mirror of
https://github.com/topjohnwu/Magisk.git
synced 2025-01-04 18:17:40 +00:00
Dynamic load libselinux
This commit is contained in:
parent
971a50d290
commit
1d53335ae5
@ -16,6 +16,7 @@ COMMON_UTILS := \
|
||||
utils/list.c \
|
||||
utils/misc.c \
|
||||
utils/vector.c \
|
||||
utils/selinux.c \
|
||||
utils/xwrap.c
|
||||
|
||||
########################
|
||||
@ -27,13 +28,12 @@ ifdef B_MAGISK
|
||||
# magisk main binary
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE := magisk
|
||||
LOCAL_SHARED_LIBRARIES := libsqlite libselinux
|
||||
LOCAL_SHARED_LIBRARIES := libsqlite
|
||||
LOCAL_STATIC_LIBRARIES := libnanopb libsystemproperties
|
||||
LOCAL_C_INCLUDES := \
|
||||
jni/include \
|
||||
jni/magiskpolicy \
|
||||
$(EXT_PATH)/include \
|
||||
$(LIBSELINUX) \
|
||||
$(LIBNANOPB) \
|
||||
$(LIBSYSTEMPROPERTIES)
|
||||
|
||||
|
@ -13,7 +13,6 @@
|
||||
#include <dirent.h>
|
||||
#include <sys/mount.h>
|
||||
#include <sys/wait.h>
|
||||
#include <selinux/selinux.h>
|
||||
|
||||
#include "magisk.h"
|
||||
#include "db.h"
|
||||
@ -21,7 +20,7 @@
|
||||
#include "img.h"
|
||||
#include "daemon.h"
|
||||
#include "resetprop.h"
|
||||
#include "magiskpolicy.h"
|
||||
#include "selinux.h"
|
||||
|
||||
static char buf[PATH_MAX], buf2[PATH_MAX];
|
||||
static struct vector module_list;
|
||||
|
@ -13,13 +13,12 @@
|
||||
#include <sys/un.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/mount.h>
|
||||
#include <selinux/selinux.h>
|
||||
|
||||
#include "magisk.h"
|
||||
#include "utils.h"
|
||||
#include "daemon.h"
|
||||
#include "resetprop.h"
|
||||
#include "magiskpolicy.h"
|
||||
#include "selinux.h"
|
||||
|
||||
int setup_done = 0;
|
||||
int seperate_vendor = 0;
|
||||
|
@ -9,6 +9,7 @@
|
||||
#include "utils.h"
|
||||
#include "magisk.h"
|
||||
#include "daemon.h"
|
||||
#include "selinux.h"
|
||||
|
||||
char *argv0;
|
||||
|
||||
@ -134,6 +135,8 @@ int magisk_main(int argc, char *argv[]) {
|
||||
int main(int argc, char *argv[]) {
|
||||
umask(0);
|
||||
argv0 = argv[0];
|
||||
setup_selinux();
|
||||
|
||||
if (strcmp(basename(argv0), "magisk.bin") == 0) {
|
||||
if (argc >= 2) {
|
||||
// It's calling applets
|
||||
|
@ -43,7 +43,6 @@
|
||||
|
||||
#include "magiskrc.h"
|
||||
#include "utils.h"
|
||||
#include "magiskpolicy.h"
|
||||
#include "daemon.h"
|
||||
#include "magisk.h"
|
||||
|
||||
|
10
native/jni/external/Android.mk
vendored
10
native/jni/external/Android.mk
vendored
@ -8,11 +8,11 @@ LOCAL_SRC_FILES := stubs/sqlite3_stub.c
|
||||
include $(BUILD_SHARED_LIBRARY)
|
||||
|
||||
# libselinux.so (stub)
|
||||
include $(CLEAR_VARS)
|
||||
LOCAL_MODULE:= libselinux
|
||||
LOCAL_C_INCLUDES := $(LIBSELINUX)
|
||||
LOCAL_SRC_FILES := stubs/selinux_stub.c
|
||||
include $(BUILD_SHARED_LIBRARY)
|
||||
#include $(CLEAR_VARS)
|
||||
#LOCAL_MODULE:= libselinux
