Update installer

Mount magisk.img with option suid
Should fix #12, hope so :)
2025-08-14 12:40:56 +00:00 · 2016-11-15 04:46:01 +08:00 · 2016-11-14 11:00:56 +08:00 · 2016-11-14 05:02:57 +08:00 · 2016-11-14 04:30:05 +08:00 · 2016-11-14 04:27:43 +08:00
36 changed files with 1594 additions and 675 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,21 @@
-obj
-libs
+obj/
+libs/
 *.zip
+
+# Generated binaries
+zip_static/arm/*
+zip_static/arm64/*
+zip_static/x86/*
+zip_static/x64/*
+uninstaller/arm/*
+uninstaller/arm64/*
+uninstaller/x86/*
+uninstaller/x64/*
+zipsigntools/zipadjust
+
+# Generated scripts
+zip_static/common/magic_mask.sh
+zip_static/META-INF/com/google/android/update-binary
+
+# Leave all busybox!
+!busybox
--- a/.gitmodules
+++ b/.gitmodules
@@ -4,3 +4,6 @@
 [submodule "jni/sepolicy-inject"]
 	path = jni/sepolicy-inject
 	url = https://github.com/topjohnwu/sepolicy-inject
+[submodule "jni/resetprop"]
+	path = jni/resetprop
+	url = https://github.com/topjohnwu/resetprop.git
--- a/README.MD
+++ b/README.MD
@@ -1,3 +1,10 @@
 # Magisk
-Static binaries included:
+###Static binaries included:  
 * Busybox: http://forum.xda-developers.com/android/software-hacking/tool-busybox-flashable-archs-t3348543
+
+###How to build Magisk
+1. Only support MacOS and Linux
+2. Download and install NDK
+3. Add the NDK directory into PATH.  
+To check if success, please try calling `which ndk-build` and see if it returns the NDK directory
+4. Execute `./build.sh`, it will give you further information
--- a/build.sh
+++ b/build.sh
@@ -0,0 +1,170 @@
+#!/bin/bash
+
+usage() {
+  echo "$0 all <version name>"
+  echo -e "\tBuild binaries, zip, and sign Magisk"
+  echo -e "\tThis is equlivant to first --build, then --zip"
+  echo "$0 clean"
+  echo -e "\tCleanup compiled / generated files"
+  echo "$0 build"
+  echo -e "\tBuild the binaries with ndk"
+  echo "$0 zip <version name>"
+  echo -e "\tZip and sign Magisk"
+  echo "$0 uninstaller"
+  echo -e "\tZip and sign the uninstaller"
+  exit 1
+}
+
+cleanup() {
+  echo "************************"
+  echo "* Cleaning up"
+  echo "************************"
+  ndk-build clean 2>/dev/null
+  ls zip_static/arm/* | grep -v "busybox" | xargs rm -rfv
+  ls zip_static/arm64/* | grep -v "busybox" | xargs rm -rfv
+  ls zip_static/x86/* | grep -v "busybox" | xargs rm -rfv
+  ls zip_static/x64/* | grep -v "busybox" | xargs rm -rfv
+  rm -rfv zip_static/META-INF/com/google/android/update-binary 
+  rm -rfv zip_static/common/magic_mask.sh
+  rm -rfv uninstaller/arm
+  rm -rfv uninstaller/arm64
+  rm -rfv uninstaller/x86
+  rm -rfv uninstaller/x64
+}
+
+mkcp() {
+  [ ! -d "$2" ] && mkdir -p "$2"
+  cp -afv $1 $2
+}
+
+build_bin() {
+  echo "************************"
+  echo "* Building binaries"
+  echo "************************"
+  if [ -z `which ndk-build` ]; then
+    echo "!!!!!!!!!!!!!!!!!!!!!!!!"
+    echo "! Please add ndk-build to PATH!"
+    echo "!!!!!!!!!!!!!!!!!!!!!!!!"
+    exit 1
+  fi
+  ndk-build -j4
+  if [ $? -ne 0 ]; then
+    echo "!!!!!!!!!!!!!!!!!!!!!!!!"
+    echo "! Magisk binary tools build failed...."
+    echo "!!!!!!!!!!!!!!!!!!!!!!!!"
+    exit 1
+  fi
+  echo "************************"
+  echo "* Copying binaries"
+  echo "************************"
+  mkcp "libs/armeabi/*" zip_static/arm
+  mkcp libs/armeabi/bootimgtools uninstaller/arm
+  mkcp "libs/arm64-v8a/*" zip_static/arm64
+  mkcp libs/arm64-v8a/bootimgtools uninstaller/arm64
+  mkcp "libs/x86/*" zip_static/x86
+  mkcp libs/x86/bootimgtools uninstaller/x86
+  mkcp "libs/x86_64/*" zip_static/x64
+  mkcp libs/x86_64/bootimgtools uninstaller/x64
+}
+
+zip_package() {
+  if [ ! -f "zip_static/arm/bootimgtools" ]; then
+    echo "!!!!!!!!!!!!!!!!!!!!!!!!"
+    echo "! Missing binaries!!"
+    echo "! Please run \"$0 build\" before zipping"
+    echo "!!!!!!!!!!!!!!!!!!!!!!!!"
+    exit 1
+  fi
+  echo "************************"
+  echo "* Adding version info"
+  echo "************************"
+  sed "s/MAGISK_VERSION_STUB/Magisk v$1 Boot Image Patcher/g" scripts/flash_script.sh > zip_static/META-INF/com/google/android/update-binary
+  sed "s/MAGISK_VERSION_STUB/setprop magisk.version \"$1\"/g" scripts/magic_mask.sh > zip_static/common/magic_mask.sh
+  echo "************************"
+  echo "* Zipping Magisk v$1"
+  echo "************************"
+  cd zip_static
+  find . -type f -exec chmod 644 {} \;
+  find . -type d -exec chmod 755 {} \;
+  rm -rf "../Magisk-v$1.zip"
+  zip "../Magisk-v$1.zip" -r .
+  cd ../
+  sign_zip "Magisk-v$1.zip"
+}
+
+zip_uninstaller() {
+  if [ ! -f "uninstaller/arm/bootimgtools" ]; then
+    echo "! Missing binaries!!"
+    echo "! Please run \"$0 build\" before zipping"
+    exit 1
+  fi
+  echo "************************"
+  echo "* Zipping uninstaller"
+  echo "************************"
+  cd uninstaller
+  find . -type f -exec chmod 644 {} \;
+  find . -type d -exec chmod 755 {} \;
+  TIMESTAMP=$(date "+%Y%m%d")
+  rm -rf "../Magisk-uninstaller-$TIMESTAMP.zip"
+  zip "../Magisk-uninstaller-$TIMESTAMP.zip" -r .
+  cd ../
+  sign_zip "Magisk-uninstaller-$TIMESTAMP.zip"
+}
+
+sign_zip() {
+  if [ ! -f "zipsigntools/zipadjust" ]; then
+    echo "************************"
+    echo "* Compiling ZipAdjust"
+    echo "************************"
+    gcc -o zipsigntools/zipadjust zipsigntools/src/*.c -lz
+    if [ $? -ne 0 ]; then
+      echo "!!!!!!!!!!!!!!!!!!!!!!!!"
+      echo "! ZipAdjust Build failed...."
+      echo "!!!!!!!!!!!!!!!!!!!!!!!!"
+      exit 1
+    fi
+    chmod 755 zipsigntools/zipadjust
+  fi
+  echo "************************"
+  echo "* First sign $1"
+  echo "************************"
+  java -jar "zipsigntools/signapk.jar" "zipsigntools/test.certificate.x509.pem" "zipsigntools/test.key.pk8" "$1" "${1%.*}-firstsign.zip"
+  echo "************************"
+  echo "* Adjusting $1"
+  echo "************************"
+  zipsigntools/zipadjust "${1%.*}-firstsign.zip" "${1%.*}-adjusted.zip"
+  echo "************************"
+  echo "* Final sign $1"
+  echo "************************"
+  java -jar "zipsigntools/signapk.jar" "zipsigntools/test.certificate.x509.pem" "zipsigntools/test.key.pk8" "${1%.*}-adjusted.zip" "${1%.*}-signed.zip"
+
+  mv "${1%.*}-signed.zip" "$1"
+  rm "${1%.*}-adjusted.zip" "${1%.*}-firstsign.zip"
+}
+
+DIR="$(cd "$(dirname "$0")"; pwd)"
+cd "$DIR"
+
+case $1 in
+  "all" )
+    [ -z "$2" ] && echo -e "! Missing version number\n" && usage
+    build_bin
+    zip_package $2
+    ;;
+  "clean" )
+    cleanup
+    ;;
+  "build" )
+    build_bin
+    ;;
+  "zip" )
+    [ -z "$2" ] && echo -e "! Missing version number\n" && usage
+    zip_package $2
+    ;;
+  "uninstaller" )
+    zip_uninstaller
+    ;;
+  * )
+    usage
+    ;;
+esac
--- a/jni/Android.mk
+++ b/jni/Android.mk
@@ -5,18 +5,13 @@ LOCAL_PATH := $(my_path)
 include $(CLEAR_VARS)
 LOCAL_MODULE := magiskhide
 LOCAL_MODULE_TAGS := optional
-LOCAL_FORCE_STATIC_EXECUTABLE := true
-LOCAL_LDFLAGS := -static
-LOCAL_STATIC_LIBRARIES := libc libcutils
 LOCAL_SRC_FILES := magiskhide.c
+LOCAL_CFLAGS += -std=gnu11
 include $(BUILD_EXECUTABLE)

