Update v25.1 docs

docs/changes.md

@@ -1,5 +1,14 @@
 # Magisk Changelog
 
+### v25.1
+
+- [MagiskBoot] Fix ramdisk backup being incorrectly skipped
+- [MagiskBoot] Add new feature to detect unsupported dtb and abort during installation
+- [Zygisk] Change binary hijack paths
+- [App] Fix incorrect recovery mode detection and installation
+- [MagiskInit] Fix config not properly exported in legacy SAR devices
+- [General] Enforce the Magisk app to always match or be newer than `magiskd`
+
 ### v25.0
 
 - [MagiskInit] Update 2SI implementation, significantly increase device compatibility (e.g. Sony Xperia devices)

docs/releases/25100.md

@@ -0,0 +1,25 @@
+## 2022.6.19 Magisk v25.1
+
+> v25.1 fixes some minor bugs over v25.0. The following are the same as v25.0 release notes.
+
+Another major release! A lot of the changes aren't visible at the surface, but v25 is actually a really substantial upgrade!
+
+### MagiskInit Rewrite
+
+A significant portion of `magiskinit` (the critical software that runs before your device boots up) is completely rewritten from scratch. Ever since Android introduced [Project Treble](https://android-developers.googleblog.com/2017/05/here-comes-treble-modular-base-for.html) in Android 8.0, Magisk has been constantly fighting against the increasingly complex partitioning and early mount setups of all kinds of devices, sometimes with weird OEM specific implementations. It got to a point that `magiskinit` had become so complicated that few people (including myself!) were aware of every detail, and maintaining this piece of software like this was clearly not sustainable. After many months of planning (yes, this whole re-architecture has been in my head for a long time) and some help from external contributors, a whole new `sepolicy` injection mechanism is introduced into Magisk, solving the "SELinux Problem" once and for all.
+
+Since this is a full paradigm shift on how Magisk hot-patch the device at boot, several behaviors that many developers implicitly relied on might not exist. For example, Magisk no longer patches fstabs in most scenarios, which means AVB will remain intact; some custom kernels rely on AVB being stripped out for them by Magisk.
+
+### MagiskSU Security Enhancements
+
+The superuser functionality of Magisk has not seen much changes ever since its introduction. v25 focuses on making root permission management more accurate and secure:
+
+- Add a whole new package tracking system to ensure malicious UID reuse attack cannot be performed
+- Properly support and implement the UX in the Magisk app for packages using `sharedUserId`
+- Enforce root manager APK signature verification to combat the rampant unofficial Magisk app "mods"
+
+Many might not realize, but using a trusted, unmodified Magisk app is really important. Magisk's root daemon treats the Magisk app differently and gives it blanket root access without any restrictions. A modded Magisk app can potentially backdoor your device.
+
+And in case some of you are about to put on your tin foil hats, this is not designed to "vendor lock-in"; the goal is to make sure your root management app comes from the same developer of the underlying root implementation. Magisk's build system allows custom distributors to use its own signing keys, and in addition, I am also providing official debug builds which skips any signature verification for development.
+
+### Full Changelog: [here](https://topjohnwu.github.io/Magisk/changes.html)

docs/releases/index.md

@@ -1,5 +1,6 @@
 # Release Notes
 
+- [v25.1](25100.md)
 - [v25.0](25000.md)
 - [v24.3](24300.md)
 - [v24.2](24200.md)

docs/tools.md

@@ -25,30 +25,38 @@ Usage: ./magiskboot <action> [args...]
 
 Supported actions:
   unpack [-n] [-h] <bootimg>
-    Unpack <bootimg> to, if available, kernel, kernel_dtb, ramdisk.cpio,
-    second, dtb, extra, and recovery_dtbo into current directory.
-    If '-n' is provided, it will not attempt to decompress kernel or
-    ramdisk.cpio from their original formats.
-    If '-h' is provided, it will dump header info to 'header',
-    which will be parsed when repacking.
+    Unpack <bootimg> to its individual components, each component to
+    a file with its corresponding file name in the current directory.
+    Supported components: kernel, kernel_dtb, ramdisk.cpio, second,
+    dtb, extra, and recovery_dtbo.
+    By default, each component will be automatically decompressed
+    on-the-fly before writing to the output file.
+    If '-n' is provided, all decompression operations will be skipped;
+    each component will remain untouched, dumped in its original format.
+    If '-h' is provided, the boot image header information will be
+    dumped to the file 'header', which can be used to modify header
+    configurations during repacking.
     Return values:
     0:valid    1:error    2:chromeos
 
