1341 Commits

Author SHA1 Message Date
canyie
1d0b873950 Fix sepolicy attribute rule parsing
Fix #6166
2022-08-07 03:35:50 -07:00
canyie
e8787b5cfd Fix UB when remote process died
If remote process died, `xreadlink` fails and leaves `buf` uninitialized. Then the daemon calls `str_ends`, creates a temp `std::string_view` with the uninitialized buffer and undefined behavior occurs.
2022-08-02 12:54:54 -07:00
topjohnwu
b496923cbb Update Cargo.toml 2022-07-24 06:14:49 -07:00
topjohnwu
759d196aad Update cxx.rs 2022-07-24 05:45:23 -07:00
topjohnwu
a7ab8216ce Proper build scripts 2022-07-24 05:39:14 -07:00
topjohnwu
b9e89a1a2d Restructure the native module
Consolidate all code into the src folder
2022-07-23 13:51:56 -07:00
vvb2060
c7c9fb9576 Restore context before copy
fix magiskpolicy context
2022-07-23 03:57:43 -07:00
vvb2060
8b095de04d Fix app_zygote context 2022-07-23 03:14:44 -07:00
vvb2060
d4b9ef736d Check magisk32 exists 2022-07-23 02:41:36 -07:00
vvb2060
00d3cb0908 magisk_node: check target exists 2022-07-23 02:40:13 -07:00
vvb2060
d35072d4e6 Match app_zygote by context 2022-07-23 02:39:28 -07:00
topjohnwu
4264ae49c0 Format with rustfmt 2022-07-22 03:56:09 -07:00
LoveSy
3906fe75dc Clean up code 2022-07-21 00:52:28 -07:00
topjohnwu
910a36fdc1 Make sepolicy.rules relative if possible 2022-07-20 19:28:38 -07:00
canyie
8423dc8d63 Later check persistent_properties
`daemon_entry` calls `getprop` which initializes sysprop impl and checks whether we need to load persistent property file. On FDE devices, magiskd starts before /data is actually decrypted, and the check always fails. Thus `persist_getprop("persist.sys.safemode")` will always fail.
2022-07-20 09:58:20 -07:00
Andrew Gunnerson
1f8c063dc6 Fix booting into recovery with Android 13 GKI kernels
With Android 13 GKI kernels, the boot partition has no ramdisk, so
Magisk constructs one from scratch. In this scenario, there's no backup
init binary at /.backup/init. For normal boot, magiskinit will symlink
/init -> /system/bin/init if needed. This commit implements the same
for booting into recovery. Before, magiskinit would just exec itself
over and over again because it couldn't restore the backup init.

Signed-off-by: Andrew Gunnerson <chillermillerlong@hotmail.com>
2022-07-18 13:33:50 -07:00
topjohnwu
70fd03d5fc Rearchitect logging 2022-07-06 01:16:08 -07:00
topjohnwu
2e52875b50 Move all logging into Rust 2022-07-05 21:13:09 -07:00
vvb2060
c2978eb9c3 More log for get_manager 2022-07-01 15:13:38 -07:00
topjohnwu
b4863eb51b Setup logging infra in the Rust side 2022-07-01 04:54:00 -07:00
LoveSy
3817167ba1 Correct ro.crypto.state check
Fix #6042

