6100 Commits

Author SHA1 Message Date
topjohnwu
753808a4ce Also hijack plat_file_contexts if necessary
Since Android 13, sepolicy are also loaded from APEX modules. Part
of the change is to run restorecon before SELinux is set to enforce.
In order to support this situation, we also hijack plat_file_contexts
if necessary to properly order our operations.

Original idea credits to @yujincheng08, close #5603
2022-03-18 00:46:34 -07:00
topjohnwu
32cd694ad5 SAR can also have monolithic sepolicy 2022-03-17 22:32:49 -07:00
topjohnwu
f008420891 Make magiskinit not magiskpolicy 2022-03-17 03:36:40 -07:00
topjohnwu
fa8900be65 Use standalone magiskpolicy 2022-03-17 03:15:39 -07:00
LoveSy
69c2f407d6 Log if failed to dlopen a zygisk module 2022-03-17 02:25:31 -07:00
topjohnwu
ffcd093db1 Fix #5589
Close #5598
2022-03-17 02:25:31 -07:00
topjohnwu
8dbf93750f Reorganize magiskinit code 2022-03-16 21:41:20 -07:00
topjohnwu
e266a81167 Remove unused code 2022-03-16 21:31:22 -07:00
topjohnwu
e841aab9e7 Add hijack sepolicy support for rootfs devices
On older Android versions, pre-mounting selinuxfs will lead to errors,
so we have to use a different method to block init's control flow.
Since all devices that falls in this catagory must both:

1. Be Android 8.0 - 9.0
2. Have early mount fstab in its device tree

We can actually use the same FIFO trick, but this time not on selinuxfs,
but on the read-only device tree nodes in sysfs or procfs. By mocking
the fstab/compatible node in the device tree, we can block init when
it attempts to do early mount; at that point, we can then mock selinuxfs
as we normally would, successfully hijack and inject patched sepolicy.
2022-03-16 20:01:28 -07:00
topjohnwu
49f259065d Introduce new sepolicy injection mechanism
In the current implementation, Magisk will either have to recreate
all early mount implementation (for legacy SAR and rootfs devices) or
delegate early mount to first stage init (for 2SI devices) to access
required partitions for loading sepolicy. It then has to recreate the
split sepolicy loading implementation in-house, apply patches, then
dump the compiled + patched policies into monolithic format somewhere.
Finally, it patches the original init to force it to load the sepolicy
file we just created.

With the increasing complexity involved in early mount and split
sepolicy (there is even APEX module involved in the future!),
it is about time to rethink Magisk's sepolicy strategy as rebuilding
init's functionality is not scalable and easy to maintain.

In this commit, instead of building sepolicy ourselves, we mock
selinuxfs with FIFO files connected to a pre-init daemon, waiting
for the actual init process to directly write the sepolicy file into
MagiskInit. We then patch the file and load it into the kernel. Some
FIFO tricks has to be used to hijack the original init process's
control flow and prevent race conditions, details are directly in the
comments in code.

At the moment, only system-as-root (read-only root) support is added.
Support for legacy rootfs devices will come with a follow up commit.
2022-03-16 00:31:55 -07:00
topjohnwu
b10379e700 Cleanup inheritance 2022-03-14 04:22:09 -07:00
topjohnwu
810d27a618 Use /data as tmpfs mount point in 2SI setup
Design credit to @yujincheng08
Close #5146. Fix #5491, fix #3752

Previously, Magisk changes the mount point from /system to /system_root
by patching fstab to prevent the original init from changing root.
The reason why we want to prevent the original init from switching the
root directory is because it will then be read-only, making patching
and injecting magiskinit into the boot chain difficult.

This commit (ab)uses the fact that the /data folder will never be part
of early mount (because it is handled very late in the boot by vold),
so that we can use it as the mount point of tmpfs to store files.

Some advantages of this method:

- No need to switch root manually
- No need to modify fstab, which significantly improves compatibility
  e.g. avoid hacks for weird devices like those using oplus.fstab,
  and avoid hacking init to bypass fstab in device trees
- Supports skip_mount.cfg
- Support DSU
2022-03-13 05:06:08 -07:00
topjohnwu
9b60c005c7 Support multiple CPIO concatenated 2022-03-13 04:23:00 -07:00
topjohnwu
cc6ca0bda2 Update README 2022-03-10 00:45:51 -08:00
topjohnwu
4512232637 Release new canary build 2022-03-10 00:44:42 -08:00
topjohnwu
2c092ffdef Release Magisk v24.3 v24.3 2022-03-10 00:32:07 -08:00
topjohnwu
66406227d6 Add v24.3 release notes 2022-03-10 00:24:02 -08:00
topjohnwu
a11d25bb44 Update libsu 2022-03-10 00:00:11 -08:00
VD $ VD171 @ Priv8
2e58d902b7
Update Portuguese Portugal Translation & Fix Portuguese Brazilian Translation by VD171 2022-03-09 20:44:33 -08:00
vvb2060
237794b05c Add root install back 2022-03-09 20:44:11 -08:00
topjohnwu
563a587882 Initialize local variables
Fix #5542
2022-03-09 20:43:42 -08:00
canyie
24505cd111 Prevent destroyed activities from being reused
The adapter will cache a LayoutInflater which refers the current activity, and the ViewModel object will keep alive until activity finished. After activity recreates (e.g. split-screen), it will use the cached LayoutInflater which refers a destroyed activity and crashes. This also is a memory-leak, according to Google's official document, ViewModel shouldn't refer activity. See https://developer.android.com/topic/libraries/architecture/viewmodel

Fix topjohnwu#5413
2022-03-07 01:54:02 -08:00
topjohnwu
0c681cdab4 Check null before dereferencing fds_to_ignore 2022-03-03 21:34:53 -08:00
VD $ VD171 @ Priv8
13ef3058c6 Update Portuguese Brazilian Translation by VD171
Update Portuguese Brazilian Translation by VD171
2022-03-03 10:36:45 -08:00
vvb2060
50b159b43d Add init_boot parition 2022-03-02 22:50:05 -08:00
Rom
8c6c328730 Update French translation 2022-03-02 22:48:24 -08:00
sn-o-w
c9812ddf08 Update Romanian 2022-03-02 22:48:07 -08:00
owen151128
2ef0449c2c Update Korean translation 2022-03-02 22:33:52 -08:00
Ilya Kushnir
5edc750c47 Update RU strings 2022-03-02 22:33:21 -08:00
vvb2060
2f0e396d7f Update gradle 2022-03-02 22:32:35 -08:00
vvb2060
000a163beb Match components which are direct boot unaware 2022-03-02 22:32:35 -08:00
topjohnwu
80dd37ee31 Add missing specialize arguments 2022-03-02 22:01:35 -08:00
topjohnwu
e0b5645064 Revert "Directly use getrandom system call if possible"
This reverts commit e7c82f20e3d7d7b47221b454508d07aefc14e7c0.
Fix #5516
2022-03-02 19:50:47 -08:00
topjohnwu
e51aacb0b7 Update README 2022-03-01 23:54:39 -08:00
topjohnwu
2d6af94aa0 Release new canary build 2022-03-01 23:53:39 -08:00
topjohnwu
7cfce9ff7a Release Magisk v24.2 v24.2 2022-03-01 23:35:56 -08:00
topjohnwu
7f088d6241 Add v24.2 release notes 2022-03-01 23:26:44 -08:00
vvb2060
d11038f3de Directly stream apk into install session 2022-03-01 23:05:06 -08:00
vvb2060
6df42a4be7 Handle install failure 2022-03-01 23:05:06 -08:00
Francesco Saltori
7fd111b91f
Bring English strings changes to Italian translation 2022-03-01 22:51:07 -08:00
Sirichai Chulee
dd7dc2ec5a Fix typo in thai translation 2022-03-01 22:50:37 -08:00
Vladimír Kubala
86c586d882
Update Slovak translation 2022-03-01 22:50:12 -08:00
Arbri çoçka
66ac6f72fc update Albania translator 2022-03-01 22:49:44 -08:00
CDzungx
f21f448099 Update Vietnamese Translation
Fix, added some translations.
Added note for technicality word in case user don't know the word mean in English like "boot image", "image" is translated to "đĩa ảnh", I can't really understand it if I use Vietnamese lang 😂.
2022-03-01 22:49:29 -08:00
topjohnwu
548d70f30c Mount with original option
Fix #5481, close #5486
2022-03-01 20:09:59 -08:00
topjohnwu
39e714c6d8 Release new canary build 2022-03-01 03:44:21 -08:00
topjohnwu
9968af0785 Move all permission check into daemon.cpp 2022-03-01 03:15:38 -08:00
topjohnwu
be7586137c Reduce C++ wizardry 2022-03-01 03:15:38 -08:00
LoveSy
7999b66c3c Refactor daemon connection 2022-03-01 03:15:38 -08:00
vvb2060
c82a46c1ee Check property before switch mem cgroup 2022-02-28 23:27:23 -08:00