TheArchive/Magisk
1
0
Fork 0
mirror of https://github.com/topjohnwu/Magisk.git synced 2025-08-15 06:17:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: TheArchive:v14.0
Branches Tags
TheArchive:master TheArchive:dev
TheArchive:canary-28101 TheArchive:v28.1 TheArchive:canary-28003 TheArchive:canary-28002 TheArchive:canary-28001 TheArchive:v28.0 TheArchive:canary-27008 TheArchive:canary-27007 TheArchive:canary-27006 TheArchive:canary-27005 TheArchive:v27.0 TheArchive:v26.4 TheArchive:v26.3 TheArchive:v26.2 TheArchive:v26.1 TheArchive:v26.0 TheArchive:v25.2 TheArchive:v25.1 TheArchive:v25.0 TheArchive:v24.3 TheArchive:v24.2 TheArchive:v24.1 TheArchive:v24.0 TheArchive:v23.0 TheArchive:v22.1 TheArchive:v22.0 TheArchive:manager-v8.0.7 TheArchive:v21.4 TheArchive:manager-v8.0.6 TheArchive:v21.3 TheArchive:manager-v8.0.5 TheArchive:manager-v8.0.4 TheArchive:v21.2 TheArchive:v21.1 TheArchive:manager-v8.0.3 TheArchive:manager-v8.0.2 TheArchive:manager-v8.0.1 TheArchive:v21.0 TheArchive:manager-v8.0.0 TheArchive:v20.4 TheArchive:v20.3 TheArchive:manager-v7.5.1 TheArchive:manager-v7.5.0 TheArchive:v20.2 TheArchive:v20.1 TheArchive:manager-v7.4.0 TheArchive:v20.0 TheArchive:manager-v7.3.5 TheArchive:manager-v7.3.4 TheArchive:v19.4 TheArchive:manager-v7.3.2 TheArchive:manager-v7.3.1 TheArchive:manager-v7.3.0 TheArchive:v19.3 TheArchive:manager-v7.2.0 TheArchive:v19.2 TheArchive:manager-v7.1.2 TheArchive:v19.1 TheArchive:manager-v7.1.1 TheArchive:manager-v7.1.0 TheArchive:v19.0 TheArchive:manager-v7.0.0 TheArchive:v18.1 TheArchive:manager-v6.1.0 TheArchive:v18.0 TheArchive:v17.3 TheArchive:manager-v6.0.1 TheArchive:v17.2 TheArchive:manager-v6.0.0 TheArchive:v17.1 TheArchive:manager-v5.9.1 TheArchive:v17.0 TheArchive:manager-v5.9.0 TheArchive:v16.7 TheArchive:manager-v5.8.3 TheArchive:manager-v5.8.2 TheArchive:manager-v5.8.1 TheArchive:v16.6 TheArchive:manager-v5.8.0 TheArchive:v16.4 TheArchive:manager-v5.7.0 TheArchive:v16.3 TheArchive:manager-v5.6.4 TheArchive:v16.2 TheArchive:manager-v5.6.3 TheArchive:v16.1 TheArchive:manager-v5.6.2 TheArchive:v16.0 TheArchive:manager-v5.6.1 TheArchive:v15.4 TheArchive:manager-v5.6.0 TheArchive:v15.3 TheArchive:manager-v5.5.5 TheArchive:manager-v5.5.4 TheArchive:v15.2 TheArchive:manager-v5.5.3 TheArchive:v15.1 TheArchive:manager-v5.5.2 TheArchive:v15.0 TheArchive:manager-v5.5.1 TheArchive:v14.6 TheArchive:manager-v5.5.0 TheArchive:v14.5 TheArchive:manager-v5.4.3 TheArchive:manager-v5.4.2 TheArchive:v14.3 TheArchive:manager-v5.4.0 TheArchive:v14.2 TheArchive:manager-v5.3.5 TheArchive:v14.0 TheArchive:manager-v5.3.0 TheArchive:manager-v5.2.0 TheArchive:manager-v5.1.1 TheArchive:v13.3 TheArchive:manager-v5.1.0 TheArchive:manager-v5.0.6 TheArchive:manager-v5.0.5 TheArchive:v13.2 TheArchive:v13.1 TheArchive:manager-v5.0.4 TheArchive:manager-v4.3.3 TheArchive:manager-v4.3.2 TheArchive:manager-v4.3.1 TheArchive:manager-v4.3.0 TheArchive:v12.0 TheArchive:v11.6 TheArchive:manager-v4.2.7 TheArchive:v11.5 TheArchive:manager-v4.2.6 TheArchive:manager-v4.2.5 TheArchive:manager-v4.2 TheArchive:v11.1 TheArchive:manager-v4.1 TheArchive:manager-v4.0 TheArchive:v11.0 TheArchive:manager-v3.1 TheArchive:v10.1 TheArchive:manager-v3.0 TheArchive:v10 TheArchive:v9 TheArchive:v8 TheArchive:v7
...
compare: TheArchive:v14.3
Branches Tags
TheArchive:dev TheArchive:master
TheArchive:canary-28101 TheArchive:v28.1 TheArchive:canary-28003 TheArchive:canary-28002 TheArchive:canary-28001 TheArchive:v28.0 TheArchive:canary-27008 TheArchive:canary-27007 TheArchive:canary-27006 TheArchive:canary-27005 TheArchive:v27.0 TheArchive:v26.4 TheArchive:v26.3 TheArchive:v26.2 TheArchive:v26.1 TheArchive:v26.0 TheArchive:v25.2 TheArchive:v25.1 TheArchive:v25.0 TheArchive:v24.3 TheArchive:v24.2 TheArchive:v24.1 TheArchive:v24.0 TheArchive:v23.0 TheArchive:v22.1 TheArchive:v22.0 TheArchive:manager-v8.0.7 TheArchive:v21.4 TheArchive:manager-v8.0.6 TheArchive:v21.3 TheArchive:manager-v8.0.5 TheArchive:manager-v8.0.4 TheArchive:v21.2 TheArchive:v21.1 TheArchive:manager-v8.0.3 TheArchive:manager-v8.0.2 TheArchive:manager-v8.0.1 TheArchive:v21.0 TheArchive:manager-v8.0.0 TheArchive:v20.4 TheArchive:v20.3 TheArchive:manager-v7.5.1 TheArchive:manager-v7.5.0 TheArchive:v20.2 TheArchive:v20.1 TheArchive:manager-v7.4.0 TheArchive:v20.0 TheArchive:manager-v7.3.5 TheArchive:manager-v7.3.4 TheArchive:v19.4 TheArchive:manager-v7.3.2 TheArchive:manager-v7.3.1 TheArchive:manager-v7.3.0 TheArchive:v19.3 TheArchive:manager-v7.2.0 TheArchive:v19.2 TheArchive:manager-v7.1.2 TheArchive:v19.1 TheArchive:manager-v7.1.1 TheArchive:manager-v7.1.0 TheArchive:v19.0 TheArchive:manager-v7.0.0 TheArchive:v18.1 TheArchive:manager-v6.1.0 TheArchive:v18.0 TheArchive:v17.3 TheArchive:manager-v6.0.1 TheArchive:v17.2 TheArchive:manager-v6.0.0 TheArchive:v17.1 TheArchive:manager-v5.9.1 TheArchive:v17.0 TheArchive:manager-v5.9.0 TheArchive:v16.7 TheArchive:manager-v5.8.3 TheArchive:manager-v5.8.2 TheArchive:manager-v5.8.1 TheArchive:v16.6 TheArchive:manager-v5.8.0 TheArchive:v16.4 TheArchive:manager-v5.7.0 TheArchive:v16.3 TheArchive:manager-v5.6.4 TheArchive:v16.2 TheArchive:manager-v5.6.3 TheArchive:v16.1 TheArchive:manager-v5.6.2 TheArchive:v16.0 TheArchive:manager-v5.6.1 TheArchive:v15.4 TheArchive:manager-v5.6.0 TheArchive:v15.3 TheArchive:manager-v5.5.5 TheArchive:manager-v5.5.4 TheArchive:v15.2 TheArchive:manager-v5.5.3 TheArchive:v15.1 TheArchive:manager-v5.5.2 TheArchive:v15.0 TheArchive:manager-v5.5.1 TheArchive:v14.6 TheArchive:manager-v5.5.0 TheArchive:v14.5 TheArchive:manager-v5.4.3 TheArchive:manager-v5.4.2 TheArchive:v14.3 TheArchive:manager-v5.4.0 TheArchive:v14.2 TheArchive:manager-v5.3.5 TheArchive:v14.0 TheArchive:manager-v5.3.0 TheArchive:manager-v5.2.0 TheArchive:manager-v5.1.1 TheArchive:v13.3 TheArchive:manager-v5.1.0 TheArchive:manager-v5.0.6 TheArchive:manager-v5.0.5 TheArchive:v13.2 TheArchive:v13.1 TheArchive:manager-v5.0.4 TheArchive:manager-v4.3.3 TheArchive:manager-v4.3.2 TheArchive:manager-v4.3.1 TheArchive:manager-v4.3.0 TheArchive:v12.0 TheArchive:v11.6 TheArchive:manager-v4.2.7 TheArchive:v11.5 TheArchive:manager-v4.2.6 TheArchive:manager-v4.2.5 TheArchive:manager-v4.2 TheArchive:v11.1 TheArchive:manager-v4.1 TheArchive:manager-v4.0 TheArchive:v11.0 TheArchive:manager-v3.1 TheArchive:v10.1 TheArchive:manager-v3.0 TheArchive:v10 TheArchive:v9 TheArchive:v8 TheArchive:v7

65 Commits
v14.0 ... v14.3

Author SHA1 Message Date
topjohnwu
cdc5d983f3 Bump MagiskManager version 2017-10-15 03:21:33 +08:00
topjohnwu
96688e4dac Fix proper Lollipop selinux support 2017-10-14 22:37:02 +08:00
topjohnwu
28a945fee9 Fix SEGFAULT in magisk log dumper 2017-10-14 21:10:52 +08:00
topjohnwu
c7e777255a Reduce unnecessary stack memory allocation 2017-10-14 21:10:51 +08:00
topjohnwu
2dd4cf040e Prevent multiple process clashes to start daemon 2017-10-14 21:10:51 +08:00
topjohnwu
d1b9eca5eb Fix bug that cause boot delay 2017-10-14 00:19:13 +08:00
topjohnwu
594a67fe28 Cleanup and add more xwraps 2017-10-14 00:08:12 +08:00
topjohnwu
cddeaffada Remove err_handler 2017-10-13 22:26:42 +08:00
topjohnwu
2a8898e7c3 Fix lz4 legacy on LG zImages 2017-10-13 00:18:40 +08:00
topjohnwu
ce3f3b09b4 Brute force resizeimg for Crapsung device :) 2017-10-12 14:32:40 +08:00
topjohnwu
fe4b3df7e9 Fix selinux context on Magisk files 2017-10-12 14:32:40 +08:00
topjohnwu
25bdbcf526 Add new file operations 2017-10-12 14:32:40 +08:00
topjohnwu
df7eaa5598 Reduce update-binary size 2017-10-11 02:26:43 +08:00
topjohnwu
bb7099376b Improve daemon startup and log management 2017-10-11 02:26:28 +08:00
topjohnwu
0327fd9710 Restart MagiskHide if daemon restarted 2017-10-10 19:49:15 +08:00
topjohnwu
e645c6e465 Refactor resetprop 2017-10-10 02:04:50 +08:00
topjohnwu
78a3d36ccc Allow devices without separate vendor partition 2017-10-09 21:53:50 +08:00
topjohnwu
3942858ccd Introduce a single general purpose logcat monitor 2017-10-09 05:39:40 +08:00
topjohnwu
03c8d716cc Introduce Invincible Mode: Self recover service 2017-10-08 22:00:22 +08:00
topjohnwu
60181c4fcb MagiskManager -> java 2017-10-07 22:48:16 +08:00
topjohnwu
c215447405 Fix Pixel C installation 2017-10-07 22:08:10 +08:00
topjohnwu
89330b89d8 Clone attributes to new tmpfs mountpoint 2017-09-29 01:07:28 +08:00
topjohnwu
a8f3718ed0 Bump MagiskManager version 2017-09-28 05:50:18 +08:00
topjohnwu
a78ba44709 Always create core directories 2017-09-28 05:50:06 +08:00
topjohnwu
ff110e3513 Update docs 2017-09-28 05:39:10 +08:00
topjohnwu
cfae6c63b5 Remove sepolicy-inject alias 2017-09-28 01:01:46 +08:00
topjohnwu
dbfe49c56f Unlock blocks before flashing boot image 2017-09-28 00:54:01 +08:00
topjohnwu
98e21f9f5b Update uninstaller 2017-09-27 15:26:21 +08:00
topjohnwu
83af0497e4 Don't use dummy directory; directly use tmpfs 2017-09-27 04:36:01 +08:00
topjohnwu
6ce37b44db Improve logging 2017-09-27 04:36:01 +08:00
topjohnwu
9cb1cf756f Update scripts 2017-09-26 20:21:43 +08:00
topjohnwu
ffa005e4ab Don't patch FBE flags 2017-09-26 02:04:07 +08:00
topjohnwu
af102e47f1 Fix a small bug in deleteprop 2017-09-25 17:47:30 +08:00
topjohnwu
73064a816d Fix ramdisk patches 2017-09-25 13:44:00 +08:00
topjohnwu
9b4ae8fcc5 Adjust scripts 2017-09-16 03:48:58 +08:00
topjohnwu
a1a2c52409 Patch sepolicy at boot time 2017-09-16 01:32:09 +08:00
topjohnwu
9a0b26e0b0 Proper FBE support 2017-09-15 18:05:42 +08:00
topjohnwu
b805b96e16 Read SHA1 from overlay ramdisk 2017-09-15 18:03:56 +08:00
topjohnwu
590e7f7724 Proper support for Magisk Manager installation 2017-09-15 18:02:25 +08:00
Shaka Huang
4d61e5e319 Fix error generating binary for x86 
fix typo

Signed-off-by: Shaka Huang <shakalaca@gmail.com>
 2017-09-14 14:33:37 -05:00
topjohnwu
8c8a63ebfb Use external functions in init 
Don't reinvent the wheel
 2017-09-15 03:22:23 +08:00
topjohnwu
e5e34797a8 Patch fstab from dtb 2017-09-15 02:52:53 +08:00
topjohnwu
8516ebe6f5 Add libfdt 2017-09-15 02:52:53 +08:00
topjohnwu
9f6205f47f Refactor ramdisk pattern patches 2017-09-15 02:52:53 +08:00
topjohnwu
8b2ec23a89 Re-organize MagiskBoot 2017-09-15 02:52:53 +08:00
topjohnwu
1816ca6b02 Seperate logging to another header 2017-09-15 02:52:53 +08:00
topjohnwu
7394ff9346 Rename cpio_file -> cpio_entry 2017-09-15 02:52:53 +08:00
topjohnwu
bb5a6a1c28 Re-organize folders 2017-09-14 01:57:53 +08:00
topjohnwu
b614b06736 Search for dtb only if not existed 2017-09-14 01:57:44 +08:00
topjohnwu
7a376c9efc Adjust the daemon for Pixel support 2017-09-14 01:57:44 +08:00
topjohnwu
518f3d229f Slight adjustments to scripts 2017-09-13 15:51:45 +08:00
topjohnwu
46c91f923d Update scripts to support Pixel (XL) 2017-09-13 04:08:50 +08:00
topjohnwu
3a2262dfb3 Use backup init if booted as recovery 2017-09-13 04:08:50 +08:00
topjohnwu
ff7c38f8e9 Add runtime ramdisk patch support 2017-09-13 04:08:50 +08:00
topjohnwu
4229ba364f Update lz4 to v1.8.0 2017-09-13 04:08:50 +08:00
topjohnwu
ba8e7a211a Use default preferences from lz4 cli 2017-09-13 04:08:50 +08:00
topjohnwu
6b41653a32 Add kernel decompression and appended dtb support 2017-09-13 04:08:50 +08:00
topjohnwu
59c1125e72 Refactor MagiskBoot compression methods 2017-09-13 04:08:50 +08:00
topjohnwu
b536046720 MagiskBoot refactor 2017-09-13 04:08:50 +08:00
topjohnwu
619b805894 Add secilc 2017-09-13 04:08:50 +08:00
topjohnwu
8662537883 Add ramdisk overlay to magiskinit 2017-09-13 04:08:50 +08:00
topjohnwu
717890395b Introduce magiskinit for Pixel (XL) 2017-09-13 04:08:50 +08:00
topjohnwu
b7b4164f4f Add cpio-mv action 2017-09-13 04:08:44 +08:00
topjohnwu
7e65296470 Small improvement to cpio 2017-09-13 04:08:44 +08:00
topjohnwu
cd5f5d702f Fix stock image dump not stored correctly 2017-09-13 04:08:44 +08:00
86 changed files with 2823 additions and 5431 deletions
Expand all files Collapse all files

3
.gitignore vendored
View File

@@ -2,6 +2,7 @@ obj/
libs/
*.zip
*.jks
*.apk
# Copied binaries
# Built binaries
ziptools/zipadjust

11
.gitmodules vendored
View File

@@ -1,18 +1,21 @@
[submodule "jni/selinux"]
path = jni/selinux
path = jni/external/selinux
url = https://github.com/topjohnwu/selinux.git
[submodule "jni/su"]
path = jni/su
url = https://github.com/topjohnwu/MagiskSU.git
[submodule "jni/ndk-compression"]
path = jni/ndk-compression
path = jni/external/ndk-compression
url = https://github.com/topjohnwu/ndk-compression.git
[submodule "jni/magiskpolicy"]
path = jni/magiskpolicy
url = https://github.com/topjohnwu/magiskpolicy.git
[submodule "MagiskManager"]
path = MagiskManager
path = java
url = https://github.com/topjohnwu/MagiskManager.git
[submodule "jni/busybox"]
path = jni/busybox
path = jni/external/busybox
url = https://github.com/topjohnwu/ndk-busybox.git
[submodule "jni/external/dtc"]
path = jni/external/dtc
url = https://github.com/dgibson/dtc

1
MagiskManager

Submodule MagiskManager deleted from b362c0ef38

2
README.MD
View File

@@ -45,7 +45,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
## Credits
**MagiskManager** (`MagiskManager`)
**MagiskManager** (`java`)
* Copyright 2016-2017, John Wu (@topjohnwu)
* All contributors and translators

88
build.py
View File

@@ -51,6 +51,10 @@ def zip_with_msg(zipfile, source, target):
print('zip: {} -> {}'.format(source, target))
zipfile.write(source, target)
def cp(source, target):
print('cp: {} -> {}'.format(source, target))
shutil.copyfile(source, target)
def build_all(args):
build_binary(args)
build_apk(args)
@@ -75,26 +79,23 @@ def build_apk(args):
for key in ['public.certificate.x509.pem', 'private.key.pk8']:
source = os.path.join('ziptools', key)
target = os.path.join('MagiskManager', 'app', 'src', 'main', 'assets', key)
print('cp: {} -> {}'.format(source, target))
shutil.copyfile(source, target)
target = os.path.join('java', 'app', 'src', 'main', 'assets', key)
cp(source, target)
for script in ['magisk_uninstaller.sh', 'util_functions.sh']:
source = os.path.join('scripts', script)
target = os.path.join('MagiskManager', 'app', 'src', 'main', 'assets', script)
print('cp: {} -> {}'.format(source, target))
shutil.copyfile(source, target)
target = os.path.join('java', 'app', 'src', 'main', 'assets', script)
cp(source, target)
os.chdir('MagiskManager')
os.chdir('java')
# Build unhide app and place in assets
proc = subprocess.run('{} unhide::assembleRelease'.format(os.path.join('.', 'gradlew')), shell=True)
proc = subprocess.run('{} unhide:assembleRelease'.format(os.path.join('.', 'gradlew')), shell=True)
if proc.returncode != 0:
error('Build Magisk Manager failed!')
source = os.path.join('unhide', 'build', 'outputs', 'apk', 'release', 'unhide-release-unsigned.apk')
target = os.path.join('app', 'src', 'main', 'assets', 'unhide.apk')
print('cp: {} -> {}'.format(source, target))
shutil.copyfile(source, target)
cp(source, target)
print('')
@@ -102,7 +103,7 @@ def build_apk(args):
if not os.path.exists(os.path.join('..', 'release_signature.jks')):
error('Please generate a java keystore and place it in \'release_signature.jks\'')
proc = subprocess.run('{} app::assembleRelease'.format(os.path.join('.', 'gradlew')), shell=True)
proc = subprocess.run('{} app:assembleRelease'.format(os.path.join('.', 'gradlew')), shell=True)
if proc.returncode != 0:
error('Build Magisk Manager failed!')
@@ -141,16 +142,26 @@ def build_apk(args):
silentremove(unsigned)
silentremove(aligned)
else:
proc = subprocess.run('{} app::assembleDebug'.format(os.path.join('.', 'gradlew')), shell=True)
proc = subprocess.run('{} app:assembleDebug'.format(os.path.join('.', 'gradlew')), shell=True)
if proc.returncode != 0:
error('Build Magisk Manager failed!')
# Return to upper directory
os.chdir('..')
def sign_adjust_zip(unsigned, output):
def build_snet(args):
os.chdir('java')
proc = subprocess.run('{} snet:assembleRelease'.format(os.path.join('.', 'gradlew')), shell=True)
if proc.returncode != 0:
error('Build snet extention failed!')
source = os.path.join('snet', 'build', 'outputs', 'apk', 'release', 'snet-release-unsigned.apk')
target = os.path.join('..', 'snet.apk')
print('')
cp(source, target)
os.chdir('..')
zipsigner = os.path.join('ziptools', 'zipsigner', 'build', 'libs', 'zipsigner.jar')
def sign_adjust_zip(unsigned, output):
jarsigner = os.path.join('java', 'jarsigner', 'build', 'libs', 'jarsigner-fat.jar')
if os.name != 'nt' and not os.path.exists(os.path.join('ziptools', 'zipadjust')):
header('* Building zipadjust')
@@ -158,13 +169,13 @@ def sign_adjust_zip(unsigned, output):
proc = subprocess.run('gcc -o ziptools/zipadjust ziptools/zipadjust_src/*.c -lz', shell=True)
if proc.returncode != 0:
error('Build zipadjust failed!')
if not os.path.exists(zipsigner):
header('* Building zipsigner.jar')
os.chdir(os.path.join('ziptools', 'zipsigner'))
proc = subprocess.run('{} shadowJar'.format(os.path.join('.', 'gradlew')), shell=True)
if not os.path.exists(jarsigner):
header('* Building jarsigner-fat.jar')
os.chdir('java')
proc = subprocess.run('{} jarsigner:shadowJar'.format(os.path.join('.', 'gradlew')), shell=True)
if proc.returncode != 0:
error('Build zipsigner.jar failed!')
os.chdir(os.path.join('..', '..'))
error('Build jarsigner-fat.jar failed!')
os.chdir('..')
header('* Signing / Adjusting Zip')
@@ -172,7 +183,7 @@ def sign_adjust_zip(unsigned, output):
privateKey = os.path.join('ziptools', 'private.key.pk8')
# Unsigned->signed
proc = subprocess.run(['java', '-jar', zipsigner,
proc = subprocess.run(['java', '-jar', jarsigner,
publicKey, privateKey, unsigned, 'tmp_signed.zip'])
if proc.returncode != 0:
error('First sign flashable zip failed!')
@@ -183,7 +194,7 @@ def sign_adjust_zip(unsigned, output):
error('Adjust flashable zip failed!')
# Adjusted -> output
proc = subprocess.run(['java', '-jar', zipsigner,
proc = subprocess.run(['java', '-jar', jarsigner,
"-m", publicKey, privateKey, 'tmp_adjusted.zip', output])
if proc.returncode != 0:
error('Second sign flashable zip failed!')
@@ -199,15 +210,15 @@ def gen_update_binary():
if not os.path.exists(binary):
error('Please build \'binary\' before zipping!')
with open(binary, 'rb') as b64xz:
update_bin.append('#! /sbin/sh\nEX_ARM=')
update_bin.append(''.join("\\\\x{:02X}".format(c) for c in b64xz.read()))
update_bin.append('#! /sbin/sh\nEX_ARM=\'')
update_bin.append(''.join("\\x{:02X}".format(c) for c in b64xz.read()))
binary = os.path.join('libs', 'x86', 'b64xz')
with open(binary, 'rb') as b64xz:
update_bin.append('\nEX_X86=')
update_bin.append(''.join("\\\\x{:02X}".format(c) for c in b64xz.read()))
update_bin.append('\'\nEX_X86=\'')
update_bin.append(''.join("\\x{:02X}".format(c) for c in b64xz.read()))
binary = os.path.join('libs', 'armeabi-v7a', 'busybox')
with open(binary, 'rb') as busybox:
update_bin.append('\nBB_ARM=')
update_bin.append('\'\nBB_ARM=')
update_bin.append(base64.b64encode(lzma.compress(busybox.read())).decode('ascii'))
binary = os.path.join('libs', 'x86', 'busybox')
with open(binary, 'rb') as busybox:
@@ -238,9 +249,12 @@ def zip_main(args):
source = os.path.join('libs', lib_dir, binary)
target = os.path.join(zip_dir, binary)
zip_with_msg(zipf, source, target)
source = os.path.join('libs', 'arm64-v8a', 'magiskinit')
target = os.path.join('arm64', 'magiskinit')
zip_with_msg(zipf, source, target)
# APK
source = os.path.join('MagiskManager', 'app', 'build', 'outputs', 'apk',
source = os.path.join('java', 'app', 'build', 'outputs', 'apk',
'release' if args.release else 'debug', 'app-release.apk' if args.release else 'app-debug.apk')
target = os.path.join('common', 'magisk.apk')
zip_with_msg(zipf, source, target)
@@ -325,20 +339,21 @@ def zip_uninstaller(args):
def cleanup(args):
if len(args.target) == 0:
args.target = ['binary', 'apk', 'zip']
args.target = ['binary', 'java', 'zip']
if 'binary' in args.target:
header('* Cleaning Magisk binaries')
header('* Cleaning binaries')
subprocess.run(os.path.join(os.environ['ANDROID_HOME'], 'ndk-bundle', 'ndk-build') + ' clean', shell=True)
if 'apk' in args.target:
header('* Cleaning Magisk Manager')
os.chdir('MagiskManager')
if 'java' in args.target:
header('* Cleaning java')
os.chdir('java')
subprocess.run('{} clean'.format(os.path.join('.', 'gradlew')), shell=True)
os.chdir('..')
silentremove('snet.apk')
if 'zip' in args.target:
header('* Cleaning created zip files')
header('* Cleaning zip files')
for f in os.listdir('.'):
if '.zip' in f:
print('rm {}'.format(f))
@@ -361,6 +376,9 @@ binary_parser.set_defaults(func=build_binary)
apk_parser = subparsers.add_parser('apk', help='build Magisk Manager APK')
apk_parser.set_defaults(func=build_apk)
snet_parser = subparsers.add_parser('snet', help='build snet extention for Magisk Manager')
snet_parser.set_defaults(func=build_snet)
zip_parser = subparsers.add_parser('zip', help='zip and sign Magisk into a flashable zip')
zip_parser.add_argument('versionString')
zip_parser.add_argument('versionCode', type=int)
@@ -369,7 +387,7 @@ zip_parser.set_defaults(func=zip_main)
uninstaller_parser = subparsers.add_parser('uninstaller', help='create flashable uninstaller')
uninstaller_parser.set_defaults(func=zip_uninstaller)
clean_parser = subparsers.add_parser('clean', help='clean [target...] targets: binary apk zip')
clean_parser = subparsers.add_parser('clean', help='clean [target...] targets: binary java zip')
clean_parser.add_argument('target', nargs='*')
clean_parser.set_defaults(func=cleanup)

5
docs/README.MD
View File

@@ -1,7 +1,7 @@
# Magisk Documentations
(Updated on 2017.8.16) ([Changelog](changelog.md))
(Updated on 2017.9.28) ([Changelog](changelog.md))
## Table of Content
## Table of Contents
- [Introduction](#introduction)
- [Procedure Diagram](https://cdn.rawgit.com/topjohnwu/Magisk/cc1809688299f1f8b5db494a234850852712c0c9/docs/procedures.html)
@@ -19,6 +19,7 @@
- [Modules and Templates](module_repo.md#magisk-module-format)
- [Submit Modules to Repo](module_repo.md#submit-your-module-to-magisk-modules-repo)
- [Tips and Tricks](tips.md)
- [OTA Installation Tips](tips.md#ota-installation-tips)
- [Remove Files](tips.md#remove-files)
- [Remove Folders](tips.md#remove-folders)

