Load system.prop; longer waiting time

This is the issue that has been haunting since day 1. Root and mounted files randomly disappears, and only an reboot can fix it.
The issue is that Zygote requires some time to isolate the mount namespace for the children it forks (read: most processes), so in rare cases such as the CPU is on heavy load, or CPU is in deep sleep, it takes longer than usual to finish the mount namespace isolation. Magisk Hide kicks in before the isolation is done, and it will switch to Zygote's namespace and do the unmounting. All children will then lose the mounted files, which includes root.
The solution is to first find the namespace id of Zygote, and wait a small period of time and retry if the namespace isn't isolated yet.

.gitattributes

@@ -0,0 +1,17 @@
+# Set the default behavior, in case people don't have core.autocrlf set.
+* text eol=lf
+
+# Explicitly declare text files you want to always be normalized and converted
+# to native line endings on checkout.
+# *.c text
+# *.h text
+
+# Declare files that will always have CRLF line endings on checkout.
+*.cmd text eol=crlf
+
+# Denote all files that are truly binary and should not be modified.
+busybox binary
+futility binary
+*.jar binary
+*.exe binary
+*.apk binary

.gitignore

@@ -1,3 +1,21 @@
-obj
-libs
+obj/
+libs/
 *.zip
+
+# Generated binaries
+zip_static/arm/*
+zip_static/arm64/*
+zip_static/x86/*
+zip_static/x64/*
+uninstaller/arm/*
+uninstaller/arm64/*
+uninstaller/x86/*
+uninstaller/x64/*
+ziptools/zipadjust
+
+# Generated scripts
+zip_static/common/magic_mask.sh
+zip_static/META-INF/com/google/android/update-binary
+
+# Leave all busybox!
+!busybox

.gitmodules

@@ -1,6 +1,12 @@
-[submodule "selinux"]
-	path = selinux
-	url = https://github.com/topjohnwu/selinux
 [submodule "jni/sepolicy-inject"]
 	path = jni/sepolicy-inject
 	url = https://github.com/topjohnwu/sepolicy-inject
+[submodule "jni/resetprop"]
+	path = jni/resetprop
+	url = https://github.com/topjohnwu/resetprop.git
+[submodule "jni/selinux"]
+	path = jni/selinux
+	url = https://github.com/topjohnwu/selinux.git
+[submodule "jni/su"]
+	path = jni/su
+	url = https://github.com/topjohnwu/Superuser.git

README.MD

@@ -1,3 +1,11 @@
 # Magisk
-Static binaries included:
+###Static binaries included:  
 * Busybox: http://forum.xda-developers.com/android/software-hacking/tool-busybox-flashable-archs-t3348543
+
+###How to build Magisk
+1. Download and install NDK
+2. Add the NDK directory into PATH  
+To check if the PATH is set correctly, try calling `which ndk-build` (`where ndk-build` on Windows) and see if it shows the NDK directory
+3. Unix-like users (e.g. Linux & MacOS) please execute `build.sh` through shell  
+Windows users please execute `build.cmd` through cmd
+4. The scripts will show you further details

build.cmd

@@ -0,0 +1,159 @@
+@ECHO OFF
+SETLOCAL ENABLEEXTENSIONS
+SET me=%~nx0
+SET parent=%~dp0
+SET tab=	
+SET OK=
+
+CD %parent%
+
+call :%~1 "%~2"
+IF NOT DEFINED OK CALL :usage
+
+EXIT /B %ERRORLEVEL%
+
+:usage
+  ECHO %me% all ^<version name^>
+  ECHO %tab%Build binaries, zip, and sign Magisk
+  ECHO %tab%This is equlivant to first ^<build^>, then ^<zip^>
+  ECHO %me% clean
+  ECHO %tab%Cleanup compiled / generated files
+  ECHO %me% build
+  ECHO %tab%Build the binaries with ndk
+  ECHO %me% zip ^<version name^>
+  ECHO %tab%Zip and sign Magisk
+  ECHO %me% uninstaller
+  ECHO %tab%Zip and sign the uninstaller
+  EXIT /B 1
+
+:all
+  SET OK=y
+  IF [%~1] == [] (
+    CALL :error "Missing version number"
+    CALL :usage
+    EXIT /B %ERRORLEVEL%
+  )
+  CALL :build
+  CALL :zip "%~1"
+  EXIT /B %ERRORLEVEL%
+
+:build
+  SET OK=y
+  ECHO ************************
+  ECHO * Building binaries
+  ECHO ************************
+  FOR /F "tokens=* USEBACKQ" %%F IN (`where ndk-build`) DO (
+    IF [%%F] == [] (
+      CALL :error "Please add ndk-build to PATH!"
+      EXIT /B 1
+    )
+  )
+  CALL ndk-build -j4 || CALL :error "Magisk binary tools build failed...."
+  IF %ERRORLEVEL% NEQ 0 EXIT /B %ERRORLEVEL%
+  ECHO ************************
+  ECHO * Copying binaries
+  ECHO ************************
+  COPY /Y libs\armeabi\* zip_static\arm
+  COPY /Y libs\arm64-v8a\* zip_static\arm64
+  COPY /Y libs\x86\* zip_static\x86
+  COPY /Y libs\x86_64\* zip_static\x64
+  CALL :mkcp libs\armeabi\bootimgtools uninstaller\arm
+  CALL :mkcp libs\arm64-v8a\bootimgtools uninstaller\arm64
+  CALL :mkcp libs\x86\bootimgtools uninstaller\x86
+  CALL :mkcp libs\x86_64\bootimgtools uninstaller\x64
+  EXIT /B %ERRORLEVEL%
+
+:clean
+  SET OK=y
+  ECHO ************************
+  ECHO * Cleaning up
+  ECHO ************************
+  CALL ndk-build clean
+  forfiles /P zip_static\arm /C "cmd /C IF NOT @file == \"busybox\" DEL @file"
+  forfiles /P zip_static\arm64 /C "cmd /C IF NOT @file == \"busybox\" DEL @file"
+  forfiles /P zip_static\x86 /C "cmd /C IF NOT @file == \"busybox\" DEL @file"
+  forfiles /P zip_static\x64 /C "cmd /C IF NOT @file == \"busybox\" DEL @file"
+  2>NUL DEL zip_static\META-INF\com\google\android\update-binary
+  2>NUL DEL zip_static\common\magic_mask.sh
+  2>NUL RMDIR /S /Q uninstaller\arm
+  2>NUL RMDIR /S /Q uninstaller\arm64
+  2>NUL RMDIR /S /Q uninstaller\x86
+  2>NUL RMDIR /S /Q uninstaller\x64
+  EXIT /B 0
+
+:zip
+  SET OK=y
+  IF [%~1] == [] (
+    CALL :error "Missing version number"
+    CALL :usage
+    EXIT /B %ERRORLEVEL%
+  )
+  IF NOT EXIST "zip_static\arm\bootimgtools" CALL :error "Missing binaries! Please run '%me% build' before zipping!"
+  IF %ERRORLEVEL% NEQ 0 EXIT /B %ERRORLEVEL%
+  ECHO ************************
+  ECHO * Adding version info
+  ECHO ************************
+  powershell.exe -nologo -noprofile -command "(gc -Raw scripts\flash_script.sh) -replace 'MAGISK_VERSION_STUB', 'Magisk v%~1 Boot Image Patcher' | sc zip_static\META-INF\com\google\android\update-binary"
+  powershell.exe -nologo -noprofile -command "(gc -Raw scripts\magic_mask.sh) -replace 'MAGISK_VERSION_STUB', 'setprop magisk.version \"%~1\"' | sc zip_static\common\magic_mask.sh"
+  ECHO ************************
+  ECHO * Zipping Magisk v%~1
+  ECHO ************************
+  CD zip_static
+  2>NUL DEL "..\Magisk-v%~1.zip"
+  ..\ziptools\win_bin\zip "..\Magisk-v%~1.zip" -r .
+  CD ..\
+  CALL :sign_zip "Magisk-v%~1.zip"
+  EXIT /B %ERRORLEVEL%
+
+:uninstaller
+  SET OK=y
+  IF NOT EXIST "uninstaller\arm\bootimgtools" CALL :error "Missing binaries! Please run '%me% build' before zipping!"
+  IF %ERRORLEVEL% NEQ 0 EXIT /B %ERRORLEVEL%
+  ECHO ************************
+  ECHO * Zipping uninstaller
+  ECHO ************************
+  FOR /F "tokens=* USEBACKQ" %%F IN (`ziptools\win_bin\date "+%%Y%%m%%d"`) DO (set timestamp=%%F)
+  CD uninstaller
+  2>NUL DEL "../Magisk-uninstaller-%timestamp%.zip"
+  ..\ziptools\win_bin\zip "../Magisk-uninstaller-%timestamp%.zip" -r .
+  CD ..\
+  CALL :sign_zip "Magisk-uninstaller-%timestamp%.zip"
+  EXIT /B %ERRORLEVEL%
+
+:sign_zip
+  IF NOT EXIST "ziptools\win_bin\zipadjust.exe" (
+    ECHO ************************
+    ECHO * Compiling ZipAdjust
+    ECHO ************************
+    gcc -o ziptools\win_bin\zipadjust ziptools\src\*.c -lz || CALL :error "ZipAdjust Build failed...."
+    IF %ERRORLEVEL% NEQ 0 EXIT /B %ERRORLEVEL%
+  )
+  SET basename="%~1"
+  SET basename="%basename:.zip=%"
+  ECHO ************************
+  ECHO * First sign %~1
+  ECHO ************************
+  java -jar "ziptools\signapk.jar" "ziptools\test.certificate.x509.pem" "ziptools\test.key.pk8" "%~1" "%basename:"=%-firstsign.zip"
+  ECHO ************************
+  ECHO * Adjusting %~1
+  ECHO ************************
+  ziptools\win_bin\zipadjust "%basename:"=%-firstsign.zip" "%basename:"=%-adjusted.zip"
+  ECHO ************************
+  ECHO * Final sign %~1
+  ECHO ************************
+  java -jar "ziptools\minsignapk.jar" "ziptools\test.certificate.x509.pem" "ziptools\test.key.pk8" "%basename:"=%-adjusted.zip" "%basename:"=%-signed.zip"
+
+  MOVE /Y "%basename:"=%-signed.zip" "%~1"
+  DEL "%basename:"=%-adjusted.zip" "%basename:"=%-firstsign.zip"
+  EXIT /B %ERRORLEVEL%
+
+:mkcp
+  2>NUL MKDIR "%~2"
+  2>NUL COPY /Y "%~1" "%~2"
+  EXIT /B 0
+
+:error
+  ECHO.
+  ECHO ! %~1
+  ECHO.
+  EXIT /B 1

build.sh

@@ -0,0 +1,148 @@
+#!/bin/bash
+
+usage() {
+  echo "$0 all <version name>"
+  echo -e "\tBuild binaries, zip, and sign Magisk"
+  echo -e "\tThis is equlivant to first <build>, then <zip>"
+  echo "$0 clean"
+  echo -e "\tCleanup compiled / generated files"
+  echo "$0 build"
+  echo -e "\tBuild the binaries with ndk"
+  echo "$0 zip <version name>"
+  echo -e "\tZip and sign Magisk"
+  echo "$0 uninstaller"
+  echo -e "\tZip and sign the uninstaller"
+  exit 1
+}
+
+cleanup() {
+  echo "************************"
+  echo "* Cleaning up"
+  echo "************************"
+  ndk-build clean 2>/dev/null
+  ls zip_static/arm/* | grep -v "busybox" | xargs rm -rfv
+  ls zip_static/arm64/* | grep -v "busybox" | xargs rm -rfv
+  ls zip_static/x86/* | grep -v "busybox" | xargs rm -rfv
+  ls zip_static/x64/* | grep -v "busybox" | xargs rm -rfv
+  rm -rfv zip_static/META-INF/com/google/android/update-binary 
+  rm -rfv zip_static/common/magic_mask.sh
+  rm -rfv uninstaller/arm
+  rm -rfv uninstaller/arm64
+  rm -rfv uninstaller/x86
+  rm -rfv uninstaller/x64
+}
+
+mkcp() {
+  [ ! -d "$2" ] && mkdir -p "$2"
+  cp -afv $1 $2
+}
+
+error() {
+  echo -e "\n! $1\n"
+  exit 1
+}
+
+build_bin() {
+  echo "************************"
+  echo "* Building binaries"
+  echo "************************"
+  [ -z `which ndk-build` ] && error "Please add ndk-build to PATH!"
+  ndk-build -j4 || error "Magisk binary tools build failed...."
+  echo "************************"
+  echo "* Copying binaries"
+  echo "************************"
+  mkcp "libs/armeabi/*" zip_static/arm
+  mkcp libs/armeabi/bootimgtools uninstaller/arm
+  mkcp "libs/arm64-v8a/*" zip_static/arm64
+  mkcp libs/arm64-v8a/bootimgtools uninstaller/arm64
+  mkcp "libs/x86/*" zip_static/x86
+  mkcp libs/x86/bootimgtools uninstaller/x86
+  mkcp "libs/x86_64/*" zip_static/x64
+  mkcp libs/x86_64/bootimgtools uninstaller/x64
+}
+
+zip_package() {
+  [ ! -f "zip_static/arm/bootimgtools" ] && error "Missing binaries!! Please run '$0 build' before zipping"
+  echo "************************"
+  echo "* Adding version info"
+  echo "************************"
+  sed "s/MAGISK_VERSION_STUB/Magisk v$1 Boot Image Patcher/g" scripts/flash_script.sh > zip_static/META-INF/com/google/android/update-binary
+  sed "s/MAGISK_VERSION_STUB/setprop magisk.version \"$1\"/g" scripts/magic_mask.sh > zip_static/common/magic_mask.sh
+  echo "************************"
+  echo "* Zipping Magisk v$1"
+  echo "************************"
+  cd zip_static
+  find . -type f -exec chmod 644 {} \;
+  find . -type d -exec chmod 755 {} \;
+  rm -rf "../Magisk-v$1.zip"
+  zip "../Magisk-v$1.zip" -r .
+  cd ../
+  sign_zip "Magisk-v$1.zip"
+}
+
+zip_uninstaller() {
+  [ ! -f "uninstaller/arm/bootimgtools" ] && error "Missing binaries!! Please run '$0 build' before zipping"
+  echo "************************"
+  echo "* Zipping uninstaller"
+  echo "************************"
+  cd uninstaller
+  find . -type f -exec chmod 644 {} \;
+  find . -type d -exec chmod 755 {} \;
+  TIMESTAMP=`date "+%Y%m%d"`
+  rm -rf "../Magisk-uninstaller-$TIMESTAMP.zip"
+  zip "../Magisk-uninstaller-$TIMESTAMP.zip" -r .
+  cd ../
+  sign_zip "Magisk-uninstaller-$TIMESTAMP.zip"
+}
+
+sign_zip() {
+  if [ ! -f "ziptools/zipadjust" ]; then
+    echo "************************"
+    echo "* Compiling ZipAdjust"
+    echo "************************"
+    gcc -o ziptools/zipadjust ziptools/src/*.c -lz || error "ZipAdjust Build failed...."
+    chmod 755 ziptools/zipadjust
+  fi
+  echo "************************"
+  echo "* First sign $1"
+  echo "************************"
+  java -jar "ziptools/signapk.jar" "ziptools/test.certificate.x509.pem" "ziptools/test.key.pk8" "$1" "${1%.*}-firstsign.zip"
+  echo "************************"
+  echo "* Adjusting $1"
+  echo "************************"
+  ziptools/zipadjust "${1%.*}-firstsign.zip" "${1%.*}-adjusted.zip"
+  echo "************************"
+  echo "* Final sign $1"
+  echo "************************"
+  java -jar "ziptools/minsignapk.jar" "ziptools/test.certificate.x509.pem" "ziptools/test.key.pk8" "${1%.*}-adjusted.zip" "${1%.*}-signed.zip"
+
+  mv "${1%.*}-signed.zip" "$1"
+  rm "${1%.*}-adjusted.zip" "${1%.*}-firstsign.zip"
+}
+
+DIR="$(cd "$(dirname "$0")"; pwd)"
+cd "$DIR"
+
+case $1 in
+  "all" )
+    [ -z "$2" ] && echo -e "! Missing version number\n" && usage
+    build_bin
+    zip_package $2
+    ;;
+  "clean" )
+    cleanup
+    ;;
+  "build" )
+    build_bin
+    ;;
+  "zip" )
+    [ -z "$2" ] && echo -e "! Missing version number\n" && usage
+    zip_package $2
+    ;;
+  "uninstaller" )
+    zip_uninstaller
+    ;;
+  * )
+    usage
+    ;;
+esac

jni/Android.mk

@@ -1,35 +1,10 @@
-my_path := $(call my-dir)
+LOCAL_PATH := $(call my-dir)
 
-LOCAL_PATH := $(my_path)
+include jni/bootimgtools/Android.mk
+include jni/magiskhide/Android.mk
+include jni/resetprop/Android.mk
+include jni/sepolicy-inject/Android.mk
+include jni/su/Android.mk
 
