1233 Commits

Author SHA1 Message Date
topjohnwu
a29ae15ff7 Proper get_manager implementation 2022-05-19 02:39:57 -07:00
topjohnwu
34dded3b25 Fix denylist on shared UID apps 2022-05-18 01:59:45 -07:00
topjohnwu
975b1a5e36 Prune unused UIDs from su policies 2022-05-18 01:55:58 -07:00
topjohnwu
c11ccbae2d Extract vbmeta from footer
Do not scan manually, extract properly from footer like libavb
2022-05-13 02:49:18 -07:00
topjohnwu
985249c3d0 Support GKIs without ramdisk
Fix #5819
2022-05-12 03:04:55 -07:00
topjohnwu
622e09862a Restructure native codebase 2022-05-12 02:03:51 -07:00
残页
7505599ea0 Skip invalid slot_suffix argument
Many Amlogic devices (e.g. FireTV 2nd gen Cube, Vero 4k+, MI Smart Speaker, etc.) are A-only with androidboot.slot_suffix=normal argument. I think "normal" actually means A-only in this case so just ignore it.

Fix topjohnwu#5806
2022-05-12 00:37:22 -07:00
topjohnwu
575c417403 More detailed comments and documentation 2022-05-11 21:12:37 -07:00
topjohnwu
9f7a3db8be Move cert extraction to its own file 2022-05-11 21:12:37 -07:00
topjohnwu
029422679c Remove enforcement
Enforcement will be re-implemented later
2022-05-11 21:12:37 -07:00
vvb2060
05d6d2b51b Verify app signature 2022-05-11 21:12:37 -07:00
topjohnwu
24603b3cef Update Android Studio 2022-05-09 20:53:47 -07:00
topjohnwu
90545057e9 Always initialize module_list
Close #5712
2022-05-06 01:40:19 -07:00
canyie
4f1a1879e5 Misc QoL changes
- su: Preserve correct capacity to avoid vector reallocation
- su: Properly format code
- daemon: Remove useless `if`
- docs: Remove outdated info
2022-05-06 01:01:58 -07:00
topjohnwu
134508193d Mock selinuxfs load with regular file
The hijacked load node does not need to be a FIFO. A FIFO is only
required for blocking init's control flow, which is already achieved
by hijacking the enforce node.
2022-04-16 07:28:20 -07:00
topjohnwu
3358eab991 Switch to use ONDK 2022-04-15 12:20:18 -07:00
vvb2060
f97866a961 Close stub fd 2022-04-13 23:19:14 -07:00
vvb2060
e1987c42c4 Cleanup SELinux mock files 2022-04-13 23:18:55 -07:00
canyie
18566715e1 Fix MAGISKTMP unmount for CLI 2022-04-10 01:44:16 -07:00
topjohnwu
63a89d9f04 Fix init dmesg logs 2022-04-08 02:38:30 -07:00
canyie
b4099fc5f9 Support sepolicy.unlocked
Fix topjohnwu#4914
2022-04-08 02:24:20 -07:00
topjohnwu
ff2513e276 Use LD_PRELOAD to intercept sepolicy on 2SI init 2022-04-08 02:13:31 -07:00
topjohnwu
f24d52436b Deduplicate logic 2022-04-08 00:20:21 -07:00
vvb2060
9de6e8846b Dump stub app to MAGISKTMP/stub.apk 2022-04-07 23:20:42 -07:00
vvb2060
01a1213463 /data/adb/magisk/magisk.apk no longer exists 2022-04-07 23:20:42 -07:00
canyie
448384af06 Guard su request IPC
Previously `read_string()` calls `std::string.resize()` with a int read from remote process. When I/O error occurs, -1 will be used for resizing the string, `std::bad_alloc` is thrown and since magisk is compiled with `-fno-exceptions`, it will crash the whole daemon process.

