772 Commits

Author SHA1 Message Date
topjohnwu
0efa73d96c Update selinux libs 2020-05-23 05:02:26 -07:00
topjohnwu
f392ade78d Rewrite sepolicy.c in C++ 2020-05-23 00:18:25 -07:00
topjohnwu
0236ab887e Several statement parsing improvements
- Update help message to match the spec
- Make tokenization not seg fault in certain conditions
- Moar template + macro magic to reduce boilerplate
2020-05-22 14:05:56 -07:00
topjohnwu
d4baae411b Modernize magiskpolicy 2020-05-21 06:48:02 -07:00
topjohnwu
e02e46d0fc Detect volume down key combo for safe mode
It is possible that a module is breaking the device so bad that zygote
cannot even be started. In this case, system_server cannot start and
detect the safe mode key combo, set the persist property, and reboot.

Also on old Android versions, the system directly goes to safe mode
after detecting a key combo without rebooting, defeating the purpose of
Magisk's safe mode protection if we only check for the persist property.

Directly adding key combo check natively in magiskd allows us to enter
Magisk safe mode before the system is even aware of it.
2020-05-19 04:57:47 -07:00
Chris Renshaw
3c04dab472 magiskhide: fix late_prop_key setprop, reorganize props slightly 2020-05-18 23:31:22 -07:00
topjohnwu
fc1844b4df Update policy for handling /data/adb 2020-05-18 23:29:26 -07:00
topjohnwu
99ef20627a Remove unused code 2020-05-18 05:45:08 -07:00
topjohnwu
4497e0aaca Don't expose module_list 2020-05-18 05:36:02 -07:00
topjohnwu
c3e045e367 Use daemon state to determine late prop hiding 2020-05-18 05:21:47 -07:00
topjohnwu
501d3e6c32 Maintain global daemon status 2020-05-18 05:18:49 -07:00
topjohnwu
b27b9c1d18 Minor code changes 2020-05-18 04:56:51 -07:00
topjohnwu
f7d3d1eeaf Increase post-fs-data mode to 40 secs 2020-05-18 04:56:51 -07:00
topjohnwu
0d72a4c8ba Fix compile error 2020-05-18 04:56:51 -07:00
topjohnwu
dbdb0a2560 Move late props to boot complete 2020-05-18 03:51:41 -07:00
topjohnwu
bc6a14d30f Remove property ro.build.selinux 2020-05-17 15:01:37 -07:00
topjohnwu
97db49a57b Move vendor property manipulation to late start 2020-05-17 15:01:37 -07:00
topjohnwu
eca2168685 Guard magiskhide state with mutexes 2020-05-17 15:01:37 -07:00
topjohnwu
aac6ad73da Fix collect modules 2020-05-16 13:45:22 -07:00
topjohnwu
122b4d66b6 Move Android logging out of libutils 2020-05-10 00:48:41 -07:00
topjohnwu
0f8f4e361b Update collect log logic 2020-05-10 00:30:11 -07:00
Chris Renshaw
3733b589ac native: fix slower build on non-Windows platforms 2020-05-09 04:41:07 -07:00
Chris Renshaw
6a2e781db2 magiskhide: add vendor.* props 2020-05-09 04:40:55 -07:00
vvb2060
c6569ce022 Fix service scripts 2020-05-09 04:40:05 -07:00
topjohnwu
a62bdc58cb Use env variables to enable standalone mode 2020-05-08 04:09:58 -07:00
topjohnwu
a5d7c41d20 Support Safe Mode detection
When detecting device is booting as Safe Mode, disable all modules and
MagiskHide and skip all operations. The only thing that'll be available
in this state is root (Magisk Manager will also be disabled by system).