 include $(CLEAR_VARS)
 LOCAL_MODULE := bootimgtools
 LOCAL_MODULE_TAGS := optional
-LOCAL_FORCE_STATIC_EXECUTABLE := true
-LOCAL_LDFLAGS := -static
-LOCAL_STATIC_LIBRARIES := libc libcutils
 LOCAL_SRC_FILES := bootimgtools.c extract.c repack.c hexpatch.c
 LOCAL_CFLAGS += -std=gnu11
 include $(BUILD_EXECUTABLE)
@@ -24,12 +19,17 @@ include $(BUILD_EXECUTABLE)
 include $(CLEAR_VARS)
 LOCAL_MODULE := sepolicy-inject
 LOCAL_MODULE_TAGS := optional
-LOCAL_FORCE_STATIC_EXECUTABLE := true
-LOCAL_LDFLAGS := -static
-LOCAL_STATIC_LIBRARIES := libc libcutils libsepol
+LOCAL_STATIC_LIBRARIES := libsepol
 LOCAL_SRC_FILES := sepolicy-inject/sepolicy-inject.c sepolicy-inject/builtin_rules.c
 LOCAL_C_INCLUDES := selinux/libsepol/include/
 LOCAL_CFLAGS += -std=gnu11
 include $(BUILD_EXECUTABLE)

