mirror of
https://github.com/topjohnwu/Magisk.git
synced 2024-12-22 07:57:39 +00:00
Misc changes
- actions: Update all actions/checkout references to v4 - magiskboot: Add missing new line to dtb help message - docs: Update documents, fix some errors and remove outdated info
This commit is contained in:
parent
8d5b9e5329
commit
68442f38ac
2
.github/workflows/build.yml
vendored
2
.github/workflows/build.yml
vendored
@ -107,7 +107,7 @@ jobs:
|
|||||||
|
|
||||||
steps:
|
steps:
|
||||||
- name: Check out
|
- name: Check out
|
||||||
uses: actions/checkout@v3
|
uses: actions/checkout@v4
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
|
|
||||||
|
@ -110,4 +110,4 @@ Before Android 8.0, all allowed su client domains are allowed to directly connec
|
|||||||
|
|
||||||
After Android 8.0, to reduce relaxation of rules in Android's sandbox, a new SELinux model is deployed. The `magisk` binary is labelled with `magisk_exec` file type, and processes running as allowed su client domains executing the `magisk` binary (this includes the `su` command) will transit to `magisk_client` by using a `type_transition` rule. Rules strictly restrict that only `magisk` domain processes are allowed to attribute files to `magisk_exec`. Direct connection to sockets of `magiskd` are not allowed; the only way to access the daemon is through a `magisk_client` process. These changes allow us to keep the sandbox intact, and keep Magisk specific rules separated from the rest of the policies.
|
After Android 8.0, to reduce relaxation of rules in Android's sandbox, a new SELinux model is deployed. The `magisk` binary is labelled with `magisk_exec` file type, and processes running as allowed su client domains executing the `magisk` binary (this includes the `su` command) will transit to `magisk_client` by using a `type_transition` rule. Rules strictly restrict that only `magisk` domain processes are allowed to attribute files to `magisk_exec`. Direct connection to sockets of `magiskd` are not allowed; the only way to access the daemon is through a `magisk_client` process. These changes allow us to keep the sandbox intact, and keep Magisk specific rules separated from the rest of the policies.
|
||||||
|
|
||||||
The full set of rules can be found in `magiskpolicy/rules.cpp`.
|
The full set of rules can be found in `sepolicy/rules.cpp`.
|
||||||
|
@ -265,7 +265,7 @@ Overlay files shall be placed in the `overlay.d` folder in boot image ramdisk, a
|
|||||||
|
|
||||||
To add additional files which you can refer to in your custom `*.rc` scripts, add them into `overlay.d/sbin`. The 3 rules above do not apply to anything in this folder; instead, they will be directly copied to Magisk's internal `tmpfs` directory (which used to always be `/sbin`).
|
To add additional files which you can refer to in your custom `*.rc` scripts, add them into `overlay.d/sbin`. The 3 rules above do not apply to anything in this folder; instead, they will be directly copied to Magisk's internal `tmpfs` directory (which used to always be `/sbin`).
|
||||||
|
|
||||||
Starting from Android 11, the `/sbin` folder may no longer exists, and in that scenario, Magisk randomly generates a different `tmpfs` folder each boot. Every occurrence of the pattern `${MAGISKTMP}` in your `*.rc` scripts will be replaced with the Magisk `tmpfs` folder when `magiskinit` injects it into `init.rc`. On pre Android 11 devices, `${MAGISKTMP}` will simply be replaced with `/sbin`, so **NEVER** hardcode `/sbin` in the `*.rc` scripts when referencing these additional files.
|
Starting from Android 11, the `/sbin` folder may no longer exists, and in that scenario, Magisk uses `/debug_ramdisk` instead. Every occurrence of the pattern `${MAGISKTMP}` in your `*.rc` scripts will be replaced with the Magisk `tmpfs` folder when `magiskinit` injects it into `init.rc`. On pre Android 11 devices, `${MAGISKTMP}` will simply be replaced with `/sbin`, so **NEVER** hardcode `/sbin` in the `*.rc` scripts when referencing these additional files.
|
||||||
|
|
||||||
Here is an example of how to setup `overlay.d` with a custom `*.rc` script:
|
Here is an example of how to setup `overlay.d` with a custom `*.rc` script:
|
||||||
|
|
||||||
|
@ -16,7 +16,7 @@ su -> magisk
|
|||||||
|
|
||||||
A tool to unpack / repack boot images, parse / patch / extract cpio, patch dtb, hex patch binaries, and compress / decompress files with multiple algorithms.
