360 Commits

Author SHA1 Message Date
topjohnwu
3b071116ac Update magiskpolicy
- Generalize avtab node extraction and insertion
- Add new supported rules: type_change, type_member
- Update help message with official policy language
2018-11-29 03:46:29 -05:00
topjohnwu
f723427b8b Add built-in procfs protection on SDK 24+
More information in the Medium Post:
https://medium.com/@topjohnwu/from-anime-game-to-android-system-security-vulnerability-9b955a182f20
2018-11-28 01:27:32 -05:00
topjohnwu
f69a004c1c Use raw execve
Some devices have broken libc...
2018-11-28 00:07:57 -05:00
topjohnwu
e8cba3524e Kill target processes properly 2018-11-27 03:56:14 -05:00
topjohnwu
29457a1d28 Small adjustments 2018-11-26 03:26:45 -05:00
topjohnwu
731455f164 Update exec functions signatures 2018-11-26 03:06:48 -05:00
topjohnwu
b01a8cace6 Always try native accept4 2018-11-26 02:57:34 -05:00
topjohnwu
e67965a381 Silent some errors 2018-11-24 15:53:15 -05:00
topjohnwu
ec4723096f Prevent file descriptor from unclosed 2018-11-23 21:15:44 -05:00
topjohnwu
762b678d24 Prevent any SELinux issues of root shell streams 2018-11-23 21:08:06 -05:00
topjohnwu
38fcc57bbf Use component name as targets
Services can name their process name arbitrarily, for instance the service in
com.google.android.gms that is responsible for SafetyNet is named
com.google.android.gms.unstable. There are many apps out in the wild use
dedicated services with special names to detect root, and previously the user
is expected to add all of them to the hide list.

In this commit, we change from targeting process names to component names.
On Android, component names are composed of <pkg>/<cls>. When targeting
component names, we can always know what application spawned the new process.
This means that if the user adds a package name to the hidelist, MagiskHide can
now target ALL possible processes of that specific application.

To abide with this change, the default SafetyNet target is now changed from
com.google.android.gms.unstable (process name) to
com.google.android.gms/.droidguard.DroidGuardService (component name)
2018-11-23 15:47:49 -05:00
topjohnwu
c8c57c74cc Optimize proc_monitor 2018-11-23 14:32:33 -05:00
topjohnwu
0784448c69 Remove /.backup folder on start 2018-11-20 05:24:40 -05:00
topjohnwu
de0064af47 Fix SIGWINCH never followed
Close #786
2018-11-20 04:40:42 -05:00
topjohnwu
baae1fc84f Modernize selinux stub 2018-11-20 03:49:44 -05:00
topjohnwu
2ab999f4ca Fix bug in DB query wrapper 2018-11-20 02:20:49 -05:00
topjohnwu
c9f390d6e0 Abort upon any error occurred 2018-11-20 02:20:49 -05:00
topjohnwu
3622c49ce1 Update busybox 2018-11-18 15:58:41 -05:00
topjohnwu
0462e9a7d9 Update external dependencies 2018-11-18 03:34:59 -05:00
topjohnwu
c3a6091908 Update to 1.29.3 2018-11-18 02:45:21 -05:00
topjohnwu
ab5fedda0b Prevent Magisk database race condition
The database should only be accessed by a single process, which is magiskd.
This means 'magisk --sqlite [SQL]' has to be updated to pass the SQL command to the daemon.
In addition, open the database connection with SQLITE_OPEN_FULLMUTEX to support multithread in magiskd.
