Happy New Year

For certain device (e.g ZenFone 4 ZE554KL) there’s no sepolicy under rootfs and no a/b partition (implies no vendor partition) Magisk will failed to patch SELinux policy database and the system won’t boot up.

In order to cope with this configuration the status of loading policy db needs to be checked, once it failed we have to mount the system partition and do patch_sepolicy() again.

Signed-off-by: Shaka Huang <shakalaca@gmail.com>

README.MD

@@ -43,12 +43,12 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 **MagiskManager** (`app`)
 
-* Copyright 2016-2017, John Wu (@topjohnwu)
+* Copyright 2016-2018, John Wu (@topjohnwu)
 * All contributors and translators on Github
 
 **MagiskSU** (`core/jni/su`)
 
-* Copyright 2016-2017, John Wu (@topjohnwu)
+* Copyright 2016-2018, John Wu (@topjohnwu)
 * Copyright 2015, Pierre-Hugues Husson (phh@phh.me)
 * Copyright 2013, Koushik Dutta (@koush)
 * Copyright 2010, Adam Shanks (@ChainsDD)
@@ -56,18 +56,18 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 **MagiskPolicy** (`core/jni/magiskpolicy`)
 
-* Copyright 2016-2017, John Wu (@topjohnwu)
+* Copyright 2016-2018, John Wu (@topjohnwu)
 * Copyright 2015, Pierre-Hugues Husson (phh@phh.me)
 * Copyright 2015, Joshua Brindle (@joshua_brindle)
 
 **MagiskHide** (`core/jni/magiskhide`)
 
-* Copyright 2016-2017, John Wu (@topjohnwu)
+* Copyright 2016-2018, John Wu (@topjohnwu)
 * Copyright 2016, Pierre-Hugues Husson (phh@phh.me)
 
 **resetprop** (`core/jni/resetprop`)
 
- * Copyright 2016-2017 John Wu (@topjohnwu)
+ * Copyright 2016-2018 John Wu (@topjohnwu)
  * Copyright 2016 nkk71 (nkk71x@gmail.com)
 
 **External Dependencies** (`core/jni/external`)
@@ -78,4 +78,4 @@ All of them are either GPL or GPL compatible.
 
 **Others Not Mentioned**
 
-* Copyright 2016-2017, John Wu (@topjohnwu)
+* Copyright 2016-2018, John Wu (@topjohnwu)

core/jni/core/bootstages.c

@@ -274,7 +274,7 @@ static void clone_skeleton(struct node_entry *node) {
 		char *con;
 		xstat(full_path, &s);
 		getfilecon(full_path, &con);
-		LOGI("tmpfs: %s\n", full_path);
+		LOGI("mnt_tmpfs : %s\n", full_path);
 		xmount("tmpfs", full_path, "tmpfs", 0, NULL);
 		chmod(full_path, s.st_mode & 0777);
 		chown(full_path, s.st_uid, s.st_gid);
@@ -295,7 +295,7 @@ static void clone_skeleton(struct node_entry *node) {
 		if (child->parent->parent == NULL && strcmp(child->name, "vendor") == 0) {
 			if (IS_LNK(child)) {
 				cp_afc(MIRRDIR "/system/vendor", "/system/vendor");
-				LOGI("cplink: %s -> %s\n", MIRRDIR "/system/vendor", "/system/vendor");
+				LOGI("creat_link: %s <- %s\n", "/system/vendor", MIRRDIR "/system/vendor");
 			}
 			// Skip
 			continue;
@@ -315,9 +315,9 @@ static void clone_skeleton(struct node_entry *node) {
 			// Copy symlinks directly
 			cp_afc(buf2, buf);
 			#ifdef MAGISK_DEBUG
-				LOGI("cplink: %s -> %s\n",buf2, buf);
+				LOGI("creat_link: %s <- %s\n",buf, buf2);
 			#else
-				LOGI("cplink: %s\n", buf);
+				LOGI("creat_link: %s\n", buf);
 			#endif
 		} else {
 			snprintf(buf, PATH_MAX, "%s/%s", full_path, child->name);

core/jni/core/daemon.c

@@ -129,11 +129,6 @@ void daemon_init() {
 	unlink("/data/magisk_debug.log");
 	chmod("/data/adb", 0700);
 