|
||||
#LOCAL_C_INCLUDES := $(LIBSELINUX)
|
||||
#LOCAL_SRC_FILES := stubs/selinux_stub.c
|
||||
#include $(BUILD_SHARED_LIBRARY)
|
||||
|
||||
# libxz.a
|
||||
include $(CLEAR_VARS)
|
||||
|
@ -10,14 +10,8 @@
|
||||
#define MAIN_SOCKET "d30138f2310a9fb9c54a3e0c21f58591"
|
||||
#define LOG_SOCKET "5864cd77f2f8c59b3882e2d35dbf51e4"
|
||||
#define JAVA_PACKAGE_NAME "com.topjohnwu.magisk"
|
||||
|
||||
#ifndef ARG_MAX
|
||||
#define ARG_MAX 4096
|
||||
#endif
|
||||
|
||||
#define LOGFILE "/cache/magisk.log"
|
||||
#define UNBLOCKFILE "/dev/.magisk.unblock"
|
||||
#define TMPSEPOLICY "/dev/.tmp_sepolicy"
|
||||
#define DISABLEFILE "/cache/.disable_magisk"
|
||||
#define MAGISKTMP "/sbin/.core"
|
||||
#define BLOCKDIR MAGISKTMP "/block"
|
||||
@ -36,13 +30,14 @@
|
||||
#define MANAGERAPK DATABIN "/magisk.apk"
|
||||
#define MAGISKRC "/init.magisk.rc"
|
||||
|
||||
|
||||
// selinuxfs paths
|
||||
// selinux consts
|
||||
#define SELINUX_PATH "/sys/fs/selinux"
|
||||
#define SELINUX_ENFORCE SELINUX_PATH "/enforce"
|
||||
#define SELINUX_POLICY SELINUX_PATH "/policy"
|
||||
#define SELINUX_LOAD SELINUX_PATH "/load"
|
||||
#define SELINUX_CONTEXT SELINUX_PATH "/context"
|
||||
#define SEPOL_PROC_DOMAIN "magisk"
|
||||
#define SEPOL_FILE_DOMAIN "magisk_file"
|
||||
|
||||
#define MAGISKHIDE_PROP "persist.magisk.hide"
|
||||
|
||||
|
12
native/jni/include/selinux.h
Normal file
12
native/jni/include/selinux.h
Normal file
@ -0,0 +1,12 @@
|
||||
|
||||
#pragma once
|
||||
|
||||
extern void (*freecon)(char * con);
|
||||
extern int (*setcon)(const char * con);
|
||||
extern int (*getfilecon)(const char *path, char ** con);
|
||||
extern int (*lgetfilecon)(const char *path, char ** con);
|
||||
extern int (*setfilecon)(const char *path, const char * con);
|
||||
extern int (*lsetfilecon)(const char *path, const char * con);
|
||||
|
||||
void setup_selinux();
|
||||
void restorecon();
|
@ -125,6 +125,8 @@ struct file_attr {
|
||||
char con[128];
|
||||
};
|
||||
|
||||
int fd_getpath(int fd, char *path, size_t size);
|
||||
int fd_getpathat(int dirfd, const char *name, char *path, size_t size);
|
||||
int mkdirs(const char *pathname, mode_t mode);
|
||||
void in_order_walk(int dirfd, void (*callback)(int, struct dirent*));
|
||||
void rm_rf(const char *path);
|
||||
@ -142,7 +144,7 @@ int setattrat(int dirfd, const char *pathname, struct file_attr *a);
|
||||
int fsetattr(int fd, struct file_attr *a);
|
||||
void fclone_attr(const int sourcefd, const int targetfd);
|
||||
void clone_attr(const char *source, const char *target);
|
||||
void restorecon();
|
||||
|
||||
void mmap_ro(const char *filename, void **buf, size_t *size);
|
||||
void mmap_rw(const char *filename, void **buf, size_t *size);
|
||||
void fd_full_read(int fd, void **buf, size_t *size);
|
||||
|
@ -9,13 +9,13 @@
