From 9c27d691dd2d54f8ca704870aeb22a36fe65a12e Mon Sep 17 00:00:00 2001 From: topjohnwu Date: Sat, 19 Oct 2019 03:11:54 -0400 Subject: [PATCH] Drop API 17 (Android 4.2) support --- build.gradle | 2 +- native/jni/core/applets.cpp | 2 +- native/jni/init/rootdir.cpp | 27 +++++++++++++-------------- native/jni/utils/include/selinux.h | 3 +-- native/jni/utils/selinux.cpp | 15 --------------- scripts/flash_script.sh | 2 +- 6 files changed, 17 insertions(+), 34 deletions(-) diff --git a/build.gradle b/build.gradle index f0236679e..28680819c 100644 --- a/build.gradle +++ b/build.gradle @@ -47,7 +47,7 @@ subprojects { defaultConfig { if (minSdkVersion == null) - minSdkVersion 17 + minSdkVersion 18 targetSdkVersion 28 } diff --git a/native/jni/core/applets.cpp b/native/jni/core/applets.cpp index 4932bc9e0..f1ab263bf 100644 --- a/native/jni/core/applets.cpp +++ b/native/jni/core/applets.cpp @@ -26,7 +26,7 @@ static int (*applet_main[]) (int, char *[]) = int main(int argc, char *argv[]) { umask(0); - dload_selinux(); + selinux_builtin_impl(); cmdline_logging(); init_argv0(argc, argv); diff --git a/native/jni/init/rootdir.cpp b/native/jni/init/rootdir.cpp index e5a362e8f..6d39bce33 100644 --- a/native/jni/init/rootdir.cpp +++ b/native/jni/init/rootdir.cpp @@ -153,24 +153,23 @@ void SARCompatInit::setup_rootfs() { } bool MagiskInit::patch_sepolicy(const char *file) { - bool patch_init = false; - - if (access(SPLIT_PLAT_CIL, R_OK) == 0) { - LOGD("sepol: split policy\n"); - patch_init = true; - } else if (access("/sepolicy", R_OK) == 0) { - LOGD("sepol: monolithic policy\n"); - load_policydb("/sepolicy"); - } else { - LOGD("sepol: no selinux\n"); - return false; - } + bool require_patch = false; // Mount selinuxfs to communicate with kernel xmount("selinuxfs", SELINUX_MNT, "selinuxfs", 0, nullptr); - if (patch_init) + if (access(SPLIT_PLAT_CIL, R_OK) == 0) { + LOGD("sepol: split policy\n"); load_split_cil(); + require_patch = true; + } else if (access("/sepolicy", R_OK) == 0) { + LOGD("sepol: monolithic policy\n"); + load_policydb("/sepolicy"); + } else { + // Fatal error!! + LOGD("sepol: no selinux\n"); + return false; + } sepol_magisk_rules(); sepol_allow(SEPOL_PROC_DOMAIN, ALL, ALL, ALL); @@ -182,7 +181,7 @@ bool MagiskInit::patch_sepolicy(const char *file) { link("/sepolicy", "/sepolicy_debug"); } - return patch_init; + return require_patch; } constexpr const char wrapper[] = diff --git a/native/jni/utils/include/selinux.h b/native/jni/utils/include/selinux.h index 322afaaff..15e4615e8 100644 --- a/native/jni/utils/include/selinux.h +++ b/native/jni/utils/include/selinux.h @@ -20,7 +20,7 @@ __BEGIN_DECLS -extern void (*freecon)(char *con); +#define freecon free extern int (*setcon)(const char *con); extern int (*getfilecon)(const char *path, char **con); extern int (*lgetfilecon)(const char *path, char **con); @@ -32,7 +32,6 @@ void getfilecon_at(int dirfd, const char *name, char **con); void setfilecon_at(int dirfd, const char *name, const char *con); void selinux_builtin_impl(); -void dload_selinux(); void restorecon(); void restore_rootcon(); diff --git a/native/jni/utils/selinux.cpp b/native/jni/utils/selinux.cpp index ed3696191..d530c3392 100644 --- a/native/jni/utils/selinux.cpp +++ b/native/jni/utils/selinux.cpp @@ -38,10 +38,6 @@ static int stub(int, char **ctx) { // Builtin implementation -static void __freecon(char *s) { - free(s); -} - static int __setcon(const char *ctx) { int fd = open("/proc/self/attr/current", O_WRONLY | O_CLOEXEC); if (fd < 0) @@ -114,7 +110,6 @@ static int __fsetfilecon(int fd, const char *ctx) { // Function pointers -void (*freecon)(char *) = __freecon; int (*setcon)(const char *) = stub; int (*getfilecon)(const char *, char **) = stub; int (*lgetfilecon)(const char *, char **) = stub; @@ -146,16 +141,6 @@ void selinux_builtin_impl() { fsetfilecon = __fsetfilecon; } -void dload_selinux() { - if (access("/system/lib/libselinux.so", F_OK)) - return; - /* We only check whether libselinux.so exists but don't dlopen. - * For some reason calling symbols returned from dlsym - * will result to SEGV_ACCERR on some devices. - * Always use builtin implementations for SELinux stuffs. */ - selinux_builtin_impl(); -} - static void restore_syscon(int dirfd) { struct dirent *entry; DIR *dir; diff --git a/scripts/flash_script.sh b/scripts/flash_script.sh index f8f47e4cf..0239db1de 100644 --- a/scripts/flash_script.sh +++ b/scripts/flash_script.sh @@ -53,7 +53,7 @@ ui_print "- Target image: $BOOTIMAGE" # Detect version and architecture api_level_arch_detect -[ $API -lt 17 ] && abort "! Magisk is only for Android 4.2 and above" +[ $API -lt 18 ] && abort "! Magisk is only for Android 4.3 and above" ui_print "- Device platform: $ARCH"