Commit Graph

2742 Commits

Author SHA1 Message Date
topjohnwu
bbe4b69c8d Fix LZ4FEncoder constructor 2019-03-07 19:58:59 -05:00
topjohnwu
7f08c06943 Remove unnecessary '--' from magiskboot actions 2019-03-07 18:07:23 -05:00
topjohnwu
8f4a6415cd Use ToT r8 for releases 2019-03-07 17:33:06 -05:00
topjohnwu
0442d6d509 Only compress kernel and ramdisk if input not compressed 2019-03-07 07:24:20 -05:00
lindwurm
a3fc6d2a27 l10n: Update Japanese translation
Signed-off-by: lindwurm <lindwurm.q@gmail.com>
2019-03-07 06:10:42 -05:00
linar10
7db05ac927 Update strings.xml 2019-03-07 06:10:29 -05:00
Igor Dyatlov
8bed93b3c5 Updated Russian translation 2019-03-07 06:10:14 -05:00
topjohnwu
915b49014f Build libsqlite.so only with magisk
Fix #1175
2019-03-07 05:21:27 -05:00
topjohnwu
c699f30831 Fix some build issues 2019-03-07 05:05:46 -05:00
topjohnwu
3e73e3a906 Play with Java streams 2019-03-07 03:43:28 -05:00
topjohnwu
32c65d8a88 Upgrade Android Studio 2019-03-07 03:41:24 -05:00
topjohnwu
a49328edd3 Workaround Binder transaction limits 2019-03-07 02:07:34 -05:00
topjohnwu
9a15365a57 Welcome, Java 8/9 APIs
Fix #1162
2019-03-07 00:01:07 -05:00
topjohnwu
82c864d57e Make zygote notifier more reliable 2019-03-06 18:22:04 -05:00
topjohnwu
6226f875ff Make db settings constructor more readable 2019-03-06 08:21:23 -05:00
topjohnwu
370015a853 Modernize database code (again) 2019-03-06 08:16:12 -05:00
topjohnwu
6597b7adc0 Add MicroG DroidGuardHelper as target
MicroG uses a different package to handle DroidGuard service (SafetyNet),
but still uses the same com.google.android.gms.unstable process name.
Thanks to the changes in 4e53ebfe, we can target both official GMS
and MicroG SafetyNet services at the same time.
2019-03-06 05:43:52 -05:00
topjohnwu
4e53ebfe44 Use both package name and process name as key
Different packages could potentially use the same process name,
and they shouldn't conflict with each other.
2019-03-06 05:40:52 -05:00
topjohnwu
04ef1e6405 Make parse prop file a util function 2019-03-05 20:27:09 -05:00
topjohnwu
b278d07b05 Switch to Zygote ptrace-ing
No matter if we use the old, buggy, error prone am_proc_start monitoring,
or the new APK inotify method, both methods rely on MagiskHide 'reacting'
fast enough to hijack the process before any detection has been done.

However, this is not reliable and practical. There are apps that utilize
native libraries to start detects and register SIGCONT signal handlers
to mitigate all existing MagiskHide process monitoring mechanism. So
our only solution is to hijack an app BEFORE it is started.

All Android apps' process is forked from zygote, so it is easily the
target to be monitored. All forks will be notified, and subsequent
thread spawning (Android apps are heaviliy multithreaded) from children
are also closely monitored to find the earliest possible point to
identify what the process will eventually be (before am_proc_bound).

ptrace is extremely complicated and very difficult to get right. The
current code is heaviliy tested on a stock Android 9.0 Pixel system,
so in theory it should work fine on most devices, but more tests and
potentially fixes are expected to follow this commit.
2019-03-05 20:23:27 -05:00
topjohnwu
6c3896079d Add zygote server notifier 2019-03-05 20:23:27 -05:00
topjohnwu
e73fa57d54 Update Android Studio 2019-03-05 07:38:40 -05:00
topjohnwu
eaa9c7e2a0 Android Q init is not always a symlink 2019-03-03 14:56:36 -05:00
topjohnwu
14ae29d907 Support Android Q new init setup 2019-03-03 06:35:25 -05:00
linar10
e8f35b02ca Update strings.xml 2019-03-02 05:49:37 -05:00
topjohnwu
dee3c3e7ba Workaround seccomp on MagiskBoot
Close #1150
2019-03-02 05:46:15 -05:00
topjohnwu
d8cd2031c7 SIGSTOP any possible process ASAP
Shut down any UID matching process and resume if it turns out not to
be our target. Since we will record every single process we have ever
paused, this means that the same process will not be paused erroneously
for another time.

