diff --git a/build.py b/build.py index 1ceda16b6..36a0ce864 100755 --- a/build.py +++ b/build.py @@ -255,39 +255,37 @@ def run_ndk_build(args, flags): def build_cpp_src(args, targets: set): dump_flag_header() - flag = "" + flags = "" clean = False if "magisk" in targets: - flag += " B_MAGISK=1" + flags += " B_MAGISK=1" clean = True if "magiskpolicy" in targets: - flag += " B_POLICY=1" + flags += " B_POLICY=1" clean = True if "magiskinit" in targets: - flag += " B_PRELOAD=1" + flags += " B_PRELOAD=1" if "resetprop" in targets: - flag += " B_PROP=1" + flags += " B_PROP=1" - if flag: - run_ndk_build(args, flag) + if flags: + run_ndk_build(args, flags) - flag = "" + flags = "" if "magiskinit" in targets: - # magiskinit embeds preload.so - dump_bin_header(args) - flag += " B_INIT=1" + flags += " B_INIT=1" if "magiskboot" in targets: - flag += " B_BOOT=1" + flags += " B_BOOT=1" - if flag: - flag += " B_CRT0=1" - run_ndk_build(args, flag) + if flags: + flags += " B_CRT0=1" + run_ndk_build(args, flags) if clean: clean_elf() @@ -371,25 +369,6 @@ def write_if_diff(file_name: Path, text: str): f.write(text) -def binary_dump(src, var_name, compressor=xz): - out_str = f"constexpr unsigned char {var_name}[] = {{" - for i, c in enumerate(compressor(src.read())): - if i % 16 == 0: - out_str += "\n" - out_str += f"0x{c:02X}," - out_str += "\n};\n" - return out_str - - -def dump_bin_header(args): - native_gen_path.mkdir(mode=0o755, parents=True, exist_ok=True) - for arch in archs: - preload = Path("native", "out", arch, "libinit-ld.so") - with open(preload, "rb") as src: - text = binary_dump(src, "init_ld_xz") - write_if_diff(Path(native_gen_path, f"{arch}_binaries.h"), text) - - def dump_flag_header(): flag_txt = textwrap.dedent( """\ diff --git a/buildSrc/src/main/java/Setup.kt b/buildSrc/src/main/java/Setup.kt index 08951236c..407072738 100644 --- a/buildSrc/src/main/java/Setup.kt +++ b/buildSrc/src/main/java/Setup.kt @@ -126,13 +126,13 @@ fun Project.setupCoreLib() { for (abi in arrayOf("armeabi-v7a", "x86", "arm64-v8a", "x86_64", "riscv64")) { into(abi) { from(rootProject.file("native/out/$abi")) { - include("magiskboot", "magiskinit", "magiskpolicy", "magisk") - rename { "lib$it.so" } + include("magiskboot", "magiskinit", "magiskpolicy", "magisk", "libinit-ld.so") + rename { if (it.endsWith(".so")) it else "lib$it.so" } } } } onlyIf { - if (inputs.sourceFiles.files.size != 20) + if (inputs.sourceFiles.files.size != 25) throw StopExecutionException("Please build binaries first! (./build.py binary)") true } diff --git a/native/src/base/Android.mk b/native/src/base/Android.mk index 8c60f2125..4c1852ee4 100644 --- a/native/src/base/Android.mk +++ b/native/src/base/Android.mk @@ -7,7 +7,7 @@ LOCAL_MODULE := libbase LOCAL_C_INCLUDES := \ src/include \ $(LOCAL_PATH)/include \ - $(LOCAL_PATH)/../external/cxx-rs/include \ + src/external/cxx-rs/include \ out/generated LOCAL_EXPORT_C_INCLUDES := $(LOCAL_C_INCLUDES) LOCAL_EXPORT_STATIC_LIBRARIES := libcxx diff --git a/native/src/base/include/embed.hpp b/native/src/base/include/embed.hpp deleted file mode 100644 index 6575af25d..000000000 --- a/native/src/base/include/embed.hpp +++ /dev/null @@ -1,13 +0,0 @@ -#if defined(__arm__) -#include -#elif defined(__aarch64__) -#include -#elif