-include $(CLEAR_VARS)
-LOCAL_MODULE := magiskhide
-LOCAL_MODULE_TAGS := optional
-LOCAL_FORCE_STATIC_EXECUTABLE := true
-LOCAL_LDFLAGS := -static
-LOCAL_STATIC_LIBRARIES := libc libcutils
-LOCAL_SRC_FILES := magiskhide.c
-include $(BUILD_EXECUTABLE)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := bootimgtools
-LOCAL_MODULE_TAGS := optional
-LOCAL_FORCE_STATIC_EXECUTABLE := true
-LOCAL_LDFLAGS := -static
-LOCAL_STATIC_LIBRARIES := libc libcutils
-LOCAL_SRC_FILES := bootimgtools.c extract.c repack.c hexpatch.c
-LOCAL_CFLAGS += -std=gnu11
-include $(BUILD_EXECUTABLE)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := sepolicy-inject
-LOCAL_MODULE_TAGS := optional
-LOCAL_FORCE_STATIC_EXECUTABLE := true
-LOCAL_LDFLAGS := -static
-LOCAL_STATIC_LIBRARIES := libc libcutils libsepol
-LOCAL_SRC_FILES := sepolicy-inject/sepolicy-inject.c sepolicy-inject/builtin_rules.c
-LOCAL_C_INCLUDES := selinux/libsepol/include/
-LOCAL_CFLAGS += -std=gnu11
-include $(BUILD_EXECUTABLE)
-
-include selinux/libsepol/Android.mk
+include jni/selinux/libsepol/Android.mk
+include jni/selinux/libselinux/Android.mk

jni/Application.mk

@@ -1,3 +1,4 @@
-APP_ABI := x86 armeabi
+APP_ABI := x86 x86_64 armeabi arm64-v8a
 APP_PIE = true
 APP_PLATFORM := android-21
+APP_CPPFLAGS += -std=c++11

jni/bootimgtools/Android.mk

@@ -0,0 +1,8 @@
+LOCAL_PATH := $(call my-dir)
+
+include $(CLEAR_VARS)
+LOCAL_MODULE := bootimgtools
+LOCAL_MODULE_TAGS := optional
+LOCAL_SRC_FILES := main.c extract.c repack.c hexpatch.c
+LOCAL_CFLAGS += -std=gnu11
+include $(BUILD_EXECUTABLE)

jni/bootimgtools/extract.c

@@ -9,7 +9,7 @@
 #include <assert.h>
 #include <string.h>
 
-#include "bootimgtools.h"
+#include "bootimg.h"
 
 void dump(uint8_t *ptr, size_t size, char* filename) {
 	unlink(filename);
@@ -27,9 +27,9 @@ void dump_ramdisk(uint8_t *ptr, size_t size) {
 		dump(ptr, size, "ramdisk.gz");
 	//MTK header
 	} else if(memcmp(ptr, "\x88\x16\x88\x58", 4) == 0) {
-		if(memcmp(ptr+4, "RECOVERY", 8)==0) {
+		if(memcmp(ptr+8, "RECOVERY", 8)==0) {
 			dump(ptr, 0, "ramdisk-mtk-recovery");
-		} else if(memcmp(ptr+4, "ROOTFS\0\0", 8)==0) {
+		} else if(memcmp(ptr+8, "ROOTFS\0\0", 8)==0) {
 			dump(ptr, 0, "ramdisk-mtk-boot");
 		} else {
 			exit(1);
@@ -128,7 +128,8 @@ int extract(char *image) {
 
 		if(memcmp(base+pos, "QCDT", 4) == 0 ||
 				memcmp(base+pos, "SPRD", 4) == 0 ||
-				memcmp(base+pos, "DTBH", 4) == 0
+				memcmp(base+pos, "DTBH", 4) == 0 ||
+				memcmp(base+pos, "\xD0\x0D\xFE\xED", 4) == 0
 				) {
 			dump(base+pos, hdr->unused[0], "dt");
 			pos += hdr->unused[0] + hdr->page_size-1;

jni/bootimgtools/hexpatch.c

@@ -7,7 +7,7 @@
 #include <stdlib.h>
 #include <string.h>
 
-#include "bootimgtools.h"
+#include "bootimg.h"
 
 int hex2int(char c) {
 	int first = c / 16 - 3;

jni/bootimgtools/main.c

@@ -1,7 +1,7 @@
 #include <getopt.h>
 #include <stdio.h>
 
-#include "bootimgtools.h"
+#include "bootimg.h"
 
 /********************
   Patch Boot Image

jni/bootimgtools/repack.c

@@ -9,7 +9,7 @@
 #include <assert.h>
 #include <string.h>
 
-#include "bootimgtools.h"
+#include "bootimg.h"
 
 off_t file_size(char *filename) {
 	struct stat st;

jni/magiskhide.c

@@ -1,165 +0,0 @@
-typedef unsigned short int sa_family_t;
-//Linux includes
-#define _LINUX_TIME_H
-#define _GNU_SOURCE
-#include <sys/types.h>
-#include <string.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <linux/connector.h>
-#include <linux/cn_proc.h>
-#include <linux/netlink.h>
-#include <linux/fs.h>
-#include <sys/socket.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <sys/time.h>
-#include <sys/resource.h>
-#include <unistd.h>
-#include <sys/syscall.h>
-#include <asm/unistd.h>
-#include <sys/mount.h> 
-
-char **file_to_str_arr(FILE *fp, int *size) {
-	int allocated = 16;
-	char *line = NULL, **array;
-	size_t len = 0;
-	ssize_t read;
-
-	array = (char **) malloc(sizeof(char*) * allocated);
-
-	*size = 0;
-	while ((read = getline(&line, &len, fp)) != -1) {
-		if (*size >= allocated) {
-			// Double our allocation and re-allocate
-			allocated *= 2;
-			array = (char **) realloc(array, sizeof(char*) * allocated);
-		}
-		// Remove end newline
-		if (line[read - 1] == '\n') {
-			line[read - 1] = '\0';
-		}
-		array[*size] = line;
-		line = NULL;
-		++(*size);
-	}
-	return array;
-}
-
-//WARNING: Calling this will change our current namespace
-//We don't care because we don't want to run from here anyway
-int hideMagisk(int pid) {
-	char *path = NULL;
-	asprintf(&path, "/proc/%d/ns/mnt", pid);
-	int fd = open(path, O_RDONLY);
-	if(fd == -1) return 2;
-	int res = syscall(SYS_setns, fd, 0);
-	if(res == -1) return 3;
-
-	free(path);
-	path = NULL;
-	asprintf(&path, "/proc/%d/mounts", pid);
-	FILE *mount_fp = fopen(path, "r");
-	if (mount_fp == NULL) {
-		fprintf(stderr, "Error opening mount list!\n");
-		return 1;
-	}
-	free(path);
-
-	int mount_size;
-	char **mount_list = file_to_str_arr(mount_fp, &mount_size), mountpoint[256], *sbstr;
-	fclose(mount_fp);
-
-	int i, unmount = 0;
-	for(i = mount_size - 1; i >= 0; --i) {
-		if((strstr(mount_list[i], "/dev/block/loop") != NULL)) {
-			sscanf(mount_list[i], "%256s %256s", mountpoint, mountpoint);
-			if (strstr(mountpoint, "/.core/dummy") != NULL) 
-				unmount = 0;
-			else
-				unmount = 1;
-		} else if ((sbstr = strstr(mount_list[i], "/.core/dummy")) != NULL) {
-			sscanf(sbstr, "/.core/dummy%256s", mountpoint);
-			unmount = 1;
-		}
-		if(unmount) {
-			unmount = 0;
-			res = umount2(mountpoint, MNT_DETACH);
-			if (res != -1) printf("Unmounted: %s\n", mountpoint);
-			else printf("Failed: %s\n", mountpoint);
-		}
-		free(mount_list[i]);
-	}
-	// Free memory
-	free(mount_list);
-
-	return 0;
-}
-
-int main(int argc, char **argv, char **envp) {
-	if (argc != 2) {
-		fprintf(stderr, "%s <process/package name list>\n", argv[0]);
-		return 1;
-	}
-	int i, hide_size;
-	char **hide_list;
-
-	FILE *hide_fp = fopen(argv[1], "r");
-	if (hide_fp == NULL) {
-		fprintf(stderr, "Error opening hide list\n");
-		return 1;
-	}
-
-	hide_list = file_to_str_arr(hide_fp, &hide_size);
-	fclose(hide_fp);
-
-	printf("Get process / package name from config:\n");
-	for(i = 0; i < hide_size; i++)
-		printf("%s\n", hide_list[i]);
-	printf("\n");
-
-	char buffer[512];
-	FILE *p = popen("while true;do logcat -b events -v raw -s am_proc_start;sleep 1;done", "r");
-	while(!feof(p)) {
-		//Format of am_proc_start is (as of Android 5.1 and 6.0)
-		//UserID, pid, unix uid, processName, hostingType, hostingName
-		fgets(buffer, sizeof(buffer), p);
-
-		{
-			char *pos = buffer;
-			while(1) {
-				pos = strchr(pos, ',');
-				if(pos == NULL)
-					break;
-				pos[0] = ' ';
-			}
-		}
-
-		int user, pid, uid;
-		char processName[256], hostingType[16], hostingName[256];
-		int ret = sscanf(buffer, "[%d %d %d %256s %16s %256s]",
-				&user, &pid, &uid,
-				processName, hostingType, hostingName);
-
-
-		if(ret != 6) {
-			continue;
-		}
-		for (i = 0; i < hide_size; ++i) {
-			if(strstr(processName, hide_list[i]) != NULL) {
-				printf("Disabling for process = %s, PID = %d, UID = %d\n", processName, pid, uid);
-				hideMagisk(pid);
-				break;
-			}
-		}
-	}
-
-	pclose(p);
-
-	// Free memory
-	for(i = 0; i < hide_size; ++i)
-		free(hide_list[i]);
-	free(hide_list);
-
-	return 0;
-}

jni/magiskhide/Android.mk

@@ -0,0 +1,8 @@
+LOCAL_PATH := $(call my-dir)
+
+include $(CLEAR_VARS)
+LOCAL_MODULE := magiskhide
+LOCAL_MODULE_TAGS := optional
+LOCAL_SRC_FILES := main.c hide.c list_monitor.c proc_monitor.c util.c
+LOCAL_CFLAGS += -std=gnu11 -O3
+include $(BUILD_EXECUTABLE)

jni/magiskhide/hide.c

@@ -0,0 +1,75 @@
+#include "magiskhide.h"
+
+int hideMagisk() {
+	close(pipefd[1]);
+	
+	int pid, fd;
+	char cache_block[256];
+	cache_block[0] = '\0';
+
+	while(1) {
+		read(pipefd[0], &pid, sizeof(pid));
+		// Termination called
+		if(pid == -1) break;
+
+		snprintf(buffer, sizeof(buffer), "/proc/%d/ns/mnt", pid);
+		if((fd = open(buffer, O_RDONLY)) == -1) continue; // Maybe process died..
+		if(setns(fd, 0) == -1) {
+			fprintf(logfile, "MagiskHide: Unable to change namespace for pid=%d\n", pid);
+			continue;
+		}
+		close(fd);
+
+		snprintf(buffer, sizeof(buffer), "/proc/%d/mounts", pid);
+		FILE *mount_fp = fopen(buffer, "r");
+		if (mount_fp == NULL) {
+			fprintf(logfile, "MagiskHide: Error opening mount list!\n");
+			continue;
+		}
+
+		int mount_size;
+		char **mount_list = file_to_str_arr(mount_fp, &mount_size);
+
+		// Find the cache block name if not found yet
+		if (strlen(cache_block) == 0) {
+			for(i = 0; i < mount_size; ++i) {
+				if (strstr(mount_list[i], " /cache ")) {
+					sscanf(mount_list[i], "%256s", cache_block);
+					break;
+				}
+			}
+		}
+		
+		// First unmount the dummy skeletons and the cache mounts
+		for(i = mount_size - 1; i >= 0; --i) {
+			if (strstr(mount_list[i], "tmpfs /system") || strstr(mount_list[i], "tmpfs /vendor")
+				|| (strstr(mount_list[i], cache_block) && strstr(mount_list[i], "/system")) ) {
+				sscanf(mount_list[i], "%*s %512s", buffer);
+				lazy_unmount(buffer);
+			}
+			free(mount_list[i]);
+		}
+		free(mount_list);
+
+		// Re-read mount infos
+		fseek(mount_fp, 0, SEEK_SET);
+		mount_list = file_to_str_arr(mount_fp, &mount_size);
+		fclose(mount_fp);
+
+		// Unmount loop mounts
+		for(i = mount_size - 1; i >= 0; --i) {
+			if (strstr(mount_list[i], "/dev/block/loop") && !strstr(mount_list[i], DUMMYPATH)) {
+				sscanf(mount_list[i], "%*s %512s", buffer);
+				lazy_unmount(buffer);
+			}
+			free(mount_list[i]);
+		}
+		free(mount_list);
+
+		// Send resume signal
+		kill(pid, SIGCONT);
+	}
+
+	// Should never go here
+	return 1;
+}

jni/magiskhide/list_monitor.c

@@ -0,0 +1,56 @@
+#include "magiskhide.h"
+
+void *monitor_list(void *path) {
+	char* listpath = (char*) path;
+	signal(SIGQUIT, quit_pthread);
+
+	int inotifyFd = -1;
+	char str[512];
+
+	while(1) {
+		if (inotifyFd == -1 || read(inotifyFd, str, sizeof(str)) == -1) {
+			close(inotifyFd);
+			inotifyFd = inotify_init();
+			if (inotifyFd == -1) {
+				fprintf(logfile, "MagiskHide: Unable to watch %s\n", listpath);
+				exit(1);
+			}
+			if (inotify_add_watch(inotifyFd, listpath, IN_MODIFY) == -1) {
+				fprintf(logfile, "MagiskHide: Unable to watch %s\n", listpath);
+				exit(1);
+			}
+		}
+		update_list(listpath);
+	}
+
+	return NULL;
+}
+
+void update_list(const char *listpath) {
+	FILE *hide_fp = fopen(listpath, "r");
+	if (hide_fp == NULL) {
+		fprintf(logfile, "MagiskHide: Error opening hide list\n");
+		exit(1);
+	}
+	pthread_mutex_lock(&mutex);
+	if (hide_list) {
+		// Free memory
+		for(i = 0; i < list_size; ++i)
+			free(hide_list[i]);
+		free(hide_list);
+	}
+	hide_list = file_to_str_arr(hide_fp, &list_size);
+	pthread_mutex_unlock(&mutex);
+	fclose(hide_fp);
+	if (list_size) fprintf(logfile, "MagiskHide: Update process/package list:\n");
+	for(i = 0; i < list_size; i++)
+		fprintf(logfile, "MagiskHide: [%s]\n", hide_list[i]);
+}
+
+void quit_pthread(int sig) {
+	// Free memory
+	for(i = 0; i < list_size; ++i)
+		free(hide_list[i]);
+	free(hide_list);
+	pthread_exit(NULL);
+}

jni/magiskhide/magiskhide.h

@@ -0,0 +1,49 @@
+#ifndef MAGISK_HIDE_H
+#define MAGISK_HIDE_H
+
+#define _GNU_SOURCE
+#include <string.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sched.h>
+#include <pthread.h>
+#include <unistd.h>
+#include <signal.h>
+
+#include <sys/mount.h>
+#include <sys/inotify.h>
+#include <sys/wait.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/resource.h>
+
+#define LOGFILE 	"/cache/magisk.log"
+#define HIDELIST 	"/magisk/.core/magiskhide/hidelist"
+#define DUMMYPATH	"/dev/magisk/dummy"
+
+// Main thread
+void monitor_proc();
+
+// Forked process for namespace setting
+int hideMagisk();
+
+// List monitor thread
+void update_list(const char *listpath);
+void quit_pthread(int sig);
+void *monitor_list(void *path);
+
+// Util functions
+char **file_to_str_arr(FILE *fp, int *size);
+void read_namespace(const int pid, char* target, const size_t size);
+void lazy_unmount(const char* mountpoint);
+void run_as_daemon();
+
+// Global variable sharing through process/threads
+extern FILE *logfile;
+extern int i, list_size, pipefd[2];
+extern char **hide_list, buffer[512];
+extern pthread_t list_monitor;
+extern pthread_mutex_t mutex;
+
+#endif

jni/magiskhide/main.c

@@ -0,0 +1,65 @@
+#include "magiskhide.h"
+
+FILE *logfile;
+int i, list_size, pipefd[2];
+char **hide_list = NULL, buffer[512];
+pthread_t list_monitor;
+pthread_mutex_t mutex;
+
+static void terminate(int sig) {
+	// Close the config list monitor
+	pthread_kill(list_monitor, SIGQUIT);
+	pthread_mutex_destroy(&mutex);
+
+	// Terminate our children
+	i = -1;
+	write(pipefd[1], &i, sizeof(i));
+	exit(0);
+}
+
+int main(int argc, char *argv[]) {
+
+	if (argc > 1) {
+		if (strcmp(argv[1], "--daemon") == 0)
+			run_as_daemon();
+		else {
+			fprintf(stderr, "%s (with no options)\n\tRun magiskhide and output to stdout\n", argv[0]);
+			fprintf(stderr, "%s --daemon\n\tRun magiskhide as daemon, output to magisk.log\n", argv[0]);
+			return 1;
+		}
+	} else 
+		logfile = stdout;
+
+
+	// Handle all killing signals
+	signal(SIGINT, terminate);
+	signal(SIGTERM, terminate);
+
+	// Fork a child to handle namespace switches and unmounts
+	pipe(pipefd);
+	switch(fork()) {
+		case -1:
+			exit(-1);
+		case 0:
+			return hideMagisk();
+		default:
+			break; 
+	}
+	close(pipefd[0]);
+
+	// Start a thread to constantly check the hide list
+	pthread_mutex_init(&mutex, NULL);
+	pthread_create(&list_monitor, NULL, monitor_list, HIDELIST);
+
+	// Set main process to the top priority
+	setpriority(PRIO_PROCESS, 0, -20);
+
+	monitor_proc();
+
+	terminate(0);
+
+	fprintf(logfile, "MagiskHide: Cannot monitor am_proc_start, abort...\n");
+	fclose(logfile);
+
+	return 1;
+}

jni/magiskhide/proc_monitor.c

@@ -0,0 +1,82 @@
+#include "magiskhide.h"
+
+void monitor_proc() {
+	int pid, badns, zygote_num = 0;
+	char init_ns[32], zygote_ns[2][32];
+
+	// Get the mount namespace of init
+	read_namespace(1, init_ns, 32);
+
+	printf("%s\n", init_ns);
+
+	// Get the mount namespace of zygote
+	FILE *p = popen("/data/busybox/ps | grep zygote | grep -v grep", "r");
+	while(fgets(buffer, sizeof(buffer), p)) {
+		if (zygote_num == 2) break;
+		sscanf(buffer, "%d", &pid);
+		do {
+			usleep(500);
+			read_namespace(pid, zygote_ns[zygote_num], 32);
+		} while (strcmp(zygote_ns[zygote_num], init_ns) == 0);
+		++zygote_num;
+	}
+	pclose(p);
+
+	for (i = 0; i < zygote_num; ++i)
+		fprintf(logfile, "Zygote(%d) ns=%s ", i, zygote_ns[i]);
+	fprintf(logfile, "\n");
+
+	// Monitor am_proc_start
+	p = popen("while true; do logcat -b events -c; logcat -b events -v raw -s am_proc_start; sleep 1; done", "r");
+
+	while(!feof(p)) {
+		//Format of am_proc_start is (as of Android 5.1 and 6.0)
+		//UserID, pid, unix uid, processName, hostingType, hostingName
+		fgets(buffer, sizeof(buffer), p);
+
+		char *pos = buffer;
+		while(1) {
+			pos = strchr(pos, ',');
+			if(pos == NULL)
+				break;
+			pos[0] = ' ';
+		}
+
+		char processName[256];
+		int ret = sscanf(buffer, "[%*d %d %*d %256s", &pid, processName);
+
+		if(ret != 2)
+			continue;
+
+		pthread_mutex_lock(&mutex);
+		for (i = 0; i < list_size; ++i) {
+			if(strcmp(processName, hide_list[i]) == 0) {
+				while(1) {
+					badns = 0;
+					read_namespace(pid, buffer, 32);
+					for (i = 0; i < zygote_num; ++i) {
+						if (strcmp(buffer, zygote_ns[i]) == 0) {
+							usleep(500);
+							badns = 1;
+							break;
+						}
+					}
+					if (!badns) break;
+				}
+
+				// Send pause signal ASAP
+				if (kill(pid, SIGSTOP) == -1) continue;
+
+				fprintf(logfile, "MagiskHide: %s(PID=%d ns=%s)\n", processName, pid, buffer);
+
+				// Unmount start
+				write(pipefd[1], &pid, sizeof(pid));
+				break;
+			}
+		}
+		pthread_mutex_unlock(&mutex);
+	}
+
+	// Close the logcat monitor
+	pclose(p);
+}

