Update Magisk Manager

Update rules for Android P
Android P renamed nonplat_properties
2025-08-14 15:27:25 +00:00 · 2018-03-11 08:37:13 +08:00 · 2018-03-11 08:36:20 +08:00 · 2018-03-11 02:53:57 +08:00 · 2018-03-11 02:52:24 +08:00 · 2018-03-10 15:55:55 +08:00
175 changed files with 11547 additions and 8266 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,7 +1,16 @@
-obj/
-libs/
+out
 *.zip
 *.jks
+*.apk

-# Copied binaries
+# Built binaries
 ziptools/zipadjust
+
+# Android Studio / Gradle
+*.iml
+.gradle
+/local.properties
+/.idea
+/build
+/captures
+.externalNativeBuild
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,18 +1,27 @@
-[submodule "jni/selinux"]
-	path = jni/selinux
+[submodule "selinux"]
+	path = native/jni/external/selinux
 	url = https://github.com/topjohnwu/selinux.git
-[submodule "jni/su"]
-	path = jni/su
+[submodule "su"]
+	path = native/jni/su
 	url = https://github.com/topjohnwu/MagiskSU.git
-[submodule "jni/ndk-compression"]
-	path = jni/ndk-compression
-	url = https://github.com/topjohnwu/ndk-compression.git
-[submodule "jni/magiskpolicy"]
-	path = jni/magiskpolicy
+[submodule "magiskpolicy"]
+	path = native/jni/magiskpolicy
 	url = https://github.com/topjohnwu/magiskpolicy.git
 [submodule "MagiskManager"]
-	path = MagiskManager
+	path = app
 	url = https://github.com/topjohnwu/MagiskManager.git
-[submodule "jni/busybox"]
-	path = jni/busybox
+[submodule "busybox"]
+	path = native/jni/external/busybox
 	url = https://github.com/topjohnwu/ndk-busybox.git
+[submodule "dtc"]
+	path = native/jni/external/dtc
+	url = https://github.com/dgibson/dtc
+[submodule "lz4"]
+	path = native/jni/external/lz4
+	url = https://github.com/lz4/lz4.git
+[submodule "bzip2"]
+	path = native/jni/external/bzip2
+	url = https://github.com/nemequ/bzip2.git
+[submodule "xz"]
+	path = native/jni/external/xz
+	url = https://github.com/xz-mirror/xz.git
--- a/1
+++ b/1
--- a/README.MD
+++ b/README.MD
@@ -2,34 +2,28 @@

 ## How to build Magisk

-#### Building has been tested on 3 major platforms:
+#### Building has been tested on 3 major platforms: macOS, Ubuntu, Windows 10

-**macOS 10.12**  
-**Ubuntu 17.04 x64**  
-**Windows 10 x64**
+### Environment Requirements

-#### Environment Requirements
+1. Python 3.5+: run `build.py` script
+2. Java Development Kit (JDK) 8: Compile Magisk Manager and sign zips
+3. Latest Android SDK: `ANDROID_HOME` environment variable should point to the Android SDK folder
+4. Android NDK: Install NDK along with SDK (`$ANDROID_HOME/ndk-bundle`), or specify custom path `ANDROID_NDK`
+5. (Windows Only) Python package Colorama: Install with `pip install colorama`, used for ANSI color codes

-1. A 64-bit machine: `cmake` for Android is only available in 64-bit
-2. Python 3.5+: to run the build script
-3. Java Development Kit (JDK) 8: To compile Magisk Manager and sign zips
-4. C compiler (Unix only): To build `zipadjust`. Windows users can use the pre-built `zipadjust.exe`
-5. Android SDK: `ANDROID_HOME` environment variable should point to the Android SDK folder
-6. Android NDK: Install NDK via `sdkmanager`, or via Android SDK Manager in Android Studio
-
-#### Instructions and Notes
-
-1. The easiest way to setup a working environment is to open Magisk Manager with Android Studio. The IDE will download required components and construct the environment for you. Don't forget to set `ANDROID_HOME` environment variable to the SDK path.
-2. Windows users: while installing Python 3 on Windows, allow the installer to add Python to `PATH`, or you'll have to add it manually afterwards. By default, the Python executable is setup as `python`, not `python3` like most Unix environment. If you have both Python 2 and Python 3 installed, you'll have to deal with the executable name and `PATH` yourself. To double check the Python version, call `python --version`.
-3. To run the script, on Windows call `python build.py [args...]`; on Unix call `python3 build.py [args...]`, or simply `./build.py [args...]`. To see the built-in help message, call the script with `-h` as an argument. The `-h` option also works for each supported actions to see the help message for the specific action.
-4. By default, the script will build binaries and Magisk Manager in debug mode, which will enable verbose debugging messages. If you want to build Magisk Manager in release mode (through the flag `--release`), you will need to place your Java Keystore file in `release_signature.jks` to sign Magisk Manager's APK. For more information, check out [Google's Official Documentation](https://developer.android.com/studio/publish/app-signing.html#signing-manually).
-5. The python build script uses ANSI color codes to change the color of the terminal output. For Windows, this **only** works on Windows 10, as previous Windows console do not support them. If you use an older Windows version, a quick Google search should provide many workarounds.
+### Instructions and Notes
+1. Magisk can be built with the latest NDK (r16 as of writing), however binaries released officially will be built with NDK r10e due to ELF incompatibilities with the binaries built from the newer NDKs.
+2. The easiest way to setup the environment is by importing the folder as an Android Studio project. The IDE will download required components and construct the environment for you. You still have to set the `ANDROID_HOME` environment variable to point to the SDK path.
+3. Run `build.py` with argument `-h` to see the built-in help message. The `-h` option also works for each supported actions, e.g. `./build.py binary -h`
+4. Build everything with `build.py`, don't directly call `gradlew` or `ndk-build`, since most requires special setup / dependencies.
+5. By default, `build.py` will build binaries and Magisk Manager in debug mode. If you want to build Magisk Manager in release mode (through the flag `--release`), you will need to place a Java Keystore file at `release_signature.jks` to sign Magisk Manager's APK. For more information, check out [Google's Official Documentation](https://developer.android.com/studio/publish/app-signing.html#signing-manually).


 ## License

 ```
-Magisk, including all subprojects (git submodule) is free software:
+Magisk, including all git submodules are free software:
 you can redistribute it and/or modify it under the terms of the 
 GNU General Public License as published by the Free Software Foundation, 
 either version 3 of the License, or (at your option) any later version.
@@ -45,51 +39,41 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.

 ## Credits

-**MagiskManager** (`MagiskManager`)
+**MagiskManager** (`app`)

-* Copyright 2016-2017, John Wu (@topjohnwu)
-* All contributors and translators
+* Copyright 2016-2018, John Wu (@topjohnwu)
+* All contributors and translators on Github

-**MagiskSU** (`jni/su`)
+**MagiskSU** (`native/jni/su`)

-* Copyright 2016-2017, John Wu (@topjohnwu)
+* Copyright 2016-2018, John Wu (@topjohnwu)
 * Copyright 2015, Pierre-Hugues Husson (phh@phh.me)
 * Copyright 2013, Koushik Dutta (@koush)
 * Copyright 2010, Adam Shanks (@ChainsDD)
 * Copyright 2008, Zinx Verituse (@zinxv)

-**MagiskPolicy** (`jni/magiskpolicy`)
+**MagiskPolicy** (`native/jni/magiskpolicy`)

-* Copyright 2016-2017, John Wu (@topjohnwu)
+* Copyright 2016-2018, John Wu (@topjohnwu)
 * Copyright 2015, Pierre-Hugues Husson (phh@phh.me)
 * Copyright 2015, Joshua Brindle (@joshua_brindle)

-**MagiskHide** (`jni/magiskhide`)
+**MagiskHide** (`native/jni/magiskhide`)

-* Copyright 2016-2017, John Wu (@topjohnwu)
-* Copyright 2016, Pierre-Hugues Husson (phh@phh.me) (original hidesu)
+* Copyright 2016-2018, John Wu (@topjohnwu)
+* Copyright 2016, Pierre-Hugues Husson (phh@phh.me)

-**resetprop** (`jni/resetprop`)
+**resetprop** (`native/jni/resetprop`)

- * Copyright 2016-2017 John Wu (@topjohnwu)
+ * Copyright 2016-2018 John Wu (@topjohnwu)
 * Copyright 2016 nkk71 (nkk71x@gmail.com)

-**SELinux** (`jni/selinux`)
+**External Dependencies** (`native/jni/external`)

-* Makefile for NDK: Copyright 2016-2017, John Wu (@topjohnwu)
-* Maintained by many developers in SELinux project
-
-**ndk-compression** (`jni/ndk-compression`)
-
-* Makefile for NDK: Copyright 2017, John Wu (@topjohnwu)
-* Each library has its own copyright message in corresponding directories
-
-**ndk-busybox** (`jni/busybox`)
-
-* Makefile for NDK, generated by [ndk-busybox-kitchen](https://github.com/topjohnwu/ndk-busybox-kitchen): Copyright 2017, John Wu (@topjohnwu)
-* Patches for NDK: Many contributors along the way, all placed in [osm0sis/android-busybox-ndk](https://github.com/osm0sis/android-busybox-ndk)
-* The copyright message for busybox should be included in its own directory
+* Makefile for busybox, generated by [ndk-busybox-kitchen](https://github.com/topjohnwu/ndk-busybox-kitchen)
+* Each dependencies has its own license/copyright information in each subdirectory.  
+All of them are either GPL or GPL compatible.

 **Others Not Mentioned**

-* Copyright 2016-2017, John Wu (@topjohnwu)
+* Copyright 2016-2018, John Wu (@topjohnwu)
--- a/1
+++ b/1
--- a/build.gradle
+++ b/build.gradle
@@ -0,0 +1,27 @@
+// Top-level build file where you can add configuration options common to all sub-projects/modules.
+
+buildscript {
+    
+    repositories {
+        google()
+        jcenter()
+    }
+    dependencies {
+        classpath 'com.android.tools.build:gradle:3.0.1'
+        
+
+        // NOTE: Do not place your application dependencies here; they belong
+        // in the individual module build.gradle files
+    }
+}
+
+allprojects {
+    repositories {
+        google()
+        jcenter()
+    }
+}
+
+task clean(type: Delete) {
+    delete rootProject.buildDir
+}
--- a/build.py
+++ b/build.py
@@ -3,6 +3,10 @@ import sys
 import os
 import subprocess

+if os.name == 'nt':
+	from colorama import init
+	init()
+
 def error(str):
 	print('\n' + '\033[41m' + str + '\033[0m' + '\n')
 	sys.exit(1)
@@ -22,13 +26,6 @@ try:
 except FileNotFoundError:
 	error('Please install Java and make sure \'java\' is available in PATH')

-# If not Windows, we need gcc to compile
-if os.name != 'nt':
-	try:
-		subprocess.run(['gcc', '-v'], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
-	except FileNotFoundError:
-		error('Please install C compiler and make sure \'gcc\' is available in PATH')
-
 import argparse
 import multiprocessing
 import zipfile
@@ -37,14 +34,37 @@ import errno
 import shutil
 import lzma
 import base64
+import tempfile

-def silentremove(file):
+if 'ANDROID_NDK' in os.environ:
+	ndk_build = os.path.join(os.environ['ANDROID_NDK'], 'ndk-build')
+else:
+	ndk_build = os.path.join(os.environ['ANDROID_HOME'], 'ndk-bundle', 'ndk-build')
+
+def mv(source, target):
+	print('mv: {} -> {}'.format(source, target))
+	shutil.move(source, target)
+
+def cp(source, target):
+	print('cp: {} -> {}'.format(source, target))
+	shutil.copyfile(source, target)
+
+def rm(file):
 	try:
-	    os.remove(file)
+		os.remove(file)
 	except OSError as e:
 		if e.errno != errno.ENOENT:
 			raise

+def mkdir(path, mode=0o777):
+	try:
+		os.mkdir(path, mode)
+	except:
+		pass
+
+def mkdir_p(path, mode=0o777):
+	os.makedirs(path, mode, exist_ok=True)
+
 def zip_with_msg(zipfile, source, target):
 	if not os.path.exists(source):
 		error('{} does not exist! Try build \'binary\' and \'apk\' before zipping!'.format(source))
@@ -56,53 +76,61 @@ def build_all(args):
 	build_apk(args)
 	zip_main(args)
 	zip_uninstaller(args)
+	build_snet(args)

 def build_binary(args):
 	header('* Building Magisk binaries')

-	# Force update Android.mk timestamp to trigger recompilation
-	os.utime(os.path.join('jni', 'Android.mk'))
+	# Force update logging.h timestamp to trigger recompilation
+	os.utime(os.path.join('native', 'jni', 'include', 'logging.h'))

-	ndk_build = os.path.join(os.environ['ANDROID_HOME'], 'ndk-bundle', 'ndk-build')
 	debug_flag = '' if args.release else '-DMAGISK_DEBUG'
-	proc = subprocess.run('{} APP_CFLAGS=\"-DMAGISK_VERSION=\\\"{}\\\" -DMAGISK_VER_CODE={} {}\" -j{}'.format(
-		ndk_build, args.versionString, args.versionCode, debug_flag, multiprocessing.cpu_count()), shell=True)
+	cflag = 'MAGISK_FLAGS=\"-DMAGISK_VERSION=\\\"{}\\\" -DMAGISK_VER_CODE={} {}\"'.format(args.versionString, args.versionCode, debug_flag)
+
+	# Prebuild
+	proc = subprocess.run('{} -C native PRECOMPILE=true {} -j{}'.format(ndk_build, cflag, multiprocessing.cpu_count()), shell=True)
 	if proc.returncode != 0:
 		error('Build Magisk binary failed!')

+	print('')
+	for arch in ['arm64-v8a', 'armeabi-v7a', 'x86', 'x86_64']:
+		mkdir_p(os.path.join('out', arch))
+		with open(os.path.join('out', arch, 'dump.h'), 'w') as dump:
+			dump.write('#include "stdlib.h"\n')
+			mv(os.path.join('native', 'libs', arch, 'magisk'), os.path.join('out', arch, 'magisk'))
+			with open(os.path.join('out', arch, 'magisk'), 'rb') as bin:
+				dump.write('const uint8_t magisk_dump[] = "')
+				dump.write(''.join("\\x{:02X}".format(c) for c in lzma.compress(bin.read(), preset=9)))
+				dump.write('";\n')
+
+	print('')
+
+	proc = subprocess.run('{} -C native {} -j{}'.format(ndk_build, cflag, multiprocessing.cpu_count()), shell=True)
+	if proc.returncode != 0:
+		error('Build Magisk binary failed!')
+
+	print('')
+	for arch in ['arm64-v8a', 'armeabi-v7a', 'x86', 'x86_64']:
+		for binary in ['magiskinit', 'magiskboot', 'b64xz', 'busybox']:
+			try:
+				mv(os.path.join('native', 'libs', arch, binary), os.path.join('out', arch, binary))
+			except:
+				pass
+
 def build_apk(args):
 	header('* Building Magisk Manager')

-	for key in ['public.certificate.x509.pem', 'private.key.pk8']:
-		source = os.path.join('ziptools', key)
-		target = os.path.join('MagiskManager', 'app', 'src', 'main', 'assets', key)
-		print('cp: {} -> {}'.format(source, target))
-		shutil.copyfile(source, target)
-
+	mkdir(os.path.join('app', 'src', 'main', 'assets'))
 	for script in ['magisk_uninstaller.sh', 'util_functions.sh']:
 		source = os.path.join('scripts', script)
-		target = os.path.join('MagiskManager', 'app', 'src', 'main', 'assets', script)
-		print('cp: {} -> {}'.format(source, target))
-		shutil.copyfile(source, target)
-
-	os.chdir('MagiskManager')
-
-	# Build unhide app and place in assets
-	proc = subprocess.run('{} unhide::assembleRelease'.format(os.path.join('.', 'gradlew')), shell=True)
-	if proc.returncode != 0:
-		error('Build Magisk Manager failed!')
-	source = os.path.join('unhide', 'build', 'outputs', 'apk', 'release', 'unhide-release-unsigned.apk')
-	target = os.path.join('app', 'src', 'main', 'assets', 'unhide.apk')
-	print('cp: {} -> {}'.format(source, target))
-	shutil.copyfile(source, target)
-
-	print('')
+		target = os.path.join('app', 'src', 'main', 'assets', script)
+		cp(source, target)

 	if args.release:
-		if not os.path.exists(os.path.join('..', 'release_signature.jks')):
+		if not os.path.exists('release_signature.jks'):
 			error('Please generate a java keystore and place it in \'release_signature.jks\'')

-		proc = subprocess.run('{} app::assembleRelease'.format(os.path.join('.', 'gradlew')), shell=True)
+		proc = subprocess.run('{} app:assembleRelease'.format(os.path.join('.', 'gradlew')), shell=True)
 		if proc.returncode != 0:
 			error('Build Magisk Manager failed!')

@@ -113,8 +141,8 @@ def build_apk(args):
 		# Find the latest build tools
 		build_tool = sorted(os.listdir(os.path.join(os.environ['ANDROID_HOME'], 'build-tools')))[-1]

-		silentremove(aligned)
-		silentremove(release)
+		rm(aligned)
+		rm(release)

 		proc = subprocess.run([
 			os.path.join(os.environ['ANDROID_HOME'], 'build-tools', build_tool, 'zipalign'),
@@ -132,87 +160,58 @@ def build_apk(args):
 			error('Cannot find apksigner.jar in Android SDK build tools')

 		proc = subprocess.run('java -jar {} sign --ks {} --out {} {}'.format(
-			apksigner,
-			os.path.join('..', 'release_signature.jks'),
-			release, aligned), shell=True)
+			apksigner, 'release_signature.jks', release, aligned), shell=True)
 		if proc.returncode != 0:
 			error('Release sign Magisk Manager failed!')

-		silentremove(unsigned)
-		silentremove(aligned)
+		rm(unsigned)
+		rm(aligned)
+
+		mkdir('out')
+		target = os.path.join('out', 'app-release.apk')
+		print('')
+		mv(release, target)
 	else:
-		proc = subprocess.run('{} app::assembleDebug'.format(os.path.join('.', 'gradlew')), shell=True)
+		proc = subprocess.run('{} app:assembleDebug'.format(os.path.join('.', 'gradlew')), shell=True)
 		if proc.returncode != 0:
 			error('Build Magisk Manager failed!')

-	# Return to upper directory
-	os.chdir('..')
+		source = os.path.join('app', 'build', 'outputs', 'apk', 'debug', 'app-debug.apk')
+		mkdir('out')
+		target = os.path.join('out', 'app-debug.apk')
+		print('')
+		mv(source, target)

-def sign_adjust_zip(unsigned, output):
-
-	zipsigner = os.path.join('ziptools', 'zipsigner', 'build', 'libs', 'zipsigner.jar')
-
-	if os.name != 'nt' and not os.path.exists(os.path.join('ziptools', 'zipadjust')):
-		header('* Building zipadjust')
-		# Compile zipadjust
-		proc = subprocess.run('gcc -o ziptools/zipadjust ziptools/zipadjust_src/*.c -lz', shell=True)
-		if proc.returncode != 0:
-			error('Build zipadjust failed!')
-	if not os.path.exists(zipsigner):
-		header('* Building zipsigner.jar')
-		os.chdir(os.path.join('ziptools', 'zipsigner'))
-		proc = subprocess.run('{} shadowJar'.format(os.path.join('.', 'gradlew')), shell=True)
-		if proc.returncode != 0:
-			error('Build zipsigner.jar failed!')
-		os.chdir(os.path.join('..', '..'))
-
-	header('* Signing / Adjusting Zip')
-
-	publicKey = os.path.join('ziptools', 'public.certificate.x509.pem')
-	privateKey = os.path.join('ziptools', 'private.key.pk8')
-
-	# Unsigned->signed
-	proc = subprocess.run(['java', '-jar', zipsigner,
-		publicKey, privateKey, unsigned, 'tmp_signed.zip'])
+def build_snet(args):
+	proc = subprocess.run('{} snet:assembleRelease'.format(os.path.join('.', 'gradlew')), shell=True)
 	if proc.returncode != 0:
-		error('First sign flashable zip failed!')
-
-	# Adjust zip
-	proc = subprocess.run([os.path.join('ziptools', 'zipadjust'), 'tmp_signed.zip', 'tmp_adjusted.zip'])
-	if proc.returncode != 0:
-		error('Adjust flashable zip failed!')
-
-	# Adjusted -> output
-	proc = subprocess.run(['java', '-jar', zipsigner,
-		"-m", publicKey, privateKey, 'tmp_adjusted.zip', output])
-	if proc.returncode != 0:
-		error('Second sign flashable zip failed!')
-
-	# Cleanup
-	silentremove(unsigned)
-	silentremove('tmp_signed.zip')
-	silentremove('tmp_adjusted.zip')
+		error('Build snet extention failed!')
+	source = os.path.join('snet', 'build', 'outputs', 'apk', 'release', 'snet-release-unsigned.apk')
+	mkdir('out')
+	target = os.path.join('out', 'snet.apk')
+	print('')
+	mv(source, target)

 def gen_update_binary():
 	update_bin = []
-	binary = os.path.join('libs', 'armeabi-v7a', 'b64xz')
+	binary = os.path.join('out', 'armeabi-v7a', 'b64xz')
 	if not os.path.exists(binary):
 		error('Please build \'binary\' before zipping!')
 	with open(binary, 'rb') as b64xz:
-		update_bin.append('#! /sbin/sh\nEX_ARM=')
-		update_bin.append(''.join("\\\\x{:02X}".format(c) for c in b64xz.read()))
-	binary = os.path.join('libs', 'x86', 'b64xz')
+		update_bin.append('#! /sbin/sh\nEX_ARM=\'')
+		update_bin.append(''.join("\\x{:02X}".format(c) for c in b64xz.read()))
+	binary = os.path.join('out', 'x86', 'b64xz')
 	with open(binary, 'rb') as b64xz:
-		update_bin.append('\nEX_X86=')
-		update_bin.append(''.join("\\\\x{:02X}".format(c) for c in b64xz.read()))
-	binary = os.path.join('libs', 'armeabi-v7a', 'busybox')
+		update_bin.append('\'\nEX_X86=\'')
+		update_bin.append(''.join("\\x{:02X}".format(c) for c in b64xz.read()))
+	binary = os.path.join('out', 'armeabi-v7a', 'busybox')
 	with open(binary, 'rb') as busybox:
-		update_bin.append('\nBB_ARM=')
-		update_bin.append(base64.b64encode(lzma.compress(busybox.read())).decode('ascii'))
-	binary = os.path.join('libs', 'x86', 'busybox')
+		update_bin.append('\'\nBB_ARM=')
+		update_bin.append(base64.b64encode(lzma.compress(busybox.read(), preset=9)).decode('ascii'))
+	binary = os.path.join('out', 'x86', 'busybox')
 	with open(binary, 'rb') as busybox:
 		update_bin.append('\nBB_X86=')
-		update_bin.append(base64.b64encode(lzma.compress(busybox.read())).decode('ascii'))
+		update_bin.append(base64.b64encode(lzma.compress(busybox.read(), preset=9)).decode('ascii'))
 		update_bin.append('\n')
 	with open(os.path.join('scripts', 'update_binary.sh'), 'r') as script:
 		update_bin.append(script.read())
@@ -221,7 +220,9 @@ def gen_update_binary():
 def zip_main(args):
 	header('* Packing Flashable Zip')

-	with zipfile.ZipFile('tmp_unsigned.zip', 'w', compression=zipfile.ZIP_DEFLATED, allowZip64=False) as zipf:
+	unsigned = tempfile.mkstemp()[1]
+
+	with zipfile.ZipFile(unsigned, 'w', compression=zipfile.ZIP_DEFLATED, allowZip64=False) as zipf:
 		# META-INF
 		# update-binary
 		target = os.path.join('META-INF', 'com', 'google', 'android', 'update-binary')
@@ -234,14 +235,13 @@ def zip_main(args):

 		# Binaries
 		for lib_dir, zip_dir in [('arm64-v8a', 'arm64'), ('armeabi-v7a', 'arm'), ('x86', 'x86'), ('x86_64', 'x64')]:
-			for binary in ['magisk', 'magiskboot']:
-				source = os.path.join('libs', lib_dir, binary)
+			for binary in ['magiskinit', 'magiskboot']:
+				source = os.path.join('out', lib_dir, binary)
 				target = os.path.join(zip_dir, binary)
 				zip_with_msg(zipf, source, target)

 		# APK
-		source = os.path.join('MagiskManager', 'app', 'build', 'outputs', 'apk',
-			'release' if args.release else 'debug', 'app-release.apk' if args.release else 'app-debug.apk')
+		source = os.path.join('out', 'app-release.apk' if args.release else 'app-debug.apk')
 		target = os.path.join('common', 'magisk.apk')
 		zip_with_msg(zipf, source, target)

@@ -255,7 +255,7 @@ def zip_main(args):
 		with open(source, 'r') as script:
 			# Add version info util_functions.sh
 			util_func = script.read().replace(
-				'MAGISK_VERSION_STUB', 'MAGISK_VER="{}"\nMAGISK_VER_CODE={}'.format(args.versionString, args.versionCode))
+				'#MAGISK_VERSION_STUB', 'MAGISK_VER="{}"\nMAGISK_VER_CODE={}'.format(args.versionString, args.versionCode))
 			target = os.path.join('common', 'util_functions.sh')
 			print('zip: ' + source + ' -> ' + target)
 			zipf.writestr(target, util_func)
@@ -263,10 +263,6 @@ def zip_main(args):
 		source = os.path.join('scripts', 'addon.d.sh')
 		target = os.path.join('addon.d', '99-magisk.sh')
 		zip_with_msg(zipf, source, target)
-		# init.magisk.rc
-		source = os.path.join('scripts', 'init.magisk.rc')
-		target = os.path.join('common', 'init.magisk.rc')
-		zip_with_msg(zipf, source, target)

 		# Prebuilts
 		for chromeos in ['futility', 'kernel_data_key.vbprivk', 'kernel.keyblock']:
@@ -275,13 +271,15 @@ def zip_main(args):

 		# End of zipping

-	output = 'Magisk-v{}.zip'.format(args.versionString)
-	sign_adjust_zip('tmp_unsigned.zip', output)
+	output = os.path.join('out', 'Magisk-v{}.zip'.format(args.versionString))
+	sign_adjust_zip(unsigned, output)

 def zip_uninstaller(args):
 	header('* Packing Uninstaller Zip')

-	with zipfile.ZipFile('tmp_unsigned.zip', 'w', compression=zipfile.ZIP_DEFLATED, allowZip64=False) as zipf:
+	unsigned = tempfile.mkstemp()[1]
+
+	with zipfile.ZipFile(unsigned, 'w', compression=zipfile.ZIP_DEFLATED, allowZip64=False) as zipf:
 		# META-INF
 		# update-binary
 		target = os.path.join('META-INF', 'com', 'google', 'android', 'update-binary')
@@ -294,7 +292,7 @@ def zip_uninstaller(args):

 		# Binaries
 		for lib_dir, zip_dir in [('arm64-v8a', 'arm64'), ('armeabi-v7a', 'arm'), ('x86', 'x86'), ('x86_64', 'x64')]:
-			source = os.path.join('libs', lib_dir, 'magiskboot')
+			source = os.path.join('out', lib_dir, 'magiskboot')
 			target = os.path.join(zip_dir, 'magiskboot')
 			zip_with_msg(zipf, source, target)

@@ -307,11 +305,9 @@ def zip_uninstaller(args):
 		source = os.path.join('scripts', 'util_functions.sh')
 		with open(source, 'r') as script:
 			# Remove the stub
-			util_func = script.read().replace(
-				'MAGISK_VERSION_STUB', '')
 			target = os.path.join('util_functions.sh')
 			print('zip: ' + source + ' -> ' + target)
-			zipf.writestr(target, util_func)
+			zipf.writestr(target, script.read())

 		# Prebuilts
 		for chromeos in ['futility', 'kernel_data_key.vbprivk', 'kernel.keyblock']:
@@ -320,29 +316,50 @@ def zip_uninstaller(args):

 		# End of zipping

-	output = 'Magisk-uninstaller-{}.zip'.format(datetime.datetime.now().strftime('%Y%m%d'))
-	sign_adjust_zip('tmp_unsigned.zip', output)
+	output = os.path.join('out', 'Magisk-uninstaller-{}.zip'.format(datetime.datetime.now().strftime('%Y%m%d')))
+	sign_adjust_zip(unsigned, output)
+
+def sign_adjust_zip(unsigned, output):
+	signer_name = 'zipsigner-2.1.jar'
+	jarsigner = os.path.join('utils', 'build', 'libs', signer_name)
+
+	if not os.path.exists(jarsigner):
+		header('* Building ' + signer_name)
+		proc = subprocess.run('{} utils:shadowJar'.format(os.path.join('.', 'gradlew')), shell=True)
+		if proc.returncode != 0:
+			error('Build {} failed!'.format(signer_name))
+
+	header('* Signing Zip')
+
+	signed = tempfile.mkstemp()[1]
+
+	proc = subprocess.run(['java', '-jar', jarsigner, unsigned, output])
+	if proc.returncode != 0:
+		error('Signing zip failed!')

 def cleanup(args):
 	if len(args.target) == 0:
-		args.target = ['binary', 'apk', 'zip']
+		args.target = ['binary', 'java', 'zip']

 	if 'binary' in args.target:
-		header('* Cleaning Magisk binaries')
-		subprocess.run(os.path.join(os.environ['ANDROID_HOME'], 'ndk-bundle', 'ndk-build') + ' clean', shell=True)
+		header('* Cleaning binaries')
+		subprocess.run(ndk_build + ' -C native PRECOMPILE=true clean', shell=True)
+		subprocess.run(ndk_build + ' -C native clean', shell=True)
+		for arch in ['arm64-v8a', 'armeabi-v7a', 'x86', 'x86_64']:
+			shutil.rmtree(os.path.join('out', arch), ignore_errors=True)

-	if 'apk' in args.target:
-		header('* Cleaning Magisk Manager')
-		os.chdir('MagiskManager')
-		subprocess.run('{} clean'.format(os.path.join('.', 'gradlew')), shell=True)
-		os.chdir('..')
+	if 'java' in args.target:
+		header('* Cleaning java')
+		subprocess.run('{} app:clean snet:clean utils:clean'.format(os.path.join('.', 'gradlew')), shell=True)
+		for f in os.listdir('out'):
+			if '.apk' in f:
+				rm(os.path.join('out', f))

 	if 'zip' in args.target:
-		header('* Cleaning created zip files')
-		for f in os.listdir('.'):
+		header('* Cleaning zip files')
+		for f in os.listdir('out'):
 			if '.zip' in f:
-				print('rm {}'.format(f))
-				silentremove(f)
+				rm(os.path.join('out', f))

 parser = argparse.ArgumentParser(description='Magisk build script')
 parser.add_argument('--release', action='store_true', help='compile Magisk for release')
@@ -361,6 +378,9 @@ binary_parser.set_defaults(func=build_binary)
 apk_parser = subparsers.add_parser('apk', help='build Magisk Manager APK')
 apk_parser.set_defaults(func=build_apk)

+snet_parser = subparsers.add_parser('snet', help='build snet extention for Magisk Manager')
+snet_parser.set_defaults(func=build_snet)
+
 zip_parser = subparsers.add_parser('zip', help='zip and sign Magisk into a flashable zip')
 zip_parser.add_argument('versionString')
 zip_parser.add_argument('versionCode', type=int)
@@ -369,13 +389,13 @@ zip_parser.set_defaults(func=zip_main)
 uninstaller_parser = subparsers.add_parser('uninstaller', help='create flashable uninstaller')
 uninstaller_parser.set_defaults(func=zip_uninstaller)

-clean_parser = subparsers.add_parser('clean', help='clean [target...] targets: binary apk zip')
+clean_parser = subparsers.add_parser('clean', help='clean [target...] targets: binary java zip')
 clean_parser.add_argument('target', nargs='*')
 clean_parser.set_defaults(func=cleanup)

 if len(sys.argv) == 1:
-    parser.print_help()
-    sys.exit(1)
+	parser.print_help()
+	sys.exit(1)

 args = parser.parse_args()

--- a/docs/README.MD
+++ b/docs/README.MD
@@ -1,27 +1,36 @@
 # Magisk Documentations
-(Updated on 2017.8.16) ([Changelog](changelog.md))
+(Updated on 2018.1.8) ([Changelog](changelog.md))

-## Table of Content
+## Table of Contents

 - [Introduction](#introduction)
- [Procedure Diagram](https://cdn.rawgit.com/topjohnwu/Magisk/cc1809688299f1f8b5db494a234850852712c0c9/docs/procedures.html)
- [Magisk Details](details.md)    
+- [Tips and Tricks](tips.md)
+    - [OTA Installation Tips](tips.md#ota-installation-tips)
+
+The following are for developers
+
+- [Procedure Diagram](https://cdn.rawgit.com/topjohnwu/Magisk/7d1082b1cb91db90ed0a29d8b092723fc3d69c58/docs/procedures.html)
+- [Magisk Details](details.md)
    - [Boot Stages](details.md#boot-stages)
    - [Magic Mount Details](details.md#magic-mount-details)
    - [Simple Mount Details](details.md#simple-mount-details)
- [Available Applets](applets.md)
-    - [magisk](applets.md#magisk)
-    - [su](applets.md#su)
-    - [resetprop](applets.md#resetprop)
-    - [magiskpolicy](applets.md#magiskpolicy)
-    - [magiskhide](applets.md#magiskhide)
- [Modules and Repos](module_repo.md)
-    - [Modules and Templates](module_repo.md#magisk-module-format)
-    - [Submit Modules to Repo](module_repo.md#submit-your-module-to-magisk-modules-repo)
+- [Available Tools](tools.md)
+    - [magiskboot](tools.md#magiskboot)
+    - [magiskinit](tools.md#magiskinit)
+    - [magiskpolicy](tools.md#magiskpolicy)
+    - [magisk](tools.md#magisk)
+    - [su](tools.md#su)
+    - [resetprop](tools.md#resetprop)
+    - [magiskhide](tools.md#magiskhide)
+- [Modules](modules.md)
+    - [Modules and Templates](modules.md#magisk-module-format)
+    - [Submit Modules to Repo](https://github.com/topjohnwu/Magisk_Repo_Submissions)
 - [Tips and Tricks](tips.md)
    - [Remove Files](tips.md#remove-files)
    - [Remove Folders](tips.md#remove-folders)

    
 ## Introduction
-Magisk is a suite of open source tools for devices running Android version higher than 5.0 Lollipop (API 21). It establishes an environment which covers most Android aftermarket customization needs, such as root, boot scripts, SELinux patches, dm-verity/forceencrypt patches etc.. Furthermore, Magisk also provides a **Systemless Interface** to alter the system (or vendor) arbitrarily while the actual partitions stay completely intact, all of which accomplished by only patching the boot image, and adding some files into `/data`. With its systemless nature along with several other hacks, Magisk can hide modifications from device integrity verifications, one of the main target is to hide from [Google's SafetyNet API](https://developer.android.com/training/safetynet/index.html).
+Magisk is a suite of open source tools for devices running Android version higher than 5.0 Lollipop (API 21). It establishes an environment which covers most stuffs you need for Android customization, such as root, boot scripts, SELinux patches, AVB2.0 / dm-verity / forceencrypt patches etc..
+
+Furthermore, Magisk provides a **Systemless Interface** to alter the system (or vendor) arbitrarily while the actual partitions stay completely intact, all of which accomplished by only patching the boot image. With its systemless nature along with several other hacks, Magisk can hide modifications from nearly any existing system integrity verifications, one of the main target is to hide from [Google's SafetyNet API](https://developer.android.com/training/safetynet/index.html).
--- a/docs/applets.md
+++ b/docs/applets.md
@@ -1,171 +0,0 @@
-## Available Applets
-Magisk has a core binary which acts as a multi-call program with many applets. Here is an introduction to all available applets.
-
-### magisk
-The magisk binary itself provides a lot of utility functions when called with the name `magisk`. They are used in both Magisk installation and module installation. The entry point for `init` to invoke magisk's boot procedures are also listed here.
-
-Command help message:
-
-```
-Usage: magisk [applet [arguments]...]
-   or: magisk --install [SOURCE] DIR
-       if SOURCE not provided, will link itself
-   or: magisk --list
-   or: magisk --createimg IMG SIZE
-       create ext4 image, SIZE is interpreted in MB
-   or: magisk --imgsize IMG
-   or: magisk --resizeimg IMG SIZE
-       SIZE is interpreted in MB
-   or: magisk --mountimg IMG PATH
-       mount IMG to PATH and prints the loop device
-   or: magisk --umountimg PATH LOOP
-   or: magisk --[boot stage]
-       start boot stage service
-   or: magisk [options]
-   or: applet [arguments]...
-
-Supported boot stages:
-   post-fs, post-fs-data, service
-
-Options:
-   -c          print client version
-   -v          print daemon version
-   -V          print daemon version code
-
-Supported applets:
-    su, resetprop, magiskpolicy, supolicy, sepolicy-inject, magiskhide
-```
-
-### su
-The MagiskSU entrypoint. Call `su` to gain a root shell.
-
-Command help message:
-
-```
-Usage: su [options] [--] [-] [LOGIN] [--] [args...]
-
-Options:
-  -c, --command COMMAND         pass COMMAND to the invoked shell
-  -h, --help                    display this help message and exit
-  -, -l, --login                pretend the shell to be a login shell
-  -m, -p,
-  --preserve-environment        do not change environment variables
-  -s, --shell SHELL             use SHELL instead of the default /system/bin/sh
-  -u                            display the multiuser mode and exit
-  -v, --version                 display version number and exit
-  -V                            display version code and exit,
-                                this is used almost exclusively by Superuser.apk
-  -mm, -M,
-  --mount-master                run in the global mount namespace,
-                                use if you need to publicly apply mounts
-```
-
-Note: even though the `-Z, --context` option is not listed above, it actually still exists. However MagiskSU will silently ignore the option since it's not needed anymore. It is still left over because some apps still request root shell with specific contexts as an option.
-
-### resetprop
-An advanced system prop manipulation utility; you can arbitrarily alter system props using this tool. Here's some background knowledge:
-
-> System props are stored in a hybrid trie/binary tree data structure in memory; it was originally designed to only support adding nodes, and no nodes should be removed. Props can be read by many processes (e.g. via the `getprop` command); however, only the `init` process have write access to the property data. `init` provides a `property_service` to accept property update requests, so all property changes are monitored and controlled by `init` Restrictions such as **read-only** props (props that starts with `ro.`), which can only be set once and cannot be changed afterwards, is therefore implemented in `init`.
-
-**resetprop** acts just like `init`: directly access the data structure, bypassing the whole `property_service` part. Doing so, we gain **arbitrary modification** power, including altering read-only props and deleting properties. Delete properties, which was stated *"forbidden"* in the data structure, is implemented through some tricks in the data structure.
-
-One subtle thing to be aware of is that if we change props by directly modifying the data structure, `on property:foo=bar` triggers registered in `*.rc` scripts will not be triggered properly. This may be a good thing or a bad thing, depending on what behavior you expect. I made the default behavior to match the original setprop command, which **WILL** trigger events, but of course I provide a flag (`-n`) to disable it if you need this special behavior.
-
-Command help message:
-
-```
-Usage: resetprop [options] [args...]
-
-Options:
-   -v      show verbose output
-   -n      only modify property in memory
-
-resetprop  NAME VALUE        set property entry NAME with VALUE
-resetprop  --file FILE       load props from FILE
-resetprop  --delete NAME     remove prop entry NAME
-```
-
-### magiskpolicy
-(This tool is aliased to `supolicy` and `sepolicy-injection` for legacy reasons)
-
-A tool to patch `sepolicy`. **magiskpolicy** also comes with built-in rules to unleash restrictions to make Magisk work properly. `sepolicy` is a compiled binary containing SELinux rules; we directly patch rules in the binary format since we don't have access to the SELinux policy source (`*.te`) files.
-
-The Magisk daemon itself, the root shell, and all processes spawned from the daemon and root shell are all running in the context `u:r:su:s0`. This context is not only patched to be permissive, but also patched to allow any transition from `u:r:su:s0` to any domain. This was done because Samsung devices do not support permissive out of the box.
-
-The built in patches are split to 3 parts: minimal, medium, and large. The full patch will result in a huge policy file, which might cause the `sepolicy` file unable to fit in `boot.img`.
-
- The minimal patch is just enough to start Magisk daemon and allow the daemon to further patch the policy during boot time (which is called **live patch**). It is done at installation and directly into `boot.img`. 
- The medium patch covers most common operations, and is live patched as soon as Magisk daemon is started (blocking boot process).
- The large patch contains the full patch. Due to the concern of greatly increasing the boot time, it is designed to run in the background until it's joined in the non-blocking late_start bootstage.
-
-What this all means is that **only late_start service mode is guaranteed to run in a fully patched environment**. If any script is not time critical, it is **highly recommended to run those scripts in late_start service mode**.
-
-Command help message:
-
-```
-Usage: magiskpolicy [--options...] [policystatements...]
-
-Options:
-  --live                directly load patched policy to device
-  --minimal             minimal patches, used for boot image patches
-  --load <infile>       load policies from <infile>
-                        (load from live policies if not specified)
-  --save <outfile>      save policies to <outfile>
-
-One policy statement should be treated as one parameter;
-this means a full policy statement should be enclosed in quotes;
-multiple policy statements can be provided in a single command
-
-The statements has a format of "<action> [args...]"
-Use '*' in args to represent every possible match.
-Collections wrapped in curly brackets can also be used as args.
-
-Supported policy statements:
-
-Type 1:
-"<action> source-class target-class permission-class permission"
-Action: allow, deny, auditallow, auditdeny
-
-Type 2:
-"<action> source-class target-class permission-class ioctl range"
-Action: allowxperm, auditallowxperm, dontauditxperm
-
-Type 3:
-"<action> class"
-Action: create, permissive, enforcing
-
-Type 4:
-"attradd class attribute"
-
-Type 5:
-"typetrans source-class target-class permission-class default-class (optional: object-name)"
-
-Notes:
- typetrans does not support the all match '*' syntax
- permission-class cannot be collections
- source-class and target-class can also be attributes
-
-Example: allow { source1 source2 } { target1 target2 } permission-class *
-Will be expanded to:
-
-allow source1 target1 permission-class { all-permissions }
-allow source1 target2 permission-class { all-permissions }
-allow source2 target1 permission-class { all-permissions }
-allow source2 target2 permission-class { all-permissions }
-```
-
-### magiskhide
-This is the CLI to control the state of MagiskHide.
-
-Command help message: 
-
-```
-Usage: magiskhide [--options [arguments...] ]
-
-Options:
-  --enable          Start magiskhide
-  --disable         Stop magiskhide
-  --add PROCESS     Add PROCESS to the hide list
-  --rm PROCESS      Remove PROCESS from the hide list
-  --ls              Print out the current hide list
-```
--- a/docs/changelog.md
+++ b/docs/changelog.md
@@ -1,3 +1,8 @@
 # Changelog
 - 2017.8.16
-    - Initial version for Magisk v13.5+
+    - Initial version for Magisk v13.5
+- 2017.9.28
+    - Update applets info to Magisk v14.1
+    - Add OTA tips
+- 2017.1.8
+    - Update to Magisk v15.2
--- a/docs/details.md
+++ b/docs/details.md
@@ -2,59 +2,58 @@
 If you are working on complicated projects, you shall need more control to the whole process. Magisk can run scripts in different boot stages, so you can fine tune exactly what you want to do. It's recommended to read this documentation along with the procedure graph.

 - post-fs mode
-    - **This stage is BLOCKING. Boot process will NOT continue until everything is done, or 20 seconds has passed**
-    - Happens after most partitions are mounted, except `/data`
-    - Magisk will bind mount files under `/cache/magisk_mount/system` to corresponding paths
+    - **This stage is BLOCKING. Boot process will NOT continue until everything is done, or 10 seconds has passed**
+    - Happens after most partitions are mounted. `/data` might not be available since `vold` is not started yet
+    - Magisk will bind mount files under `/cache/magisk_mount/system` and `/cache/magisk_mount/vendor`
    - It is only **Simple Mount**, which means it will replace existing files, but cannot add/remove files.
+    - This part is mostly deprecated (reasons in details)
 - post-fs-data mode
-    - **This stage is BLOCKING. Boot process will NOT continue until everything is done, or 60 seconds has passed**
+    - **This stage is BLOCKING. Boot process will NOT continue until everything is done, or 10 seconds has passed**
    - Happens after `/data` is ready (including the case when `/data` is encrypted)
    - Happens before Zygote and system servers are started (which means pretty much everything)
-    - Mirrors will be mounted. These mirrors play a critical role in **Magic Mount**
-    - `/data/magisk.img` will be merged, trimmed, and mounted to `/magisk`
-    - Magisk will run scripts under `/magisk/.core/post-fs-data.d`
-    - Magisk will run scripts: `/magisk/$MODID/post-fs-data.sh` (placed in each module directory)
+    - `/data/adb/magisk.img` will be merged, trimmed, and mounted to `MOUNTPOINT=/sbin/.core/img`
+    - Magisk will run scripts under `$MOUNTPOINT/.core/post-fs-data.d`
+    - Magisk will run scripts: `$MOUNTPOINT/$MODID/post-fs-data.sh` (placed in each module directory)
    - Magisk will finally **Magisk Mount** module files
 - late_start service mode
    - **This stage is NON-BLOCKING, it will run in parallel with other processes**
-    - Happens when class late_start is started
-    - Put time consuming but non time critical tasks here. Boot process will be stuck if it took too long to finish your tasks in previous modes
-    - SELinux is guaranteed to be fully patched in this stage; **it is recommended to run most scripts in this stage**, unless your scripts require some time critical operations
-    - Magisk will run scripts under `/magisk/.core/service.d`
-    - Magisk will run scripts: `/magisk/$MODID/service.sh` (placed in each module directory)
+    - Happens when class late_start is triggered
+    - The daemon will wait for the full `sepolicy` patch before running this stage, so SELinux is guaranteed to be fully patched
+    - Put time consuming scripts here. Boot process will get stuck if it took too long to finish your tasks in `post-fs-data`
+    - **It is recommended to run all scripts in this stage**, unless your scripts requires doing stuffs before Zygote is started
+    - Magisk will run scripts under `$MOUNTPOINT/.core/service.d`
+    - Magisk will run scripts: `$MOUNTPOINT/$MODID/service.sh` (placed in each module directory)

 ## Magic Mount Details
 ### Terminology
 - **Item**: A folder, file, or symbolic link
- **Leaf**: The very end of a directory structure tree, can be either a file or symbolic link
+- **Leaf**: An item that is on the very end of a directory structure tree. It can be either a file or symbolic link
 - **`$MODPATH`**: A variable to represent the path of a module folder
- **Source item**: An item under `$MODPATH/system`, for example, `$MODPATH/system/build.prop` is a source item
- **Existing item**: An item under `/system`, for example, `/system/bin/app_process` is an existing item
- **Target item**: A corresponding item of a source item. For example, the target item of `$MODPATH/system/build.prop` is `/system/build.prop`
+- **Source item**: An item under `$MODPATH/system`, for example, `$MODPATH/system/bin/app_process32` is a source item
+- **Existing item**: An item in the actual filesystem, for example, `/system/bin/app_process32` is an existing item
+- **Target item**: The corresponding item of a source item. For example, the target item of `$MODPATH/system/bin/app_process32` is `/system/bin/app_process32`

-Note: A target item does not imply it is an existing item. A target item might not exist in the actual `/system`
+Note: A target item **does not** imply it is an existing item. A target item might not exist in the actual filesystem

 ### Policies
 - For a source leaf: if its target item is also an existing item, the existing item will be replaced with the source leaf
 - For a source leaf: if its target item is not an existing item, the source leaf will be added to the path of its target item
 - For any existing item that's not a target item, it will stay intact

-Above is the rule of thumb. Basically it means that Magic Mount merges the files from `$MODPATH/system` into the real `/system`. A simpler way to understand is to think as it dirty copies the contents from `$MODPATH/system` into `/system`.
+Above is the rule of thumb. Basically it means that Magic Mount merges the two folders, `$MODPATH/system` into `/system`. A simpler way to understand is to think as the items is dirty copied from `$MODPATH/system` into `/system`.

 However, an addition rule will override the above policies:

- For a source folder containing the file `.replace`, the source folder will be treated as if it is a source leaf. That is, the items within the target folder will be completely discarded, and the target folder will be replaced with the source folder.
+- For a source folder containing the file `.replace`, the source folder will be treated as if it is a leaf. That is, the items within the target folder will be completely discarded, and the target folder will be replaced with the source folder.

-Directories containing a file named `.replace` will NOT be merged into the system. It will directly replace the target directory. A simpler way to understand is to think as if it wipes the target folder, and then copies the whole folder to the target path.
+Directories containing a file named `.replace` will **NOT** be merged, instead it directly replaces the target directory. A simpler way to understand is to think as if it wipes the target folder, and then copies the whole folder to the target path.

 ### Notes
- Sometimes, completely replacing a folder is inevitable. For example you want to replace `/system/priv-app/SystemUI` in your stock rom. In stock roms, system apps usually comes with pre-optimized files. If your replacement `SystemUI.apk` is deodexed (which is most likely the case), you would want to replace the whole `/system/priv-app/SystemUI` to make sure the folder only contains the modified `SystemUI.apk` and **NOT** merge with the pre-optimized files.
+- If you want to replace files in `/vendor`, please place it under `$MODPATH/system/vendor`. Magisk will handle both cases, whether the vendor partition is separated or not under-the-hood, developers don't need to bother.
+- Sometimes, completely replacing a folder is inevitable. For example you want to replace `/system/priv-app/SystemUI` in your stock rom. In stock roms, system apps usually comes with pre-optimized files. If your replacement `SystemUI.apk` is deodexed (which is most likely the case), you would want to replace the whole `/system/priv-app/SystemUI` to make sure the folder only contains the modified `SystemUI.apk` without the pre-optimized files.
 - If you are using the [Magisk Module Template](https://github.com/topjohnwu/magisk-module-template), you can create a list of folders you want to replace in the file `config.sh`. The installation scripts will handle the creation of `.replace` files into the listed folders for you.
- Adding non-existing target items is a relatively expensive operation. Magisk would need to do **MANY** under-the-hood tasks to achieve it. Replacing a whole folder is recommended if viable, it reduces the complexity of the construction of the mounting tree and could speed up the booting time

 ## Simple Mount Details
-Some files require to be mounted much earlier in the boot process, currently known are bootanimation and some libs (most users won't change them). You can simply place your modified files into the corresponding path under `/cache/magisk_mount`. At boot time, Magisk will **clone all the attributes from the target file**, which includes selinux context, permission mode, owner, group. It'll then bind mount the file to the target. This means you don't need to worry about the metadatas for files placed under `/cache/magisk_mount`: copy the file to the correct place, reboot then you're done!
+(Note: this part is mostly deprecated, since starting with devices using A/B partitions, there is no longer a dedicated partition for cache because OTAs are applied live at boot. Instead, `/cache` now points to `/data/cache`, which means `post-fs` mode does not have access to `/cache` anymore)

-This mode does not feature the same complex Magic Mount implementation, it will mount a source leaf to an existing target item under `/system`.
-
-For example, you want to replace `/system/media/bootanimation.zip`, copy your new boot animation zip to `/cache/magisk_mount/system/media/bootanimation.zip,` Magisk will mount your files in the next reboot.
+Some files require to be mounted much earlier in the boot process, currently known are bootanimation and some libs (most users won't change them). You can simply place your modified files into the corresponding path under `/cache/magisk_mount`. For example, you want to replace `/system/media/bootanimation.zip`, copy your new boot animation zip to `/cache/magisk_mount/system/media/bootanimation.zip`, and Magisk will mount your files in the next reboot. Magisk will **clone all the attributes from the target file**, which includes selinux context, permission mode, owner, group. This means you don't need to worry about the metadata for files placed under `/cache/magisk_mount`: just copy the file to the correct place, reboot then you're done!
--- a/docs/images/disable_auto_ota.png
+++ b/docs/images/disable_auto_ota.png
--- a/docs/images/flashfire.png
+++ b/docs/images/flashfire.png
--- a/docs/images/install_second_slot.png
+++ b/docs/images/install_second_slot.png
--- a/docs/images/ota_step2.png
+++ b/docs/images/ota_step2.png
--- a/docs/images/repo_description.png
+++ b/docs/images/repo_description.png
--- a/docs/images/restore_img.png
+++ b/docs/images/restore_img.png
--- a/docs/module_repo.md
+++ b/docs/module_repo.md
@@ -1,76 +0,0 @@
-# Magisk Modules and Online Repo
-## Magisk Module Format
-The Magisk module is a folder under `magisk`, which has a structure as described below:
-
-```
-magisk
-├── .
-├── .
-├── a_module                <--- The ID of the module, should match with module.prop
-│   ├── auto_mount          <--- If this file exists, auto mount is enabled
-│   ├── disable             <--- If this file exists, the module is disabled
-│   ├── module.prop         <--- This files stores the indentity and properties of the module
-│   ├── post-fs-data.sh     <--- This script will be executed in post-fs-data
-│   ├── remove              <--- If this file exists, the module will be removed next reboot
-│   ├── service.sh          <--- This script will be executed in late_start service
-│   ├── system.prop         <--- This file will be loaded as system props
-│   ├── system              <--- If auto mount is enabled, Magisk will "Magic Mount" this folder
-│   │   ├── app
-│   │   ├── .
-│   │   └── .
-│   ├── vendor              <--- Auto generated. A symlink to $MODID/system/vendor
-│   ├── .                   <--- Any other files/folders are allowed
-│   └── .		
-├── another_module
-│   ├── .
-│   └── .
-├── .
-├── .
-```
-
-## Magisk Module Template
-The **Magisk Module Template** is hosted **[here](https://github.com/topjohnwu/magisk-module-template)**.
-
-It is a template to create a flashable zip to install Magisk Modules. It is created to be simple to use so that anyone can create their own modules easily. The template itself contains minimal scripting for installation; most of the functions are located externally in [util_functions.sh](https://github.com/topjohnwu/Magisk/blob/master/scripts/util_functions.sh), which will be installed along with Magisk, and can be upgraded through a Magisk upgrade without the need of a template update.
-
-The template should meet most modules' needs. Add files into `system`, which will be cloned into `/system` by Magisk after installing the module, and in addition to module files, `system.prop`, `post-fs-data.sh`, `service.sh` are also installable through this template.
-
-Here are some files you would want to know:
-
- `config.sh`: A simple script used as a configuration file for the actual installation file to correctly install your module. It is the place you can select which features your module needs/disables.
- `module.prop`: This file contains your module's indentity and properties, including name and versions etc.. This file will be used to identify your module on an actual device and in the [Magisk Modules Repo](https://github.com/Magisk-Modules-Repo)
- `common/*`: These files will be installed to the module with the correspond role
- `META-INF/com/google/android/update-binary`: The actual installation script. Modify this file for advanced custom behavior
-
-## Create a Magisk Module With The Template
-1. Clone / download [this repo](https://github.com/topjohnwu/magisk-module-template)
-1. Open `config.sh` and carefully read the fully documented file. Follow the instructions within the script
-1. You should at least have `config.sh` and `module.prop` modified
-1. Directly zip all files; the result zip file is a flashable zip that can be used in both Magisk Manager and custom recoveries
-1. Please check [**Notes**](#notes) for several precautions
-
-## Submit Your Module to Magisk Modules Repo
-If you want to share your module with others, you can submit your modules to [Magisk Modules Repo](https://github.com/Magisk-Modules-Repo). You would need some basic `git` knowledge here.
-
-1. Create a module as stated above, and test if it works properly
-1. Fork [this repo](https://github.com/topjohnwu/magisk-module-template) to your account
-1. Commit and push your changes to your forked repo
-1. Open an issue in [topjohnwu/Magisk_Repo_Central](https://github.com/topjohnwu/Magisk_Repo_Central/issues/new) with your repo link
-1. I will review your module, and once accepted, your repo should be cloned into [Magisk-Modules-Repo](https://github.com/Magisk-Modules-Repo)
-1. You should receive an email to become the collaborator so you can edit the repo in the future.
-
-#### Once your module is live on the Modules Repo, the description of your repo should be the ID of your module. Please do NOT change the description, repeat, do NOT change the description.
-
-![repo_description.png](repo_description.png)
-
-## Notes
- The Module Template depends on external scripts, be aware of the minimal required Magisk version of the template.
- **Windows users please check here!!** The line endings of all text files should be in the **Unix format**. Please use advanced text editors like Sublime, Atom, Notepad++ etc. to edit **ALL** text files, **NEVER** use Windows Notepad.
- In `module.prop`, `version` can be an arbitrary string, so any fancy version name (e.g. ultra-beta-v1.1.1.1) is allowed. However, `versionCode` **MUST** be an integer. The value is used for version comparison.
- Make sure your module ID **does not contain any spaces**.