-	// Use shell glob to match files
-	exec_command_sync("sh", "-c",
-			"mv -f /data/adb/magisk/stock_*.img.gz /data;"
-			"rm -f /data/user*/*/magisk.db;", NULL);
-
 	LOGI("* Creating /sbin overlay");
 	DIR *dir;
 	struct dirent *entry;

core/jni/core/log_monitor.c

@@ -55,7 +55,7 @@ static void *logger_thread(void *args) {
 
 	while (1) {
 		// Start logcat
-		log_pid = exec_command(0, &log_fd, NULL, "logcat", "-b", "all" , "-v", "threadtime", "-s", "am_proc_start", "Magisk", NULL);
+		log_pid = exec_command(0, &log_fd, NULL, "logcat", "-b", "events", "-b", "main", "-v", "threadtime", "-s", "am_proc_start", "-s", "Magisk", NULL);
 		while (fdgets(line, sizeof(line), log_fd)) {
 			for (int i = 0; i < (sizeof(log_events) / sizeof(struct log_listener)); ++i) {
 				if (log_events[i].fd > 0 && log_events[i].filter(line)) {
@@ -74,7 +74,7 @@ static void *logger_thread(void *args) {
 		waitpid(log_pid, NULL, 0);
 
 		// Clear buffer before restart
-		exec_command_sync("logcat", "-b", "all", "-c", NULL);
+		exec_command_sync("logcat", "-b", "events", "-b", "main", "-c", NULL);
 	}
 
 	// Should never be here, but well...

core/jni/core/magiskinit.c

@@ -305,16 +305,20 @@ static int verify_precompiled() {
 	return strcmp(sys_sha, ven_sha) == 0;
 }
 
-static void patch_sepolicy() {
+static int patch_sepolicy() {
 	if (access("/sepolicy", R_OK) == 0)
 		load_policydb("/sepolicy");
 	else if (access(SPLIT_PRECOMPILE, R_OK) == 0 && verify_precompiled())
 		load_policydb(SPLIT_PRECOMPILE);
 	else if (access(SPLIT_PLAT_CIL, R_OK) == 0)
 		compile_cil();
+	else
+		return 1;
 
 	sepol_magisk_rules();
 	dump_policydb("/sepolicy");
+
+	return 0;
 }
 
 #define BUFSIZE (1 << 20)
@@ -364,7 +368,8 @@ static void magisk_init_daemon() {
 	sepol_allow("su", ALL, ALL, ALL);
 
 	// Wait till init cold boot done
-	wait_till_exists("/dev/.coldboot_done");
+	while (access("/dev/.coldboot_done", F_OK))
+		usleep(1);
 
 	int null = open("/dev/null", O_RDWR | O_CLOEXEC);
 	dup3(null, STDIN_FILENO, O_CLOEXEC);
@@ -507,7 +512,21 @@ int main(int argc, char *argv[]) {
 		mv_dir(overlay, root);
 
 		patch_ramdisk(root);
-		patch_sepolicy();
+		if (patch_sepolicy()) {
+			/* Non skip_initramfs devices using separate sepolicy
+			 * Mount /system and try to load again */
+			mount("sysfs", "/sys", "sysfs", 0, NULL);
+			struct device dev;
+			setup_block(&dev, "system");
+			mount(dev.path, "/system", "ext4", MS_RDONLY, NULL);
+			// We need to mount independent vendor partition
+			if (setup_block(&dev, "vendor") == 0)
+				mount(dev.path, "/vendor", "ext4", MS_RDONLY, NULL);
+
+			patch_sepolicy();
+
+			umount("/system");
+		}
 