+include $(CLEAR_VARS)
+LOCAL_MODULE := resetprop
+LOCAL_MODULE_TAGS := optional
+LOCAL_SRC_FILES := resetprop/resetprop.cpp resetprop/system_properties.cpp resetprop/libc_logging.cpp
+LOCAL_LDLIBS += -latomic
+include $(BUILD_EXECUTABLE)
+
 include selinux/libsepol/Android.mk
--- a/jni/Application.mk
+++ b/jni/Application.mk
@@ -1,3 +1,5 @@
-APP_ABI := x86 armeabi
+APP_ABI := x86 x86_64 armeabi arm64-v8a
 APP_PIE = true
 APP_PLATFORM := android-21
+APP_CPPFLAGS += -std=c++11
+# APP_STL := c++_static
--- a/jni/extract.c
+++ b/jni/extract.c
@@ -27,9 +27,9 @@ void dump_ramdisk(uint8_t *ptr, size_t size) {
 		dump(ptr, size, "ramdisk.gz");
 	//MTK header
 	} else if(memcmp(ptr, "\x88\x16\x88\x58", 4) == 0) {
-		if(memcmp(ptr+4, "RECOVERY", 8)==0) {
+		if(memcmp(ptr+8, "RECOVERY", 8)==0) {
 			dump(ptr, 0, "ramdisk-mtk-recovery");
-		} else if(memcmp(ptr+4, "ROOTFS\0\0", 8)==0) {
+		} else if(memcmp(ptr+8, "ROOTFS\0\0", 8)==0) {
 			dump(ptr, 0, "ramdisk-mtk-boot");
 		} else {
 			exit(1);
@@ -128,7 +128,8 @@ int extract(char *image) {

 		if(memcmp(base+pos, "QCDT", 4) == 0 ||
 				memcmp(base+pos, "SPRD", 4) == 0 ||
-				memcmp(base+pos, "DTBH", 4) == 0
+				memcmp(base+pos, "DTBH", 4) == 0 ||
+				memcmp(base+pos, "\xD0\x0D\xFE\xED", 4) == 0
 				) {
 			dump(base+pos, hdr->unused[0], "dt");
 			pos += hdr->unused[0] + hdr->page_size-1;
--- a/jni/magiskhide.c
+++ b/jni/magiskhide.c
@@ -1,24 +1,26 @@
-typedef unsigned short int sa_family_t;
-//Linux includes
-#define _LINUX_TIME_H
 #define _GNU_SOURCE
-#include <sys/types.h>
 #include <string.h>
-#include <sys/stat.h>
 #include <fcntl.h>
-#include <linux/connector.h>
-#include <linux/cn_proc.h>
-#include <linux/netlink.h>
-#include <linux/fs.h>
-#include <sys/socket.h>
 #include <stdio.h>
 #include <stdlib.h>
-#include <sys/time.h>
-#include <sys/resource.h>
+#include <sched.h>
+#include <pthread.h>
 #include <unistd.h>
-#include <sys/syscall.h>
-#include <asm/unistd.h>
-#include <sys/mount.h> 
+#include <signal.h>
+
+#include <sys/mount.h>
+#include <sys/inotify.h>
+#include <sys/wait.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#define LOGFILE 	"/cache/magisk.log"
+#define HIDELIST 	"/magisk/.core/magiskhide/hidelist"
+
+FILE *logfile;
+int i, list_size;
+char **hide_list = NULL;
+pthread_mutex_t mutex;

 char **file_to_str_arr(FILE *fp, int *size) {
 	int allocated = 16;
@@ -46,48 +48,71 @@ char **file_to_str_arr(FILE *fp, int *size) {
 	return array;
 }

+void lazy_unmount(const char* mountpoint) {
+	if (umount2(mountpoint, MNT_DETACH) != -1)
+		fprintf(logfile, "MagiskHide: Unmounted (%s)\n", mountpoint);
+	else
+		fprintf(logfile, "MagiskHide: Unmount Failed (%s)\n", mountpoint);
+}
+
 //WARNING: Calling this will change our current namespace
 //We don't care because we don't want to run from here anyway
-int hideMagisk(int pid) {
-	char *path = NULL;
-	asprintf(&path, "/proc/%d/ns/mnt", pid);
-	int fd = open(path, O_RDONLY);
-	if(fd == -1) return 2;
-	int res = syscall(SYS_setns, fd, 0);
-	if(res == -1) return 3;
+int hideMagisk(int pid, int uid) {
+	struct stat info;
+	char path[256];
+	// snprintf(path, 256, "/proc/%d", pid);
+	// if (stat(path, &info) == -1) {
+	// 	fprintf(logfile, "MagiskHide: Unable to get info for pid=%d\n", pid);
+	// 	return 1;
+	// }
+	// if (info.st_uid != uid) {
+	// 	fprintf(logfile, "MagiskHide: Incorrect uid=%d, expect uid=%d\n", info.st_uid, uid);
+	// 	return 1;
+	// }