-
-## Notes For Repo Developers
-
- Magisk Manager monitors all repo's `master` branch. Any changes to the branch `master` will be reflected to all users immediately. If you are working on an update for a module, please work on another branch, make sure it works, then finally merge the changes back to `master`.
- Once you finished upgrading your repo, increase at least the `versionCode` in `module.prop`. Magisk Manager uses this value to compare with the local installed module to determine whether an update is availible.
- The description of your repo should be the same as your module ID. If you changed your description, Magisk Manager will fail to identify your repo, and cannot relate installed module to the online repo together.
--- a/docs/modules.md
+++ b/docs/modules.md
@@ -0,0 +1,49 @@
+# Magisk Modules
+## Magisk Module Format
+A Magisk module is a folder placed in the root folder in `magisk.img`, which has a structure as described below:
+
+```
+$MOUNTPOINT
+├── .
+├── .
+├── $MODID                  <--- The ID of the module, should match with module.prop
+│   ├── auto_mount          <--- If this file exists, auto mount is enabled
+│   ├── disable             <--- If this file exists, the module is disabled
+│   ├── module.prop         <--- This files stores the identity and properties of the module
+│   ├── post-fs-data.sh     <--- This script will be executed in post-fs-data
+│   ├── remove              <--- If this file exists, the module will be removed next reboot
+│   ├── service.sh          <--- This script will be executed in late_start service
+│   ├── system.prop         <--- This file will be loaded as system props
+│   ├── system              <--- If auto mount is enabled, Magisk will "Magic Mount" this folder
+│   │   ├── .
+│   │   ├── .
+│   │   └── .
+│   ├── vendor              <--- Auto generated. A symlink to $MODID/system/vendor
+│   ├── .                   <--- Any other files/folders are allowed
+│   └── .		
+├── another_module
+│   ├── .
+│   └── .
+├── .
+├── .
+```
+You are not required to use my Magisk Module Template to create a module. As long as you place files with the structure above, it will be recognized as a module.
+
+## Magisk Module Template
+The **Magisk Module Template** is hosted **[here](https://github.com/topjohnwu/magisk-module-template)**.
+
+It is a template to create a flashable zip to install Magisk Modules. It is designed to be simple to use so that anyone can create their own modules easily. The template itself contains minimal scripting for installation; most of the functions are located externally in [util_functions.sh](https://github.com/topjohnwu/Magisk/blob/master/scripts/util_functions.sh), which will be installed along with Magisk, and can be upgraded through a Magisk upgrade without the need of a template update.
+
+Here are some files you would want to know:
+
+- `config.sh`: A simple script used as a configuration file. It is the place to configure which features your module needs/disables. A detailed instructions on how to use the template is also written in this file.
+- `module.prop`: This file contains your module's indentity and properties, including name and versions etc.. This file will be used to identify your module on an actual device and in the [Magisk Modules Repo](https://github.com/Magisk-Modules-Repo)
+- `common/*`: Boot stage scripts and `system.prop`
+- `META-INF/com/google/android/update-binary`: The actual installation script. Modify this file for advanced custom behavior
+
+And here are some notes to be aware of:
+
+- The template depends on external Magisk scripts, please specify the correct `minMagisk` value in `module.prop` with the template version your module is based on, or the minimum Magisk version your module is tested on.
+- **Windows users please check here!!** The line endings of all text files should be in the **Unix format**. Please use advanced text editors like Sublime, Atom, Notepad++ etc. to edit **ALL** text files, **NEVER** use Windows Notepad.
+- In `module.prop`, `version` can be an arbitrary string, so any fancy version name (e.g. `ultra-beta-v1.1.1.1`) is allowed. However, `versionCode` **MUST** be an integer. The value is used for version comparison.
+- Make sure your module ID **does not contain any spaces**.
--- a/docs/procedures.html
+++ b/docs/procedures.html
--- a/docs/tips.md
+++ b/docs/tips.md
@@ -1,6 +1,53 @@
 # Tips and Tricks
+
+## OTA Installation Tips
+Magisk do modifications systemless-ly, which means applying official OTAs is much simpler. Here I provide a few tutorials for several different kind of devices to apply OTAs and preserve Magisk after the installation if possible.
+
+**This tutorial is only for Magisk v14.1+**
+
+**NOTE: In order to apply OTAs, you HAVE to make sure you haven't modified `/system` (and `/vendor` if available) in anyway, even remounting the partition to rw will tamper block verification!!**
+
+#### Prerequisites
+1. Please disable *Automatic system updates* in developer options, so it won't install OTAs without your acknowledgement.  
+    <img src="images/disable_auto_ota.png" width="250">
+1. When an OTA is available, please go to Magisk Manager → Uninstall → Restore Images. **Do not reboot immediately or you will have Magisk uninstalled.** This will restore your boot (or dtbo if available) back to 100% untouched stock images in order to pass verifications. **This step is required before doing any of the following steps written below!**  
+    <img src="images/restore_img.png" width="250">
+
+#### Devices with A/B Partitions
+(Includes Pixel family)
+
+Due to the fact that these devices have two separate partitions and the OTA installation happens live when the system is still running, these devices have the best support: the out-of-the-box OTA installation works seamlessly and Magisk will be preserved after the installation.
+
+1. After restoring stock boot image, apply OTAs as you normally would (Settings → System → System Updates)
+1. Once the installation passed step 1 and starting step 2, go to Magisk Manager → Install → Install to Second Slot. This will install Magisk into the second boot image slot, which is the updated slot.  
+    <img src="images/ota_step2.png" width="250"> <img src="images/install_second_slot.png" width="250">
+1. Let the OTA finish its job. After a reboot, the bootloader will switch to the updated system. Magisk should still be installed since we already patched the new boot image.
+
+#### Devices with FlashFire Support
+(Includes Pixel family, Nexus family, Samsung devices)  
+(If you are using a device with A/B partitions, I **strongly** recommend you to use the method stated above since it uses the stock OTA installation mechanism and will always work under any circumstances)
+
+The [FlashFire](https://play.google.com/store/apps/details?id=eu.chainfire.flash) app developed by Chainfire is a great app to apply OTAs and preserve root at the same time. However, whether it supports your device/system combination depends on the application itself, and support may also change in the future. If you face any issues, please directly [report to Chainfire](https://forum.xda-developers.com/general/paid-software/flashfire-t3075433).  
+
+1. After restoring the stock boot image, download the OTA (Settings → System → System Updates), **do not press reboot to install.**
+1. Open FlashFire, it should detect your OTA zip. Select OK in the popup dialog to let it do its setup.
+1. Please use the options shown in the screenshot below. The key point is to disable EverRoot (or it will install SuperSU), and add a new action to flash Magisk zip **after** the OTA update.zip (the update.zip is auto generated in the previous step).  
+    <img src="images/flashfire.png" width="250">
+1. Press the big **Flash** button, after a few minutes it should reboot updated with Magisk installed.
+
+#### Other Devices - General Case
+Unfortunately, there are no real good ways to apply OTAs on all devices. Also, the tutorial provided below will not preserve Magisk - you will have to manually re-root your device after the upgrade, and this will require PC access. Here I share my personal experience with HTC U11.
+
+1. To properly install OTAs, you should have your stock recovery installed on your device. If you have custom recovery installed, you can restore it from your previous backup, or dumps found online, or factory images provided by OEMs.  
+If you decide to start by installing Magisk without touching your recovery partition, you have a few choices, either way you will end up with a Magisk rooted device, but recovery remain stock untouched:
+    - If supported, use `fastboot boot <recovery_img>` to boot the custom recovery and install Magisk. 
+    - If you have a copy of your stock boot image dump, install Magisk by patching boot image via Magisk Manager, and manually flash it through download mode / fastboot mode / Odin
+1. Once your device have stock recovery and stock boot image restored, download the OTA. Optionally, once you downloaded the OTA update zip, you can find a way to copy the zip out since you are still rooted. Personally I will extract the stock boot image and recovery image from the OTA zip for future usage (to patch via Magisk Manager or restore stock recovery etc.)
+1. Apply and reboot your device. This will use the official stock OTA installation mechanism of your device to upgrade your system.
+1. Once it's done you will be left with an upgraded, 100% stock, un-rooted device. You will have to manually flash Magisk back. Consider using the methods stated in step 1. to flash Magisk without touching the recovery partition if you want to receive stock OTAs frequently.
+
 ## Remove Files
-How to efficiently remove a file systemless-ly? To actually make the file **disappear** within the folder is complicated (possible, not worth the effort). **Replacing it with a dummy file should be good enough**! Create an empty file with the same name and place it in the same path within a module, then you're basically done!
+How to remove a file systemless-ly? To actually make the file **disappear** is complicated (possible, not worth the effort). **Replacing it with a dummy file should be good enough**! Create an empty file with the same name and place it in the same path within a module, it shall replace your target file with a dummy file.

 ## Remove Folders
-Same as mentioned above, actually making the folder to **disappear** is not worth the effort. **Replacing it with an empty folder should be good enough**! A handy trick for module developers using [Magisk Module Template](https://github.com/topjohnwu/magisk-module-template) is to add the folder you want to remove into the `REPLACE` list within `config.sh`. If your module doesn't provide a correspond folder, it will create an empty folder, and automatically add `.replace` into the empty folder so the dummy folder will properly replace the one in `/system`.
+Same as mentioned above, actually making the folder to **disappear** is not worth the effort. **Replacing it with an empty folder should be good enough**! A handy trick for module developers using [Magisk Module Template](https://github.com/topjohnwu/magisk-module-template) is to add the folder you want to remove into the `REPLACE` list within `config.sh`. If your module doesn't provide a correspond folder, it will create an empty folder, and automatically add `.replace` into the empty folder so the dummy folder will properly replace the one in `/system`.
--- a/docs/tools.md
+++ b/docs/tools.md
@@ -0,0 +1,287 @@
+## Available Tools
+Magisk comes with a lot of tools for installation, programs running as a daemon, and utilities for developers. This documentation covers 3 binaries, and many more tools are available as applets. The relation between tools are shown below:
+
+```
+magiskboot                 /* binary */
+magiskinit                 /* binary */
+magiskpolicy -> magiskinit
+supolicy -> magiskinit     /* alias of magiskpolicy */
+magisk                     /* binary */
+magiskhide -> magisk
+resetprop -> magisk
+su -> magisk
+```
+
+### magiskboot
+A tool to unpack / repack boot images, parse and patch cpio and dtbs, hex patch binaries, compress / decompress with multiple algorithms. It is used to install Magisk into boot images.
+
+`magiskboot` natively supports (which means it does not call external tools) all popular compression methods including `gzip` (used everywhere for compressing kernel and ramdisk), `lz4` (used to compress kernel in modern devices like Pixel), `lz4_legacy` (legacy LZ4 block format with special metadata used [only on LG](https://events.static.linuxfound.org/sites/events/files/lcjpcojp13_klee.pdf) to compress kernel), `lzma` (LZMA1 algorithm natively supported in Linux kernel, used in some custom kernel to compress ramdisk), `xz` (LZMA2 algorithm, very high compression rate, used in Magisk for high compression mode and storing binaries), and `bzip2` (used in desktop Linux boot images to create bzImage, haven't seen on Android yet).
+
+The concept of `magiskboot` is to keep the images as intact as possible. For unpacking, it extracts the large chunks of data (kernel, ramdisk, second, dtb, extra etc.) and decompress them if possible. When repacking a boot image, the original boot image has to be provided so it can use the original headers (including MTK specific headers) with only changing the necessary entries such as the data chunk sizes, and re-compress all data with the original compression method. The same concept also applies to CPIO patching: it does not extract all files, modify in file system, archive all files back to cpio as usually done to create Linux `initramfs`, instead we do modifications directly in the cpio level in memory without involving any data extraction.
+
+Command help message:
+
+```
+Usage: magiskboot <action> [args...]
+
+Supported actions:
+ --parse <bootimg>
+  Parse <bootimg> only, do not unpack. Return values: 
+    0:OK   1:error   2:insufficient boot partition size
+    3:chromeos   4:ELF32   5:ELF64
+
+ --unpack <bootimg>
+  Unpack <bootimg> to kernel, ramdisk.cpio, (second), (dtb), (extra) into
+  the current directory. Return value is the same as --parse
+
+ --repack <origbootimg> [outbootimg]
+  Repack kernel, ramdisk.cpio[.ext], second, dtb... from current directory
+  to [outbootimg], or new-boot.img if not specified.
+  It will compress ramdisk.cpio with the same method used in <origbootimg>,
+  or attempt to find ramdisk.cpio.[ext], and repack directly with the
+  compressed ramdisk file
+
+ --hexpatch <file> <hexpattern1> <hexpattern2>
+  Search <hexpattern1> in <file>, and replace with <hexpattern2>
+
+ --cpio <incpio> [commands...]
+  Do cpio commands to <incpio> (modifications are done directly)
+  Each command is a single argument, use quotes if necessary
+  Supported commands:
+    rm [-r] ENTRY
+      Remove ENTRY, specify [-r] to remove recursively
+    mkdir MODE ENTRY
+      Create directory ENTRY in permissions MODE
+    ln TARGET ENTRY
+      Create a symlink to TARGET with the name ENTRY
+    mv SOURCE DEST
+      Move SOURCE to DEST
+    add MODE ENTRY INFILE
+      Add INFILE as ENTRY in permissions MODE; replaces ENTRY if exists
+    extract [ENTRY OUT]
+      Extract ENTRY to OUT, or extract all entries to current directory
+    test
+      Test the current cpio's patch status. Return value: 
+      0:stock   1:Magisk   2:other (phh, SuperSU, Xposed)
+    patch KEEPVERITY KEEPFORCEENCRYPT
+      Ramdisk patches. KEEP**** are boolean values
+    backup ORIG [SHA1]
+      Create ramdisk backups from ORIG
+      SHA1 of stock boot image is optional
+    restore
+      Restore ramdisk from ramdisk backup stored within incpio
+    magisk ORIG HIGHCOMP KEEPVERITY KEEPFORCEENCRYPT [SHA1]
+      Do Magisk patches and backups all in one step
+      Create ramdisk backups from ORIG
+      HIGHCOMP, KEEP**** are boolean values
+      SHA1 of stock boot image is optional
+    sha1
+      Print stock boot SHA1 if previously stored
+
+ --dtb-<cmd> <dtb>
+  Do dtb related cmds to <dtb> (modifications are done directly)
+  Supported commands:
+    dump
+      Dump all contents from dtb for debugging
+    test
+      Check if fstab has verity/avb flags. Return value:
+      0:no flags    1:flag exists
+    patch
+      Search for fstab and remove verity/avb
+
+ --compress[=method] <infile> [outfile]
+  Compress <infile> with [method] (default: gzip), optionally to [outfile]
+  <infile>/[outfile] can be '-' to be STDIN/STDOUT
+  Supported methods: gzip xz lzma bzip2 lz4 lz4_legacy 
+
+ --decompress <infile> [outfile]
+  Detect method and decompress <infile>, optionally to [outfile]
+  <infile>/[outfile] can be '-' to be STDIN/STDOUT
+  Supported methods: gzip xz lzma bzip2 lz4 lz4_legacy 
+
+ --sha1 <file>
+  Print the SHA1 checksum for <file>
+
+ --cleanup
+  Cleanup the current working directory
+```
+
+### magiskinit
+This tool is created to unify Magisk support for both legacy "normal" devices and new `skip_initramfs` devices. The compiled binary will replace `init` in the ramdisk, so things could be done even before `init` is started.
+
+`magiskinit` is responsible for constructing a proper rootfs on devices which the actual rootfs is placed in the system partition instead of ramdisk in `boot.img`, such as the Pixel familiy and most Treble enabled devices, or I like to call it `skip_initramfs` devices: it will parse kernel cmdline, mount sysfs, parse through uevent files to make the system (or vendor if available) block device node, then copy rootfs files from system. For normal "traditional" devices, it will simply swap `init` back to the original one and continue on to the next stage.
+
+With a proper rootfs, `magiskinit` goes on and does all pre-init operations to setup a Magisk environment. It patches rootfs on the fly, providing fundamental support such as patching `init`, `init.rc`, run preliminary `sepolicy` patches, and extracts `magisk` and `init.magisk.rc` (these two files are embedded into `magiskinit`). Once all is done, it will spawn another process (`magiskinit_daemon`) to asynchronously run a full `sepolicy` patch, then starts monitoring the main Magisk daemon to make sure it is always running (a.k.a invincible mode); at the same time, it will execute the original `init` to hand the boot process back.
+
+### magiskpolicy
+(This tool is aliased to `supolicy` for compatibility with SuperSU's sepolicy tool)
+
+This tool is an applet of `magiskinit`: once `magiskinit` had finished its mission in the pre-init stage, it will preserve an entry point for `magiskpolicy`. This tool could be used for advanced developers messing with `sepolicy`, a compiled binary containing SELinux rules. Normally Linux server admins directly modifies the SELinux policy sources (`*.te`) and recompile the `sepolicy` binary, but here we directly patch the binary file since we don't have access to the sources.
+
+All processes spawned from the Magisk daemon, including root shells and all its forks, are running in the context `u:r:su:s0`. Magisk splits the built in patches into 2 parts: preliminary and full
+
+- The preliminary patch should allow all Magisk internal procedures to run properly (can be done manually by the `--magisk` option). It also contains quite a few additional patches so most scripts can run in the daemon before the full patch is done
+- The full patch adds the rule `allow su * * *` on top of the preliminary rules. This is done because stock Samsung ROMs do not support permissive; adding this rule makes the domain effectively permissive. Due to the concern of greatly increasing the boot time, the Magisk daemon will not wait for this patch to finish until the boot stage `late_start` triggers. What this means is that **only `late_start` service mode is guaranteed to run in a fully patched environment**. For non-Samsung devices it doesn't matter because `u:r:su:s0` is permissive anyways, but for full compatibility, it is **highly recommended to run boot scripts in `late_start` service mode**.
+
+Command help message:
+
+```
+Usage: magiskpolicy [--options...] [policystatements...]
+
+Options:
+  --live            directly apply patched policy live
+  --magisk          built-in rules for a Magisk selinux environment
+  --load FILE       load policies from <infile>
+  --save FILE       save policies to <outfile>
+
+If no input file is specified, it will load from current policies
+If neither --live nor --save is specified, nothing will happen
+
+One policy statement should be treated as one parameter;
+this means a full policy statement should be enclosed in quotes;
+multiple policy statements can be provided in a single command
+
+The statements has a format of "<action> [args...]"
+Use '*' in args to represent every possible match.
+Collections wrapped in curly brackets can also be used as args.
+
+Supported policy statements:
+
+Type 1:
+"<action> source-class target-class permission-class permission"
+Action: allow, deny, auditallow, auditdeny
+
+Type 2:
+"<action> source-class target-class permission-class ioctl range"
+Action: allowxperm, auditallowxperm, dontauditxperm
+
+Type 3:
+"<action> class"
+Action: create, permissive, enforcing
+
+Type 4:
+"attradd class attribute"
+
+Type 5:
+"typetrans source-class target-class permission-class default-class (optional: object-name)"
+
+Notes:
+- typetrans does not support the all match '*' syntax
+- permission-class cannot be collections
+- source-class and target-class can also be attributes
+
+Example: allow { source1 source2 } { target1 target2 } permission-class *
+Will be expanded to:
+
+allow source1 target1 permission-class { all-permissions }
+allow source1 target2 permission-class { all-permissions }
+allow source2 target1 permission-class { all-permissions }
+allow source2 target2 permission-class { all-permissions }
+```
+
+
+### magisk
+The magisk binary contains all the magic of Magisk, providing all the features Magisk has to offer. When called with the name `magisk`, it works as an utility tool with many helper functions, and also the entry point for `init` to start Magisk services. These helper functions are extensively used by the [Magisk Module Template](https://github.com/topjohnwu/magisk-module-template) and Magisk Manager.
+
+Command help message:
+
+```
+Usage: magisk [applet [arguments]...]
+   or: magisk [options]...
+
+Options:
+   -c                        print current binary version
+   -v                        print running daemon version
+   -V                        print running daemon version code
+   --list                    list all available applets
+   --install [SOURCE] DIR    symlink all applets to DIR. SOURCE is optional
+   --createimg IMG SIZE      create ext4 image. SIZE is interpreted in MB
+   --imgsize IMG             report ext4 image used/total size
+   --resizeimg IMG SIZE      resize ext4 image. SIZE is interpreted in MB
+   --mountimg IMG PATH       mount IMG to PATH and prints the loop device
+   --umountimg PATH LOOP     unmount PATH and delete LOOP device
+   --[init service]          start init service
+   --unlock-blocks           set BLKROSET flag to OFF for all block devices
+   --restorecon              fix selinux context on Magisk files and folders
+   --clone-attr SRC DEST     clone permission, owner, and selinux context
+
+Supported init services:
+   daemon, post-fs, post-fs-data, service
+
+Supported applets:
+    su, resetprop, magiskhide
+```
+
+### su
+An applet of `magisk`, the MagiskSU entry point, the good old `su` command.
+
+Command help message:
+
+```
+Usage: su [options] [-] [user [argument...]]
+
+Options:
+  -c, --command COMMAND         pass COMMAND to the invoked shell
+  -h, --help                    display this help message and exit
+  -, -l, --login                pretend the shell to be a login shell
+  -m, -p,
+  --preserve-environment        preserve the entire environment
+  -s, --shell SHELL             use SHELL instead of the default /system/bin/sh
+  -v, --version                 display version number and exit
+  -V                            display version code and exit,
+                                this is used almost exclusively by Superuser.apk
+  -mm, -M,
+  --mount-master                run in the global mount namespace,
+                                use if you need to publicly apply mounts
+```
+
+Note: even though the `-Z, --context` option is not listed above, it actually still exists for compatibility with apps using SuperSU. However MagiskSU will silently ignore the option since it's no more relevant.
+
+### resetprop
+An applet of `magisk`, an advanced system property manipulation utility. Here's some background knowledge: 
+
+System properties are stored in a hybrid trie/binary tree data structure in memory. These properties are allowed to be read by many processes (natively via `libcutils`, in shells via the `getprop` command); however, only the `init` process have direct write access to the memory of property data. `init` provides a `property_service` to accept property update requests and acts as a gatekeeper, doing things such as preventing **read-only** props to be overridden and storing **persist** props to non-volatile storages. In addition, property triggers registered in `*.rc` scripts are also handled here.
+
+`resetprop` is created by pulling out the portion of source code managing properties from AOSP and try to mimic what `init` is doing. With some hackery the result is that we have direct access to the data structure, bypassing the need to go through `property_service` to gain arbitrary control. Here is a small implementation detail: the data structure and the stack-like memory allocation method does not support removing props (they are **designed NOT** to be removed); prop deletion is accomplished by detaching the target node from the tree structure, making it effectively invisible. As we cannot reclaim the memory allocated to store the property, this wastes a few bytes of memory but it shouldn't be a big deal unless you are adding and deleting hundreds of thousands of props over and over again.
+
+Due to the fact that we bypassed `property_service`, there are a few things developer should to be aware of:
+
+- `on property:foo=bar` triggers registered in `*.rc` scripts will not be triggered when props are changed. This could be a good thing or a bad thing, depending on what behavior you expect. The default behavior of `resetprop` matches the original `setprop`, which **WILL** trigger events (implemented by deleting the prop and set the props via `property_service`), but there is a flag (`-n`) to disable it if you need this special behavior.
+- persist props are stored both in memory and in `/data/property`. By default, deleting props will **NOT** remove it from persistent storage, meaning the prop will be restored after the next reboot; reading props will **NOT** read from persistent storage, as this is the behavior of normal `getprop`. With the flag `-p` enabled, deleting props will remove the prop **BOTH** in memory and `/data/property`; props will be read from **BOTH** in memory and persistent storage.
+
+Command help message:
+
+```
+Usage: resetprop [flags] [options...]
+
+Options:
+   -h, --help        show this message
+   (no arguments)    print all properties
+   NAME              get property
+   NAME VALUE        set property entry NAME with VALUE
+   --file FILE       load props from FILE
+   --delete NAME     delete property
+
+Flags:
+   -v      print verbose output to stderr
+   -n      set properties without init triggers
+           only affects setprop
+   -p      access actual persist storage
+           only affects getprop and deleteprop
+```
+
+### magiskhide
+An applet of `magisk`, the CLI to control MagiskHide. Use this tool to communicate with the daemon to change MagiskHide settings.
+
+Command help message: 
+
+```
+Usage: magiskhide [--options [arguments...] ]
+
+Options:
+  --enable          Start magiskhide
+  --disable         Stop magiskhide
+  --add PROCESS     Add PROCESS to the hide list
+  --rm PROCESS      Remove PROCESS from the hide list
+  --ls              Print out the current hide list
+```
--- a/gradle.properties
+++ b/gradle.properties
@@ -0,0 +1,22 @@
+# Project-wide Gradle settings.
+
+# IDE (e.g. Android Studio) users:
+# Gradle settings configured through the IDE *will override*
+# any settings specified in this file.
+
+# For more details on how to configure your build environment visit
+# http://www.gradle.org/docs/current/userguide/build_environment.html
+
+# Specifies the JVM arguments used for the daemon process.
+# The setting is particularly useful for tweaking memory settings.
+# Default value: -Xmx10248m -XX:MaxPermSize=256m
+org.gradle.jvmargs=-Xmx2560m -XX:+HeapDumpOnOutOfMemoryError -Dfile.encoding=UTF-8
+
+# When configured, Gradle will run in incubating parallel mode.
+# This option should only be used with decoupled projects. More details, visit
+# http://www.gradle.org/docs/current/userguide/multi_project_builds.html#sec:decoupled_projects
+org.gradle.parallel=true
+
+# When set to true the Gradle daemon is used to run the build. For local developer builds this is our favorite property.
+# The developer environment is optimized for speed and feedback so we nearly always run Gradle jobs with the daemon.
+org.gradle.daemon=true
--- a/gradle/wrapper/gradle-wrapper.jar
+++ b/gradle/wrapper/gradle-wrapper.jar
--- a/ziptools/zipsigner/gradle/wrapper/gradle-wrapper.properties
+++ b/ziptools/zipsigner/gradle/wrapper/gradle-wrapper.properties
@@ -1,6 +1,6 @@
-#Thu Aug 24 10:35:40 CST 2017
+#Mon Dec 04 11:24:34 CST 2017
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-3.5-rc-2-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-4.1-all.zip
--- a/ziptools/zipsigner/gradlew
+++ b/ziptools/zipsigner/gradlew
@@ -1,4 +1,4 @@
-#!/usr/bin/env sh
+#!/usr/bin/env bash

 ##############################################################################
 ##
@@ -6,30 +6,12 @@
 ##
 ##############################################################################

-# Attempt to set APP_HOME
-# Resolve links: $0 may be a link
-PRG="$0"
-# Need this for relative symlinks.
-while [ -h "$PRG" ] ; do
-    ls=`ls -ld "$PRG"`
-    link=`expr "$ls" : '.*-> \(.*\)$'`
-    if expr "$link" : '/.*' > /dev/null; then
-        PRG="$link"
-    else
-        PRG=`dirname "$PRG"`"/$link"
-    fi
-done
-SAVED="`pwd`"
-cd "`dirname \"$PRG\"`/" >/dev/null
-APP_HOME="`pwd -P`"
-cd "$SAVED" >/dev/null
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS=""

 APP_NAME="Gradle"
 APP_BASE_NAME=`basename "$0"`

-# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
-DEFAULT_JVM_OPTS=""
-
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD="maximum"

@@ -48,7 +30,6 @@ die ( ) {
 cygwin=false
 msys=false
 darwin=false
-nonstop=false
 case "`uname`" in
  CYGWIN* )
    cygwin=true
@@ -59,11 +40,26 @@ case "`uname`" in
  MINGW* )
    msys=true
    ;;
-  NONSTOP* )
-    nonstop=true
-    ;;
 esac

+# Attempt to set APP_HOME
+# Resolve links: $0 may be a link
+PRG="$0"
+# Need this for relative symlinks.
+while [ -h "$PRG" ] ; do
+    ls=`ls -ld "$PRG"`
+    link=`expr "$ls" : '.*-> \(.*\)$'`
+    if expr "$link" : '/.*' > /dev/null; then
+        PRG="$link"
+    else
+        PRG=`dirname "$PRG"`"/$link"
+    fi
+done
+SAVED="`pwd`"
+cd "`dirname \"$PRG\"`/" >/dev/null
+APP_HOME="`pwd -P`"
+cd "$SAVED" >/dev/null
+
 CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar

 # Determine the Java command to use to start the JVM.
@@ -89,7 +85,7 @@ location of your Java installation."
 fi

 # Increase the maximum file descriptors if we can.
-if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
+if [ "$cygwin" = "false" -a "$darwin" = "false" ] ; then
    MAX_FD_LIMIT=`ulimit -H -n`
    if [ $? -eq 0 ] ; then
        if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
@@ -154,19 +150,11 @@ if $cygwin ; then
    esac
 fi

-# Escape application args
-save ( ) {
-    for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
-    echo " "
+# Split up the JVM_OPTS And GRADLE_OPTS values into an array, following the shell quoting and substitution rules
+function splitJvmOpts() {
+    JVM_OPTS=("$@")
 }
-APP_ARGS=$(save "$@")
+eval splitJvmOpts $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS
+JVM_OPTS[${#JVM_OPTS[*]}]="-Dorg.gradle.appname=$APP_BASE_NAME"

-# Collect all arguments for the java command, following the shell quoting and substitution rules
-eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
-
-# by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong
-if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then
-  cd "$(dirname "$0")"
-fi
-
-exec "$JAVACMD" "$@"
+exec "$JAVACMD" "${JVM_OPTS[@]}" -classpath "$CLASSPATH" org.gradle.wrapper.GradleWrapperMain "$@"
--- a/ziptools/zipsigner/gradlew.bat
+++ b/ziptools/zipsigner/gradlew.bat
@@ -8,14 +8,14 @@
@rem Set local scope for the variables with windows NT shell
 if "%OS%"=="Windows_NT" setlocal

+@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+set DEFAULT_JVM_OPTS=
+
 set DIRNAME=%~dp0
 if "%DIRNAME%" == "" set DIRNAME=.
 set APP_BASE_NAME=%~n0
 set APP_HOME=%DIRNAME%

-@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
-set DEFAULT_JVM_OPTS=
-
@rem Find java.exe
 if defined JAVA_HOME goto findJavaFromJavaHome

@@ -46,9 +46,10 @@ echo location of your Java installation.
 goto fail

 :init
-@rem Get command-line arguments, handling Windows variants
+@rem Get command-line arguments, handling Windowz variants

 if not "%OS%" == "Windows_NT" goto win9xME_args
+if "%@eval[2+2]" == "4" goto 4NT_args

 :win9xME_args
@rem Slurp the command line arguments.
@@ -59,6 +60,11 @@ set _SKIP=2
 if "x%~1" == "x" goto execute

 set CMD_LINE_ARGS=%*
+goto execute
+
+:4NT_args
+@rem Get arguments from the 4NT Shell from JP Software
+set CMD_LINE_ARGS=%$

 :execute
@rem Setup the command line
--- a/jni/Android.mk
+++ b/jni/Android.mk
@@ -1,107 +0,0 @@
-LOCAL_PATH := $(call my-dir)
-
-########################
-# Binaries
-########################
-
-# magisk main binary
-include $(CLEAR_VARS)
-LOCAL_MODULE := magisk
-LOCAL_STATIC_LIBRARIES := libsepol
-LOCAL_SHARED_LIBRARIES := libsqlite libselinux
-
-LOCAL_C_INCLUDES := \
-	$(LOCAL_PATH)/include \
-	$(LOCAL_PATH)/external \
-	$(LOCAL_PATH)/selinux/libsepol/include
-
-LOCAL_SRC_FILES := \
-	daemon/magisk.c \
-	daemon/daemon.c \
-	daemon/socket_trans.c \
-	daemon/log_monitor.c \
-	daemon/bootstages.c \
-	utils/misc.c \
-	utils/vector.c \
-	utils/xwrap.c \
-	utils/list.c \
-	utils/img.c \
-	magiskhide/magiskhide.c \
-	magiskhide/proc_monitor.c \
-	magiskhide/hide_utils.c \
-	magiskpolicy/magiskpolicy.c \
-	magiskpolicy/rules.c \
-	magiskpolicy/sepolicy.c \
-	magiskpolicy/api.c \
-	resetprop/resetprop.cpp \
-	resetprop/system_properties.cpp \
-	su/su.c \
-	su/activity.c \
-	su/db.c \
-	su/misc.c \
-	su/pts.c \
-	su/su_daemon.c \
-	su/su_socket.c
-
-LOCAL_CFLAGS := -Wno-implicit-exception-spec-mismatch
-LOCAL_CPPFLAGS := -std=c++11
-LOCAL_LDLIBS := -llog
-include $(BUILD_EXECUTABLE)
-
-# magiskboot
-include $(CLEAR_VARS)
-LOCAL_MODULE := magiskboot
-LOCAL_STATIC_LIBRARIES := libz liblzma liblz4 libbz2
-LOCAL_C_INCLUDES := \
-	$(LOCAL_PATH)/magiskboot \
-	$(LOCAL_PATH)/include \
-	$(LOCAL_PATH)/ndk-compression/zlib \
-	$(LOCAL_PATH)/ndk-compression/xz/src/liblzma/api \
-	$(LOCAL_PATH)/ndk-compression/lz4/lib \
-	$(LOCAL_PATH)/ndk-compression/bzip2
-
-LOCAL_SRC_FILES := \
-	magiskboot/main.c \
-	magiskboot/bootimg.c \
-	magiskboot/hexpatch.c \
-	magiskboot/compress.c \
-	magiskboot/boot_utils.c \
-	magiskboot/cpio.c \
-	magiskboot/sha1.c \
-	utils/xwrap.c \
-	utils/vector.c \
-	utils/list.c
-LOCAL_CFLAGS := -DZLIB_CONST
-include $(BUILD_EXECUTABLE)
-
-# 32-bit static binaries
-ifneq ($(TARGET_ARCH_ABI), x86_64)
-ifneq ($(TARGET_ARCH_ABI), arm64-v8a)
-# b64xz
-include $(CLEAR_VARS)
-LOCAL_MODULE := b64xz
-LOCAL_STATIC_LIBRARIES := liblzma
-LOCAL_C_INCLUDES := $(LOCAL_PATH)/ndk-compression/xz/src/liblzma/api
-LOCAL_SRC_FILES := b64xz.c
-LOCAL_LDFLAGS := -static
-include $(BUILD_EXECUTABLE)
-# Busybox
-include jni/busybox/Android.mk
-endif
-endif
-
-########################
-# Libraries
-########################
-
-# External shared libraries, include stub libselinux and libsqlite
-include jni/external/Android.mk
-
-# libsepol, static library
-include jni/selinux/libsepol/Android.mk
-
-# Compression libraries for magiskboot
-include jni/ndk-compression/zlib/Android.mk
-include jni/ndk-compression/xz/src/liblzma/Android.mk
-include jni/ndk-compression/lz4/lib/Android.mk
-include jni/ndk-compression/bzip2/Android.mk
--- a/jni/Application.mk
+++ b/jni/Application.mk
@@ -1,2 +0,0 @@
-APP_ABI := x86 x86_64 armeabi-v7a arm64-v8a
-APP_PLATFORM := android-21
--- a/jni/busybox
+++ b/jni/busybox
--- a/jni/daemon/daemon.c
+++ b/jni/daemon/daemon.c
@@ -1,204 +0,0 @@
-/* daemon.c - Magisk Daemon
- *
- * Start the daemon and wait for requests
- * Connect the daemon and send requests through sockets
- */
-
-#include <stdlib.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <string.h>
-#include <errno.h>
-#include <pthread.h>
-#include <sys/un.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <sys/mount.h>
-#include <selinux/selinux.h>
-
-#include "magisk.h"
-#include "utils.h"
-#include "daemon.h"
-#include "magiskpolicy.h"
-
-pthread_t sepol_patch;
-
-static void *request_handler(void *args) {
-	// Setup the default error handler for threads
-	err_handler = exit_thread;
-
-	int client = *((int *) args);
-	free(args);
-	client_request req = read_int(client);
-
-	struct ucred credentials;
-	get_client_cred(client, &credentials);
-
-	switch (req) {
-	case LAUNCH_MAGISKHIDE:
-	case STOP_MAGISKHIDE:
-	case ADD_HIDELIST:
-	case RM_HIDELIST:
-	case LS_HIDELIST:
-	case POST_FS:
-	case POST_FS_DATA:
-	case LATE_START:
-		if (credentials.uid != 0) {
-			write_int(client, ROOT_REQUIRED);
-			close(client);
-			return NULL;
-		}
-	default:
-		break;
-	}
-
-	switch (req) {
-	case LAUNCH_MAGISKHIDE:
-		launch_magiskhide(client);
-		break;
-	case STOP_MAGISKHIDE:
-		stop_magiskhide(client);
-		break;
-	case ADD_HIDELIST:
-		add_hide_list(client);
-		break;
-	case RM_HIDELIST:
-		rm_hide_list(client);
-		break;
-	case LS_HIDELIST:
-		ls_hide_list(client);
-		break;
-	case SUPERUSER:
-		su_daemon_receiver(client);
-		break;
-	case CHECK_VERSION:
-		write_string(client, MAGISK_VER_STR);
-		close(client);
-		break;
-	case CHECK_VERSION_CODE:
-		write_int(client, MAGISK_VER_CODE);
-		close(client);
-		break;
-	case POST_FS:
-		post_fs(client);
-		break;
-	case POST_FS_DATA:
-		post_fs_data(client);
-		break;
-	case LATE_START:
-		late_start(client);
-		break;
-	default:
-		break;
-	}
-	return NULL;
-}
-
-/* Setup the address and return socket fd */
-static int setup_socket(struct sockaddr_un *sun) {
-	int fd = xsocket(AF_LOCAL, SOCK_STREAM | SOCK_CLOEXEC, 0);
-	memset(sun, 0, sizeof(*sun));
-	sun->sun_family = AF_LOCAL;
-	memcpy(sun->sun_path, REQUESTOR_DAEMON_PATH, sizeof(REQUESTOR_DAEMON_PATH) - 1);
-	return fd;
-}
-
-static void *large_sepol_patch(void *args) {
-	LOGD("sepol: Starting large patch thread\n");
-	// Patch su to everything
-	sepol_allow("su", ALL, ALL, ALL);
-	dump_policydb(SELINUX_LOAD);
-	LOGD("sepol: Large patch done\n");
-	destroy_policydb();
-	return NULL;
-}
-
-void start_daemon(int client) {
-	// Launch the daemon, create new session, set proper context
-	if (getuid() != UID_ROOT || getgid() != UID_ROOT) {
-		fprintf(stderr, "Starting daemon requires root: %s\n", strerror(errno));
-		PLOGE("start daemon");
-	}
-
-	switch (fork()) {
-	case -1:
-		PLOGE("fork");
-	case 0:
-		break;
-	default:
-		return;
-	}
-
-	// First close the client, it's useless for us
-	close(client);
-	xsetsid();
-	setcon("u:r:su:s0");
-	umask(022);
-	int fd = xopen("/dev/null", O_RDWR | O_CLOEXEC);
-	xdup2(fd, STDIN_FILENO);
-	xdup2(fd, STDOUT_FILENO);
-	xdup2(fd, STDERR_FILENO);
-	close(fd);
-
-	// Patch selinux with medium patch before we do anything
-	load_policydb(SELINUX_POLICY);
-	sepol_med_rules();
-	dump_policydb(SELINUX_LOAD);
-
-	// Continue the larger patch in another thread, we will join later
-	pthread_create(&sepol_patch, NULL, large_sepol_patch, NULL);
-
-	struct sockaddr_un sun;
-	fd = setup_socket(&sun);
-
-	xbind(fd, (struct sockaddr*) &sun, sizeof(sun));
-	xlisten(fd, 10);
-
-	// Change process name
-	strcpy(argv0, "magisk_daemon");
-	// The root daemon should not do anything if an error occurs
-	// It should stay intact under any circumstances
-	err_handler = do_nothing;
-
-	LOGI("Magisk v" xstr(MAGISK_VERSION) "(" xstr(MAGISK_VER_CODE) ") daemon started\n");
-
-	// Unlock all blocks for rw
-	unlock_blocks();
-
-	// Setup links under /sbin
-	xmount(NULL, "/", NULL, MS_REMOUNT, NULL);
-	create_links(NULL, "/sbin");
-	xchmod("/sbin", 0755);
-	xmkdir("/magisk", 0755);
-	xchmod("/magisk", 0755);
-	xmount(NULL, "/", NULL, MS_REMOUNT | MS_RDONLY, NULL);
-
-	// Loop forever to listen for requests
-	while(1) {
-		int *client = xmalloc(sizeof(int));
-		*client = xaccept4(fd, NULL, NULL, SOCK_CLOEXEC);
-		pthread_t thread;
-		xpthread_create(&thread, NULL, request_handler, client);
-		// Detach the thread, we will never join it
-		pthread_detach(thread);
-	}
-}
-
-/* Connect the daemon, and return a socketfd */
-int connect_daemon() {
-	struct sockaddr_un sun;
-	int fd = setup_socket(&sun);
-	if (connect(fd, (struct sockaddr*) &sun, sizeof(sun))) {
-		/* If we cannot access the daemon, we start the daemon
-		 * since there is no clear entry point when the daemon should be started
-		 */
-		LOGD("client: connect fail, try launching new daemon process\n");
-		start_daemon(fd);
-		do {
-			// Wait for 10ms
-			usleep(10);
-		} while (connect(fd, (struct sockaddr*) &sun, sizeof(sun)));
-	}
-	return fd;
-}
--- a/jni/daemon/log_monitor.c
+++ b/jni/daemon/log_monitor.c
@@ -1,45 +0,0 @@
-/* log_monitor.c - New thread to monitor logcat
- *
- * Open a new thread to call logcat and get logs with tag "Magisk"
- * Also, write the logs to a log file for debugging purpose
- *
- */
-
-#include <stdio.h>
-#include <limits.h>
-#include <pthread.h>
-#include <unistd.h>
-#include <sys/wait.h>
-
-#include "magisk.h"
-#include "utils.h"
-#include "daemon.h"
-
-static void *logger_thread(void *args) {
-	// Setup error handler
-	err_handler = exit_thread;
-
-	rename(LOGFILE, LASTLOG);
-	int log_fd, log_pid;
-
-	log_fd = xopen(LOGFILE, O_WRONLY | O_CREAT | O_CLOEXEC | O_TRUNC, 0644);
-
-	while (1) {
-		// Start logcat
-		log_pid = exec_command(0, &log_fd, NULL, "logcat", "-s", "Magisk", "-v", "thread", NULL);
-		if (log_pid > 0)
-			waitpid(log_pid, NULL, 0);
-		// For some reason it went here, clear buffer and restart
-		exec_command_sync("logcat", "-c", NULL);
-	}
-
-	// Should never be here, but well...
-	return NULL;
-}
-
-/* Start a new thread to monitor logcat and dump to logfile */
-void monitor_logs() {
-	pthread_t thread;
-	xpthread_create(&thread, NULL, logger_thread, NULL);
-	pthread_detach(thread);
-}
--- a/jni/daemon/socket_trans.c
+++ b/jni/daemon/socket_trans.c
@@ -1,148 +0,0 @@
-/* socket_trans.c - Functions to transfer data through socket
- */
-
-#include <unistd.h>
-#include <string.h>
-#include <stdlib.h>
-#include <limits.h>
-#include <fcntl.h>
-#include <errno.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-
-#include "magisk.h"
-#include "utils.h"
-#include "daemon.h"
-
-/*
- * Receive a file descriptor from a Unix socket.
- * Contributed by @mkasick
- *
- * Returns the file descriptor on success, or -1 if a file
- * descriptor was not actually included in the message
- *
- * On error the function terminates by calling exit(-1)
- */
-int recv_fd(int sockfd) {
-    // Need to receive data from the message, otherwise don't care about it.
-    char iovbuf;
-
-    struct iovec iov = {
-        .iov_base = &iovbuf,
-        .iov_len  = 1,
-    };
-
-    char cmsgbuf[CMSG_SPACE(sizeof(int))];
-
-    struct msghdr msg = {
-        .msg_iov        = &iov,
-        .msg_iovlen     = 1,
-        .msg_control    = cmsgbuf,
-        .msg_controllen = sizeof(cmsgbuf),
-    };
-
-    xrecvmsg(sockfd, &msg, MSG_WAITALL);
-
-    // Was a control message actually sent?
-    switch (msg.msg_controllen) {
-    case 0:
-        // No, so the file descriptor was closed and won't be used.
-        return -1;
-    case sizeof(cmsgbuf):
-        // Yes, grab the file descriptor from it.
-        break;
-    default:
-        goto error;
-    }
-
-    struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg);
-
-    if (cmsg             == NULL                  ||
-        cmsg->cmsg_len   != CMSG_LEN(sizeof(int)) ||
-        cmsg->cmsg_level != SOL_SOCKET            ||
-        cmsg->cmsg_type  != SCM_RIGHTS) {
-error:
-        LOGE("unable to read fd");
-        exit(-1);
-    }
-
-    return *(int *)CMSG_DATA(cmsg);
-}
-
-/*
- * Send a file descriptor through a Unix socket.
- * Contributed by @mkasick
- *
- * On error the function terminates by calling exit(-1)
- *
- * fd may be -1, in which case the dummy data is sent,
- * but no control message with the FD is sent.
- */
-void send_fd(int sockfd, int fd) {
-    // Need to send some data in the message, this will do.
-    struct iovec iov = {
-        .iov_base = "",
-        .iov_len  = 1,
-    };
-
-    struct msghdr msg = {
-        .msg_iov        = &iov,
-        .msg_iovlen     = 1,
-    };
-
-    char cmsgbuf[CMSG_SPACE(sizeof(int))];
-
-    if (fd != -1) {
-        // Is the file descriptor actually open?
-        if (fcntl(fd, F_GETFD) == -1) {
-            if (errno != EBADF) {
-                PLOGE("unable to send fd");
-            }
-            // It's closed, don't send a control message or sendmsg will EBADF.
-        } else {
-            // It's open, send the file descriptor in a control message.
-            msg.msg_control    = cmsgbuf;
-            msg.msg_controllen = sizeof(cmsgbuf);
-
-            struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg);
-
-            cmsg->cmsg_len   = CMSG_LEN(sizeof(int));
-            cmsg->cmsg_level = SOL_SOCKET;
-            cmsg->cmsg_type  = SCM_RIGHTS;
-
-            *(int *)CMSG_DATA(cmsg) = fd;
-        }
-    }
-
-    xsendmsg(sockfd, &msg, 0);
-}
-
-int read_int(int fd) {
-    int val;
-    xxread(fd, &val, sizeof(int));
-    return val;
-}
-
-void write_int(int fd, int val) {
-    if (fd < 0) return;
-    xwrite(fd, &val, sizeof(int));
-}
-
-char* read_string(int fd) {
-    int len = read_int(fd);
-    if (len > PATH_MAX || len < 0) {
-        LOGE("invalid string length %d", len);
-        exit(1);
-    }
-    char* val = xmalloc(sizeof(char) * (len + 1));
-    xxread(fd, val, len);
-    val[len] = '\0';
-    return val;
-}
-
-void write_string(int fd, const char* val) {
-    if (fd < 0) return;
-    int len = strlen(val);
-    write_int(fd, len);
-    xwrite(fd, val, len);
-}
--- a/jni/external/Android.mk
+++ b/jni/external/Android.mk
@@ -1,13 +0,0 @@
-LOCAL_PATH:= $(call my-dir)
-
-# libsqlite.so (stub)
-include $(CLEAR_VARS)
-LOCAL_MODULE:= libsqlite
-LOCAL_SRC_FILES := sqlite3_stub.c
-include $(BUILD_SHARED_LIBRARY)
-
-# libselinux.so (stub)
-include $(CLEAR_VARS)
-LOCAL_MODULE:= libselinux
-LOCAL_SRC_FILES := selinux_stub.c
-include $(BUILD_SHARED_LIBRARY)
--- a/jni/external/selinux/av_permissions.h
+++ b/jni/external/selinux/av_permissions.h
--- a/jni/external/selinux/avc.h
+++ b/jni/external/selinux/avc.h
@@ -1,511 +0,0 @@
-/*
- * Access vector cache interface for object managers.
- *
- * Author : Eamon Walsh <ewalsh@epoch.ncsc.mil>
- */
-#ifndef _SELINUX_AVC_H_
-#define _SELINUX_AVC_H_
-
-#include <stdint.h>
-#include <errno.h>
-#include <stdlib.h>
-#include <selinux/selinux.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * SID format and operations
- */
-struct security_id {
-	char * ctx;
-	unsigned int refcnt;
-};
-typedef struct security_id *security_id_t;
-
-#define SECSID_WILD (security_id_t)NULL	/* unspecified SID */
-
-/**
- * avc_sid_to_context - get copy of context corresponding to SID.
- * @sid: input SID
- * @ctx: pointer to context reference
- *
- * Return a copy of the security context corresponding to the input
- * @sid in the memory referenced by @ctx.  The caller is expected to 
- * free the context with freecon().  Return %0 on success, -%1 on
- * failure, with @errno set to %ENOMEM if insufficient memory was
- * available to make the copy, or %EINVAL if the input SID is invalid.
- */
-int avc_sid_to_context(security_id_t sid, char ** ctx);
-int avc_sid_to_context_raw(security_id_t sid, char ** ctx);
-
-/**
- * avc_context_to_sid - get SID for context.
- * @ctx: input security context
- * @sid: pointer to SID reference
- *
- * Look up security context @ctx in SID table, making
- * a new entry if @ctx is not found.  Increment the
- * reference counter for the SID.  Store a pointer
- * to the SID structure into the memory referenced by @sid, 
- * returning %0 on success or -%1 on error with @errno set.  
- */
-int avc_context_to_sid(const char * ctx, security_id_t * sid);
-int avc_context_to_sid_raw(const char * ctx, security_id_t * sid);
-
-/**
- * sidget - increment SID reference counter.
- * @sid: SID reference
- *
- * Increment the reference counter for @sid, indicating that
- * @sid is in use by an (additional) object.  Return the
- * new reference count, or zero if @sid is invalid (has zero
- * reference count).  Note that avc_context_to_sid() also
- * increments reference counts.
- */
-int sidget(security_id_t sid);
-
-/**
- * sidput - decrement SID reference counter.
- * @sid: SID reference
- *
- * Decrement the reference counter for @sid, indicating that
- * a reference to @sid is no longer in use.  Return the 
- * new reference count.  When the reference count reaches
- * zero, the SID is invalid, and avc_context_to_sid() must
- * be called to obtain a new SID for the security context.
- */
-int sidput(security_id_t sid);
-
-/**
- * avc_get_initial_sid - get SID for an initial kernel security identifier
- * @name: input name of initial kernel security identifier
- * @sid: pointer to a SID reference
- *
- * Get the context for an initial kernel security identifier specified by 
- * @name using security_get_initial_context() and then call 
- * avc_context_to_sid() to get the corresponding SID.
- */
-int avc_get_initial_sid(const char *name, security_id_t * sid);
-
-/*
- * AVC entry
- */
-struct avc_entry;
-struct avc_entry_ref {
-	struct avc_entry *ae;
-};
-
-/**
- * avc_entry_ref_init - initialize an AVC entry reference.
- * @aeref: pointer to avc entry reference structure
- *
- * Use this macro to initialize an avc entry reference structure
- * before first use.  These structures are passed to avc_has_perm(),
- * which stores cache entry references in them.  They can increase
- * performance on repeated queries.
- */
-#define avc_entry_ref_init(aeref) ((aeref)->ae = NULL)
-
-/*
- * User-provided callbacks for memory, auditing, and locking
- */
-
-/* These structures are passed by reference to avc_init().  Passing
- * a NULL reference will cause the AVC to use a default.  The default
- * memory callbacks are malloc() and free().  The default logging method
- * is to print on stderr.  If no thread callbacks are passed, a separate
- * listening thread won't be started for kernel policy change messages.
- * If no locking callbacks are passed, no locking will take place.
- */
-struct avc_memory_callback {
-	/* malloc() equivalent. */
-	void *(*func_malloc) (size_t size);
-	/* free() equivalent. */
-	void (*func_free) (void *ptr);
-	/* Note that these functions should set errno on failure.
-	   If not, some avc routines may return -1 without errno set. */
-};
-
-struct avc_log_callback {
-	/* log the printf-style format and arguments. */
-	void
-#ifdef __GNUC__
-__attribute__ ((format(printf, 1, 2)))
-#endif
-	(*func_log) (const char *fmt, ...);
-	/* store a string representation of auditdata (corresponding
-	   to the given security class) into msgbuf. */
-	void (*func_audit) (void *auditdata, security_class_t cls,
-			    char *msgbuf, size_t msgbufsize);
-};
-
-struct avc_thread_callback {
-	/* create and start a thread, returning an opaque pointer to it; 
-	   the thread should run the given function. */
-	void *(*func_create_thread) (void (*run) (void));
-	/* cancel a given thread and free its resources. */
-	void (*func_stop_thread) (void *thread);
-};
-
-struct avc_lock_callback {
-	/* create a lock and return an opaque pointer to it. */
-	void *(*func_alloc_lock) (void);
-	/* obtain a given lock, blocking if necessary. */
-	void (*func_get_lock) (void *lock);
-	/* release a given lock. */
-	void (*func_release_lock) (void *lock);
-	/* destroy a given lock (free memory, etc.) */
-	void (*func_free_lock) (void *lock);
-};
-
-/*
- * Available options
- */
-
-/* no-op option, useful for unused slots in an array of options */
-#define AVC_OPT_UNUSED		0
-/* override kernel enforcing mode (boolean value) */
-#define AVC_OPT_SETENFORCE	1
-
-/*
- * AVC operations
- */
-
-/**
- * avc_init - Initialize the AVC.
- * @msgprefix: prefix for log messages
- * @mem_callbacks: user-supplied memory callbacks
- * @log_callbacks: user-supplied logging callbacks
- * @thread_callbacks: user-supplied threading callbacks
- * @lock_callbacks: user-supplied locking callbacks
- *
- * Initialize the access vector cache.  Return %0 on
- * success or -%1 with @errno set on failure.  
- * If @msgprefix is NULL, use "uavc".  If any callback 
- * structure references are NULL, use default methods 
- * for those callbacks (see the definition of the callback
- * structures above).
- */
-int avc_init(const char *msgprefix,
-	     const struct avc_memory_callback *mem_callbacks,
-	     const struct avc_log_callback *log_callbacks,
-	     const struct avc_thread_callback *thread_callbacks,
-	     const struct avc_lock_callback *lock_callbacks);
-
-/**
- * avc_open - Initialize the AVC.
- * @opts: array of selabel_opt structures specifying AVC options or NULL.
- * @nopts: number of elements in opts array or zero for no options.
- *
- * This function is identical to avc_init(), except the message prefix
- * is set to "avc" and any callbacks desired should be specified via
- * selinux_set_callback().  Available options are listed above.
- */
-int avc_open(struct selinux_opt *opts, unsigned nopts);
-
-/**
- * avc_cleanup - Remove unused SIDs and AVC entries.
- *
- * Search the SID table for SID structures with zero
- * reference counts, and remove them along with all
- * AVC entries that reference them.  This can be used
- * to return memory to the system.
- */
-void avc_cleanup(void);
-
-/**
- * avc_reset - Flush the cache and reset statistics.
- *
- * Remove all entries from the cache and reset all access
- * statistics (as returned by avc_cache_stats()) to zero.
- * The SID mapping is not affected.  Return %0 on success, 
- * -%1 with @errno set on error.
- */
-int avc_reset(void);
-
-/**
- * avc_destroy - Free all AVC structures.
- *
- * Destroy all AVC structures and free all allocated
- * memory.  User-supplied locking, memory, and audit
- * callbacks will be retained, but security-event
- * callbacks will not.  All SID's will be invalidated.
- * User must call avc_init() if further use of AVC is desired.
- */
-void avc_destroy(void);
-
-/**
- * avc_has_perm_noaudit - Check permissions but perform no auditing.
- * @ssid: source security identifier
- * @tsid: target security identifier
- * @tclass: target security class
- * @requested: requested permissions, interpreted based on @tclass
- * @aeref:  AVC entry reference
- * @avd: access vector decisions
- *
- * Check the AVC to determine whether the @requested permissions are granted
- * for the SID pair (@ssid, @tsid), interpreting the permissions
- * based on @tclass, and call the security server on a cache miss to obtain
- * a new decision and add it to the cache.  Update @aeref to refer to an AVC
- * entry with the resulting decisions, and return a copy of the decisions
- * in @avd.  Return %0 if all @requested permissions are granted, -%1 with
- * @errno set to %EACCES if any permissions are denied, or to another value
- * upon other errors.  This function is typically called by avc_has_perm(),
- * but may also be called directly to separate permission checking from
- * auditing, e.g. in cases where a lock must be held for the check but
- * should be released for the auditing.
- */
-int avc_has_perm_noaudit(security_id_t ssid,
-			 security_id_t tsid,
-			 security_class_t tclass,
-			 access_vector_t requested,
-			 struct avc_entry_ref *aeref, struct av_decision *avd);
-
-/**
- * avc_has_perm - Check permissions and perform any appropriate auditing.