39
docs/applets.md
View File

@@ -8,32 +8,27 @@ Command help message:
```
Usage: magisk [applet [arguments]...]
or: magisk --install [SOURCE] DIR
if SOURCE not provided, will link itself
or: magisk --list
or: magisk --createimg IMG SIZE
create ext4 image, SIZE is interpreted in MB
or: magisk --imgsize IMG
or: magisk --resizeimg IMG SIZE
SIZE is interpreted in MB
or: magisk --mountimg IMG PATH
mount IMG to PATH and prints the loop device
or: magisk --umountimg PATH LOOP
or: magisk --[boot stage]
start boot stage service
or: magisk [options]
or: applet [arguments]...
or: magisk [options]...
Options:
-c print current binary version
-v print running daemon version
-V print running daemon version code
--list list all availible applets
--install [SOURCE] DIR symlink all applets to DIR. SOURCE is optional
--createimg IMG SIZE create ext4 image. SIZE is interpreted in MB
--imgsize IMG report ext4 image used/total size
--resizeimg IMG SIZE resize ext4 image. SIZE is interpreted in MB
--mountimg IMG PATH mount IMG to PATH and prints the loop device
--umountimg PATH LOOP unmount PATH and delete LOOP device
--[boot stage] start boot stage service
--unlock-blocks set BLKROSET flag to OFF for all block devices
Supported boot stages:
post-fs, post-fs-data, service
Options:
-c print client version
-v print daemon version
-V print daemon version code
Supported applets:
su, resetprop, magiskpolicy, supolicy, sepolicy-inject, magiskhide
su, resetprop, magiskpolicy, supolicy, magiskhide
```
### su
@@ -86,7 +81,7 @@ resetprop --delete NAME remove prop entry NAME
```
### magiskpolicy
(This tool is aliased to `supolicy` and `sepolicy-injection` for legacy reasons)
(This tool is aliased to `supolicy` for compatibility)
A tool to patch `sepolicy`. **magiskpolicy** also comes with built-in rules to unleash restrictions to make Magisk work properly. `sepolicy` is a compiled binary containing SELinux rules; we directly patch rules in the binary format since we don't have access to the SELinux policy source (`*.te`) files.

5
docs/changelog.md
View File

@@ -1,3 +1,6 @@
# Changelog
- 2017.8.16
- Initial version for Magisk v13.5+
- Initial version for Magisk v13.5
- 2017.9.28
- Update applets info to Magisk v14.1
- Add OTA tips

BIN
docs/images/disable_auto_ota.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 245 KiB

BIN
docs/images/flashfire.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 224 KiB

BIN
docs/images/install_second_slot.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 237 KiB

BIN
docs/images/ota_step2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 176 KiB

0
docs/repo_description.png → docs/images/repo_description.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 39 KiB

After

Width:  |  Height:  |  Size: 39 KiB

BIN
docs/images/restore_boot.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 258 KiB

2
docs/module_repo.md
View File

@@ -61,7 +61,7 @@ If you want to share your module with others, you can submit your modules to [Ma
#### Once your module is live on the Modules Repo, the description of your repo should be the ID of your module. Please do NOT change the description, repeat, do NOT change the description.
![repo_description.png](repo_description.png)
![repo_description.png](images/repo_description.png)
## Notes
- The Module Template depends on external scripts, be aware of the minimal required Magisk version of the template.

49
docs/tips.md
View File

@@ -1,6 +1,53 @@
# Tips and Tricks
## OTA Installation Tips
Magisk do modifications systemless-ly, which means applying official OTAs is much simpler. Here I provide a few tutorials for several different kind of devices to apply OTAs and preserve Magisk after the installation if possible.
**This tutorial is only for Magisk v14.1+**
**NOTE: In order to apply OTAs, you HAVE to make sure you haven't modified `/system` (and `/vendor` if available) in anyway, even remounting the partition to rw will tamper block verification!!**
#### Prerequisites
1. Please disable *Automatic system updates* in developer options, so it won't install OTAs without your acknowledgement.
<img src="images/disable_auto_ota.png" width="250">
1. When an OTA is available, please go to Magisk Manager → Uninstall → Restore Stock Boot. **Do not reboot immediately or you will have Magisk uninstalled.** This will restore your boot back to 100% untouched stock boot image in order to pass boot verification. **This step is required before doing any of the following steps written below!**
<img src="images/restore_boot.png" width="250">
#### Devices with A/B Partitions
(Includes Pixel family)
Due to the fact that these devices have two separate partitions and the OTA installation happens live when the system is still running, these devices have the best support: the out-of-the-box OTA installation works seamlessly and Magisk will be preserved after the installation.
1. After restoring stock boot image, apply OTAs as you normally would (Settings → System → System Updates)
1. Once the installation passed step 1 and starting step 2, go to Magisk Manager → Install → Install to Second Slot. This will install Magisk into the second boot image slot, which is the updated slot.
<img src="images/ota_step2.png" width="250"> <img src="images/install_second_slot.png" width="250">
1. Let the OTA finish its job. After a reboot, the bootloader will switch to the updated system. Magisk should still be installed since we already patched the new boot image.
#### Devices with FlashFire Support
(Includes Pixel family, Nexus family, Samsung devices)
(If you are using a device with A/B partitions, I **strongly** recommend you to use the method stated above since it uses the stock OTA installation mechanism and will always work under any circumstances)
The [FlashFire](https://play.google.com/store/apps/details?id=eu.chainfire.flash) app developed by Chainfire is a great app to apply OTAs and preserve root at the same time. However, whether it supports your device/system combination depends on the application itself, and support may also change in the future. If you face any issues, please directly [report to Chainfire](https://forum.xda-developers.com/general/paid-software/flashfire-t3075433).
1. After restoring the stock boot image, download the OTA (Settings → System → System Updates), **do not press reboot to install.**
1. Open FlashFire, it should detect your OTA zip. Select OK in the popup dialog to let it do its setup.
1. Please use the options shown in the screenshot below. The key point is to disable EverRoot (or it will install SuperSU), and add a new action to flash Magisk zip **after** the OTA update.zip (the update.zip is auto generated in the previous step).
<img src="images/flashfire.png" width="250">
1. Press the big **Flash** button, after a few minutes it should reboot updated with Magisk installed.
#### Other Devices - General Case
Unfortunately, there are no real good ways to apply OTAs on all devices. Also, the tutorial provided below will not preserve Magisk - you will have to manually re-root your device after the upgrade, and this will require PC access. Here I share my personal experience with my daily driver - HTC U11.
1. To properly install OTAs, you should have your stock recovery installed on your device. If you have custom recovery installed, you can restore it from your previous backup, or dumps found online, or factory images provided by OEMs.
If you decide to start by installing Magisk without touching your recovery partition, you have a few choices, either way you will end up with a Magisk rooted device, but recovery remain stock untouched:
- If supported, use `fastboot boot <recovery_img>` to boot the custom recovery and install Magisk.
- If you have a copy of your stock boot image dump, install Magisk by patching boot image via Magisk Manager, and manually flash it through download mode / fastboot mode / Odin
1. Once your device have stock recovery and stock boot image restored, download the OTA. Optionally, once you downloaded the OTA update zip, you can find a way to copy the zip out since you are still rooted. Personally I will extract the stock boot image and recovery image from the OTA zip for future usage (to patch via Magisk Manager or restore stock recovery etc.)
1. Apply and reboot your device. This will use the official stock OTA installation mechanism of your device to upgrade your system.
1. Once it's done you will be left with an upgraded, 100% stock, un-rooted device. You will have to manually flash Magisk back. Consider using the methods stated in step 1. to flash Magisk without touching the recovery partition if you want to receive stock OTAs frequently.
## Remove Files
How to efficiently remove a file systemless-ly? To actually make the file **disappear** within the folder is complicated (possible, not worth the effort). **Replacing it with a dummy file should be good enough**! Create an empty file with the same name and place it in the same path within a module, then you're basically done!
How to efficiently remove a file systemless-ly? To actually make the file **disappear** is complicated (possible, not worth the effort). **Replacing it with a dummy file should be good enough**! Create an empty file with the same name and place it in the same path within a module, it shall replace your target file with a dummy file.
## Remove Folders
Same as mentioned above, actually making the folder to **disappear** is not worth the effort. **Replacing it with an empty folder should be good enough**! A handy trick for module developers using [Magisk Module Template](https://github.com/topjohnwu/magisk-module-template) is to add the folder you want to remove into the `REPLACE` list within `config.sh`. If your module doesn't provide a correspond folder, it will create an empty folder, and automatically add `.replace` into the empty folder so the dummy folder will properly replace the one in `/system`.

1
java Submodule

Submodule java added at 13bf1b27b4

79
jni/Android.mk
View File

@@ -1,5 +1,18 @@
LOCAL_PATH := $(call my-dir)
# Some handy paths
JNI_ROOT := jni
SELINUX_PATH := jni/external/selinux
COMPRESS_LIB := jni/external/ndk-compression
DTC_PATH := jni/external/dtc
LIBSELINUX := $(SELINUX_PATH)/libselinux/include
LIBSEPOL := $(SELINUX_PATH)/libsepol/include $(SELINUX_PATH)/libsepol/cil/include
LIBZ := $(COMPRESS_LIB)/zlib
LIBLZMA := $(COMPRESS_LIB)/xz/src/liblzma/api
LIBLZ4 := $(COMPRESS_LIB)/lz4/lib
LIBBZ2 := $(COMPRESS_LIB)/bzip2
LIBFDT := $(DTC_PATH)/libfdt
########################
# Binaries
########################
@@ -11,9 +24,10 @@ LOCAL_STATIC_LIBRARIES := libsepol
LOCAL_SHARED_LIBRARIES := libsqlite libselinux
LOCAL_C_INCLUDES := \
$(LOCAL_PATH)/include \
$(LOCAL_PATH)/external \
$(LOCAL_PATH)/selinux/libsepol/include
jni/include \
jni/external \
$(LIBSELINUX) \
$(LIBSEPOL)
LOCAL_SRC_FILES := \
daemon/magisk.c \
@@ -26,6 +40,7 @@ LOCAL_SRC_FILES := \
utils/xwrap.c \
utils/list.c \
utils/img.c \
utils/file.c \
magiskhide/magiskhide.c \
magiskhide/proc_monitor.c \
magiskhide/hide_utils.c \
@@ -38,12 +53,11 @@ LOCAL_SRC_FILES := \
su/su.c \
su/activity.c \
su/db.c \
su/misc.c \
su/pts.c \
su/su_daemon.c \
su/su_socket.c
LOCAL_CFLAGS := -Wno-implicit-exception-spec-mismatch
LOCAL_CFLAGS := -Wno-implicit-exception-spec-mismatch -DIS_DAEMON
LOCAL_CPPFLAGS := -std=c++11
LOCAL_LDLIBS := -llog
include $(BUILD_EXECUTABLE)
@@ -51,14 +65,14 @@ include $(BUILD_EXECUTABLE)
# magiskboot
include $(CLEAR_VARS)
LOCAL_MODULE := magiskboot
LOCAL_STATIC_LIBRARIES := libz liblzma liblz4 libbz2
LOCAL_STATIC_LIBRARIES := libz liblzma liblz4 libbz2 libfdt
LOCAL_C_INCLUDES := \
$(LOCAL_PATH)/magiskboot \
$(LOCAL_PATH)/include \
$(LOCAL_PATH)/ndk-compression/zlib \
$(LOCAL_PATH)/ndk-compression/xz/src/liblzma/api \
$(LOCAL_PATH)/ndk-compression/lz4/lib \
$(LOCAL_PATH)/ndk-compression/bzip2
jni/include \
$(LIBZ) \
$(LIBLZMA) \
$(LIBLZ4) \
$(LIBBZ2) \
$(LIBFDT)
LOCAL_SRC_FILES := \
magiskboot/main.c \
@@ -68,12 +82,32 @@ LOCAL_SRC_FILES := \
magiskboot/boot_utils.c \
magiskboot/cpio.c \
magiskboot/sha1.c \
magiskboot/types.c \
magiskboot/dtb.c \
utils/xwrap.c \
utils/vector.c \
utils/list.c
utils/vector.c
LOCAL_CFLAGS := -DZLIB_CONST
include $(BUILD_EXECUTABLE)
# magiskinit
ifeq ($(TARGET_ARCH_ABI), arm64-v8a)
include $(CLEAR_VARS)
LOCAL_MODULE := magiskinit
LOCAL_STATIC_LIBRARIES := libsepol
LOCAL_C_INCLUDES := jni/include $(LIBSEPOL)
LOCAL_SRC_FILES := \
magiskinit.c \
magiskboot/boot_utils.c \
utils/file.c \
utils/xwrap.c \
magiskpolicy/rules.c \
magiskpolicy/sepolicy.c \
magiskpolicy/api.c
LOCAL_CFLAGS := -DNO_SELINUX
LOCAL_LDFLAGS := -static
include $(BUILD_EXECUTABLE)
endif
# 32-bit static binaries
ifneq ($(TARGET_ARCH_ABI), x86_64)
ifneq ($(TARGET_ARCH_ABI), arm64-v8a)
@@ -81,27 +115,16 @@ ifneq ($(TARGET_ARCH_ABI), arm64-v8a)
include $(CLEAR_VARS)
LOCAL_MODULE := b64xz
LOCAL_STATIC_LIBRARIES := liblzma
LOCAL_C_INCLUDES := $(LOCAL_PATH)/ndk-compression/xz/src/liblzma/api
LOCAL_C_INCLUDES := $(LIBLZMA)
LOCAL_SRC_FILES := b64xz.c
LOCAL_LDFLAGS := -static
include $(BUILD_EXECUTABLE)
# Busybox
include jni/busybox/Android.mk
include jni/external/busybox/Android.mk
endif
endif
########################
# Libraries
# Externals
########################
# External shared libraries, include stub libselinux and libsqlite
include jni/external/Android.mk
# libsepol, static library
include jni/selinux/libsepol/Android.mk
# Compression libraries for magiskboot
include jni/ndk-compression/zlib/Android.mk
include jni/ndk-compression/xz/src/liblzma/Android.mk
include jni/ndk-compression/lz4/lib/Android.mk
include jni/ndk-compression/bzip2/Android.mk

213
jni/daemon/bootstages.c
View File

@@ -28,10 +28,6 @@ static int seperate_vendor = 0;
extern char **environ;
#ifdef MAGISK_DEBUG
static int debug_log_pid, debug_log_fd;
#endif
/******************
* Node structure *
******************/
@@ -101,7 +97,7 @@ static struct node_entry *insert_child(struct node_entry *p, struct node_entry *
if (c->status > e->status) {
// Precedence is higher, replace with new node
destroy_subtree(e);
vec_entry(p->children)[_] = c;
vec_cur(p->children) = c;
return c;
} else {
// Free the new entry, return old
@@ -149,7 +145,7 @@ static void exec_common_script(const char* stage) {
struct dirent *entry;
snprintf(buf, PATH_MAX, "%s/%s.d", COREDIR, stage);
if (!(dir = opendir(buf)))
if (!(dir = xopendir(buf)))
return;
while ((entry = xreaddir(dir))) {
@@ -194,7 +190,7 @@ static void construct_tree(const char *module, struct node_entry *parent) {
char *parent_path = get_full_path(parent);
snprintf(buf, PATH_MAX, "%s/%s%s", MOUNTPOINT, module, parent_path);
if (!(dir = opendir(buf)))
if (!(dir = xopendir(buf)))
goto cleanup;
while ((entry = xreaddir(dir))) {
@@ -262,7 +258,7 @@ static void clone_skeleton(struct node_entry *node) {
// Clone the structure
char *full_path = get_full_path(node);
snprintf(buf, PATH_MAX, "%s%s", MIRRDIR, full_path);
if (!(dir = opendir(buf)))
if (!(dir = xopendir(buf)))
goto cleanup;
while ((entry = xreaddir(dir))) {
if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0)
@@ -276,14 +272,21 @@ static void clone_skeleton(struct node_entry *node) {
}
closedir(dir);
snprintf(buf, PATH_MAX, "%s%s", DUMMDIR, full_path);
mkdir_p(buf, 0755);
clone_attr(full_path, buf);
if (node->status & IS_SKEL)
bind_mount(buf, full_path);
if (node->status & IS_SKEL) {
struct stat s;
char *con;
xstat(full_path, &s);
getfilecon(full_path, &con);
LOGI("tmpfs: %s\n", full_path);
xmount("tmpfs", full_path, "tmpfs", 0, NULL);
chmod(full_path, s.st_mode & 0777);
chown(full_path, s.st_uid, s.st_gid);
setfilecon(full_path, con);
free(con);
}
vec_for_each(node->children, child) {
snprintf(buf, PATH_MAX, "%s%s/%s", DUMMDIR, full_path, child->name);
snprintf(buf, PATH_MAX, "%s/%s", full_path, child->name);
// Create the dummy file/directory
if (IS_DIR(child))
@@ -303,7 +306,7 @@ static void clone_skeleton(struct node_entry *node) {
// Mount from module file to dummy file
snprintf(buf2, PATH_MAX, "%s/%s%s/%s", MOUNTPOINT, child->module, full_path, child->name);
} else if (child->status & (IS_SKEL | IS_INTER)) {
// It's a intermediate folder, recursive clone
// It's an intermediate folder, recursive clone
clone_skeleton(child);
continue;
} else if (child->status & IS_DUMMY) {
@@ -314,7 +317,11 @@ static void clone_skeleton(struct node_entry *node) {
if (IS_LNK(child)) {
// Copy symlinks directly
cp_afc(buf2, buf);
#ifdef MAGISK_DEBUG
LOGI("cplink: %s -> %s\n",buf2, buf);
#else
LOGI("cplink: %s\n", buf);
#endif
} else {
snprintf(buf, PATH_MAX, "%s/%s", full_path, child->name);
bind_mount(buf2, buf);
@@ -388,51 +395,110 @@ static void simple_mount(const char *path) {
* Miscellaneous *
*****************/
static void mount_mirrors() {
// A one time setup
static void daemon_init() {
LOGI("* Creating /sbin overlay");
DIR *dir;
struct dirent *entry;
int root, sbin;
// Setup links under /sbin
xmount(NULL, "/", NULL, MS_REMOUNT, NULL);
xmkdir("/root", 0755);
chmod("/root", 0755);
root = xopen("/root", O_RDONLY | O_CLOEXEC);
sbin = xopen("/sbin", O_RDONLY | O_CLOEXEC);
dir = xfdopendir(sbin);
while((entry = xreaddir(dir))) {
if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0) continue;
linkat(sbin, entry->d_name, root, entry->d_name, 0);
if (strcmp(entry->d_name, "magisk") == 0)
unlinkat(sbin, entry->d_name, 0);
}
close(sbin);
mount("tmpfs", "/sbin", "tmpfs", 0, NULL);
sbin = xopen("/sbin", O_RDONLY | O_CLOEXEC);
fchmod(sbin, 0755);
fsetfilecon(sbin, "u:object_r:rootfs:s0");
dir = xfdopendir(root);
while((entry = xreaddir(dir))) {
if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0) continue;
snprintf(buf, PATH_MAX, "/root/%s", entry->d_name);
snprintf(buf2, PATH_MAX, "/sbin/%s", entry->d_name);
xsymlink(buf, buf2);
}
for (int i = 0; applet[i]; ++i) {
snprintf(buf2, PATH_MAX, "/sbin/%s", applet[i]);
xsymlink("/root/magisk", buf2);
}
xmkdir("/magisk", 0755);
xmount(NULL, "/", NULL, MS_REMOUNT | MS_RDONLY, NULL);
LOGI("* Mounting mirrors");
struct vector mounts;
vec_init(&mounts);
file_to_vector("/proc/mounts", &mounts);
char *line;
int skip_initramfs = 0;
// Check whether skip_initramfs device
vec_for_each(&mounts, line) {
if (strstr(line, " /system ")) {
if (strstr(line, " /system_root ")) {
xmkdir_p(MIRRDIR "/system", 0755);
bind_mount("/system_root/system", MIRRDIR "/system");
skip_initramfs = 1;
break;
}
}
vec_for_each(&mounts, line) {
if (!skip_initramfs && strstr(line, " /system ")) {
sscanf(line, "%s", buf);
xmkdir_p(MIRRDIR "/system", 0755);
xmount(buf, MIRRDIR "/system", "ext4", MS_RDONLY, NULL);
#ifdef MAGISK_DEBUG
LOGI("mount: %s -> %s\n", buf, MIRRDIR "/system");
continue;
}
if (strstr(line, " /vendor ")) {
#else
LOGI("mount: %s\n", MIRRDIR "/system");
#endif
} else if (strstr(line, " /vendor ")) {
seperate_vendor = 1;
sscanf(line, "%s", buf);
xmkdir_p(MIRRDIR "/vendor", 0755);
xmount(buf, MIRRDIR "/vendor", "ext4", MS_RDONLY, NULL);
#ifdef MAGISK_DEBUG
LOGI("mount: %s -> %s\n", buf, MIRRDIR "/vendor");
continue;
#else
LOGI("mount: %s\n", MIRRDIR "/vendor");
#endif
}
free(line);
}
vec_deep_destroy(&mounts);
vec_destroy(&mounts);
if (!seperate_vendor) {
symlink(MIRRDIR "/system/vendor", MIRRDIR "/vendor");
xsymlink(MIRRDIR "/system/vendor", MIRRDIR "/vendor");
#ifdef MAGISK_DEBUG
LOGI("link: %s -> %s\n", MIRRDIR "/system/vendor", MIRRDIR "/vendor");
#else
LOGI("link: %s\n", MIRRDIR "/vendor");
#endif
}
mkdir_p(MIRRDIR "/bin", 0755);
xmkdir_p(MIRRDIR "/bin", 0755);
bind_mount(DATABIN, MIRRDIR "/bin");
}
static void link_busybox() {
mkdir_p(BBPATH, 0755);
LOGI("* Setting up internal busybox");
xmkdir_p(BBPATH, 0755);
exec_command_sync(MIRRDIR "/bin/busybox", "--install", "-s", BBPATH, NULL);
symlink(MIRRDIR "/bin/busybox", BBPATH "/busybox");
xsymlink(MIRRDIR "/bin/busybox", BBPATH "/busybox");
}
static int prepare_img() {
int new_img = 0;
// First merge images
if (merge_img("/data/magisk_merge.img", MAINIMG)) {
LOGE("Image merge /data/magisk_merge.img -> " MAINIMG " failed!\n");
return 1;
}
if (access(MAINIMG, F_OK) == -1) {
if (create_img(MAINIMG, 64))
return 1;
new_img = 1;
}
LOGI("* Mounting " MAINIMG "\n");
@@ -443,12 +509,11 @@ static int prepare_img() {
vec_init(&module_list);
if (new_img) {
xmkdir(COREDIR, 0755);
xmkdir(COREDIR "/post-fs-data.d", 0755);
xmkdir(COREDIR "/service.d", 0755);
xmkdir(COREDIR "/props", 0755);
} else {
DIR *dir = xopendir(MOUNTPOINT);
struct dirent *entry;
while ((entry = xreaddir(dir))) {
@@ -461,7 +526,7 @@ static int prepare_img() {
snprintf(buf, PATH_MAX, "%s/%s/remove", MOUNTPOINT, entry->d_name);
if (access(buf, F_OK) == 0) {
snprintf(buf, PATH_MAX, "%s/%s", MOUNTPOINT, entry->d_name);
exec_command_sync(BBPATH "/rm", "-rf", buf, NULL);
rm_rf(buf);
continue;
}
snprintf(buf, PATH_MAX, "%s/%s/disable", MOUNTPOINT, entry->d_name);
@@ -481,31 +546,31 @@ static int prepare_img() {
// Remount them back :)
magiskloop = mount_image(MAINIMG, MOUNTPOINT);
free(magiskloop);
}
// Fix file selinux contexts
fix_filecon();
return 0;
}
void fix_filecon() {
int dirfd = xopen(MOUNTPOINT, O_RDONLY | O_CLOEXEC);
restorecon(dirfd, 0);
close(dirfd);
dirfd = xopen(DATABIN, O_RDONLY | O_CLOEXEC);
restorecon(dirfd, 1);
close(dirfd);
}
/****************
* Entry points *
****************/
static void *start_magisk_hide(void *args) {
launch_magiskhide(-1);
return NULL;
}
static void unblock_boot_process() {
close(open(UNBLOCKFILE, O_RDONLY | O_CREAT));
close(xopen(UNBLOCKFILE, O_RDONLY | O_CREAT));
pthread_exit(NULL);
}
void post_fs(int client) {
// Error handler
err_handler = unblock_boot_process;
// Start log monitor
monitor_logs();
LOGI("** post-fs mode running\n");
// ack
write_int(client, 0);
@@ -527,21 +592,14 @@ unblock:
}
void post_fs_data(int client) {
// Error handler
err_handler = unblock_boot_process;
// ack
write_int(client, 0);
close(client);
if (!check_data())
goto unblock;
#ifdef MAGISK_DEBUG
// Start debug logs in new process
debug_log_fd = xopen(DEBUG_LOG, O_WRONLY | O_CREAT | O_CLOEXEC | O_TRUNC, 0644);
debug_log_pid = exec_command(0, &debug_log_fd, NULL, "logcat", "-v", "brief", NULL);
close(debug_log_fd);
#endif
// Start the debug log
start_debug_full_log();
LOGI("** post-fs-data mode running\n");
@@ -555,28 +613,18 @@ void post_fs_data(int client) {
bin_path = "/cache/data_bin";
else if (access("/data/data/com.topjohnwu.magisk/install", F_OK) == 0)
bin_path = "/data/data/com.topjohnwu.magisk/install";
else if (access("/data/user_de/0/com.topjohnwu.magisk/install", F_OK) == 0)
bin_path = "/data/user_de/0/com.topjohnwu.magisk/install";
if (bin_path) {
exec_command_sync("rm", "-rf", DATABIN, NULL);
exec_command_sync("cp", "-r", bin_path, DATABIN, NULL);
exec_command_sync("rm", "-rf", bin_path, NULL);
exec_command_sync("chmod", "-R", "755", bin_path, NULL);
rm_rf(DATABIN);
cp_afc(bin_path, DATABIN);
rm_rf(bin_path);
// Lazy.... use shell blob to match files
exec_command_sync("sh", "-c", "mv /data/magisk/stock_boot* /data", NULL);
}
// Link busybox
mount_mirrors();
link_busybox();
// Merge images
if (merge_img("/cache/magisk.img", MAINIMG)) {
LOGE("Image merge %s -> %s failed!\n", "/cache/magisk.img", MAINIMG);
goto unblock;
}
if (merge_img("/data/magisk_merge.img", MAINIMG)) {
LOGE("Image merge %s -> %s failed!\n", "/data/magisk_merge.img", MAINIMG);
goto unblock;
}
// Initialize
daemon_init();
// uninstaller
if (access(UNINSTALLER, F_OK) == 0) {
@@ -586,7 +634,7 @@ void post_fs_data(int client) {
return;
}
// Trim, mount magisk.img, which will also travel through the modules
// Merge, trim, mount magisk.img, which will also travel through the modules
// After this, it will create the module list
if (prepare_img())
goto core_only; // Mounting fails, we can only do core only stuffs
@@ -638,7 +686,7 @@ void post_fs_data(int client) {
if (access(buf, F_OK) == 0) {
snprintf(buf2, PATH_MAX, "%s/%s/vendor", MOUNTPOINT, module);
unlink(buf2);
symlink(buf, buf2);
xsymlink(buf, buf2);
}
construct_tree(module, sys_root);
}
@@ -654,7 +702,7 @@ void post_fs_data(int client) {
child->name = strdup("vendor");
child->status = 0;
// Swap!
vec_entry(sys_root->children)[_] = child;
vec_cur(sys_root->children) = child;
ven_root->parent = NULL;
break;
}
@@ -676,14 +724,7 @@ core_only:
bind_mount(HOSTSFILE, "/system/etc/hosts");
}
// Enable magiskhide by default, only disable when set explicitly
char *hide_prop = getprop(MAGISKHIDE_PROP);
if (hide_prop == NULL || strcmp(hide_prop, "0") != 0) {
pthread_t thread;
xpthread_create(&thread, NULL, start_magisk_hide, NULL);
pthread_detach(thread);
}
free(hide_prop);
auto_start_magiskhide();
unblock:
unblock_boot_process();
@@ -741,9 +782,5 @@ core_only:
buf = buf2 = NULL;
vec_deep_destroy(&module_list);
#ifdef MAGISK_DEBUG
// Stop recording the boot logcat after every boot task is done
kill(debug_log_pid, SIGTERM);
waitpid(debug_log_pid, NULL, 0);
#endif
stop_debug_full_log();
}

88
jni/daemon/daemon.c
View File

@@ -21,13 +21,12 @@
#include "utils.h"
#include "daemon.h"
#include "magiskpolicy.h"
#include "resetprop.h"
pthread_t sepol_patch;
int is_restart = 0;
static void *request_handler(void *args) {
// Setup the default error handler for threads
err_handler = exit_thread;
int client = *((int *) args);
free(args);
client_request req = read_int(client);
@@ -114,27 +113,24 @@ static void *large_sepol_patch(void *args) {
return NULL;
}
void start_daemon(int client) {
// Launch the daemon, create new session, set proper context
if (getuid() != UID_ROOT || getgid() != UID_ROOT) {
fprintf(stderr, "Starting daemon requires root: %s\n", strerror(errno));
PLOGE("start daemon");
static void *start_magisk_hide(void *args) {
launch_magiskhide(-1);
return NULL;
}
switch (fork()) {
case -1:
PLOGE("fork");
case 0:
break;
default:
return;
void auto_start_magiskhide() {
char *hide_prop = getprop2(MAGISKHIDE_PROP, 1);
if (hide_prop == NULL || strcmp(hide_prop, "0") != 0) {
pthread_t thread;
xpthread_create(&thread, NULL, start_magisk_hide, NULL);
pthread_detach(thread);
}
free(hide_prop);
}
// First close the client, it's useless for us
close(client);
xsetsid();
void start_daemon() {
setcon("u:r:su:s0");
umask(022);
umask(0);
int fd = xopen("/dev/null", O_RDWR | O_CLOEXEC);
xdup2(fd, STDIN_FILENO);
xdup2(fd, STDOUT_FILENO);
@@ -146,33 +142,36 @@ void start_daemon(int client) {
sepol_med_rules();
dump_policydb(SELINUX_LOAD);
// Continue the larger patch in another thread, we will join later
pthread_create(&sepol_patch, NULL, large_sepol_patch, NULL);
struct sockaddr_un sun;
fd = setup_socket(&sun);
xbind(fd, (struct sockaddr*) &sun, sizeof(sun));
if (xbind(fd, (struct sockaddr*) &sun, sizeof(sun)) == -1)
exit(1);
xlisten(fd, 10);
if ((is_restart = access(UNBLOCKFILE, F_OK) == 0)) {
// Restart stuffs if the daemon is restarted
exec_command_sync("logcat", "-b", "all", "-c", NULL);
auto_start_magiskhide();
start_debug_log();
}
// Start the log monitor
monitor_logs();
// Continue the larger patch in another thread, we will join later
xpthread_create(&sepol_patch, NULL, large_sepol_patch, NULL);
LOGI("Magisk v" xstr(MAGISK_VERSION) "(" xstr(MAGISK_VER_CODE) ") daemon started\n");
// Change process name
strcpy(argv0, "magisk_daemon");
// The root daemon should not do anything if an error occurs
// It should stay intact under any circumstances
err_handler = do_nothing;
LOGI("Magisk v" xstr(MAGISK_VERSION) "(" xstr(MAGISK_VER_CODE) ") daemon started\n");
// Unlock all blocks for rw
unlock_blocks();
// Setup links under /sbin
xmount(NULL, "/", NULL, MS_REMOUNT, NULL);
create_links(NULL, "/sbin");
xchmod("/sbin", 0755);
xmkdir("/magisk", 0755);
xchmod("/magisk", 0755);
xmount(NULL, "/", NULL, MS_REMOUNT | MS_RDONLY, NULL);
// Notifiy init the daemon is started
close(xopen(UNBLOCKFILE, O_RDONLY | O_CREAT));
// Loop forever to listen for requests
while(1) {
@@ -189,12 +188,21 @@ void start_daemon(int client) {
int connect_daemon() {
struct sockaddr_un sun;
int fd = setup_socket(&sun);
if (connect(fd, (struct sockaddr*) &sun, sizeof(sun))) {
/* If we cannot access the daemon, we start the daemon
* since there is no clear entry point when the daemon should be started
*/
if (xconnect(fd, (struct sockaddr*) &sun, sizeof(sun))) {
// If we cannot access the daemon, we start a daemon in the child process if possible
if (getuid() != UID_ROOT || getgid() != UID_ROOT) {
fprintf(stderr, "No daemon is currently running!\n");
exit(1);
}
if (xfork() == 0) {
LOGD("client: connect fail, try launching new daemon process\n");
start_daemon(fd);
close(fd);
xsetsid();
start_daemon();
}
do {
// Wait for 10ms
usleep(10);

145
jni/daemon/log_monitor.c
View File

@@ -1,8 +1,8 @@
/* log_monitor.c - New thread to monitor logcat
*
* Open a new thread to call logcat and get logs with tag "Magisk"
* Also, write the logs to a log file for debugging purpose
*
* A universal logcat monitor for many usages. Add listeners to the list,
* and the pointer of the new log line will be sent through pipes to trigger
* asynchronous events without polling
*/
#include <stdio.h>
@@ -13,33 +13,146 @@
#include "magisk.h"
#include "utils.h"
#include "daemon.h"
int logcat_events[] = { -1, -1, -1 };
extern int is_restart;
#ifdef MAGISK_DEBUG
static int debug_log_pid, debug_log_fd;
#endif
static void *logger_thread(void *args) {
// Setup error handler
err_handler = exit_thread;
int log_fd = -1, log_pid;
char line[4096];
rename(LOGFILE, LASTLOG);
int log_fd, log_pid;
log_fd = xopen(LOGFILE, O_WRONLY | O_CREAT | O_CLOEXEC | O_TRUNC, 0644);
LOGD("log_monitor: logger start");
while (1) {
// Start logcat
log_pid = exec_command(0, &log_fd, NULL, "logcat", "-s", "Magisk", "-v", "thread", NULL);
if (log_pid > 0)
waitpid(log_pid, NULL, 0);
// For some reason it went here, clear buffer and restart
exec_command_sync("logcat", "-c", NULL);
log_pid = exec_command(0, &log_fd, NULL, "logcat", "-b", "all" , "-v", "threadtime", "-s", "am_proc_start", "Magisk", NULL);
while (fdgets(line, sizeof(line), log_fd)) {
for (int i = 0; i < (sizeof(logcat_events) / sizeof(int)); ++i) {
if (logcat_events[i] > 0) {
char *s = strdup(line);
xwrite(logcat_events[i], &s, sizeof(s));
}
}
if (kill(log_pid, 0))
break;
}
// Clear buffer if restart required
exec_command_sync("logcat", "-b", "all", "-c", NULL);
}
// Should never be here, but well...
return NULL;
}
/* Start a new thread to monitor logcat and dump to logfile */
static void *magisk_log_thread(void *args) {
int have_data = 0;
// Temp buffer for logs before we have data access
struct vector logs;
vec_init(&logs);
FILE *log;
int pipefd[2];
if (xpipe2(pipefd, O_CLOEXEC) == -1)
return NULL;
// Register our listener
logcat_events[LOG_EVENT] = pipefd[1];
LOGD("log_monitor: magisk log dumper start");
for (char *line; xxread(pipefd[0], &line, sizeof(line)) > 0; free(line)) {
char *ss;
if ((ss = strstr(line, " Magisk")) && (ss[-1] != 'D') && (ss[-1] != 'V')) {
if (!have_data) {
if ((have_data = check_data())) {
// Dump buffered logs to file
if (!is_restart)
rename(LOGFILE, LASTLOG);
log = xfopen(LOGFILE, "a");
setbuf(log, NULL);
char *tmp;
vec_for_each(&logs, tmp) {
fprintf(log, "%s", tmp);
free(tmp);
}
vec_destroy(&logs);
} else {
vec_push_back(&logs, strdup(line));
}
}
if (have_data)
fprintf(log, "%s", line);
}
}
return NULL;
}
static void *debug_magisk_log_thread(void *args) {
FILE *log = xfopen(DEBUG_LOG, "a");
setbuf(log, NULL);
int pipefd[2];
if (xpipe2(pipefd, O_CLOEXEC) == -1)
return NULL;
LOGD("log_monitor: debug log dumper start");
// Register our listener
logcat_events[DEBUG_EVENT] = pipefd[1];
for (char *line; xxread(pipefd[0], &line, sizeof(line)) > 0; free(line)) {
char *ss;
if ((ss = strstr(line, "Magisk")))
fprintf(log, "%s", line);
}
return NULL;
}
/* Start new threads to monitor logcat and dump to logfile */
void monitor_logs() {
pthread_t thread;
// Start log file dumper before monitor
xpthread_create(&thread, NULL, magisk_log_thread, NULL);
pthread_detach(thread);
// Start logcat monitor
xpthread_create(&thread, NULL, logger_thread, NULL);
pthread_detach(thread);
}
void start_debug_full_log() {
#ifdef MAGISK_DEBUG
// Log everything initially
debug_log_fd = xopen(DEBUG_LOG, O_WRONLY | O_CREAT | O_CLOEXEC | O_TRUNC, 0644);
debug_log_pid = exec_command(0, &debug_log_fd, NULL, "logcat", "-v", "threadtime", NULL);
close(debug_log_fd);
#endif
}
void stop_debug_full_log() {
#ifdef MAGISK_DEBUG
// Stop recording the boot logcat after every boot task is done
kill(debug_log_pid, SIGTERM);
waitpid(debug_log_pid, NULL, 0);
pthread_t thread;
// Start debug thread
xpthread_create(&thread, NULL, debug_magisk_log_thread, NULL);
pthread_detach(thread);
start_debug_log();
#endif
}
void start_debug_log() {
#ifdef MAGISK_DEBUG
pthread_t thread;
// Start debug thread
xpthread_create(&thread, NULL, debug_magisk_log_thread, NULL);
pthread_detach(thread);
#endif
}

78
jni/daemon/magisk.c
View File

@@ -3,6 +3,7 @@
#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
#include "utils.h"
#include "magisk.h"
@@ -11,58 +12,62 @@
char *argv0;
char *applet[] =
{ "su", "resetprop", "magiskpolicy", "supolicy", "sepolicy-inject", "magiskhide", NULL };
{ "su", "resetprop", "magiskpolicy", "supolicy", "magiskhide", NULL };
int (*applet_main[]) (int, char *[]) =
{ su_client_main, resetprop_main, magiskpolicy_main, magiskpolicy_main, magiskpolicy_main, magiskhide_main, NULL };
{ su_client_main, resetprop_main, magiskpolicy_main, magiskpolicy_main, magiskhide_main, NULL };
// Global error hander function
// Should be changed each thread/process
__thread void (*err_handler)(void);
int create_links(const char *bin, const char *path) {
char self[PATH_MAX], linkpath[PATH_MAX];
if (bin == NULL) {
xreadlink("/proc/self/exe", self, sizeof(self));
bin = self;
}
int ret = 0;
for (int i = 0; applet[i]; ++i) {
snprintf(linkpath, sizeof(linkpath), "%s/%s", path, applet[i]);
unlink(linkpath);
ret |= symlink(bin, linkpath);
}
return ret;
}
static void usage() {
fprintf(stderr,
"Magisk v" xstr(MAGISK_VERSION) "(" xstr(MAGISK_VER_CODE) ") (by topjohnwu) multi-call binary\n"
"\n"
"Usage: %s [applet [arguments]...]\n"
" or: %s --install [SOURCE] DIR\n"
" if SOURCE not provided, will link itself\n"
" or: %s --list\n"
" or: %s --createimg IMG SIZE\n"
" create ext4 image, SIZE is interpreted in MB\n"
" or: %s --imgsize IMG\n"
" or: %s --resizeimg IMG SIZE\n"
" SIZE is interpreted in MB\n"
" or: %s --mountimg IMG PATH\n"
" mount IMG to PATH and prints the loop device\n"
" or: %s --umountimg PATH LOOP\n"
" or: %s --[boot stage]\n"
" start boot stage service\n"
" or: %s [options]\n"
" or: applet [arguments]...\n"
"\n"
"Supported boot stages:\n"
" post-fs, post-fs-data, service\n"
" or: %s [options]...\n"
"\n"
"Options:\n"
" -c print client version\n"
" -v print daemon version\n"
" -V print daemon version code\n"
" -c print current binary version\n"
" -v print running daemon version\n"
" -V print running daemon version code\n"
" --list list all availible applets\n"
" --install [SOURCE] DIR symlink all applets to DIR. SOURCE is optional\n"
" --createimg IMG SIZE create ext4 image. SIZE is interpreted in MB\n"
" --imgsize IMG report ext4 image used/total size\n"
" --resizeimg IMG SIZE resize ext4 image. SIZE is interpreted in MB\n"
" --mountimg IMG PATH mount IMG to PATH and prints the loop device\n"
" --umountimg PATH LOOP unmount PATH and delete LOOP device\n"
" --[init service] start init service\n"
" --unlock-blocks set BLKROSET flag to OFF for all block devices\n"
" --restorecon fix selinux context on Magisk files and folders\n"
"\n"
"Supported init services:\n"
" daemon post-fs, post-fs-data, service\n"
"\n"
"Supported applets:\n"
, argv0, argv0, argv0, argv0, argv0, argv0, argv0, argv0, argv0, argv0);
, argv0, argv0);
for (int i = 0; applet[i]; ++i) {
for (int i = 0; applet[i]; ++i)
fprintf(stderr, i ? ", %s" : " %s", applet[i]);
}
fprintf(stderr, "\n");
fprintf(stderr, "\n\n");
exit(1);
}
int main(int argc, char *argv[]) {
argv0 = argv[0];
// Exit the whole app if error occurs by default
err_handler = exit_proc;
char * arg = strrchr(argv[0], '/');
if (arg) ++arg;
else arg = argv[0];
@@ -133,6 +138,15 @@ int main(int argc, char *argv[]) {
if (argc < 4) usage();
umount_image(argv[2], argv[3]);
return 0;
} else if (strcmp(argv[1], "--unlock-blocks") == 0) {
unlock_blocks();
return 0;
} else if (strcmp(argv[1], "--restorecon") == 0) {
fix_filecon();
return 0;
} else if (strcmp(argv[1], "--daemon") == 0) {
// Start daemon, this process won't return
start_daemon();
} else if (strcmp(argv[1], "--post-fs") == 0) {
int fd = connect_daemon();
write_int(fd, POST_FS);

31
jni/external/Android.mk vendored
View File

@@ -1,13 +1,40 @@
LOCAL_PATH:= $(call my-dir)
EXTERNAL := $(LOCAL_PATH)
# libsqlite.so (stub)
include $(CLEAR_VARS)
LOCAL_MODULE:= libsqlite
LOCAL_SRC_FILES := sqlite3_stub.c
LOCAL_SRC_FILES := stubs/sqlite3_stub.c
include $(BUILD_SHARED_LIBRARY)
# libselinux.so (stub)
include $(CLEAR_VARS)
LOCAL_MODULE:= libselinux
LOCAL_SRC_FILES := selinux_stub.c
LOCAL_C_INCLUDES := $(LIBSELINUX)
LOCAL_SRC_FILES := stubs/selinux_stub.c
include $(BUILD_SHARED_LIBRARY)
# libfdt
include $(CLEAR_VARS)
LOCAL_MODULE:= libfdt
LOCAL_C_INCLUDES := $(LIBFDT)
LOCAL_SRC_FILES := \
dtc/libfdt/fdt.c \
dtc/libfdt/fdt_addresses.c \
dtc/libfdt/fdt_empty_tree.c \
dtc/libfdt/fdt_overlay.c \
dtc/libfdt/fdt_ro.c \
dtc/libfdt/fdt_rw.c \
dtc/libfdt/fdt_strerror.c \
dtc/libfdt/fdt_sw.c \
dtc/libfdt/fdt_wip.c
include $(BUILD_STATIC_LIBRARY)
# libsepol, static library
include $(SELINUX_PATH)/libsepol/Android.mk
# Compression libraries for magiskboot
include $(COMPRESS_LIB)/zlib/Android.mk
include $(COMPRESS_LIB)/xz/src/liblzma/Android.mk
include $(COMPRESS_LIB)/lz4/lib/Android.mk
include $(COMPRESS_LIB)/bzip2/Android.mk

0
jni/busybox → jni/external/busybox vendored
View File

1
jni/external/dtc vendored Submodule

