Update to release v7

This commit is contained in:
topjohnwu 2016-10-03 04:34:50 +08:00
parent 88a97319cc
commit e4ace49536
14 changed files with 343 additions and 488 deletions

@ -1 +1 @@
Subproject commit c69db035ee32e34256c3cd8562e28bc4f5fba2db
Subproject commit 3a0df56605bc9226b4c989979c1d4e9a8a565ad4

View File

@ -8,19 +8,12 @@
#
##########################################################################################
TMPDIR=/tmp
if [ -z "$BOOTMODE" ]; then
BOOTMODE=false
fi
mount -o rw,remount rootfs /
mkdir /magisk 2>/dev/null
if ($BOOTMODE); then
TMPDIR=/data/tmp
mount -o ro,remount rootfs /
fi
TMPDIR=/tmp
($BOOTMODE) && TMPDIR=/dev/tmp
INSTALLER=$TMPDIR/magisk
@ -87,6 +80,11 @@ find_boot_image() {
if [ ! -z "$BOOTIMAGE" ]; then break; fi
done
fi
if [ -z "$BOOTIMAGE" ]; then
FSTAB="/etc/recovery.fstab"
[ ! -f "$FSTAB" ] && FSTAB="/etc/recovery.fstab.bak"
BOOTIMAGE=$(grep -E '\b/boot\b' "$FSTAB" | grep -oE '/dev/[a-zA-Z0-9_./-]*')
fi
}
is_mounted() {
@ -98,6 +96,40 @@ is_mounted() {
return $?
}
mount_image() {
if [ ! -d "$2" ]; then
mount -o rw,remount rootfs /
mkdir -p $2 2>/dev/null
($BOOTMODE) && mount -o ro,remount rootfs /
[ ! -d "$2" ] && return 1
fi
if (! is_mounted $2); then
LOOPDEVICE=
for LOOP in 0 1 2 3 4 5 6 7; do
if (! is_mounted $2); then
LOOPDEVICE=/dev/block/loop$LOOP
if [ ! -f "$LOOPDEVICE" ]; then
mknod $LOOPDEVICE b 7 $LOOP
fi
losetup $LOOPDEVICE $1
if [ "$?" -eq "0" ]; then
mount -t ext4 -o loop $LOOPDEVICE $2
if (! is_mounted $2); then
/system/bin/toolbox mount -t ext4 -o loop $LOOPDEVICE $2
fi
if (! is_mounted $2); then
/system/bin/toybox mount -t ext4 -o loop $LOOPDEVICE $2
fi
fi
if (is_mounted $2); then
ui_print "- Mounting $1 to $2"
break;
fi
fi
done
fi
}
grep_prop() {
REGEX="s/^$1=//p"
shift
@ -108,6 +140,22 @@ grep_prop() {
cat $FILES 2>/dev/null | sed -n $REGEX | head -n 1
}
unpack_boot() {
rm -rf $UNPACKDIR $RAMDISK 2>/dev/null
mkdir -p $UNPACKDIR
mkdir -p $RAMDISK
cd $UNPACKDIR
$BINDIR/bootimgtools --extract $1
find $TMPDIR/boottmp -type d -exec chmod 755 {} \;
find $TMPDIR/boottmp -type f -exec chmod 644 {} \;
chmod 755 $(find $TMPDIR/boottmp -type d)
chmod 644 $(find $TMPDIR/boottmp -type f)
cd $RAMDISK
gunzip -c < $UNPACKDIR/ramdisk.gz | cpio -i
}
repack_boot() {
cd $RAMDISK
find . | cpio -o -H newc 2>/dev/null | gzip -9 > $UNPACKDIR/ramdisk.gz
@ -190,7 +238,7 @@ if [ -z "$NOOVERRIDE" ]; then
# read override variables
getvar KEEPVERITY
getvar KEEPFORCEENCRYPT
getvar KEEPSUPERSU
getvar NORESTORE
fi
if [ -z "$KEEPVERITY" ]; then
@ -201,9 +249,9 @@ if [ -z "$KEEPFORCEENCRYPT" ]; then
# we don't keep forceencrypt by default
KEEPFORCEENCRYPT=false
fi
if [ -z "$KEEPSUPERSU" ]; then
# we don't keep SuperSU by default
KEEPSUPERSU=false
if [ -z "$NORESTORE" ]; then
# we don't keep ramdisk by default
NORESTORE=false
fi
SAMSUNG=false
@ -212,10 +260,34 @@ if [ $? -eq 0 ]; then
SAMSUNG=true
fi
##########################################################################################
# Environment
##########################################################################################
ui_print "- Constructing environment"
if (is_mounted /data); then
rm -rf /data/busybox /data/magisk 2>/dev/null
mkdir -p /data/busybox
cp -af $BINDIR /data/magisk
chmod 755 /data/busybox /data/magisk /data/magisk/*
chcon 'u:object_r:system_file:s0' /data/busybox /data/magisk /data/magisk/*
/data/magisk/busybox --install -s /data/busybox
# Prevent issues
rm -f /data/busybox/su /data/busybox/sh
else
rm -rf /cache/data_bin 2>/dev/null
mkdir -p /cache/data_bin
cp -af $BINDIR /cache/data_bin
fi
##########################################################################################
# Image
##########################################################################################
# Fix SuperSU.....
($BOOTMODE) && /data/magisk/sepolicy-inject -s fsck --live
if (is_mounted /data); then
IMG=/data/magisk.img
else
@ -230,55 +302,12 @@ else
make_ext4fs -l 64M -a /magisk -S $INSTALLER/common/file_contexts_image $IMG
fi
mount_image $IMG /magisk
if (! is_mounted /magisk); then
ui_print "- Mounting $IMG to /magisk"
LOOPDEVICE=
for LOOP in 0 1 2 3 4 5 6 7; do
if (! is_mounted /magisk); then
LOOPDEVICE=/dev/block/loop$LOOP
if [ ! -f "$LOOPDEVICE" ]; then
mknod $LOOPDEVICE b 7 $LOOP
fi
losetup $LOOPDEVICE $IMG
if [ "$?" -eq "0" ]; then
mount -t ext4 -o loop $LOOPDEVICE /magisk
if (! is_mounted /magisk); then
/system/bin/toolbox mount -t ext4 -o loop $LOOPDEVICE /magisk
fi
if (! is_mounted /magisk); then
/system/bin/toybox mount -t ext4 -o loop $LOOPDEVICE /magisk
fi
fi
