diff --git a/native/jni/magiskpolicy/rules.c b/native/jni/magiskpolicy/rules.c index 4ae3ab9e6..dbdcbec49 100644 --- a/native/jni/magiskpolicy/rules.c +++ b/native/jni/magiskpolicy/rules.c @@ -124,7 +124,7 @@ void sepol_magisk_rules() { sepol_allow(SEPOL_PROC_DOMAIN, "kernel", "security", "read_policy"); sepol_allow(SEPOL_PROC_DOMAIN, "kernel", "security", "load_policy"); - // Allow these client to access su + // Allow these processes to access MagiskSU allowSuClient("init"); allowSuClient("shell"); allowSuClient("system_app"); @@ -133,6 +133,7 @@ void sepol_magisk_rules() { allowSuClient("untrusted_app"); allowSuClient("untrusted_app_25"); allowSuClient("untrusted_app_27"); + allowSuClient("update_engine"); // Some superuser stuffs otherToSU(); @@ -165,4 +166,7 @@ void sepol_magisk_rules() { // Support deodexed ROM on Oreo sepol_allow("zygote", "dalvikcache_data_file", "file", "execute"); + + // Allow update engine to source addon.d.sh + sepol_allow("update_engine", "adb_data_file", "dir", ALL); } diff --git a/scripts/addon.d.sh b/scripts/addon.d.sh index dad3f448d..e37211eb1 100644 --- a/scripts/addon.d.sh +++ b/scripts/addon.d.sh @@ -1,4 +1,3 @@ -#!/sbin/sh ########################################################################################## # # Magisk Survival Script for ROMs with addon.d support @@ -8,8 +7,17 @@ # ########################################################################################## -. /tmp/backuptool.functions -[ -z $backuptool_ab ] && backuptool_ab=false +V1_FUNCS=/tmp/backuptool.functions +V2_FUNCS=/postinstall/system/bin/backuptool_ab.functions + +if [ -f $V1_FUNCS ]; then + . $V1_FUNCS + backuptool_ab=false +elif [ -f $V2_FUNCS ]; then + . $V2_FUNCS +else + return 1 +fi initialize() { # This path should work in any cases @@ -37,16 +45,14 @@ show_logo() { ui_print "************************" } -detection() { +installation() { find_boot_image find_dtbo_image [ -z $BOOTIMAGE ] && abort "! Unable to detect target image" ui_print "- Target image: $BOOTIMAGE" [ -z $DTBOIMAGE ] || ui_print "- DTBO image: $DTBOIMAGE" get_flags -} -installation() { remove_system_su [ -f $APK ] && eval $BOOTSIGNER -verify < $BOOTIMAGE && BOOTSIGNED=true @@ -87,7 +93,6 @@ main_v1() { recovery_actions show_logo mount_partitions - detection installation recovery_cleanup finalize @@ -99,7 +104,6 @@ main_v2() { mount_partitions # Swap the slot if [ ! -z $SLOT ]; then [ $SLOT = _a ] && SLOT=_b || SLOT=_a; fi - detection installation finalize } @@ -121,15 +125,23 @@ case "$1" in # Stub ;; post-restore) - initialize if $backuptool_ab; then - # addon.d-v2 - main_v2 + exec su -c "sh $0 addond-v2" else + initialize OUTFD= get_outfd # Run in background, hack for addon.d-v1 (main_v1) & fi ;; + addond-v2) + initialize + # Override ui_print + ui_print() { + log -t Magisk -- "$1" + } + # addon.d-v2 + main_v2 + ;; esac diff --git a/scripts/flash_script.sh b/scripts/flash_script.sh index 62362e92c..4af9266bc 100644 --- a/scripts/flash_script.sh +++ b/scripts/flash_script.sh @@ -92,10 +92,11 @@ chmod -R 755 $MAGISKBIN if [ -d /system/addon.d ]; then ui_print "- Adding addon.d survival script" mount -o rw,remount /system - echo "#!/sbin/sh" > /system/addon.d/99-magisk.sh - echo "# ADDOND_VERSION=2" >> /system/addon.d/99-magisk.sh - echo ". /data/adb/magisk/addon.d.sh" >> /system/addon.d/99-magisk.sh - chmod 755 /system/addon.d/99-magisk.sh + ADDOND=/system/addon.d/99-magisk.sh + echo '#!/sbin/sh' > $ADDOND + echo '# ADDOND_VERSION=2' >> $ADDOND + echo 'exec sh /data/adb/magisk/addon.d.sh "$@"' >> $ADDOND + chmod 755 $ADDOND fi $BOOTMODE || recovery_actions