2018-11-16 03:20:30 -05:00
topjohnwu
ba70269398 Directly print output over socket 2018-11-16 01:49:15 -05:00
topjohnwu
77fd5fa7de Do not follow symlink when checking legacy paths 2018-11-16 01:16:25 -05:00
topjohnwu
ab74290fe3 Move magiskhide config into database 2018-11-16 01:15:34 -05:00
topjohnwu
3aad9d8166 Add CLI to detect MagiskHide status 2018-11-16 00:37:41 -05:00
topjohnwu
572e078d87 Fully deprecate <mount_point>/.core folder
Symlinks are preserved for backwards compatibility
2018-11-15 22:55:28 -05:00
topjohnwu
ee4548230b Disable native systemless hosts, add built-in systemless hosts module 2018-11-15 13:57:41 -05:00
topjohnwu
376e7977f0 Deprecate path /sbin/.core, switch to /sbin/.magisk
Symlink is preserved for backwards compatibility
2018-11-15 01:36:03 -05:00
topjohnwu
83ae66daea Change stock boot image SHA1 backup method 2018-11-15 00:33:20 -05:00
topjohnwu
89e0be0099 Fix a bug causing magiskhide CLI freezing 2018-11-13 02:22:55 -05:00
topjohnwu
ef40c1212e Prevent infinite loop if process is killed
Close #761
2018-11-13 02:11:02 -05:00
topjohnwu
3a2a2a4ffa Micro optimizations 2018-11-13 02:07:02 -05:00
topjohnwu
9592a69986 Prevent unmounting non-custom mount points 2018-11-13 01:53:48 -05:00
topjohnwu
c61c3ae0e9 Fix su shell environment setup 2018-11-10 02:17:13 -05:00
topjohnwu
3603b7c82b Move cmdline and extra_cmdline to the same line 2018-11-08 20:57:30 -05:00
topjohnwu
5743c72cca Minor cleanup 2018-11-08 15:23:36 -05:00
topjohnwu
4cdd66ceff Fix lowmemorykiller crash hell in Pixel 3 2018-11-08 13:41:03 -05:00
topjohnwu
d3947d2cfa Adjust logging in magiskpolicy 2018-11-08 06:43:11 -05:00
topjohnwu
07718b994a Fix magiskinit
The behavior of C and C++ is slightly different, and causes unable to set excl_list
2018-11-08 06:07:52 -05:00
topjohnwu
ef9d463bd7 Fix PLOGE 2018-11-08 06:07:02 -05:00
topjohnwu
8745c7884e Rename Array to Vector
Finally get rid of the C style vector, rename the template class to its proper name
2018-11-08 05:03:59 -05:00
topjohnwu
b6965105b7 Better parsing logic 2018-11-08 04:57:16 -05:00
topjohnwu
3d269fe8be Migrate MagiskInit to C++ 2018-11-08 04:20:16 -05:00
topjohnwu
be5f00aa1a Prevent stack overflow when managing hide list 2018-11-07 22:46:56 -05:00
topjohnwu
59ba350f34 Fix copy and move assigments of Array 2018-11-07 04:09:37 -05:00
topjohnwu
803c5377a6 Clean init.c 2018-11-07 02:21:15 -05:00
topjohnwu
7c12bf7fa1 Modernize code base 2018-11-07 02:10:38 -05:00
topjohnwu
ca35a9681f Minor code improvements 2018-11-06 05:02:30 -05:00
topjohnwu
9fe5f37337 Minor code improvements 2018-11-05 14:37:47 -05:00
topjohnwu
0742901cd2 Modernize database code 2018-11-04 18:24:08 -05:00
topjohnwu
5e4d2dedbe Minor log_daemon changes 2018-11-04 17:23:08 -05:00
topjohnwu
cda57dd4b4 Fully migrate Magisk to C++ 2018-11-04 04:15:51 -05:00
topjohnwu
4351de503f Migrate exec function to C++ arrays 2018-11-03 04:03:11 -04:00
topjohnwu
6339ba6bfb Upgrade libutils to C++ 2018-11-03 03:06:01 -04:00
topjohnwu
ef6677f43d Source reorganization 2018-11-03 00:26:04 -04:00
topjohnwu
a7824af5a8 Expose persist prop API 2018-11-03 00:15:21 -04:00
vvb2060
1eb7d7b7a8 Add FLAG_INCLUDE_STOPPED_PACKAGES for broadcast 2018-11-03 00:04:27 -04:00
topjohnwu
11c33d4447 Migrate resetprop to C++ 2018-11-02 23:56:15 -04:00
topjohnwu
b8a3cc8b60 Separate magiskhide logic from main daemon 2018-11-01 14:08:33 -04:00
topjohnwu
27c688252d Store hidelist in magisk database 2018-11-01 13:23:12 -04:00
topjohnwu