if (is_mounted /magisk); then
break;
fi
fi
done
fi
rm -rf $COREDIR/bin 2>/dev/null
##########################################################################################
# Environment
##########################################################################################
ui_print "- Constructing environment"
if (is_mounted /data); then
rm -rf /data/busybox /data/magisk
mkdir -p /data/busybox
mkdir -p /data/magisk
cp -af $BINDIR/busybox $BINDIR/su $BINDIR/sepolicy-inject /data/magisk
chmod 755 /data/busybox /data/magisk /data/magisk/*
chcon 'u:object_r:system_file:s0' /data/busybox /data/magisk /data/magisk/*
/data/magisk/busybox --install -s /data/busybox
# Prevent issues
rm -f /data/busybox/su /data/busybox/sh
else
rm -rf /cache/data_bin
mkdir -p /cache/data_bin
cp -af $BINDIR/busybox $BINDIR/su $BINDIR/sepolicy-inject /cache/data_bin
ui_print "! Image mount failed... abort"
exit 1
fi
MAGISKLOOP=$LOOPDEVICE
##########################################################################################
# Boot image patch
@ -294,8 +323,6 @@ ORIGBOOT=$TMPDIR/boottmp/boot.img
NEWBOOT=$TMPDIR/boottmp/new-boot.img
UNPACKDIR=$TMPDIR/boottmp/bootunpack
RAMDISK=$TMPDIR/boottmp/ramdisk
mkdir -p $UNPACKDIR
mkdir -p $RAMDISK
chmod 777 $CHROMEDIR/futility $BINDIR/*
@ -303,45 +330,87 @@ ui_print "- Dumping boot image"
dd if=$BOOTIMAGE of=$ORIGBOOT
ui_print "- Unpacking boot image"
cd $UNPACKDIR
$BINDIR/bootimgtools --extract $ORIGBOOT
unpack_boot $ORIGBOOT
chmod 755 $(find $TMPDIR/boottmp -type d)
chmod 644 $(find $TMPDIR/boottmp -type f)
SUPERSU=false
cd $RAMDISK
gunzip -c < $UNPACKDIR/ramdisk.gz | cpio -i
if [ -f "supersu" ]; then
KEEPSUPERSU=true
fi
if (! $KEEPSUPERSU); then
if (! $NORESTORE); then
# Backups
if [ -d ".backup" ]; then
ui_print "- Reverting ramdisk backup"
ui_print "- Restoring ramdisk with backup"
cp -af .backup/* .
rm -rf magisk init.magisk.rc sbin/magic_mask.sh sbin/magisk_wrapper.sh 2>/dev/null
else
if [ -d "magisk" -o -d "su" ]; then
cp -af /data/stock_boot*.gz /data/stock_boot.img.gz 2>/dev/null
gzip -d /data/stock_boot.img.gz 2>/dev/null
if [ -f "/data/stock_boot.img" ]; then
ui_print "- Using boot image backup"
cp -af /data/stock_boot.img $ORIGBOOT
rm -rf $RAMDISK $TMPDIR
mkdir -p $UNPACKDIR
mkdir -p $RAMDISK
if [ -f "sbin/launch_daemonsu.sh" ]; then
SUPERSU=true
# Save it for helper module
cp -af sbin/launch_daemonsu.sh $INSTALLER/roothelper/launch_daemonsu.sh
fi
# Non-standard boot image restores
if ($SUPERSU); then
ui_print "- SuperSU patched boot detected"
# Restore with SuperSU's backup
MOUNTSU=false
(! is_mounted /su) && (is_mounted /data) && mount_image /data/su.img /su && MOUNTSU=true
if (is_mounted /su); then
# Use sukernel's built-in functions
ui_print "- Using sukernel to restore boot image"
cd $UNPACKDIR
$BINDIR/bootimgtools --extract $ORIGBOOT
cd $RAMDISK
gunzip -c < $UNPACKDIR/ramdisk.gz | cpio -i
gunzip -c < $UNPACKDIR/ramdisk.gz > suramdisk
/su/bin/sukernel --restore suramdisk /data/stock_boot.img
if [ "$?" -ne "0" ]; then
# No boot backup found, use ramdisk backup
ui_print "- Restoring ramdisk with backup"
/su/bin/sukernel --cpio-restore suramdisk suramdisk
rm -rf $RAMDISK
mkdir -p $RAMDISK
cd $RAMDISK
cpio -i < $UNPACKDIR/suramdisk
rm -f $UNPACKDIR/suramdisk
else
ui_print "- Restoring boot image with backup"
cp -af /data/stock_boot.img $ORIGBOOT
unpack_boot $ORIGBOOT
fi
if ($MOUNTSU); then
ui_print "- Unmounting su.img"
umount /su
losetup -d $LOOPDEVICE
fi
else
ui_print "! No backups found"
ui_print "! Installer will still proceed, but might cause issues"
ui_print "! If possible, please restore to stock boot then flash Magisk again"
# Force removing SuperSU parts
rm -rf su init.supersu.rc sbin/launch_daemonsu.sh 2>/dev/null
# Find the boot backup ourselves
ui_print "! su.img mount failed... find the backup ourselves"
cp -af /data/stock_boot_*.gz /data/stock_boot.img.gz 2>/dev/null
gzip -d /data/stock_boot.img.gz 2>/dev/null
rm -rf /data/stock_boot.img.gz 2>/dev/null
if [ -f "/data/stock_boot.img" ]; then
ui_print "- Restoring boot image with backup"
cp -af /data/stock_boot.img $ORIGBOOT
unpack_boot $ORIGBOOT
else
ui_print "! No backups found"
ui_print "! Installer will still proceed, but might cause issues"
ui_print "! If possible, please restore to stock boot then flash Magisk again"
# Force removing SuperSU parts
rm -rf su init.supersu.rc sbin/launch_daemonsu.sh 2>/dev/null
fi
fi
else
# Magisk's own situation
if [ -d "magisk" ]; then
cp -af /data/stock_boot_*.gz /data/stock_boot.img.gz 2>/dev/null
gzip -d /data/stock_boot.img.gz 2>/dev/null