Co-authored-by: vvb2060 <vvb2060@gmail.com>
2022-06-30 19:32:43 -07:00
topjohnwu
26116ac414 Setup preliminary rust infrastructure 2022-06-30 14:50:21 -07:00
LoveSy
3ae7344747
Create /dev on stub cpio 2022-06-22 04:05:50 -07:00
canyie
00247c7901 Fix meizu non-SAR 2SI compatibility again
Meizu devices using 2SI won't switch root to /system and still on rootfs, and /init is the 1st stage's, which cannot handle the 2nd stage. So we have to manually execute /system/bin/init for the 2nd stage.
2022-06-19 01:22:18 -07:00
topjohnwu
3c75f474c6 Embed version info in prop format 2022-06-19 00:43:38 -07:00
topjohnwu
db1f5b0397 Reduce files relying on flags.h 2022-06-19 00:43:38 -07:00
vvb2060
b9c93c66f6 Force app version not lower than daemon 2022-06-17 11:53:16 -07:00
topjohnwu
741b679306 Cleanup libbase 2022-06-17 02:36:04 -07:00
LoveSy
4e2ecdb920
Fix env overflow
Fix #5989
2022-06-17 02:02:44 -07:00
topjohnwu
9469e79e3c Proper namespacing
The IDE will get confused when #include is in a namespace
2022-06-15 02:38:56 -07:00
topjohnwu
db78c20161 Add dtb test command 2022-06-15 02:26:50 -07:00
topjohnwu
1699da1754 Update help message and make behavior consistent 2022-06-14 21:19:17 -07:00
canyie
754e690274 Fix config backup for legacy SAR 2022-06-14 02:57:47 -07:00
vvb2060
42606efe56 Always remove task 2022-06-09 21:02:31 -07:00
vvb2060
cae58c8790 Update hijack bins 2022-06-08 23:30:22 -07:00
topjohnwu
3a39dd4049 Update ramdisk restore implementation 2022-06-08 23:23:39 -07:00
canyie
89ff3c6572 Don't backup ramdisk created by Magisk
Fix topjohnwu#5938, fix topjohnwu#5944
2022-06-08 04:53:43 -07:00
topjohnwu
7bf9c74216 Don't skip backup even if original does not exist
Close #5945, fix #5944
2022-06-08 03:58:25 -07:00
vvb2060
569e9ad937 Use noHistory attribute for SuRequestActivity 2022-06-06 02:58:52 -07:00
vvb2060
9679874874 Disable repack on android 5.0
am does not support -p
2022-06-01 02:05:15 -07:00
topjohnwu
8186f253e8 Fix zygisk code unloading 2022-06-01 01:50:42 -07:00
topjohnwu
d4fe8632ec Support SELinux disabled on debug builds 2022-05-31 22:24:13 -07:00
vvb2060
d7776f6597 Return empty on failure to get context 2022-05-31 18:35:56 -07:00
topjohnwu
e4094c0caa Update build scripts 2022-05-30 03:47:31 -07:00
topjohnwu
2e51fe20a1 Move things to the correct location 2022-05-30 02:09:07 -07:00
topjohnwu
50e2f33d1c More debug indication in UI
Close #5874
2022-05-30 01:53:07 -07:00
topjohnwu
5e6eb8dd01 Avoid non-blocking I/O 2022-05-30 01:21:38 -07:00
topjohnwu
bf2f823b8c Prune unused UID at boot 2022-05-29 23:43:22 -07:00
topjohnwu
d0c4226997 Proper package state management 2022-05-29 23:31:57 -07:00
topjohnwu
4ea8bd0229 Fix incorrect use of compare_exchange 2022-05-29 22:19:56 -07:00
vvb2060
d19fcd5e21 Check path when start daemon 2022-05-29 09:08:05 -07:00
vvb2060
0b5f973b31 Print message when getting original app_process fails 2022-05-29 03:46:31 -07:00
topjohnwu
490a784993 Handle zygote restarts 2022-05-28 22:39:44 -07:00
topjohnwu
9c774f96db Use exec for boot_complete 2022-05-28 16:53:04 -07:00
topjohnwu
8dfb30fefe Skip cert check on debug builds 2022-05-24 05:39:16 -07:00
topjohnwu
2a252d13b8 Enforce dyn APK signature in stub app 2022-05-24 05:21:36 -07:00
topjohnwu
083ef803fe Enforce package signature verification 2022-05-20 04:37:58 -07:00
topjohnwu
351f0269ae Install stub if necessary 2022-05-19 22:54:49 -07:00
topjohnwu
a29ae15ff7 Proper get_manager implementation 2022-05-19 02:39:57 -07:00
topjohnwu
34dded3b25 Fix denylist on shared UID apps 2022-05-18 01:59:45 -07:00
topjohnwu
975b1a5e36 Prune unused UIDs from su policies 2022-05-18 01:55:58 -07:00
topjohnwu
c11ccbae2d Extract vbmeta from footer
Do not scan manually, extract properly from footer like libavb
2022-05-13 02:49:18 -07:00
topjohnwu
985249c3d0 Support GKIs without ramdisk
Fix #5819
2022-05-12 03:04:55 -07:00
topjohnwu
622e09862a Restructure native codebase 2022-05-12 02:03:51 -07:00
残页
7505599ea0 Skip invalid slot_suffix argument
Many Amlogic devices (e.g. FireTV 2nd gen Cube, Vero 4k+, MI Smart Speaker, etc.) are A-only with androidboot.slot_suffix=normal argument. I think "normal" actually means A-only in this case so just ignore it.