- * @ssid: source security identifier
- * @tsid: target security identifier
- * @tclass: target security class
- * @requested: requested permissions, interpreted based on @tclass
- * @aeref:  AVC entry reference
- * @auditdata: auxiliary audit data
- *
- * Check the AVC to determine whether the @requested permissions are granted
- * for the SID pair (@ssid, @tsid), interpreting the permissions
- * based on @tclass, and call the security server on a cache miss to obtain
- * a new decision and add it to the cache.  Update @aeref to refer to an AVC
- * entry with the resulting decisions.  Audit the granting or denial of
- * permissions in accordance with the policy.  Return %0 if all @requested
- * permissions are granted, -%1 with @errno set to %EACCES if any permissions
- * are denied or to another value upon other errors.
- */
-int avc_has_perm(security_id_t ssid, security_id_t tsid,
-		 security_class_t tclass, access_vector_t requested,
-		 struct avc_entry_ref *aeref, void *auditdata);
-
-/**
- * avc_audit - Audit the granting or denial of permissions.
- * @ssid: source security identifier
- * @tsid: target security identifier
- * @tclass: target security class
- * @requested: requested permissions
- * @avd: access vector decisions
- * @result: result from avc_has_perm_noaudit
- * @auditdata:  auxiliary audit data
- *
- * Audit the granting or denial of permissions in accordance
- * with the policy.  This function is typically called by
- * avc_has_perm() after a permission check, but can also be
- * called directly by callers who use avc_has_perm_noaudit()
- * in order to separate the permission check from the auditing.
- * For example, this separation is useful when the permission check must
- * be performed under a lock, to allow the lock to be released
- * before calling the auditing code.
- */
-void avc_audit(security_id_t ssid, security_id_t tsid,
-	       security_class_t tclass, access_vector_t requested,
-	       struct av_decision *avd, int result, void *auditdata);
-
-/**
- * avc_compute_create - Compute SID for labeling a new object.
- * @ssid: source security identifier
- * @tsid: target security identifier
- * @tclass: target security class
- * @newsid: pointer to SID reference
- *
- * Call the security server to obtain a context for labeling a
- * new object.  Look up the context in the SID table, making
- * a new entry if not found.  Increment the reference counter
- * for the SID.  Store a pointer to the SID structure into the
- * memory referenced by @newsid, returning %0 on success or -%1 on
- * error with @errno set.  
- */
-int avc_compute_create(security_id_t ssid,
-		       security_id_t tsid,
-		       security_class_t tclass, security_id_t * newsid);
-
-/**
- * avc_compute_member - Compute SID for polyinstantation.
- * @ssid: source security identifier
- * @tsid: target security identifier
- * @tclass: target security class
- * @newsid: pointer to SID reference
- *
- * Call the security server to obtain a context for labeling an
- * object instance.  Look up the context in the SID table, making
- * a new entry if not found.  Increment the reference counter
- * for the SID.  Store a pointer to the SID structure into the
- * memory referenced by @newsid, returning %0 on success or -%1 on
- * error with @errno set.  
- */
-int avc_compute_member(security_id_t ssid,
-		       security_id_t tsid,
-		       security_class_t tclass, security_id_t * newsid);
-
-/* 
- * security event callback facility
- */
-
-/* security events */
-#define AVC_CALLBACK_GRANT		1
-#define AVC_CALLBACK_TRY_REVOKE		2
-#define AVC_CALLBACK_REVOKE		4
-#define AVC_CALLBACK_RESET		8
-#define AVC_CALLBACK_AUDITALLOW_ENABLE	16
-#define AVC_CALLBACK_AUDITALLOW_DISABLE	32
-#define AVC_CALLBACK_AUDITDENY_ENABLE	64
-#define AVC_CALLBACK_AUDITDENY_DISABLE	128
-
-/**
- * avc_add_callback - Register a callback for security events.
- * @callback: callback function
- * @events: bitwise OR of desired security events
- * @ssid: source security identifier or %SECSID_WILD
- * @tsid: target security identifier or %SECSID_WILD
- * @tclass: target security class
- * @perms: permissions
- *
- * Register a callback function for events in the set @events
- * related to the SID pair (@ssid, @tsid) and
- * and the permissions @perms, interpreting
- * @perms based on @tclass.  Returns %0 on success or
- * -%1 if insufficient memory exists to add the callback.
- */
-int avc_add_callback(int (*callback)
-		      (uint32_t event, security_id_t ssid,
-		       security_id_t tsid, security_class_t tclass,
-		       access_vector_t perms,
-		       access_vector_t * out_retained),
-		     uint32_t events, security_id_t ssid,
-		     security_id_t tsid, security_class_t tclass,
-		     access_vector_t perms);
-
-/*
- * AVC statistics 
- */
-
-/* If set, cache statistics are tracked.  This may
- * become a compile-time option in the future.
- */
-#define AVC_CACHE_STATS     1
-
-struct avc_cache_stats {
-	unsigned entry_lookups;
-	unsigned entry_hits;
-	unsigned entry_misses;
-	unsigned entry_discards;
-	unsigned cav_lookups;
-	unsigned cav_hits;
-	unsigned cav_probes;
-	unsigned cav_misses;
-};
-
-/**
- * avc_cache_stats - get cache access statistics.
- * @stats: reference to statistics structure
- *
- * Fill the supplied structure with information about AVC 
- * activity since the last call to avc_init() or
- * avc_reset().  See the structure definition for
- * details.
- */
-void avc_cache_stats(struct avc_cache_stats *stats);
-
-/**
- * avc_av_stats - log av table statistics.
- *
- * Log a message with information about the size and
- * distribution of the access vector table.  The audit
- * callback is used to print the message.
- */
-void avc_av_stats(void);
-
-/**
- * avc_sid_stats - log SID table statistics.
- *
- * Log a message with information about the size and
- * distribution of the SID table.  The audit callback
- * is used to print the message.
- */
-void avc_sid_stats(void);
-
-/**
- * avc_netlink_open - Create a netlink socket and connect to the kernel.
- */
-int avc_netlink_open(int blocking);
-
-/**
- * avc_netlink_loop - Wait for netlink messages from the kernel
- */
-void avc_netlink_loop(void);
-
-/**
- * avc_netlink_close - Close the netlink socket
- */
-void avc_netlink_close(void);
-
-/**
- * avc_netlink_acquire_fd - Acquire netlink socket fd.
- *
- * Allows the application to manage messages from the netlink socket in
- * its own main loop.
- */
-int avc_netlink_acquire_fd(void);
-
-/**
- * avc_netlink_release_fd - Release netlink socket fd.
- *
- * Returns ownership of the netlink socket to the library.
- */
-void avc_netlink_release_fd(void);
-
-/**
- * avc_netlink_check_nb - Check netlink socket for new messages.
- *
- * Called by the application when using avc_netlink_acquire_fd() to
- * process kernel netlink events.
- */
-int avc_netlink_check_nb(void);
-
-/**
- * selinux_status_open - Open and map SELinux kernel status page
- *
- */
-int selinux_status_open(int fallback);
-
-/**
- * selinux_status_close - Unmap and close SELinux kernel status page
- *
- */
-void selinux_status_close(void);
-
-/**
- * selinux_status_updated - Inform us whether the kernel status has been updated
- *
- */
-int selinux_status_updated(void);
-
-/**
- * selinux_status_getenforce - Get the enforce flag value
- *
- */
-int selinux_status_getenforce(void);
-
-/**
- * selinux_status_policyload - Get the number of policy reloaded
- *
- */
-int selinux_status_policyload(void);
-
-/**
- * selinux_status_deny_unknown - Get the  behavior for undefined classes/permissions
- *
- */
-int selinux_status_deny_unknown(void);
-
-#ifdef __cplusplus
-}
-#endif
-#endif				/* _SELINUX_AVC_H_ */
--- a/jni/external/selinux/context.h
+++ b/jni/external/selinux/context.h
@@ -1,50 +0,0 @@
-#ifndef _SELINUX_CONTEXT_H_
-#define _SELINUX_CONTEXT_H_
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * Functions to deal with security contexts in user space.
- */
-
-	typedef struct {
-		void *ptr;
-	} context_s_t;
-
-	typedef context_s_t *context_t;
-
-/* Return a new context initialized to a context string */
-
-	extern context_t context_new(const char *);
-
-/* 
- * Return a pointer to the string value of the context_t
- * Valid until the next call to context_str or context_free 
- * for the same context_t*
- */
-
-	extern char *context_str(context_t);
-
-/* Free the storage used by a context */
-	extern void context_free(context_t);
-
-/* Get a pointer to the string value of a context component */
-
-	extern const char *context_type_get(context_t);
-	extern const char *context_range_get(context_t);
-	extern const char *context_role_get(context_t);
-	extern const char *context_user_get(context_t);
-
-/* Set a context component.  Returns nonzero if unsuccessful */
-
-	extern int context_type_set(context_t, const char *);
-	extern int context_range_set(context_t, const char *);
-	extern int context_role_set(context_t, const char *);
-	extern int context_user_set(context_t, const char *);
-
-#ifdef __cplusplus
-}
-#endif
-#endif
--- a/jni/external/selinux/flask.h
+++ b/jni/external/selinux/flask.h
@@ -1,118 +0,0 @@
-/* This file is automatically generated.  Do not edit. */
-#ifndef _SELINUX_FLASK_H_
-#define _SELINUX_FLASK_H_
-
-#warning "Please remove any #include's of this header in your source code."
-#warning "Instead, use string_to_security_class() to map the class name to a value."
-
-/*
- * Security object class definitions
- */
-#define SECCLASS_SECURITY                                1
-#define SECCLASS_PROCESS                                 2
-#define SECCLASS_SYSTEM                                  3
-#define SECCLASS_CAPABILITY                              4
-#define SECCLASS_FILESYSTEM                              5
-#define SECCLASS_FILE                                    6
-#define SECCLASS_DIR                                     7
-#define SECCLASS_FD                                      8
-#define SECCLASS_LNK_FILE                                9
-#define SECCLASS_CHR_FILE                                10
-#define SECCLASS_BLK_FILE                                11
-#define SECCLASS_SOCK_FILE                               12
-#define SECCLASS_FIFO_FILE                               13
-#define SECCLASS_SOCKET                                  14
-#define SECCLASS_TCP_SOCKET                              15
-#define SECCLASS_UDP_SOCKET                              16
-#define SECCLASS_RAWIP_SOCKET                            17
-#define SECCLASS_NODE                                    18
-#define SECCLASS_NETIF                                   19
-#define SECCLASS_NETLINK_SOCKET                          20
-#define SECCLASS_PACKET_SOCKET                           21
-#define SECCLASS_KEY_SOCKET                              22
-#define SECCLASS_UNIX_STREAM_SOCKET                      23
-#define SECCLASS_UNIX_DGRAM_SOCKET                       24
-#define SECCLASS_SEM                                     25
-#define SECCLASS_MSG                                     26
-#define SECCLASS_MSGQ                                    27
-#define SECCLASS_SHM                                     28
-#define SECCLASS_IPC                                     29
-#define SECCLASS_PASSWD                                  30
-#define SECCLASS_X_DRAWABLE                              31
-#define SECCLASS_X_SCREEN                                32
-#define SECCLASS_X_GC                                    33
-#define SECCLASS_X_FONT                                  34
-#define SECCLASS_X_COLORMAP                              35
-#define SECCLASS_X_PROPERTY                              36
-#define SECCLASS_X_SELECTION                             37
-#define SECCLASS_X_CURSOR                                38
-#define SECCLASS_X_CLIENT                                39
-#define SECCLASS_X_DEVICE                                40
-#define SECCLASS_X_SERVER                                41
-#define SECCLASS_X_EXTENSION                             42
-#define SECCLASS_NETLINK_ROUTE_SOCKET                    43
-#define SECCLASS_NETLINK_FIREWALL_SOCKET                 44
-#define SECCLASS_NETLINK_TCPDIAG_SOCKET                  45
-#define SECCLASS_NETLINK_NFLOG_SOCKET                    46
-#define SECCLASS_NETLINK_XFRM_SOCKET                     47
-#define SECCLASS_NETLINK_SELINUX_SOCKET                  48
-#define SECCLASS_NETLINK_AUDIT_SOCKET                    49
-#define SECCLASS_NETLINK_IP6FW_SOCKET                    50
-#define SECCLASS_NETLINK_DNRT_SOCKET                     51
-#define SECCLASS_DBUS                                    52
-#define SECCLASS_NSCD                                    53
-#define SECCLASS_ASSOCIATION                             54
-#define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET           55
-#define SECCLASS_APPLETALK_SOCKET                        56
-#define SECCLASS_PACKET                                  57
-#define SECCLASS_KEY                                     58
-#define SECCLASS_CONTEXT                                 59
-#define SECCLASS_DCCP_SOCKET                             60
-#define SECCLASS_MEMPROTECT                              61
-#define SECCLASS_DB_DATABASE                             62
-#define SECCLASS_DB_TABLE                                63
-#define SECCLASS_DB_PROCEDURE                            64
-#define SECCLASS_DB_COLUMN                               65
-#define SECCLASS_DB_TUPLE                                66
-#define SECCLASS_DB_BLOB                                 67
-#define SECCLASS_PEER                                    68
-#define SECCLASS_CAPABILITY2                             69
-#define SECCLASS_X_RESOURCE                              70
-#define SECCLASS_X_EVENT                                 71
-#define SECCLASS_X_SYNTHETIC_EVENT                       72
-#define SECCLASS_X_APPLICATION_DATA                      73
-
-/*
- * Security identifier indices for initial entities
- */
-#define SECINITSID_KERNEL                               1
-#define SECINITSID_SECURITY                             2
-#define SECINITSID_UNLABELED                            3
-#define SECINITSID_FS                                   4
-#define SECINITSID_FILE                                 5
-#define SECINITSID_FILE_LABELS                          6
-#define SECINITSID_INIT                                 7
-#define SECINITSID_ANY_SOCKET                           8
-#define SECINITSID_PORT                                 9
-#define SECINITSID_NETIF                                10
-#define SECINITSID_NETMSG                               11
-#define SECINITSID_NODE                                 12
-#define SECINITSID_IGMP_PACKET                          13
-#define SECINITSID_ICMP_SOCKET                          14
-#define SECINITSID_TCP_SOCKET                           15
-#define SECINITSID_SYSCTL_MODPROBE                      16
-#define SECINITSID_SYSCTL                               17
-#define SECINITSID_SYSCTL_FS                            18
-#define SECINITSID_SYSCTL_KERNEL                        19
-#define SECINITSID_SYSCTL_NET                           20
-#define SECINITSID_SYSCTL_NET_UNIX                      21
-#define SECINITSID_SYSCTL_VM                            22
-#define SECINITSID_SYSCTL_DEV                           23
-#define SECINITSID_KMOD                                 24
-#define SECINITSID_POLICY                               25
-#define SECINITSID_SCMP_PACKET                          26
-#define SECINITSID_DEVNULL                              27
-
-#define SECINITSID_NUM                                  27
-
-#endif
--- a/jni/external/selinux/get_context_list.h
+++ b/jni/external/selinux/get_context_list.h
@@ -1,82 +0,0 @@
-#ifndef _SELINUX_GET_SID_LIST_H_
-#define _SELINUX_GET_SID_LIST_H_
-
-#include <selinux/selinux.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define SELINUX_DEFAULTUSER "user_u"
-
-/* Get an ordered list of authorized security contexts for a user session
-   for 'user' spawned by 'fromcon' and set *conary to refer to the 
-   NULL-terminated array of contexts.  Every entry in the list will
-   be authorized by the policy, but the ordering is subject to user
-   customizable preferences.  Returns number of entries in *conary.
-   If 'fromcon' is NULL, defaults to current context.
-   Caller must free via freeconary. */
-	extern int get_ordered_context_list(const char *user,
-					    char * fromcon,
-					    char *** list);
-
-/* As above, but use the provided MLS level rather than the
-   default level for the user. */
-	int get_ordered_context_list_with_level(const char *user,
-						const char *level,
-						char * fromcon,
-						char *** list);
-
-/* Get the default security context for a user session for 'user'
-   spawned by 'fromcon' and set *newcon to refer to it.  The context
-   will be one of those authorized by the policy, but the selection
-   of a default is subject to user customizable preferences.
-   If 'fromcon' is NULL, defaults to current context.
-   Returns 0 on success or -1 otherwise.
-   Caller must free via freecon. */
-	extern int get_default_context(const char *user,
-				       char * fromcon,
-				       char ** newcon);
-
-/* As above, but use the provided MLS level rather than the
-   default level for the user. */
-	int get_default_context_with_level(const char *user,
-					   const char *level,
-					   char * fromcon,
-					   char ** newcon);
-
-/* Same as get_default_context, but only return a context
-   that has the specified role.  If no reachable context exists
-   for the user with that role, then return -1. */
-	int get_default_context_with_role(const char *user,
-					  const char *role,
-					  char * fromcon,
-					  char ** newcon);
-
-/* Same as get_default_context, but only return a context
-   that has the specified role and level.  If no reachable context exists
-   for the user with that role, then return -1. */
-	int get_default_context_with_rolelevel(const char *user,
-					       const char *role,
-					       const char *level,
-					       char * fromcon,
-					       char ** newcon);
-
-/* Given a list of authorized security contexts for the user, 
-   query the user to select one and set *newcon to refer to it.
-   Caller must free via freecon.
-   Returns 0 on sucess or -1 otherwise. */
-	extern int query_user_context(char ** list,
-				      char ** newcon);
-
-/* Allow the user to manually enter a context as a fallback
-   if a list of authorized contexts could not be obtained. 
-   Caller must free via freecon.
-   Returns 0 on success or -1 otherwise. */
-	extern int manual_user_enter_context(const char *user,
-					     char ** newcon);
-
-#ifdef __cplusplus
-}
-#endif
-#endif
--- a/jni/external/selinux/get_default_type.h
+++ b/jni/external/selinux/get_default_type.h
@@ -1,23 +0,0 @@
-/* get_default_type.h - contains header information and function prototypes
- *                  for functions to get the default type for a role
- */
-
-#ifndef _SELINUX_GET_DEFAULT_TYPE_H_
-#define _SELINUX_GET_DEFAULT_TYPE_H_
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Return path to default type file. */
-	const char *selinux_default_type_path(void);
-
-/* Get the default type (domain) for 'role' and set 'type' to refer to it.
-   Caller must free via free().
-   Return 0 on success or -1 otherwise. */
-	int get_default_type(const char *role, char **type);
-
-#ifdef __cplusplus
-}
-#endif
-#endif				/* ifndef _GET_DEFAULT_TYPE_H_ */
--- a/jni/external/selinux/label.h
+++ b/jni/external/selinux/label.h
@@ -1,190 +0,0 @@
-/*
- * Labeling interface for userspace object managers and others.
- *
- * Author : Eamon Walsh <ewalsh@tycho.nsa.gov>
- */
-#ifndef _SELABEL_H_
-#define _SELABEL_H_
-
-#include <stdbool.h>
-#include <sys/types.h>
-#include <selinux/selinux.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/*
- * Opaque type used for all label handles.
- */
-
-struct selabel_handle;
-
-/* 
- * Available backends.
- */
-
-/* file contexts */
-#define SELABEL_CTX_FILE	0
-/* media contexts */
-#define SELABEL_CTX_MEDIA	1
-/* x contexts */
-#define SELABEL_CTX_X		2
-/* db objects */
-#define SELABEL_CTX_DB		3
-/* Android property service contexts */
-#define SELABEL_CTX_ANDROID_PROP 4
-/* Android service contexts */
-#define SELABEL_CTX_ANDROID_SERVICE 5
-
-/*
- * Available options
- */
-
-/* no-op option, useful for unused slots in an array of options */
-#define SELABEL_OPT_UNUSED	0
-/* validate contexts before returning them (boolean value) */
-#define SELABEL_OPT_VALIDATE	1
-/* don't use local customizations to backend data (boolean value) */
-#define SELABEL_OPT_BASEONLY	2
-/* specify an alternate path to use when loading backend data */
-#define SELABEL_OPT_PATH	3
-/* select a subset of the search space as an optimization (file backend) */
-#define SELABEL_OPT_SUBSET	4
-/* require a hash calculation on spec files */
-#define SELABEL_OPT_DIGEST	5
-/* total number of options */
-#define SELABEL_NOPT		6
-
-/*
- * Label operations
- */
-
-/**
- * selabel_open - Create a labeling handle.
- * @backend: one of the constants specifying a supported labeling backend.
- * @opts: array of selabel_opt structures specifying label options or NULL.
- * @nopts: number of elements in opts array or zero for no options.
- *
- * Open a labeling backend for use.  The available backend identifiers are
- * listed above.  Options may be provided via the opts parameter; available
- * options are listed above.  Not all options may be supported by every
- * backend.  Return value is the created handle on success or NULL with
- * @errno set on failure.
- */
-struct selabel_handle *selabel_open(unsigned int backend,
-				    const struct selinux_opt *opts,
-				    unsigned nopts);
-
-/**
- * selabel_close - Close a labeling handle.
- * @handle: specifies handle to close
- *
- * Destroy the specified handle, closing files, freeing allocated memory,
- * etc.  The handle may not be further used after it has been closed.
- */
-void selabel_close(struct selabel_handle *handle);
-
-/**
- * selabel_lookup - Perform labeling lookup operation.
- * @handle: specifies backend instance to query
- * @con: returns the appropriate context with which to label the object
- * @key: string input to lookup operation
- * @type: numeric input to the lookup operation
- *
- * Perform a labeling lookup operation.  Return %0 on success, -%1 with
- * @errno set on failure.  The key and type arguments are the inputs to the
- * lookup operation; appropriate values are dictated by the backend in use.
- * The result is returned in the memory pointed to by @con and must be freed
- * by the user with freecon().
- */
-int selabel_lookup(struct selabel_handle *handle, char **con,
-		   const char *key, int type);
-int selabel_lookup_raw(struct selabel_handle *handle, char **con,
-		       const char *key, int type);
-
-bool selabel_partial_match(struct selabel_handle *handle, const char *key);
-
-int selabel_lookup_best_match(struct selabel_handle *rec, char **con,
-			      const char *key, const char **aliases, int type);
-int selabel_lookup_best_match_raw(struct selabel_handle *rec, char **con,
-			      const char *key, const char **aliases, int type);
-
-/**
- * selabel_digest - Retrieve the SHA1 digest and the list of specfiles used to
- *		    generate the digest. The SELABEL_OPT_DIGEST option must
- *		    be set in selabel_open() to initiate the digest generation.
- * @handle: specifies backend instance to query
- * @digest: returns a pointer to the SHA1 digest.
- * @digest_len: returns length of digest in bytes.
- * @specfiles: a list of specfiles used in the SHA1 digest generation.
- *	       The list is NULL terminated and will hold @num_specfiles entries.
- * @num_specfiles: number of specfiles in the list.
- *
- * Return %0 on success, -%1 with @errno set on failure.
- */
-int selabel_digest(struct selabel_handle *rec,
-			    unsigned char **digest, size_t *digest_len,
-			    char ***specfiles, size_t *num_specfiles);
-
-enum selabel_cmp_result {
-	SELABEL_SUBSET,
-	SELABEL_EQUAL,
-	SELABEL_SUPERSET,
-	SELABEL_INCOMPARABLE
-};
-
-/**
- * selabel_cmp - Compare two label configurations.
- * @h1: handle for the first label configuration
- * @h2: handle for the first label configuration
- *
- * Compare two label configurations.
- * Return %SELABEL_SUBSET if @h1 is a subset of @h2, %SELABEL_EQUAL
- * if @h1 is identical to @h2, %SELABEL_SUPERSET if @h1 is a superset
- * of @h2, and %SELABEL_INCOMPARABLE if @h1 and @h2 are incomparable.
- */
-enum selabel_cmp_result selabel_cmp(struct selabel_handle *h1,
-				    struct selabel_handle *h2);
-
-/**
- * selabel_stats - log labeling operation statistics.
- * @handle: specifies backend instance to query
- *
- * Log a message with information about the number of queries performed,
- * number of unused matching entries, or other operational statistics.
- * Message is backend-specific, some backends may not output a message.
- */
-void selabel_stats(struct selabel_handle *handle);
-
-/*
- * Type codes used by specific backends
- */
-
-/* X backend */
-#define SELABEL_X_PROP		1
-#define SELABEL_X_EXT		2
-#define SELABEL_X_CLIENT	3
-#define SELABEL_X_EVENT		4
-#define SELABEL_X_SELN		5
-#define SELABEL_X_POLYPROP	6
-#define SELABEL_X_POLYSELN	7
-
-/* DB backend */
-#define SELABEL_DB_DATABASE	1
-#define SELABEL_DB_SCHEMA	2
-#define SELABEL_DB_TABLE	3
-#define SELABEL_DB_COLUMN	4
-#define SELABEL_DB_SEQUENCE	5
-#define SELABEL_DB_VIEW		6
-#define SELABEL_DB_PROCEDURE	7
-#define SELABEL_DB_BLOB		8
-#define SELABEL_DB_TUPLE	9
-#define SELABEL_DB_LANGUAGE	10
-#define SELABEL_DB_EXCEPTION 11
-#define SELABEL_DB_DATATYPE 12
-
-#ifdef __cplusplus
-}
-#endif
-#endif	/* _SELABEL_H_ */
--- a/jni/external/selinux/restorecon.h
+++ b/jni/external/selinux/restorecon.h
@@ -1,187 +0,0 @@
-#ifndef _RESTORECON_H_
-#define _RESTORECON_H_
-
-#include <sys/types.h>
-#include <stdarg.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/**
- * selinux_restorecon - Relabel files.
- * @pathname: specifies file/directory to relabel.
- * @restorecon_flags: specifies the actions to be performed when relabeling.
- *
- * selinux_restorecon(3) will automatically call
- * selinux_restorecon_default_handle(3) and selinux_restorecon_set_sehandle(3)
- * first time through to set the selabel_open(3) parameters to use the
- * currently loaded policy file_contexts and request their computed digest.
- *
- * Should other selabel_open(3) parameters be required see
- * selinux_restorecon_set_sehandle(3).
- */
-extern int selinux_restorecon(const char *pathname,
-				    unsigned int restorecon_flags);
-/*
- * restorecon_flags options
- */
-/*
- * Force the checking of labels even if the stored SHA1
- * digest matches the specfiles SHA1 digest.
- */
-#define SELINUX_RESTORECON_IGNORE_DIGEST		0x0001
-/*
- * Do not change file labels.
- */
-#define SELINUX_RESTORECON_NOCHANGE			0x0002
-/*
- * If set set change file label to that in spec file.
- * If not only change type component to that in spec file.
- */
-#define SELINUX_RESTORECON_SET_SPECFILE_CTX		0x0004
-/*
- * Recursively descend directories.
- */
-#define SELINUX_RESTORECON_RECURSE			0x0008
-/*
- * Log changes to selinux log. Note that if VERBOSE and
- * PROGRESS are set, then PROGRESS will take precedence.
- */
-#define SELINUX_RESTORECON_VERBOSE			0x0010
-/*
- * If SELINUX_RESTORECON_PROGRESS is true and
- * SELINUX_RESTORECON_MASS_RELABEL is true, then output approx % complete,
- * else output the number of files in 1k blocks processed to stdout.
- */
-#define SELINUX_RESTORECON_PROGRESS			0x0020
-/*
- * Convert passed-in pathname to canonical pathname.
- */
-#define SELINUX_RESTORECON_REALPATH			0x0040
-/*
- * Prevent descending into directories that have a different
- * device number than the pathname from which the descent began.
- */
-#define SELINUX_RESTORECON_XDEV				0x0080
-/*
- * Attempt to add an association between an inode and a specification.
- * If there is already an association for the inode and it conflicts
- * with the specification, then use the last matching specification.
- */
-#define SELINUX_RESTORECON_ADD_ASSOC			0x0100
-/*
- * Abort on errors during the file tree walk.
- */
-#define SELINUX_RESTORECON_ABORT_ON_ERROR		0x0200
-/*
- * Log any label changes to syslog.
- */
-#define SELINUX_RESTORECON_SYSLOG_CHANGES		0x0400
-/*
- * Log what spec matched each file.
- */
-#define SELINUX_RESTORECON_LOG_MATCHES			0x0800
-/*
- * Ignore files that do not exist.
- */
-#define SELINUX_RESTORECON_IGNORE_NOENTRY		0x1000
-/*
- * Do not read /proc/mounts to obtain a list of non-seclabel
- * mounts to be excluded from relabeling checks.
- */
-#define SELINUX_RESTORECON_IGNORE_MOUNTS		0x2000
-/*
- * Set if there is a mass relabel required.
- * See SELINUX_RESTORECON_PROGRESS flag for details.
- */
-#define SELINUX_RESTORECON_MASS_RELABEL			0x4000
-
-/**
- * selinux_restorecon_set_sehandle - Set the global fc handle.
- * @hndl: specifies handle to set as the global fc handle.
- *
- * Called by a process that has already called selabel_open(3) with it's
- * required parameters, or if selinux_restorecon_default_handle(3) has been
- * called to set the default selabel_open(3) parameters.
- */
-// extern void selinux_restorecon_set_sehandle(struct selabel_handle *hndl);
-
-/**
- * selinux_restorecon_default_handle - Sets default selabel_open(3) parameters
- *				       to use the currently loaded policy and
- *				       file_contexts, also requests the digest.
- *
- * Return value is the created handle on success or NULL with @errno set on
- * failure.
- */
-extern struct selabel_handle *selinux_restorecon_default_handle(void);
-
-/**
- * selinux_restorecon_set_exclude_list - Add a list of directories that are
- *					 to be excluded from relabeling.
- * @exclude_list: containing a NULL terminated list of one or more
- *		  directories not to be relabeled.
- */
-extern void selinux_restorecon_set_exclude_list(const char **exclude_list);
-
-/**
- * selinux_restorecon_set_alt_rootpath - Use alternate rootpath.
- * @alt_rootpath: containing the alternate rootpath to be used.
- *
- * Return %0 on success, -%1 with @errno set on failure.
- */
-extern int selinux_restorecon_set_alt_rootpath(const char *alt_rootpath);
-
-/**
- * selinux_restorecon_xattr - Read/remove RESTORECON_LAST xattr entries.
- * @pathname: specifies directory path to check.
- * @xattr_flags: specifies the actions to be performed.
- * @xattr_list: a linked list of struct dir_xattr structures containing
- *              the directory, digest and result of the action on the
- *              RESTORECON_LAST entry.
- *
- * selinux_restorecon_xattr(3) will automatically call
- * selinux_restorecon_default_handle(3) and selinux_restorecon_set_sehandle(3)
- * first time through to set the selabel_open(3) parameters to use the
- * currently loaded policy file_contexts and request their computed digest.
- *
- * Should other selabel_open(3) parameters be required see
- * selinux_restorecon_set_sehandle(3), however note that a file_contexts
- * computed digest is required for selinux_restorecon_xattr().
- */
-enum digest_result {
-	MATCH = 0,
-	NOMATCH,
-	DELETED_MATCH,
-	DELETED_NOMATCH,
-	ERROR
-};
-
-struct dir_xattr {
-	char *directory;
-	char *digest; /* A hex encoded string that can be printed. */
-	enum digest_result result;
-	struct dir_xattr *next;
-};
-
-extern int selinux_restorecon_xattr(const char *pathname,
-				    unsigned int xattr_flags,
-				    struct dir_xattr ***xattr_list);
-
-/*
- * xattr_flags options
- */
-/* Recursively descend directories. */
-#define SELINUX_RESTORECON_XATTR_RECURSE			0x0001
-/* Delete non-matching digests from each directory in pathname. */
-#define SELINUX_RESTORECON_XATTR_DELETE_NONMATCH_DIGESTS	0x0002
-/* Delete all digests found in pathname. */
-#define SELINUX_RESTORECON_XATTR_DELETE_ALL_DIGESTS		0x0004
-/* Do not read /proc/mounts. */
-#define SELINUX_RESTORECON_XATTR_IGNORE_MOUNTS			0x0008
-
-#ifdef __cplusplus
-}
-#endif
-#endif
--- a/jni/external/selinux/selinux.h
+++ b/jni/external/selinux/selinux.h
@@ -1,673 +0,0 @@
-#ifndef _SELINUX_H_
-#define _SELINUX_H_
-
-#include <sys/types.h>
-#include <stdarg.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Return 1 if we are running on a SELinux kernel, or 0 if not or -1 if we get an error. */
-extern int is_selinux_enabled(void);
-/* Return 1 if we are running on a SELinux MLS kernel, or 0 otherwise. */
-extern int is_selinux_mls_enabled(void);
-
-/* No longer used; here for compatibility with legacy callers. */
-typedef char *security_context_t;
-
-/* Free the memory allocated for a context by any of the below get* calls. */
-extern void freecon(char * con);
-
-/* Free the memory allocated for a context array by security_compute_user. */
-extern void freeconary(char ** con);
-
-/* Wrappers for the /proc/pid/attr API. */
-
-/* Get current context, and set *con to refer to it.
-   Caller must free via freecon. */
-extern int getcon(char ** con);
-extern int getcon_raw(char ** con);
-
-/* Set the current security context to con.  
-   Note that use of this function requires that the entire application
-   be trusted to maintain any desired separation between the old and new 
-   security contexts, unlike exec-based transitions performed via setexeccon.  
-   When possible, decompose your application and use setexeccon()+execve() 
-   instead. Note that the application may lose access to its open descriptors
-   as a result of a setcon() unless policy allows it to use descriptors opened
-   by the old context. */
-extern int setcon(const char * con);
-extern int setcon_raw(const char * con);
-
-/* Get context of process identified by pid, and 
-   set *con to refer to it.  Caller must free via freecon. */
-extern int getpidcon(pid_t pid, char ** con);
-extern int getpidcon_raw(pid_t pid, char ** con);
-
-/* Get previous context (prior to last exec), and set *con to refer to it.
-   Caller must free via freecon. */
-extern int getprevcon(char ** con);
-extern int getprevcon_raw(char ** con);
-
-/* Get exec context, and set *con to refer to it.
-   Sets *con to NULL if no exec context has been set, i.e. using default.
-   If non-NULL, caller must free via freecon. */
-extern int getexeccon(char ** con);
-extern int getexeccon_raw(char ** con);
-
-/* Set exec security context for the next execve. 
-   Call with NULL if you want to reset to the default. */
-extern int setexeccon(const char * con);
-extern int setexeccon_raw(const char * con);
-
-/* Get fscreate context, and set *con to refer to it.
-   Sets *con to NULL if no fs create context has been set, i.e. using default.
-   If non-NULL, caller must free via freecon. */
-extern int getfscreatecon(char ** con);
-extern int getfscreatecon_raw(char ** con);
-
-/* Set the fscreate security context for subsequent file creations.
-   Call with NULL if you want to reset to the default. */
-extern int setfscreatecon(const char * context);
-extern int setfscreatecon_raw(const char * context);
-
-/* Get keycreate context, and set *con to refer to it.
-   Sets *con to NULL if no key create context has been set, i.e. using default.
-   If non-NULL, caller must free via freecon. */
-extern int getkeycreatecon(char ** con);
-extern int getkeycreatecon_raw(char ** con);
-
-/* Set the keycreate security context for subsequent key creations.
-   Call with NULL if you want to reset to the default. */
-extern int setkeycreatecon(const char * context);
-extern int setkeycreatecon_raw(const char * context);
-
-/* Get sockcreate context, and set *con to refer to it.
-   Sets *con to NULL if no socket create context has been set, i.e. using default.
-   If non-NULL, caller must free via freecon. */
-extern int getsockcreatecon(char ** con);
-extern int getsockcreatecon_raw(char ** con);
-
-/* Set the sockcreate security context for subsequent socket creations.
-   Call with NULL if you want to reset to the default. */
-extern int setsockcreatecon(const char * context);
-extern int setsockcreatecon_raw(const char * context);
-
-/* Wrappers for the xattr API. */
-
-/* Get file context, and set *con to refer to it.
-   Caller must free via freecon. */
-extern int getfilecon(const char *path, char ** con);
-extern int getfilecon_raw(const char *path, char ** con);
-extern int lgetfilecon(const char *path, char ** con);
-extern int lgetfilecon_raw(const char *path, char ** con);
-extern int fgetfilecon(int fd, char ** con);
-extern int fgetfilecon_raw(int fd, char ** con);
-
-/* Set file context */
-extern int setfilecon(const char *path, const char * con);
-extern int setfilecon_raw(const char *path, const char * con);
-extern int lsetfilecon(const char *path, const char * con);
-extern int lsetfilecon_raw(const char *path, const char * con);
-extern int fsetfilecon(int fd, const char * con);
-extern int fsetfilecon_raw(int fd, const char * con);
-
-/* Wrappers for the socket API */
-
-/* Get context of peer socket, and set *con to refer to it.
-   Caller must free via freecon. */
-extern int getpeercon(int fd, char ** con);
-extern int getpeercon_raw(int fd, char ** con);
-
-/* Wrappers for the selinuxfs (policy) API. */
-
-typedef unsigned int access_vector_t;
-typedef unsigned short security_class_t;
-
-struct av_decision {
-	access_vector_t allowed;
-	access_vector_t decided;
-	access_vector_t auditallow;
-	access_vector_t auditdeny;
-	unsigned int seqno;
-	unsigned int flags;
-};
-
-/* Definitions of av_decision.flags */
-#define SELINUX_AVD_FLAGS_PERMISSIVE	0x0001
-
-/* Structure for passing options, used by AVC and label subsystems */
-struct selinux_opt {
-	int type;
-	const char *value;
-};
-
-/* Callback facilities */
-union selinux_callback {
-	/* log the printf-style format and arguments,
-	   with the type code indicating the type of message */
-	int 
-#ifdef __GNUC__
-__attribute__ ((format(printf, 2, 3)))
-#endif
-	(*func_log) (int type, const char *fmt, ...);
-	/* store a string representation of auditdata (corresponding
-	   to the given security class) into msgbuf. */
-	int (*func_audit) (void *auditdata, security_class_t cls,
-			   char *msgbuf, size_t msgbufsize);
-	/* validate the supplied context, modifying if necessary */
-	int (*func_validate) (char **ctx);
-	/* netlink callback for setenforce message */
-	int (*func_setenforce) (int enforcing);
-	/* netlink callback for policyload message */
-	int (*func_policyload) (int seqno);
-};
-
-#define SELINUX_CB_LOG		0
-#define SELINUX_CB_AUDIT	1
-#define SELINUX_CB_VALIDATE	2
-#define SELINUX_CB_SETENFORCE	3
-#define SELINUX_CB_POLICYLOAD	4
-
-extern union selinux_callback selinux_get_callback(int type);
-extern void selinux_set_callback(int type, union selinux_callback cb);
-
-	/* Logging type codes, passed to the logging callback */
-#define SELINUX_ERROR	        0
-#define SELINUX_WARNING		1
-#define SELINUX_INFO		2
-#define SELINUX_AVC		3
-#define SELINUX_TRANS_DIR	"/var/run/setrans"
-
-/* Compute an access decision. */
-extern int security_compute_av(const char * scon,
-			       const char * tcon,
-			       security_class_t tclass,
-			       access_vector_t requested,
-			       struct av_decision *avd);
-extern int security_compute_av_raw(const char * scon,
-				   const char * tcon,
-				   security_class_t tclass,
-				   access_vector_t requested,
-				   struct av_decision *avd);
-
-extern int security_compute_av_flags(const char * scon,
-				     const char * tcon,
-				     security_class_t tclass,
-				     access_vector_t requested,
-				     struct av_decision *avd);
-extern int security_compute_av_flags_raw(const char * scon,
-					 const char * tcon,
-					 security_class_t tclass,
-					 access_vector_t requested,
-					 struct av_decision *avd);
-
-/* Compute a labeling decision and set *newcon to refer to it.
-   Caller must free via freecon. */
-extern int security_compute_create(const char * scon,
-				   const char * tcon,
-				   security_class_t tclass,
-				   char ** newcon);
-extern int security_compute_create_raw(const char * scon,
-				       const char * tcon,
-				       security_class_t tclass,
-				       char ** newcon);
-extern int security_compute_create_name(const char * scon,
-					const char * tcon,
-					security_class_t tclass,
-					const char *objname,
-					char ** newcon);
-extern int security_compute_create_name_raw(const char * scon,
-					    const char * tcon,
-					    security_class_t tclass,
-					    const char *objname,
-					    char ** newcon);
-
-/* Compute a relabeling decision and set *newcon to refer to it.
-   Caller must free via freecon. */
-extern int security_compute_relabel(const char * scon,
-				    const char * tcon,
-				    security_class_t tclass,
-				    char ** newcon);
-extern int security_compute_relabel_raw(const char * scon,
-					const char * tcon,
-					security_class_t tclass,
-					char ** newcon);
-
-/* Compute a polyinstantiation member decision and set *newcon to refer to it.
-   Caller must free via freecon. */
-extern int security_compute_member(const char * scon,
-				   const char * tcon,
-				   security_class_t tclass,
-				   char ** newcon);
-extern int security_compute_member_raw(const char * scon,
-				       const char * tcon,
-				       security_class_t tclass,
-				       char ** newcon);
-
-/* Compute the set of reachable user contexts and set *con to refer to 
-   the NULL-terminated array of contexts.  Caller must free via freeconary. */
-extern int security_compute_user(const char * scon,
-				 const char *username,
-				 char *** con);
-extern int security_compute_user_raw(const char * scon,
-				     const char *username,
-				     char *** con);
-
-/* Load a policy configuration. */
-extern int security_load_policy(void *data, size_t len);
-
-/* Get the context of an initial kernel security identifier by name.  
-   Caller must free via freecon */
-extern int security_get_initial_context(const char *name,
-					char ** con);
-extern int security_get_initial_context_raw(const char *name,
-					    char ** con);
-
-/*
- * Make a policy image and load it.
- * This function provides a higher level interface for loading policy
- * than security_load_policy, internally determining the right policy
- * version, locating and opening the policy file, mapping it into memory,
- * manipulating it as needed for current boolean settings and/or local 
- * definitions, and then calling security_load_policy to load it.
- *
- * 'preservebools' is a boolean flag indicating whether current 
- * policy boolean values should be preserved into the new policy (if 1) 
- * or reset to the saved policy settings (if 0).  The former case is the
- * default for policy reloads, while the latter case is an option for policy
- * reloads but is primarily for the initial policy load.
- */
-extern int selinux_mkload_policy(int preservebools);
-
-/* 
- * Perform the initial policy load.
- * This function determines the desired enforcing mode, sets the
- * the *enforce argument accordingly for the caller to use, sets the 
- * SELinux kernel enforcing status to match it, and loads the policy.
- * It also internally handles the initial selinuxfs mount required to
- * perform these actions.
- *
- * The function returns 0 if everything including the policy load succeeds.
- * In this case, init is expected to re-exec itself in order to transition
- * to the proper security context.
- * Otherwise, the function returns -1, and init must check *enforce to
- * determine how to proceed.  If enforcing (*enforce > 0), then init should
- * halt the system.  Otherwise, init may proceed normally without a re-exec.
- */
-extern int selinux_init_load_policy(int *enforce);
-
-/* Translate boolean strict to name value pair. */
-typedef struct {
-	char *name;
-	int value;
-} SELboolean;
-/* save a list of booleans in a single transaction.  */
-extern int security_set_boolean_list(size_t boolcnt,
-				     SELboolean * boollist, int permanent);
-
-/* Load policy boolean settings.
-   Path may be NULL, in which case the booleans are loaded from
-   the active policy boolean configuration file. */
-extern int security_load_booleans(char *path);
-
-/* Check the validity of a security context. */
-extern int security_check_context(const char * con);
-extern int security_check_context_raw(const char * con);
-
-/* Canonicalize a security context. */
-extern int security_canonicalize_context(const char * con,
-					 char ** canoncon);
-extern int security_canonicalize_context_raw(const char * con,
-					     char ** canoncon);
-
-/* Get the enforce flag value. */
-extern int security_getenforce(void);
-
-/* Set the enforce flag value. */
-extern int security_setenforce(int value);
-
-/* Get the behavior for undefined classes/permissions */
-extern int security_deny_unknown(void);
-
-/* Disable SELinux at runtime (must be done prior to initial policy load). */
-extern int security_disable(void);
-
-/* Get the policy version number. */
-extern int security_policyvers(void);
-
-/* Get the boolean names */
-extern int security_get_boolean_names(char ***names, int *len);
-
-/* Get the pending value for the boolean */
-extern int security_get_boolean_pending(const char *name);
-
-/* Get the active value for the boolean */
-extern int security_get_boolean_active(const char *name);
-
-/* Set the pending value for the boolean */
-extern int security_set_boolean(const char *name, int value);
-
-/* Commit the pending values for the booleans */
-extern int security_commit_booleans(void);
-
-/* Userspace class mapping support */
-struct security_class_mapping {
-	const char *name;
-	const char *perms[sizeof(access_vector_t) * 8 + 1];
-};
-
-/**
- * selinux_set_mapping - Enable dynamic mapping between integer offsets and security class names
- * @map: array of security_class_mapping structures
- *
- * The core avc_has_perm() API uses integers to represent security
- * classes; previous to the introduction of this function, it was
- * common for userspace object managers to be compiled using generated
- * offsets for a particular policy.  However, that strongly ties the build of the userspace components to a particular policy.
- *
- * By using this function to map between integer offsets and security
- * class names, it's possible to replace a system policies that have
- * at least the same set of security class names as used by the
- * userspace object managers.
- *
- * To correctly use this function, you should override the generated
- * security class defines from the system policy in a local header,
- * starting at 1, and have one security_class_mapping structure entry
- * per define.
- */
-extern int selinux_set_mapping(struct security_class_mapping *map);
-
-/* Common helpers */
-
-/* Convert between mode and security class values */
-extern security_class_t mode_to_security_class(mode_t mode);
-/* Convert between security class values and string names */
-extern security_class_t string_to_security_class(const char *name);
-extern const char *security_class_to_string(security_class_t cls);
-
-/* Convert between individual access vector permissions and string names */
-extern const char *security_av_perm_to_string(security_class_t tclass,
-					      access_vector_t perm);
-extern access_vector_t string_to_av_perm(security_class_t tclass,
-					 const char *name);
-
-/* Returns an access vector in a string representation.  User must free the
- * returned string via free(). */
-extern int security_av_string(security_class_t tclass,
-			      access_vector_t av, char **result);
-
-/* Display an access vector in a string representation. */
-extern void print_access_vector(security_class_t tclass, access_vector_t av);
-
-/* Set the function used by matchpathcon_init when displaying
-   errors about the file_contexts configuration.  If not set,
-   then this defaults to fprintf(stderr, fmt, ...). */
-extern void set_matchpathcon_printf(void (*f) (const char *fmt, ...));
-
-/* Set the function used by matchpathcon_init when checking the
-   validity of a context in the file contexts configuration.  If not set,
-   then this defaults to a test based on security_check_context().  
-   The function is also responsible for reporting any such error, and
-   may include the 'path' and 'lineno' in such error messages. */
-extern void set_matchpathcon_invalidcon(int (*f) (const char *path,
-						  unsigned lineno,
-						  char *context));
-
-/* Same as above, but also allows canonicalization of the context,
-   by changing *context to refer to the canonical form.  If not set,
-   and invalidcon is also not set, then this defaults to calling
-   security_canonicalize_context(). */
-extern void set_matchpathcon_canoncon(int (*f) (const char *path,
-						unsigned lineno,
-						char **context));
-
-/* Set flags controlling operation of matchpathcon_init or matchpathcon. */
-#define MATCHPATHCON_BASEONLY 1	/* Only process the base file_contexts file. */
-#define MATCHPATHCON_NOTRANS  2	/* Do not perform any context translation. */
-#define MATCHPATHCON_VALIDATE 4	/* Validate/canonicalize contexts at init time. */
-extern void set_matchpathcon_flags(unsigned int flags);
-
-/* Load the file contexts configuration specified by 'path'
-   into memory for use by subsequent matchpathcon calls.  
-   If 'path' is NULL, then load the active file contexts configuration,
-   i.e. the path returned by selinux_file_context_path().
-   Unless the MATCHPATHCON_BASEONLY flag has been set, this
-   function also checks for a 'path'.homedirs file and 
-   a 'path'.local file and loads additional specifications 
-   from them if present. */
-extern int matchpathcon_init(const char *path);
-
-/* Same as matchpathcon_init, but only load entries with
-   regexes that have stems that are prefixes of 'prefix'. */
-extern int matchpathcon_init_prefix(const char *path, const char *prefix);
-
-/* Free the memory allocated by matchpathcon_init. */
-extern void matchpathcon_fini(void);
-
-/* Resolve all of the symlinks and relative portions of a pathname, but NOT
- * the final component (same a realpath() unless the final component is a
- * symlink.  Resolved path must be a path of size PATH_MAX + 1 */
-extern int realpath_not_final(const char *name, char *resolved_path);
-
-/* Match the specified pathname and mode against the file contexts
-   configuration and set *con to refer to the resulting context.
-   'mode' can be 0 to disable mode matching.
-   Caller must free via freecon.
-   If matchpathcon_init has not already been called, then this function
-   will call it upon its first invocation with a NULL path. */
-extern int matchpathcon(const char *path,
-			mode_t mode, char ** con);
-
-/* Same as above, but return a specification index for 
-   later use in a matchpathcon_filespec_add() call - see below. */
-extern int matchpathcon_index(const char *path,
-			      mode_t mode, char ** con);
-
-/* Maintain an association between an inode and a specification index,
-   and check whether a conflicting specification is already associated
-   with the same inode (e.g. due to multiple hard links).  If so, then
-   use the latter of the two specifications based on their order in the 
-   file contexts configuration.  Return the used specification index. */
-extern int matchpathcon_filespec_add(ino_t ino, int specind, const char *file);
-
-/* Destroy any inode associations that have been added, e.g. to restart
-   for a new filesystem. */
-extern void matchpathcon_filespec_destroy(void);
-
-/* Display statistics on the hash table usage for the associations. */
-extern void matchpathcon_filespec_eval(void);
-
-/* Check to see whether any specifications had no matches and report them.
-   The 'str' is used as a prefix for any warning messages. */
-extern void matchpathcon_checkmatches(char *str);
-
-/* Match the specified media and against the media contexts 
-   configuration and set *con to refer to the resulting context.
-   Caller must free con via freecon. */
-extern int matchmediacon(const char *media, char ** con);
-
-/*
-  selinux_getenforcemode reads the /etc/selinux/config file and determines 
-  whether the machine should be started in enforcing (1), permissive (0) or 
-  disabled (-1) mode.
- */
-extern int selinux_getenforcemode(int *enforce);
-
-/*
-  selinux_boolean_sub reads the /etc/selinux/TYPE/booleans.subs_dist file
-  looking for a record with boolean_name.  If a record exists selinux_boolean_sub
-  returns the translated name otherwise it returns the original name.
-  The returned value needs to be freed. On failure NULL will be returned.
- */
-extern char *selinux_boolean_sub(const char *boolean_name);
-
-/*
-  selinux_getpolicytype reads the /etc/selinux/config file and determines 
-  what the default policy for the machine is.  Calling application must 
-  free policytype.
- */
-extern int selinux_getpolicytype(char **policytype);
-
-/*
-  selinux_policy_root reads the /etc/selinux/config file and returns 
-  the directory path under which the compiled policy file and context 
-  configuration files exist.
- */
-extern const char *selinux_policy_root(void);
-
-/*
-  selinux_set_policy_root sets an alternate policy root directory path under
-  which the compiled policy file and context configuration files exist.
- */
-extern int selinux_set_policy_root(const char *rootpath);
-
-/* These functions return the paths to specific files under the 
-   policy root directory. */
-extern const char *selinux_current_policy_path(void);
-extern const char *selinux_binary_policy_path(void);
-extern const char *selinux_failsafe_context_path(void);
-extern const char *selinux_removable_context_path(void);
-extern const char *selinux_default_context_path(void);
-extern const char *selinux_user_contexts_path(void);
-extern const char *selinux_file_context_path(void);
-extern const char *selinux_file_context_homedir_path(void);
-extern const char *selinux_file_context_local_path(void);
-extern const char *selinux_file_context_subs_path(void);
-extern const char *selinux_file_context_subs_dist_path(void);
-extern const char *selinux_homedir_context_path(void);
-extern const char *selinux_media_context_path(void);
-extern const char *selinux_virtual_domain_context_path(void);
-extern const char *selinux_virtual_image_context_path(void);
-extern const char *selinux_lxc_contexts_path(void);
-extern const char *selinux_x_context_path(void);
-extern const char *selinux_sepgsql_context_path(void);
-extern const char *selinux_openrc_contexts_path(void);
-extern const char *selinux_openssh_contexts_path(void);
-extern const char *selinux_snapperd_contexts_path(void);
-extern const char *selinux_systemd_contexts_path(void);
-extern const char *selinux_contexts_path(void);
-extern const char *selinux_securetty_types_path(void);
-extern const char *selinux_booleans_subs_path(void);
-extern const char *selinux_booleans_path(void);
-extern const char *selinux_customizable_types_path(void);
-extern const char *selinux_users_path(void);
-extern const char *selinux_usersconf_path(void);
-extern const char *selinux_translations_path(void);
-extern const char *selinux_colors_path(void);
-extern const char *selinux_netfilter_context_path(void);
-extern const char *selinux_path(void);
-
-/**
- * selinux_check_access - Check permissions and perform appropriate auditing.
- * @scon: source security context
- * @tcon: target security context
- * @tclass: target security class string
- * @perm: requested permissions string, interpreted based on @tclass
- * @auditdata: auxiliary audit data
- *
- * Check the AVC to determine whether the @perm permissions are granted
- * for the SID pair (@scon, @tcon), interpreting the permissions
- * based on @tclass.
- * Return %0 if all @perm permissions are granted, -%1 with 
- * @errno set to %EACCES if any permissions are denied or to another 
- * value upon other errors.
- * If auditing or logging is configured the appropriate callbacks will be called
- * and passed the auditdata field
- */
-extern int selinux_check_access(const char * scon, const char * tcon, const char *tclass, const char *perm, void *auditdata);
-
-/* Check a permission in the passwd class.
-   Return 0 if granted or -1 otherwise. */
-extern int selinux_check_passwd_access(access_vector_t requested);
-extern int checkPasswdAccess(access_vector_t requested);
-
-/* Check if the tty_context is defined as a securetty
-   Return 0 if secure, < 0 otherwise. */
-extern int selinux_check_securetty_context(const char * tty_context);
-
-/* Set the path to the selinuxfs mount point explicitly.
-   Normally, this is determined automatically during libselinux 
-   initialization, but this is not always possible, e.g. for /sbin/init
-   which performs the initial mount of selinuxfs. */
-void set_selinuxmnt(const char *mnt);
-
-/* Check if selinuxfs exists as a kernel filesystem */
-int selinuxfs_exists(void);
-
-/* clear selinuxmnt variable and free allocated memory */
-void fini_selinuxmnt(void);
-
-/* Set an appropriate security context based on the filename of a helper
- * program, falling back to a new context with the specified type. */
-extern int setexecfilecon(const char *filename, const char *fallback_type);
-
-#ifndef DISABLE_RPM
-/* Execute a helper for rpm in an appropriate security context. */
-extern int rpm_execcon(unsigned int verified,
-		       const char *filename,
-		       char *const argv[], char *const envp[]);
-#endif
-
-/* Returns whether a file context is customizable, and should not 
-   be relabeled . */
-extern int is_context_customizable(const char * scontext);
-
-/* Perform context translation between the human-readable format
-   ("translated") and the internal system format ("raw"). 
-   Caller must free the resulting context via freecon.  
-   Returns -1 upon an error or 0 otherwise.
-   If passed NULL, sets the returned context to NULL and returns 0. */
-extern int selinux_trans_to_raw_context(const char * trans,
-					char ** rawp);
-extern int selinux_raw_to_trans_context(const char * raw,
-					char ** transp);
-
-/* Perform context translation between security contexts
-   and display colors.  Returns a space-separated list of ten
-   ten hex RGB triples prefixed by hash marks, e.g. "#ff0000".
-   Caller must free the resulting string via free.
-   Returns -1 upon an error or 0 otherwise. */
-extern int selinux_raw_context_to_color(const char * raw,
-					char **color_str);
-
-/* Get the SELinux username and level to use for a given Linux username. 
-   These values may then be passed into the get_ordered_context_list*
-   and get_default_context* functions to obtain a context for the user.
-   Returns 0 on success or -1 otherwise.
-   Caller must free the returned strings via free. */
-extern int getseuserbyname(const char *linuxuser, char **seuser, char **level);
-
-/* Get the SELinux username and level to use for a given Linux username and service. 
-   These values may then be passed into the get_ordered_context_list*
-   and get_default_context* functions to obtain a context for the user.
-   Returns 0 on success or -1 otherwise.
-   Caller must free the returned strings via free. */
-extern int getseuser(const char *username, const char *service, 
-		     char **r_seuser, char **r_level);
-
-/* Compare two file contexts, return 0 if equivalent. */
-extern int selinux_file_context_cmp(const char * a,
-			     const char * b);
-
-/* 
- * Verify the context of the file 'path' against policy.