if [ -f "/data/stock_boot.img" ]; then
ui_print "- Restoring boot image with backup"
cp -af /data/stock_boot.img $ORIGBOOT
unpack_boot $ORIGBOOT
else
ui_print "! No backups found"
ui_print "! Installer will still proceed, but might cause issues"
ui_print "! If possible, please restore to stock boot then flash Magisk again"
# Removing other boot image modifications
rm -rf sbin/su init.xposed.rc sbin/mount_xposed.sh 2>/dev/null
fi
fi
fi
ui_print "- Creating backups"
@ -355,6 +424,10 @@ if (! $KEEPSUPERSU); then
fi
fi
ui_print "- Installing root helper module"
cp -af $INSTALLER/roothelper /magisk/00roothelper
chmod 755 /magisk/00roothelper/post-fs-data.sh
# Patch ramdisk
ui_print "- Patching ramdisk"
@ -362,65 +435,29 @@ if [ $(grep -c "import /init.magisk.rc" init.rc) -eq "0" ]; then
sed -i "/import \/init\.environ\.rc/iimport /init.magisk.rc" init.rc
fi
if (! $KEEPSUPERSU); then
sed -i "/selinux.reload_policy/d" init.rc
find . -type f -name "*fstab*" 2>/dev/null | while read FSTAB ; do
if (! $KEEPVERITY); then
sed -i "s/,support_scfs//g" $FSTAB
sed -i 's;,\{0,1\}verify\(=[^,]*\)\{0,1\};;g' $FSTAB
fi
if (! $KEEPFORCEENCRYPT); then
sed -i "s/forceencrypt/encryptable/g" $FSTAB
sed -i "s/forcefdeorfbe/encryptable/g" $FSTAB
fi
done
rm verity_key 2>/dev/null
# sepolicy patches
# LD_LIBRARY_PATH=$BINDIR $BINDIR/supolicy --file sepolicy sepolicy.patched
# mv -f sepolicy.patched sepolicy
. $INSTALLER/common/supatch.sh
allow su_daemon "rootfs proc init system_file" "file dir lnk_file" "*"
allow init su_daemon unix_stream_socket connectto
allow su_daemon shell_exec file getattr
allow su_daemon tmpfs dir "*"
allow su_daemon selinuxfs file "read open write"
allow su_daemon kernel security "read_policy load_policy"
allow su_daemon toolbox_exec file "*"
allow kernel su fd use
allow init "rootfs system_file" file "*"
if $BINDIR/sepolicy-inject -e -s toolbox -P sepolicy; then
allow toolbox property_socket sock_file write
allow toolbox init unix_stream_socket connectto
allow toolbox init fifo_file "*"
allow toolbox default_prop property_service "*"
allow toolbox device dir "*"
sed -i "/selinux.reload_policy/d" init.rc
find . -type f -name "*fstab*" 2>/dev/null | while read FSTAB ; do
if (! $KEEPVERITY); then
sed -i "s/,support_scfs//g" $FSTAB
sed -i 's;,\{0,1\}verify\(=[^,]*\)\{0,1\};;g' $FSTAB
fi
# Just in case
$BINDIR/sepolicy-inject -Z init -P sepolicy
$BINDIR/sepolicy-inject -Z toolbox -P sepolicy
$BINDIR/sepolicy-inject -Z su_daemon -P sepolicy
# Fix Xposed
allow zygote app_data_file "dir file" "*"
allow zygote input_device "dir chr_file" "*"
allow untrusted_app untrusted_app capability setgid
allow "system_server system_app" "app_data_file" "file dir" "*"
fi
if (! $KEEPFORCEENCRYPT); then
sed -i "s/forceencrypt/encryptable/g" $FSTAB
sed -i "s/forcefdeorfbe/encryptable/g" $FSTAB
fi
done
rm verity_key 2>/dev/null
# sepolicy patches
$BINDIR/sepolicy-inject --magisk -P sepolicy
# Add new items
mkdir -p magisk 2>/dev/null
cp -af $INSTALLER/common/init.magisk.rc init.magisk.rc
cp -af $INSTALLER/common/magic_mask.sh sbin/magic_mask.sh
cp -af $INSTALLER/common/magisk_wrapper.sh sbin/magisk_wrapper.sh
if (! $KEEPSUPERSU); then
cp -af $BINDIR/su $BINDIR/sepolicy-inject magisk
else
touch supersu
fi
chmod 0755 magisk magisk/*
chmod 0750 init.magisk.rc sbin/magic_mask.sh sbin/magisk_wrapper.sh
chmod 0755 magisk
chmod 0750 init.magisk.rc sbin/magic_mask.sh
ui_print "- Repacking boot image"
repack_boot
@ -429,14 +466,8 @@ ORIGSIZE=$(ls -l $ORIGBOOT | awk '{print $5}')
NEWSIZE=$(ls -l $NEWBOOT | awk '{print $5}')
if [ "$NEWSIZE" -gt "$ORIGSIZE" ]; then
ui_print "! Boot partition space insufficient"
ui_print "! Remove ramdisk backups and binaries"
rm -rf $RAMDISK/.backup $NEWBOOT $RAMDISK/magisk/* 2>/dev/null
if (! $KEEPSUPERSU); then
mkdir -p /cache/magisk
cp $BINDIR/su $BINDIR/sepolicy-inject /cache/magisk
chmod 755 /cache/magisk /cache/magisk/*
chcon 'u:object_r:system_file:s0' /cache/magisk /cache/magisk/*
fi
ui_print "! Try to remove ramdisk backups"
rm -rf $RAMDISK/.backup $NEWBOOT 2>/dev/null
repack_boot
NEWSIZE=$(ls -l $NEWBOOT | awk '{print $5}')
if [ "$NEWSIZE" -gt "$ORIGSIZE" ]; then
@ -448,13 +479,18 @@ fi
chmod 644 $NEWBOOT
if [ -L "$BOOTIMAGE" ]; then
ui_print "- Block symlink detected!"
else
dd if=/dev/zero of=$BOOTIMAGE bs=4096 2>/dev/null
fi
ui_print "- Flashing new boot image"
dd if=/dev/zero of=$BOOTIMAGE bs=4096 2>/dev/null
dd if=$NEWBOOT of=$BOOTIMAGE bs=4096
if (! $BOOTMODE); then
ui_print "- Unmounting partitions"
umount /magisk
losetup -d $LOOPDEVICE
losetup -d $MAGISKLOOP
umount /system
fi

