752 Commits

Author SHA1 Message Date
topjohnwu
2f1f68f12f Prepare compilation for NDK r21 2020-04-03 02:58:39 -07:00
Shaka Huang
834561a5de Content in dt_fstab is not null terminated in emulator
Value of <dt>/fstab/<partition>/dev and <dt>/fstab/<partition>/type in official Android emulator ends with newline instead of \0, Magisk won’t be able to patch sepolicy and crash the system.

Signed-off-by: Shaka Huang <shakalaca@gmail.com>
2020-04-02 20:54:41 -07:00
topjohnwu
9820296e92 Update files.cpp in libutils 2020-04-02 02:17:45 -07:00
topjohnwu
dbfde74c1e Clean rootfs in switch_root 2020-04-01 23:37:11 -07:00
topjohnwu
b28668e18d Prevent possible race condition 2020-04-01 22:40:59 -07:00
topjohnwu
5f1174de27 Introduce new boot flow to handle SAR 2SI
The existing method for handling legacy SAR is:
1. Mount /sbin tmpfs overlay
2. Dump all patched/new files into /sbin
3. Magic mount root dir and re-exec patched stock init

With Android 11 removing the /sbin folder, it is quite obvious that
things completely break down right in step 1.

To overcome this issue, we have to find a way to swap out the init
binary AFTER we re-exec stock init. This is where 2SI comes to rescue!

2SI normal boot procedure is:
1st stage -> Load sepolicy -> 2nd stage -> boot continue...

2SI Magisk boot procedure is:
MagiskInit 1st stage -> Stock 1st stage -> MagiskInit 2nd Stage ->
-> Stock init load sepolicy -> Stock 2nd stage -> boot continue...

As you can see, the trick is to make stock 1st stage init re-exec back
into MagiskInit so we can do our setup. This is possible by manipulating
some ramdisk files on initramfs based 2SI devices (old ass non SAR
devices AND super modern devices like Pixel 3/4), but not possible
on device that are stuck using legacy SAR (device that are not that
modern but not too old, like Pixel 1/2. Fucking Google logic!!)

This commit introduces a new way to intercept stock init re-exec flow:
ptrace init with forked tracer, monitor PTRACE_EVENT_EXEC, then swap
out the init file with bind mounts right before execv returns!

Going through this flow however will lose some necessary backup files,
so some bookkeeping has to be done by making the tracer hold these
files in memory and act as a daemon. 2nd stage MagiskInit will ack the
daemon to release these files at the correct time.

It just works™  ¯\_(ツ)_/¯
2020-04-01 04:39:28 -07:00
topjohnwu
543ce937ec Don't need to find system_dev 2020-03-31 22:41:25 -07:00
Chris Renshaw
aa72a080b0 core: clean up /data/adb/magisk.img, etc. as well
- now that magisk.img -> /data/adb/modules migration is no longer taking place make sure all magisk.img locations get cleaned up
2020-03-26 03:39:49 -07:00
topjohnwu
ba7cb47383 Make version reporting consistent 2020-03-23 01:17:13 -07:00
topjohnwu
48d417f9af Add symlink for backwards compatibility
The native code has to run with an old verison of Magisk Manager,
add this back so things will work properly.
2020-03-22 21:00:40 -07:00
Zackptg5
d7cd1b37f8 add missing flags 2020-03-22 13:41:55 -07:00
Simon Shi
7768274b2f Fix build issue 2020-03-14 11:17:51 -07:00
topjohnwu
612b51d48f Disable MagiskHide by default
Since SafetyNet CTS is impossible to achieve, leaving MagiskHide on
by default no longer serves a purpose.

For more details regarding the latest SafetyNet changes, please check:
https://twitter.com/topjohnwu/status/1237656703929180160
https://twitter.com/topjohnwu/status/1237830555523149824

MagiskHide's functionality will continue to exist within the Magisk
project as it is still extremely effective to hide modifications in
userspace (including SafetyNet's basicIntegrity check).

