Commit Graph

4476 Commits

Author SHA1 Message Date
vvb2060
fc6ef7dd57 Show magisk update notification only when magisk is installed 2020-06-27 04:54:58 -07:00
mustafairaqi8
c881fd4964 Updated Arabic Translation 2020-06-25 10:02:15 -07:00
Viktor De Pasquale
4bcc2b2f03 Added bottom padding to hide screen
Close #2903
2020-06-25 10:01:37 -07:00
topjohnwu
6150055a05 Update BusyBox 2020-06-25 04:34:16 -07:00
topjohnwu
23a33b4351 Remove core only mode
Replaced by native safe mode
2020-06-21 15:59:06 -07:00
topjohnwu
e02386a6ac Move install module button to the top 2020-06-21 12:53:31 -07:00
topjohnwu
099e703834 Build compatible bytecode with newer JDKs
Fix #2898, close #2899
2020-06-21 02:43:32 -07:00
YFdyh000
1ededc637e l10n: Update Chinese Simplified translations 2020-06-20 12:12:40 -07:00
topjohnwu
0850bca9d3 Update README 2020-06-20 04:58:54 -07:00
topjohnwu
6d2fd480bf Upgrade gradle wrapper 2020-06-20 04:41:54 -07:00
vvb2060
ddf0c379be
Fix build 2020-06-20 03:03:46 -07:00
topjohnwu
45b5e89912 Remove canary debug channel
All canary builds will be debug only
2020-06-20 02:45:02 -07:00
Albert I
a748d5291a app: l10n: Update Indonesian translations
Signed-off-by: Albert I <kras@raphielgang.org>
2020-06-20 01:37:47 -07:00
Peter Meiser
f5131fae56 Update German translation 2020-06-20 01:37:27 -07:00
Chris Renshaw
f79a40a67a scripts: uninstaller fixes
- LOS Recovery can't decrypt or even mount /data, thus the installer can't do everything it needs to do and must abort, so also suggest uninstall via Manager at that point
- fix removal of addon.d script when uninstall is run via Manager on SAR
- fix removal of addon.d with dynamic/logical partitions via mapper
2020-06-20 01:37:06 -07:00
topjohnwu
43146b8316 Update su request process
Due to changes in ec3705f2ed, the app can
no longer communicate with the dameon through a socket opened on the
daemon side due to SELinux restrictions. The workaround here is to have
the daemon decide a socket name, send it to the app, have the app create
the socket server, then finally the daemon connects to the app through
the socket.
2020-06-19 03:52:25 -07:00
topjohnwu
b71b4bd4e5 Fix colors in su request dialog 2020-06-19 03:14:23 -07:00
topjohnwu
44895a86b8 Fix compilation of single applets 2020-06-19 02:45:57 -07:00
topjohnwu
eecb66f4f1 Create ForegroundTracker 2020-06-17 04:07:31 -07:00
topjohnwu
e7f1c03151 Cleanup code for su request 2020-06-17 03:47:12 -07:00
topjohnwu
56602cb9a3 Update gradle files 2020-06-17 02:33:33 -07:00
topjohnwu
1e2f776b83 Move logging.hpp 2020-06-17 01:17:28 -07:00
topjohnwu
ec3705f2ed Redesign of MagiskSU's sepolicy model
Introduce new domain `magisk_client` and new file type `magisk_exec`.

Connection to magiskd's always-on socket is restricted to magisk_client
only. Whitelisted process domains can transit to magisk_client through
executing files labelled magisk_exec. The main magisk binary shall be
the only file labelled as magisk_exec throughout the whole system.
All processes thus are no longer allowed to connect to magiskd directly
without going through the proper magisk binary.

Connection failures are silenced from audit logs with dontaudit rules,
so crazy processes which traverse through all unix domain sockets to try
connection can no longer check logcat to know the actual reason behind
EACCES, leaking the denied process policy (which is u:r:magisk:s0).

This also allows us to remove many rules that open up holes in
untrusted_app domains that were used to make remote shell work properly.
Since all processes establishing the remote shell are now restricted to
the magisk_client domain, all these rules are moved to magisk_client.
This makes Magisk require fewer compromises in Android's security model.