3e2afd4b1d Better debugging output 2018-11-01 01:16:15 -04:00
topjohnwu
f45b0686d2 Mount ext4 images with noatime flag 2018-10-29 21:44:22 -04:00
topjohnwu
ceb51bb14f daemon.c uses external flags 2018-10-28 16:55:51 -04:00
topjohnwu
79e5b54ec7 Remove redundant semicolon 2018-10-28 15:13:30 -04:00
topjohnwu
dc413e7b73 Retry db construction if first time failed 2018-10-28 14:49:04 -04:00
topjohnwu
2efc423cf8 Add missing flags and move debug logging logic to libutils 2018-10-28 04:25:31 -04:00
topjohnwu
8ec3086cdd Make sure magisklogd is properly initialized 2018-10-28 04:24:53 -04:00
topjohnwu
bf4a46d57c Optimize logging in Magisk Manager 2018-10-27 22:06:24 -04:00
topjohnwu
1046dd5eda Default to cmdline logging 2018-10-27 18:34:38 -04:00
topjohnwu
f9e32a119a Fix bug when query database with specific keys 2018-10-27 17:56:20 -04:00
topjohnwu
dbb8b8a439 Handle magisk.db completely natively
Prevent database corruption due to different Android application sqlite default settings
2018-10-27 17:54:48 -04:00
topjohnwu
f17ec9e9d7 Update sqlite header 2018-10-27 03:30:20 -04:00
topjohnwu
6dc9ccad75 Use const char* 2018-10-26 17:02:56 -04:00
topjohnwu
6add02702b Fix bug in MagiskBoot 2018-10-26 17:02:07 -04:00
topjohnwu
9954154ca2 Move functions out of libutils 2018-10-24 22:23:14 -04:00
topjohnwu
4ecbf8c12c Remove recovery_dtbo when cleanup 2018-10-24 22:23:14 -04:00
topjohnwu
fc8a3c5fb4 Migrate MagiskBoot to C++ 2018-10-24 22:23:14 -04:00
topjohnwu
018c0064cd Make sure boot_img is initialized correctly 2018-10-22 01:58:50 -04:00
topjohnwu
c2b016370b Make a copy of logcat and use that instead
When Magisk is magic mounting /system/bin, there is a chance that logcat would be temporarily unavailable. Leave a copy and use that for magisklogd
2018-10-20 21:46:12 -04:00
topjohnwu
41b01003fd Always ACK before doing anything 2018-10-20 16:12:08 -04:00
topjohnwu
74aae523ba Properly support boot image header v1
Close #695
2018-10-20 00:27:56 -04:00
topjohnwu
a9121fa28f Reorganize libutils and cleanups 2018-10-12 21:46:09 -04:00
topjohnwu
d5a56d9e85 Fix bootloop for some devices with two /data
Close #654
2018-10-12 00:54:55 -04:00
topjohnwu
acf7c0c665 Minor reorganization of daemons 2018-10-12 00:50:47 -04:00
topjohnwu
e8e39e0f3c Use poll instead of select
Close #637
2018-10-04 15:06:13 -04:00
topjohnwu
37860181d4 Finish su implementation 2018-10-04 14:41:48 -04:00
topjohnwu
d119dd9a0c Rewrite su daemon and client 2018-10-04 04:59:51 -04:00
topjohnwu
09ef19f7ec Code cleanups 2018-10-04 01:49:52 -04:00
topjohnwu
6a06c92fa6 Simplify su_info caches
No more lists. 99.999% it will only handle a single excessive requestor anyways.
2018-10-03 23:31:15 -04:00
topjohnwu
b127e01845 Simplify debug flag propagation 2018-09-28 02:05:55 -04:00
topjohnwu
5020cd1bbf Small cleanup 2018-09-28 01:25:43 -04:00
topjohnwu
cce636224c Reorganization 2018-09-27 18:26:41 -04:00
topjohnwu
60b3b8ddce Better incremental builds 2018-09-27 03:56:56 -04:00
topjohnwu
41446ec9ba Separate libutils and libsystemproperties 2018-09-27 03:30:16 -04:00
topjohnwu
df8b047bca Generalize logging interface 2018-09-27 03:11:10 -04:00
topjohnwu
12ced52012 Remove unused flag 2018-09-27 00:30:10 -04:00
topjohnwu
1d53335ae5 Dynamic load libselinux 2018-09-27 00:09:59 -04:00
yuchenlin
0ab6ffefb4 utils/misc.c: prevent file staying opened when function leaving
The utils function may be called in any situation, such as in daemon. We
should guarantee that all the resource got from this function released
normally.