defined(__i386__) -#include -#elif defined(__x86_64__) -#include -#elif defined(__riscv) -#include -#else -#error Unsupported ABI -#endif diff --git a/native/src/init/init.cpp b/native/src/init/init.cpp index 5ad6620fe..6ee0e7145 100644 --- a/native/src/init/init.cpp +++ b/native/src/init/init.cpp @@ -6,7 +6,6 @@ #include #include -#include #include "init.hpp" diff --git a/native/src/init/rootdir.cpp b/native/src/init/rootdir.cpp index 522222e68..0c5f0c1e5 100644 --- a/native/src/init/rootdir.cpp +++ b/native/src/init/rootdir.cpp @@ -189,6 +189,7 @@ static void magic_mount(const string &sdir, const string &ddir = "") { static void extract_files(bool sbin) { const char *magisk_xz = sbin ? "/sbin/magisk.xz" : "magisk.xz"; const char *stub_xz = sbin ? "/sbin/stub.xz" : "stub.xz"; + const char *init_ld_xz = sbin ? "/sbin/init-ld.xz" : "init-ld.xz"; if (access(magisk_xz, F_OK) == 0) { mmap_data magisk(magisk_xz); @@ -206,6 +207,14 @@ static void extract_files(bool sbin) { unxz(ch, stub); close(fd); } + if (access(init_ld_xz, F_OK) == 0) { + mmap_data init_ld(init_ld_xz); + unlink(init_ld_xz); + int fd = xopen("init-ld", O_WRONLY | O_CREAT, 0); + fd_stream ch(fd); + unxz(ch, init_ld); + close(fd); + } } void MagiskInit::parse_config_file() { @@ -279,16 +288,19 @@ void MagiskInit::patch_ro_root() { patch_rc_scripts("/", tmp_dir.data(), false); } - // Extract magisk + // Extract overlay archives extract_files(false); // Oculus Go will use a special sepolicy if unlocked if (access("/sepolicy.unlocked", F_OK) == 0) { patch_sepolicy("/sepolicy.unlocked", ROOTOVL "/sepolicy.unlocked"); - } else if ((access(SPLIT_PLAT_CIL, F_OK) != 0 && access("/sepolicy", F_OK) == 0) || - !hijack_sepolicy()) { - patch_sepolicy("/sepolicy", ROOTOVL "/sepolicy"); + } else { + bool patch = access(SPLIT_PLAT_CIL, F_OK) != 0 && access("/sepolicy", F_OK) == 0; + if (patch || !hijack_sepolicy()) { + patch_sepolicy("/sepolicy", ROOTOVL "/sepolicy"); + } } + unlink("init-ld"); // Mount rootdir magic_mount(ROOTOVL); @@ -338,12 +350,14 @@ void MagiskInit::patch_rw_root() { setup_tmp(PRE_TMPDIR); chdir(PRE_TMPDIR); - // Extract magisk + // Extract overlay archives extract_files(true); - if ((!treble && access("/sepolicy", F_OK) == 0) || !hijack_sepolicy()) { + bool patch = !treble && access("/sepolicy", F_OK) == 0; + if (patch || !hijack_sepolicy()) { patch_sepolicy("/sepolicy", "/sepolicy"); } + unlink("init-ld"); chdir("/"); diff --git a/native/src/init/selinux.cpp b/native/src/init/selinux.cpp index 880e1cc76..740b6253f 100644 --- a/native/src/init/selinux.cpp +++ b/native/src/init/selinux.cpp @@ -2,7 +2,6 @@ #include #include -#include #include "init.hpp" @@ -31,16 +30,6 @@ void MagiskInit::patch_sepolicy(const char *in, const char *out) { } } -static void dump_preload() { - int fd = xopen("/dev/preload.so", O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, 0644); - if (fd < 0) - return; - fd_stream ch(fd); - if (!unxz(ch, byte_view(init_ld_xz, sizeof(init_ld_xz)))) - return; - close(fd); -} - #define MOCK_COMPAT SELINUXMOCK "/compatible" #define MOCK_LOAD SELINUXMOCK "/load" #define MOCK_ENFORCE SELINUXMOCK "/enforce" @@ -53,7 +42,7 @@ bool MagiskInit::hijack_sepolicy() { // This meant that instead of going through convoluted methods trying to alter // and block init's control flow, we can just LD_PRELOAD and replace the // security_load_policy function with our own implementation. - dump_preload(); + cp_afc("init-ld", "/dev/preload.so"); setenv("LD_PRELOAD", "/dev/preload.so", 1); } diff --git a/scripts/avd_patch.sh b/scripts/avd_patch.sh index 25601e6a2..c9b7b4e26 100644 --- a/scripts/avd_patch.sh +++ b/scripts/avd_patch.sh @@ -71,13 +71,14 @@ export KEEPFORCEENCRYPT=true echo "KEEPVERITY=$KEEPVERITY" > config echo "KEEPFORCEENCRYPT=$KEEPFORCEENCRYPT" >> config echo "PREINITDEVICE=$(./magisk --preinit-device)" >> config -# For API 28, we also patch advancedFeatures.ini to disable SAR -# Manually override skip_initramfs by setting RECOVERYMODE=true +# For API 28, we also manually disable SystemAsRoot +# Explicitly override skip_initramfs by setting RECOVERYMODE=true [ $API = "28" ] && echo 'RECOVERYMODE=true' >> config cat config ./magiskboot compress=xz magisk magisk.xz ./magiskboot compress=xz stub.apk stub.xz +./magiskboot compress=xz init-ld init-ld.xz ./magiskboot cpio ramdisk.cpio \ "add 0750 init magiskinit" \ @@ -85,12 +86,13 @@ cat config "mkdir 0750 overlay.d/sbin" \ "add 0644 overlay.d/sbin/magisk.xz magisk.xz" \ "add 0644 overlay.d/sbin/stub.xz stub.xz" \ +"add 0644 overlay.d/sbin/init-ld.xz init-ld.xz" \ "patch" \ "backup ramdisk.cpio.orig" \ "mkdir 000 .backup" \ "add 000 .backup/.magisk config" -rm -f ramdisk.cpio.orig config magisk*.xz stub.xz +rm -f ramdisk.cpio.orig config *.xz if $IS_RAMDISK; then ./magiskboot compress=gzip ramdisk.cpio "$OUTPUT_FILE" else diff --git a/scripts/avd_test.sh b/scripts/avd_test.sh index 0f3568c14..b53d4370e 100755 --- a/scripts/avd_test.sh +++ b/scripts/avd_test.sh @@ -221,7 +221,7 @@ else # Android 15 Beta run_test 35 google_apis # Run 16k page tests - run_test VanillaIceCream google_apis_ps16k + run_test 35 google_apis_ps16k fi "$avd" delete avd -n test diff --git a/scripts/boot_patch.sh b/scripts/boot_patch.sh index e7c2c2822..419431398 100644 --- a/scripts/boot_patch.sh +++ b/scripts/boot_patch.sh @@ -20,6 +20,7 @@ # magiskinit binary The binary to replace /init. # magisk binary The magisk binary. # magiskboot binary A tool to manipulate boot images. +# init-ld binary The library that will be LD_PRELOAD of /init # stub.apk binary The stub Magisk app to embed into ramdisk. # chromeos folder This folder includes the utility and keys to sign # (optional) chromeos boot images. Only used for Pixel C. @@ -161,6 +162,7 @@ $BOOTMODE && [ -z "$PREINITDEVICE" ] && PREINITDEVICE=$(./magisk --preinit-devic # Compress to save precious ramdisk space ./magiskboot compress=xz magisk magisk.xz ./magiskboot compress=xz stub.apk stub.xz +./magiskboot compress=xz init-ld init-ld.xz echo "KEEPVERITY=$KEEPVERITY" > config echo "KEEPFORCEENCRYPT=$KEEPFORCEENCRYPT" >> config @@ -177,13 +179,14 @@ fi "mkdir 0750 overlay.d/sbin" \ "add 0644 overlay.d/sbin/magisk.xz magisk.xz" \ "add 0644 overlay.d/sbin/stub.xz stub.xz" \ +"add 0644 overlay.d/sbin/init-ld.xz init-ld.xz" \ "patch" \ "$SKIP_BACKUP backup ramdisk.cpio.orig" \ "mkdir 000 .backup" \ "add 000 .backup/.magisk config" \ || abort "! Unable to patch ramdisk" -rm -f ramdisk.cpio.orig config magisk*.xz stub.xz +rm -f ramdisk.cpio.orig config *.xz ################# # Binary Patches