- * Return 1 if match, 0 if not and -1 on error.
- */
-extern int selinux_file_context_verify(const char *path, mode_t mode);
-
-/* This function sets the file context on to the system defaults returns 0 on success */
-extern int selinux_lsetfilecon_default(const char *path);
-
-/* 
- * Force a reset of the loaded configuration
- * WARNING: This is not thread safe. Be very sure that no other threads
- * are calling into libselinux when this is called.
- */
-extern void selinux_reset_config(void);
-
-#ifdef __cplusplus
-}
-#endif
-#endif
--- a/jni/include/magisk.h
+++ b/jni/include/magisk.h
@@ -1,91 +0,0 @@
-/* magisk.h - Top header
- */
-
-#ifndef _MAGISK_H_
-#define _MAGISK_H_
-
-#include <stdlib.h>
-#include <errno.h>
-#include <string.h>
-#include <pthread.h>
-#include <android/log.h>
-
-#define str(a) #a
-#define xstr(a) str(a)
-
-#define MAGISK_VER_STR  xstr(MAGISK_VERSION) ":MAGISK"
-#define REQUESTOR_DAEMON_PATH     "\0MAGISK"
-
-#define LOG_TAG    "Magisk"
-
-#ifndef ARG_MAX
-#define ARG_MAX 4096
-#endif
-
-#define LOGFILE         "/cache/magisk.log"
-#define LASTLOG         "/cache/last_magisk.log"
-#define DEBUG_LOG       "/data/magisk_debug.log"
-#define UNBLOCKFILE     "/dev/.magisk.unblock"
-#define DISABLEFILE     "/cache/.disable_magisk"
-#define UNINSTALLER     "/cache/magisk_uninstaller.sh"
-#define MOUNTPOINT      "/magisk"
-#define COREDIR         MOUNTPOINT "/.core"
-#define HOSTSFILE       COREDIR "/hosts"
-#define HIDELIST        COREDIR "/hidelist"
-#define MAINIMG         "/data/magisk.img"
-#define DATABIN         "/data/magisk"
-#define MANAGERAPK      DATABIN "/magisk.apk"
-#define MAGISKTMP       "/dev/magisk"
-#define MIRRDIR         MAGISKTMP "/mirror"
-#define DUMMDIR         MAGISKTMP "/dummy"
-#define BBPATH          MAGISKTMP "/bin"
-#define CACHEMOUNT      "/cache/magisk_mount"
-
-#define SELINUX_PATH        "/sys/fs/selinux/"
-#define SELINUX_ENFORCE     SELINUX_PATH "enforce"
-#define SELINUX_POLICY      SELINUX_PATH "policy"
-#define SELINUX_LOAD        SELINUX_PATH "load"
-
-#define MAGISKHIDE_PROP     "persist.magisk.hide"
-
-// Global handler for PLOGE
-extern __thread void (*err_handler)(void);
-
-// Common error handlers
-static inline void exit_proc() { exit(1); }
-static inline void exit_thread() { pthread_exit(NULL); }
-static inline void do_nothing() {}
-
-// Dummy function to depress debug message
-static inline void stub(const char *fmt, ...) {}
-
-#ifdef MAGISK_DEBUG
-#define LOGD(...)  __android_log_print(ANDROID_LOG_DEBUG, LOG_TAG, __VA_ARGS__)
-#else
-#define LOGD(...)  stub(__VA_ARGS__)
-#endif
-#define LOGI(...)  __android_log_print(ANDROID_LOG_INFO, LOG_TAG, __VA_ARGS__)
-#define LOGW(...)  __android_log_print(ANDROID_LOG_WARN, LOG_TAG, __VA_ARGS__)
-#define LOGE(...)  __android_log_print(ANDROID_LOG_ERROR, LOG_TAG, __VA_ARGS__)
-
-#define PLOGE(fmt, args...) { LOGE(fmt " failed with %d: %s", ##args, errno, strerror(errno)); err_handler(); }
-
-extern char *argv0;     /* For changing process name */
-
-extern char *applet[];
-extern int (*applet_main[]) (int, char *[]);
-
-// Multi-call entrypoints
-int magiskhide_main(int argc, char *argv[]);
-int magiskpolicy_main(int argc, char *argv[]);
-int su_client_main(int argc, char *argv[]);
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-int resetprop_main(int argc, char *argv[]);
-#ifdef __cplusplus
-}
-#endif
-
-#endif
--- a/jni/include/magiskpolicy.h
+++ b/jni/include/magiskpolicy.h
@@ -1,36 +0,0 @@
-/* magiskpolicy.h - Public API for policy patching
- */
-
-#ifndef _MAGISKPOLICY_H
-#define _MAGISKPOLICY_H
-
-#include <stdlib.h>
-
-#define ALL NULL
-
-// policydb functions
-int load_policydb(const char *filename);
-int dump_policydb(const char *filename);
-void destroy_policydb();
-
-// Handy functions
-int sepol_allow(char *s, char *t, char *c, char *p);
-int sepol_deny(char *s, char *t, char *c, char *p);
-int sepol_auditallow(char *s, char *t, char *c, char *p);
-int sepol_auditdeny(char *s, char *t, char *c, char *p);
-int sepol_typetrans(char *s, char *t, char *c, char *d, char *o);
-int sepol_allowxperm(char *s, char *t, char *c, char *range);
-int sepol_auditallowxperm(char *s, char *t, char *c, char *range);
-int sepol_dontauditxperm(char *s, char *t, char *c, char *range);
-int sepol_create(char *s);
-int sepol_permissive(char *s);
-int sepol_enforce(char *s);
-int sepol_attradd(char *s, char *a);
-int sepol_exists(char *source);
-
-// Built in rules
-void sepol_min_rules();
-void sepol_med_rules();
-void sepol_full_rules();
-
-#endif
--- a/jni/magiskboot/boot_utils.c
+++ b/jni/magiskboot/boot_utils.c
@@ -1,97 +0,0 @@
-#include "magiskboot.h"
-
-char *SUP_LIST[] = { "gzip", "xz", "lzma", "bzip2", "lz4", "lz4_legacy", NULL };
-char *SUP_EXT_LIST[] = { "gz", "xz", "lzma", "bz2", "lz4", "lz4", NULL };
-file_t SUP_TYPE_LIST[] = { GZIP, XZ, LZMA, BZIP2, LZ4, LZ4_LEGACY, 0 };
-
-void mmap_ro(const char *filename, unsigned char **buf, size_t *size) {
-	int fd = xopen(filename, O_RDONLY);
-	*size = lseek(fd, 0, SEEK_END);
-	lseek(fd, 0, SEEK_SET);
-	*buf = xmmap(NULL, *size, PROT_READ, MAP_SHARED, fd, 0);
-	close(fd);
-}
-
-void mmap_rw(const char *filename, unsigned char **buf, size_t *size) {
-	int fd = xopen(filename, O_RDWR);
-	*size = lseek(fd, 0, SEEK_END);
-	lseek(fd, 0, SEEK_SET);
-	*buf = xmmap(NULL, *size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
-	close(fd);
-}
-
-file_t check_type(const unsigned char *buf) {
-	if (memcmp(buf, CHROMEOS_MAGIC, 8) == 0) {
-		return CHROMEOS;
-	} else if (memcmp(buf, BOOT_MAGIC, BOOT_MAGIC_SIZE) == 0) {
-		return AOSP;
-	} else if (memcmp(buf, ELF32_MAGIC, 5) == 0) {
-		return ELF32;
-	} else if (memcmp(buf, ELF64_MAGIC, 5) == 0) {
-		return ELF64;
-	} else if (memcmp(buf, "\x1f\x8b\x08\x00", 4) == 0) {
-		return GZIP;
-	} else if (memcmp(buf, "\x89\x4c\x5a\x4f\x00\x0d\x0a\x1a\x0a", 9) == 0) {
-		return LZOP;
-	} else if (memcmp(buf, "\xfd""7zXZ\x00", 6) == 0) {
-		return XZ;
-	} else if (memcmp(buf, "\x5d\x00\x00", 3) == 0 
-			&& (buf[12] == (unsigned char) '\xff' || buf[12] == (unsigned char) '\x00')) {
-		return LZMA;
-	} else if (memcmp(buf, "BZh", 3) == 0) {
-		return BZIP2;
-	} else if (memcmp(buf, "\x04\x22\x4d\x18", 4) == 0) {
-		return LZ4;
-	} else if (memcmp(buf, "\x02\x21\x4c\x18", 4) == 0) {
-		return LZ4_LEGACY;
-	} else if (memcmp(buf, "\x88\x16\x88\x58", 4) == 0) {
-		return MTK;
-	} else {
-		return UNKNOWN;
-	}
-}
-
-void write_zero(int fd, size_t size) {
-	size_t pos = lseek(fd, 0, SEEK_CUR);
-	ftruncate(fd, pos + size);
-	lseek(fd, pos + size, SEEK_SET);
-}
-
-void mem_align(size_t *pos, size_t align) {
-	size_t mask = align - 1;
-	if (*pos & mask) {
-		*pos += align - (*pos & mask);
-	}
-}
-
-void file_align(int fd, size_t align, int out) {
-	size_t pos = lseek(fd, 0, SEEK_CUR);
-	size_t mask = align - 1;
-	size_t off;
-	if (pos & mask) {
-		off = align - (pos & mask);
-		if (out) {
-			write_zero(fd, off);
-		} else {
-			lseek(fd, pos + off, SEEK_SET);
-		}
-	}
-}
-
-int open_new(const char *filename) {
-	return xopen(filename, O_WRONLY | O_CREAT | O_TRUNC, 0644);
-}
-
-void cleanup() {
-	fprintf(stderr, "Cleaning up...\n");
-	char name[PATH_MAX];
-	unlink(KERNEL_FILE);
-	unlink(RAMDISK_FILE);
-	unlink(RAMDISK_FILE ".unsupport");
-	unlink(SECOND_FILE);
-	unlink(DTB_FILE);
-	for (int i = 0; SUP_EXT_LIST[i]; ++i) {
-		sprintf(name, "%s.%s", RAMDISK_FILE, SUP_EXT_LIST[i]);
-		unlink(name);
-	}
-}
--- a/jni/magiskboot/bootimg.c
+++ b/jni/magiskboot/bootimg.c
@@ -1,310 +0,0 @@
-#include "bootimg.h"
-#include "magiskboot.h"
-
-static unsigned char *kernel, *ramdisk, *second, *dtb, *extra;
-static boot_img_hdr hdr;
-static int mtk_kernel = 0, mtk_ramdisk = 0;
-static file_t ramdisk_type;
-
-static void dump(unsigned char *buf, size_t size, const char *filename) {
-	int fd = open_new(filename);
-	xwrite(fd, buf, size);
-	close(fd);
-}
-
-static size_t restore(const char *filename, int fd) {
-	int ifd = xopen(filename, O_RDONLY);
-	size_t size = lseek(ifd, 0, SEEK_END);
-	lseek(ifd, 0, SEEK_SET);
-	xsendfile(fd, ifd, NULL, size);
-	close(ifd);
-	return size;
-}
-
-static void restore_buf(int fd, const void *buf, size_t size) {
-	xwrite(fd, buf, size);
-}
-
-static void print_info() {
-	fprintf(stderr, "KERNEL [%d] @ 0x%08x\n", hdr.kernel_size, hdr.kernel_addr);
-	fprintf(stderr, "RAMDISK [%d] @ 0x%08x\n", hdr.ramdisk_size, hdr.ramdisk_addr);
-	fprintf(stderr, "SECOND [%d] @ 0x%08x\n", hdr.second_size, hdr.second_addr);
-	fprintf(stderr, "DTB [%d] @ 0x%08x\n", hdr.dt_size, hdr.tags_addr);
-	fprintf(stderr, "PAGESIZE [%d]\n", hdr.page_size);
-	if (hdr.os_version != 0) {
-		int a,b,c,y,m = 0;
-		int os_version, os_patch_level;
-		os_version = hdr.os_version >> 11;
-		os_patch_level = hdr.os_version & 0x7ff;
-		
-		a = (os_version >> 14) & 0x7f;
-		b = (os_version >> 7) & 0x7f;
-		c = os_version & 0x7f;
-		fprintf(stderr, "OS_VERSION [%d.%d.%d]\n", a, b, c);
-		
-		y = (os_patch_level >> 4) + 2000;
-		m = os_patch_level & 0xf;
-		fprintf(stderr, "PATCH_LEVEL [%d-%02d]\n", y, m);
-	}
-	fprintf(stderr, "NAME [%s]\n", hdr.name);
-	fprintf(stderr, "CMDLINE [%s]\n", hdr.cmdline);
-
-	switch (ramdisk_type) {
-		case GZIP:
-			fprintf(stderr, "COMPRESSION [%s]\n", "gzip");
-			break;
-		case XZ:
-			fprintf(stderr, "COMPRESSION [%s]\n", "xz");
-			break;
-		case LZMA:
-			fprintf(stderr, "COMPRESSION [%s]\n", "lzma");
-			break;
-		case BZIP2:
-			fprintf(stderr, "COMPRESSION [%s]\n", "bzip2");
-			break;
-		case LZ4:
-			fprintf(stderr, "COMPRESSION [%s]\n", "lz4");
-			break;
-		case LZ4_LEGACY:
-			fprintf(stderr, "COMPRESSION [%s]\n", "lz4_legacy");
-			break;
-		default:
-			fprintf(stderr, "Unknown ramdisk format!\n");
-	}
-	fprintf(stderr, "\n");
-}
-
-int parse_img(unsigned char *orig, size_t size) {
-	unsigned char *base, *end;
-	size_t pos = 0;
-	int ret = 0;
-	for(base = orig, end = orig + size; base < end; base += 256, size -= 256) {
-		switch (check_type(base)) {
-		case CHROMEOS:
-			// The caller should know it's chromeos, as it needs additional signing
-			ret = 2;
-			continue;
-		case ELF32:
-			exit(3);
-		case ELF64:
-			exit(4);
-		case AOSP:
-			// Read the header
-			memcpy(&hdr, base, sizeof(hdr));
-			pos += hdr.page_size;
-
-			// Kernel position
-			kernel = base + pos;
-			pos += hdr.kernel_size;
-			mem_align(&pos, hdr.page_size);
-
-			// Ramdisk position
-			ramdisk = base + pos;
-			pos += hdr.ramdisk_size;
-			mem_align(&pos, hdr.page_size);
-
-			if (hdr.second_size) {
-				// Second position
-				second = base + pos;
-				pos += hdr.second_size;
-				mem_align(&pos, hdr.page_size);
-			}
-
-			if (hdr.dt_size) {
-				// dtb position
-				dtb = base + pos;
-				pos += hdr.dt_size;
-				mem_align(&pos, hdr.page_size);
-			}
-
-			if (pos < size) {
-				extra = base + pos;
-			}
-
-			// Check ramdisk compression type
-			ramdisk_type = check_type(ramdisk);
-
-			// Check MTK
-			if (check_type(kernel) == MTK) {
-				fprintf(stderr, "MTK header found in kernel\n");
-				mtk_kernel = 1;
-			}
-			if (ramdisk_type == MTK) {
-				fprintf(stderr, "MTK header found in ramdisk\n");
-				mtk_ramdisk = 1;
-				ramdisk_type = check_type(ramdisk + 512);
-			}
-
-			// Print info
-			print_info();
-			return ret;
-		default:
-			continue;
-		}
-	}
-	LOGE(1, "No boot image magic found!\n");
-}
-
-void unpack(const char* image) {
-	size_t size;
-	unsigned char *orig;
-	mmap_ro(image, &orig, &size);
-
-	// Parse image
-	fprintf(stderr, "Parsing boot image: [%s]\n\n", image);
-	int ret = parse_img(orig, size);
-
-	// Dump kernel
-	if (mtk_kernel) {
-		kernel += 512;
-		hdr.kernel_size -= 512;
-	}
-	dump(kernel, hdr.kernel_size, KERNEL_FILE);
-
-	// Dump ramdisk
-	if (mtk_ramdisk) {
-		ramdisk += 512;
-		hdr.ramdisk_size -= 512;
-	}
-	if (decomp(ramdisk_type, RAMDISK_FILE, ramdisk, hdr.ramdisk_size)) {
-		// Dump the compressed ramdisk
-		dump(ramdisk, hdr.ramdisk_size, RAMDISK_FILE ".unsupport");
-		LOGE(1, "Unsupported ramdisk format! Dumped to %s\n", RAMDISK_FILE ".unsupport");
-	}
-
-	if (hdr.second_size) {
-		// Dump second
-		dump(second, hdr.second_size, SECOND_FILE);
-	}
-
-	if (hdr.dt_size) {
-		// Dump dtb
-		dump(dtb, hdr.dt_size, DTB_FILE);
-	}
-
-	munmap(orig, size);
-	exit(ret);
-}
-
-void repack(const char* orig_image, const char* out_image) {
-	size_t size;
-	unsigned char *orig;
-	char name[PATH_MAX];
-
-	// There are possible two MTK headers
-	mtk_hdr mtk_kernel_hdr, mtk_ramdisk_hdr;
-	size_t mtk_kernel_off, mtk_ramdisk_off;
-
-	// Load original image
-	mmap_ro(orig_image, &orig, &size);
-
-	// Parse original image
-	fprintf(stderr, "Parsing boot image: [%s]\n\n", orig_image);
-	parse_img(orig, size);
-
-	fprintf(stderr, "Repack to boot image: [%s]\n\n", out_image);
-
-	// Create new image
-	int fd = open_new(out_image);
-
-	// Set all sizes to 0
-	hdr.kernel_size = 0;
-	hdr.ramdisk_size = 0;
-	hdr.second_size = 0;
-	hdr.dt_size = 0;
-
-	// Skip a page for header
-	write_zero(fd, hdr.page_size);
-
-	// Restore kernel
-	if (mtk_kernel) {
-		mtk_kernel_off = lseek(fd, 0, SEEK_CUR);
-		restore_buf(fd, kernel, 512);
-		memcpy(&mtk_kernel_hdr, kernel, sizeof(mtk_kernel_hdr));
-	}
-	hdr.kernel_size = restore(KERNEL_FILE, fd);
-	file_align(fd, hdr.page_size, 1);
-
-	// Restore ramdisk
-	if (mtk_ramdisk) {
-		mtk_ramdisk_off = lseek(fd, 0, SEEK_CUR);
-		restore_buf(fd, ramdisk, 512);
-		memcpy(&mtk_ramdisk_hdr, ramdisk, sizeof(mtk_ramdisk_hdr));
-	}
-	if (access(RAMDISK_FILE, R_OK) == 0) {
-		// If we found raw cpio, compress to original format
-
-		// Before we start, clean up previous compressed files
-		for (int i = 0; SUP_EXT_LIST[i]; ++i) {
-			sprintf(name, "%s.%s", RAMDISK_FILE, SUP_EXT_LIST[i]);
-			unlink(name);
-		}
-
-		size_t cpio_size;
-		unsigned char *cpio;
-		mmap_ro(RAMDISK_FILE, &cpio, &cpio_size);
-
-		if (comp(ramdisk_type, RAMDISK_FILE, cpio, cpio_size))
-			LOGE(1, "Unsupported ramdisk format!\n");
-
-		munmap(cpio, cpio_size);
-	}
-
-	int found = 0;
-	for (int i = 0; SUP_EXT_LIST[i]; ++i) {
-		sprintf(name, "%s.%s", RAMDISK_FILE, SUP_EXT_LIST[i]);
-		if (access(name, R_OK) == 0) {
-			ramdisk_type = SUP_TYPE_LIST[i];
-			found = 1;
-			break;
-		}
-	}
-	if (!found)
-		LOGE(1, "No ramdisk exists!\n");
-	hdr.ramdisk_size = restore(name, fd);
-	file_align(fd, hdr.page_size, 1);
-
-	// Restore second
-	if (access(SECOND_FILE, R_OK) == 0) {
-		hdr.second_size = restore(SECOND_FILE, fd);
-		file_align(fd, hdr.page_size, 1);
-	}
-
-	// Restore dtb
-	if (access(DTB_FILE, R_OK) == 0) {
-		hdr.dt_size = restore(DTB_FILE, fd);
-		file_align(fd, hdr.page_size, 1);
-	}
-
-	// Check extra info, currently only for LG Bump and Samsung SEANDROIDENFORCE
-	if (extra) {
-		if (memcmp(extra, "SEANDROIDENFORCE", 16) == 0 || 
-			memcmp(extra, "\x41\xa9\xe4\x67\x74\x4d\x1d\x1b\xa4\x29\xf2\xec\xea\x65\x52\x79", 16) == 0 ) {
-			restore_buf(fd, extra, 16);
-		}
-	}
-
-	// Write headers back
-	if (mtk_kernel) {
-		lseek(fd, mtk_kernel_off, SEEK_SET);
-		mtk_kernel_hdr.size = hdr.kernel_size;
-		hdr.kernel_size += 512;
-		restore_buf(fd, &mtk_kernel_hdr, sizeof(mtk_kernel_hdr));
-	}
-	if (mtk_ramdisk) {
-		lseek(fd, mtk_ramdisk_off, SEEK_SET);
-		mtk_ramdisk_hdr.size = hdr.ramdisk_size;
-		hdr.ramdisk_size += 512;
-		restore_buf(fd, &mtk_ramdisk_hdr, sizeof(mtk_ramdisk_hdr));
-	}
-	// Main header
-	lseek(fd, 0, SEEK_SET);
-	restore_buf(fd, &hdr, sizeof(hdr));
-
-	// Print new image info
-	print_info();
-
-	munmap(orig, size);
-	close(fd);
-}
-
--- a/jni/magiskboot/bootimg.h
+++ b/jni/magiskboot/bootimg.h
@@ -1,102 +0,0 @@
-/* tools/mkbootimg/bootimg.h
-**
-** Copyright 2007, The Android Open Source Project
-**
-** Licensed under the Apache License, Version 2.0 (the "License"); 
-** you may not use this file except in compliance with the License. 
-** You may obtain a copy of the License at 
-**
-**     http://www.apache.org/licenses/LICENSE-2.0 
-**
-** Unless required by applicable law or agreed to in writing, software 
-** distributed under the License is distributed on an "AS IS" BASIS, 
-** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
-** See the License for the specific language governing permissions and 
-** limitations under the License.
-*/
-
-#include <stdint.h>
-
-#ifndef _BOOT_IMAGE_H_
-#define _BOOT_IMAGE_H_
-
-typedef struct boot_img_hdr boot_img_hdr;
-
-#define BOOT_MAGIC "ANDROID!"
-#define BOOT_MAGIC_SIZE 8
-#define BOOT_NAME_SIZE 16
-#define BOOT_ARGS_SIZE 512
-#define BOOT_EXTRA_ARGS_SIZE 1024
-
-struct boot_img_hdr
-{
-    uint8_t magic[BOOT_MAGIC_SIZE];
-
-    uint32_t kernel_size;  /* size in bytes */
-    uint32_t kernel_addr;  /* physical load addr */
-
-    uint32_t ramdisk_size; /* size in bytes */
-    uint32_t ramdisk_addr; /* physical load addr */
-
-    uint32_t second_size;  /* size in bytes */
-    uint32_t second_addr;  /* physical load addr */
-
-    uint32_t tags_addr;    /* physical addr for kernel tags */
-    uint32_t page_size;    /* flash page size we assume */
-    uint32_t dt_size;      /* device tree in bytes */
-
-    /* operating system version and security patch level; for
-     * version "A.B.C" and patch level "Y-M-D":
-     * ver = A << 14 | B << 7 | C         (7 bits for each of A, B, C)
-     * lvl = ((Y - 2000) & 127) << 4 | M  (7 bits for Y, 4 bits for M)
-     * os_version = ver << 11 | lvl */
-    uint32_t os_version;
-
-    uint8_t name[BOOT_NAME_SIZE]; /* asciiz product name */
-
-    uint8_t cmdline[BOOT_ARGS_SIZE];
-
-    uint32_t id[8]; /* timestamp / checksum / sha1 / etc */
-
-    /* Supplemental command line data; kept here to maintain
-     * binary compatibility with older versions of mkbootimg */
-    uint8_t extra_cmdline[BOOT_EXTRA_ARGS_SIZE];
-} __attribute__((packed));
-
-/*
-** +-----------------+ 
-** | boot header     | 1 page
-** +-----------------+
-** | kernel          | n pages  
-** +-----------------+
-** | ramdisk         | m pages  
-** +-----------------+
-** | second stage    | o pages
-** +-----------------+
-** | device tree     | p pages
-** +-----------------+
-**
-** n = (kernel_size + page_size - 1) / page_size
-** m = (ramdisk_size + page_size - 1) / page_size
-** o = (second_size + page_size - 1) / page_size
-** p = (dt_size + page_size - 1) / page_size
-**
-** 0. all entities are page_size aligned in flash
-** 1. kernel and ramdisk are required (size != 0)
-** 2. second is optional (second_size == 0 -> no second)
-** 3. load each element (kernel, ramdisk, second) at
-**    the specified physical address (kernel_addr, etc)
-** 4. prepare tags at tag_addr.  kernel_args[] is
-**    appended to the kernel commandline in the tags.
-** 5. r0 = 0, r1 = MACHINE_TYPE, r2 = tags_addr
-** 6. if second_size != 0: jump to second_addr
-**    else: jump to kernel_addr
-*/
-
-typedef struct mtk_hdr {
-   uint8_t magic[4];    /* MTK magic */
-   uint32_t size;       /* Size of the content */
-   uint8_t name[32];    /* The type of the header */
-} mtk_hdr;
-
-#endif
--- a/jni/magiskboot/compress.c
+++ b/jni/magiskboot/compress.c
@@ -1,569 +0,0 @@
-#include <zlib.h>
-#include <lzma.h>
-#include <lz4.h>
-#include <lz4frame.h>
-#include <bzlib.h>
-
-#include "magiskboot.h"
-
-#define windowBits 15
-#define ZLIB_GZIP 16
-#define memLevel 8
-#define CHUNK 0x40000
-
-#define LZ4_HEADER_SIZE 19
-#define LZ4_FOOTER_SIZE 4
-#define LZ4_LEGACY_BLOCKSIZE  0x800000
-
-static void write_file(const int fd, const void *buf, const size_t size, const char *filename) {
-	xwrite(fd, buf, size);
-}
-
-static void report(const int mode, const char* filename) {
-	switch(mode) {
-		case 0:
-			fprintf(stderr, "Decompressing to [%s]\n\n", filename);
-			break;
-		default:
-			fprintf(stderr, "Compressing to [%s]\n\n", filename);
-			break;
-	}
-}
-
-// Mode: 0 = decode; 1 = encode
-void gzip(int mode, const char* filename, const unsigned char* buf, size_t size) {
-	size_t ret = 0, flush, have, pos = 0;
-	z_stream strm;
-	unsigned char out[CHUNK];
-
-	report(mode, filename);
-	int fd = open_new(filename);
-
-	strm.zalloc = Z_NULL;
-	strm.zfree = Z_NULL;
-	strm.opaque = Z_NULL;
-
-	switch(mode) {
-		case 0:
-			ret = inflateInit2(&strm, windowBits | ZLIB_GZIP);
-			break;
-		case 1:
-			ret = deflateInit2(&strm, 9, Z_DEFLATED, windowBits | ZLIB_GZIP, memLevel, Z_DEFAULT_STRATEGY);
-			break;
-		default:
-			LOGE(1, "Unsupported gzip mode!\n");
-	}
-
-	if (ret != Z_OK)
-		LOGE(1, "Unable to init zlib stream\n");
-
-	do {
-		strm.next_in = buf + pos;
-		if (pos + CHUNK >= size) {
-			strm.avail_in = size - pos;
-			flush = Z_FINISH;
-		} else {
-			strm.avail_in = CHUNK;
-			flush = Z_NO_FLUSH;
-		}
-		pos += strm.avail_in;
-
-		do {
-			strm.avail_out = CHUNK;
-			strm.next_out = out;
-			switch(mode) {
-				case 0:
-					ret = inflate(&strm, flush);
-					break;
-				case 1:
-					ret = deflate(&strm, flush);
-					break;
-			}
-			if (ret == Z_STREAM_ERROR)
-				LOGE(1, "Error when running gzip\n");
-
-			have = CHUNK - strm.avail_out;
-			write_file(fd, out, have, filename);
-
-		} while (strm.avail_out == 0);
-
-	} while(pos < size);
-
-	switch(mode) {
-		case 0:
-			inflateEnd(&strm);
-			break;
-		case 1:
-			deflateEnd(&strm);
-			break;
-	}
-	close(fd);
-}
-
-
-// Mode: 0 = decode xz/lzma; 1 = encode xz; 2 = encode lzma
-void lzma(int mode, const char* filename, const unsigned char* buf, size_t size) {
-	size_t have, pos = 0;
-	lzma_ret ret = 0;
-	lzma_stream strm = LZMA_STREAM_INIT;
-	lzma_options_lzma opt;
-	lzma_action action;
-	unsigned char out[BUFSIZ];
-
-	report(mode, filename);
-	int fd = open_new(filename);
-
-	// Initialize preset
-	lzma_lzma_preset(&opt, LZMA_PRESET_DEFAULT);
-	lzma_filter filters[] = {
-		{ .id = LZMA_FILTER_LZMA2, .options = &opt },
-		{ .id = LZMA_VLI_UNKNOWN, .options = NULL },
-	};
-
-	switch(mode) {
-		case 0:
-			ret = lzma_auto_decoder(&strm, UINT64_MAX, 0);
-			break;
-		case 1:
-			ret = lzma_stream_encoder(&strm, filters, LZMA_CHECK_CRC32);
-			break;
-		case 2:
-			ret = lzma_alone_encoder(&strm, &opt);
-			break;
-		default:
-			LOGE(1, "Unsupported lzma mode!\n");
-	}
-
-
-	if (ret != LZMA_OK)
-		LOGE(1, "Unable to init lzma stream\n");
-
-	do {
-		strm.next_in = buf + pos;
-		if (pos + BUFSIZ >= size) {
-			strm.avail_in = size - pos;
-			action = LZMA_FINISH;
-		} else {
-			strm.avail_in = BUFSIZ;
-			action = LZMA_RUN;
-		}
-		pos += strm.avail_in;
-
-		do {
-			strm.avail_out = BUFSIZ;
-			strm.next_out = out;
-			ret = lzma_code(&strm, action);
-			have = BUFSIZ - strm.avail_out;
-			write_file(fd, out, have, filename);
-		} while (strm.avail_out == 0 && ret == LZMA_OK);
-
-		if (ret != LZMA_OK && ret != LZMA_STREAM_END)
-			LOGE(1, "LZMA error %d!\n", ret);
-
-	} while (pos < size);
-
-	lzma_end(&strm);
-	close(fd);
-}
-
-// Mode: 0 = decode; 1 = encode
-void lz4(int mode, const char* filename, const unsigned char* buf, size_t size) {
-	LZ4F_decompressionContext_t dctx;
-	LZ4F_compressionContext_t cctx;
-	LZ4F_frameInfo_t info;
-
-	size_t outCapacity, avail_in, ret = 0, pos = 0;
-	size_t have, read;
-	unsigned char *out = NULL;
-
-	report(mode, filename);
-	int fd = open_new(filename);
-
-	// Initialize context
-	switch(mode) {
-		case 0:
-			ret = LZ4F_createDecompressionContext(&dctx, LZ4F_VERSION);
-			break;
-		case 1:
-			ret = LZ4F_createCompressionContext(&cctx, LZ4F_VERSION);
-			break;
-		default:
-			LOGE(1, "Unsupported lz4 mode!\n");
-	}
-	
-	if (LZ4F_isError(ret))
-		LOGE(1, "Context creation error: %s\n", LZ4F_getErrorName(ret));
-
-	// Allocate out buffer
-	switch(mode) {
-		case 0:
-			// Read header
-			read = CHUNK;
-			ret = LZ4F_getFrameInfo(dctx, &info, buf, &read);
-			if (LZ4F_isError(ret))
-				LOGE(1, "LZ4F_getFrameInfo error: %s\n", LZ4F_getErrorName(ret));
-			switch (info.blockSizeID) {
-				case LZ4F_default:
-				case LZ4F_max64KB:  outCapacity = 1 << 16; break;
-				case LZ4F_max256KB: outCapacity = 1 << 18; break;
-				case LZ4F_max1MB:   outCapacity = 1 << 20; break;
-				case LZ4F_max4MB:   outCapacity = 1 << 22; break;
-				default:
-					LOGE(1, "Impossible unless more block sizes are allowed\n");
-			}
-			pos += read;
-			break;
-		case 1:
-			outCapacity = LZ4F_compressBound(CHUNK, NULL) + LZ4_HEADER_SIZE + LZ4_FOOTER_SIZE;
-			break;
-	}
-
-	out = xmalloc(outCapacity);
-
-	// Write header
-	if (mode == 1) {
-		have = ret = LZ4F_compressBegin(cctx, out, size, NULL);
-		if (LZ4F_isError(ret))
-			LOGE(1, "Failed to start compression: error %s\n", LZ4F_getErrorName(ret));
-		write_file(fd, out, have, filename);
-	}
-
-	do {
-		if (pos + CHUNK >= size) {
-			avail_in = size - pos;
-		} else {
-			avail_in = CHUNK;
-		}
-
-		do {
-			switch(mode) {
-				case 0:
-					have = outCapacity, read = avail_in;
-					ret = LZ4F_decompress(dctx, out, &have, buf + pos, &read, NULL);
-					break;
-				case 1:
-					read = avail_in;
-					have = ret = LZ4F_compressUpdate(cctx, out, outCapacity, buf + pos, avail_in, NULL);
-					break;
-			}
-			if (LZ4F_isError(ret))
-				LOGE(1, "LZ4 coding error: %s\n", LZ4F_getErrorName(ret));
-
-			write_file(fd, out, have, filename);
-			// Update status
-			pos += read;
-			avail_in -= read;
-		} while(avail_in != 0 && ret != 0);
-
-	} while(pos < size && ret != 0);
-
-	switch(mode) {
-		case 0:
-			LZ4F_freeDecompressionContext(dctx);
-			break;
-		case 1:
-			have = ret = LZ4F_compressEnd(cctx, out, outCapacity, NULL);
-			if (LZ4F_isError(ret))
-				LOGE(1, "Failed to end compression: error %s\n", LZ4F_getErrorName(ret));
-
-			write_file(fd, out, have, filename);
-
-			LZ4F_freeCompressionContext(cctx);
-			break;
-	}
-
-	free(out);
-	close(fd);
-}
-
-// Mode: 0 = decode; 1 = encode
-void bzip2(int mode, const char* filename, const unsigned char* buf, size_t size) {
-	size_t ret = 0, action, have, pos = 0;
-	bz_stream strm;
-	char out[CHUNK];
-
-	report(mode, filename);
-	int fd = open_new(filename);
-
-	strm.bzalloc = NULL;
-	strm.bzfree = NULL;
-	strm.opaque = NULL;
-
-	switch(mode) {
-		case 0:
-			ret = BZ2_bzDecompressInit(&strm, 0, 0);
-			break;
-		case 1:
-			ret = BZ2_bzCompressInit(&strm, 9, 0, 0);
-			break;
-		default:
-			LOGE(1, "Unsupported bzip2 mode!\n");
-	}
-
-	if (ret != BZ_OK)
-		LOGE(1, "Unable to init bzlib stream\n");
-
-	do {
-		strm.next_in = (char *) buf + pos;
-		if (pos + CHUNK >= size) {
-			strm.avail_in = size - pos;
-			action = BZ_FINISH;
-		} else {
-			strm.avail_in = CHUNK;
-			action = BZ_RUN;
-		}
-		pos += strm.avail_in;
-
-		do {
-			strm.avail_out = CHUNK;
-			strm.next_out = out;
-			switch(mode) {
-				case 0:
-					ret = BZ2_bzDecompress(&strm);
-					break;
-				case 1:
-					ret = BZ2_bzCompress(&strm, action);
-					break;
-			}
-
-			have = CHUNK - strm.avail_out;
-			write_file(fd, out, have, filename);
-
-		} while (strm.avail_out == 0);
-
-	} while(pos < size);
-
-	switch(mode) {
-		case 0:
-			BZ2_bzDecompressEnd(&strm);
-			break;
-		case 1:
-			BZ2_bzCompressEnd(&strm);
-			break;
-	}
-	close(fd);
-}
-
-// Mode: 0 = decode; 1 = encode
-void lz4_legacy(int mode, const char* filename, const unsigned char* buf, size_t size) {
-	size_t pos = 0;
-	int have;
-	char *out;
-	unsigned block_size, insize;
-	unsigned char block_size_le[4];
-
-
-	report(mode, filename);
-	int fd = open_new(filename);
-
-	switch(mode) {
-		case 0:
-			out = xmalloc(LZ4_LEGACY_BLOCKSIZE);
-			// Skip magic
-			pos += 4;
-			break;
-		case 1:
-			out = xmalloc(LZ4_COMPRESSBOUND(LZ4_LEGACY_BLOCKSIZE));
-			// Write magic
-			write_file(fd, "\x02\x21\x4c\x18", 4, filename);
-			break;
-		default:
-			LOGE(1, "Unsupported lz4_legacy mode!\n");
-	}
-
-	do {
-		switch(mode) {
-			case 0:
-				block_size = buf[pos];
-				block_size += (buf[pos + 1]<<8);
-				block_size += (buf[pos + 2]<<16);
-				block_size += ((unsigned)buf[pos + 3])<<24;
-				pos += 4;
-				if (block_size > LZ4_COMPRESSBOUND(LZ4_LEGACY_BLOCKSIZE))
-					LOGE(1, "lz4_legacy block size too large!\n");
-				have = LZ4_decompress_safe((const char*) (buf + pos), out, block_size, LZ4_LEGACY_BLOCKSIZE);
-				if (have < 0)
-					LOGE(1, "Cannot decode lz4_legacy block\n");
-				pos += block_size;
-				break;
-			case 1:
-				if (pos + LZ4_LEGACY_BLOCKSIZE >= size)
-					insize = size - pos;
-				else
-					insize = LZ4_LEGACY_BLOCKSIZE;
-				have = LZ4_compress_default((const char*) (buf + pos), out, insize, LZ4_COMPRESSBOUND(LZ4_LEGACY_BLOCKSIZE));
-				if (have == 0)
-					LOGE(1, "lz4_legacy compression error\n");
-				pos += insize;
-				block_size_le[0] = (unsigned char)have;
-				block_size_le[1] = (unsigned char)(have >> 8);
-				block_size_le[2] = (unsigned char)(have >> 16);
-				block_size_le[3] = (unsigned char)(have >> 24);
-				write_file(fd, block_size_le, 4, filename);
-				break;
-		}
-		// Write main data
-		write_file(fd, out, have, filename);
-	} while(pos < size);
-
-	free(out);
-	close(fd);
-}
-
-int decomp(file_t type, const char *to, const unsigned char *from, size_t size) {
-	switch (type) {
-		case GZIP:
-			gzip(0, to, from, size);
-			break;
-		case XZ:
-			lzma(0, to, from, size);
-			break;
-		case LZMA:
-			lzma(0, to, from, size);
-			break;
-		case BZIP2:
-			bzip2(0, to, from, size);
-			break;
-		case LZ4:
-			lz4(0, to, from, size);
-			break;
-		case LZ4_LEGACY:
-			lz4_legacy(0, to, from, size);
-			break;
-		default:
-			// Unsupported
-			return 1;
-	}
-	return 0;
-}
-
-// Output will be to.ext
-int comp(file_t type, const char *to, const unsigned char *from, size_t size) {
-	char name[PATH_MAX];
-	const char *ext = strrchr(to, '.');
-	if (ext == NULL) ext = to;
-	strcpy(name, to);
-	switch (type) {
-		case GZIP:
-			if (strcmp(ext, ".gz") != 0)
-				sprintf(name, "%s.%s", to, "gz");
-			gzip(1, name, from, size);
-			break;
-		case XZ:
-			if (strcmp(ext, ".xz") != 0)
-				sprintf(name, "%s.%s", to, "xz");
-			lzma(1, name, from, size);
-			break;
-		case LZMA:
-			if (strcmp(ext, ".lzma") != 0)
-				sprintf(name, "%s.%s", to, "lzma");
-			lzma(2, name, from, size);
-			break;
-		case BZIP2:
-			if (strcmp(ext, ".bz2") != 0)
-				sprintf(name, "%s.%s", to, "bz2");
-			bzip2(1, name, from, size);
-			break;
-		case LZ4:
-			if (strcmp(ext, ".lz4") != 0)
-				sprintf(name, "%s.%s", to, "lz4");
-			lz4(1, name, from, size);
-			break;
-		case LZ4_LEGACY:
-			if (strcmp(ext, ".lz4") != 0)
-				sprintf(name, "%s.%s", to, "lz4");
-			lz4_legacy(1, name, from, size);
-			break;
-		default:
-			// Unsupported
-			return 1;
-	}
-	return 0;
-}
-
-void decomp_file(char *from, const char *to) {
-	int ok = 1;
-	unsigned char *file;
-	size_t size;
-	mmap_ro(from, &file, &size);
-	file_t type = check_type(file);
-	char *ext;
-	ext = strrchr(from, '.');
-	if (ext == NULL)
-		LOGE(1, "Bad filename extention\n");
-
-	// File type and extension should match
-	switch (type) {
-		case GZIP:
-			if (strcmp(ext, ".gz") != 0)
-				ok = 0;
-			break;
-		case XZ:
-			if (strcmp(ext, ".xz") != 0)
-				ok = 0;
-			break;
-		case LZMA:
-			if (strcmp(ext, ".lzma") != 0)
-				ok = 0;
-			break;
-		case BZIP2:
-			if (strcmp(ext, ".bz2") != 0)
-				ok = 0;
-			break;
-		case LZ4_LEGACY:
-		case LZ4:
-			if (strcmp(ext, ".lz4") != 0)
-				ok = 0;
-			break;
-		default:
-			LOGE(1, "Provided file \'%s\' is not a supported archive format\n", from);
-	}
-	if (ok) {
-		// If all match, strip out the suffix
-		if (!to) {
-			*ext = '\0';
-			to = from;
-		}
-		decomp(type, to, file, size);
-		if (to == from) {
-			*ext = '.';
-			unlink(from);
-		}
-	} else {
-		LOGE(1, "Bad filename extention \'%s\'\n", ext);
-	}
-	munmap(file, size);
-}
-
-void comp_file(const char *method, const char *from, const char *to) {
-	file_t type;
-	if (strcmp(method, "gzip") == 0) {
-		type = GZIP;
-	} else if (strcmp(method, "xz") == 0) {
-		type = XZ;
-	} else if (strcmp(method, "lzma") == 0) {
-		type = LZMA;
-	} else if (strcmp(method, "lz4") == 0) {
-		type = LZ4;
-	} else if (strcmp(method, "lz4_legacy") == 0) {
-		type = LZ4_LEGACY;
-	} else if (strcmp(method, "bzip2") == 0) {
-		type = BZIP2;
-	} else {
-		fprintf(stderr, "Only support following methods: ");
-		for (int i = 0; SUP_LIST[i]; ++i)
-			fprintf(stderr, "%s ", SUP_LIST[i]);
-		fprintf(stderr, "\n");
-		exit(1);
-	}
-	unsigned char *file;
-	size_t size;
-	mmap_ro(from, &file, &size);
-	if (!to)
-		to = from;
-	comp(type, to, file, size);
-	munmap(file, size);
-	if (to == from)
-		unlink(from);
-}
-
--- a/jni/magiskboot/cpio.c
+++ b/jni/magiskboot/cpio.c
@@ -1,559 +0,0 @@
-#include "magiskboot.h"
-#include "cpio.h"
-#include "vector.h"
-#include "list.h"
-
-static uint32_t x8u(char *hex) {
-  uint32_t val, inpos = 8, outpos;
-  char pattern[6];
-
-  while (*hex == '0') {
-    hex++;
-    if (!--inpos) return 0;
-  }
-  // Because scanf gratuitously treats %*X differently than printf does.
-  sprintf(pattern, "%%%dx%%n", inpos);
-  sscanf(hex, pattern, &val, &outpos);
-  if (inpos != outpos) LOGE(1, "bad cpio header\n");
-
-  return val;
-}
-
-static void cpio_free(cpio_file *f) {
-	if (f) {
-		free(f->filename);
-		free(f->data);
-		free(f);
-	}
-}
-
-static void cpio_vec_insert(struct vector *v, cpio_file *n) {
-	cpio_file *f, *t;
-	int shift = 0;
-	// Insert in alphabet order
-	vec_for_each(v, f) {
-		if (shift) {
-			vec_entry(v)[_] = t;
-			t = f;
-			continue;
-		}
-		t = f;
-		if (strcmp(f->filename, n->filename) == 0) {
-			// Replace, then all is done
-			cpio_free(f);
-			vec_entry(v)[_] = n;
-			return;
-		} else if (strcmp(f->filename, n->filename) > 0) {
-			// Insert, then start shifting
-			vec_entry(v)[_] = n;
-			t = f;
-			shift = 1;
-		}
-	}
-	if (shift)
-		vec_push_back(v, t);
-	else
-		vec_push_back(v, n);
-}
-
-static int cpio_compare(const void *a, const void *b) {
-	return strcmp((*(cpio_file **) a)->filename, (*(cpio_file **) b)->filename);
-}
-
-// Parse cpio file to a vector of cpio_file
-static void parse_cpio(const char *filename, struct vector *v) {
-	fprintf(stderr, "Loading cpio: [%s]\n\n", filename);
-	int fd = xopen(filename, O_RDONLY);
-	cpio_newc_header header;
-	cpio_file *f;
-	while(read(fd, &header, 110) == 110) {
-		f = xcalloc(sizeof(*f), 1);
-		// f->ino = x8u(header.ino);
-		f->mode = x8u(header.mode);
-		f->uid = x8u(header.uid);
-		f->gid = x8u(header.gid);
-		// f->nlink = x8u(header.nlink);
-		// f->mtime = x8u(header.mtime);
-		f->filesize = x8u(header.filesize);
-		// f->devmajor = x8u(header.devmajor);
-		// f->devminor = x8u(header.devminor);
-		// f->rdevmajor = x8u(header.rdevmajor);
-		// f->rdevminor = x8u(header.rdevminor);
-		f->namesize = x8u(header.namesize);
-		// f->check = x8u(header.check);
-		f->filename = malloc(f->namesize);
-		xxread(fd, f->filename, f->namesize);
-		file_align(fd, 4, 0);
-		if (strcmp(f->filename, ".") == 0 || strcmp(f->filename, "..") == 0) {
-			cpio_free(f);
-			continue;
-		}
-		if (strcmp(f->filename, "TRAILER!!!") == 0) {
-			cpio_free(f);
-			break;
-		}
-		if (f->filesize) {
-			f->data = malloc(f->filesize);
-			xxread(fd, f->data, f->filesize);
-			file_align(fd, 4, 0);
-		}
-		vec_push_back(v, f);
-	}
-	close(fd);
-	// Sort by name
-	vec_sort(v, cpio_compare);
-}
-
-static void dump_cpio(const char *filename, struct vector *v) {
-	fprintf(stderr, "\nDump cpio: [%s]\n\n", filename);
-	int fd = open_new(filename);
-	unsigned inode = 300000;
-	char header[111];
-	cpio_file *f;
-	vec_for_each(v, f) {
-		if (f->remove) continue;
-		sprintf(header, "070701%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x",
-			inode++,	// f->ino
-			f->mode,
-			f->uid,
-			f->gid,
-			1,			// f->nlink
-			0,			// f->mtime
-			f->filesize,
-			0,			// f->devmajor
-			0,			// f->devminor
-			0,			// f->rdevmajor
-			0,			// f->rdevminor
-			f->namesize,
-			0			// f->check
-		);
-		xwrite(fd, header, 110);
-		xwrite(fd, f->filename, f->namesize);
-		file_align(fd, 4, 1);
-		if (f->filesize) {
-			xwrite(fd, f->data, f->filesize);
-			file_align(fd, 4, 1);
-		}
-	}
-	// Write trailer
-	sprintf(header, "070701%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x", inode++, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 11, 0);
-	xwrite(fd, header, 110);
-	xwrite(fd, "TRAILER!!!\0", 11);
-	file_align(fd, 4, 1);
-	close(fd);
-}
-
-static void cpio_vec_destroy(struct vector *v) {
-	// Free each cpio_file
-	cpio_file *f;
-	vec_for_each(v, f) {
-		cpio_free(f);
-	}
-	vec_destroy(v);
-}
-
-static void cpio_rm(int recursive, const char *entry, struct vector *v) {
-	cpio_file *f;
-	vec_for_each(v, f) {
-		if ((recursive && strncmp(f->filename, entry, strlen(entry)) == 0)
-			|| (strcmp(f->filename, entry) == 0) ) {
-			if (!f->remove) {
-				fprintf(stderr, "Remove [%s]\n", entry);
-				f->remove = 1;
-			}
-			if (!recursive) return;
-		}
-	}
-}
-
-static void cpio_mkdir(mode_t mode, const char *entry, struct vector *v) {
-	cpio_file *f = xcalloc(sizeof(*f), 1);
-	f->mode = S_IFDIR | mode;
-	f->namesize = strlen(entry) + 1;
-	f->filename = xmalloc(f->namesize);
-	memcpy(f->filename, entry, f->namesize);
-	cpio_vec_insert(v, f);
-	fprintf(stderr, "Create directory [%s] (%04o)\n",entry, mode);
-}
-
-static void cpio_add(mode_t mode, const char *entry, const char *filename, struct vector *v) {
-	int fd = xopen(filename, O_RDONLY);
-	cpio_file *f = xcalloc(sizeof(*f), 1);
-	f->mode = S_IFREG | mode;
-	f->namesize = strlen(entry) + 1;
-	f->filename = xmalloc(f->namesize);
-	memcpy(f->filename, entry, f->namesize);
-	f->filesize = lseek(fd, 0, SEEK_END);
-	lseek(fd, 0, SEEK_SET);
-	f->data = malloc(f->filesize);
-	xxread(fd, f->data, f->filesize);
-	close(fd);
-	cpio_vec_insert(v, f);
-	fprintf(stderr, "Add entry [%s] (%04o)\n", entry, mode);
-}
-
-static void cpio_test(struct vector *v) {
-	#define MAGISK_PATCH  0x1
-	#define OTHER_PATCH 0x2
-	int ret = 0;
-	cpio_file *f;
-	const char *OTHER_LIST[] = { "sbin/launch_daemonsu.sh", "sbin/su", "init.xposed.rc", "init.supersu.rc", NULL };
-	vec_for_each(v, f) {
-		for (int i = 0; OTHER_LIST[i]; ++i) {
-			if (strcmp(f->filename, OTHER_LIST[i]) == 0)
-				ret |= OTHER_PATCH;
-		}
-		if (strcmp(f->filename, "init.magisk.rc") == 0)
-			ret |= MAGISK_PATCH;
-	}
-	cpio_vec_destroy(v);
-	exit((ret & OTHER_PATCH) ? OTHER_PATCH : (ret & MAGISK_PATCH));
-}
-
-static int check_verity_pattern(const char *s) {
-	int pos = 0;
-	if (s[0] == ',') ++pos;
-	if (strncmp(s + pos, "verify", 6) != 0) return -1;
-	pos += 6;
-	if (s[pos] == '=') {
-		while (s[pos] != ' ' && s[pos] != '\n' && s[pos] != ',') ++pos;
-	}
-	return pos;
-}
-
-static struct list_head *block_to_list(char *data) {
-	struct list_head *head = xmalloc(sizeof(*head));
-	line_list *line;
-	init_list_head(head);
-	char *tok;
-	tok = strsep(&data, "\n");
-	while (tok) {
-		line = xcalloc(sizeof(*line), 1);
-		line->line = tok;
-		list_insert_end(head, &line->pos);
-		tok = strsep(&data, "\n");
-	}
-	return head;
-}
-
-static char *list_to_block(struct list_head *head, uint32_t filesize) {
-	line_list *line;
-	char *data = xmalloc(filesize);
-	uint32_t off = 0;
-	list_for_each(line, head, line_list, pos) {
-		strcpy(data + off, line->line);
-		off += strlen(line->line);
-		data[off++] = '\n';
-	}
-	return data;
-}
-
-static void free_newline(line_list *line) {
-	if (line->isNew)
-		free(line->line);
-}
-
-static void cpio_patch(struct vector *v, int keepverity, int keepforceencrypt) {
-	struct list_head *head;
-	line_list *line;
-	cpio_file *f;
-	int skip, injected = 0;
-	size_t read, write;
-	const char *ENCRYPT_LIST[] = { "forceencrypt", "forcefdeorfbe", "fileencryptioninline", NULL };
-	vec_for_each(v, f) {
-		if (strcmp(f->filename, "init.rc") == 0) {
-			head = block_to_list(f->data);
-			list_for_each(line, head, line_list, pos) {
-				if (strstr(line->line, "import")) {
-					if (strstr(line->line, "init.magisk.rc"))
-						injected = 1;
-					if (injected)
-						continue;
-					// Inject magisk script as import
-					fprintf(stderr, "Inject new line [import /init.magisk.rc] in [init.rc]\n");
-					line = xcalloc(sizeof(*line), 1);
-					line->line = strdup("import /init.magisk.rc");
-					line->isNew = 1;
-					f->filesize += 23;
-					list_insert(__->prev, &line->pos);
-					injected = 1;
-				} else if (strstr(line->line, "selinux.reload_policy")) {
-					// Remove this line
-					fprintf(stderr, "Remove line [%s] in [init.rc]\n", line->line);
-					f->filesize -= strlen(line->line) + 1;
-					__ = list_pop(&line->pos);
-					free(line);
-				}
-			}
-			char *temp = list_to_block(head, f->filesize);
-			free(f->data);
-			f->data = temp;
-			list_destory(head, list_head, pos, free_newline);
-			free(head);
-		} else {
-			if (!keepverity) {
-				if (strstr(f->filename, "fstab") != NULL && S_ISREG(f->mode)) {
-					for (read = 0, write = 0; read < f->filesize; ++read, ++write) {
-						skip = check_verity_pattern(f->data + read);
-						if (skip > 0) {
-							fprintf(stderr, "Remove pattern [%.*s] in [%s]\n", skip, f->data + read, f->filename);
-							read += skip;
-						}
-						f->data[write] = f->data[read];
-					}
-					f->filesize = write;
-				} else if (strcmp(f->filename, "verity_key") == 0) {
-					fprintf(stderr, "Remove [verity_key]\n");
-					f->remove = 1;
-				}
-			}
-			if (!keepforceencrypt) {
-				if (strstr(f->filename, "fstab") != NULL && S_ISREG(f->mode)) {
-					for (read = 0, write = 0; read < f->filesize; ++read, ++write) {
-						for (int i = 0 ; ENCRYPT_LIST[i]; ++i) {
-							if (strncmp(f->data + read, ENCRYPT_LIST[i], strlen(ENCRYPT_LIST[i])) == 0) {
-								memcpy(f->data + write, "encryptable", 11);
-								fprintf(stderr, "Replace [%s] with [%s] in [%s]\n", ENCRYPT_LIST[i], "encryptable", f->filename);
-								write += 11;
-								read += strlen(ENCRYPT_LIST[i]);
-								break;
-							}
-						}
-						f->data[write] = f->data[read];
-					}
-					f->filesize = write;
-				}
-			}
-		}
-	}
-}
-
-static void cpio_extract(const char *entry, const char *filename, struct vector *v) {
-	cpio_file *f;
-	vec_for_each(v, f) {
-		if (strcmp(f->filename, entry) == 0 && S_ISREG(f->mode)) {
-			fprintf(stderr, "Extracting [%s] to [%s]\n\n", entry, filename);
-			int fd = open_new(filename);
-			xwrite(fd, f->data, f->filesize);
-			fchmod(fd, f->mode);
-			fchown(fd, f->uid, f->gid);
-			close(fd);
-			exit(0);
-		}
-	}
-	LOGE(1, "Cannot find the file entry [%s]\n", entry);
-}
-
-static void cpio_backup(const char *orig, struct vector *v) {
-	struct vector o_body, *o = &o_body, bak;
-	cpio_file *m, *n, *dir, *rem;
-	char buf[PATH_MAX];
-	int res, doBak;
-
-	dir = xcalloc(sizeof(*dir), 1);
-	rem = xcalloc(sizeof(*rem), 1);
-	vec_init(o);
-	vec_init(&bak);
-	// First push back the directory and the rmlist
-	vec_push_back(&bak, dir);
-	vec_push_back(&bak, rem);
-	parse_cpio(orig, o);
-	// Remove possible backups in original ramdisk
-	cpio_rm(1, ".backup", o);
-	cpio_rm(1, ".backup", v);
-
-	// Init the directory and rmlist
-	dir->filename = strdup(".backup");
-	dir->namesize = strlen(dir->filename) + 1;
-	dir->mode = S_IFDIR;
-	rem->filename = strdup(".backup/.rmlist");
-	rem->namesize = strlen(rem->filename) + 1;
-	rem->mode = S_IFREG;
-
-	// Start comparing
-	size_t i = 0, j = 0;
-	while(i != vec_size(o) || j != vec_size(v)) {
-		doBak = 0;
-		if (i != vec_size(o) && j != vec_size(v)) {
-			m = vec_entry(o)[i];
-			n = vec_entry(v)[j];
-			res = strcmp(m->filename, n->filename);
-		} else if (i == vec_size(o)) {
-			n = vec_entry(v)[j];
-			res = 1;
-		} else if (j == vec_size(v)) {
-			m = vec_entry(o)[i];
-			res = -1;
-		}
-
-		if (res < 0) {
-			// Something is missing in new ramdisk, backup!