jni/magiskhide/util.c

@@ -0,0 +1,59 @@
+#include "magiskhide.h"
+
+char **file_to_str_arr(FILE *fp, int *size) {
+	int allocated = 16;
+	char *line = NULL, **array;
+	size_t len = 0;
+	ssize_t read;
+
+	array = (char **) malloc(sizeof(char*) * allocated);
+
+	*size = 0;
+	while ((read = getline(&line, &len, fp)) != -1) {
+		if (*size >= allocated) {
+			// Double our allocation and re-allocate
+			allocated *= 2;
+			array = (char **) realloc(array, sizeof(char*) * allocated);
+		}
+		// Remove end newline
+		if (line[read - 1] == '\n') {
+			line[read - 1] = '\0';
+		}
+		array[*size] = line;
+		line = NULL;
+		++(*size);
+	}
+	return array;
+}
+
+void read_namespace(const int pid, char* target, const size_t size) {
+	char path[32];
+	snprintf(path, sizeof(path), "/proc/%d/ns/mnt", pid);
+	ssize_t len = readlink(path, target, size);
+	target[len] = '\0';
+}
+
+void lazy_unmount(const char* mountpoint) {
+	if (umount2(mountpoint, MNT_DETACH) != -1)
+		fprintf(logfile, "MagiskHide: Unmounted (%s)\n", mountpoint);
+	else
+		fprintf(logfile, "MagiskHide: Unmount Failed (%s)\n", mountpoint);
+}
+
+void run_as_daemon() {
+	switch(fork()) {
+		case -1:
+			exit(-1);
+		case 0:
+			if (setsid() < 0)
+				exit(-1);
+			close(STDIN_FILENO);
+			close(STDOUT_FILENO);
+			close(STDERR_FILENO);
+			logfile = fopen(LOGFILE, "a+");
+			setbuf(logfile, NULL);
+			break;
+		default:
+			exit(0); 
+	}
+}

scripts/flash_script.sh

@@ -19,6 +19,15 @@ INSTALLER=$TMPDIR/magisk
 
 COREDIR=/magisk/.core
 
+# Boot Image Variables
+CHROMEDIR=$INSTALLER/chromeos
+NEWBOOT=$TMPDIR/boottmp/new-boot.img
+UNPACKDIR=$TMPDIR/boottmp/bootunpack
+RAMDISK=$TMPDIR/boottmp/ramdisk
+
+# Default permissions
+umask 022
+
 ##########################################################################################
 # Flashable update-binary preparation
 ##########################################################################################
@@ -62,7 +71,7 @@ ui_print() {
 getvar() {
   local VARNAME=$1
   local VALUE=$(eval echo \$"$VARNAME");
-  for FILE in /data/.magisk /cache/.magisk /system/.magisk; do
+  for FILE in /dev/.magisk /data/.magisk /cache/.magisk /system/.magisk; do
     if [ -z "$VALUE" ]; then
       LINE=$(cat $FILE 2>/dev/null | grep "$VARNAME=")
       if [ ! -z "$LINE" ]; then
@@ -76,14 +85,14 @@ getvar() {
 find_boot_image() {
   if [ -z "$BOOTIMAGE" ]; then
     for PARTITION in kern-a KERN-A android_boot ANDROID_BOOT kernel KERNEL boot BOOT lnx LNX; do
-      BOOTIMAGE=$(readlink /dev/block/by-name/$PARTITION || readlink /dev/block/platform/*/by-name/$PARTITION || readlink /dev/block/platform/*/*/by-name/$PARTITION)
+      BOOTIMAGE=`readlink /dev/block/by-name/$PARTITION || readlink /dev/block/platform/*/by-name/$PARTITION || readlink /dev/block/platform/*/*/by-name/$PARTITION`
       if [ ! -z "$BOOTIMAGE" ]; then break; fi
     done
   fi
   if [ -z "$BOOTIMAGE" ]; then
     FSTAB="/etc/recovery.fstab"
     [ ! -f "$FSTAB" ] && FSTAB="/etc/recovery.fstab.bak"
-    BOOTIMAGE=$(grep -E '\b/boot\b' "$FSTAB" | grep -oE '/dev/[a-zA-Z0-9_./-]*')
+    [ -f "$FSTAB" ] && BOOTIMAGE=`grep -E '\b/boot\b' "$FSTAB" | grep -oE '/dev/[a-zA-Z0-9_./-]*'`
   fi
 }
 
@@ -109,7 +118,7 @@ mount_image() {
       if (! is_mounted $2); then
         LOOPDEVICE=/dev/block/loop$LOOP
         if [ ! -f "$LOOPDEVICE" ]; then
-          mknod $LOOPDEVICE b 7 $LOOP
+          mknod $LOOPDEVICE b 7 $LOOP 2>/dev/null
         fi
         losetup $LOOPDEVICE $1
         if [ "$?" -eq "0" ]; then
@@ -145,26 +154,25 @@ unpack_boot() {
   mkdir -p $UNPACKDIR
   mkdir -p $RAMDISK
   cd $UNPACKDIR
-  $BINDIR/bootimgtools --extract $1
+  LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/bootimgtools --extract $1
 
-  find $TMPDIR/boottmp -type d -exec chmod 755 {} \;
-  find $TMPDIR/boottmp -type f -exec chmod 644 {} \;
-  chmod 755 $(find $TMPDIR/boottmp -type d)
-  chmod 644 $(find $TMPDIR/boottmp -type f)
+  [ ! -f $UNPACKDIR/ramdisk.gz ] && return 1
 
   cd $RAMDISK
   gunzip -c < $UNPACKDIR/ramdisk.gz | cpio -i
 }
 
 repack_boot() {
-  cd $RAMDISK
-  find . | cpio -o -H newc 2>/dev/null | gzip -9 > $UNPACKDIR/ramdisk.gz
+  if (! $SUPERSU); then
+    cd $RAMDISK
+    find . | cpio -o -H newc 2>/dev/null | gzip -9 > $UNPACKDIR/ramdisk.gz
+  fi
   cd $UNPACKDIR
-  $BINDIR/bootimgtools --repack $ORIGBOOT
+  LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/bootimgtools --repack $BOOTIMAGE
   if [ -f chromeos ]; then
     echo " " > config
     echo " " > bootloader
-    $CHROMEDIR/futility vbutil_kernel --pack new-boot.img.signed --keyblock $CHROMEDIR/kernel.keyblock --signprivate $CHROMEDIR/kernel_data_key.vbprivk --version 1 --vmlinuz new-boot.img --config config --arch arm --bootloader bootloader --flags 0x1
+    LD_LIBRARY_PATH=$SYSTEMLIB $CHROMEDIR/futility vbutil_kernel --pack new-boot.img.signed --keyblock $CHROMEDIR/kernel.keyblock --signprivate $CHROMEDIR/kernel_data_key.vbprivk --version 1 --vmlinuz new-boot.img --config config --arch arm --bootloader bootloader --flags 0x1
     rm -f new-boot.img
     mv new-boot.img.signed new-boot.img
   fi
@@ -174,19 +182,46 @@ repack_boot() {
       echo -n "SEANDROIDENFORCE" >> new-boot.img
     fi
   fi
+  if ($LGE_G); then
+    # Prevent secure boot error on LG G2/G3.
+    # Just for know, It's a pattern which bootloader verifies at boot. Thanks to LG hackers.
+    echo -n -e "\x41\xa9\xe4\x67\x74\x4d\x1d\x1b\xa4\x29\xf2\xec\xea\x65\x52\x79" >> new-boot.img
+  fi
   mv new-boot.img $NEWBOOT
-  $BINDIR/bootimgtools --hexpatch $NEWBOOT \
-  49010054011440B93FA00F71E9000054010840B93FA00F7189000054001840B91FA00F7188010054 \
-  A1020054011440B93FA00F7140020054010840B93FA00F71E0010054001840B91FA00F7181010054
+}
+
+remove_system_su() {
+  if [ -f /system/bin/su -o -f /system/xbin/su ] && [ ! -f /su/bin/su ]; then
+    ui_print "! System installed root detected, mount rw :("
+    mount -o rw,remount /system
+    # SuperSU
+    if [ -e /system/bin/.ext/.su ]; then
+      mv -f /system/bin/app_process32_original /system/bin/app_process32 2>/dev/null
+      mv -f /system/bin/app_process64_original /system/bin/app_process64 2>/dev/null
+      mv -f /system/bin/install-recovery_original.sh /system/bin/install-recovery.sh 2>/dev/null
+      cd /system/bin
+      if [ -e app_process64 ]; then
+        ln -sf app_process64 app_process
+      else
+        ln -sf app_process32 app_process
+      fi
+    fi
+    rm -rf /system/.pin /system/bin/.ext /system/etc/.installed_su_daemon /system/etc/.has_su_daemon \
+    /system/xbin/daemonsu /system/xbin/su /system/xbin/sugote /system/xbin/sugote-mksh /system/xbin/supolicy \
+    /system/bin/app_process_init /system/bin/su /cache/su /system/lib/libsupol.so /system/lib64/libsupol.so \
+    /system/su.d /system/etc/install-recovery.sh /system/etc/init.d/99SuperSUDaemon /cache/install-recovery.sh \
+    /system/.supersu /cache/.supersu /data/.supersu \
+    /system/app/Superuser.apk /system/app/SuperSU /cache/Superuser.apk  2>/dev/null
+  fi
 }
 
 ##########################################################################################
 # Detection
 ##########################################################################################
 
-ui_print "****************************"
-ui_print "Magisk v8 Boot Image Patcher"
-ui_print "****************************"
+ui_print "*****************************"
+ui_print "MAGISK_VERSION_STUB"
+ui_print "*****************************"
 
 if [ ! -d "$INSTALLER/common" ]; then
   ui_print "! Failed: Unable to extract zip file!"
@@ -203,6 +238,44 @@ if [ ! -f '/system/build.prop' ]; then
   exit 1
 fi
 
+if [ -z "$NOOVERRIDE" ]; then
+  # read override variables
+  getvar KEEPVERITY
+  getvar KEEPFORCEENCRYPT
+  getvar BOOTIMAGE
+fi
+
+if [ -z "$KEEPVERITY" ]; then
+  # we don't keep dm-verity by default
+  KEEPVERITY=false
+fi
+if [ -z "$KEEPFORCEENCRYPT" ]; then
+  # we don't keep forceencrypt by default
+  KEEPFORCEENCRYPT=false
+fi
+
+# Check if system root is installed and remove
+remove_system_su
+
+SAMSUNG=false
+SAMSUNG_CHECK=$(cat /system/build.prop | grep "ro.build.fingerprint=" | grep -i "samsung")
+if [ $? -eq 0 ]; then
+  SAMSUNG=true
+fi
+
+LGE_G=false
+RBRAND=$(grep_prop ro.product.brand)
+RMODEL=$(grep_prop ro.product.device)
+if [ "$RBRAND" = "lge" ] || [ "$RBRAND" = "LGE" ];  then 
+  if [ "$RMODEL" = "*D80*" ] || 
+     [ "$RMODEL" = "*S98*" ] || 
+     [ "$RMODEL" = "*D85*" ] ||
+     [ "$RMODEL" = "*F40*" ]; then
+    LGE_G=true
+    ui_print "! Bump device detected"
+  fi
+fi
+
 API=$(grep_prop ro.build.version.sdk)
 ABI=$(grep_prop ro.product.cpu.abi | cut -c-3)
 ABI2=$(grep_prop ro.product.cpu.abi2 | cut -c-3)
@@ -223,10 +296,11 @@ fi
 
 ui_print "- Device platform: $ARCH"
 
-BINDIR=$INSTALLER/arm
-if [ "$ARCH" = "x86" -o "$ARCH" = "x64" ]; then
-  BINDIR=$INSTALLER/x86
-fi
+BINDIR=$INSTALLER/$ARCH
+chmod -R 755 $CHROMEDIR/futility $BINDIR
+
+SYSTEMLIB=/system/lib
+($IS64BIT) && SYSTEMLIB=/system/lib64
 
 find_boot_image
 if [ -z "$BOOTIMAGE" ]; then
@@ -234,32 +308,6 @@ if [ -z "$BOOTIMAGE" ]; then
   exit 1
 fi
 
-if [ -z "$NOOVERRIDE" ]; then
-  # read override variables
-  getvar KEEPVERITY
-  getvar KEEPFORCEENCRYPT
-  getvar NORESTORE
-fi
-
-if [ -z "$KEEPVERITY" ]; then
-  # we don't keep dm-verity by default
-  KEEPVERITY=false
-fi
-if [ -z "$KEEPFORCEENCRYPT" ]; then
-  # we don't keep forceencrypt by default
-  KEEPFORCEENCRYPT=false
-fi
-if [ -z "$NORESTORE" ]; then
-  # we don't keep ramdisk by default
-  NORESTORE=false
-fi
-
-SAMSUNG=false
-SAMSUNG_CHECK=$(cat /system/build.prop | grep "ro.build.fingerprint=" | grep -i "samsung")
-if [ $? -eq 0 ]; then
-  SAMSUNG=true
-fi
-
 ##########################################################################################
 # Environment
 ##########################################################################################
@@ -271,16 +319,22 @@ if (is_mounted /data); then
   mkdir -p /data/busybox
   cp -af $BINDIR /data/magisk
   cp -af $INSTALLER/common/init.magisk.rc $INSTALLER/common/magic_mask.sh /data/magisk
-  chmod 755 /data/busybox /data/magisk /data/magisk/*
-  chcon 'u:object_r:system_file:s0' /data/busybox /data/magisk /data/magisk/*
+  cp -af $INSTALLER/common/magisk.apk /data/magisk.apk
   /data/magisk/busybox --install -s /data/busybox
+  ln -s /data/magisk/busybox /data/busybox/busybox
   # Prevent issues
-  rm -f /data/busybox/su /data/busybox/sh
+  rm -f /data/busybox/su /data/busybox/sh /data/busybox/reboot
+  chcon -hR "u:object_r:system_file:s0" /data/magisk /data/busybox
+  chmod -R 755 /data/magisk /data/busybox
+  PATH=/data/busybox:$PATH
+  BINDIR=/data/magisk
 else
   rm -rf /cache/data_bin 2>/dev/null
-  mkdir -p /cache/data_bin
   cp -af $BINDIR /cache/data_bin
   cp -af $INSTALLER/common/init.magisk.rc $INSTALLER/common/magic_mask.sh /cache/data_bin
+  cp -af $INSTALLER/common/magisk.apk /cache/magisk.apk
+  chmod -R 755 /cache/data_bin
+  BINDIR=/cache/data_bin
 fi
 
 ##########################################################################################
@@ -288,16 +342,16 @@ fi
 ##########################################################################################
 
 # Fix SuperSU.....
-($BOOTMODE) && /data/magisk/sepolicy-inject -s fsck --live
+($BOOTMODE) && $BINDIR/sepolicy-inject -s fsck --live
 
 if (is_mounted /data); then
   IMG=/data/magisk.img
 else
   IMG=/cache/magisk.img
-  ui_print "- Data unavalible, use cache workaround"
+  ui_print "- Data unavailable, use cache workaround"
 fi
 
-if [ -f "$IMG" ]; then
+if [ -f $IMG ]; then
   ui_print "- $IMG detected!"
 else
   ui_print "- Creating $IMG"
@@ -306,7 +360,7 @@ fi
 
 mount_image $IMG /magisk
 if (! is_mounted /magisk); then
-  ui_print "! Image mount failed... abort"
+  ui_print "! Magisk image mount failed..."
   exit 1
 fi
 MAGISKLOOP=$LOOPDEVICE
@@ -314,10 +368,6 @@ MAGISKLOOP=$LOOPDEVICE
 mkdir -p /magisk/.core/magiskhide 2>/dev/null
 cp -af $INSTALLER/common/magiskhide/. /magisk/.core/magiskhide
 
-# Remove legacy SuperSU module
-mkdir -p /magisk/zzsupersu
-touch /magisk/zzsupersu/remove
-
 ##########################################################################################
 # Boot image patch
 ##########################################################################################
@@ -327,92 +377,135 @@ ui_print "- Found Boot Image: $BOOTIMAGE"
 rm -rf $TMPDIR/boottmp 2>/dev/null
 mkdir -p $TMPDIR/boottmp
 
-CHROMEDIR=$INSTALLER/chromeos
-ORIGBOOT=$TMPDIR/boottmp/boot.img
-NEWBOOT=$TMPDIR/boottmp/new-boot.img
-UNPACKDIR=$TMPDIR/boottmp/bootunpack
-RAMDISK=$TMPDIR/boottmp/ramdisk
-
-chmod 777 $CHROMEDIR/futility $BINDIR/*
-
-ui_print "- Dumping boot image"
-dd if=$BOOTIMAGE of=$ORIGBOOT
-
 ui_print "- Unpacking boot image"
-unpack_boot $ORIGBOOT
+unpack_boot $BOOTIMAGE
+if [ $? -ne 0 ]; then
+  ui_print "! Unable to unpack boot image"
+  exit 1;
+fi
 