Signed-off-by: yuchenlin <npes87184@gmail.com>
2018-09-20 16:55:48 -04:00
topjohnwu
a292a1d23a Cleanup and add new rules
Close #607
2018-09-20 16:55:16 -04:00
topjohnwu
906b4aad9e New method of communication
Introduce a new communication method between Magisk and Magisk Manager.

Magisk used to hardcode classnames and send broadcast/start activities to
specific components. This new method makes no assumption of any class names,
so Magisk Manager can easily be fully obfuscated.

In addition, the new method connects Magisk and Magisk Manager with random
abstract Linux sockets instead of socket files in filesystems, bypassing
file system complexities (selinux, permissions and such)
2018-09-16 04:16:18 -04:00
topjohnwu
2fba3f213b Use proper socket address length 2018-09-15 02:49:19 -04:00
topjohnwu
6710314832 Allow all context to SIGCLD magisk
Fix #596
2018-09-11 11:04:51 -04:00
topjohnwu
39c82576ae Prevent warning
Close #524
2018-09-09 12:36:42 -04:00
topjohnwu
6f41d9855b Randomize service names
Fix Aniplex Game detections.
Close #502, close #513
2018-09-08 23:17:00 -04:00
topjohnwu
c0f45b6b1e Add resetprop magic 2018-09-06 02:57:02 -04:00
topjohnwu
7a0025673c Use libsystemproperties in resetprop
Upstream to latest Android Pie
2018-09-06 02:57:02 -04:00
topjohnwu
0543239cca Do not merge binaries if fake symlink 2018-09-01 11:15:05 -04:00
topjohnwu
a8478ace18 Use macros 2018-08-31 03:51:30 -04:00
topjohnwu
72cf5f3f9f Temporary disable module bootloop prevention
Some devices don't like it, need further tests before pushing to production
2018-08-31 03:23:59 -04:00
topjohnwu
59f78d7dfc Update to BusyBox 1.29.2 2018-08-13 01:30:15 +08:00
topjohnwu
d8405f0d05 Make recovery installed on on system_root devices normal 2018-08-12 00:16:59 +08:00
topjohnwu
0f34f0033c Switch to FrankeNDK for building native 2018-08-11 18:46:55 +08:00
topjohnwu
190646d50c Fix incorrect magisk metadata in ramdisk 2018-08-11 16:31:46 +08:00
topjohnwu
afcb3d8f34 Fix XZ decompression in magiskinit 2018-08-10 15:04:32 +08:00
topjohnwu
d4568aa0a7 Compress binaries and use xz-embedded in magiskinit 2018-08-10 05:57:12 +08:00
topjohnwu
1def9b301b Use xz-embedded for b64xz 2018-08-10 05:57:11 +08:00
topjohnwu
5bac442b18 Reorganize sources 2018-08-10 03:49:25 +08:00
topjohnwu
6add682705 Remove high compression mode 2018-08-10 03:49:25 +08:00
topjohnwu
8b50d84a05 Hide unnecessary error log 2018-08-09 15:10:00 +08:00
topjohnwu
d3858b81e2 Add new boot service: boot-complete 2018-08-09 14:52:44 +08:00
topjohnwu
bdff9769be Move remount,ro back to post-fs-data mode 2018-08-09 03:57:29 +08:00
topjohnwu
ada0f93686 Apply all sepolicy patches pre-init
Boot services tend to fail in the middle when the kernel loads a sepolicy live.
It seems that moving full patch (allow magisk * * *) to late_start is still not enough to fix service startup failures.
So screw it, apply all patched in magiskinit, which makes sure that all rules are only loaded in a single step.
The only down side is that some OEM with a HUGE set of secontexts (e.g. Samsung) might suffer a slightly longer boot time, which IS the reason why the rules are split to 2 parts in the first place.
