Add sepolicy.rule patching tests

app/core/src/main/java/com/topjohnwu/magisk/test/AdditionalTest.kt

@@ -7,6 +7,7 @@ import androidx.test.uiautomator.By
 import androidx.test.uiautomator.Until
 import com.topjohnwu.magisk.core.model.module.LocalModule
 import com.topjohnwu.magisk.core.utils.RootUtils
+import com.topjohnwu.superuser.Shell
 import kotlinx.coroutines.runBlocking
 import org.junit.After
 import org.junit.Assert.assertEquals
@@ -96,6 +97,10 @@ class AdditionalTest : BaseTest {
             "/system/app/EasterEgg should be empty",
             egg.isEmpty()
         )
+        assertTrue(
+            "Module sepolicy.rule is not applied",
+            Shell.cmd("magiskpolicy --print-rules | grep -q magisk_test").exec().isSuccess
+        )
         module!!
         assertTrue("test_01 should be zygisk unloaded", module.zygiskUnloaded)
     }

app/core/src/main/java/com/topjohnwu/magisk/test/Environment.kt

@@ -28,6 +28,7 @@ import org.junit.Test
 import org.junit.runner.RunWith
 import timber.log.Timber
 import java.io.File
+import java.io.PrintStream
 
 @Keep
 @RunWith(AndroidJUnit4::class)
@@ -106,7 +107,15 @@ class Environment : BaseTest {
         val module = LocalModule(path)
         assertTrue(error, module.zygiskFolder.mkdir())
 
-        assertTrue(error, Shell.cmd("set_default_perm $path").exec().isSuccess)
+        // Add sepolicy patch
+        PrintStream(path.getChildFile("sepolicy.rule").newOutputStream()).use {
+            it.println("type magisk_test domain")
+        }
+
+        assertTrue(error, Shell.cmd(
+            "set_default_perm $path",
+            "copy_preinit_files"
+        ).exec().isSuccess)
     }
 
     private fun setupModule02(root: ExtendedFile) {

native/src/base/files.cpp

@@ -143,7 +143,7 @@ string resolve_preinit_dir(const char *base_dir) {
     if (access((dir + "/unencrypted").data(), F_OK) == 0) {
         dir += "/unencrypted/magisk";
     } else if (access((dir + "/adb").data(), F_OK) == 0) {
-        dir += "/adb/modules";
+        dir += "/adb";
     } else if (access((dir + "/watchdog").data(), F_OK) == 0) {
         dir += "/watchdog/magisk";
     } else {

native/src/core/daemon.rs

@@ -5,7 +5,7 @@ use crate::ffi::{
     exec_module_scripts, get_magisk_tmp, initialize_denylist, setup_magisk_env,
 };
 use crate::logging::{magisk_logging, setup_logfile, start_log_daemon};
-use crate::mount::{clean_mounts, setup_mounts};
+use crate::mount::{clean_mounts, setup_module_mount, setup_preinit_dir};
 use crate::package::ManagerInfo;
 use crate::selinux::restore_tmpcon;
 use crate::su::SuInfo;
@@ -144,7 +144,7 @@ impl MagiskD {
             Ordering::Release,
         );
         initialize_denylist();
-        setup_mounts();
+        setup_module_mount();
         let modules = self.handle_modules();
         self.module_list.set(modules).ok();
         clean_mounts();
@@ -175,6 +175,7 @@ impl MagiskD {
             secure_dir.mkdir(0o700).log_ok();
         }
 
+        setup_preinit_dir();
         self.ensure_manager();
         self.zygisk_reset(true)
     }

native/src/core/mount.rs

@@ -15,16 +15,13 @@ use crate::consts::{MODULEMNT, MODULEROOT, PREINITDEV, PREINITMIRR, WORKERDIR};
 use crate::ffi::{get_magisk_tmp, resolve_preinit_dir, switch_mnt_ns};
 use crate::get_prop;
 
-pub fn setup_mounts() {
-    info!("* Setup internal mounts");
-
+pub fn setup_preinit_dir() {
     let magisk_tmp = get_magisk_tmp();
 
     // Mount preinit directory
     let dev_path = cstr::buf::new::<64>()
         .join_path(magisk_tmp)
         .join_path(PREINITDEV);
-    let mut linked = false;
     if let Ok(attr) = dev_path.get_attr() {
         if attr.st.st_mode & libc::S_IFMT as c_uint == libc::S_IFBLK.as_() {
             // DO NOT mount the block device directly, as we do not know the flags and configs
@@ -53,23 +50,21 @@ pub fn setup_mounts() {
                         mnt_path.create_symlink_to(preinit_dir)?;
                     };
                     if r.is_ok() {
-                        linked = true;
-                        break;
+                        info!("* Found preinit dir: {}", preinit_dir);
+                        return;
                     }
                 }
             }
         }
     }
-    if !linked {
-        warn!("mount: preinit dir not found");
-        dev_path.remove().ok();
-    } else {
-        debug!("mount: preinit dir found");
-    }
 
+    warn!("mount: preinit dir not found");
+}
+
+pub fn setup_module_mount() {
     // Bind remount module root to clear nosuid
     let module_mnt = cstr::buf::default()
-        .join_path(magisk_tmp)
+        .join_path(get_magisk_tmp())
         .join_path(MODULEMNT);
     let _: LoggedResult<()> = try {
         module_mnt.mkdir(0o755)?;

native/src/init/mount.cpp

@@ -123,8 +123,7 @@ void MagiskInit::mount_preinit_dir() noexcept {
 
     // Since we are mounting the block device directly, make sure to ONLY mount the partitions
     // as read-only, or else the kernel might crash due to crappy drivers.
-    // After the device boots up, magiskd will properly bind mount the correct partition
-    // on to PREINITMIRR as writable. For more details, check bootstages.cpp
+    // After the device boots up, magiskd will properly symlink the correct path at PREINITMIRR as writable.
     if (mounted || mount(PREINITDEV, MIRRDIR, "ext4", MS_RDONLY, nullptr) == 0 ||
         mount(PREINITDEV, MIRRDIR, "f2fs", MS_RDONLY, nullptr) == 0) {
         string preinit_dir = resolve_preinit_dir(MIRRDIR);
@@ -138,8 +137,9 @@ void MagiskInit::mount_preinit_dir() noexcept {
         }
         xumount2(MIRRDIR, MNT_DETACH);
     } else {
-        PLOGE("Failed to mount preinit %s\n", preinit_dev.c_str());
-        unlink(PREINITDEV);
+        PLOGE("Mount preinit %s", preinit_dev.c_str());
+        // Do NOT delete the block device. Even though we cannot mount it here,
+        // it might get formatted later in the boot process.
     }
 }