Stop embedding executables

build.py

@@ -255,39 +255,37 @@ def run_ndk_build(args, flags):
 def build_cpp_src(args, targets: set):
     dump_flag_header()
 
-    flag = ""
+    flags = ""
     clean = False
 
     if "magisk" in targets:
-        flag += " B_MAGISK=1"
+        flags += " B_MAGISK=1"
         clean = True
 
     if "magiskpolicy" in targets:
-        flag += " B_POLICY=1"
+        flags += " B_POLICY=1"
         clean = True
 
     if "magiskinit" in targets:
-        flag += " B_PRELOAD=1"
+        flags += " B_PRELOAD=1"
 
     if "resetprop" in targets:
-        flag += " B_PROP=1"
+        flags += " B_PROP=1"
 
-    if flag:
+    if flags:
-        run_ndk_build(args, flag)
+        run_ndk_build(args, flags)
 
-    flag = ""
+    flags = ""
 
     if "magiskinit" in targets:
-        # magiskinit embeds preload.so
+        flags += " B_INIT=1"
-        dump_bin_header(args)
-        flag += " B_INIT=1"
 
     if "magiskboot" in targets:
-        flag += " B_BOOT=1"
+        flags += " B_BOOT=1"
 
-    if flag:
+    if flags:
-        flag += " B_CRT0=1"
+        flags += " B_CRT0=1"
-        run_ndk_build(args, flag)
+        run_ndk_build(args, flags)
 
     if clean:
         clean_elf()
@@ -371,25 +369,6 @@ def write_if_diff(file_name: Path, text: str):
             f.write(text)
 
 
-def binary_dump(src, var_name, compressor=xz):
-    out_str = f"constexpr unsigned char {var_name}[] = {{"
-    for i, c in enumerate(compressor(src.read())):
-        if i % 16 == 0:
-            out_str += "\n"
-        out_str += f"0x{c:02X},"
-    out_str += "\n};\n"
-    return out_str
-
-
-def dump_bin_header(args):
-    native_gen_path.mkdir(mode=0o755, parents=True, exist_ok=True)
-    for arch in archs:
-        preload = Path("native", "out", arch, "libinit-ld.so")
-        with open(preload, "rb") as src:
-            text = binary_dump(src, "init_ld_xz")
-        write_if_diff(Path(native_gen_path, f"{arch}_binaries.h"), text)
-
-
 def dump_flag_header():
     flag_txt = textwrap.dedent(
         """\

buildSrc/src/main/java/Setup.kt

@@ -126,13 +126,13 @@ fun Project.setupCoreLib() {
         for (abi in arrayOf("armeabi-v7a", "x86", "arm64-v8a", "x86_64", "riscv64")) {
             into(abi) {
                 from(rootProject.file("native/out/$abi")) {
-                    include("magiskboot", "magiskinit", "magiskpolicy", "magisk")
+                    include("magiskboot", "magiskinit", "magiskpolicy", "magisk", "libinit-ld.so")
-                    rename { "lib$it.so" }
+                    rename { if (it.endsWith(".so")) it else "lib$it.so" }
                 }
             }
         }
         onlyIf {
-            if (inputs.sourceFiles.files.size != 20)
+            if (inputs.sourceFiles.files.size != 25)
                 throw StopExecutionException("Please build binaries first! (./build.py binary)")
             true
         }

native/src/base/Android.mk

@@ -7,7 +7,7 @@ LOCAL_MODULE := libbase
 LOCAL_C_INCLUDES := \
     src/include \
     $(LOCAL_PATH)/include \
-    $(LOCAL_PATH)/../external/cxx-rs/include \
+    src/external/cxx-rs/include \
     out/generated
 LOCAL_EXPORT_C_INCLUDES := $(LOCAL_C_INCLUDES)
 LOCAL_EXPORT_STATIC_LIBRARIES := libcxx

native/src/base/include/embed.hpp

@@ -1,13 +0,0 @@
-#if defined(__arm__)
-#include <armeabi-v7a_binaries.h>
-#elif defined(__aarch64__)
-#include <arm64-v8a_binaries.h>
-#elif defined(__i386__)
-#include <x86_binaries.h>
-#elif defined(__x86_64__)
-#include <x86_64_binaries.h>
-#elif defined(__riscv)
-#include <riscv64_binaries.h>
-#else
-#error Unsupported ABI
-#endif