-# Restore ramdisk
+ORIGBOOT=
 SUPERSU=false
-if (! $NORESTORE); then
+[ -f sbin/launch_daemonsu.sh ] && SUPERSU=true
+
+if ($SUPERSU); then
+
+  ##############################
+  # SuperSU installation process
+  ##############################
+
+  ui_print "- SuperSU patched boot detected!"
+  ui_print "- Adding auto patch script for SuperSU"
+  cp -af $INSTALLER/common/custom_ramdisk_patch.sh /data/custom_ramdisk_patch.sh
+  if (is_mounted /data); then
+    SUIMG=/data/su.img
+  else
+    SUIMG=/cache/su.img
+  fi
+  mount_image $SUIMG /su
+  if (! is_mounted /su); then
+    ui_print "! SU image mount failed..."
+    ui_print "! Please immediately flash SuperSU now"
+    ui_print "! Installation will complete after flashing SuperSU"
+    exit 1
+  fi
+  SUPERSULOOP=$LOOPDEVICE
+  gunzip -c < $UNPACKDIR/ramdisk.gz > $UNPACKDIR/ramdisk
+  ui_print "- Using sukernel to restore ramdisk"
+  # Restore ramdisk
+  LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-restore $UNPACKDIR/ramdisk $UNPACKDIR/ramdisk.orig
+  if [ $? -ne 0 ]; then
+    LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --restore $UNPACKDIR/ramdisk $TMPDIR/boottmp/stock_boot.img
+    if [ $? -ne 0 ]; then
+      ui_print "! Unable to restore ramdisk"
+      exit 1
+    fi
+    LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --bootimg-extract-ramdisk $TMPDIR/boottmp/stock_boot.img $UNPACKDIR/ramdisk.orig.gz
+    LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --ungzip $UNPACKDIR/ramdisk.orig.gz $UNPACKDIR/ramdisk.orig
+  fi
+  if [ ! -f $UNPACKDIR/ramdisk.orig ]; then
+    ui_print "! Unable to restore ramdisk"
+    exit 1
+  fi
+  rm -f $TMPDIR/boottmp/stock_boot.img $UNPACKDIR/ramdisk.orig.gz $UNPACKDIR/ramdisk.gz 2>/dev/null
+  ui_print "- Patching ramdisk with sukernel"
+  sh /data/custom_ramdisk_patch.sh $UNPACKDIR/ramdisk $BINDIR
+  LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-backup $UNPACKDIR/ramdisk.orig $UNPACKDIR/ramdisk $UNPACKDIR/ramdisk
+  gzip -9 < $UNPACKDIR/ramdisk > $UNPACKDIR/ramdisk.gz
+  rm -f $UNPACKDIR/ramdisk $UNPACKDIR/ramdisk.orig
+
+else
+
+  ##############################
+  # Magisk installation process
+  ##############################
+
+  # Ramdisk restore
   if [ -d ".backup" ]; then
+    # This implies Magisk is already installed, and ramdisk backup exists
     ui_print "- Restoring ramdisk with ramdisk backup"
     cp -af .backup/. .
     rm -rf magisk init.magisk.rc sbin/magic_mask.sh 2>/dev/null
-  else
-    [ -f "sbin/launch_daemonsu.sh" ] && SUPERSU=true
-    if ($SUPERSU); then
-      ui_print "- SuperSU patched boot detected!"
-      ui_print "- Adding auto patch script for SuperSU"
-      cp -af $INSTALLER/common/custom_ramdisk_patch.sh /data/custom_ramdisk_patch.sh
-    fi
-    if [ -d "magisk" ]; then
-      # If Magisk is installed and no SuperSU and no ramdisk backups
-      # Restore previous stock boot image
-      if (! $SUPERSU); then
-        cp -af /data/stock_boot_*.gz /data/stock_boot.img.gz 2>/dev/null
-        gzip -d /data/stock_boot.img.gz 2>/dev/null
-        if [ -f "/data/stock_boot.img" ]; then
-          ui_print "- Restoring boot image with backup"
-          cp -af /data/stock_boot.img $ORIGBOOT
-          unpack_boot $ORIGBOOT
-        fi
-      fi
-      # Removing possible modifications
-      rm -rf magisk init.magisk.rc sbin/magic_mask.sh 2>/dev/null
-      rm -rf init.xposed.rc sbin/mount_xposed.sh 2>/dev/null
+    ORIGBOOT=false
+  elif [ -d "magisk" ]; then
+    mv -f /data/stock_boot_*.gz /data/stock_boot.img.gz 2>/dev/null
+    gzip -d /data/stock_boot.img.gz 2>/dev/null
+    rm -f /data/stock_boot.img.gz 2>/dev/null
+    [ -f /data/stock_boot.img ] && ORIGBOOT=/data/stock_boot.img
+    # If Magisk is installed and no SuperSU and no ramdisk backups,
+    # we restore previous stock boot image backups
+    if [ ! -z $ORIGBOOT ]; then
+      ui_print "- Restoring boot image with backup"
+      unpack_boot $ORIGBOOT
     fi
+    # Removing possible modifications
+    rm -rf magisk init.magisk.rc sbin/magic_mask.sh sbin/su init.xposed.rc sbin/mount_xposed.sh 2>/dev/null
+    ORIGBOOT=false
   fi
-fi
 
-if (! $SUPERSU); then
-  ui_print "- Creating backups"
+  # Backups
+  ui_print "- Creating ramdisk backup"
   mkdir .backup 2>/dev/null
-  cp -af init.environ.rc *fstab* verity_key sepolicy .backup 2>/dev/null
-  if (! $SUPERSU); then
-    # SuperSU already backup stock boot, no need to do again
+  cp -af *fstab* verity_key sepolicy .backup 2>/dev/null
+  if [ -z $ORIGBOOT ]; then
+    ui_print "- Creating boot image backup"
     if (is_mounted /data); then
-      cp -af $ORIGBOOT /data/stock_boot.img
+      dd if=$BOOTIMAGE of=/data/stock_boot.img
     else
-      cp -af $ORIGBOOT /cache/stock_boot.img
+      dd if=$BOOTIMAGE of=/cache/stock_boot.img
     fi
   fi
-fi
 
-# Patch ramdisk
-ui_print "- Patching ramdisk"
-
-# Add magisk entrypoint
-for INIT in init*.rc; do
-  if [ $(grep -c "import /init.environ.rc" $INIT) -ne "0" ] && [ $(grep -c "import /init.magisk.rc" $INIT) -eq "0" ]; then
-    cp $INIT .backup
-    sed -i "/import \/init\.environ\.rc/iimport /init.magisk.rc" $INIT
-    break
+  # Root
+  ROOT=false
+  if [ ! -d /magisk/phh ]; then
+    ui_print "- Installing phh's SuperUser"
+    ROOT=true
+  elif [ `grep_prop versionCode /magisk/phh/module.prop` -lt `grep_prop versionCode $INSTALLER/common/phh/module.prop` ]; then
+    ui_print "- Upgrading phh's SuperUser"
+    ROOT=true
   fi
-done
 
-# Add magisk PATH
-if [ $(grep -c "export PATH" init.environ.rc) -eq "0" ]; then
-  sed -i "/on init/a\ \ \ \ export PATH /magisk/.core/bin:/sbin:/vendor/bin:/system/sbin:/system/bin:/system/xbin:/magisk/.core/busybox" init.environ.rc
-else 
-  if [ $(grep -c "/magisk/.core/busybox" init.environ.rc) -eq "0" ]; then
-    sed -i "/export PATH/ s/\/system\/xbin/\/system\/xbin:\/magisk\/.core\/busybox/g" init.environ.rc
+  if ($ROOT); then
+    mkdir -p /magisk/phh/bin 2>/dev/null
+    mkdir -p /magisk/phh/su.d 2>/dev/null
+    cp -af $INSTALLER/common/phh/. /magisk/phh
+    cp -af $BINDIR/su $BINDIR/sepolicy-inject /magisk/phh/bin
+    chmod -R 755 /magisk/phh/bin
   fi
-  if [ $(grep -c "/magisk/.core/bin" init.environ.rc) -eq "0" ] && (! $SUPERSU); then
-    sed -i "/export PATH/ s/\/sbin/\/magisk\/.core\/bin:\/sbin/g" init.environ.rc
-  fi
-fi
 
-if (! $SUPERSU); then
+  # Patch ramdisk
+  ui_print "- Patching ramdisk"
+
+  # Add magisk entrypoint
+  for INIT in init*.rc; do
+    if [ `grep -c "import /init.environ.rc" $INIT` -ne "0" ] && [ `grep -c "import /init.magisk.rc" $INIT` -eq "0" ]; then
+      cp $INIT .backup
+      sed -i "/import \/init\.environ\.rc/iimport /init.magisk.rc" $INIT
+      break
+    fi
+  done
+
   sed -i "/selinux.reload_policy/d" init.rc
   find . -type f -name "*fstab*" 2>/dev/null | while read FSTAB ; do
     if (! $KEEPVERITY); then
@@ -427,31 +520,31 @@ if (! $SUPERSU); then
   if (! $KEEPVERITY); then
     rm verity_key 2>/dev/null
   fi
+
+  # sepolicy patches
+  LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/sepolicy-inject --magisk -P sepolicy
+
+  # Add new items
+  mkdir -p magisk 2>/dev/null
+  cp -af $INSTALLER/common/init.magisk.rc init.magisk.rc
+  cp -af $INSTALLER/common/magic_mask.sh sbin/magic_mask.sh
+
+  chmod 0755 magisk
+  chmod 0750 init.magisk.rc sbin/magic_mask.sh
 fi
 
-# sepolicy patches
-$BINDIR/sepolicy-inject --magisk -P sepolicy
-
-# Add new items
-mkdir -p magisk 2>/dev/null
-cp -af $INSTALLER/common/init.magisk.rc init.magisk.rc
-cp -af $INSTALLER/common/magic_mask.sh sbin/magic_mask.sh
-
-chmod 0755 magisk
-chmod 0750 init.magisk.rc sbin/magic_mask.sh
-
 ui_print "- Repacking boot image"
 repack_boot
 
-ORIGSIZE=$(ls -l $ORIGBOOT | awk '{print $5}')
-NEWSIZE=$(ls -l $NEWBOOT | awk '{print $5}')
-if [ "$NEWSIZE" -gt "$ORIGSIZE" ]; then
+BOOTSIZE=`blockdev --getsize64 $BOOTIMAGE 2>/dev/null`
+NEWSIZE=`ls -l $NEWBOOT | awk '{print $5}'`
+if [ "$NEWSIZE" -gt "$BOOTSIZE" ]; then
   ui_print "! Boot partition space insufficient"
-  ui_print "! Try to remove ramdisk backups"
+  ui_print "! Remove ramdisk backups and try again"
   rm -rf $RAMDISK/.backup $NEWBOOT 2>/dev/null
   repack_boot
-  NEWSIZE=$(ls -l $NEWBOOT | awk '{print $5}')
-  if [ "$NEWSIZE" -gt "$ORIGSIZE" ]; then
+  NEWSIZE=`ls -l $NEWBOOT | awk '{print $5}'`
+  if [ "$NEWSIZE" -gt "$BOOTSIZE" ]; then
     ui_print "! Boot partition size still too small..."
     ui_print "! Unable to install Magisk"
     exit 1
@@ -460,18 +553,22 @@ fi
 
 chmod 644 $NEWBOOT
 
-if [ -L "$BOOTIMAGE" ]; then
-  ui_print "- Block symlink detected!"
-else
-  dd if=/dev/zero of=$BOOTIMAGE bs=4096 2>/dev/null
-fi
 ui_print "- Flashing new boot image"
+[ ! -L $BOOTIMAGE ] && dd if=/dev/zero of=$BOOTIMAGE bs=4096 2>/dev/null
 dd if=$NEWBOOT of=$BOOTIMAGE bs=4096
 
+cd /
+
 if (! $BOOTMODE); then
   ui_print "- Unmounting partitions"
   umount /magisk
   losetup -d $MAGISKLOOP
+  rmdir /magisk
+  if ($SUPERSU); then
+    umount /su
+    losetup -d $SUPERSULOOP
+    rmdir /su
+  fi
   umount /system
 fi
 