 		if (fork_dont_care() == 0) {
 			strcpy(argv[0], "magiskinit");

core/jni/magiskboot/dtb.c

@@ -78,8 +78,17 @@ static void dtb_patch(const char *file, int patch) {
 				fdt_for_each_subnode(block, fdt, fstab) {
 					fprintf(stderr, "Found block [%s] in fstab\n", fdt_get_name(fdt, block, NULL));
 					uint32_t value_size;
-					void *value = (char *) fdt_getprop(fdt, block, "fsmgr_flags", &value_size);
-					found |= patch_verity(&value, &value_size, patch);
+					void *value = (void *) fdt_getprop(fdt, block, "fsmgr_flags", &value_size);
+					if (patch) {
+						void *dup = xmalloc(value_size);
+						memcpy(dup, value, value_size);
+						memset(value, 0, value_size);
+						found |= patch_verity(&dup, &value_size, 1);
+						memcpy(value, dup, value_size);
+						free(dup);
+					} else {
+						found |= patch_verity(&value, &value_size, 0);
+					}
 				}
 			}
 		}

core/jni/magiskboot/main.c

@@ -73,12 +73,12 @@ static void usage(char *arg0) {
 		" --dtb-<cmd> <dtb>\n"
 		"  Do dtb related cmds to <dtb> (modifications are done directly)\n"
 		"  Supported commands:\n"
-		"    -dump\n"
+		"    dump\n"
 		"      Dump all contents from dtb for debugging\n"
-		"    -test\n"
+		"    test\n"
 		"      Check if fstab has verity/avb flags\n"
-		"      Return value: 0/no flags 1/flag exists"
-		"    -patch\n"
+		"      Return value: 0/no flags 1/flag exists\n"
+		"    patch\n"
 		"      Search for fstab and remove verity/avb\n"
 		"\n"
 		" --compress[=method] <infile> [outfile]\n"

core/jni/magiskboot/ramdisk.c

@@ -9,6 +9,8 @@
 #include "cpio.h"
 
 static void cpio_patch(struct vector *v, int keepverity, int keepforceencrypt) {
+	fprintf(stderr, "Patch with flag KEEPVERITY=[%s] KEEPFORCEENCRYPT=[%s]\n",
+			keepverity ? "true" : "false", keepforceencrypt ? "true" : "false");
 	cpio_entry *e;
 	vec_for_each(v, e) {
 		if (!e) continue;
@@ -134,7 +136,7 @@ static void cpio_backup(struct vector *v, struct vector *bak, const char *orig,
 			backup = 1;
 			fprintf(stderr, "Backup mismatch entry: ");
 		} else {
-			// Someting new in ramdisk, record in rem
+			// Something new in ramdisk, record in rem
 			++j;
 			rem->data = xrealloc(rem->data, rem->filesize + strlen(n->filename) + 1);
 			memcpy(rem->data + rem->filesize, n->filename, strlen(n->filename) + 1);

core/jni/magiskhide/proc_monitor.c

@@ -176,8 +176,8 @@ void proc_monitor() {
 	// Get the mount namespace of zygote
 	zygote_num = 0;
 	while(!zygote_num) {
-		// Check zygote every 2 secs
-		sleep(2);
+		// Check zygote every 10 ms
+		usleep(10000);
 		ps_filter_proc_name("zygote", store_zygote_ns);
 	}
 	ps_filter_proc_name("zygote64", store_zygote_ns);

core/jni/utils/misc.c

@@ -282,7 +282,7 @@ int exec_command(int err, int *fd, void (*setupenv)(struct vector*), const char
 int bind_mount(const char *from, const char *to) {
 	int ret = xmount(from, to, NULL, MS_BIND, NULL);
 #ifdef MAGISK_DEBUG
-	LOGI("bind_mount: %s -> %s\n", from, to);
+	LOGI("bind_mount: %s <- %s\n", to, from);
 #else
 	LOGI("bind_mount: %s\n", to);
 #endif