-	free(path);
-	path = NULL;
-	asprintf(&path, "/proc/%d/mounts", pid);
+	snprintf(path, 256, "/proc/%d/ns/mnt", pid);
+	int fd = open(path, O_RDONLY);
+	if(fd == -1) return 2; // Maybe process died..
+	if(setns(fd, 0) == -1) {
+		fprintf(logfile, "MagiskHide: Unable to change namespace for pid=%d\n", pid);
+		return 3;
+	}
+
+	snprintf(path, 256, "/proc/%d/mounts", pid);
 	FILE *mount_fp = fopen(path, "r");
 	if (mount_fp == NULL) {
-		fprintf(stderr, "Error opening mount list!\n");
-		return 1;
+		fprintf(logfile, "MagiskHide: Error opening mount list!\n");
+		return 4;
 	}
-	free(path);

 	int mount_size;
-	char **mount_list = file_to_str_arr(mount_fp, &mount_size), mountpoint[256], *sbstr;
+	char **mount_list = file_to_str_arr(mount_fp, &mount_size), mountpoint[256], cache_block[256];
 	fclose(mount_fp);

-	int i, unmount = 0;
+	// Find the cache block
+	for(i = 0; i < mount_size; ++i) {
+		if (strstr(mount_list[i], "/cache")) {
+			sscanf(mount_list[i], "%256s", cache_block);
+			break;
+		}
+	}
+
+	// Unmount in inverse order
 	for(i = mount_size - 1; i >= 0; --i) {
-		if((strstr(mount_list[i], "/dev/block/loop") != NULL)) {
+		if (strstr(mount_list[i], cache_block) && strstr(mount_list[i], "/system")) {
 			sscanf(mount_list[i], "%256s %256s", mountpoint, mountpoint);
-			if (strstr(mountpoint, "/.core/dummy") != NULL) 
-				unmount = 0;
-			else
-				unmount = 1;
-		} else if ((sbstr = strstr(mount_list[i], "/.core/dummy")) != NULL) {
-			sscanf(sbstr, "/.core/dummy%256s", mountpoint);
-			unmount = 1;
-		}
-		if(unmount) {
-			unmount = 0;
-			res = umount2(mountpoint, MNT_DETACH);
-			if (res != -1) printf("Unmounted: %s\n", mountpoint);
-			else printf("Failed: %s\n", mountpoint);
+		} else if (strstr(mount_list[i], "/dev/block/loop")) {
+			if (strstr(mount_list[i], "/dev/magisk")) continue;
+			// Everything from loop mount
+			sscanf(mount_list[i], "%256s %256s", mountpoint, mountpoint);
+		} else if (strstr(mount_list[i], "tmpfs /system/")) {
+			// Directly unmount skeletons
+			sscanf(mount_list[i], "%256s %256s", mountpoint, mountpoint);
+		} else {
+			free(mount_list[i]);
+			continue;
 		}
+		lazy_unmount(mountpoint);
 		free(mount_list[i]);
 	}
 	// Free memory
@@ -96,36 +121,91 @@ int hideMagisk(int pid) {
 	return 0;
 }

-int main(int argc, char **argv, char **envp) {
-	if (argc != 2) {
-		fprintf(stderr, "%s <process/package name list>\n", argv[0]);
-		return 1;
-	}
-	int i, hide_size;
-	char **hide_list;
-
-	FILE *hide_fp = fopen(argv[1], "r");
+void update_list(const char *listpath) {
+	FILE *hide_fp = fopen((char*) listpath, "r");
 	if (hide_fp == NULL) {
-		fprintf(stderr, "Error opening hide list\n");
-		return 1;
+		fprintf(logfile, "MagiskHide: Error opening hide list\n");
+		exit(1);
+	}
+	pthread_mutex_lock(&mutex);
+	if (hide_list) {
+		// Free memory
+		for(i = 0; i < list_size; ++i)
+			free(hide_list[i]);
+		free(hide_list);
+	}
+	hide_list = file_to_str_arr(hide_fp, &list_size);
+	pthread_mutex_unlock(&mutex);
+	fclose(hide_fp);
+	if (list_size) fprintf(logfile, "MagiskHide: Update process/package list:\n");
+	for(i = 0; i < list_size; i++)
+		fprintf(logfile, "MagiskHide: [%s]\n", hide_list[i]);
+}
+
+void quit_pthread(int sig) {
+	// Free memory
+	for(i = 0; i < list_size; ++i)
+		free(hide_list[i]);
+	free(hide_list);
+	pthread_exit(NULL);
+}
+
+void *monitor_list(void *listpath) {
+	signal(SIGQUIT, quit_pthread);
+
+	int inotifyFd = -1;
+	char buffer[512];
+
+	while(1) {
+		if (inotifyFd == -1 || read(inotifyFd, buffer, 512) == -1) {
+			close(inotifyFd);
+			inotifyFd = inotify_init();
+			if (inotifyFd == -1) {
+				fprintf(logfile, "MagiskHide: Unable to watch %s\n", listpath);
+				exit(1);
+			}
+			if (inotify_add_watch(inotifyFd, (char*) listpath, IN_MODIFY) == -1) {
+				fprintf(logfile, "MagiskHide: Unable to watch %s\n", listpath);
+				exit(1);
+			}
+		}
+		update_list((char*) listpath);
 	}