scripts/magic_mask.sh

@@ -0,0 +1,515 @@
+#!/system/bin/sh
+
+LOGFILE=/cache/magisk.log
+IMG=/data/magisk.img
+WHITELIST="/system/app /system/priv-app /system/bin"
+
+MOUNTPOINT=/magisk
+
+COREDIR=$MOUNTPOINT/.core
+
+TMPDIR=/dev/magisk
+DUMMDIR=$TMPDIR/dummy
+MIRRDIR=$TMPDIR/mirror
+MOUNTINFO=$TMPDIR/mnt
+
+# Use the included busybox for maximum compatibility and reliable results
+# e.g. we rely on the option "-c" for cp (reserve contexts), and -exec for find
+TOOLPATH=/data/busybox
+BINPATH=/data/magisk
+
+# Default permissions
+umask 022
+
+log_print() {
+  echo "$1"
+  echo "$1" >> $LOGFILE
+  log -p i -t Magisk "$1"
+}
+
+mktouch() {
+  mkdir -p ${1%/*} 2>/dev/null
+  if [ -z "$2" ]; then
+    touch "$1" 2>/dev/null
+  else
+    echo "$2" > "$1" 2>/dev/null
+  fi
+}
+
+in_list() {
+  for i in $2; do
+    [ "$1" = "$i" ] && return 0
+  done
+  return 1
+}
+
+unblock() {
+  touch /dev/.magisk.unblock
+  exit
+}
+
+run_scripts() {
+  BASE=$MOUNTPOINT
+  for MOD in $BASE/* ; do
+    if [ ! -f $MOD/disable ]; then
+      if [ -f $MOD/$1.sh ]; then
+        chmod 755 $MOD/$1.sh
+        chcon "u:object_r:system_file:s0" "$MOD/$1.sh"
+        log_print "$1: $MOD/$1.sh"
+        sh $MOD/$1.sh
+      fi
+    fi
+  done
+}
+
+loopsetup() {
+  LOOPDEVICE=
+  for DEV in `ls /dev/block/loop*`; do
+    if losetup $DEV $1; then
+      LOOPDEVICE=$DEV
+      break
+    fi
+  done
+}
+
+target_size_check() {
+  e2fsck -p -f $1
+  curBlocks=`e2fsck -n $1 2>/dev/null | cut -d, -f3 | cut -d\  -f2`;
+  curUsedM=$((`echo "$curBlocks" | cut -d/ -f1` * 4 / 1024));
+  curSizeM=$((`echo "$curBlocks" | cut -d/ -f2` * 4 / 1024));
+  curFreeM=$((curSizeM - curUsedM));
+}
+
+travel() {
+  # Ignore /system/vendor, we will handle it differently
+  [ "$1" = "system/vendor" ] && return
+
+  cd $TRAVEL_ROOT/$1
+  if [ -f .replace ]; then
+    rm -rf $MOUNTINFO/$1
+    mktouch $MOUNTINFO/$1 $TRAVEL_ROOT
+  else
+    for ITEM in * ; do
+      if [ ! -e /$1/$ITEM ]; then
+        # New item found
+        # If we are in a higher level, delete the lower levels
+        rm -rf $MOUNTINFO/dummy/$1
+        # Mount the dummy parent
+        mktouch $MOUNTINFO/dummy/$1
+
+        if [ -d $ITEM ]; then
+          # Create new dummy directory and mount it
+          mkdir -p $DUMMDIR/$1/$ITEM
+          mktouch $MOUNTINFO/$1/$ITEM $TRAVEL_ROOT
+        elif [ -L $ITEM ]; then
+          # Symlinks are small, copy them
+          mkdir -p $DUMMDIR/$1 2>/dev/null
+          cp -afc $ITEM $DUMMDIR/$1/$ITEM
+        else
+          # Create new dummy file and mount it
+          mktouch $DUMMDIR/$1/$ITEM
+          mktouch $MOUNTINFO/$1/$ITEM $TRAVEL_ROOT
+        fi
+      else
+        if [ -d $ITEM ]; then
+          # It's an directory, travel deeper
+          (travel $1/$ITEM)
+        elif [ ! -L $ITEM ]; then
+          # Mount this file
+          mktouch $MOUNTINFO/$1/$ITEM $TRAVEL_ROOT
+        fi
+      fi
+    done
+  fi
+}
+
+clone_dummy() {
+  LINK=false
+  in_list $1 "$WHITELIST" && LINK=true
+
+  for ITEM in $MIRRDIR$1/* ; do
+    REAL=${ITEM#$MIRRDIR}
+    if [ -d $MOUNTINFO$REAL ]; then
+      # Need to clone deeper
+      mkdir -p $DUMMDIR$REAL
+      (clone_dummy $REAL)
+    else
+      if [ -L $ITEM ]; then
+        # Copy original symlink
+        cp -afc $ITEM $DUMMDIR$REAL
+      else
+        if $LINK && [ ! -e $MOUNTINFO$REAL ]; then
+          ln -s $MIRRDIR$REAL $DUMMDIR$REAL
+        else
+          if [ -d $ITEM ]; then
+            mkdir -p $DUMMDIR$REAL
+          else
+            mktouch $DUMMDIR$REAL
+          fi
+          [ ! -e $MOUNTINFO$REAL ] && mktouch $MOUNTINFO/mirror$REAL
+        fi
+      fi
+    fi
+  done
+}
+
+bind_mount() {
+  if [ -e $1 -a -e $2 ]; then
+    mount -o bind $1 $2
+    if [ $? -eq 0 ]; then 
+      log_print "Mount: $1"
+    else 
+      log_print "Mount Fail: $1"
+    fi 
+  fi
+}
+
+merge_image() {
+  if [ -f $1 ]; then
+    log_print "$1 found"
+    if [ -f $IMG ]; then
+      log_print "$IMG found, attempt to merge"
+
+      # Handle large images
+      target_size_check $1
+      MERGEUSED=$curUsedM
+      target_size_check $IMG
+      if [ "$MERGEUSED" -gt "$curFreeM" ]; then
+        NEWDATASIZE=$((((MERGEUSED + curUsedM) / 32 + 2) * 32))
+        log_print "Expanding $IMG to ${NEWDATASIZE}M..."
+        resize2fs $IMG ${NEWDATASIZE}M
+      fi
+
+      # Start merging
+      mkdir /cache/data_img
+      mkdir /cache/merge_img
+
+      # setup loop devices
+      loopsetup $IMG
+      LOOPDATA=$LOOPDEVICE
+      log_print "$LOOPDATA $IMG"
+
+      loopsetup $1
+      LOOPMERGE=$LOOPDEVICE
+      log_print "$LOOPMERGE $1"
+
+      if [ ! -z $LOOPDATA -a ! -z $LOOPMERGE ]; then
+        # if loop devices have been setup, mount images
+        OK=false
+        mount -t ext4 -o rw,noatime $LOOPDATA /cache/data_img && \
+        mount -t ext4 -o rw,noatime $LOOPMERGE /cache/merge_img && \
+        OK=true
+
+        if $OK; then
+          # Merge (will reserve selinux contexts)
+          cd /cache/merge_img
+          for MOD in *; do
+            if [ "$MOD" != "lost+found" ]; then
+              log_print "Merging: $MOD"
+              rm -rf /cache/data_img/$MOD
+            fi
+          done
+          cp -afc . /cache/data_img
+          log_print "Merge complete"
+          cd /
+        fi
+
+        umount /cache/data_img
+        umount /cache/merge_img
+      fi
+
+      losetup -d $LOOPDATA
+      losetup -d $LOOPMERGE
+
+      rmdir /cache/data_img
+      rmdir /cache/merge_img
+    else 
+      log_print "Moving $1 to $IMG "
+      mv $1 $IMG
+    fi
+    rm -f $1
+  fi
+}
+
+case $1 in
+  post-fs )
+    mv $LOGFILE /cache/last_magisk.log
+    touch $LOGFILE
+    chmod 644 $LOGFILE
+
+    # No more cache mods!
+    # Only for multirom!
+
+    log_print "** Magisk post-fs mode running..."
+
+    # Cleanup legacy stuffs...
+    rm -rf /cache/magisk /cache/magisk_merge /cache/magiskhide.log
+
+    if [ -d /cache/magisk_mount ]; then
+      log_print "* Mounting cache files"
+      find /cache/magisk_mount -type f 2>/dev/null | while read ITEM ; do
+        chmod 644 $ITEM
+        chcon "u:object_r:system_file:s0" $ITEM
+        TARGET=${ITEM#/cache/magisk_mount}
+        bind_mount $ITEM $TARGET
+      done
+    fi
+
+    unblock
+    ;;
+
+  post-fs-data )
+    # /data not mounted yet
+    ! mount | grep " /data " >/dev/null && unblock
+    mount | grep " /data " | grep "tmpfs" >/dev/null && unblock
+
+    # Don't run twice
+    if [ "`getprop magisk.restart_pfsd`" != "1" ]; then
+
+      export OLDPATH=$PATH
+      export PATH=$TOOLPATH:$OLDPATH
+
+      log_print "** Magisk post-fs-data mode running..."
+
+      # Cache support
+      if [ -d "/cache/data_bin" ]; then
+        rm -rf $BINPATH $TOOLPATH
+        mkdir -p $TOOLPATH
+        mv /cache/data_bin $BINPATH
+        chmod -R 755 $BINPATH $TOOLPATH
+        $BINPATH/busybox --install -s $TOOLPATH
+        ln -s $BINPATH/busybox $TOOLPATH/busybox
+        # Prevent issues
+        rm -f $TOOLPATH/su $TOOLPATH/sh $TOOLPATH/reboot
+      fi
+
+      mv /cache/stock_boot.img /data/stock_boot.img 2>/dev/null
+      mv /cache/magisk.apk /data/magisk.apk 2>/dev/null
+
+      find $BINPATH -exec chcon -h "u:object_r:system_file:s0" {} \;
+      find $TOOLPATH -exec chcon -h "u:object_r:system_file:s0" {} \;
+      chmod -R 755 $BINPATH $TOOLPATH
+
+      # Live patch sepolicy
+      $BINPATH/sepolicy-inject --live -s su
+
+      # Multirom functions should go here, not available right now
+      MULTIROM=false
+
+      # Image merging
+      chmod 644 $IMG /cache/magisk.img /data/magisk_merge.img 2>/dev/null
+      merge_image /cache/magisk.img
+      merge_image /data/magisk_merge.img
+
+      # Mount magisk.img
+      [ ! -d $MOUNTPOINT ] && mkdir -p $MOUNTPOINT
+      if ! mount | grep $MOUNTPOINT; then
+        loopsetup $IMG
+        [ ! -z $LOOPDEVICE ] && mount -t ext4 -o rw,noatime $LOOPDEVICE $MOUNTPOINT
+        if [ $? -ne 0 ]; then
+          log_print "magisk.img mount failed, nothing to do :("
+          unblock
+        fi
+      fi
+
+      # Remove empty directories, legacy paths, symlinks, old temporary images
+      find $MOUNTPOINT -type d -depth ! -path "*core*" -exec rmdir {} \; 2>/dev/null
+      rm -rf $COREDIR/bin $COREDIR/dummy $COREDIR/mirror /data/magisk/*.img 2>/dev/null
+
+      # Remove modules that is labeled to be removed
+      for MOD in $MOUNTPOINT/* ; do
+        rm -f $MOD/system/placeholder 2>/dev/null
+        if [ -f $MOD/remove ] || [ $MOD = zzsupersu ]; then
+          log_print "Remove module: $MOD"
+          rm -rf $MOD
+        fi
+      done
+
+      # Unmount, shrink, remount
+      if umount $MOUNTPOINT; then
+        losetup -d $LOOPDEVICE
+        target_size_check $IMG
+        NEWDATASIZE=$(((curUsedM / 32 + 2) * 32))
+        if [ "$curSizeM" -gt "$NEWDATASIZE" ]; then
+          log_print "Shrinking $IMG to ${NEWDATASIZE}M..."
+          resize2fs $IMG ${NEWDATASIZE}M
+        fi
+        loopsetup $IMG
+        [ ! -z $LOOPDEVICE ] && mount -t ext4 -o rw,noatime $LOOPDEVICE $MOUNTPOINT
+        if [ $? -ne 0 ]; then
+          log_print "magisk.img mount failed, nothing to do :("
+          unblock
+        fi
+      fi
+
+      log_print "* Preparing modules"
+
+      # Disable phh and Magisk Hide for SuperSU
+      if [ -f /sbin/launch_daemonsu.sh ]; then
+        touch /magisk/phh/disable 2>/dev/null
+        rm -f $COREDIR/magiskhide/enable 2>/dev/null
+      fi
+
+      mkdir -p $DUMMDIR
+      mkdir -p $MIRRDIR/system
+
+      # Remove crap folder
+      rm -rf $MOUNTPOINT/lost+found
+
+      # Link vendor if not exist
+      if [ ! -e /vendor ]; then
+        mount -o rw,remount rootfs /
+        ln -s /system/vendor /vendor
+        mount -o ro,remount rootfs /
+      fi
+
+      # Travel through all mods
+      for MOD in $MOUNTPOINT/* ; do
+        # Read in defined system props
+        [ -f $MOD/system.prop ] && /data/magisk/resetprop --file $MOD/system.prop
+        if [ -f $MOD/auto_mount -a -d $MOD/system -a ! -f $MOD/disable ]; then
+          TRAVEL_ROOT=$MOD
+          (travel system)
+          rm -f $MOD/vendor 2>/dev/null
+          if [ -d $MOD/system/vendor ]; then
+            ln -s $MOD/system/vendor $MOD/vendor
+            (travel vendor)
+          fi
+        fi
+      done
+
+      # Proper permissions for generated items
+      find $TMPDIR -exec chcon -h "u:object_r:system_file:s0" {} \;
+
+      # linker(64), t*box required for bin
+      if [ -f $MOUNTINFO/dummy/system/bin ]; then
+        cp -afc /system/bin/linker* /system/bin/t*box $DUMMDIR/system/bin/
+      fi
+
+      # Start doing tasks
+
+      # Stage 1
+      log_print "* Stage 1: Mount system and vendor mirrors"
+      SYSTEMBLOCK=`mount | grep " /system " | awk '{print $1}'`
+      mkdir -p $MIRRDIR/system
+      mount -o ro $SYSTEMBLOCK $MIRRDIR/system
+      if [ `mount | grep -c " /vendor "` -ne 0 ]; then
+        VENDORBLOCK=`mount | grep " /vendor " | awk '{print $1}'`
+        mkdir -p $MIRRDIR/vendor
+        mount -o ro $VENDORBLOCK $MIRRDIR/vendor
+      else
+        ln -s $MIRRDIR/system/vendor $MIRRDIR/vendor
+      fi
+
+      # Since mirrors always exist, we load libraries and binaries from mirrors
+      export LD_LIBRARY_PATH=$MIRRDIR/system/lib:$MIRRDIR/vendor/lib
+      [ -d $MIRRDIR/system/lib64 ] && export LD_LIBRARY_PATH=$MIRRDIR/system/lib64:$MIRRDIR/vendor/lib64
+
+      # Stage 2
+      log_print "* Stage 2: Mount dummy skeletons"
+      # Move /system/vendor to /vendor for consistency
+      mv -f $MOUNTINFO/dummy/system/vendor $MOUNTINFO/dummy/vendor 2>/dev/null
+      mv -f $DUMMDIR/system/vendor $DUMMDIR/vendor 2>/dev/null
+      find $MOUNTINFO/dummy -type f 2>/dev/null | while read ITEM ; do
+        TARGET=${ITEM#$MOUNTINFO/dummy}
+        ORIG=$DUMMDIR$TARGET
+        (clone_dummy $TARGET)
+        bind_mount $ORIG $TARGET
+      done
+
+      # Check if the dummy /system/bin is empty, it shouldn't
+      [ ! -e $DUMMDIR/system/bin/sh ] && clone_dummy /system/bin
+
+      # Stage 3
+      log_print "* Stage 3: Mount module items"
+      find $MOUNTINFO/system -type f 2>/dev/null | while read ITEM ; do
+        TARGET=${ITEM#$MOUNTINFO}
+        ORIG=`cat $ITEM`$TARGET
+        bind_mount $ORIG $TARGET
+      done
+      find $MOUNTINFO/vendor -type f 2>/dev/null | while read ITEM ; do
+        TARGET=${ITEM#$MOUNTINFO}
+        ORIG=`cat $ITEM`$TARGET
+        bind_mount $ORIG $TARGET
+      done
+
+      # Stage 4
+      log_print "* Stage 4: Execute module scripts"
+      run_scripts post-fs-data
+
+      # Stage 5
+      log_print "* Stage 5: Mount mirrored items back to dummy"
+      find $MOUNTINFO/mirror -type f 2>/dev/null | while read ITEM ; do
+        TARGET=${ITEM#$MOUNTINFO/mirror}
+        ORIG=$MIRRDIR$TARGET
+        bind_mount $ORIG $TARGET
+      done
+
+      # Bind hosts for Adblock apps
+      if [ -f $COREDIR/hosts ]; then
+        log_print "* Enabling systemless hosts file support"
+        bind_mount $COREDIR/hosts /system/etc/hosts
+      fi
+
+      # Expose busybox
+      if [ -f $COREDIR/busybox/enable ]; then
+        log_print "* Enabling BusyBox"
+        cp -afc /data/busybox/. $COREDIR/busybox
+        cp -afc /system/xbin/. $COREDIR/busybox
+        chmod -R 755 $COREDIR/busybox
+        chcon -hR "u:object_r:system_file:s0" $COREDIR/busybox
+        bind_mount $COREDIR/busybox /system/xbin
+      fi
+
+      if [ -f /data/magisk.apk ]; then
+        if [ -z `ls /data/app | grep com.topjohnwu.magisk` ]; then
+          mkdir /data/app/com.topjohnwu.magisk-1
+          cp /data/magisk.apk /data/app/com.topjohnwu.magisk-1/base.apk
+          chown 1000.1000 /data/app/com.topjohnwu.magisk-1
+          chown 1000.1000 /data/app/com.topjohnwu.magisk-1/base.apk
+          chmod 755 /data/app/com.topjohnwu.magisk-1
+          chmod 644 /data/app/com.topjohnwu.magisk-1/base.apk
+          chcon u:object_r:apk_data_file:s0 /data/app/com.topjohnwu.magisk-1
+          chcon u:object_r:apk_data_file:s0 /data/app/com.topjohnwu.magisk-1/base.apk
+        fi
+        rm -f /data/magisk.apk 2>/dev/null
+      fi
+
+      # Restart post-fs-data if necessary (multirom)
+      $MULTIROM && setprop magisk.restart_pfsd 1
+
+    fi
+    unblock
+    ;;
+
+  service )
+    # Version info
+    MAGISK_VERSION_STUB
+    log_print "** Magisk late_start service mode running..."
+    run_scripts service
+
+    # Magisk Hide
+    if [ -f $COREDIR/magiskhide/enable ]; then
+      log_print "* Removing tampered read-only system props"
+
+      VERIFYBOOT=`getprop ro.boot.verifiedbootstate`
+      FLASHLOCKED=`getprop ro.boot.flash.locked`
+      VERITYMODE=`getprop ro.boot.veritymode`
+
+      [ ! -z "$VERIFYBOOT" -a "$VERIFYBOOT" != "green" ] && \
+      log_print "`$BINPATH/resetprop -v -n ro.boot.verifiedbootstate green`"
+      [ ! -z "$FLASHLOCKED" -a "$FLASHLOCKED" != "1" ] && \
+      log_print "`$BINPATH/resetprop -v -n ro.boot.flash.locked 1`"
+      [ ! -z "$VERITYMODE" -a "$VERITYMODE" != "enforcing" ] && \
+      log_print "`$BINPATH/resetprop -v -n ro.boot.veritymode enforcing`"
+
+      mktouch $COREDIR/magiskhide/hidelist
+      chmod -R 755 $COREDIR/magiskhide
+      # Add Safety Net preset
+      $COREDIR/magiskhide/add com.google.android.gms.unstable
+      log_print "* Starting Magisk Hide"
+      /data/magisk/magiskhide --daemon
+    fi
+    ;;
+
+esac

uninstaller/META-INF/com/google/android/update-binary

@@ -10,6 +10,15 @@
 
 INSTALLER=/tmp/uninstall
 
+# Boot Image Variables
+CHROMEDIR=$INSTALLER/chromeos
+NEWBOOT=$TMPDIR/boottmp/new-boot.img
+UNPACKDIR=$TMPDIR/boottmp/bootunpack
+RAMDISK=$TMPDIR/boottmp/ramdisk
+
+# Default permissions
+umask 022
+
 ##########################################################################################
 # Flashable update-binary preparation
 ##########################################################################################
@@ -63,14 +72,14 @@ getvar() {
 find_boot_image() {
   if [ -z "$BOOTIMAGE" ]; then
     for PARTITION in kern-a KERN-A android_boot ANDROID_BOOT kernel KERNEL boot BOOT lnx LNX; do
-      BOOTIMAGE=$(readlink /dev/block/by-name/$PARTITION || readlink /dev/block/platform/*/by-name/$PARTITION || readlink /dev/block/platform/*/*/by-name/$PARTITION)
+      BOOTIMAGE=`readlink /dev/block/by-name/$PARTITION || readlink /dev/block/platform/*/by-name/$PARTITION || readlink /dev/block/platform/*/*/by-name/$PARTITION`
       if [ ! -z "$BOOTIMAGE" ]; then break; fi
     done
   fi
   if [ -z "$BOOTIMAGE" ]; then
     FSTAB="/etc/recovery.fstab"
     [ ! -f "$FSTAB" ] && FSTAB="/etc/recovery.fstab.bak"
-    BOOTIMAGE=$(grep -E '\b/boot\b' "$FSTAB" | grep -oE '/dev/[a-zA-Z0-9_./-]*')
+    [ -f "$FSTAB" ] && BOOTIMAGE=`grep -E '\b/boot\b' "$FSTAB" | grep -oE '/dev/[a-zA-Z0-9_./-]*'`
   fi
 }
 
@@ -93,17 +102,46 @@ grep_prop() {
   cat $FILES 2>/dev/null | sed -n $REGEX | head -n 1
 }
 
+mount_image() {
+  if [ ! -d "$2" ]; then
+    mount -o rw,remount rootfs /
+    mkdir -p $2 2>/dev/null
+    ($BOOTMODE) && mount -o ro,remount rootfs /
+    [ ! -d "$2" ] && return 1
+  fi
+  if (! is_mounted $2); then
+    LOOPDEVICE=
+    for LOOP in 0 1 2 3 4 5 6 7; do
+      if (! is_mounted $2); then
+        LOOPDEVICE=/dev/block/loop$LOOP
+        if [ ! -f "$LOOPDEVICE" ]; then
+          mknod $LOOPDEVICE b 7 $LOOP 2>/dev/null
+        fi
+        losetup $LOOPDEVICE $1
+        if [ "$?" -eq "0" ]; then
+          mount -t ext4 -o loop $LOOPDEVICE $2
+          if (! is_mounted $2); then
+            /system/bin/toolbox mount -t ext4 -o loop $LOOPDEVICE $2
+          fi
+          if (! is_mounted $2); then
+            /system/bin/toybox mount -t ext4 -o loop $LOOPDEVICE $2
+          fi
+        fi
+        if (is_mounted $2); then
+          ui_print "- Mounting $1 to $2"
+          break;
+        fi
+      fi
+    done
+  fi
+}
+
 unpack_boot() {
   rm -rf $UNPACKDIR $RAMDISK 2>/dev/null
   mkdir -p $UNPACKDIR
   mkdir -p $RAMDISK
   cd $UNPACKDIR
-  $BINDIR/bootimgtools --extract $1
-
-  find $TMPDIR/boottmp -type d -exec chmod 755 {} \;
-  find $TMPDIR/boottmp -type f -exec chmod 644 {} \;
-  chmod 755 $(find $TMPDIR/boottmp -type d)
-  chmod 644 $(find $TMPDIR/boottmp -type f)
+  LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/bootimgtools --extract $1
 
   cd $RAMDISK
   gunzip -c < $UNPACKDIR/ramdisk.gz | cpio -i
@@ -113,11 +151,11 @@ repack_boot() {
   cd $RAMDISK
   find . | cpio -o -H newc 2>/dev/null | gzip -9 > $UNPACKDIR/ramdisk.gz
   cd $UNPACKDIR
-  $BINDIR/bootimgtools --repack $ORIGBOOT
+  LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/bootimgtools --repack $BOOTIMAGE
   if [ -f chromeos ]; then
     echo " " > config
     echo " " > bootloader
-    $CHROMEDIR/futility vbutil_kernel --pack new-boot.img.signed --keyblock $CHROMEDIR/kernel.keyblock --signprivate $CHROMEDIR/kernel_data_key.vbprivk --version 1 --vmlinuz new-boot.img --config config --arch arm --bootloader bootloader --flags 0x1
+    LD_LIBRARY_PATH=$SYSTEMLIB $CHROMEDIR/futility vbutil_kernel --pack new-boot.img.signed --keyblock $CHROMEDIR/kernel.keyblock --signprivate $CHROMEDIR/kernel_data_key.vbprivk --version 1 --vmlinuz new-boot.img --config config --arch arm --bootloader bootloader --flags 0x1
     rm -f new-boot.img
     mv new-boot.img.signed new-boot.img
   fi
@@ -127,6 +165,11 @@ repack_boot() {
       echo -n "SEANDROIDENFORCE" >> new-boot.img
     fi
   fi
+  if ($LGE_G); then
+    # Prevent secure boot error on LG G2/G3.
+    # Just for know, It's a pattern which bootloader verifies at boot. Thanks to LG hackers.
+    echo -n -e "\x41\xa9\xe4\x67\x74\x4d\x1d\x1b\xa4\x29\xf2\xec\xea\x65\x52\x79" >> new-boot.img
+  fi
   mv new-boot.img $NEWBOOT
 }
 