Submodule jni/external/dtc added at fe50bd1ecc

1
jni/external/ndk-compression vendored Submodule

Submodule jni/external/ndk-compression added at b5cefe452b

1
jni/external/selinux vendored Submodule

Submodule jni/external/selinux added at 2fefdfc40f

1029
jni/external/selinux/av_permissions.h vendored
View File

File diff suppressed because it is too large Load Diff

511
jni/external/selinux/avc.h vendored
View File

@@ -1,511 +0,0 @@
/*
* Access vector cache interface for object managers.
*
* Author : Eamon Walsh <ewalsh@epoch.ncsc.mil>
*/
#ifndef _SELINUX_AVC_H_
#define _SELINUX_AVC_H_
#include <stdint.h>
#include <errno.h>
#include <stdlib.h>
#include <selinux/selinux.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
* SID format and operations
*/
struct security_id {
char * ctx;
unsigned int refcnt;
};
typedef struct security_id *security_id_t;
#define SECSID_WILD (security_id_t)NULL /* unspecified SID */
/**
* avc_sid_to_context - get copy of context corresponding to SID.
* @sid: input SID
* @ctx: pointer to context reference
*
* Return a copy of the security context corresponding to the input
* @sid in the memory referenced by @ctx. The caller is expected to
* free the context with freecon(). Return %0 on success, -%1 on
* failure, with @errno set to %ENOMEM if insufficient memory was
* available to make the copy, or %EINVAL if the input SID is invalid.
*/
int avc_sid_to_context(security_id_t sid, char ** ctx);
int avc_sid_to_context_raw(security_id_t sid, char ** ctx);
/**
* avc_context_to_sid - get SID for context.
* @ctx: input security context
* @sid: pointer to SID reference
*
* Look up security context @ctx in SID table, making
* a new entry if @ctx is not found. Increment the
* reference counter for the SID. Store a pointer
* to the SID structure into the memory referenced by @sid,
* returning %0 on success or -%1 on error with @errno set.
*/
int avc_context_to_sid(const char * ctx, security_id_t * sid);
int avc_context_to_sid_raw(const char * ctx, security_id_t * sid);
/**
* sidget - increment SID reference counter.
* @sid: SID reference
*
* Increment the reference counter for @sid, indicating that
* @sid is in use by an (additional) object. Return the
* new reference count, or zero if @sid is invalid (has zero
* reference count). Note that avc_context_to_sid() also
* increments reference counts.
*/
int sidget(security_id_t sid);
/**
* sidput - decrement SID reference counter.
* @sid: SID reference
*
* Decrement the reference counter for @sid, indicating that
* a reference to @sid is no longer in use. Return the
* new reference count. When the reference count reaches
* zero, the SID is invalid, and avc_context_to_sid() must
* be called to obtain a new SID for the security context.
*/
int sidput(security_id_t sid);
/**
* avc_get_initial_sid - get SID for an initial kernel security identifier
* @name: input name of initial kernel security identifier
* @sid: pointer to a SID reference
*
* Get the context for an initial kernel security identifier specified by
* @name using security_get_initial_context() and then call
* avc_context_to_sid() to get the corresponding SID.
*/
int avc_get_initial_sid(const char *name, security_id_t * sid);
/*
* AVC entry
*/
struct avc_entry;
struct avc_entry_ref {
struct avc_entry *ae;
};
/**
* avc_entry_ref_init - initialize an AVC entry reference.
* @aeref: pointer to avc entry reference structure
*
* Use this macro to initialize an avc entry reference structure
* before first use. These structures are passed to avc_has_perm(),
* which stores cache entry references in them. They can increase
* performance on repeated queries.
*/
#define avc_entry_ref_init(aeref) ((aeref)->ae = NULL)
/*
* User-provided callbacks for memory, auditing, and locking
*/
/* These structures are passed by reference to avc_init(). Passing
* a NULL reference will cause the AVC to use a default. The default
* memory callbacks are malloc() and free(). The default logging method
* is to print on stderr. If no thread callbacks are passed, a separate
* listening thread won't be started for kernel policy change messages.
* If no locking callbacks are passed, no locking will take place.
*/
struct avc_memory_callback {
/* malloc() equivalent. */
void *(*func_malloc) (size_t size);
/* free() equivalent. */
void (*func_free) (void *ptr);
/* Note that these functions should set errno on failure.
If not, some avc routines may return -1 without errno set. */
};
struct avc_log_callback {
/* log the printf-style format and arguments. */
void
#ifdef __GNUC__
__attribute__ ((format(printf, 1, 2)))
#endif
(*func_log) (const char *fmt, ...);
/* store a string representation of auditdata (corresponding
to the given security class) into msgbuf. */
void (*func_audit) (void *auditdata, security_class_t cls,
char *msgbuf, size_t msgbufsize);
};
struct avc_thread_callback {
/* create and start a thread, returning an opaque pointer to it;
the thread should run the given function. */
void *(*func_create_thread) (void (*run) (void));
/* cancel a given thread and free its resources. */
void (*func_stop_thread) (void *thread);
};
struct avc_lock_callback {
/* create a lock and return an opaque pointer to it. */
void *(*func_alloc_lock) (void);
/* obtain a given lock, blocking if necessary. */
void (*func_get_lock) (void *lock);
/* release a given lock. */
void (*func_release_lock) (void *lock);
/* destroy a given lock (free memory, etc.) */
void (*func_free_lock) (void *lock);
};
/*
* Available options
*/
/* no-op option, useful for unused slots in an array of options */
#define AVC_OPT_UNUSED 0
/* override kernel enforcing mode (boolean value) */
#define AVC_OPT_SETENFORCE 1
/*
* AVC operations
*/
/**
* avc_init - Initialize the AVC.
* @msgprefix: prefix for log messages
* @mem_callbacks: user-supplied memory callbacks
* @log_callbacks: user-supplied logging callbacks
* @thread_callbacks: user-supplied threading callbacks
* @lock_callbacks: user-supplied locking callbacks
*
* Initialize the access vector cache. Return %0 on
* success or -%1 with @errno set on failure.
* If @msgprefix is NULL, use "uavc". If any callback
* structure references are NULL, use default methods
* for those callbacks (see the definition of the callback
* structures above).
*/
int avc_init(const char *msgprefix,
const struct avc_memory_callback *mem_callbacks,
const struct avc_log_callback *log_callbacks,
const struct avc_thread_callback *thread_callbacks,
const struct avc_lock_callback *lock_callbacks);
/**
* avc_open - Initialize the AVC.
* @opts: array of selabel_opt structures specifying AVC options or NULL.
* @nopts: number of elements in opts array or zero for no options.
*
* This function is identical to avc_init(), except the message prefix
* is set to "avc" and any callbacks desired should be specified via
* selinux_set_callback(). Available options are listed above.
*/
int avc_open(struct selinux_opt *opts, unsigned nopts);
/**
* avc_cleanup - Remove unused SIDs and AVC entries.
*
* Search the SID table for SID structures with zero
* reference counts, and remove them along with all
* AVC entries that reference them. This can be used
* to return memory to the system.
*/
void avc_cleanup(void);
/**
* avc_reset - Flush the cache and reset statistics.
*
* Remove all entries from the cache and reset all access
* statistics (as returned by avc_cache_stats()) to zero.
* The SID mapping is not affected. Return %0 on success,
* -%1 with @errno set on error.
*/
int avc_reset(void);
/**
* avc_destroy - Free all AVC structures.
*
* Destroy all AVC structures and free all allocated
* memory. User-supplied locking, memory, and audit
* callbacks will be retained, but security-event
* callbacks will not. All SID's will be invalidated.
* User must call avc_init() if further use of AVC is desired.
*/
void avc_destroy(void);
/**
* avc_has_perm_noaudit - Check permissions but perform no auditing.
* @ssid: source security identifier
* @tsid: target security identifier
* @tclass: target security class
* @requested: requested permissions, interpreted based on @tclass
* @aeref: AVC entry reference
* @avd: access vector decisions
*
* Check the AVC to determine whether the @requested permissions are granted
* for the SID pair (@ssid, @tsid), interpreting the permissions
* based on @tclass, and call the security server on a cache miss to obtain
* a new decision and add it to the cache. Update @aeref to refer to an AVC
* entry with the resulting decisions, and return a copy of the decisions
* in @avd. Return %0 if all @requested permissions are granted, -%1 with
* @errno set to %EACCES if any permissions are denied, or to another value
* upon other errors. This function is typically called by avc_has_perm(),
* but may also be called directly to separate permission checking from
* auditing, e.g. in cases where a lock must be held for the check but
* should be released for the auditing.
*/
int avc_has_perm_noaudit(security_id_t ssid,
security_id_t tsid,
security_class_t tclass,
access_vector_t requested,
struct avc_entry_ref *aeref, struct av_decision *avd);
/**
* avc_has_perm - Check permissions and perform any appropriate auditing.
* @ssid: source security identifier
* @tsid: target security identifier
* @tclass: target security class
* @requested: requested permissions, interpreted based on @tclass
* @aeref: AVC entry reference
* @auditdata: auxiliary audit data
*
* Check the AVC to determine whether the @requested permissions are granted
* for the SID pair (@ssid, @tsid), interpreting the permissions
* based on @tclass, and call the security server on a cache miss to obtain
* a new decision and add it to the cache. Update @aeref to refer to an AVC
* entry with the resulting decisions. Audit the granting or denial of
* permissions in accordance with the policy. Return %0 if all @requested
* permissions are granted, -%1 with @errno set to %EACCES if any permissions
* are denied or to another value upon other errors.
*/
int avc_has_perm(security_id_t ssid, security_id_t tsid,
security_class_t tclass, access_vector_t requested,
struct avc_entry_ref *aeref, void *auditdata);
/**
* avc_audit - Audit the granting or denial of permissions.
* @ssid: source security identifier
* @tsid: target security identifier
* @tclass: target security class
* @requested: requested permissions
* @avd: access vector decisions
* @result: result from avc_has_perm_noaudit
* @auditdata: auxiliary audit data
*
* Audit the granting or denial of permissions in accordance
* with the policy. This function is typically called by
* avc_has_perm() after a permission check, but can also be
* called directly by callers who use avc_has_perm_noaudit()
* in order to separate the permission check from the auditing.
* For example, this separation is useful when the permission check must
* be performed under a lock, to allow the lock to be released
* before calling the auditing code.
*/
void avc_audit(security_id_t ssid, security_id_t tsid,
security_class_t tclass, access_vector_t requested,
struct av_decision *avd, int result, void *auditdata);
/**
* avc_compute_create - Compute SID for labeling a new object.
* @ssid: source security identifier
* @tsid: target security identifier
* @tclass: target security class
* @newsid: pointer to SID reference
*
* Call the security server to obtain a context for labeling a
* new object. Look up the context in the SID table, making
* a new entry if not found. Increment the reference counter
* for the SID. Store a pointer to the SID structure into the
* memory referenced by @newsid, returning %0 on success or -%1 on
* error with @errno set.
*/
int avc_compute_create(security_id_t ssid,
security_id_t tsid,
security_class_t tclass, security_id_t * newsid);
/**
* avc_compute_member - Compute SID for polyinstantation.
* @ssid: source security identifier
* @tsid: target security identifier
* @tclass: target security class
* @newsid: pointer to SID reference
*
* Call the security server to obtain a context for labeling an
* object instance. Look up the context in the SID table, making
* a new entry if not found. Increment the reference counter
* for the SID. Store a pointer to the SID structure into the
* memory referenced by @newsid, returning %0 on success or -%1 on
* error with @errno set.
*/
int avc_compute_member(security_id_t ssid,
security_id_t tsid,
security_class_t tclass, security_id_t * newsid);
/*
* security event callback facility
*/
/* security events */
#define AVC_CALLBACK_GRANT 1
#define AVC_CALLBACK_TRY_REVOKE 2
#define AVC_CALLBACK_REVOKE 4
#define AVC_CALLBACK_RESET 8
#define AVC_CALLBACK_AUDITALLOW_ENABLE 16
#define AVC_CALLBACK_AUDITALLOW_DISABLE 32
#define AVC_CALLBACK_AUDITDENY_ENABLE 64
#define AVC_CALLBACK_AUDITDENY_DISABLE 128
/**
* avc_add_callback - Register a callback for security events.
* @callback: callback function
* @events: bitwise OR of desired security events
* @ssid: source security identifier or %SECSID_WILD
* @tsid: target security identifier or %SECSID_WILD
* @tclass: target security class
* @perms: permissions
*
* Register a callback function for events in the set @events
* related to the SID pair (@ssid, @tsid) and
* and the permissions @perms, interpreting
* @perms based on @tclass. Returns %0 on success or
* -%1 if insufficient memory exists to add the callback.
*/
int avc_add_callback(int (*callback)
(uint32_t event, security_id_t ssid,
security_id_t tsid, security_class_t tclass,
access_vector_t perms,
access_vector_t * out_retained),
uint32_t events, security_id_t ssid,
security_id_t tsid, security_class_t tclass,
access_vector_t perms);
/*
* AVC statistics
*/
/* If set, cache statistics are tracked. This may
* become a compile-time option in the future.
*/
#define AVC_CACHE_STATS 1
struct avc_cache_stats {
unsigned entry_lookups;
unsigned entry_hits;
unsigned entry_misses;
unsigned entry_discards;
unsigned cav_lookups;
unsigned cav_hits;
unsigned cav_probes;
unsigned cav_misses;
};
/**
* avc_cache_stats - get cache access statistics.
* @stats: reference to statistics structure
*
* Fill the supplied structure with information about AVC
* activity since the last call to avc_init() or
* avc_reset(). See the structure definition for
* details.
*/
void avc_cache_stats(struct avc_cache_stats *stats);
/**
* avc_av_stats - log av table statistics.
*
* Log a message with information about the size and
* distribution of the access vector table. The audit
* callback is used to print the message.
*/
void avc_av_stats(void);
/**
* avc_sid_stats - log SID table statistics.
*
* Log a message with information about the size and
* distribution of the SID table. The audit callback
* is used to print the message.
*/
void avc_sid_stats(void);
/**
* avc_netlink_open - Create a netlink socket and connect to the kernel.
*/
int avc_netlink_open(int blocking);
/**
* avc_netlink_loop - Wait for netlink messages from the kernel
*/
void avc_netlink_loop(void);
/**
* avc_netlink_close - Close the netlink socket
*/
void avc_netlink_close(void);
/**
* avc_netlink_acquire_fd - Acquire netlink socket fd.
*
* Allows the application to manage messages from the netlink socket in
* its own main loop.
*/
int avc_netlink_acquire_fd(void);
/**
* avc_netlink_release_fd - Release netlink socket fd.
*
* Returns ownership of the netlink socket to the library.
*/
void avc_netlink_release_fd(void);
/**
* avc_netlink_check_nb - Check netlink socket for new messages.
*
* Called by the application when using avc_netlink_acquire_fd() to
* process kernel netlink events.
*/
int avc_netlink_check_nb(void);
/**
* selinux_status_open - Open and map SELinux kernel status page
*
*/
int selinux_status_open(int fallback);
/**
* selinux_status_close - Unmap and close SELinux kernel status page
*
*/
void selinux_status_close(void);
/**
* selinux_status_updated - Inform us whether the kernel status has been updated
*
*/
int selinux_status_updated(void);
/**
* selinux_status_getenforce - Get the enforce flag value
*
*/
int selinux_status_getenforce(void);
/**
* selinux_status_policyload - Get the number of policy reloaded
*
*/
int selinux_status_policyload(void);
/**
* selinux_status_deny_unknown - Get the behavior for undefined classes/permissions
*
*/
int selinux_status_deny_unknown(void);
#ifdef __cplusplus
}
#endif
#endif /* _SELINUX_AVC_H_ */

50
jni/external/selinux/context.h vendored
View File

@@ -1,50 +0,0 @@
#ifndef _SELINUX_CONTEXT_H_
#define _SELINUX_CONTEXT_H_
#ifdef __cplusplus
extern "C" {
#endif
/*
* Functions to deal with security contexts in user space.
*/
typedef struct {
void *ptr;
} context_s_t;
typedef context_s_t *context_t;
/* Return a new context initialized to a context string */
extern context_t context_new(const char *);
/*
* Return a pointer to the string value of the context_t
* Valid until the next call to context_str or context_free
* for the same context_t*
*/
extern char *context_str(context_t);
/* Free the storage used by a context */
extern void context_free(context_t);
/* Get a pointer to the string value of a context component */
extern const char *context_type_get(context_t);
extern const char *context_range_get(context_t);
extern const char *context_role_get(context_t);
extern const char *context_user_get(context_t);
/* Set a context component. Returns nonzero if unsuccessful */
extern int context_type_set(context_t, const char *);
extern int context_range_set(context_t, const char *);
extern int context_role_set(context_t, const char *);
extern int context_user_set(context_t, const char *);
#ifdef __cplusplus
}
#endif
#endif

118
jni/external/selinux/flask.h vendored
View File

@@ -1,118 +0,0 @@
/* This file is automatically generated. Do not edit. */
#ifndef _SELINUX_FLASK_H_
#define _SELINUX_FLASK_H_
#warning "Please remove any #include's of this header in your source code."
#warning "Instead, use string_to_security_class() to map the class name to a value."
/*
* Security object class definitions
*/
#define SECCLASS_SECURITY 1
#define SECCLASS_PROCESS 2
#define SECCLASS_SYSTEM 3
#define SECCLASS_CAPABILITY 4
#define SECCLASS_FILESYSTEM 5
#define SECCLASS_FILE 6
#define SECCLASS_DIR 7
#define SECCLASS_FD 8
#define SECCLASS_LNK_FILE 9
#define SECCLASS_CHR_FILE 10
#define SECCLASS_BLK_FILE 11
#define SECCLASS_SOCK_FILE 12
#define SECCLASS_FIFO_FILE 13
#define SECCLASS_SOCKET 14
#define SECCLASS_TCP_SOCKET 15
#define SECCLASS_UDP_SOCKET 16
#define SECCLASS_RAWIP_SOCKET 17
#define SECCLASS_NODE 18
#define SECCLASS_NETIF 19
#define SECCLASS_NETLINK_SOCKET 20
#define SECCLASS_PACKET_SOCKET 21
#define SECCLASS_KEY_SOCKET 22
#define SECCLASS_UNIX_STREAM_SOCKET 23
#define SECCLASS_UNIX_DGRAM_SOCKET 24
#define SECCLASS_SEM 25
#define SECCLASS_MSG 26
#define SECCLASS_MSGQ 27
#define SECCLASS_SHM 28
#define SECCLASS_IPC 29
#define SECCLASS_PASSWD 30
#define SECCLASS_X_DRAWABLE 31
#define SECCLASS_X_SCREEN 32
#define SECCLASS_X_GC 33
#define SECCLASS_X_FONT 34
#define SECCLASS_X_COLORMAP 35
#define SECCLASS_X_PROPERTY 36
#define SECCLASS_X_SELECTION 37
#define SECCLASS_X_CURSOR 38
#define SECCLASS_X_CLIENT 39
#define SECCLASS_X_DEVICE 40
#define SECCLASS_X_SERVER 41
#define SECCLASS_X_EXTENSION 42
#define SECCLASS_NETLINK_ROUTE_SOCKET 43
#define SECCLASS_NETLINK_FIREWALL_SOCKET 44
#define SECCLASS_NETLINK_TCPDIAG_SOCKET 45
#define SECCLASS_NETLINK_NFLOG_SOCKET 46
#define SECCLASS_NETLINK_XFRM_SOCKET 47
#define SECCLASS_NETLINK_SELINUX_SOCKET 48
#define SECCLASS_NETLINK_AUDIT_SOCKET 49
#define SECCLASS_NETLINK_IP6FW_SOCKET 50
#define SECCLASS_NETLINK_DNRT_SOCKET 51
#define SECCLASS_DBUS 52
#define SECCLASS_NSCD 53
#define SECCLASS_ASSOCIATION 54
#define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET 55
#define SECCLASS_APPLETALK_SOCKET 56
#define SECCLASS_PACKET 57
#define SECCLASS_KEY 58
#define SECCLASS_CONTEXT 59
#define SECCLASS_DCCP_SOCKET 60
#define SECCLASS_MEMPROTECT 61
#define SECCLASS_DB_DATABASE 62
#define SECCLASS_DB_TABLE 63
#define SECCLASS_DB_PROCEDURE 64
#define SECCLASS_DB_COLUMN 65
#define SECCLASS_DB_TUPLE 66
#define SECCLASS_DB_BLOB 67
#define SECCLASS_PEER 68
#define SECCLASS_CAPABILITY2 69
#define SECCLASS_X_RESOURCE 70
#define SECCLASS_X_EVENT 71
#define SECCLASS_X_SYNTHETIC_EVENT 72
#define SECCLASS_X_APPLICATION_DATA 73
/*
* Security identifier indices for initial entities
*/
#define SECINITSID_KERNEL 1
#define SECINITSID_SECURITY 2
#define SECINITSID_UNLABELED 3
#define SECINITSID_FS 4
#define SECINITSID_FILE 5
#define SECINITSID_FILE_LABELS 6
#define SECINITSID_INIT 7
#define SECINITSID_ANY_SOCKET 8
#define SECINITSID_PORT 9
#define SECINITSID_NETIF 10
#define SECINITSID_NETMSG 11
#define SECINITSID_NODE 12
#define SECINITSID_IGMP_PACKET 13
#define SECINITSID_ICMP_SOCKET 14
#define SECINITSID_TCP_SOCKET 15
#define SECINITSID_SYSCTL_MODPROBE 16
#define SECINITSID_SYSCTL 17
#define SECINITSID_SYSCTL_FS 18
#define SECINITSID_SYSCTL_KERNEL 19
#define SECINITSID_SYSCTL_NET 20
#define SECINITSID_SYSCTL_NET_UNIX 21
#define SECINITSID_SYSCTL_VM 22
#define SECINITSID_SYSCTL_DEV 23
#define SECINITSID_KMOD 24
#define SECINITSID_POLICY 25
#define SECINITSID_SCMP_PACKET 26
#define SECINITSID_DEVNULL 27
#define SECINITSID_NUM 27
#endif

82
jni/external/selinux/get_context_list.h vendored
View File

@@ -1,82 +0,0 @@
#ifndef _SELINUX_GET_SID_LIST_H_
#define _SELINUX_GET_SID_LIST_H_
#include <selinux/selinux.h>
#ifdef __cplusplus
extern "C" {
#endif
#define SELINUX_DEFAULTUSER "user_u"
/* Get an ordered list of authorized security contexts for a user session
for 'user' spawned by 'fromcon' and set *conary to refer to the
NULL-terminated array of contexts. Every entry in the list will
be authorized by the policy, but the ordering is subject to user
customizable preferences. Returns number of entries in *conary.
If 'fromcon' is NULL, defaults to current context.
Caller must free via freeconary. */
extern int get_ordered_context_list(const char *user,
char * fromcon,
char *** list);
/* As above, but use the provided MLS level rather than the
default level for the user. */
int get_ordered_context_list_with_level(const char *user,
const char *level,
char * fromcon,
char *** list);
/* Get the default security context for a user session for 'user'
spawned by 'fromcon' and set *newcon to refer to it. The context
will be one of those authorized by the policy, but the selection
of a default is subject to user customizable preferences.
If 'fromcon' is NULL, defaults to current context.
Returns 0 on success or -1 otherwise.
Caller must free via freecon. */
extern int get_default_context(const char *user,
char * fromcon,
char ** newcon);
/* As above, but use the provided MLS level rather than the
default level for the user. */
int get_default_context_with_level(const char *user,
const char *level,
char * fromcon,
char ** newcon);
/* Same as get_default_context, but only return a context
that has the specified role. If no reachable context exists
for the user with that role, then return -1. */
int get_default_context_with_role(const char *user,
const char *role,
char * fromcon,
char ** newcon);
/* Same as get_default_context, but only return a context
that has the specified role and level. If no reachable context exists
for the user with that role, then return -1. */
int get_default_context_with_rolelevel(const char *user,
const char *role,
const char *level,
char * fromcon,
char ** newcon);
/* Given a list of authorized security contexts for the user,
query the user to select one and set *newcon to refer to it.
Caller must free via freecon.
Returns 0 on sucess or -1 otherwise. */
extern int query_user_context(char ** list,
char ** newcon);
/* Allow the user to manually enter a context as a fallback
if a list of authorized contexts could not be obtained.
Caller must free via freecon.
Returns 0 on success or -1 otherwise. */
extern int manual_user_enter_context(const char *user,
char ** newcon);
#ifdef __cplusplus
}
#endif
#endif

23
jni/external/selinux/get_default_type.h vendored
View File

@@ -1,23 +0,0 @@
/* get_default_type.h - contains header information and function prototypes
* for functions to get the default type for a role
*/
#ifndef _SELINUX_GET_DEFAULT_TYPE_H_
#define _SELINUX_GET_DEFAULT_TYPE_H_
#ifdef __cplusplus
extern "C" {
#endif
/* Return path to default type file. */
const char *selinux_default_type_path(void);
/* Get the default type (domain) for 'role' and set 'type' to refer to it.
Caller must free via free().
Return 0 on success or -1 otherwise. */
int get_default_type(const char *role, char **type);
#ifdef __cplusplus
}
#endif
#endif /* ifndef _GET_DEFAULT_TYPE_H_ */

190
jni/external/selinux/label.h vendored
View File

@@ -1,190 +0,0 @@
/*
* Labeling interface for userspace object managers and others.
*
* Author : Eamon Walsh <ewalsh@tycho.nsa.gov>
*/
#ifndef _SELABEL_H_
#define _SELABEL_H_
#include <stdbool.h>
#include <sys/types.h>
#include <selinux/selinux.h>
#ifdef __cplusplus
extern "C" {
#endif
/*
* Opaque type used for all label handles.
*/
struct selabel_handle;
/*
* Available backends.
*/
/* file contexts */
#define SELABEL_CTX_FILE 0
/* media contexts */
#define SELABEL_CTX_MEDIA 1
/* x contexts */
#define SELABEL_CTX_X 2
/* db objects */
#define SELABEL_CTX_DB 3
/* Android property service contexts */
#define SELABEL_CTX_ANDROID_PROP 4
/* Android service contexts */
#define SELABEL_CTX_ANDROID_SERVICE 5
/*
* Available options
*/
/* no-op option, useful for unused slots in an array of options */
#define SELABEL_OPT_UNUSED 0
/* validate contexts before returning them (boolean value) */
#define SELABEL_OPT_VALIDATE 1
/* don't use local customizations to backend data (boolean value) */
#define SELABEL_OPT_BASEONLY 2
/* specify an alternate path to use when loading backend data */
#define SELABEL_OPT_PATH 3
/* select a subset of the search space as an optimization (file backend) */
#define SELABEL_OPT_SUBSET 4
/* require a hash calculation on spec files */
#define SELABEL_OPT_DIGEST 5
/* total number of options */
#define SELABEL_NOPT 6
/*
* Label operations
*/
/**
* selabel_open - Create a labeling handle.
* @backend: one of the constants specifying a supported labeling backend.
* @opts: array of selabel_opt structures specifying label options or NULL.
* @nopts: number of elements in opts array or zero for no options.
*
* Open a labeling backend for use. The available backend identifiers are
* listed above. Options may be provided via the opts parameter; available
* options are listed above. Not all options may be supported by every
* backend. Return value is the created handle on success or NULL with
* @errno set on failure.
*/
struct selabel_handle *selabel_open(unsigned int backend,
const struct selinux_opt *opts,
unsigned nopts);
/**
* selabel_close - Close a labeling handle.
* @handle: specifies handle to close
*
* Destroy the specified handle, closing files, freeing allocated memory,
* etc. The handle may not be further used after it has been closed.
*/
void selabel_close(struct selabel_handle *handle);
/**
* selabel_lookup - Perform labeling lookup operation.
* @handle: specifies backend instance to query
* @con: returns the appropriate context with which to label the object
* @key: string input to lookup operation
* @type: numeric input to the lookup operation
*
* Perform a labeling lookup operation. Return %0 on success, -%1 with
* @errno set on failure. The key and type arguments are the inputs to the
* lookup operation; appropriate values are dictated by the backend in use.
* The result is returned in the memory pointed to by @con and must be freed
* by the user with freecon().
*/
int selabel_lookup(struct selabel_handle *handle, char **con,
const char *key, int type);
int selabel_lookup_raw(struct selabel_handle *handle, char **con,
const char *key, int type);
bool selabel_partial_match(struct selabel_handle *handle, const char *key);
int selabel_lookup_best_match(struct selabel_handle *rec, char **con,
const char *key, const char **aliases, int type);
int selabel_lookup_best_match_raw(struct selabel_handle *rec, char **con,
const char *key, const char **aliases, int type);
/**
* selabel_digest - Retrieve the SHA1 digest and the list of specfiles used to
* generate the digest. The SELABEL_OPT_DIGEST option must
* be set in selabel_open() to initiate the digest generation.
* @handle: specifies backend instance to query
* @digest: returns a pointer to the SHA1 digest.
* @digest_len: returns length of digest in bytes.
* @specfiles: a list of specfiles used in the SHA1 digest generation.
* The list is NULL terminated and will hold @num_specfiles entries.
* @num_specfiles: number of specfiles in the list.
*
* Return %0 on success, -%1 with @errno set on failure.
*/
int selabel_digest(struct selabel_handle *rec,
unsigned char **digest, size_t *digest_len,
char ***specfiles, size_t *num_specfiles);
enum selabel_cmp_result {
SELABEL_SUBSET,
SELABEL_EQUAL,
SELABEL_SUPERSET,
SELABEL_INCOMPARABLE
};
/**
* selabel_cmp - Compare two label configurations.
* @h1: handle for the first label configuration
* @h2: handle for the first label configuration
*
* Compare two label configurations.
* Return %SELABEL_SUBSET if @h1 is a subset of @h2, %SELABEL_EQUAL
* if @h1 is identical to @h2, %SELABEL_SUPERSET if @h1 is a superset
* of @h2, and %SELABEL_INCOMPARABLE if @h1 and @h2 are incomparable.
*/
enum selabel_cmp_result selabel_cmp(struct selabel_handle *h1,
struct selabel_handle *h2);
/**
* selabel_stats - log labeling operation statistics.
* @handle: specifies backend instance to query
*
* Log a message with information about the number of queries performed,
* number of unused matching entries, or other operational statistics.
* Message is backend-specific, some backends may not output a message.
*/
void selabel_stats(struct selabel_handle *handle);
/*
* Type codes used by specific backends
*/
/* X backend */
#define SELABEL_X_PROP 1
#define SELABEL_X_EXT 2
#define SELABEL_X_CLIENT 3
#define SELABEL_X_EVENT 4
#define SELABEL_X_SELN 5
#define SELABEL_X_POLYPROP 6
#define SELABEL_X_POLYSELN 7
/* DB backend */
#define SELABEL_DB_DATABASE 1
#define SELABEL_DB_SCHEMA 2
#define SELABEL_DB_TABLE 3
#define SELABEL_DB_COLUMN 4
#define SELABEL_DB_SEQUENCE 5
#define SELABEL_DB_VIEW 6
#define SELABEL_DB_PROCEDURE 7
#define SELABEL_DB_BLOB 8
#define SELABEL_DB_TUPLE 9
#define SELABEL_DB_LANGUAGE 10
#define SELABEL_DB_EXCEPTION 11
#define SELABEL_DB_DATATYPE 12
#ifdef __cplusplus
}
#endif
#endif /* _SELABEL_H_ */

187
jni/external/selinux/restorecon.h vendored
View File

@@ -1,187 +0,0 @@
#ifndef _RESTORECON_H_
#define _RESTORECON_H_
#include <sys/types.h>
#include <stdarg.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* selinux_restorecon - Relabel files.
* @pathname: specifies file/directory to relabel.
* @restorecon_flags: specifies the actions to be performed when relabeling.
*
* selinux_restorecon(3) will automatically call
* selinux_restorecon_default_handle(3) and selinux_restorecon_set_sehandle(3)
* first time through to set the selabel_open(3) parameters to use the
* currently loaded policy file_contexts and request their computed digest.
*
* Should other selabel_open(3) parameters be required see
* selinux_restorecon_set_sehandle(3).
*/
extern int selinux_restorecon(const char *pathname,
unsigned int restorecon_flags);
/*
* restorecon_flags options
*/
/*
* Force the checking of labels even if the stored SHA1
* digest matches the specfiles SHA1 digest.
*/
#define SELINUX_RESTORECON_IGNORE_DIGEST 0x0001
/*
* Do not change file labels.
*/
#define SELINUX_RESTORECON_NOCHANGE 0x0002
/*
* If set set change file label to that in spec file.
* If not only change type component to that in spec file.
*/
#define SELINUX_RESTORECON_SET_SPECFILE_CTX 0x0004
/*
* Recursively descend directories.
*/
#define SELINUX_RESTORECON_RECURSE 0x0008
/*
* Log changes to selinux log. Note that if VERBOSE and
* PROGRESS are set, then PROGRESS will take precedence.
*/
#define SELINUX_RESTORECON_VERBOSE 0x0010
/*
* If SELINUX_RESTORECON_PROGRESS is true and
* SELINUX_RESTORECON_MASS_RELABEL is true, then output approx % complete,
* else output the number of files in 1k blocks processed to stdout.
*/
#define SELINUX_RESTORECON_PROGRESS 0x0020
/*
* Convert passed-in pathname to canonical pathname.
*/
#define SELINUX_RESTORECON_REALPATH 0x0040
/*
* Prevent descending into directories that have a different
* device number than the pathname from which the descent began.
*/
#define SELINUX_RESTORECON_XDEV 0x0080
/*
* Attempt to add an association between an inode and a specification.
* If there is already an association for the inode and it conflicts
* with the specification, then use the last matching specification.
*/
#define SELINUX_RESTORECON_ADD_ASSOC 0x0100
/*
* Abort on errors during the file tree walk.
*/
#define SELINUX_RESTORECON_ABORT_ON_ERROR 0x0200
/*
* Log any label changes to syslog.
*/
#define SELINUX_RESTORECON_SYSLOG_CHANGES 0x0400
/*
* Log what spec matched each file.
*/
#define SELINUX_RESTORECON_LOG_MATCHES 0x0800
/*
* Ignore files that do not exist.
*/
#define SELINUX_RESTORECON_IGNORE_NOENTRY 0x1000
/*
* Do not read /proc/mounts to obtain a list of non-seclabel
* mounts to be excluded from relabeling checks.
*/
#define SELINUX_RESTORECON_IGNORE_MOUNTS 0x2000
/*
* Set if there is a mass relabel required.
* See SELINUX_RESTORECON_PROGRESS flag for details.
*/
#define SELINUX_RESTORECON_MASS_RELABEL 0x4000
/**
* selinux_restorecon_set_sehandle - Set the global fc handle.
* @hndl: specifies handle to set as the global fc handle.
*
* Called by a process that has already called selabel_open(3) with it's
* required parameters, or if selinux_restorecon_default_handle(3) has been
* called to set the default selabel_open(3) parameters.
*/
// extern void selinux_restorecon_set_sehandle(struct selabel_handle *hndl);
/**
* selinux_restorecon_default_handle - Sets default selabel_open(3) parameters
* to use the currently loaded policy and
* file_contexts, also requests the digest.
*
* Return value is the created handle on success or NULL with @errno set on
* failure.
*/
extern struct selabel_handle *selinux_restorecon_default_handle(void);
/**
* selinux_restorecon_set_exclude_list - Add a list of directories that are
* to be excluded from relabeling.
* @exclude_list: containing a NULL terminated list of one or more
* directories not to be relabeled.
*/
extern void selinux_restorecon_set_exclude_list(const char **exclude_list);
/**
* selinux_restorecon_set_alt_rootpath - Use alternate rootpath.
* @alt_rootpath: containing the alternate rootpath to be used.
*
* Return %0 on success, -%1 with @errno set on failure.
*/
extern int selinux_restorecon_set_alt_rootpath(const char *alt_rootpath);
/**
* selinux_restorecon_xattr - Read/remove RESTORECON_LAST xattr entries.
* @pathname: specifies directory path to check.
* @xattr_flags: specifies the actions to be performed.
* @xattr_list: a linked list of struct dir_xattr structures containing
* the directory, digest and result of the action on the
* RESTORECON_LAST entry.
*
* selinux_restorecon_xattr(3) will automatically call
* selinux_restorecon_default_handle(3) and selinux_restorecon_set_sehandle(3)
* first time through to set the selabel_open(3) parameters to use the
* currently loaded policy file_contexts and request their computed digest.
*
* Should other selabel_open(3) parameters be required see
* selinux_restorecon_set_sehandle(3), however note that a file_contexts
* computed digest is required for selinux_restorecon_xattr().
*/
enum digest_result {
MATCH = 0,
NOMATCH,
DELETED_MATCH,
DELETED_NOMATCH,
ERROR
};
struct dir_xattr {
char *directory;
char *digest; /* A hex encoded string that can be printed. */
enum digest_result result;
struct dir_xattr *next;
};
extern int selinux_restorecon_xattr(const char *pathname,
unsigned int xattr_flags,
struct dir_xattr ***xattr_list);
/*
* xattr_flags options
*/
/* Recursively descend directories. */
#define SELINUX_RESTORECON_XATTR_RECURSE 0x0001
/* Delete non-matching digests from each directory in pathname. */
#define SELINUX_RESTORECON_XATTR_DELETE_NONMATCH_DIGESTS 0x0002
/* Delete all digests found in pathname. */
#define SELINUX_RESTORECON_XATTR_DELETE_ALL_DIGESTS 0x0004
/* Do not read /proc/mounts. */
#define SELINUX_RESTORECON_XATTR_IGNORE_MOUNTS 0x0008
#ifdef __cplusplus
}
#endif
#endif

673
jni/external/selinux/selinux.h vendored
View File

@@ -1,673 +0,0 @@
#ifndef _SELINUX_H_
#define _SELINUX_H_
#include <sys/types.h>
#include <stdarg.h>
#ifdef __cplusplus
extern "C" {
#endif
/* Return 1 if we are running on a SELinux kernel, or 0 if not or -1 if we get an error. */
extern int is_selinux_enabled(void);
/* Return 1 if we are running on a SELinux MLS kernel, or 0 otherwise. */
extern int is_selinux_mls_enabled(void);
/* No longer used; here for compatibility with legacy callers. */
typedef char *security_context_t;
/* Free the memory allocated for a context by any of the below get* calls. */
extern void freecon(char * con);
/* Free the memory allocated for a context array by security_compute_user. */
extern void freeconary(char ** con);
/* Wrappers for the /proc/pid/attr API. */
/* Get current context, and set *con to refer to it.
Caller must free via freecon. */
extern int getcon(char ** con);
extern int getcon_raw(char ** con);
/* Set the current security context to con.
Note that use of this function requires that the entire application
be trusted to maintain any desired separation between the old and new
security contexts, unlike exec-based transitions performed via setexeccon.
When possible, decompose your application and use setexeccon()+execve()
instead. Note that the application may lose access to its open descriptors
as a result of a setcon() unless policy allows it to use descriptors opened