-			++i;
-			doBak = 1;
-			fprintf(stderr, "Backup missing entry: ");
-		} else if (res == 0) {
-			++i; ++j;
-			if (m->filesize == n->filesize && memcmp(m->data, n->data, m->filesize) == 0)
-				continue;
-			// Not the same!
-			doBak = 1;
-			fprintf(stderr, "Backup mismatch entry: ");
-		} else {
-			// Someting new in ramdisk, record in rem
-			++j;
-			if (n->remove) continue;
-			rem->data = xrealloc(rem->data, rem->filesize + n->namesize);
-			memcpy(rem->data + rem->filesize, n->filename, n->namesize);
-			rem->filesize += n->namesize;
-			fprintf(stderr, "Record new entry: [%s] -> [.backup/.rmlist]\n", n->filename);
-		}
-		if (doBak) {
-			m->namesize += 8;
-			m->filename = realloc(m->filename, m->namesize);
-			strcpy(buf, m->filename);
-			sprintf(m->filename, ".backup/%s", buf);
-			fprintf(stderr, "[%s] -> [%s]\n", buf, m->filename);
-			vec_push_back(&bak, m);
-			// NULL the original entry, so it won't be freed
-			vec_entry(o)[i - 1] = NULL;
-		}
-	}
-
-	// Add the backup files to the original ramdisk
-	vec_for_each(&bak, m) {
-		vec_push_back(v, m);
-	}
-
-	// Don't include if empty
-	if (rem->filesize == 0) {
-		rem->remove = 1;
-		if (bak.size == 2)
-			dir->remove = 1;
-	}
-
-	// Sort
-	vec_sort(v, cpio_compare);
-
-	// Cleanup
-	cpio_vec_destroy(o);
-}
-
-static int cpio_restore(struct vector *v) {
-	cpio_file *f, *n;
-	int ret = 1;
-	vec_for_each(v, f) {
-		if (strstr(f->filename, ".backup") != NULL) {
-			ret = 0;
-			f->remove = 1;
-			if (strcmp(f->filename, ".backup") == 0) continue;
-			if (strcmp(f->filename, ".backup/.rmlist") == 0) {
-				for (int pos = 0; pos < f->filesize; pos += strlen(f->data + pos) + 1)
-					cpio_rm(0, f->data + pos, v);
-				continue;
-			}
-			n = xcalloc(sizeof(*n), 1);
-			memcpy(n, f, sizeof(*f));
-			n->namesize -= 8;
-			n->filename = xmalloc(n->namesize);
-			memcpy(n->filename, f->filename + 8, n->namesize);
-			n->data = xmalloc(n->filesize);
-			memcpy(n->data, f->data, n->filesize);
-			n->remove = 0;
-			fprintf(stderr, "Restoring [%s] -> [%s]\n", f->filename, n->filename);
-			cpio_vec_insert(v, n);
-		}
-	}
-	// Some known stuff we can remove
-	cpio_rm(0, "sbin/magic_mask.sh", v);
-	cpio_rm(0, "init.magisk.rc", v);
-	cpio_rm(0, "magisk", v);
-	return ret;
-}
-
-static void cpio_stocksha1(struct vector *v) {
-	cpio_file *f;
-	char sha1[41];
-	vec_for_each(v, f) {
-		if (strcmp(f->filename, "init.magisk.rc") == 0) {
-			for (char *pos = f->data; pos < f->data + f->filesize; pos = strchr(pos + 1, '\n') + 1) {
-				if (memcmp(pos, "# STOCKSHA1=", 12) == 0) {
-					pos += 12;
-					memcpy(sha1, pos, 40);
-					sha1[40] = '\0';
-					printf("%s\n", sha1);
-					return;
-				}
-			}
-		}
-	}
-}
-
-int cpio_commands(const char *command, int argc, char *argv[]) {
-	int recursive = 0, ret = 0;
-	command_t cmd;
-	char *incpio = argv[0];
-	++argv;
-	--argc;
-	if (strcmp(command, "test") == 0) {
-		cmd = TEST;
-	} else if (strcmp(command, "restore") == 0) {
-		cmd = RESTORE;
-	} else if (strcmp(command, "stocksha1") == 0) {
-		cmd = STOCKSHA1;
-	} else if (argc == 1 && strcmp(command, "backup") == 0) {
-		cmd = BACKUP;
-	} else if (argc > 0 && strcmp(command, "rm") == 0) {
-		cmd = RM;
-		if (argc == 2 && strcmp(argv[0], "-r") == 0) {
-			recursive = 1;
-			++argv;
-			--argc;
-		}
-	} else if (argc == 2 && strcmp(command, "patch") == 0) {
-		cmd = PATCH;
-	} else if (argc == 2 && strcmp(command, "extract") == 0) {
-		cmd = EXTRACT;
-	} else if (argc == 2 && strcmp(command, "mkdir") == 0) {
-		cmd = MKDIR;
-	} else if (argc == 3 && strcmp(command, "add") == 0) {
-		cmd = ADD;
-	} else {
-		cmd = NONE;
-	}
-	struct vector v;
-	vec_init(&v);
-	parse_cpio(incpio, &v);
-	switch(cmd) {
-	case TEST:
-		cpio_test(&v);
-		break;
-	case RESTORE:
-		ret = cpio_restore(&v);
-		break;
-	case STOCKSHA1:
-		cpio_stocksha1(&v);
-		return 0;
-	case BACKUP:
-		cpio_backup(argv[0], &v);
-	case RM:
-		cpio_rm(recursive, argv[0], &v);
-		break;
-	case PATCH:
-		cpio_patch(&v, strcmp(argv[0], "true") == 0, strcmp(argv[1], "true") == 0);
-		break;
-	case EXTRACT:
-		cpio_extract(argv[0], argv[1], &v);
-		break;
-	case MKDIR:
-		cpio_mkdir(strtoul(argv[0], NULL, 8), argv[1], &v);
-		break;
-	case ADD:
-		cpio_add(strtoul(argv[0], NULL, 8), argv[1], argv[2], &v);
-		break;
-	case NONE:
-		return 1;
-	}
-	dump_cpio(incpio, &v);
-	cpio_vec_destroy(&v);
-	exit(ret);
-}
--- a/jni/magiskboot/cpio.h
+++ b/jni/magiskboot/cpio.h
@@ -1,50 +0,0 @@
-#ifndef _CPIO_H_
-#define _CPIO_H_
-
-#include <stdint.h>
-
-#include "list.h"
-
-typedef struct cpio_file {
-	// uint32_t ino;
-	uint32_t mode;
-	uint32_t uid;
-	uint32_t gid;
-	// uint32_t nlink;
-	// uint32_t mtime;
-	uint32_t filesize;
-	// uint32_t devmajor;
-	// uint32_t devminor;
-	// uint32_t rdevmajor;
-	// uint32_t rdevminor;
-	uint32_t namesize;
-	// uint32_t check;
-	char *filename;
-	char *data;
-	int remove;
-} cpio_file;
-
-typedef struct line_list {
-    char *line;
-    int isNew;
-    struct list_head pos;
-} line_list;
-
-typedef struct cpio_newc_header {
-	char magic[6];
-	char ino[8];
-	char mode[8];
-	char uid[8];
-	char gid[8];
-	char nlink[8];
-	char mtime[8];
-	char filesize[8];
-	char devmajor[8];
-	char devminor[8];
-	char rdevmajor[8];
-	char rdevminor[8];
-	char namesize[8];
-	char check[8];
-} cpio_newc_header;
-
-#endif
--- a/jni/magiskboot/magisk.h
+++ b/jni/magiskboot/magisk.h
@@ -1,10 +0,0 @@
-/* magisk.h - Let MagiskBoot use the same error handling API as main magisk program
- */
-
-#ifndef _MAGISK_H_
-#define _MAGISK_H_
-
-#define LOGE(err, ...) { fprintf(stderr, __VA_ARGS__); exit(err); }
-#define PLOGE(fmt, args...) { fprintf(stderr, fmt " failed with %d: %s\n\n", ##args, errno, strerror(errno)); exit(1); }
-
-#endif
--- a/jni/magiskboot/magiskboot.h
+++ b/jni/magiskboot/magiskboot.h
@@ -1,94 +0,0 @@
-#ifndef _MAGISKBOOT_H_
-#define _MAGISKBOOT_H_
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <unistd.h>
-#include <ctype.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/mman.h>
-#include <fcntl.h>
-#include <string.h>
-
-#include "bootimg.h"
-#include "sha1.h"
-#include "magisk.h"
-#include "utils.h"
-
-#define CHROMEOS_MAGIC  "CHROMEOS"
-#define ELF32_MAGIC     "\x7f""ELF\x01"
-#define ELF64_MAGIC     "\x7f""ELF\x02"
-
-#define KERNEL_FILE     "kernel"
-#define RAMDISK_FILE    "ramdisk.cpio"
-#define SECOND_FILE     "second"
-#define DTB_FILE        "dtb"
-#define NEW_BOOT        "new-boot.img"
-
-#define str(a) #a
-#define xstr(a) str(a)
-
-typedef enum {
-    UNKNOWN,
-    CHROMEOS,
-    AOSP,
-    ELF32,
-    ELF64,
-    GZIP,
-    LZOP,
-    XZ,
-    LZMA,
-    BZIP2,
-    LZ4,
-    LZ4_LEGACY,
-    MTK
-} file_t;
-
-typedef enum {
-    NONE,
-    RM,
-    MKDIR,
-    ADD,
-    EXTRACT,
-    TEST,
-    PATCH,
-    BACKUP,
-    RESTORE,
-    STOCKSHA1
-} command_t;
-
-extern char *SUP_LIST[];
-extern char *SUP_EXT_LIST[];
-extern file_t SUP_TYPE_LIST[];
-
-// Main entries
-void unpack(const char *image);
-void repack(const char* orig_image, const char* out_image);
-void hexpatch(const char *image, const char *from, const char *to);
-int parse_img(unsigned char *orig, size_t size);
-int cpio_commands(const char *command, int argc, char *argv[]);
-void cleanup();
-
-// Compressions
-void gzip(int mode, const char* filename, const unsigned char* buf, size_t size);
-void lzma(int mode, const char* filename, const unsigned char* buf, size_t size);
-void lz4(int mode, const char* filename, const unsigned char* buf, size_t size);
-void bzip2(int mode, const char* filename, const unsigned char* buf, size_t size);
-void lz4_legacy(int mode, const char* filename, const unsigned char* buf, size_t size);
-int comp(file_t type, const char *to, const unsigned char *from, size_t size);
-void comp_file(const char *method, const char *from, const char *to);
-int decomp(file_t type, const char *to, const unsigned char *from, size_t size);
-void decomp_file(char *from, const char *to);
-
-// Utils
-void mmap_ro(const char *filename, unsigned char **buf, size_t *size);
-void mmap_rw(const char *filename, unsigned char **buf, size_t *size);
-file_t check_type(const unsigned char *buf);
-void write_zero(int fd, size_t size);
-void mem_align(size_t *pos, size_t align);
-void file_align(int fd, size_t align, int out);
-int open_new(const char *filename);
-
-#endif
--- a/jni/magiskboot/main.c
+++ b/jni/magiskboot/main.c
@@ -1,100 +0,0 @@
-#include "magiskboot.h"
-
-/********************
-  Patch Boot Image
-*********************/
-
-static void usage(char *arg0) {
-	fprintf(stderr,
-		"%s --unpack <bootimg>\n"
-		"  Unpack <bootimg> to kernel, ramdisk.cpio, (second), (dtb) into the\n  current directory\n"
-		"\n"
-		"%s --repack <origbootimg> [outbootimg]\n"
-		"  Repack kernel, ramdisk.cpio[.ext], second, dtb... from current directory\n"
-		"  to [outbootimg], or new-boot.img if not specified.\n"
-		"  It will compress ramdisk.cpio with the same method used in <origbootimg>\n"
-		"  if exists, or attempt to find ramdisk.cpio.[ext], and repack\n"
-		"  directly with the compressed ramdisk file\n"
-		"\n"
-		"%s --hexpatch <file> <hexpattern1> <hexpattern2>\n"
-		"  Search <hexpattern1> in <file>, and replace with <hexpattern2>\n"
-		"\n"
-		"%s --cpio-<cmd> <incpio> [flags...] [params...]\n"
-		"  Do cpio related cmds to <incpio> (modifications are done directly)\n  Supported commands and params:\n"
-		"    -rm [-r] <entry>\n      Remove entry from <incpio>, flag -r to remove recursively\n"
-		"    -mkdir <mode> <entry>\n      Create directory as an <entry>\n"
-		"    -add <mode> <entry> <infile>\n      Add <infile> as an <entry>; replaces <entry> if already exists\n"
-		"    -extract <entry> <outfile>\n      Extract <entry> to <outfile>\n"
-		"    -test \n      Return value: 0/not patched 1/Magisk 2/Other (e.g. phh, SuperSU)\n"
-		"    -patch <KEEPVERITY> <KEEPFORCEENCRYPT>\n      Patch cpio for Magisk. KEEP**** are true/false values\n"
-		"    -backup <origcpio>\n      Create ramdisk backups into <incpio> from <origcpio>\n"
-		"    -restore\n      Restore ramdisk from ramdisk backup within <incpio>\n"
-		"    -stocksha1\n      Get stock boot SHA1 recorded within <incpio>\n"
-		"\n"
-		"%s --compress[=method] <infile> [outfile]\n"
-		"  Compress <infile> with [method] (default: gzip), optionally to [outfile]\n  Supported methods: "
-	, arg0, arg0, arg0, arg0, arg0);
-	for (int i = 0; SUP_LIST[i]; ++i)
-		fprintf(stderr, "%s ", SUP_LIST[i]);
-	fprintf(stderr,
-		"\n"
-		"\n"
-		"%s --decompress <infile> [outfile]\n"
-		"  Detect method and decompress <infile>, optionally to [outfile]\n  Supported methods: "
-	, arg0);
-	for (int i = 0; SUP_LIST[i]; ++i)
-		fprintf(stderr, "%s ", SUP_LIST[i]);
-	fprintf(stderr,
-		"\n"
-		"\n"
-		"%s --sha1 <file>\n"
-		"  Print the SHA1 checksum for <file>\n"
-		"\n"
-		"%s --cleanup\n"
-		"  Cleanup the current working directory\n"
-		"\n"
-	, arg0, arg0);
-
-	exit(1);
-}
-
-int main(int argc, char *argv[]) {
-	fprintf(stderr, "MagiskBoot v" xstr(MAGISK_VERSION) "(" xstr(MAGISK_VER_CODE) ") (by topjohnwu) - Boot Image Modification Tool\n\n");
-
-	if (argc > 1 && strcmp(argv[1], "--cleanup") == 0) {
-		cleanup();
-	} else if (argc > 2 && strcmp(argv[1], "--sha1") == 0) {
-		char sha1[21], *buf;
-		size_t size;
-		mmap_ro(argv[2], (unsigned char **) &buf, &size);
-		SHA1(sha1, buf, size);
-		for (int i = 0; i < 20; ++i)
-			printf("%02x", sha1[i]);
-		printf("\n");
-		munmap(buf, size);
-	} else if (argc > 2 && strcmp(argv[1], "--unpack") == 0) {
-		unpack(argv[2]);
-	} else if (argc > 2 && strcmp(argv[1], "--repack") == 0) {
-		repack(argv[2], argc > 3 ? argv[3] : NEW_BOOT);
-	} else if (argc > 2 && strcmp(argv[1], "--decompress") == 0) {
-		decomp_file(argv[2], argc > 3 ? argv[3] : NULL);
-	} else if (argc > 2 && strncmp(argv[1], "--compress", 10) == 0) {
-		char *method;
-		method = strchr(argv[1], '=');
-		if (method == NULL) method = "gzip";
-		else method++;
-		comp_file(method, argv[2], argc > 3 ? argv[3] : NULL);
-	} else if (argc > 4 && strcmp(argv[1], "--hexpatch") == 0) {
-		hexpatch(argv[2], argv[3], argv[4]);
-	} else if (argc > 2 && strncmp(argv[1], "--cpio", 6) == 0) {
-		char *command;
-		command = strchr(argv[1] + 2, '-');
-		if (command == NULL) usage(argv[0]);
-		else ++command;
-		if (cpio_commands(command, argc - 2, argv + 2)) usage(argv[0]);
-	} else {
-		usage(argv[0]);
-	}
-
-	return 0;
-}
--- a/jni/magiskboot/sha1.c
+++ b/jni/magiskboot/sha1.c
@@ -1,295 +0,0 @@
-/*
-SHA-1 in C
-By Steve Reid <steve@edmweb.com>
-100% Public Domain
-
-Test Vectors (from FIPS PUB 180-1)
-"abc"
-  A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
-"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
-  84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
-A million repetitions of "a"
-  34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
-*/
-
-/* #define LITTLE_ENDIAN * This should be #define'd already, if true. */
-/* #define SHA1HANDSOFF * Copies data before messing with it. */
-
-#define SHA1HANDSOFF
-
-#include <stdio.h>
-#include <string.h>
-
-/* for uint32_t */
-#include <stdint.h>
-
-#include "sha1.h"
-
-
-#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
-
-/* blk0() and blk() perform the initial expand. */
-/* I got the idea of expanding during the round function from SSLeay */
-#if BYTE_ORDER == LITTLE_ENDIAN
-#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \
-    |(rol(block->l[i],8)&0x00FF00FF))
-#elif BYTE_ORDER == BIG_ENDIAN
-#define blk0(i) block->l[i]
-#else
-#error "Endianness not defined!"
-#endif
-#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
-    ^block->l[(i+2)&15]^block->l[i&15],1))
-
-/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
-#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
-#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
-#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
-#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
-#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
-
-
-/* Hash a single 512-bit block. This is the core of the algorithm. */
-
-void SHA1Transform(
-    uint32_t state[5],
-    const unsigned char buffer[64]
-)
-{
-    uint32_t a, b, c, d, e;
-
-    typedef union
-    {
-        unsigned char c[64];
-        uint32_t l[16];
-    } CHAR64LONG16;
-
-#ifdef SHA1HANDSOFF
-    CHAR64LONG16 block[1];      /* use array to appear as a pointer */
-
-    memcpy(block, buffer, 64);
-#else
-    /* The following had better never be used because it causes the
-     * pointer-to-const buffer to be cast into a pointer to non-const.
-     * And the result is written through.  I threw a "const" in, hoping
-     * this will cause a diagnostic.
-     */
-    CHAR64LONG16 *block = (const CHAR64LONG16 *) buffer;
-#endif
-    /* Copy context->state[] to working vars */
-    a = state[0];
-    b = state[1];
-    c = state[2];
-    d = state[3];
-    e = state[4];
-    /* 4 rounds of 20 operations each. Loop unrolled. */
-    R0(a, b, c, d, e, 0);
-    R0(e, a, b, c, d, 1);
-    R0(d, e, a, b, c, 2);
-    R0(c, d, e, a, b, 3);
-    R0(b, c, d, e, a, 4);
-    R0(a, b, c, d, e, 5);
-    R0(e, a, b, c, d, 6);
-    R0(d, e, a, b, c, 7);
-    R0(c, d, e, a, b, 8);
-    R0(b, c, d, e, a, 9);
-    R0(a, b, c, d, e, 10);
-    R0(e, a, b, c, d, 11);
-    R0(d, e, a, b, c, 12);
-    R0(c, d, e, a, b, 13);
-    R0(b, c, d, e, a, 14);
-    R0(a, b, c, d, e, 15);
-    R1(e, a, b, c, d, 16);
-    R1(d, e, a, b, c, 17);
-    R1(c, d, e, a, b, 18);
-    R1(b, c, d, e, a, 19);
-    R2(a, b, c, d, e, 20);
-    R2(e, a, b, c, d, 21);
-    R2(d, e, a, b, c, 22);
-    R2(c, d, e, a, b, 23);
-    R2(b, c, d, e, a, 24);
-    R2(a, b, c, d, e, 25);
-    R2(e, a, b, c, d, 26);
-    R2(d, e, a, b, c, 27);
-    R2(c, d, e, a, b, 28);
-    R2(b, c, d, e, a, 29);
-    R2(a, b, c, d, e, 30);
-    R2(e, a, b, c, d, 31);
-    R2(d, e, a, b, c, 32);
-    R2(c, d, e, a, b, 33);
-    R2(b, c, d, e, a, 34);
-    R2(a, b, c, d, e, 35);
-    R2(e, a, b, c, d, 36);
-    R2(d, e, a, b, c, 37);
-    R2(c, d, e, a, b, 38);
-    R2(b, c, d, e, a, 39);
-    R3(a, b, c, d, e, 40);
-    R3(e, a, b, c, d, 41);
-    R3(d, e, a, b, c, 42);
-    R3(c, d, e, a, b, 43);
-    R3(b, c, d, e, a, 44);
-    R3(a, b, c, d, e, 45);
-    R3(e, a, b, c, d, 46);
-    R3(d, e, a, b, c, 47);
-    R3(c, d, e, a, b, 48);
-    R3(b, c, d, e, a, 49);
-    R3(a, b, c, d, e, 50);
-    R3(e, a, b, c, d, 51);
-    R3(d, e, a, b, c, 52);
-    R3(c, d, e, a, b, 53);
-    R3(b, c, d, e, a, 54);
-    R3(a, b, c, d, e, 55);
-    R3(e, a, b, c, d, 56);
-    R3(d, e, a, b, c, 57);
-    R3(c, d, e, a, b, 58);
-    R3(b, c, d, e, a, 59);
-    R4(a, b, c, d, e, 60);
-    R4(e, a, b, c, d, 61);
-    R4(d, e, a, b, c, 62);
-    R4(c, d, e, a, b, 63);
-    R4(b, c, d, e, a, 64);
-    R4(a, b, c, d, e, 65);
-    R4(e, a, b, c, d, 66);
-    R4(d, e, a, b, c, 67);
-    R4(c, d, e, a, b, 68);
-    R4(b, c, d, e, a, 69);
-    R4(a, b, c, d, e, 70);
-    R4(e, a, b, c, d, 71);
-    R4(d, e, a, b, c, 72);
-    R4(c, d, e, a, b, 73);
-    R4(b, c, d, e, a, 74);
-    R4(a, b, c, d, e, 75);
-    R4(e, a, b, c, d, 76);
-    R4(d, e, a, b, c, 77);
-    R4(c, d, e, a, b, 78);
-    R4(b, c, d, e, a, 79);
-    /* Add the working vars back into context.state[] */
-    state[0] += a;
-    state[1] += b;
-    state[2] += c;
-    state[3] += d;
-    state[4] += e;
-    /* Wipe variables */
-    a = b = c = d = e = 0;
-#ifdef SHA1HANDSOFF
-    memset(block, '\0', sizeof(block));
-#endif
-}
-
-
-/* SHA1Init - Initialize new context */
-
-void SHA1Init(
-    SHA1_CTX * context
-)
-{
-    /* SHA1 initialization constants */
-    context->state[0] = 0x67452301;
-    context->state[1] = 0xEFCDAB89;
-    context->state[2] = 0x98BADCFE;
-    context->state[3] = 0x10325476;
-    context->state[4] = 0xC3D2E1F0;
-    context->count[0] = context->count[1] = 0;
-}
-
-
-/* Run your data through this. */
-
-void SHA1Update(
-    SHA1_CTX * context,
-    const unsigned char *data,
-    uint32_t len
-)
-{
-    uint32_t i;
-
-    uint32_t j;
-
-    j = context->count[0];
-    if ((context->count[0] += len << 3) < j)
-        context->count[1]++;
-    context->count[1] += (len >> 29);
-    j = (j >> 3) & 63;
-    if ((j + len) > 63)
-    {
-        memcpy(&context->buffer[j], data, (i = 64 - j));
-        SHA1Transform(context->state, context->buffer);
-        for (; i + 63 < len; i += 64)
-        {
-            SHA1Transform(context->state, &data[i]);
-        }
-        j = 0;
-    }
-    else
-        i = 0;
-    memcpy(&context->buffer[j], &data[i], len - i);
-}
-
-
-/* Add padding and return the message digest. */
-
-void SHA1Final(
-    unsigned char digest[20],
-    SHA1_CTX * context
-)
-{
-    unsigned i;
-
-    unsigned char finalcount[8];
-
-    unsigned char c;
-
-#if 0    /* untested "improvement" by DHR */
-    /* Convert context->count to a sequence of bytes
-     * in finalcount.  Second element first, but
-     * big-endian order within element.
-     * But we do it all backwards.
-     */
-    unsigned char *fcp = &finalcount[8];
-
-    for (i = 0; i < 2; i++)
-    {
-        uint32_t t = context->count[i];
-
-        int j;
-
-        for (j = 0; j < 4; t >>= 8, j++)
-            *--fcp = (unsigned char) t}
-#else
-    for (i = 0; i < 8; i++)
-    {
-        finalcount[i] = (unsigned char) ((context->count[(i >= 4 ? 0 : 1)] >> ((3 - (i & 3)) * 8)) & 255);      /* Endian independent */
-    }
-#endif
-    c = 0200;
-    SHA1Update(context, &c, 1);
-    while ((context->count[0] & 504) != 448)
-    {
-        c = 0000;
-        SHA1Update(context, &c, 1);
-    }
-    SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */
-    for (i = 0; i < 20; i++)
-    {
-        digest[i] = (unsigned char)
-            ((context->state[i >> 2] >> ((3 - (i & 3)) * 8)) & 255);
-    }
-    /* Wipe variables */
-    memset(context, '\0', sizeof(*context));
-    memset(&finalcount, '\0', sizeof(finalcount));
-}
-
-void SHA1(
-    char *hash_out,
-    const char *str,
-    int len)
-{
-    SHA1_CTX ctx;
-    unsigned int ii;
-
-    SHA1Init(&ctx);
-    for (ii=0; ii<len; ii+=1)
-        SHA1Update(&ctx, (const unsigned char*)str + ii, 1);
-    SHA1Final((unsigned char *)hash_out, &ctx);
-    hash_out[20] = '\0';
-}
--- a/jni/magiskhide/proc_monitor.c
+++ b/jni/magiskhide/proc_monitor.c
@@ -1,273 +0,0 @@
-/* proc_monitor.c - Monitor am_proc_start events and unmount
- *
- * We monitor the logcat am_proc_start events. When a target starts up,
- * we pause it ASAP, and fork a new process to join its mount namespace
- * and do all the unmounting/mocking
- */
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <signal.h>
-#include <pthread.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <sys/mount.h>
-
-#include "magisk.h"
-#include "utils.h"
-#include "magiskhide.h"
-
-static int zygote_num;
-static char init_ns[32], zygote_ns[2][32], cache_block[256];
-static int log_pid, log_fd, target_pid;
-static char *buffer;
-
-// Workaround for the lack of pthread_cancel
-static void quit_pthread(int sig) {
-	err_handler = do_nothing;
-	LOGD("proc_monitor: running cleanup\n");
-	destroy_list();
-	free(buffer);
-	hideEnabled = 0;
-	// Kill the logging if needed
-	if (log_pid > 0) {
-		kill(log_pid, SIGTERM);
-		waitpid(log_pid, NULL, 0);
-		close(log_fd);
-	}
-	// Resume process if possible
-	if (target_pid > 0)
-		kill(target_pid, SIGCONT);
-	pthread_mutex_destroy(&hide_lock);
-	pthread_mutex_destroy(&file_lock);
-	LOGD("proc_monitor: terminating...\n");
-	pthread_exit(NULL);
-}
-
-static void proc_monitor_err() {
-	LOGD("proc_monitor: error occured, stopping magiskhide services\n");
-	quit_pthread(SIGUSR1);
-}
-
-static int read_namespace(const int pid, char* target, const size_t size) {
-	char path[32];
-	snprintf(path, sizeof(path), "/proc/%d/ns/mnt", pid);
-	if (access(path, R_OK) == -1)
-		return 1;
-	xreadlink(path, target, size);
-	return 0;
-}
-
-static void store_zygote_ns(int pid) {
-	if (zygote_num == 2) return;
-	do {
-		usleep(500);
-		read_namespace(pid, zygote_ns[zygote_num], 32);
-	} while (strcmp(zygote_ns[zygote_num], init_ns) == 0);
-	++zygote_num;
-}
-
-static void lazy_unmount(const char* mountpoint) {
-	if (umount2(mountpoint, MNT_DETACH) != -1)
-		LOGD("hide_daemon: Unmounted (%s)\n", mountpoint);
-	else
-		LOGD("hide_daemon: Unmount Failed (%s)\n", mountpoint);
-}
-
-static void hide_daemon_err() {
-	LOGD("hide_daemon: error occured, stopping magiskhide services\n");
-	_exit(-1);
-}
-
-static void hide_daemon(int pid) {
-	LOGD("hide_daemon: start unmount for pid=[%d]\n", pid);
-	// When an error occurs, report its failure to main process
-	err_handler = hide_daemon_err;
-
-	char *line;
-	struct vector mount_list;
-
-	manage_selinux();
-	relink_sbin();
-	clean_magisk_props();
-
-	if (switch_mnt_ns(pid))
-		return;
-
-	snprintf(buffer, PATH_MAX, "/proc/%d/mounts", pid);
-	vec_init(&mount_list);
-	file_to_vector(buffer, &mount_list);
-
-	// Find the cache block name if not found yet
-	if (cache_block[0] == '\0') {
-		vec_for_each(&mount_list, line) {
-			if (strstr(line, " /cache ")) {
-				sscanf(line, "%256s", cache_block);
-				break;
-			}
-		}
-	}
-
-	// First unmount dummy skeletons, /sbin links, cache mounts, and mirrors
-	vec_for_each(&mount_list, line) {
-		if (strstr(line, "tmpfs /system") || strstr(line, "tmpfs /vendor") || strstr(line, "tmpfs /sbin")
-			|| (strstr(line, cache_block) && (strstr(line, " /system") || strstr(line, " /vendor")))
-			|| strstr(line, MIRRDIR)) {
-			sscanf(line, "%*s %4096s", buffer);
-			lazy_unmount(buffer);
-		}
-		free(line);
-	}
-	vec_destroy(&mount_list);
-
-	// Re-read mount infos
-	snprintf(buffer, PATH_MAX, "/proc/%d/mounts", pid);
-	vec_init(&mount_list);
-	file_to_vector(buffer, &mount_list);
-
-	// Unmount any loop mounts and dummy mounts
-	vec_for_each(&mount_list, line) {
-		if (strstr(line, "/dev/block/loop") || strstr(line, DUMMDIR)) {
-			sscanf(line, "%*s %4096s", buffer);
-			lazy_unmount(buffer);
-		}
-		free(line);
-	}
-
-	// Free uo memory
-	vec_destroy(&mount_list);
-}
-
-void proc_monitor() {
-	// Register the cancel signal
-	struct sigaction act;
-	memset(&act, 0, sizeof(act));
-	act.sa_handler = quit_pthread;
-	sigaction(SIGUSR1, &act, NULL);
-
-	// The error handler should stop magiskhide services
-	err_handler = proc_monitor_err;
-	log_pid = target_pid = -1;
-
-	buffer = xmalloc(PATH_MAX);
-	cache_block[0] = '\0';
-
-	// Get the mount namespace of init
-	if (read_namespace(1, init_ns, 32)) {
-		LOGE("proc_monitor: Your kernel doesn't support mount namespace :(\n");
-		proc_monitor_err();
-	}
-	LOGI("proc_monitor: init ns=%s\n", init_ns);
-
-	// Get the mount namespace of zygote
-	zygote_num = 0;
-	while(!zygote_num) {
-		// Check zygote every 2 secs
-		sleep(2);
-		ps_filter_proc_name("zygote", store_zygote_ns);
-	}
-	ps_filter_proc_name("zygote64", store_zygote_ns);
-
-	switch(zygote_num) {
-	case 1:
-		LOGI("proc_monitor: zygote ns=%s\n", zygote_ns[0]);
-		break;
-	case 2:
-		LOGI("proc_monitor: zygote ns=%s zygote64 ns=%s\n", zygote_ns[0], zygote_ns[1]);
-		break;
-	}
-
-	while (1) {
-		// Clear previous logcat buffer
-		exec_command_sync("logcat", "-b", "events", "-c", NULL);
-
-		// Monitor am_proc_start
-		log_fd = -1;
-		log_pid = exec_command(0, &log_fd, NULL, "logcat", "-b", "events", "-v", "raw", "-s", "am_proc_start", NULL);
-
-		if (log_pid < 0) continue;
-		if (kill(log_pid, 0)) continue;
-
-		while(fdgets(buffer, PATH_MAX, log_fd)) {
-			int pid, ret, comma = 0;
-			char *pos = buffer, *line, processName[256];
-
-			while(1) {
-				pos = strchr(pos, ',');
-				if(pos == NULL)
-					break;
-				pos[0] = ' ';
-				++comma;
-			}
-
-			if (comma == 6)
-				ret = sscanf(buffer, "[%*d %d %*d %*d %256s", &pid, processName);
-			else
-				ret = sscanf(buffer, "[%*d %d %*d %256s", &pid, processName);
-
-			if(ret != 2)
-				continue;
-
-			ret = 0;
-
-			// Critical region
-			pthread_mutex_lock(&hide_lock);
-			vec_for_each(hide_list, line) {
-				if (strcmp(processName, line) == 0) {
-					target_pid = pid;
-					while(1) {
-						ret = 1;
-						for (int i = 0; i < zygote_num; ++i) {
-							read_namespace(target_pid, buffer, 32);
-							if (strcmp(buffer, zygote_ns[i]) == 0) {
-								usleep(50);
-								ret = 0;
-								break;
-							}
-						}
-						if (ret) break;
-					}
-
-					// Send pause signal ASAP
-					if (kill(target_pid, SIGSTOP) == -1) continue;
-
-					LOGI("proc_monitor: %s (PID=%d ns=%s)\n", processName, target_pid, buffer);
-
-					/*
-					 * The setns system call do not support multithread processes
-					 * We have to fork a new process, setns, then do the unmounts
-					 */
-					int hide_pid = fork();
-					switch(hide_pid) {
-					case -1:
-						PLOGE("fork");
-						return;
-					case 0:
-						hide_daemon(target_pid);
-						_exit(0);
-					default:
-						break;
-					}
-
-					// Wait till the unmount process is done
-					waitpid(hide_pid, &ret, 0);
-					if (WEXITSTATUS(ret))
-						quit_pthread(SIGUSR1);
-
-					// All done, send resume signal
-					kill(target_pid, SIGCONT);
-					target_pid = -1;
-					break;
-				}
-			}
-			pthread_mutex_unlock(&hide_lock);
-		}
-
-		// For some reason it went here, restart logging
-		kill(log_pid, SIGTERM);
-		waitpid(log_pid, NULL, 0);
-		close(log_fd);
-	}
-}
--- a/jni/magiskpolicy
+++ b/jni/magiskpolicy
--- a/jni/ndk-compression
+++ b/jni/ndk-compression
--- a/jni/resetprop/Android.mk
+++ b/jni/resetprop/Android.mk
@@ -1,8 +0,0 @@
-LOCAL_PATH := $(call my-dir)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := resetprop
-LOCAL_SRC_FILES := resetprop.cpp system_properties.cpp libc_logging.cpp
-LOCAL_LDLIBS += -latomic
-LOCAL_CFLAGS := -Wno-implicit-exception-spec-mismatch -DINDEP_BINARY
-include $(BUILD_EXECUTABLE)
--- a/jni/resetprop/resetprop.cpp
+++ b/jni/resetprop/resetprop.cpp
@@ -1,308 +0,0 @@
-/* resetprop.cpp - Manipulate any system props
- *
- * Copyright 2016 nkk71     <nkk71x@gmail.com>
- * Copyright 2016 topjohnwu <topjohnwu@gmail.com>
- *
- * Info:
- *
- * all changes are in
- *
- * bionic/libc/bionic/system_properties.cpp
- *
- * Functions that need to be patched/added in system_properties.cpp
- *
- * int __system_properties_init2()
- *     on android 7, first tear down the everything then let it initialize again:
- *         if (initialized) {
- *             //list_foreach(contexts, [](context_node* l) { l->reset_access(); });
- *             //return 0;
- *             free_and_unmap_contexts();
- *             initialized = false;
- *         }
- *
- *
- * static prop_area* map_prop_area(const char* filename, bool is_legacy)
- *     we dont want this read only so change: 'O_RDONLY' to 'O_RDWR'
- *
- * static prop_area* map_fd_ro(const int fd)
- *     we dont want this read only so change: 'PROT_READ' to 'PROT_READ | PROT_WRITE'
- *
- *
- * Copy the code of prop_info *prop_area::find_property, and modify to delete props
- * const prop_info *prop_area::find_property_and_del(prop_bt *const trie, const char *name)
- * {
- *    ...
- *    ...  Do not alloc a new prop_bt here, remove all code involve alloc_if_needed
- *    ...
- *
- *     if (prop_offset != 0) {
- *         atomic_store_explicit(&current->prop, 0, memory_order_release); // Add this line to nullify the prop entry
- *         return to_prop_info(&current->prop);
- *     } else {
- *
- *    ....
- * }
- *
- *
- * by patching just those functions directly, all other functions should be ok
- * as is.
- *
- *
- */
-
-#include <stdio.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <string.h>
-#include <sys/types.h>
-
-#define _REALLY_INCLUDE_SYS__SYSTEM_PROPERTIES_H_
-#include "_system_properties.h"
-#include "system_properties.h"
-#include "magisk.h"
-#include "resetprop.h"
-
-#define PRINT_D(...)  { LOGD(__VA_ARGS__); if (verbose) printf(__VA_ARGS__); }
-#define PRINT_E(...)  { LOGE(__VA_ARGS__); fprintf(stderr, __VA_ARGS__); }
-#define PERSISTENT_PROPERTY_DIR  "/data/property"
-
-static int verbose = 0;
-
-static bool is_legal_property_name(const char *name, size_t namelen) {
-
-    if (namelen < 1) return false;
-    if (name[0] == '.') return false;
-    if (name[namelen - 1] == '.') return false;
-
-    /* Only allow alphanumeric, plus '.', '-', '@', ':', or '_' */
-    /* Don't allow ".." to appear in a property name */
-    for (size_t i = 0; i < namelen; i++) {
-        if (name[i] == '.') {
-            // i=0 is guaranteed to never have a dot. See above.
-            if (name[i-1] == '.') return false;
-            continue;
-        }
-        if (name[i] == '_' || name[i] == '-' || name[i] == '@' || name[i] == ':') continue;
-        if (name[i] >= 'a' && name[i] <= 'z') continue;
-        if (name[i] >= 'A' && name[i] <= 'Z') continue;
-        if (name[i] >= '0' && name[i] <= '9') continue;
-        return false;
-    }
-
-    return true;
-}
-
-static int usage(char* arg0) {
-    fprintf(stderr,
-        "resetprop v" xstr(MAGISK_VERSION) "(" xstr(MAGISK_VER_CODE) ") (by topjohnwu & nkk71) - System Props Modification Tool\n\n"
-        "Usage: %s [options] [args...]\n"
-        "\n"
-        "Options:\n"
-        "   -v      show verbose output\n"
-        "   -n      only modify property in memory\n"
-        "\n"
-        "%s  NAME VALUE        set property entry NAME with VALUE\n"
-        "%s  --file FILE       load props from FILE\n"
-        "%s  --delete NAME     remove prop entry NAME\n"
-        "\n"
-
-    , arg0, arg0, arg0, arg0);
-    return 1;
-}
-
-static int init_resetprop() {
-    if (__system_properties_init2()) {
-        PRINT_E("resetprop: Initialize error\n");
-        return -1;
-    }
-    return 0;
-}
-
-int prop_exist(const char *name) {
-    if (init_resetprop()) return 0;
-    return __system_property_find2(name) != NULL;
-}
-
-static void read_prop_info(void* cookie, const char *name, const char *value, uint32_t serial) {
-    strcpy((char *) cookie, value);
-}
-
-// Get prop by name, return string (should free manually!)
-char *getprop(const char *name) {
-    if (init_resetprop()) return NULL;
-    const prop_info *pi = __system_property_find2(name);
-    if (pi == NULL) {
-        PRINT_D("resetprop: prop [%s] does not exist\n", name);
-        return NULL;
-    }
-    char value[PROP_VALUE_MAX];
-    __system_property_read_callback2(pi, read_prop_info, value);
-    PRINT_D("resetprop: getprop [%s]: [%s]\n", name, value);
-    return strdup(value);
-}
-
-static void (*cb)(const char *);
-
-static void run_actual_cb(void* cookie, const char *name, const char *value, uint32_t serial) {
-    cb(name);
-}
-
-static void prop_foreach_cb(const prop_info* pi, void* cookie) {
-    __system_property_read_callback2(pi, run_actual_cb, NULL);
-}
-
-void getprop_all(void (*cbk)(const char *name)) {
-    if (init_resetprop()) return;
-    cb = cbk;
-    __system_property_foreach2(prop_foreach_cb, NULL);
-}
-
-int setprop(const char *name, const char *value) {
-    return setprop2(name, value, 1);
-}
-
-int setprop2(const char *name, const char *value, const int trigger) {
-    if (init_resetprop()) return -1;
-    int ret;
-
-    prop_info *pi = (prop_info*) __system_property_find2(name);
-    if (pi != NULL) {
-        if (trigger) {
-            if (!strncmp(name, "ro.", 3)) deleteprop(name, trigger);
-            ret = __system_property_set2(name, value);
-        } else {
-            ret = __system_property_update2(pi, value, strlen(value));
-        }
-    } else {
-        PRINT_D("resetprop: New prop [%s]\n", name);
-        if (trigger) {
-            ret = __system_property_set2(name, value);
-        } else {
-            ret = __system_property_add2(name, strlen(name), value, strlen(value));
-        }
-    }
-
-    PRINT_D("resetprop: setprop [%s]: [%s] by %s\n", name, value,
-        trigger ? "property_service" : "modifing prop data structure");
-
-    if (ret)
-        PRINT_E("resetprop: setprop error\n");
-
-    return ret;
-}
-
-int deleteprop(const char *name, const int trigger) {
-    if (init_resetprop()) return -1;
-    PRINT_D("resetprop: deleteprop [%s]\n", name);
-    if (__system_property_del(name)) {
-        PRINT_D("resetprop: delete prop: [%s] error\n", name);
-        return -1;
-    }
-    if (trigger && strstr(name, "persist.")) {
-        char buffer[PATH_MAX];
-        snprintf(buffer, sizeof(buffer), "%s/%s", PERSISTENT_PROPERTY_DIR, name);
-        unlink(buffer);
-    }
-    return 0;
-}
-
-int read_prop_file(const char* filename, const int trigger) {
-    if (init_resetprop()) return -1;
-    PRINT_D("resetprop: Load prop file [%s]\n", filename);
-    FILE *fp = fopen(filename, "r");
-    if (fp == NULL) {
-        PRINT_E("Cannot open [%s]\n", filename);
-        return 1;
-    }
-    char *line = NULL, *pch;
-    size_t len;
-    ssize_t read;
-    int comment = 0, i;
-    while ((read = getline(&line, &len, fp)) != -1) {
-        // Remove the trailing newline
-        if (line[read - 1] == '\n') {
-            line[read - 1] = '\0';
-            --read;
-        }
-        comment = 0;
-        for (i = 0; i < read; ++i) {
-            // Ignore starting spaces
-            if (line[i] == ' ') continue;
-            else {
-                // A line starting with # is ignored
-                if (line[i] == '#') comment = 1;
-                break;
-            }
-        }
-        if (comment) continue;
-        pch = strchr(line, '=');
-        // Ignore ivalid formats
-        if ( ((pch == NULL) || (i >= (pch - line))) || (pch >= line + read - 1) ) continue;
-        // Separate the string
-        *pch = '\0';
-        setprop2(line + i, pch + 1, trigger);
-    }
-    free(line);
-    fclose(fp);
-    return 0;
-}
-
-int resetprop_main(int argc, char *argv[]) {
-
-    int del = 0, file = 0, trigger = 1;
-
-    int exp_arg = 2;
-    char *name, *value, *filename;
-
-    if (argc < 3) {
-        return usage(argv[0]);
-    }
-
-    for (int i = 1; i < argc; ++i) {
-        if (!strcmp("-v", argv[i])) {
-            verbose = 1;
-        } else if (!strcmp("-n", argv[i])) {
-            trigger = 0;
-        } else if (!strcmp("--file", argv[i])) {
-            file = 1;
-            exp_arg = 1;
-        } else if (!strcmp("--delete", argv[i])) {
-            del = 1;
-            exp_arg = 1;
-        } else {
-            if (i + exp_arg > argc) {
-                return usage(argv[0]);
-            }
-            if (file) {
-                filename = argv[i];
-                break;
-            } else {
-                if(!is_legal_property_name(argv[i], strlen(argv[i]))) {
-                    PRINT_E("Illegal property name: [%s]\n", argv[i]);
-                    return 1;
-                }
-                name = argv[i];
-                if (exp_arg > 1) {
-                    if (strlen(argv[i + 1]) >= PROP_VALUE_MAX) {
-                        PRINT_E("Value too long: [%s]\n", argv[i + 1]);
-                        return 1;
-                    }
-                    value = argv[i + 1];
-                }
-                break;
-            }
-        }
-    }
-
-    if (file) {
-        return read_prop_file(filename, trigger);
-    } else if (del) {
-        return deleteprop(name, trigger);
-    } else {
-        return setprop2(name, value, trigger);
-    }
-
-    return 0;
-}
--- a/jni/selinux
+++ b/jni/selinux
--- a/jni/su
+++ b/jni/su
--- a/native/.gitignore
+++ b/native/.gitignore
@@ -0,0 +1,3 @@
+/build
+obj
+libs
--- a/native/build.gradle
+++ b/native/build.gradle
@@ -0,0 +1,20 @@
+apply plugin: 'com.android.library'
+
+android {
+    compileSdkVersion 27
+
+    externalNativeBuild {
+        ndkBuild {
+            path 'jni/Android.mk'
+        }
+    }
+
+    defaultConfig {
+        externalNativeBuild {
+            ndkBuild {
+                // Passes an optional argument to ndk-build.
