From 4f1a1879e572891bc005b489f82421303f602f72 Mon Sep 17 00:00:00 2001 From: canyie Date: Fri, 29 Apr 2022 23:44:02 +0800 Subject: [PATCH] Misc QoL changes - su: Preserve correct capacity to avoid vector reallocation - su: Properly format code - daemon: Remove useless `if` - docs: Remove outdated info --- docs/details.md | 7 +++---- docs/tools.md | 4 +--- native/jni/core/daemon.cpp | 5 +---- native/jni/init/rootdir.cpp | 2 +- native/jni/su/connect.cpp | 4 ++-- native/jni/su/su_daemon.cpp | 4 +++- 6 files changed, 11 insertions(+), 15 deletions(-) diff --git a/docs/details.md b/docs/details.md index e4e25e712..72a9c1dd4 100644 --- a/docs/details.md +++ b/docs/details.md @@ -90,11 +90,10 @@ DATABIN=$SECURE_DIR/magisk `magiskinit` will replace `init` as the first program to run. -- Early mount required partitions. On legacy system-as-root devices, we switch root to system; on 2SI devices, we patch fstab and execute the original `init` to mount partitions for us. -- Load sepolicy either from `/sepolicy`, precompiled sepolicy in vendor, or compile split sepolicy -- Patch sepolicy rules and dump to `/sepolicy` or `/sbin/.se` or `/dev/.se` -- Patch `init` or `libselinux.so` to force the system to load the patched policies +- Early mount required partitions. On legacy system-as-root devices, we switch root to system; on 2SI devices, we patch the original `init` to redirect the 2nd stage init file to magiskinit and execute it to mount partitions for us. - Inject magisk services into `init.rc` +- On devices using monolithic policy, load sepolicy from `/sepolicy`; otherwise we hijack nodes in selinuxfs with FIFO, set `LD_PRELOAD` to hook `security_load_policy` and assist hijacking on 2SI devices, and start a daemon to wait until init tries to load sepolicy. +- Patch sepolicy rules. If we are using "hijack" method, load patched sepolicy into kernel, unblock init and exit daemon - Execute the original `init` to continue the boot process ### post-fs-data diff --git a/docs/tools.md b/docs/tools.md index e5ae5ace1..33dc824ce 100644 --- a/docs/tools.md +++ b/docs/tools.md @@ -1,6 +1,6 @@ # Magisk Tools -Magisk comes with a huge collections of tools for installation, daemons, and utilities for developers. This documentation covers the 3 binaries and all included applets. The binaries and applets are shown below: +Magisk comes with a huge collections of tools for installation, daemons, and utilities for developers. This documentation covers the 4 binaries and all included applets. The binaries and applets are shown below: ``` magiskboot /* binary */ @@ -12,8 +12,6 @@ resetprop -> magisk su -> magisk ``` -Note: The Magisk zip you download only contains `magiskboot`, `magiskinit`, and `magiskinit64`. The binary `magisk` is compressed and embedded into `magiskinit(64)`. Push `magiskinit(64)` to your device and run `./magiskinit(64) -x magisk ` to extract `magisk` out of the binary. - ### magiskboot A tool to unpack / repack boot images, parse / patch / extract cpio, patch dtb, hex patch binaries, and compress / decompress files with multiple algorithms. diff --git a/native/jni/core/daemon.cpp b/native/jni/core/daemon.cpp index 5318c43bc..98d96c632 100644 --- a/native/jni/core/daemon.cpp +++ b/native/jni/core/daemon.cpp @@ -283,10 +283,7 @@ static void switch_cgroup(const char *cgroup, int pid) { if (fd == -1) return; snprintf(buf, sizeof(buf), "%d\n", pid); - if (xwrite(fd, buf, strlen(buf)) == -1) { - close(fd); - return; - } + xwrite(fd, buf, strlen(buf)); close(fd); } diff --git a/native/jni/init/rootdir.cpp b/native/jni/init/rootdir.cpp index e55e6437c..618f01397 100644 --- a/native/jni/init/rootdir.cpp +++ b/native/jni/init/rootdir.cpp @@ -29,7 +29,7 @@ static void patch_init_rc(const char *src, const char *dest, const char *tmp_dir fprintf(rc, "service flash_recovery /system/bin/xxxxx\n"); return true; } - // Samsung's persist.sys.zygote.early will start zygotes before actual post-fs-data phase + // Samsung's persist.sys.zygote.early will cause Zygote to start before post-fs-data if (str_starts(line, "on property:persist.sys.zygote.early=")) { LOGD("Invalidate persist.sys.zygote.early\n"); fprintf(rc, "on property:persist.sys.zygote.early.xxxxx=true\n"); diff --git a/native/jni/su/connect.cpp b/native/jni/su/connect.cpp index 5aec48016..929602676 100644 --- a/native/jni/su/connect.cpp +++ b/native/jni/su/connect.cpp @@ -189,7 +189,7 @@ void app_log(const su_context &ctx) { void app_notify(const su_context &ctx) { if (fork_dont_care() == 0) { vector extras; - extras.reserve(2); + extras.reserve(3); extras.emplace_back("from.uid", ctx.info->uid); extras.emplace_back("pid", ctx.pid); extras.emplace_back("policy", ctx.info->access.policy); @@ -210,7 +210,7 @@ int app_request(const su_context &ctx) { // Send request vector extras; - extras.reserve(2); + extras.reserve(3); extras.emplace_back("fifo", fifo); extras.emplace_back("uid", ctx.info->eval_uid); extras.emplace_back("pid", ctx.pid); diff --git a/native/jni/su/su_daemon.cpp b/native/jni/su/su_daemon.cpp index 2b928f3aa..6f075af9e 100644 --- a/native/jni/su/su_daemon.cpp +++ b/native/jni/su/su_daemon.cpp @@ -220,7 +220,9 @@ void su_daemon_handler(int client, const sock_cred *cred) { }; // Read su_request - if (xxread(client, &ctx.req, sizeof(su_req_base)) < 0 || !read_string(client, ctx.req.shell) || !read_string(client, ctx.req.command)) { + if (xxread(client, &ctx.req, sizeof(su_req_base)) < 0 + || !read_string(client, ctx.req.shell) + || !read_string(client, ctx.req.command)) { LOGW("su: remote process probably died, abort\n"); ctx.info.reset(); write_int(client, DENY);