Fix SuperSU installation

README.MD

@@ -1,8 +1,8 @@
 # Magisk
-###Static binaries included:  
+### Static binaries included:  
 * Busybox: http://forum.xda-developers.com/android/software-hacking/tool-busybox-flashable-archs-t3348543
 
-###How to build Magisk
+### How to build Magisk
 1. Download and install NDK
 2. Add the NDK directory into PATH  
 To check if the PATH is set correctly, try calling `which ndk-build` (`where ndk-build` on Windows) and see if it shows the NDK directory

build.cmd

@@ -102,7 +102,7 @@ EXIT /B %ERRORLEVEL%
   ECHO ************************
   ECHO * Copying Files
   ECHO ************************
-  COPY /Y scripts\ramdisk_patch.sh zip_static\common\ramdisk_patch.sh
+  COPY /Y scripts\custom_ramdisk_patch.sh zip_static\common\custom_ramdisk_patch.sh
   COPY /Y scripts\init.magisk.rc zip_static\common\init.magisk.rc
   COPY /Y binaries\busybox-arm zip_static\arm\busybox
   COPY /Y binaries\busybox-arm64 zip_static\arm64\busybox

build.sh

@@ -75,7 +75,7 @@ zip_package() {
   echo "************************"
   echo "* Copying files"
   echo "************************"
-  cp -afv scripts/ramdisk_patch.sh zip_static/common/ramdisk_patch.sh
+  cp -afv scripts/custom_ramdisk_patch.sh zip_static/common/custom_ramdisk_patch.sh
   cp -afv scripts/init.magisk.rc zip_static/common/init.magisk.rc
   cp -afv binaries/busybox-arm zip_static/arm/busybox
   cp -afv binaries/busybox-arm64 zip_static/arm64/busybox

jni/magiskboot/compress.c

@@ -1,10 +1,20 @@
 #include <zlib.h>
 #include <lzma.h>
+#include <lz4.h>
 #include <lz4frame.h>
 #include <bzlib.h>
 
 #include "magiskboot.h"
 
+#define windowBits 15
+#define ZLIB_GZIP 16
+#define memLevel 8
+#define CHUNK 0x40000
+
+#define LZ4_HEADER_SIZE 19
+#define LZ4_FOOTER_SIZE 4
+#define LZ4_LEGACY_BLOCKSIZE  0x800000
+
 static void write_file(const int fd, const void *buf, const size_t size, const char *filename) {
 	if (write(fd, buf, size) != size)
 		error(1, "Error in writing %s", filename);
@@ -154,6 +164,7 @@ void lzma(int mode, const char* filename, const unsigned char* buf, size_t size)
 	} while (pos < size);
 
 	lzma_end(&strm);
+	close(fd);
 }
 
 // Mode: 0 = decode; 1 = encode
@@ -265,6 +276,7 @@ void lz4(int mode, const char* filename, const unsigned char* buf, size_t size)
 	}
 
 	free(out);
+	close(fd);
 }
 
 // Mode: 0 = decode; 1 = encode
@@ -335,6 +347,75 @@ void bzip2(int mode, const char* filename, const unsigned char* buf, size_t size
 	close(fd);
 }
 
+// Mode: 0 = decode; 1 = encode
+void lz4_legacy(int mode, const char* filename, const unsigned char* buf, size_t size) {
+	size_t pos = 0;
+	int have;
+	char *out;
+	unsigned block_size, insize;
+	unsigned char block_size_le[4];
+
+
+	report(mode, filename);
+	int fd = open_new(filename);
+
+	switch(mode) {
+		case 0:
+			out = malloc(LZ4_LEGACY_BLOCKSIZE);
+			// Skip magic
+			pos += 4;
+			break;
+		case 1:
+			out = malloc(LZ4_COMPRESSBOUND(LZ4_LEGACY_BLOCKSIZE));
+			// Write magic
+			write_file(fd, "\x02\x21\x4c\x18", 4, filename);
+			break;
+		default:
+			error(1, "Unsupported lz4_legacy mode!");
+	}
+
+	if (!out)
+		error(1, "lz4_legacy malloc error");
+
+	do {
+		switch(mode) {
+			case 0:
+				block_size = buf[pos];
+				block_size += (buf[pos + 1]<<8);
+				block_size += (buf[pos + 2]<<16);
+				block_size += ((unsigned)buf[pos + 3])<<24;
+				pos += 4;
+				if (block_size > LZ4_COMPRESSBOUND(LZ4_LEGACY_BLOCKSIZE))
+					error(1, "lz4_legacy block size too large!");
+				have = LZ4_decompress_safe((const char*) (buf + pos), out, block_size, LZ4_LEGACY_BLOCKSIZE);
+				if (have < 0)
+					error(1, "Cannot decode lz4_legacy block");
+				pos += block_size;
+				break;
+			case 1:
+				if (pos + LZ4_LEGACY_BLOCKSIZE >= size)
+					insize = size - pos;
+				else
+					insize = LZ4_LEGACY_BLOCKSIZE;
+				have = LZ4_compress_default((const char*) (buf + pos), out, insize, LZ4_COMPRESSBOUND(LZ4_LEGACY_BLOCKSIZE));
+				if (have == 0)
+					error(1, "lz4_legacy compression error");
+				pos += insize;
+				block_size_le[0] = (unsigned char)have;
+				block_size_le[1] = (unsigned char)(have >> 8);
+				block_size_le[2] = (unsigned char)(have >> 16);
+				block_size_le[3] = (unsigned char)(have >> 24);
+				write_file(fd, block_size_le, 4, filename);
+				break;
+		}
+		// Write main data
+		write_file(fd, out, have, filename);
+	} while(pos < size);
+
+	free(out);
+	close(fd);
+}
+
 int decomp(file_t type, const char *to, const unsigned char *from, size_t size) {
 	switch (type) {
 		case GZIP:
@@ -352,6 +433,9 @@ int decomp(file_t type, const char *to, const unsigned char *from, size_t size)
 		case LZ4:
 			lz4(0, to, from, size);
 			break;
+		case LZ4_LEGACY:
+			lz4_legacy(0, to, from, size);
+			break;
 		default:
 			// Unsupported
 			return 1;
@@ -391,6 +475,11 @@ int comp(file_t type, const char *to, const unsigned char *from, size_t size) {
 				sprintf(name, "%s.%s", to, "lz4");
 			lz4(1, name, from, size);
 			break;
+		case LZ4_LEGACY:
+			if (strcmp(ext, ".lz4") != 0)
+				sprintf(name, "%s.%s", to, "lz4");
+			lz4_legacy(1, name, from, size);
+			break;
 		default:
 			// Unsupported
 			return 1;
@@ -427,6 +516,7 @@ void decomp_file(char *from, const char *to) {
 			if (strcmp(ext, ".bz2") != 0)
 				ok = 0;
 			break;
+		case LZ4_LEGACY:
 		case LZ4:
 			if (strcmp(ext, ".lz4") != 0)
 				ok = 0;
@@ -461,6 +551,8 @@ void comp_file(const char *method, const char *from, const char *to) {
 		type = LZMA;
 	} else if (strcmp(method, "lz4") == 0) {
 		type = LZ4;
+	} else if (strcmp(method, "lz4_legacy") == 0) {
+		type = LZ4_LEGACY;
 	} else if (strcmp(method, "bzip2") == 0) {
 		type = BZIP2;
 	} else {