Fix topjohnwu#5806
2022-05-12 00:37:22 -07:00
topjohnwu
575c417403 More detailed comments and documentation 2022-05-11 21:12:37 -07:00
topjohnwu
9f7a3db8be Move cert extraction to its own file 2022-05-11 21:12:37 -07:00
topjohnwu
029422679c Remove enforcement
Enforcement will be re-implemented later
2022-05-11 21:12:37 -07:00
vvb2060
05d6d2b51b Verify app signature 2022-05-11 21:12:37 -07:00
topjohnwu
24603b3cef Update Android Studio 2022-05-09 20:53:47 -07:00
topjohnwu
90545057e9 Always initialize module_list
Close #5712
2022-05-06 01:40:19 -07:00
canyie
4f1a1879e5 Misc QoL changes
- su: Preserve correct capacity to avoid vector reallocation
- su: Properly format code
- daemon: Remove useless `if`
- docs: Remove outdated info
2022-05-06 01:01:58 -07:00
topjohnwu
134508193d Mock selinuxfs load with regular file
The hijacked load node does not need to be a FIFO. A FIFO is only
required for blocking init's control flow, which is already achieved
by hijacking the enforce node.
2022-04-16 07:28:20 -07:00
topjohnwu
3358eab991 Switch to use ONDK 2022-04-15 12:20:18 -07:00
vvb2060
f97866a961 Close stub fd 2022-04-13 23:19:14 -07:00
vvb2060
e1987c42c4 Cleanup SELinux mock files 2022-04-13 23:18:55 -07:00
canyie
18566715e1 Fix MAGISKTMP unmount for CLI 2022-04-10 01:44:16 -07:00
topjohnwu
63a89d9f04 Fix init dmesg logs 2022-04-08 02:38:30 -07:00
canyie
b4099fc5f9 Support sepolicy.unlocked
Fix topjohnwu#4914
2022-04-08 02:24:20 -07:00
topjohnwu
ff2513e276 Use LD_PRELOAD to intercept sepolicy on 2SI init 2022-04-08 02:13:31 -07:00
topjohnwu
f24d52436b Deduplicate logic 2022-04-08 00:20:21 -07:00
vvb2060
9de6e8846b Dump stub app to MAGISKTMP/stub.apk 2022-04-07 23:20:42 -07:00
vvb2060
01a1213463 /data/adb/magisk/magisk.apk no longer exists 2022-04-07 23:20:42 -07:00
canyie
448384af06 Guard su request IPC
Previously `read_string()` calls `std::string.resize()` with a int read from remote process. When I/O error occurs, -1 will be used for resizing the string, `std::bad_alloc` is thrown and since magisk is compiled with `-fno-exceptions`, it will crash the whole daemon process.

May fix topjohnwu#5681
2022-04-06 21:15:07 -07:00
canyie
3f840f53a0 Check device tree fstab entries are compatible
Fix topjohnwu#5664
2022-04-02 04:28:30 -07:00
topjohnwu
704f91545e Reorganize magiskpolicy source code 2022-03-29 22:26:38 -07:00
topjohnwu
efb3239cbd Drop package_name column 2022-03-28 02:05:09 -07:00
topjohnwu
7e7ddeb9e2 Cleanup database migration code 2022-03-28 00:59:16 -07:00
LoveSy
9e8218089b Only dlopen valid fd 2022-03-26 13:48:53 -07:00
topjohnwu
9f1740cc4f Add preliminary shared UID app support 2022-03-25 13:08:13 -07:00
topjohnwu
b1faa5eed4 Update BusyBox
Close #5620
2022-03-22 04:18:12 -07:00
LoveSy
7f1f0b9048 Proper support multiple modules adding same dir 2022-03-21 15:53:49 -07:00
LoveSy
183e5f2ecc
Fix xhook cannot hook app_process
Co-authored-by: canyie <31466456+canyie@users.noreply.github.com>
Co-authored-by: John Wu <topjohnwu@gmail.com>
2022-03-21 15:52:38 -07:00
topjohnwu
3dc7d77ea9 Patch monolithic sepolicy only if not treble 2022-03-19 20:21:31 -07:00
残页
0f07bbb3e5 Device using split policy can still have monolithic sepolicy file 2022-03-19 12:37:48 -07:00
LoveSy
dd5a3416bf Fix multiple modules adding the same subdirectory 2022-03-19 12:28:54 -07:00
LoveSy
2fb49ad780 Don't always mock selinux enforce as "0" 2022-03-19 12:28:32 -07:00
topjohnwu
876132694d Make /dev always writable 2022-03-18 04:58:37 -07:00
topjohnwu
753808a4ce Also hijack plat_file_contexts if necessary
Since Android 13, sepolicy are also loaded from APEX modules. Part
of the change is to run restorecon before SELinux is set to enforce.
In order to support this situation, we also hijack plat_file_contexts
if necessary to properly order our operations.

Original idea credits to @yujincheng08, close #5603
2022-03-18 00:46:34 -07:00
topjohnwu
32cd694ad5 SAR can also have monolithic sepolicy 2022-03-17 22:32:49 -07:00