by the old context. */
extern int setcon(const char * con);
extern int setcon_raw(const char * con);
/* Get context of process identified by pid, and
set *con to refer to it. Caller must free via freecon. */
extern int getpidcon(pid_t pid, char ** con);
extern int getpidcon_raw(pid_t pid, char ** con);
/* Get previous context (prior to last exec), and set *con to refer to it.
Caller must free via freecon. */
extern int getprevcon(char ** con);
extern int getprevcon_raw(char ** con);
/* Get exec context, and set *con to refer to it.
Sets *con to NULL if no exec context has been set, i.e. using default.
If non-NULL, caller must free via freecon. */
extern int getexeccon(char ** con);
extern int getexeccon_raw(char ** con);
/* Set exec security context for the next execve.
Call with NULL if you want to reset to the default. */
extern int setexeccon(const char * con);
extern int setexeccon_raw(const char * con);
/* Get fscreate context, and set *con to refer to it.
Sets *con to NULL if no fs create context has been set, i.e. using default.
If non-NULL, caller must free via freecon. */
extern int getfscreatecon(char ** con);
extern int getfscreatecon_raw(char ** con);
/* Set the fscreate security context for subsequent file creations.
Call with NULL if you want to reset to the default. */
extern int setfscreatecon(const char * context);
extern int setfscreatecon_raw(const char * context);
/* Get keycreate context, and set *con to refer to it.
Sets *con to NULL if no key create context has been set, i.e. using default.
If non-NULL, caller must free via freecon. */
extern int getkeycreatecon(char ** con);
extern int getkeycreatecon_raw(char ** con);
/* Set the keycreate security context for subsequent key creations.
Call with NULL if you want to reset to the default. */
extern int setkeycreatecon(const char * context);
extern int setkeycreatecon_raw(const char * context);
/* Get sockcreate context, and set *con to refer to it.
Sets *con to NULL if no socket create context has been set, i.e. using default.
If non-NULL, caller must free via freecon. */
extern int getsockcreatecon(char ** con);
extern int getsockcreatecon_raw(char ** con);
/* Set the sockcreate security context for subsequent socket creations.
Call with NULL if you want to reset to the default. */
extern int setsockcreatecon(const char * context);
extern int setsockcreatecon_raw(const char * context);
/* Wrappers for the xattr API. */
/* Get file context, and set *con to refer to it.
Caller must free via freecon. */
extern int getfilecon(const char *path, char ** con);
extern int getfilecon_raw(const char *path, char ** con);
extern int lgetfilecon(const char *path, char ** con);
extern int lgetfilecon_raw(const char *path, char ** con);
extern int fgetfilecon(int fd, char ** con);
extern int fgetfilecon_raw(int fd, char ** con);
/* Set file context */
extern int setfilecon(const char *path, const char * con);
extern int setfilecon_raw(const char *path, const char * con);
extern int lsetfilecon(const char *path, const char * con);
extern int lsetfilecon_raw(const char *path, const char * con);
extern int fsetfilecon(int fd, const char * con);
extern int fsetfilecon_raw(int fd, const char * con);
/* Wrappers for the socket API */
/* Get context of peer socket, and set *con to refer to it.
Caller must free via freecon. */
extern int getpeercon(int fd, char ** con);
extern int getpeercon_raw(int fd, char ** con);
/* Wrappers for the selinuxfs (policy) API. */
typedef unsigned int access_vector_t;
typedef unsigned short security_class_t;
struct av_decision {
access_vector_t allowed;
access_vector_t decided;
access_vector_t auditallow;
access_vector_t auditdeny;
unsigned int seqno;
unsigned int flags;
};
/* Definitions of av_decision.flags */
#define SELINUX_AVD_FLAGS_PERMISSIVE 0x0001
/* Structure for passing options, used by AVC and label subsystems */
struct selinux_opt {
int type;
const char *value;
};
/* Callback facilities */
union selinux_callback {
/* log the printf-style format and arguments,
with the type code indicating the type of message */
int
#ifdef __GNUC__
__attribute__ ((format(printf, 2, 3)))
#endif
(*func_log) (int type, const char *fmt, ...);
/* store a string representation of auditdata (corresponding
to the given security class) into msgbuf. */
int (*func_audit) (void *auditdata, security_class_t cls,
char *msgbuf, size_t msgbufsize);
/* validate the supplied context, modifying if necessary */
int (*func_validate) (char **ctx);
/* netlink callback for setenforce message */
int (*func_setenforce) (int enforcing);
/* netlink callback for policyload message */
int (*func_policyload) (int seqno);
};
#define SELINUX_CB_LOG 0
#define SELINUX_CB_AUDIT 1
#define SELINUX_CB_VALIDATE 2
#define SELINUX_CB_SETENFORCE 3
#define SELINUX_CB_POLICYLOAD 4
extern union selinux_callback selinux_get_callback(int type);
extern void selinux_set_callback(int type, union selinux_callback cb);
/* Logging type codes, passed to the logging callback */
#define SELINUX_ERROR 0
#define SELINUX_WARNING 1
#define SELINUX_INFO 2
#define SELINUX_AVC 3
#define SELINUX_TRANS_DIR "/var/run/setrans"
/* Compute an access decision. */
extern int security_compute_av(const char * scon,
const char * tcon,
security_class_t tclass,
access_vector_t requested,
struct av_decision *avd);
extern int security_compute_av_raw(const char * scon,
const char * tcon,
security_class_t tclass,
access_vector_t requested,
struct av_decision *avd);
extern int security_compute_av_flags(const char * scon,
const char * tcon,
security_class_t tclass,
access_vector_t requested,
struct av_decision *avd);
extern int security_compute_av_flags_raw(const char * scon,
const char * tcon,
security_class_t tclass,
access_vector_t requested,
struct av_decision *avd);
/* Compute a labeling decision and set *newcon to refer to it.
Caller must free via freecon. */
extern int security_compute_create(const char * scon,
const char * tcon,
security_class_t tclass,
char ** newcon);
extern int security_compute_create_raw(const char * scon,
const char * tcon,
security_class_t tclass,
char ** newcon);
extern int security_compute_create_name(const char * scon,
const char * tcon,
security_class_t tclass,
const char *objname,
char ** newcon);
extern int security_compute_create_name_raw(const char * scon,
const char * tcon,
security_class_t tclass,
const char *objname,
char ** newcon);
/* Compute a relabeling decision and set *newcon to refer to it.
Caller must free via freecon. */
extern int security_compute_relabel(const char * scon,
const char * tcon,
security_class_t tclass,
char ** newcon);
extern int security_compute_relabel_raw(const char * scon,
const char * tcon,
security_class_t tclass,
char ** newcon);
/* Compute a polyinstantiation member decision and set *newcon to refer to it.
Caller must free via freecon. */
extern int security_compute_member(const char * scon,
const char * tcon,
security_class_t tclass,
char ** newcon);
extern int security_compute_member_raw(const char * scon,
const char * tcon,
security_class_t tclass,
char ** newcon);
/* Compute the set of reachable user contexts and set *con to refer to
the NULL-terminated array of contexts. Caller must free via freeconary. */
extern int security_compute_user(const char * scon,
const char *username,
char *** con);
extern int security_compute_user_raw(const char * scon,
const char *username,
char *** con);
/* Load a policy configuration. */
extern int security_load_policy(void *data, size_t len);
/* Get the context of an initial kernel security identifier by name.
Caller must free via freecon */
extern int security_get_initial_context(const char *name,
char ** con);
extern int security_get_initial_context_raw(const char *name,
char ** con);
/*
* Make a policy image and load it.
* This function provides a higher level interface for loading policy
* than security_load_policy, internally determining the right policy
* version, locating and opening the policy file, mapping it into memory,
* manipulating it as needed for current boolean settings and/or local
* definitions, and then calling security_load_policy to load it.
*
* 'preservebools' is a boolean flag indicating whether current
* policy boolean values should be preserved into the new policy (if 1)
* or reset to the saved policy settings (if 0). The former case is the
* default for policy reloads, while the latter case is an option for policy
* reloads but is primarily for the initial policy load.
*/
extern int selinux_mkload_policy(int preservebools);
/*
* Perform the initial policy load.
* This function determines the desired enforcing mode, sets the
* the *enforce argument accordingly for the caller to use, sets the
* SELinux kernel enforcing status to match it, and loads the policy.
* It also internally handles the initial selinuxfs mount required to
* perform these actions.
*
* The function returns 0 if everything including the policy load succeeds.
* In this case, init is expected to re-exec itself in order to transition
* to the proper security context.
* Otherwise, the function returns -1, and init must check *enforce to
* determine how to proceed. If enforcing (*enforce > 0), then init should
* halt the system. Otherwise, init may proceed normally without a re-exec.
*/
extern int selinux_init_load_policy(int *enforce);
/* Translate boolean strict to name value pair. */
typedef struct {
char *name;
int value;
} SELboolean;
/* save a list of booleans in a single transaction. */
extern int security_set_boolean_list(size_t boolcnt,
SELboolean * boollist, int permanent);
/* Load policy boolean settings.
Path may be NULL, in which case the booleans are loaded from
the active policy boolean configuration file. */
extern int security_load_booleans(char *path);
/* Check the validity of a security context. */
extern int security_check_context(const char * con);
extern int security_check_context_raw(const char * con);
/* Canonicalize a security context. */
extern int security_canonicalize_context(const char * con,
char ** canoncon);
extern int security_canonicalize_context_raw(const char * con,
char ** canoncon);
/* Get the enforce flag value. */
extern int security_getenforce(void);
/* Set the enforce flag value. */
extern int security_setenforce(int value);
/* Get the behavior for undefined classes/permissions */
extern int security_deny_unknown(void);
/* Disable SELinux at runtime (must be done prior to initial policy load). */
extern int security_disable(void);
/* Get the policy version number. */
extern int security_policyvers(void);
/* Get the boolean names */
extern int security_get_boolean_names(char ***names, int *len);
/* Get the pending value for the boolean */
extern int security_get_boolean_pending(const char *name);
/* Get the active value for the boolean */
extern int security_get_boolean_active(const char *name);
/* Set the pending value for the boolean */
extern int security_set_boolean(const char *name, int value);
/* Commit the pending values for the booleans */
extern int security_commit_booleans(void);
/* Userspace class mapping support */
struct security_class_mapping {
const char *name;
const char *perms[sizeof(access_vector_t) * 8 + 1];
};
/**
* selinux_set_mapping - Enable dynamic mapping between integer offsets and security class names
* @map: array of security_class_mapping structures
*
* The core avc_has_perm() API uses integers to represent security
* classes; previous to the introduction of this function, it was
* common for userspace object managers to be compiled using generated
* offsets for a particular policy. However, that strongly ties the build of the userspace components to a particular policy.
*
* By using this function to map between integer offsets and security
* class names, it's possible to replace a system policies that have
* at least the same set of security class names as used by the
* userspace object managers.
*
* To correctly use this function, you should override the generated
* security class defines from the system policy in a local header,
* starting at 1, and have one security_class_mapping structure entry
* per define.
*/
extern int selinux_set_mapping(struct security_class_mapping *map);
/* Common helpers */
/* Convert between mode and security class values */
extern security_class_t mode_to_security_class(mode_t mode);
/* Convert between security class values and string names */
extern security_class_t string_to_security_class(const char *name);
extern const char *security_class_to_string(security_class_t cls);
/* Convert between individual access vector permissions and string names */
extern const char *security_av_perm_to_string(security_class_t tclass,
access_vector_t perm);
extern access_vector_t string_to_av_perm(security_class_t tclass,
const char *name);
/* Returns an access vector in a string representation. User must free the
* returned string via free(). */
extern int security_av_string(security_class_t tclass,
access_vector_t av, char **result);
/* Display an access vector in a string representation. */
extern void print_access_vector(security_class_t tclass, access_vector_t av);
/* Set the function used by matchpathcon_init when displaying
errors about the file_contexts configuration. If not set,
then this defaults to fprintf(stderr, fmt, ...). */
extern void set_matchpathcon_printf(void (*f) (const char *fmt, ...));
/* Set the function used by matchpathcon_init when checking the
validity of a context in the file contexts configuration. If not set,
then this defaults to a test based on security_check_context().
The function is also responsible for reporting any such error, and
may include the 'path' and 'lineno' in such error messages. */
extern void set_matchpathcon_invalidcon(int (*f) (const char *path,
unsigned lineno,
char *context));
/* Same as above, but also allows canonicalization of the context,
by changing *context to refer to the canonical form. If not set,
and invalidcon is also not set, then this defaults to calling
security_canonicalize_context(). */
extern void set_matchpathcon_canoncon(int (*f) (const char *path,
unsigned lineno,
char **context));
/* Set flags controlling operation of matchpathcon_init or matchpathcon. */
#define MATCHPATHCON_BASEONLY 1 /* Only process the base file_contexts file. */
#define MATCHPATHCON_NOTRANS 2 /* Do not perform any context translation. */
#define MATCHPATHCON_VALIDATE 4 /* Validate/canonicalize contexts at init time. */
extern void set_matchpathcon_flags(unsigned int flags);
/* Load the file contexts configuration specified by 'path'
into memory for use by subsequent matchpathcon calls.
If 'path' is NULL, then load the active file contexts configuration,
i.e. the path returned by selinux_file_context_path().
Unless the MATCHPATHCON_BASEONLY flag has been set, this
function also checks for a 'path'.homedirs file and
a 'path'.local file and loads additional specifications
from them if present. */
extern int matchpathcon_init(const char *path);
/* Same as matchpathcon_init, but only load entries with
regexes that have stems that are prefixes of 'prefix'. */
extern int matchpathcon_init_prefix(const char *path, const char *prefix);
/* Free the memory allocated by matchpathcon_init. */
extern void matchpathcon_fini(void);
/* Resolve all of the symlinks and relative portions of a pathname, but NOT
* the final component (same a realpath() unless the final component is a
* symlink. Resolved path must be a path of size PATH_MAX + 1 */
extern int realpath_not_final(const char *name, char *resolved_path);
/* Match the specified pathname and mode against the file contexts
configuration and set *con to refer to the resulting context.
'mode' can be 0 to disable mode matching.
Caller must free via freecon.
If matchpathcon_init has not already been called, then this function
will call it upon its first invocation with a NULL path. */
extern int matchpathcon(const char *path,
mode_t mode, char ** con);
/* Same as above, but return a specification index for
later use in a matchpathcon_filespec_add() call - see below. */
extern int matchpathcon_index(const char *path,
mode_t mode, char ** con);
/* Maintain an association between an inode and a specification index,
and check whether a conflicting specification is already associated
with the same inode (e.g. due to multiple hard links). If so, then
use the latter of the two specifications based on their order in the
file contexts configuration. Return the used specification index. */
extern int matchpathcon_filespec_add(ino_t ino, int specind, const char *file);
/* Destroy any inode associations that have been added, e.g. to restart
for a new filesystem. */
extern void matchpathcon_filespec_destroy(void);
/* Display statistics on the hash table usage for the associations. */
extern void matchpathcon_filespec_eval(void);
/* Check to see whether any specifications had no matches and report them.
The 'str' is used as a prefix for any warning messages. */
extern void matchpathcon_checkmatches(char *str);
/* Match the specified media and against the media contexts
configuration and set *con to refer to the resulting context.
Caller must free con via freecon. */
extern int matchmediacon(const char *media, char ** con);
/*
selinux_getenforcemode reads the /etc/selinux/config file and determines
whether the machine should be started in enforcing (1), permissive (0) or
disabled (-1) mode.
*/
extern int selinux_getenforcemode(int *enforce);
/*
selinux_boolean_sub reads the /etc/selinux/TYPE/booleans.subs_dist file
looking for a record with boolean_name. If a record exists selinux_boolean_sub
returns the translated name otherwise it returns the original name.
The returned value needs to be freed. On failure NULL will be returned.
*/
extern char *selinux_boolean_sub(const char *boolean_name);
/*
selinux_getpolicytype reads the /etc/selinux/config file and determines
what the default policy for the machine is. Calling application must
free policytype.
*/
extern int selinux_getpolicytype(char **policytype);
/*
selinux_policy_root reads the /etc/selinux/config file and returns
the directory path under which the compiled policy file and context
configuration files exist.
*/
extern const char *selinux_policy_root(void);
/*
selinux_set_policy_root sets an alternate policy root directory path under
which the compiled policy file and context configuration files exist.
*/
extern int selinux_set_policy_root(const char *rootpath);
/* These functions return the paths to specific files under the
policy root directory. */
extern const char *selinux_current_policy_path(void);
extern const char *selinux_binary_policy_path(void);
extern const char *selinux_failsafe_context_path(void);
extern const char *selinux_removable_context_path(void);
extern const char *selinux_default_context_path(void);
extern const char *selinux_user_contexts_path(void);
extern const char *selinux_file_context_path(void);
extern const char *selinux_file_context_homedir_path(void);
extern const char *selinux_file_context_local_path(void);
extern const char *selinux_file_context_subs_path(void);
extern const char *selinux_file_context_subs_dist_path(void);
extern const char *selinux_homedir_context_path(void);
extern const char *selinux_media_context_path(void);
extern const char *selinux_virtual_domain_context_path(void);
extern const char *selinux_virtual_image_context_path(void);
extern const char *selinux_lxc_contexts_path(void);
extern const char *selinux_x_context_path(void);
extern const char *selinux_sepgsql_context_path(void);
extern const char *selinux_openrc_contexts_path(void);
extern const char *selinux_openssh_contexts_path(void);
extern const char *selinux_snapperd_contexts_path(void);
extern const char *selinux_systemd_contexts_path(void);
extern const char *selinux_contexts_path(void);
extern const char *selinux_securetty_types_path(void);
extern const char *selinux_booleans_subs_path(void);
extern const char *selinux_booleans_path(void);
extern const char *selinux_customizable_types_path(void);
extern const char *selinux_users_path(void);
extern const char *selinux_usersconf_path(void);
extern const char *selinux_translations_path(void);
extern const char *selinux_colors_path(void);
extern const char *selinux_netfilter_context_path(void);
extern const char *selinux_path(void);
/**
* selinux_check_access - Check permissions and perform appropriate auditing.
* @scon: source security context
* @tcon: target security context
* @tclass: target security class string
* @perm: requested permissions string, interpreted based on @tclass
* @auditdata: auxiliary audit data
*
* Check the AVC to determine whether the @perm permissions are granted
* for the SID pair (@scon, @tcon), interpreting the permissions
* based on @tclass.
* Return %0 if all @perm permissions are granted, -%1 with
* @errno set to %EACCES if any permissions are denied or to another
* value upon other errors.
* If auditing or logging is configured the appropriate callbacks will be called
* and passed the auditdata field
*/
extern int selinux_check_access(const char * scon, const char * tcon, const char *tclass, const char *perm, void *auditdata);
/* Check a permission in the passwd class.
Return 0 if granted or -1 otherwise. */
extern int selinux_check_passwd_access(access_vector_t requested);
extern int checkPasswdAccess(access_vector_t requested);
/* Check if the tty_context is defined as a securetty
Return 0 if secure, < 0 otherwise. */
extern int selinux_check_securetty_context(const char * tty_context);
/* Set the path to the selinuxfs mount point explicitly.
Normally, this is determined automatically during libselinux
initialization, but this is not always possible, e.g. for /sbin/init
which performs the initial mount of selinuxfs. */
void set_selinuxmnt(const char *mnt);
/* Check if selinuxfs exists as a kernel filesystem */
int selinuxfs_exists(void);
/* clear selinuxmnt variable and free allocated memory */
void fini_selinuxmnt(void);
/* Set an appropriate security context based on the filename of a helper
* program, falling back to a new context with the specified type. */
extern int setexecfilecon(const char *filename, const char *fallback_type);
#ifndef DISABLE_RPM
/* Execute a helper for rpm in an appropriate security context. */
extern int rpm_execcon(unsigned int verified,
const char *filename,
char *const argv[], char *const envp[]);
#endif
/* Returns whether a file context is customizable, and should not
be relabeled . */
extern int is_context_customizable(const char * scontext);
/* Perform context translation between the human-readable format
("translated") and the internal system format ("raw").
Caller must free the resulting context via freecon.
Returns -1 upon an error or 0 otherwise.
If passed NULL, sets the returned context to NULL and returns 0. */
extern int selinux_trans_to_raw_context(const char * trans,
char ** rawp);
extern int selinux_raw_to_trans_context(const char * raw,
char ** transp);
/* Perform context translation between security contexts
and display colors. Returns a space-separated list of ten
ten hex RGB triples prefixed by hash marks, e.g. "#ff0000".
Caller must free the resulting string via free.
Returns -1 upon an error or 0 otherwise. */
extern int selinux_raw_context_to_color(const char * raw,
char **color_str);
/* Get the SELinux username and level to use for a given Linux username.
These values may then be passed into the get_ordered_context_list*
and get_default_context* functions to obtain a context for the user.
Returns 0 on success or -1 otherwise.
Caller must free the returned strings via free. */
extern int getseuserbyname(const char *linuxuser, char **seuser, char **level);
/* Get the SELinux username and level to use for a given Linux username and service.
These values may then be passed into the get_ordered_context_list*
and get_default_context* functions to obtain a context for the user.
Returns 0 on success or -1 otherwise.
Caller must free the returned strings via free. */
extern int getseuser(const char *username, const char *service,
char **r_seuser, char **r_level);
/* Compare two file contexts, return 0 if equivalent. */
extern int selinux_file_context_cmp(const char * a,
const char * b);
/*
* Verify the context of the file 'path' against policy.
* Return 1 if match, 0 if not and -1 on error.
*/
extern int selinux_file_context_verify(const char *path, mode_t mode);
/* This function sets the file context on to the system defaults returns 0 on success */
extern int selinux_lsetfilecon_default(const char *path);
/*
* Force a reset of the loaded configuration
* WARNING: This is not thread safe. Be very sure that no other threads
* are calling into libselinux when this is called.
*/
extern void selinux_reset_config(void);
#ifdef __cplusplus
}
#endif
#endif

13
jni/external/selinux_stub.c → jni/external/stubs/selinux_stub.c vendored
View File

@@ -1,10 +1,11 @@
#include <stdbool.h>
#include "selinux/avc.h"
#include "selinux/context.h"
#include "selinux/get_context_list.h"
#include "selinux/get_default_type.h"
#include "selinux/restorecon.h"
#include "selinux/selinux.h"
#include <selinux/avc.h>
#include <selinux/context.h>
#include <selinux/get_context_list.h>
#include <selinux/get_default_type.h>
#include <selinux/label.h>
#include <selinux/restorecon.h>
#include <selinux/selinux.h>
int is_selinux_enabled(void) { return 0; }
int is_selinux_mls_enabled(void) { return 0; }
void freecon(char * con) { }

0
jni/external/sqlite3_stub.c → jni/external/stubs/sqlite3_stub.c vendored
View File

9
jni/include/daemon.h
View File

@@ -7,6 +7,7 @@
#include <pthread.h>
extern pthread_t sepol_patch;
extern int is_restart;
// Commands require connecting to daemon
typedef enum {
@@ -38,8 +39,9 @@ typedef enum {
// daemon.c
void start_daemon(int client);
void start_daemon();
int connect_daemon();
void auto_start_magiskhide();
// socket_trans.c
@@ -50,10 +52,6 @@ void write_int(int fd, int val);
char* read_string(int fd);
void write_string(int fd, const char* val);
// log_monitor.c
void monitor_logs();
/***************
* Boot Stages *
***************/
@@ -61,6 +59,7 @@ void monitor_logs();
void post_fs(int client);
void post_fs_data(int client);
void late_start(int client);
void fix_filecon();
/**************
* MagiskHide *

50
jni/include/logging.h Normal file
View File

@@ -0,0 +1,50 @@
/* logging.h - Error handling and logging
*/
#ifndef _LOGGING_H_
#define _LOGGING_H_
#include <string.h>
#include <errno.h>
#include <stdlib.h>
#ifdef IS_DAEMON
#include <pthread.h>
#include <android/log.h>
#define LOG_TAG "Magisk"
#ifdef MAGISK_DEBUG
#define LOGD(...) __android_log_print(ANDROID_LOG_DEBUG, LOG_TAG, __VA_ARGS__)
#else
#define LOGD(...) {}
#endif
#define LOGI(...) __android_log_print(ANDROID_LOG_INFO, LOG_TAG, __VA_ARGS__)
#define LOGW(...) __android_log_print(ANDROID_LOG_WARN, LOG_TAG, __VA_ARGS__)
#define LOGE(...) __android_log_print(ANDROID_LOG_ERROR, LOG_TAG, __VA_ARGS__)
#define PLOGE(fmt, args...) LOGE(fmt " failed with %d: %s", ##args, errno, strerror(errno))
enum {
HIDE_EVENT,
LOG_EVENT,
DEBUG_EVENT
};
extern int logcat_events[];
void monitor_logs();
void start_debug_full_log();
void stop_debug_full_log();
void start_debug_log();
#else // IS_DAEMON
#include <stdio.h>
#define LOGE(...) { fprintf(stderr, __VA_ARGS__); exit(1); }
#define PLOGE(fmt, args...) { fprintf(stderr, fmt " failed with %d: %s\n\n", ##args, errno, strerror(errno)); exit(1); }
#endif // IS_DAEMON
#endif // _LOGGING_H_

33
jni/include/magisk.h
View File

@@ -4,11 +4,7 @@
#ifndef _MAGISK_H_
#define _MAGISK_H_
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <pthread.h>
#include <android/log.h>
#include "logging.h"
#define str(a) #a
#define xstr(a) str(a)
@@ -16,8 +12,6 @@
#define MAGISK_VER_STR xstr(MAGISK_VERSION) ":MAGISK"
#define REQUESTOR_DAEMON_PATH "\0MAGISK"
#define LOG_TAG "Magisk"
#ifndef ARG_MAX
#define ARG_MAX 4096
#endif
@@ -37,7 +31,6 @@
#define MANAGERAPK DATABIN "/magisk.apk"
#define MAGISKTMP "/dev/magisk"
#define MIRRDIR MAGISKTMP "/mirror"
#define DUMMDIR MAGISKTMP "/dummy"
#define BBPATH MAGISKTMP "/bin"
#define CACHEMOUNT "/cache/magisk_mount"
@@ -48,33 +41,13 @@
#define MAGISKHIDE_PROP "persist.magisk.hide"
// Global handler for PLOGE
extern __thread void (*err_handler)(void);
// Common error handlers
static inline void exit_proc() { exit(1); }
static inline void exit_thread() { pthread_exit(NULL); }
static inline void do_nothing() {}
// Dummy function to depress debug message
static inline void stub(const char *fmt, ...) {}
#ifdef MAGISK_DEBUG
#define LOGD(...) __android_log_print(ANDROID_LOG_DEBUG, LOG_TAG, __VA_ARGS__)
#else
#define LOGD(...) stub(__VA_ARGS__)
#endif
#define LOGI(...) __android_log_print(ANDROID_LOG_INFO, LOG_TAG, __VA_ARGS__)
#define LOGW(...) __android_log_print(ANDROID_LOG_WARN, LOG_TAG, __VA_ARGS__)
#define LOGE(...) __android_log_print(ANDROID_LOG_ERROR, LOG_TAG, __VA_ARGS__)
#define PLOGE(fmt, args...) { LOGE(fmt " failed with %d: %s", ##args, errno, strerror(errno)); err_handler(); }
extern char *argv0; /* For changing process name */
extern char *applet[];
extern int (*applet_main[]) (int, char *[]);
int create_links(const char *bin, const char *path);
// Multi-call entrypoints
int magiskhide_main(int argc, char *argv[]);
int magiskpolicy_main(int argc, char *argv[]);

6
jni/include/resetprop.h
View File

@@ -12,9 +12,11 @@ int prop_exist(const char *name);
int setprop(const char *name, const char *value);
int setprop2(const char *name, const char *value, const int trigger);
char *getprop(const char *name);
int deleteprop(const char *name, const int trigger);
char *getprop2(const char *name, int persist);
int deleteprop(const char *name);
int deleteprop2(const char *name, const int persist);
int read_prop_file(const char* filename, const int trigger);
void getprop_all(void (*cbk)(const char *name));
void getprop_all(void (*callback)(const char*, const char*));
#ifdef __cplusplus
}

47
jni/include/utils.h
View File

@@ -6,8 +6,6 @@
#include <stdio.h>
#include <dirent.h>
#include <pthread.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/stat.h>
@@ -18,8 +16,6 @@
#define UID_SYSTEM (get_system_uid())
#define UID_RADIO (get_radio_uid())
extern int quit_signals[];
// xwrap.c
FILE *xfopen(const char *pathname, const char *mode);
@@ -28,12 +24,14 @@ FILE *xfdopen(int fd, const char *mode);
#define xopen(...) GET_MACRO(__VA_ARGS__, xopen3, xopen2)(__VA_ARGS__)
int xopen2(const char *pathname, int flags);
int xopen3(const char *pathname, int flags, mode_t mode);
int xopenat(int dirfd, const char *pathname, int flags);
ssize_t xwrite(int fd, const void *buf, size_t count);
ssize_t xread(int fd, void *buf, size_t count);
ssize_t xxread(int fd, void *buf, size_t count);
int xpipe2(int pipefd[2], int flags);
int xsetns(int fd, int nstype);
DIR *xopendir(const char *name);
DIR *xfdopendir(int fd);
struct dirent *xreaddir(DIR *dirp);
pid_t xsetsid();
int xsocket(int domain, int type, int protocol);
@@ -53,22 +51,26 @@ int xstat(const char *pathname, struct stat *buf);
int xlstat(const char *pathname, struct stat *buf);
int xdup2(int oldfd, int newfd);
ssize_t xreadlink(const char *pathname, char *buf, size_t bufsiz);
ssize_t xreadlinkat(int dirfd, const char *pathname, char *buf, size_t bufsiz);
int xsymlink(const char *target, const char *linkpath);
int xmount(const char *source, const char *target,
const char *filesystemtype, unsigned long mountflags,
const void *data);
int xumount(const char *target);
int xumount2(const char *target, int flags);
int xchmod(const char *pathname, mode_t mode);
int xrename(const char *oldpath, const char *newpath);
int xmkdir(const char *pathname, mode_t mode);
int xmkdir_p(const char *pathname, mode_t mode);
int xmkdirat(int dirfd, const char *pathname, mode_t mode);
void *xmmap(void *addr, size_t length, int prot, int flags,
int fd, off_t offset);
ssize_t xsendfile(int out_fd, int in_fd, off_t *offset, size_t count);
int xmkdir_p(const char *pathname, mode_t mode);
pid_t xfork();
// misc.c
extern int quit_signals[];
unsigned get_shell_uid();
unsigned get_system_uid();
unsigned get_radio_uid();
@@ -78,19 +80,42 @@ int vector_to_file(const char* filename, struct vector *v);
ssize_t fdgets(char *buf, size_t size, int fd);
void ps(void (*func)(int));
void ps_filter_proc_name(const char *filter, void (*func)(int));
int create_links(const char *bin, const char *path);
void unlock_blocks();
void setup_sighandlers(void (*handler)(int));
int exec_command(int err, int *fd, void (*setupenv)(struct vector*), const char *argv0, ...);
int exec_command_sync(char *const argv0, ...);
int mkdir_p(const char *pathname, mode_t mode);
int bind_mount(const char *from, const char *to);
int open_new(const char *filename);
int cp_afc(const char *source, const char *target);
void fclone_attr(const int sourcefd, const int targetfd);
void clone_attr(const char *source, const char *target);
void get_client_cred(int fd, struct ucred *cred);
int switch_mnt_ns(int pid);
int fork_dont_care();
// file.c
extern char **excl_list;
struct file_attr {
struct stat st;
char con[128];
};
int fd_getpath(int fd, char *path, size_t size);
int mkdir_p(const char *pathname, mode_t mode);
void rm_rf(const char *path);
void frm_rf(int dirfd);
void mv_f(const char *source, const char *destination);
void mv_dir(int src, int dest);
void cp_afc(const char *source, const char *destination);
void clone_dir(int src, int dest);
int getattr(const char *path, struct file_attr *a);
int getattrat(int dirfd, const char *pathname, struct file_attr *a);
int fgetattr(int fd, struct file_attr *a);
int setattr(const char *path, struct file_attr *a);
int setattrat(int dirfd, const char *pathname, struct file_attr *a);
int fsetattr(int fd, struct file_attr *a);
void fclone_attr(const int sourcefd, const int targetfd);
void clone_attr(const char *source, const char *target);
void restorecon(int dirfd, int force);
// img.c

2
jni/include/vector.h
View File

@@ -32,4 +32,6 @@ struct vector *vec_dup(struct vector *v);
e = v ? (v)->data[(v)->size - 1] : NULL; \
for (size_t _ = (v)->size; v && _ > 0; --_, e = (v)->data[_ - 1])
#define vec_cur(v) vec_entry(v)[_]
#endif

105
jni/magiskboot/boot_utils.c
View File

@@ -1,56 +1,25 @@
#include "magiskboot.h"
#include <unistd.h>
#include <stdio.h>
#include <sys/mman.h>
char *SUP_LIST[] = { "gzip", "xz", "lzma", "bzip2", "lz4", "lz4_legacy", NULL };
char *SUP_EXT_LIST[] = { "gz", "xz", "lzma", "bz2", "lz4", "lz4", NULL };
file_t SUP_TYPE_LIST[] = { GZIP, XZ, LZMA, BZIP2, LZ4, LZ4_LEGACY, 0 };
#include "utils.h"
void mmap_ro(const char *filename, unsigned char **buf, size_t *size) {
void mmap_ro(const char *filename, void **buf, size_t *size) {
int fd = xopen(filename, O_RDONLY);
*size = lseek(fd, 0, SEEK_END);
lseek(fd, 0, SEEK_SET);
*buf = xmmap(NULL, *size, PROT_READ, MAP_SHARED, fd, 0);
*buf = *size > 0 ? xmmap(NULL, *size, PROT_READ, MAP_SHARED, fd, 0) : NULL;
close(fd);
}
void mmap_rw(const char *filename, unsigned char **buf, size_t *size) {
void mmap_rw(const char *filename, void **buf, size_t *size) {
int fd = xopen(filename, O_RDWR);
*size = lseek(fd, 0, SEEK_END);
lseek(fd, 0, SEEK_SET);
*buf = xmmap(NULL, *size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
*buf = *size > 0 ? xmmap(NULL, *size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0) : NULL;
close(fd);
}
file_t check_type(const unsigned char *buf) {
if (memcmp(buf, CHROMEOS_MAGIC, 8) == 0) {
return CHROMEOS;
} else if (memcmp(buf, BOOT_MAGIC, BOOT_MAGIC_SIZE) == 0) {
return AOSP;
} else if (memcmp(buf, ELF32_MAGIC, 5) == 0) {
return ELF32;
} else if (memcmp(buf, ELF64_MAGIC, 5) == 0) {
return ELF64;
} else if (memcmp(buf, "\x1f\x8b\x08\x00", 4) == 0) {
return GZIP;
} else if (memcmp(buf, "\x89\x4c\x5a\x4f\x00\x0d\x0a\x1a\x0a", 9) == 0) {
return LZOP;
} else if (memcmp(buf, "\xfd""7zXZ\x00", 6) == 0) {
return XZ;
} else if (memcmp(buf, "\x5d\x00\x00", 3) == 0
&& (buf[12] == (unsigned char) '\xff' || buf[12] == (unsigned char) '\x00')) {
return LZMA;
} else if (memcmp(buf, "BZh", 3) == 0) {
return BZIP2;
} else if (memcmp(buf, "\x04\x22\x4d\x18", 4) == 0) {
return LZ4;
} else if (memcmp(buf, "\x02\x21\x4c\x18", 4) == 0) {
return LZ4_LEGACY;
} else if (memcmp(buf, "\x88\x16\x88\x58", 4) == 0) {
return MTK;
} else {
return UNKNOWN;
}
}
void write_zero(int fd, size_t size) {
size_t pos = lseek(fd, 0, SEEK_CUR);
ftruncate(fd, pos + size);
@@ -82,16 +51,52 @@ int open_new(const char *filename) {
return xopen(filename, O_WRONLY | O_CREAT | O_TRUNC, 0644);
}
void cleanup() {
fprintf(stderr, "Cleaning up...\n");
char name[PATH_MAX];
unlink(KERNEL_FILE);
unlink(RAMDISK_FILE);
unlink(RAMDISK_FILE ".unsupport");
unlink(SECOND_FILE);
unlink(DTB_FILE);
for (int i = 0; SUP_EXT_LIST[i]; ++i) {
sprintf(name, "%s.%s", RAMDISK_FILE, SUP_EXT_LIST[i]);
unlink(name);
void *patch_init_rc(char *data, uint32_t *size) {
int injected = 0;
char *new_data = xmalloc(*size + 23);
char *old_data = data;
uint32_t pos = 0;
for (char *tok = strsep(&old_data, "\n"); tok; tok = strsep(&old_data, "\n")) {
if (!injected && strncmp(tok, "import", 6) == 0) {
if (strstr(tok, "init.magisk.rc")) {
injected = 1;
} else {
fprintf(stderr, "Inject [import /init.magisk.rc] to [init.rc]\n");
strcpy(new_data + pos, "import /init.magisk.rc\n");
pos += 23;
injected = 1;
}
} else if (strstr(tok, "selinux.reload_policy")) {
continue;
}
// Copy the line
strcpy(new_data + pos, tok);
pos += strlen(tok);
new_data[pos++] = '\n';
}
*size = pos;
return new_data;
}
int check_verity_pattern(const char *s) {
int pos = 0;
if (s[0] == ',') ++pos;
if (strncmp(s + pos, "verify", 6) != 0) return -1;
pos += 6;
if (s[pos] == '=') {
while (s[pos] != '\0' && s[pos] != ' ' && s[pos] != '\n' && s[pos] != ',') ++pos;
