mount /sbin tmpfs overlay 2. Dump all patched/new files into /sbin 3. Magic mount root dir and re-exec patched stock init With Android 11 removing the /sbin folder, it is quite obvious that things completely break down right in step 1. To overcome this issue, we have to find a way to swap out the init binary AFTER we re-exec stock init. This is where 2SI comes to rescue! 2SI normal boot procedure is: 1st stage -> Load sepolicy -> 2nd stage -> boot continue... 2SI Magisk boot procedure is: MagiskInit 1st stage -> Stock 1st stage -> MagiskInit 2nd Stage -> -> Stock init load sepolicy -> Stock 2nd stage -> boot continue... As you can see, the trick is to make stock 1st stage init re-exec back into MagiskInit so we can do our setup. This is possible by manipulating some ramdisk files on initramfs based 2SI devices (old ass non SAR devices AND super modern devices like Pixel 3/4), but not possible on device that are stuck using legacy SAR (device that are not that modern but not too old, like Pixel 1/2. Fucking Google logic!!) This commit introduces a new way to intercept stock init re-exec flow: ptrace init with forked tracer, monitor PTRACE_EVENT_EXEC, then swap out the init file with bind mounts right before execv returns! Going through this flow however will lose some necessary backup files, so some bookkeeping has to be done by making the tracer hold these files in memory and act as a daemon. 2nd stage MagiskInit will ack the daemon to release these files at the correct time. It just works™ ¯\_(ツ)_/¯ 2020-04-01 04:39:28 -07:00			`static inline sDIR xopen_dir(int dirfd) {`
Convert indentation to spaces The tab war is lost 2020-12-30 22:11:24 -08:00			`return make_dir(xfdopendir(dirfd));`
Introduce new boot flow to handle SAR 2SI The existing method for handling legacy SAR is: 1. Mount /sbin tmpfs overlay 2. Dump all patched/new files into /sbin 3. Magic mount root dir and re-exec patched stock init With Android 11 removing the /sbin folder, it is quite obvious that things completely break down right in step 1. To overcome this issue, we have to find a way to swap out the init binary AFTER we re-exec stock init. This is where 2SI comes to rescue! 2SI normal boot procedure is: 1st stage -> Load sepolicy -> 2nd stage -> boot continue... 2SI Magisk boot procedure is: MagiskInit 1st stage -> Stock 1st stage -> MagiskInit 2nd Stage -> -> Stock init load sepolicy -> Stock 2nd stage -> boot continue... As you can see, the trick is to make stock 1st stage init re-exec back into MagiskInit so we can do our setup. This is possible by manipulating some ramdisk files on initramfs based 2SI devices (old ass non SAR devices AND super modern devices like Pixel 3/4), but not possible on device that are stuck using legacy SAR (device that are not that modern but not too old, like Pixel 1/2. Fucking Google logic!!) This commit introduces a new way to intercept stock init re-exec flow: ptrace init with forked tracer, monitor PTRACE_EVENT_EXEC, then swap out the init file with bind mounts right before execv returns! Going through this flow however will lose some necessary backup files, so some bookkeeping has to be done by making the tracer hold these files in memory and act as a daemon. 2nd stage MagiskInit will ack the daemon to release these files at the correct time. It just works™ ¯\_(ツ)_/¯ 2020-04-01 04:39:28 -07:00			`}`

General QoL changes 2019-12-13 00:37:06 -05:00			`static inline sFILE open_file(const char path, const char mode) {`
Convert indentation to spaces The tab war is lost 2020-12-30 22:11:24 -08:00			`return make_file(fopen(path, mode));`
General QoL changes 2019-12-13 00:37:06 -05:00			`}`

			`static inline sFILE xopen_file(const char path, const char mode) {`
Convert indentation to spaces The tab war is lost 2020-12-30 22:11:24 -08:00			`return make_file(xfopen(path, mode));`
General QoL changes 2019-12-13 00:37:06 -05:00			`}`
Update su request process Due to changes in ec3705f2ed187863efc34af5415495e1ee7775d2, the app can no longer communicate with the dameon through a socket opened on the daemon side due to SELinux restrictions. The workaround here is to have the daemon decide a socket name, send it to the app, have the app create the socket server, then finally the daemon connects to the app through the socket. 2020-06-19 03:52:25 -07:00
			`static inline sFILE xopen_file(int fd, const char *mode) {`
Convert indentation to spaces The tab war is lost 2020-12-30 22:11:24 -08:00			`return make_file(xfdopen(fd, mode));`
Update su request process Due to changes in ec3705f2ed187863efc34af5415495e1ee7775d2, the app can no longer communicate with the dameon through a socket opened on the daemon side due to SELinux restrictions. The workaround here is to have the daemon decide a socket name, send it to the app, have the app create the socket server, then finally the daemon connects to the app through the socket. 2020-06-19 03:52:25 -07:00			`}`