@@ -134,33 +177,43 @@ revert_boot() {
   rm -rf $TMPDIR/boottmp 2>/dev/null
   mkdir -p $TMPDIR/boottmp
 
-  CHROMEDIR=$INSTALLER/chromeos
-  ORIGBOOT=$TMPDIR/boottmp/boot.img
-  NEWBOOT=$TMPDIR/boottmp/new-boot.img
-  UNPACKDIR=$TMPDIR/boottmp/bootunpack
-  RAMDISK=$TMPDIR/boottmp/ramdisk
-
-  chmod 777 $CHROMEDIR/futility $BINDIR/*
-
-  ui_print "- Dumping boot image"
-  dd if=$BOOTIMAGE of=$ORIGBOOT
-
   ui_print "- Unpacking boot image"
-  unpack_boot $ORIGBOOT
+  unpack_boot $BOOTIMAGE
 
-  if [ -d ".backup" ]; then
+  SUPERSU=false
+  [ -f sbin/launch_daemonsu.sh ] && SUPERSU=true
+
+  if ($SUPERSU); then
+    ui_print "- SuperSU patched boot detected!"
+    SUIMG=/data/su.img
+    mount_image $SUIMG /su
+    if (is_mounted /su); then
+      SUPERSULOOP=$LOOPDEVICE
+      gunzip -c < $UNPACKDIR/ramdisk.gz > $UNPACKDIR/ramdisk
+      ui_print "- Using sukernel to restore ramdisk"
+      # Restore ramdisk
+      LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-restore $UNPACKDIR/ramdisk $UNPACKDIR/ramdisk
+      if [ $? -ne 0 ]; then
+        ui_print "! Unable to restore ramdisk"
+        ui_print "! Will still remove Magisk additions"
+      fi
+      rm -rf $RAMDISK
+      mkdir -p $RAMDISK
+      cd $RAMDISK
+      cpio -i < $UNPACKDIR/ramdisk
+      rm -f $UNPACKDIR/ramdisk
+    fi
+  elif [ -d ".backup" ]; then
     ui_print "- Restoring ramdisk with backup"
-    cp -af .backup/* .
-    rm -rf magisk init.magisk.rc sbin/magic_mask.sh 2>/dev/null
-    rm -rf .backup
+    cp -af .backup/. .
   else
     ui_print "! No ramdisk backup found"
-    ui_print "! Unable to revert completely"
     ui_print "! Will still remove Magisk additions"
-    # Removing boot image modifications
-    rm -rf magisk init.magisk.rc sbin/magic_mask.sh 2>/dev/null
   fi
 
+  # Remove possible boot modifications
+  rm -rf magisk init.magisk.rc sbin/magic_mask.sh .backup 2>/dev/null
+
   ui_print "- Repacking boot image"
   repack_boot
 }
@@ -188,24 +241,44 @@ if [ ! -f '/system/build.prop' ]; then
   exit 1
 fi
 
+SAMSUNG=false
+SAMSUNG_CHECK=$(cat /system/build.prop | grep "ro.build.fingerprint=" | grep -i "samsung")
+if [ $? -eq 0 ]; then
+  SAMSUNG=true
+fi
+
+LGE_G=false
+RBRAND=$(grep_prop ro.product.brand)
+RMODEL=$(grep_prop ro.product.device)
+if [ "$RBRAND" = "lge" ] || [ "$RBRAND" = "LGE" ];  then 
+  if [ "$RMODEL" = "*D80*" ] || 
+     [ "$RMODEL" = "*S98*" ] || 
+     [ "$RMODEL" = "*D85*" ] ||
+     [ "$RMODEL" = "*F40*" ]; then
+    LGE_G=true
+    ui_print "! Bump device detected"
+  fi
+fi
+
 API=$(grep_prop ro.build.version.sdk)
 ABI=$(grep_prop ro.product.cpu.abi | cut -c-3)
 ABI2=$(grep_prop ro.product.cpu.abi2 | cut -c-3)
 ABILONG=$(grep_prop ro.product.cpu.abi)
 
 ARCH=arm
-IS64BIT=
+IS64BIT=false
 if [ "$ABI" = "x86" ]; then ARCH=x86; fi;
 if [ "$ABI2" = "x86" ]; then ARCH=x86; fi;
-if [ "$ABILONG" = "arm64-v8a" ]; then ARCH=arm64; IS64BIT=1; fi;
-if [ "$ABILONG" = "x86_64" ]; then ARCH=x64; IS64BIT=1; fi;
+if [ "$ABILONG" = "arm64-v8a" ]; then ARCH=arm64; IS64BIT=true; fi;
+if [ "$ABILONG" = "x86_64" ]; then ARCH=x64; IS64BIT=true; fi;
 
 ui_print "- Device platform: $ARCH"
 
-BINDIR=$INSTALLER/arm
-if [ "$ARCH" = "x86" -o "$ARCH" = "x64" ]; then
-  BINDIR=$INSTALLER/x86
-fi
+BINDIR=$INSTALLER/$ARCH
+chmod -R 755 $CHROMEDIR/futility $BINDIR
+
+SYSTEMLIB=/system/lib
+($IS64BIT) && SYSTEMLIB=/system/lib64
 
 find_boot_image
 if [ -z "$BOOTIMAGE" ]; then
@@ -213,23 +286,18 @@ if [ -z "$BOOTIMAGE" ]; then
   exit 1
 fi
 
-SAMSUNG=false
-SAMSUNG_CHECK=$(cat /system/build.prop | grep "ro.build.fingerprint=" | grep -i "samsung")
-if [ $? -eq 0 ]; then
-  SAMSUNG=true
-fi
-
 ##########################################################################################
 # Detection all done, start installing
 ##########################################################################################
 
-umount /magisk 2>/dev/null
+ui_print "- Found Boot Image: $BOOTIMAGE"
 
 if (is_mounted /data); then
-  cp -af /data/stock_boot_*.gz /data/stock_boot.img.gz 2>/dev/null
-  gzip -d /data/stock_boot.img.gz 2>/dev/null
-  rm -rf /data/stock_boot.img.gz 2>/dev/null
-  if [ -f "/data/stock_boot.img" ]; then
+  PATH=/data/busybox:$PATH
+  cp -f /data/stock_boot_*.gz /data/stock_boot.img.gz 2>/dev/null
+  gunzip -d < /data/stock_boot.img.gz > /data/stock_boot.img 2>/dev/null
+  rm -f /data/stock_boot.img.gz 2>/dev/null
+  if [ -f /data/stock_boot.img ]; then
     ui_print "- Boot image backup found!"
     NEWBOOT=/data/stock_boot.img
   else
@@ -237,29 +305,36 @@ if (is_mounted /data); then
     revert_boot
   fi
   ui_print "- Removing Magisk files"
-  rm -rf /cache/magisk /cache/magisk_merge /cache/magisk.log /cache/last_magisk.log /cache/unblock /data/Magisk.apk /data/magisk.img /data/magisk_merge.img /data/busybox /data/magisk 2>/dev/null
+  rm -rf  /cache/magisk.log /cache/last_magisk.log /cache/magiskhide.log \
+          /cache/magisk /cache/magisk_merge /cache/magisk_mount  /cache/unblock \
+          /data/Magisk.apk /data/magisk.apk /data/magisk.img /data/magisk_merge.img \
+          /data/busybox /data/magisk /data/custom_ramdisk_patch.sh 2>/dev/null
 else
-  ui_print "! Data unavalible"
+  ui_print "! Data unavailable"
   ui_print "! Impossible to restore original boot image"
   ui_print "! Try using ramdisk backup"
   revert_boot
   ui_print "- Removing Magisk files"
-  rm -rf /cache/magisk* /cache/last_magisk.log /cache/unblock 2>/dev/null
+  rm -rf  /cache/magisk.log /cache/last_magisk.log /cache/magiskhide.log \
+          /cache/magisk /cache/magisk_merge /cache/magisk_mount /cache/unblock 2>/dev/null
   ui_print "*****************************************"
   ui_print "     Magisk is not fully removed yet     "
   ui_print " Please manually remove /data/magisk.img "
   ui_print "*****************************************"
 fi
 
-if [ -L "$BOOTIMAGE" ]; then
-  ui_print "- Block symlink detected!"
-else
-  dd if=/dev/zero of=$BOOTIMAGE bs=4096 2>/dev/null
-fi
+chmod 644 $NEWBOOT
+
 ui_print "- Flashing reverted image"
+[ ! -L "$BOOTIMAGE" ] && dd if=/dev/zero of=$BOOTIMAGE bs=4096 2>/dev/null
 dd if=$NEWBOOT of=$BOOTIMAGE bs=4096
 
 umount /system
+if [ ! -z $SUPERSU ]; then
+  umount /su
+  losetup -d $SUPERSULOOP
+  rmdir /su
+fi
 
 ui_print "- Done"
 exit 0

zip_static/common/custom_ramdisk_patch.sh

@@ -1,18 +1,33 @@
 #!/system/bin/sh
 
 RAMDISK=$1
-BINDIR=/data/magisk
+BINDIR=$2
+[ -z $BINDIR ] && BINDIR=/data/magisk
+SYSTEMLIB=/system/lib
+[ -d /system/lib64 ] && SYSTEMLIB=/system/lib64
 
 cpio_add() {
-  /su/bin/sukernel --cpio-add $RAMDISK $RAMDISK $2 $1 $1
+  LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-add $RAMDISK $RAMDISK $2 $1 $1
 }
 
 cpio_extract() {
-  /su/bin/sukernel --cpio-extract $RAMDISK $1 $1
+  LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-extract $RAMDISK $1 $1
 }
 
 cpio_mkdir() {
-  /su/bin/sukernel --cpio-mkdir $RAMDISK $RAMDISK $2 $1
+  LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-mkdir $RAMDISK $RAMDISK $2 $1
+}
+
+# Recursive
+cpio_rm() {
+  if [ "$1" = "-r" ]; then
+    LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-ls $RAMDISK | grep "^$2/" | while read i ; do
+      LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-rm $RAMDISK $RAMDISK $i
+    done
+    LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-rmdir $RAMDISK $RAMDISK $2
+  else
+    LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-rm $RAMDISK $RAMDISK $1
+  fi
 }
 
 rm -rf /tmp/magisk/ramdisk 2>/dev/null
@@ -24,27 +39,23 @@ cat $RAMDISK | cpio -i
 # Patch ramdisk
 echo "- Patching ramdisk"
 
+# Cleanup SuperSU backups
+cpio_rm -r .subackup
+
 # Add magisk entrypoint
 for INIT in init*.rc; do
-  if [ $(grep -c "import /init.environ.rc" $INIT) -ne "0" ] && [ $(grep -c "import /init.magisk.rc" $INIT) -eq "0" ]; then
+  if [ `grep -c "import /init.environ.rc" $INIT` -ne "0" ] && [ `grep -c "import /init.magisk.rc" $INIT` -eq "0" ]; then
     sed -i "/import \/init\.environ\.rc/iimport /init.magisk.rc" $INIT
     cpio_add $INIT 750
     break
   fi
 done
 
-# Add magisk PATH
-if [ $(grep -c "/magisk/.core/busybox" init.environ.rc) -eq "0" ]; then
-  sed -i "/export PATH/ s/\/system\/xbin/\/system\/xbin:\/magisk\/.core\/busybox/g" init.environ.rc
-  cpio_add init.environ.rc 750
-fi
-
 # sepolicy patches
-$BINDIR/sepolicy-inject --magisk -P sepolicy
+LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/sepolicy-inject --magisk -P sepolicy
 cpio_add sepolicy 644
 
 # Add new items
-mkdir -p magisk 2>/dev/null
 cp -af $BINDIR/init.magisk.rc init.magisk.rc
 cp -af $BINDIR/magic_mask.sh sbin/magic_mask.sh
 

zip_static/common/init.magisk.rc

@@ -7,11 +7,11 @@ on post-fs
 
 on post-fs-data
     start magisk_pfsd
-    wait /dev/.magisk.unblock 40
+    wait /dev/.magisk.unblock 60
     rm /dev/.magisk.unblock
 
-on property:magisk.hide=1
-    restart magisk_hide
+on property:magisk.restart_pfsd=1
+    trigger post-fs-data
 
 # Services
 
@@ -33,9 +33,3 @@ service magisk_service /sbin/magic_mask.sh service
     user root
     seclabel u:r:su:s0
     oneshot
-
-# launch magisk hide script
-service magisk_hide /sbin/magic_mask.sh hide
-    user root
-    seclabel u:r:su:s0
-    oneshot