jni/magiskboot/cpio.c

@@ -195,18 +195,19 @@ static void cpio_add(mode_t mode, const char *entry, const char *filename, vecto
 }
 
 static void cpio_test(vector *v) {
+	#define MAGISK_PATCH  0x1
+	#define SUPERSU_PATCH 0x2
 	int ret = 0;
 	cpio_file *f;
 	vec_for_each(v, f) {
 		if (strcmp(f->filename, "sbin/launch_daemonsu.sh") == 0) {
-			if (!ret) ret = 2;
+			ret |= SUPERSU_PATCH;
 		} else if (strcmp(f->filename, "init.magisk.rc") == 0) {
-			ret = 1;
+			ret |= MAGISK_PATCH;
-			break;
 		}
 	}
 	cpio_vec_destroy(v);
-	exit(ret);
+	exit((ret & SUPERSU_PATCH) ? SUPERSU_PATCH : (ret & MAGISK_PATCH));
 }
 
 static int check_verity_pattern(const char *s) {

jni/magiskboot/magiskboot.h

@@ -16,14 +16,6 @@
 #include "bootimg.h"
 #include "sha1.h"
 
-#define windowBits 15
-#define ZLIB_GZIP 16
-#define memLevel 8
-#define CHUNK 0x40000
-
-#define LZ4_HEADER_SIZE 19
-#define LZ4_FOOTER_SIZE 4
-
 #define CHROMEOS_MAGIC      "CHROMEOS"
 #define CHROMEOS_MAGIC_SIZE 8
 
@@ -33,9 +25,6 @@
 #define DTB_FILE            "dtb"
 #define NEW_BOOT            "new-boot.img"
 
-#define SUP_LIST "gzip, xz, lzma, lz4, bzip2"
-#define SUP_NUM 5
-
 typedef enum {
     UNKNOWN,
     CHROMEOS,
@@ -47,6 +36,7 @@ typedef enum {
     LZMA,
     BZIP2,
     LZ4,
+    LZ4_LEGACY,
     MTK,
     QCDT,
 } file_t;
@@ -64,11 +54,14 @@ typedef enum {
     RESTORE
 } command_t;
 
+#define SUP_LIST "gzip, xz, lzma, bzip2, lz4, lz4_legacy"
+#define SUP_NUM 6
+
+// Cannot declare in header, but place a copy here for convenience
+// char *SUP_EXT_LIST[SUP_NUM] = { "gz", "xz", "lzma", "bz2", "lz4", "lz4" };
+// file_t SUP_TYPE_LIST[SUP_NUM] = { GZIP, XZ, LZMA, BZIP2, LZ4, LZ4_LEGACY };
 extern char *SUP_EXT_LIST[SUP_NUM];
 extern file_t SUP_TYPE_LIST[SUP_NUM];
-// Cannot declare in header, but place a copy here for convenience
-// char *SUP_EXT_LIST[SUP_NUM] = { "gz", "xz", "lzma", "bz2", "lz4" };
-// file_t SUP_TYPE_LIST[SUP_NUM] = { GZIP, XZ, LZMA, BZIP2, LZ4 };
 
 // Vector
 typedef struct vector {
@@ -109,6 +102,7 @@ void gzip(int mode, const char* filename, const unsigned char* buf, size_t size)
 void lzma(int mode, const char* filename, const unsigned char* buf, size_t size);
 void lz4(int mode, const char* filename, const unsigned char* buf, size_t size);
 void bzip2(int mode, const char* filename, const unsigned char* buf, size_t size);
+void lz4_legacy(int mode, const char* filename, const unsigned char* buf, size_t size);
 int comp(file_t type, const char *to, const unsigned char *from, size_t size);
 void comp_file(const char *method, const char *from, const char *to);
 int decomp(file_t type, const char *to, const unsigned char *from, size_t size);

jni/magiskboot/main.c

@@ -35,7 +35,7 @@ static void usage(char *arg0) {
 	fprintf(stderr, "\n");
 
 	fprintf(stderr, "%s --compress[=method] <infile> [outfile]\n", arg0);
-	fprintf(stderr, "  Compress <infile> with [method](default: gzip), optionally to [outfile]\n  Supported methods: " SUP_LIST "\n");
+	fprintf(stderr, "  Compress <infile> with [method] (default: gzip), optionally to [outfile]\n  Supported methods: " SUP_LIST "\n");
 	fprintf(stderr, "\n");
 
 	fprintf(stderr, "%s --decompress <infile> [outfile]\n", arg0);

jni/magiskboot/parseimg.c

@@ -16,9 +16,10 @@ static void check_headers() {
 		printf("MTK header found in kernel\n");
 		mtk_kernel = 1;
 	}
-	if (check_type(ramdisk) == MTK) {
+	if (ramdisk_type == MTK) {
 		printf("MTK header found in ramdisk\n");
 		mtk_ramdisk = 1;
+		ramdisk_type = check_type(ramdisk + 512);
 	}
 
 	// Check dtb if ELF boot

jni/magiskboot/repack.c

@@ -53,7 +53,7 @@ void repack(const char* orig_image, const char* out_image) {
 	// Restore kernel
 	if (mtk_kernel) {
 		mtk_kernel_off = lseek(fd, 0, SEEK_CUR);
-		write_zero(fd, 512);
+		restore_buf(fd, kernel, 512);
 		memcpy(&mtk_kernel_hdr, kernel, sizeof(mtk_kernel_hdr));
 	}
 	hdr.kernel_size = restore(KERNEL_FILE, fd);
@@ -62,7 +62,7 @@ void repack(const char* orig_image, const char* out_image) {
 	// Restore ramdisk
 	if (mtk_ramdisk) {
 		mtk_ramdisk_off = lseek(fd, 0, SEEK_CUR);
-		write_zero(fd, 512);
+		restore_buf(fd, ramdisk, 512);
 		memcpy(&mtk_ramdisk_hdr, ramdisk, sizeof(mtk_ramdisk_hdr));
 	}
 	if (access(RAMDISK_FILE, R_OK) == 0) {

jni/magiskboot/utils.c

@@ -1,8 +1,8 @@
 #include "magiskboot.h"
 #include "elf.h"
 