|
||||
#include <string.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <selinux/selinux.h>
|
||||
|
||||
#include "magisk.h"
|
||||
#include "utils.h"
|
||||
#include "resetprop.h"
|
||||
#include "magiskhide.h"
|
||||
#include "daemon.h"
|
||||
#include "selinux.h"
|
||||
|
||||
static char *prop_key[] =
|
||||
{ "ro.boot.vbmeta.device_state", "ro.boot.verifiedbootstate", "ro.boot.flash.locked", "ro.boot.veritymode",
|
||||
|
@ -4,6 +4,7 @@
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <limits.h>
|
||||
|
||||
#include "sepolicy.h"
|
||||
#include "vector.h"
|
||||
|
@ -7,8 +7,6 @@
|
||||
#include <stdlib.h>
|
||||
|
||||
#define ALL NULL
|
||||
#define SEPOL_PROC_DOMAIN "magisk"
|
||||
#define SEPOL_FILE_DOMAIN "magisk_file"
|
||||
|
||||
// split policy paths
|
||||
#define PLAT_POLICY_DIR "/system/etc/selinux/"
|
||||
|
@ -1,3 +1,4 @@
|
||||
#include "magisk.h"
|
||||
#include "magiskpolicy.h"
|
||||
#include "sepolicy.h"
|
||||
|
||||
|
@ -22,12 +22,12 @@
|
||||
#include <libgen.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <selinux/selinux.h>
|
||||
|
||||
#include "magisk.h"
|
||||
#include "daemon.h"
|
||||
#include "utils.h"
|
||||
#include "su.h"
|
||||
#include "selinux.h"
|
||||
|
||||
struct su_context *su_ctx;
|
||||
|
||||
|
@ -13,7 +13,6 @@
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/wait.h>
|
||||
#include <selinux/selinux.h>
|
||||
|
||||
#include "magisk.h"
|
||||
#include "daemon.h"
|
||||
@ -21,6 +20,7 @@
|
||||
#include "su.h"
|
||||
#include "pts.h"
|
||||
#include "list.h"
|
||||
#include "selinux.h"
|
||||
|
||||
// Constants for the atty bitfield
|
||||
#define ATTY_IN 1
|
||||
|
@ -11,12 +11,9 @@
|
||||
#include <sys/mman.h>
|
||||
#include <linux/fs.h>
|
||||
|
||||
#ifdef SELINUX
|
||||
#include <selinux/selinux.h>
|
||||
#endif
|
||||
|
||||
#include "magisk.h"
|
||||
#include "utils.h"
|
||||
#include "selinux.h"
|
||||
|
||||
char **excl_list = NULL;
|
||||
|
||||
@ -28,12 +25,12 @@ static int is_excl(const char *name) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int fd_getpath(int fd, char *path, size_t size) {
|
||||
int fd_getpath(int fd, char *path, size_t size) {
|
||||
snprintf(path, size, "/proc/self/fd/%d", fd);
|
||||
return xreadlink(path, path, size) == -1;
|
||||
}
|
||||
|
||||
static int fd_getpathat(int dirfd, const char *name, char *path, size_t size) {
|
||||
int fd_getpathat(int dirfd, const char *name, char *path, size_t size) {
|
||||
if (fd_getpath(dirfd, path, size))
|
||||
return 1;
|
||||
snprintf(path, size, "%s/%s", path, name);
|
||||
@ -262,15 +259,11 @@ void link_dir(int src, int dest) {
|
||||
int getattr(const char *path, struct file_attr *a) {
|
||||
if (xlstat(path, &a->st) == -1)
|
||||
return -1;
|
||||
#ifdef SELINUX
|
||||
char *con = "";
|
||||
char *con;
|
||||