Future MagiskHide improvements _may_ come, but since the holy grail
has been taken, any form of improvement is now a very low priority.
2020-03-13 01:48:14 -07:00
Fox2Code
c07775f5e3
Add missing ro.vendor(.boot).warranty_bit props
Co-authored-by: John Wu <topjohnwu@gmail.com>
2020-03-12 00:28:43 -07:00
topjohnwu
e261579e72 Use standalone mode in boot scripts 2020-03-11 00:11:15 -07:00
topjohnwu
cf54cad3ce deleteprop -> delprop 2020-03-09 02:05:24 -07:00
topjohnwu
a0998009c1 Small native code reorganization 2020-03-09 01:50:30 -07:00
YU-YEN HSU
df15606b00 prop compare fix 2020-03-08 22:58:37 -07:00
YU-YEN HSU
4dc0d13688 Xiaomi cross region flash hacks 2020-03-08 22:58:37 -07:00
topjohnwu
ee1f45aa91 Add new commandline option to get tmpfs root 2020-02-29 15:33:11 -08:00
topjohnwu
696ab677be New pre-init magic mount implementation 2020-02-21 00:49:58 -08:00
topjohnwu
0d229dac3b Support Android 11 SELinux paths
This is NOT proper Android 11 support
2020-02-21 00:49:33 -08:00
topjohnwu
3b8ea599f0 Fix switch_root implementation 2020-02-20 21:08:59 -08:00
topjohnwu
e5f50bb7e0 Update busybox 2020-02-07 21:57:26 -08:00
topjohnwu
84e4bd3d41 Move readlinkat fix into xwrap 2020-02-03 13:24:02 +08:00
Shaka Huang
0ecfb63cd6 Fix crash during boot in x86 platform
readlinkat() may return random value instead of the number of bytes placed in buf and crashing the system in two ways:
1. segmentation fault (buf[-7633350] = ‘\0’)
2. wrong link of watchdogd, resulting dog timeout

Confirmed working in ZenFone 2 x86 series, may fix #2247 and #2356

Signed-off-by: Shaka Huang <shakalaca@gmail.com>
2020-02-03 13:02:30 +08:00
topjohnwu
ebdd6ec40c Fallback to getprop to get SDK_INT
Close #2274, close #2279
2020-02-03 12:58:59 +08:00
topjohnwu
6180558068 Add support for genfscon sepolicy rules
Close #2367
2020-02-02 01:16:42 +08:00
Shaka Huang
cf589f8c64
Fix error loading libsqlite.so
Vendors are always adding “extra libraries” in /vendor/lib* for their own sake, in this case AS*S loaded with customized `libicuuc.so` for Zenf*ne 5z and led to the failure of dynamic loading libsqlite.so:

<quote>
db: dlopen failed: cannot locate symbol "UCNV_FROM_U_CALLBACK_ESCAPE_63" referenced by "/apex/com.android.runtime/lib64/libandroidicu.so"...
</quote>

Signed-off-by: Shaka Huang <shakalaca@gmail.com>

* Minor optimizations

Co-authored-by: John Wu <topjohnwu@gmail.com>
2020-02-01 14:36:34 +08:00
topjohnwu
e864919c0b Jellybean supports modules 2020-02-01 14:22:31 +08:00
osm0sis
a7435dad6d magiskboot: fix lzop detection 2020-02-01 01:09:12 +08:00
osm0sis
793f0b605c init: fix Tegra "APP" /system partition mounting
- thanks rootfan in https://github.com/topjohnwu/Magisk/issues/2063#issuecomment-573232567

Closes #2243
2020-02-01 01:09:12 +08:00
topjohnwu
5b56ca7ffc Use MAX_FDT_GROWTH instead of hardcode value 2020-02-01 00:58:33 +08:00
topjohnwu
5c988510b3 Preserve fdt paddings
Some Motorola devices (Qualcomm kernel with CONFIG_MMI_DEVICE_DTBS
configuration enabled) need 1k of padding to the DTBs to allow for
environment variables to be runtime added by the bootloader.
Those extra paddings will be removed during the process of dtb patch,
devices won’t be able to boot-up and return to fastboot mode immediately
after flashed the flawed boot.img.

