728 Commits

Author SHA1 Message Date
topjohnwu
8ca5a048d6 Support system_ext 2020-04-20 23:57:29 -07:00
topjohnwu
554ebe7206 Skel dest could not exist
Close #2713
2020-04-20 22:04:57 -07:00
vvb2060
d7b87fcb8e Add untrusted_app_29 for Android 11 2020-04-20 21:50:52 -07:00
topjohnwu
c94f9e1cc9 Use a binary that exists on all devices for hijacking 2020-04-20 04:41:11 -07:00
topjohnwu
e219867cdf Hijack another binary for 2nd stage
Instead of using ptrace hacks, use another hack instead :D
2020-04-19 22:15:12 -07:00
topjohnwu
765d5d9729 Small magiskinit cleanup 2020-04-19 04:57:18 -07:00
topjohnwu
43029f37b1 Cleanup our tracks 2020-04-19 04:57:18 -07:00
topjohnwu
dfbd1305b3 Android 11 support 🎉 2020-04-19 02:47:22 -07:00
topjohnwu
c9255ab31b Remove legacy migration
It has been quite a long time ago...
2020-04-18 23:46:56 -07:00
topjohnwu
1e714af3cf Support MagiskHide when /sbin does not exist 2020-04-18 23:45:00 -07:00
topjohnwu
4c959cd983 Support cases when /sbin does not exist 2020-04-18 23:19:19 -07:00
topjohnwu
d959c35723 Make cleaner mount info 2020-04-18 18:50:25 -07:00
topjohnwu
69a9d7485b Support injecting magisk bins 2020-04-18 05:15:59 -07:00
topjohnwu
dcf07ad8c7 Directly filter '.' and '..' in xreaddir 2020-04-18 04:20:21 -07:00
topjohnwu
ed6cdb2eb4 Rename file 2020-04-18 04:10:19 -07:00
topjohnwu
a73e7e9f99 Introduce new module mount implementation
Rewrite the whole module mounting logic from scratch.
Even the algorithm is different compared to the old one.

This new design focuses on a few key points:
- Modular: Custom nodes can be injected into the mount tree.
  It's the main reason for starting the rewrite (needed for Android 11)
- Efficient: Compared to the existing implementation, this is the most
  efficient (both in terms of computation and memory usage) design I
  currently can come up with.
- Accurate: The old mounting logic relies on handling specifically every
  edge case I can think of. During this rewrite I actually found some
  cases that the old design does not handle properly. This new design is
  architected in a way (node types and its rankings) that it should
  handle edge cases all by itself when constructing mount trees.
2020-04-18 02:00:48 -07:00
topjohnwu
ab853e1fcf Update dir traversal code 2020-04-12 13:38:57 -07:00
topjohnwu
e0a281583d Preparation for dynamic tmpfs path 2020-04-12 05:34:56 -07:00
topjohnwu
d739dcac2b Remove dependency on magisk.hpp in libutils 2020-04-11 04:40:40 -07:00
topjohnwu
cdd4cb8ec2 Update BusyBox to build on latest NDK 2020-04-11 04:05:58 -07:00
topjohnwu
93ef90cd24 Fix FORTIFY crashes 2020-04-11 04:05:34 -07:00
topjohnwu
4066e5bf14 Update Makefiles 2020-04-06 22:45:08 -07:00
topjohnwu
67d746a62c Let build.py setup NDK 2020-04-03 03:34:07 -07:00
topjohnwu
2f1f68f12f Prepare compilation for NDK r21 2020-04-03 02:58:39 -07:00
Shaka Huang
834561a5de Content in dt_fstab is not null terminated in emulator
Value of <dt>/fstab/<partition>/dev and <dt>/fstab/<partition>/type in official Android emulator ends with newline instead of \0, Magisk won’t be able to patch sepolicy and crash the system.

Signed-off-by: Shaka Huang <shakalaca@gmail.com>
2020-04-02 20:54:41 -07:00
topjohnwu
9820296e92 Update files.cpp in libutils 2020-04-02 02:17:45 -07:00
topjohnwu
dbfde74c1e Clean rootfs in switch_root 2020-04-01 23:37:11 -07:00
topjohnwu
b28668e18d Prevent possible race condition 2020-04-01 22:40:59 -07:00
topjohnwu
5f1174de27 Introduce new boot flow to handle SAR 2SI
The existing method for handling legacy SAR is:
1. Mount /sbin tmpfs overlay
2. Dump all patched/new files into /sbin
3. Magic mount root dir and re-exec patched stock init

With Android 11 removing the /sbin folder, it is quite obvious that
things completely break down right in step 1.

To overcome this issue, we have to find a way to swap out the init
binary AFTER we re-exec stock init. This is where 2SI comes to rescue!

2SI normal boot procedure is:
1st stage -> Load sepolicy -> 2nd stage -> boot continue...

