1084 Commits

Author SHA1 Message Date
topjohnwu
50515d9128 Close unclosed fds from modules 2021-11-16 01:59:45 -08:00
topjohnwu
6935033db5 Prevent dangling pointers 2021-11-12 02:02:05 -08:00
topjohnwu
421277d730 Prevent race conditions in connect_companion 2021-11-12 01:55:55 -08:00
topjohnwu
56988944b5 No need to dup fd 2021-11-12 01:54:48 -08:00
topjohnwu
528601d25a Fix integer overflow and workaround seccomp
- Use ftruncate64 instead of ftruncate to workaround seccomp
- Cast uint32_t to off64_t before making it negative

Note: Using ftruncate with a modern NDK libc should actually be
fine as the syscall wrapper in bionic will use ftruncate64 internally.
However, since we are using the libc.a from r10e built for Gingerbread,
seccomp wasn't a thing back then, and also the ftruncate64 symbol is
missing; we have to create our own wrapper and call it instead on
32-bit ABIs.

Props to @jnotuo for discovering the overflow bug and seccomp issue

Fix #3703, close #4915
2021-11-10 03:07:20 -08:00
topjohnwu
b8c1588284 Always unload zygisk after specialize 2021-11-07 13:05:44 -08:00
Chaosmaster
16322ab30c Use full gzip-signature to find gzip-data.
Fall back to raw image if gzip is not found.

Fixes #4849
2021-11-03 22:23:21 -07:00
Chaosmaster
5682917356 Speed up zopfli compression
See #4810 for example
2021-11-03 22:22:29 -07:00
LoveSy
c91ccc8b4e Fix UB on dtb
`operator==` of string_view will create a tmp `string_view`.
It's an UB if the `const char *` is a nullptr.
`fdt_get_name` however will return a nullptr.
2021-11-03 22:21:48 -07:00
topjohnwu
63f670fc36 Move first stage unload before fork 2021-11-02 21:53:33 -07:00
LoveSy
e20b07fa24 Fix #4853 2021-11-02 19:31:17 -07:00
topjohnwu
d232cba02d Fix first stage unload 2021-11-02 04:12:56 -07:00
topjohnwu
48df6b8485 Use memmem instead of strstr
It might not be null terminated
2021-10-31 11:46:56 -07:00
Nullptr
e34e04af04 Make Api functions inline
Make Api functions inline to avoid duplicate symbols when including api.hpp in multiple cpps
2021-10-31 10:55:41 -07:00
topjohnwu
84e19ceef0 Tidy up bootimg.h
Close #4796
2021-10-31 10:52:12 -07:00
Chris Renshaw
59161efd08 Support Samsung 2SI with skip_initramfs in dtb cmdline
Samsung Galaxy A21S and Galaxy M12, probably others, are hdr_v2 boot.img with 2SI judging by the ramdisk contents, but the dtb contains an extra cmdline with skip_initramfs present, even though this shouldn't exist on 2SI and the kernel apparently doesn't even contain a skip_initramfs function

I can't find examples of other devices where skip_initramfs is present in the dtb other than these so patch it out like we do the kernel

Co-authored-by: topjohnwu <topjohnwu@gmail.com>
2021-10-30 21:20:10 -07:00
Chris Renshaw
6663fd3526
Support custom legacy Sony devices with init.real setup
Custom ROM bring-ups of legacy Sony devices contain the following:
/init (symlink to /bin/init_sony)
/init.real (the "real" Android init)
/bin/init_sony (this was /sbin/init_sony on Android <11)

Kernel loads the ramdisk and starts /init -> /bin/init_sony
/bin/init_sony does low-level device setup (see: https://github.com/LineageOS/android_device_sony_common/blob/lineage-18.1/init/init_main.cpp)
/bin/init_sony unlinks /init and renames /init.real to /init
/bin/init_sony starts /init

Since init_sony needs to run first magiskinit needs to replace init.real instead, so add workarounds based on detection of init.real to boot patcher and uninstaller

Thanks @115ek and @bleckdeth

Fixes #3636

Co-authored-by: topjohnwu <topjohnwu@gmail.com>
2021-10-30 18:59:20 -07:00
topjohnwu
2c44e1bb93 Update rules again 2021-10-29 03:37:14 -07:00
残页
e3f6399473 Don't use xwrite() when patching legacy rootfs init
Fix topjohnwu#4810
> [    2.927463]  [1:           init:    1] magiskinit: Replace [/system/etc/selinux/plat_sepolicy.cil] -> [xxx]
[    2.936801]  [1:           init:    1] magiskinit: write failed with 14: Bad address