native/src/init/init.cpp

@@ -6,7 +6,6 @@
 #include <xz.h>
 
 #include <base.hpp>
-#include <embed.hpp>
 
 #include "init.hpp"
 

native/src/init/rootdir.cpp

@@ -189,6 +189,7 @@ static void magic_mount(const string &sdir, const string &ddir = "") {
 static void extract_files(bool sbin) {
     const char *magisk_xz = sbin ? "/sbin/magisk.xz" : "magisk.xz";
     const char *stub_xz = sbin ? "/sbin/stub.xz" : "stub.xz";
+    const char *init_ld_xz = sbin ? "/sbin/init-ld.xz" : "init-ld.xz";
 
     if (access(magisk_xz, F_OK) == 0) {
         mmap_data magisk(magisk_xz);
@@ -206,6 +207,14 @@ static void extract_files(bool sbin) {
         unxz(ch, stub);
         close(fd);
     }
+    if (access(init_ld_xz, F_OK) == 0) {
+        mmap_data init_ld(init_ld_xz);
+        unlink(init_ld_xz);
+        int fd = xopen("init-ld", O_WRONLY | O_CREAT, 0);
+        fd_stream ch(fd);
+        unxz(ch, init_ld);
+        close(fd);
+    }
 }
 
 void MagiskInit::parse_config_file() {
@@ -279,16 +288,19 @@ void MagiskInit::patch_ro_root() {
         patch_rc_scripts("/", tmp_dir.data(), false);
     }
 
-    // Extract magisk
+    // Extract overlay archives
     extract_files(false);
 
     // Oculus Go will use a special sepolicy if unlocked
     if (access("/sepolicy.unlocked", F_OK) == 0) {
         patch_sepolicy("/sepolicy.unlocked", ROOTOVL "/sepolicy.unlocked");
-    } else if ((access(SPLIT_PLAT_CIL, F_OK) != 0 && access("/sepolicy", F_OK) == 0) ||
+    } else {
-               !hijack_sepolicy()) {
+        bool patch = access(SPLIT_PLAT_CIL, F_OK) != 0 && access("/sepolicy", F_OK) == 0;
+        if (patch || !hijack_sepolicy()) {
             patch_sepolicy("/sepolicy", ROOTOVL "/sepolicy");
         }
+    }
+    unlink("init-ld");
 
     // Mount rootdir
     magic_mount(ROOTOVL);
@@ -338,12 +350,14 @@ void MagiskInit::patch_rw_root() {
     setup_tmp(PRE_TMPDIR);
     chdir(PRE_TMPDIR);
 
-    // Extract magisk
+    // Extract overlay archives
     extract_files(true);
 
-    if ((!treble && access("/sepolicy", F_OK) == 0) || !hijack_sepolicy()) {
+    bool patch = !treble && access("/sepolicy", F_OK) == 0;
+    if (patch || !hijack_sepolicy()) {
         patch_sepolicy("/sepolicy", "/sepolicy");
     }
+    unlink("init-ld");
 
     chdir("/");
 

native/src/init/selinux.cpp

@@ -2,7 +2,6 @@
 
 #include <consts.hpp>
 #include <sepolicy.hpp>
-#include <embed.hpp>
 
 #include "init.hpp"
 
@@ -31,16 +30,6 @@ void MagiskInit::patch_sepolicy(const char *in, const char *out) {
     }
 }
 
-static void dump_preload() {
-    int fd = xopen("/dev/preload.so", O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, 0644);
-    if (fd < 0)
-        return;
-    fd_stream ch(fd);
-    if (!unxz(ch, byte_view(init_ld_xz, sizeof(init_ld_xz))))
-        return;
-    close(fd);
-}
-
 #define MOCK_COMPAT    SELINUXMOCK "/compatible"
 #define MOCK_LOAD      SELINUXMOCK "/load"
 #define MOCK_ENFORCE   SELINUXMOCK "/enforce"
@@ -53,7 +42,7 @@ bool MagiskInit::hijack_sepolicy() {
         // This meant that instead of going through convoluted methods trying to alter
         // and block init's control flow, we can just LD_PRELOAD and replace the
         // security_load_policy function with our own implementation.
-        dump_preload();
+        cp_afc("init-ld", "/dev/preload.so");
         setenv("LD_PRELOAD", "/dev/preload.so", 1);
     }
 