|
A tool to unpack / repack boot images, parse / patch / extract cpio, patch dtb, hex patch binaries, and compress / decompress files with multiple algorithms.
|
||||||
|
|
||||||
`magiskboot` natively supports (which means it does not rely on external tools) common compression formats including `gzip`, `lz4`, `lz4_legacy` ([only used on LG](https://events.static.linuxfound.org/sites/events/files/lcjpcojp13_klee.pdf)), `lzma`, `xz`, and `bzip2`.
|
`magiskboot` natively supports (which means it does not rely on external tools) common compression formats including `gzip`, `lz4`, `lz4_legacy` , `lz4_lg` ([the LG edition](https://events.static.linuxfound.org/sites/events/files/lcjpcojp13_klee.pdf) of `lz4_legacy`, only used on LG), `lzma`, `xz`, and `bzip2`.
|
||||||
|
|
||||||
The concept of `magiskboot` is to make boot image modification simpler. For unpacking, it parses the header and extracts all sections in the image, decompressing on-the-fly if compression is detected in any sections. For repacking, the original boot image is required so the original headers can be used, changing only the necessary entries such as section sizes and checksum. All sections will be compressed back to the original format if required. The tool also supports many CPIO and DTB operations.
|
The concept of `magiskboot` is to make boot image modification simpler. For unpacking, it parses the header and extracts all sections in the image, decompressing on-the-fly if compression is detected in any sections. For repacking, the original boot image is required so the original headers can be used, changing only the necessary entries such as section sizes and checksum. All sections will be compressed back to the original format if required. The tool also supports many CPIO and DTB operations.
|
||||||
|
|
||||||
@ -51,6 +51,28 @@ Supported actions:
|
|||||||
If env variable PATCHVBMETAFLAG is set to true, all disable flags in
|
If env variable PATCHVBMETAFLAG is set to true, all disable flags in
|
||||||
the boot image's vbmeta header will be set.
|
the boot image's vbmeta header will be set.
|
||||||
|
|
||||||
|
verify <bootimg> [x509.pem]
|
||||||
|
Check whether the boot image is signed with AVB 1.0 signature.
|
||||||
|
Optionally provide a certificate to verify whether the image is
|
||||||
|
signed by the public key certificate.
|
||||||
|
Return value:
|
||||||
|
0:valid 1:error
|
||||||
|
|
||||||
|
sign <bootimg> [name] [x509.pem pk8]
|
||||||
|
Sign <bootimg> with AVB 1.0 signature.
|
||||||
|
Optionally provide the name of the image (default: '/boot').
|
||||||
|
Optionally provide the certificate/private key pair for signing.
|
||||||
|
If the certificate/private key pair is not provided, the AOSP
|
||||||
|
verity key bundled in the executable will be used.
|
||||||
|
|
||||||
|
extract <payload.bin> [partition] [outfile]
|
||||||
|
Extract [partition] from <payload.bin> to [outfile].
|
||||||
|
If [outfile] is not specified, then output to '[partition].img'.
|
||||||
|
If [partition] is not specified, then attempt to extract either
|
||||||
|
'init_boot' or 'boot'. Which partition was chosen can be determined
|
||||||
|
by whichever 'init_boot.img' or 'boot.img' exists.
|
||||||
|
<payload.bin> can be '-' to be STDIN.
|
||||||
|
|
||||||
hexpatch <file> <hexpattern1> <hexpattern2>
|
hexpatch <file> <hexpattern1> <hexpattern2>
|
||||||
Search <hexpattern1> in <file>, and replace it with <hexpattern2>
|
Search <hexpattern1> in <file>, and replace it with <hexpattern2>
|
||||||
|
|
||||||
@ -83,8 +105,6 @@ Supported actions:
|
|||||||
Create ramdisk backups from ORIG
|
Create ramdisk backups from ORIG
|
||||||
restore
|
restore
|
||||||
Restore ramdisk from ramdisk backup stored within incpio
|
Restore ramdisk from ramdisk backup stored within incpio
|
||||||
sha1
|
|
||||||
Print stock boot SHA1 if previously backed up in ramdisk
|
|
||||||
|
|
||||||
dtb <file> <action> [args...]
