mirror of
https://github.com/topjohnwu/Magisk.git
synced 2024-12-24 17:37:39 +00:00
Fix proper Lollipop selinux support
This commit is contained in:
parent
28a945fee9
commit
96688e4dac
@ -93,8 +93,8 @@ include $(BUILD_EXECUTABLE)
|
|||||||
ifeq ($(TARGET_ARCH_ABI), arm64-v8a)
|
ifeq ($(TARGET_ARCH_ABI), arm64-v8a)
|
||||||
include $(CLEAR_VARS)
|
include $(CLEAR_VARS)
|
||||||
LOCAL_MODULE := magiskinit
|
LOCAL_MODULE := magiskinit
|
||||||
LOCAL_STATIC_LIBRARIES := libsepol libselinux_static
|
LOCAL_STATIC_LIBRARIES := libsepol
|
||||||
LOCAL_C_INCLUDES := jni/include $(LIBSEPOL) $(LIBSELINUX)
|
LOCAL_C_INCLUDES := jni/include $(LIBSEPOL)
|
||||||
LOCAL_SRC_FILES := \
|
LOCAL_SRC_FILES := \
|
||||||
magiskinit.c \
|
magiskinit.c \
|
||||||
magiskboot/boot_utils.c \
|
magiskboot/boot_utils.c \
|
||||||
@ -103,6 +103,7 @@ LOCAL_SRC_FILES := \
|
|||||||
magiskpolicy/rules.c \
|
magiskpolicy/rules.c \
|
||||||
magiskpolicy/sepolicy.c \
|
magiskpolicy/sepolicy.c \
|
||||||
magiskpolicy/api.c
|
magiskpolicy/api.c
|
||||||
|
LOCAL_CFLAGS := -DNO_SELINUX
|
||||||
LOCAL_LDFLAGS := -static
|
LOCAL_LDFLAGS := -static
|
||||||
include $(BUILD_EXECUTABLE)
|
include $(BUILD_EXECUTABLE)
|
||||||
endif
|
endif
|
||||||
|
8
jni/external/Android.mk
vendored
8
jni/external/Android.mk
vendored
@ -14,14 +14,6 @@ LOCAL_C_INCLUDES := $(LIBSELINUX)
|
|||||||
LOCAL_SRC_FILES := stubs/selinux_stub.c
|
LOCAL_SRC_FILES := stubs/selinux_stub.c
|
||||||
include $(BUILD_SHARED_LIBRARY)
|
include $(BUILD_SHARED_LIBRARY)
|
||||||
|
|
||||||
# libselinux_static.a (stub)
|
|
||||||
include $(CLEAR_VARS)
|
|
||||||
LOCAL_MODULE:= libselinux_static
|
|
||||||
LOCAL_C_INCLUDES := $(LIBSELINUX)
|
|
||||||
LOCAL_SRC_FILES := stubs/selinux_stub.c
|
|
||||||
include $(BUILD_STATIC_LIBRARY)
|
|
||||||
|
|
||||||
|
|
||||||
# libfdt
|
# libfdt
|
||||||
include $(CLEAR_VARS)
|
include $(CLEAR_VARS)
|
||||||
LOCAL_MODULE:= libfdt
|
LOCAL_MODULE:= libfdt
|
||||||
|
@ -99,6 +99,7 @@ struct file_attr {
|
|||||||
char con[128];
|
char con[128];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
int fd_getpath(int fd, char *path, size_t size);
|
||||||
int mkdir_p(const char *pathname, mode_t mode);
|
int mkdir_p(const char *pathname, mode_t mode);
|
||||||
void rm_rf(const char *path);
|
void rm_rf(const char *path);
|
||||||
void frm_rf(int dirfd);
|
void frm_rf(int dirfd);
|
||||||
|
@ -5,7 +5,10 @@
|
|||||||
#include <fcntl.h>
|
#include <fcntl.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
#include <sys/sendfile.h>
|
#include <sys/sendfile.h>
|
||||||
|
|
||||||
|
#ifndef NO_SELINUX
|
||||||
#include <selinux/selinux.h>
|
#include <selinux/selinux.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
#include "utils.h"
|
#include "utils.h"
|
||||||
|
|
||||||
@ -19,6 +22,13 @@ static int is_excl(const char *name) {
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int fd_getpath(int fd, char *path, size_t size) {
|
||||||
|
snprintf(path, size, "/proc/self/fd/%d", fd);
|
||||||
|
if (xreadlink(path, path, size) == -1)
|
||||||
|
return -1;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
int mkdir_p(const char *pathname, mode_t mode) {
|
int mkdir_p(const char *pathname, mode_t mode) {
|
||||||