2018-08-09 03:20:28 +08:00
topjohnwu
7b5d79d313 Kill all processes using the same UID of the target
To workaround OOS embryo optimization
2018-08-08 05:47:58 +08:00
topjohnwu
c38533e0f8 Prevent problematic modules causing device stuck in bootloop
If boot failed after 2 times, it will enable core only mode (which disables all modules)
2018-08-07 04:41:48 +08:00
topjohnwu
9159f86a9e Improvements to system_root devices booting as recovery 2018-08-07 02:20:40 +08:00
topjohnwu
a63696836c Proper addon.d-v2 support 2018-08-03 22:40:49 +08:00
topjohnwu
46aad00f16 Use buffer on stack 2018-08-03 21:30:44 +08:00
topjohnwu
252afe8932 Use mirror in post-fs-data scripts 2018-08-03 17:09:24 +08:00
topjohnwu
82e8375957 Respect filesystem type when mounting mirrors
Close #405
2018-08-03 04:45:07 +08:00
topjohnwu
169c0fe4af Stop use clashing names 2018-08-03 03:43:02 +08:00
topjohnwu
cd6918e6eb Stop altering PATH to mirror 2018-08-03 03:38:36 +08:00
topjohnwu
5be035fd44 Try logging a little harder 2018-08-03 01:58:56 +08:00
topjohnwu
f1edc8443c Make root shell always use dev_pts
Close #433
2018-08-02 20:29:18 +08:00
topjohnwu
d9564bd04c Delay full sepolicy patch loading time 2018-08-02 05:35:01 +08:00
topjohnwu
91818cfa1a Support compiling split cils via magiskpolicy CLI 2018-07-21 05:12:22 +08:00
topjohnwu
4ffc388491 Allow bootctl to run 2018-07-20 22:22:49 +08:00
topjohnwu
3ae959af95 Do not early mount on symlinks on half Treble devices
Fix #399
2018-07-19 17:43:37 +08:00
topjohnwu
e11e88a9c5 Huawei hardcodes the slot suffix, don't append the suffix twice 2018-07-19 03:12:28 +08:00
topjohnwu
7cec8baa55 Merge magiskpolicy into Magisk main repo 2018-07-18 18:45:21 +08:00
topjohnwu
e987db9fb5 Move magiskpolicy sources to native/jni/magiskpolicy 2018-07-18 18:44:43 +08:00
topjohnwu
c603b9084f Remove magiskpolicy as submodule 2018-07-18 18:43:36 +08:00
topjohnwu
492d6dfcf0 Merge MagiskSU into Magisk main repo 2018-07-18 18:40:13 +08:00
topjohnwu
a3e0f2dcc3 Remove MagiskSU as submodule 2018-07-18 18:40:10 +08:00
topjohnwu
cf211e26f4 Move MagiskSU sources to native/jni/su 2018-07-18 18:23:36 +08:00
topjohnwu
d08f326990 Log fatal errors in debug mode only 2018-07-18 03:25:36 +08:00
topjohnwu
adf95ce3a0 Read fstab from device tree
In previous versions, magiskinit will not early mount if /sepolicy is detected. However on OP5/5T latest betas, the devices are fully trebelized,
but for some reason the file /sepolicy still exists, making magiskinit think it is NOT a treble device and doesn't work properly.

So to properly fix this issue, I will have to use the "official" way - check fstab in device trees. Any block mentioned in the fstab in device trees
are supposed to be early mounted. Currently magiskinit will only mount system and vendor even if other partitions exists in the dtb fstab, since other
partitions are not used to construct sepolicy (currently).

These changes can also fix #373, since we dynamically detect PARTNAME from device trees.
2018-07-18 00:45:10 +08:00
topjohnwu
3c1aca114f Wrap accept4 since some device does not have it 2018-07-17 06:52:23 +08:00
topjohnwu
18d0fd9d2a MagiskInit optimizations 2018-07-17 06:18:36 +08:00
topjohnwu
2bde8a1975 EMUI's logcat will change output file's permission and break ADBD 2018-07-16 06:42:36 +08:00
topjohnwu
bf9927c7dd Sync source with AOSP 2018-07-14 04:34:48 +08:00