-	hide_list = file_to_str_arr(hide_fp, &hide_size);
-	fclose(hide_fp);
+	return NULL;
+}

-	printf("Get process / package name from config:\n");
-	for(i = 0; i < hide_size; i++)
-		printf("%s\n", hide_list[i]);
-	printf("\n");
+int main(int argc, char **argv, char **envp) {

-	char buffer[512];
-	FILE *p = popen("while true;do logcat -b events -v raw -s am_proc_start;sleep 1;done", "r");
-	while(!feof(p)) {
-		//Format of am_proc_start is (as of Android 5.1 and 6.0)
-		//UserID, pid, unix uid, processName, hostingType, hostingName
-		fgets(buffer, sizeof(buffer), p);
+	pid_t forkpid = fork();
+
+	if (forkpid < 0)
+		return 1;
+
+	if (forkpid == 0) {
+		if (setsid() < 0)
+			return 1;
+
+		close(STDIN_FILENO);
+		close(STDOUT_FILENO);
+		close(STDERR_FILENO);
+
+		logfile = fopen(LOGFILE, "a+");
+		setbuf(logfile, NULL);
+
+		pthread_t list_monitor;
+
+		pthread_mutex_init(&mutex, NULL);
+		pthread_create(&list_monitor, NULL, monitor_list, HIDELIST);
+
+		char buffer[512];
+		FILE *p = popen("while true; do logcat -b events -v raw -s am_proc_start; sleep 1; done", "r");
+
+		while(!feof(p)) {
+			//Format of am_proc_start is (as of Android 5.1 and 6.0)
+			//UserID, pid, unix uid, processName, hostingType, hostingName
+			fgets(buffer, sizeof(buffer), p);

-		{
 			char *pos = buffer;
 			while(1) {
 				pos = strchr(pos, ',');
@@ -133,33 +213,44 @@ int main(int argc, char **argv, char **envp) {
 					break;
 				pos[0] = ' ';
 			}
-		}

-		int user, pid, uid;
-		char processName[256], hostingType[16], hostingName[256];
-		int ret = sscanf(buffer, "[%d %d %d %256s %16s %256s]",
-				&user, &pid, &uid,
-				processName, hostingType, hostingName);
+			int user, pid, uid;
+			char processName[256], hostingType[16], hostingName[256];
+			int ret = sscanf(buffer, "[%d %d %d %256s %16s %256s]",
+					&user, &pid, &uid,
+					processName, hostingType, hostingName);

+			if(ret != 6)
+				continue;

-		if(ret != 6) {
-			continue;
-		}
-		for (i = 0; i < hide_size; ++i) {
-			if(strstr(processName, hide_list[i]) != NULL) {
-				printf("Disabling for process = %s, PID = %d, UID = %d\n", processName, pid, uid);
-				hideMagisk(pid);
-				break;
+			for (i = 0; i < list_size; ++i) {
+				if(strstr(processName, hide_list[i])) {
+					fprintf(logfile, "MagiskHide: Disabling for process=%s, PID=%d, UID=%d\n", processName, pid, uid);
+					forkpid = fork();
+					if (forkpid < 0)
+						break;
+					if (forkpid == 0) {
+						hideMagisk(pid, uid);
+						return 0;
+					}
+					waitpid(forkpid, NULL, 0);
+					kill(forkpid, SIGTERM);
+					break;
+				}
 			}
 		}
+
+		pclose(p);
+
+		pthread_kill(list_monitor, SIGQUIT);
+		pthread_mutex_destroy(&mutex);
+
+		fprintf(logfile, "MagiskHide: Error occurred...\n");
+
+		fclose(logfile);
+
+		return 1;
 	}

-	pclose(p);
-
-	// Free memory
-	for(i = 0; i < hide_size; ++i)
-		free(hide_list[i]);
-	free(hide_list);
-
 	return 0;
 }
--- a/jni/resetprop
+++ b/jni/resetprop
--- a/jni/sepolicy-inject
+++ b/jni/sepolicy-inject
--- a/zip_static/META-INF/com/google/android/update-binary
+++ b/zip_static/META-INF/com/google/android/update-binary
@@ -19,6 +19,9 @@ INSTALLER=$TMPDIR/magisk