-char *SUP_EXT_LIST[SUP_NUM] = { "gz", "xz", "lzma", "bz2", "lz4" };
+char *SUP_EXT_LIST[SUP_NUM] = { "gz", "xz", "lzma", "bz2", "lz4", "lz4" };
-file_t SUP_TYPE_LIST[SUP_NUM] = { GZIP, XZ, LZMA, BZIP2, LZ4 };
+file_t SUP_TYPE_LIST[SUP_NUM] = { GZIP, XZ, LZMA, BZIP2, LZ4, LZ4_LEGACY };
 
 void mmap_ro(const char *filename, unsigned char **buf, size_t *size) {
 	int fd = open(filename, O_RDONLY);
@@ -42,10 +42,10 @@ file_t check_type(const unsigned char *buf) {
 		return LZMA;
 	} else if (memcmp(buf, "BZh", 3) == 0) {
 		return BZIP2;
-	} else if ( (  memcmp(buf, "\x04\x22\x4d\x18", 4) == 0 
+	} else if (memcmp(buf, "\x04\x22\x4d\x18", 4) == 0) {
-				|| memcmp(buf, "\x03\x21\x4c\x18", 4) == 0) 
-				|| memcmp(buf, "\x02\x21\x4c\x18", 4) == 0) {
 		return LZ4;
+	} else if (memcmp(buf, "\x02\x21\x4c\x18", 4) == 0) {
+		return LZ4_LEGACY;
 	} else if (memcmp(buf, "\x88\x16\x88\x58", 4) == 0) {
 		return MTK;
 	} else if (memcmp(buf, "QCDT", 4) == 0) {
@@ -129,6 +129,9 @@ void print_info() {
 		case LZ4:
 			printf("COMPRESSION [%s]\n", "lz4");
 			break;
+		case LZ4_LEGACY:
+			printf("COMPRESSION [%s]\n", "lz4_legacy");
+			break;
 		default:
 			fprintf(stderr, "Unknown ramdisk format!\n");
 	}

jni/magiskhide/list_monitor.c

@@ -15,7 +15,7 @@ void *monitor_list(void *path) {
 				fprintf(logfile, "MagiskHide: Unable to watch %s\n", listpath);
 				exit(1);
 			}
-			if (inotify_add_watch(inotifyFd, listpath, IN_MODIFY) == -1) {
+			if (inotify_add_watch(inotifyFd, listpath, IN_CLOSE_WRITE) == -1) {
 				fprintf(logfile, "MagiskHide: Unable to watch %s\n", listpath);
 				exit(1);
 			}

jni/magiskhide/magiskhide.h

@@ -22,6 +22,7 @@
 #define HIDELIST 		"/magisk/.core/magiskhide/hidelist"
 #define DUMMYPATH		"/dev/magisk/dummy"
 #define ENFORCE_FILE 	"/sys/fs/selinux/enforce"
+#define POLICY_FILE 	"/sys/fs/selinux/policy"
 #define SEPOLICY_INJECT "/data/magisk/magiskpolicy"
 
 // Main thread

jni/magiskhide/proc_monitor.c

@@ -1,7 +1,7 @@
 #include "magiskhide.h"
 
 void monitor_proc() {
-	int pid, badns, zygote_num = 0;
+	int pid, badns, i, zygote_num = 0;
 	char init_ns[32], zygote_ns[2][32];
 
 	// Get the mount namespace of init
@@ -26,12 +26,30 @@ void monitor_proc() {
 		fprintf(logfile, "Zygote(%d) ns=%s ", i, zygote_ns[i]);
 	fprintf(logfile, "\n");
 
+	// get a sample line from am_proc_start
+	p = popen("logcat -b events -v raw -s am_proc_start -t 1", "r");
+
+	/**
+	 *	Format of am_proc_start is (as of Android 5.1 and 6.0)
+	 *	UserID, pid, unix uid, processName, hostingType, hostingName
+	 *	but sometimes can have 7 fields, with processName as 5th field
+	 */
+	fgets(buffer, sizeof(buffer), p);
+	int commas = 0;
+	char *s = buffer;
+	for (i = 0;s[i] != '\0';i++) {
+		if (s[i] == ',')
+			commas++;
+
+	}
+	int numFields = commas + 1;
+
+	pclose(p);
+
 	// Monitor am_proc_start
-	p = popen("while true; do logcat -b events -c; logcat -b events -v raw -s am_proc_start; sleep 1; done", "r");
+	p = popen("logcat -b events -c; logcat -b events -v raw -s am_proc_start", "r");
 
 	while(!feof(p)) {
-		//Format of am_proc_start is (as of Android 5.1 and 6.0)
-		//UserID, pid, unix uid, processName, hostingType, hostingName
 		fgets(buffer, sizeof(buffer), p);
 
 		char *pos = buffer;
@@ -43,7 +61,13 @@ void monitor_proc() {
 		}
 
 		char processName[256];
-		int ret = sscanf(buffer, "[%*d %d %*d %256s", &pid, processName);
+		int ret;
+
+		if (numFields == 7) {
+			ret = sscanf(buffer, "[%*d %d %*d %*d %256s", &pid, processName);
+		} else {
+			ret = sscanf(buffer, "[%*d %d %*d %256s", &pid, processName);
+		}
 
 		if(ret != 2)
 			continue;
@@ -79,4 +103,4 @@ void monitor_proc() {
 
 	// Close the logcat monitor
 	pclose(p);
-}
+}

jni/magiskhide/util.c

@@ -60,25 +60,37 @@ void run_as_daemon() {
 
 void manage_selinux() {
 	char *argv[] = { SEPOLICY_INJECT, "--live", "permissive *", NULL };
-	char str[20];
+	char val[1];
 	int fd, ret;
-	fd = open(ENFORCE_FILE, O_RDONLY);
+	fd = open(ENFORCE_FILE, O_RDWR);
 	if (fd < 0)
 		return;
-	ret = read(fd, str, 20);
+	if (read(fd, val, 1) < 1)
-	close(fd);
-	if (ret < 1)
 		return;
+	lseek(fd, 0, SEEK_SET);
 	// Permissive
-	if (str[0] == '0') {
+	if (val[0] == '0') {
-		fprintf(logfile, "MagiskHide: Permissive detected, switching to pseudo enforced\n");
+
-		fd = open(ENFORCE_FILE, O_RDWR);
+		fprintf(logfile, "MagiskHide: Permissive detected\n");
-		if (fd < 0)
+
+		if (write(fd, "1", 1) < 1)
 			return;
-		ret = write(fd, "1", 1);
+		lseek(fd, 0, SEEK_SET);
+
+		if (read(fd, val, 1) < 1)
+			return;
+		lseek(fd, 0, SEEK_SET);
 		close(fd);
-		if (ret < 1)
+
+		if (val[0] == '0') {
+			fprintf(logfile, "MagiskHide: Unable to set to enforce, hide the state\n");
+			chmod(ENFORCE_FILE, 0640);
+			chmod(POLICY_FILE, 0440);
 			return;
+		}
+
+		fprintf(logfile, "MagiskHide: Calling magiskpolicy for pseudo enforce mode\n");
+
 		switch(fork()) {
 			case -1:
 				return;