if (lgetfilecon(path, &con) == -1)
|
||||
return -1;
|
||||
strcpy(a->con, con);
|
||||
freecon(con);
|
||||
#else
|
||||
a->con[0] = '\0';
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -281,16 +274,9 @@ int getattrat(int dirfd, const char *pathname, struct file_attr *a) {
|
||||
}
|
||||
|
||||
int fgetattr(int fd, struct file_attr *a) {
|
||||
#ifdef SELINUX
|
||||
char path[PATH_MAX];
|
||||
fd_getpath(fd, path, sizeof(path));
|
||||
return getattr(path, a);
|
||||
#else
|
||||
if (fstat(fd, &a->st) == -1)
|
||||
return -1;
|
||||
a->con[0] = '\0';
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
|
||||
int setattr(const char *path, struct file_attr *a) {
|
||||
@ -298,10 +284,8 @@ int setattr(const char *path, struct file_attr *a) {
|
||||
return -1;
|
||||
if (chown(path, a->st.st_uid, a->st.st_gid) < 0)
|
||||
return -1;
|
||||
#ifdef SELINUX
|
||||
if (strlen(a->con) && lsetfilecon(path, a->con) < 0)
|
||||
return -1;
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -312,17 +296,9 @@ int setattrat(int dirfd, const char *pathname, struct file_attr *a) {
|
||||
}
|
||||
|
||||
int fsetattr(int fd, struct file_attr *a) {
|
||||
#ifdef SELINUX
|
||||
char path[PATH_MAX];
|
||||
fd_getpath(fd, path, sizeof(path));
|
||||
return setattr(path, a);
|
||||
#else
|
||||
if (fchmod(fd, a->st.st_mode & 0777) < 0)
|
||||
return -1;
|
||||
if (fchown(fd, a->st.st_uid, a->st.st_gid) < 0)
|
||||
return -1;
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
|
||||
void clone_attr(const char *source, const char *target) {
|
||||
@ -337,94 +313,6 @@ void fclone_attr(const int sourcefd, const int targetfd) {
|
||||
fsetattr(targetfd, &a);
|
||||
}
|
||||
|
||||
#ifdef SELINUX
|
||||
|
||||
#include "magiskpolicy.h"
|
||||
|
||||
#define UNLABEL_CON "u:object_r:unlabeled:s0"
|
||||
#define SYSTEM_CON "u:object_r:system_file:s0"
|
||||
#define ADB_CON "u:object_r:adb_data_file:s0"
|
||||
#define MAGISK_CON "u:object_r:"SEPOL_FILE_DOMAIN":s0"
|
||||
|
||||
static void restore_syscon(int dirfd) {
|
||||
struct dirent *entry;
|
||||
DIR *dir;
|
||||
|
||||
char path[PATH_MAX], *con;
|
||||
|
||||
fd_getpath(dirfd, path, sizeof(path));
|
||||
size_t len = strlen(path);
|
||||
getfilecon(path, &con);
|
||||
if (strlen(con) == 0 || strcmp(con, UNLABEL_CON) == 0)
|
||||
lsetfilecon(path, SYSTEM_CON);
|
||||
freecon(con);
|
||||
|
||||
dir = xfdopendir(dirfd);
|
||||
while ((entry = xreaddir(dir))) {
|
||||
if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0)
|
||||
continue;
|
||||
if (entry->d_type == DT_DIR) {
|
||||
int fd = xopenat(dirfd, entry->d_name, O_RDONLY | O_CLOEXEC);
|
||||
restore_syscon(fd);
|
||||
close(fd);
|
||||
} else {
|
||||
path[len] = '/';
|
||||
strcpy(path + len + 1, entry->d_name);
|
||||
lgetfilecon(path, &con);
|
||||
