Stop embedding executables

This commit is contained in:
topjohnwu 2024-07-24 22:49:48 -07:00
parent b3d6809c0b
commit 33aebb5976
10 changed files with 48 additions and 75 deletions

View File

@ -255,39 +255,37 @@ def run_ndk_build(args, flags):
def build_cpp_src(args, targets: set):
dump_flag_header()
flag = ""
flags = ""
clean = False
if "magisk" in targets:
flag += " B_MAGISK=1"
flags += " B_MAGISK=1"
clean = True
if "magiskpolicy" in targets:
flag += " B_POLICY=1"
flags += " B_POLICY=1"
clean = True
if "magiskinit" in targets:
flag += " B_PRELOAD=1"
flags += " B_PRELOAD=1"
if "resetprop" in targets:
flag += " B_PROP=1"
flags += " B_PROP=1"
if flag:
run_ndk_build(args, flag)
if flags:
run_ndk_build(args, flags)
flag = ""
flags = ""
if "magiskinit" in targets:
# magiskinit embeds preload.so
dump_bin_header(args)
flag += " B_INIT=1"
flags += " B_INIT=1"
if "magiskboot" in targets:
flag += " B_BOOT=1"
flags += " B_BOOT=1"
if flag:
flag += " B_CRT0=1"
run_ndk_build(args, flag)
if flags:
flags += " B_CRT0=1"
run_ndk_build(args, flags)
if clean:
clean_elf()
@ -371,25 +369,6 @@ def write_if_diff(file_name: Path, text: str):
f.write(text)
def binary_dump(src, var_name, compressor=xz):
out_str = f"constexpr unsigned char {var_name}[] = {{"
for i, c in enumerate(compressor(src.read())):
if i % 16 == 0:
out_str += "\n"
out_str += f"0x{c:02X},"
out_str += "\n};\n"
return out_str
def dump_bin_header(args):
native_gen_path.mkdir(mode=0o755, parents=True, exist_ok=True)
for arch in archs:
preload = Path("native", "out", arch, "libinit-ld.so")
with open(preload, "rb") as src:
text = binary_dump(src, "init_ld_xz")
write_if_diff(Path(native_gen_path, f"{arch}_binaries.h"), text)
def dump_flag_header():
flag_txt = textwrap.dedent(
"""\

View File

@ -126,13 +126,13 @@ fun Project.setupCoreLib() {
for (abi in arrayOf("armeabi-v7a", "x86", "arm64-v8a", "x86_64", "riscv64")) {
into(abi) {
from(rootProject.file("native/out/$abi")) {
include("magiskboot", "magiskinit", "magiskpolicy", "magisk")
rename { "lib$it.so" }
include("magiskboot", "magiskinit", "magiskpolicy", "magisk", "libinit-ld.so")
rename { if (it.endsWith(".so")) it else "lib$it.so" }
}
}
}
onlyIf {
if (inputs.sourceFiles.files.size != 20)
if (inputs.sourceFiles.files.size != 25)
throw StopExecutionException("Please build binaries first! (./build.py binary)")
true
}

View File

@ -7,7 +7,7 @@ LOCAL_MODULE := libbase
LOCAL_C_INCLUDES := \
src/include \
$(LOCAL_PATH)/include \
$(LOCAL_PATH)/../external/cxx-rs/include \
src/external/cxx-rs/include \
out/generated
LOCAL_EXPORT_C_INCLUDES := $(LOCAL_C_INCLUDES)
LOCAL_EXPORT_STATIC_LIBRARIES := libcxx

View File

@ -1,13 +0,0 @@
#if defined(__arm__)
#include <armeabi-v7a_binaries.h>
#elif defined(__aarch64__)
#include <arm64-v8a_binaries.h>
#elif defined(__i386__)
#include <x86_binaries.h>
#elif defined(__x86_64__)
#include <x86_64_binaries.h>
#elif defined(__riscv)
#include <riscv64_binaries.h>
#else
#error Unsupported ABI
#endif

View File

@ -6,7 +6,6 @@
#include <xz.h>
#include <base.hpp>
#include <embed.hpp>
#include "init.hpp"

View File

@ -189,6 +189,7 @@ static void magic_mount(const string &sdir, const string &ddir = "") {
static void extract_files(bool sbin) {
const char *magisk_xz = sbin ? "/sbin/magisk.xz" : "magisk.xz";
const char *stub_xz = sbin ? "/sbin/stub.xz" : "stub.xz";
const char *init_ld_xz = sbin ? "/sbin/init-ld.xz" : "init-ld.xz";
if (access(magisk_xz, F_OK) == 0) {
mmap_data magisk(magisk_xz);
@ -206,6 +207,14 @@ static void extract_files(bool sbin) {
unxz(ch, stub);
close(fd);
}
if (access(init_ld_xz, F_OK) == 0) {
mmap_data init_ld(init_ld_xz);
unlink(init_ld_xz);
int fd = xopen("init-ld", O_WRONLY | O_CREAT, 0);
fd_stream ch(fd);
unxz(ch, init_ld);
close(fd);
}
}
void MagiskInit::parse_config_file() {
@ -279,16 +288,19 @@ void MagiskInit::patch_ro_root() {
patch_rc_scripts("/", tmp_dir.data(), false);
}
// Extract magisk
// Extract overlay archives
extract_files(false);
// Oculus Go will use a special sepolicy if unlocked
if (access("/sepolicy.unlocked", F_OK) == 0) {
patch_sepolicy("/sepolicy.unlocked", ROOTOVL "/sepolicy.unlocked");
} else if ((access(SPLIT_PLAT_CIL, F_OK) != 0 && access("/sepolicy", F_OK) == 0) ||
!hijack_sepolicy()) {
} else {
bool patch = access(SPLIT_PLAT_CIL, F_OK) != 0 && access("/sepolicy", F_OK) == 0;
if (patch || !hijack_sepolicy()) {
patch_sepolicy("/sepolicy", ROOTOVL "/sepolicy");
}
}
unlink("init-ld");
// Mount rootdir
magic_mount(ROOTOVL);
@ -338,12 +350,14 @@ void MagiskInit::patch_rw_root() {
setup_tmp(PRE_TMPDIR);
chdir(PRE_TMPDIR);
// Extract magisk
// Extract overlay archives
extract_files(true);
if ((!treble && access("/sepolicy", F_OK) == 0) || !hijack_sepolicy()) {
bool patch = !treble && access("/sepolicy", F_OK) == 0;
if (patch || !hijack_sepolicy()) {
patch_sepolicy("/sepolicy", "/sepolicy");
}
unlink("init-ld");
chdir("/");