zip_static/common/magic_mask.sh

@@ -1,429 +0,0 @@
-#!/system/bin/sh
-
-LOGFILE=/cache/magisk.log
-HIDELOG=/cache/magiskhide.log
-IMG=/data/magisk.img
-
-export MOUNTPOINT=/magisk
-
-COREDIR=$MOUNTPOINT/.core
-
-DUMMDIR=$COREDIR/dummy
-MIRRDIR=$COREDIR/mirror
-
-TMPDIR=/dev/tmp
-
-# Use the included busybox to do everything for maximum compatibility
-# We also do so because we rely on the option "-c" for cp (reserve contexts)
-
-# Reserve the original PATH
-export OLDPATH=$PATH
-export PATH="/data/busybox:$PATH"
-
-log_print() {
-  echo $1
-  echo $1 >> $LOGFILE
-  log -p i -t Magisk "$1"
-}
-
-mktouch() {
-  mkdir -p ${1%/*} 2>/dev/null
-  if [ -z "$2" ]; then
-    touch $1 2>/dev/null
-  else
-    echo $2 > $1 2>/dev/null
-  fi
-}
-
-unblock() {
-  touch /dev/.magisk.unblock
-  exit
-}
-
-run_scripts() {
-  BASE=$MOUNTPOINT
-  if [ "$1" = "post-fs" ]; then
-    BASE=/cache/magisk
-  fi
-
-  for MOD in $BASE/* ; do
-    if [ ! -f "$MOD/disable" ]; then
-      if [ -f "$MOD/$1.sh" ]; then
-        chmod 755 $MOD/$1.sh
-        chcon 'u:object_r:system_file:s0' $MOD/$1.sh
-        log_print "$1: $MOD/$1.sh"
-        $MOD/$1.sh
-      fi
-    fi
-  done
-}
-
-loopsetup() {
-  LOOPDEVICE=
-  for DEV in $(ls /dev/block/loop*); do
-    if [ `losetup $DEV $1 >/dev/null 2>&1; echo $?` -eq 0 ]; then
-      LOOPDEVICE=$DEV
-      break
-    fi
-  done
-}
-
-target_size_check() {
-  e2fsck -p -f $1
-  curBlocks=`e2fsck -n $1 2>/dev/null | cut -d, -f3 | cut -d\  -f2`;
-  curUsedM=$((`echo "$curBlocks" | cut -d/ -f1` * 4 / 1024));
-  curSizeM=$((`echo "$curBlocks" | cut -d/ -f2` * 4 / 1024));
-  curFreeM=$((curSizeM - curUsedM));
-}
-
-travel() {
-  cd $1/$2
-  if [ -f ".replace" ]; then
-    rm -rf $TMPDIR/$2
-    mktouch $TMPDIR/$2 $1
-  else
-    for ITEM in * ; do
-      if [ ! -e "/$2/$ITEM" ]; then
-        # New item found
-        if [ $2 = "system" ]; then
-          # We cannot add new items to /system root, delete it
-          rm -rf $ITEM
-        else
-          if [ -d "$TMPDIR/dummy/$2" ]; then
-            # We are in a higher level, delete the lower levels
-            rm -rf $TMPDIR/dummy/$2
-          fi
-          # Mount the dummy parent
-          mktouch $TMPDIR/dummy/$2
-
-          mkdir -p $DUMMDIR/$2 2>/dev/null
-          if [ -d "$ITEM" ]; then
-            # Create new dummy directory
-            mkdir -p $DUMMDIR/$2/$ITEM
-          elif [ -L "$ITEM" ]; then
-            # Symlinks are small, copy them
-            cp -afc $ITEM $DUMMDIR/$2/$ITEM
-          else
-            # Create new dummy file
-            mktouch $DUMMDIR/$2/$ITEM
-          fi
-
-          # Clone the original /system structure (depth 1)
-          if [ -e "/$2" ]; then
-            for DUMMY in /$2/* ; do
-              if [ -d "$DUMMY" ]; then
-                # Create dummy directory
-                mkdir -p $DUMMDIR$DUMMY
-              elif [ -L "$DUMMY" ]; then
-                # Symlinks are small, copy them
-                cp -afc $DUMMY $DUMMDIR$DUMMY
-              else
-                # Create dummy file
-                mktouch $DUMMDIR$DUMMY
-              fi
-            done
-          fi
-        fi
-      fi
-
-      if [ -d "$ITEM" ]; then
-        # It's an directory, travel deeper
-        (travel $1 $2/$ITEM)
-      elif [ ! -L "$ITEM" ]; then
-        # Mount this file
-        mktouch $TMPDIR/$2/$ITEM $1
-      fi
-    done
-  fi
-}
-
-bind_mount() {
-  if [ -e "$1" -a -e "$2" ]; then
-    mount -o bind $1 $2
-    if [ "$?" -eq "0" ]; then 
-      log_print "Mount: $1"
-    else 
-      log_print "Mount Fail: $1"
-    fi 
-  fi
-}
-
-merge_image() {
-  if [ -f "$1" ]; then
-    log_print "$1 found"
-    if [ -f "$IMG" ]; then
-      log_print "$IMG found, attempt to merge"
-
-      # Handle large images
-      target_size_check $1
-      MERGEUSED=$curUsedM
-      target_size_check $IMG
-      if [ "$MERGEUSED" -gt "$curFreeM" ]; then
-        NEWDATASIZE=$((((MERGEUSED + curUsedM) / 32 + 2) * 32))
-        log_print "Expanding $IMG to ${NEWDATASIZE}M..."
-        resize2fs $IMG ${NEWDATASIZE}M
-      fi
-
-      # Start merging
-      mkdir /cache/data_img
-      mkdir /cache/merge_img
-
-      # setup loop devices
-      loopsetup $IMG
-      LOOPDATA=$LOOPDEVICE
-      log_print "$LOOPDATA $IMG"
-
-      loopsetup $1
-      LOOPMERGE=$LOOPDEVICE
-      log_print "$LOOPMERGE $1"
-
-      if [ ! -z "$LOOPDATA" ]; then
-        if [ ! -z "$LOOPMERGE" ]; then
-          # if loop devices have been setup, mount images
-          OK=true
-
-          if [ `mount -t ext4 -o rw,noatime $LOOPDATA /cache/data_img >/dev/null 2>&1; echo $?` -ne 0 ]; then
-            OK=false
-          fi
-
-          if [ `mount -t ext4 -o rw,noatime $LOOPMERGE /cache/merge_img >/dev/null 2>&1; echo $?` -ne 0 ]; then
-            OK=false
-          fi
-
-          if ($OK); then
-            # Merge (will reserve selinux contexts)
-            cd /cache/merge_img
-            for MOD in *; do
-              log_print "Merging: $MOD"
-              rm -rf /cache/data_img/$MOD
-              cp -afc $MOD /cache/data_img/
-            done
-            log_print "Merge complete"
-          fi
-
-          umount /cache/data_img
-          umount /cache/merge_img
-        fi
-      fi
-
-      losetup -d $LOOPDATA
-      losetup -d $LOOPMERGE
-
-      rmdir /cache/data_img
-      rmdir /cache/merge_img
-    else 
-      log_print "Moving $1 to $IMG "
-      mv $1 $IMG
-    fi
-    rm -f $1
-  fi
-}
-
-case $1 in
-  post-fs )
-    mv $LOGFILE /cache/last_magisk.log
-    touch $LOGFILE
-    chmod 644 $LOGFILE
-    log_print "Magisk post-fs mode running..."
-
-    if [ -d "/cache/magisk_merge" ]; then
-      cd /cache/magisk_merge
-      for MOD in *; do
-        log_print "Merging: $MOD"
-        rm -rf /cache/magisk/$MOD
-        mv $MOD /cache/magisk/$MOD
-      done 
-      rm -rf /cache/magisk_merge
-    fi
-
-    for MOD in /cache/magisk/* ; do
-      if [ -f "$MOD/remove" ]; then
-        log_print "Remove module: $MOD"
-        rm -rf $MOD
-      elif [ -f "$MOD/auto_mount" -a ! -f "$MOD/disable" ]; then
-        find $MOD/system -type f 2>/dev/null | while read ITEM ; do
-          TARGET=${ITEM#$MOD}
-          bind_mount $ITEM $TARGET
-        done
-      fi
-    done
-
-    run_scripts post-fs
-    unblock
-    ;;
-
-  post-fs-data )
-    if [ `mount | grep " /data " >/dev/null 2>&1; echo $?` -ne 0 ]; then
-      # /data not mounted yet, we will be called again later
-      unblock
-    fi
-
-    if [ `mount | grep " /data " | grep "tmpfs" >/dev/null 2>&1; echo $?` -eq 0 ]; then
-      # /data not mounted yet, we will be called again later
-      unblock
-    fi
-
-    log_print "Magisk post-fs-data mode running..."
-
-    # Live patch sepolicy
-    /data/magisk/sepolicy-inject --live -s su
-
-    [ ! -d "$MOUNTPOINT" ] && mkdir -p $MOUNTPOINT
-
-    # Cache support
-    if [ -d "/cache/data_bin" ]; then
-      rm -rf /data/busybox /data/magisk
-      mkdir -p /data/busybox
-      mv /cache/data_bin /data/magisk
-      chmod 755 /data/busybox /data/magisk /data/magisk/*
-      chcon 'u:object_r:system_file:s0' /data/busybox /data/magisk /data/magisk/*
-      /data/magisk/busybox --install -s /data/busybox
-      # Prevent issues
-      rm -f /data/busybox/su /data/busybox/sh
-    fi
-    mv /cache/stock_boot.img /data 2>/dev/null
-    
-    chmod 644 $IMG /cache/magisk.img /data/magisk_merge.img 2>/dev/null
-
-    # Handle image merging
-    merge_image /cache/magisk.img
-    merge_image /data/magisk_merge.img
-
-    # Mount magisk.img
-    if [ `cat /proc/mounts | grep $MOUNTPOINT >/dev/null 2>&1; echo $?` -ne 0 ]; then
-      loopsetup $IMG
-      if [ ! -z "$LOOPDEVICE" ]; then
-        mount -t ext4 -o rw,noatime $LOOPDEVICE $MOUNTPOINT
-      fi
-    fi
-
-    if [ `cat /proc/mounts | grep $MOUNTPOINT >/dev/null 2>&1; echo $?` -ne 0 ]; then
-      log_print "magisk.img mount failed, nothing to do :("
-      unblock
-    fi
-
-    log_print "Preparing modules"
-    # First do cleanups
-    rm -rf $DUMMDIR
-    rmdir $(find $MOUNTPOINT -type d -depth ! -path "*core*" ) 2>/dev/null
-    rm -rf $COREDIR/bin
-
-    mkdir -p $DUMMDIR
-    mkdir -p $MIRRDIR/system
-
-    # Travel through all mods
-    for MOD in $MOUNTPOINT/* ; do
-      if [ -f "$MOD/remove" ]; then
-        log_print "Remove module: $MOD"
-        rm -rf $MOD
-      elif [ -f "$MOD/auto_mount" -a -d "$MOD/system" -a ! -f "$MOD/disable" ]; then
-        (travel $MOD system)
-      fi
-    done
-
-    # Proper permissions for generated items
-    chmod 755 $(find $COREDIR -type d)
-    chmod 644 $(find $COREDIR -type f)
-    find $COREDIR -type d -exec chmod 755 {} \;
-    find $COREDIR -type f -exec chmod 644 {} \;
-
-    # linker(64), t*box, and app_process* are required if we need to dummy mount bin folder
-    if [ -f "$TMPDIR/dummy/system/bin" ]; then
-      rm -f $DUMMDIR/system/bin/linker* $DUMMDIR/system/bin/t*box $DUMMDIR/system/bin/app_process*
-      cd /system/bin
-      cp -afc linker* t*box app_process* $DUMMDIR/system/bin/
-    fi
-
-    # Unmount, shrink, remount
-    if [ `umount $MOUNTPOINT >/dev/null 2>&1; echo $?` -eq 0 ]; then
-      losetup -d $LOOPDEVICE
-      target_size_check $IMG
-      NEWDATASIZE=$(((curUsedM / 32 + 2) * 32))
-      if [ "$curSizeM" -gt "$NEWDATASIZE" ]; then
-        log_print "Shrinking $IMG to ${NEWDATASIZE}M..."
-        resize2fs $IMG ${NEWDATASIZE}M
-      fi
-      loopsetup $IMG
-      if [ ! -z "$LOOPDEVICE" ]; then
-        mount -t ext4 -o rw,noatime $LOOPDEVICE $MOUNTPOINT
-      fi
-    fi
-
-    if [ `cat /proc/mounts | grep $MOUNTPOINT >/dev/null 2>&1; echo $?` -ne 0 ]; then
-      log_print "magisk.img mount failed, nothing to do :("
-      unblock
-    fi
-
-    # Remove crap folder
-    rm -rf $MOUNTPOINT/lost+found
-    
-    # Start doing tasks
-    
-    # Stage 1
-    log_print "Bind mount dummy system"
-    find $TMPDIR/dummy -type f 2>/dev/null | while read ITEM ; do
-      TARGET=${ITEM#$TMPDIR/dummy}
-      ORIG=$DUMMDIR$TARGET
-      bind_mount $ORIG $TARGET
-    done
-
-    # Stage 2
-    log_print "Bind mount module items"
-    find $TMPDIR/system -type f 2>/dev/null | while read ITEM ; do
-      TARGET=${ITEM#$TMPDIR}
-      ORIG=`cat $ITEM`$TARGET
-      bind_mount $ORIG $TARGET
-      rm -f $DUMMDIR${TARGET%/*}/.dummy 2>/dev/null
-    done
-
-    # Run scripts
-    run_scripts post-fs-data
-
-    # Bind hosts for Adblock apps
-    [ ! -f "$COREDIR/hosts" ] && cp -afc /system/etc/hosts $COREDIR/hosts
-    log_print "Enabling systemless hosts file support"
-    bind_mount $COREDIR/hosts /system/etc/hosts
-
-    # Stage 3
-    log_print "Bind mount system mirror"
-    bind_mount /system $MIRRDIR/system
-
-    # Stage 4
-    log_print "Bind mount mirror items"
-    # Find all empty directores and dummy files, they should be mounted by original files in /system
-    find $DUMMDIR -type d -exec sh -c '[ -z "$(ls -A $1)" ] && echo $1' -- {} \; -o \( -type f -size 0 -print \) | while read ITEM ; do
-      ORIG=${ITEM/dummy/mirror}
-      TARGET=${ITEM#$DUMMDIR}
-      bind_mount $ORIG $TARGET
-    done
-
-    # All done
-    rm -rf $TMPDIR
-
-    unblock
-    ;;
-
-  service )
-    # Version info
-    setprop magisk.version 8
-    log_print "Magisk late_start service mode running..."
-    run_scripts service
-    [ -f "$COREDIR/magiskhide/enable" ] && setprop magisk.hide 1
-    ;;
-
-  hide )
-    # Enable magiskhide
-    [ ! -f "$COREDIR/magiskhide/hidelist" ] && mktouch $COREDIR/magiskhide/hidelist
-    # Add preset for Safety Net
-    if [ $(grep -c "com.google.android.gms.unstable" $COREDIR/magiskhide/hidelist) -eq "0" ]; then
-      mv $COREDIR/magiskhide/hidelist $COREDIR/magiskhide/hidelist.tmp
-      echo "com.google.android.gms.unstable" > $COREDIR/magiskhide/hidelist
-      cat $COREDIR/magiskhide/hidelist.tmp >> $COREDIR/magiskhide/hidelist
-      rm -f $COREDIR/magiskhide/hidelist.tmp
-    fi
-    chmod 755 $COREDIR/magiskhide $COREDIR/magiskhide/*
-    log_print "Starting Magisk Hide"
-    exec /data/magisk/magiskhide $COREDIR/magiskhide/hidelist > $HIDELOG
-    ;;
-
-esac

zip_static/common/magiskhide/add

@@ -1,12 +1,11 @@
 #!/system/bin/sh
 
-HIDELIST=$MOUNTPOINT/.core/magiskhide/hidelist
+HIDELIST=/magisk/.core/magiskhide/hidelist
 
 if [ ! -z "$1" ]; then
   if [ $(grep -c "^$1$" $HIDELIST) -eq "0" ]; then
     echo "$1" >> $HIDELIST
+    set `/data/busybox/ps -o pid,args | grep "$1" | grep -v "grep"`
+    kill "$1"
   fi
 fi
-
-# Reload the list
-setprop magisk.hide 1

zip_static/common/magiskhide/list

@@ -1,4 +1,5 @@
 #!/system/bin/sh
 
-HIDELIST=$MOUNTPOINT/.core/magiskhide/hidelist
+HIDELIST=/magisk/.core/magiskhide/hidelist
+
 cat $HIDELIST

zip_static/common/magiskhide/rm

@@ -1,12 +1,11 @@
 #!/system/bin/sh
 
-HIDELIST=$MOUNTPOINT/.core/magiskhide/hidelist
+HIDELIST=/magisk/.core/magiskhide/hidelist
 
 if [ ! -z "$1" ]; then
-  mv $HIDELIST $HIDELIST.tmp
+  cp -af $HIDELIST $HIDELIST.tmp
   cat $HIDELIST.tmp | grep -v "^$1$" > $HIDELIST
   rm -f $HIDELIST.tmp
+  set `/data/busybox/ps -o pid,args | grep "$1" | grep -v "grep"`
+  kill "$1"
 fi
-
-# Reload the list
-setprop magisk.hide 1

zip_static/common/phh/module.prop

@@ -0,0 +1,8 @@
+id=phh
+name=phh's SuperUser
+version=topjohnwu r1
+versionCode=6
+author=phhusson & topjohnwu
+description=OpenSource SELinux-capable SuperUser
+support=http://forum.xda-developers.com/showthread.php?t=3216394
+donate=http://forum.xda-developers.com/donatetome.php?u=1915408

zip_static/common/phh/service.sh

@@ -0,0 +1,46 @@
+#!/system/bin/sh
+
+LOGFILE=/cache/magisk.log
+MODDIR=${0%/*}
+
+log_print() {
+  echo $1
+  echo "phh: $1" >> $LOGFILE
+  log -p i -t phh "$1"
+}
+
+# Disable the other root
+[ -d "/magisk/zzsupersu" ] && touch /magisk/zzsupersu/disable
+
+log_print "Live patching sepolicy"
+$MODDIR/bin/sepolicy-inject --live
+
+log_print "Moving and linking /sbin binaries"
+mount -o rw,remount rootfs /
+mv /sbin /sbin_orig
+mkdir /sbin
+chmod 755 /sbin
+ln -s /sbin_orig/* /sbin
+mount -o ro,remount rootfs /
+
+# Expose the root path
+log_print "Mounting supath"
+rm -rf /magisk/.core/bin $MODDIR/sbin_bind
+mkdir -p $MODDIR/sbin_bind 
+/data/busybox/cp -afc /sbin/. $MODDIR/sbin_bind
+chmod 755 $MODDIR/sbin_bind
+ln -s $MODDIR/bin/* $MODDIR/sbin_bind
+mount -o bind $MODDIR/sbin_bind /sbin
+
+# Run su.d
+for script in $MODDIR/su.d/* ; do
+  if [ -f "$script" ]; then
+    chmod 755 $script
+    log_print "su.d: $script"
+    sh $script
+  fi
+done
+
+log_print "Starting su daemon"
+[ ! -z $OLDPATH ] && export PATH=$OLDPATH
+/sbin/su --daemon

ziptools/src/MinSignAPK.java

@@ -0,0 +1,191 @@
+/*
+ * Copyright (C) 2008 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/* This is just a copy/paste/cut job from original SignAPK sources. This 
+ * adaptation adds only the whole-file signature to a ZIP(jar,apk) file, and 
+ * doesn't do any of the per-file signing, creating manifests, etc. This is 
+ * useful when you've changed the structure itself of an existing (signed!) 
+ * ZIP file, but the extracted contents are still identical. Using
+ * the normal SignAPK may re-arrange other things inside the ZIP, which may
+ * be unwanted behavior. This version only changes the ZIP's tail and keeps
+ * the rest the same - CF
+ */
+
+package eu.chainfire.minsignapk;
+
+import java.io.ByteArrayOutputStream;
+import java.io.DataInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.security.GeneralSecurityException;
+import java.security.KeyFactory;
+import java.security.PrivateKey;
+import java.security.Signature;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
+import java.security.spec.PKCS8EncodedKeySpec;
+
+import sun.security.pkcs.ContentInfo;
+import sun.security.pkcs.PKCS7;
+import sun.security.pkcs.SignerInfo;
+import sun.security.x509.AlgorithmId;
+import sun.security.x509.X500Name;
+
+public class MinSignAPK {
+	/** Write a .RSA file with a digital signature. */
+    private static void writeSignatureBlock(Signature signature, X509Certificate publicKey, OutputStream out)
+            throws IOException, GeneralSecurityException {
+        SignerInfo signerInfo = new SignerInfo(new X500Name(publicKey.getIssuerX500Principal().getName()),
+                publicKey.getSerialNumber(), AlgorithmId.get("SHA1"), AlgorithmId.get("RSA"), signature.sign());
+
+        PKCS7 pkcs7 = new PKCS7(new AlgorithmId[] { AlgorithmId.get("SHA1") }, new ContentInfo(ContentInfo.DATA_OID,
+                null), new X509Certificate[] { publicKey }, new SignerInfo[] { signerInfo });
+
+        pkcs7.encodeSignedData(out);
+    }
+    
+	private static void signWholeOutputFile(byte[] zipData, OutputStream outputStream, X509Certificate publicKey,
+            PrivateKey privateKey) throws IOException, GeneralSecurityException {
+
+        // For a zip with no archive comment, the
+        // end-of-central-directory record will be 22 bytes long, so
+        // we expect to find the EOCD marker 22 bytes from the end.
+        if (zipData[zipData.length - 22] != 0x50 || zipData[zipData.length - 21] != 0x4b
+                || zipData[zipData.length - 20] != 0x05 || zipData[zipData.length - 19] != 0x06) {
+            throw new IllegalArgumentException("zip data already has an archive comment");
+        }
+
+        Signature signature = Signature.getInstance("SHA1withRSA");
+        signature.initSign(privateKey);
+        signature.update(zipData, 0, zipData.length - 2);
+
+        ByteArrayOutputStream temp = new ByteArrayOutputStream();
+
+        // put a readable message and a null char at the start of the
+        // archive comment, so that tools that display the comment
+        // (hopefully) show something sensible.
+        // TODO: anything more useful we can put in this message?
+        byte[] message = "signed by SignApk".getBytes("UTF-8");
+        temp.write(message);
+        temp.write(0);
+        writeSignatureBlock(signature, publicKey, temp);
+        int total_size = temp.size() + 6;
+        if (total_size > 0xffff) {
+            throw new IllegalArgumentException("signature is too big for ZIP file comment");
+        }
+        // signature starts this many bytes from the end of the file
+        int signature_start = total_size - message.length - 1;
+        temp.write(signature_start & 0xff);
+        temp.write((signature_start >> 8) & 0xff);
+        // Why the 0xff bytes? In a zip file with no archive comment,
+        // bytes [-6:-2] of the file are the little-endian offset from
+        // the start of the file to the central directory. So for the
+        // two high bytes to be 0xff 0xff, the archive would have to
+        // be nearly 4GB in side. So it's unlikely that a real
+        // commentless archive would have 0xffs here, and lets us tell
+        // an old signed archive from a new one.
+        temp.write(0xff);
+        temp.write(0xff);
+        temp.write(total_size & 0xff);
+        temp.write((total_size >> 8) & 0xff);
+        temp.flush();
+
+        // Signature verification checks that the EOCD header is the
+        // last such sequence in the file (to avoid minzip finding a
+        // fake EOCD appended after the signature in its scan). The
+        // odds of producing this sequence by chance are very low, but
+        // let's catch it here if it does.
+        byte[] b = temp.toByteArray();
+        for (int i = 0; i < b.length - 3; ++i) {
+            if (b[i] == 0x50 && b[i + 1] == 0x4b && b[i + 2] == 0x05 && b[i + 3] == 0x06) {
+                throw new IllegalArgumentException("found spurious EOCD header at " + i);
+            }
+        }
+
+        outputStream.write(zipData, 0, zipData.length - 2);
+        outputStream.write(total_size & 0xff);
+        outputStream.write((total_size >> 8) & 0xff);
+        temp.writeTo(outputStream);
+    }
+	
+	private static PrivateKey readPrivateKey(File file)
+	        throws IOException, GeneralSecurityException {
+		DataInputStream input = new DataInputStream(new FileInputStream(file));
+		try {
+			byte[] bytes = new byte[(int) file.length()];
+			input.read(bytes);
+
+			// dont support encrypted keys atm
+			//KeySpec spec = decryptPrivateKey(bytes, file);
+			//if (spec == null) {
+				KeySpec spec = new PKCS8EncodedKeySpec(bytes);
+			//}
+
+			try {
+				return KeyFactory.getInstance("RSA").generatePrivate(spec);
+			} catch (InvalidKeySpecException ex) {
+				return KeyFactory.getInstance("DSA").generatePrivate(spec);
+			}
+		} finally {
+			input.close();
+		}
+	}
+	
+	private static X509Certificate readPublicKey(File file)
+			throws IOException, GeneralSecurityException {
+		FileInputStream input = new FileInputStream(file);
+		try {
+			CertificateFactory cf = CertificateFactory.getInstance("X.509");
+			return (X509Certificate) cf.generateCertificate(input);
+		} finally {
+			input.close();
+		}
+	}	
+	
+	public static void main(String[] args) {
+		if (args.length < 4) {
+			System.out.println("MinSignAPK pemfile pk8file inzip outzip");
+			System.out.println("- only adds whole-file signature to zip");
+			return;
+		}
+		 
+		String pemFile = args[0];
+		String pk8File = args[1];
+		String inFile = args[2];
+		String outFile = args[3];
+		
+		try {
+			X509Certificate publicKey = readPublicKey(new File(pemFile));
+			PrivateKey privateKey = readPrivateKey(new File(pk8File));
+			
+			InputStream fis = new FileInputStream(inFile);
+			byte[] buffer = new byte[(int)(new File(inFile)).length()];
+			fis.read(buffer);
+			fis.close();
+			
+			OutputStream fos = new FileOutputStream(outFile, false);
+			signWholeOutputFile(buffer, fos, publicKey, privateKey);
+			fos.close();			
+		} catch (Exception e) {
+			e.printStackTrace();
+		}
+	 }
+}