This is an optimization to hijack the app as soon as possible.
2019-03-02 04:24:41 -05:00
topjohnwu
7203e7df5c Create mapping from watch descriptor to UID 2019-03-02 03:44:24 -05:00
topjohnwu
b51feffe80 Limit process name match to cmdline only
We are only interested in Zygote forked processed
2019-03-01 18:13:41 -05:00
topjohnwu
b1afd554fc Application Component Granularity MagiskHide
Before switching to the new MagiskHide implementation (APK inotify),
logcat parsing provides us lots of information to target a process.
We were targeting components so that apps with multi-processes
can still be hidden properly.

After switching to the new implementation, our granularity is limited
to the UID of the process. This is especially dangerous since Android
allow apps signed with the same signature to share UIDs, and many system
apps utilize this for elevated permissions for some services.

This commit introduces process name matching. We could not blanketly
target an UID, so the workaround is to verify its process name before
unmounting.

The tricky thing is that any app developer is allowed to name the
process of its component to whatever they want; there is no 'one
rule to catch them all' to target a specific package. As a result,
Magisk Manager is updated to scan through all components of all apps,
and show different processes of the same app, each as a separate
hide target in the list.

The hide target database also has to be updated accordingly.
Each hide target is now a <package name, process name> pair. The
magiskhide CLI and Magisk Manager is updated to support this new
target format.
2019-03-01 17:08:08 -05:00
topjohnwu
885e3c574b Upgrade dependencies 2019-02-28 23:42:33 -05:00
topjohnwu
05dd5f3396 Only load config prop when needed
Close #922
2019-02-28 23:42:33 -05:00
SakuraSa233
ec3c43faf1 update: Japanese translation 2019-02-28 05:57:53 -05:00
topjohnwu
e72c6685ed Support A only System-as-root Devices
Most Chinese devices (and supposedly Galaxy S10) running Android Pie
is using system-as-root without A/B partition.

https://source.android.com/devices/bootloader/system-as-root#about-system-as-root

According to the docs above, these devices will have a ramdisk block
with size 0 in their boot images. Since magiskinit can run independently
on system-as-root devices, we simply just create an empty ramdisk with
magiskinit added as init.

Huge thanks to @vvb2060 for the heads up and original PR.
Close #980, close #1102
2019-02-28 05:46:36 -05:00
Cristian Silaghi
99d6bd8efc Minor changes for Romanian 2019-02-27 16:44:49 -05:00
linar10
4c8587a9f2 Update strings.xml 2019-02-27 16:44:41 -05:00
John Wu
54a8a05dae Small adjustments in connect.cpp 2019-02-27 16:44:27 -05:00
John Wu
164a99681b Make case Intent.ACTION_REBOOT fall through 2019-02-27 16:44:27 -05:00
vvb2060
0eef4eacd6 Use REBOOT foreground broadcast 2019-02-27 16:44:27 -05:00
topjohnwu
5764f0c839 Compiler flag enhancements
- Enable LTO
- Add -fomit-frame-pointer for even smaller binary size

This commit is inspired by #1075. Close #1075.
2019-02-26 03:42:44 -05:00
topjohnwu
f28e425542 Fix strings resources 2019-02-26 03:13:49 -05:00
Hugwalk
d1a4f046e9 Recreate translations for Chinese (Taiwan)
Fixed wordings to fit Taiwanese accent.
e.g. 日誌 (log) to 記錄檔

Kept proper nouns in English
e.g. Superuser instead of 超級使用者

Removed westernised Chinese as much as possible.
2019-02-26 03:08:29 -05:00
Gozzwip
2ce1dc4afe new translations 2019-02-26 03:07:45 -05:00
linar10
37ac249fd7 Update strings.xml 2019-02-26 03:07:29 -05:00
vvb2060
f152bea8d8 Trim dev name 2019-02-26 03:04:17 -05:00
Oliver Cervera
7b089b888a Update Italian Translation
Minor changes
2019-02-26 02:47:01 -05:00
Cristian Silaghi
68f0e1fe39 Update Romanian translation 2019-02-26 02:46:50 -05:00
topjohnwu
8032bd0bac Introduce /data mirror
Since we switched to imageless Magisk, module files are directly
stored in /data. However, /data is mounted with nosuid, which also
prevents SELinux typetransition to work (auto transition from one
domain to another when executing files with specific context).
This could cause serious issues when we are replacing system critical
components (e.g. app_process for Xposed), because most of them
are daemons that run in special process domains.

This commit introduced /data mirror. Using similar mirroring technique
we used for system and vendor, we mount another mirror that mounts
/data without nosuid flag. All module files are then mounted from this
mirror mountpoint instead of directly from /data.

Close #1080
2019-02-25 06:13:42 -05:00
topjohnwu
0c227f2917 Always clone attribute from existing files to module files
This makes sure no weird permission/SELinux issues shall happen
2019-02-25 05:17:08 -05:00
topjohnwu
c9fa8118d1 Some code adjustments 2019-02-24 23:09:34 -05:00