View File

@ -1 +1 @@
# this is a dummy file, the magic is in update-binary
#MAGISK

Binary file not shown.

View File

@ -2,57 +2,38 @@
on post-fs
# Paths
export PATH /sbin:/vendor/bin:/system/sbin:/system/bin:/system/xbin:/su/bin:/magisk/.core/bin:/magisk/busybox/bin:/data/magisk
# Start root
start phhsu
wait /dev/su 1
export PATH /magisk/.core/bin:/sbin:/vendor/bin:/system/sbin:/system/bin:/magisk/.core/busybox:/system/xbin
start magisk_pfs
wait /dev/unblock 20
rmdir /dev/unblock
wait /dev/.magisk.unblock 20
rm /dev/.magisk.unblock
on post-fs-data
# Try to start root again in case post-fs failed
start phhsu
wait /dev/su 1
start magisk_pfsd
wait /dev/unblock 20
rmdir /dev/unblock
wait /dev/.magisk.unblock 40
rm /dev/.magisk.unblock
on property:magisk.root=*
start magisk_root
# Services
service phhsu /sbin/magisk_wrapper.sh phhsu
user root
seclabel u:r:su_daemon:s0
oneshot
# launch post-fs script
service magisk_pfs /sbin/magisk_wrapper.sh post-fs
service magisk_pfs /sbin/magic_mask.sh post-fs
user root
seclabel u:r:init:s0
seclabel u:r:su:s0
oneshot
# launch post-fs-data script
service magisk_pfsd /sbin/magisk_wrapper.sh post-fs-data
service magisk_pfsd /sbin/magic_mask.sh post-fs-data
user root
seclabel u:r:init:s0
seclabel u:r:su:s0
oneshot
# launch late_start script
service magisk_service /sbin/magisk_wrapper.sh service
service magisk_service /sbin/magic_mask.sh service
class late_start
user root
seclabel u:r:init:s0
seclabel u:r:su:s0
oneshot
# root handling
service magisk_root /sbin/magisk_wrapper.sh root
user root
seclabel u:r:init:s0
oneshot