core/jni/utils/pattern.c

@@ -4,19 +4,19 @@
 #include "utils.h"
 
 static int check_verity_pattern(const char *s) {
-	int pos = 0;
-	if (s[0] == ',') ++pos;
-	if (strncmp(s + pos, "verify", 6) == 0)
-		pos += 6;
-	else if (strncmp(s + pos, "avb", 3) == 0)
-		pos += 3;
+	int skip = 0;
+	if (s[0] == ',') ++skip;
+	if (strncmp(s + skip, "verify", 6) == 0)
+		skip += 6;
+	else if (strncmp(s + skip, "avb", 3) == 0)
+		skip += 3;
 	else
 		return -1;
 
-	if (s[pos] == '=') {
-		while (s[pos] != '\0' && s[pos] != ' ' && s[pos] != '\n' && s[pos] != ',') ++pos;
+	if (s[skip] == '=') {
+		while (s[skip] != '\0' && s[skip] != ' ' && s[skip] != '\n' && s[skip] != ',') ++skip;
 	}
-	return pos;
+	return skip;
 }
 
 static int check_encryption_pattern(const char *s) {
@@ -59,34 +59,41 @@ void patch_init_rc(void **buf, size_t *size) {
 }
 
 int patch_verity(void **buf, uint32_t *size, int patch) {
-	int skip, found = 0;
-	for (int pos = 0; pos < *size; ++pos) {
-		if ((skip = check_verity_pattern(*buf + pos)) > 0) {
-			found = 1;
-			fprintf(stderr, "%s pattern [%.*s]\n", patch ? "Remove" : "Found", skip, (char *) *buf + pos);
-			if (patch) {
-				memcpy(*buf + pos, *buf + pos + skip, *size - pos - skip);
-				memset(*buf + *size - skip, '\0', skip);
-				*size -= skip;
-			} else {
-				pos += skip - 1;
-			}
+	int skip, src_size = *size;
+	char *src = *buf, *patched = patch ? xcalloc(src_size, 1) : NULL;
+	for (int read = 0, write = 0; read < src_size; ++read, ++write) {
+		if ((skip = check_verity_pattern(src + read)) > 0) {
+			if (!patch)
+				return 1;
+			fprintf(stderr, "Remove pattern [%.*s]\n", skip, src + read);
+			read += skip;
+			*size -= skip;
 		}
+		if (patch)
+			patched[write] = src[read];
 	}
-	return found;
+	if (patch) {
+		free(*buf);
+		*buf = patched;
+	}
+	return 0;
 }
 
 void patch_encryption(void **buf, uint32_t *size) {
-	int skip;
-	for (int pos = 0; pos < *size; ++pos) {
-		if ((skip = check_encryption_pattern(*buf + pos)) > 0) {
-			fprintf(stderr, "Replace pattern [%.*s] with [encryptable]\n", skip, (char *) *buf + pos);
-			memcpy(*buf + pos, "encryptable", 11);
-			memcpy(*buf + pos + 11, *buf + pos + skip, *size - pos - skip);
-			memset(*buf + *size - skip + 11, '\0', skip - 11);
+	int skip, src_size = *size;
+	char *src = *buf, *patched = xcalloc(src_size, 1);
+	for (int read = 0, write = 0; read < src_size; ++read, ++write) {
+		if ((skip = check_encryption_pattern(src + read)) > 0) {
+			fprintf(stderr, "Replace pattern [%.*s] with [encryptable]\n", skip, src + read);
+			memcpy(patched + read, "encryptable", 11);
+			read += skip;
+			write += 11;
 			*size -= (skip - 11);
 		}
+		patched[write] = src[read];
 	}
+	free(*buf);
+	*buf = patched;
 }
 
