15 Commits

Author SHA1 Message Date
topjohnwu
622e09862a Restructure native codebase 2022-05-12 02:03:51 -07:00
LoveSy
e9f562a8b7 Fix abuse of fdopendir
After `fdopendir`, the fd is no longer usable. Should dup and
make use of RAII

Co-authored-by: 残页 <31466456+canyie@users.noreply.github.com>
2022-02-04 22:54:34 -08:00
残页
c0a2e3674c Reset file context from adb_data_file
In some cases (like weird ROMs that allow init to relabel context from system_file), module files will have an incorrent context, which will causes module not working properly.
See https://github.com/RikkaApps/Riru/wiki/Explanation-about-incorrect-SELinux-rules-from-third-party-ROMs-cause-Riru-not-working
2021-09-02 21:55:08 -07:00
Shaka Huang
dfe1f2c108 Call freecon() when fgetfilecon() succeeds 2021-04-04 01:58:59 -07:00
topjohnwu
f1295cb7d6 Fix root on Android 7.0 and lower 2021-01-26 02:16:11 -08:00
topjohnwu
d2bc2cfcf8 Install both 32 and 64 bit binaries 2021-01-18 12:37:08 -08:00
topjohnwu
eb21c8b42e Code cleanups 2021-01-11 02:19:10 -08:00
topjohnwu
f9bde347bc Convert indentation to spaces
The tab war is lost
2020-12-30 22:11:24 -08:00
topjohnwu
7fc9b908d4 Update Android 11 emulator support 2020-07-27 03:33:11 -07:00
topjohnwu
97b72a5941 Revert to old SElinux rules on pre 8.0 devices
Fix #2910
2020-07-06 01:13:50 -07:00
topjohnwu
ec3705f2ed Redesign of MagiskSU's sepolicy model
Introduce new domain `magisk_client` and new file type `magisk_exec`.

Connection to magiskd's always-on socket is restricted to magisk_client
only. Whitelisted process domains can transit to magisk_client through
executing files labelled magisk_exec. The main magisk binary shall be
the only file labelled as magisk_exec throughout the whole system.
All processes thus are no longer allowed to connect to magiskd directly
without going through the proper magisk binary.

Connection failures are silenced from audit logs with dontaudit rules,
so crazy processes which traverse through all unix domain sockets to try
connection can no longer check logcat to know the actual reason behind
EACCES, leaking the denied process policy (which is u:r:magisk:s0).

This also allows us to remove many rules that open up holes in
untrusted_app domains that were used to make remote shell work properly.
Since all processes establishing the remote shell are now restricted to
the magisk_client domain, all these rules are moved to magisk_client.
This makes Magisk require fewer compromises in Android's security model.

Note: as of this commit, requesting new root access via Magisk Manager
will stop working as Magisk Manager can no longer communicate with
magiskd directly. This will be addressed in a future commit that
involves changes in both native and application side.
2020-06-03 23:29:42 -07:00
topjohnwu
43029f37b1 Cleanup our tracks 2020-04-19 04:57:18 -07:00
topjohnwu
dcf07ad8c7 Directly filter '.' and '..' in xreaddir 2020-04-18 04:20:21 -07:00
topjohnwu
e0a281583d Preparation for dynamic tmpfs path 2020-04-12 05:34:56 -07:00
topjohnwu
d739dcac2b Remove dependency on magisk.hpp in libutils 2020-04-11 04:40:40 -07:00