Proper addon.d-v2 support

native/jni/magiskpolicy/rules.c

@@ -124,7 +124,7 @@ void sepol_magisk_rules() {
 	sepol_allow(SEPOL_PROC_DOMAIN, "kernel", "security", "read_policy");
 	sepol_allow(SEPOL_PROC_DOMAIN, "kernel", "security", "load_policy");
 
-	// Allow these client to access su
+	// Allow these processes to access MagiskSU
 	allowSuClient("init");
 	allowSuClient("shell");
 	allowSuClient("system_app");
@@ -133,6 +133,7 @@ void sepol_magisk_rules() {
 	allowSuClient("untrusted_app");
 	allowSuClient("untrusted_app_25");
 	allowSuClient("untrusted_app_27");
+	allowSuClient("update_engine");
 
 	// Some superuser stuffs
 	otherToSU();
@@ -165,4 +166,7 @@ void sepol_magisk_rules() {
 
 	// Support deodexed ROM on Oreo
 	sepol_allow("zygote", "dalvikcache_data_file", "file", "execute");
+
+	// Allow update engine to source addon.d.sh
+	sepol_allow("update_engine", "adb_data_file", "dir", ALL);
 }

scripts/addon.d.sh

@@ -1,4 +1,3 @@
-#!/sbin/sh
 ##########################################################################################
 #
 # Magisk Survival Script for ROMs with addon.d support
@@ -8,8 +7,17 @@
 #
 ##########################################################################################
 
-. /tmp/backuptool.functions
+V1_FUNCS=/tmp/backuptool.functions
-[ -z $backuptool_ab ] && backuptool_ab=false
+V2_FUNCS=/postinstall/system/bin/backuptool_ab.functions
+
+if [ -f $V1_FUNCS ]; then
+  . $V1_FUNCS
+  backuptool_ab=false
+elif [ -f $V2_FUNCS ]; then
+  . $V2_FUNCS
+else
+  return 1
+fi
 
 initialize() {
   # This path should work in any cases
@@ -37,16 +45,14 @@ show_logo() {
   ui_print "************************"
 }
 
-detection() {
+installation() {
   find_boot_image
   find_dtbo_image
   [ -z $BOOTIMAGE ] && abort "! Unable to detect target image"
   ui_print "- Target image: $BOOTIMAGE"
   [ -z $DTBOIMAGE ] || ui_print "- DTBO image: $DTBOIMAGE"
   get_flags
-}
 
-installation() {
   remove_system_su
 
   [ -f $APK ] && eval $BOOTSIGNER -verify < $BOOTIMAGE && BOOTSIGNED=true
@@ -87,7 +93,6 @@ main_v1() {
   recovery_actions
   show_logo
   mount_partitions
-  detection
   installation
   recovery_cleanup
   finalize
@@ -99,7 +104,6 @@ main_v2() {
   mount_partitions
   # Swap the slot
   if [ ! -z $SLOT ]; then [ $SLOT = _a ] && SLOT=_b || SLOT=_a; fi
-  detection
   installation
   finalize
 }
@@ -121,15 +125,23 @@ case "$1" in
     # Stub
   ;;
   post-restore)
-    initialize
     if $backuptool_ab; then
-      # addon.d-v2
+      exec su -c "sh $0 addond-v2"
-      main_v2
     else
+      initialize
       OUTFD=
       get_outfd
       # Run in background, hack for addon.d-v1
       (main_v1) &
     fi
   ;;
+  addond-v2)
+    initialize
+    # Override ui_print
+    ui_print() {
+      log -t Magisk -- "$1"
+    }
+    # addon.d-v2
+    main_v2
+  ;;
 esac

scripts/flash_script.sh

@@ -92,10 +92,11 @@ chmod -R 755 $MAGISKBIN
 if [ -d /system/addon.d ]; then
   ui_print "- Adding addon.d survival script"
   mount -o rw,remount /system
-  echo "#!/sbin/sh" > /system/addon.d/99-magisk.sh
+  ADDOND=/system/addon.d/99-magisk.sh
-  echo "# ADDOND_VERSION=2" >> /system/addon.d/99-magisk.sh
+  echo '#!/sbin/sh' > $ADDOND
-  echo ". /data/adb/magisk/addon.d.sh" >> /system/addon.d/99-magisk.sh
+  echo '# ADDOND_VERSION=2' >> $ADDOND
-  chmod 755 /system/addon.d/99-magisk.sh
+  echo 'exec sh /data/adb/magisk/addon.d.sh "$@"' >> $ADDOND
+  chmod 755 $ADDOND
 fi
 
 $BOOTMODE || recovery_actions