+                arguments "GRADLE=true"
+            }
+        }
+    }
+}
--- a/native/jni/Android.mk
+++ b/native/jni/Android.mk
@@ -0,0 +1,137 @@
+LOCAL_PATH := $(call my-dir)
+
+# Some handy paths
+EXT_PATH := jni/external
+SE_PATH := $(EXT_PATH)/selinux
+LIBSELINUX := $(SE_PATH)/libselinux/include
+LIBSEPOL := $(SE_PATH)/libsepol/include $(SE_PATH)/libsepol/cil/include
+LIBLZMA := $(EXT_PATH)/xz/src/liblzma/api
+LIBLZ4 := $(EXT_PATH)/lz4/lib
+LIBBZ2 := $(EXT_PATH)/bzip2
+LIBFDT := $(EXT_PATH)/dtc/libfdt
+UTIL_SRC := utils/cpio.c \
+            utils/file.c \
+            utils/img.c \
+            utils/list.c \
+            utils/misc.c \
+            utils/pattern.c \
+            utils/vector.c \
+            utils/xwrap.c
+
+########################
+# Binaries
+########################
+
+ifneq "$(or $(PRECOMPILE), $(GRADLE))" ""
+
+# magisk main binary
+include $(CLEAR_VARS)
+LOCAL_MODULE := magisk
+LOCAL_SHARED_LIBRARIES := libsqlite libselinux
+
+LOCAL_C_INCLUDES := \
+	jni/include \
+	$(EXT_PATH)/include \
+	$(LIBSELINUX)
+
+LOCAL_SRC_FILES := \
+	core/magisk.c \
+	core/daemon.c \
+	core/log_monitor.c \
+	core/bootstages.c \
+	core/socket.c \
+	magiskhide/magiskhide.c \
+	magiskhide/proc_monitor.c \
+	magiskhide/hide_utils.c \
+	resetprop/resetprop.cpp \
+	resetprop/system_properties.cpp \
+	su/su.c \
+	su/activity.c \
+	su/db.c \
+	su/pts.c \
+	su/su_daemon.c \
+	su/su_socket.c \
+	$(UTIL_SRC)
+
+LOCAL_CFLAGS := -DIS_DAEMON -DSELINUX
+LOCAL_LDLIBS := -llog
+include $(BUILD_EXECUTABLE)
+
+endif
+
+ifndef PRECOMPILE
+
+# magiskinit
+include $(CLEAR_VARS)
+LOCAL_MODULE := magiskinit
+LOCAL_STATIC_LIBRARIES := libsepol liblzma
+LOCAL_C_INCLUDES := \
+	jni/include \
+	jni/magiskpolicy \
+	../out/$(TARGET_ARCH_ABI) \
+	$(LIBSEPOL) \
+	$(LIBLZMA)
+
+LOCAL_SRC_FILES := \
+	core/magiskinit.c \
+	core/socket.c \
+	magiskpolicy/api.c \
+	magiskpolicy/magiskpolicy.c \
+	magiskpolicy/rules.c \
+	magiskpolicy/sepolicy.c \
+	$(UTIL_SRC)
+
+LOCAL_LDFLAGS := -static
+include $(BUILD_EXECUTABLE)
+
+# magiskboot
+include $(CLEAR_VARS)
+LOCAL_MODULE := magiskboot
+LOCAL_STATIC_LIBRARIES := libmincrypt liblzma liblz4 libbz2 libfdt
+LOCAL_C_INCLUDES := \
+	jni/include \
+	$(EXT_PATH)/include \
+	$(LIBLZMA) \
+	$(LIBLZ4) \
+	$(LIBBZ2) \
+	$(LIBFDT)
+
+LOCAL_SRC_FILES := \
+	magiskboot/main.c \
+	magiskboot/bootimg.c \
+	magiskboot/hexpatch.c \
+	magiskboot/compress.c \
+	magiskboot/format.c \
+	magiskboot/dtb.c \
+	magiskboot/ramdisk.c \
+	$(UTIL_SRC)
+
+LOCAL_CFLAGS := -DXWRAP_EXIT
+LOCAL_LDLIBS := -lz
+include $(BUILD_EXECUTABLE)
+
+# 32-bit static binaries
+ifndef GRADLE  # Do not run gradle sync on these binaries
+ifneq ($(TARGET_ARCH_ABI), x86_64)
+ifneq ($(TARGET_ARCH_ABI), arm64-v8a)
+# b64xz
+include $(CLEAR_VARS)
+LOCAL_MODULE := b64xz
+LOCAL_STATIC_LIBRARIES := liblzma
+LOCAL_C_INCLUDES := $(LIBLZMA)
+LOCAL_SRC_FILES := b64xz.c
+LOCAL_LDFLAGS := -static
+include $(BUILD_EXECUTABLE)
+# Busybox
+include jni/external/busybox/Android.mk
+endif
+endif
+endif
+
+# Precompile
+endif
+
+########################
+# Externals
+########################
+include jni/external/Android.mk
--- a/native/jni/Application.mk
+++ b/native/jni/Application.mk
@@ -0,0 +1,5 @@
+APP_ABI := x86 x86_64 armeabi-v7a arm64-v8a
+APP_PLATFORM := android-21
+APP_CFLAGS := $(MAGISK_FLAGS) -std=gnu99
+APP_CPPFLAGS := -std=c++11
+APP_SHORT_COMMANDS := true
--- a/native/jni/b64xz.c
+++ b/native/jni/b64xz.c
--- a/native/jni/core/bootstages.c
+++ b/native/jni/core/bootstages.c
@@ -11,8 +11,6 @@
 #include <fcntl.h>
 #include <string.h>
 #include <dirent.h>
-#include <linux/loop.h>
-#include <sys/ioctl.h>
 #include <sys/mount.h>
 #include <sys/wait.h>
 #include <selinux/selinux.h>
@@ -24,14 +22,9 @@

 static char *buf, *buf2;
 static struct vector module_list;
-static int seperate_vendor = 0;

 extern char **environ;

-#ifdef MAGISK_DEBUG
-static int debug_log_pid, debug_log_fd;
-#endif
-
 /******************
 * Node structure *
 ******************/
@@ -58,7 +51,7 @@ struct node_entry {
 static void concat_path(struct node_entry *node) {
 	if (node->parent)
 		concat_path(node->parent);
-	int len = strlen(buf);
+	size_t len = strlen(buf);
 	buf[len] = '/';
 	strcpy(buf + len + 1, node->name);
 }
@@ -101,7 +94,7 @@ static struct node_entry *insert_child(struct node_entry *p, struct node_entry *
 			if (c->status > e->status) {
 				// Precedence is higher, replace with new node
 				destroy_subtree(e);
-				vec_entry(p->children)[_] = c;
+				vec_cur(p->children) = c;
 				return c;
 			} else {
 				// Free the new entry, return old
@@ -147,14 +140,14 @@ static void pm_setenv(struct vector *v) {
 static void exec_common_script(const char* stage) {
 	DIR *dir;
 	struct dirent *entry;
-	snprintf(buf, PATH_MAX, "%s/%s.d", COREDIR, stage);
+	snprintf(buf2, PATH_MAX, "%s/%s.d", COREDIR, stage);

-	if (!(dir = opendir(buf)))
+	if (!(dir = xopendir(buf2)))
 		return;

 	while ((entry = xreaddir(dir))) {
 		if (entry->d_type == DT_REG) {
-			snprintf(buf2, PATH_MAX, "%s/%s", buf, entry->d_name);
+			snprintf(buf2, PATH_MAX, "%s/%s.d/%s", COREDIR, stage, entry->d_name);
 			if (access(buf2, X_OK) == -1)
 				continue;
 			LOGI("%s.d: exec [%s]\n", stage, entry->d_name);
@@ -194,7 +187,7 @@ static void construct_tree(const char *module, struct node_entry *parent) {
 	char *parent_path = get_full_path(parent);
 	snprintf(buf, PATH_MAX, "%s/%s%s", MOUNTPOINT, module, parent_path);

-	if (!(dir = opendir(buf)))
+	if (!(dir = xopendir(buf)))
 		goto cleanup;

 	while ((entry = xreaddir(dir))) {
@@ -262,7 +255,7 @@ static void clone_skeleton(struct node_entry *node) {
 	// Clone the structure
 	char *full_path = get_full_path(node);
 	snprintf(buf, PATH_MAX, "%s%s", MIRRDIR, full_path);
-	if (!(dir = opendir(buf)))
+	if (!(dir = xopendir(buf)))
 		goto cleanup;
 	while ((entry = xreaddir(dir))) {
 		if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0)
@@ -276,26 +269,33 @@ static void clone_skeleton(struct node_entry *node) {
 	}
 	closedir(dir);

-	snprintf(buf, PATH_MAX, "%s%s", DUMMDIR, full_path);
-	mkdir_p(buf, 0755);
-	clone_attr(full_path, buf);
-	if (node->status & IS_SKEL)
-		bind_mount(buf, full_path);
+	if (node->status & IS_SKEL) {
+		struct stat s;
+		char *con;
+		xstat(full_path, &s);
+		getfilecon(full_path, &con);
+		LOGI("mnt_tmpfs : %s\n", full_path);
+		xmount("tmpfs", full_path, "tmpfs", 0, NULL);
+		chmod(full_path, s.st_mode & 0777);
+		chown(full_path, s.st_uid, s.st_gid);
+		setfilecon(full_path, con);
+		free(con);
+	}

 	vec_for_each(node->children, child) {
-		snprintf(buf, PATH_MAX, "%s%s/%s", DUMMDIR, full_path, child->name);
+		snprintf(buf, PATH_MAX, "%s/%s", full_path, child->name);

 		// Create the dummy file/directory
 		if (IS_DIR(child))
 			xmkdir(buf, 0755);
 		else if (IS_REG(child))
-			close(open_new(buf));
+			close(creat(buf, 0644));
 		// Links will be handled later

 		if (child->parent->parent == NULL && strcmp(child->name, "vendor") == 0) {
 			if (IS_LNK(child)) {
 				cp_afc(MIRRDIR "/system/vendor", "/system/vendor");
-				LOGI("cplink: %s -> %s\n", MIRRDIR "/system/vendor", "/system/vendor");
+				LOGI("creat_link: %s <- %s\n", "/system/vendor", MIRRDIR "/system/vendor");
 			}
 			// Skip
 			continue;
@@ -303,7 +303,7 @@ static void clone_skeleton(struct node_entry *node) {
 			// Mount from module file to dummy file
 			snprintf(buf2, PATH_MAX, "%s/%s%s/%s", MOUNTPOINT, child->module, full_path, child->name);
 		} else if (child->status & (IS_SKEL | IS_INTER)) {
-			// It's a intermediate folder, recursive clone
+			// It's an intermediate folder, recursive clone
 			clone_skeleton(child);
 			continue;
 		} else if (child->status & IS_DUMMY) {
@@ -314,7 +314,11 @@ static void clone_skeleton(struct node_entry *node) {
 		if (IS_LNK(child)) {
 			// Copy symlinks directly
 			cp_afc(buf2, buf);
-			LOGI("cplink: %s -> %s\n", buf2, buf);
+			#ifdef MAGISK_DEBUG
+				LOGI("creat_link: %s <- %s\n",buf, buf2);
+			#else
+				LOGI("creat_link: %s\n", buf);
+			#endif
 		} else {
 			snprintf(buf, PATH_MAX, "%s/%s", full_path, child->name);
 			bind_mount(buf2, buf);
@@ -388,51 +392,21 @@ static void simple_mount(const char *path) {
 * Miscellaneous *
 *****************/

-static void mount_mirrors() {
-	LOGI("* Mounting mirrors");
-	struct vector mounts;
-	vec_init(&mounts);
-	file_to_vector("/proc/mounts", &mounts);
-	char *line;
-	vec_for_each(&mounts, line) {
-		if (strstr(line, " /system ")) {
-			sscanf(line, "%s", buf);
-			xmkdir_p(MIRRDIR "/system", 0755);
-			xmount(buf, MIRRDIR "/system", "ext4", MS_RDONLY, NULL);
-			LOGI("mount: %s -> %s\n", buf, MIRRDIR "/system");
-			continue;
-		}
-		if (strstr(line, " /vendor ")) {
-			seperate_vendor = 1;
-			sscanf(line, "%s", buf);
-			xmkdir_p(MIRRDIR "/vendor", 0755);
-			xmount(buf, MIRRDIR "/vendor", "ext4", MS_RDONLY, NULL);
-			LOGI("mount: %s -> %s\n", buf, MIRRDIR "/vendor");
-			continue;
-		}
-	}
-	vec_deep_destroy(&mounts);
-	if (!seperate_vendor) {
-		symlink(MIRRDIR "/system/vendor", MIRRDIR "/vendor");
-		LOGI("link: %s -> %s\n", MIRRDIR "/system/vendor", MIRRDIR "/vendor");
-	}
-	mkdir_p(MIRRDIR "/bin", 0755);
-	bind_mount(DATABIN, MIRRDIR "/bin");
-}
-
-static void link_busybox() {
-	mkdir_p(BBPATH, 0755);
-	exec_command_sync(MIRRDIR "/bin/busybox", "--install", "-s", BBPATH, NULL);
-	symlink(MIRRDIR "/bin/busybox", BBPATH "/busybox");
-}
+#define alt_img ((char *[]) \
+{ "/cache/magisk.img", "/data/magisk_merge.img", "/data/adb/magisk_merge.img", NULL })

 static int prepare_img() {
-	int new_img = 0;
+	// Merge images
+	for (int i = 0; alt_img[i]; ++i) {
+		if (merge_img(alt_img[i], MAINIMG)) {
+			LOGE("Image merge %s -> " MAINIMG " failed!\n", alt_img[i]);
+			return 1;
+		}
+	}

 	if (access(MAINIMG, F_OK) == -1) {
 		if (create_img(MAINIMG, 64))
 			return 1;
-		new_img = 1;
 	}

 	LOGI("* Mounting " MAINIMG "\n");
@@ -441,71 +415,65 @@ static int prepare_img() {
 	if (magiskloop == NULL)
 		return 1;

-	vec_init(&module_list);
+	xmkdir(COREDIR, 0755);
+	xmkdir(COREDIR "/post-fs-data.d", 0755);
+	xmkdir(COREDIR "/service.d", 0755);
+	xmkdir(COREDIR "/props", 0755);

-	if (new_img) {
-		xmkdir(COREDIR, 0755);
-		xmkdir(COREDIR "/post-fs-data.d", 0755);
-		xmkdir(COREDIR "/service.d", 0755);
-		xmkdir(COREDIR "/props", 0755);
-	} else {
-		DIR *dir = xopendir(MOUNTPOINT);
-		struct dirent *entry;
-		while ((entry = xreaddir(dir))) {
-			if (entry->d_type == DT_DIR) {
-				if (strcmp(entry->d_name, ".") == 0 ||
-					strcmp(entry->d_name, "..") == 0 ||
-					strcmp(entry->d_name, ".core") == 0 ||
-					strcmp(entry->d_name, "lost+found") == 0)
-					continue;
-				snprintf(buf, PATH_MAX, "%s/%s/remove", MOUNTPOINT, entry->d_name);
-				if (access(buf, F_OK) == 0) {
-					snprintf(buf, PATH_MAX, "%s/%s", MOUNTPOINT, entry->d_name);
-					exec_command_sync(BBPATH "/rm", "-rf", buf, NULL);
-					continue;
-				}
-				snprintf(buf, PATH_MAX, "%s/%s/disable", MOUNTPOINT, entry->d_name);
-				if (access(buf, F_OK) == 0)
-					continue;
-				vec_push_back(&module_list, strdup(entry->d_name));
+	DIR *dir = xopendir(MOUNTPOINT);
+	struct dirent *entry;
+	while ((entry = xreaddir(dir))) {
+		if (entry->d_type == DT_DIR) {
+			if (strcmp(entry->d_name, ".") == 0 ||
+				strcmp(entry->d_name, "..") == 0 ||
+				strcmp(entry->d_name, ".core") == 0 ||
+				strcmp(entry->d_name, "lost+found") == 0)
+				continue;
+			snprintf(buf, PATH_MAX, "%s/%s/remove", MOUNTPOINT, entry->d_name);
+			if (access(buf, F_OK) == 0) {
+				snprintf(buf, PATH_MAX, "%s/%s", MOUNTPOINT, entry->d_name);
+				rm_rf(buf);
+				continue;
 			}
+			snprintf(buf, PATH_MAX, "%s/%s/disable", MOUNTPOINT, entry->d_name);
+			if (access(buf, F_OK) == 0)
+				continue;
+			vec_push_back(&module_list, strdup(entry->d_name));
 		}
-
-		closedir(dir);
-
-		// Trim image
-		umount_image(MOUNTPOINT, magiskloop);
-		free(magiskloop);
-		trim_img(MAINIMG);
-
-		// Remount them back :)
-		magiskloop = mount_image(MAINIMG, MOUNTPOINT);
-		free(magiskloop);
 	}
+
+	closedir(dir);
+
+	// Trim image
+	umount_image(MOUNTPOINT, magiskloop);
+	free(magiskloop);
+	trim_img(MAINIMG);
+
+	// Remount them back :)
+	magiskloop = mount_image(MAINIMG, MOUNTPOINT);
+	free(magiskloop);
+
+	// Fix file selinux contexts
+	fix_filecon();
 	return 0;
 }

+void fix_filecon() {
+	int dirfd = xopen(MOUNTPOINT, O_RDONLY | O_CLOEXEC);
+	restorecon(dirfd, 0);
+	close(dirfd);
+}
+
 /****************
 * Entry points *
 ****************/

-static void *start_magisk_hide(void *args) {
-	launch_magiskhide(-1);
-	return NULL;
-}
-
 static void unblock_boot_process() {
-	close(open(UNBLOCKFILE, O_RDONLY | O_CREAT));
+	close(xopen(UNBLOCKFILE, O_RDONLY | O_CREAT, 0));
 	pthread_exit(NULL);
 }

 void post_fs(int client) {
-	// Error handler
-	err_handler = unblock_boot_process;
-
-	// Start log monitor
-	monitor_logs();
-
 	LOGI("** post-fs mode running\n");
 	// ack
 	write_int(client, 0);
@@ -527,56 +495,25 @@ unblock:
 }

 void post_fs_data(int client) {
-	// Error handler
-	err_handler = unblock_boot_process;
-
 	// ack
 	write_int(client, 0);
 	close(client);
-	if (!check_data())
+	if (!is_daemon_init && !check_data())
 		goto unblock;

-#ifdef MAGISK_DEBUG
-	// Start debug logs in new process
-	debug_log_fd = xopen(DEBUG_LOG, O_WRONLY | O_CREAT | O_CLOEXEC | O_TRUNC, 0644);
-	debug_log_pid = exec_command(0, &debug_log_fd, NULL, "logcat", "-v", "brief", NULL);
-	close(debug_log_fd);
-#endif
+	// Start the debug log
+	start_debug_full_log();

 	LOGI("** post-fs-data mode running\n");

 	// Allocate buffer
 	if (buf == NULL) buf = xmalloc(PATH_MAX);
 	if (buf2 == NULL) buf2 = xmalloc(PATH_MAX);
+	vec_init(&module_list);

-	// Magisk binaries
-	char *bin_path = NULL;
-	if (access("/cache/data_bin", F_OK) == 0)
-		bin_path = "/cache/data_bin";
-	else if (access("/data/data/com.topjohnwu.magisk/install", F_OK) == 0)
-		bin_path = "/data/data/com.topjohnwu.magisk/install";
-	if (bin_path) {
-		exec_command_sync("rm", "-rf", DATABIN, NULL);
-		exec_command_sync("cp", "-r", bin_path, DATABIN, NULL);
-		exec_command_sync("rm", "-rf", bin_path, NULL);
-		exec_command_sync("chmod", "-R", "755", bin_path, NULL);
-		// Lazy.... use shell blob to match files
-		exec_command_sync("sh", "-c", "mv /data/magisk/stock_boot* /data", NULL);
-	}
-
-	// Link busybox
-	mount_mirrors();
-	link_busybox();
-
-	// Merge images
-	if (merge_img("/cache/magisk.img", MAINIMG)) {
-		LOGE("Image merge %s -> %s failed!\n", "/cache/magisk.img", MAINIMG);
-		goto unblock;
-	}
-	if (merge_img("/data/magisk_merge.img", MAINIMG)) {
-		LOGE("Image merge %s -> %s failed!\n", "/data/magisk_merge.img", MAINIMG);
-		goto unblock;
-	}
+	// Initialize
+	if (!is_daemon_init)
+		daemon_init();

 	// uninstaller
 	if (access(UNINSTALLER, F_OK) == 0) {
@@ -586,7 +523,7 @@ void post_fs_data(int client) {
 		return;
 	}

-	// Trim, mount magisk.img, which will also travel through the modules
+	// Merge, trim, mount magisk.img, which will also travel through the modules
 	// After this, it will create the module list
 	if (prepare_img())
 		goto core_only; // Mounting fails, we can only do core only stuffs
@@ -638,7 +575,7 @@ void post_fs_data(int client) {
 		if (access(buf, F_OK) == 0) {
 			snprintf(buf2, PATH_MAX, "%s/%s/vendor", MOUNTPOINT, module);
 			unlink(buf2);
-			symlink(buf, buf2);
+			xsymlink(buf, buf2);
 		}
 		construct_tree(module, sys_root);
 	}
@@ -654,7 +591,7 @@ void post_fs_data(int client) {
 				child->name = strdup("vendor");
 				child->status = 0;
 				// Swap!
-				vec_entry(sys_root->children)[_] = child;
+				vec_cur(sys_root->children) = child;
 				ven_root->parent = NULL;
 				break;
 			}
@@ -676,14 +613,7 @@ core_only:
 		bind_mount(HOSTSFILE, "/system/etc/hosts");
 	}

-	// Enable magiskhide by default, only disable when set explicitly
-	char *hide_prop = getprop(MAGISKHIDE_PROP);
-	if (hide_prop == NULL || strcmp(hide_prop, "0") != 0) {
-		pthread_t thread;
-		xpthread_create(&thread, NULL, start_magisk_hide, NULL);
-		pthread_detach(thread);
-	}
-	free(hide_prop);
+	auto_start_magiskhide();

 unblock:
 	unblock_boot_process();
@@ -700,7 +630,8 @@ void late_start(int client) {
 	if (buf2 == NULL) buf2 = xmalloc(PATH_MAX);

 	// Wait till the full patch is done
-	pthread_join(sepol_patch, NULL);
+	wait_till_exists(PATCHDONE);
+	unlink(PATCHDONE);

 	// Run scripts after full patch, most reliable way to run scripts
 	LOGI("* Running service.d scripts\n");
@@ -716,23 +647,30 @@ void late_start(int client) {
 core_only:
 	// Install Magisk Manager if exists
 	if (access(MANAGERAPK, F_OK) == 0) {
+		rename(MANAGERAPK, "/data/magisk.apk");
+		setfilecon("/data/magisk.apk", "u:object_r:su_file:s0");
 		while (1) {
 			sleep(5);
 			int apk_res = -1, pid;
 			pid = exec_command(1, &apk_res, pm_setenv,
 				"app_process",
 				"/system/bin", "com.android.commands.pm.Pm",
-				"install", "-r", MANAGERAPK, NULL);
+				"install", "-r", "/data/magisk.apk", NULL);
 			if (pid != -1) {
+				int err = 0;
+				while (fdgets(buf, PATH_MAX, apk_res) > 0) {
+					LOGD("apk_install: %s", buf);
+					err |= strstr(buf, "Error:") != NULL;
+				}
 				waitpid(pid, NULL, 0);
-				fdgets(buf, PATH_MAX, apk_res);
 				close(apk_res);
 				// Keep trying until pm is started
-				if (strstr(buf, "Error:") == NULL)
-					break;
+				if (err)
+					continue;
+				break;
 			}
 		}
-		unlink(MANAGERAPK);
+		unlink("/data/magisk.apk");
 	}

 	// All boot stage done, cleanup everything
@@ -741,9 +679,5 @@ core_only:
 	buf = buf2 = NULL;
 	vec_deep_destroy(&module_list);

-#ifdef MAGISK_DEBUG
-	// Stop recording the boot logcat after every boot task is done
-	kill(debug_log_pid, SIGTERM);
-	waitpid(debug_log_pid, NULL, 0);
-#endif
+	stop_debug_full_log();
 }
--- a/native/jni/core/daemon.c
+++ b/native/jni/core/daemon.c
@@ -0,0 +1,321 @@
+/* daemon.c - Magisk Daemon
+ *
+ * Start the daemon and wait for requests
+ * Connect the daemon and send requests through sockets
+ */
+
+#include <stdlib.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include <pthread.h>
+#include <signal.h>
+#include <sys/un.h>
+#include <sys/types.h>
+#include <sys/mount.h>
+#include <selinux/selinux.h>
+
+#include "magisk.h"
+#include "utils.h"
+#include "daemon.h"
+#include "resetprop.h"
+
+int is_daemon_init = 0, seperate_vendor = 0;
+
+static void *request_handler(void *args) {
+	int client = *((int *) args);
+	free(args);
+	int req = read_int(client);
+
+	struct ucred credential;
+	get_client_cred(client, &credential);
+
+	switch (req) {
+	case LAUNCH_MAGISKHIDE:
+	case STOP_MAGISKHIDE:
+	case ADD_HIDELIST:
+	case RM_HIDELIST:
+	case LS_HIDELIST:
+	case POST_FS:
+	case POST_FS_DATA:
+	case LATE_START:
+		if (credential.uid != 0) {
+			write_int(client, ROOT_REQUIRED);
+			close(client);
+			return NULL;
+		}
+	default:
+		break;
+	}
+
+	switch (req) {
+	case LAUNCH_MAGISKHIDE:
+		launch_magiskhide(client);
+		break;
+	case STOP_MAGISKHIDE:
+		stop_magiskhide(client);
+		break;
+	case ADD_HIDELIST:
+		add_hide_list(client);
+		break;
+	case RM_HIDELIST:
+		rm_hide_list(client);
+		break;
+	case LS_HIDELIST:
+		ls_hide_list(client);
+		break;
+	case SUPERUSER:
+		su_daemon_receiver(client, &credential);
+		break;
+	case CHECK_VERSION:
+		write_string(client, MAGISK_VER_STR);
+		close(client);
+		break;
+	case CHECK_VERSION_CODE:
+		write_int(client, MAGISK_VER_CODE);
+		close(client);
+		break;
+	case POST_FS:
+		post_fs(client);
+		break;
+	case POST_FS_DATA:
+		post_fs_data(client);
+		break;
+	case LATE_START:
+		late_start(client);
+		break;
+	default:
+		break;
+	}
+	return NULL;
+}
+
+
+static void *start_magisk_hide(void *args) {
+	launch_magiskhide(-1);
+	return NULL;
+}
+
+void auto_start_magiskhide() {
+	char *hide_prop = getprop2(MAGISKHIDE_PROP, 1);
+	if (hide_prop == NULL || strcmp(hide_prop, "0") != 0) {
+		pthread_t thread;
+		xpthread_create(&thread, NULL, start_magisk_hide, NULL);
+		pthread_detach(thread);
+	}
+	free(hide_prop);
+}
+
+void daemon_init() {
+	is_daemon_init = 1;
+
+	 // Magisk binaries
+	char *bin_path = NULL;
+	if (access("/cache/data_bin", F_OK) == 0)
+		bin_path = "/cache/data_bin";
+	else if (access("/data/data/com.topjohnwu.magisk/install", F_OK) == 0)
+		bin_path = "/data/data/com.topjohnwu.magisk/install";
+	else if (access("/data/user_de/0/com.topjohnwu.magisk/install", F_OK) == 0)
+		bin_path = "/data/user_de/0/com.topjohnwu.magisk/install";
+	if (bin_path) {
+		rm_rf(DATABIN);
+		cp_afc(bin_path, DATABIN);
+		rm_rf(bin_path);
+	}
+
+	// Migration
+	rm_rf("/data/magisk");
+	unlink("/data/magisk.img");
+	unlink("/data/magisk_debug.log");
+	chmod("/data/adb", 0700);
+
+	LOGI("* Creating /sbin overlay");
+	DIR *dir;
+	struct dirent *entry;
+	int root, sbin;
+	char buf[PATH_MAX], buf2[PATH_MAX];
+	char magisk_name[10], init_name[10];
+
+	// Setup links under /sbin
+	xmount(NULL, "/", NULL, MS_REMOUNT, NULL);
+	xmkdir("/root", 0755);
+	chmod("/root", 0755);
+	root = xopen("/root", O_RDONLY | O_CLOEXEC);
+	sbin = xopen("/sbin", O_RDONLY | O_CLOEXEC);
+	link_dir(sbin, root);
+	unlink("/sbin/magisk");
+	close(sbin);
+
+	xmount("tmpfs", "/sbin", "tmpfs", 0, NULL);
+	chmod("/sbin", 0755);
+	setfilecon("/sbin", "u:object_r:rootfs:s0");
+	dir = xfdopendir(root);
+	while((entry = xreaddir(dir))) {
+		if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0) continue;
+		snprintf(buf, PATH_MAX, "/root/%s", entry->d_name);
+		snprintf(buf2, PATH_MAX, "/sbin/%s", entry->d_name);
+		xsymlink(buf, buf2);
+	}
+
+	gen_rand_str(magisk_name, sizeof(magisk_name));
+	snprintf(buf, PATH_MAX, "/root/%s", magisk_name);
+	unlink("/sbin/magisk");
+	rename("/root/magisk", buf);
+	xsymlink(buf, "/sbin/magisk");
+	for (int i = 0; applet[i]; ++i) {
+		snprintf(buf2, PATH_MAX, "/sbin/%s", applet[i]);
+		xsymlink(buf, buf2);
+	}
+
+	gen_rand_str(init_name, sizeof(init_name));
+	snprintf(buf, PATH_MAX, "/root/%s", init_name);
+	unlink("/sbin/magiskinit");
+	rename("/root/magiskinit", buf);
+	for (int i = 0; init_applet[i]; ++i) {
+		snprintf(buf2, PATH_MAX, "/sbin/%s", init_applet[i]);
+		xsymlink(buf, buf2);
+	}
+
+	close(root);
+
+	// Backward compatibility
+	xsymlink(DATABIN, "/data/magisk");
+	xsymlink(MAINIMG, "/data/magisk.img");
+	xsymlink(MOUNTPOINT, "/magisk");
+
+	xmount(NULL, "/", NULL, MS_REMOUNT | MS_RDONLY, NULL);
+
+	LOGI("* Mounting mirrors");
+	struct vector mounts;
+	vec_init(&mounts);
+	file_to_vector("/proc/mounts", &mounts);
+	char *line;
+	int skip_initramfs = 0;
+	// Check whether skip_initramfs device
+	vec_for_each(&mounts, line) {
+		if (strstr(line, " /system_root ")) {
+			xmkdirs(MIRRDIR "/system", 0755);
+			bind_mount("/system_root/system", MIRRDIR "/system");
+			skip_initramfs = 1;
+			break;
+		}
+	}
+	vec_for_each(&mounts, line) {
+		if (!skip_initramfs && strstr(line, " /system ")) {
+			sscanf(line, "%s", buf);
+			xmkdirs(MIRRDIR "/system", 0755);
+			xmount(buf, MIRRDIR "/system", "ext4", MS_RDONLY, NULL);
+			#ifdef MAGISK_DEBUG
+				LOGI("mount: %s <- %s\n", MIRRDIR "/system", buf);
+			#else
+				LOGI("mount: %s\n", MIRRDIR "/system");
+			#endif
+		} else if (strstr(line, " /vendor ")) {
+			seperate_vendor = 1;
+			sscanf(line, "%s", buf);
+			xmkdirs(MIRRDIR "/vendor", 0755);
+			xmount(buf, MIRRDIR "/vendor", "ext4", MS_RDONLY, NULL);
+			#ifdef MAGISK_DEBUG
+				LOGI("mount: %s <- %s\n", MIRRDIR "/vendor", buf);
+			#else
+				LOGI("mount: %s\n", MIRRDIR "/vendor");
+			#endif
+		}
+		free(line);
+	}
+	vec_destroy(&mounts);
+	if (!seperate_vendor) {
+		xsymlink(MIRRDIR "/system/vendor", MIRRDIR "/vendor");
+		#ifdef MAGISK_DEBUG
+			LOGI("link: %s <- %s\n", MIRRDIR "/vendor", MIRRDIR "/system/vendor");
+		#else
+			LOGI("link: %s\n", MIRRDIR "/vendor");
+		#endif
+	}
+	xmkdirs(MIRRDIR "/bin", 0755);
+	bind_mount(DATABIN, MIRRDIR "/bin");
+
+	LOGI("* Setting up internal busybox");
+	xmkdirs(BBPATH, 0755);
+	exec_command_sync(MIRRDIR "/bin/busybox", "--install", "-s", BBPATH, NULL);
+	xsymlink(MIRRDIR "/bin/busybox", BBPATH "/busybox");
+}
+
+void start_daemon() {
+	setsid();
+	setcon("u:r:su:s0");
+	umask(0);
+	int fd = xopen("/dev/null", O_RDWR | O_CLOEXEC);
+	xdup2(fd, STDIN_FILENO);
+	xdup2(fd, STDOUT_FILENO);
+	xdup2(fd, STDERR_FILENO);
+	close(fd);
+
+	// Block user signals
+	sigset_t block_set;
+	sigemptyset(&block_set);
+	sigaddset(&block_set, SIGUSR1);
+	sigaddset(&block_set, SIGUSR2);
+	pthread_sigmask(SIG_SETMASK, &block_set, NULL);
+
+	struct sockaddr_un sun;
+	fd = setup_socket(&sun);
+
+	if (xbind(fd, (struct sockaddr*) &sun, sizeof(sun)))
+		exit(1);
+	xlisten(fd, 10);
+
+	// Start the log monitor
+	monitor_logs();
+
+	if ((is_daemon_init = (access(MAGISKTMP, F_OK) == 0))) {
+		// Restart stuffs if the daemon is restarted
+		exec_command_sync("logcat", "-b", "all", "-c", NULL);
+		auto_start_magiskhide();
+		start_debug_log();
+	} else if (check_data()) {
+		daemon_init();
+	}
+
+	LOGI("Magisk v" xstr(MAGISK_VERSION) "(" xstr(MAGISK_VER_CODE) ") daemon started\n");
+
+	// Change process name
+	strcpy(argv0, "magisk_daemon");
+
+	// Unlock all blocks for rw
+	unlock_blocks();
+
+	// Loop forever to listen for requests
+	while(1) {
+		int *client = xmalloc(sizeof(int));
+		*client = xaccept4(fd, NULL, NULL, SOCK_CLOEXEC);
+		pthread_t thread;
+		xpthread_create(&thread, NULL, request_handler, client);
+		// Detach the thread, we will never join it
+		pthread_detach(thread);
+	}
+}
+
+/* Connect the daemon, and return a socketfd */
+int connect_daemon() {
+	struct sockaddr_un sun;
+	int fd = setup_socket(&sun);
+	if (connect(fd, (struct sockaddr*) &sun, sizeof(sun))) {
+		// If we cannot access the daemon, we start a daemon in the child process if possible
+
+		if (getuid() != UID_ROOT || getgid() != UID_ROOT) {
+			fprintf(stderr, "No daemon is currently running!\n");
+			exit(1);
+		}
+
+		if (xfork() == 0) {
+			LOGD("client: connect fail, try launching new daemon process\n");
+			close(fd);
+			start_daemon();
+		}
+
+		while (connect(fd, (struct sockaddr*) &sun, sizeof(sun)))
+			usleep(10000);
+	}
+	return fd;
+}
--- a/native/jni/core/log_monitor.c
+++ b/native/jni/core/log_monitor.c
@@ -0,0 +1,211 @@
+/* log_monitor.c - New thread to monitor logcat
+ *
+ * A universal logcat monitor for many usages. Add listeners to the list,
+ * and the pointer of the new log line will be sent through pipes to trigger
+ * asynchronous events without polling
+ */
+
+#include <stdio.h>
+#include <pthread.h>
+#include <unistd.h>
+#include <sys/wait.h>
+
+#include "magisk.h"
+#include "utils.h"
+#include "resetprop.h"
+
+extern int is_daemon_init;
+int logd = 0;
+
+static int am_proc_start_filter(const char *log) {
+	return strstr(log, "am_proc_start") != NULL;
+}
+
+static int magisk_log_filter(const char *log) {
+	char *ss;
+	return (ss = strstr(log, " Magisk")) && (ss[-1] != 'D') && (ss[-1] != 'V');
+}
+
+static int magisk_debug_log_filter(const char *log) {
+	return strstr(log, "Magisk") != NULL;
+}
+
+struct log_listener log_events[] = {
+	{	/* HIDE_EVENT */
+		.fd = -1,
+		.filter = am_proc_start_filter
+	},
+	{	/* LOG_EVENT */
+		.fd = -1,
+		.filter = magisk_log_filter
+	},
+	{	/* DEBUG_EVENT */
+		.fd = -1,
+		.filter = magisk_debug_log_filter
+	}
+};
+
+#ifdef MAGISK_DEBUG
+static int debug_log_pid = -1, debug_log_fd = -1;
+#endif
+
+static void check_logd() {
+	char *prop = getprop("init.svc.logd");
+	if (prop != NULL) {
+		free(prop);
+		logd = 1;
+	} else {
+		LOGD("log_monitor: logd not started, disable logging");
+		logd = 0;
+	}
+}
+
+static void *logger_thread(void *args) {
+	int log_fd = -1, log_pid;
+	char line[4096];
+
+	LOGD("log_monitor: logger start");
+
+	while (1) {
+		if (!logd) {
+			// Disable all services
+			for (int i = 0; i < (sizeof(log_events) / sizeof(struct log_listener)); ++i) {
+				close(log_events[i].fd);
+				log_events[i].fd = -1;
+			}
+			return NULL;
+		}
+
+		// Start logcat
+		log_pid = exec_command(0, &log_fd, NULL, "logcat", "-b", "events", "-b", "main", "-v", "threadtime", "-s", "am_proc_start", "-s", "Magisk", NULL);
+		while (fdgets(line, sizeof(line), log_fd)) {
+			for (int i = 0; i < (sizeof(log_events) / sizeof(struct log_listener)); ++i) {
+				if (log_events[i].fd > 0 && log_events[i].filter(line)) {
+					char *s = strdup(line);
+					xwrite(log_events[i].fd, &s, sizeof(s));
+				}
+			}
+			if (kill(log_pid, 0))
+				break;
+		}
+
+		// Cleanup
+		close(log_fd);
+		log_fd = -1;
+		kill(log_pid, SIGTERM);
+		waitpid(log_pid, NULL, 0);
+
+		// Clear buffer before restart
+		exec_command_sync("logcat", "-b", "events", "-b", "main", "-c", NULL);
+
+		check_logd();
+	}
+
+	// Should never be here, but well...
+	return NULL;
+}
+
+static void *magisk_log_thread(void *args) {
+	// Buffer logs before we have data access
+	struct vector logs;
+	vec_init(&logs);
+
+	int pipefd[2];
+	if (xpipe2(pipefd, O_CLOEXEC) == -1)
+		return NULL;
+
+	// Register our listener
+	log_events[LOG_EVENT].fd = pipefd[1];
+
+	LOGD("log_monitor: magisk log dumper start");
+
+	FILE *log = NULL;
+	for (char *line; xxread(pipefd[0], &line, sizeof(line)) > 0; free(line)) {
+		if (!is_daemon_init) {
+			vec_push_back(&logs, strdup(line));
+		} else {
+			if (log == NULL) {
+				// Dump buffered logs to file
+				log = xfopen(LOGFILE, "w");
+				setbuf(log, NULL);
+				char *tmp;
+				vec_for_each(&logs, tmp) {
+					fprintf(log, "%s", tmp);
+					free(tmp);
+				}
+				vec_destroy(&logs);
+			}
+			fprintf(log, "%s", line);
+		}
+	}
+	return NULL;
+}
+
+static void *debug_magisk_log_thread(void *args) {
+	FILE *log = xfopen(DEBUG_LOG, "a");
+	setbuf(log, NULL);
+	int pipefd[2];
+	if (xpipe2(pipefd, O_CLOEXEC) == -1)
+		return NULL;
+
+	LOGD("log_monitor: debug log dumper start");
+
+	// Register our listener
+	log_events[DEBUG_EVENT].fd = pipefd[1];
+
+	for (char *line; xxread(pipefd[0], &line, sizeof(line)) > 0; free(line))
+		fprintf(log, "%s", line);
+
+	return NULL;
+}
+
+/* Start new threads to monitor logcat and dump to logfile */
+void monitor_logs() {
+	pthread_t thread;
+
+	check_logd();
+
+	if (logd) {
+		// Start log file dumper before monitor
+		xpthread_create(&thread, NULL, magisk_log_thread, NULL);
+		pthread_detach(thread);
+
+		// Start logcat monitor
+		xpthread_create(&thread, NULL, logger_thread, NULL);
+		pthread_detach(thread);
+	}
+}
+
+void start_debug_full_log() {
+#ifdef MAGISK_DEBUG
+	if (logd) {
+		// Log everything initially
+		debug_log_fd = xopen(DEBUG_LOG, O_WRONLY | O_CREAT | O_CLOEXEC | O_TRUNC, 0644);
+		debug_log_pid = exec_command(0, &debug_log_fd, NULL, "logcat", "-v", "threadtime", NULL);
+		close(debug_log_fd);
+	}
+#endif
+}
+
+void stop_debug_full_log() {
+#ifdef MAGISK_DEBUG
+	// Stop recording the boot logcat after every boot task is done
+	if (debug_log_pid > 0) {
+		kill(debug_log_pid, SIGTERM);
+		waitpid(debug_log_pid, NULL, 0);
+		// Start debug thread
+		start_debug_log();
+	}
+#endif
+}
+
+void start_debug_log() {
+#ifdef MAGISK_DEBUG
+	if (logd) {
+		pthread_t thread;
+		// Start debug thread
+		xpthread_create(&thread, NULL, debug_magisk_log_thread, NULL);
+		pthread_detach(thread);
+	}
+#endif
+}
--- a/native/jni/core/magisk.c
+++ b/native/jni/core/magisk.c
@@ -3,6 +3,8 @@

 #include <stdlib.h>
 #include <stdio.h>
+#include <unistd.h>
+#include <libgen.h>

 #include "utils.h"
 #include "magisk.h"
@@ -10,66 +12,64 @@

 char *argv0;

-char *applet[] =
-	{ "su", "resetprop", "magiskpolicy", "supolicy", "sepolicy-inject", "magiskhide", NULL };
+int (*applet_main[]) (int, char *[]) = { su_client_main, resetprop_main, magiskhide_main, NULL };

-int (*applet_main[]) (int, char *[]) =
-	{ su_client_main, resetprop_main, magiskpolicy_main, magiskpolicy_main, magiskpolicy_main, magiskhide_main, NULL };
-
-// Global error hander function
-// Should be changed each thread/process
-__thread void (*err_handler)(void);
+int create_links(const char *bin, const char *path) {
+	char self[PATH_MAX], linkpath[PATH_MAX];
+	if (bin == NULL) {
+		xreadlink("/proc/self/exe", self, sizeof(self));
+		bin = self;
+	}
+	int ret = 0;
+	for (int i = 0; applet[i]; ++i) {
+		snprintf(linkpath, sizeof(linkpath), "%s/%s", path, applet[i]);
+		unlink(linkpath);
+		ret |= symlink(bin, linkpath);
+	}
+	return ret;
+}

 static void usage() {
 	fprintf(stderr,
 		"Magisk v" xstr(MAGISK_VERSION) "(" xstr(MAGISK_VER_CODE) ") (by topjohnwu) multi-call binary\n"
 		"\n"
 		"Usage: %s [applet [arguments]...]\n"
-		"   or: %s --install [SOURCE] DIR\n"
-		"       if SOURCE not provided, will link itself\n"
-		"   or: %s --list\n"
-		"   or: %s --createimg IMG SIZE\n"
-		"       create ext4 image, SIZE is interpreted in MB\n"
-		"   or: %s --imgsize IMG\n"
-		"   or: %s --resizeimg IMG SIZE\n"
-		"       SIZE is interpreted in MB\n"
-		"   or: %s --mountimg IMG PATH\n"
-		"       mount IMG to PATH and prints the loop device\n"
-		"   or: %s --umountimg PATH LOOP\n"
-		"   or: %s --[boot stage]\n"
-		"       start boot stage service\n"
-		"   or: %s [options]\n"
-		"   or: applet [arguments]...\n"
-		"\n"
-		"Supported boot stages:\n"
-		"   post-fs, post-fs-data, service\n"
+		"   or: %s [options]...\n"
 		"\n"
 		"Options:\n"
-		"   -c          print client version\n"
-		"   -v          print daemon version\n"
-		"   -V          print daemon version code\n"
+		"   -c                        print current binary version\n"
+		"   -v                        print running daemon version\n"
+		"   -V                        print running daemon version code\n"
+		"   --list                    list all available applets\n"
+		"   --install [SOURCE] DIR    symlink all applets to DIR. SOURCE is optional\n"
+		"   --createimg IMG SIZE      create ext4 image. SIZE is interpreted in MB\n"
+		"   --imgsize IMG             report ext4 image used/total size\n"
+		"   --resizeimg IMG SIZE      resize ext4 image. SIZE is interpreted in MB\n"
+		"   --mountimg IMG PATH       mount IMG to PATH and prints the loop device\n"
+		"   --umountimg PATH LOOP     unmount PATH and delete LOOP device\n"
+		"   --[init service]          start init service\n"
+		"   --unlock-blocks           set BLKROSET flag to OFF for all block devices\n"
+		"   --restorecon              fix selinux context on Magisk files and folders\n"
+		"   --clone-attr SRC DEST     clone permission, owner, and selinux context\n"
+		"\n"
+		"Supported init services:\n"
+		"   daemon, post-fs, post-fs-data, service\n"
 		"\n"
 		"Supported applets:\n"
-	, argv0, argv0, argv0, argv0, argv0, argv0, argv0, argv0, argv0, argv0);
+	, argv0, argv0);

-	for (int i = 0; applet[i]; ++i) {
+	for (int i = 0; applet[i]; ++i)
 		fprintf(stderr, i ? ", %s" : "    %s", applet[i]);
-	}
-	fprintf(stderr, "\n");
+	fprintf(stderr, "\n\n");
 	exit(1);
 }

 int main(int argc, char *argv[]) {
 	argv0 = argv[0];
-	// Exit the whole app if error occurs by default
-	err_handler = exit_proc;
-	char * arg = strrchr(argv[0], '/');
-	if (arg) ++arg;
-	else arg = argv[0];
-	if (strcmp(arg, "magisk") == 0) {
+	if (strcmp(basename(argv[0]), "magisk") == 0) {
 		if (argc < 2) usage();
 		if (strcmp(argv[1], "-c") == 0) {
-			printf("%s\n", MAGISK_VER_STR);
+			printf("%s (%d)\n", MAGISK_VER_STR, MAGISK_VER_CODE);
 			return 0;
 		} else if (strcmp(argv[1], "-v") == 0) {
 			int fd = connect_daemon();
@@ -133,6 +133,20 @@ int main(int argc, char *argv[]) {
 			if (argc < 4) usage();
 			umount_image(argv[2], argv[3]);
 			return 0;
+		} else if (strcmp(argv[1], "--unlock-blocks") == 0) {
+			unlock_blocks();
+			return 0;
+		} else if (strcmp(argv[1], "--restorecon") == 0) {
+			fix_filecon();
+			return 0;
+		} else if (strcmp(argv[1], "--clone-attr") == 0) {
+			if (argc < 4) usage();
+			clone_attr(argv[2], argv[3]);
+			return 0;
+		} else if (strcmp(argv[1], "--daemon") == 0) {
+			if (xfork() == 0)
+				start_daemon();
+			return 0;
 		} else if (strcmp(argv[1], "--post-fs") == 0) {
 			int fd = connect_daemon();
 			write_int(fd, POST_FS);
@@ -149,16 +163,15 @@ int main(int argc, char *argv[]) {
 			// It's calling applets
 			--argc;
 			++argv;
-			arg = argv[0];
 		}
 	}

 	// Applets
 	for (int i = 0; applet[i]; ++i) {
-		if (strcmp(arg, applet[i]) == 0)
+		if (strcmp(basename(argv[0]), applet[i]) == 0)
 			return (*applet_main[i])(argc, argv);
 	}

-	fprintf(stderr, "%s: applet not found\n", arg);
+	fprintf(stderr, "%s: applet not found\n", basename(argv[0]));
 	return 1;
 }
--- a/native/jni/core/magiskinit.c
+++ b/native/jni/core/magiskinit.c
@@ -0,0 +1,543 @@
+/* magiskinit.c - Pre-init Magisk support
+ *
+ * This code has to be compiled statically to work properly.
+ *
+ * To unify Magisk support for both legacy "normal" devices and new skip_initramfs devices,
+ * magisk binary compilation is split into two parts - first part only compiles "magisk".
+ * The python build script will load the magisk main binary and compress with lzma2, dumping
+ * the results into "dump.h". The "magisk" binary is embedded into this binary, and will
+ * get extracted to the overlay folder along with init.magisk.rc.
+ *
+ * This tool does all pre-init operations to setup a Magisk environment, which pathces rootfs
+ * on the fly, providing fundamental support such as init, init.rc, and sepolicy patching.
+ *
+ * Magiskinit is also responsible for constructing a proper rootfs on skip_initramfs devices.
+ * On skip_initramfs devices, it will parse kernel cmdline, mount sysfs, parse through
+ * uevent files to make the system (or vendor if available) block device node, then copy
+ * rootfs files from system.
+ *
+ * This tool will be replaced with the real init to continue the boot process, but hardlinks are
+ * preserved as it also provides CLI for sepolicy patching (magiskpolicy)
+ */
+
+
+#define _GNU_SOURCE
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <dirent.h>
+#include <fcntl.h>
+#include <libgen.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/mount.h>
+#include <sys/mman.h>
+#include <sys/sendfile.h>
+#include <sys/sysmacros.h>
+
+#include <lzma.h>
+#include <cil/cil.h>
+
+#include "dump.h"
+#include "magiskrc.h"
+#include "utils.h"
+#include "magiskpolicy.h"
+#include "daemon.h"
+#include "cpio.h"
+#include "magisk.h"
+
+#ifdef MAGISK_DEBUG
+#define VLOG(fmt, ...) printf(fmt, __VA_ARGS__)
+#else
+#define VLOG(fmt, ...)
+#endif
+
+extern policydb_t *policydb;
+int (*init_applet_main[]) (int, char *[]) = { magiskpolicy_main, magiskpolicy_main, NULL };
+static char RAND_SOCKET_NAME[sizeof(SOCKET_NAME)];
+static int SOCKET_OFF = -1;
+
+struct cmdline {
+	char skip_initramfs;
+	char slot[3];
+};
+
+struct device {
+	dev_t major;
+	dev_t minor;
+	char devname[32];
+	char partname[32];
+	char path[64];
+};
+
+static void parse_cmdline(struct cmdline *cmd) {
+	// cleanup
+	memset(cmd, 0, sizeof(&cmd));
+
+	char cmdline[4096];
+	mkdir("/proc", 0555);
+	xmount("proc", "/proc", "proc", 0, NULL);
+	int fd = open("/proc/cmdline", O_RDONLY | O_CLOEXEC);
+	cmdline[read(fd, cmdline, sizeof(cmdline))] = '\0';
+	close(fd);
+	umount("/proc");
+	for (char *tok = strtok(cmdline, " "); tok; tok = strtok(NULL, " ")) {
+		if (strncmp(tok, "androidboot.slot_suffix", 23) == 0) {
+			sscanf(tok, "androidboot.slot_suffix=%s", cmd->slot);
+		} else if (strncmp(tok, "androidboot.slot", 16) == 0) {
+			cmd->slot[0] = '_';
+			sscanf(tok, "androidboot.slot=%c", cmd->slot + 1);
+		} else if (strcmp(tok, "skip_initramfs") == 0) {
+			cmd->skip_initramfs = 1;
+		}
+	}
+
+	VLOG("cmdline: skip_initramfs[%d] slot[%s]\n", cmd->skip_initramfs, cmd->slot);
+}
+
+static void parse_device(struct device *dev, char *uevent) {
+	dev->partname[0] = '\0';
+	char *tok;
+	tok = strtok(uevent, "\n");
+	while (tok != NULL) {
+		if (strncmp(tok, "MAJOR", 5) == 0) {
+			sscanf(tok, "MAJOR=%ld", (long*) &dev->major);
+		} else if (strncmp(tok, "MINOR", 5) == 0) {
+			sscanf(tok, "MINOR=%ld", (long*) &dev->minor);
+		} else if (strncmp(tok, "DEVNAME", 7) == 0) {
+			sscanf(tok, "DEVNAME=%s", dev->devname);
+		} else if (strncmp(tok, "PARTNAME", 8) == 0) {
+			sscanf(tok, "PARTNAME=%s", dev->partname);
+		}
+		tok = strtok(NULL, "\n");
+	}
+	VLOG("%s [%s] (%u, %u)\n", dev->devname, dev->partname, (unsigned) dev->major, (unsigned) dev->minor);
+}
+
+static int setup_block(struct device *dev, const char *partname) {
+	char buffer[1024], path[128];
+	struct dirent *entry;
+	DIR *dir = opendir("/sys/dev/block");
+	if (dir == NULL)
+		return 1;
+	int found = 0;
+	while ((entry = readdir(dir))) {
+		if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0)
+			continue;
+		snprintf(path, sizeof(path), "/sys/dev/block/%s/uevent", entry->d_name);
+		int fd = open(path, O_RDONLY | O_CLOEXEC);
+		ssize_t size = read(fd, buffer, sizeof(buffer));
+		buffer[size] = '\0';
+		close(fd);
+		parse_device(dev, buffer);
+		if (strcmp(dev->partname, partname) == 0) {
+			snprintf(dev->path, sizeof(dev->path), "/dev/block/%s", dev->devname);
+			found = 1;
+			break;
+		}
+	}
+	closedir(dir);
+
+	if (!found)
+		return 1;
+
+	mkdir("/dev", 0755);
+	mkdir("/dev/block", 0755);
+	mknod(dev->path, S_IFBLK | 0600, makedev(dev->major, dev->minor));
+	return 0;
+}
+
+static void patch_ramdisk() {
+	void *addr;
+	size_t size;
+	mmap_rw("/init", &addr, &size);
+	for (int i = 0; i < size; ++i) {
+		if (memcmp(addr + i, SPLIT_PLAT_CIL, sizeof(SPLIT_PLAT_CIL) - 1) == 0) {
+			memcpy(addr + i + sizeof(SPLIT_PLAT_CIL) - 4, "xxx", 3);
+			break;
+		}
+	}
+	munmap(addr, size);
+
+	full_read("/init.rc", &addr, &size);
+	patch_init_rc(&addr, &size);
+	int fd = creat("/init.rc", 0750);
+	write(fd, addr, size);
+	close(fd);
+	free(addr);
+}
+
+static int strend(const char *s1, const char *s2) {
+	size_t l1 = strlen(s1);
+	size_t l2 = strlen(s2);
+	return strcmp(s1 + l1 - l2, s2);
+}
+
+static int compile_cil() {
+	DIR *dir;
+	struct dirent *entry;
+	char path[128];
+
+	struct cil_db *db = NULL;
+	sepol_policydb_t *pdb = NULL;
+	void *addr;
+	size_t size;
+
+	cil_db_init(&db);
+	cil_set_mls(db, 1);
+	cil_set_multiple_decls(db, 1);
+	cil_set_disable_neverallow(db, 1);
+	cil_set_target_platform(db, SEPOL_TARGET_SELINUX);
+	cil_set_policy_version(db, POLICYDB_VERSION_XPERMS_IOCTL);
+	cil_set_attrs_expand_generated(db, 0);
+
+	// plat
+	mmap_ro(SPLIT_PLAT_CIL, &addr, &size);
+	VLOG("cil_add[%s]\n", SPLIT_PLAT_CIL);
+	cil_add_file(db, SPLIT_PLAT_CIL, addr, size);
+	munmap(addr, size);
+
+	// mapping
+	char plat[10];
+	int fd = open(SPLIT_NONPLAT_VER, O_RDONLY | O_CLOEXEC);
+	plat[read(fd, plat, sizeof(plat)) - 1] = '\0';
+	snprintf(path, sizeof(path), SPLIT_PLAT_MAPPING, plat);
+	mmap_ro(path, &addr, &size);
+	VLOG("cil_add[%s]\n", path);
+	cil_add_file(db, path, addr, size);
+	munmap(addr, size);
+	close(fd);
+
+	// nonplat
+	dir = opendir(NONPLAT_POLICY_DIR);
+	while ((entry = readdir(dir))) {
+		if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0)
+			continue;
+		if (strend(entry->d_name, ".cil") == 0) {
+			snprintf(path, sizeof(path), NONPLAT_POLICY_DIR "%s", entry->d_name);
+			mmap_ro(path, &addr, &size);
+			VLOG("cil_add[%s]\n", path);
+			cil_add_file(db, path, addr, size);
+			munmap(addr, size);
+		}
+	}
+	closedir(dir);
+
+	cil_compile(db);
+	cil_build_policydb(db, &pdb);
+	cil_db_destroy(&db);
+
+	policydb = &pdb->p;
+
+	return 0;
+}
+
+static int verify_precompiled() {
+	DIR *dir;
+	struct dirent *entry;
+	int fd;
+	char sys_sha[70], ven_sha[70];
+
+	// init the strings with different value
+	sys_sha[0] = 0;
+	ven_sha[0] = 1;
+
+	dir = opendir(NONPLAT_POLICY_DIR);
+	while ((entry = readdir(dir))) {
+		if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0)
+			continue;
+		if (strend(entry->d_name, ".sha256") == 0) {
+			fd = openat(dirfd(dir), entry->d_name, O_RDONLY | O_CLOEXEC);
+			ven_sha[read(fd, ven_sha, sizeof(ven_sha)) - 1] = '\0';
+			close(fd);
+			break;
+		}
+	}
+	closedir(dir);
+	dir = opendir(PLAT_POLICY_DIR);
+	while ((entry = readdir(dir))) {
+		if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0)
+			continue;
+		if (strend(entry->d_name, ".sha256") == 0) {
+			fd = openat(dirfd(dir), entry->d_name, O_RDONLY | O_CLOEXEC);
+			sys_sha[read(fd, sys_sha, sizeof(sys_sha)) - 1] = '\0';
+			close(fd);
+			break;
+		}
+	}
+	closedir(dir);
+	VLOG("sys_sha[%s]\nven_sha[%s]\n", sys_sha, ven_sha);
+	return strcmp(sys_sha, ven_sha) == 0;
+}
+
+static int patch_sepolicy() {
+	if (access("/sepolicy", R_OK) == 0)
+		load_policydb("/sepolicy");
+	else if (access(SPLIT_PRECOMPILE, R_OK) == 0 && verify_precompiled())
+		load_policydb(SPLIT_PRECOMPILE);
+	else if (access(SPLIT_PLAT_CIL, R_OK) == 0)
+		compile_cil();
+	else
+		return 1;
+
+	sepol_magisk_rules();
+	dump_policydb("/sepolicy");
+
+	// Remove the stupid debug sepolicy and use our own
+	if (access("/sepolicy_debug", F_OK) == 0) {
+		unlink("/sepolicy_debug");
+		link("/sepolicy", "/sepolicy_debug");
+	}
+
+	return 0;
+}
+
+#define BUFSIZE (1 << 20)
+
+static int unxz(const void *buf, size_t size, int fd) {
+	lzma_stream strm = LZMA_STREAM_INIT;
+	if (lzma_auto_decoder(&strm, UINT64_MAX, 0) != LZMA_OK)
+		return 1;
+	lzma_ret ret;
+	void *out = malloc(BUFSIZE);
+	strm.next_in = buf;
+	strm.avail_in = size;
+	do {
+		strm.next_out = out;
+		strm.avail_out = BUFSIZE;
+		ret = lzma_code(&strm, LZMA_RUN);
+		write(fd, out, BUFSIZE - strm.avail_out);
+	} while (strm.avail_out == 0 && ret == LZMA_OK);
+
+	free(out);
+	lzma_end(&strm);
+
+	if (ret != LZMA_OK && ret != LZMA_STREAM_END)
+		return 1;
+	return 0;
+}
+
+static int dump_magisk(const char *path, mode_t mode) {
+	unlink(path);
+	int fd = creat(path, mode);
+	int ret = unxz(magisk_dump, sizeof(magisk_dump), fd);
+	close(fd);
+	return ret;
+}
+
+static int dump_magiskrc(const char *path, mode_t mode) {
+	int fd = creat(path, mode);
+	write(fd, magiskrc, sizeof(magiskrc));
+	close(fd);
+	return 0;
+}
+
+static void patch_socket_name(const char *path) {
+	void *buf;
+	size_t size;
+	mmap_rw(path, &buf, &size);
+	if (SOCKET_OFF < 0) {
+		for (int i = 0; i < size; ++i) {
+			if (memcmp(buf + i, socket_name, sizeof(SOCKET_NAME)) == 0) {
+				SOCKET_OFF = i;
+				break;
+			}
+		}
+	}
+	gen_rand_str(RAND_SOCKET_NAME, sizeof(SOCKET_NAME));
+	memcpy(buf + SOCKET_OFF, RAND_SOCKET_NAME, sizeof(SOCKET_NAME));
+	munmap(buf, size);
+}
+
+static void magisk_init_daemon() {
+	setsid();
+
+	// Full patch
+	sepol_allow("su", ALL, ALL, ALL);
+
+	// Wait till init cold boot done
+	while (access("/dev/.coldboot_done", F_OK))
+		usleep(1);
+
+	int null = open("/dev/null", O_RDWR | O_CLOEXEC);
+	dup3(null, STDIN_FILENO, O_CLOEXEC);
+	dup3(null, STDOUT_FILENO, O_CLOEXEC);
+	dup3(null, STDERR_FILENO, O_CLOEXEC);
+	if (null > STDERR_FILENO)
+		close(null);
+
+	// Transit our context to su (mimic setcon)
+	int fd, crap;
+	fd = open("/proc/self/attr/current", O_WRONLY);
+	write(fd, "u:r:su:s0", 9);
+	close(fd);
+
+	// Dump full patch to kernel
+	dump_policydb(SELINUX_LOAD);
+	close(creat(PATCHDONE, 0));
+	destroy_policydb();
+
+	// Keep Magisk daemon always alive
+	while (1) {
+		struct sockaddr_un sun;
+		fd = setup_socket(&sun);
+		memcpy(sun.sun_path + 1, RAND_SOCKET_NAME, sizeof(SOCKET_NAME));
+		while (connect(fd, (struct sockaddr*) &sun, sizeof(sun)))
+			usleep(10000); /* Wait 10 ms after each try */
+
+		/* Should hold forever */
+		read(fd, &crap, sizeof(crap));
+
+		/* If things went here, it means the other side of the socket is closed
+		 * We restart the daemon again */
+		close(fd);
+		if (fork_dont_care() == 0) {
+			execv("/sbin/magisk", (char *[]) { "magisk", "--daemon", NULL } );
+			exit(1);
+		}
+	}
+}
+
+int main(int argc, char *argv[]) {
+	umask(0);
+
+	for (int i = 0; init_applet[i]; ++i) {
+		if (strcmp(basename(argv[0]), init_applet[i]) == 0)
+			return (*init_applet_main[i])(argc, argv);
+	}
+
+	if (argc > 1 && strcmp(argv[1], "-x") == 0) {
+		if (strcmp(argv[2], "magisk") == 0)
+			return dump_magisk(argv[3], 0755);
+		else if (strcmp(argv[2], "magiskrc") == 0)
+			return dump_magiskrc(argv[3], 0755);
+	}
+
+	// Prevent file descriptor confusion
+	mknod("/null", S_IFCHR | 0666, makedev(1, 3));
+	int null = open("/null", O_RDWR | O_CLOEXEC);
+	unlink("/null");
+	dup3(null, STDIN_FILENO, O_CLOEXEC);
+	dup3(null, STDOUT_FILENO, O_CLOEXEC);
+	dup3(null, STDERR_FILENO, O_CLOEXEC);
+	if (null > STDERR_FILENO)
+		close(null);
+
+	// Extract and link files
+	mkdir("/overlay", 0000);
+	dump_magiskrc("/overlay/init.magisk.rc", 0750);
+	mkdir("/overlay/sbin", 0755);
+	dump_magisk("/overlay/sbin/magisk", 0755);
+	patch_socket_name("/overlay/sbin/magisk");
+	mkdir("/overlay/root", 0755);
+	link("/init", "/overlay/root/magiskinit");
+
+	struct cmdline cmd;
+	parse_cmdline(&cmd);
+
+	/* ***********
+	 * Initialize
+	 * ***********/
+
+	int root = open("/", O_RDONLY | O_CLOEXEC);
+
+	if (cmd.skip_initramfs) {
+		// Clear rootfs
+		excl_list = (char *[]) { "overlay", ".backup", NULL };
+		frm_rf(root);
+	} else if (access("/ramdisk.cpio.xz", R_OK) == 0) {
+		// High compression mode
+		void *addr;
+		size_t size;
+		mmap_ro("/ramdisk.cpio.xz", &addr, &size);
+		int fd = creat("/ramdisk.cpio", 0);
+		unxz(addr, size, fd);
+		munmap(addr, size);
+		close(fd);
+		struct vector v;
+		vec_init(&v);
+		parse_cpio(&v, "/ramdisk.cpio");
+		excl_list = (char *[]) { "overlay", ".backup", NULL };
+		frm_rf(root);
+		chdir("/");
+		cpio_extract_all(&v);
+		cpio_vec_destroy(&v);
+	} else {
+		// Revert original init binary
+		unlink("/init");
+		link("/.backup/init", "/init");
+	}
+
+	/* ************
+	 * Early Mount
+	 * ************/
+
+	// If skip_initramfs or using split policies, we need early mount
+	if (cmd.skip_initramfs || access("/sepolicy", R_OK) != 0) {
+		char partname[32];
+		struct device dev;
+
+		// Mount sysfs
+		mkdir("/sys", 0755);
+		xmount("sysfs", "/sys", "sysfs", 0, NULL);
+
+		// Mount system
+		snprintf(partname, sizeof(partname), "system%s", cmd.slot);
+		setup_block(&dev, partname);
+		if (cmd.skip_initramfs) {
+			mkdir("/system_root", 0755);
+			xmount(dev.path, "/system_root", "ext4", MS_RDONLY, NULL);
+			int system_root = open("/system_root", O_RDONLY | O_CLOEXEC);
+
+			// Clone rootfs except /system
+			excl_list = (char *[]) { "system", NULL };
+			clone_dir(system_root, root);
+			close(system_root);
+
+			mkdir("/system", 0755);
+			xmount("/system_root/system", "/system", NULL, MS_BIND, NULL);
+		} else {
+			xmount(dev.path, "/system", "ext4", MS_RDONLY, NULL);
+		}
+
+		// Mount vendor
+		snprintf(partname, sizeof(partname), "vendor%s", cmd.slot);
+		if (setup_block(&dev, partname) == 0)
+			xmount(dev.path, "/vendor", "ext4", MS_RDONLY, NULL);
+	}
+
+	/* *************
+	 * Patch rootfs
+	 * *************/
+
+	// Only patch rootfs if not intended to run in recovery
+	if (access("/etc/recovery.fstab", F_OK) != 0) {
+		int overlay = open("/overlay", O_RDONLY | O_CLOEXEC);
+		mv_dir(overlay, root);
+		close(overlay);
+		rmdir("/overlay");
+
+		patch_ramdisk();
+		patch_sepolicy();
+
+		close(STDIN_FILENO);
+		close(STDOUT_FILENO);
+		close(STDERR_FILENO);
+
+		if (fork_dont_care() == 0) {
+			strcpy(argv[0], "magiskinit");
+			close(root);
+			magisk_init_daemon();
+		}
+	}
+
+	// Clean up
+	close(root);
+	if (!cmd.skip_initramfs)
+		umount("/system");
+	umount("/vendor");
+
+	// Finally, give control back!