 

scripts/addon.d.sh

@@ -13,8 +13,6 @@
 main() {
   # Magisk binaries
   MAGISKBIN=/data/adb/magisk
-  # This script always runs in recovery
-  BOOTMODE=false
 
   mount /data 2>/dev/null
 
@@ -41,7 +39,6 @@ main() {
 
   remove_system_su
 
-  find_boot_image
   [ -z $BOOTIMAGE ] && abort "! Unable to detect boot image"
   ui_print "- Found boot image: $BOOTIMAGE"
 
@@ -59,13 +56,6 @@ main() {
     mv stock_boot* /data
   fi
 
-  patch_dtbo_image
-
-  if [ -f stock_dtbo* ]; then
-    rm -f /data/stock_dtbo* 2>/dev/null
-    mv stock_dtbo* /data
-  fi
-
   cd /
   recovery_cleanup
 

scripts/boot_patch.sh

@@ -83,8 +83,6 @@ chmod -R 755 .
 # Unpack
 ##########################################################################################
 
-migrate_boot_backup
-
 CHROMEOS=false
 
 ui_print "- Unpacking boot image"

scripts/flash_script.sh

@@ -13,10 +13,6 @@
 # Preparation
 ##########################################################################################
 
-# Detect whether in boot mode
-ps | grep zygote | grep -v grep >/dev/null && BOOTMODE=true || BOOTMODE=false
-$BOOTMODE || ps -A 2>/dev/null | grep zygote | grep -v grep >/dev/null && BOOTMODE=true
-
 # This path should work in any cases
 TMPDIR=/dev/tmp
 
@@ -24,7 +20,6 @@ INSTALLER=$TMPDIR/install
 COMMONDIR=$INSTALLER/common
 APK=$COMMONDIR/magisk.apk
 CHROMEDIR=$INSTALLER/chromeos
-COREDIR=/magisk/.core
 
 # Default permissions
 umask 022
@@ -83,8 +78,8 @@ if is_mounted /data; then
   chmod 700 /data/adb 2>/dev/null
 
   # Some legacy migration
-  mv /data/magisk/stock_boot* /data 2>/dev/null
-  [ -L /data/magisk.img ] || mv /data/magisk.img /data/adb/magisk.img
+  run_migrations
+  [ -L /data/magisk.img ] || mv /data/magisk.img /data/adb/magisk.img 2>/dev/null
 else
   MAGISKBIN=/cache/data_bin
 fi
@@ -113,7 +108,6 @@ $BOOTMODE || recovery_actions
 [ -z $BOOTIMAGE ] && abort "! Unable to detect boot image"
 ui_print "- Found boot image: $BOOTIMAGE"
 
-find_dtbo_image
 if [ ! -z $DTBOIMAGE ]; then
   ui_print "- Found dtbo image: $DTBOIMAGE"
   # Disable dtbo patch by default

scripts/magisk_uninstaller.sh

@@ -34,20 +34,16 @@ fi
 if $BOOTMODE; then
   # Load utility functions
   . $MAGISKBIN/util_functions.sh
+  BOOTMODE=true
   boot_actions
   mount_partitions
 fi
 
 cd $MAGISKBIN
 
-# Find the boot image
-find_boot_image
 [ -z $BOOTIMAGE ] && abort "! Unable to detect boot image"
-
 ui_print "- Found Boot Image: $BOOTIMAGE"
 
-migrate_boot_backup
-
 ui_print "- Unpacking boot image"
 ./magiskboot --unpack "$BOOTIMAGE"
 CHROMEOS=false

scripts/util_functions.sh

@@ -10,9 +10,14 @@
 #MAGISK_VERSION_STUB
 SCRIPT_VERSION=$MAGISK_VER_CODE
 
+# Detect whether in boot mode
+ps | grep zygote | grep -v grep >/dev/null && BOOTMODE=true || BOOTMODE=false
+$BOOTMODE || ps -A 2>/dev/null | grep zygote | grep -v grep >/dev/null && BOOTMODE=true
+$BOOTMODE || id | grep -q 'uid=0' || BOOTMODE=true
+
 # Default location, will override if needed
 MAGISKBIN=/data/adb/magisk
-[ -z $MAGISKBIN ] && MOUNTPATH=/sbin/.core/img
+[ -z $MOUNTPATH ] && MOUNTPATH=/sbin/.core/img
 [ -z $IMG ] && IMG=/data/adb/magisk.img
 