View File

@ -2,7 +2,6 @@
#include <consts.hpp>
#include <sepolicy.hpp>
#include <embed.hpp>
#include "init.hpp"
@ -31,16 +30,6 @@ void MagiskInit::patch_sepolicy(const char *in, const char *out) {
}
}
static void dump_preload() {
int fd = xopen("/dev/preload.so", O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC, 0644);
if (fd < 0)
return;
fd_stream ch(fd);
if (!unxz(ch, byte_view(init_ld_xz, sizeof(init_ld_xz))))
return;
close(fd);
}
#define MOCK_COMPAT SELINUXMOCK "/compatible"
#define MOCK_LOAD SELINUXMOCK "/load"
#define MOCK_ENFORCE SELINUXMOCK "/enforce"
@ -53,7 +42,7 @@ bool MagiskInit::hijack_sepolicy() {
// This meant that instead of going through convoluted methods trying to alter
// and block init's control flow, we can just LD_PRELOAD and replace the
// security_load_policy function with our own implementation.
dump_preload();
cp_afc("init-ld", "/dev/preload.so");
setenv("LD_PRELOAD", "/dev/preload.so", 1);
}

View File

@ -71,13 +71,14 @@ export KEEPFORCEENCRYPT=true
echo "KEEPVERITY=$KEEPVERITY" > config
echo "KEEPFORCEENCRYPT=$KEEPFORCEENCRYPT" >> config
echo "PREINITDEVICE=$(./magisk --preinit-device)" >> config
# For API 28, we also patch advancedFeatures.ini to disable SAR
# Manually override skip_initramfs by setting RECOVERYMODE=true
# For API 28, we also manually disable SystemAsRoot
# Explicitly override skip_initramfs by setting RECOVERYMODE=true
[ $API = "28" ] && echo 'RECOVERYMODE=true' >> config
cat config
./magiskboot compress=xz magisk magisk.xz
./magiskboot compress=xz stub.apk stub.xz
./magiskboot compress=xz init-ld init-ld.xz
./magiskboot cpio ramdisk.cpio \
"add 0750 init magiskinit" \
@ -85,12 +86,13 @@ cat config
"mkdir 0750 overlay.d/sbin" \
"add 0644 overlay.d/sbin/magisk.xz magisk.xz" \
"add 0644 overlay.d/sbin/stub.xz stub.xz" \
"add 0644 overlay.d/sbin/init-ld.xz init-ld.xz" \
"patch" \
"backup ramdisk.cpio.orig" \
"mkdir 000 .backup" \
"add 000 .backup/.magisk config"
rm -f ramdisk.cpio.orig config magisk*.xz stub.xz
rm -f ramdisk.cpio.orig config *.xz
if $IS_RAMDISK; then
./magiskboot compress=gzip ramdisk.cpio "$OUTPUT_FILE"
else

View File

@ -221,7 +221,7 @@ else
# Android 15 Beta
run_test 35 google_apis
# Run 16k page tests
run_test VanillaIceCream google_apis_ps16k
run_test 35 google_apis_ps16k
fi
"$avd" delete avd -n test

View File

@ -20,6 +20,7 @@
# magiskinit binary The binary to replace /init.
# magisk binary The magisk binary.
# magiskboot binary A tool to manipulate boot images.
# init-ld binary The library that will be LD_PRELOAD of /init
# stub.apk binary The stub Magisk app to embed into ramdisk.
# chromeos folder This folder includes the utility and keys to sign
# (optional) chromeos boot images. Only used for Pixel C.
@ -161,6 +162,7 @@ $BOOTMODE && [ -z "$PREINITDEVICE" ] && PREINITDEVICE=$(./magisk --preinit-devic
# Compress to save precious ramdisk space
./magiskboot compress=xz magisk magisk.xz
./magiskboot compress=xz stub.apk stub.xz
./magiskboot compress=xz init-ld init-ld.xz
echo "KEEPVERITY=$KEEPVERITY" > config
echo "KEEPFORCEENCRYPT=$KEEPFORCEENCRYPT" >> config
@ -177,13 +179,14 @@ fi
"mkdir 0750 overlay.d/sbin" \
"add 0644 overlay.d/sbin/magisk.xz magisk.xz" \
"add 0644 overlay.d/sbin/stub.xz stub.xz" \
"add 0644 overlay.d/sbin/init-ld.xz init-ld.xz" \
"patch" \
"$SKIP_BACKUP backup ramdisk.cpio.orig" \
"mkdir 000 .backup" \
"add 000 .backup/.magisk config" \
|| abort "! Unable to patch ramdisk"
rm -f ramdisk.cpio.orig config magisk*.xz stub.xz
rm -f ramdisk.cpio.orig config *.xz
#################
# Binary Patches