mirror of
https://github.com/topjohnwu/Magisk.git
synced 2024-11-27 20:15:29 +00:00
Start Magisk in SAR
This commit is contained in:
parent
a462435f2f
commit
e29b712108
@ -381,6 +381,11 @@ static bool magisk_env() {
|
|||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
});
|
});
|
||||||
|
if (access(MIRRMNT(system), F_OK) != 0 && access(MIRRMNT(system_root), F_OK) == 0) {
|
||||||
|
// Pre-init mirrors
|
||||||
|
xsymlink(MIRRMNT(system_root) "/system", MIRRMNT(system));
|
||||||
|
VLOGI("link", MIRRMNT(system_root) "/system", MIRRMNT(system));
|
||||||
|
}
|
||||||
if (access(MIRRMNT(vendor), F_OK) != 0) {
|
if (access(MIRRMNT(vendor), F_OK) != 0) {
|
||||||
xsymlink(MIRRMNT(system) "/vendor", MIRRMNT(vendor));
|
xsymlink(MIRRMNT(system) "/vendor", MIRRMNT(vendor));
|
||||||
VLOGI("link", MIRRMNT(system) "/vendor", MIRRMNT(vendor));
|
VLOGI("link", MIRRMNT(system) "/vendor", MIRRMNT(vendor));
|
||||||
@ -606,13 +611,13 @@ void post_fs_data(int client) {
|
|||||||
|
|
||||||
prepare_modules();
|
prepare_modules();
|
||||||
|
|
||||||
|
restorecon();
|
||||||
|
chmod(SECURE_DIR, 0700);
|
||||||
|
|
||||||
// Core only mode
|
// Core only mode
|
||||||
if (access(DISABLEFILE, F_OK) == 0)
|
if (access(DISABLEFILE, F_OK) == 0)
|
||||||
core_only();
|
core_only();
|
||||||
|
|
||||||
restorecon();
|
|
||||||
chmod(SECURE_DIR, 0700);
|
|
||||||
|
|
||||||
collect_modules();
|
collect_modules();
|
||||||
|
|
||||||
// Execute module scripts
|
// Execute module scripts
|
||||||
|
@ -108,6 +108,12 @@ static void main_daemon() {
|
|||||||
setcon("u:r:" SEPOL_PROC_DOMAIN ":s0");
|
setcon("u:r:" SEPOL_PROC_DOMAIN ":s0");
|
||||||
restore_rootcon();
|
restore_rootcon();
|
||||||
|
|
||||||
|
// Unmount pre-init patches
|
||||||
|
umount2("/init", MNT_DETACH);
|
||||||
|
umount2("/init.rc", MNT_DETACH);
|
||||||
|
umount2("/system/lib/libselinux.so", MNT_DETACH);
|
||||||
|
umount2("/system/lib64/libselinux.so", MNT_DETACH);
|
||||||
|
|
||||||
int fd = xopen("/dev/null", O_RDWR | O_CLOEXEC);
|
int fd = xopen("/dev/null", O_RDWR | O_CLOEXEC);
|
||||||
xdup2(fd, STDOUT_FILENO);
|
xdup2(fd, STDOUT_FILENO);
|
||||||
xdup2(fd, STDERR_FILENO);
|
xdup2(fd, STDERR_FILENO);
|
||||||
|
@ -33,11 +33,34 @@ static void patch_socket_name(const char *path) {
|
|||||||
munmap(buf, size);
|
munmap(buf, size);
|
||||||
}
|
}
|
||||||
|
|
||||||
constexpr const char wrapper[] =
|
static void patch_init_rc(FILE *rc) {
|
||||||
"#!/system/bin/sh\n"
|
file_readline("/init.rc", [&](string_view line) -> bool {
|
||||||
"export LD_LIBRARY_PATH=\"$LD_LIBRARY_PATH:/apex/com.android.runtime/" LIBNAME "\"\n"
|
// Do not start vaultkeeper
|
||||||
"exec /sbin/magisk.bin \"$0\" \"$@\"\n"
|
if (str_contains(line, "start vaultkeeper")) {
|
||||||
;
|
LOGD("Remove vaultkeeper\n");
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
// Do not run flash_recovery
|
||||||
|
if (str_starts(line, "service flash_recovery")) {
|
||||||
|
LOGD("Remove flash_recovery\n");
|
||||||
|
fprintf(rc, "service flash_recovery /system/bin/xxxxx\n");