 COREDIR=/magisk/.core

+# Default permissions
+umask 022
+
 ##########################################################################################
 # Flashable update-binary preparation
 ##########################################################################################
@@ -62,7 +65,7 @@ ui_print() {
 getvar() {
  local VARNAME=$1
  local VALUE=$(eval echo \$"$VARNAME");
-  for FILE in /data/.magisk /cache/.magisk /system/.magisk; do
+  for FILE in /dev/.magisk /data/.magisk /cache/.magisk /system/.magisk; do
    if [ -z "$VALUE" ]; then
      LINE=$(cat $FILE 2>/dev/null | grep "$VARNAME=")
      if [ ! -z "$LINE" ]; then
@@ -76,14 +79,14 @@ getvar() {
 find_boot_image() {
  if [ -z "$BOOTIMAGE" ]; then
    for PARTITION in kern-a KERN-A android_boot ANDROID_BOOT kernel KERNEL boot BOOT lnx LNX; do
-      BOOTIMAGE=$(readlink /dev/block/by-name/$PARTITION || readlink /dev/block/platform/*/by-name/$PARTITION || readlink /dev/block/platform/*/*/by-name/$PARTITION)
+      BOOTIMAGE=`readlink /dev/block/by-name/$PARTITION || readlink /dev/block/platform/*/by-name/$PARTITION || readlink /dev/block/platform/*/*/by-name/$PARTITION`
      if [ ! -z "$BOOTIMAGE" ]; then break; fi
    done
  fi
  if [ -z "$BOOTIMAGE" ]; then
    FSTAB="/etc/recovery.fstab"
    [ ! -f "$FSTAB" ] && FSTAB="/etc/recovery.fstab.bak"
-    BOOTIMAGE=$(grep -E '\b/boot\b' "$FSTAB" | grep -oE '/dev/[a-zA-Z0-9_./-]*')
+    [ -f "$FSTAB" ] BOOTIMAGE=`grep -E '\b/boot\b' "$FSTAB" | grep -oE '/dev/[a-zA-Z0-9_./-]*'`
  fi
 }

@@ -147,11 +150,6 @@ unpack_boot() {
  cd $UNPACKDIR
  $BINDIR/bootimgtools --extract $1

-  find $TMPDIR/boottmp -type d -exec chmod 755 {} \;
-  find $TMPDIR/boottmp -type f -exec chmod 644 {} \;
-  chmod 755 $(find $TMPDIR/boottmp -type d)
-  chmod 644 $(find $TMPDIR/boottmp -type f)
-
  cd $RAMDISK
  gunzip -c < $UNPACKDIR/ramdisk.gz | cpio -i
 }
@@ -184,9 +182,9 @@ repack_boot() {
 # Detection
 ##########################################################################################

-ui_print "****************************"
-ui_print "Magisk v8 Boot Image Patcher"
-ui_print "****************************"
+ui_print "*****************************"
+ui_print "MAGISK_VERSION_STUB"
+ui_print "*****************************"

 if [ ! -d "$INSTALLER/common" ]; then
  ui_print "! Failed: Unable to extract zip file!"
@@ -203,6 +201,33 @@ if [ ! -f '/system/build.prop' ]; then
  exit 1
 fi

+if [ -z "$NOOVERRIDE" ]; then
+  # read override variables
+  getvar KEEPVERITY
+  getvar KEEPFORCEENCRYPT
+  getvar NORESTORE
+  getvar BOOTIMAGE
+fi
+
+if [ -z "$KEEPVERITY" ]; then
+  # we don't keep dm-verity by default
+  KEEPVERITY=false
+fi
+if [ -z "$KEEPFORCEENCRYPT" ]; then
+  # we don't keep forceencrypt by default
+  KEEPFORCEENCRYPT=false
+fi
+if [ -z "$NORESTORE" ]; then
+  # we restore ramdisk by default
+  NORESTORE=false
+fi
+
+SAMSUNG=false
+SAMSUNG_CHECK=$(cat /system/build.prop | grep "ro.build.fingerprint=" | grep -i "samsung")
+if [ $? -eq 0 ]; then
+  SAMSUNG=true
+fi
+
 API=$(grep_prop ro.build.version.sdk)
 ABI=$(grep_prop ro.product.cpu.abi | cut -c-3)
 ABI2=$(grep_prop ro.product.cpu.abi2 | cut -c-3)
@@ -223,10 +248,8 @@ fi

 ui_print "- Device platform: $ARCH"

-BINDIR=$INSTALLER/arm
-if [ "$ARCH" = "x86" -o "$ARCH" = "x64" ]; then
-  BINDIR=$INSTALLER/x86
-fi
+BINDIR=$INSTALLER/$ARCH
+chmod -R 755 $CHROMEDIR/futility $BINDIR

 find_boot_image
 if [ -z "$BOOTIMAGE" ]; then
@@ -234,32 +257,6 @@ if [ -z "$BOOTIMAGE" ]; then
  exit 1
 fi