ziptools/src/zipadjust.c

@@ -0,0 +1,324 @@
+/*
+ * Copyright (C) 2013 Jorrit "Chainfire" Jongma
+ * Copyright (C) 2013 The OmniROM Project
+ */
+/*
+ * This file is part of OpenDelta.
+ *
+ * OpenDelta is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * OpenDelta is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with OpenDelta. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdlib.h>
+#include <stdint.h>
+#include <fcntl.h>
+#include <string.h>
+#include <stdio.h>
+#include <errno.h>
+#include <zlib.h>
+
+#ifndef O_BINARY
+#define O_BINARY  0
+#define O_TEXT    0
+#endif
+
+#pragma pack(1)
+struct local_header_struct {
+	uint32_t signature;
+	uint16_t extract_version;
+	uint16_t flags;
+	uint16_t compression_method;
+	uint16_t last_modified_time;
+	uint16_t last_modified_date;
+	uint32_t crc32;
+	uint32_t size_compressed;
+	uint32_t size_uncompressed;
+	uint16_t length_filename;
+	uint16_t length_extra;
+	// filename
+	// extra
+};
+typedef struct local_header_struct local_header_t;
+
+#pragma pack(1)
+struct data_descriptor_struct {
+	uint32_t signature;
+	uint32_t crc32;
+	uint32_t size_compressed;
+	uint32_t size_uncompressed;
+};
+typedef struct data_descriptor_struct data_descriptor_t;
+
+#pragma pack(1)
+struct central_header_struct {
+	uint32_t signature;
+	uint16_t version_made;
+	uint16_t version_needed;
+	uint16_t flags;
+	uint16_t compression_method;
+	uint16_t last_modified_time;
+	uint16_t last_modified_date;
+	uint32_t crc32;
+	uint32_t size_compressed;
+	uint32_t size_uncompressed;
+	uint16_t length_filename;
+	uint16_t length_extra;
+	uint16_t length_comment;
+	uint16_t disk_start;
+	uint16_t attr_internal;
+	uint32_t attr_external;
+	uint32_t offset;
+	// filename
+	// extra
+	// comment
+};
+typedef struct central_header_struct central_header_t;
+
+#pragma pack(1)
+struct central_footer_struct {
+	uint32_t signature;
+	uint16_t disk_number;
+	uint16_t disk_number_central_directory;
+	uint16_t central_directory_entries_this_disk;
+	uint16_t central_directory_entries_total;
+	uint32_t central_directory_size;
+	uint32_t central_directory_offset;
+	uint16_t length_comment;
+	// comment
+};
+typedef struct central_footer_struct central_footer_t;
+
+#define MAGIC_LOCAL_HEADER 0x04034b50
+#define MAGIC_DATA_DESCRIPTOR 0x08074b50
+#define MAGIC_CENTRAL_HEADER 0x02014b50
+#define MAGIC_CENTRAL_FOOTER 0x06054b50
+
+static int xerror(char* message) {
+	fprintf(stderr, "%s\n", message);
+	return 0;
+}
+
+static int xseekread(int fd, off_t offset, void* buf, size_t bytes) {
+	if (lseek(fd, offset, SEEK_SET) == (off_t)-1) return xerror("Seek failed");
+	if (read(fd, buf, bytes) != bytes) return xerror("Read failed");
+	return 1;
+}
+
+static int xseekwrite(int fd, off_t offset, void* buf, size_t bytes) {
+	if (lseek(fd, offset, SEEK_SET) == (off_t)-1) return xerror("Seek failed");
+	if (write(fd, buf, bytes) != bytes) return xerror("Write failed");
+	return 1;
+}
+
+static int xfilecopy(int fdIn, int fdOut, off_t offsetIn, off_t offsetOut, size_t bytes) {
+	if ((offsetIn != (off_t)-1) && (lseek(fdIn, offsetIn, SEEK_SET) == (off_t)-1)) return xerror("Seek failed");
+	if ((offsetOut != (off_t)-1) && (lseek(fdOut, offsetOut, SEEK_SET) == (off_t)-1)) return xerror("Seek failed");
+	
+	int CHUNK = 256 * 1024;
+	void* buf = malloc(CHUNK);
+	if (buf == NULL) return xerror("malloc failed");
+	size_t left = bytes;
+	while (left > 0) {
+		size_t wanted = (left < CHUNK) ? left : CHUNK;
+		size_t r = read(fdIn, buf, wanted);
+		if (r <= 0) return xerror("Read failed");
+		if (write(fdOut, buf, r) != r) return xerror("Write failed");
+		left -= r;
+	}
+	free(buf);
+	
+	return 1;
+}
+
+static int xdecompress(int fdIn, int fdOut, off_t offsetIn, off_t offsetOut, size_t bytes) {
+	if ((offsetIn != (off_t)-1) && (lseek(fdIn, offsetIn, SEEK_SET) == (off_t)-1)) return xerror("Seek failed");
+	if ((offsetOut != (off_t)-1) && (lseek(fdOut, offsetOut, SEEK_SET) == (off_t)-1)) return xerror("Seek failed");
+	
+	int CHUNK = 256 * 1024;
+	
+	int ret;
+	unsigned have;
+	z_stream strm;
+	unsigned char in[CHUNK];
+	unsigned char out[CHUNK];
+	
+	strm.zalloc = Z_NULL;
+	strm.zfree = Z_NULL;
+	strm.opaque = Z_NULL;
+	strm.avail_in = 0;
+	strm.next_in = Z_NULL;
+	ret = inflateInit2(&strm, -15);
+	if (ret != Z_OK) return xerror("ret != Z_OK");
+	
+	do {
+		strm.avail_in = read(fdIn, in, CHUNK);
+		if (strm.avail_in < 0) {
+			(void)inflateEnd(&strm);
+			return xerror("Read failed");
+		}
+		if (strm.avail_in == 0) break;
+		strm.next_in = in;
+		
+		do {
+			strm.avail_out = CHUNK;
+			strm.next_out = out;
+			
+			ret = inflate(&strm, Z_NO_FLUSH);
+			if (ret == Z_STREAM_ERROR) return xerror("Stream error");
+			switch (ret) {
+			case Z_NEED_DICT:
+				ret = Z_DATA_ERROR;
+			case Z_DATA_ERROR:
+			case Z_MEM_ERROR:
+				(void)inflateEnd(&strm);
+				return xerror("DICT/DATA/MEM error");
+			}
+			
+			have = CHUNK - strm.avail_out;
+			if (write(fdOut, out, have) != have) {
+				(void)inflateEnd(&strm);
+				return xerror("Write failed");
+			}
+		} while (strm.avail_out == 0);
+	} while (ret != Z_STREAM_END);
+	(void)inflateEnd(&strm);
+	
+	return ret == Z_STREAM_END ? 1 : 0;
+}
+
+int zipadjust(char* filenameIn, char* filenameOut, int decompress) {
+	int ok = 0;
+	
+	int fin = open(filenameIn, O_RDONLY | O_BINARY);
+	if (fin > 0) {
+		unsigned int size = lseek(fin, 0, SEEK_END);
+		lseek(fin, 0, SEEK_SET);
+		printf("%d bytes\n", size);
+
+		char filename[1024];
+
+		central_footer_t central_footer;
+		uint32_t central_directory_in_position = 0;
+		uint32_t central_directory_in_size = 0;
+		uint32_t central_directory_out_size = 0;
+
+		int i;
+		for (i = size - 4; i >= 0; i--) {
+			uint32_t magic = 0;
+			if (!xseekread(fin, i, &magic, sizeof(uint32_t))) return 0;
+			if (magic == MAGIC_CENTRAL_FOOTER) {
+				printf("central footer @ %08X\n", i);
+				if (!xseekread(fin, i, &central_footer, sizeof(central_footer_t))) return 0;
+
+				central_header_t central_header;
+				if (!xseekread(fin, central_footer.central_directory_offset, &central_header, sizeof(central_header_t))) return 0;
+				if ( central_header.signature == MAGIC_CENTRAL_HEADER ) {
+					central_directory_in_position = central_footer.central_directory_offset;
+					central_directory_in_size = size - central_footer.central_directory_offset;
+					printf("central header @ %08X (%d)\n", central_footer.central_directory_offset, central_footer.central_directory_size);
+					break;
+				}
+			}
+		}
+
+		if (central_directory_in_position == 0) return 0;
+
+		unsigned char* central_directory_in = (unsigned char*)malloc(central_directory_in_size);
+		unsigned char* central_directory_out = (unsigned char*)malloc(central_directory_in_size);
+		if (!xseekread(fin, central_directory_in_position, central_directory_in, central_directory_in_size)) return 0;
+		memset(central_directory_out, 0, central_directory_in_size);
+
+		unlink(filenameOut);
+		int fout = open(filenameOut, O_CREAT | O_WRONLY | O_BINARY, 0644);
+		if (fout > 0) {
+
+			uintptr_t central_directory_in_index = 0;
+			uintptr_t central_directory_out_index = 0;
+
+			central_header_t* central_header = NULL;
+			local_header_t local_header;
+
+			uint32_t out_index = 0;
+
+			while (1) {
+				central_header = (central_header_t*)&central_directory_in[central_directory_in_index];
+				if (central_header->signature != MAGIC_CENTRAL_HEADER) break;
+
+				filename[central_header->length_filename] = (char)0;
+				memcpy(filename, &central_directory_in[central_directory_in_index + sizeof(central_header_t)], central_header->length_filename);
+				printf("%s (%d --> %d) [%08X] (%d)\n", filename, central_header->size_uncompressed, central_header->size_compressed, central_header->crc32, central_header->length_extra + central_header->length_comment);
+
+				local_header_t local_header;
+				if (!xseekread(fin, central_header->offset, &local_header, sizeof(local_header_t))) return 0;
+
+				// save and update to next index before we clobber the data
+				uint16_t compression_method_old = central_header->compression_method;
+				uint32_t size_compressed_old = central_header->size_compressed;
+				uint32_t offset_old = central_header->offset;
+				uint32_t length_extra_old = central_header->length_extra;
+				central_directory_in_index += sizeof(central_header_t) + central_header->length_filename + central_header->length_extra + central_header->length_comment;
+
+				// copying, rewriting, and correcting local and central headers so all the information matches, and no data descriptors are necessary
+				central_header->offset = out_index;
+				central_header->flags = central_header->flags & !8;
+				if (decompress && (compression_method_old == 8)) {
+					central_header->compression_method = 0;
+					central_header->size_compressed = central_header->size_uncompressed;
+				}
+				central_header->length_extra = 0;
+				central_header->length_comment = 0;
+				local_header.compression_method = central_header->compression_method;
+				local_header.flags = central_header->flags;
+				local_header.crc32 = central_header->crc32;
+				local_header.size_uncompressed = central_header->size_uncompressed;
+				local_header.size_compressed = central_header->size_compressed;
+				local_header.length_extra = 0;
+
+				if (!xseekwrite(fout, out_index, &local_header, sizeof(local_header_t))) return 0;
+				out_index += sizeof(local_header_t);
+				if (!xseekwrite(fout, out_index, &filename[0], central_header->length_filename)) return 0;
+				out_index += central_header->length_filename;
+
+				if (decompress && (compression_method_old == 8)) {
+					if (!xdecompress(fin, fout, offset_old + sizeof(local_header_t) + central_header->length_filename + length_extra_old, out_index, size_compressed_old)) return 0;
+				} else {
+					if (!xfilecopy(fin, fout, offset_old + sizeof(local_header_t) + central_header->length_filename + length_extra_old, out_index, size_compressed_old)) return 0;
+				}
+				out_index += local_header.size_compressed;
+
+				memcpy(&central_directory_out[central_directory_out_index], central_header, sizeof(central_header_t) + central_header->length_filename);
+				central_directory_out_index += sizeof(central_header_t) + central_header->length_filename;
+			}
+			
+			central_directory_out_size = central_directory_out_index;
+			central_footer.central_directory_size = central_directory_out_size;
+			central_footer.central_directory_offset = out_index;
+			central_footer.length_comment = 0;
+			if (!xseekwrite(fout, out_index, central_directory_out, central_directory_out_size)) return 0;
+			out_index += central_directory_out_size;
+			if (!xseekwrite(fout, out_index, &central_footer, sizeof(central_footer_t))) return 0;
+
+			printf("central header @ %08X (%d)\n", central_footer.central_directory_offset, central_footer.central_directory_size);
+			printf("central footer @ %08X\n", out_index);
+
+			close(fout);
+			ok = 1;
+		}
+
+		free(central_directory_in);
+		free(central_directory_out);
+		close(fin);
+	}
+	
+	return ok;
+}

ziptools/src/zipadjust.h

@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) 2013 Jorrit "Chainfire" Jongma
+ * Copyright (C) 2013 The OmniROM Project
+ */
+/*
+ * This file is part of OpenDelta.
+ *
+ * OpenDelta is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * OpenDelta is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with OpenDelta. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __ZIPADJUST_H
+#define __ZIPADJUST_H
+
+int zipadjust(char* filenameIn, char* filenameOut, int decompress);
+
+#endif

ziptools/src/zipadjust_run.c

@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2013 Jorrit "Chainfire" Jongma
+ * Copyright (C) 2013 The OmniROM Project
+ */
+/*
+ * This file is part of OpenDelta.
+ *
+ * OpenDelta is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * OpenDelta is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with OpenDelta. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "zipadjust.h"
+
+int main(int argc, char *argv[]) {
+	if (argc >= 3) {
+		if ((argc >= 4) && (strcmp(argv[1], "--decompress") == 0)) {
+			zipadjust(argv[2], argv[3], 1);
+			return 0;
+		} else {
+			zipadjust(argv[1], argv[2], 0);
+			return 0;
+		}
+	}
+	
+	printf("zipadjust - Copyright (c) 2013 Jorrit Jongma (Chainfire)\n");
+	printf("\n");
+	printf("Usage: zipadjust [--decompress] input.zip output.zip\n");
+	printf("\n");
+	printf("Rewrites a zipfile removing all extra fields and comments (this includes the signapk whole-file signature), and synchronizing local headers with the central directory so no data descriptors are needed anymore. Optionally, the output zip is converted to only use STORE.\n");
+	printf("\n");
+	printf("Written to work specifically with Android OTA zip files, and does not cope with all possible zip file features and formats.\n");
+	return 0;
+}

ziptools/test.certificate.x509.pem

@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEqDCCA5CgAwIBAgIJAJNurL4H8gHfMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4g
+VmlldzEQMA4GA1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UE
+AxMHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAe
+Fw0wODAyMjkwMTMzNDZaFw0zNTA3MTcwMTMzNDZaMIGUMQswCQYDVQQGEwJVUzET
+MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4G
+A1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9p
+ZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCASAwDQYJKoZI
+hvcNAQEBBQADggENADCCAQgCggEBANaTGQTexgskse3HYuDZ2CU+Ps1s6x3i/waM
+qOi8qM1r03hupwqnbOYOuw+ZNVn/2T53qUPn6D1LZLjk/qLT5lbx4meoG7+yMLV4
+wgRDvkxyGLhG9SEVhvA4oU6Jwr44f46+z4/Kw9oe4zDJ6pPQp8PcSvNQIg1QCAcy
+4ICXF+5qBTNZ5qaU7Cyz8oSgpGbIepTYOzEJOmc3Li9kEsBubULxWBjf/gOBzAzU
+RNps3cO4JFgZSAGzJWQTT7/emMkod0jb9WdqVA2BVMi7yge54kdVMxHEa5r3b97s
+zI5p58ii0I54JiCUP5lyfTwE/nKZHZnfm644oLIXf6MdW2r+6R8CAQOjgfwwgfkw
+HQYDVR0OBBYEFEhZAFY9JyxGrhGGBaR0GawJyowRMIHJBgNVHSMEgcEwgb6AFEhZ
+AFY9JyxGrhGGBaR0GawJyowRoYGapIGXMIGUMQswCQYDVQQGEwJVUzETMBEGA1UE
+CBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4GA1UEChMH
+QW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9pZDEiMCAG
+CSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbYIJAJNurL4H8gHfMAwGA1Ud
+EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAHqvlozrUMRBBVEY0NqrrwFbinZa
+J6cVosK0TyIUFf/azgMJWr+kLfcHCHJsIGnlw27drgQAvilFLAhLwn62oX6snb4Y
+LCBOsVMR9FXYJLZW2+TcIkCRLXWG/oiVHQGo/rWuWkJgU134NDEFJCJGjDbiLCpe
++ZTWHdcwauTJ9pUbo8EvHRkU3cYfGmLaLfgn9gP+pWA7LFQNvXwBnDa6sppCccEX
+31I828XzgXpJ4O+mDL1/dBd+ek8ZPUP0IgdyZm5MTYPhvVqGCHzzTy3sIeJFymwr
+sBbmg2OAUNLEMO6nwmocSdN2ClirfxqCzJOLSDE4QyS9BAH6EhY6UFcOaE0=
+-----END CERTIFICATE-----