|
dtb <file> <action> [args...]
|
||||||
Do dtb related actions to <file>
|
Do dtb related actions to <file>
|
||||||
@ -222,7 +242,7 @@ Options:
|
|||||||
-v print running daemon version
|
-v print running daemon version
|
||||||
-V print running daemon version code
|
-V print running daemon version code
|
||||||
--list list all available applets
|
--list list all available applets
|
||||||
--remove-modules remove all modules and reboot
|
--remove-modules [-n] remove all modules, reboot if -n is not provided
|
||||||
--install-module ZIP install a module zip file
|
--install-module ZIP install a module zip file
|
||||||
|
|
||||||
Advanced Options (Internal APIs):
|
Advanced Options (Internal APIs):
|
||||||
@ -237,6 +257,7 @@ Advanced Options (Internal APIs):
|
|||||||
--sqlite SQL exec SQL commands to Magisk database
|
--sqlite SQL exec SQL commands to Magisk database
|
||||||
--path print Magisk tmpfs mount path
|
--path print Magisk tmpfs mount path
|
||||||
--denylist ARGS denylist config CLI
|
--denylist ARGS denylist config CLI
|
||||||
|
--preinit-device resolve a device to store preinit files
|
||||||
|
|
||||||
Available applets:
|
Available applets:
|
||||||
su, resetprop
|
su, resetprop
|
||||||
@ -261,20 +282,24 @@ An applet of `magisk`, the MagiskSU entry point. Good old `su` command.
|
|||||||
Usage: su [options] [-] [user [argument...]]
|
Usage: su [options] [-] [user [argument...]]
|
||||||
|
|
||||||
Options:
|
Options:
|
||||||
-c, --command COMMAND pass COMMAND to the invoked shell
|
-c, --command COMMAND Pass COMMAND to the invoked shell
|
||||||
-h, --help display this help message and exit
|
-g, --group GROUP Specify the primary group
|
||||||
-, -l, --login pretend the shell to be a login shell
|
-G, --supp-group GROUP Specify a supplementary group.
|
||||||
|
The first specified supplementary group is also used
|
||||||
|
as a primary group if the option -g is not specified.
|
||||||
|
-Z, --context CONTEXT Change SELinux context
|
||||||
|
-t, --target PID PID to take mount namespace from
|
||||||
|
-h, --help Display this help message and exit
|
||||||
|
-, -l, --login Pretend the shell to be a login shell
|
||||||
-m, -p,
|
-m, -p,
|
||||||
--preserve-environment preserve the entire environment
|
--preserve-environment Preserve the entire environment
|
||||||
-s, --shell SHELL use SHELL instead of the default /system/bin/sh
|
-s, --shell SHELL Use SHELL instead of the default /system/bin/sh
|
||||||
-v, --version display version number and exit
|
-v, --version Display version number and exit
|
||||||
-V display version code and exit
|
-V Display version code and exit
|
||||||
-mm, -M,
|
-mm, -M,
|
||||||
--mount-master force run in the global mount namespace
|
--mount-master Force run in the global mount namespace
|
||||||
```
|
```
|
||||||
|
|
||||||
Note: even though the `-Z, --context` option is not listed above, the option still exists for CLI compatibility with apps designed for SuperSU. However the option is silently ignored since it's no longer relevant.
|
|
||||||
|
|
||||||
### resetprop
|
### resetprop
|
||||||
|
|
||||||
An applet of `magisk`. An advanced system property manipulation utility. Check the [Resetprop Details](details.md#resetprop) for more background information.
|
An applet of `magisk`. An advanced system property manipulation utility. Check the [Resetprop Details](details.md#resetprop) for more background information.
|
||||||
|
@ -49,7 +49,8 @@ fn print_dtb_usage() {
|
|||||||
Do dtb related actions to <file>.
|
Do dtb related actions to <file>.
|
||||||
|
|
||||||
Supported actions:
|
Supported actions:
|
||||||
print [-f] Print all contents of dtb for debugging
|
print [-f]
|
||||||
|
Print all contents of dtb for debugging
|
||||||
Specify [-f] to only print fstab nodes
|
Specify [-f] to only print fstab nodes
|
||||||
patch
|
patch
|
||||||
Search for fstab and remove verity/avb
|
Search for fstab and remove verity/avb
|
||||||
|
Loading…
x
Reference in New Issue
Block a user