1186 Commits

Author SHA1 Message Date
topjohnwu
e841aab9e7 Add hijack sepolicy support for rootfs devices
On older Android versions, pre-mounting selinuxfs will lead to errors,
so we have to use a different method to block init's control flow.
Since all devices that falls in this catagory must both:

1. Be Android 8.0 - 9.0
2. Have early mount fstab in its device tree

We can actually use the same FIFO trick, but this time not on selinuxfs,
but on the read-only device tree nodes in sysfs or procfs. By mocking
the fstab/compatible node in the device tree, we can block init when
it attempts to do early mount; at that point, we can then mock selinuxfs
as we normally would, successfully hijack and inject patched sepolicy.
2022-03-16 20:01:28 -07:00
topjohnwu
49f259065d Introduce new sepolicy injection mechanism
In the current implementation, Magisk will either have to recreate
all early mount implementation (for legacy SAR and rootfs devices) or
delegate early mount to first stage init (for 2SI devices) to access
required partitions for loading sepolicy. It then has to recreate the
split sepolicy loading implementation in-house, apply patches, then
dump the compiled + patched policies into monolithic format somewhere.
Finally, it patches the original init to force it to load the sepolicy
file we just created.

With the increasing complexity involved in early mount and split
sepolicy (there is even APEX module involved in the future!),
it is about time to rethink Magisk's sepolicy strategy as rebuilding
init's functionality is not scalable and easy to maintain.

In this commit, instead of building sepolicy ourselves, we mock
selinuxfs with FIFO files connected to a pre-init daemon, waiting
for the actual init process to directly write the sepolicy file into
MagiskInit. We then patch the file and load it into the kernel. Some
FIFO tricks has to be used to hijack the original init process's
control flow and prevent race conditions, details are directly in the
comments in code.

At the moment, only system-as-root (read-only root) support is added.
Support for legacy rootfs devices will come with a follow up commit.
2022-03-16 00:31:55 -07:00
topjohnwu
b10379e700 Cleanup inheritance 2022-03-14 04:22:09 -07:00
topjohnwu
810d27a618 Use /data as tmpfs mount point in 2SI setup
Design credit to @yujincheng08
Close #5146. Fix #5491, fix #3752

Previously, Magisk changes the mount point from /system to /system_root
by patching fstab to prevent the original init from changing root.
The reason why we want to prevent the original init from switching the
root directory is because it will then be read-only, making patching
and injecting magiskinit into the boot chain difficult.

This commit (ab)uses the fact that the /data folder will never be part
of early mount (because it is handled very late in the boot by vold),
so that we can use it as the mount point of tmpfs to store files.

Some advantages of this method:

- No need to switch root manually
- No need to modify fstab, which significantly improves compatibility
  e.g. avoid hacks for weird devices like those using oplus.fstab,
  and avoid hacking init to bypass fstab in device trees
- Supports skip_mount.cfg
- Support DSU
2022-03-13 05:06:08 -07:00
topjohnwu
9b60c005c7 Support multiple CPIO concatenated 2022-03-13 04:23:00 -07:00
topjohnwu
563a587882 Initialize local variables
Fix #5542
2022-03-09 20:43:42 -08:00
topjohnwu
0c681cdab4 Check null before dereferencing fds_to_ignore 2022-03-03 21:34:53 -08:00
topjohnwu
80dd37ee31 Add missing specialize arguments 2022-03-02 22:01:35 -08:00
topjohnwu
e0b5645064 Revert "Directly use getrandom system call if possible"
This reverts commit e7c82f20e3d7d7b47221b454508d07aefc14e7c0.
Fix #5516
2022-03-02 19:50:47 -08:00
topjohnwu
548d70f30c Mount with original option
Fix #5481, close #5486
2022-03-01 20:09:59 -08:00
topjohnwu
9968af0785 Move all permission check into daemon.cpp 2022-03-01 03:15:38 -08:00
topjohnwu
be7586137c Reduce C++ wizardry 2022-03-01 03:15:38 -08:00
LoveSy
7999b66c3c Refactor daemon connection 2022-03-01 03:15:38 -08:00
vvb2060
c82a46c1ee Check property before switch mem cgroup 2022-02-28 23:27:23 -08:00
vvb2060
666ab1941f Fix app request fifo wait 2022-02-28 23:26:59 -08:00
topjohnwu
e7c82f20e3 Directly use getrandom system call if possible 2022-02-16 23:57:28 -08:00
LoveSy
afa771a980 Set dlopen reserved size to unlimited 2022-02-16 23:05:17 -08:00
topjohnwu
4c80808997 Check packages.xml inode to trigger app rescan 2022-02-14 02:57:33 -08:00
topjohnwu
d021bca6ef Prevent app_process from setting umask
Fix #5435
2022-02-11 01:26:24 -08:00
topjohnwu
55ed6109c1 Use dynamic_bitset.emplace_back() 2022-02-11 01:10:26 -08:00
LoveSy
88e8f2bf83
Proper escape : and \ when binding intent 2022-02-11 01:07:28 -08:00
topjohnwu
605eae21bc Remove unnecessary read/write
Close #5425
2022-02-11 00:24:12 -08:00
topjohnwu
93eb277a88 Update error messages 2022-02-11 00:01:51 -08:00
LoveSy
8edf556c9e Fix lz4_lg compress 2022-02-10 23:50:19 -08:00
topjohnwu
7fcb63230f Support lz4_legacy archive with multiple magic
Multiple lz4_legacy archives can be directly concatenated
2022-02-10 23:49:17 -08:00
canyie
ebb0ec6c42 Make xmmap() returns nullptr when fails
In the constructor of mmap_data, there are two possible values when fails: nullptr if fstat() fails, and MAP_FAILED if mmap() fails, but mmap_data treated MAP_FAILED as valid address and crashes.
2022-02-08 00:49:47 -08:00
LoveSy
188546515c
Fix UID tracking 2022-02-08 00:49:22 -08:00
topjohnwu
c8990b0f68 Rewrite UID tracking 2022-02-07 02:46:47 -08:00
topjohnwu
3145e67feb Update data structure 2022-02-07 00:17:07 -08:00
topjohnwu
a7392ed3d7 Fix MULTIUSER_MODE_OWNER_MANAGED 2022-02-06 06:46:09 -08:00
topjohnwu
a4f97fa151 Fix buffer overflow in connect.cpp 2022-02-06 05:52:11 -08:00
LoveSy
ff7ac582f0
Refactor Zygisk loading
Co-authored-by: topjohnwu <topjohnwu@gmail.com>
2022-02-06 00:27:31 -08:00
LoveSy
d2c2456fbe
Don't use getmntent_r from system's libc
Fix #5354

