Fix restorecon

2025-12-14 10:31:46 +00:00 · 2023-03-15 00:24:33 +08:00
parent a18a440236
commit 69529ac59c
8 changed files with 16 additions and 21 deletions
--- a/native/src/core/bootstages.cpp
+++ b/native/src/core/bootstages.cpp
@@ -57,7 +57,6 @@ static void mount_mirrors() {
        xmount(nullptr, dest.data(), nullptr, MS_REMOUNT | MS_BIND | MS_RDONLY, nullptr);
        xmount(nullptr, dest.data(), nullptr, MS_PRIVATE, nullptr);
        chmod(SECURE_DIR, 0700);
-        restorecon();
    }

    // Check and mount preinit mirror
@@ -233,8 +232,7 @@ static bool magisk_env() {
    xmkdir(DATABIN, 0755);
    xmkdir(SECURE_DIR "/post-fs-data.d", 0755);
    xmkdir(SECURE_DIR "/service.d", 0755);
-
-    restore_databincon();
+    restorecon();

    if (access(DATABIN "/busybox", X_OK))
        return false;
--- a/native/src/core/daemon.cpp
+++ b/native/src/core/daemon.cpp
@@ -317,7 +317,7 @@ static void daemon_entry() {
        close(fd);

    setsid();
-    setcon("u:r:" SEPOL_PROC_DOMAIN ":s0");
+    setcon(MAGISK_PROC_CON);

    start_log_daemon();

--- a/native/src/core/restorecon.cpp
+++ b/native/src/core/restorecon.cpp
@@ -10,10 +10,9 @@ using namespace std;
 #define SYSTEM_CON  "u:object_r:system_file:s0"
 #define ADB_CON     "u:object_r:adb_data_file:s0"
 #define ROOT_CON    "u:object_r:rootfs:s0"
-#define MAGISK_CON  "u:object_r:" SEPOL_FILE_TYPE ":s0"
 #define EXEC_CON    "u:object_r:" SEPOL_EXEC_TYPE ":s0"

-static void restore_syscon(int dirfd) {
+static void restore_syscon_from_null(int dirfd) {
    struct dirent *entry;
    char *con;

@@ -27,7 +26,7 @@ static void restore_syscon(int dirfd) {
    while ((entry = xreaddir(dir.get()))) {
        int fd = openat(dirfd, entry->d_name, O_RDONLY | O_CLOEXEC);
        if (entry->d_type == DT_DIR) {
-            restore_syscon(fd);
+            restore_syscon_from_null(fd);
            continue;
        } else if (entry->d_type == DT_REG) {
            if (fgetfilecon(fd, &con) >= 0) {
@@ -45,20 +44,20 @@ static void restore_syscon(int dirfd) {
    }
 }

-static void restore_magiskcon(int dirfd) {
+static void restore_syscon(int dirfd) {
    struct dirent *entry;

-    fsetfilecon(dirfd, MAGISK_CON);
+    fsetfilecon(dirfd, SYSTEM_CON);
    fchown(dirfd, 0, 0);

    auto dir = xopen_dir(dirfd);
    while ((entry = xreaddir(dir.get()))) {
        int fd = xopenat(dirfd, entry->d_name, O_RDONLY | O_CLOEXEC);
        if (entry->d_type == DT_DIR) {
-            restore_magiskcon(fd);
+            restore_syscon(fd);
            continue;
        } else if (entry->d_type) {
-            fsetfilecon(fd, MAGISK_CON);
+            fsetfilecon(fd, SYSTEM_CON);
            fchown(fd, 0, 0);
        }
        close(fd);
@@ -73,11 +72,8 @@ void restorecon() {
        lsetfilecon(SECURE_DIR, ADB_CON);
    close(fd);
    lsetfilecon(MODULEROOT, SYSTEM_CON);
-    restore_syscon(xopen(MODULEROOT, O_RDONLY | O_CLOEXEC));
-}
-
-void restore_databincon() {
-    restore_magiskcon(xopen(DATABIN, O_RDONLY | O_CLOEXEC));
+    restore_syscon_from_null(xopen(MODULEROOT, O_RDONLY | O_CLOEXEC));
+    restore_syscon(xopen(DATABIN, O_RDONLY | O_CLOEXEC));
 }

 void restore_tmpcon() {
--- a/native/src/core/scripting.cpp
+++ b/native/src/core/scripting.cpp
@@ -159,7 +159,7 @@ rm -f $APK
 )EOF";

 void install_apk(const char *apk) {
-    setfilecon(apk, "u:object_r:" SEPOL_FILE_TYPE ":s0");
+    setfilecon(apk, MAGISK_FILE_CON);
    exec_t exec {
        .fork = fork_no_orphan
    };