jni/resetprop/Android.mk

@@ -4,4 +4,5 @@ include $(CLEAR_VARS)
 LOCAL_MODULE := resetprop
 LOCAL_SRC_FILES := resetprop.cpp system_properties.cpp libc_logging.cpp
 LOCAL_LDLIBS += -latomic
+LOCAL_CFLAGS := -Wno-implicit-exception-spec-mismatch
 include $(BUILD_EXECUTABLE)

scripts/custom_ramdisk_patch.sh

@@ -0,0 +1,57 @@
+#!/system/bin/sh
+
+RAMDISK=$1
+
+TMPDIR=/dev/tmp
+MAGISKBIN=/data/magisk
+[ ! -e $MAGISKBIN ] && MAGISKBIN=/cache/data_bin
+[ ! -e $MAGISKBIN ] && exit 1
+SYSTEMLIB=/system/lib
+[ -d /system/lib64 ] && SYSTEMLIB=/system/lib64
+
+mkdir -p $TMPDIR 2>/dev/null
+cd $TMPDIR
+
+cpio_add() {
+  LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-add $RAMDISK $RAMDISK $1 $2 $3
+}
+
+cpio_extract() {
+  LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-extract $RAMDISK $1 $2
+}
+
+cpio_mkdir() {
+  LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-mkdir $RAMDISK $RAMDISK $1 $2
+}
+
+# Recursive
+cpio_rm() {
+  if [ "$1" = "-r" ]; then
+    LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-ls $RAMDISK | grep "^$2/" | while read i ; do
+      LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-rm $RAMDISK $RAMDISK $i
+    done
+    LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-rmdir $RAMDISK $RAMDISK $2
+  else
+    LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-rm $RAMDISK $RAMDISK $1
+  fi
+}
+
+# Cleanup SuperSU backups
+cpio_rm -r .subackup
+
+# Add magisk entrypoint
+cpio_extract init.rc init.rc
+grep "import /init.magisk.rc" init.rc >/dev/null || sed -i '1,/.*import.*/s/.*import.*/import \/init.magisk.rc\n&/' init.rc
+sed -i "/selinux.reload_policy/d" init.rc
+cpio_add 750 init.rc init.rc
+
+# sepolicy patches
+cpio_extract sepolicy sepolicy
+LD_LIBRARY_PATH=$SYSTEMLIB $MAGISKBIN/magiskpolicy --load sepolicy --save sepolicy --minimal
+cpio_add 644 sepolicy sepolicy
+
+# Add new items
+cpio_mkdir 755 magisk
+cpio_add 750 init.magisk.rc $MAGISKBIN/init.magisk.rc
+cpio_add 750 sbin/magic_mask.sh $MAGISKBIN/magic_mask.sh
+

scripts/flash_script.sh

@@ -171,6 +171,21 @@ remove_system_su() {
   fi
 }
 
+# --cpio-add <incpio> <mode> <entry> <infile>
+cpio_add() {
+  LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/magiskboot --cpio-add ramdisk.cpio $1 $2 $3
+}
+
+# --cpio-extract <incpio> <entry> <outfile>
+cpio_extract() {
+  LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/magiskboot --cpio-extract ramdisk.cpio $1 $2
+}
+
+# --cpio-mkdir <incpio> <mode> <entry>
+cpio_mkdir() {
+  LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/magiskboot --cpio-mkdir ramdisk.cpio $1 $2
+}
+
 ##########################################################################################
 # Detection
 ##########################################################################################
@@ -248,8 +263,8 @@ is_mounted /data && MAGISKBIN=/data/magisk || MAGISKBIN=/cache/data_bin
 # Copy required files
 rm -rf $MAGISKBIN 2>/dev/null
 mkdir -p $MAGISKBIN
-cp -af $BINDIR/. $COMMONDIR/ramdisk_patch.sh $COMMONDIR/magic_mask.sh \
+cp -af $BINDIR/busybox $BINDIR/magiskboot $BINDIR/magiskpolicy $COMMONDIR/magisk.apk \
-       $COMMONDIR/init.magisk.rc $COMMONDIR/magisk.apk $MAGISKBIN
+       $COMMONDIR/init.magisk.rc  $COMMONDIR/custom_ramdisk_patch.sh $COMMONDIR/magic_mask.sh $MAGISKBIN
 # Legacy support
 ln -sf /data/magisk/magiskpolicy $MAGISKBIN/sepolicy-inject
 
@@ -263,6 +278,44 @@ $BINDIR/busybox --install -s $TMPDIR/busybox
 rm -f $TMPDIR/busybox/su $TMPDIR/busybox/sh $TMPDIR/busybox/reboot
 PATH=$TMPDIR/busybox:$PATH
 