Since the next normal boot will also have all modules disabled, this can
be used to rescue a device in the case when a rogue module causes
bootloop and no custom recovery is available (or recoveries without
the ability to decrypt data).
2020-05-08 00:45:11 -07:00
topjohnwu
232ae2a189 Update resetprop to partially use system impl 2020-05-07 23:54:00 -07:00
topjohnwu
aa8b23105f Modernize resetprop with fancy C++ 2020-05-07 06:08:30 -07:00
topjohnwu
c113f854a2 Fix overlay.d on SAR again 2020-05-07 02:30:43 -07:00
topjohnwu
87de0e7a0e Force remove AVB for 2SI since it may bootloop some devices 2020-05-05 03:29:36 -07:00
topjohnwu
02dc1172be Revert DTB patches to in-place binary patches
Since we no longer need to add new properties in the device tree, and
all the patches we do removes strings, we can just directly patch
the flat device tree in-place, ignoring basically all the higher level
DTB structure and format to accomplish 100% compatibility.
2020-05-05 01:03:09 -07:00
topjohnwu
dbf8c41209 Force init to load fstab from file in 2SI
Patching DTBs is proven to be difficult and problematic as there are
tons of different formats out there. Adding support for all the formats
in magiskboot has been quite an headache in the past year, and it still
definitely does not cover all possible cases of them out there.

There is another issue: fake dt fstabs. Some super old devices do not
have device trees in their boot images, so some custom ROM developers
had came up with a "genius" solution: hardcode fstab entries directly
in the kernel source code and create fake device tree nodes even if
Android 10+ init can graciously take fstab files instead (-_-) 。。。

And there is YET another issue: DTBs are not always in boot images!
Google is crazy enough to litter DTBs all over the place, it is like
they cannot make up their minds (duh). This means the dt fstabs can be
either concatnated after the kernel (1), in the DTB partition (2), in
the DTBO partition (3), in the recovery_dtbo section in boot images (4),
or in the dtb section in boot images (5). FIVE f**king places, how can
anyone keep up with that!

With Android 10+ that uses 2 stage inits, it is crutual for Magisk to
be able to modify fstab mount points in order to let the original init
mount partitions for us, but NOT switch root and continue booting. For
devices using dt for early mount fstab, we used to patch the DTB at
install time with magiskboot. However these changes are permanent and
cannot be restored back at reinstallation.

With this commit, Magisk will read dt fstabs and write them to ramdisk
at boot time. And in that case, the init binary will also be patched
to force it to NEVER use fstabs in device-tree. By doing so, we can
unify ramdisk based 2SI fstab patching as basically we are just patching
fstab files. This also means we can manipulate fstab whatever Magisk
needs in the future without the need to going through the headache that
is patching DTBs at installation.
2020-05-04 02:21:51 -07:00
topjohnwu
8c4fd759c6 Strip Huawei specific logic
Users should manually switch to recovery mode instead
2020-05-03 23:07:40 -07:00
topjohnwu
0c99c4d93f More complete support for fstab in dt 2020-05-03 22:49:54 -07:00
topjohnwu
8ab045331b Workaround realpath FORTIFY crashes 2020-05-03 22:11:39 -07:00
topjohnwu
a8d0936e04 Update BusyBox 2020-05-02 03:42:42 -07:00
topjohnwu
4e349acb50 Build libselinux without ANDROID defined 2020-05-01 00:45:23 -07:00
topjohnwu
947e3b06b4 Use template to get lambda for RAII 2020-04-30 01:27:48 -07:00
topjohnwu
5fd574a14f Fix --remove-modules command 2020-04-30 01:27:48 -07:00
topjohnwu
c7ed0ef5eb Fix SAR support for overlay.d 2020-04-25 23:19:36 -07:00
topjohnwu
15f155100c Rewrite skel_node mounting and construction logic
Close #2725
2020-04-24 02:07:46 -07:00
topjohnwu
2468f5a6c4 Fix custom sepolicy patches 2020-04-22 23:01:11 -07:00
topjohnwu
945a52a99f Handle extremely rare edge case 2020-04-22 05:07:50 -07:00
topjohnwu
486b2c82a7 Disable kmsg rate limiting 2020-04-22 05:07:50 -07:00
topjohnwu
8ca5a048d6 Support system_ext 2020-04-20 23:57:29 -07:00
topjohnwu
554ebe7206 Skel dest could not exist
Close #2713
2020-04-20 22:04:57 -07:00
vvb2060
d7b87fcb8e Add untrusted_app_29 for Android 11 2020-04-20 21:50:52 -07:00
topjohnwu
c94f9e1cc9 Use a binary that exists on all devices for hijacking 2020-04-20 04:41:11 -07:00
topjohnwu
e219867cdf Hijack another binary for 2nd stage
Instead of using ptrace hacks, use another hack instead :D
2020-04-19 22:15:12 -07:00
topjohnwu
765d5d9729 Small magiskinit cleanup 2020-04-19 04:57:18 -07:00