414 Commits

Author SHA1 Message Date
topjohnwu
4dfb193d10 Always run non disabled module post-fs-data scripts 2021-11-16 21:29:13 -08:00
vvb2060
d4ac458d17 Ignore zygisk modules when zygisk is not enabled 2021-11-16 21:14:35 -08:00
topjohnwu
8bd0c44e83 Replace module fd with memfd if possible 2021-10-28 00:26:18 -07:00
topjohnwu
ea75a09f95 Make zygisk survive zygote restarts
Close #4777
2021-10-27 01:53:16 -07:00
LoveSy
49abfcafed Fix nullptr dereference when env abnormal 2021-10-26 00:40:00 -07:00
vvb2060
2e299b3814 Add an old cgroup v2 path
https://android-review.googlesource.com/c/platform/system/core/+/1324649
2021-10-25 20:54:19 -07:00
topjohnwu
4b307cad2c Random minor changes 2021-10-23 22:20:07 -07:00
topjohnwu
7496d51580 Make zygiskd ABI aware 2021-10-23 14:38:30 -07:00
topjohnwu
8d0dc37ec0 Use SO_PEERSEC to get client secontext 2021-10-19 23:46:38 -07:00
topjohnwu
fe41df87bb pthread_cond_signal might wake multiple threads
Close #4759
2021-10-19 21:32:37 -07:00
LoveSy
e184eb4a23 Fix UB of loading modules
- The lambda here infers its return type as `std::string`,
  and since `info` is `const`, the labmda copies `info.name`
  and returns a `std::string&&`. After captured by the
  `std::string_view`, the `std::string&&` return value
  deconstructs and makes `std::string_view` refers to a
  dangling pointer.
2021-10-17 04:38:56 -07:00
topjohnwu
6f54c57647 Allow fork in thread pool 2021-10-17 04:24:25 -07:00
topjohnwu
b75ec09998 Load Zygisk modules even if no magic mount is needed
Close #4767
2021-10-14 01:35:29 -07:00
topjohnwu
c8ac6c07b0 Load Zygisk modules 2021-10-13 04:52:02 -07:00
topjohnwu
f59309a445 Minor changes 2021-10-09 11:36:01 -07:00
topjohnwu
36765caedc Fix thread pool implementation
Close #4759
2021-10-08 23:28:14 -07:00
vvb2060
ecd332c573 Close fd 2021-09-25 12:07:52 -07:00
topjohnwu
73d36fdff0 Riru and its modules are not compatible with zygisk 2021-09-23 23:54:46 -07:00
vvb2060
d20517483e Prevent multiple mounts of devpts 2021-09-23 02:40:24 -07:00
残页
61783ffc82 Prevent original libselinux.so to be unmounted
libselinux.so will be unmounted when magiskd starts. If magiskd restarts (like it died before boot completed), the files we want to unmount is the original files because the modified files is unmounted in previous start, which will causes many crashes due to missing libselinux.so.
2021-09-22 19:34:44 -07:00
RikkaW
f7c0e407ca Fix downgrade database 2021-09-20 05:50:34 -07:00
topjohnwu
f1b6c9f4aa Refresh uid_map on package.xml change 2021-09-20 04:42:06 -07:00
topjohnwu
0ab31ab0df Fix log writer 2021-09-19 13:41:45 -07:00
topjohnwu
3fb72a4d20 Support polling on multiple fds 2021-09-18 14:40:12 -07:00
topjohnwu
db590091b3 Propagate Zygisk state to Magisk app 2021-09-18 02:38:53 -07:00
topjohnwu