+##########################################################################################
+# Magisk Image
+##########################################################################################
+
+# Fix SuperSU.....
+$BOOTMODE && $BINDIR/magiskpolicy --live "allow fsck * * *"
+
+if (is_mounted /data); then
+  IMG=/data/magisk.img
+else
+  IMG=/cache/magisk.img
+  ui_print "- Data unavailable, use cache workaround"
+fi
+
+if [ -f $IMG ]; then
+  ui_print "- $IMG detected!"
+else
+  ui_print "- Creating $IMG"
+  make_ext4fs -l 64M -a /magisk -S $COMMONDIR/file_contexts_image $IMG
+fi
+
+mount_image $IMG /magisk
+if (! is_mounted /magisk); then
+  ui_print "! Magisk image mount failed..."
+  exit 1
+fi
+MAGISKLOOP=$LOOPDEVICE
+
+# Core folders and scripts
+mkdir -p $COREDIR/bin $COREDIR/props $COREDIR/magiskhide $COREDIR/post-fs-data.d $COREDIR/service.d 2>/dev/null
+cp -af $COMMONDIR/magiskhide/. $COREDIR/magiskhide
+cp -af $BINDIR/resetprop $BINDIR/magiskhide $BINDIR/su $BINDIR/magiskpolicy $COREDIR/bin
+# Legacy support
+ln -sf $COREDIR/bin/resetprop $MAGISKBIN/resetprop
+
+chmod -R 755 $COREDIR/bin $COREDIR/magiskhide $COREDIR/post-fs-data.d $COREDIR/service.d
+chown -R 0.0 $COREDIR/bin $COREDIR/magiskhide $COREDIR/post-fs-data.d $COREDIR/service.d
+
 ##########################################################################################
 # Unpack boot
 ##########################################################################################
@@ -334,8 +387,9 @@ case $? in
   2 ) # SuperSU patched
     SUPERSU=true
     ui_print "- SuperSU patched boot detected!"
-    ui_print "- Adding auto patch script for SuperSU"
+    ui_print "- Adding ramdisk patch script for SuperSU"
-    cp -af $COMMONDIR/ramdisk_patch.sh /data/custom_ramdisk_patch.sh
+    cp -af $COMMONDIR/custom_ramdisk_patch.sh /data/custom_ramdisk_patch.sh
+    ui_print "- We are using SuperSU's own tools, mounting su.img"
     is_mounted /data && SUIMG=/data/su.img || SUIMG=/cache/su.img
     mount_image $SUIMG /su
     SUPERSULOOP=$LOOPDEVICE
@@ -352,80 +406,74 @@ case $? in
           rm stock_boot.img
         else
           ui_print "! Cannot find stock boot image backup"
-          ui_print "! Will still try to complete installation"
+          exit 1
-          # Since no backup at all, let's try our best...
-          LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/magiskboot --cpio-restore ramdisk.cpio
-          cp -af ramdisk.cpio ramdisk.cpio.orig
         fi
       fi
     else
       ui_print "! SuperSU image mount failed..."
-      ui_print "! Will still try to complete installation"
+      ui_print "! Magisk scripts are placed correctly"
-      # Since we cannot rely on sukernel, do it outselves...
+      ui_print "! Flash SuperSU immediately to finish installation"
-      LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/magiskboot --cpio-restore ramdisk.cpio
+      exit 1
-      cp -af ramdisk.cpio ramdisk.cpio.orig
     fi
-    # Remove SuperSU backups, since we are recreating it
-    LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/magiskboot --cpio-rm ramdisk.cpio -r .subackup
     ;;
 esac
 
 ##########################################################################################
-# Ramdisk patch
+# Boot image patches
 ##########################################################################################
 
 # All ramdisk patch commands are stored in a separate script
 ui_print "- Patching ramdisk"
-source $COMMONDIR/ramdisk_patch.sh $BOOTTMP/ramdisk.cpio
 
-cd $BOOTTMP
-# Create ramdisk backups
 if $SUPERSU; then
-  [ -f /su/bin/sukernel ] && LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-backup ramdisk.cpio.orig ramdisk.cpio ramdisk.cpio
+  # Use sukernel to patch ramdisk, so we can use its own tools to backup
+  sh $COMMONDIR/custom_ramdisk_patch.sh $BOOTTMP/ramdisk.cpio
+
+  # Create ramdisk backups
+  LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-backup ramdisk.cpio.orig ramdisk.cpio ramdisk.cpio
+
 else
+  # The common patches
+  $KEEPVERITY || LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/magiskboot --cpio-patch-dmverity ramdisk.cpio
+  $KEEPFORCEENCRYPT || LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/magiskboot --cpio-patch-forceencrypt ramdisk.cpio
+
+  # Add magisk entrypoint
+  cpio_extract init.rc init.rc
+  grep "import /init.magisk.rc" init.rc >/dev/null || sed -i '1,/.*import.*/s/.*import.*/import \/init.magisk.rc\n&/' init.rc
+  sed -i "/selinux.reload_policy/d" init.rc
+  cpio_add 750 init.rc init.rc
+
+  # sepolicy patches
+  cpio_extract sepolicy sepolicy
+  LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/magiskpolicy --load sepolicy --save sepolicy --minimal
+  cpio_add 644 sepolicy sepolicy
+
+  # Add new items
+  cpio_mkdir 755 magisk
+
+  [ ! -z $SHA1 ] && echo "# STOCKSHA1=$SHA1" >> $COMMONDIR/init.magisk.rc
+  cpio_add 750 init.magisk.rc $COMMONDIR/init.magisk.rc
+
+  cpio_add 750 sbin/magic_mask.sh $COMMONDIR/magic_mask.sh
+
+  # Create ramdisk backups
   LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/magiskboot --cpio-backup ramdisk.cpio ramdisk.cpio.orig
 fi
 
 rm -f ramdisk.cpio.orig
 
-##########################################################################################
-# Magisk Image
-##########################################################################################
-
-# Fix SuperSU.....
-$BOOTMODE && $BINDIR/magiskpolicy --live "allow fsck * * *"
-
-if (is_mounted /data); then
-  IMG=/data/magisk.img
-else
-  IMG=/cache/magisk.img
-  ui_print "- Data unavailable, use cache workaround"
-fi
-
-if [ -f $IMG ]; then
-  ui_print "- $IMG detected!"
-else
-  ui_print "- Creating $IMG"
-  make_ext4fs -l 64M -a /magisk -S $COMMONDIR/file_contexts_image $IMG
-fi
-
-mount_image $IMG /magisk
-if (! is_mounted /magisk); then
-  ui_print "! Magisk image mount failed..."
-  exit 1
-fi
-MAGISKLOOP=$LOOPDEVICE
-
-# Core folders and scripts
-mkdir -p $COREDIR/magiskhide $COREDIR/post-fs-data.d $COREDIR/service.d 2>/dev/null
-cp -af $COMMONDIR/magiskhide/. $COREDIR/magiskhide
-chmod -R 755 $COREDIR/magiskhide $COREDIR/post-fs-data.d $COREDIR/service.d
-chown -R 0.0 $COREDIR/magiskhide $COREDIR/post-fs-data.d $COREDIR/service.d
-
 ##########################################################################################
 # Repack and flash
 ##########################################################################################
 
+# Hexpatches
+
+# Remove Samsung RKP in stock kernel
+LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/magiskboot --hexpatch kernel \
+49010054011440B93FA00F71E9000054010840B93FA00F7189000054001840B91FA00F7188010054 \
+A1020054011440B93FA00F7140020054010840B93FA00F71E0010054001840B91FA00F7181010054
+
+ui_print "- Repacking boot image"
 LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/magiskboot --repack $BOOTIMAGE
 
 case $? in

scripts/magic_mask.sh

@@ -7,7 +7,6 @@ IMG=/data/magisk.img
 WHITELIST="/system/bin"
 