Co-authored-by: topjohnwu <topjohnwu@gmail.com>
2022-02-04 23:19:12 -08:00
LoveSy
e9f562a8b7 Fix abuse of fdopendir
After `fdopendir`, the fd is no longer usable. Should dup and
make use of RAII

Co-authored-by: 残页 <31466456+canyie@users.noreply.github.com>
2022-02-04 22:54:34 -08:00
残页
79620c97d1
Invalidate Samsung's persist.sys.zygote.early
Samsung FDE devices with the "persist.sys.zygote.early=true" property will cause Zygote to start before post-fs-data. According to Magisk's document, the post-fs-data phase should always happen before Zygote is started. Features assuming this behavior (like Zygisk and modules that need to control zygote) will not work. To avoid breaking existing modules, we simply invalidate this property to prevent this non-standard behavior from happening

Fix #5299, fix #5328, fix #5308

Co-authored-by: LoveSy <shana@zju.edu.cn>
2022-02-03 00:46:52 -08:00
topjohnwu
7f65f7d3ca Separate libc.a hacks into its own component 2022-01-31 02:09:08 -08:00
topjohnwu
9fa096c6f4 Add runtime FORTIFY support
Gingerbread libc.a missing symbols
2022-01-31 01:49:37 -08:00
LoveSy
70415a396a Do not filter uid == 1000 for process info 2022-01-30 08:25:24 -08:00
topjohnwu
3bf47a6838 Update selinux 2022-01-30 08:18:04 -08:00
topjohnwu
d3d28f0623 Update to NDK r23b
Credits: @yujincheng08

Close #5193
2022-01-30 07:11:51 -08:00
topjohnwu
06531f6d06 Add annotations to suppress warnings 2022-01-25 04:16:14 -08:00
topjohnwu
2b303a7e23 Add a missing busybox patch back
Hopefully, fix #4174
2022-01-25 03:37:59 -08:00
topjohnwu
45483fde74 Update CLI usages 2022-01-25 02:04:15 -08:00
topjohnwu
2fe3082518 Update busybox 2022-01-24 23:20:36 -08:00
topjohnwu
5a889d28c8 Pick a more reasonable zopfli config
Close #4980
2022-01-24 23:07:49 -08:00
topjohnwu
c6dcff0ae7 Minor dynamic_bitset changes 2022-01-24 22:30:19 -08:00
LoveSy
02dd962601 Don't load zygisk module for magisk app 2022-01-24 03:05:12 -08:00
topjohnwu
cbe97cdfde Fix dynamic_bitset implementation 2022-01-23 04:39:00 -08:00
topjohnwu
407dfc7547 Always write 0 to fd 2022-01-23 04:19:07 -08:00
topjohnwu
fbe17dde03 Add flag for unloaded Zygisk modules 2022-01-21 05:37:47 -08:00