char *path = strdup(pathname), *p;
|
char *path = strdup(pathname), *p;
|
||||||
errno = 0;
|
errno = 0;
|
||||||
@ -201,16 +211,22 @@ void clone_dir(int src, int dest) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
int getattr(const char *path, struct file_attr *a) {
|
int getattr(const char *path, struct file_attr *a) {
|
||||||
int fd = open(path, O_PATH | O_NOFOLLOW | O_CLOEXEC);
|
if (xlstat(path, &a->st) == -1)
|
||||||
if (fd < 0)
|
|
||||||
return -1;
|
return -1;
|
||||||
int ret = fgetattr(fd, a);
|
char *con = "";
|
||||||
close(fd);
|
#ifndef NO_SELINUX
|
||||||
return ret;
|
if (lgetfilecon(path, &con) == -1)
|
||||||
|
return -1;
|
||||||
|
strcpy(a->con, con);
|
||||||
|
freecon(con);
|
||||||
|
#else
|
||||||
|
a->con[0] = '\0';
|
||||||
|
#endif
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int getattrat(int dirfd, const char *pathname, struct file_attr *a) {
|
int getattrat(int dirfd, const char *pathname, struct file_attr *a) {
|
||||||
int fd = openat(dirfd, pathname, O_PATH | O_NOFOLLOW | O_CLOEXEC);
|
int fd = xopenat(dirfd, pathname, O_PATH | O_NOFOLLOW | O_CLOEXEC);
|
||||||
if (fd < 0)
|
if (fd < 0)
|
||||||
return -1;
|
return -1;
|
||||||
int ret = fgetattr(fd, a);
|
int ret = fgetattr(fd, a);
|
||||||
@ -219,27 +235,32 @@ int getattrat(int dirfd, const char *pathname, struct file_attr *a) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
int fgetattr(int fd, struct file_attr *a) {
|
int fgetattr(int fd, struct file_attr *a) {
|
||||||
if (fstat(fd, &a->st) < 0)
|
#ifndef NO_SELINUX
|
||||||
|
char path[PATH_MAX];
|
||||||
|
fd_getpath(fd, path, sizeof(path));
|
||||||
|
return getattr(path, a);
|
||||||
|
#else
|
||||||
|
if (fstat(fd, &a->st) == -1)
|
||||||
return -1;
|
return -1;
|
||||||
char *con = "";
|
a->con[0] = '\0';
|
||||||
if (fgetfilecon(fd, &con) < 0)
|
|
||||||
return -1;
|
|
||||||
strcpy(a->con, con);
|
|
||||||
freecon(con);
|
|
||||||
return 0;
|
return 0;
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
int setattr(const char *path, struct file_attr *a) {
|
int setattr(const char *path, struct file_attr *a) {
|
||||||
int fd = open(path, O_PATH | O_NOFOLLOW | O_CLOEXEC);
|
if (chmod(path, a->st.st_mode & 0777) < 0)
|
||||||
if (fd < 0)
|
|
||||||
return -1;
|
return -1;
|
||||||
int ret = fsetattr(fd, a);
|
if (chown(path, a->st.st_uid, a->st.st_gid) < 0)
|
||||||
close(fd);
|
return -1;
|
||||||
return ret;
|
#ifndef NO_SELINUX
|
||||||
|
if (strlen(a->con) && lsetfilecon(path, a->con) < 0)
|
||||||
|
return -1;
|
||||||
|
#endif
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int setattrat(int dirfd, const char *pathname, struct file_attr *a) {
|
int setattrat(int dirfd, const char *pathname, struct file_attr *a) {
|
||||||
int fd = openat(dirfd, pathname, O_PATH | O_NOFOLLOW | O_CLOEXEC);
|
int fd = xopenat(dirfd, pathname, O_PATH | O_NOFOLLOW | O_CLOEXEC);
|
||||||
if (fd < 0)
|
if (fd < 0)
|
||||||
return -1;
|
return -1;
|
||||||
int ret = fsetattr(fd, a);
|
int ret = fsetattr(fd, a);
|
||||||
@ -248,13 +269,17 @@ int setattrat(int dirfd, const char *pathname, struct file_attr *a) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
int fsetattr(int fd, struct file_attr *a) {
|
int fsetattr(int fd, struct file_attr *a) {