if (strlen(con) == 0 || strcmp(con, UNLABEL_CON) == 0)
|
||||
lsetfilecon(path, SYSTEM_CON);
|
||||
freecon(con);
|
||||
path[len] = '\0';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static void restore_magiskcon(int dirfd) {
|
||||
struct dirent *entry;
|
||||
DIR *dir;
|
||||
|
||||
char path[PATH_MAX];
|
||||
|
||||
fd_getpath(dirfd, path, sizeof(path));
|
||||
size_t len = strlen(path);
|
||||
lsetfilecon(path, MAGISK_CON);
|
||||
lchown(path, 0, 0);
|
||||
|
||||
dir = xfdopendir(dirfd);
|
||||
while ((entry = xreaddir(dir))) {
|
||||
if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0)
|
||||
continue;
|
||||
if (entry->d_type == DT_DIR) {
|
||||
int fd = xopenat(dirfd, entry->d_name, O_RDONLY | O_CLOEXEC);
|
||||
restore_magiskcon(fd);
|
||||
close(fd);
|
||||
} else {
|
||||
path[len] = '/';
|
||||
strcpy(path + len + 1, entry->d_name);
|
||||
lsetfilecon(path, MAGISK_CON);
|
||||
lchown(path, 0, 0);
|
||||
path[len] = '\0';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void restorecon() {
|
||||
int fd;
|
||||
fd = xopen(SELINUX_CONTEXT, O_WRONLY | O_CLOEXEC);
|
||||
if (write(fd, ADB_CON, sizeof(ADB_CON)) >= 0) {
|
||||
lsetfilecon(SECURE_DIR, ADB_CON);
|
||||
}
|
||||
close(fd);
|
||||
fd = xopen(MOUNTPOINT, O_RDONLY | O_CLOEXEC);
|
||||
restore_syscon(fd);
|
||||
close(fd);
|
||||
fd = xopen(DATABIN, O_RDONLY | O_CLOEXEC);
|
||||
restore_magiskcon(fd);
|
||||
close(fd);
|
||||
}
|
||||
|
||||
#endif // SELINUX
|
||||
|
||||
static void _mmap(int rw, const char *filename, void **buf, size_t *size) {
|
||||
struct stat st;
|
||||
int fd = xopen(filename, (rw ? O_RDWR : O_RDONLY) | O_CLOEXEC);
|
||||
|
125
native/jni/utils/selinux.c
Normal file
125
native/jni/utils/selinux.c
Normal file
@ -0,0 +1,125 @@
|
||||
#include <dlfcn.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#include "magisk.h"
|
||||
#include "utils.h"
|
||||
#include "logging.h"
|
||||
#include "selinux.h"
|
||||
|
||||
#define UNLABEL_CON "u:object_r:unlabeled:s0"
|
||||
#define SYSTEM_CON "u:object_r:system_file:s0"
|
||||
#define ADB_CON "u:object_r:adb_data_file:s0"
|
||||
#define MAGISK_CON "u:object_r:"SEPOL_FILE_DOMAIN":s0"
|
||||
|
||||
// Stub implementations
|
||||
|
||||
static char *empty_str = "";
|
||||
|
||||
static void v_s(char *s) {}
|
||||
|
||||
static int i_s(const char *s) { return 0; }
|
||||
|
||||
static int i_ss(const char *s, const char * ss) { return 0; }
|
||||
|
||||
static int i_ssp(const char *s, char ** sp) {
|
||||
*sp = empty_str;
|
||||
return 0;
|
||||
}
|
||||
|
||||
// Function pointers
|
||||
|
||||
void (*freecon)(char * con) = v_s;
|
||||
int (*setcon)(const char * con) = i_s;
|
||||
int (*getfilecon)(const char *path, char ** con) = i_ssp;
|
||||
int (*lgetfilecon)(const char *path, char ** con) = i_ssp;
|
||||
int (*setfilecon)(const char *path, const char * con) = i_ss;