scripts/avd_patch.sh

@@ -71,13 +71,14 @@ export KEEPFORCEENCRYPT=true
 echo "KEEPVERITY=$KEEPVERITY" > config
 echo "KEEPFORCEENCRYPT=$KEEPFORCEENCRYPT" >> config
 echo "PREINITDEVICE=$(./magisk --preinit-device)" >> config
-# For API 28, we also patch advancedFeatures.ini to disable SAR
+# For API 28, we also manually disable SystemAsRoot
-# Manually override skip_initramfs by setting RECOVERYMODE=true
+# Explicitly override skip_initramfs by setting RECOVERYMODE=true
 [ $API = "28" ] && echo 'RECOVERYMODE=true' >> config
 cat config
 
 ./magiskboot compress=xz magisk magisk.xz
 ./magiskboot compress=xz stub.apk stub.xz
+./magiskboot compress=xz init-ld init-ld.xz
 
 ./magiskboot cpio ramdisk.cpio \
 "add 0750 init magiskinit" \
@@ -85,12 +86,13 @@ cat config
 "mkdir 0750 overlay.d/sbin" \
 "add 0644 overlay.d/sbin/magisk.xz magisk.xz" \
 "add 0644 overlay.d/sbin/stub.xz stub.xz" \
+"add 0644 overlay.d/sbin/init-ld.xz init-ld.xz" \
 "patch" \
 "backup ramdisk.cpio.orig" \
 "mkdir 000 .backup" \
 "add 000 .backup/.magisk config"
 
-rm -f ramdisk.cpio.orig config magisk*.xz stub.xz
+rm -f ramdisk.cpio.orig config *.xz
 if $IS_RAMDISK; then
   ./magiskboot compress=gzip ramdisk.cpio "$OUTPUT_FILE"
 else

scripts/avd_test.sh

@@ -221,7 +221,7 @@ else
   # Android 15 Beta
   run_test 35 google_apis
   # Run 16k page tests
-  run_test VanillaIceCream google_apis_ps16k
+  run_test 35 google_apis_ps16k
 fi
 
 "$avd" delete avd -n test

scripts/boot_patch.sh

@@ -20,6 +20,7 @@
 # magiskinit         binary    The binary to replace /init.
 # magisk             binary    The magisk binary.
 # magiskboot         binary    A tool to manipulate boot images.
+# init-ld            binary    The library that will be LD_PRELOAD of /init
 # stub.apk           binary    The stub Magisk app to embed into ramdisk.
 # chromeos           folder    This folder includes the utility and keys to sign
 #                  (optional)  chromeos boot images. Only used for Pixel C.
@@ -161,6 +162,7 @@ $BOOTMODE && [ -z "$PREINITDEVICE" ] && PREINITDEVICE=$(./magisk --preinit-devic
 # Compress to save precious ramdisk space
 ./magiskboot compress=xz magisk magisk.xz
 ./magiskboot compress=xz stub.apk stub.xz
+./magiskboot compress=xz init-ld init-ld.xz
 
 echo "KEEPVERITY=$KEEPVERITY" > config
 echo "KEEPFORCEENCRYPT=$KEEPFORCEENCRYPT" >> config
@@ -177,13 +179,14 @@ fi
 "mkdir 0750 overlay.d/sbin" \
 "add 0644 overlay.d/sbin/magisk.xz magisk.xz" \
 "add 0644 overlay.d/sbin/stub.xz stub.xz" \
+"add 0644 overlay.d/sbin/init-ld.xz init-ld.xz" \
 "patch" \
 "$SKIP_BACKUP backup ramdisk.cpio.orig" \
 "mkdir 000 .backup" \
 "add 000 .backup/.magisk config" \
 || abort "! Unable to patch ramdisk"
 
-rm -f ramdisk.cpio.orig config magisk*.xz stub.xz
+rm -f ramdisk.cpio.orig config *.xz
 
 #################
 # Binary Patches