Commit Graph

194 Commits

Author SHA1 Message Date
topjohnwu
975b1a5e36 Prune unused UIDs from su policies 2022-05-18 01:55:58 -07:00
topjohnwu
029422679c Remove enforcement
Enforcement will be re-implemented later
2022-05-11 21:12:37 -07:00
vvb2060
05d6d2b51b Verify app signature 2022-05-11 21:12:37 -07:00
vvb2060
01a1213463 /data/adb/magisk/magisk.apk no longer exists 2022-04-07 23:20:42 -07:00
canyie
448384af06 Guard su request IPC
Previously `read_string()` calls `std::string.resize()` with a int read from remote process. When I/O error occurs, -1 will be used for resizing the string, `std::bad_alloc` is thrown and since magisk is compiled with `-fno-exceptions`, it will crash the whole daemon process.

May fix topjohnwu#5681
2022-04-06 21:15:07 -07:00
topjohnwu
704f91545e Reorganize magiskpolicy source code 2022-03-29 22:26:38 -07:00
topjohnwu
f008420891 Make magiskinit not magiskpolicy 2022-03-17 03:36:40 -07:00
topjohnwu
49f259065d Introduce new sepolicy injection mechanism
In the current implementation, Magisk will either have to recreate
all early mount implementation (for legacy SAR and rootfs devices) or
delegate early mount to first stage init (for 2SI devices) to access
required partitions for loading sepolicy. It then has to recreate the
split sepolicy loading implementation in-house, apply patches, then
dump the compiled + patched policies into monolithic format somewhere.
Finally, it patches the original init to force it to load the sepolicy
file we just created.

With the increasing complexity involved in early mount and split
sepolicy (there is even APEX module involved in the future!),
it is about time to rethink Magisk's sepolicy strategy as rebuilding
init's functionality is not scalable and easy to maintain.

In this commit, instead of building sepolicy ourselves, we mock
selinuxfs with FIFO files connected to a pre-init daemon, waiting
for the actual init process to directly write the sepolicy file into
MagiskInit. We then patch the file and load it into the kernel. Some
FIFO tricks has to be used to hijack the original init process's
control flow and prevent race conditions, details are directly in the
comments in code.