View File

@ -8,13 +8,14 @@ COREDIR=/magisk/.core
DUMMDIR=$COREDIR/dummy
MIRRDIR=$COREDIR/mirror
TMPDIR=/cache/tmp
TMPDIR=/dev/tmp
# Use the included busybox to do everything in all scripts for maximum compatibility
# Use the included busybox to do everything for maximum compatibility
# We also do so because we rely on the option "-c" for cp (reserve contexts)
# Reserve the original PATH
export OLDPATH=$PATH
export PATH="/data/busybox:$PATH"
# Version info
setprop magisk.version 7
log_print() {
echo $1
@ -32,7 +33,7 @@ mktouch() {
}
unblock() {
mkdir -p /dev/unblock
touch /dev/.magisk.unblock
exit
}
@ -185,9 +186,12 @@ merge_image() {
if ($OK); then
# Merge (will reserve selinux contexts)
if [ `cp -afc /cache/merge_img/. /cache/data_img >/dev/null 2>&1; echo $?` -eq 0 ]; then
log_print "Merge complete"
fi
cd /cache/merge_img
for MOD in *; do
rm -rf /cache/data_img/$MOD
cp -afc $MOD /cache/data_img/
done
log_print "Merge complete"
fi
umount /cache/data_img
@ -215,6 +219,15 @@ case $1 in
chmod 644 $LOGFILE
log_print "Magisk post-fs mode running..."
if [ -d "/cache/magisk_merge" ]; then
cd /cache/magisk_merge
for MOD in *; do
rm -rf /cache/magisk/$MOD
cp -afc $MOD /cache/magisk/
done
rm -rf /cache/magisk_merge
fi
for MOD in /cache/magisk/* ; do
if [ -f "$MOD/remove" ]; then
log_print "Remove module: $MOD"
@ -244,6 +257,10 @@ case $1 in
log_print "Magisk post-fs-data mode running..."
# Live patch sepolicy
/data/magisk/sepolicy-inject --live -s su
# Cache support
if [ -d "/cache/data_bin" ]; then
rm -rf /data/busybox /data/magisk
mkdir -p /data/busybox
@ -254,14 +271,15 @@ case $1 in
# Prevent issues
rm -f /data/busybox/su /data/busybox/sh
fi
mv /cache/stock_boot.img /data 2>/dev/null
chmod 644 $IMG /cache/magisk.img /data/magisk_merge.img 2>/dev/null
# Handle image merging
merge_image /cache/magisk.img
merge_image /data/magisk_merge.img
# Mount /data image
# Mount magisk.img
if [ `cat /proc/mounts | grep /magisk >/dev/null 2>&1; echo $?` -ne 0 ]; then
loopsetup $IMG
if [ ! -z "$LOOPDEVICE" ]; then
@ -274,13 +292,14 @@ case $1 in
unblock
fi
mkdir -p $DUMMDIR
mkdir -p $MIRRDIR/system
log_print "Preparing modules"
# First do cleanups
rm -rf $DUMMDIR/*
rm -rf $DUMMDIR
rmdir $(find /magisk -type d -depth ! -path "*core*" ) 2>/dev/null
rm -rf $COREDIR/bin
mkdir -p $DUMMDIR
mkdir -p $MIRRDIR/system
# Travel through all mods
for MOD in /magisk/* ; do
@ -292,9 +311,11 @@ case $1 in
fi
done
# Proper permissions
find $DUMMDIR -type d -exec chmod 755 {} \;
find $DUMMDIR -type f -exec chmod 644 {} \;
# Proper permissions for generated items
chmod 755 $(find $COREDIR -type d)
chmod 644 $(find $COREDIR -type f)
find $COREDIR -type d -exec chmod 755 {} \;
find $COREDIR -type f -exec chmod 644 {} \;
# linker(64), t*box, and app_process* are required if we need to dummy mount bin folder
if [ -f "$TMPDIR/dummy/system/bin" ]; then
@ -303,7 +324,7 @@ case $1 in
cp -afc linker* t*box app_process* $DUMMDIR/system/bin/
fi
# Shrink the image if possible
# Unmount, shrink, remount
if [ `umount /magisk >/dev/null 2>&1; echo $?` -eq 0 ]; then
losetup -d $LOOPDEVICE
target_size_check $IMG
@ -323,8 +344,7 @@ case $1 in
unblock
fi
# Remove legacy phh root and crap folder
rm -rf /magisk/phh
# Remove crap folder
rm -rf /magisk/lost+found
# Start doing tasks
@ -350,9 +370,7 @@ case $1 in
run_scripts post-fs-data
# Bind hosts for Adblock apps
if [ ! -f "$COREDIR/hosts" ]; then
cp -afc /system/etc/hosts $COREDIR/hosts
fi
[ ! -f "$COREDIR/hosts" ] && cp -afc /system/etc/hosts $COREDIR/hosts
log_print "Enabling systemless hosts file support"
bind_mount $COREDIR/hosts /system/etc/hosts
@ -363,7 +381,7 @@ case $1 in
# Stage 4
log_print "Bind mount mirror items"
# Find all empty directores and dummy files, they should be mounted by original files in /system
find $DUMMDIR -type d -exec sh -c 'if [ -z "$(ls -A $1)" ]; then echo $1; fi' -- {} \; -o \( -type f -size 0 -print \) | while read ITEM ; do
find $DUMMDIR -type d -exec sh -c '[ -z "$(ls -A $1)" ] && echo $1' -- {} \; -o \( -type f -size 0 -print \) | while read ITEM ; do
ORIG=${ITEM/dummy/mirror}
TARGET=${ITEM#$DUMMDIR}
bind_mount $ORIG $TARGET
@ -372,17 +390,13 @@ case $1 in
# All done
rm -rf $TMPDIR
if [ ! -f "/supersu" ]; then
# Expose root path
setprop magisk.supath /magisk/.core/bin
setprop magisk.root 1
fi
unblock
;;
service )
rm -rf /cache/unblock
# Version info
setprop magisk.version 7
rm -rf /dev/unblock*
log_print "Magisk late_start service mode running..."
run_scripts service
;;
@ -392,11 +406,10 @@ case $1 in
ROOT=$(getprop magisk.root)
if [ "$ROOT" -eq "1" ]; then
log_print "Enabling root"
rm -f SUPATH
ln -s /data/magisk $SUPATH
ln -s $SUPATH /magisk/.core/bin
else
log_print "Disabling root"
rm -f SUPATH
rm -f /magisk/.core/bin
fi
;;
esac