}
return pos;
}
int check_encryption_pattern(const char *s) {
const char *encrypt_list[] = { "forceencrypt", "forcefdeorfbe", NULL };
for (int i = 0 ; encrypt_list[i]; ++i) {
int len = strlen(encrypt_list[i]);
if (strncmp(s, encrypt_list[i], len) == 0)
return len;
}
return -1;
}

316
jni/magiskboot/bootimg.c
View File

@@ -1,12 +1,13 @@
#include <stdlib.h>
#include <unistd.h>
#include <sys/mman.h>
#include "bootimg.h"
#include "magiskboot.h"
#include "utils.h"
#include "logging.h"
static unsigned char *kernel, *ramdisk, *second, *dtb, *extra;
static boot_img_hdr hdr;
static int mtk_kernel = 0, mtk_ramdisk = 0;
static file_t ramdisk_type;
static void dump(unsigned char *buf, size_t size, const char *filename) {
static void dump(void *buf, size_t size, const char *filename) {
int fd = open_new(filename);
xwrite(fd, buf, size);
close(fd);
@@ -25,17 +26,17 @@ static void restore_buf(int fd, const void *buf, size_t size) {
xwrite(fd, buf, size);
}
static void print_info() {
fprintf(stderr, "KERNEL [%d] @ 0x%08x\n", hdr.kernel_size, hdr.kernel_addr);
fprintf(stderr, "RAMDISK [%d] @ 0x%08x\n", hdr.ramdisk_size, hdr.ramdisk_addr);
fprintf(stderr, "SECOND [%d] @ 0x%08x\n", hdr.second_size, hdr.second_addr);
fprintf(stderr, "DTB [%d] @ 0x%08x\n", hdr.dt_size, hdr.tags_addr);
fprintf(stderr, "PAGESIZE [%d]\n", hdr.page_size);
if (hdr.os_version != 0) {
static void print_hdr(const boot_img_hdr *hdr) {
fprintf(stderr, "KERNEL [%d] @ 0x%08x\n", hdr->kernel_size, hdr->kernel_addr);
fprintf(stderr, "RAMDISK [%d] @ 0x%08x\n", hdr->ramdisk_size, hdr->ramdisk_addr);
fprintf(stderr, "SECOND [%d] @ 0x%08x\n", hdr->second_size, hdr->second_addr);
fprintf(stderr, "EXTRA [%d] @ 0x%08x\n", hdr->extra_size, hdr->tags_addr);
fprintf(stderr, "PAGESIZE [%d]\n", hdr->page_size);
if (hdr->os_version != 0) {
int a,b,c,y,m = 0;
int os_version, os_patch_level;
os_version = hdr.os_version >> 11;
os_patch_level = hdr.os_version & 0x7ff;
os_version = hdr->os_version >> 11;
os_patch_level = hdr->os_version & 0x7ff;
a = (os_version >> 14) & 0x7f;
b = (os_version >> 7) & 0x7f;
@@ -46,38 +47,16 @@ static void print_info() {
m = os_patch_level & 0xf;
fprintf(stderr, "PATCH_LEVEL [%d-%02d]\n", y, m);
}
fprintf(stderr, "NAME [%s]\n", hdr.name);
fprintf(stderr, "CMDLINE [%s]\n", hdr.cmdline);
switch (ramdisk_type) {
case GZIP:
fprintf(stderr, "COMPRESSION [%s]\n", "gzip");
break;
case XZ:
fprintf(stderr, "COMPRESSION [%s]\n", "xz");
break;
case LZMA:
fprintf(stderr, "COMPRESSION [%s]\n", "lzma");
break;
case BZIP2:
fprintf(stderr, "COMPRESSION [%s]\n", "bzip2");
break;
case LZ4:
fprintf(stderr, "COMPRESSION [%s]\n", "lz4");
break;
case LZ4_LEGACY:
fprintf(stderr, "COMPRESSION [%s]\n", "lz4_legacy");
break;
default:
fprintf(stderr, "Unknown ramdisk format!\n");
}
fprintf(stderr, "NAME [%s]\n", hdr->name);
fprintf(stderr, "CMDLINE [%s]\n", hdr->cmdline);
fprintf(stderr, "\n");
}
int parse_img(unsigned char *orig, size_t size) {
unsigned char *base, *end;
int parse_img(void *orig, size_t size, boot_img *boot) {
void *base, *end;
size_t pos = 0;
int ret = 0;
memset(boot, 0, sizeof(*boot));
for(base = orig, end = orig + size; base < end; base += 256, size -= 256) {
switch (check_type(base)) {
case CHROMEOS:
@@ -90,96 +69,127 @@ int parse_img(unsigned char *orig, size_t size) {
exit(4);
case AOSP:
// Read the header
memcpy(&hdr, base, sizeof(hdr));
pos += hdr.page_size;
memcpy(&boot->hdr, base, sizeof(boot->hdr));
pos += boot->hdr.page_size;
// Kernel position
kernel = base + pos;
pos += hdr.kernel_size;
mem_align(&pos, hdr.page_size);
print_hdr(&boot->hdr);
// Ramdisk position
ramdisk = base + pos;
pos += hdr.ramdisk_size;
mem_align(&pos, hdr.page_size);
boot->kernel = base + pos;
pos += boot->hdr.kernel_size;
mem_align(&pos, boot->hdr.page_size);
if (hdr.second_size) {
// Second position
second = base + pos;
pos += hdr.second_size;
mem_align(&pos, hdr.page_size);
boot->ramdisk = base + pos;
pos += boot->hdr.ramdisk_size;
mem_align(&pos, boot->hdr.page_size);
if (boot->hdr.second_size) {
boot->second = base + pos;
pos += boot->hdr.second_size;
mem_align(&pos, boot->hdr.page_size);
}
if (hdr.dt_size) {
// dtb position
dtb = base + pos;
pos += hdr.dt_size;
mem_align(&pos, hdr.page_size);
if (boot->hdr.extra_size) {
boot->extra = base + pos;
pos += boot->hdr.extra_size;
mem_align(&pos, boot->hdr.page_size);
}
if (pos < size) {
extra = base + pos;
boot->tail = base + pos;
boot->tail_size = end - base - pos;
}
// Check ramdisk compression type
ramdisk_type = check_type(ramdisk);
// Search for dtb in kernel
for (int i = 0; i < boot->hdr.kernel_size; ++i) {
if (memcmp(boot->kernel + i, DTB_MAGIC, 4) == 0) {
boot->dtb = boot->kernel + i;
boot->dt_size = boot->hdr.kernel_size - i;
boot->hdr.kernel_size = i;
fprintf(stderr, "DTB [%d]\n", boot->dt_size);
}
}
boot->ramdisk_type = check_type(boot->ramdisk);
boot->kernel_type = check_type(boot->kernel);
// Check MTK
if (check_type(kernel) == MTK) {
fprintf(stderr, "MTK header found in kernel\n");
mtk_kernel = 1;
if (boot->kernel_type == MTK) {
fprintf(stderr, "MTK_KERNEL_HDR [512]\n");
boot->flags |= MTK_KERNEL;
memcpy(&boot->mtk_kernel_hdr, boot->kernel, sizeof(mtk_hdr));
boot->kernel += 512;
boot->hdr.kernel_size -= 512;
boot->kernel_type = check_type(boot->kernel);
}
if (ramdisk_type == MTK) {
fprintf(stderr, "MTK header found in ramdisk\n");
mtk_ramdisk = 1;
ramdisk_type = check_type(ramdisk + 512);
if (boot->ramdisk_type == MTK) {
fprintf(stderr, "MTK_RAMDISK_HDR [512]\n");
boot->flags |= MTK_RAMDISK;
memcpy(&boot->mtk_ramdisk_hdr, boot->ramdisk, sizeof(mtk_hdr));
boot->ramdisk += 512;
boot->hdr.ramdisk_size -= 512;
boot->ramdisk_type = check_type(boot->ramdisk + 512);
}
// Print info
print_info();
char fmt[16];
get_type_name(boot->kernel_type, fmt);
fprintf(stderr, "KERNEL_FMT [%s]\n", fmt);
get_type_name(boot->ramdisk_type, fmt);
fprintf(stderr, "RAMDISK_FMT [%s]\n", fmt);
fprintf(stderr, "\n");
return ret;
default:
continue;
}
}
LOGE(1, "No boot image magic found!\n");
LOGE("No boot image magic found!\n");
return 1;
}
void unpack(const char* image) {
size_t size;
unsigned char *orig;
void *orig;
mmap_ro(image, &orig, &size);
int fd;
boot_img boot;
// Parse image
fprintf(stderr, "Parsing boot image: [%s]\n\n", image);
int ret = parse_img(orig, size);
int ret = parse_img(orig, size, &boot);
// Dump kernel
if (mtk_kernel) {
kernel += 512;
hdr.kernel_size -= 512;
if (COMPRESSED(boot.kernel_type)) {
fd = open_new(KERNEL_FILE);
decomp(boot.kernel_type, fd, boot.kernel, boot.hdr.kernel_size);
close(fd);
} else {
dump(boot.kernel, boot.hdr.kernel_size, KERNEL_FILE);
}
if (boot.dt_size) {
// Dump dtb
dump(boot.dtb, boot.dt_size, DTB_FILE);
}
dump(kernel, hdr.kernel_size, KERNEL_FILE);
// Dump ramdisk
if (mtk_ramdisk) {
ramdisk += 512;
hdr.ramdisk_size -= 512;
}
if (decomp(ramdisk_type, RAMDISK_FILE, ramdisk, hdr.ramdisk_size)) {
// Dump the compressed ramdisk
dump(ramdisk, hdr.ramdisk_size, RAMDISK_FILE ".unsupport");
LOGE(1, "Unsupported ramdisk format! Dumped to %s\n", RAMDISK_FILE ".unsupport");
if (COMPRESSED(boot.ramdisk_type)) {
fd = open_new(RAMDISK_FILE);
decomp(boot.ramdisk_type, fd, boot.ramdisk, boot.hdr.ramdisk_size);
close(fd);
} else {
dump(boot.ramdisk, boot.hdr.ramdisk_size, RAMDISK_FILE ".raw");
LOGE("Unknown ramdisk format! Dumped to %s\n", RAMDISK_FILE ".raw");
}
if (hdr.second_size) {
if (boot.hdr.second_size) {
// Dump second
dump(second, hdr.second_size, SECOND_FILE);
dump(boot.second, boot.hdr.second_size, SECOND_FILE);
}
if (hdr.dt_size) {
// Dump dtb
dump(dtb, hdr.dt_size, DTB_FILE);
if (boot.hdr.extra_size) {
// Dump extra
dump(boot.extra, boot.hdr.extra_size, EXTRA_FILE);
}
munmap(orig, size);
@@ -188,11 +198,10 @@ void unpack(const char* image) {
void repack(const char* orig_image, const char* out_image) {
size_t size;
unsigned char *orig;
char name[PATH_MAX];
void *orig;
boot_img boot;
// There are possible two MTK headers
mtk_hdr mtk_kernel_hdr, mtk_ramdisk_hdr;
size_t mtk_kernel_off, mtk_ramdisk_off;
// Load original image
@@ -200,109 +209,104 @@ void repack(const char* orig_image, const char* out_image) {
// Parse original image
fprintf(stderr, "Parsing boot image: [%s]\n\n", orig_image);
parse_img(orig, size);
parse_img(orig, size, &boot);
fprintf(stderr, "Repack to boot image: [%s]\n\n", out_image);
// Create new image
int fd = open_new(out_image);
// Set all sizes to 0
hdr.kernel_size = 0;
hdr.ramdisk_size = 0;
hdr.second_size = 0;
hdr.dt_size = 0;
// Skip a page for header
write_zero(fd, hdr.page_size);
write_zero(fd, boot.hdr.page_size);
// Restore kernel
if (mtk_kernel) {
if (boot.flags & MTK_KERNEL) {
// Record position and skip MTK header
mtk_kernel_off = lseek(fd, 0, SEEK_CUR);
restore_buf(fd, kernel, 512);
memcpy(&mtk_kernel_hdr, kernel, sizeof(mtk_kernel_hdr));
write_zero(fd, 512);
}
hdr.kernel_size = restore(KERNEL_FILE, fd);
file_align(fd, hdr.page_size, 1);
if (COMPRESSED(boot.kernel_type)) {
size_t raw_size;
void *kernel_raw;
mmap_ro(KERNEL_FILE, &kernel_raw, &raw_size);
boot.hdr.kernel_size = comp(boot.kernel_type, fd, kernel_raw, raw_size);
munmap(kernel_raw, raw_size);
} else {
boot.hdr.kernel_size = restore(KERNEL_FILE, fd);
}
// Restore dtb
if (boot.dt_size && access(DTB_FILE, R_OK) == 0) {
boot.hdr.kernel_size += restore(DTB_FILE, fd);
}
file_align(fd, boot.hdr.page_size, 1);
// Restore ramdisk
if (mtk_ramdisk) {
if (boot.flags & MTK_RAMDISK) {
// Record position and skip MTK header
mtk_ramdisk_off = lseek(fd, 0, SEEK_CUR);
restore_buf(fd, ramdisk, 512);
memcpy(&mtk_ramdisk_hdr, ramdisk, sizeof(mtk_ramdisk_hdr));
write_zero(fd, 512);
}
if (access(RAMDISK_FILE, R_OK) == 0) {
// If we found raw cpio, compress to original format
// Before we start, clean up previous compressed files
for (int i = 0; SUP_EXT_LIST[i]; ++i) {
sprintf(name, "%s.%s", RAMDISK_FILE, SUP_EXT_LIST[i]);
unlink(name);
}
size_t cpio_size;
unsigned char *cpio;
void *cpio;
mmap_ro(RAMDISK_FILE, &cpio, &cpio_size);
if (comp(ramdisk_type, RAMDISK_FILE, cpio, cpio_size))
LOGE(1, "Unsupported ramdisk format!\n");
boot.hdr.ramdisk_size = comp(boot.ramdisk_type, fd, cpio, cpio_size);
munmap(cpio, cpio_size);
}
} else {
// Find compressed ramdisk
char name[PATH_MAX];
int found = 0;
for (int i = 0; SUP_EXT_LIST[i]; ++i) {
sprintf(name, "%s.%s", RAMDISK_FILE, SUP_EXT_LIST[i]);
if (access(name, R_OK) == 0) {
ramdisk_type = SUP_TYPE_LIST[i];
found = 1;
break;
}
}
if (!found)
LOGE(1, "No ramdisk exists!\n");
hdr.ramdisk_size = restore(name, fd);
file_align(fd, hdr.page_size, 1);
LOGE("No ramdisk exists!\n");
boot.hdr.ramdisk_size = restore(name, fd);
}
file_align(fd, boot.hdr.page_size, 1);
// Restore second
if (access(SECOND_FILE, R_OK) == 0) {
hdr.second_size = restore(SECOND_FILE, fd);
file_align(fd, hdr.page_size, 1);
if (boot.hdr.second_size && access(SECOND_FILE, R_OK) == 0) {
boot.hdr.second_size = restore(SECOND_FILE, fd);
file_align(fd, boot.hdr.page_size, 1);
}
// Restore dtb
if (access(DTB_FILE, R_OK) == 0) {
hdr.dt_size = restore(DTB_FILE, fd);
file_align(fd, hdr.page_size, 1);
// Restore extra
if (boot.hdr.extra_size && access(EXTRA_FILE, R_OK) == 0) {
boot.hdr.extra_size = restore(EXTRA_FILE, fd);
file_align(fd, boot.hdr.page_size, 1);
}
// Check extra info, currently only for LG Bump and Samsung SEANDROIDENFORCE
if (extra) {
if (memcmp(extra, "SEANDROIDENFORCE", 16) == 0 ||
memcmp(extra, "\x41\xa9\xe4\x67\x74\x4d\x1d\x1b\xa4\x29\xf2\xec\xea\x65\x52\x79", 16) == 0 ) {
restore_buf(fd, extra, 16);
// Check tail info, currently only for LG Bump and Samsung SEANDROIDENFORCE
if (boot.tail_size >= 16) {
if (memcmp(boot.tail, "SEANDROIDENFORCE", 16) == 0 ||
memcmp(boot.tail, LG_BUMP_MAGIC, 16) == 0 ) {
restore_buf(fd, boot.tail, 16);
}
}
// Write headers back
if (mtk_kernel) {
// Write MTK headers back
if (boot.flags & MTK_KERNEL) {
lseek(fd, mtk_kernel_off, SEEK_SET);
mtk_kernel_hdr.size = hdr.kernel_size;
hdr.kernel_size += 512;
restore_buf(fd, &mtk_kernel_hdr, sizeof(mtk_kernel_hdr));
boot.mtk_kernel_hdr.size = boot.hdr.kernel_size;
boot.hdr.kernel_size += 512;
restore_buf(fd, &boot.mtk_kernel_hdr, sizeof(mtk_hdr));
}
if (mtk_ramdisk) {
if (boot.flags & MTK_RAMDISK) {
lseek(fd, mtk_ramdisk_off, SEEK_SET);
mtk_ramdisk_hdr.size = hdr.ramdisk_size;
hdr.ramdisk_size += 512;
restore_buf(fd, &mtk_ramdisk_hdr, sizeof(mtk_ramdisk_hdr));
boot.mtk_ramdisk_hdr.size = boot.hdr.ramdisk_size;
boot.hdr.ramdisk_size += 512;
restore_buf(fd, &boot.mtk_ramdisk_hdr, sizeof(mtk_hdr));
}
// Main header
lseek(fd, 0, SEEK_SET);
restore_buf(fd, &hdr, sizeof(hdr));
restore_buf(fd, &boot.hdr, sizeof(boot.hdr));
// Print new image info
print_info();
print_hdr(&boot.hdr);
munmap(orig, size);
close(fd);

26
jni/magiskboot/bootimg.h
View File

@@ -16,6 +16,7 @@
*/
#include <stdint.h>
#include "types.h"
#ifndef _BOOT_IMAGE_H_
#define _BOOT_IMAGE_H_
@@ -43,7 +44,7 @@ struct boot_img_hdr
uint32_t tags_addr; /* physical addr for kernel tags */
uint32_t page_size; /* flash page size we assume */
uint32_t dt_size; /* device tree in bytes */
uint32_t extra_size; /* extra blob size in bytes */
/* operating system version and security patch level; for
* version "A.B.C" and patch level "Y-M-D":
@@ -73,13 +74,13 @@ struct boot_img_hdr
** +-----------------+
** | second stage | o pages
** +-----------------+
** | device tree | p pages
** | extra blobs | p pages
** +-----------------+
**
** n = (kernel_size + page_size - 1) / page_size
** m = (ramdisk_size + page_size - 1) / page_size
** o = (second_size + page_size - 1) / page_size
** p = (dt_size + page_size - 1) / page_size
** p = (extra_size + page_size - 1) / page_size
**
** 0. all entities are page_size aligned in flash
** 1. kernel and ramdisk are required (size != 0)
@@ -99,4 +100,23 @@ typedef struct mtk_hdr {
uint8_t name[32]; /* The type of the header */
} mtk_hdr;
// Flags
#define MTK_KERNEL 0x1
#define MTK_RAMDISK 0x2
typedef struct boot_img {
boot_img_hdr hdr;
void *kernel;
void *dtb;
uint32_t dt_size;
void *ramdisk;
void *second;
void *extra;
void *tail;
uint32_t tail_size;
uint32_t flags;
file_t kernel_type, ramdisk_type;
mtk_hdr mtk_kernel_hdr, mtk_ramdisk_hdr;
} boot_img;
#endif

269
jni/magiskboot/compress.c
View File

@@ -1,10 +1,16 @@
#include <unistd.h>
#include <sys/mman.h>
#include <zlib.h>
#include <lzma.h>
#include <lz4.h>
#include <lz4frame.h>
#include <lz4hc.h>
#include <bzlib.h>
#include "magiskboot.h"
#include "logging.h"
#include "utils.h"
#define windowBits 15
#define ZLIB_GZIP 16
@@ -15,30 +21,12 @@
#define LZ4_FOOTER_SIZE 4
#define LZ4_LEGACY_BLOCKSIZE 0x800000
static void write_file(const int fd, const void *buf, const size_t size, const char *filename) {
xwrite(fd, buf, size);
}
static void report(const int mode, const char* filename) {
switch(mode) {
case 0:
fprintf(stderr, "Decompressing to [%s]\n\n", filename);
break;
default:
fprintf(stderr, "Compressing to [%s]\n\n", filename);
break;
}
}
// Mode: 0 = decode; 1 = encode
void gzip(int mode, const char* filename, const unsigned char* buf, size_t size) {
size_t ret = 0, flush, have, pos = 0;
size_t gzip(int mode, int fd, const void *buf, size_t size) {
size_t ret = 0, flush, have, pos = 0, total = 0;
z_stream strm;
unsigned char out[CHUNK];
report(mode, filename);
int fd = open_new(filename);
strm.zalloc = Z_NULL;
strm.zfree = Z_NULL;
strm.opaque = Z_NULL;
@@ -50,12 +38,10 @@ void gzip(int mode, const char* filename, const unsigned char* buf, size_t size)
case 1:
ret = deflateInit2(&strm, 9, Z_DEFLATED, windowBits | ZLIB_GZIP, memLevel, Z_DEFAULT_STRATEGY);
break;
default:
LOGE(1, "Unsupported gzip mode!\n");
}
if (ret != Z_OK)
LOGE(1, "Unable to init zlib stream\n");
LOGE("Unable to init zlib stream\n");
do {
strm.next_in = buf + pos;
@@ -80,10 +66,10 @@ void gzip(int mode, const char* filename, const unsigned char* buf, size_t size)
break;
}
if (ret == Z_STREAM_ERROR)
LOGE(1, "Error when running gzip\n");
LOGE("Error when running gzip\n");
have = CHUNK - strm.avail_out;
write_file(fd, out, have, filename);
total += xwrite(fd, out, have);
} while (strm.avail_out == 0);
@@ -97,24 +83,21 @@ void gzip(int mode, const char* filename, const unsigned char* buf, size_t size)
deflateEnd(&strm);
break;
}
close(fd);
return total;
}
// Mode: 0 = decode xz/lzma; 1 = encode xz; 2 = encode lzma
void lzma(int mode, const char* filename, const unsigned char* buf, size_t size) {
size_t have, pos = 0;
size_t lzma(int mode, int fd, const void *buf, size_t size) {
size_t have, pos = 0, total = 0;
lzma_ret ret = 0;
lzma_stream strm = LZMA_STREAM_INIT;
lzma_options_lzma opt;
lzma_action action;
unsigned char out[BUFSIZ];
report(mode, filename);
int fd = open_new(filename);
// Initialize preset
lzma_lzma_preset(&opt, LZMA_PRESET_DEFAULT);
lzma_lzma_preset(&opt, 9);
lzma_filter filters[] = {
{ .id = LZMA_FILTER_LZMA2, .options = &opt },
{ .id = LZMA_VLI_UNKNOWN, .options = NULL },
@@ -130,13 +113,11 @@ void lzma(int mode, const char* filename, const unsigned char* buf, size_t size)
case 2:
ret = lzma_alone_encoder(&strm, &opt);
break;
default:
LOGE(1, "Unsupported lzma mode!\n");
}
if (ret != LZMA_OK)
LOGE(1, "Unable to init lzma stream\n");
LOGE("Unable to init lzma stream\n");
do {
strm.next_in = buf + pos;
@@ -154,30 +135,27 @@ void lzma(int mode, const char* filename, const unsigned char* buf, size_t size)
strm.next_out = out;
ret = lzma_code(&strm, action);
have = BUFSIZ - strm.avail_out;
write_file(fd, out, have, filename);
total += xwrite(fd, out, have);
} while (strm.avail_out == 0 && ret == LZMA_OK);
if (ret != LZMA_OK && ret != LZMA_STREAM_END)
LOGE(1, "LZMA error %d!\n", ret);
LOGE("LZMA error %d!\n", ret);
} while (pos < size);
lzma_end(&strm);
close(fd);
return total;
}
// Mode: 0 = decode; 1 = encode
void lz4(int mode, const char* filename, const unsigned char* buf, size_t size) {
size_t lz4(int mode, int fd, const void *buf, size_t size) {
LZ4F_decompressionContext_t dctx;
LZ4F_compressionContext_t cctx;
LZ4F_frameInfo_t info;
size_t outCapacity, avail_in, ret = 0, pos = 0;
size_t blockSize, outCapacity, avail_in, ret = 0, pos = 0, total = 0;
size_t have, read;
unsigned char *out = NULL;
report(mode, filename);
int fd = open_new(filename);
void *out = NULL;
// Initialize context
switch(mode) {
@@ -187,21 +165,20 @@ void lz4(int mode, const char* filename, const unsigned char* buf, size_t size)
case 1:
ret = LZ4F_createCompressionContext(&cctx, LZ4F_VERSION);
break;
default:
LOGE(1, "Unsupported lz4 mode!\n");
}
if (LZ4F_isError(ret))
LOGE(1, "Context creation error: %s\n", LZ4F_getErrorName(ret));
LOGE("Context creation error: %s\n", LZ4F_getErrorName(ret));
// Allocate out buffer
blockSize = 1 << 22;
switch(mode) {
case 0:
// Read header
read = CHUNK;
read = blockSize;
ret = LZ4F_getFrameInfo(dctx, &info, buf, &read);
if (LZ4F_isError(ret))
LOGE(1, "LZ4F_getFrameInfo error: %s\n", LZ4F_getErrorName(ret));
LOGE("LZ4F_getFrameInfo error: %s\n", LZ4F_getErrorName(ret));
switch (info.blockSizeID) {
case LZ4F_default:
case LZ4F_max64KB: outCapacity = 1 << 16; break;
@@ -209,12 +186,12 @@ void lz4(int mode, const char* filename, const unsigned char* buf, size_t size)
case LZ4F_max1MB: outCapacity = 1 << 20; break;
case LZ4F_max4MB: outCapacity = 1 << 22; break;
default:
LOGE(1, "Impossible unless more block sizes are allowed\n");
LOGE("Impossible unless more block sizes are allowed\n");
}
pos += read;
break;
case 1:
outCapacity = LZ4F_compressBound(CHUNK, NULL) + LZ4_HEADER_SIZE + LZ4_FOOTER_SIZE;
outCapacity = LZ4F_compressFrameBound(blockSize, NULL);
break;
}
@@ -222,23 +199,31 @@ void lz4(int mode, const char* filename, const unsigned char* buf, size_t size)
// Write header
if (mode == 1) {
have = ret = LZ4F_compressBegin(cctx, out, size, NULL);
LZ4F_preferences_t prefs;
memset(&prefs, 0, sizeof(prefs));
prefs.autoFlush = 1;
prefs.compressionLevel = 9;
prefs.frameInfo.blockMode = 1;
prefs.frameInfo.blockSizeID = 7;
prefs.frameInfo.contentChecksumFlag = 1;
have = ret = LZ4F_compressBegin(cctx, out, size, &prefs);
if (LZ4F_isError(ret))
LOGE(1, "Failed to start compression: error %s\n", LZ4F_getErrorName(ret));
write_file(fd, out, have, filename);
LOGE("Failed to start compression: error %s\n", LZ4F_getErrorName(ret));
total += xwrite(fd, out, have);
}
do {
if (pos + CHUNK >= size) {
if (pos + blockSize >= size) {
avail_in = size - pos;
} else {
avail_in = CHUNK;
avail_in = blockSize;
}
do {
switch(mode) {
case 0:
have = outCapacity, read = avail_in;
have = outCapacity;
read = avail_in;
ret = LZ4F_decompress(dctx, out, &have, buf + pos, &read, NULL);
break;
case 1:
@@ -247,9 +232,9 @@ void lz4(int mode, const char* filename, const unsigned char* buf, size_t size)
break;
}
if (LZ4F_isError(ret))
LOGE(1, "LZ4 coding error: %s\n", LZ4F_getErrorName(ret));
LOGE("LZ4 coding error: %s\n", LZ4F_getErrorName(ret));
write_file(fd, out, have, filename);
total += xwrite(fd, out, have);
// Update status
pos += read;
avail_in -= read;
@@ -264,27 +249,24 @@ void lz4(int mode, const char* filename, const unsigned char* buf, size_t size)
case 1:
have = ret = LZ4F_compressEnd(cctx, out, outCapacity, NULL);
if (LZ4F_isError(ret))
LOGE(1, "Failed to end compression: error %s\n", LZ4F_getErrorName(ret));
LOGE("Failed to end compression: error %s\n", LZ4F_getErrorName(ret));
write_file(fd, out, have, filename);
total += xwrite(fd, out, have);
LZ4F_freeCompressionContext(cctx);
break;
}
free(out);
close(fd);
return total;
}
// Mode: 0 = decode; 1 = encode
void bzip2(int mode, const char* filename, const unsigned char* buf, size_t size) {
size_t ret = 0, action, have, pos = 0;
size_t bzip2(int mode, int fd, const void* buf, size_t size) {
size_t ret = 0, action, have, pos = 0, total = 0;
bz_stream strm;
char out[CHUNK];
report(mode, filename);
int fd = open_new(filename);
strm.bzalloc = NULL;
strm.bzfree = NULL;
strm.opaque = NULL;
@@ -296,12 +278,10 @@ void bzip2(int mode, const char* filename, const unsigned char* buf, size_t size
case 1:
ret = BZ2_bzCompressInit(&strm, 9, 0, 0);
break;
default:
LOGE(1, "Unsupported bzip2 mode!\n");
}
if (ret != BZ_OK)
LOGE(1, "Unable to init bzlib stream\n");
LOGE("Unable to init bzlib stream\n");
do {
strm.next_in = (char *) buf + pos;
@@ -327,7 +307,7 @@ void bzip2(int mode, const char* filename, const unsigned char* buf, size_t size
}
have = CHUNK - strm.avail_out;
write_file(fd, out, have, filename);
total += xwrite(fd, out, have);
} while (strm.avail_out == 0);
@@ -341,20 +321,15 @@ void bzip2(int mode, const char* filename, const unsigned char* buf, size_t size
BZ2_bzCompressEnd(&strm);
break;
}
close(fd);
return total;
}
// Mode: 0 = decode; 1 = encode
void lz4_legacy(int mode, const char* filename, const unsigned char* buf, size_t size) {
size_t lz4_legacy(int mode, int fd, const void* buf, size_t size) {
size_t pos = 0;
int have;
char *out;
unsigned block_size, insize;
unsigned char block_size_le[4];
report(mode, filename);
int fd = open_new(filename);
unsigned block_size, insize, total = 0;
switch(mode) {
case 0:
@@ -365,25 +340,21 @@ void lz4_legacy(int mode, const char* filename, const unsigned char* buf, size_t
case 1:
out = xmalloc(LZ4_COMPRESSBOUND(LZ4_LEGACY_BLOCKSIZE));
// Write magic
write_file(fd, "\x02\x21\x4c\x18", 4, filename);
total += xwrite(fd, "\x02\x21\x4c\x18", 4);
break;
default:
LOGE(1, "Unsupported lz4_legacy mode!\n");
}
do {
switch(mode) {
case 0:
block_size = buf[pos];
block_size += (buf[pos + 1]<<8);
block_size += (buf[pos + 2]<<16);
block_size += ((unsigned)buf[pos + 3])<<24;
// Read block size
block_size = *(unsigned *)(buf + pos);
pos += 4;
if (block_size > LZ4_COMPRESSBOUND(LZ4_LEGACY_BLOCKSIZE))
LOGE(1, "lz4_legacy block size too large!\n");
have = LZ4_decompress_safe((const char*) (buf + pos), out, block_size, LZ4_LEGACY_BLOCKSIZE);
goto done;
have = LZ4_decompress_safe(buf + pos, out, block_size, LZ4_LEGACY_BLOCKSIZE);
if (have < 0)
LOGE(1, "Cannot decode lz4_legacy block\n");
LOGE("Cannot decode lz4_legacy block\n");
pos += block_size;
break;
case 1:
@@ -391,106 +362,83 @@ void lz4_legacy(int mode, const char* filename, const unsigned char* buf, size_t
insize = size - pos;
else
insize = LZ4_LEGACY_BLOCKSIZE;
have = LZ4_compress_default((const char*) (buf + pos), out, insize, LZ4_COMPRESSBOUND(LZ4_LEGACY_BLOCKSIZE));
have = LZ4_compress_HC(buf + pos, out, insize, LZ4_COMPRESSBOUND(LZ4_LEGACY_BLOCKSIZE), 9);
if (have == 0)
LOGE(1, "lz4_legacy compression error\n");
LOGE("lz4_legacy compression error\n");
pos += insize;
block_size_le[0] = (unsigned char)have;
block_size_le[1] = (unsigned char)(have >> 8);
block_size_le[2] = (unsigned char)(have >> 16);
block_size_le[3] = (unsigned char)(have >> 24);
write_file(fd, block_size_le, 4, filename);
// Write block size
total += xwrite(fd, &have, sizeof(have));
break;
}
// Write main data
write_file(fd, out, have, filename);
total += xwrite(fd, out, have);
} while(pos < size);
done:
if (mode == 1) {
// Append original size to output
unsigned uncomp = size;
xwrite(fd, &uncomp, sizeof(uncomp));
}
free(out);
close(fd);
return total;
}
int decomp(file_t type, const char *to, const unsigned char *from, size_t size) {
long long decomp(file_t type, int to, const void *from, size_t size) {
switch (type) {
case GZIP:
gzip(0, to, from, size);
break;
return gzip(0, to, from, size);
case XZ:
lzma(0, to, from, size);
break;
return lzma(0, to, from, size);
case LZMA:
lzma(0, to, from, size);
break;
return lzma(0, to, from, size);
case BZIP2:
bzip2(0, to, from, size);
break;
return bzip2(0, to, from, size);
case LZ4:
lz4(0, to, from, size);
break;
return lz4(0, to, from, size);
case LZ4_LEGACY:
lz4_legacy(0, to, from, size);
break;
return lz4_legacy(0, to, from, size);
default:
// Unsupported
return 1;
return -1;
}
return 0;
}
// Output will be to.ext
int comp(file_t type, const char *to, const unsigned char *from, size_t size) {
char name[PATH_MAX];
const char *ext = strrchr(to, '.');
if (ext == NULL) ext = to;
strcpy(name, to);
long long comp(file_t type, int to, const void *from, size_t size) {
switch (type) {
case GZIP:
if (strcmp(ext, ".gz") != 0)
sprintf(name, "%s.%s", to, "gz");
gzip(1, name, from, size);
break;
return gzip(1, to, from, size);
case XZ:
if (strcmp(ext, ".xz") != 0)
sprintf(name, "%s.%s", to, "xz");
lzma(1, name, from, size);
break;
return lzma(1, to, from, size);
case LZMA:
if (strcmp(ext, ".lzma") != 0)
sprintf(name, "%s.%s", to, "lzma");
lzma(2, name, from, size);
break;
return lzma(2, to, from, size);
case BZIP2:
if (strcmp(ext, ".bz2") != 0)
sprintf(name, "%s.%s", to, "bz2");
bzip2(1, name, from, size);
break;
return bzip2(1, to, from, size);
case LZ4:
if (strcmp(ext, ".lz4") != 0)
sprintf(name, "%s.%s", to, "lz4");
lz4(1, name, from, size);
break;
return lz4(1, to, from, size);
case LZ4_LEGACY:
if (strcmp(ext, ".lz4") != 0)
sprintf(name, "%s.%s", to, "lz4");
lz4_legacy(1, name, from, size);
break;
return lz4_legacy(1, to, from, size);
default:
// Unsupported
return 1;
return -1;
}
return 0;
}
/*
* Below are utility functions for commandline
*/
void decomp_file(char *from, const char *to) {
int ok = 1;
unsigned char *file;
void *file;
size_t size;
mmap_ro(from, &file, &size);
file_t type = check_type(file);
char *ext;
ext = strrchr(from, '.');
if (ext == NULL)
LOGE(1, "Bad filename extention\n");
LOGE("Bad filename extention\n");
// File type and extension should match
switch (type) {
@@ -516,7 +464,7 @@ void decomp_file(char *from, const char *to) {
ok = 0;
break;
default:
LOGE(1, "Provided file \'%s\' is not a supported archive format\n", from);
LOGE("Provided file \'%s\' is not a supported archive format\n", from);
}
if (ok) {
// If all match, strip out the suffix
@@ -524,31 +472,41 @@ void decomp_file(char *from, const char *to) {
*ext = '\0';
to = from;
}
decomp(type, to, file, size);
int fd = open_new(to);
fprintf(stderr, "Decompressing to [%s]\n\n", to);
decomp(type, fd, file, size);
close(fd);
if (to == from) {
*ext = '.';
unlink(from);
}
} else {
LOGE(1, "Bad filename extention \'%s\'\n", ext);
LOGE("Bad filename extention \'%s\'\n", ext);
}
munmap(file, size);
}
void comp_file(const char *method, const char *from, const char *to) {
file_t type;
char *ext, dest[PATH_MAX];
if (strcmp(method, "gzip") == 0) {
type = GZIP;
ext = "gz";
} else if (strcmp(method, "xz") == 0) {
type = XZ;
ext = "xz";
} else if (strcmp(method, "lzma") == 0) {
type = LZMA;
ext = "lzma";
} else if (strcmp(method, "lz4") == 0) {
type = LZ4;
ext = "lz4";
} else if (strcmp(method, "lz4_legacy") == 0) {
type = LZ4_LEGACY;
ext = "lz4";
} else if (strcmp(method, "bzip2") == 0) {
type = BZIP2;
ext = "bz2";
} else {
fprintf(stderr, "Only support following methods: ");
for (int i = 0; SUP_LIST[i]; ++i)
@@ -556,14 +514,19 @@ void comp_file(const char *method, const char *from, const char *to) {
fprintf(stderr, "\n");
exit(1);
}
unsigned char *file;
void *file;
size_t size;
mmap_ro(from, &file, &size);
if (!to)
to = from;
comp(type, to, file, size);
snprintf(dest, sizeof(dest), "%s.%s", from, ext);
else
strcpy(dest, to);
fprintf(stderr, "Compressing to [%s]\n\n", dest);
int fd = open_new(dest);
comp(type, fd, file, size);
close(fd);
munmap(file, size);
if (to == from)
if (!to)
unlink(from);
}

250
jni/magiskboot/cpio.c
View File

@@ -1,7 +1,10 @@
#include <stdio.h>
#include <unistd.h>
#include "magiskboot.h"
#include "cpio.h"
#include "vector.h"
#include "list.h"
#include "logging.h"
#include "utils.h"
static uint32_t x8u(char *hex) {
uint32_t val, inpos = 8, outpos;
@@ -14,12 +17,12 @@ static uint32_t x8u(char *hex) {
// Because scanf gratuitously treats %*X differently than printf does.
sprintf(pattern, "%%%dx%%n", inpos);
sscanf(hex, pattern, &val, &outpos);
if (inpos != outpos) LOGE(1, "bad cpio header\n");
if (inpos != outpos) LOGE("bad cpio header\n");
return val;
}
static void cpio_free(cpio_file *f) {
static void cpio_free(cpio_entry *f) {
if (f) {
free(f->filename);
free(f->data);
@@ -27,46 +30,30 @@ static void cpio_free(cpio_file *f) {
}
}
static void cpio_vec_insert(struct vector *v, cpio_file *n) {
cpio_file *f, *t;
int shift = 0;
// Insert in alphabet order
static void cpio_vec_insert(struct vector *v, cpio_entry *n) {
cpio_entry *f;
vec_for_each(v, f) {
if (shift) {
vec_entry(v)[_] = t;
t = f;
continue;
}
t = f;
if (strcmp(f->filename, n->filename) == 0) {
// Replace, then all is done
cpio_free(f);
vec_entry(v)[_] = n;
vec_cur(v) = n;
return;
} else if (strcmp(f->filename, n->filename) > 0) {
// Insert, then start shifting
vec_entry(v)[_] = n;
t = f;
shift = 1;
}
}
if (shift)
vec_push_back(v, t);
else
vec_push_back(v, n);
}
static int cpio_compare(const void *a, const void *b) {
return strcmp((*(cpio_file **) a)->filename, (*(cpio_file **) b)->filename);
static int cpio_cmp(const void *a, const void *b) {
return strcmp((*(cpio_entry **) a)->filename, (*(cpio_entry **) b)->filename);
}
// Parse cpio file to a vector of cpio_file
// Parse cpio file to a vector of cpio_entry
static void parse_cpio(const char *filename, struct vector *v) {
fprintf(stderr, "Loading cpio: [%s]\n\n", filename);
int fd = xopen(filename, O_RDONLY);
cpio_newc_header header;
cpio_file *f;
while(read(fd, &header, 110) == 110) {
cpio_entry *f;
while(xxread(fd, &header, 110) != -1) {
f = xcalloc(sizeof(*f), 1);
// f->ino = x8u(header.ino);
f->mode = x8u(header.mode);
@@ -81,7 +68,7 @@ static void parse_cpio(const char *filename, struct vector *v) {
// f->rdevminor = x8u(header.rdevminor);
f->namesize = x8u(header.namesize);
// f->check = x8u(header.check);
f->filename = malloc(f->namesize);
f->filename = xmalloc(f->namesize);
xxread(fd, f->filename, f->namesize);
file_align(fd, 4, 0);
if (strcmp(f->filename, ".") == 0 || strcmp(f->filename, "..") == 0) {
@@ -100,8 +87,6 @@ static void parse_cpio(const char *filename, struct vector *v) {
vec_push_back(v, f);
}
close(fd);
// Sort by name
vec_sort(v, cpio_compare);
}
static void dump_cpio(const char *filename, struct vector *v) {
@@ -109,7 +94,9 @@ static void dump_cpio(const char *filename, struct vector *v) {
int fd = open_new(filename);
unsigned inode = 300000;
char header[111];
cpio_file *f;
// Sort by name
vec_sort(v, cpio_cmp);
cpio_entry *f;
vec_for_each(v, f) {
if (f->remove) continue;
sprintf(header, "070701%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x",
@@ -144,8 +131,8 @@ static void dump_cpio(const char *filename, struct vector *v) {
}
static void cpio_vec_destroy(struct vector *v) {
// Free each cpio_file
cpio_file *f;
// Free each cpio_entry
cpio_entry *f;
vec_for_each(v, f) {
cpio_free(f);
}
@@ -153,39 +140,39 @@ static void cpio_vec_destroy(struct vector *v) {
}
static void cpio_rm(int recursive, const char *entry, struct vector *v) {
cpio_file *f;
cpio_entry *f;
vec_for_each(v, f) {
if ((recursive && strncmp(f->filename, entry, strlen(entry)) == 0)
|| (strcmp(f->filename, entry) == 0) ) {
if (strncmp(f->filename, entry, strlen(entry)) == 0) {
char next = f->filename[strlen(entry)];
if ((recursive && next == '/') || next == '\0') {
if (!f->remove) {
fprintf(stderr, "Remove [%s]\n", entry);
fprintf(stderr, "Remove [%s]\n", f->filename);
f->remove = 1;
}
if (!recursive) return;
}
}
}
}
static void cpio_mkdir(mode_t mode, const char *entry, struct vector *v) {
cpio_file *f = xcalloc(sizeof(*f), 1);
cpio_entry *f = xcalloc(sizeof(*f), 1);
f->mode = S_IFDIR | mode;
f->namesize = strlen(entry) + 1;
f->filename = xmalloc(f->namesize);
memcpy(f->filename, entry, f->namesize);
f->filename = strdup(entry);
cpio_vec_insert(v, f);
fprintf(stderr, "Create directory [%s] (%04o)\n",entry, mode);
}
static void cpio_add(mode_t mode, const char *entry, const char *filename, struct vector *v) {
int fd = xopen(filename, O_RDONLY);
cpio_file *f = xcalloc(sizeof(*f), 1);
cpio_entry *f = xcalloc(sizeof(*f), 1);
f->mode = S_IFREG | mode;
f->namesize = strlen(entry) + 1;
f->filename = xmalloc(f->namesize);
memcpy(f->filename, entry, f->namesize);
f->filename = strdup(entry);
f->filesize = lseek(fd, 0, SEEK_END);
lseek(fd, 0, SEEK_SET);
f->data = malloc(f->filesize);
f->data = xmalloc(f->filesize);
xxread(fd, f->data, f->filesize);
close(fd);
cpio_vec_insert(v, f);
@@ -193,109 +180,44 @@ static void cpio_add(mode_t mode, const char *entry, const char *filename, struc
}
static void cpio_test(struct vector *v) {
#define STOCK_BOOT 0x0
#define MAGISK_PATCH 0x1
#define OTHER_PATCH 0x2
int ret = 0;
cpio_file *f;
const char *OTHER_LIST[] = { "sbin/launch_daemonsu.sh", "sbin/su", "init.xposed.rc", "init.supersu.rc", NULL };
int ret = STOCK_BOOT;
cpio_entry *f;
const char *OTHER_LIST[] = { "sbin/launch_daemonsu.sh", "sbin/su", "init.xposed.rc", "boot/sbin/launch_daemonsu.sh", NULL };
const char *MAGISK_LIST[] = { "init.magisk.rc", "overlay/init.magisk.rc", NULL };
vec_for_each(v, f) {
for (int i = 0; OTHER_LIST[i]; ++i) {
if (strcmp(f->filename, OTHER_LIST[i]) == 0)
if (strcmp(f->filename, OTHER_LIST[i]) == 0) {
ret |= OTHER_PATCH;
// Already find other files, abort
exit(OTHER_PATCH);
}
}
for (int i = 0; MAGISK_LIST[i]; ++i) {
if (strcmp(f->filename, MAGISK_LIST[i]) == 0)
ret = MAGISK_PATCH;
}
if (strcmp(f->filename, "init.magisk.rc") == 0)
ret |= MAGISK_PATCH;
}
cpio_vec_destroy(v);
exit((ret & OTHER_PATCH) ? OTHER_PATCH : (ret & MAGISK_PATCH));
}
static int check_verity_pattern(const char *s) {
int pos = 0;
if (s[0] == ',') ++pos;
if (strncmp(s + pos, "verify", 6) != 0) return -1;
pos += 6;
if (s[pos] == '=') {
while (s[pos] != ' ' && s[pos] != '\n' && s[pos] != ',') ++pos;
}
return pos;
}
static struct list_head *block_to_list(char *data) {
struct list_head *head = xmalloc(sizeof(*head));
line_list *line;
init_list_head(head);
char *tok;
tok = strsep(&data, "\n");
while (tok) {
line = xcalloc(sizeof(*line), 1);
line->line = tok;
list_insert_end(head, &line->pos);
tok = strsep(&data, "\n");
}
return head;
}
static char *list_to_block(struct list_head *head, uint32_t filesize) {
line_list *line;
char *data = xmalloc(filesize);
uint32_t off = 0;
list_for_each(line, head, line_list, pos) {
strcpy(data + off, line->line);
off += strlen(line->line);
data[off++] = '\n';
}
return data;
}
static void free_newline(line_list *line) {
if (line->isNew)
free(line->line);
exit(ret);
}
static void cpio_patch(struct vector *v, int keepverity, int keepforceencrypt) {
struct list_head *head;
line_list *line;
cpio_file *f;
int skip, injected = 0;
size_t read, write;
const char *ENCRYPT_LIST[] = { "forceencrypt", "forcefdeorfbe", "fileencryptioninline", NULL };
cpio_entry *f;
int skip, write;
vec_for_each(v, f) {
if (strcmp(f->filename, "init.rc") == 0) {
head = block_to_list(f->data);
list_for_each(line, head, line_list, pos) {
if (strstr(line->line, "import")) {
if (strstr(line->line, "init.magisk.rc"))
injected = 1;
if (injected)
continue;
// Inject magisk script as import
fprintf(stderr, "Inject new line [import /init.magisk.rc] in [init.rc]\n");
line = xcalloc(sizeof(*line), 1);
line->line = strdup("import /init.magisk.rc");
line->isNew = 1;
f->filesize += 23;
list_insert(__->prev, &line->pos);
injected = 1;
} else if (strstr(line->line, "selinux.reload_policy")) {
// Remove this line
fprintf(stderr, "Remove line [%s] in [init.rc]\n", line->line);
f->filesize -= strlen(line->line) + 1;
__ = list_pop(&line->pos);
free(line);
}
}
char *temp = list_to_block(head, f->filesize);
void *new_data = patch_init_rc(f->data, &f->filesize);
free(f->data);
f->data = temp;
list_destory(head, list_head, pos, free_newline);
free(head);
f->data = new_data;
} else {
if (!keepverity) {
if (strstr(f->filename, "fstab") != NULL && S_ISREG(f->mode)) {
for (read = 0, write = 0; read < f->filesize; ++read, ++write) {
skip = check_verity_pattern(f->data + read);
if (skip > 0) {
write = 0;
for (int read = 0; read < f->filesize; ++write, ++read) {
if ((skip = check_verity_pattern(f->data + read)) > 0) {
fprintf(stderr, "Remove pattern [%.*s] in [%s]\n", skip, f->data + read, f->filename);