 MOUNTPOINT=/magisk
-
 COREDIR=$MOUNTPOINT/.core
 
 TMPDIR=/dev/magisk
@@ -18,7 +17,8 @@ MOUNTINFO=$TMPDIR/mnt
 # Use the included busybox for maximum compatibility and reliable results
 # e.g. we rely on the option "-c" for cp (reserve contexts), and -exec for find
 TOOLPATH=/dev/busybox
-BINPATH=/data/magisk
+DATABIN=/data/magisk
+MAGISKBIN=$COREDIR/bin
 OLDPATH=$PATH
 export PATH=$TOOLPATH:$OLDPATH
 
@@ -51,7 +51,6 @@ in_list() {
 
 unblock() {
   touch /dev/.magisk.unblock
-  chcon u:object_r:device:s0 /dev/.magisk.unblock
   exit
 }
 
@@ -73,7 +72,7 @@ loopsetup() {
 
 image_size_check() {
   e2fsck -yf $1
-  curBlocks=`e2fsck -n $1 2>/dev/null | cut -d, -f3 | cut -d\  -f2`;
+  curBlocks=`e2fsck -n $1 2>/dev/null | grep $1 | cut -d, -f3 | cut -d\  -f2`;
   curUsedM=`echo "$curBlocks" | cut -d/ -f1`
   curSizeM=`echo "$curBlocks" | cut -d/ -f1`
   curFreeM=$(((curSizeM - curUsedM) * 4 / 1024))
@@ -81,18 +80,19 @@ image_size_check() {
   curSizeM=$((curSizeM * 4 / 1024))
 }
 
-run_scripts() {
+module_scripts() {
   BASE=$MOUNTPOINT
   for MOD in $BASE/* ; do
-    if [ ! -f $MOD/disable ]; then
+    if [ ! -f $MOD/disable -a -f $MOD/$1.sh ]; then
-      if [ -f $MOD/$1.sh ]; then
+      chmod 755 $MOD/$1.sh
-        chmod 755 $MOD/$1.sh
+      chcon u:object_r:system_file:s0 $MOD/$1.sh
-        chcon u:object_r:system_file:s0 $MOD/$1.sh
+      log_print "$1: $MOD/$1.sh"
-        log_print "$1: $MOD/$1.sh"
+      sh $MOD/$1.sh
-        sh $MOD/$1.sh
-      fi
     fi
   done
+}
+
+general_scripts() {
   for SCRIPT in $COREDIR/${1}.d/* ; do
     if [ -f "$SCRIPT" ]; then
       chmod 755 $SCRIPT
@@ -128,7 +128,7 @@ travel() {
           # Copy symlinks
           log_print "Symlink: /$1/$ITEM"
           mkdir -p "$DUMMDIR/$1" 2>/dev/null
-          cp -afc "$ITEM" $"DUMMDIR/$1/$ITEM"
+          cp -afc "$ITEM" "$DUMMDIR/$1/$ITEM"
         elif [ -d "$ITEM" ]; then
           # Create new dummy directory and mount it
           log_print "New directory: /$1/$ITEM"
@@ -297,35 +297,39 @@ case $1 in
       # Cache support
       mv /cache/stock_boot* /data 2>/dev/null
       if [ -d /cache/data_bin ]; then
-        rm -rf $BINPATH
+        rm -rf $DATABIN
-        mv /cache/data_bin $BINPATH
+        mv /cache/data_bin $DATABIN
-      fi
+        chmod -R 755 $DATABIN
-
+        chown -R 0.0 $DATABIN
-      chmod -R 755 $BINPATH
-      chown -R 0.0 $BINPATH
-
-      # Live patch sepolicy
-      $BINPATH/magiskpolicy --live
-
-      if [ -f $UNINSTALLER ]; then
-        touch /dev/.magisk.unblock
-        chcon u:object_r:device:s0 /dev/.magisk.unblock
-        BOOTMODE=true sh $UNINSTALLER
-        exit
       fi
 
       # Set up environment
       mkdir -p $TOOLPATH
-      $BINPATH/busybox --install -s $TOOLPATH
+      $DATABIN/busybox --install -s $TOOLPATH
-      ln -sf $BINPATH/busybox $TOOLPATH/busybox
+      ln -sf $DATABIN/busybox $TOOLPATH/busybox
       # Prevent issues
       rm -f $TOOLPATH/su $TOOLPATH/sh $TOOLPATH/reboot
-      chmod -R 755 $TOOLPATH
+      find $DATABIN $TOOLPATH -exec chcon -h u:object_r:system_file:s0 {} \;
-      chown -R 0.0 $TOOLPATH
-      find $BINPATH $TOOLPATH -exec chcon -h u:object_r:system_file:s0 {} \;
 
-      # Multirom functions should go here, not available right now
+      if [ -f $UNINSTALLER ]; then
-      MULTIROM=false
+        touch /dev/.magisk.unblock
+        (BOOTMODE=true sh $UNINSTALLER) &
+        exit
+      fi
+
+      if [ -f $DATABIN/magisk.apk ]; then
+        if ! ls /data/app | grep com.topjohnwu.magisk; then
+          mkdir /data/app/com.topjohnwu.magisk-1
+          cp $DATABIN/magisk.apk /data/app/com.topjohnwu.magisk-1/base.apk
+          chown 1000.1000 /data/app/com.topjohnwu.magisk-1
+          chown 1000.1000 /data/app/com.topjohnwu.magisk-1/base.apk
+          chmod 755 /data/app/com.topjohnwu.magisk-1
+          chmod 644 /data/app/com.topjohnwu.magisk-1/base.apk
+          chcon u:object_r:apk_data_file:s0 /data/app/com.topjohnwu.magisk-1
+          chcon u:object_r:apk_data_file:s0 /data/app/com.topjohnwu.magisk-1/base.apk
+        fi
+        rm -f $DATABIN/magisk.apk 2>/dev/null
+      fi
 
       # Image merging
       chmod 644 $IMG /cache/magisk.img /data/magisk_merge.img 2>/dev/null
@@ -345,7 +349,7 @@ case $1 in
 
       # Remove empty directories, legacy paths, symlinks, old temporary images
       find $MOUNTPOINT -type d -depth ! -path "*core*" -exec rmdir {} \; 2>/dev/null
-      rm -rf $MOUNTPOINT/zzsupersu $MOUNTPOINT/phh $COREDIR/bin $COREDIR/dummy $COREDIR/mirror \
+      rm -rf $MOUNTPOINT/zzsupersu $MOUNTPOINT/phh $COREDIR/dummy $COREDIR/mirror \
              $COREDIR/busybox $COREDIR/su /data/magisk/*.img /data/busybox 2>/dev/null
 