May fix topjohnwu#5681
2022-04-06 21:15:07 -07:00
canyie
3f840f53a0 Check device tree fstab entries are compatible
Fix topjohnwu#5664
2022-04-02 04:28:30 -07:00
topjohnwu
704f91545e Reorganize magiskpolicy source code 2022-03-29 22:26:38 -07:00
topjohnwu
efb3239cbd Drop package_name column 2022-03-28 02:05:09 -07:00
topjohnwu
7e7ddeb9e2 Cleanup database migration code 2022-03-28 00:59:16 -07:00
LoveSy
9e8218089b Only dlopen valid fd 2022-03-26 13:48:53 -07:00
topjohnwu
9f1740cc4f Add preliminary shared UID app support 2022-03-25 13:08:13 -07:00
topjohnwu
b1faa5eed4 Update BusyBox
Close #5620
2022-03-22 04:18:12 -07:00
LoveSy
7f1f0b9048 Proper support multiple modules adding same dir 2022-03-21 15:53:49 -07:00
LoveSy
183e5f2ecc
Fix xhook cannot hook app_process
Co-authored-by: canyie <31466456+canyie@users.noreply.github.com>
Co-authored-by: John Wu <topjohnwu@gmail.com>
2022-03-21 15:52:38 -07:00
topjohnwu
3dc7d77ea9 Patch monolithic sepolicy only if not treble 2022-03-19 20:21:31 -07:00
残页
0f07bbb3e5 Device using split policy can still have monolithic sepolicy file 2022-03-19 12:37:48 -07:00
LoveSy
dd5a3416bf Fix multiple modules adding the same subdirectory 2022-03-19 12:28:54 -07:00
LoveSy
2fb49ad780 Don't always mock selinux enforce as "0" 2022-03-19 12:28:32 -07:00
topjohnwu
876132694d Make /dev always writable 2022-03-18 04:58:37 -07:00
topjohnwu
753808a4ce Also hijack plat_file_contexts if necessary
Since Android 13, sepolicy are also loaded from APEX modules. Part
of the change is to run restorecon before SELinux is set to enforce.
In order to support this situation, we also hijack plat_file_contexts
if necessary to properly order our operations.

Original idea credits to @yujincheng08, close #5603
2022-03-18 00:46:34 -07:00
topjohnwu
32cd694ad5 SAR can also have monolithic sepolicy 2022-03-17 22:32:49 -07:00
topjohnwu
f008420891 Make magiskinit not magiskpolicy 2022-03-17 03:36:40 -07:00
topjohnwu
fa8900be65 Use standalone magiskpolicy 2022-03-17 03:15:39 -07:00
LoveSy
69c2f407d6 Log if failed to dlopen a zygisk module 2022-03-17 02:25:31 -07:00
topjohnwu
8dbf93750f Reorganize magiskinit code 2022-03-16 21:41:20 -07:00
topjohnwu
e266a81167 Remove unused code 2022-03-16 21:31:22 -07:00
topjohnwu
e841aab9e7 Add hijack sepolicy support for rootfs devices
On older Android versions, pre-mounting selinuxfs will lead to errors,
so we have to use a different method to block init's control flow.
Since all devices that falls in this catagory must both:

1. Be Android 8.0 - 9.0
2. Have early mount fstab in its device tree

We can actually use the same FIFO trick, but this time not on selinuxfs,
but on the read-only device tree nodes in sysfs or procfs. By mocking
the fstab/compatible node in the device tree, we can block init when
it attempts to do early mount; at that point, we can then mock selinuxfs
as we normally would, successfully hijack and inject patched sepolicy.
2022-03-16 20:01:28 -07:00
topjohnwu
49f259065d Introduce new sepolicy injection mechanism
In the current implementation, Magisk will either have to recreate
all early mount implementation (for legacy SAR and rootfs devices) or
delegate early mount to first stage init (for 2SI devices) to access
required partitions for loading sepolicy. It then has to recreate the
split sepolicy loading implementation in-house, apply patches, then
dump the compiled + patched policies into monolithic format somewhere.
Finally, it patches the original init to force it to load the sepolicy
file we just created.

With the increasing complexity involved in early mount and split
sepolicy (there is even APEX module involved in the future!),
it is about time to rethink Magisk's sepolicy strategy as rebuilding
init's functionality is not scalable and easy to maintain.

In this commit, instead of building sepolicy ourselves, we mock
selinuxfs with FIFO files connected to a pre-init daemon, waiting
for the actual init process to directly write the sepolicy file into
MagiskInit. We then patch the file and load it into the kernel. Some
FIFO tricks has to be used to hijack the original init process's
control flow and prevent race conditions, details are directly in the
comments in code.

At the moment, only system-as-root (read-only root) support is added.
Support for legacy rootfs devices will come with a follow up commit.
2022-03-16 00:31:55 -07:00
topjohnwu
b10379e700 Cleanup inheritance 2022-03-14 04:22:09 -07:00