View File

@ -1,42 +0,0 @@
#!/system/bin/sh
BINDIR=/magisk/.core/bin
# Find where's su binary
for DIR in /magisk /data/magisk /cache/magisk /su/bin; do
[ -f "$DIR/su" ] && break
done
case $1 in
phhsu )
if [ ! -d "/dev/su" ]; then
$DIR/sepolicy-inject --live --auto -s su
exec $DIR/su --daemon
fi
;;
post-fs )
# If su call fails, temporary switch to permissive (workaround)
# This workaround will not always work (e.g. Samsung stock boot images)
if [ `$DIR/su -c "/sbin/magic_mask.sh post-fs" >/dev/null 2>&1; echo $?` -ne 0 ]; then
echo 0 > /sys/fs/selinux/enforce
/sbin/magic_mask.sh post-fs
echo 1 > /sys/fs/selinux/enforce
fi
;;
post-fs-data )
# su call shall always work
if [ `$DIR/su -c "/sbin/magic_mask.sh post-fs-data" >/dev/null 2>&1; echo $?` -ne 0 ]; then
/sbin/magic_mask.sh post-fs-data
fi
;;
service )
# su call shall always work
if [ `$DIR/su -c "/sbin/magic_mask.sh service" >/dev/null 2>&1; echo $?` -ne 0 ]; then
/sbin/magic_mask.sh service
fi
;;
root )
# This will only be used in phh root
$DIR/su -c "/sbin/magic_mask.sh root"
;;
esac