       # Remove modules that are labeled to be removed
@@ -374,23 +378,26 @@ case $1 in
         fi
       fi
 
-      log_print "* Linking binaries to /sbin"
+      log_print "* Running post-fs-data.d"
-      mount -o rw,remount rootfs /
+      general_scripts post-fs-data
-      chmod 755 /sbin
-      ln -sf $BINPATH/magiskpolicy /sbin/magiskpolicy
-      ln -sf $BINPATH/magiskpolicy /sbin/sepolicy-inject
-      ln -sf $BINPATH/resetprop /sbin/resetprop
-      if [ ! -f /sbin/launch_daemonsu.sh ]; then
-        log_print "* Starting MagiskSU"
-        export PATH=$OLDPATH
-        ln -sf $BINPATH/su /sbin/su
-        ln -sf $BINPATH/magiskpolicy /sbin/supolicy
-        /sbin/su --daemon
-        export PATH=$TOOLPATH:$OLDPATH
-      fi
-      mount -o ro,remount rootfs /
 
+      log_print "* Loading core props"
+      for PROP in $COREDIR/props/* ; do
+        if [ -f $PROP ]; then
+          log_print "Load prop: $PROP"
+          $MAGISKBIN/resetprop --file $PROP
+        fi
+      done
+
+      # Exit if disabled
       [ -f $DISABLEFILE ] && unblock
+      
+      ######################
+      # Core features done #
+      ######################
+
+      # Multirom functions should go here, not available right now
+      MULTIROM=false
 
       log_print "* Preparing modules"
 
@@ -420,7 +427,7 @@ case $1 in
           # Read in defined system props
           if [ -f $MOD/system.prop ]; then
             log_print "* Reading props from $MOD/system.prop"
-            $BINPATH/resetprop --file $MOD/system.prop
+            $MAGISKBIN/resetprop --file $MOD/system.prop
           fi
         fi
       done
@@ -476,8 +483,8 @@ case $1 in
       done
 
       # Stage 4
-      log_print "* Stage 4: Execute scripts"
+      log_print "* Stage 4: Execute module scripts"
-      run_scripts post-fs-data
+      module_scripts post-fs-data
 
       # Stage 5
       log_print "* Stage 5: Mount mirrored items back to dummy"
@@ -487,29 +494,6 @@ case $1 in
         bind_mount "$ORIG" "$TARGET"
       done
 
-      # Bind hosts for Adblock apps
-      if [ -f $COREDIR/hosts ]; then
-        log_print "* Enabling systemless hosts file support"
-        bind_mount $COREDIR/hosts /system/etc/hosts
-      fi
-
-      if [ -f $BINPATH/magisk.apk ]; then
-        if ! ls /data/app | grep com.topjohnwu.magisk; then
-          mkdir /data/app/com.topjohnwu.magisk-1
-          cp $BINPATH/magisk.apk /data/app/com.topjohnwu.magisk-1/base.apk
-          chown 1000.1000 /data/app/com.topjohnwu.magisk-1
-          chown 1000.1000 /data/app/com.topjohnwu.magisk-1/base.apk
-          chmod 755 /data/app/com.topjohnwu.magisk-1
-          chmod 644 /data/app/com.topjohnwu.magisk-1/base.apk
-          chcon u:object_r:apk_data_file:s0 /data/app/com.topjohnwu.magisk-1
-          chcon u:object_r:apk_data_file:s0 /data/app/com.topjohnwu.magisk-1/base.apk
-        fi
-        rm -f $BINPATH/magisk.apk 2>/dev/null
-      fi
-
-      # Expose busybox
-      [ "`getprop persist.magisk.busybox`" = "1" ] && sh /sbin/magic_mask.sh mount_busybox
-
       # Restart post-fs-data if necessary (multirom)
       $MULTIROM && setprop magisk.restart_pfsd 1
 
@@ -528,14 +512,50 @@ case $1 in
     # Version info
     MAGISK_VERSION_STUB
     log_print "** Magisk late_start service mode running..."
+
+    # Bind hosts for Adblock apps
+    if [ -f $COREDIR/hosts ]; then
+      log_print "* Enabling systemless hosts file support"
+      bind_mount $COREDIR/hosts /system/etc/hosts
+    fi
+    # Expose busybox
+    [ "`getprop persist.magisk.busybox`" = "1" ] && sh /sbin/magic_mask.sh mount_busybox
+
+    # Live patch sepolicy
+    $MAGISKBIN/magiskpolicy --live --magisk
+
+    log_print "* Linking binaries to /sbin"
+    mount -o rw,remount rootfs /
+    chmod 755 /sbin
+    ln -sf $MAGISKBIN/magiskpolicy /sbin/magiskpolicy
+    ln -sf $MAGISKBIN/magiskpolicy /sbin/sepolicy-inject
+    ln -sf $MAGISKBIN/resetprop /sbin/resetprop
+    if [ ! -f /sbin/launch_daemonsu.sh ]; then
+      log_print "* Starting MagiskSU"
+      export PATH=$OLDPATH
+      ln -sf $MAGISKBIN/su /sbin/su
+      ln -sf $MAGISKBIN/magiskpolicy /sbin/supolicy
+      /sbin/su --daemon
+      export PATH=$TOOLPATH:$OLDPATH
+    fi
+    mount -o ro,remount rootfs /
+
+    log_print "* Running service.d"
+    general_scripts service
+
+    # Start MagiskHide
+    if [ "`getprop persist.magisk.hide`" = "1" ]; then
+      log_print "* Starting MagiskHide"
+      sh $COREDIR/magiskhide/enable
+    fi
+
     if [ -f $DISABLEFILE ]; then
+      # Let MagiskManager know
       setprop ro.magisk.disable 1
       exit
     fi
-    run_scripts service
     
-    # Start MagiskHide
+    module_scripts service
-    [ "`getprop persist.magisk.hide`" = "1" ] && sh $COREDIR/magiskhide/enable
     ;;
 