-if [ -z "$NOOVERRIDE" ]; then
-  # read override variables
-  getvar KEEPVERITY
-  getvar KEEPFORCEENCRYPT
-  getvar NORESTORE
-fi
-
-if [ -z "$KEEPVERITY" ]; then
-  # we don't keep dm-verity by default
-  KEEPVERITY=false
-fi
-if [ -z "$KEEPFORCEENCRYPT" ]; then
-  # we don't keep forceencrypt by default
-  KEEPFORCEENCRYPT=false
-fi
-if [ -z "$NORESTORE" ]; then
-  # we don't keep ramdisk by default
-  NORESTORE=false
-fi
-
-SAMSUNG=false
-SAMSUNG_CHECK=$(cat /system/build.prop | grep "ro.build.fingerprint=" | grep -i "samsung")
-if [ $? -eq 0 ]; then
-  SAMSUNG=true
-fi
-
 ##########################################################################################
 # Environment
 ##########################################################################################
@@ -271,11 +268,13 @@ if (is_mounted /data); then
  mkdir -p /data/busybox
  cp -af $BINDIR /data/magisk
  cp -af $INSTALLER/common/init.magisk.rc $INSTALLER/common/magic_mask.sh /data/magisk
-  chmod 755 /data/busybox /data/magisk /data/magisk/*
-  chcon 'u:object_r:system_file:s0' /data/busybox /data/magisk /data/magisk/*
  /data/magisk/busybox --install -s /data/busybox
+  ln -s /data/magisk/busybox /data/busybox/busybox
  # Prevent issues
  rm -f /data/busybox/su /data/busybox/sh
+  chcon -hR "u:object_r:system_file:s0" /data/magisk /data/busybox
+  chmod -R 755 /data/magisk /data/busybox
+  PATH=/data/busybox:$PATH
 else
  rm -rf /cache/data_bin 2>/dev/null
  mkdir -p /cache/data_bin
@@ -288,7 +287,7 @@ fi
 ##########################################################################################

 # Fix SuperSU.....
-($BOOTMODE) && /data/magisk/sepolicy-inject -s fsck --live
+($BOOTMODE) && $BINDIR/sepolicy-inject -s fsck --live

 if (is_mounted /data); then
  IMG=/data/magisk.img
@@ -314,10 +313,6 @@ MAGISKLOOP=$LOOPDEVICE
 mkdir -p /magisk/.core/magiskhide 2>/dev/null
 cp -af $INSTALLER/common/magiskhide/. /magisk/.core/magiskhide

-# Remove legacy SuperSU module
-mkdir -p /magisk/zzsupersu
-touch /magisk/zzsupersu/remove
-
 ##########################################################################################
 # Boot image patch
 ##########################################################################################
@@ -328,15 +323,11 @@ rm -rf $TMPDIR/boottmp 2>/dev/null
 mkdir -p $TMPDIR/boottmp

 CHROMEDIR=$INSTALLER/chromeos
-ORIGBOOT=$TMPDIR/boottmp/boot.img
 NEWBOOT=$TMPDIR/boottmp/new-boot.img
 UNPACKDIR=$TMPDIR/boottmp/bootunpack
 RAMDISK=$TMPDIR/boottmp/ramdisk

-chmod 777 $CHROMEDIR/futility $BINDIR/*
-
-ui_print "- Dumping boot image"
-dd if=$BOOTIMAGE of=$ORIGBOOT
+ORIGBOOT=$BOOTIMAGE

 ui_print "- Unpacking boot image"
 unpack_boot $ORIGBOOT
@@ -356,14 +347,14 @@ if (! $NORESTORE); then
      cp -af $INSTALLER/common/custom_ramdisk_patch.sh /data/custom_ramdisk_patch.sh
    fi
    if [ -d "magisk" ]; then
-      # If Magisk is installed and no SuperSU and no ramdisk backups
+      # If Magisk is installed and not SuperSU and no ramdisk backups
      # Restore previous stock boot image
      if (! $SUPERSU); then
        cp -af /data/stock_boot_*.gz /data/stock_boot.img.gz 2>/dev/null
        gzip -d /data/stock_boot.img.gz 2>/dev/null
        if [ -f "/data/stock_boot.img" ]; then
          ui_print "- Restoring boot image with backup"
-          cp -af /data/stock_boot.img $ORIGBOOT
+          $ORIGBOOT=/data/stock_boot.img
          unpack_boot $ORIGBOOT
        fi
      fi
@@ -374,17 +365,15 @@ if (! $NORESTORE); then
  fi
 fi

+# SuperSU already backup stock boot, no need to do again
 if (! $SUPERSU); then
  ui_print "- Creating backups"
  mkdir .backup 2>/dev/null
-  cp -af init.environ.rc *fstab* verity_key sepolicy .backup 2>/dev/null
-  if (! $SUPERSU); then
-    # SuperSU already backup stock boot, no need to do again
-    if (is_mounted /data); then
-      cp -af $ORIGBOOT /data/stock_boot.img
-    else
-      cp -af $ORIGBOOT /cache/stock_boot.img
-    fi
+  cp -af *fstab* verity_key sepolicy .backup 2>/dev/null
+  if (is_mounted /data); then
+    [ "$ORIGBOOT" != "/data/stock_boot.img" ] && dd if=$ORIGBOOT of=/data/stock_boot.img
+  else
+    dd if=$ORIGBOOT of=/cache/stock_boot.img
  fi
 fi