   repack [-n] <origbootimg> [outbootimg]
-    Repack boot image components from current directory
-    to [outbootimg], or new-boot.img if not specified.
-    If '-n' is provided, it will not attempt to recompress ramdisk.cpio,
-    otherwise it will compress ramdisk.cpio and kernel with the same format
-    as in <origbootimg> if the file provided is not already compressed.
-    If env variable PATCHVBMETAFLAG is set to true, all disable flags will
-    be set in the vbmeta header.
+    Repack boot image components using files from the current directory
+    to [outbootimg], or 'new-boot.img' if not specified.
+    <origbootimg> is the original boot image used to unpack the components.
+    By default, each component will be automatically compressed using its
+    corresponding format detected in <origbootimg>. If a component file
+    in the current directory is already compressed, then no addition
+    compression will be performed for that specific component.
+    If '-n' is provided, all compression operations will be skipped.
+    If env variable PATCHVBMETAFLAG is set to true, all disable flags in
+    the boot image's vbmeta header will be set.
 
   hexpatch <file> <hexpattern1> <hexpattern2>
-    Search <hexpattern1> in <file>, and replace with <hexpattern2>
+    Search <hexpattern1> in <file>, and replace it with <hexpattern2>
 
   cpio <incpio> [commands...]
     Do cpio commands to <incpio> (modifications are done in-place)
-    Each command is a single argument, add quotes for each command
+    Each command is a single argument, add quotes for each command.
     Supported commands:
       exists ENTRY
         Return 0 if ENTRY exists, else return 1
@@ -65,7 +73,7 @@ Supported actions:
       extract [ENTRY OUT]
         Extract ENTRY to OUT, or extract all entries to current directory
       test
-        Test the current cpio's status
+        Test the cpio's status
         Return value is 0 or bitwise or-ed of following values:
         0x1:Magisk    0x2:unsupported    0x4:Sony
       patch
@@ -78,8 +86,8 @@ Supported actions:
       sha1
         Print stock boot SHA1 if previously backed up in ramdisk
 
-  dtb <input> <action> [args...]
-    Do dtb related actions to <input>
+  dtb <file> <action> [args...]
+    Do dtb related actions to <file>
     Supported actions:
       print [-f]
         Print all contents of dtb for debugging
@@ -88,8 +96,12 @@ Supported actions:
         Search for fstab and remove verity/avb
         Modifications are done directly to the file in-place
         Configure with env variables: KEEPVERITY
+      test
+        Test the fstab's status
+        Return values:
+        0:valid    1:error
 
-  split <input>
+  split <file>
     Split image.*-dtb into kernel + kernel_dtb
 
   sha1 <file>
@@ -99,14 +111,19 @@ Supported actions:
     Cleanup the current working directory
 
   compress[=format] <infile> [outfile]
-    Compress <infile> with [format] (default: gzip), optionally to [outfile]
-    <infile>/[outfile] can be '-' to be STDIN/STDOUT
-    Supported formats: gzip zopfli xz lzma bzip2 lz4 lz4_legacy lz4_lg
+    Compress <infile> with [format] to [outfile].
+    <infile>/[outfile] can be '-' to be STDIN/STDOUT.
+    If [format] is not specified, then gzip will be used.
+    If [outfile] is not specified, then <infile> will be replaced
+    with another file suffixed with a matching file extension.
+    Supported formats: gzip zopfli xz lzma bzip2 lz4 lz4_legacy lz4_lg 
 
   decompress <infile> [outfile]
-    Detect format and decompress <infile>, optionally to [outfile]
-    <infile>/[outfile] can be '-' to be STDIN/STDOUT
-    Supported formats: gzip zopfli xz lzma bzip2 lz4 lz4_legacy lz4_lg
+    Detect format and decompress <infile> to [outfile].
+    <infile>/[outfile] can be '-' to be STDIN/STDOUT.
+    If [outfile] is not specified, then <infile> will be replaced
+    with another file removing its archive format file extension.
+    Supported formats: gzip zopfli xz lzma bzip2 lz4 lz4_legacy lz4_lg 
 ```
 
 ### magiskinit
@@ -211,9 +228,8 @@ Options:
 Advanced Options (Internal APIs):
    --daemon                  manually start magisk daemon
    --stop                    remove all magisk changes and stop daemon
-   --[init trigger]          start service for init trigger
-                             Supported init triggers:
-                             post-fs-data, service, boot-complete
+   --[init trigger]          callback on init triggers. Valid triggers:
+                             post-fs-data, service, boot-complete, zygote-restart
    --unlock-blocks           set BLKROSET flag to OFF for all block devices
    --restorecon              restore selinux context on Magisk files
    --clone-attr SRC DEST     clone permission, owner, and selinux context