+	execv("/init", argv);
+}
--- a/native/jni/core/socket.c
+++ b/native/jni/core/socket.c
@@ -0,0 +1,155 @@
+/* socket.c - All socket related operations
+ */
+
+#include <fcntl.h>
+
+#include "daemon.h"
+#include "logging.h"
+#include "utils.h"
+#include "magisk.h"
+
+char socket_name[] = SOCKET_NAME;
+
+/* Setup the address and return socket fd */
+int setup_socket(struct sockaddr_un *sun) {
+	int fd = xsocket(AF_LOCAL, SOCK_STREAM | SOCK_CLOEXEC, 0);
+	memset(sun, 0, sizeof(*sun));
+	sun->sun_family = AF_LOCAL;
+	sun->sun_path[0] = '\0';
+	memcpy(sun->sun_path + 1, socket_name, sizeof(SOCKET_NAME));
+	return fd;
+}
+
+
+/*
+ * Receive a file descriptor from a Unix socket.
+ * Contributed by @mkasick
+ *
+ * Returns the file descriptor on success, or -1 if a file
+ * descriptor was not actually included in the message
+ *
+ * On error the function terminates by calling exit(-1)
+ */
+int recv_fd(int sockfd) {
+	// Need to receive data from the message, otherwise don't care about it.
+	char iovbuf;
+
+	struct iovec iov = {
+		.iov_base = &iovbuf,
+		.iov_len  = 1,
+	};
+
+	char cmsgbuf[CMSG_SPACE(sizeof(int))];
+
+	struct msghdr msg = {
+		.msg_iov        = &iov,
+		.msg_iovlen     = 1,
+		.msg_control    = cmsgbuf,
+		.msg_controllen = sizeof(cmsgbuf),
+	};
+
+	xrecvmsg(sockfd, &msg, MSG_WAITALL);
+
+	// Was a control message actually sent?
+	switch (msg.msg_controllen) {
+	case 0:
+		// No, so the file descriptor was closed and won't be used.
+		return -1;
+	case sizeof(cmsgbuf):
+		// Yes, grab the file descriptor from it.
+		break;
+	default:
+		goto error;
+	}
+
+	struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg);
+
+	if (cmsg             == NULL                  ||
+		cmsg->cmsg_len   != CMSG_LEN(sizeof(int)) ||
+		cmsg->cmsg_level != SOL_SOCKET            ||
+		cmsg->cmsg_type  != SCM_RIGHTS) {
+error:
+		LOGE("unable to read fd");
+		exit(-1);
+	}
+
+	return *(int *)CMSG_DATA(cmsg);
+}
+
+/*
+ * Send a file descriptor through a Unix socket.
+ * Contributed by @mkasick
+ *
+ * On error the function terminates by calling exit(-1)
+ *
+ * fd may be -1, in which case the dummy data is sent,
+ * but no control message with the FD is sent.
+ */
+void send_fd(int sockfd, int fd) {
+	// Need to send some data in the message, this will do.
+	struct iovec iov = {
+		.iov_base = "",
+		.iov_len  = 1,
+	};
+
+	struct msghdr msg = {
+		.msg_iov        = &iov,
+		.msg_iovlen     = 1,
+	};
+
+	char cmsgbuf[CMSG_SPACE(sizeof(int))];
+
+	if (fd != -1) {
+		// Is the file descriptor actually open?
+		if (fcntl(fd, F_GETFD) == -1) {
+			if (errno != EBADF) {
+				PLOGE("unable to send fd");
+			}
+			// It's closed, don't send a control message or sendmsg will EBADF.
+		} else {
+			// It's open, send the file descriptor in a control message.
+			msg.msg_control    = cmsgbuf;
+			msg.msg_controllen = sizeof(cmsgbuf);
+
+			struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg);
+
+			cmsg->cmsg_len   = CMSG_LEN(sizeof(int));
+			cmsg->cmsg_level = SOL_SOCKET;
+			cmsg->cmsg_type  = SCM_RIGHTS;
+
+			*(int *)CMSG_DATA(cmsg) = fd;
+		}
+	}
+
+	xsendmsg(sockfd, &msg, 0);
+}
+
+int read_int(int fd) {
+	int val;
+	xxread(fd, &val, sizeof(int));
+	return val;
+}
+
+void write_int(int fd, int val) {
+	if (fd < 0) return;
+	xwrite(fd, &val, sizeof(int));
+}
+
+char* read_string(int fd) {
+	int len = read_int(fd);
+	if (len > PATH_MAX || len < 0) {
+		LOGE("invalid string length %d", len);
+		exit(1);
+	}
+	char* val = xmalloc(sizeof(char) * (len + 1));
+	xxread(fd, val, len);
+	val[len] = '\0';
+	return val;
+}
+
+void write_string(int fd, const char* val) {
+	if (fd < 0) return;
+	int len = strlen(val);
+	write_int(fd, len);
+	xwrite(fd, val, len);
+}
--- a/native/jni/external/Android.mk
+++ b/native/jni/external/Android.mk
@@ -0,0 +1,172 @@
+LOCAL_PATH:= $(call my-dir)
+
+# libsqlite.so (stub)
+include $(CLEAR_VARS)
+LOCAL_MODULE:= libsqlite
+LOCAL_C_INCLUDES := $(EXT_PATH)/include
+LOCAL_SRC_FILES := stubs/sqlite3_stub.c
+include $(BUILD_SHARED_LIBRARY)
+
+# libselinux.so (stub)
+include $(CLEAR_VARS)
+LOCAL_MODULE:= libselinux
+LOCAL_C_INCLUDES := $(LIBSELINUX)
+LOCAL_SRC_FILES := stubs/selinux_stub.c
+include $(BUILD_SHARED_LIBRARY)
+
+# libmincrypt.a
+include $(CLEAR_VARS)
+LOCAL_MODULE:= libmincrypt
+LOCAL_C_INCLUDES := $(EXT_PATH)/include
+LOCAL_SRC_FILES := \
+	mincrypt/dsa_sig.c \
+	mincrypt/p256.c \
+	mincrypt/p256_ec.c \
+	mincrypt/p256_ecdsa.c \
+	mincrypt/rsa.c \
+	mincrypt/sha.c \
+	mincrypt/sha256.c
+include $(BUILD_STATIC_LIBRARY)
+
+# libfdt.a
+include $(CLEAR_VARS)
+LOCAL_MODULE:= libfdt
+LOCAL_C_INCLUDES := $(LIBFDT)
+LOCAL_SRC_FILES := \
+	dtc/libfdt/fdt.c \
+	dtc/libfdt/fdt_addresses.c \
+	dtc/libfdt/fdt_empty_tree.c \
+	dtc/libfdt/fdt_overlay.c \
+	dtc/libfdt/fdt_ro.c \
+	dtc/libfdt/fdt_rw.c \
+	dtc/libfdt/fdt_strerror.c \
+	dtc/libfdt/fdt_sw.c \
+	dtc/libfdt/fdt_wip.c
+include $(BUILD_STATIC_LIBRARY)
+
+# liblz4.a
+include $(CLEAR_VARS)
+LOCAL_MODULE := liblz4
+LOCAL_C_INCLUDES += $(LIBLZ4)
+LOCAL_SRC_FILES := \
+	lz4/lib/lz4.c \
+	lz4/lib/lz4frame.c \
+	lz4/lib/lz4hc.c \
+	lz4/lib/xxhash.c
+include $(BUILD_STATIC_LIBRARY)
+
+# libbz2.a
+include $(CLEAR_VARS)
+LOCAL_MODULE := libbz2
+LOCAL_C_INCLUDES += $(LIBBZ2)
+LOCAL_SRC_FILES := \
+	bzip2/blocksort.c  \
+	bzip2/huffman.c    \
+	bzip2/crctable.c   \
+	bzip2/randtable.c  \
+	bzip2/compress.c   \
+	bzip2/decompress.c \
+	bzip2/bzlib.c
+include $(BUILD_STATIC_LIBRARY)
+
+# liblzma.a
+include $(CLEAR_VARS)
+LOCAL_MODULE := liblzma
+LOCAL_C_INCLUDES += \
+	$(EXT_PATH)/include/xz_config \
+	$(EXT_PATH)/xz/src/common \
+	$(EXT_PATH)/xz/src/liblzma/api \
+	$(EXT_PATH)/xz/src/liblzma/check \
+	$(EXT_PATH)/xz/src/liblzma/common \
+	$(EXT_PATH)/xz/src/liblzma/delta \
+	$(EXT_PATH)/xz/src/liblzma/lz \
+	$(EXT_PATH)/xz/src/liblzma/lzma \
+	$(EXT_PATH)/xz/src/liblzma/rangecoder \
+	$(EXT_PATH)/xz/src/liblzma/simple \
+	$(EXT_PATH)/xz/src/liblzma
+LOCAL_SRC_FILES := \
+	xz/src/common/tuklib_cpucores.c \
+	xz/src/common/tuklib_exit.c \
+	xz/src/common/tuklib_mbstr_fw.c \
+	xz/src/common/tuklib_mbstr_width.c \
+	xz/src/common/tuklib_open_stdxxx.c \
+	xz/src/common/tuklib_physmem.c \
+	xz/src/common/tuklib_progname.c \
+	xz/src/liblzma/check/check.c \
+	xz/src/liblzma/check/crc32_fast.c \
+	xz/src/liblzma/check/crc32_table.c \
+	xz/src/liblzma/check/crc64_fast.c \
+	xz/src/liblzma/check/crc64_table.c \
+	xz/src/liblzma/check/sha256.c \
+	xz/src/liblzma/common/alone_decoder.c \
+	xz/src/liblzma/common/alone_encoder.c \
+	xz/src/liblzma/common/auto_decoder.c \
+	xz/src/liblzma/common/block_buffer_decoder.c \
+	xz/src/liblzma/common/block_buffer_encoder.c \
+	xz/src/liblzma/common/block_decoder.c \
+	xz/src/liblzma/common/block_encoder.c \
+	xz/src/liblzma/common/block_header_decoder.c \
+	xz/src/liblzma/common/block_header_encoder.c \
+	xz/src/liblzma/common/block_util.c \
+	xz/src/liblzma/common/common.c \
+	xz/src/liblzma/common/easy_buffer_encoder.c \
+	xz/src/liblzma/common/easy_decoder_memusage.c \
+	xz/src/liblzma/common/easy_encoder.c \
+	xz/src/liblzma/common/easy_encoder_memusage.c \
+	xz/src/liblzma/common/easy_preset.c \
+	xz/src/liblzma/common/filter_buffer_decoder.c \
+	xz/src/liblzma/common/filter_buffer_encoder.c \
+	xz/src/liblzma/common/filter_common.c \
+	xz/src/liblzma/common/filter_decoder.c \
+	xz/src/liblzma/common/filter_encoder.c \
+	xz/src/liblzma/common/filter_flags_decoder.c \
+	xz/src/liblzma/common/filter_flags_encoder.c \
+	xz/src/liblzma/common/hardware_cputhreads.c \
+	xz/src/liblzma/common/hardware_physmem.c \
+	xz/src/liblzma/common/index.c \
+	xz/src/liblzma/common/index_decoder.c \
+	xz/src/liblzma/common/index_encoder.c \
+	xz/src/liblzma/common/index_hash.c \
+	xz/src/liblzma/common/outqueue.c \
+	xz/src/liblzma/common/stream_buffer_decoder.c \
+	xz/src/liblzma/common/stream_buffer_encoder.c \
+	xz/src/liblzma/common/stream_decoder.c \
+	xz/src/liblzma/common/stream_encoder.c \
+	xz/src/liblzma/common/stream_encoder_mt.c \
+	xz/src/liblzma/common/stream_flags_common.c \
+	xz/src/liblzma/common/stream_flags_decoder.c \
+	xz/src/liblzma/common/stream_flags_encoder.c \
+	xz/src/liblzma/common/vli_decoder.c \
+	xz/src/liblzma/common/vli_encoder.c \
+	xz/src/liblzma/common/vli_size.c \
+	xz/src/liblzma/delta/delta_common.c \
+	xz/src/liblzma/delta/delta_decoder.c \
+	xz/src/liblzma/delta/delta_encoder.c \
+	xz/src/liblzma/lz/lz_decoder.c \
+	xz/src/liblzma/lz/lz_encoder.c \
+	xz/src/liblzma/lz/lz_encoder_mf.c \
+	xz/src/liblzma/lzma/fastpos_table.c \
+	xz/src/liblzma/lzma/fastpos_tablegen.c \
+	xz/src/liblzma/lzma/lzma2_decoder.c \
+	xz/src/liblzma/lzma/lzma2_encoder.c \
+	xz/src/liblzma/lzma/lzma_decoder.c \
+	xz/src/liblzma/lzma/lzma_encoder.c \
+	xz/src/liblzma/lzma/lzma_encoder_optimum_fast.c \
+	xz/src/liblzma/lzma/lzma_encoder_optimum_normal.c \
+	xz/src/liblzma/lzma/lzma_encoder_presets.c \
+	xz/src/liblzma/rangecoder/price_table.c \
+	xz/src/liblzma/rangecoder/price_tablegen.c \
+	xz/src/liblzma/simple/arm.c \
+	xz/src/liblzma/simple/armthumb.c \
+	xz/src/liblzma/simple/ia64.c \
+	xz/src/liblzma/simple/powerpc.c \
+	xz/src/liblzma/simple/simple_coder.c \
+	xz/src/liblzma/simple/simple_decoder.c \
+	xz/src/liblzma/simple/simple_encoder.c \
+	xz/src/liblzma/simple/sparc.c \
+	xz/src/liblzma/simple/x86.c
+LOCAL_CFLAGS += -DHAVE_CONFIG_H -std=c99
+include $(BUILD_STATIC_LIBRARY)
+
+# libsepol.a
+include $(SE_PATH)/libsepol/Android.mk
--- a/native/jni/external/busybox
+++ b/native/jni/external/busybox
--- a/native/jni/external/bzip2
+++ b/native/jni/external/bzip2
--- a/native/jni/external/dtc
+++ b/native/jni/external/dtc
--- a/native/jni/external/include/mincrypt/dsa_sig.h
+++ b/native/jni/external/include/mincrypt/dsa_sig.h
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2013 The Android Open Source Project
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *     * Neither the name of Google Inc. nor the names of its contributors may
+ *       be used to endorse or promote products derived from this software
+ *       without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+ * EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef SYSTEM_CORE_INCLUDE_MINCRYPT_DSA_SIG_H_
+#define SYSTEM_CORE_INCLUDE_MINCRYPT_DSA_SIG_H_
+
+#include "mincrypt/p256.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+// Returns 0 if input sig is not a valid ASN.1 sequence
+int dsa_sig_unpack(unsigned char* sig, int sig_len, p256_int* r_int, p256_int* s_int);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SYSTEM_CORE_INCLUDE_MINCRYPT_DSA_SIG_H_ */
--- a/native/jni/external/include/mincrypt/hash-internal.h
+++ b/native/jni/external/include/mincrypt/hash-internal.h
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2007 The Android Open Source Project
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *     * Neither the name of Google Inc. nor the names of its contributors may
+ *       be used to endorse or promote products derived from this software
+ *       without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+ * EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef SYSTEM_CORE_INCLUDE_MINCRYPT_HASH_INTERNAL_H_
+#define SYSTEM_CORE_INCLUDE_MINCRYPT_HASH_INTERNAL_H_
+
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif  // __cplusplus
+
+struct HASH_CTX;  // forward decl
+
+typedef struct HASH_VTAB {
+  void (* const init)(struct HASH_CTX*);
+  void (* const update)(struct HASH_CTX*, const void*, int);
+  const uint8_t* (* const final)(struct HASH_CTX*);
+  const uint8_t* (* const hash)(const void*, int, uint8_t*);
+  int size;
+} HASH_VTAB;
+
+typedef struct HASH_CTX {
+  const HASH_VTAB * f;
+  uint64_t count;
+  uint8_t buf[64];
+  uint32_t state[8];  // upto SHA2
+} HASH_CTX;
+
+#define HASH_init(ctx) (ctx)->f->init(ctx)
+#define HASH_update(ctx, data, len) (ctx)->f->update(ctx, data, len)
+#define HASH_final(ctx) (ctx)->f->final(ctx)
+#define HASH_hash(data, len, digest) (ctx)->f->hash(data, len, digest)
+#define HASH_size(ctx) (ctx)->f->size
+
+#ifdef __cplusplus
+}
+#endif  // __cplusplus
+
+#endif  // SYSTEM_CORE_INCLUDE_MINCRYPT_HASH_INTERNAL_H_
--- a/native/jni/external/include/mincrypt/p256.h
+++ b/native/jni/external/include/mincrypt/p256.h
@@ -0,0 +1,162 @@
+/*
+ * Copyright 2013 The Android Open Source Project
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *     * Neither the name of Google Inc. nor the names of its contributors may
+ *       be used to endorse or promote products derived from this software
+ *       without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+ * EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef SYSTEM_CORE_INCLUDE_MINCRYPT_LITE_P256_H_
+#define SYSTEM_CORE_INCLUDE_MINCRYPT_LITE_P256_H_
+
+// Collection of routines manipulating 256 bit unsigned integers.
+// Just enough to implement ecdsa-p256 and related algorithms.
+
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define P256_BITSPERDIGIT 32
+#define P256_NDIGITS 8
+#define P256_NBYTES 32
+
+typedef int p256_err;
+typedef uint32_t p256_digit;
+typedef int32_t p256_sdigit;
+typedef uint64_t p256_ddigit;
+typedef int64_t p256_sddigit;
+
+// Defining p256_int as struct to leverage struct assigment.
+typedef struct {
+  p256_digit a[P256_NDIGITS];
+} p256_int;
+
+extern const p256_int SECP256r1_n;  // Curve order
+extern const p256_int SECP256r1_p;  // Curve prime
+extern const p256_int SECP256r1_b;  // Curve param
+
+// Initialize a p256_int to zero.
+void p256_init(p256_int* a);
+
+// Clear a p256_int to zero.
+void p256_clear(p256_int* a);
+
+// Return bit. Index 0 is least significant.
+int p256_get_bit(const p256_int* a, int index);
+
+// b := a % MOD
+void p256_mod(
+    const p256_int* MOD,
+    const p256_int* a,
+    p256_int* b);
+
+// c := a * (top_b | b) % MOD
+void p256_modmul(
+    const p256_int* MOD,
+    const p256_int* a,
+    const p256_digit top_b,
+    const p256_int* b,
+    p256_int* c);
+
+// b := 1 / a % MOD
+// MOD best be SECP256r1_n
+void p256_modinv(
+    const p256_int* MOD,
+    const p256_int* a,
+    p256_int* b);
+
+// b := 1 / a % MOD
+// MOD best be SECP256r1_n
+// Faster than p256_modinv()
+void p256_modinv_vartime(
+    const p256_int* MOD,
+    const p256_int* a,
+    p256_int* b);
+
+// b := a << (n % P256_BITSPERDIGIT)
+// Returns the bits shifted out of most significant digit.
+p256_digit p256_shl(const p256_int* a, int n, p256_int* b);
+
+// b := a >> (n % P256_BITSPERDIGIT)
+void p256_shr(const p256_int* a, int n, p256_int* b);
+
+int p256_is_zero(const p256_int* a);
+int p256_is_odd(const p256_int* a);
+int p256_is_even(const p256_int* a);
+
+// Returns -1, 0 or 1.
+int p256_cmp(const p256_int* a, const p256_int *b);
+
+// c: = a - b
+// Returns -1 on borrow.
+int p256_sub(const p256_int* a, const p256_int* b, p256_int* c);
+
+// c := a + b
+// Returns 1 on carry.
+int p256_add(const p256_int* a, const p256_int* b, p256_int* c);
+
+// c := a + (single digit)b
+// Returns carry 1 on carry.
+int p256_add_d(const p256_int* a, p256_digit b, p256_int* c);
+
+// ec routines.
+
+// {out_x,out_y} := nG
+void p256_base_point_mul(const p256_int *n,
+                         p256_int *out_x,
+                         p256_int *out_y);
+
+// {out_x,out_y} := n{in_x,in_y}
+void p256_point_mul(const p256_int *n,
+                    const p256_int *in_x,
+                    const p256_int *in_y,
+                    p256_int *out_x,
+                    p256_int *out_y);
+
+// {out_x,out_y} := n1G + n2{in_x,in_y}
+void p256_points_mul_vartime(
+    const p256_int *n1, const p256_int *n2,
+    const p256_int *in_x, const p256_int *in_y,
+    p256_int *out_x, p256_int *out_y);
+
+// Return whether point {x,y} is on curve.
+int p256_is_valid_point(const p256_int* x, const p256_int* y);
+
+// Outputs big-endian binary form. No leading zero skips.
+void p256_to_bin(const p256_int* src, uint8_t dst[P256_NBYTES]);
+
+// Reads from big-endian binary form,
+// thus pre-pad with leading zeros if short.
+void p256_from_bin(const uint8_t src[P256_NBYTES], p256_int* dst);
+
+#define P256_DIGITS(x) ((x)->a)
+#define P256_DIGIT(x,y) ((x)->a[y])
+
+#define P256_ZERO {{0}}
+#define P256_ONE {{1}}
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif  // SYSTEM_CORE_INCLUDE_MINCRYPT_LITE_P256_H_
--- a/native/jni/external/include/mincrypt/p256_ecdsa.h
+++ b/native/jni/external/include/mincrypt/p256_ecdsa.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2013 The Android Open Source Project
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *     * Neither the name of Google Inc. nor the names of its contributors may
+ *       be used to endorse or promote products derived from this software
+ *       without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+ * EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef SYSTEM_CORE_INCLUDE_MINCRYPT_P256_ECDSA_H_
+#define SYSTEM_CORE_INCLUDE_MINCRYPT_P256_ECDSA_H_
+
+// Using current directory as relative include path here since
+// this code typically gets lifted into a variety of build systems
+// and directory structures.
+#include "p256.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+// Returns 0 if {r,s} is not a signature on message for
+// public key {key_x,key_y}.
+//
+// Note: message is a p256_int.
+// Convert from a binary string using p256_from_bin().
+int p256_ecdsa_verify(const p256_int* key_x,
+                      const p256_int* key_y,
+                      const p256_int* message,
+                      const p256_int* r, const p256_int* s);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif  // SYSTEM_CORE_INCLUDE_MINCRYPT_P256_ECDSA_H_
--- a/native/jni/external/include/mincrypt/rsa.h
+++ b/native/jni/external/include/mincrypt/rsa.h
@@ -0,0 +1,58 @@
+/* rsa.h
+**
+** Copyright 2008, The Android Open Source Project
+**
+** Redistribution and use in source and binary forms, with or without
+** modification, are permitted provided that the following conditions are met:
+**     * Redistributions of source code must retain the above copyright
+**       notice, this list of conditions and the following disclaimer.
+**     * Redistributions in binary form must reproduce the above copyright
+**       notice, this list of conditions and the following disclaimer in the
+**       documentation and/or other materials provided with the distribution.
+**     * Neither the name of Google Inc. nor the names of its contributors may
+**       be used to endorse or promote products derived from this software
+**       without specific prior written permission.
+**
+** THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
+** IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+** MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+** EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+** SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+** PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+** OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+** WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+** OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+** ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#ifndef SYSTEM_CORE_INCLUDE_MINCRYPT_RSA_H_
+#define SYSTEM_CORE_INCLUDE_MINCRYPT_RSA_H_
+
+#include <inttypes.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define RSANUMBYTES 256           /* 2048 bit key length */
+#define RSANUMWORDS (RSANUMBYTES / sizeof(uint32_t))
+
+typedef struct RSAPublicKey {
+    int len;                  /* Length of n[] in number of uint32_t */
+    uint32_t n0inv;           /* -1 / n[0] mod 2^32 */
+    uint32_t n[RSANUMWORDS];  /* modulus as little endian array */
+    uint32_t rr[RSANUMWORDS]; /* R^2 as little endian array */
+    int exponent;             /* 3 or 65537 */
+} RSAPublicKey;
+
+int RSA_verify(const RSAPublicKey *key,
+               const uint8_t* signature,
+               const int len,
+               const uint8_t* hash,
+               const int hash_len);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // SYSTEM_CORE_INCLUDE_MINCRYPT_RSA_H_
--- a/native/jni/external/include/mincrypt/sha.h
+++ b/native/jni/external/include/mincrypt/sha.h
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2005 The Android Open Source Project
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *     * Neither the name of Google Inc. nor the names of its contributors may
+ *       be used to endorse or promote products derived from this software
+ *       without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+ * EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef SYSTEM_CORE_INCLUDE_MINCRYPT_SHA1_H_
+#define SYSTEM_CORE_INCLUDE_MINCRYPT_SHA1_H_
+
+#include <stdint.h>
+#include "hash-internal.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif // __cplusplus
+
+typedef HASH_CTX SHA_CTX;
+
+void SHA_init(SHA_CTX* ctx);
+void SHA_update(SHA_CTX* ctx, const void* data, int len);
+const uint8_t* SHA_final(SHA_CTX* ctx);
+
+// Convenience method. Returns digest address.
+// NOTE: *digest needs to hold SHA_DIGEST_SIZE bytes.
+const uint8_t* SHA_hash(const void* data, int len, uint8_t* digest);
+
+#define SHA_DIGEST_SIZE 20
+
+#ifdef __cplusplus
+}
+#endif // __cplusplus
+
+#endif  // SYSTEM_CORE_INCLUDE_MINCRYPT_SHA1_H_
--- a/native/jni/external/include/mincrypt/sha256.h
+++ b/native/jni/external/include/mincrypt/sha256.h
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2011 The Android Open Source Project
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *     * Neither the name of Google Inc. nor the names of its contributors may
+ *       be used to endorse or promote products derived from this software
+ *       without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+ * EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef SYSTEM_CORE_INCLUDE_MINCRYPT_SHA256_H_
+#define SYSTEM_CORE_INCLUDE_MINCRYPT_SHA256_H_
+
+#include <stdint.h>
+#include "hash-internal.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif // __cplusplus
+
+typedef HASH_CTX SHA256_CTX;
+
+void SHA256_init(SHA256_CTX* ctx);
+void SHA256_update(SHA256_CTX* ctx, const void* data, int len);
+const uint8_t* SHA256_final(SHA256_CTX* ctx);
+
+// Convenience method. Returns digest address.
+const uint8_t* SHA256_hash(const void* data, int len, uint8_t* digest);
+
+#define SHA256_DIGEST_SIZE 32
+
+#ifdef __cplusplus
+}
+#endif // __cplusplus
+
+#endif  // SYSTEM_CORE_INCLUDE_MINCRYPT_SHA256_H_
--- a/native/jni/external/include/sha1.h
+++ b/native/jni/external/include/sha1.h
--- a/native/jni/external/include/sqlite3.h
+++ b/native/jni/external/include/sqlite3.h
--- a/native/jni/external/include/xz_config/config.h
+++ b/native/jni/external/include/xz_config/config.h
@@ -0,0 +1,498 @@
+/* config.h.  Generated from config.h.in by configure.  */
+/* config.h.in.  Generated from configure.ac by autoheader.  */
+
+/* Define if building universal (internal helper macro) */
+/* #undef AC_APPLE_UNIVERSAL_BUILD */
+
+/* How many MiB of RAM to assume if the real amount cannot be determined. */
+#define ASSUME_RAM 128
+
+/* Define to 1 if translation of program messages to the user's native
+   language is requested. */
+/* #undef ENABLE_NLS */
+
+/* Define to 1 if bswap_16 is available. */
+#define HAVE_BSWAP_16 1
+
+/* Define to 1 if bswap_32 is available. */
+#define HAVE_BSWAP_32 1
+
+/* Define to 1 if bswap_64 is available. */
+#define HAVE_BSWAP_64 1
+
+/* Define to 1 if you have the <byteswap.h> header file. */
+#define HAVE_BYTESWAP_H 1
+
+/* Define to 1 if Capsicum is available. */
+/* #undef HAVE_CAPSICUM */
+
+/* Define to 1 if the system has the type `CC_SHA256_CTX'. */
+/* #undef HAVE_CC_SHA256_CTX */
+
+/* Define to 1 if you have the `CC_SHA256_Init' function. */
+/* #undef HAVE_CC_SHA256_INIT */
+
+/* Define to 1 if you have the MacOS X function CFLocaleCopyCurrent in the
+   CoreFoundation framework. */
+/* #undef HAVE_CFLOCALECOPYCURRENT */
+
+/* Define to 1 if you have the MacOS X function CFPreferencesCopyAppValue in
+   the CoreFoundation framework. */
+/* #undef HAVE_CFPREFERENCESCOPYAPPVALUE */
+
+/* Define to 1 if crc32 integrity check is enabled. */
+#define HAVE_CHECK_CRC32 1
+
+/* Define to 1 if crc64 integrity check is enabled. */
+#define HAVE_CHECK_CRC64 1
+
+/* Define to 1 if sha256 integrity check is enabled. */
+#define HAVE_CHECK_SHA256 1
+
+/* Define to 1 if you have the `clock_gettime' function. */
+#define HAVE_CLOCK_GETTIME 1
+
+/* Define to 1 if you have the <CommonCrypto/CommonDigest.h> header file. */
+/* #undef HAVE_COMMONCRYPTO_COMMONDIGEST_H */
+
+/* Define if the GNU dcgettext() function is already present or preinstalled.
+   */
+/* #undef HAVE_DCGETTEXT */
+
+/* Define to 1 if you have the declaration of `CLOCK_MONOTONIC', and to 0 if
+   you don't. */
+#define HAVE_DECL_CLOCK_MONOTONIC 1
+
+/* Define to 1 if you have the declaration of `program_invocation_name', and
+   to 0 if you don't. */
+#define HAVE_DECL_PROGRAM_INVOCATION_NAME 0
+
+/* Define to 1 if any of HAVE_DECODER_foo have been defined. */
+#define HAVE_DECODERS 1
+
+/* Define to 1 if arm decoder is enabled. */
+#define HAVE_DECODER_ARM 1
+
+/* Define to 1 if armthumb decoder is enabled. */
+#define HAVE_DECODER_ARMTHUMB 1
+
+/* Define to 1 if delta decoder is enabled. */
+#define HAVE_DECODER_DELTA 1
+
+/* Define to 1 if ia64 decoder is enabled. */
+#define HAVE_DECODER_IA64 1
+
+/* Define to 1 if lzma1 decoder is enabled. */
+#define HAVE_DECODER_LZMA1 1
+
+/* Define to 1 if lzma2 decoder is enabled. */
+#define HAVE_DECODER_LZMA2 1
+
+/* Define to 1 if powerpc decoder is enabled. */
+#define HAVE_DECODER_POWERPC 1
+
+/* Define to 1 if sparc decoder is enabled. */
+#define HAVE_DECODER_SPARC 1
+
+/* Define to 1 if x86 decoder is enabled. */
+#define HAVE_DECODER_X86 1
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#define HAVE_DLFCN_H 1
+
+/* Define to 1 if any of HAVE_ENCODER_foo have been defined. */
+#define HAVE_ENCODERS 1
+
+/* Define to 1 if arm encoder is enabled. */
+#define HAVE_ENCODER_ARM 1
+
+/* Define to 1 if armthumb encoder is enabled. */
+#define HAVE_ENCODER_ARMTHUMB 1
+
+/* Define to 1 if delta encoder is enabled. */
+#define HAVE_ENCODER_DELTA 1
+
+/* Define to 1 if ia64 encoder is enabled. */
+#define HAVE_ENCODER_IA64 1
+
+/* Define to 1 if lzma1 encoder is enabled. */
+#define HAVE_ENCODER_LZMA1 1
+
+/* Define to 1 if lzma2 encoder is enabled. */
+#define HAVE_ENCODER_LZMA2 1
+
+/* Define to 1 if powerpc encoder is enabled. */
+#define HAVE_ENCODER_POWERPC 1
+
+/* Define to 1 if sparc encoder is enabled. */
+#define HAVE_ENCODER_SPARC 1
+
+/* Define to 1 if x86 encoder is enabled. */
+#define HAVE_ENCODER_X86 1
+
+/* Define to 1 if you have the <fcntl.h> header file. */
+#define HAVE_FCNTL_H 1
+
+/* Define to 1 if you have the `futimens' function. */
+#define HAVE_FUTIMENS 1
+
+/* Define to 1 if you have the `futimes' function. */
+/* #undef HAVE_FUTIMES */
+
+/* Define to 1 if you have the `futimesat' function. */
+/* #undef HAVE_FUTIMESAT */
+
+/* Define to 1 if you have the <getopt.h> header file. */
+#define HAVE_GETOPT_H 1
+
+/* Define to 1 if you have the `getopt_long' function. */
+#define HAVE_GETOPT_LONG 1
+
+/* Define if the GNU gettext() function is already present or preinstalled. */
+/* #undef HAVE_GETTEXT */
+
+/* Define if you have the iconv() function and it works. */
+/* #undef HAVE_ICONV */
+
+/* Define to 1 if you have the <immintrin.h> header file. */
+/* #undef HAVE_IMMINTRIN_H */
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#define HAVE_INTTYPES_H 1
+
+/* Define to 1 if you have the <limits.h> header file. */
+#define HAVE_LIMITS_H 1
+
+/* Define to 1 if mbrtowc and mbstate_t are properly declared. */
+#define HAVE_MBRTOWC 1
+
+/* Define to 1 if you have the <memory.h> header file. */
+#define HAVE_MEMORY_H 1
+
+/* Define to 1 to enable bt2 match finder. */
+#define HAVE_MF_BT2 1
+
+/* Define to 1 to enable bt3 match finder. */
+#define HAVE_MF_BT3 1
+
+/* Define to 1 to enable bt4 match finder. */
+#define HAVE_MF_BT4 1
+
+/* Define to 1 to enable hc3 match finder. */
+#define HAVE_MF_HC3 1
+
+/* Define to 1 to enable hc4 match finder. */
+#define HAVE_MF_HC4 1
+
+/* Define to 1 if you have the <minix/sha2.h> header file. */
+/* #undef HAVE_MINIX_SHA2_H */
+
+/* Define to 1 if getopt.h declares extern int optreset. */
+#define HAVE_OPTRESET 1
+
+/* Define to 1 if you have the `posix_fadvise' function. */
+#define HAVE_POSIX_FADVISE 1
+
+/* Define to 1 if you have the `pthread_condattr_setclock' function. */
+#define HAVE_PTHREAD_CONDATTR_SETCLOCK 1
+
+/* Have PTHREAD_PRIO_INHERIT. */
+/* #undef HAVE_PTHREAD_PRIO_INHERIT */
+
+/* Define to 1 if you have the `SHA256Init' function. */
+/* #undef HAVE_SHA256INIT */
+
+/* Define to 1 if the system has the type `SHA256_CTX'. */
+/* #undef HAVE_SHA256_CTX */
+
+/* Define to 1 if you have the <sha256.h> header file. */
+/* #undef HAVE_SHA256_H */
+
+/* Define to 1 if you have the `SHA256_Init' function. */
+/* #undef HAVE_SHA256_INIT */
+
+/* Define to 1 if the system has the type `SHA2_CTX'. */
+/* #undef HAVE_SHA2_CTX */
+
+/* Define to 1 if you have the <sha2.h> header file. */
+/* #undef HAVE_SHA2_H */
+
+/* Define to 1 if optimizing for size. */
+/* #undef HAVE_SMALL */
+
+/* Define to 1 if stdbool.h conforms to C99. */
+#define HAVE_STDBOOL_H 1
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#define HAVE_STDINT_H 1
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#define HAVE_STDLIB_H 1
+
+/* Define to 1 if you have the <strings.h> header file. */
+#define HAVE_STRINGS_H 1
+
+/* Define to 1 if you have the <string.h> header file. */
+#define HAVE_STRING_H 1
+
+/* Define to 1 if `st_atimensec' is a member of `struct stat'. */
+#define HAVE_STRUCT_STAT_ST_ATIMENSEC 1
+
+/* Define to 1 if `st_atimespec.tv_nsec' is a member of `struct stat'. */
+/* #undef HAVE_STRUCT_STAT_ST_ATIMESPEC_TV_NSEC */
+
+/* Define to 1 if `st_atim.st__tim.tv_nsec' is a member of `struct stat'. */
+/* #undef HAVE_STRUCT_STAT_ST_ATIM_ST__TIM_TV_NSEC */
+
+/* Define to 1 if `st_atim.tv_nsec' is a member of `struct stat'. */
+/* #undef HAVE_STRUCT_STAT_ST_ATIM_TV_NSEC */
+
+/* Define to 1 if `st_uatime' is a member of `struct stat'. */
+/* #undef HAVE_STRUCT_STAT_ST_UATIME */
+
+/* Define to 1 if you have the <sys/byteorder.h> header file. */
+/* #undef HAVE_SYS_BYTEORDER_H */
+
+/* Define to 1 if you have the <sys/capsicum.h> header file. */
+/* #undef HAVE_SYS_CAPSICUM_H */
+
+/* Define to 1 if you have the <sys/endian.h> header file. */
+/* #undef HAVE_SYS_ENDIAN_H */
+
+/* Define to 1 if you have the <sys/param.h> header file. */
+#define HAVE_SYS_PARAM_H 1
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#define HAVE_SYS_STAT_H 1
+
+/* Define to 1 if you have the <sys/time.h> header file. */
+#define HAVE_SYS_TIME_H 1
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#define HAVE_SYS_TYPES_H 1
+
+/* Define to 1 if the system has the type `uintptr_t'. */
+#define HAVE_UINTPTR_T 1
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#define HAVE_UNISTD_H 1
+
+/* Define to 1 if you have the `utime' function. */
+/* #undef HAVE_UTIME */
+
+/* Define to 1 if you have the `utimes' function. */
+/* #undef HAVE_UTIMES */
+
+/* Define to 1 or 0, depending whether the compiler supports simple visibility
+   declarations. */
+#define HAVE_VISIBILITY 1
+
+/* Define to 1 if you have the `wcwidth' function. */
+#define HAVE_WCWIDTH 1
+
+/* Define to 1 if the system has the type `_Bool'. */
+#define HAVE__BOOL 1
+
+/* Define to 1 if _mm_movemask_epi8 is available. */
+/* #undef HAVE__MM_MOVEMASK_EPI8 */
+
+/* Define to the sub-directory where libtool stores uninstalled libraries. */
+#define LT_OBJDIR ".libs/"
+
+/* Define to 1 when using POSIX threads (pthreads). */
+#define MYTHREAD_POSIX 1
+
+/* Define to 1 when using Windows Vista compatible threads. This uses features
+   that are not available on Windows XP. */
+/* #undef MYTHREAD_VISTA */
+
+/* Define to 1 when using Windows 95 (and thus XP) compatible threads. This
+   avoids use of features that were added in Windows Vista. */
+/* #undef MYTHREAD_WIN95 */
+
+/* Define to 1 to disable debugging code. */
+#define NDEBUG 1
+
+/* Name of package */
+#define PACKAGE "xz"
+
+/* Define to the address where bug reports for this package should be sent. */
+#define PACKAGE_BUGREPORT "lasse.collin@tukaani.org"
+
+/* Define to the full name of this package. */
+#define PACKAGE_NAME "XZ Utils"
+
+/* Define to the full name and version of this package. */
+#define PACKAGE_STRING "XZ Utils 5.3.0alpha"
+
+/* Define to the one symbol short name of this package. */
+#define PACKAGE_TARNAME "xz"
+
+/* Define to the home page for this package. */
+#define PACKAGE_URL "http://tukaani.org/xz/"
+
+/* Define to the version of this package. */
+#define PACKAGE_VERSION "5.3.0alpha"
+
+/* Define to necessary symbol if this constant uses a non-standard name on
+   your system. */
+/* #undef PTHREAD_CREATE_JOINABLE */
+
+/* The size of `size_t', as computed by sizeof. */
+#define SIZEOF_SIZE_T 4
+
+/* Define to 1 if you have the ANSI C header files. */
+#define STDC_HEADERS 1
+
+/* Define to 1 if the number of available CPU cores can be detected with
+   cpuset(2). */
+/* #undef TUKLIB_CPUCORES_CPUSET */
+
+/* Define to 1 if the number of available CPU cores can be detected with
+   pstat_getdynamic(). */
+/* #undef TUKLIB_CPUCORES_PSTAT_GETDYNAMIC */
+
+/* Define to 1 if the number of available CPU cores can be detected with
+   sysconf(_SC_NPROCESSORS_ONLN) or sysconf(_SC_NPROC_ONLN). */
+#define TUKLIB_CPUCORES_SYSCONF 1
+
+/* Define to 1 if the number of available CPU cores can be detected with
+   sysctl(). */
+/* #undef TUKLIB_CPUCORES_SYSCTL */
+
+/* Define to 1 if the system supports fast unaligned access to 16-bit and
+   32-bit integers. */
+/* #undef TUKLIB_FAST_UNALIGNED_ACCESS */
+
+/* Define to 1 if the amount of physical memory can be detected with
+   _system_configuration.physmem. */
+/* #undef TUKLIB_PHYSMEM_AIX */
+
+/* Define to 1 if the amount of physical memory can be detected with
+   getinvent_r(). */
+/* #undef TUKLIB_PHYSMEM_GETINVENT_R */
+
+/* Define to 1 if the amount of physical memory can be detected with
+   getsysinfo(). */
+/* #undef TUKLIB_PHYSMEM_GETSYSINFO */
+
+/* Define to 1 if the amount of physical memory can be detected with
+   pstat_getstatic(). */
+/* #undef TUKLIB_PHYSMEM_PSTAT_GETSTATIC */
+
+/* Define to 1 if the amount of physical memory can be detected with
+   sysconf(_SC_PAGESIZE) and sysconf(_SC_PHYS_PAGES). */
+#define TUKLIB_PHYSMEM_SYSCONF 1
+
+/* Define to 1 if the amount of physical memory can be detected with sysctl().
+   */
+/* #undef TUKLIB_PHYSMEM_SYSCTL */
+
+/* Define to 1 if the amount of physical memory can be detected with Linux
+   sysinfo(). */
+/* #undef TUKLIB_PHYSMEM_SYSINFO */
+
+/* Enable extensions on AIX 3, Interix.  */
+#ifndef _ALL_SOURCE
+# define _ALL_SOURCE 1
+#endif
+/* Enable GNU extensions on systems that have them.  */
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE 1
+#endif
+/* Enable threading extensions on Solaris.  */
+#ifndef _POSIX_PTHREAD_SEMANTICS
+# define _POSIX_PTHREAD_SEMANTICS 1
+#endif
+/* Enable extensions on HP NonStop.  */
+#ifndef _TANDEM_SOURCE
+# define _TANDEM_SOURCE 1
+#endif
+/* Enable general extensions on Solaris.  */
+#ifndef __EXTENSIONS__
+# define __EXTENSIONS__ 1
+#endif
+
+
+/* Version number of package */
+#define VERSION "5.3.0alpha"
+
+/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
+   significant byte first (like Motorola and SPARC, unlike Intel). */
+#if defined AC_APPLE_UNIVERSAL_BUILD
+# if defined __BIG_ENDIAN__
+#  define WORDS_BIGENDIAN 1
+# endif
+#else
+# ifndef WORDS_BIGENDIAN
+/* #  undef WORDS_BIGENDIAN */
+# endif
+#endif
+
+/* Enable large inode numbers on Mac OS X 10.5.  */
+#ifndef _DARWIN_USE_64_BIT_INODE
+# define _DARWIN_USE_64_BIT_INODE 1
+#endif
+
+/* Number of bits in a file offset, on hosts where this is settable. */
+/* #undef _FILE_OFFSET_BITS */
+
+/* Define for large files, on AIX-style hosts. */
+/* #undef _LARGE_FILES */
+
+/* Define to 1 if on MINIX. */
+/* #undef _MINIX */
+
+/* Define to 2 if the system does not provide POSIX.1 features except with
+   this defined. */
+/* #undef _POSIX_1_SOURCE */
+
+/* Define to 1 if you need to in order for `stat' and other things to work. */
+/* #undef _POSIX_SOURCE */
+
+/* Define for Solaris 2.5.1 so the uint32_t typedef from <sys/synch.h>,
+   <pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
+   #define below would cause a syntax error. */
+/* #undef _UINT32_T */
+
+/* Define for Solaris 2.5.1 so the uint64_t typedef from <sys/synch.h>,
+   <pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
+   #define below would cause a syntax error. */
+/* #undef _UINT64_T */
+
+/* Define for Solaris 2.5.1 so the uint8_t typedef from <sys/synch.h>,
+   <pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the
+   #define below would cause a syntax error. */
+/* #undef _UINT8_T */
+
+/* Define to rpl_ if the getopt replacement functions and variables should be
+   used. */
+/* #undef __GETOPT_PREFIX */
+
+/* Define to the type of a signed integer type of width exactly 32 bits if
+   such a type exists and the standard includes do not define it. */
+/* #undef int32_t */
+
+/* Define to the type of a signed integer type of width exactly 64 bits if
+   such a type exists and the standard includes do not define it. */
+/* #undef int64_t */
+
+/* Define to the type of an unsigned integer type of width exactly 16 bits if
+   such a type exists and the standard includes do not define it. */
+/* #undef uint16_t */
+
+/* Define to the type of an unsigned integer type of width exactly 32 bits if
+   such a type exists and the standard includes do not define it. */
+/* #undef uint32_t */
+
+/* Define to the type of an unsigned integer type of width exactly 64 bits if
+   such a type exists and the standard includes do not define it. */
+/* #undef uint64_t */
+
+/* Define to the type of an unsigned integer type of width exactly 8 bits if
+   such a type exists and the standard includes do not define it. */
+/* #undef uint8_t */
+
+/* Define to the type of an unsigned integer type wide enough to hold a
+   pointer, if such a type exists, and if the system does not define it. */
+/* #undef uintptr_t */
--- a/native/jni/external/lz4
+++ b/native/jni/external/lz4
--- a/native/jni/external/mincrypt/dsa_sig.c
+++ b/native/jni/external/mincrypt/dsa_sig.c
@@ -0,0 +1,126 @@
+/*
+ * Copyright 2013 The Android Open Source Project
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *     * Neither the name of Google Inc. nor the names of its contributors may
+ *       be used to endorse or promote products derived from this software
+ *       without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+ * EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <string.h>
+
+#include "mincrypt/dsa_sig.h"
+#include "mincrypt/p256.h"
+
+/**
+ * Trims off the leading zero bytes and copy it to a buffer aligning it to the end.
+ */
+static inline int trim_to_p256_bytes(unsigned char dst[P256_NBYTES], unsigned char *src,
+        int src_len) {
+    int dst_offset;
+    while (*src == '\0' && src_len > 0) {
+        src++;
+        src_len--;
+    }
+    if (src_len > P256_NBYTES || src_len < 1) {
+        return 0;
+    }
+    dst_offset = P256_NBYTES - src_len;
+    memset(dst, 0, dst_offset);
+    memcpy(dst + dst_offset, src, src_len);
+    return 1;
+}
+
+/**
+ * Unpacks the ASN.1 DSA signature sequence.
+ */
+int dsa_sig_unpack(unsigned char* sig, int sig_len, p256_int* r_int, p256_int* s_int) {
+    /*
+     * Structure is:
+     *   0x30 0xNN  SEQUENCE + s_length
+     *     0x02 0xNN  INTEGER + r_length
+     *       0xAA 0xBB ..   r_length bytes of "r" (offset 4)
+     *     0x02 0xNN  INTEGER + s_length
+     *       0xMM 0xNN ..   s_length bytes of "s" (offset 6 + r_len)
+     */
+    int seq_len;
+    unsigned char r_bytes[P256_NBYTES];
+    unsigned char s_bytes[P256_NBYTES];
+    int r_len;
+    int s_len;
+
+    memset(r_bytes, 0, sizeof(r_bytes));
+    memset(s_bytes, 0, sizeof(s_bytes));
+
+    /*
+     * Must have at least:
+     * 2 bytes sequence header and length
+     * 2 bytes R integer header and length
+     * 1 byte of R
+     * 2 bytes S integer header and length
+     * 1 byte of S
+     *
+     * 8 bytes total
+     */
+    if (sig_len < 8 || sig[0] != 0x30 || sig[2] != 0x02) {
+        return 0;
+    }
+
+    seq_len = sig[1];
+    if ((seq_len <= 0) || (seq_len + 2 != sig_len)) {
+        return 0;
+    }
+
+    r_len = sig[3];
+    /*
+     * Must have at least:
+     * 2 bytes for R header and length
+     * 2 bytes S integer header and length
+     * 1 byte of S
+     */
+    if ((r_len < 1) || (r_len > seq_len - 5) || (sig[4 + r_len] != 0x02)) {
+        return 0;
+    }
+    s_len = sig[5 + r_len];
+
+    /**
+     * Must have:
+     * 2 bytes for R header and length
+     * r_len bytes for R
+     * 2 bytes S integer header and length
+     */
+    if ((s_len < 1) || (s_len != seq_len - 4 - r_len)) {
+        return 0;
+    }
+
+    /*
+     * ASN.1 encoded integers are zero-padded for positive integers. Make sure we have
+     * a correctly-sized buffer and that the resulting integer isn't too large.
+     */
+    if (!trim_to_p256_bytes(r_bytes, &sig[4], r_len)
+            || !trim_to_p256_bytes(s_bytes, &sig[6 + r_len], s_len)) {
+        return 0;
+    }
+
+    p256_from_bin(r_bytes, r_int);
+    p256_from_bin(s_bytes, s_int);
+
+    return 1;
+}
--- a/native/jni/external/mincrypt/p256.c
+++ b/native/jni/external/mincrypt/p256.c
@@ -0,0 +1,373 @@
+/*
+ * Copyright 2013 The Android Open Source Project
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *     * Neither the name of Google Inc. nor the names of its contributors may
+ *       be used to endorse or promote products derived from this software
+ *       without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+ * EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+// This is an implementation of the P256 elliptic curve group. It's written to
+// be portable 32-bit, although it's still constant-time.
+//
+// WARNING: Implementing these functions in a constant-time manner is far from
+//          obvious. Be careful when touching this code.
+//
+// See http://www.imperialviolet.org/2010/12/04/ecc.html ([1]) for background.
+
+#include <assert.h>
+#include <stdint.h>
+#include <string.h>
+#include <stdio.h>
+
+#include "mincrypt/p256.h"
+
+const p256_int SECP256r1_n =  // curve order
+  {{0xfc632551, 0xf3b9cac2, 0xa7179e84, 0xbce6faad, -1, -1, 0, -1}};
+
+const p256_int SECP256r1_p =  // curve field size
+  {{-1, -1, -1, 0, 0, 0, 1, -1 }};
+
+const p256_int SECP256r1_b =  // curve b
+  {{0x27d2604b, 0x3bce3c3e, 0xcc53b0f6, 0x651d06b0,
+    0x769886bc, 0xb3ebbd55, 0xaa3a93e7, 0x5ac635d8}};
+
+void p256_init(p256_int* a) {
+  memset(a, 0, sizeof(*a));
+}
+
+void p256_clear(p256_int* a) { p256_init(a); }
+
+int p256_get_bit(const p256_int* scalar, int bit) {
+  return (P256_DIGIT(scalar, bit / P256_BITSPERDIGIT)
+              >> (bit & (P256_BITSPERDIGIT - 1))) & 1;
+}
+
+int p256_is_zero(const p256_int* a) {
+  int i, result = 0;
+  for (i = 0; i < P256_NDIGITS; ++i) result |= P256_DIGIT(a, i);
+  return !result;
+}
+
+// top, c[] += a[] * b
+// Returns new top
+static p256_digit mulAdd(const p256_int* a,
+                         p256_digit b,
+                         p256_digit top,
+                         p256_digit* c) {
+  int i;
+  p256_ddigit carry = 0;
+
+  for (i = 0; i < P256_NDIGITS; ++i) {
+    carry += *c;
+    carry += (p256_ddigit)P256_DIGIT(a, i) * b;
+    *c++ = (p256_digit)carry;
+    carry >>= P256_BITSPERDIGIT;
+  }
+  return top + (p256_digit)carry;
+}
+
+// top, c[] -= top_a, a[]
+static p256_digit subTop(p256_digit top_a,
+                         const p256_digit* a,
+                         p256_digit top_c,
+                         p256_digit* c) {
+  int i;
+  p256_sddigit borrow = 0;
+
+  for (i = 0; i < P256_NDIGITS; ++i) {
+    borrow += *c;
+    borrow -= *a++;
+    *c++ = (p256_digit)borrow;
+    borrow >>= P256_BITSPERDIGIT;
+  }
+  borrow += top_c;
+  borrow -= top_a;
+  top_c = (p256_digit)borrow;
+  assert((borrow >> P256_BITSPERDIGIT) == 0);
+  return top_c;
+}
+
+// top, c[] -= MOD[] & mask (0 or -1)
+// returns new top.
+static p256_digit subM(const p256_int* MOD,
+                       p256_digit top,
+                       p256_digit* c,
+                       p256_digit mask) {
+  int i;
+  p256_sddigit borrow = 0;
+  for (i = 0; i < P256_NDIGITS; ++i) {
+    borrow += *c;
+    borrow -= P256_DIGIT(MOD, i) & mask;
+    *c++ = (p256_digit)borrow;
+    borrow >>= P256_BITSPERDIGIT;
+  }
+  return top + (p256_digit)borrow;
+}
+
+// top, c[] += MOD[] & mask (0 or -1)
+// returns new top.
+static p256_digit addM(const p256_int* MOD,
+                       p256_digit top,
+                       p256_digit* c,
+                       p256_digit mask) {
+  int i;
+  p256_ddigit carry = 0;
+  for (i = 0; i < P256_NDIGITS; ++i) {
+    carry += *c;
+    carry += P256_DIGIT(MOD, i) & mask;
+    *c++ = (p256_digit)carry;
+    carry >>= P256_BITSPERDIGIT;
+  }
+  return top + (p256_digit)carry;
+}
+
+// c = a * b mod MOD. c can be a and/or b.
+void p256_modmul(const p256_int* MOD,
+                 const p256_int* a,
+                 const p256_digit top_b,
+                 const p256_int* b,
+                 p256_int* c) {
+  p256_digit tmp[P256_NDIGITS * 2 + 1] = { 0 };
+  p256_digit top = 0;
+  int i;
+
+  // Multiply/add into tmp.
+  for (i = 0; i < P256_NDIGITS; ++i) {
+    if (i) tmp[i + P256_NDIGITS - 1] = top;
+    top = mulAdd(a, P256_DIGIT(b, i), 0, tmp + i);
+  }
+
+  // Multiply/add top digit
+  tmp[i + P256_NDIGITS - 1] = top;
+  top = mulAdd(a, top_b, 0, tmp + i);
+
+  // Reduce tmp, digit by digit.
+  for (; i >= 0; --i) {
+    p256_digit reducer[P256_NDIGITS] = { 0 };
+    p256_digit top_reducer;
+
+    // top can be any value at this point.
+    // Guestimate reducer as top * MOD, since msw of MOD is -1.
+    top_reducer = mulAdd(MOD, top, 0, reducer);
+
+    // Subtract reducer from top | tmp.
+    top = subTop(top_reducer, reducer, top, tmp + i);
+
+    // top is now either 0 or 1. Make it 0, fixed-timing.
+    assert(top <= 1);
+
+    top = subM(MOD, top, tmp + i, ~(top - 1));
+
+    assert(top == 0);
+
+    // We have now reduced the top digit off tmp. Fetch new top digit.
+    top = tmp[i + P256_NDIGITS - 1];
+  }
+
+  // tmp might still be larger than MOD, yet same bit length.
+  // Make sure it is less, fixed-timing.
+  addM(MOD, 0, tmp, subM(MOD, 0, tmp, -1));
+
+  memcpy(c, tmp, P256_NBYTES);
+}
+int p256_is_odd(const p256_int* a) { return P256_DIGIT(a, 0) & 1; }
+int p256_is_even(const p256_int* a) { return !(P256_DIGIT(a, 0) & 1); }
+
+p256_digit p256_shl(const p256_int* a, int n, p256_int* b) {
+  int i;
+  p256_digit top = P256_DIGIT(a, P256_NDIGITS - 1);
+
+  n %= P256_BITSPERDIGIT;
+  for (i = P256_NDIGITS - 1; i > 0; --i) {
+    p256_digit accu = (P256_DIGIT(a, i) << n);
+    accu |= (P256_DIGIT(a, i - 1) >> (P256_BITSPERDIGIT - n));
+    P256_DIGIT(b, i) = accu;
+  }
+  P256_DIGIT(b, i) = (P256_DIGIT(a, i) << n);
+
+  top = (p256_digit)((((p256_ddigit)top) << n) >> P256_BITSPERDIGIT);
+
+  return top;
+}
+
+void p256_shr(const p256_int* a, int n, p256_int* b) {
+  int i;
+
+  n %= P256_BITSPERDIGIT;
+  for (i = 0; i < P256_NDIGITS - 1; ++i) {
+    p256_digit accu = (P256_DIGIT(a, i) >> n);
+    accu |= (P256_DIGIT(a, i + 1) << (P256_BITSPERDIGIT - n));
+    P256_DIGIT(b, i) = accu;
+  }
+  P256_DIGIT(b, i) = (P256_DIGIT(a, i) >> n);
+}
+
+static void p256_shr1(const p256_int* a, int highbit, p256_int* b) {
+  int i;
+
+  for (i = 0; i < P256_NDIGITS - 1; ++i) {
+    p256_digit accu = (P256_DIGIT(a, i) >> 1);
+    accu |= (P256_DIGIT(a, i + 1) << (P256_BITSPERDIGIT - 1));
+    P256_DIGIT(b, i) = accu;
+  }
+  P256_DIGIT(b, i) = (P256_DIGIT(a, i) >> 1) |
+      (highbit << (P256_BITSPERDIGIT - 1));
+}
+
+// Return -1, 0, 1 for a < b, a == b or a > b respectively.