Since topjohnwu#4596, magisk fails to patch `/init`, xwrite() fails with EFAULT, break the original `/init` file and make the device unbootable. Reverting this commit for legacy rootfs devices fixes the problem. I think this is a Samsung kernel magic since currently I can't reproduce this on other devices or find something special in the log currently we have.
2021-10-29 03:23:34 -07:00
残页
89c2c21774
Fix init.rc path detection
Fix #4319
Some devices store init.rc into the new path but still have the legacy /init.rc file
2021-10-29 03:21:20 -07:00
残页
a170acb9d7 Fix compilation when init debug toggle enabled 2021-10-29 03:15:16 -07:00
vvb2060
6a086bb222 Load *_compat_cil_file from system_ext
https://android-review.googlesource.com/c/platform/system/core/+/1650271
2021-10-29 03:14:26 -07:00
vvb2060
b2f152e641 realpath /proc/pid/cwd
prevent cross mount namespace
2021-10-29 03:13:20 -07:00
topjohnwu
6c5b261804 Update spolicy rules 2021-10-29 03:12:48 -07:00
topjohnwu
8bd0c44e83 Replace module fd with memfd if possible 2021-10-28 00:26:18 -07:00
topjohnwu
34c36984e9 Stop extreme verbose logging 2021-10-27 04:00:40 -07:00
topjohnwu
8bd6aca0dd DenyList unmount without magiskd 2021-10-27 04:00:40 -07:00
topjohnwu
983b74be77 Pass MAGISKTMP over to zygote 2021-10-27 03:25:54 -07:00
topjohnwu
ea75a09f95 Make zygisk survive zygote restarts
Close #4777
2021-10-27 01:53:16 -07:00
LoveSy
4c747c4148 Add rule: allow * magisk_file lnk_file { * } 2021-10-26 00:41:04 -07:00
LoveSy
49abfcafed Fix nullptr dereference when env abnormal 2021-10-26 00:40:00 -07:00
topjohnwu
50710c72ad Cleanup magiskinit code 2021-10-26 00:35:55 -07:00
vvb2060
2e299b3814 Add an old cgroup v2 path
https://android-review.googlesource.com/c/platform/system/core/+/1324649
2021-10-25 20:54:19 -07:00
vvb2060
3599384b38 Allow fallback to /dev/pts 2021-10-23 23:31:44 -07:00
topjohnwu
4b307cad2c Random minor changes 2021-10-23 22:20:07 -07:00
topjohnwu
7496d51580 Make zygiskd ABI aware 2021-10-23 14:38:30 -07:00
topjohnwu
4194ac894c Support setting more options 2021-10-21 03:20:04 -07:00
topjohnwu
ffb5d9ea9c Update libcxx 2021-10-21 02:08:13 -07:00
topjohnwu
770b28ca30 Build on API 21 headers 2021-10-20 03:17:42 -07:00
topjohnwu
8d0dc37ec0 Use SO_PEERSEC to get client secontext 2021-10-19 23:46:38 -07:00
topjohnwu
fe41df87bb pthread_cond_signal might wake multiple threads
Close #4759
2021-10-19 21:32:37 -07:00
topjohnwu
8276a0775d Fix API doc 2021-10-17 05:42:33 -07:00
LoveSy
abfb3bb3bb
Fix always log hook fails 2021-10-17 05:00:31 -07:00
LoveSy
e184eb4a23 Fix UB of loading modules
- The lambda here infers its return type as `std::string`,
  and since `info` is `const`, the labmda copies `info.name`
  and returns a `std::string&&`. After captured by the
  `std::string_view`, the `std::string&&` return value
  deconstructs and makes `std::string_view` refers to a
  dangling pointer.
2021-10-17 04:38:56 -07:00
topjohnwu
d0fc372ecd Implement Zygisk companion process 2021-10-17 04:36:18 -07:00
topjohnwu
6f54c57647 Allow fork in thread pool 2021-10-17 04:24:25 -07:00
topjohnwu
e8ae103d5f Update jni hooks 2021-10-14 02:43:56 -07:00
topjohnwu
b0198dab6c Update Zygisk logging 2021-10-14 02:13:23 -07:00
topjohnwu
b75ec09998 Load Zygisk modules even if no magic mount is needed
Close #4767
2021-10-14 01:35:29 -07:00
topjohnwu
c8ac6c07b0 Load Zygisk modules 2021-10-13 04:52:02 -07:00