 esac

scripts/ramdisk_patch.sh

@@ -1,57 +0,0 @@
-# This file will be sourced by Magisk patch zip, so all variables in the main script should be present
-# However, this file may also be called by SuperSU, so we still have to find our own variables in this case
-
-RAMDISK=$1
-
-if [ -z $MAGISK ]; then
-  TMPDIR=/dev/tmp
-  MAGISKBIN=/data/magisk
-  [ ! -e $MAGISKBIN ] && MAGISKBIN=/cache/data_bin
-  [ ! -e $MAGISKBIN ] && exit 1
-  SYSTEMLIB=/system/lib
-  [ -d /system/lib64 ] && SYSTEMLIB=/system/lib64
-  KEEPVERITY=true
-  KEEPFORCEENCRYPT=true
-fi
-
-cd $TMPDIR
-
-# --cpio-add <incpio> <mode> <entry> <infile>
-cpio_add() {
-  LD_LIBRARY_PATH=$SYSTEMLIB $MAGISKBIN/magiskboot --cpio-add $RAMDISK $1 $2 $3
-}
-
-# --cpio-extract <incpio> <entry> <outfile>
-cpio_extract() {
-  LD_LIBRARY_PATH=$SYSTEMLIB $MAGISKBIN/magiskboot --cpio-extract $RAMDISK $1 $2
-}
-
-# --cpio-mkdir <incpio> <mode> <entry>
-cpio_mkdir() {
-  LD_LIBRARY_PATH=$SYSTEMLIB $MAGISKBIN/magiskboot --cpio-mkdir $RAMDISK $1 $2
-}
-
-# The common patches
-$KEEPVERITY || LD_LIBRARY_PATH=$SYSTEMLIB $MAGISKBIN/magiskboot --cpio-patch-dmverity $RAMDISK
-$KEEPFORCEENCRYPT || LD_LIBRARY_PATH=$SYSTEMLIB $MAGISKBIN/magiskboot --cpio-patch-forceencrypt $RAMDISK
-
-# Add magisk entrypoint
-cpio_extract init.rc init.rc
-grep "import /init.magisk.rc" init.rc >/dev/null || sed -i '1,/.*import.*/s/.*import.*/import \/init.magisk.rc\n&/' init.rc
-sed -i "/selinux.reload_policy/d" init.rc
-cpio_add 750 init.rc init.rc
-
-# sepolicy patches
-cpio_extract sepolicy sepolicy
-LD_LIBRARY_PATH=$SYSTEMLIB $MAGISKBIN/magiskpolicy --load sepolicy --save sepolicy --minimal
-cpio_add 644 sepolicy sepolicy
-
-# Add new items
-
-cpio_mkdir 755 magisk
-
-cp -af $MAGISKBIN/init.magisk.rc init.magisk.rc
-[ ! -z $SHA1 ] && echo "# STOCKSHA1=$SHA1" >> init.magisk.rc
-cpio_add 750 init.magisk.rc init.magisk.rc
-
-cpio_add 750 sbin/magic_mask.sh $MAGISKBIN/magic_mask.sh

zip_static/common/magiskhide/disable

@@ -11,7 +11,7 @@ log_print() {
 }
 
 # Only disable when MagiskHide is started
-ps | grep "magiskhide --daemon" | grep -v grep >/dev/null 2>&1 || exit
+$TOOLPATH/ps | grep "magiskhide --daemon" | grep -v grep >/dev/null 2>&1 || exit
 
 log_print "Stopping MagiskHide daemon"
 

zip_static/common/magiskhide/enable

@@ -1,7 +1,7 @@
 #!/system/bin/sh
 
 MODDIR=/magisk/.core/magiskhide
-BINPATH=/data/magisk
+BINPATH=/magisk/.core/bin
 LOGFILE=/cache/magisk.log
 TOOLPATH=/dev/busybox
 
@@ -12,7 +12,7 @@ log_print() {
 }
 
 # Only enable when isn't started
-ps | grep "magiskhide --daemon" | grep -v grep >/dev/null 2>&1 && exit
+$TOOLPATH/ps | grep "magiskhide --daemon" | grep -v grep >/dev/null 2>&1 && exit
 
 if [ ! -d /sbin_orig ]; then
   log_print "Moving and re-linking /sbin binaries"
@@ -23,24 +23,19 @@ if [ ! -d /sbin_orig ]; then
   mkdir -p /dev/sbin_bind
   chmod 755 /dev/sbin_bind
   ln -s /sbin_orig/* /dev/sbin_bind
-  chcon -h u:object_r:rootfs:s0 /dev/sbin_bind /dev/sbin_bind/*
+  chcon -h u:object_r:system_file:s0 /dev/sbin_bind /dev/sbin_bind/*
   mount -o bind /dev/sbin_bind /sbin
 fi
 
-# Sammy device like these permissions
-chmod 640 /sys/fs/selinux/enforce
-chmod 440 /sys/fs/selinux/policy
-
 log_print "Removing dangerous read-only system props"
 
 VERIFYBOOT=`getprop ro.boot.verifiedbootstate`
 FLASHLOCKED=`getprop ro.boot.flash.locked`
 VERITYMODE=`getprop ro.boot.veritymode`
+KNOX1=`getprop ro.boot.warranty_bit`
+KNOX2=`getprop ro.warranty_bit`
 DEBUGGABLE=`getprop ro.debuggable`
 SECURE=`getprop ro.secure`
-BUILDTYPE=`getprop ro.build.type`
-BUILDTAGS=`getprop ro.build.tags`
-BUILDSELINUX=`getprop ro.build.selinux`
 
 [ ! -z "$VERIFYBOOT" -a "$VERIFYBOOT" != "green" ] && \
 log_print "`$BINPATH/resetprop -v -n ro.boot.verifiedbootstate green`"
@@ -48,16 +43,14 @@ log_print "`$BINPATH/resetprop -v -n ro.boot.verifiedbootstate green`"
 log_print "`$BINPATH/resetprop -v -n ro.boot.flash.locked 1`"
 [ ! -z "$VERITYMODE" -a "$VERITYMODE" != "enforcing" ] && \
 log_print "`$BINPATH/resetprop -v -n ro.boot.veritymode enforcing`"
+[ ! -z "$KNOX1" -a "$KNOX1" != "0" ] && \
+log_print "`$BINPATH/resetprop -v -n ro.boot.warranty_bit 0`"
+[ ! -z "$KNOX2" -a "$KNOX2" != "0" ] && \
+log_print "`$BINPATH/resetprop -v -n ro.warranty_bit 0`"
 [ ! -z "$DEBUGGABLE" -a "$DEBUGGABLE" != "0" ] && \
 log_print "`$BINPATH/resetprop -v -n ro.debuggable 0`"
 [ ! -z "$SECURE" -a "$SECURE" != "1" ] && \
 log_print "`$BINPATH/resetprop -v -n ro.secure 1`"
-[ ! -z "$BUILDTYPE" -a "$BUILDTYPE" != "user" ] && \
-log_print "`$BINPATH/resetprop -v -n ro.build.type user`"
-[ ! -z "$BUILDTAGS" -a "$BUILDTAGS" != "release-keys" ] && \
-log_print "`$BINPATH/resetprop -v -n ro.build.tags release-keys`"
-[ ! -z "$BUILDSELINUX" -a "$BUILDSELINUX" != "0" ] && \
-log_print "`$BINPATH/resetprop -v -n ro.build.selinux 0`"
 
 touch $MODDIR/hidelist
 chmod -R 755 $MODDIR
@@ -72,4 +65,4 @@ while read PROCESS; do
 done < $MODDIR/hidelist
 
 log_print "Starting MagiskHide daemon"
-$BINPATH/magiskhide --daemon
+($BINPATH/magiskhide --daemon)