|
||||
int (*lsetfilecon)(const char *path, const char * con) = i_ss;
|
||||
|
||||
void setup_selinux() {
|
||||
void *handle = dlopen("libselinux.so", RTLD_LAZY);
|
||||
if (handle == NULL)
|
||||
return;
|
||||
freecon = dlsym(handle, "freecon");
|
||||
setcon = dlsym(handle, "setcon");
|
||||
getfilecon = dlsym(handle, "getfilecon");
|
||||
lgetfilecon = dlsym(handle, "lgetfilecon");
|
||||
setfilecon = dlsym(handle, "setfilecon");
|
||||
lsetfilecon = dlsym(handle, "lsetfilecon");
|
||||
}
|
||||
|
||||
static void restore_syscon(int dirfd) {
|
||||
struct dirent *entry;
|
||||
DIR *dir;
|
||||
|
||||
char path[PATH_MAX], *con;
|
||||
|
||||
fd_getpath(dirfd, path, sizeof(path));
|
||||
size_t len = strlen(path);
|
||||
getfilecon(path, &con);
|
||||
if (strlen(con) == 0 || strcmp(con, UNLABEL_CON) == 0)
|
||||
lsetfilecon(path, SYSTEM_CON);
|
||||
freecon(con);
|
||||
|
||||
dir = xfdopendir(dirfd);
|
||||
while ((entry = xreaddir(dir))) {
|
||||
if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0)
|
||||
continue;
|
||||
if (entry->d_type == DT_DIR) {
|
||||
int fd = xopenat(dirfd, entry->d_name, O_RDONLY | O_CLOEXEC);
|
||||
restore_syscon(fd);
|
||||
close(fd);
|
||||
} else {
|
||||
path[len] = '/';
|
||||
strcpy(path + len + 1, entry->d_name);
|
||||
lgetfilecon(path, &con);
|
||||
if (strlen(con) == 0 || strcmp(con, UNLABEL_CON) == 0)
|
||||
lsetfilecon(path, SYSTEM_CON);
|
||||
freecon(con);
|
||||
path[len] = '\0';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static void restore_magiskcon(int dirfd) {
|
||||
struct dirent *entry;
|
||||
DIR *dir;
|
||||
|
||||
char path[PATH_MAX];
|
||||
|
||||
fd_getpath(dirfd, path, sizeof(path));
|
||||
size_t len = strlen(path);
|
||||
lsetfilecon(path, MAGISK_CON);
|
||||
lchown(path, 0, 0);
|
||||
|
||||
dir = xfdopendir(dirfd);
|
||||
while ((entry = xreaddir(dir))) {
|
||||
if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0)
|
||||
continue;
|
||||
if (entry->d_type == DT_DIR) {
|
||||
int fd = xopenat(dirfd, entry->d_name, O_RDONLY | O_CLOEXEC);
|
||||
restore_magiskcon(fd);
|
||||
close(fd);
|
||||
} else {
|
||||
path[len] = '/';
|
||||
strcpy(path + len + 1, entry->d_name);
|
||||
lsetfilecon(path, MAGISK_CON);
|
||||
lchown(path, 0, 0);
|
||||
path[len] = '\0';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void restorecon() {
|
||||
int fd;
|
||||
fd = xopen(SELINUX_CONTEXT, O_WRONLY | O_CLOEXEC);
|
||||
if (write(fd, ADB_CON, sizeof(ADB_CON)) >= 0) {
|
||||
lsetfilecon(SECURE_DIR, ADB_CON);
|
||||
}
|
||||
close(fd);
|
||||
fd = xopen(MOUNTPOINT, O_RDONLY | O_CLOEXEC);
|
||||
restore_syscon(fd);
|
||||
close(fd);
|
||||
fd = xopen(DATABIN, O_RDONLY | O_CLOEXEC);
|
||||
restore_magiskcon(fd);
|
||||
close(fd);
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user