7b25e74418 Simplify get manager app info logic 2021-09-17 02:07:32 -07:00
topjohnwu
706a492218 Update denylist config implementation 2021-09-16 05:27:34 -07:00
topjohnwu
c0be5383de Support enable/disable Zygisk 2021-09-15 02:49:54 -07:00
topjohnwu
3b8ce85092 Enable Zygisk 2021-09-15 01:59:43 -07:00
topjohnwu
65b0ea792e MagiskHide is no more 2021-09-12 12:40:34 -07:00
topjohnwu
de2306bd12 Proper incremental builds
Auto generate flag.h for precise rebuilding
2021-09-07 19:35:28 -07:00
残页
c0a2e3674c Reset file context from adb_data_file
In some cases (like weird ROMs that allow init to relabel context from system_file), module files will have an incorrent context, which will causes module not working properly.
See https://github.com/RikkaApps/Riru/wiki/Explanation-about-incorrect-SELinux-rules-from-third-party-ROMs-cause-Riru-not-working
2021-09-02 21:55:08 -07:00
vvb2060
f324252681 Use isolated devpts if kernel support
kernel version >= 4.7 or CONFIG_DEVPTS_MULTIPLE_INSTANCES=y
2021-08-29 02:45:49 -07:00
topjohnwu
6fe9b69aad Cleanup module.cpp 2021-08-28 10:27:45 -07:00
topjohnwu
5d162f81c4 Modernize db.hpp 2021-08-27 01:06:03 -07:00
topjohnwu
4771c2810b Significantly better AVD support 2021-08-26 03:09:56 -07:00
topjohnwu
0cd99712fa Implement cached thread pool 2021-08-24 02:39:54 -07:00
topjohnwu
b591af7803 Minor bug fixes 2021-08-22 03:26:48 -07:00
topjohnwu
171d68ca72 Connect to magiskd log daemon 2021-08-22 03:26:48 -07:00
topjohnwu
bade4f2c6a Make xhook log as Magisk 2021-08-22 03:26:48 -07:00
topjohnwu
ffe47300a1 Update recv/send fd function 2021-08-22 03:26:48 -07:00
topjohnwu
9b3efffba9 Use magiskd to setup files 2021-08-18 03:44:32 -07:00
topjohnwu
003fea52b1 Remove all non-Magisk hiding code
Magisk no longer interferes with any signals/info that were not created
or caused by Magisk itself.
2021-08-18 02:01:54 -07:00
topjohnwu
2b17c77195 Make Zygisk 1st class citizen 2021-08-17 23:57:49 -07:00
topjohnwu
27f7fa7153 Extend stream support 2021-08-13 02:08:56 -07:00
topjohnwu
b325aa4555 Fix log file writing 2021-08-13 00:13:44 -07:00
topjohnwu
0d977b54f7 Revise logging code 2021-08-12 03:26:54 -07:00
topjohnwu
20860da4b4 Cleaner daemon handlers 2021-08-11 22:57:08 -07:00
topjohnwu
6099f3b015 Always resolve to canonical path 2021-05-10 01:14:53 -07:00
vvb2060
708fe514f8 Always use mirror path 2021-04-23 16:56:23 -07:00
Wang Han
44f005077d Don't copy sepolicy.rule to /persist on boot
* This seems to be a logic that has been abandoned for a
   long time. Now we automatically choose which partition
   to store sepolicy.rule. Furthermore, touching /persist is
   what we should avoid doing whenever possible.
2021-04-15 05:01:03 -07:00
LoveSy
013b6e68ec Fix perfect forwarding 2021-04-15 04:58:30 -07:00
LoveSy
95c964673d Initialized _root properly
Fix #4204