|
||||||
|
#ifndef NO_SELINUX
|
||||||
|
char path[PATH_MAX];
|
||||||
|
fd_getpath(fd, path, sizeof(path));
|
||||||
|
return setattr(path, a);
|
||||||
|
#else
|
||||||
if (fchmod(fd, a->st.st_mode & 0777) < 0)
|
if (fchmod(fd, a->st.st_mode & 0777) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
if (fchown(fd, a->st.st_uid, a->st.st_gid) < 0)
|
if (fchown(fd, a->st.st_uid, a->st.st_gid) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
if (strlen(a->con) && fsetfilecon(fd, a->con) < 0)
|
|
||||||
return -1;
|
|
||||||
return 0;
|
return 0;
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
void clone_attr(const char *source, const char *target) {
|
void clone_attr(const char *source, const char *target) {
|
||||||
@ -269,6 +294,8 @@ void fclone_attr(const int sourcefd, const int targetfd) {
|
|||||||
fsetattr(targetfd, &a);
|
fsetattr(targetfd, &a);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifndef NO_SELINUX
|
||||||
|
|
||||||
#define UNLABEL_CON "u:object_r:unlabeled:s0"
|
#define UNLABEL_CON "u:object_r:unlabeled:s0"
|
||||||
#define SYSTEM_CON "u:object_r:system_file:s0"
|
#define SYSTEM_CON "u:object_r:system_file:s0"
|
||||||
|
|
||||||
@ -276,11 +303,12 @@ void restorecon(int dirfd, int force) {
|
|||||||
struct dirent *entry;
|
struct dirent *entry;
|
||||||
DIR *dir;
|
DIR *dir;
|
||||||
int fd;
|
int fd;
|
||||||
char *con;
|
char path[PATH_MAX], *con;
|
||||||
|
|
||||||
fgetfilecon(dirfd, &con);
|
fd_getpath(dirfd, path, sizeof(path));
|
||||||
|
lgetfilecon(path, &con);
|
||||||
if (force || strlen(con) == 0 || strcmp(con, UNLABEL_CON) == 0)
|
if (force || strlen(con) == 0 || strcmp(con, UNLABEL_CON) == 0)
|
||||||
fsetfilecon(dirfd, SYSTEM_CON);
|
lsetfilecon(path, SYSTEM_CON);
|
||||||
freecon(con);
|
freecon(con);
|
||||||
|
|
||||||
dir = xfdopendir(dirfd);
|
dir = xfdopendir(dirfd);
|
||||||
@ -292,11 +320,14 @@ void restorecon(int dirfd, int force) {
|
|||||||
restorecon(fd, force);
|
restorecon(fd, force);
|
||||||
} else {
|
} else {
|
||||||
fd = xopenat(dirfd, entry->d_name, O_PATH | O_NOFOLLOW | O_CLOEXEC);
|
fd = xopenat(dirfd, entry->d_name, O_PATH | O_NOFOLLOW | O_CLOEXEC);
|
||||||
fgetfilecon(fd, &con);
|
fd_getpath(fd, path, sizeof(path));
|
||||||
|
lgetfilecon(path, &con);
|
||||||
if (force || strlen(con) == 0 || strcmp(con, UNLABEL_CON) == 0)
|
if (force || strlen(con) == 0 || strcmp(con, UNLABEL_CON) == 0)
|
||||||
fsetfilecon(fd, SYSTEM_CON);
|
lsetfilecon(path, SYSTEM_CON);
|
||||||
freecon(con);
|
freecon(con);
|
||||||
}
|
}
|
||||||
close(fd);
|
close(fd);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#endif // NO_SELINUX
|
||||||
|
@ -163,6 +163,7 @@ void umount_image(const char *target, const char *device) {
|
|||||||
int merge_img(const char *source, const char *target) {
|
int merge_img(const char *source, const char *target) {
|
||||||
if (access(source, F_OK) == -1)
|
if (access(source, F_OK) == -1)
|
||||||
return 0;
|
return 0;
|
||||||
|
LOGI("* Merging %s -> %s\n", source, target);
|
||||||
if (access(target, F_OK) == -1) {
|
if (access(target, F_OK) == -1) {
|
||||||
xrename(source, target);
|
xrename(source, target);
|
||||||
return 0;
|
return 0;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user