 BOOTSIGNER="/system/bin/dalvikvm -Xnodex2oat -Xnoimage-dex2oat -cp \$APK com.topjohnwu.magisk.utils.BootSigner"
@@ -47,7 +52,12 @@ mount_partitions() {
     SLOT=_`getprop ro.boot.slot`
     [ $SLOT = "_" ] && SLOT=
   fi
+
+  # Check the boot image to make sure the slot actually make sense
+  find_boot_image
+  find_dtbo_image
   [ -z $SLOT ] || ui_print "- A/B partition detected, current slot: $SLOT"
+
   ui_print "- Mounting /system, /vendor"
   is_mounted /system || [ -f /system/build.prop ] || mount -o ro /system 2>/dev/null
   if ! is_mounted /system && ! [ -f /system/build.prop ]; then
@@ -86,7 +96,7 @@ getvar() {
   local VARNAME=$1
   local VALUE=$(eval echo \$$VARNAME)
   [ ! -z $VALUE ] && return
-  for DIR in /.backup /data /cache /system; do
+  for DIR in /.backup /dev /data /cache /system; do
     VALUE=`grep_prop $VARNAME $DIR/.magisk`
     [ ! -z $VALUE ] && break;
   done
@@ -105,7 +115,10 @@ find_boot_image() {
   BOOTIMAGE=
   if [ ! -z $SLOT ]; then
     BOOTIMAGE=`find /dev/block -iname boot$SLOT | head -n 1` 2>/dev/null
-  else
+  fi
+  if [ -z "$BOOTIMAGE" ]; then
+    # The slot info is incorrect...
+    SLOT=
     for BLOCK in boot_a kern-a android_boot kernel boot lnx bootimg; do
       BOOTIMAGE=`find /dev/block -iname $BLOCK | head -n 1` 2>/dev/null
       [ ! -z $BOOTIMAGE ] && break
@@ -118,10 +131,10 @@ find_boot_image() {
       [ ! -z $BOOTIMAGE ] && break
     done
   fi
-  BOOTIMAGE=`resolve_link $BOOTIMAGE`
+  [ ! -z "$BOOTIMAGE" ] && BOOTIMAGE=`resolve_link $BOOTIMAGE`
 }
 
-migrate_boot_backup() {
+run_migrations() {
   # Update the broken boot backup
   if [ -f /data/stock_boot_.img.gz ]; then
     $MAGISKBIN/magiskboot --decompress /data/stock_boot_.img.gz /data/stock_boot.img
@@ -134,8 +147,17 @@ migrate_boot_backup() {
     mv /data/stock_boot.img $STOCKDUMP
     $MAGISKBIN/magiskboot --compress $STOCKDUMP
   fi
-  mv /data/magisk/stock_boot* /data 2>/dev/null
-  mv /data/magisk/adb/stock_boot* /data 2>/dev/null
+  # Move the stock backups
+  if [ -f /data/magisk/stock_boot* ]; then
+    rm -rf /data/stock_boot*
+    mv /data/magisk/stock_boot* /data 2>/dev/null
+  fi
+  if [ -f /data/adb/magisk/stock_boot* ]; then
+    rm -rf /data/stock_boot*
+    mv /data/adb/magisk/stock_boot* /data 2>/dev/null
+  fi
+  # Remove old dbs
+  rm -f /data/user*/*/magisk.db
 }
 
 flash_boot_image() {

snet/build.gradle

@@ -2,7 +2,7 @@ apply plugin: 'com.android.application'
 
 android {
     compileSdkVersion 27
-    buildToolsVersion "27.0.2"
+    buildToolsVersion "27.0.3"
 
     defaultConfig {
         applicationId "com.topjohnwu.snet"