vvb2060
d19fcd5e21
Check path when start daemon
2022-05-29 09:08:05 -07:00
vvb2060
0b5f973b31
Print message when getting original app_process fails
2022-05-29 03:46:31 -07:00
topjohnwu
490a784993
Handle zygote restarts
2022-05-28 22:39:44 -07:00
topjohnwu
9c774f96db
Use exec for boot_complete
2022-05-28 16:53:04 -07:00
topjohnwu
8dfb30fefe
Skip cert check on debug builds
2022-05-24 05:39:16 -07:00
topjohnwu
2a252d13b8
Enforce dyn APK signature in stub app
2022-05-24 05:21:36 -07:00
topjohnwu
083ef803fe
Enforce package signature verification
2022-05-20 04:37:58 -07:00
topjohnwu
351f0269ae
Install stub if necessary
2022-05-19 22:54:49 -07:00
topjohnwu
a29ae15ff7
Proper get_manager implementation
2022-05-19 02:39:57 -07:00
topjohnwu
34dded3b25
Fix denylist on shared UID apps
2022-05-18 01:59:45 -07:00
topjohnwu
975b1a5e36
Prune unused UIDs from su policies
2022-05-18 01:55:58 -07:00
topjohnwu
c11ccbae2d
Extract vbmeta from footer
...
Do not scan manually, extract properly from footer like libavb
2022-05-13 02:49:18 -07:00
topjohnwu
985249c3d0
Support GKIs without ramdisk
...
Fix #5819
2022-05-12 03:04:55 -07:00
topjohnwu
622e09862a
Restructure native codebase
2022-05-12 02:03:51 -07:00
残页
7505599ea0
Skip invalid slot_suffix argument
...
Many Amlogic devices (e.g. FireTV 2nd gen Cube, Vero 4k+, MI Smart Speaker, etc.) are A-only with androidboot.slot_suffix=normal argument. I think "normal" actually means A-only in this case so just ignore it.
Fix topjohnwu#5806
2022-05-12 00:37:22 -07:00
topjohnwu
575c417403
More detailed comments and documentation
2022-05-11 21:12:37 -07:00
topjohnwu
9f7a3db8be
Move cert extraction to its own file
2022-05-11 21:12:37 -07:00
topjohnwu
029422679c
Remove enforcement
...
Enforcement will be re-implemented later
2022-05-11 21:12:37 -07:00
vvb2060
05d6d2b51b
Verify app signature
2022-05-11 21:12:37 -07:00
topjohnwu
24603b3cef
Update Android Studio
2022-05-09 20:53:47 -07:00
topjohnwu
90545057e9
Always initialize module_list
...
Close #5712
2022-05-06 01:40:19 -07:00
canyie
4f1a1879e5
Misc QoL changes
...
- su: Preserve correct capacity to avoid vector reallocation
- su: Properly format code
- daemon: Remove useless `if`
- docs: Remove outdated info
2022-05-06 01:01:58 -07:00
topjohnwu
134508193d
Mock selinuxfs load with regular file
...
The hijacked load node does not need to be a FIFO. A FIFO is only
required for blocking init's control flow, which is already achieved
by hijacking the enforce node.
2022-04-16 07:28:20 -07:00
topjohnwu
3358eab991
Switch to use ONDK
2022-04-15 12:20:18 -07:00
vvb2060
f97866a961
Close stub fd
2022-04-13 23:19:14 -07:00
vvb2060
e1987c42c4
Cleanup SELinux mock files
2022-04-13 23:18:55 -07:00
canyie
18566715e1
Fix MAGISKTMP unmount for CLI
2022-04-10 01:44:16 -07:00
topjohnwu
63a89d9f04
Fix init dmesg logs
2022-04-08 02:38:30 -07:00
canyie
b4099fc5f9
Support sepolicy.unlocked
...
Fix topjohnwu#4914
2022-04-08 02:24:20 -07:00
topjohnwu
ff2513e276
Use LD_PRELOAD to intercept sepolicy on 2SI init
2022-04-08 02:13:31 -07:00
topjohnwu
f24d52436b
Deduplicate logic
2022-04-08 00:20:21 -07:00
vvb2060
9de6e8846b
Dump stub app to MAGISKTMP/stub.apk
2022-04-07 23:20:42 -07:00
vvb2060
01a1213463
/data/adb/magisk/magisk.apk no longer exists
2022-04-07 23:20:42 -07:00
canyie
448384af06
Guard su request IPC
...
Previously `read_string()` calls `std::string.resize()` with a int read from remote process. When I/O error occurs, -1 will be used for resizing the string, `std::bad_alloc` is thrown and since magisk is compiled with `-fno-exceptions`, it will crash the whole daemon process.
May fix topjohnwu#5681
2022-04-06 21:15:07 -07:00
canyie
3f840f53a0
Check device tree fstab entries are compatible
...
Fix topjohnwu#5664
2022-04-02 04:28:30 -07:00
topjohnwu
704f91545e
Reorganize magiskpolicy source code
2022-03-29 22:26:38 -07:00
topjohnwu
efb3239cbd
Drop package_name column
2022-03-28 02:05:09 -07:00
topjohnwu
7e7ddeb9e2
Cleanup database migration code
2022-03-28 00:59:16 -07:00
LoveSy
9e8218089b
Only dlopen valid fd
2022-03-26 13:48:53 -07:00
topjohnwu
9f1740cc4f
Add preliminary shared UID app support
2022-03-25 13:08:13 -07:00
topjohnwu
b1faa5eed4
Update BusyBox
...
Close #5620
2022-03-22 04:18:12 -07:00
LoveSy
7f1f0b9048
Proper support multiple modules adding same dir
2022-03-21 15:53:49 -07:00
LoveSy
183e5f2ecc
Fix xhook cannot hook app_process
...
Co-authored-by: canyie <31466456+canyie@users.noreply.github.com>
Co-authored-by: John Wu <topjohnwu@gmail.com>
2022-03-21 15:52:38 -07:00
topjohnwu
3dc7d77ea9
Patch monolithic sepolicy only if not treble
2022-03-19 20:21:31 -07:00
残页
0f07bbb3e5
Device using split policy can still have monolithic sepolicy file
2022-03-19 12:37:48 -07:00
LoveSy
dd5a3416bf
Fix multiple modules adding the same subdirectory
2022-03-19 12:28:54 -07:00
LoveSy
2fb49ad780
Don't always mock selinux enforce as "0"
2022-03-19 12:28:32 -07:00
topjohnwu
876132694d
Make /dev always writable
2022-03-18 04:58:37 -07:00
topjohnwu
753808a4ce
Also hijack plat_file_contexts if necessary
...
Since Android 13, sepolicy are also loaded from APEX modules. Part
of the change is to run restorecon before SELinux is set to enforce.
In order to support this situation, we also hijack plat_file_contexts
if necessary to properly order our operations.
Original idea credits to @yujincheng08, close #5603
2022-03-18 00:46:34 -07:00
topjohnwu
32cd694ad5
SAR can also have monolithic sepolicy
2022-03-17 22:32:49 -07:00