Note: as of this commit, requesting new root access via Magisk Manager
will stop working as Magisk Manager can no longer communicate with
magiskd directly. This will be addressed in a future commit that
involves changes in both native and application side.
2020-06-03 23:29:42 -07:00
topjohnwu
ae0dcabf43 Fix typo in sepolicy.cpp 2020-06-03 03:11:10 -07:00
topjohnwu
6030b00ee2 Remove excessive logging 2020-06-03 01:28:50 -07:00
topjohnwu
a17908f6e1 Only resolve via DoH for specific hostnames 2020-06-03 01:15:05 -07:00
topjohnwu
cb7148a24c Switch to debug logging in modules 2020-06-01 04:22:57 -07:00
topjohnwu
2f824f59dc Better logging system
Use C++ magic to strip out debug logs at compile time
2020-06-01 04:15:37 -07:00
Chris Renshaw
ad94f10205 Fix direct install on NAND devices
Co-authored-by: John Wu <topjohnwu@gmail.com>
2020-06-01 02:08:13 -07:00
Shaka Huang
02b2290b16 Correct path of x86 libraries
Signed-off-by: Shaka Huang <shakalaca@gmail.com>
2020-05-31 05:33:35 -07:00
Ilya Kushnir
f8a814a588 Fix RU strings 2020-05-31 05:32:18 -07:00
topjohnwu
4c4338cc02 Adapt to AGP 4.0 2020-05-30 13:06:03 -07:00
Facundo Montero
5675a1ae7d
app/stub: values-es: update to provide more consistency.
This update aims to provide better consistency to the Spanish
translation by properly separating each possible pronoun.

Other small grammar errors have also been corrected.
2020-05-30 12:56:37 -07:00
AioiLight
0952224c3d
Update JA strings 2020-05-30 12:56:02 -07:00
JoanVC100
4e26c10287
Fix CA strings 2020-05-30 12:55:26 -07:00
vvb2060
f3e82b9ef1
Add DoH using cloudflare-dns 2020-05-30 12:53:46 -07:00
osm0sis
e50295d337 magiskboot: add support for lz4 compressed dt (extra)
- legacy devices brought up to Android 10 may now use a compressed dt in a hdr_v0 AOSP dt variant extra section, so detect, decompress and recompress this
- so far these have only been done using lz4 compression (latest format revision magic), e.g. LOS 17.1 victara (Moto X)
2020-05-30 12:52:15 -07:00
topjohnwu
fde78be2b4 Update Android Studio 2020-05-30 12:50:08 -07:00
topjohnwu
c071ac8973 Remove unused code 2020-05-29 10:41:52 -07:00
topjohnwu
599ee57d39 Simplify sepolicy rules 2020-05-25 02:30:39 -07:00
topjohnwu
4499cebcd9 Support new sepolicy rules
Support declare new type with attribute and declare new attributes
2020-05-25 02:09:43 -07:00
topjohnwu
cd6eca1dc2 Optimize match-all-type rules
For match-all-type rules (e.g. "allow magisk * * *" used in Magisk),
we used to iterate and apply rules on all existing types. However, this
is actually unnecessary as all selinux types should have at least 1
attributes assigned to it (process types "domain", file context types
"file_type" etc.). This means in order to create rules that applies to
all types, we actually only need to create rules for all attributes.

This optimization SIGNIFICANTLY reduces the patched sepolicy that is
loaded into the kernel when running Magisk. For example on Pixel 4 XL
running Android R DP4, the sepolicy sizes are
patched (before) : 3455948
patched (after)  : 843176
stock            : 630229

The active sepolicy size actually impacts the performance of every single
operation in the operating system, because the larger the policies gets,
the longer it takes for the kernel to lookup and match rules.
2020-05-24 05:41:19 -07:00
topjohnwu
951273f8ef Cleanup some implementations 2020-05-24 04:16:40 -07:00
vvb2060
51eeb89f67 Allow consecutive points 2020-05-23 14:58:17 -07:00
topjohnwu
0efa73d96c Update selinux libs 2020-05-23 05:02:26 -07:00
topjohnwu
63512b39b2 Update NDK to r21b 2020-05-23 00:48:49 -07:00
topjohnwu
f392ade78d Rewrite sepolicy.c in C++ 2020-05-23 00:18:25 -07:00
topjohnwu
0236ab887e Several statement parsing improvements
- Update help message to match the spec
- Make tokenization not seg fault in certain conditions
- Moar template + macro magic to reduce boilerplate
2020-05-22 14:05:56 -07:00
topjohnwu
d4baae411b Modernize magiskpolicy 2020-05-21 06:48:02 -07:00
topjohnwu
e02e46d0fc Detect volume down key combo for safe mode
It is possible that a module is breaking the device so bad that zygote
cannot even be started. In this case, system_server cannot start and
detect the safe mode key combo, set the persist property, and reboot.

Also on old Android versions, the system directly goes to safe mode
after detecting a key combo without rebooting, defeating the purpose of
Magisk's safe mode protection if we only check for the persist property.

Directly adding key combo check natively in magiskd allows us to enter
Magisk safe mode before the system is even aware of it.
2020-05-19 04:57:47 -07:00