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
// Else just write the line
|
||||||
|
fprintf(rc, "%s", line.data());
|
||||||
|
return true;
|
||||||
|
});
|
||||||
|
char pfd_svc[8], ls_svc[8], bc_svc[8];
|
||||||
|
// Make sure to be unique
|
||||||
|
pfd_svc[0] = 'a';
|
||||||
|
ls_svc[0] = '0';
|
||||||
|
bc_svc[0] = 'A';
|
||||||
|
gen_rand_str(pfd_svc + 1, sizeof(pfd_svc) - 1);
|
||||||
|
gen_rand_str(ls_svc + 1, sizeof(ls_svc) - 1);
|
||||||
|
gen_rand_str(bc_svc + 1, sizeof(bc_svc) - 1);
|
||||||
|
LOGD("Inject magisk services: [%s] [%s] [%s]\n", pfd_svc, ls_svc, bc_svc);
|
||||||
|
fprintf(rc, magiskrc, pfd_svc, pfd_svc, ls_svc, bc_svc, bc_svc);
|
||||||
|
}
|
||||||
|
|
||||||
void RootFSInit::setup_rootfs() {
|
void RootFSInit::setup_rootfs() {
|
||||||
if (patch_sepolicy()) {
|
if (patch_sepolicy()) {
|
||||||
@ -66,39 +89,11 @@ void RootFSInit::setup_rootfs() {
|
|||||||
|
|
||||||
// Patch init.rc
|
// Patch init.rc
|
||||||
FILE *rc = xfopen("/init.p.rc", "we");
|
FILE *rc = xfopen("/init.p.rc", "we");
|
||||||
file_readline("/init.rc", [&](auto line) -> bool {
|
patch_init_rc(rc);
|
||||||
// Do not start vaultkeeper
|
|
||||||
if (str_contains(line, "start vaultkeeper")) {
|
|
||||||
LOGD("Remove vaultkeeper\n");
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
// Do not run flash_recovery
|
|
||||||
if (str_starts(line, "service flash_recovery")) {
|
|
||||||
LOGD("Remove flash_recovery\n");
|
|
||||||
fprintf(rc, "service flash_recovery /system/bin/xxxxx\n");
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
// Else just write the line
|
|
||||||
fprintf(rc, "%s", line.data());
|
|
||||||
return true;
|
|
||||||
});
|
|
||||||
char pfd_svc[8], ls_svc[8], bc_svc[8];
|
|
||||||
// Make sure to be unique
|
|
||||||
pfd_svc[0] = 'a';
|
|
||||||
ls_svc[0] = '0';
|
|
||||||
bc_svc[0] = 'A';
|
|
||||||
gen_rand_str(pfd_svc + 1, sizeof(pfd_svc) - 1);
|
|
||||||
gen_rand_str(ls_svc + 1, sizeof(ls_svc) - 1);
|
|
||||||
gen_rand_str(bc_svc + 1, sizeof(bc_svc) - 1);
|
|
||||||
LOGD("Inject magisk services: [%s] [%s] [%s]\n", pfd_svc, ls_svc, bc_svc);
|
|
||||||
fprintf(rc, magiskrc, pfd_svc, pfd_svc, ls_svc, bc_svc, bc_svc);
|
|
||||||
fclose(rc);
|
fclose(rc);
|
||||||
clone_attr("/init.rc", "/init.p.rc");
|
clone_attr("/init.rc", "/init.p.rc");
|
||||||
rename("/init.p.rc", "/init.rc");
|
rename("/init.p.rc", "/init.rc");
|
||||||
|
|
||||||
// Don't let init run in init yet
|
|
||||||
lsetfilecon("/init", "u:object_r:rootfs:s0");
|
|
||||||
|
|
||||||
// Create hardlink mirror of /sbin to /root
|
// Create hardlink mirror of /sbin to /root
|
||||||
mkdir("/root", 0750);
|
mkdir("/root", 0750);
|
||||||
clone_attr("/sbin", "/root");
|
clone_attr("/sbin", "/root");
|
||||||
@ -156,6 +151,12 @@ bool MagiskInit::patch_sepolicy(const char *file) {
|
|||||||
return patch_init;
|
return patch_init;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
constexpr const char wrapper[] =
|
||||||
|
"#!/system/bin/sh\n"
|
||||||
|
"export LD_LIBRARY_PATH=\"$LD_LIBRARY_PATH:/apex/com.android.runtime/" LIBNAME "\"\n"