read += skip;
}
@@ -309,15 +231,14 @@ static void cpio_patch(struct vector *v, int keepverity, int keepforceencrypt) {
}
if (!keepforceencrypt) {
if (strstr(f->filename, "fstab") != NULL && S_ISREG(f->mode)) {
for (read = 0, write = 0; read < f->filesize; ++read, ++write) {
for (int i = 0 ; ENCRYPT_LIST[i]; ++i) {
if (strncmp(f->data + read, ENCRYPT_LIST[i], strlen(ENCRYPT_LIST[i])) == 0) {
write = 0;
for (int read = 0; read < f->filesize; ++write, ++read) {
if ((skip = check_encryption_pattern(f->data + read)) > 0) {
// assert(skip > 11)!
fprintf(stderr, "Replace pattern [%.*s] with [encryptable] in [%s]\n", skip, f->data + read, f->filename);
memcpy(f->data + write, "encryptable", 11);
fprintf(stderr, "Replace [%s] with [%s] in [%s]\n", ENCRYPT_LIST[i], "encryptable", f->filename);
write += 11;
read += strlen(ENCRYPT_LIST[i]);
break;
}
read += skip;
}
f->data[write] = f->data[read];
}
@@ -329,7 +250,7 @@ static void cpio_patch(struct vector *v, int keepverity, int keepforceencrypt) {
}
static void cpio_extract(const char *entry, const char *filename, struct vector *v) {
cpio_file *f;
cpio_entry *f;
vec_for_each(v, f) {
if (strcmp(f->filename, entry) == 0 && S_ISREG(f->mode)) {
fprintf(stderr, "Extracting [%s] to [%s]\n\n", entry, filename);
@@ -341,12 +262,12 @@ static void cpio_extract(const char *entry, const char *filename, struct vector
exit(0);
}
}
LOGE(1, "Cannot find the file entry [%s]\n", entry);
LOGE("Cannot find the file entry [%s]\n", entry);
}
static void cpio_backup(const char *orig, struct vector *v) {
struct vector o_body, *o = &o_body, bak;
cpio_file *m, *n, *dir, *rem;
cpio_entry *m, *n, *dir, *rem;
char buf[PATH_MAX];
int res, doBak;
@@ -362,6 +283,10 @@ static void cpio_backup(const char *orig, struct vector *v) {
cpio_rm(1, ".backup", o);
cpio_rm(1, ".backup", v);
// Sort both vectors before comparing
vec_sort(v, cpio_cmp);
vec_sort(o, cpio_cmp);
// Init the directory and rmlist
dir->filename = strdup(".backup");
dir->namesize = strlen(dir->filename) + 1;
@@ -431,15 +356,12 @@ static void cpio_backup(const char *orig, struct vector *v) {
dir->remove = 1;
}
// Sort
vec_sort(v, cpio_compare);
// Cleanup
cpio_vec_destroy(o);
}
static int cpio_restore(struct vector *v) {
cpio_file *f, *n;
cpio_entry *f, *n;
int ret = 1;
vec_for_each(v, f) {
if (strstr(f->filename, ".backup") != NULL) {
@@ -454,10 +376,9 @@ static int cpio_restore(struct vector *v) {
n = xcalloc(sizeof(*n), 1);
memcpy(n, f, sizeof(*f));
n->namesize -= 8;
n->filename = xmalloc(n->namesize);
memcpy(n->filename, f->filename + 8, n->namesize);
n->data = xmalloc(n->filesize);
memcpy(n->data, f->data, n->filesize);
n->filename = strdup(f->filename + 8);
n->data = f->data;
f->data = NULL;
n->remove = 0;
fprintf(stderr, "Restoring [%s] -> [%s]\n", f->filename, n->filename);
cpio_vec_insert(v, n);
@@ -471,10 +392,11 @@ static int cpio_restore(struct vector *v) {
}
static void cpio_stocksha1(struct vector *v) {
cpio_file *f;
cpio_entry *f;
char sha1[41];
vec_for_each(v, f) {
if (strcmp(f->filename, "init.magisk.rc") == 0) {
if (strcmp(f->filename, "init.magisk.rc") == 0
|| strcmp(f->filename, "overlay/init.magisk.rc") == 0) {
for (char *pos = f->data; pos < f->data + f->filesize; pos = strchr(pos + 1, '\n') + 1) {
if (memcmp(pos, "# STOCKSHA1=", 12) == 0) {
pos += 12;
@@ -488,6 +410,27 @@ static void cpio_stocksha1(struct vector *v) {
}
}
static void cpio_mv(struct vector *v, const char *from, const char *to) {
struct cpio_entry *f, *t;
vec_for_each(v, f) {
if (strcmp(f->filename, from) == 0) {
fprintf(stderr, "Move [%s] -> [%s]\n", from, to);
vec_for_each(v, t) {
if (strcmp(t->filename, to) == 0) {
t->remove = 1;
break;
}
}
free(f->filename);
f->namesize = strlen(to) + 1;
f->filename = strdup(to);
return;
}
}
fprintf(stderr, "Cannot find entry %s\n", from);
exit(1);
}
int cpio_commands(const char *command, int argc, char *argv[]) {
int recursive = 0, ret = 0;
command_t cmd;
@@ -509,6 +452,8 @@ int cpio_commands(const char *command, int argc, char *argv[]) {
++argv;
--argc;
}
} else if (argc == 2 && strcmp(command, "mv") == 0) {
cmd = MV;
} else if (argc == 2 && strcmp(command, "patch") == 0) {
cmd = PATCH;
} else if (argc == 2 && strcmp(command, "extract") == 0) {
@@ -550,6 +495,9 @@ int cpio_commands(const char *command, int argc, char *argv[]) {
case ADD:
cpio_add(strtoul(argv[0], NULL, 8), argv[1], argv[2], &v);
break;
case MV:
cpio_mv(&v, argv[0], argv[1]);
break;
case NONE:
return 1;
}

26
jni/magiskboot/cpio.h
View File

@@ -3,9 +3,7 @@
#include <stdint.h>
#include "list.h"
typedef struct cpio_file {
typedef struct cpio_entry {
// uint32_t ino;
uint32_t mode;
uint32_t uid;
@@ -22,13 +20,7 @@ typedef struct cpio_file {
char *filename;
char *data;
int remove;
} cpio_file;
typedef struct line_list {
char *line;
int isNew;
struct list_head pos;
} line_list;
} cpio_entry;
typedef struct cpio_newc_header {
char magic[6];
@@ -47,4 +39,18 @@ typedef struct cpio_newc_header {
char check[8];
} cpio_newc_header;
typedef enum {
NONE,
RM,
MKDIR,
ADD,
MV,
EXTRACT,
TEST,
PATCH,
BACKUP,
RESTORE,
STOCKSHA1
} command_t;
#endif

83
jni/magiskboot/dtb.c Normal file
View File

@@ -0,0 +1,83 @@
#include <libfdt.h>
#include <unistd.h>
#include <sys/mman.h>
#include "magiskboot.h"
#include "utils.h"
static void print_subnode(const void *fdt, int parent, int depth) {
int node;
fdt_for_each_subnode(node, fdt, parent) {
for (int i = 0; i < depth; ++i) printf(" ");
printf("%d: %s\n", node, fdt_get_name(fdt, node, NULL));
print_subnode(fdt, node, depth + 1);
}
}
static int find_fstab(const void *fdt, int parent) {
int node, fstab;
fdt_for_each_subnode(node, fdt, parent) {
if (strcmp(fdt_get_name(fdt, node, NULL), "fstab") == 0)
return node;
fstab = find_fstab(fdt, node);
if (fstab != -1)
return fstab;
}
return -1;
}
void dtb_print(const char *file) {
size_t size ;
void *dtb, *fdt;
fprintf(stderr, "Loading dtbs from [%s]\n", file);
mmap_ro(file, &dtb, &size);
// Loop through all the dtbs
int dtb_num = 0;
for (int i = 0; i < size; ++i) {
if (memcmp(dtb + i, DTB_MAGIC, 4) == 0) {
fdt = dtb + i;
fprintf(stderr, "\nPrinting dtb.%04d\n\n", dtb_num++);
print_subnode(fdt, 0, 0);
}
}
fprintf(stderr, "\n");
munmap(dtb, size);
exit(0);
}
void dtb_patch(const char *file) {
size_t size ;
void *dtb, *fdt;
fprintf(stderr, "Loading dtbs from [%s]\n\n", file);
mmap_rw(file, &dtb, &size);
// Loop through all the dtbs
int dtb_num = 0, patched = 0;
for (int i = 0; i < size; ++i) {
if (memcmp(dtb + i, DTB_MAGIC, 4) == 0) {
fdt = dtb + i;
int fstab = find_fstab(fdt, 0);
if (fstab > 0) {
fprintf(stderr, "Found fstab in dtb.%04d\n", dtb_num++);
int block;
fdt_for_each_subnode(block, fdt, fstab) {
fprintf(stderr, "Found block [%s] in fstab\n", fdt_get_name(fdt, block, NULL));
int skip, value_size;
char *value = (char *) fdt_getprop(fdt, block, "fsmgr_flags", &value_size);
for (int i = 0; i < value_size; ++i) {
if ((skip = check_verity_pattern(value + i)) > 0) {
fprintf(stderr, "Remove pattern [%.*s] in [fsmgr_flags]\n", skip, value + i);
memcpy(value + i, value + i + skip, value_size - i - skip);
memset(value + value_size - skip, '\0', skip);
patched = 1;
}
}
}
}
}
}
fprintf(stderr, "\n");
munmap(dtb, size);
exit(!patched);
}

10
jni/magiskboot/hexpatch.c
View File

@@ -1,4 +1,10 @@
#include <stdlib.h>
#include <ctype.h>
#include <string.h>
#include <sys/mman.h>
#include "magiskboot.h"
#include "utils.h"
static void hex2byte(const char *hex, unsigned char *str) {
char high, low;
@@ -12,13 +18,13 @@ static void hex2byte(const char *hex, unsigned char *str) {
void hexpatch(const char *image, const char *from, const char *to) {
int patternsize = strlen(from) / 2, patchsize = strlen(to) / 2;
size_t filesize;
unsigned char *file, *pattern, *patch;
void *file, *pattern, *patch;
mmap_rw(image, &file, &filesize);
pattern = xmalloc(patternsize);
patch = xmalloc(patchsize);
hex2byte(from, pattern);
hex2byte(to, patch);
for (size_t i = 0; i < filesize - patternsize; ++i) {
for (size_t i = 0; filesize > 0 && i < filesize - patternsize; ++i) {
if (memcmp(file + i, pattern, patternsize) == 0) {
fprintf(stderr, "Pattern %s found!\nPatching to %s\n", from, to);
memset(file + i, 0, patternsize);

10
jni/magiskboot/magisk.h
View File

@@ -1,10 +0,0 @@
/* magisk.h - Let MagiskBoot use the same error handling API as main magisk program
*/
#ifndef _MAGISK_H_
#define _MAGISK_H_
#define LOGE(err, ...) { fprintf(stderr, __VA_ARGS__); exit(err); }
#define PLOGE(fmt, args...) { fprintf(stderr, fmt " failed with %d: %s\n\n", ##args, errno, strerror(errno)); exit(1); }
#endif

89
jni/magiskboot/magiskboot.h
View File

@@ -1,94 +1,49 @@
#ifndef _MAGISKBOOT_H_
#define _MAGISKBOOT_H_
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <unistd.h>
#include <ctype.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/mman.h>
#include <fcntl.h>
#include <string.h>
#include "bootimg.h"
#include "sha1.h"
#include "magisk.h"
#include "utils.h"
#define CHROMEOS_MAGIC "CHROMEOS"
#define ELF32_MAGIC "\x7f""ELF\x01"
#define ELF64_MAGIC "\x7f""ELF\x02"
#define KERNEL_FILE "kernel"
#define RAMDISK_FILE "ramdisk.cpio"
#define SECOND_FILE "second"
#define EXTRA_FILE "extra"
#define DTB_FILE "dtb"
#define NEW_BOOT "new-boot.img"
#define str(a) #a
#define xstr(a) str(a)
typedef enum {
UNKNOWN,
CHROMEOS,
AOSP,
ELF32,
ELF64,
GZIP,
LZOP,
XZ,
LZMA,
BZIP2,
LZ4,
LZ4_LEGACY,
MTK
} file_t;
typedef enum {
NONE,
RM,
MKDIR,
ADD,
EXTRACT,
TEST,
PATCH,
BACKUP,
RESTORE,
STOCKSHA1
} command_t;
extern char *SUP_LIST[];
extern char *SUP_EXT_LIST[];
extern file_t SUP_TYPE_LIST[];
// Main entries
void unpack(const char *image);
void repack(const char* orig_image, const char* out_image);
void hexpatch(const char *image, const char *from, const char *to);
int parse_img(unsigned char *orig, size_t size);
int parse_img(void *orig, size_t size, boot_img *boot);
int cpio_commands(const char *command, int argc, char *argv[]);
void cleanup();
void comp_file(const char *method, const char *from, const char *to);
void decomp_file(char *from, const char *to);
void dtb_print(const char *file);
void dtb_patch(const char *file);
// Compressions
void gzip(int mode, const char* filename, const unsigned char* buf, size_t size);
void lzma(int mode, const char* filename, const unsigned char* buf, size_t size);
void lz4(int mode, const char* filename, const unsigned char* buf, size_t size);
void bzip2(int mode, const char* filename, const unsigned char* buf, size_t size);
void lz4_legacy(int mode, const char* filename, const unsigned char* buf, size_t size);
int comp(file_t type, const char *to, const unsigned char *from, size_t size);
void comp_file(const char *method, const char *from, const char *to);
int decomp(file_t type, const char *to, const unsigned char *from, size_t size);
void decomp_file(char *from, const char *to);
size_t gzip(int mode, int fd, const void *buf, size_t size);
size_t lzma(int mode, int fd, const void *buf, size_t size);
size_t lz4(int mode, int fd, const void *buf, size_t size);
size_t bzip2(int mode, int fd, const void *buf, size_t size);
size_t lz4_legacy(int mode, int fd, const void *buf, size_t size);
long long comp(file_t type, int to, const void *from, size_t size);
long long decomp(file_t type, int to, const void *from, size_t size);
// Utils
void mmap_ro(const char *filename, unsigned char **buf, size_t *size);
void mmap_rw(const char *filename, unsigned char **buf, size_t *size);
file_t check_type(const unsigned char *buf);
void write_zero(int fd, size_t size);
void mem_align(size_t *pos, size_t align);
void file_align(int fd, size_t align, int out);
int open_new(const char *filename);
extern void mmap_ro(const char *filename, void **buf, size_t *size);
extern void mmap_rw(const char *filename, void **buf, size_t *size);
extern void write_zero(int fd, size_t size);
extern void mem_align(size_t *pos, size_t align);
extern void file_align(int fd, size_t align, int out);
extern int open_new(const char *filename);
extern void *patch_init_rc(char *data, uint32_t *size);
extern int check_verity_pattern(const char *s);
extern int check_encryption_pattern(const char *s);
#endif

101
jni/magiskboot/main.c
View File

@@ -1,4 +1,11 @@
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <sys/mman.h>
#include "magiskboot.h"
#include "sha1.h"
/********************
Patch Boot Image
@@ -6,54 +13,75 @@
static void usage(char *arg0) {
fprintf(stderr,
"%s --unpack <bootimg>\n"
" Unpack <bootimg> to kernel, ramdisk.cpio, (second), (dtb) into the\n current directory\n"
"Usage: %s <action> [args...]\n"
"\n"
"%s --repack <origbootimg> [outbootimg]\n"
"Supported actions:\n"
" --unpack <bootimg>\n"
" Unpack <bootimg> to kernel, ramdisk.cpio, (second), (dtb) into the\n"
" current directory\n"
"\n"
" --repack <origbootimg> [outbootimg]\n"
" Repack kernel, ramdisk.cpio[.ext], second, dtb... from current directory\n"
" to [outbootimg], or new-boot.img if not specified.\n"
" It will compress ramdisk.cpio with the same method used in <origbootimg>\n"
" if exists, or attempt to find ramdisk.cpio.[ext], and repack\n"
" directly with the compressed ramdisk file\n"
"\n"
"%s --hexpatch <file> <hexpattern1> <hexpattern2>\n"
" --hexpatch <file> <hexpattern1> <hexpattern2>\n"
" Search <hexpattern1> in <file>, and replace with <hexpattern2>\n"
"\n"
"%s --cpio-<cmd> <incpio> [flags...] [params...]\n"
" Do cpio related cmds to <incpio> (modifications are done directly)\n Supported commands and params:\n"
" -rm [-r] <entry>\n Remove entry from <incpio>, flag -r to remove recursively\n"
" -mkdir <mode> <entry>\n Create directory as an <entry>\n"
" -add <mode> <entry> <infile>\n Add <infile> as an <entry>; replaces <entry> if already exists\n"
" -extract <entry> <outfile>\n Extract <entry> to <outfile>\n"
" -test \n Return value: 0/not patched 1/Magisk 2/Other (e.g. phh, SuperSU)\n"
" -patch <KEEPVERITY> <KEEPFORCEENCRYPT>\n Patch cpio for Magisk. KEEP**** are true/false values\n"
" -backup <origcpio>\n Create ramdisk backups into <incpio> from <origcpio>\n"
" -restore\n Restore ramdisk from ramdisk backup within <incpio>\n"
" -stocksha1\n Get stock boot SHA1 recorded within <incpio>\n"
" --cpio-<cmd> <incpio> [flags...] [args...]\n"
" Do cpio related cmds to <incpio> (modifications are done directly)\n"
" Supported commands:\n"
" -rm [-r] <entry>\n"
" Remove entry from <incpio>, flag -r to remove recursively\n"
" -mkdir <mode> <entry>\n"
" Create directory as an <entry>\n"
" -add <mode> <entry> <infile>\n"
" Add <infile> as an <entry>; replaces <entry> if already exists\n"
" -mv <from-entry> <to-entry>\n"
" Move <from-entry> to <to-entry>\n"
" -extract <entry> <outfile>\n"
" Extract <entry> to <outfile>\n"
" -test \n"
" Return value: 0/stock 1/Magisk 2/other (e.g. phh, SuperSU)\n"
" -patch <KEEPVERITY> <KEEPFORCEENCRYPT>\n"
" Patch cpio for Magisk. KEEP**** are true/false values\n"
" -backup <origcpio>\n"
" Create ramdisk backups into <incpio> from <origcpio>\n"
" -restore\n"
" Restore ramdisk from ramdisk backup within <incpio>\n"
" -stocksha1\n"
" Get stock boot SHA1 recorded within <incpio>\n"
"\n"
"%s --compress[=method] <infile> [outfile]\n"
" Compress <infile> with [method] (default: gzip), optionally to [outfile]\n Supported methods: "
, arg0, arg0, arg0, arg0, arg0);
for (int i = 0; SUP_LIST[i]; ++i)
fprintf(stderr, "%s ", SUP_LIST[i]);
fprintf(stderr,
" --dtb-print <dtb>\n"
" Print all nodes in <dtb>, for debugging\n"
"\n"
" --dtb-patch <dtb>\n"
" Search for fstab in <dtb> and remove verity checks\n"
"\n"
"%s --decompress <infile> [outfile]\n"
" Detect method and decompress <infile>, optionally to [outfile]\n Supported methods: "
" --compress[=method] <infile> [outfile]\n"
" Compress <infile> with [method] (default: gzip), optionally to [outfile]\n"
" Supported methods: "
, arg0);
for (int i = 0; SUP_LIST[i]; ++i)
fprintf(stderr, "%s ", SUP_LIST[i]);
fprintf(stderr,
"\n"
"\n"
"%s --sha1 <file>\n"
" --decompress <infile> [outfile]\n"
" Detect method and decompress <infile>, optionally to [outfile]\n Supported methods: ");
for (int i = 0; SUP_LIST[i]; ++i)
fprintf(stderr, "%s ", SUP_LIST[i]);
fprintf(stderr,
"\n"
"\n"
" --sha1 <file>\n"
" Print the SHA1 checksum for <file>\n"
"\n"
"%s --cleanup\n"
" --cleanup\n"
" Cleanup the current working directory\n"
"\n"
, arg0, arg0);
"\n");
exit(1);
}
@@ -62,11 +90,22 @@ int main(int argc, char *argv[]) {
fprintf(stderr, "MagiskBoot v" xstr(MAGISK_VERSION) "(" xstr(MAGISK_VER_CODE) ") (by topjohnwu) - Boot Image Modification Tool\n\n");
if (argc > 1 && strcmp(argv[1], "--cleanup") == 0) {
cleanup();
fprintf(stderr, "Cleaning up...\n\n");
char name[PATH_MAX];
unlink(KERNEL_FILE);
unlink(RAMDISK_FILE);
unlink(RAMDISK_FILE ".raw");
unlink(SECOND_FILE);
unlink(DTB_FILE);
unlink(EXTRA_FILE);
for (int i = 0; SUP_EXT_LIST[i]; ++i) {
sprintf(name, "%s.%s", RAMDISK_FILE, SUP_EXT_LIST[i]);
unlink(name);
}
} else if (argc > 2 && strcmp(argv[1], "--sha1") == 0) {
char sha1[21], *buf;
size_t size;
mmap_ro(argv[2], (unsigned char **) &buf, &size);
mmap_ro(argv[2], (void **) &buf, &size);
SHA1(sha1, buf, size);
for (int i = 0; i < 20; ++i)
printf("%02x", sha1[i]);
@@ -78,6 +117,10 @@ int main(int argc, char *argv[]) {
repack(argv[2], argc > 3 ? argv[3] : NEW_BOOT);
} else if (argc > 2 && strcmp(argv[1], "--decompress") == 0) {
decomp_file(argv[2], argc > 3 ? argv[3] : NULL);
} else if (argc > 2 && strcmp(argv[1], "--dtb-print") == 0) {
dtb_print(argv[2]);
} else if (argc > 2 && strcmp(argv[1], "--dtb-patch") == 0) {
dtb_patch(argv[2]);
} else if (argc > 2 && strncmp(argv[1], "--compress", 10) == 0) {
char *method;
method = strchr(argv[1], '=');

83
jni/magiskboot/types.c Normal file
View File

@@ -0,0 +1,83 @@
#include <string.h>
#include "bootimg.h"
#include "types.h"
char *SUP_LIST[] = { "gzip", "xz", "lzma", "bzip2", "lz4", "lz4_legacy", NULL };
char *SUP_EXT_LIST[] = { "gz", "xz", "lzma", "bz2", "lz4", "lz4", NULL };
file_t SUP_TYPE_LIST[] = { GZIP, XZ, LZMA, BZIP2, LZ4, LZ4_LEGACY, 0 };
file_t check_type(const void *buf) {
if (memcmp(buf, CHROMEOS_MAGIC, 8) == 0) {
return CHROMEOS;
} else if (memcmp(buf, BOOT_MAGIC, BOOT_MAGIC_SIZE) == 0) {
return AOSP;
} else if (memcmp(buf, ELF32_MAGIC, 5) == 0) {
return ELF32;
} else if (memcmp(buf, ELF64_MAGIC, 5) == 0) {
return ELF64;
} else if (memcmp(buf, GZIP_MAGIC, 4) == 0) {
return GZIP;
} else if (memcmp(buf, LZOP_MAGIC, 9) == 0) {
return LZOP;
} else if (memcmp(buf, XZ_MAGIC, 6) == 0) {
return XZ;
} else if (memcmp(buf, "\x5d\x00\x00", 3) == 0
&& (((char *)buf)[12] == '\xff' || ((char *)buf)[12] == '\x00')) {
return LZMA;
} else if (memcmp(buf, BZIP_MAGIC, 3) == 0) {
return BZIP2;
} else if (memcmp(buf, LZ4_MAGIC, 4) == 0) {
return LZ4;
} else if (memcmp(buf, LZ4_LEG_MAGIC, 4) == 0) {
return LZ4_LEGACY;
} else if (memcmp(buf, MTK_MAGIC, 4) == 0) {
return MTK;
} else if (memcmp(buf, DTB_MAGIC, 4) == 0) {
return DTB;
} else {
return UNKNOWN;
}
}
void get_type_name(file_t type, char *name) {
char *s;
switch (type) {
case CHROMEOS:
s = "chromeos";
break;
case AOSP:
s = "aosp";
break;
case GZIP:
s = "gzip";
break;
case LZOP:
s = "lzop";
break;
case XZ:
s = "xz";
break;
case LZMA:
s = "lzma";
break;
case BZIP2:
s = "bzip2";
break;
case LZ4:
s = "lz4";
break;
case LZ4_LEGACY:
s = "lz4_legacy";
break;
case MTK:
s = "mtk";
break;
case DTB:
s = "dtb";
break;
default:
s = "raw";
}
strcpy(name, s);
}

43
jni/magiskboot/types.h Normal file
View File

@@ -0,0 +1,43 @@
#ifndef _TYPES_H_
#define _TYPES_H_
typedef enum {
UNKNOWN,
CHROMEOS,
AOSP,
ELF32,
ELF64,
GZIP,
LZOP,
XZ,
LZMA,
BZIP2,
LZ4,
LZ4_LEGACY,
MTK,
DTB
} file_t;
#define COMPRESSED(type) (type >= GZIP && type <= LZ4_LEGACY)
#define CHROMEOS_MAGIC "CHROMEOS"
#define ELF32_MAGIC "\x7f""ELF\x01"
#define ELF64_MAGIC "\x7f""ELF\x02"
#define GZIP_MAGIC "\x1f\x8b\x08\x00"
#define LZOP_MAGIC "\x89\x4c\x5a\x4f\x00\x0d\x0a\x1a\x0a"
#define XZ_MAGIC "\xfd""7zXZ\x00"
#define BZIP_MAGIC "BZh"
#define LZ4_MAGIC "\x04\x22\x4d\x18"
#define LZ4_LEG_MAGIC "\x02\x21\x4c\x18"
#define MTK_MAGIC "\x88\x16\x88\x58"
#define DTB_MAGIC "\xd0\x0d\xfe\xed"
#define LG_BUMP_MAGIC "\x41\xa9\xe4\x67\x74\x4d\x1d\x1b\xa4\x29\xf2\xec\xea\x65\x52\x79"
extern char *SUP_LIST[];
extern char *SUP_EXT_LIST[];
extern file_t SUP_TYPE_LIST[];
file_t check_type(const void *buf);
void get_type_name(file_t type, char *name);
#endif

43
jni/magiskhide/hide_utils.c
View File

@@ -58,9 +58,9 @@ void hide_sensitive_props() {
}
}
static void rm_magisk_prop(const char *name) {
static void rm_magisk_prop(const char *name, const char *value) {
if (strstr(name, "magisk")) {
deleteprop(name, 0);
deleteprop2(name, 0);
}
}
@@ -69,42 +69,6 @@ void clean_magisk_props() {
getprop_all(rm_magisk_prop);
}
void relink_sbin() {
struct stat st;
if (stat("/sbin_orig", &st) == -1 && errno == ENOENT) {
// Re-link all binaries and bind mount
DIR *dir;
struct dirent *entry;
char from[PATH_MAX], to[PATH_MAX];
LOGI("hide_utils: Re-linking /sbin\n");
xmount(NULL, "/", NULL, MS_REMOUNT, NULL);
xrename("/sbin", "/sbin_orig");
xmkdir("/sbin", 0755);
xchmod("/sbin", 0755);
xmount(NULL, "/", NULL, MS_REMOUNT | MS_RDONLY, NULL);
xmkdir("/dev/sbin_bind", 0755);
xchmod("/dev/sbin_bind", 0755);
dir = xopendir("/sbin_orig");
while ((entry = xreaddir(dir))) {
if (strcmp(entry->d_name, "..") == 0)
continue;
snprintf(from, sizeof(from), "/sbin_orig/%s", entry->d_name);
if (entry->d_type == DT_LNK)
xreadlink(from, from, sizeof(from));
snprintf(to, sizeof(to), "/dev/sbin_bind/%s", entry->d_name);
symlink(from, to);
lsetfilecon(to, "u:object_r:rootfs:s0");
}
closedir(dir);
xmount("/dev/sbin_bind", "/sbin", NULL, MS_BIND, NULL);
}
}
int add_list(char *proc) {
if (!hideEnabled) {
free(proc);
@@ -223,7 +187,6 @@ int destroy_list() {
}
void add_hide_list(int client) {
err_handler = do_nothing;
char *proc = read_string(client);
// ack
write_int(client, add_list(proc));
@@ -231,7 +194,6 @@ void add_hide_list(int client) {
}
void rm_hide_list(int client) {
err_handler = do_nothing;
char *proc = read_string(client);
// ack
write_int(client, rm_list(proc));
@@ -239,7 +201,6 @@ void rm_hide_list(int client) {
}
void ls_hide_list(int client) {
err_handler = do_nothing;
if (!hideEnabled) {
write_int(client, HIDE_NOT_ENABLED);
return;

9
jni/magiskhide/magiskhide.c
View File

@@ -41,9 +41,6 @@ static void usage(char *arg0) {
}
void launch_magiskhide(int client) {
// We manually handle crashes
err_handler = do_nothing;
if (hideEnabled) {
if (client > 0) {
write_int(client, HIDE_IS_ENABLED);
@@ -55,7 +52,7 @@ void launch_magiskhide(int client) {
hideEnabled = 1;
LOGI("* Starting MagiskHide\n");
deleteprop(MAGISKHIDE_PROP, 1);
deleteprop2(MAGISKHIDE_PROP, 1);
hide_sensitive_props();
@@ -102,7 +99,7 @@ void stop_magiskhide(int client) {
hideEnabled = 0;
setprop(MAGISKHIDE_PROP, "0");
// Remove without actually removing persist props
deleteprop(MAGISKHIDE_PROP, 0);
deleteprop2(MAGISKHIDE_PROP, 0);
pthread_kill(proc_monitor_thread, SIGUSR1);
write_int(client, DAEMON_SUCCESS);
@@ -124,6 +121,8 @@ int magiskhide_main(int argc, char *argv[]) {
req = RM_HIDELIST;
} else if (strcmp(argv[1], "--ls") == 0) {
req = LS_HIDELIST;
} else {
usage(argv[0]);
}
int fd = connect_daemon();
write_int(fd, req);

1
jni/magiskhide/magiskhide.h
View File

@@ -12,7 +12,6 @@ void proc_monitor();
// Utility functions
void manage_selinux();
void hide_sensitive_props();
void relink_sbin();
void clean_magisk_props();
// List managements

136
jni/magiskhide/proc_monitor.c
View File

@@ -19,38 +19,25 @@
#include "utils.h"
#include "magiskhide.h"
static int zygote_num;
static char init_ns[32], zygote_ns[2][32], cache_block[256];
static int log_pid, log_fd, target_pid;
static char *buffer;
static int zygote_num, has_cache = 1, pipefd[2] = { -1, -1 };
// Workaround for the lack of pthread_cancel
static void quit_pthread(int sig) {
err_handler = do_nothing;
LOGD("proc_monitor: running cleanup\n");
destroy_list();
free(buffer);
hideEnabled = 0;
// Kill the logging if needed
if (log_pid > 0) {
kill(log_pid, SIGTERM);
waitpid(log_pid, NULL, 0);
close(log_fd);
}
// Resume process if possible
if (target_pid > 0)
kill(target_pid, SIGCONT);
// Unregister listener
logcat_events[HIDE_EVENT] = -1;
close(pipefd[0]);
close(pipefd[1]);
pipefd[0] = pipefd[1] = -1;
pthread_mutex_destroy(&hide_lock);
pthread_mutex_destroy(&file_lock);
LOGD("proc_monitor: terminating...\n");
pthread_exit(NULL);
}
static void proc_monitor_err() {
LOGD("proc_monitor: error occured, stopping magiskhide services\n");
quit_pthread(SIGUSR1);
}
static int read_namespace(const int pid, char* target, const size_t size) {
char path[32];
snprintf(path, sizeof(path), "/proc/%d/ns/mnt", pid);
@@ -76,45 +63,47 @@ static void lazy_unmount(const char* mountpoint) {
LOGD("hide_daemon: Unmount Failed (%s)\n", mountpoint);
}
static void hide_daemon_err() {
LOGD("hide_daemon: error occured, stopping magiskhide services\n");
_exit(-1);
}
static void hide_daemon(int pid) {
LOGD("hide_daemon: start unmount for pid=[%d]\n", pid);
// When an error occurs, report its failure to main process
err_handler = hide_daemon_err;
char *line;
char *line, buffer[PATH_MAX];
struct vector mount_list;
manage_selinux();
relink_sbin();
clean_magisk_props();
if (switch_mnt_ns(pid))
return;
goto exit;
snprintf(buffer, PATH_MAX, "/proc/%d/mounts", pid);
snprintf(buffer, sizeof(buffer), "/proc/%d/mounts", pid);
vec_init(&mount_list);
file_to_vector(buffer, &mount_list);
// Find the cache block name if not found yet
if (cache_block[0] == '\0') {
if (has_cache && cache_block[0] == '\0') {
vec_for_each(&mount_list, line) {
if (strstr(line, " /cache ")) {
sscanf(line, "%256s", cache_block);
break;
}
}
if (strlen(cache_block) == 0)
has_cache = 0;
}
// First unmount dummy skeletons, /sbin links, cache mounts, and mirrors
// Unmout cache mounts
if (has_cache) {
vec_for_each(&mount_list, line) {
if (strstr(line, "tmpfs /system") || strstr(line, "tmpfs /vendor") || strstr(line, "tmpfs /sbin")
|| (strstr(line, cache_block) && (strstr(line, " /system") || strstr(line, " /vendor")))
|| strstr(line, MIRRDIR)) {
if (strstr(line, cache_block) && (strstr(line, " /system/") || strstr(line, " /vendor/"))) {
sscanf(line, "%*s %4096s", buffer);
lazy_unmount(buffer);
}
}
}
// Unmount dummy skeletons, /sbin links, and mirrors
vec_for_each(&mount_list, line) {
if (strstr(line, "tmpfs /system") || strstr(line, "tmpfs /vendor") || strstr(line, "tmpfs /sbin") || strstr(line, MIRRDIR)) {
sscanf(line, "%*s %4096s", buffer);
lazy_unmount(buffer);
}
@@ -123,21 +112,25 @@ static void hide_daemon(int pid) {
vec_destroy(&mount_list);
// Re-read mount infos
snprintf(buffer, PATH_MAX, "/proc/%d/mounts", pid);
snprintf(buffer, sizeof(buffer), "/proc/%d/mounts", pid);
vec_init(&mount_list);
file_to_vector(buffer, &mount_list);
// Unmount any loop mounts and dummy mounts
// Unmount any loop mounts
vec_for_each(&mount_list, line) {
if (strstr(line, "/dev/block/loop") || strstr(line, DUMMDIR)) {
if (strstr(line, "/dev/block/loop")) {
sscanf(line, "%*s %4096s", buffer);
lazy_unmount(buffer);
}
free(line);
}
// Free uo memory
exit:
// Send resume signal
kill(pid, SIGCONT);
// Free up memory
vec_destroy(&mount_list);
_exit(0);
}
void proc_monitor() {
@@ -147,17 +140,12 @@ void proc_monitor() {
act.sa_handler = quit_pthread;
sigaction(SIGUSR1, &act, NULL);
// The error handler should stop magiskhide services
err_handler = proc_monitor_err;
log_pid = target_pid = -1;
buffer = xmalloc(PATH_MAX);
cache_block[0] = '\0';
// Get the mount namespace of init
if (read_namespace(1, init_ns, 32)) {
LOGE("proc_monitor: Your kernel doesn't support mount namespace :(\n");
proc_monitor_err();
quit_pthread(SIGUSR1);
}
LOGI("proc_monitor: init ns=%s\n", init_ns);
@@ -179,20 +167,15 @@ void proc_monitor() {
break;
}
while (1) {
// Clear previous logcat buffer
exec_command_sync("logcat", "-b", "events", "-c", NULL);
// Register our listener to logcat monitor
xpipe2(pipefd, O_CLOEXEC);
logcat_events[HIDE_EVENT] = pipefd[1];
// Monitor am_proc_start
log_fd = -1;
log_pid = exec_command(0, &log_fd, NULL, "logcat", "-b", "events", "-v", "raw", "-s", "am_proc_start", NULL);
if (log_pid < 0) continue;
if (kill(log_pid, 0)) continue;
while(fdgets(buffer, PATH_MAX, log_fd)) {
for (char *log, *line; xxread(pipefd[0], &log, sizeof(log)) > 0; free(log)) {
char *ss;
if ((ss = strstr(log, "am_proc_start")) && (ss = strchr(ss, '['))) {
int pid, ret, comma = 0;
char *pos = buffer, *line, processName[256];
char *pos = ss, processName[256], ns[32];
while(1) {
pos = strchr(pos, ',');
@@ -203,9 +186,9 @@ void proc_monitor() {
}
if (comma == 6)
ret = sscanf(buffer, "[%*d %d %*d %*d %256s", &pid, processName);
ret = sscanf(ss, "[%*d %d %*d %*d %256s", &pid, processName);
else
ret = sscanf(buffer, "[%*d %d %*d %256s", &pid, processName);
ret = sscanf(ss, "[%*d %d %*d %256s", &pid, processName);
if(ret != 2)
continue;
@@ -216,12 +199,11 @@ void proc_monitor() {
pthread_mutex_lock(&hide_lock);
vec_for_each(hide_list, line) {
if (strcmp(processName, line) == 0) {
target_pid = pid;
while(1) {
ret = 1;
for (int i = 0; i < zygote_num; ++i) {
read_namespace(target_pid, buffer, 32);
if (strcmp(buffer, zygote_ns[i]) == 0) {
read_namespace(pid, ns, sizeof(ns));
if (strcmp(ns, zygote_ns[i]) == 0) {
usleep(50);
ret = 0;
break;
@@ -231,43 +213,21 @@ void proc_monitor() {
}
// Send pause signal ASAP
if (kill(target_pid, SIGSTOP) == -1) continue;
if (kill(pid, SIGSTOP) == -1) continue;
LOGI("proc_monitor: %s (PID=%d ns=%s)\n", processName, target_pid, buffer);
LOGI("proc_monitor: %s (PID=%d ns=%s)\n", processName, pid, ns);
/*
* The setns system call do not support multithread processes
* We have to fork a new process, setns, then do the unmounts
*/
int hide_pid = fork();
switch(hide_pid) {
case -1:
PLOGE("fork");
return;
case 0:
hide_daemon(target_pid);
_exit(0);
default:
break;
}
if (fork_dont_care() == 0)
hide_daemon(pid);
// Wait till the unmount process is done
waitpid(hide_pid, &ret, 0);
if (WEXITSTATUS(ret))
quit_pthread(SIGUSR1);
// All done, send resume signal
kill(target_pid, SIGCONT);
target_pid = -1;
break;
}
}
pthread_mutex_unlock(&hide_lock);
}
// For some reason it went here, restart logging
kill(log_pid, SIGTERM);
waitpid(log_pid, NULL, 0);
close(log_fd);
}
}

312
jni/magiskinit.c Normal file
View File

@@ -0,0 +1,312 @@
/* magiskinit.c - Workaround for skip_initramfs devices
*
* This code has to be compiled statically to work properly.
*
* Magiskinit will mount sysfs, parse through uevent files to make the system block device,
* then it'll mount the system partition and clone rootfs except files under /system.
* Folders placed in "overlay" will then be overlayed to the root.
* Lastly, before giving control back to the real init, it'll patch the root files,
* extract (or compile if needed) sepolicy and patch it to load Magisk.
*/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <dirent.h>
#include <fcntl.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/mount.h>
#include <sys/mman.h>
#include <sys/sendfile.h>
#include <sys/sysmacros.h>
#include <cil/cil.h>
#include "utils.h"
#include "magiskpolicy.h"
struct cmdline {
int skip_initramfs;
char slot[3];
};
struct device {
dev_t major;
dev_t minor;
char devname[32];
char partname[32];
char path[64];
};
extern policydb_t *policydb;
extern void mmap_ro(const char *filename, void **buf, size_t *size);
extern void mmap_rw(const char *filename, void **buf, size_t *size);
extern void *patch_init_rc(char *data, uint32_t *size);
static void parse_cmdline(struct cmdline *cmd) {
char *tok;
char buffer[4096];
mkdir("/proc", 0555);
mount("proc", "/proc", "proc", 0, NULL);
int fd = open("/proc/cmdline", O_RDONLY | O_CLOEXEC);
ssize_t size = read(fd, buffer, sizeof(buffer));
buffer[size] = '\0';
close(fd);
umount("/proc");
tok = strtok(buffer, " ");
cmd->skip_initramfs = 0;
cmd->slot[0] = '\0';
while (tok != NULL) {
if (strncmp(tok, "androidboot.slot_suffix", 23) == 0) {
sscanf(tok, "androidboot.slot_suffix=%s", cmd->slot);
} else if (strcmp(tok, "skip_initramfs") == 0) {
cmd->skip_initramfs = 1;
break;
}
tok = strtok(NULL, " ");
}
}
static void parse_device(struct device *dev, char *uevent) {
char *tok;
tok = strtok(uevent, "\n");
while (tok != NULL) {
if (strncmp(tok, "MAJOR", 5) == 0) {
sscanf(tok, "MAJOR=%ld", (long*) &dev->major);
} else if (strncmp(tok, "MINOR", 5) == 0) {
sscanf(tok, "MINOR=%ld", (long*) &dev->minor);
} else if (strncmp(tok, "DEVNAME", 7) == 0) {
sscanf(tok, "DEVNAME=%s", dev->devname);
} else if (strncmp(tok, "PARTNAME", 8) == 0) {
sscanf(tok, "PARTNAME=%s", dev->partname);
}
tok = strtok(NULL, "\n");
}
}
static int setup_block(struct device *dev, const char *partname) {
char buffer[1024], path[128];
struct dirent *entry;
DIR *dir = opendir("/sys/dev/block");
if (dir == NULL)
return 1;
int found = 0;
while ((entry = readdir(dir))) {
if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0)
continue;
snprintf(path, sizeof(path), "/sys/dev/block/%s/uevent", entry->d_name);
int fd = open(path, O_RDONLY | O_CLOEXEC);
ssize_t size = read(fd, buffer, sizeof(buffer));
buffer[size] = '\0';
close(fd);
parse_device(dev, buffer);
if (strcmp(dev->partname, partname) == 0) {
snprintf(dev->path, sizeof(dev->path), "/dev/block/%s", dev->devname);
found = 1;
break;
}
}
closedir(dir);
if (!found)
return 1;
mkdir("/dev", 0755);
mkdir("/dev/block", 0755);
mknod(dev->path, S_IFBLK | 0600, makedev(dev->major, dev->minor));
return 0;
}
static void patch_ramdisk() {
void *addr;
size_t size;
mmap_rw("/init", &addr, &size);
for (int i = 0; i < size; ++i) {
if (memcmp(addr + i, "/system/etc/selinux/plat_sepolicy.cil", 37) == 0) {
memcpy(addr + i, "/system/etc/selinux/plat_sepolicy.xxx", 37);
break;
}
}
munmap(addr, size);
mmap_rw("/init.rc", &addr, &size);
uint32_t new_size = size;
void *init_rc = patch_init_rc(addr, &new_size);
munmap(addr, size);
int fd = open("/init.rc", O_WRONLY | O_TRUNC | O_CLOEXEC);
write(fd, init_rc, new_size);
close(fd);
free(init_rc);
}
static int strend(const char *s1, const char *s2) {
int l1 = strlen(s1);
int l2 = strlen(s2);
return strcmp(s1 + l1 - l2, s2);
}
static void patch_sepolicy() {
DIR *dir;
struct dirent *entry;
char *sepolicy = NULL, path[128];
if (access("/system_root/sepolicy", R_OK) == 0)
sepolicy = "/system_root/sepolicy";
if (sepolicy == NULL && access("/vendor/etc/selinux/precompiled_sepolicy", R_OK) == 0) {
void *sys_sha = NULL, *ven_sha = NULL;
size_t sys_size = 0, ven_size = 0;
if ((dir = opendir("/vendor/etc/selinux")) == NULL)
goto check_done;
while ((entry = readdir(dir))) {
if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0)
continue;
if (strend(entry->d_name, ".sha256") == 0) {
snprintf(path, sizeof(path), "/vendor/etc/selinux/%s", entry->d_name);
mmap_ro(path, &ven_sha, &ven_size);
break;
}
}
closedir(dir);
if ((dir = opendir("/system/etc/selinux")) == NULL)
goto check_done;
while ((entry = readdir(dir))) {
if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0)
continue;
if (strend(entry->d_name, ".sha256") == 0) {
snprintf(path, sizeof(path), "/system/etc/selinux/%s", entry->d_name);
mmap_ro(path, &sys_sha, &sys_size);
break;
}
}
closedir(dir);
if (sys_size == ven_size && memcmp(sys_sha, ven_sha, sys_size) == 0)
sepolicy = "/vendor/etc/selinux/precompiled_sepolicy";
munmap(sys_sha, sys_size);
munmap(ven_sha, ven_size);
}
check_done:
if (sepolicy) {
load_policydb(sepolicy);
} else {
// Compile cil
struct cil_db *db = NULL;
sepol_policydb_t *pdb = NULL;
void *addr;
size_t size;
cil_db_init(&db);
cil_set_mls(db, 1);
cil_set_target_platform(db, SEPOL_TARGET_SELINUX);
cil_set_policy_version(db, POLICYDB_VERSION_XPERMS_IOCTL);
cil_set_attrs_expand_generated(db, 0);
mmap_ro("/system/etc/selinux/plat_sepolicy.cil", &addr, &size);
cil_add_file(db, "/system/etc/selinux/plat_sepolicy.cil", addr, size);
munmap(addr, size);
dir = opendir("/system/etc/selinux/mapping");
while ((entry = readdir(dir))) {
if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0)
continue;
if (strend(entry->d_name, ".cil") == 0) {
snprintf(path, sizeof(path), "/system/etc/selinux/mapping/%s", entry->d_name);
mmap_ro(path, &addr, &size);
cil_add_file(db, path, addr, size);
munmap(addr, size);
}
}
closedir(dir);
dir = opendir("/vendor/etc/selinux");
while ((entry = readdir(dir))) {
if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0)
continue;
if (strend(entry->d_name, ".cil") == 0) {
snprintf(path, sizeof(path), "/vendor/etc/selinux/%s", entry->d_name);
mmap_ro(path, &addr, &size);
cil_add_file(db, path, addr, size);
munmap(addr, size);
}
}
closedir(dir);
cil_compile(db);
cil_build_policydb(db, &pdb);
cil_db_destroy(&db);
policydb = &pdb->p;
}
// Magisk patches
sepol_min_rules();
dump_policydb("/sepolicy");
destroy_policydb();
}
int main(int argc, char *argv[]) {
umask(0);
struct cmdline cmd;
parse_cmdline(&cmd);
if (cmd.skip_initramfs) {
// Normal boot mode
// Clear rootfs
int root = open("/", O_RDONLY | O_CLOEXEC);
// Exclude overlay folder
excl_list = (char *[]) { "overlay", NULL };
frm_rf(root);
mkdir("/sys", 0755);
mount("sysfs", "/sys", "sysfs", 0, NULL);
char partname[32];
snprintf(partname, sizeof(partname), "system%s", cmd.slot);
struct device dev;
setup_block(&dev, partname);
mkdir("/system_root", 0755);
mount(dev.path, "/system_root", "ext4", MS_RDONLY, NULL);
int system_root = open("/system_root", O_RDONLY | O_CLOEXEC);
// Exclude system folder
excl_list = (char *[]) { "system", NULL };
clone_dir(system_root, root);
mkdir("/system", 0755);
mount("/system_root/system", "/system", NULL, MS_BIND, NULL);
int overlay = open("/overlay", O_RDONLY | O_CLOEXEC);
if (overlay > 0)
mv_dir(overlay, root);
snprintf(partname, sizeof(partname), "vendor%s", cmd.slot);
// We need to mount independent vendor partition
if (setup_block(&dev, partname) == 0)
