TheArchive/Magisk
1
0
Fork 0
mirror of https://github.com/topjohnwu/Magisk.git synced 2025-05-19 09:48:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Recognize Samsung custom policy version path

Browse Source
This commit is contained in:
Wang Han 2025-05-09 21:21:16 +08:00 committed by John Wu
parent a2896be4a6
commit a20a2a8fa0
1 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
native/src/init/selinux.rs
View File

@ -11,8 +11,6 @@ use std::ptr;
use std::thread::sleep; use std::thread::sleep;
use std::time::Duration; use std::time::Duration;
const POLICY_VERSION: &Utf8CStr = cstr!("/selinux_version");
const MOCK_VERSION: &Utf8CStr = cstr!(concatcp!(SELINUXMOCK, "/version")); const MOCK_VERSION: &Utf8CStr = cstr!(concatcp!(SELINUXMOCK, "/version"));
const MOCK_LOAD: &Utf8CStr = cstr!(concatcp!(SELINUXMOCK, "/load")); const MOCK_LOAD: &Utf8CStr = cstr!(concatcp!(SELINUXMOCK, "/load"));
const MOCK_ENFORCE: &Utf8CStr = cstr!(concatcp!(SELINUXMOCK, "/enforce")); const MOCK_ENFORCE: &Utf8CStr = cstr!(concatcp!(SELINUXMOCK, "/enforce"));
@ -91,6 +89,7 @@ impl MagiskInit {
cstr!(SELINUXMOCK).mkdir(0o711)?; cstr!(SELINUXMOCK).mkdir(0o711)?;
let mut rules = String::new(); let mut rules = String::new();
let mut policy_ver = cstr!("/selinux_version");
let rule_file = cstr!(concatcp!("/data/", PREINITMIRR, "/sepolicy.rule")); let rule_file = cstr!(concatcp!("/data/", PREINITMIRR, "/sepolicy.rule"));
if rule_file.exists() { if rule_file.exists() {
debug!("Loading custom sepolicy patch: [{}]", rule_file); debug!("Loading custom sepolicy patch: [{}]", rule_file);
@ -108,9 +107,13 @@ impl MagiskInit {
if init.contains(split_plat_cil().as_str().as_bytes()) { if init.contains(split_plat_cil().as_str().as_bytes()) {
// Supports split policy // Supports split policy
strat = SePatchStrategy::SelinuxFs; strat = SePatchStrategy::SelinuxFs;
} else if init.contains(POLICY_VERSION.as_bytes()) { } else if init.contains(policy_ver.as_bytes()) {
// Does not support split policy, hijack /selinux_version // Does not support split policy, hijack /selinux_version
strat = SePatchStrategy::Legacy; strat = SePatchStrategy::Legacy;
} else if init.contains(cstr!("/sepolicy_version").as_bytes()) {
// Samsung custom path
policy_ver = cstr!("/sepolicy_version");
strat = SePatchStrategy::Legacy;
} else { } else {
error!("Unknown sepolicy setup, abort..."); error!("Unknown sepolicy setup, abort...");
return Ok(()); return Ok(());
@ -160,15 +163,15 @@ impl MagiskInit {
SePatchStrategy::Legacy => { SePatchStrategy::Legacy => {
info!("SePatchStrategy: LEGACY"); info!("SePatchStrategy: LEGACY");
if !POLICY_VERSION.exists() { if !policy_ver.exists() {
// The file does not exist, create one // The file does not exist, create one
drop(POLICY_VERSION.create(libc::O_RDONLY, 0o666)?); drop(policy_ver.create(libc::O_RDONLY, 0o666)?);
} }
// The only purpose of this is to block init's control flow after it mounts // The only purpose of this is to block init's control flow after it mounts
// selinuxfs and before it calls security_load_policy(). // selinuxfs and before it calls security_load_policy().
// selinux_android_load_policy() -> set_policy_index() -> open(POLICY_VERSION) // selinux_android_load_policy() -> set_policy_index() -> open(policy_ver)
mock_fifo(POLICY_VERSION, MOCK_VERSION)?; mock_fifo(policy_ver, MOCK_VERSION)?;
} }
} }
@ -203,7 +206,7 @@ impl MagiskInit {
// This will unblock init at selinux_android_load_policy() -> set_policy_index(). // This will unblock init at selinux_android_load_policy() -> set_policy_index().
drop(MOCK_VERSION.open(libc::O_WRONLY)?); drop(MOCK_VERSION.open(libc::O_WRONLY)?);
POLICY_VERSION.unmount()?; policy_ver.unmount()?;
// libselinux does not read /selinux_version after open; instead it mmap the file, // libselinux does not read /selinux_version after open; instead it mmap the file,
// which can never succeed on FIFO files. This is fine as set_policy_index() will just // which can never succeed on FIFO files. This is fine as set_policy_index() will just