Credits to @shakalaca, close #2273
2020-02-01 00:48:21 +08:00
topjohnwu
290624844b Reorganize dtb code 2020-02-01 00:15:52 +08:00
topjohnwu
e395c9442f Upstream system_properties 2020-01-27 19:50:03 +08:00
vvb2060
b90c65370e Fix build on Windows 2020-01-26 12:27:07 +08:00
topjohnwu
ba55e2bc32 Backup proper magiskinit in A-only 2SI 2020-01-22 05:12:04 +08:00
topjohnwu
0a2c99f1dc Use __LP64__ to detect 64 bit 2020-01-22 01:20:14 +08:00
topjohnwu
836bfbdd02 Wrapper is no longer needed 2020-01-22 01:17:30 +08:00
topjohnwu
b13a35057a Support building standalone resetprop 2020-01-21 00:48:52 +08:00
topjohnwu
c3e77b1ec1 Add BusyBox SELinux support
Close #1523
2020-01-20 20:48:05 +08:00
topjohnwu
fb60bea659 Update external/selinux 2020-01-20 18:36:16 +08:00
topjohnwu
b39f407596 Load libsqlite dynamically 2020-01-11 03:20:59 +08:00
osm0sis
615ad0cc5a core: remove remaining legacy workarounds/leftovers 2020-01-10 23:31:43 +08:00
topjohnwu
3a0e3c98f7 Minor adjustments to prevent crashes 2020-01-09 23:42:27 +08:00
topjohnwu
fafa92d44b Simplify rootfs persist mount 2020-01-08 22:42:54 +08:00
topjohnwu
242e64d72f Make write return something sane 2020-01-06 17:09:09 +08:00
topjohnwu
2262af728e Eliminate undefined behavior 2020-01-06 05:31:38 +08:00
topjohnwu
2db1e5cb74 Minor module related fixes 2019-12-30 13:21:39 +08:00
topjohnwu
78c64d39ec Add split command to magiskboot
Allow splitting image.*-dtb files to kernel and dtb
2019-12-30 13:04:39 +08:00
topjohnwu
b2cb2b8b75 Reduce socket name length
Some detectors simply ban long abstract sockets
2019-12-28 21:27:55 +08:00
Zackptg5
d19f65ce4a Ignore twrp fstabs 2019-12-28 13:47:05 +08:00
topjohnwu
3beffd84d6 Copy sepolicy rules to persist every boot 2019-12-22 03:44:07 -05:00
topjohnwu
3b9f7885e0 Stop using chdir 2019-12-21 05:29:38 -05:00
topjohnwu
7668e45890 Cleanup legacy code 2019-12-17 17:15:31 -05:00
topjohnwu
695c8bc5d0 Detect package name for copying binaries
Close #2152
2019-12-17 16:38:12 -05:00
topjohnwu
4f4f54a059 Remove unused code 2019-12-13 08:31:24 -05:00
topjohnwu
12fda29280 Add support for pre-init custom sepolicy patches
Close #1685
2019-12-13 06:05:12 -05:00
topjohnwu
af060b3132 General QoL changes 2019-12-13 00:37:06 -05:00
topjohnwu
8c500709e4 Remove SAR compatibility mode 2019-12-12 03:25:48 -05:00
topjohnwu
490e6a6f23 Add new API to load sepolicy rule file 2019-12-09 04:14:30 -05:00
topjohnwu
08177c3dd8 Mount persist partition mirror pre-init 2019-12-09 04:09:23 -05:00
topjohnwu
d22b9c26b6 Pull out common logic 2019-12-06 15:31:49 -05:00
topjohnwu
4bb8ad19cf Small init refactoring 2019-12-06 12:02:34 -05:00
topjohnwu
11b7076a43 Fix broken getxattr calls 2019-12-05 17:34:50 -05:00
topjohnwu
476b61c4c9 Support system_root with NVIDIA partition names
Fix #2063
2019-12-05 17:20:32 -05:00
topjohnwu
8cc5f096a2 Some minor changes 2019-12-05 17:20:32 -05:00
Alvin Wong
474d65207e Fix MagiskHide unmounting paths under /product
Fixes #2107
2019-12-03 05:42:10 -05:00
topjohnwu
03428329ef Add new verity and encryption patterns
Close #2118
2019-12-03 05:39:39 -05:00
topjohnwu
8d21988656 Support patching DTB/DTBO partition format 2019-12-02 04:34:21 -05:00
topjohnwu
276535dad6 Fix incorrect kmsg path
/proc/kmsg -> /dev/kmsg
2019-11-25 19:09:02 -05:00
topjohnwu
e373e59661 Make sure file descriptors are setup properly 2019-11-25 19:07:06 -05:00
topjohnwu
34bb18448c Fix compile errors 2019-11-23 17:18:55 -05:00
topjohnwu
01253f050a Use smart pointers 2019-11-23 04:57:52 -05:00
topjohnwu
5bee1c56a9 Properly use RAII to reduce complication 2019-11-22 03:01:49 -05:00
topjohnwu
bffdedddb4 Fix fwrite/fread params 2019-11-21 17:43:31 -05:00
topjohnwu
fd72f658c0 Fix SQL command when creating magiskdb 2019-11-21 14:40:12 -05:00
topjohnwu
d3b5cf82d8 Small adjustments 2019-11-21 06:17:28 -05:00
topjohnwu
d26d804cc2 Migrate to generic stream implementation 2019-11-21 06:08:02 -05:00
topjohnwu
4f9a25ee89 Create generic streams on top of stdio
WIP
2019-11-20 21:48:49 -05:00
topjohnwu
bb9ce0e897 Make sepolicy dump more efficient 2019-11-20 03:47:15 -05:00
topjohnwu
d6fb9868bf Small sepolicy refactor and fixes 2019-11-19 05:20:18 -05:00
topjohnwu
9aff1a57d3 Cleanup headers 2019-11-19 02:04:47 -05:00
topjohnwu
7681fde4d0 Record mounts to be cleaned up in a vector 2019-11-19 00:16:20 -05:00
topjohnwu
d3b7b41927 Fix kmsg logging in magiskinit 2019-11-18 17:18:56 -05:00
osm0sis
7f6a6016d6 magiskboot: add simple workaround for Samsung offset header variant
- some Samsung devices (e.g. Galaxy S5 SMG-900H) use a slightly different AOSP bootimg.h variant with `#define BOOT_NAME_SIZE 20` instead of 16
- since all known examples of these device images do not have anything in the NAME or CMDLINE fields, and the bootloader also accepts standard AOSP images, simply offset the SHA1/SHA256 detection by 4 bytes to avoid false positives from these images, remain an equally effective detection shortcut, and ensure a proper SHA1 checksum on repack