View File

@ -1,226 +0,0 @@
#Extracted from global_macros
rw_socket_perms="ioctl read getattr write setattr lock append bind connect getopt setopt shutdown"
create_socket_perms="create $rw_socket_perms"
rw_stream_socket_perms="$rw_socket_perms listen accept"
create_stream_socket_perms="create $rw_stream_socket_perms"
# bootimg.sh
#allow <list of scontext> <list of tcontext> <class> <list of perm>
allow() {
[ -z "$1" -o -z "$2" -o -z "$3" ] && false
for s in $1;do
for t in $2;do
for c in $3;do
echo "allow ($s) ($t) ($c) ($4)"
if [ "$4" = "*" ]; then
$BINDIR/sepolicy-inject -s $s -t $t -c $c -P sepolicy >/dev/null 2>&1
else
$BINDIR/sepolicy-inject -s $s -t $t -c $3 -p $(echo $4|tr ' ' ',') -P sepolicy 2>/dev/null 2>&1
fi
done
done
done
}
noaudit() {
for s in $1;do
for t in $2;do
for p in $4;do
$BINDIR/sepolicy-inject -s $s -t $t -c $3 -p $p -P sepolicy 2>/dev/null 2>&1
done
done
done
}
# su-communication
#allowSuClient <scontext>
allowSuClient() {
#All domain-s already have read access to rootfs
allow $1 rootfs file "execute_no_trans execute" #TODO: Why do I need execute?!? (on MTK 5.1, kernel 3.10)
allow $1 su_daemon unix_stream_socket "connectto getopt"
allow $1 su_device dir "search read"
allow $1 su_device sock_file "read write"
allow su_daemon $1 "fd" "use"
allow su_daemon $1 fifo_file "read write getattr ioctl"
#Read /proc/callerpid/cmdline in from_init, drop?
#Requiring sys_ptrace sucks
allow su_daemon "$1" "dir" "search"
allow su_daemon "$1" "file" "read open"
allow su_daemon "$1" "lnk_file" "read"
allow su_daemon su_daemon "capability" "sys_ptrace"
}
suDaemonTo() {
allow su_daemon $1 "process" "transition"
noaudit su_daemon $1 "process" "siginh rlimitinh noatsecure"
}
suDaemonRights() {
allow su_daemon rootfs file "entrypoint"
allow su_daemon su_daemon "dir" "search read"
allow su_daemon su_daemon "file" "read write open"
allow su_daemon su_daemon "lnk_file" "read"
allow su_daemon su_daemon "unix_dgram_socket" "create connect write"
allow su_daemon su_daemon "unix_stream_socket" "$create_stream_socket_perms"
allow su_daemon devpts chr_file "read write open getattr"
#untrusted_app_devpts not in Android 4.4
allow su_daemon untrusted_app_devpts chr_file "read write open getattr" || true
allow su_daemon su_daemon "capability" "setuid setgid"
#Access to /data/data/me.phh.superuser/xxx
allow su_daemon app_data_file "dir" "getattr search write add_name"
allow su_daemon app_data_file "file" "getattr read open lock"
#FIXME: This shouldn't exist
#dac_override can be fixed by having pts_slave's fd forwarded over socket
#Instead of forwarding the name
allow su_daemon su_daemon "capability" "dac_override"
allow su_daemon su_daemon "process" "fork sigchld"
#toolbox needed for log
allow su_daemon toolbox_exec "file" "execute read open execute_no_trans" || true
#Create /dev/me.phh.superuser. Could be done by init
allow su_daemon device "dir" "write add_name"
allow su_daemon su_device "dir" "create setattr remove_name add_name"
allow su_daemon su_device "sock_file" "create unlink"
#Allow su daemon to start su apk
allow su_daemon zygote_exec "file" "execute read open execute_no_trans"
allow su_daemon zygote_exec "lnk_file" "read getattr"
#Send request to APK
allow su_daemon su_device dir "search write add_name"
#Allow su_daemon to switch to su or su_sensitive
allow su_daemon su_daemon "process" "setexec"
#Allow su_daemon to execute a shell (every commands are supposed to go through a shell)
allow su_daemon shell_exec file "execute read open"
allow su_daemon su_daemon "capability" "chown"
suDaemonTo su
}
# rights
#In this file lies the real permissions of a process running in su
suBind() {
#Allow to override /system/xbin/su
allow su_daemon su_exec "file" "mounton read"
#We will create files in /dev/su/, they will be marked as su_device
allow su_daemon su_device "dir file lnk_file" "*"
allow su_daemon su_device "file" "relabelfrom"
allow su_daemon system_file "file" "relabelto"
}
#This is the vital minimum for su to open a uid 0 shell
suRights() {
#Admit su_daemon is meant to be god.
allow su_daemon su_daemon "capability" "sys_admin"
allow servicemanager su "dir" "search read"
allow servicemanager su "file" "open read"
allow servicemanager su "process" "getattr"
allow servicemanager su "binder" "transfer"
[ "$API" -ge 20 ] && allow system_server su binder "call"
}
suL9() {
allow su_daemon su_daemon "dir file lnk_file" "*"
allow su_daemon system_data_file "dir file lnk_file" "*"
allow su_daemon "labeledfs" filesystem "associate"
allow su_daemon su_daemon process setfscreate
allow su_daemon tmpfs filesystem associate
allow su_daemon su_daemon file relabelfrom
allow su_daemon system_file file mounton
}
otherToSU() {
# allowLog
if allow su logd unix_dgram_socket "sendto";then
allow logd su dir "search"
allow logd su file "read open getattr"
fi
# suBackL0
[ "$API" -ge 20 ] && allow system_server su binder "call transfer"
#ES Explorer opens a sokcet
allow untrusted_app su unix_stream_socket "$rw_socket_perms connectto"
#Any domain is allowed to send su "sigchld"
#TODO: Have sepolicy-inject handle that
#allow "=domain" su process "sigchld"
allow surfaceflinger su "process" "sigchld"
# suNetworkL0
$BINDIR/sepolicy-inject -a netdomain -s su -P sepolicy
$BINDIR/sepolicy-inject -a bluetoothdomain -s su -P sepolicy
# suBackL6
#Used by CF.lumen (restarts surfaceflinger, and communicates with it)
#TODO: Add a rule to enforce surfaceflinger doesn't have dac_override
allow surfaceflinger app_data_file "dir file lnk_file" "*"
$BINDIR/sepolicy-inject -a mlstrustedsubject -s surfaceflinger -P sepolicy
}
#Samsung specific
#Prevent system from loading policy
if $BINDIR/sepolicy-inject -e -s knox_system_app -P sepolicy;then
$BINDIR/sepolicy-inject --not -s init -t kernel -c security -p load_policy -P sepolicy
for i in policyloader_app system_server system_app installd init ueventd runas drsd debuggerd vold zygote auditd servicemanager itsonbs commonplatformappdomain;do
$BINDIR/sepolicy-inject --not -s "$i" -t security_spota_file -c dir -p read,write -P sepolicy
$BINDIR/sepolicy-inject --not -s "$i" -t security_spota_file -c file -p read,write -P sepolicy
done
fi
#Create domains if they don't exist
$BINDIR/sepolicy-inject -z su -P sepolicy
$BINDIR/sepolicy-inject -z su_device -P sepolicy
$BINDIR/sepolicy-inject -z su_daemon -P sepolicy
#Autotransition su's socket to su_device
$BINDIR/sepolicy-inject -s su_daemon -f device -c file -t su_device -P sepolicy
$BINDIR/sepolicy-inject -s su_daemon -f device -c dir -t su_device -P sepolicy
allow su_device tmpfs filesystem "associate"
#Transition from untrusted_app to su_client
#TODO: other contexts want access to su?
allowSuClient shell
allowSuClient untrusted_app
allowSuClient platform_app
allowSuClient su
#HTC Debug context requires SU
$BINDIR/sepolicy-inject -e -s ssd_tool -P sepolicy && allowSuClient ssd_tool
#Allow init to execute su daemon/transition
allow init su_daemon process "transition"
noaudit init su_daemon process "rlimitinh siginh noatsecure"
suDaemonRights
suBind
suRights
otherToSU
#Need to set su_device/su as trusted to be accessible from other categories
$BINDIR/sepolicy-inject -a mlstrustedobject -s su_device -P sepolicy
$BINDIR/sepolicy-inject -a mlstrustedsubject -s su_daemon -P sepolicy
$BINDIR/sepolicy-inject -a mlstrustedsubject -s su -P sepolicy
suL9
# Just in case :)
$BINDIR/sepolicy-inject -Z su -P sepolicy