+int p256_cmp(const p256_int* a, const p256_int* b) {
+  int i;
+  p256_sddigit borrow = 0;
+  p256_digit notzero = 0;
+
+  for (i = 0; i < P256_NDIGITS; ++i) {
+    borrow += (p256_sddigit)P256_DIGIT(a, i) - P256_DIGIT(b, i);
+    // Track whether any result digit is ever not zero.
+    // Relies on !!(non-zero) evaluating to 1, e.g., !!(-1) evaluating to 1.
+    notzero |= !!((p256_digit)borrow);
+    borrow >>= P256_BITSPERDIGIT;
+  }
+  return (int)borrow | notzero;
+}
+
+// c = a - b. Returns borrow: 0 or -1.
+int p256_sub(const p256_int* a, const p256_int* b, p256_int* c) {
+  int i;
+  p256_sddigit borrow = 0;
+
+  for (i = 0; i < P256_NDIGITS; ++i) {
+    borrow += (p256_sddigit)P256_DIGIT(a, i) - P256_DIGIT(b, i);
+    if (c) P256_DIGIT(c, i) = (p256_digit)borrow;
+    borrow >>= P256_BITSPERDIGIT;
+  }
+  return (int)borrow;
+}
+
+// c = a + b. Returns carry: 0 or 1.
+int p256_add(const p256_int* a, const p256_int* b, p256_int* c) {
+  int i;
+  p256_ddigit carry = 0;
+
+  for (i = 0; i < P256_NDIGITS; ++i) {
+    carry += (p256_ddigit)P256_DIGIT(a, i) + P256_DIGIT(b, i);
+    if (c) P256_DIGIT(c, i) = (p256_digit)carry;
+    carry >>= P256_BITSPERDIGIT;
+  }
+  return (int)carry;
+}
+
+// b = a + d. Returns carry, 0 or 1.
+int p256_add_d(const p256_int* a, p256_digit d, p256_int* b) {
+  int i;
+  p256_ddigit carry = d;
+
+  for (i = 0; i < P256_NDIGITS; ++i) {
+    carry += (p256_ddigit)P256_DIGIT(a, i);
+    if (b) P256_DIGIT(b, i) = (p256_digit)carry;
+    carry >>= P256_BITSPERDIGIT;
+  }
+  return (int)carry;
+}
+
+// b = 1/a mod MOD, binary euclid.
+void p256_modinv_vartime(const p256_int* MOD,
+                         const p256_int* a,
+                         p256_int* b) {
+  p256_int R = P256_ZERO;
+  p256_int S = P256_ONE;
+  p256_int U = *MOD;
+  p256_int V = *a;
+
+  for (;;) {
+    if (p256_is_even(&U)) {
+      p256_shr1(&U, 0, &U);
+      if (p256_is_even(&R)) {
+        p256_shr1(&R, 0, &R);
+      } else {
+        // R = (R+MOD)/2
+        p256_shr1(&R, p256_add(&R, MOD, &R), &R);
+      }
+    } else if (p256_is_even(&V)) {
+      p256_shr1(&V, 0, &V);
+      if (p256_is_even(&S)) {
+        p256_shr1(&S, 0, &S);
+      } else {
+        // S = (S+MOD)/2
+        p256_shr1(&S, p256_add(&S, MOD, &S) , &S);
+      }
+    } else {  // U,V both odd.
+      if (!p256_sub(&V, &U, NULL)) {
+        p256_sub(&V, &U, &V);
+        if (p256_sub(&S, &R, &S)) p256_add(&S, MOD, &S);
+        if (p256_is_zero(&V)) break;  // done.
+      } else {
+        p256_sub(&U, &V, &U);
+        if (p256_sub(&R, &S, &R)) p256_add(&R, MOD, &R);
+      }
+    }
+  }
+
+  p256_mod(MOD, &R, b);
+}
+
+void p256_mod(const p256_int* MOD,
+              const p256_int* in,
+              p256_int* out) {
+  if (out != in) *out = *in;
+  addM(MOD, 0, P256_DIGITS(out), subM(MOD, 0, P256_DIGITS(out), -1));
+}
+
+// Verify y^2 == x^3 - 3x + b mod p
+// and 0 < x < p and 0 < y < p
+int p256_is_valid_point(const p256_int* x, const p256_int* y) {
+  p256_int y2, x3;
+
+  if (p256_cmp(&SECP256r1_p, x) <= 0 ||
+      p256_cmp(&SECP256r1_p, y) <= 0 ||
+      p256_is_zero(x) ||
+      p256_is_zero(y)) return 0;
+
+  p256_modmul(&SECP256r1_p, y, 0, y, &y2);  // y^2
+
+  p256_modmul(&SECP256r1_p, x, 0, x, &x3);  // x^2
+  p256_modmul(&SECP256r1_p, x, 0, &x3, &x3);  // x^3
+  if (p256_sub(&x3, x, &x3)) p256_add(&x3, &SECP256r1_p, &x3);  // x^3 - x
+  if (p256_sub(&x3, x, &x3)) p256_add(&x3, &SECP256r1_p, &x3);  // x^3 - 2x
+  if (p256_sub(&x3, x, &x3)) p256_add(&x3, &SECP256r1_p, &x3);  // x^3 - 3x
+  if (p256_add(&x3, &SECP256r1_b, &x3))  // x^3 - 3x + b
+    p256_sub(&x3, &SECP256r1_p, &x3);
+
+  return p256_cmp(&y2, &x3) == 0;
+}
+
+void p256_from_bin(const uint8_t src[P256_NBYTES], p256_int* dst) {
+  int i;
+  const uint8_t* p = &src[0];
+
+  for (i = P256_NDIGITS - 1; i >= 0; --i) {
+    P256_DIGIT(dst, i) =
+        (p[0] << 24) |
+        (p[1] << 16) |
+        (p[2] << 8) |
+        p[3];
+    p += 4;
+  }
+}
--- a/native/jni/external/mincrypt/p256_ec.c
+++ b/native/jni/external/mincrypt/p256_ec.c
--- a/native/jni/external/mincrypt/p256_ecdsa.c
+++ b/native/jni/external/mincrypt/p256_ecdsa.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2013 The Android Open Source Project
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *     * Neither the name of Google Inc. nor the names of its contributors may
+ *       be used to endorse or promote products derived from this software
+ *       without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+ * EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <string.h>
+
+#include "mincrypt/p256_ecdsa.h"
+#include "mincrypt/p256.h"
+
+int p256_ecdsa_verify(const p256_int* key_x, const p256_int* key_y,
+                      const p256_int* message,
+                      const p256_int* r, const p256_int* s) {
+  p256_int u, v;
+
+  // Check public key.
+  if (!p256_is_valid_point(key_x, key_y)) return 0;
+
+  // Check r and s are != 0 % n.
+  p256_mod(&SECP256r1_n, r, &u);
+  p256_mod(&SECP256r1_n, s, &v);
+  if (p256_is_zero(&u) || p256_is_zero(&v)) return 0;
+
+  p256_modinv_vartime(&SECP256r1_n, s, &v);
+  p256_modmul(&SECP256r1_n, message, 0, &v, &u);  // message / s % n
+  p256_modmul(&SECP256r1_n, r, 0, &v, &v);  // r / s % n
+
+  p256_points_mul_vartime(&u, &v,
+                          key_x, key_y,
+                          &u, &v);
+
+  p256_mod(&SECP256r1_n, &u, &u);  // (x coord % p) % n
+  return p256_cmp(r, &u) == 0;
+}
+
--- a/native/jni/external/mincrypt/rsa.c
+++ b/native/jni/external/mincrypt/rsa.c
@@ -0,0 +1,308 @@
+/* rsa.c
+**
+** Copyright 2012, The Android Open Source Project
+**
+** Redistribution and use in source and binary forms, with or without
+** modification, are permitted provided that the following conditions are met:
+**     * Redistributions of source code must retain the above copyright
+**       notice, this list of conditions and the following disclaimer.
+**     * Redistributions in binary form must reproduce the above copyright
+**       notice, this list of conditions and the following disclaimer in the
+**       documentation and/or other materials provided with the distribution.
+**     * Neither the name of Google Inc. nor the names of its contributors may
+**       be used to endorse or promote products derived from this software
+**       without specific prior written permission.
+**
+** THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
+** IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+** MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+** EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+** SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+** PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+** OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+** WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+** OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+** ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#include "mincrypt/rsa.h"
+#include "mincrypt/sha.h"
+#include "mincrypt/sha256.h"
+
+// a[] -= mod
+static void subM(const RSAPublicKey* key,
+                 uint32_t* a) {
+    int64_t A = 0;
+    int i;
+    for (i = 0; i < key->len; ++i) {
+        A += (uint64_t)a[i] - key->n[i];
+        a[i] = (uint32_t)A;
+        A >>= 32;
+    }
+}
+
+// return a[] >= mod
+static int geM(const RSAPublicKey* key,
+               const uint32_t* a) {
+    int i;
+    for (i = key->len; i;) {
+        --i;
+        if (a[i] < key->n[i]) return 0;
+        if (a[i] > key->n[i]) return 1;
+    }
+    return 1;  // equal
+}
+
+// montgomery c[] += a * b[] / R % mod
+static void montMulAdd(const RSAPublicKey* key,
+                       uint32_t* c,
+                       const uint32_t a,
+                       const uint32_t* b) {
+    uint64_t A = (uint64_t)a * b[0] + c[0];
+    uint32_t d0 = (uint32_t)A * key->n0inv;
+    uint64_t B = (uint64_t)d0 * key->n[0] + (uint32_t)A;
+    int i;
+
+    for (i = 1; i < key->len; ++i) {
+        A = (A >> 32) + (uint64_t)a * b[i] + c[i];
+        B = (B >> 32) + (uint64_t)d0 * key->n[i] + (uint32_t)A;
+        c[i - 1] = (uint32_t)B;
+    }
+
+    A = (A >> 32) + (B >> 32);
+
+    c[i - 1] = (uint32_t)A;
+
+    if (A >> 32) {
+        subM(key, c);
+    }
+}
+
+// montgomery c[] = a[] * b[] / R % mod
+static void montMul(const RSAPublicKey* key,
+                    uint32_t* c,
+                    const uint32_t* a,
+                    const uint32_t* b) {
+    int i;
+    for (i = 0; i < key->len; ++i) {
+        c[i] = 0;
+    }
+    for (i = 0; i < key->len; ++i) {
+        montMulAdd(key, c, a[i], b);
+    }
+}
+
+// In-place public exponentiation.
+// Input and output big-endian byte array in inout.
+static void modpow(const RSAPublicKey* key,
+                   uint8_t* inout) {
+    uint32_t a[RSANUMWORDS];
+    uint32_t aR[RSANUMWORDS];
+    uint32_t aaR[RSANUMWORDS];
+    uint32_t* aaa = 0;
+    int i;
+
+    // Convert from big endian byte array to little endian word array.
+    for (i = 0; i < key->len; ++i) {
+        uint32_t tmp =
+            (inout[((key->len - 1 - i) * 4) + 0] << 24) |
+            (inout[((key->len - 1 - i) * 4) + 1] << 16) |
+            (inout[((key->len - 1 - i) * 4) + 2] << 8) |
+            (inout[((key->len - 1 - i) * 4) + 3] << 0);
+        a[i] = tmp;
+    }
+
+    if (key->exponent == 65537) {
+        aaa = aaR;  // Re-use location.
+        montMul(key, aR, a, key->rr);  // aR = a * RR / R mod M
+        for (i = 0; i < 16; i += 2) {
+            montMul(key, aaR, aR, aR);  // aaR = aR * aR / R mod M
+            montMul(key, aR, aaR, aaR);  // aR = aaR * aaR / R mod M
+        }
+        montMul(key, aaa, aR, a);  // aaa = aR * a / R mod M
+    } else if (key->exponent == 3) {
+        aaa = aR;  // Re-use location.
+        montMul(key, aR, a, key->rr);  /* aR = a * RR / R mod M   */
+        montMul(key, aaR, aR, aR);     /* aaR = aR * aR / R mod M */
+        montMul(key, aaa, aaR, a);     /* aaa = aaR * a / R mod M */
+    }
+
+    // Make sure aaa < mod; aaa is at most 1x mod too large.
+    if (geM(key, aaa)) {
+        subM(key, aaa);
+    }
+
+    // Convert to bigendian byte array
+    for (i = key->len - 1; i >= 0; --i) {
+        uint32_t tmp = aaa[i];
+        *inout++ = tmp >> 24;
+        *inout++ = tmp >> 16;
+        *inout++ = tmp >> 8;
+        *inout++ = tmp >> 0;
+    }
+}
+
+// Expected PKCS1.5 signature padding bytes, for a keytool RSA signature.
+// Has the 0-length optional parameter encoded in the ASN1 (as opposed to the
+// other flavor which omits the optional parameter entirely). This code does not
+// accept signatures without the optional parameter.
+
+/*
+static const uint8_t sha_padding[RSANUMBYTES] = {
+    0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x21, 0x30,
+    0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a,
+    0x05, 0x00, 0x04, 0x14,
+
+    // 20 bytes of hash go here.
+    0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+};
+*/
+
+// SHA-1 of PKCS1.5 signature sha_padding for 2048 bit, as above.
+// At the location of the bytes of the hash all 00 are hashed.
+static const uint8_t kExpectedPadShaRsa2048[SHA_DIGEST_SIZE] = {
+    0xdc, 0xbd, 0xbe, 0x42, 0xd5, 0xf5, 0xa7, 0x2e,
+    0x6e, 0xfc, 0xf5, 0x5d, 0xaf, 0x9d, 0xea, 0x68,
+    0x7c, 0xfb, 0xf1, 0x67
+};
+
+/*
+static const uint8_t sha256_padding[RSANUMBYTES] = {
+    0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x31, 0x30,
+    0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65,
+    0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20,
+
+    // 32 bytes of hash go here.
+    0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+    0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+};
+*/
+
+// SHA-256 of PKCS1.5 signature sha256_padding for 2048 bit, as above.
+// At the location of the bytes of the hash all 00 are hashed.
+static const uint8_t kExpectedPadSha256Rsa2048[SHA256_DIGEST_SIZE] = {
+    0xab, 0x28, 0x8d, 0x8a, 0xd7, 0xd9, 0x59, 0x92,
+    0xba, 0xcc, 0xf8, 0x67, 0x20, 0xe1, 0x15, 0x2e,
+    0x39, 0x8d, 0x80, 0x36, 0xd6, 0x6f, 0xf0, 0xfd,
+    0x90, 0xe8, 0x7d, 0x8b, 0xe1, 0x7c, 0x87, 0x59,
+};
+
+// Verify a 2048-bit RSA PKCS1.5 signature against an expected hash.
+// Both e=3 and e=65537 are supported.  hash_len may be
+// SHA_DIGEST_SIZE (== 20) to indicate a SHA-1 hash, or
+// SHA256_DIGEST_SIZE (== 32) to indicate a SHA-256 hash.  No other
+// values are supported.
+//
+// Returns 1 on successful verification, 0 on failure.
+int RSA_verify(const RSAPublicKey *key,
+               const uint8_t *signature,
+               const int len,
+               const uint8_t *hash,
+               const int hash_len) {
+    uint8_t buf[RSANUMBYTES];
+    int i;
+    const uint8_t* padding_hash;
+
+    if (key->len != RSANUMWORDS) {
+        return 0;  // Wrong key passed in.
+    }
+
+    if (len != sizeof(buf)) {
+        return 0;  // Wrong input length.
+    }
+
+    if (hash_len != SHA_DIGEST_SIZE &&
+        hash_len != SHA256_DIGEST_SIZE) {
+        return 0;  // Unsupported hash.
+    }
+
+    if (key->exponent != 3 && key->exponent != 65537) {
+        return 0;  // Unsupported exponent.
+    }
+
+    for (i = 0; i < len; ++i) {  // Copy input to local workspace.
+        buf[i] = signature[i];
+    }
+
+    modpow(key, buf);  // In-place exponentiation.
+
+    // Xor sha portion, so it all becomes 00 iff equal.
+    for (i = len - hash_len; i < len; ++i) {
+        buf[i] ^= *hash++;
+    }
+
+    // Hash resulting buf, in-place.
+    switch (hash_len) {
+        case SHA_DIGEST_SIZE:
+            padding_hash = kExpectedPadShaRsa2048;
+            SHA_hash(buf, len, buf);
+            break;
+        case SHA256_DIGEST_SIZE:
+            padding_hash = kExpectedPadSha256Rsa2048;
+            SHA256_hash(buf, len, buf);
+            break;
+        default:
+            return 0;
+    }
+
+    // Compare against expected hash value.
+    for (i = 0; i < hash_len; ++i) {
+        if (buf[i] != padding_hash[i]) {
+            return 0;
+        }
+    }
+
+    return 1;  // All checked out OK.
+}
--- a/native/jni/external/mincrypt/sha.c
+++ b/native/jni/external/mincrypt/sha.c
@@ -0,0 +1,155 @@
+/* sha.c
+**
+** Copyright 2013, The Android Open Source Project
+**
+** Redistribution and use in source and binary forms, with or without
+** modification, are permitted provided that the following conditions are met:
+**     * Redistributions of source code must retain the above copyright
+**       notice, this list of conditions and the following disclaimer.
+**     * Redistributions in binary form must reproduce the above copyright
+**       notice, this list of conditions and the following disclaimer in the
+**       documentation and/or other materials provided with the distribution.
+**     * Neither the name of Google Inc. nor the names of its contributors may
+**       be used to endorse or promote products derived from this software
+**       without specific prior written permission.
+**
+** THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
+** IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+** MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+** EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+** SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+** PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+** OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+** WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+** OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+** ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+// Optimized for minimal code size.
+
+#include "mincrypt/sha.h"
+
+#include <stdio.h>
+#include <string.h>
+#include <stdint.h>
+
+#define rol(bits, value) (((value) << (bits)) | ((value) >> (32 - (bits))))
+
+static void SHA1_Transform(SHA_CTX* ctx) {
+    uint32_t W[80];
+    uint32_t A, B, C, D, E;
+    uint8_t* p = ctx->buf;
+    int t;
+
+    for(t = 0; t < 16; ++t) {
+        uint32_t tmp =  *p++ << 24;
+        tmp |= *p++ << 16;
+        tmp |= *p++ << 8;
+        tmp |= *p++;
+        W[t] = tmp;
+    }
+
+    for(; t < 80; t++) {
+        W[t] = rol(1,W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16]);
+    }
+
+    A = ctx->state[0];
+    B = ctx->state[1];
+    C = ctx->state[2];
+    D = ctx->state[3];
+    E = ctx->state[4];
+
+    for(t = 0; t < 80; t++) {
+        uint32_t tmp = rol(5,A) + E + W[t];
+
+        if (t < 20)
+            tmp += (D^(B&(C^D))) + 0x5A827999;
+        else if ( t < 40)
+            tmp += (B^C^D) + 0x6ED9EBA1;
+        else if ( t < 60)
+            tmp += ((B&C)|(D&(B|C))) + 0x8F1BBCDC;
+        else
+            tmp += (B^C^D) + 0xCA62C1D6;
+
+        E = D;
+        D = C;
+        C = rol(30,B);
+        B = A;
+        A = tmp;
+    }
+
+    ctx->state[0] += A;
+    ctx->state[1] += B;
+    ctx->state[2] += C;
+    ctx->state[3] += D;
+    ctx->state[4] += E;
+}
+
+static const HASH_VTAB SHA_VTAB = {
+    SHA_init,
+    SHA_update,
+    SHA_final,
+    SHA_hash,
+    SHA_DIGEST_SIZE
+};
+
+void SHA_init(SHA_CTX* ctx) {
+    ctx->f = &SHA_VTAB;
+    ctx->state[0] = 0x67452301;
+    ctx->state[1] = 0xEFCDAB89;
+    ctx->state[2] = 0x98BADCFE;
+    ctx->state[3] = 0x10325476;
+    ctx->state[4] = 0xC3D2E1F0;
+    ctx->count = 0;
+}
+
+
+void SHA_update(SHA_CTX* ctx, const void* data, int len) {
+    int i = (int) (ctx->count & 63);
+    const uint8_t* p = (const uint8_t*)data;
+
+    ctx->count += len;
+
+    while (len--) {
+        ctx->buf[i++] = *p++;
+        if (i == 64) {
+            SHA1_Transform(ctx);
+            i = 0;
+        }
+    }
+}
+
+
+const uint8_t* SHA_final(SHA_CTX* ctx) {
+    uint8_t *p = ctx->buf;
+    uint64_t cnt = ctx->count * 8;
+    int i;
+
+    SHA_update(ctx, (uint8_t*)"\x80", 1);
+    while ((ctx->count & 63) != 56) {
+        SHA_update(ctx, (uint8_t*)"\0", 1);
+    }
+    for (i = 0; i < 8; ++i) {
+        uint8_t tmp = (uint8_t) (cnt >> ((7 - i) * 8));
+        SHA_update(ctx, &tmp, 1);
+    }
+
+    for (i = 0; i < 5; i++) {
+        uint32_t tmp = ctx->state[i];
+        *p++ = tmp >> 24;
+        *p++ = tmp >> 16;
+        *p++ = tmp >> 8;
+        *p++ = tmp >> 0;
+    }
+
+    return ctx->buf;
+}
+
+/* Convenience function */
+const uint8_t* SHA_hash(const void* data, int len, uint8_t* digest) {
+    SHA_CTX ctx;
+    SHA_init(&ctx);
+    SHA_update(&ctx, data, len);
+    memcpy(digest, SHA_final(&ctx), SHA_DIGEST_SIZE);
+    return digest;
+}
--- a/native/jni/external/mincrypt/sha256.c
+++ b/native/jni/external/mincrypt/sha256.c
@@ -0,0 +1,184 @@
+/* sha256.c
+**
+** Copyright 2013, The Android Open Source Project
+**
+** Redistribution and use in source and binary forms, with or without
+** modification, are permitted provided that the following conditions are met:
+**     * Redistributions of source code must retain the above copyright
+**       notice, this list of conditions and the following disclaimer.
+**     * Redistributions in binary form must reproduce the above copyright
+**       notice, this list of conditions and the following disclaimer in the
+**       documentation and/or other materials provided with the distribution.
+**     * Neither the name of Google Inc. nor the names of its contributors may
+**       be used to endorse or promote products derived from this software
+**       without specific prior written permission.
+**
+** THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
+** IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+** MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+** EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+** SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+** PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+** OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+** WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+** OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+** ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+// Optimized for minimal code size.
+
+#include "mincrypt/sha256.h"
+
+#include <stdio.h>
+#include <string.h>
+#include <stdint.h>
+
+#define ror(value, bits) (((value) >> (bits)) | ((value) << (32 - (bits))))
+#define shr(value, bits) ((value) >> (bits))
+
+static const uint32_t K[64] = {
+    0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
+    0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
+    0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
+    0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
+    0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
+    0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
+    0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
+    0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
+    0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
+    0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
+    0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
+    0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
+    0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
+    0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
+    0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
+    0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 };
+
+static void SHA256_Transform(SHA256_CTX* ctx) {
+    uint32_t W[64];
+    uint32_t A, B, C, D, E, F, G, H;
+    uint8_t* p = ctx->buf;
+    int t;
+
+    for(t = 0; t < 16; ++t) {
+        uint32_t tmp =  *p++ << 24;
+        tmp |= *p++ << 16;
+        tmp |= *p++ << 8;
+        tmp |= *p++;
+        W[t] = tmp;
+    }
+
+    for(; t < 64; t++) {
+        uint32_t s0 = ror(W[t-15], 7) ^ ror(W[t-15], 18) ^ shr(W[t-15], 3);
+        uint32_t s1 = ror(W[t-2], 17) ^ ror(W[t-2], 19) ^ shr(W[t-2], 10);
+        W[t] = W[t-16] + s0 + W[t-7] + s1;
+    }
+
+    A = ctx->state[0];
+    B = ctx->state[1];
+    C = ctx->state[2];
+    D = ctx->state[3];
+    E = ctx->state[4];
+    F = ctx->state[5];
+    G = ctx->state[6];
+    H = ctx->state[7];
+
+    for(t = 0; t < 64; t++) {
+        uint32_t s0 = ror(A, 2) ^ ror(A, 13) ^ ror(A, 22);
+        uint32_t maj = (A & B) ^ (A & C) ^ (B & C);
+        uint32_t t2 = s0 + maj;
+        uint32_t s1 = ror(E, 6) ^ ror(E, 11) ^ ror(E, 25);
+        uint32_t ch = (E & F) ^ ((~E) & G);
+        uint32_t t1 = H + s1 + ch + K[t] + W[t];
+
+        H = G;
+        G = F;
+        F = E;
+        E = D + t1;
+        D = C;
+        C = B;
+        B = A;
+        A = t1 + t2;
+    }
+
+    ctx->state[0] += A;
+    ctx->state[1] += B;
+    ctx->state[2] += C;
+    ctx->state[3] += D;
+    ctx->state[4] += E;
+    ctx->state[5] += F;
+    ctx->state[6] += G;
+    ctx->state[7] += H;
+}
+
+static const HASH_VTAB SHA256_VTAB = {
+    SHA256_init,
+    SHA256_update,
+    SHA256_final,
+    SHA256_hash,
+    SHA256_DIGEST_SIZE
+};
+
+void SHA256_init(SHA256_CTX* ctx) {
+    ctx->f = &SHA256_VTAB;
+    ctx->state[0] = 0x6a09e667;
+    ctx->state[1] = 0xbb67ae85;
+    ctx->state[2] = 0x3c6ef372;
+    ctx->state[3] = 0xa54ff53a;
+    ctx->state[4] = 0x510e527f;
+    ctx->state[5] = 0x9b05688c;
+    ctx->state[6] = 0x1f83d9ab;
+    ctx->state[7] = 0x5be0cd19;
+    ctx->count = 0;
+}
+
+
+void SHA256_update(SHA256_CTX* ctx, const void* data, int len) {
+    int i = (int) (ctx->count & 63);
+    const uint8_t* p = (const uint8_t*)data;
+
+    ctx->count += len;
+
+    while (len--) {
+        ctx->buf[i++] = *p++;
+        if (i == 64) {
+            SHA256_Transform(ctx);
+            i = 0;
+        }
+    }
+}
+
+
+const uint8_t* SHA256_final(SHA256_CTX* ctx) {
+    uint8_t *p = ctx->buf;
+    uint64_t cnt = ctx->count * 8;
+    int i;
+
+    SHA256_update(ctx, (uint8_t*)"\x80", 1);
+    while ((ctx->count & 63) != 56) {
+        SHA256_update(ctx, (uint8_t*)"\0", 1);
+    }
+    for (i = 0; i < 8; ++i) {
+        uint8_t tmp = (uint8_t) (cnt >> ((7 - i) * 8));
+        SHA256_update(ctx, &tmp, 1);
+    }
+
+    for (i = 0; i < 8; i++) {
+        uint32_t tmp = ctx->state[i];
+        *p++ = tmp >> 24;
+        *p++ = tmp >> 16;
+        *p++ = tmp >> 8;
+        *p++ = tmp >> 0;
+    }
+
+    return ctx->buf;
+}
+
+/* Convenience function */
+const uint8_t* SHA256_hash(const void* data, int len, uint8_t* digest) {
+    SHA256_CTX ctx;
+    SHA256_init(&ctx);
+    SHA256_update(&ctx, data, len);
+    memcpy(digest, SHA256_final(&ctx), SHA256_DIGEST_SIZE);
+    return digest;
+}
--- a/native/jni/external/selinux
+++ b/native/jni/external/selinux
--- a/native/jni/external/stubs/selinux_stub.c
+++ b/native/jni/external/stubs/selinux_stub.c
@@ -1,10 +1,11 @@
 #include <stdbool.h>
-#include "selinux/avc.h"
-#include "selinux/context.h"
-#include "selinux/get_context_list.h"
-#include "selinux/get_default_type.h"
-#include "selinux/restorecon.h"
-#include "selinux/selinux.h"
+#include <selinux/avc.h>
+#include <selinux/context.h>
+#include <selinux/get_context_list.h>
+#include <selinux/get_default_type.h>
+#include <selinux/label.h>
+#include <selinux/restorecon.h>
+#include <selinux/selinux.h>
 int is_selinux_enabled(void) { return 0; }
 int is_selinux_mls_enabled(void) { return 0; }
 void freecon(char * con) { }
@@ -225,7 +226,7 @@ int selinux_raw_to_trans_context(const char * raw,
 int selinux_raw_context_to_color(const char * raw,
 					char **color_str) { return 0; }
 int getseuserbyname(const char *linuxuser, char **seuser, char **level) { return 0; }
-int getseuser(const char *username, const char *service, 
+int getseuser(const char *username, const char *service,
 			char **r_seuser, char **r_level) { return 0; }
 int selinux_file_context_cmp(const char * a,
 				const char * b) { return 0; }
--- a/native/jni/external/stubs/sqlite3_stub.c
+++ b/native/jni/external/stubs/sqlite3_stub.c
--- a/native/jni/external/xz
+++ b/native/jni/external/xz
--- a/native/jni/include/cpio.h
+++ b/native/jni/include/cpio.h
@@ -0,0 +1,60 @@
+#ifndef _CPIO_H_
+#define _CPIO_H_
+
+#include <stdint.h>
+
+#include "vector.h"
+
+typedef struct cpio_entry {
+	// uint32_t ino;
+	uint32_t mode;
+	uint32_t uid;
+	uint32_t gid;
+	// uint32_t nlink;
+	// uint32_t mtime;
+	uint32_t filesize;
+	// uint32_t devmajor;
+	// uint32_t devminor;
+	// uint32_t rdevmajor;
+	// uint32_t rdevminor;
+	// uint32_t namesize;
+	// uint32_t check;
+	char *filename;
+	void *data;
+	int remove;
+} cpio_entry;
+
+typedef struct cpio_newc_header {
+	char magic[6];
+	char ino[8];
+	char mode[8];
+	char uid[8];
+	char gid[8];
+	char nlink[8];
+	char mtime[8];
+	char filesize[8];
+	char devmajor[8];
+	char devminor[8];
+	char rdevmajor[8];
+	char rdevminor[8];
+	char namesize[8];
+	char check[8];
+} cpio_newc_header;
+
+// Basic cpio functions
+void cpio_free(cpio_entry *e);
+int cpio_find(struct vector *v, const char *entry);
+int cpio_cmp(const void *a, const void *b);
+void parse_cpio(struct vector *v, const char *filename);
+void dump_cpio(struct vector *v, const char *filename);
+void cpio_vec_insert(struct vector *v, cpio_entry *n);
+void cpio_vec_destroy(struct vector *v);
+void cpio_rm(struct vector *v, int recursive, const char *entry);
+void cpio_mkdir(struct vector *v, mode_t mode, const char *entry);
+void cpio_ln(struct vector *v, const char *target, const char *entry);
+void cpio_add(struct vector *v, mode_t mode, const char *entry, const char *filename);
+int cpio_mv(struct vector *v, const char *from, const char *to);
+int cpio_extract(struct vector *v, const char *entry, const char *filename);
+void cpio_extract_all(struct vector *v);
+
+#endif
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
topjohnwu	bb70385a42	Update Magisk Manager	2018-03-11 08:37:13 +08:00
topjohnwu	9855877b03	Update rules for Android P	2018-03-11 08:36:20 +08:00
topjohnwu	76c9188fae	Android P renamed nonplat_properties	2018-03-11 02:53:57 +08:00
topjohnwu	e4e5269836	Android P have no make_ext4fs, use mke2fs as fallback	2018-03-11 02:52:24 +08:00
topjohnwu	9e737df534	Update high compression mode detection logic	2018-03-10 15:55:55 +08:00
Shaka Huang	0b3192c4d5	Check dtb even if kernel is not available By the flow of unpacking boot image of Chrome OS there will be no kernel file but an dtb image. In that case the dtb image won’t be added when repacking boot image. Signed-off-by: Shaka Huang <shakalaca@gmail.com>	2018-03-03 20:57:55 +08:00
Shaka Huang	968e6237bd	Fix error parsing MTK boot.img Should be copy & paste error: 1. boot->r_fmt should be re-checked instead of boot->k_fmt once MTK header was found in ramdisk. 2. ramdisk_size should be restored instead of kernel_size when uncompressed ramdisk was found. 3. Correct header of ramdisk Signed-off-by: Shaka Huang <shakalaca@gmail.com>	2018-03-03 20:57:37 +08:00
worstperson	d780b5a0e4	Add support for the Nook Tablet, Acclaim Also changed occurences of NOOK with NOOKHD	2018-03-03 20:55:44 +08:00
worstperson	3e48427eaf	Add support for the new NOOK_MAGIC The new cmdline value that's been in use since Marshmallow	2018-03-03 20:55:44 +08:00
worstperson	31360c34ed	Set NOOK_PRE_HEADER_SZ from 0xFFFFF to 0x100000 All applicable Nook HD/HD+ roms are using this offset	2018-03-03 20:55:44 +08:00
topjohnwu	e9624e2304	Update submodules	2018-02-22 02:49:54 +08:00
topjohnwu	9c6e64f47d	Workaround compiler optimization bug	2018-02-21 14:44:24 +08:00
topjohnwu	0afa601551	Fix F2FS manager crashing	2018-02-20 05:15:06 +08:00
topjohnwu	a94fa81195	Support non skip_initramfs device with slot suffix	2018-02-14 00:57:52 +08:00
topjohnwu	6119c24720	Bump Magisk Manager version	2018-02-13 08:04:47 +08:00
topjohnwu	7da205f4c8	Round sizes to nearest integer	2018-02-12 04:56:50 +08:00
topjohnwu	754fafcfe9	Check logd before logging	2018-02-12 02:48:15 +08:00
topjohnwu	bd7766b17e	Prevent small memory leak	2018-02-11 21:55:57 +08:00
Andrew Gunnerson	70b7d73453	utils/cpio.c: Fix off-by-one error in cpio_vec_insert Previously, if `cpio_vec_insert()` needed to replace a file and the file already exists as the first entry, then a duplicate entry would get created. This fixes the bug I reported at: https://forum.xda-developers.com/showpost.php?p=75449768&postcount=22647 Signed-off-by: Andrew Gunnerson <andrewgunnerson@gmail.com>	2018-02-11 18:50:42 +08:00
Andrew Gunnerson	5ad4702a5b	utils/file.c: NULL terminate all files read into memory Some functions, like `patch_init_rc()`, treat buffers read into memory as a string instead of a byte buffer. Since the buffers weren't NULL-terminated, this resulted in out-of-bounds reads and caused crashes in certain conditions. THis commit updates fd_full_read() to always NULL-terminate the buffers so that they can be treated as strings when working with text files. Signed-off-by: Andrew Gunnerson <andrewgunnerson@gmail.com>	2018-02-11 18:50:42 +08:00
topjohnwu	40b6fe03c2	Tweak enum	2018-02-11 18:50:42 +08:00
topjohnwu	49ecba2476	Obfuscate filenames to prevent detection Because why not	2018-02-11 04:04:47 +08:00
topjohnwu	ebd509d92d	Obfuscate socket name to prevent detection Because why not	2018-02-11 03:59:54 +08:00
topjohnwu	7193374a7e	Better Windows support	2018-02-10 19:54:58 +08:00
topjohnwu	6728445542	Support separate ramdisk images	2018-02-10 03:34:13 +08:00
topjohnwu	10ed299c78	Detect recovery on FBE devices with no DE access	2018-02-10 03:31:00 +08:00
topjohnwu	32b124913e	Change busybox config	2018-02-06 05:52:25 +08:00
topjohnwu	599ae95251	Support moving files across filesystems	2018-02-02 04:47:16 +08:00
topjohnwu	d1be34c34a	Support sepolicy_debug	2018-02-02 04:17:13 +08:00
topjohnwu	bc2cac90fe	Hardlink files recursively	2018-02-02 03:22:38 +08:00
topjohnwu	28350e3ad9	Support Nook Green Loader	2018-01-30 05:56:59 +08:00
topjohnwu	f48e6c93b8	Support Tegra blobs	2018-01-30 05:20:18 +08:00
topjohnwu	7cfc24d68f	Add DHTB header support	2018-01-29 22:16:02 +08:00
topjohnwu	a58d3ea04d	Use libmincrypt	2018-01-29 15:34:05 +08:00
topjohnwu	dfee9954e0	Small refactor of magiskboot	2018-01-29 03:12:35 +08:00
topjohnwu	eed86c760f	Add support to PXA devices Close #340	2018-01-29 02:44:30 +08:00
topjohnwu	c471bb6f67	Update external sources	2018-01-29 02:41:39 +08:00
topjohnwu	518c2b0f95	Update README	2018-01-28 04:44:46 +08:00
topjohnwu	328fc44194	Rename module core to native	2018-01-27 09:11:28 +08:00
topjohnwu	b6f735a8f6	Rename module	2018-01-27 08:34:40 +08:00
topjohnwu	deae08fc4b	Port zipadjust to Java	2018-01-27 08:25:34 +08:00
topjohnwu	c61135ee7b	Embed testkeys into jar	2018-01-27 00:19:35 +08:00
topjohnwu	97cf15007f	Update crypto	2018-01-23 05:06:34 +08:00
topjohnwu	e8302dfbe2	Update Magisk Manager	2018-01-13 06:28:22 +08:00
topjohnwu	558f95cf7e	Improve APK installation and add logging	2018-01-13 06:28:07 +08:00
topjohnwu	18f6ead891	Fix alignment when boot image has head offset	2018-01-13 06:28:07 +08:00
topjohnwu	10bd25be52	Suppress harmless error logs	2018-01-12 00:23:38 +08:00
topjohnwu	65511845d2	Fix APK installation on some devices Close #367. Android 6.0 and before doesn't like the new path	2018-01-11 20:57:05 +08:00
topjohnwu	1c743839ea	Add MS_SILENT to xmount and cleanup function wraps	2018-01-11 03:06:20 +08:00
topjohnwu	bcae9dec41	Fix a bug when only one script will run	2018-01-11 02:48:15 +08:00
Shaka Huang	482c9af41f	Fix segmentation fault When both keepverity and keepforceencrypt are false, ‘e’ will be freed after removing ‘verity_key’ and segmentation fault might happened in strstr(e->filename, “fstab”) Signed-off-by: Shaka Huang <shakalaca@gmail.com>	2018-01-11 02:08:52 +08:00
topjohnwu	2bf2e7461f	Update diagram URL	2018-01-09 06:50:03 +08:00
topjohnwu	7d1082b1cb	Fix magiskhide in graph	2018-01-09 06:48:58 +08:00
topjohnwu	0dbae83aec	Update diagram URL	2018-01-09 06:08:54 +08:00
topjohnwu	f927c1b997	Update procedure diagram	2018-01-09 06:07:12 +08:00
topjohnwu	89ec7dad2b	Update documentation to v15.2	2018-01-08 22:33:55 +08:00
topjohnwu	4fd61345af	Happy New Year	2018-01-02 01:27:20 +08:00
topjohnwu	66cca24453	Samsung need more rules :)	2018-01-02 00:11:26 +08:00
topjohnwu	e733484fab	Some devices don't like all log buffers	2018-01-01 23:58:13 +08:00
topjohnwu	e5c3183025	Update scripts	2018-01-01 16:46:28 +08:00
topjohnwu	930c82316a	Slightly change logging style	2017-12-31 21:54:39 +08:00
Shaka Huang	3dc22db265	Support loading split sepolicy on non skip_initramfs devices For certain device (e.g ZenFone 4 ZE554KL) there’s no sepolicy under rootfs and no a/b partition (implies no vendor partition) Magisk will failed to patch SELinux policy database and the system won’t boot up. In order to cope with this configuration the status of loading policy db needs to be checked, once it failed we have to mount the system partition and do patch_sepolicy() again. Signed-off-by: Shaka Huang <shakalaca@gmail.com>	2017-12-31 21:30:56 +08:00
topjohnwu	d8c51cb286	Update sepolicy handling	2017-12-31 19:32:04 +08:00
topjohnwu	2f79d0c3b3	Fix segfault while patching dtb	2017-12-31 19:30:56 +08:00
topjohnwu	d8bb3af06b	Miscellaneous	2017-12-29 04:25:30 +08:00
topjohnwu	e139e8777b	Fix faulty magiskboot ramdisk patch code	2017-12-29 04:25:03 +08:00
topjohnwu	d52d7cfbd9	Update magiskpolicy	2017-12-26 04:24:48 +08:00
topjohnwu	4f74a259e3	Update Magisk Manager	2017-12-26 04:00:01 +08:00
topjohnwu	74da6e1dc0	Support new 1500 template	2017-12-26 03:23:58 +08:00
topjohnwu	84ffdf0ed5	Eliminate a possbility to cause segfault	2017-12-25 05:21:40 +08:00
topjohnwu	022b18c8ce	Properly detect /data status	2017-12-25 05:21:40 +08:00
topjohnwu	b92b1dcddb	cil: Allow redeclare types[attributes] and disable neverallow	2017-12-25 05:21:40 +08:00
topjohnwu	1472dbb291	Add cache magisk image merging support	2017-12-22 16:10:38 +08:00
topjohnwu	d58a8dc868	Update Magisk Manager	2017-12-22 06:44:22 +08:00
topjohnwu	e94be0b70e	Prevent creating 128M images make_ext4fs will fail creating 128M ext4 images, LOL WTF? Change it to 132M to fix this issue	2017-12-22 02:39:44 +08:00
topjohnwu	f6ae7e1bf1	Allow su to work when manager uninstalled	2017-12-22 00:30:08 +08:00
topjohnwu	f7b4935677	Add recommend KEEPVERITY and KEEPFORCEENCRYPT flags	2017-12-21 15:42:03 +08:00
topjohnwu	a3c49de6a5	Refactor magiskboot	2017-12-21 03:36:18 +08:00
topjohnwu	e8dd1b292f	Update snet	2017-12-19 15:51:01 +08:00
topjohnwu	d21264d01b	Let magiskinit directly spawn new magisk_daemon process	2017-12-19 14:27:54 +08:00
topjohnwu	b0567eadfd	Reduce effort and memory of log monitor	2017-12-18 18:17:37 +08:00
topjohnwu	5fc2058336	Show version code when report client	2017-12-18 16:00:44 +08:00
topjohnwu	d0567d29d2	Update su to match Linux's implementation	2017-12-18 15:46:18 +08:00
topjohnwu	4db0ad32f0	Fix install scripts	2017-12-18 03:08:53 +08:00
topjohnwu	d065040321	Fix magiskinit invincible mode and logcat monitor	2017-12-18 02:51:27 +08:00
topjohnwu	17f0fea3fc	Fix unreleased resource in rootfs	2017-12-16 04:42:16 +08:00
topjohnwu	8ca1e43533	Move all /data files into /data/adb	2017-12-16 04:42:16 +08:00
topjohnwu	bd01c314dc	Change database location	2017-12-12 03:04:55 +08:00
topjohnwu	e404476609	Fix logs on decrypted /data	2017-12-07 23:25:43 +08:00
topjohnwu	942c870981	Properly handle KEEPVERITY and HIGHCOMP	2017-12-07 04:20:27 +08:00
topjohnwu	baff9256c5	Dynamic patch verity and forceencrypt flag	2017-12-07 03:21:13 +08:00
topjohnwu	b4c0a255fc	Separate pattern logic	2017-12-07 01:30:48 +08:00
topjohnwu	9f6a27c20d	Add high compression ramdisk support	2017-12-06 12:51:16 +08:00
topjohnwu	742dc137ed	More fail proof to magiskinit	2017-12-05 21:05:20 +08:00
topjohnwu	39a6bd33ce	Fix critical bug	2017-12-05 05:32:15 +08:00
topjohnwu	4672a5fad6	Add cpio extract all feature	2017-12-05 03:32:37 +08:00
topjohnwu	e649b0a2df	Update README.md	2017-12-04 22:59:29 +08:00
topjohnwu	fd8dbe3eff	Greatly reduce Gradle sync time and frequency	2017-12-04 22:21:19 +08:00
topjohnwu	bb97cc594d	Cleanup and small fixes	2017-12-04 18:05:07 +08:00
topjohnwu	70a322263e	Fix Android Studio gradle sync	2017-12-04 15:32:18 +08:00
topjohnwu	c6f144d482	Update README.md	2017-12-04 15:21:06 +08:00
topjohnwu	3709489b3a	Massive project restructure	2017-12-04 15:16:41 +08:00
topjohnwu	145ef32e28	Tidy up external	2017-12-04 03:37:00 +08:00
topjohnwu	2212800a23	Add symlink feature to cpio	2017-12-04 03:37:00 +08:00
topjohnwu	2e25431bb6	Generalize cpio functions	2017-12-04 03:37:00 +08:00
topjohnwu	32c8e7522f	More precise logging configuration	2017-12-01 17:38:57 +08:00
topjohnwu	a5e4f3cc6b	Separate cpio logic from MagiskBoot	2017-12-01 17:17:24 +08:00
topjohnwu	a30777bd9f	Fix bug in compiling split cil	2017-12-01 03:33:25 +08:00
topjohnwu	e989195a68	Update magiskpolicy	2017-11-30 20:57:40 +08:00
topjohnwu	997d58932e	Adjust daemon initialization	2017-11-28 04:43:46 +08:00
topjohnwu	b4015f877f	New invincible implementation	2017-11-28 03:42:48 +08:00
topjohnwu	d15fff95b9	Use inotify to monitor files	2017-11-27 15:37:28 +08:00
topjohnwu	687e3b13ea	Bump Magisk Manager version	2017-11-23 23:56:17 +08:00
topjohnwu	8c6bb383b7	Add support to build with NDK r10e	2017-11-23 23:55:33 +08:00
topjohnwu	bc592c1d13	Fix bootloops on some devices	2017-11-23 18:38:12 +08:00
topjohnwu	968bd8be67	Update Magisk Manager	2017-11-23 01:33:33 +08:00
topjohnwu	d8b8adb88c	Fix is_mounted function	2017-11-22 22:22:29 +08:00
topjohnwu	f42d820891	Several small tweaks	2017-11-22 16:12:08 +08:00
topjohnwu	bc21a1fb71	Update internal paths	2017-11-22 16:04:24 +08:00
topjohnwu	3bc31374ac	Fix issue of touch command on Android 5.0	2017-11-20 04:13:51 +08:00
topjohnwu	858e7bae2b	More precise size for mmap	2017-11-20 03:40:37 +08:00
Patryk Szalanski	8c02d120a2	Fix missing includes for ndk r16	2017-11-17 02:54:16 +08:00
topjohnwu	07e353f4ff	Fix typo when handling MTK	2017-11-16 22:26:28 +08:00
topjohnwu	bb33d9e600	Use real tmp files	2017-11-15 05:48:31 +08:00
topjohnwu	68eb0bdec9	Allow specific signal to specific threads	2017-11-15 05:48:31 +08:00
topjohnwu	32ee8e462c	Properly and fully support dtbo patching	2017-11-15 05:48:31 +08:00
topjohnwu	e79aa54b70	Proper Windows building support	2017-11-12 04:17:56 +08:00
topjohnwu	9a95652034	Simplify compress code	2017-11-12 04:08:52 +08:00
topjohnwu	912c188b53	Add dtbo.img patch support	2017-11-11 01:33:50 +08:00
topjohnwu	e9d0f615ba	Add dtb test command	2017-11-11 01:30:33 +08:00
topjohnwu	9136573596	Add stdin/stdout support	2017-11-10 20:25:41 +08:00
topjohnwu	2487ec94e6	Add support to remove avb verity	2017-11-10 03:45:06 +08:00
topjohnwu	811489f157	Small reorganization	2017-11-10 01:51:41 +08:00
topjohnwu	b438cc9335	Remove unnecessary monogisk	2017-11-10 00:54:54 +08:00
topjohnwu	1d3d30fa45	Get potential slot info	2017-11-09 03:05:25 +08:00
topjohnwu	72b5985398	Prevent race condition on /magisk symlink	2017-11-09 03:05:01 +08:00
topjohnwu	2db60e0a6b	Add Pixel 2 XL support	2017-11-06 22:33:41 +08:00
topjohnwu	e710848345	Unify Magisk configuration Introduce monogisk tool	2017-11-06 06:22:45 +08:00
topjohnwu	8d6f3c2450	Fix build error on release builds	2017-11-02 14:48:22 +08:00
topjohnwu	f863d127e7	Fix Xiaomi A1 support	2017-11-01 22:49:06 +08:00
topjohnwu	a831110816	Add boot signing to installation	2017-10-31 17:05:24 +08:00
topjohnwu	e97bdb53f4	Adjust java paths	2017-10-30 03:45:50 +08:00
topjohnwu	fe1439fbac	Support changing su requester package name	2017-10-28 16:20:31 +08:00
topjohnwu	2bc30e5c22	Hide /magisk	2017-10-28 16:12:01 +08:00
topjohnwu	7244c02a0d	Small adjustments	2017-10-28 16:11:01 +08:00
topjohnwu	6c229ffa68	Update external sources	2017-10-19 00:46:39 +08:00
topjohnwu	cdc5d983f3	Bump MagiskManager version	2017-10-15 03:21:33 +08:00
topjohnwu	96688e4dac	Fix proper Lollipop selinux support	2017-10-14 22:37:02 +08:00
topjohnwu	28a945fee9	Fix SEGFAULT in magisk log dumper	2017-10-14 21:10:52 +08:00
topjohnwu	c7e777255a	Reduce unnecessary stack memory allocation	2017-10-14 21:10:51 +08:00
topjohnwu	2dd4cf040e	Prevent multiple process clashes to start daemon	2017-10-14 21:10:51 +08:00
topjohnwu	d1b9eca5eb	Fix bug that cause boot delay	2017-10-14 00:19:13 +08:00
topjohnwu	594a67fe28	Cleanup and add more xwraps	2017-10-14 00:08:12 +08:00
topjohnwu	cddeaffada	Remove err_handler	2017-10-13 22:26:42 +08:00
topjohnwu	2a8898e7c3	Fix lz4 legacy on LG zImages	2017-10-13 00:18:40 +08:00
topjohnwu	ce3f3b09b4	Brute force resizeimg for Crapsung device :)	2017-10-12 14:32:40 +08:00
topjohnwu	fe4b3df7e9	Fix selinux context on Magisk files	2017-10-12 14:32:40 +08:00
topjohnwu	25bdbcf526	Add new file operations	2017-10-12 14:32:40 +08:00
topjohnwu	df7eaa5598	Reduce update-binary size	2017-10-11 02:26:43 +08:00
topjohnwu	bb7099376b	Improve daemon startup and log management	2017-10-11 02:26:28 +08:00
topjohnwu	0327fd9710	Restart MagiskHide if daemon restarted	2017-10-10 19:49:15 +08:00
topjohnwu	e645c6e465	Refactor resetprop	2017-10-10 02:04:50 +08:00
topjohnwu	78a3d36ccc	Allow devices without separate vendor partition	2017-10-09 21:53:50 +08:00
topjohnwu	3942858ccd	Introduce a single general purpose logcat monitor	2017-10-09 05:39:40 +08:00
topjohnwu	03c8d716cc	Introduce Invincible Mode: Self recover service	2017-10-08 22:00:22 +08:00
topjohnwu	60181c4fcb	MagiskManager -> java	2017-10-07 22:48:16 +08:00
topjohnwu	c215447405	Fix Pixel C installation	2017-10-07 22:08:10 +08:00
topjohnwu	89330b89d8	Clone attributes to new tmpfs mountpoint	2017-09-29 01:07:28 +08:00
topjohnwu	a8f3718ed0	Bump MagiskManager version	2017-09-28 05:50:18 +08:00
topjohnwu	a78ba44709	Always create core directories	2017-09-28 05:50:06 +08:00
topjohnwu	ff110e3513	Update docs	2017-09-28 05:39:10 +08:00
topjohnwu	cfae6c63b5	Remove sepolicy-inject alias	2017-09-28 01:01:46 +08:00
topjohnwu	dbfe49c56f	Unlock blocks before flashing boot image	2017-09-28 00:54:01 +08:00
topjohnwu	98e21f9f5b	Update uninstaller	2017-09-27 15:26:21 +08:00
topjohnwu	83af0497e4	Don't use dummy directory; directly use tmpfs	2017-09-27 04:36:01 +08:00
topjohnwu	6ce37b44db	Improve logging	2017-09-27 04:36:01 +08:00
topjohnwu	9cb1cf756f	Update scripts	2017-09-26 20:21:43 +08:00
topjohnwu	ffa005e4ab	Don't patch FBE flags	2017-09-26 02:04:07 +08:00
topjohnwu	af102e47f1	Fix a small bug in deleteprop	2017-09-25 17:47:30 +08:00
topjohnwu	73064a816d	Fix ramdisk patches	2017-09-25 13:44:00 +08:00
topjohnwu	9b4ae8fcc5	Adjust scripts	2017-09-16 03:48:58 +08:00
topjohnwu	a1a2c52409	Patch sepolicy at boot time	2017-09-16 01:32:09 +08:00
topjohnwu	9a0b26e0b0	Proper FBE support	2017-09-15 18:05:42 +08:00
topjohnwu	b805b96e16	Read SHA1 from overlay ramdisk	2017-09-15 18:03:56 +08:00
topjohnwu	590e7f7724	Proper support for Magisk Manager installation	2017-09-15 18:02:25 +08:00
Shaka Huang	4d61e5e319	Fix error generating binary for x86 fix typo Signed-off-by: Shaka Huang <shakalaca@gmail.com>	2017-09-14 14:33:37 -05:00
topjohnwu	8c8a63ebfb	Use external functions in init Don't reinvent the wheel	2017-09-15 03:22:23 +08:00
topjohnwu	e5e34797a8	Patch fstab from dtb	2017-09-15 02:52:53 +08:00
topjohnwu	8516ebe6f5	Add libfdt	2017-09-15 02:52:53 +08:00
topjohnwu	9f6205f47f	Refactor ramdisk pattern patches	2017-09-15 02:52:53 +08:00
topjohnwu	8b2ec23a89	Re-organize MagiskBoot	2017-09-15 02:52:53 +08:00
topjohnwu	1816ca6b02	Seperate logging to another header	2017-09-15 02:52:53 +08:00
topjohnwu	7394ff9346	Rename cpio_file -> cpio_entry	2017-09-15 02:52:53 +08:00
topjohnwu	bb5a6a1c28	Re-organize folders	2017-09-14 01:57:53 +08:00
topjohnwu	b614b06736	Search for dtb only if not existed	2017-09-14 01:57:44 +08:00
topjohnwu	7a376c9efc	Adjust the daemon for Pixel support	2017-09-14 01:57:44 +08:00
topjohnwu	518f3d229f	Slight adjustments to scripts	2017-09-13 15:51:45 +08:00
topjohnwu	46c91f923d	Update scripts to support Pixel (XL)	2017-09-13 04:08:50 +08:00
topjohnwu	3a2262dfb3	Use backup init if booted as recovery	2017-09-13 04:08:50 +08:00
topjohnwu	ff7c38f8e9	Add runtime ramdisk patch support	2017-09-13 04:08:50 +08:00
topjohnwu	4229ba364f	Update lz4 to v1.8.0	2017-09-13 04:08:50 +08:00
topjohnwu	ba8e7a211a	Use default preferences from lz4 cli	2017-09-13 04:08:50 +08:00
topjohnwu	6b41653a32	Add kernel decompression and appended dtb support	2017-09-13 04:08:50 +08:00
topjohnwu	59c1125e72	Refactor MagiskBoot compression methods	2017-09-13 04:08:50 +08:00
topjohnwu	b536046720	MagiskBoot refactor	2017-09-13 04:08:50 +08:00
topjohnwu	619b805894	Add secilc	2017-09-13 04:08:50 +08:00
topjohnwu	8662537883	Add ramdisk overlay to magiskinit	2017-09-13 04:08:50 +08:00
topjohnwu	717890395b	Introduce magiskinit for Pixel (XL)	2017-09-13 04:08:50 +08:00
topjohnwu	b7b4164f4f	Add cpio-mv action	2017-09-13 04:08:44 +08:00
topjohnwu	7e65296470	Small improvement to cpio	2017-09-13 04:08:44 +08:00
topjohnwu	cd5f5d702f	Fix stock image dump not stored correctly	2017-09-13 04:08:44 +08:00