aosp-dtbhdt2-4offhash-seandroid-256sig-samsung_gs5-smg900h-boot.img
UNPACK CHECKSUM [00000000b11580f7d20f70297cdc31e02626def0356c82b90000000000000000]
REPACK CHECKSUM [73b18751202e56c433f89dfd1902c290eaf4eef3e167fcf03b814b59a5e984b6]
AIK CHECKSUM    [b11580f7d20f70297cdc31e02626def0356c82b9000000000000000000000000]

This patch should result in a `magiskboot unpack -n boot.img; magiskboot repack boot.img` new-boot.img matching the AIK CHECKSUM above.
2019-11-16 03:23:49 -05:00
topjohnwu
576efbdc1b Move su logs out of magiskdb 2019-11-14 00:01:06 -05:00
topjohnwu
1542447822 Reuse buffer 2019-11-13 02:36:45 -05:00
vvb2060
817cdf7113 fix multiuser owner_managed mode 2019-11-11 14:12:26 -05:00
topjohnwu
d952cc2327 Properly solve the connection problem 2019-11-07 17:41:59 -05:00
topjohnwu
46447f7cfd Proper string buffer size 2019-11-05 01:46:46 -05:00
topjohnwu
25c557248c Use ContentProvider call method for communication
Previously, we use either BroadcastReceivers or Activities to receive
messages from our native daemon, but both have their own downsides.
Some OEMs blocks broadcasts if the app is not running in the background,
regardless of who the caller is. Activities on the other hand, despite
working 100% of the time, will steal the focus of the current foreground
app, even though we are just doing some logging and showing a toast.
In addition, since stubs for hiding Magisk Manager is introduced, our
only communication method is left with the broadcast option, as
only broadcasting allows targeting a specific package name, not a
component name (which will be obfuscated in the case of stubs).

To make sure root requests will work on all devices, Magisk had to do
some experiments every boot to test whether broadcast is deliverable or
not. This makes the whole thing even more complicated then ever.

So lets take a look at another kind of component in Android apps:
ContentProviders. It is a vital part of Android's ecosystem, and as far
as I know no OEMs will block requests to ContentProviders (or else
tons of functionality will break catastrophically). Starting at API 11,
the system supports calling a specific method in ContentProviders,
optionally sending extra data along with the method call. This is
perfect for the native daemon to start a communication with Magisk
Manager. Another cool thing is that we no longer need to know the
component name of the reciever, as ContentProviders identify themselves
with an "authority" name, which in Magisk Manager's case is tied to the
package name. We already have a mechanism to keep track of our current
manager package name, so this works out of the box.

So yay! No more flaky broadcast tests, no more stupid OEMs blocking
broadcasts for some bizzare reasons. This method should in theory
work on almost all devices and situations.
2019-11-04 14:32:28 -05:00
topjohnwu
a9f11b28c8 Fix busybox scripts again 2019-11-02 01:16:54 -04:00
topjohnwu
a30f5b175f Fix busybox makefiles 2019-11-01 09:38:01 -04:00
topjohnwu
8277896ca1 Make sure uninstall.sh is executed on remove 2019-11-01 03:07:12 -04:00
topjohnwu
493068c073 Attempt to rescan zygote multiple times
Close #1654
2019-11-01 02:12:28 -04:00
topjohnwu
f4299fbea8 Update BusyBox to 1.31.1 2019-10-31 18:11:10 -04:00
topjohnwu
34c65e13bc Fix strings
Close #2012
2019-10-31 12:39:54 -04:00
John Wu
17a77e2577 Shortcut booleans 2019-10-31 02:44:25 -04:00