Misc QoL changes

- su: Preserve correct capacity to avoid vector reallocation - su: Properly format code - daemon: Remove useless `if` - docs: Remove outdated info
2024-11-23 10:05:23 +00:00 · 2022-04-29 23:44:02 +08:00 · 2022-04-29 23:44:02 +08:00 · 4f1a1879e5
commit 4f1a1879e5
parent e88eed9a8d
6 changed files with 11 additions and 15 deletions
--- a/docs/details.md
+++ b/docs/details.md
@ -90,11 +90,10 @@ DATABIN=$SECURE_DIR/magisk

 `magiskinit` will replace `init` as the first program to run.

- Early mount required partitions. On legacy system-as-root devices, we switch root to system; on 2SI devices, we patch fstab and execute the original `init` to mount partitions for us.
- Load sepolicy either from `/sepolicy`, precompiled sepolicy in vendor, or compile split sepolicy
- Patch sepolicy rules and dump to `/sepolicy` or `/sbin/.se` or `/dev/.se`
- Patch `init` or `libselinux.so` to force the system to load the patched policies
+- Early mount required partitions. On legacy system-as-root devices, we switch root to system; on 2SI devices, we patch the original `init` to redirect the 2nd stage init file to magiskinit and execute it to mount partitions for us.
 - Inject magisk services into `init.rc`
+- On devices using monolithic policy, load sepolicy from `/sepolicy`; otherwise we hijack nodes in selinuxfs with FIFO, set `LD_PRELOAD` to hook `security_load_policy` and assist hijacking on 2SI devices, and start a daemon to wait until init tries to load sepolicy.
+- Patch sepolicy rules. If we are using "hijack" method, load patched sepolicy into kernel, unblock init and exit daemon
 - Execute the original `init` to continue the boot process

 ### post-fs-data
--- a/docs/tools.md
+++ b/docs/tools.md
@ -1,6 +1,6 @@
 # Magisk Tools

-Magisk comes with a huge collections of tools for installation, daemons, and utilities for developers. This documentation covers the 3 binaries and all included applets. The binaries and applets are shown below:
+Magisk comes with a huge collections of tools for installation, daemons, and utilities for developers. This documentation covers the 4 binaries and all included applets. The binaries and applets are shown below:

 ```
 magiskboot                 /* binary */
@ -12,8 +12,6 @@ resetprop -> magisk
 su -> magisk
 ```

-Note: The Magisk zip you download only contains `magiskboot`, `magiskinit`, and `magiskinit64`. The binary `magisk` is compressed and embedded into `magiskinit(64)`. Push `magiskinit(64)` to your device and run `./magiskinit(64) -x magisk <path>` to extract `magisk` out of the binary.
-
 ### magiskboot

 A tool to unpack / repack boot images, parse / patch / extract cpio, patch dtb, hex patch binaries, and compress / decompress files with multiple algorithms.
--- a/native/jni/core/daemon.cpp
+++ b/native/jni/core/daemon.cpp
@ -283,10 +283,7 @@ static void switch_cgroup(const char *cgroup, int pid) {
    if (fd == -1)
        return;
    snprintf(buf, sizeof(buf), "%d\n", pid);
-    if (xwrite(fd, buf, strlen(buf)) == -1) {
-        close(fd);
-        return;
-    }
+    xwrite(fd, buf, strlen(buf));
    close(fd);
 }

--- a/native/jni/init/rootdir.cpp
+++ b/native/jni/init/rootdir.cpp
@ -29,7 +29,7 @@ static void patch_init_rc(const char *src, const char *dest, const char *tmp_dir
            fprintf(rc, "service flash_recovery /system/bin/xxxxx\n");
            return true;
        }
-        // Samsung's persist.sys.zygote.early will start zygotes before actual post-fs-data phase
+        // Samsung's persist.sys.zygote.early will cause Zygote to start before post-fs-data
        if (str_starts(line, "on property:persist.sys.zygote.early=")) {
            LOGD("Invalidate persist.sys.zygote.early\n");
            fprintf(rc, "on property:persist.sys.zygote.early.xxxxx=true\n");
--- a/native/jni/su/connect.cpp
+++ b/native/jni/su/connect.cpp
@ -189,7 +189,7 @@ void app_log(const su_context &ctx) {
 void app_notify(const su_context &ctx) {
    if (fork_dont_care() == 0) {
        vector<Extra> extras;
-        extras.reserve(2);
+        extras.reserve(3);
        extras.emplace_back("from.uid", ctx.info->uid);
        extras.emplace_back("pid", ctx.pid);
        extras.emplace_back("policy", ctx.info->access.policy);
@ -210,7 +210,7 @@ int app_request(const su_context &ctx) {

    // Send request
    vector<Extra> extras;
-    extras.reserve(2);
+    extras.reserve(3);
    extras.emplace_back("fifo", fifo);
    extras.emplace_back("uid", ctx.info->eval_uid);
    extras.emplace_back("pid", ctx.pid);
--- a/native/jni/su/su_daemon.cpp
+++ b/native/jni/su/su_daemon.cpp
@ -220,7 +220,9 @@ void su_daemon_handler(int client, const sock_cred *cred) {
    };

    // Read su_request
-    if (xxread(client, &ctx.req, sizeof(su_req_base)) < 0 || !read_string(client, ctx.req.shell) || !read_string(client, ctx.req.command)) {
+    if (xxread(client, &ctx.req, sizeof(su_req_base)) < 0
+        || !read_string(client, ctx.req.shell)
+        || !read_string(client, ctx.req.command)) {
        LOGW("su: remote process probably died, abort\n");
        ctx.info.reset();
        write_int(client, DENY);