2SI Magisk boot procedure is:
MagiskInit 1st stage -> Stock 1st stage -> MagiskInit 2nd Stage ->
-> Stock init load sepolicy -> Stock 2nd stage -> boot continue...

As you can see, the trick is to make stock 1st stage init re-exec back
into MagiskInit so we can do our setup. This is possible by manipulating
some ramdisk files on initramfs based 2SI devices (old ass non SAR
devices AND super modern devices like Pixel 3/4), but not possible
on device that are stuck using legacy SAR (device that are not that
modern but not too old, like Pixel 1/2. Fucking Google logic!!)

This commit introduces a new way to intercept stock init re-exec flow:
ptrace init with forked tracer, monitor PTRACE_EVENT_EXEC, then swap
out the init file with bind mounts right before execv returns!

Going through this flow however will lose some necessary backup files,
so some bookkeeping has to be done by making the tracer hold these
files in memory and act as a daemon. 2nd stage MagiskInit will ack the
daemon to release these files at the correct time.

It just works™  ¯\_(ツ)_/¯
2020-04-01 04:39:28 -07:00
topjohnwu
543ce937ec Don't need to find system_dev 2020-03-31 22:41:25 -07:00
Chris Renshaw
aa72a080b0 core: clean up /data/adb/magisk.img, etc. as well
- now that magisk.img -> /data/adb/modules migration is no longer taking place make sure all magisk.img locations get cleaned up
2020-03-26 03:39:49 -07:00
topjohnwu
ba7cb47383 Make version reporting consistent 2020-03-23 01:17:13 -07:00
topjohnwu
48d417f9af Add symlink for backwards compatibility
The native code has to run with an old verison of Magisk Manager,
add this back so things will work properly.
2020-03-22 21:00:40 -07:00
Zackptg5
d7cd1b37f8 add missing flags 2020-03-22 13:41:55 -07:00
Simon Shi
7768274b2f Fix build issue 2020-03-14 11:17:51 -07:00
topjohnwu
612b51d48f Disable MagiskHide by default
Since SafetyNet CTS is impossible to achieve, leaving MagiskHide on
by default no longer serves a purpose.

For more details regarding the latest SafetyNet changes, please check:
https://twitter.com/topjohnwu/status/1237656703929180160
https://twitter.com/topjohnwu/status/1237830555523149824

MagiskHide's functionality will continue to exist within the Magisk
project as it is still extremely effective to hide modifications in
userspace (including SafetyNet's basicIntegrity check).

Future MagiskHide improvements _may_ come, but since the holy grail
has been taken, any form of improvement is now a very low priority.
2020-03-13 01:48:14 -07:00
Fox2Code
c07775f5e3
Add missing ro.vendor(.boot).warranty_bit props
Co-authored-by: John Wu <topjohnwu@gmail.com>
2020-03-12 00:28:43 -07:00
topjohnwu
e261579e72 Use standalone mode in boot scripts 2020-03-11 00:11:15 -07:00
topjohnwu
cf54cad3ce deleteprop -> delprop 2020-03-09 02:05:24 -07:00
topjohnwu
a0998009c1 Small native code reorganization 2020-03-09 01:50:30 -07:00
YU-YEN HSU
df15606b00 prop compare fix 2020-03-08 22:58:37 -07:00
YU-YEN HSU
4dc0d13688 Xiaomi cross region flash hacks 2020-03-08 22:58:37 -07:00
topjohnwu
ee1f45aa91 Add new commandline option to get tmpfs root 2020-02-29 15:33:11 -08:00
topjohnwu
696ab677be New pre-init magic mount implementation 2020-02-21 00:49:58 -08:00
topjohnwu
0d229dac3b Support Android 11 SELinux paths
This is NOT proper Android 11 support
2020-02-21 00:49:33 -08:00
topjohnwu
3b8ea599f0 Fix switch_root implementation 2020-02-20 21:08:59 -08:00
topjohnwu
e5f50bb7e0 Update busybox 2020-02-07 21:57:26 -08:00
topjohnwu
84e4bd3d41 Move readlinkat fix into xwrap 2020-02-03 13:24:02 +08:00
Shaka Huang
0ecfb63cd6 Fix crash during boot in x86 platform
readlinkat() may return random value instead of the number of bytes placed in buf and crashing the system in two ways:
1. segmentation fault (buf[-7633350] = ‘\0’)
2. wrong link of watchdogd, resulting dog timeout

Confirmed working in ZenFone 2 x86 series, may fix #2247 and #2356

Signed-off-by: Shaka Huang <shakalaca@gmail.com>
2020-02-03 13:02:30 +08:00
topjohnwu
ebdd6ec40c Fallback to getprop to get SDK_INT
Close #2274, close #2279
2020-02-03 12:58:59 +08:00