View File

@ -0,0 +1,9 @@
id=phh
name=phh's SuperUser
version=Root Helper
versionCode=1
author=phhusson, topjohnwu
description=This is a helper, please upgrade from downloads section :)
support=http://forum.xda-developers.com/showthread.php?t=3216394
donate=http://forum.xda-developers.com/donatetome.php?u=1915408
cacheModule=false

View File

@ -0,0 +1,37 @@
#!/system/bin/sh
LOGFILE=/cache/magisk.log
log_print() {
echo $1
echo "phh: $1" >> $LOGFILE
log -p i -t phh "$1"
}
launch_daemonsu() {
export PATH=$OLDPATH
# Switch contexts
echo "u:r:su_daemon:s0" > /proc/self/attr/current
# Start daemon
exec /magisk/phh/bin/su --daemon
}
log_print "Live patching sepolicy"
/magisk/phh/bin/sepolicy-inject --live
# Expose the root path
log_print "Linking supath"
rm -rf /magisk/.core/bin
ln -s /magisk/phh/bin /magisk/.core/bin
# Run su.d
for script in /magisk/phh/su.d/* ; do
if [ -f "$script" ]; then
chmod 755 $script
log_print "su.d: $script"
$script
fi
done
log_print "Starting su daemon"
(launch_daemonsu &)

View File

@ -0,0 +1,29 @@
#!/system/bin/sh
cd /magisk/00roothelper
if [ -f "launch_daemonsu.sh" ]; then
# SuperSU mode
rm -rf /magisk/supersu /magisk/99supersu
mkdir -p /magisk/99supersu
cp supersu.sh /magisk/99supersu/post-fs-data.sh
cp supersu.prop /magisk/99supersu/module.prop
cp launch_daemonsu.sh /magisk/99supersu/launch_daemonsu.sh
chmod 755 /magisk/99supersu/*
else
# phh mode
if [ -f "/magisk/phh/su" ]]; then
# Old version detected
cp /magisk/phh/su su
rm -rf /magisk/phh
mkdir -p /magisk/phh/bin
mkdir -p /magisk/phh/su.d
cp su /magisk/phh/bin/su
cp /data/magisk/sepolicy-inject /magisk/phh/bin/sepolicy-inject
cp phh.sh /magisk/phh/post-fs-data.sh
cp phh.prop /magisk/phh/module.prop
chmod 755 /magisk/phh/* /magisk/phh/bin/*
fi
fi
rm -rf /magisk/00roothelper

View File

@ -0,0 +1,7 @@
id=supersu
name=SuperSU Helper
version=v1
versionCode=1
author=topjohnwu
description=This is a helper module for Chainfire's SuperSU to work with Magisk
cacheModule=false

View File

@ -0,0 +1,11 @@
#!/system/bin/sh
mount -o rw,remount rootfs /
mkdir /su 2>/dev/null
mount -o ro,remount rootfs /
chmod 755 /magisk/99supersu/launch_daemonsu.sh
/magisk/99supersu/launch_daemonsu.sh post-fs-data
rm -rf /magisk/.core/bin
ln -s /su/bin /magisk/.core/bin

Binary file not shown.