At the moment, only system-as-root (read-only root) support is added.
Support for legacy rootfs devices will come with a follow up commit.
2022-03-16 00:31:55 -07:00
topjohnwu
9968af0785 Move all permission check into daemon.cpp 2022-03-01 03:15:38 -08:00
topjohnwu
be7586137c Reduce C++ wizardry 2022-03-01 03:15:38 -08:00
LoveSy
7999b66c3c Refactor daemon connection 2022-03-01 03:15:38 -08:00
topjohnwu
bb7a74e4b4 Add Zygisk API getFlags() 2022-01-17 19:54:33 -08:00
topjohnwu
21d7db0959 Add new Zygisk API to get module dir 2022-01-14 03:10:02 -08:00
topjohnwu
ea75a09f95 Make zygisk survive zygote restarts
Close #4777
2021-10-27 01:53:16 -07:00
topjohnwu
8d0dc37ec0 Use SO_PEERSEC to get client secontext 2021-10-19 23:46:38 -07:00
topjohnwu
6f54c57647 Allow fork in thread pool 2021-10-17 04:24:25 -07:00
topjohnwu
c8ac6c07b0 Load Zygisk modules 2021-10-13 04:52:02 -07:00
topjohnwu
f1b6c9f4aa Refresh uid_map on package.xml change 2021-09-20 04:42:06 -07:00
topjohnwu
3fb72a4d20 Support polling on multiple fds 2021-09-18 14:40:12 -07:00
topjohnwu
db590091b3 Propagate Zygisk state to Magisk app 2021-09-18 02:38:53 -07:00
topjohnwu
7b25e74418 Simplify get manager app info logic 2021-09-17 02:07:32 -07:00
topjohnwu
706a492218 Update denylist config implementation 2021-09-16 05:27:34 -07:00
topjohnwu
c0be5383de Support enable/disable Zygisk 2021-09-15 02:49:54 -07:00
topjohnwu
3b8ce85092 Enable Zygisk 2021-09-15 01:59:43 -07:00
topjohnwu
65b0ea792e MagiskHide is no more 2021-09-12 12:40:34 -07:00
topjohnwu
de2306bd12 Proper incremental builds
Auto generate flag.h for precise rebuilding
2021-09-07 19:35:28 -07:00
LoveSy
117d1ed080 Fix always enter safe mode
`getprop("persist.sys.safemode", true) == "1"` -> `getprop("persist.sys.safemode", true) == ""`
2021-08-29 02:45:49 -07:00
vvb2060
f324252681 Use isolated devpts if kernel support
kernel version >= 4.7 or CONFIG_DEVPTS_MULTIPLE_INSTANCES=y
2021-08-29 02:45:49 -07:00
topjohnwu
5d162f81c4 Modernize db.hpp 2021-08-27 01:06:03 -07:00
topjohnwu
4771c2810b Significantly better AVD support 2021-08-26 03:09:56 -07:00
topjohnwu
171d68ca72 Connect to magiskd log daemon 2021-08-22 03:26:48 -07:00
topjohnwu
bade4f2c6a Make xhook log as Magisk 2021-08-22 03:26:48 -07:00
topjohnwu
ffe47300a1 Update recv/send fd function 2021-08-22 03:26:48 -07:00
topjohnwu
9b3efffba9 Use magiskd to setup files 2021-08-18 03:44:32 -07:00
topjohnwu
003fea52b1 Remove all non-Magisk hiding code
Magisk no longer interferes with any signals/info that were not created
or caused by Magisk itself.
2021-08-18 02:01:54 -07:00
topjohnwu
2b17c77195 Make Zygisk 1st class citizen 2021-08-17 23:57:49 -07:00
topjohnwu
20860da4b4 Cleaner daemon handlers 2021-08-11 22:57:08 -07:00
topjohnwu
e8ba671fc2 Guard all injection features behind a global flag 2021-01-13 20:07:23 -08:00
topjohnwu
9a28dd4f6e Implement MagiskHide through code injection 2021-01-12 03:28:00 -08:00
topjohnwu
d2acd59ea8 Minor code refactoring 2021-01-12 00:07:48 -08:00
topjohnwu
eb21c8b42e Code cleanups 2021-01-11 02:19:10 -08:00
topjohnwu
4060c2107c Add preliminary zygote code injection support
Prototyping the injection setup and a clean "self unloading" mechanism.
2021-01-06 22:21:17 -08:00
topjohnwu
f9bde347bc Convert indentation to spaces
The tab war is lost
2020-12-30 22:11:24 -08:00
topjohnwu
eee7f097e3 Make post-fs-data scripts block at most 35 secs 2020-12-17 16:54:53 -08:00
topjohnwu
086059ec30 Make sure boot stages are mutually exclusive 2020-12-15 03:40:37 -08:00
topjohnwu
dead74801d Setup log file when manually starting daemon 2020-12-04 01:07:47 -08:00
topjohnwu
f152e8c33d Directly log to log file 2020-12-03 20:15:18 -08:00
topjohnwu
1e0f96d0fd Prefer platform implementation over internal 2020-11-04 04:42:02 -08:00
topjohnwu
bf650332d8 Update nanopb 2020-11-04 01:56:49 -08:00
topjohnwu
16e4c67992 Significantly broaden sepolicy.rule compatibility
Previously, Magisk uses persist or cache for storing modules' custom
sepolicy rules. In this commit, we significantly broaden its
compatibility and also prevent mounting errors.

The persist partition is non-standard and also critical for Snapdragon
devices, so we prefer not to use it by default.

We will go through the following logic to find the best suitable
non-volatile, writable location to store and load sepolicy.rule files:

Unencrypted data -> FBE data unencrypted dir -> cache -> metadata -> persist

This should cover almost all possible cases: very old devices have
cache partitions; newer devices will use FBE; latest devices will use
metadata FBE (which guarantees a metadata parition); and finally,
all Snapdragon devices have the persist partition (as a last resort).

Fix #3179
2020-11-02 23:20:38 -08:00