`_root` is uninitialized for non-root nodes. And it will cause `module_node::mount` fail because it uses `root()`. Once the bug is triggered, signal 11 is received but Magisk catch all signals and therefore stuck forever.
2021-04-15 04:58:30 -07:00
topjohnwu
01b985eded Remove more pre SDK 21 stuffs 2021-04-09 21:29:42 -07:00
Shaka Huang
dfe1f2c108 Call freecon() when fgetfilecon() succeeds 2021-04-04 01:58:59 -07:00
vvb2060
7a007b342a Correct comment
For file-based encryption, /data/adb is always required to encrypt
https://android.googlesource.com/platform/system/extras/+/refs/tags/android-7.0.0_r36/ext4_utils/ext4_crypt_init_extensions.cpp
68258e8444%5E%21/
2021-03-13 21:10:02 -08:00
topjohnwu
82f8948fd4 Separate setting log functions and starting log daemon 2021-03-13 17:50:48 -08:00
Shaka Huang
b9cdc755d1 Returned fds[0] in socketpair() might be STDOUT
* There will be garbage output when executing `su` (#4016)
* Failed to check root status and showing N/A in status (#4005)

Signed-off-by: Shaka Huang <shakalaca@gmail.com>
2021-03-13 17:50:48 -08:00
topjohnwu
a6f81c66e5 Bypass stdio 2021-03-13 16:17:28 -08:00
topjohnwu
43c1105d62 Use dedicated thread for writing logfile 2021-03-09 02:40:12 -08:00
vvb2060
b693d13b93 Proper implementation of cgroup migration
https://www.kernel.org/doc/Documentation/admin-guide/cgroup-v1/cgroups.rst
https://www.kernel.org/doc/Documentation/admin-guide/cgroup-v2.rst
2021-03-07 01:55:19 -08:00
topjohnwu
39982d57ef Fix logging implementation
- Block signals in logging routine (fix #3976)
- Prevent possible deadlock after fork (stdio locks internally)
  by creating a new FILE pointer per logging call (thread/stack local)
2021-03-06 13:55:30 -08:00
vvb2060
ac8372dd26 Add cgroup2 path
https://android-review.googlesource.com/c/platform/system/core/+/1585101
2021-02-26 21:36:58 -08:00
vvb2060
b76c80e2ce Fix apex path 2021-02-14 13:37:38 -08:00
topjohnwu
f1295cb7d6 Fix root on Android 7.0 and lower 2021-01-26 02:16:11 -08:00
topjohnwu
b1dbbdef12 Remove unneeded busybox redirection 2021-01-25 00:23:42 -08:00
topjohnwu
d2bc2cfcf8 Install both 32 and 64 bit binaries 2021-01-18 12:37:08 -08:00
topjohnwu
f5c2d72429 Also log pid and tid 2021-01-16 16:10:47 -08:00
topjohnwu
e8ba671fc2 Guard all injection features behind a global flag 2021-01-13 20:07:23 -08:00
topjohnwu
9a28dd4f6e Implement MagiskHide through code injection 2021-01-12 03:28:00 -08:00
topjohnwu
d2acd59ea8 Minor code refactoring 2021-01-12 00:07:48 -08:00
topjohnwu
eb21c8b42e Code cleanups 2021-01-11 02:19:10 -08:00
topjohnwu
4060c2107c Add preliminary zygote code injection support
Prototyping the injection setup and a clean "self unloading" mechanism.
2021-01-06 22:21:17 -08:00
topjohnwu
f9bde347bc Convert indentation to spaces
The tab war is lost
2020-12-30 22:11:24 -08:00
topjohnwu
eee7f097e3 Make post-fs-data scripts block at most 35 secs 2020-12-17 16:54:53 -08:00
topjohnwu
086059ec30 Make sure boot stages are mutually exclusive 2020-12-15 03:40:37 -08:00
topjohnwu
7ff22c68c7 Only try to install APK when no manager is active 2020-12-09 02:15:16 -08:00
topjohnwu
0c28b23224 Fix install_module command 2020-12-09 00:37:15 -08:00
topjohnwu
c62dfc1bcc Make logging less error prone 2020-12-06 23:09:24 -08:00
topjohnwu
dead74801d Setup log file when manually starting daemon 2020-12-04 01:07:47 -08:00
topjohnwu
ab207a1bb3 va_list cannot be reused on x86 2020-12-03 20:53:19 -08:00
topjohnwu
f152e8c33d Directly log to log file 2020-12-03 20:15:18 -08:00
topjohnwu
797ba4fbf4 Make sure all logging ends with newline 2020-12-02 00:55:22 -08:00
topjohnwu
f9c7a4c933 Redirect /data/adb/magisk/busybox
Workaround some stupid Samsung kernel restrictions
2020-11-11 02:26:07 -08:00
topjohnwu
afebe734b8 Fix several things regarding scripting 2020-11-07 14:36:13 -08:00
topjohnwu
e21a78164e Properly handle factory resets
Close #3345
2020-11-04 04:50:04 -08:00
topjohnwu
89fff4830b Mount proper system_root mirror in magiskd 2020-11-03 00:37:08 -08:00
topjohnwu
16e4c67992 Significantly broaden sepolicy.rule compatibility
Previously, Magisk uses persist or cache for storing modules' custom
sepolicy rules. In this commit, we significantly broaden its
compatibility and also prevent mounting errors.