mount(dev.path, "/vendor", "ext4", MS_RDONLY, NULL);
patch_ramdisk();
patch_sepolicy();
close(root);
close(system_root);
close(overlay);
rmdir("/overlay");
umount("/vendor");
} else {
// Recovery mode
// Revert original init binary
unlink("/init");
rename("/.backup/init", "/init");
}
execv("/init", argv);
return 0;
}

1
jni/ndk-compression

Submodule jni/ndk-compression deleted from 278ea80348

257
jni/resetprop/resetprop.cpp
View File

@@ -56,59 +56,76 @@
#include <unistd.h>
#include <fcntl.h>
#include <string.h>
#include <dirent.h>
#include <sys/types.h>
#define _REALLY_INCLUDE_SYS__SYSTEM_PROPERTIES_H_
#include "_system_properties.h"
#include "system_properties.h"
#include "magisk.h"
#include "resetprop.h"
extern "C" {
#include "vector.h"
}
#define PRINT_D(...) { LOGD(__VA_ARGS__); if (verbose) printf(__VA_ARGS__); }
#define PRINT_D(...) { LOGD(__VA_ARGS__); if (verbose) fprintf(stderr, __VA_ARGS__); }
#define PRINT_E(...) { LOGE(__VA_ARGS__); fprintf(stderr, __VA_ARGS__); }
#define PERSISTENT_PROPERTY_DIR "/data/property"
static int verbose = 0;
static bool is_legal_property_name(const char *name, size_t namelen) {
static int check_legal_property_name(const char *name) {
int namelen = strlen(name);
if (namelen < 1) return false;
if (name[0] == '.') return false;
if (name[namelen - 1] == '.') return false;
if (namelen < 1) goto illegal;
if (name[0] == '.') goto illegal;
if (name[namelen - 1] == '.') goto illegal;
/* Only allow alphanumeric, plus '.', '-', '@', ':', or '_' */
/* Don't allow ".." to appear in a property name */
for (size_t i = 0; i < namelen; i++) {
if (name[i] == '.') {
// i=0 is guaranteed to never have a dot. See above.
if (name[i-1] == '.') return false;
if (name[i-1] == '.') goto illegal;
continue;
}
if (name[i] == '_' || name[i] == '-' || name[i] == '@' || name[i] == ':') continue;
if (name[i] >= 'a' && name[i] <= 'z') continue;
if (name[i] >= 'A' && name[i] <= 'Z') continue;
if (name[i] >= '0' && name[i] <= '9') continue;
return false;
goto illegal;
}
return true;
return 0;
illegal:
PRINT_E("Illegal property name: [%s]\n", name);
return 1;
}
static int usage(char* arg0) {
fprintf(stderr,
"resetprop v" xstr(MAGISK_VERSION) "(" xstr(MAGISK_VER_CODE) ") (by topjohnwu & nkk71) - System Props Modification Tool\n\n"
"Usage: %s [options] [args...]\n"
"Usage: %s [flags] [options...]\n"
"\n"
"Options:\n"
" -v show verbose output\n"
" -n only modify property in memory\n"
" -h, --help show this message\n"
" (no arguments) print all properties\n"
" NAME get property\n"
" NAME VALUE set property entry NAME with VALUE\n"
" --file FILE load props from FILE\n"
" --delete NAME delete property\n"
"\n"
"%s NAME VALUE set property entry NAME with VALUE\n"
"%s --file FILE load props from FILE\n"
"%s --delete NAME remove prop entry NAME\n"
"Flags:\n"
" -v print verbose output to stderr\n"
" -n set properties without init triggers\n"
" only affects setprop\n"
" -p access actual persist storage\n"
" only affects getprop and deleteprop\n"
"\n"
, arg0, arg0, arg0, arg0);
, arg0);
return 1;
}
@@ -129,34 +146,112 @@ static void read_prop_info(void* cookie, const char *name, const char *value, ui
strcpy((char *) cookie, value);
}
// Get prop by name, return string (should free manually!)
char *getprop(const char *name) {
return getprop2(name, 0);
}
// Get prop by name, return string (should free manually!)
char *getprop2(const char *name, int persist) {
if (check_legal_property_name(name))
return NULL;
char value[PROP_VALUE_MAX];
if (init_resetprop()) return NULL;
const prop_info *pi = __system_property_find2(name);
if (pi == NULL) {
if (persist && strncmp(name, "persist.", 8) == 0) {
// Try to read from file
char path[PATH_MAX];
snprintf(path, sizeof(path), PERSISTENT_PROPERTY_DIR "/%s", name);
int fd = open(path, O_RDONLY | O_CLOEXEC);
if (fd < 0) goto no_prop;
PRINT_D("resetprop: read prop from [%s]\n", path);
size_t len = read(fd, value, sizeof(value));
value[len] = '\0'; // Null terminate the read value
} else {
no_prop:
PRINT_D("resetprop: prop [%s] does not exist\n", name);
return NULL;
}
char value[PROP_VALUE_MAX];
} else {
__system_property_read_callback2(pi, read_prop_info, value);
}
PRINT_D("resetprop: getprop [%s]: [%s]\n", name, value);
return strdup(value);
}
static void (*cb)(const char *);
struct wrapper {
void (*func)(const char *, const char *);
};
static void run_actual_cb(void* cookie, const char *name, const char *value, uint32_t serial) {
cb(name);
static void cb_wrapper(void* cookie, const char *name, const char *value, uint32_t serial) {
((wrapper *) cookie)->func(name, value);
}
static void prop_foreach_cb(const prop_info* pi, void* cookie) {
__system_property_read_callback2(pi, run_actual_cb, NULL);
__system_property_read_callback2(pi, cb_wrapper, cookie);
}
void getprop_all(void (*cbk)(const char *name)) {
class property {
public:
property(const char *n, const char *v) {
name = strdup(n);
value = strdup(v);
}
~property() {
free((void *)name);
free((void *)value);
}
const char *name;
const char *value;
};
vector prop_list;
static int prop_cmp(const void *p1, const void *p2) {
return strcmp((*((property **) p1))->name, (*((property **) p2))->name);
}
static void print_all_props_cb(const char *name, const char *value) {
vec_push_back(&prop_list, new property(name, value));
}
static void print_all_props(int persist) {
void *p;
vec_init(&prop_list);
getprop_all(print_all_props_cb);
if (persist) {
// Check all persist props in data
DIR *dir = opendir(PERSISTENT_PROPERTY_DIR);
struct dirent *entry;
while ((entry = readdir(dir))) {
if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0 )
continue;
int found = 0;
vec_for_each(&prop_list, p) {
if (strcmp(((property *) p)->name, entry->d_name) == 0) {
found = 1;
break;
}
}
if (!found)
vec_push_back(&prop_list, new property(entry->d_name, getprop2(entry->d_name, 1)));
}
}
vec_sort(&prop_list, prop_cmp);
vec_for_each(&prop_list, p) {
printf("[%s]: [%s]\n", ((property *) p)->name, ((property *) p)->value);
delete((property *) p);
}
vec_destroy(&prop_list);
}
void getprop_all(void (*callback)(const char*, const char*)) {
if (init_resetprop()) return;
cb = cbk;
__system_property_foreach2(prop_foreach_cb, NULL);
struct wrapper wrap = {
.func = callback
};
__system_property_foreach2(prop_foreach_cb, &wrap);
}
int setprop(const char *name, const char *value) {
@@ -164,13 +259,15 @@ int setprop(const char *name, const char *value) {
}
int setprop2(const char *name, const char *value, const int trigger) {
if (check_legal_property_name(name))
return 1;
if (init_resetprop()) return -1;
int ret;
prop_info *pi = (prop_info*) __system_property_find2(name);
if (pi != NULL) {
if (trigger) {
if (!strncmp(name, "ro.", 3)) deleteprop(name, trigger);
if (strncmp(name, "ro.", 3) == 0) deleteprop(name);
ret = __system_property_set2(name, value);
} else {
ret = __system_property_update2(pi, value, strlen(value));
@@ -193,19 +290,20 @@ int setprop2(const char *name, const char *value, const int trigger) {
return ret;
}
int deleteprop(const char *name, const int trigger) {
int deleteprop(const char *name) {
return deleteprop2(name, 1);
}
int deleteprop2(const char *name, const int persist) {
if (check_legal_property_name(name))
return 1;
if (init_resetprop()) return -1;
char path[PATH_MAX];
path[0] = '\0';
PRINT_D("resetprop: deleteprop [%s]\n", name);
if (__system_property_del(name)) {
PRINT_D("resetprop: delete prop: [%s] error\n", name);
return -1;
}
if (trigger && strstr(name, "persist.")) {
char buffer[PATH_MAX];
snprintf(buffer, sizeof(buffer), "%s/%s", PERSISTENT_PROPERTY_DIR, name);
unlink(buffer);
}
return 0;
if (persist && strncmp(name, "persist.", 8) == 0)
snprintf(path, sizeof(path), PERSISTENT_PROPERTY_DIR "/%s", name);
return __system_property_del(name) && unlink(path);
}
int read_prop_file(const char* filename, const int trigger) {
@@ -250,59 +348,60 @@ int read_prop_file(const char* filename, const int trigger) {
}
int resetprop_main(int argc, char *argv[]) {
int trigger = 1, persist = 0;
char *argv0 = argv[0], *prop;
int del = 0, file = 0, trigger = 1;
--argc;
++argv;
int exp_arg = 2;
char *name, *value, *filename;
if (argc < 3) {
return usage(argv[0]);
// Parse flags and -- options
while (argc && argv[0][0] == '-') {
for (int idx = 1; 1; ++idx) {
switch (argv[0][idx]) {
case '-':
if (strcmp(argv[0], "--file") == 0 && argc == 2) {
return read_prop_file(argv[1], trigger);
} else if (strcmp(argv[0], "--delete") == 0 && argc == 2) {
return deleteprop2(argv[1], persist);
} else if (strcmp(argv[0], "--help") == 0) {
goto usage;
}
for (int i = 1; i < argc; ++i) {
if (!strcmp("-v", argv[i])) {
case 'v':
verbose = 1;
} else if (!strcmp("-n", argv[i])) {
continue;
case 'p':
persist = 1;
continue;
case 'n':
trigger = 0;
} else if (!strcmp("--file", argv[i])) {
file = 1;
exp_arg = 1;
} else if (!strcmp("--delete", argv[i])) {
del = 1;
exp_arg = 1;
} else {
if (i + exp_arg > argc) {
return usage(argv[0]);
}
if (file) {
filename = argv[i];
continue;
case '\0':
break;
} else {
if(!is_legal_property_name(argv[i], strlen(argv[i]))) {
PRINT_E("Illegal property name: [%s]\n", argv[i]);
return 1;
}
name = argv[i];
if (exp_arg > 1) {
if (strlen(argv[i + 1]) >= PROP_VALUE_MAX) {
PRINT_E("Value too long: [%s]\n", argv[i + 1]);
return 1;
}
value = argv[i + 1];
case 'h':
default:
usage:
return usage(argv0);
}
break;
}
}
}
if (file) {
return read_prop_file(filename, trigger);
} else if (del) {
return deleteprop(name, trigger);
} else {
return setprop2(name, value, trigger);
--argc;
++argv;
}
switch (argc) {
case 0:
print_all_props(persist);
return 0;
case 1:
prop = getprop2(argv[0], persist);
if (prop == NULL) return 1;
printf("%s\n", prop);
free(prop);
return 0;
case 2:
return setprop2(argv[0], argv[1], trigger);
default:
usage(argv0);
return 1;
}
}

1
jni/selinux

Submodule jni/selinux deleted from 3d9b8bcb05

2
jni/su

Submodule jni/su updated: c66632227b...6de95e0d9b

333
jni/utils/file.c Normal file
View File

@@ -0,0 +1,333 @@
/* file.c - Contains all files related utilities
*/
#include <stdlib.h>
#include <fcntl.h>
#include <unistd.h>
#include <sys/sendfile.h>
#ifndef NO_SELINUX
#include <selinux/selinux.h>
#endif
#include "utils.h"
char **excl_list = (char *[]) { NULL };
static int is_excl(const char *name) {
for (int i = 0; excl_list[i]; ++i) {
if (strcmp(name, excl_list[i]) == 0)
return 1;
}
return 0;
}
int fd_getpath(int fd, char *path, size_t size) {
snprintf(path, size, "/proc/self/fd/%d", fd);
if (xreadlink(path, path, size) == -1)
return -1;
return 0;
}
int mkdir_p(const char *pathname, mode_t mode) {
char *path = strdup(pathname), *p;
errno = 0;
for (p = path + 1; *p; ++p) {
if (*p == '/') {
*p = '\0';
if (mkdir(path, mode) == -1) {
if (errno != EEXIST)
return -1;
}
*p = '/';
}
}
if (mkdir(path, mode) == -1) {
if (errno != EEXIST)
return -1;
}
free(path);
return 0;
}
void rm_rf(const char *path) {
int fd = xopen(path, O_RDONLY | O_CLOEXEC);
frm_rf(fd);
close(fd);
rmdir(path);
}
void frm_rf(int dirfd) {
struct dirent *entry;
int newfd;
DIR *dir = xfdopendir(dirfd);
while ((entry = xreaddir(dir))) {
if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0)
continue;
if (is_excl(entry->d_name))
continue;
switch (entry->d_type) {
case DT_DIR:
newfd = xopenat(dirfd, entry->d_name, O_RDONLY | O_CLOEXEC);
frm_rf(newfd);
close(newfd);
unlinkat(dirfd, entry->d_name, AT_REMOVEDIR);
break;
default:
unlinkat(dirfd, entry->d_name, 0);
break;
}
}
}
/* This will only on the same file system */
void mv_f(const char *source, const char *destination) {
struct stat st;
xlstat(source, &st);
int src, dest;
struct file_attr a;
if (S_ISDIR(st.st_mode)) {
xmkdir_p(destination, st.st_mode & 0777);
src = xopen(source, O_RDONLY | O_CLOEXEC);
dest = xopen(destination, O_RDONLY | O_CLOEXEC);
fclone_attr(src, dest);
mv_dir(src, dest);
close(src);
close(dest);
} else{
getattr(source, &a);
xrename(source, destination);
setattr(destination, &a);
}
rmdir(source);
}
/* This will only on the same file system */
void mv_dir(int src, int dest) {
struct dirent *entry;
DIR *dir;
int newsrc, newdest;
struct file_attr a;
dir = xfdopendir(src);
while ((entry = xreaddir(dir))) {
if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0)
continue;
if (is_excl(entry->d_name))
continue;
getattrat(src, entry->d_name, &a);
switch (entry->d_type) {
case DT_DIR:
xmkdirat(dest, entry->d_name, a.st.st_mode & 0777);
newsrc = xopenat(src, entry->d_name, O_RDONLY | O_CLOEXEC);
newdest = xopenat(dest, entry->d_name, O_RDONLY | O_CLOEXEC);
fsetattr(newdest, &a);
mv_dir(newsrc, newdest);
close(newsrc);
close(newdest);
unlinkat(src, entry->d_name, AT_REMOVEDIR);
break;
case DT_LNK:
case DT_REG:
renameat(src, entry->d_name, dest, entry->d_name);
setattrat(dest, entry->d_name, &a);
break;
}
}
}
void cp_afc(const char *source, const char *destination) {
int src, dest;
struct file_attr a;
getattr(source, &a);
if (S_ISDIR(a.st.st_mode)) {
xmkdir_p(destination, a.st.st_mode & 0777);
src = xopen(source, O_RDONLY | O_CLOEXEC);
dest = xopen(destination, O_RDONLY | O_CLOEXEC);
fsetattr(dest, &a);
clone_dir(src, dest);
close(src);
close(dest);
} else{
unlink(destination);
if (S_ISREG(a.st.st_mode)) {
src = xopen(source, O_RDONLY);
dest = xopen(destination, O_WRONLY | O_CREAT | O_TRUNC);
xsendfile(dest, src, NULL, a.st.st_size);
fsetattr(src, &a);
close(src);
close(dest);
} else if (S_ISLNK(a.st.st_mode)) {
char buf[PATH_MAX];
xreadlink(source, buf, sizeof(buf));
xsymlink(buf, destination);
setattr(destination, &a);
}
}
}
void clone_dir(int src, int dest) {
struct dirent *entry;
DIR *dir;
int srcfd, destfd, newsrc, newdest;
char buf[PATH_MAX];
struct file_attr a;
dir = xfdopendir(src);
while ((entry = xreaddir(dir))) {
if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0)
continue;
if (is_excl(entry->d_name))
continue;
getattrat(src, entry->d_name, &a);
switch (entry->d_type) {
case DT_DIR:
xmkdirat(dest, entry->d_name, a.st.st_mode & 0777);
setattrat(dest, entry->d_name, &a);
newsrc = xopenat(src, entry->d_name, O_RDONLY | O_CLOEXEC);
newdest = xopenat(dest, entry->d_name, O_RDONLY | O_CLOEXEC);
clone_dir(newsrc, newdest);
close(newsrc);
close(newdest);
break;
case DT_REG:
destfd = xopenat(dest, entry->d_name, O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC);
srcfd = xopenat(src, entry->d_name, O_RDONLY | O_CLOEXEC);
xsendfile(destfd, srcfd, 0, a.st.st_size);
fsetattr(destfd, &a);
close(destfd);
close(srcfd);
break;
case DT_LNK:
xreadlinkat(src, entry->d_name, buf, sizeof(buf));
symlinkat(buf, dest, entry->d_name);
setattrat(dest, entry->d_name, &a);
break;
}
}
}
int getattr(const char *path, struct file_attr *a) {
if (xlstat(path, &a->st) == -1)
return -1;
char *con = "";
#ifndef NO_SELINUX
if (lgetfilecon(path, &con) == -1)
return -1;
strcpy(a->con, con);
freecon(con);
#else
a->con[0] = '\0';
#endif
return 0;
}
int getattrat(int dirfd, const char *pathname, struct file_attr *a) {
int fd = xopenat(dirfd, pathname, O_PATH | O_NOFOLLOW | O_CLOEXEC);
if (fd < 0)
return -1;
int ret = fgetattr(fd, a);
close(fd);
return ret;
}
int fgetattr(int fd, struct file_attr *a) {
#ifndef NO_SELINUX
char path[PATH_MAX];
fd_getpath(fd, path, sizeof(path));
return getattr(path, a);
#else
if (fstat(fd, &a->st) == -1)
return -1;
a->con[0] = '\0';
return 0;
#endif
}
int setattr(const char *path, struct file_attr *a) {
if (chmod(path, a->st.st_mode & 0777) < 0)
return -1;
if (chown(path, a->st.st_uid, a->st.st_gid) < 0)
return -1;
#ifndef NO_SELINUX
if (strlen(a->con) && lsetfilecon(path, a->con) < 0)
return -1;
#endif
return 0;
}
int setattrat(int dirfd, const char *pathname, struct file_attr *a) {
int fd = xopenat(dirfd, pathname, O_PATH | O_NOFOLLOW | O_CLOEXEC);
if (fd < 0)
return -1;
int ret = fsetattr(fd, a);
close(fd);
return ret;
}
int fsetattr(int fd, struct file_attr *a) {
#ifndef NO_SELINUX
char path[PATH_MAX];
fd_getpath(fd, path, sizeof(path));
return setattr(path, a);
#else
if (fchmod(fd, a->st.st_mode & 0777) < 0)
return -1;
if (fchown(fd, a->st.st_uid, a->st.st_gid) < 0)
return -1;
return 0;
#endif
}
void clone_attr(const char *source, const char *target) {
struct file_attr a;
getattr(source, &a);
setattr(target, &a);
}
void fclone_attr(const int sourcefd, const int targetfd) {
struct file_attr a;
fgetattr(sourcefd, &a);
fsetattr(targetfd, &a);
}
#ifndef NO_SELINUX
#define UNLABEL_CON "u:object_r:unlabeled:s0"
#define SYSTEM_CON "u:object_r:system_file:s0"
void restorecon(int dirfd, int force) {
struct dirent *entry;
DIR *dir;
int fd;
char path[PATH_MAX], *con;
fd_getpath(dirfd, path, sizeof(path));
lgetfilecon(path, &con);
if (force || strlen(con) == 0 || strcmp(con, UNLABEL_CON) == 0)
lsetfilecon(path, SYSTEM_CON);
freecon(con);
dir = xfdopendir(dirfd);
while ((entry = xreaddir(dir))) {
if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0)
continue;
if (entry->d_type == DT_DIR) {
fd = xopenat(dirfd, entry->d_name, O_RDONLY | O_CLOEXEC);
restorecon(fd, force);
} else {
fd = xopenat(dirfd, entry->d_name, O_PATH | O_NOFOLLOW | O_CLOEXEC);
fd_getpath(fd, path, sizeof(path));
lgetfilecon(path, &con);
if (force || strlen(con) == 0 || strcmp(con, UNLABEL_CON) == 0)
lsetfilecon(path, SYSTEM_CON);
freecon(con);
}
close(fd);
}
}
#endif // NO_SELINUX

51
jni/utils/img.c
View File

@@ -2,6 +2,7 @@
*/
#include <unistd.h>
#include <libgen.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/mount.h>
@@ -51,20 +52,13 @@ static char *loopsetup(const char *img) {
int create_img(const char *img, int size) {
unlink(img);
LOGI("Create %s with size %dM\n", img, size);
// Create a temp file with the file contexts
char file_contexts[] = "/magisk(/.*)? u:object_r:system_file:s0\n";
// If not root, attempt to create in current diretory
char *filename = getuid() == UID_ROOT ? "/dev/file_contexts_image" : "file_contexts_image";
int ret, fd = xopen(filename, O_WRONLY | O_CREAT | O_TRUNC, 0644);
xwrite(fd, file_contexts, sizeof(file_contexts));
close(fd);
int ret;
char buffer[16];
snprintf(buffer, sizeof(buffer), "%dM", size);
ret = exec_command_sync("make_ext4fs", "-l", buffer, "-a", "/magisk", "-S", filename, img, NULL);
ret = exec_command_sync("make_ext4fs", "-l", buffer, img, NULL);
if (ret < 0)
return 1;
unlink(filename);
return ret;
}
@@ -103,7 +97,7 @@ int resize_img(const char *img, int size) {
if (e2fsck(img))
return 1;
char buffer[128];
int pid, status, fd = -1;
int pid, fd = -1, used, total;
snprintf(buffer, sizeof(buffer), "%dM", size);
pid = exec_command(1, &fd, NULL, "resize2fs", img, buffer, NULL);
if (pid < 0)
@@ -111,8 +105,32 @@ int resize_img(const char *img, int size) {
while (fdgets(buffer, sizeof(buffer), fd))
LOGD("magisk_img: %s", buffer);
close(fd);
waitpid(pid, &status, 0);
return WEXITSTATUS(status);
waitpid(pid, NULL, 0);
// Double check our image size
get_img_size(img, &used, &total);
if (total != size) {
// Sammy crap occurs or resize2fs failed, lets create a new image!
char *dir = dirname(img);
snprintf(buffer, sizeof(buffer), "%s/tmp.img", dir);
create_img(buffer, size);
char *s_loop, *t_loop;
s_loop = mount_image(img, SOURCE_TMP);
if (s_loop == NULL) return 1;
t_loop = mount_image(buffer, TARGET_TMP);
if (t_loop == NULL) return 1;
cp_afc(SOURCE_TMP, TARGET_TMP);
umount_image(SOURCE_TMP, s_loop);
umount_image(TARGET_TMP, t_loop);
rmdir(SOURCE_TMP);
rmdir(TARGET_TMP);
free(s_loop);
free(t_loop);
rename(buffer, img);
}
return 0;
}
char *mount_image(const char *img, const char *target) {
@@ -145,8 +163,9 @@ void umount_image(const char *target, const char *device) {
int merge_img(const char *source, const char *target) {
if (access(source, F_OK) == -1)
return 0;
LOGI("* Merging %s -> %s\n", source, target);
if (access(target, F_OK) == -1) {
rename(source, target);
xrename(source, target);
return 0;
}
@@ -157,7 +176,7 @@ int merge_img(const char *source, const char *target) {
get_img_size(source, &s_used, &s_total);
get_img_size(target, &t_used, &t_total);
n_total = round_size(s_used + t_used);
if (n_total != t_total)
if (n_total > t_total)
resize_img(target, n_total);
xmkdir(SOURCE_TMP, 0755);
@@ -170,7 +189,7 @@ int merge_img(const char *source, const char *target) {
DIR *dir;
struct dirent *entry;
if (!(dir = opendir(SOURCE_TMP)))
if (!(dir = xopendir(SOURCE_TMP)))
return 1;
while ((entry = xreaddir(dir))) {
if (entry->d_type == DT_DIR) {
@@ -183,7 +202,7 @@ int merge_img(const char *source, const char *target) {
snprintf(buffer, sizeof(buffer), "%s/%s", TARGET_TMP, entry->d_name);
if (access(buffer, F_OK) == 0) {
LOGI("Upgrade module: %s\n", entry->d_name);
exec_command_sync(BBPATH "/rm", "-rf", buffer, NULL);
rm_rf(buffer);
} else {
LOGI("New module: %s\n", entry->d_name);
}

160
jni/utils/misc.c
View File

@@ -6,21 +6,16 @@
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <dirent.h>
#include <unistd.h>
#include <fcntl.h>
#include <pwd.h>
#include <signal.h>
#include <errno.h>
#include <sched.h>
#include <sys/types.h>
#include <sys/ioctl.h>
#include <sys/mount.h>
#include <sys/wait.h>
#include <sys/stat.h>
#include <selinux/selinux.h>
#include "magisk.h"
#include "logging.h"
#include "utils.h"
int quit_signals[] = { SIGALRM, SIGABRT, SIGHUP, SIGPIPE, SIGQUIT, SIGTERM, SIGINT, 0 };
@@ -145,12 +140,12 @@ static void proc_name_filter(int pid) {
char buf[64];
int fd;
snprintf(buf, sizeof(buf), "/proc/%d/cmdline", pid);
if ((fd = open(buf, O_RDONLY)) == -1)
if (access(buf, R_OK) == -1 || (fd = xopen(buf, O_RDONLY)) == -1)
return;
if (fdgets(buf, sizeof(buf), fd) == 0) {
snprintf(buf, sizeof(buf), "/proc/%d/comm", pid);
close(fd);
if ((fd = open(buf, O_RDONLY)) == -1)
if (access(buf, R_OK) == -1 || (fd = xopen(buf, O_RDONLY)) == -1)
return;
fdgets(buf, sizeof(buf), fd);
}
@@ -167,48 +162,25 @@ void ps_filter_proc_name(const char *pattern, void (*func)(int)) {
ps(proc_name_filter);
}
int create_links(const char *bin, const char *path) {
char self[PATH_MAX], linkpath[PATH_MAX];
if (bin == NULL) {
xreadlink("/proc/self/exe", self, sizeof(self));
bin = self;
}
int ret = 0;
for (int i = 0; applet[i]; ++i) {
snprintf(linkpath, sizeof(linkpath), "%s/%s", path, applet[i]);
unlink(linkpath);
ret |= symlink(bin, linkpath);
}
return ret;
}
#define DEV_BLOCK "/dev/block"
void unlock_blocks() {
char path[PATH_MAX];
DIR *dir;
struct dirent *entry;
int fd, OFF = 0;
int fd, dev, OFF = 0;
if (!(dir = xopendir(DEV_BLOCK)))
if ((dev = xopen("/dev/block", O_RDONLY | O_CLOEXEC)) < 0)
return;
dir = xfdopendir(dev);
while((entry = readdir(dir))) {
if (entry->d_type == DT_BLK &&
strstr(entry->d_name, "ram") == NULL &&
strstr(entry->d_name, "loop") == NULL &&
strstr(entry->d_name, "dm-0") == NULL) {
snprintf(path, sizeof(path), "%s/%s", DEV_BLOCK, entry->d_name);
if ((fd = xopen(path, O_RDONLY)) < 0)
if (entry->d_type == DT_BLK) {
if ((fd = openat(dev, entry->d_name, O_RDONLY)) < 0)
continue;
if (ioctl(fd, BLKROSET, &OFF) == -1)
PLOGE("unlock %s", path);
PLOGE("unlock %s", entry->d_name);
close(fd);
}
}
closedir(dir);
close(dev);
}
void setup_sighandlers(void (*handler)(int)) {
@@ -259,7 +231,7 @@ static int v_exec_command(int err, int *fd, void (*setupenv)(struct vector*), co
envp = environ;
}
int pid = fork();
int pid = xfork();
if (pid != 0) {
if (fd && *fd < 0) {
// Give the read end and close write end
@@ -271,9 +243,6 @@ static int v_exec_command(int err, int *fd, void (*setupenv)(struct vector*), co
return pid;
}
// Don't return to the daemon if anything goes wrong
err_handler = exit_proc;
if (fd) {
xdup2(writeEnd, STDOUT_FILENO);
if (err) xdup2(writeEnd, STDERR_FILENO);
@@ -304,31 +273,10 @@ int exec_command(int err, int *fd, void (*setupenv)(struct vector*), const char
return pid;
}
int mkdir_p(const char *pathname, mode_t mode) {
char *path = strdup(pathname), *p;
errno = 0;
for (p = path + 1; *p; ++p) {
if (*p == '/') {
*p = '\0';
if (mkdir(path, mode) == -1) {
if (errno != EEXIST)
return -1;
}
*p = '/';
}
}
if (mkdir(path, mode) == -1) {
if (errno != EEXIST)
return -1;
}
free(path);
return 0;
}
int bind_mount(const char *from, const char *to) {
int ret = xmount(from, to, NULL, MS_BIND, NULL);
#ifdef MAGISK_DEBUG
LOGD("bind_mount: %s -> %s\n", from, to);
LOGI("bind_mount: %s -> %s\n", from, to);
#else
LOGI("bind_mount: %s\n", to);
#endif
@@ -339,79 +287,6 @@ int open_new(const char *filename) {
return xopen(filename, O_WRONLY | O_CREAT | O_TRUNC, 0644);
}
int cp_afc(const char *source, const char *target) {
struct stat buf;
xlstat(source, &buf);
if (S_ISDIR(buf.st_mode)) {
DIR *dir;
struct dirent *entry;
char *s_path, *t_path;
if (!(dir = xopendir(source)))
return 1;
s_path = xmalloc(PATH_MAX);
t_path = xmalloc(PATH_MAX);
mkdir_p(target, 0755);
clone_attr(source, target);
while ((entry = xreaddir(dir))) {
if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0)
continue;
snprintf(s_path, PATH_MAX, "%s/%s", source, entry->d_name);
snprintf(t_path, PATH_MAX, "%s/%s", target, entry->d_name);
cp_afc(s_path, t_path);
}
free(s_path);
free(t_path);
closedir(dir);
} else{
unlink(target);
if (S_ISREG(buf.st_mode)) {
int sfd, tfd;
sfd = xopen(source, O_RDONLY);
tfd = xopen(target, O_WRONLY | O_CREAT | O_TRUNC);
xsendfile(tfd, sfd, NULL, buf.st_size);
fclone_attr(sfd, tfd);
close(sfd);
close(tfd);
} else if (S_ISLNK(buf.st_mode)) {
char buffer[PATH_MAX];
xreadlink(source, buffer, sizeof(buffer));
xsymlink(buffer, target);
clone_attr(source, target);
} else {
return 1;
}
}
return 0;
}
void clone_attr(const char *source, const char *target) {
struct stat buf;
lstat(target, &buf);
chmod(target, buf.st_mode & 0777);
chown(target, buf.st_uid, buf.st_gid);
char *con;
lgetfilecon(source, &con);
lsetfilecon(target, con);
free(con);
}
void fclone_attr(const int sourcefd, const int targetfd) {
struct stat buf;
fstat(sourcefd, &buf);
fchmod(targetfd, buf.st_mode & 0777);
fchown(targetfd, buf.st_uid, buf.st_gid);
char *con;
fgetfilecon(sourcefd, &con);
fsetfilecon(targetfd, con);
free(con);
}
void get_client_cred(int fd, struct ucred *cred) {
socklen_t ucred_length = sizeof(*cred);
if(getsockopt(fd, SOL_SOCKET, SO_PEERCRED, cred, &ucred_length))
@@ -431,3 +306,14 @@ int switch_mnt_ns(int pid) {
close(fd);
return ret;
}
int fork_dont_care() {
int pid = xfork();
if (pid) {
waitpid(pid, NULL, 0);
return pid;
} else if ((pid = xfork())) {
exit(0);
}
return 0;
}

66
jni/utils/xwrap.c
View File

@@ -1,8 +1,8 @@
/* xwrap.c - wrappers around existing library functions.
*
* Functions with the x prefix are wrappers that either succeed or kill the
* program with an error message, but never return failure. They usually have
* the same arguments and return value as the function they wrap.
* Functions with the x prefix are wrappers that either succeed or log the
* error message. They usually have the same arguments and return value
* as the function they wrap.
*
*/
@@ -14,6 +14,7 @@
#include <fcntl.h>
#include <dirent.h>
#include <errno.h>
#include <pthread.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <sys/stat.h>
@@ -21,7 +22,7 @@
#include <sys/mman.h>
#include <sys/sendfile.h>
#include "magisk.h"
#include "logging.h"
#include "utils.h"
FILE *xfopen(const char *pathname, const char *mode) {
@@ -56,6 +57,14 @@ int xopen3(const char *pathname, int flags, mode_t mode) {
return fd;
}
int xopenat(int dirfd, const char *pathname, int flags) {
int fd = openat(dirfd, pathname, flags);
if (fd < 0) {
PLOGE("openat: %s", pathname);
}
return fd;
}
ssize_t xwrite(int fd, const void *buf, size_t count) {
int ret = write(fd, buf, count);
if (count != ret) {
@@ -106,6 +115,14 @@ DIR *xopendir(const char *name) {
return d;
}
DIR *xfdopendir(int fd) {
DIR *d = fdopendir(fd);
if (d == NULL) {
PLOGE("fdopendir");
}
return d;
}
struct dirent *xreaddir(DIR *dirp) {
errno = 0;
struct dirent *e = readdir(dirp);
@@ -250,7 +267,16 @@ ssize_t xreadlink(const char *pathname, char *buf, size_t bufsiz) {
PLOGE("readlink %s", pathname);
} else {
buf[ret] = '\0';
++ret;
}
return ret;
}
ssize_t xreadlinkat(int dirfd, const char *pathname, char *buf, size_t bufsiz) {
ssize_t ret = readlinkat(dirfd, pathname, buf, bufsiz);
if (ret == -1) {
PLOGE("readlinkat %s", pathname);
} else {
buf[ret] = '\0';
}
return ret;
}
@@ -289,14 +315,6 @@ int xumount2(const char *target, int flags) {
return ret;
}
int xchmod(const char *pathname, mode_t mode) {
int ret = chmod(pathname, mode);
if (ret == -1) {
PLOGE("chmod %s %u", pathname, mode);
}
return ret;
}
int xrename(const char *oldpath, const char *newpath) {
int ret = rename(oldpath, newpath);
if (ret == -1) {
@@ -313,6 +331,22 @@ int xmkdir(const char *pathname, mode_t mode) {
return ret;
}
int xmkdir_p(const char *pathname, mode_t mode) {
int ret = mkdir_p(pathname, mode);
if (ret == -1) {
PLOGE("mkdir_p %s", pathname);
}
return ret;
}
int xmkdirat(int dirfd, const char *pathname, mode_t mode) {
int ret = mkdirat(dirfd, pathname, mode);
if (ret == -1 && errno != EEXIST) {
PLOGE("mkdirat %s %u", pathname, mode);
}
return ret;
}
void *xmmap(void *addr, size_t length, int prot, int flags,
int fd, off_t offset) {
void *ret = mmap(addr, length, prot, flags, fd, offset);
@@ -330,10 +364,10 @@ ssize_t xsendfile(int out_fd, int in_fd, off_t *offset, size_t count) {
return ret;
}
int xmkdir_p(const char *pathname, mode_t mode) {
int ret = mkdir_p(pathname, mode);
pid_t xfork() {
int ret = fork();
if (ret == -1) {
PLOGE("mkdir_p %s", pathname);
PLOGE("fork");
}
return ret;
}

30
scripts/addon.d.sh
View File

@@ -13,9 +13,11 @@
main() {
# Magisk binaries
MAGISKBIN=/data/magisk
# This script always run in recovery
# This script always runs in recovery
BOOTMODE=false
mount /data 2>/dev/null
if [ ! -d $MAGISKBIN ]; then
echo "! Cannot find Magisk binaries!"
exit 1
@@ -24,26 +26,21 @@ main() {
# Wait for post addon.d processes to finish
sleep 5
mount -o ro /system 2>/dev/null
mount -o ro /vendor 2>/dev/null
mount /data 2>/dev/null
# Load utility functions
. $MAGISKBIN/util_functions.sh
[ -f /system/build.prop ] || abort "! /system could not be mounted!"
ui_print "************************"
ui_print "* Magisk v$MAGISK_VER addon.d"
ui_print "************************"
mount_partitions
api_level_arch_detect
# Check if system root is installed and remove
remove_system_su
recovery_actions
remove_system_su
find_boot_image
[ -z $BOOTIMAGE ] && abort "! Unable to detect boot image"
ui_print "- Found Boot Image: $BOOTIMAGE"
@@ -54,18 +51,15 @@ main() {
# Source the boot patcher
. $MAGISKBIN/boot_patch.sh "$BOOTIMAGE"
[ -f stock_boot* ] && rm -f /data/stock_boot* 2>/dev/null
ui_print "- Flashing new boot image"
if [ -L "$BOOTIMAGE" ]; then
dd if=new-boot.img of="$BOOTIMAGE" bs=4096
else
cat new-boot.img /dev/zero | dd of="$BOOTIMAGE" bs=4096 >/dev/null 2>&1
if [ -f stock_boot* ]; then
rm -f /data/stock_boot* 2>/dev/null
mv stock_boot* /data
fi
flash_boot_image new-boot.img $BOOTIMAGE
rm -f new-boot.img
cd /
recovery_cleanup
ui_print "- Done"

124
scripts/boot_patch.sh
View File

@@ -29,24 +29,6 @@
# Functions
##########################################################################################
# Call ui_print_wrap if exists, or else simply use echo
# Useful when wrapped in flashable zip
ui_print_wrap() {
type ui_print >/dev/null 2>&1 && ui_print "$1" || echo "$1"
}
# Call abort if exists, or else show error message and exit
# Essential when wrapped in flashable zip
abort_wrap() {
type abort >/dev/null 2>&1
if [ $? -ne 0 ]; then
ui_print_wrap "$1"
exit 1
else
abort "$1"
fi
}
# Pure bash dirname implementation
dirname_wrap() {
case "$1" in
@@ -65,16 +47,6 @@ basename_wrap() {
echo ${1##*/}
}
grep_prop() {
REGEX="s/^$1=//p"
shift
FILES=$@
if [ -z "$FILES" ]; then
FILES='/system/build.prop'
fi
cat $FILES 2>/dev/null | sed -n "$REGEX" | head -n 1
}
# --cpio-add <incpio> <mode> <entry> <infile>
cpio_add() {
./magiskboot --cpio-add ramdisk.cpio $1 $2 $3
@@ -94,24 +66,23 @@ cpio_mkdir() {
# Initialization
##########################################################################################
[ -z $1 ] && abort_wrap "This script requires a boot image as a parameter"
if [ -z $SOURCEDMODE ]; then
# Switch to the location of the script file
cd "`dirname_wrap "${BASH_SOURCE:-$0}"`"
# Load utility functions
. ./util_functions.sh
# Detect current status
mount_partitions
fi
cwd=`pwd`
cd "`dirname_wrap $1`"
BOOTIMAGE="`pwd`/`basename_wrap $1`"
cd $cwd
BOOTIMAGE="$1"
[ -e "$BOOTIMAGE" ] || abort_wrap "$BOOTIMAGE does not exist!"
[ -e "$BOOTIMAGE" ] || abort "$BOOTIMAGE does not exist!"
# Presets
[ -z $KEEPVERITY ] && KEEPVERITY=false
[ -z $KEEPFORCEENCRYPT ] && KEEPFORCEENCRYPT=false
# Detect whether running as root
id | grep "uid=0" >/dev/null 2>&1 && ROOT=true || ROOT=false
# Switch to the location of the script file
[ -z $SOURCEDMODE ] && cd "`dirname_wrap "${BASH_SOURCE:-$0}"`"
chmod -R 755 .
##########################################################################################
@@ -122,23 +93,24 @@ migrate_boot_backup
CHROMEOS=false
ui_print_wrap "- Unpacking boot image"
ui_print "- Unpacking boot image"
./magiskboot --unpack "$BOOTIMAGE"
case $? in
1 )
abort_wrap "! Unable to unpack boot image"
abort "! Unable to unpack boot image"
;;
2 )
ui_print "- ChromeOS boot image detected"
CHROMEOS=true
;;
3 )
ui_print_wrap "! Sony ELF32 format detected"
abort_wrap "! Please use BootBridge from @AdrianDC to flash Magisk"
ui_print "! Sony ELF32 format detected"
abort "! Please use BootBridge from @AdrianDC to flash Magisk"
;;
4 )
ui_print_wrap "! Sony ELF64 format detected"
abort_wrap "! Stock kernel cannot be patched, please use a custom kernel"
ui_print "! Sony ELF64 format detected"
abort "! Stock kernel cannot be patched, please use a custom kernel"
esac
##########################################################################################
@@ -146,12 +118,12 @@ esac
##########################################################################################
# Test patch status and do restore, after this section, ramdisk.cpio.orig is guaranteed to exist
ui_print_wrap "- Checking ramdisk status"
ui_print "- Checking ramdisk status"
./magiskboot --cpio-test ramdisk.cpio
case $? in
0 ) # Stock boot
ui_print_wrap "- Stock boot image detected!"
ui_print_wrap "- Backing up stock boot image"
ui_print "- Stock boot image detected!"
ui_print "- Backing up stock boot image"
SHA1=`./magiskboot --sha1 "$BOOTIMAGE" 2>/dev/null`
STOCKDUMP=stock_boot_${SHA1}.img
dd if="$BOOTIMAGE" of=$STOCKDUMP
@@ -159,22 +131,22 @@ case $? in
cp -af ramdisk.cpio ramdisk.cpio.orig
;;
1 ) # Magisk patched
ui_print_wrap "- Magisk patched image detected!"
ui_print "- Magisk patched image detected!"
# Find SHA1 of stock boot image
[ -z $SHA1 ] && SHA1=`./magiskboot --cpio-stocksha1 ramdisk.cpio 2>/dev/null`
OK=false
./magiskboot --cpio-restore ramdisk.cpio
if [ $? -eq 0 ]; then
ui_print_wrap "- Ramdisk restored from internal backup"
ui_print "- Ramdisk restored from internal backup"
OK=true
else
# Restore failed
ui_print_wrap "! Cannot restore from internal backup"
ui_print "! Cannot restore from internal backup"
# If we are root and SHA1 known, we try to find the stock backup
if $ROOT && [ ! -z $SHA1 ]; then
if [ ! -z $SHA1 ]; then
STOCKDUMP=/data/stock_boot_${SHA1}.img
if [ -f ${STOCKDUMP}.gz ]; then
ui_print_wrap "- Stock boot image backup found"
ui_print "- Stock boot image backup found"
./magiskboot --decompress ${STOCKDUMP}.gz stock_boot.img
./magiskboot --unpack stock_boot.img
rm -f stock_boot.img
@@ -183,14 +155,14 @@ case $? in
fi
fi
if ! $OK; then
ui_print_wrap "! Ramdisk restoration incomplete"
ui_print_wrap "! Will still try to continue installation"
ui_print "! Ramdisk restoration incomplete"
ui_print "! Will still try to continue installation"
fi
cp -af ramdisk.cpio ramdisk.cpio.orig
;;
2 ) # Other patched
ui_print_wrap "! Boot image patched by other programs!"
abort_wrap "! Please restore stock boot image"
ui_print "! Boot image patched by other programs!"
abort "! Please restore stock boot image"
;;
esac
@@ -198,29 +170,40 @@ esac
# Ramdisk patches
##########################################################################################
ui_print_wrap "- Patching ramdisk"
ui_print "- Patching ramdisk"
# Add magisk entrypoint
if [ ! -z $SHA1 ]; then
cp init.magisk.rc init.magisk.rc.bak
echo "# STOCKSHA1=$SHA1" >> init.magisk.rc
fi
if $SKIP_INITRAMFS; then
cpio_add 750 init magiskinit
cpio_mkdir 000 overlay
cpio_add 750 overlay/init.magisk.rc init.magisk.rc
cpio_mkdir 750 overlay/sbin
cpio_add 755 overlay/sbin/magisk magisk
else
./magiskboot --cpio-patch ramdisk.cpio $KEEPVERITY $KEEPFORCEENCRYPT
# sepolicy patches
cpio_extract sepolicy sepolicy
./magisk magiskpolicy --load sepolicy --save sepolicy --minimal
cpio_add 644 sepolicy sepolicy
rm -f sepolicy
# Add new items
if [ ! -z $SHA1 ]; then
cp init.magisk.rc init.magisk.rc.bak
echo "# STOCKSHA1=$SHA1" >> init.magisk.rc
fi
cpio_add 750 init.magisk.rc init.magisk.rc
mv init.magisk.rc.bak init.magisk.rc 2>/dev/null
cpio_add 755 sbin/magisk magisk
fi
mv init.magisk.rc.bak init.magisk.rc 2>/dev/null
# Create ramdisk backups
./magiskboot --cpio-backup ramdisk.cpio ramdisk.cpio.orig
if ! $KEEPVERITY && [ -f dtb ]; then
./magiskboot --dtb-patch dtb && ui_print "- Patching fstab in dtb to remove dm-verity"
fi
rm -f ramdisk.cpio.orig
##########################################################################################
@@ -234,8 +217,13 @@ rm -f ramdisk.cpio.orig
49010054011440B93FA00F71E9000054010840B93FA00F7189000054001840B91FA00F7188010054 \
A1020054011440B93FA00F7140020054010840B93FA00F71E0010054001840B91FA00F7181010054
ui_print_wrap "- Repacking boot image"
./magiskboot --repack "$BOOTIMAGE" || abort_wrap "! Unable to repack boot image!"
# skip_initramfs -> want_initramfs
$SKIP_INITRAMFS && ./magiskboot --hexpatch kernel \
736B69705F696E697472616D6673 \
77616E745F696E697472616D6673
ui_print "- Repacking boot image"
./magiskboot --repack "$BOOTIMAGE" || abort "! Unable to repack boot image!"