|
||||||
|
"exec /sbin/magisk.bin \"$0\" \"$@\"\n"
|
||||||
|
;
|
||||||
|
|
||||||
static void sbin_overlay(const raw_data &self, const raw_data &config) {
|
static void sbin_overlay(const raw_data &self, const raw_data &config) {
|
||||||
LOGD("Mount /sbin tmpfs overlay\n");
|
LOGD("Mount /sbin tmpfs overlay\n");
|
||||||
xmount("tmpfs", "/sbin", "tmpfs", 0, "mode=755");
|
xmount("tmpfs", "/sbin", "tmpfs", 0, "mode=755");
|
||||||
@ -236,7 +237,10 @@ void SARInit::patch_rootdir() {
|
|||||||
close(src);
|
close(src);
|
||||||
close(dest);
|
close(dest);
|
||||||
|
|
||||||
// Customize rootdir
|
/* ******************
|
||||||
|
* Customize rootdir
|
||||||
|
* ******************/
|
||||||
|
|
||||||
char *addr;
|
char *addr;
|
||||||
size_t size;
|
size_t size;
|
||||||
file_attr attr;
|
file_attr attr;
|
||||||
@ -288,6 +292,12 @@ void SARInit::patch_rootdir() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
patch_sepolicy(PATCHPOLICY);
|
patch_sepolicy(PATCHPOLICY);
|
||||||
|
|
||||||
|
FILE *rc = xfopen(ROOTOVERLAY "/init.rc", "we");
|
||||||
|
patch_init_rc(rc);
|
||||||
|
fclose(rc);
|
||||||
|
clone_attr("/init.rc", ROOTOVERLAY "/init.rc");
|
||||||
|
xmount(ROOTOVERLAY "/init.rc", "/init.rc", nullptr, MS_BIND, nullptr);
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef MAGISK_DEBUG
|
#ifdef MAGISK_DEBUG
|
||||||
|
@ -48,6 +48,9 @@ void sepol_magisk_rules() {
|
|||||||
sepol_attradd(SEPOL_PROC_DOMAIN, "bluetoothdomain");
|
sepol_attradd(SEPOL_PROC_DOMAIN, "bluetoothdomain");
|
||||||
sepol_attradd(SEPOL_FILE_DOMAIN, "mlstrustedobject");
|
sepol_attradd(SEPOL_FILE_DOMAIN, "mlstrustedobject");
|
||||||
|
|
||||||
|
// Let everyone access tmpfs files (for SAR sbin overlay)
|
||||||
|
sepol_allow(ALL, "tmpfs", "file", ALL);
|
||||||
|
|
||||||
// Let init transit to SEPOL_PROC_DOMAIN
|
// Let init transit to SEPOL_PROC_DOMAIN
|
||||||
sepol_allow("kernel", "kernel", "process", "setcurrent");
|
sepol_allow("kernel", "kernel", "process", "setcurrent");
|
||||||
sepol_allow("kernel", SEPOL_PROC_DOMAIN, "process", "dyntransition");
|
sepol_allow("kernel", SEPOL_PROC_DOMAIN, "process", "dyntransition");
|
||||||
|
@ -227,6 +227,10 @@ void restorecon() {
|
|||||||
|
|
||||||
void restore_rootcon() {
|
void restore_rootcon() {
|
||||||
setfilecon("/sbin", ROOT_CON);
|
setfilecon("/sbin", ROOT_CON);
|
||||||
|
setfilecon(MAGISKTMP, ROOT_CON);
|
||||||
|
setfilecon(MIRRDIR, ROOT_CON);
|
||||||
|
setfilecon(BLOCKDIR, ROOT_CON);
|
||||||
|
|
||||||
struct dirent *entry;
|
struct dirent *entry;
|
||||||
DIR *dir = xopendir("/sbin");
|
DIR *dir = xopendir("/sbin");
|
||||||
int dfd = dirfd(dir);
|
int dfd = dirfd(dir);
|
||||||
|
@ -166,6 +166,7 @@ find_block() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
mount_part() {
|
mount_part() {
|
||||||
|
$BOOTMODE && return
|
||||||
local PART=$1
|
local PART=$1
|
||||||
local POINT=/${PART}
|
local POINT=/${PART}
|
||||||
[ -L $POINT ] && rm -f $POINT
|
[ -L $POINT ] && rm -f $POINT
|
||||||
|
Loading…
Reference in New Issue
Block a user