The persist partition is non-standard and also critical for Snapdragon
devices, so we prefer not to use it by default.

We will go through the following logic to find the best suitable
non-volatile, writable location to store and load sepolicy.rule files:

Unencrypted data -> FBE data unencrypted dir -> cache -> metadata -> persist

This should cover almost all possible cases: very old devices have
cache partitions; newer devices will use FBE; latest devices will use
metadata FBE (which guarantees a metadata parition); and finally,
all Snapdragon devices have the persist partition (as a last resort).

Fix #3179
2020-11-02 23:20:38 -08:00
topjohnwu
5b8a1fc2a7 Minor renames 2020-10-25 21:41:14 -07:00
vvb2060
872c55207c Add com.android.i18n to apex path 2020-10-12 01:59:41 -07:00
topjohnwu
d625beb7f3 Update --remove-modules implementation 2020-10-11 18:30:03 -07:00
topjohnwu
6abd9aa8a4 Add new --install-module command
Close #2253
2020-09-26 16:50:41 -07:00
topjohnwu
434efec860 Use FIFO for su request communication
Fix #3159
2020-09-10 00:38:29 -07:00
vvb2060
fee4031d0f Keep disable file when module update 2020-08-08 05:19:41 -07:00
topjohnwu
7fc9b908d4 Update Android 11 emulator support 2020-07-27 03:33:11 -07:00
topjohnwu
97b72a5941 Revert to old SElinux rules on pre 8.0 devices
Fix #2910
2020-07-06 01:13:50 -07:00
topjohnwu
43146b8316 Update su request process
Due to changes in ec3705f2ed187863efc34af5415495e1ee7775d2, the app can
no longer communicate with the dameon through a socket opened on the
daemon side due to SELinux restrictions. The workaround here is to have
the daemon decide a socket name, send it to the app, have the app create
the socket server, then finally the daemon connects to the app through
the socket.
2020-06-19 03:52:25 -07:00
topjohnwu
44895a86b8 Fix compilation of single applets 2020-06-19 02:45:57 -07:00
topjohnwu
1e2f776b83 Move logging.hpp 2020-06-17 01:17:28 -07:00
topjohnwu
ec3705f2ed Redesign of MagiskSU's sepolicy model
Introduce new domain `magisk_client` and new file type `magisk_exec`.

Connection to magiskd's always-on socket is restricted to magisk_client
only. Whitelisted process domains can transit to magisk_client through
executing files labelled magisk_exec. The main magisk binary shall be
the only file labelled as magisk_exec throughout the whole system.
All processes thus are no longer allowed to connect to magiskd directly
without going through the proper magisk binary.

Connection failures are silenced from audit logs with dontaudit rules,
so crazy processes which traverse through all unix domain sockets to try
connection can no longer check logcat to know the actual reason behind
EACCES, leaking the denied process policy (which is u:r:magisk:s0).

This also allows us to remove many rules that open up holes in
untrusted_app domains that were used to make remote shell work properly.
Since all processes establishing the remote shell are now restricted to
the magisk_client domain, all these rules are moved to magisk_client.
This makes Magisk require fewer compromises in Android's security model.

Note: as of this commit, requesting new root access via Magisk Manager
will stop working as Magisk Manager can no longer communicate with
magiskd directly. This will be addressed in a future commit that
involves changes in both native and application side.
2020-06-03 23:29:42 -07:00