# Sign chromeos boot
$CHROMEOS && sign_chromeos

29
scripts/flash_script.sh
View File

@@ -31,7 +31,7 @@ umask 022
OUTFD=$2
ZIP=$3
if [ ! -d "$COMMONDIR" ]; then
if [ ! -f $COMMONDIR/util_functions.sh ]; then
echo "! Unable to extract zip file!"
exit 1
fi
@@ -49,13 +49,8 @@ ui_print "************************"
ui_print "* Magisk v$MAGISK_VER Installer"
ui_print "************************"
ui_print "- Mounting /system, /vendor, /cache, /data"
mount -o ro /system 2>/dev/null
mount -o ro /vendor 2>/dev/null
mount /cache 2>/dev/null
mount /data 2>/dev/null
[ -f /system/build.prop ] || abort "! /system could not be mounted!"
is_mounted /data || mount /data || is_mounted /cache || mount /cache || abort "! Unable to mount partitions"
mount_partitions
# read override variables
getvar KEEPVERITY
@@ -89,6 +84,9 @@ if $BOOTMODE; then
rm -rf /dev/magisk/mirror/bin 2>/dev/null
fi
# Save our stock boot image dump before removing it
mv /data/magisk/stock_boot* /data 2>/dev/null
# Copy required files
rm -rf $MAGISKBIN 2>/dev/null
mkdir -p $MAGISKBIN
@@ -103,7 +101,7 @@ if [ -d /system/addon.d ]; then
chmod 755 /system/addon.d/99-magisk.sh
fi
$BOOTMODE && boot_actions || recovery_actions
$BOOTMODE || recovery_actions
##########################################################################################
# Boot patching
@@ -119,18 +117,15 @@ cd $MAGISKBIN
# Source the boot patcher
. $COMMONDIR/boot_patch.sh "$BOOTIMAGE"
[ -f stock_boot* ] && rm -f /data/stock_boot* 2>/dev/null
ui_print "- Flashing new boot image"
if [ -L "$BOOTIMAGE" ]; then
dd if=new-boot.img of="$BOOTIMAGE" bs=4096
else
cat new-boot.img /dev/zero | dd of="$BOOTIMAGE" bs=4096 >/dev/null 2>&1
if [ -f stock_boot* ]; then
rm -f /data/stock_boot* 2>/dev/null
mv stock_boot* /data
fi
flash_boot_image new-boot.img "$BOOTIMAGE"
rm -f new-boot.img
cd /
# Cleanups
$BOOTMODE || recovery_cleanup
rm -rf $TMPDIR

17
scripts/init.magisk.rc
View File

@@ -2,20 +2,25 @@
on post-fs
start logd
start magisk_daemon
wait /dev/.magisk.unblock 5
rm /dev/.magisk.unblock
start magisk_pfs
wait /dev/.magisk.unblock 20
wait /dev/.magisk.unblock 10
on post-fs-data
rm /dev/.magisk.unblock
load_persist_props
rm /dev/.magisk.unblock
start magisk_pfsd
wait /dev/.magisk.unblock 60
on property:magisk.restart_pfsd=1
trigger post-fs-data
wait /dev/.magisk.unblock 10
# Services
# Self recoverable service
service magisk_daemon /sbin/magisk --daemon
user root
seclabel u:r:su:s0
# launch post-fs script
service magisk_pfs /sbin/magisk --post-fs
user root

40
scripts/magisk_uninstaller.sh
View File

@@ -31,8 +31,14 @@ if [ ! -f $MAGISKBIN/magiskboot -o ! -f $MAGISKBIN/util_functions.sh ]; then
exit 1
fi
if $BOOTMODE; then
# Load utility functions
. $MAGISKBIN/util_functions.sh
boot_actions
mount_partitions
fi
cd $MAGISKBIN
# Find the boot image
find_boot_image
@@ -40,7 +46,7 @@ find_boot_image
ui_print "- Found Boot Image: $BOOTIMAGE"
cd $MAGISKBIN
migrate_boot_backup
ui_print "- Unpacking boot image"
./magiskboot --unpack "$BOOTIMAGE"
@@ -61,9 +67,8 @@ case $? in
abort "! Stock kernel cannot be patched, please use a custom kernel"
esac
migrate_boot_backup
# Detect boot image state
ui_print "- Checking ramdisk status"
./magiskboot --cpio-test ramdisk.cpio
case $? in
0 ) # Stock boot
@@ -74,15 +79,17 @@ case $? in
ui_print "- Magisk patched image detected!"
# Find SHA1 of stock boot image
[ -z $SHA1 ] && SHA1=`./magiskboot --cpio-stocksha1 ramdisk.cpio 2>/dev/null`
[ ! -z $SHA1 ] && STOCKDUMP=/data/stock_boot_${SHA1}.img
if [ -f ${STOCKDUMP}.gz ]; then
[ ! -z $SHA1 ] && STOCKBOOT=/data/stock_boot_${SHA1}.img.gz
if [ -f "$STOCKBOOT" ]; then
ui_print "- Boot image backup found!"
./magiskboot --decompress ${STOCKDUMP}.gz new-boot.img
else
ui_print "! Boot image backup unavailable"
ui_print "- Restoring ramdisk with internal backup"
./magiskboot --cpio-restore ramdisk.cpio
./magiskboot --repack $BOOTIMAGE new-boot.img
./magiskboot --repack $BOOTIMAGE
# Sign chromeos boot
$CHROMEOS && sign_chromeos
STOCKBOOT=new-boot.img
fi
;;
2 ) # Other patched
@@ -91,24 +98,13 @@ case $? in
;;
esac
# Sign chromeos boot
$CHROMEOS && sign_chromeos
ui_print "- Flashing stock/reverted image"
if [ -L "$BOOTIMAGE" ]; then
dd if=new-boot.img of="$BOOTIMAGE" bs=4096
else
cat new-boot.img /dev/zero | dd of="$BOOTIMAGE" bs=4096 >/dev/null 2>&1
fi
rm -f new-boot.img
flash_boot_image $STOCKBOOT "$BOOTIMAGE"
cd /
ui_print "- Removing Magisk files"
rm -rf /cache/magisk.log /cache/last_magisk.log /cache/magiskhide.log /cache/.disable_magisk \
/cache/magisk /cache/magisk_merge /cache/magisk_mount /cache/unblock /cache/magisk_uninstaller.sh \
/data/Magisk.apk /data/magisk.apk /data/magisk.img /data/magisk_merge.img /data/magisk_debug.log \
/data/busybox /data/magisk /data/custom_ramdisk_patch.sh /data/property/*magisk* \
/data/app/com.topjohnwu.magisk* /data/user/*/com.topjohnwu.magisk 2>/dev/null
rm -rf /cache/*magisk* /cache/unblock /data/*magisk* /data/cache/*magisk* /data/property/*magisk* \
/data/Magisk.apk /data/busybox /data/custom_ramdisk_patch.sh \
/data/app/com.topjohnwu.magisk* /data/user*/*/com.topjohnwu.magisk 2>/dev/null
$BOOTMODE && reboot

19
scripts/uninstaller_loader.sh
View File

@@ -24,7 +24,7 @@ OUTFD=$2
ZIP=$3
if [ ! -f $INSTALLER/util_functions.sh ]; then
echo "! Failed: Unable to extract zip file!"
echo "! Unable to extract zip file!"
exit 1
fi
@@ -40,13 +40,9 @@ ui_print "************************"
ui_print " Magisk Uninstaller "
ui_print "************************"
ui_print "- Mounting /system, /vendor, /cache, /data"
mount -o ro /system 2>/dev/null
mount -o ro /vendor 2>/dev/null
mount /cache 2>/dev/null
mount /data 2>/dev/null
[ -f /system/build.prop ] || abort "! /system could not be mounted!"
is_mounted /data || mount /data || abort "! Unable to mount partitions"
is_mounted /cache || mount /cache 2>/dev/null
mount_partitions
api_level_arch_detect
@@ -61,13 +57,15 @@ BINDIR=$INSTALLER/$ARCH
MAGISKBIN=/data/magisk
if is_mounted /data; then
recovery_actions
# Save our stock boot image dump before removing it
mv $MAGISKBIN/stock_boot* /data 2>/dev/null
# Copy the binaries to /data/magisk, in case they do not exist
rm -rf $MAGISKBIN 2>/dev/null
mkdir -p $MAGISKBIN
cp -af $BINDIR/. $CHROMEDIR $TMPDIR/bin/busybox $INSTALLER/util_functions.sh $MAGISKBIN
chmod -R 755 $MAGISKBIN
# Run the acttual uninstallation
recovery_actions
# Run the actual uninstallation
. $INSTALLER/magisk_uninstaller.sh
recovery_cleanup
else
@@ -75,7 +73,6 @@ else
ui_print "! Placing uninstall script to /cache"
ui_print "! The device might reboot multiple times"
cp -af $INSTALLER/magisk_uninstaller.sh /cache/magisk_uninstaller.sh
umount /system
ui_print "- Rebooting....."
sleep 5
reboot

6
scripts/update_binary.sh
View File

@@ -6,7 +6,7 @@ dirname_wrap() {
esac
}
[ "$1" = "indep" ] && INDEP=true || INDEP=false
$INDEP && TMPDIR="`cd "\`dirname_wrap "${BASH_SOURCE:-$0}"\`" && pwd`" || TMPDIR=/dev/tmp
$INDEP && TMPDIR="`dirname_wrap "${BASH_SOURCE:-$0}"`" || TMPDIR=/dev/tmp
INSTALLER=$TMPDIR/install; BBDIR=$TMPDIR/bin
EXBIN=$BBDIR/b64xz; BBBIN=$BBDIR/busybox
$INDEP || rm -rf $TMPDIR 2>/dev/null;
@@ -16,8 +16,8 @@ echo -ne $EX_ARM > $EXBIN
if $EXBIN --test 2>/dev/null; then
echo $BB_ARM | $EXBIN > $BBBIN
else
echo -ne $EX_x86 > $EXBIN
echo $BB_x86 | $EXBIN > $BBBIN
echo -ne $EX_X86 > $EXBIN
echo $BB_X86 | $EXBIN > $BBBIN
fi
$BBBIN --install -s $TMPDIR/bin
export PATH=$BBDIR:$PATH

88
scripts/util_functions.sh
View File

@@ -3,13 +3,16 @@
# Magisk General Utility Functions
# by topjohnwu
#
# Used in flash_script.sh, addon.d.sh, magisk module installers, and uninstaller
# Used everywhere in Magisk
#
##########################################################################################
MAGISK_VERSION_STUB
SCRIPT_VERSION=$MAGISK_VER_CODE
# Default location, will override if needed
MAGISKBIN=/data/magisk
get_outfd() {
readlink /proc/$$/fd/$OUTFD 2>/dev/null | grep /tmp >/dev/null
if [ "$?" -eq "0" ]; then
@@ -29,11 +32,36 @@ get_outfd() {
}
ui_print() {
if $BOOTMODE; then
echo "$1"
else
echo -n -e "ui_print $1\n" >> /proc/self/fd/$OUTFD
echo -n -e "ui_print\n" >> /proc/self/fd/$OUTFD
$BOOTMODE && echo "$1" || echo -e "ui_print $1\nui_print" >> /proc/self/fd/$OUTFD
}
mount_partitions() {
# Check A/B slot
SLOT=`getprop ro.boot.slot_suffix`
[ -z $SLOT ] || ui_print "- A/B partition detected, current slot: $SLOT"
ui_print "- Mounting /system, /vendor"
is_mounted /system || [ -f /system/build.prop ] || mount -o ro /system 2>/dev/null
if ! is_mounted /system && ! [ -f /system/build.prop ]; then
SYSTEMBLOCK=`find /dev/block -iname system$SLOT | head -n 1`
mount -t ext4 -o ro $SYSTEMBLOCK /system
fi
is_mounted /system || [ -f /system/build.prop ] || abort "! Cannot mount /system"
cat /proc/mounts | grep -E '/dev/root|/system_root' >/dev/null && SKIP_INITRAMFS=true || SKIP_INITRAMFS=false
if [ -f /system/init.rc ]; then
SKIP_INITRAMFS=true
mkdir /system_root 2>/dev/null
mount --move /system /system_root
mount -o bind /system_root/system /system
fi
$SKIP_INITRAMFS && ui_print "- Device skip_initramfs detected"
if [ -L /system/vendor ]; then
# Seperate /vendor partition
is_mounted /vendor || mount -o ro /vendor 2>/dev/null
if ! is_mounted /vendor; then
VENDORBLOCK=`find /dev/block -iname vendor$SLOT | head -n 1`
mount -t ext4 -o ro $VENDORBLOCK /vendor
fi
is_mounted /vendor || abort "! Cannot mount /vendor"
fi
}
@@ -56,42 +84,75 @@ getvar() {
eval $VARNAME=\$VALUE
}
resolve_link() {
RESOLVED="$1"
while RESOLVE=`readlink $RESOLVED`; do
RESOLVED=$RESOLVE
done
echo $RESOLVED
}
find_boot_image() {
if [ -z "$BOOTIMAGE" ]; then
for BLOCK in boot_a kern-a android_boot kernel boot lnx; do
if [ ! -z $SLOT ]; then
BOOTIMAGE=`find /dev/block -iname boot$SLOT | head -n 1` 2>/dev/null
else
for BLOCK in boot_a kern-a android_boot kernel boot lnx bootimg; do
BOOTIMAGE=`find /dev/block -iname $BLOCK | head -n 1` 2>/dev/null
[ ! -z $BOOTIMAGE ] && break
done
fi
fi
# Recovery fallback
if [ -z "$BOOTIMAGE" ]; then
for FSTAB in /etc/*fstab*; do
BOOTIMAGE=`grep -v '#' $FSTAB | grep -E '\b/boot\b' | grep -oE '/dev/[a-zA-Z0-9_./-]*'`
BOOTIMAGE=`grep -v '#' $FSTAB | grep -E '/boot[^a-zA-Z]' | grep -oE '/dev/[a-zA-Z0-9_./-]*'`
[ ! -z $BOOTIMAGE ] && break
done
fi
[ -L "$BOOTIMAGE" ] && BOOTIMAGE=`readlink $BOOTIMAGE`
BOOTIMAGE=`resolve_link $BOOTIMAGE`
}
migrate_boot_backup() {
# Update the broken boot backup
if [ -f /data/stock_boot_.img.gz ]; then
./magiskboot --decompress /data/stock_boot_.img.gz
$MAGISKBIN/magiskboot --decompress /data/stock_boot_.img.gz
mv /data/stock_boot_.img /data/stock_boot.img
fi
# Update our previous backup to new format if exists
if [ -f /data/stock_boot.img ]; then
ui_print "- Migrating boot image backup"
SHA1=`./magiskboot --sha1 /data/stock_boot.img 2>/dev/null`
SHA1=`$MAGISKBIN/magiskboot --sha1 /data/stock_boot.img 2>/dev/null`
STOCKDUMP=/data/stock_boot_${SHA1}.img
mv /data/stock_boot.img $STOCKDUMP
./magiskboot --compress $STOCKDUMP
$MAGISKBIN/magiskboot --compress $STOCKDUMP
fi
mv /data/magisk/stock_boot* /data 2>/dev/null
}
flash_boot_image() {
# Make sure all blocks are writable
$MAGISKBIN/magisk --unlock-blocks
case "$1" in
*.gz) COMMAND="gzip -d < \"$1\"";;
*) COMMAND="cat \"$1\"";;
esac
case "$2" in
/dev/block/*)
ui_print "- Flashing new boot image"
eval $COMMAND | cat - /dev/zero | dd of="$2" bs=4096 >/dev/null 2>&1
;;
*)
ui_print "- Storing new boot image"
eval $COMMAND | dd of="$2" bs=4096 >/dev/null 2>&1
;;
esac
}
sign_chromeos() {
echo > empty
ui_print "- Signing ChromeOS boot image"
echo > empty
./chromeos/futility vbutil_kernel --pack new-boot.img.signed \
--keyblock ./chromeos/kernel.keyblock --signprivate ./chromeos/kernel_data_key.vbprivk \
--version 1 --vmlinuz new-boot.img --config empty --arch arm --bootloader empty --flags 0x1
@@ -180,6 +241,7 @@ recovery_cleanup() {
export LD_LIBRARY_PATH=$OLD_LD_PATH
[ -z $OLD_PATH ] || export PATH=$OLD_PATH
ui_print "- Unmounting partitions"
umount -l /system_root 2>/dev/null
umount -l /system 2>/dev/null
umount -l /vendor 2>/dev/null
umount -l /dev/random 2>/dev/null

7
ziptools/zipsigner/.gitignore vendored
View File

@@ -1,7 +0,0 @@
*.iml
.gradle
/local.properties
.idea/
/build
*.hprof
app/.externalNativeBuild/

36
ziptools/zipsigner/build.gradle
View File

@@ -1,36 +0,0 @@
group 'com.topjohnwu'
version '1.0.0'
apply plugin: 'java'
apply plugin: 'com.github.johnrengelman.shadow'
sourceCompatibility = 1.8
jar {
manifest {
attributes 'Main-Class': 'com.topjohnwu.ZipSigner'
}
}
shadowJar {
classifier = null
version = null
}
buildscript {
repositories {
jcenter()
}
dependencies {
classpath 'com.github.jengelman.gradle.plugins:shadow:2.0.1'
}
}
repositories {
mavenCentral()
}
dependencies {
compile 'org.bouncycastle:bcprov-jdk15on:1.57'
compile 'org.bouncycastle:bcpkix-jdk15on:1.57'
}

BIN
ziptools/zipsigner/gradle/wrapper/gradle-wrapper.jar vendored
View File

Binary file not shown.

6
ziptools/zipsigner/gradle/wrapper/gradle-wrapper.properties vendored
View File

@@ -1,6 +0,0 @@
#Thu Aug 24 10:35:40 CST 2017
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-3.5-rc-2-bin.zip

172
ziptools/zipsigner/gradlew vendored
View File

@@ -1,172 +0,0 @@
#!/usr/bin/env sh
##############################################################################
##
## Gradle start up script for UN*X
##
##############################################################################
# Attempt to set APP_HOME
# Resolve links: $0 may be a link
PRG="$0"
# Need this for relative symlinks.
while [ -h "$PRG" ] ; do
ls=`ls -ld "$PRG"`
link=`expr "$ls" : '.*-> \(.*\)$'`
if expr "$link" : '/.*' > /dev/null; then
PRG="$link"
else
PRG=`dirname "$PRG"`"/$link"
fi
done
SAVED="`pwd`"
cd "`dirname \"$PRG\"`/" >/dev/null
APP_HOME="`pwd -P`"
cd "$SAVED" >/dev/null
APP_NAME="Gradle"
APP_BASE_NAME=`basename "$0"`
# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
DEFAULT_JVM_OPTS=""
# Use the maximum available, or set MAX_FD != -1 to use that value.
MAX_FD="maximum"
warn ( ) {
echo "$*"
}
die ( ) {
echo
echo "$*"
echo
exit 1
}
# OS specific support (must be 'true' or 'false').
cygwin=false
msys=false
darwin=false
nonstop=false
case "`uname`" in
CYGWIN* )
cygwin=true
;;
Darwin* )
darwin=true
;;
MINGW* )
msys=true
;;
NONSTOP* )
nonstop=true
;;
esac
CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
# Determine the Java command to use to start the JVM.
if [ -n "$JAVA_HOME" ] ; then
if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
# IBM's JDK on AIX uses strange locations for the executables
JAVACMD="$JAVA_HOME/jre/sh/java"
else
JAVACMD="$JAVA_HOME/bin/java"
fi
if [ ! -x "$JAVACMD" ] ; then
die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
else
JAVACMD="java"
which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
# Increase the maximum file descriptors if we can.
if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
MAX_FD_LIMIT=`ulimit -H -n`
if [ $? -eq 0 ] ; then
if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
MAX_FD="$MAX_FD_LIMIT"
fi
ulimit -n $MAX_FD
if [ $? -ne 0 ] ; then
warn "Could not set maximum file descriptor limit: $MAX_FD"
fi
else
warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
fi
fi
# For Darwin, add options to specify how the application appears in the dock
if $darwin; then
GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
fi
# For Cygwin, switch paths to Windows format before running java
if $cygwin ; then
APP_HOME=`cygpath --path --mixed "$APP_HOME"`
CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
JAVACMD=`cygpath --unix "$JAVACMD"`
# We build the pattern for arguments to be converted via cygpath
ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
SEP=""
for dir in $ROOTDIRSRAW ; do
ROOTDIRS="$ROOTDIRS$SEP$dir"
SEP="|"
done
OURCYGPATTERN="(^($ROOTDIRS))"
# Add a user-defined pattern to the cygpath arguments
if [ "$GRADLE_CYGPATTERN" != "" ] ; then
OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
fi
# Now convert the arguments - kludge to limit ourselves to /bin/sh
i=0
for arg in "$@" ; do
CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option
if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition
eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
else
eval `echo args$i`="\"$arg\""
fi
i=$((i+1))
done
case $i in
(0) set -- ;;
(1) set -- "$args0" ;;
(2) set -- "$args0" "$args1" ;;
(3) set -- "$args0" "$args1" "$args2" ;;
(4) set -- "$args0" "$args1" "$args2" "$args3" ;;
(5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
(6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
(7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
(8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
(9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
esac
fi
# Escape application args
save ( ) {
for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
echo " "
}
APP_ARGS=$(save "$@")
# Collect all arguments for the java command, following the shell quoting and substitution rules
eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
# by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong
if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then
cd "$(dirname "$0")"
fi
exec "$JAVACMD" "$@"

84
ziptools/zipsigner/gradlew.bat vendored
View File

@@ -1,84 +0,0 @@
@if "%DEBUG%" == "" @echo off
@rem ##########################################################################
@rem
@rem Gradle startup script for Windows
@rem
@rem ##########################################################################
@rem Set local scope for the variables with windows NT shell
if "%OS%"=="Windows_NT" setlocal
set DIRNAME=%~dp0
if "%DIRNAME%" == "" set DIRNAME=.
set APP_BASE_NAME=%~n0
set APP_HOME=%DIRNAME%
@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
set DEFAULT_JVM_OPTS=
@rem Find java.exe
if defined JAVA_HOME goto findJavaFromJavaHome
set JAVA_EXE=java.exe
%JAVA_EXE% -version >NUL 2>&1
if "%ERRORLEVEL%" == "0" goto init
echo.
echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
echo.
echo Please set the JAVA_HOME variable in your environment to match the
echo location of your Java installation.
goto fail
:findJavaFromJavaHome
set JAVA_HOME=%JAVA_HOME:"=%
set JAVA_EXE=%JAVA_HOME%/bin/java.exe
if exist "%JAVA_EXE%" goto init
echo.
echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
echo.
echo Please set the JAVA_HOME variable in your environment to match the
echo location of your Java installation.
goto fail
:init
@rem Get command-line arguments, handling Windows variants
if not "%OS%" == "Windows_NT" goto win9xME_args
:win9xME_args
@rem Slurp the command line arguments.
set CMD_LINE_ARGS=
set _SKIP=2
:win9xME_args_slurp
if "x%~1" == "x" goto execute
set CMD_LINE_ARGS=%*
:execute
@rem Setup the command line
set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
@rem Execute Gradle
"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
:end
@rem End local scope for the variables with windows NT shell
if "%ERRORLEVEL%"=="0" goto mainEnd
:fail
rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
rem the _cmd.exe /c_ return code!
if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
exit /b 1
:mainEnd
if "%OS%"=="Windows_NT" endlocal
:omega

4
ziptools/zipsigner/settings.gradle
View File

@@ -1,4 +0,0 @@
rootProject.name = 'zipsigner'
include 'apksigner'
rootProject.name = 'zipsigner'

567
ziptools/zipsigner/src/main/java/com/topjohnwu/ZipSigner.java
View File

@@ -1,567 +0,0 @@
package com.topjohnwu;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DEROutputStream;
import org.bouncycastle.asn1.cms.CMSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.cert.jcajce.JcaCertStore;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSProcessableByteArray;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.CMSSignedDataGenerator;
import org.bouncycastle.cms.CMSTypedData;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.util.encoders.Base64;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.FilterOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.PrintStream;
import java.security.DigestOutputStream;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Locale;
import java.util.Map;
import java.util.TreeMap;
import java.util.jar.Attributes;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import java.util.jar.JarOutputStream;
import java.util.jar.Manifest;
import java.util.regex.Pattern;
/*
* Modified from from AOSP(Marshmallow) SignAPK.java
* */
public class ZipSigner {
private static final String CERT_SF_NAME = "META-INF/CERT.SF";
private static final String CERT_SIG_NAME = "META-INF/CERT.%s";
private static Provider sBouncyCastleProvider;
// bitmasks for which hash algorithms we need the manifest to include.
private static final int USE_SHA1 = 1;
private static final int USE_SHA256 = 2;
/**
* Return one of USE_SHA1 or USE_SHA256 according to the signature
* algorithm specified in the cert.
*/
private static int getDigestAlgorithm(X509Certificate cert) {
String sigAlg = cert.getSigAlgName().toUpperCase(Locale.US);
if ("SHA1WITHRSA".equals(sigAlg) ||
"MD5WITHRSA".equals(sigAlg)) { // see "HISTORICAL NOTE" above.
return USE_SHA1;
} else if (sigAlg.startsWith("SHA256WITH")) {
return USE_SHA256;
} else {
throw new IllegalArgumentException("unsupported signature algorithm \"" + sigAlg +
"\" in cert [" + cert.getSubjectDN());
}
}
/** Returns the expected signature algorithm for this key type. */
private static String getSignatureAlgorithm(X509Certificate cert) {
String sigAlg = cert.getSigAlgName().toUpperCase(Locale.US);
String keyType = cert.getPublicKey().getAlgorithm().toUpperCase(Locale.US);
if ("RSA".equalsIgnoreCase(keyType)) {
if (getDigestAlgorithm(cert) == USE_SHA256) {
return "SHA256withRSA";
} else {
return "SHA1withRSA";
}
} else if ("EC".equalsIgnoreCase(keyType)) {
return "SHA256withECDSA";
} else {
throw new IllegalArgumentException("unsupported key type: " + keyType);
}
}
// Files matching this pattern are not copied to the output.
private static Pattern stripPattern =
Pattern.compile("^(META-INF/((.*)[.](SF|RSA|DSA|EC)|com/android/otacert))|(" +
Pattern.quote(JarFile.MANIFEST_NAME) + ")$");
private static X509Certificate readPublicKey(InputStream input)
throws IOException, GeneralSecurityException {
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
return (X509Certificate) cf.generateCertificate(input);
} finally {
input.close();
}
}
/** Read a PKCS#8 format private key. */
private static PrivateKey readPrivateKey(InputStream input)
throws IOException, GeneralSecurityException {
try {
byte[] buffer = new byte[4096];
int size = input.read(buffer);
byte[] bytes = Arrays.copyOf(buffer, size);
/* Check to see if this is in an EncryptedPrivateKeyInfo structure. */
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(bytes);
/*
* Now it's in a PKCS#8 PrivateKeyInfo structure. Read its Algorithm
* OID and use that to construct a KeyFactory.
*/
ASN1InputStream bIn = new ASN1InputStream(new ByteArrayInputStream(spec.getEncoded()));
PrivateKeyInfo pki = PrivateKeyInfo.getInstance(bIn.readObject());
String algOid = pki.getPrivateKeyAlgorithm().getAlgorithm().getId();
return KeyFactory.getInstance(algOid).generatePrivate(spec);
} finally {
input.close();
}
}
/**
* Add the hash(es) of every file to the manifest, creating it if
* necessary.
*/
private static Manifest addDigestsToManifest(JarFile jar, int hashes)
throws IOException, GeneralSecurityException {
Manifest input = jar.getManifest();
Manifest output = new Manifest();
Attributes main = output.getMainAttributes();
if (input != null) {
main.putAll(input.getMainAttributes());
} else {
main.putValue("Manifest-Version", "1.0");
main.putValue("Created-By", "1.0 (Android SignApk)");
}
MessageDigest md_sha1 = null;
MessageDigest md_sha256 = null;
if ((hashes & USE_SHA1) != 0) {
md_sha1 = MessageDigest.getInstance("SHA1");
}
if ((hashes & USE_SHA256) != 0) {
md_sha256 = MessageDigest.getInstance("SHA256");
}
byte[] buffer = new byte[4096];
int num;
// We sort the input entries by name, and add them to the
// output manifest in sorted order. We expect that the output
// map will be deterministic.
TreeMap<String, JarEntry> byName = new TreeMap<String, JarEntry>();
for (Enumeration<JarEntry> e = jar.entries(); e.hasMoreElements(); ) {
JarEntry entry = e.nextElement();
byName.put(entry.getName(), entry);
}
for (JarEntry entry: byName.values()) {
String name = entry.getName();
if (!entry.isDirectory() &&
(stripPattern == null || !stripPattern.matcher(name).matches())) {
InputStream data = jar.getInputStream(entry);
while ((num = data.read(buffer)) > 0) {
if (md_sha1 != null) md_sha1.update(buffer, 0, num);
if (md_sha256 != null) md_sha256.update(buffer, 0, num);
}
Attributes attr = null;
if (input != null) attr = input.getAttributes(name);
attr = attr != null ? new Attributes(attr) : new Attributes();
if (md_sha1 != null) {
attr.putValue("SHA1-Digest",
new String(Base64.encode(md_sha1.digest()), "ASCII"));
}
if (md_sha256 != null) {
attr.putValue("SHA-256-Digest",
new String(Base64.encode(md_sha256.digest()), "ASCII"));
}
output.getEntries().put(name, attr);
}
}
return output;
}
/** Write to another stream and track how many bytes have been
* written.
*/
private static class CountOutputStream extends FilterOutputStream {
private int mCount;
public CountOutputStream(OutputStream out) {
super(out);
mCount = 0;
}
@Override
public void write(int b) throws IOException {
super.write(b);
mCount++;
}
@Override
public void write(byte[] b, int off, int len) throws IOException {
super.write(b, off, len);
mCount += len;
}
public int size() {
return mCount;
}
}
/** Write a .SF file with a digest of the specified manifest. */
private static void writeSignatureFile(Manifest manifest, OutputStream out,
int hash)
throws IOException, GeneralSecurityException {
Manifest sf = new Manifest();
Attributes main = sf.getMainAttributes();
main.putValue("Signature-Version", "1.0");
main.putValue("Created-By", "1.0 (Android SignApk)");
MessageDigest md = MessageDigest.getInstance(
hash == USE_SHA256 ? "SHA256" : "SHA1");
PrintStream print = new PrintStream(
new DigestOutputStream(new ByteArrayOutputStream(), md),
true, "UTF-8");
// Digest of the entire manifest
manifest.write(print);
print.flush();
main.putValue(hash == USE_SHA256 ? "SHA-256-Digest-Manifest" : "SHA1-Digest-Manifest",
new String(Base64.encode(md.digest()), "ASCII"));
Map<String, Attributes> entries = manifest.getEntries();
for (Map.Entry<String, Attributes> entry : entries.entrySet()) {
// Digest of the manifest stanza for this entry.
print.print("Name: " + entry.getKey() + "\r\n");
for (Map.Entry<Object, Object> att : entry.getValue().entrySet()) {
print.print(att.getKey() + ": " + att.getValue() + "\r\n");
}
print.print("\r\n");
print.flush();
Attributes sfAttr = new Attributes();
sfAttr.putValue(hash == USE_SHA256 ? "SHA-256-Digest" : "SHA1-Digest-Manifest",
new String(Base64.encode(md.digest()), "ASCII"));
sf.getEntries().put(entry.getKey(), sfAttr);
}
CountOutputStream cout = new CountOutputStream(out);
sf.write(cout);
// A bug in the java.util.jar implementation of Android platforms
// up to version 1.6 will cause a spurious IOException to be thrown
// if the length of the signature file is a multiple of 1024 bytes.
// As a workaround, add an extra CRLF in this case.
if ((cout.size() % 1024) == 0) {
cout.write('\r');
cout.write('\n');
}
}
/** Sign data and write the digital signature to 'out'. */
private static void writeSignatureBlock(
CMSTypedData data, X509Certificate publicKey, PrivateKey privateKey,
OutputStream out)
throws IOException,
CertificateEncodingException,
OperatorCreationException,
CMSException {
ArrayList<X509Certificate> certList = new ArrayList<>(1);
certList.add(publicKey);
JcaCertStore certs = new JcaCertStore(certList);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
ContentSigner signer = new JcaContentSignerBuilder(getSignatureAlgorithm(publicKey))
.setProvider(sBouncyCastleProvider)
.build(privateKey);
gen.addSignerInfoGenerator(
new JcaSignerInfoGeneratorBuilder(
new JcaDigestCalculatorProviderBuilder()
.setProvider(sBouncyCastleProvider)
.build())
.setDirectSignature(true)
.build(signer, publicKey));
gen.addCertificates(certs);
CMSSignedData sigData = gen.generate(data, false);
ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded());
DEROutputStream dos = new DEROutputStream(out);
dos.writeObject(asn1.readObject());
}
/**
* Copy all the files in a manifest from input to output. We set
* the modification times in the output to a fixed time, so as to
* reduce variation in the output file and make incremental OTAs
* more efficient.
*/
private static void copyFiles(Manifest manifest, JarFile in, JarOutputStream out,
long timestamp, int alignment) throws IOException {
byte[] buffer = new byte[4096];
int num;
Map<String, Attributes> entries = manifest.getEntries();
ArrayList<String> names = new ArrayList<String>(entries.keySet());
Collections.sort(names);
boolean firstEntry = true;
long offset = 0L;
// We do the copy in two passes -- first copying all the
// entries that are STORED, then copying all the entries that
// have any other compression flag (which in practice means
// DEFLATED). This groups all the stored entries together at
// the start of the file and makes it easier to do alignment
// on them (since only stored entries are aligned).
for (String name : names) {
JarEntry inEntry = in.getJarEntry(name);
JarEntry outEntry = null;
if (inEntry.getMethod() != JarEntry.STORED) continue;
// Preserve the STORED method of the input entry.
outEntry = new JarEntry(inEntry);
outEntry.setTime(timestamp);
// 'offset' is the offset into the file at which we expect
// the file data to begin. This is the value we need to
// make a multiple of 'alignement'.
offset += JarFile.LOCHDR + outEntry.getName().length();
if (firstEntry) {
// The first entry in a jar file has an extra field of
// four bytes that you can't get rid of; any extra
// data you specify in the JarEntry is appended to
// these forced four bytes. This is JAR_MAGIC in
// JarOutputStream; the bytes are 0xfeca0000.
offset += 4;
firstEntry = false;
}
if (alignment > 0 && (offset % alignment != 0)) {
// Set the "extra data" of the entry to between 1 and
// alignment-1 bytes, to make the file data begin at
// an aligned offset.
int needed = alignment - (int)(offset % alignment);
outEntry.setExtra(new byte[needed]);
offset += needed;
}
out.putNextEntry(outEntry);
InputStream data = in.getInputStream(inEntry);
while ((num = data.read(buffer)) > 0) {
out.write(buffer, 0, num);
offset += num;
}
out.flush();
}
// Copy all the non-STORED entries. We don't attempt to
// maintain the 'offset' variable past this point; we don't do
// alignment on these entries.
for (String name : names) {
JarEntry inEntry = in.getJarEntry(name);
JarEntry outEntry = null;
if (inEntry.getMethod() == JarEntry.STORED) continue;
// Create a new entry so that the compressed len is recomputed.
outEntry = new JarEntry(name);
outEntry.setTime(timestamp);
out.putNextEntry(outEntry);
InputStream data = in.getInputStream(inEntry);
while ((num = data.read(buffer)) > 0) {
out.write(buffer, 0, num);
}
out.flush();
}
}
// This class is to provide a file's content, but trimming out the last two bytes
// Used for signWholeFile
private static class CMSProcessableFile implements CMSTypedData {
private File file;
private ASN1ObjectIdentifier type;
private byte[] buffer;
int bufferSize = 0;
CMSProcessableFile(File file) {
this.file = file;
type = new ASN1ObjectIdentifier(CMSObjectIdentifiers.data.getId());
buffer = new byte[4096];
}
@Override
public ASN1ObjectIdentifier getContentType() {
return type;
}
@Override
public void write(OutputStream out) throws IOException, CMSException {
FileInputStream input = new FileInputStream(file);
long len = file.length() - 2;
while ((bufferSize = input.read(buffer)) > 0) {
if (len <= bufferSize) {
out.write(buffer, 0, (int) len);
break;
} else {
out.write(buffer, 0, bufferSize);
}
len -= bufferSize;
}
}
@Override
public Object getContent() {
return file;
}
byte[] getTail() {
return Arrays.copyOfRange(buffer, 0, bufferSize);
}
}
private static void signWholeFile(File input, X509Certificate publicKey,
PrivateKey privateKey, OutputStream outputStream)
throws Exception {
ByteArrayOutputStream temp = new ByteArrayOutputStream();
// put a readable message and a null char at the start of the
// archive comment, so that tools that display the comment
// (hopefully) show something sensible.
// TODO: anything more useful we can put in this message?
byte[] message = "signed by SignApk".getBytes("UTF-8");
temp.write(message);
temp.write(0);
CMSProcessableFile cmsFile = new CMSProcessableFile(input);
writeSignatureBlock(cmsFile, publicKey, privateKey, temp);
// For a zip with no archive comment, the
// end-of-central-directory record will be 22 bytes long, so
// we expect to find the EOCD marker 22 bytes from the end.
byte[] zipData = cmsFile.getTail();
if (zipData[zipData.length-22] != 0x50 ||
zipData[zipData.length-21] != 0x4b ||
zipData[zipData.length-20] != 0x05 ||
zipData[zipData.length-19] != 0x06) {
throw new IllegalArgumentException("zip data already has an archive comment");
}
int total_size = temp.size() + 6;
if (total_size > 0xffff) {
throw new IllegalArgumentException("signature is too big for ZIP file comment");
}
// signature starts this many bytes from the end of the file
int signature_start = total_size - message.length - 1;
temp.write(signature_start & 0xff);
temp.write((signature_start >> 8) & 0xff);
// Why the 0xff bytes? In a zip file with no archive comment,
// bytes [-6:-2] of the file are the little-endian offset from
// the start of the file to the central directory. So for the
// two high bytes to be 0xff 0xff, the archive would have to
// be nearly 4GB in size. So it's unlikely that a real
// commentless archive would have 0xffs here, and lets us tell
// an old signed archive from a new one.
temp.write(0xff);
temp.write(0xff);
temp.write(total_size & 0xff);
temp.write((total_size >> 8) & 0xff);
temp.flush();
// Signature verification checks that the EOCD header is the
// last such sequence in the file (to avoid minzip finding a
// fake EOCD appended after the signature in its scan). The
// odds of producing this sequence by chance are very low, but
// let's catch it here if it does.
byte[] b = temp.toByteArray();
for (int i = 0; i < b.length-3; ++i) {
if (b[i] == 0x50 && b[i+1] == 0x4b && b[i+2] == 0x05 && b[i+3] == 0x06) {
throw new IllegalArgumentException("found spurious EOCD header at " + i);
}
}
cmsFile.write(outputStream);
outputStream.write(total_size & 0xff);
outputStream.write((total_size >> 8) & 0xff);
temp.writeTo(outputStream);
}
private static void signFile(Manifest manifest, JarFile inputJar,
X509Certificate publicKey, PrivateKey privateKey,
JarOutputStream outputJar)
throws Exception {
// Assume the certificate is valid for at least an hour.
long timestamp = publicKey.getNotBefore().getTime() + 3600L * 1000;
// MANIFEST.MF
JarEntry je = new JarEntry(JarFile.MANIFEST_NAME);
je.setTime(timestamp);
outputJar.putNextEntry(je);
manifest.write(outputJar);
je = new JarEntry(CERT_SF_NAME);
je.setTime(timestamp);
outputJar.putNextEntry(je);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
writeSignatureFile(manifest, baos, getDigestAlgorithm(publicKey));
byte[] signedData = baos.toByteArray();
outputJar.write(signedData);
// CERT.{EC,RSA} / CERT#.{EC,RSA}
final String keyType = publicKey.getPublicKey().getAlgorithm();
je = new JarEntry(String.format(CERT_SIG_NAME, keyType));
je.setTime(timestamp);
outputJar.putNextEntry(je);
writeSignatureBlock(new CMSProcessableByteArray(signedData),
publicKey, privateKey, outputJar);
}
public static void main(String[] args) {
boolean minSign = false;
int argStart = 0;
if (args.length < 4) {
System.err.println("Usage: zipsigner [-m] publickey.x509[.pem] privatekey.pk8 input.jar output.jar");
System.exit(2);
}
if (args[0].equals("-m")) {
minSign = true;
argStart = 1;
}
sBouncyCastleProvider = new BouncyCastleProvider();
Security.insertProviderAt(sBouncyCastleProvider, 1);
File pubKey = new File(args[argStart]);
File privKey = new File(args[argStart + 1]);
File input = new File(args[argStart + 2]);
File output = new File(args[argStart + 3]);
int alignment = 4;
JarFile inputJar = null;
FileOutputStream outputFile = null;
int hashes = 0;
try {
X509Certificate publicKey = readPublicKey(new FileInputStream(pubKey));
hashes |= getDigestAlgorithm(publicKey);
// Set the ZIP file timestamp to the starting valid time
// of the 0th certificate plus one hour (to match what
// we've historically done).
long timestamp = publicKey.getNotBefore().getTime() + 3600L * 1000;
PrivateKey privateKey = readPrivateKey(new FileInputStream(privKey));
outputFile = new FileOutputStream(output);
if (minSign) {
ZipSigner.signWholeFile(input, publicKey, privateKey, outputFile);
} else {
inputJar = new JarFile(input, false); // Don't verify.
JarOutputStream outputJar = new JarOutputStream(outputFile);
// For signing .apks, use the maximum compression to make
// them as small as possible (since they live forever on
// the system partition). For OTA packages, use the
// default compression level, which is much much faster
// and produces output that is only a tiny bit larger
// (~0.1% on full OTA packages I tested).
outputJar.setLevel(9);
Manifest manifest = addDigestsToManifest(inputJar, hashes);
copyFiles(manifest, inputJar, outputJar, timestamp, alignment);
signFile(manifest, inputJar, publicKey, privateKey, outputJar);
outputJar.close();
}
} catch (Exception e) {
e.printStackTrace();
System.exit(1);
} finally {
try {
if (inputJar != null) inputJar.close();
if (outputFile != null) outputFile.close();
} catch (IOException e) {
e.printStackTrace();
System.exit(1);
}
}
}
}