@@ -393,25 +382,13 @@ ui_print "- Patching ramdisk"

 # Add magisk entrypoint
 for INIT in init*.rc; do
-  if [ $(grep -c "import /init.environ.rc" $INIT) -ne "0" ] && [ $(grep -c "import /init.magisk.rc" $INIT) -eq "0" ]; then
+  if [ $(grep -c "import /init.environ.rc" $INIT) -ne "0" ] && [ `grep -c "import /init.magisk.rc" $INIT` -eq "0" ]; then
    cp $INIT .backup
    sed -i "/import \/init\.environ\.rc/iimport /init.magisk.rc" $INIT
    break
  fi
 done

-# Add magisk PATH
-if [ $(grep -c "export PATH" init.environ.rc) -eq "0" ]; then
-  sed -i "/on init/a\ \ \ \ export PATH /magisk/.core/bin:/sbin:/vendor/bin:/system/sbin:/system/bin:/system/xbin:/magisk/.core/busybox" init.environ.rc
-else 
-  if [ $(grep -c "/magisk/.core/busybox" init.environ.rc) -eq "0" ]; then
-    sed -i "/export PATH/ s/\/system\/xbin/\/system\/xbin:\/magisk\/.core\/busybox/g" init.environ.rc
-  fi
-  if [ $(grep -c "/magisk/.core/bin" init.environ.rc) -eq "0" ] && (! $SUPERSU); then
-    sed -i "/export PATH/ s/\/sbin/\/magisk\/.core\/bin:\/sbin/g" init.environ.rc
-  fi
-fi
-
 if (! $SUPERSU); then
  sed -i "/selinux.reload_policy/d" init.rc
  find . -type f -name "*fstab*" 2>/dev/null | while read FSTAB ; do
@@ -443,15 +420,15 @@ chmod 0750 init.magisk.rc sbin/magic_mask.sh
 ui_print "- Repacking boot image"
 repack_boot

-ORIGSIZE=$(ls -l $ORIGBOOT | awk '{print $5}')
-NEWSIZE=$(ls -l $NEWBOOT | awk '{print $5}')
-if [ "$NEWSIZE" -gt "$ORIGSIZE" ]; then
+BOOTSIZE=`blockdev --getsize64 $BOOTIMAGE`
+NEWSIZE=`ls -l $NEWBOOT | awk '{print $5}'`
+if [ "$NEWSIZE" -gt "$BOOTSIZE" ]; then
  ui_print "! Boot partition space insufficient"
-  ui_print "! Try to remove ramdisk backups"
+  ui_print "! Remove ramdisk backups and try again"
  rm -rf $RAMDISK/.backup $NEWBOOT 2>/dev/null
  repack_boot
-  NEWSIZE=$(ls -l $NEWBOOT | awk '{print $5}')
-  if [ "$NEWSIZE" -gt "$ORIGSIZE" ]; then
+  NEWSIZE=`ls -l $NEWBOOT | awk '{print $5}'`
+  if [ "$NEWSIZE" -gt "$BOOTSIZE" ]; then
    ui_print "! Boot partition size still too small..."
    ui_print "! Unable to install Magisk"
    exit 1
@@ -460,12 +437,8 @@ fi

 chmod 644 $NEWBOOT

-if [ -L "$BOOTIMAGE" ]; then
-  ui_print "- Block symlink detected!"
-else
-  dd if=/dev/zero of=$BOOTIMAGE bs=4096 2>/dev/null
-fi
 ui_print "- Flashing new boot image"
+[ ! -L "$BOOTIMAGE" ] && dd if=/dev/zero of=$BOOTIMAGE bs=4096 2>/dev/null
 dd if=$NEWBOOT of=$BOOTIMAGE bs=4096

 if (! $BOOTMODE); then
@@ -473,6 +446,7 @@ if (! $BOOTMODE); then
  umount /magisk
  losetup -d $MAGISKLOOP
  umount /system
+  rmdir /magisk
 fi

 ui_print "- Done"
--- a/scripts/magic_mask.sh
+++ b/scripts/magic_mask.sh
@@ -0,0 +1,487 @@
+#!/system/bin/sh
+
+LOGFILE=/cache/magisk.log
+IMG=/data/magisk.img
+
+MOUNTPOINT=/magisk
+
+COREDIR=$MOUNTPOINT/.core
+
+TMPDIR=/dev/magisk
+DUMMDIR=$TMPDIR/dummy
+MIRRDIR=$TMPDIR/mirror
+MOUNTINFO=$TMPDIR/mnt
+
+# Use the included busybox for maximum compatibility and reliable results
+# e.g. we rely on the option "-c" for cp (reserve contexts), and -exec for find
+TOOLPATH=/data/busybox
+BINPATH=/data/magisk
+OLDPATH=$PATH
+PATH=$TOOLPATH:$OLDPATH
+
+# Default permissions
+umask 022
+
+
+log_print() {
+  echo "$1"
+  echo "$1" >> $LOGFILE
+  log -p i -t Magisk "$1"
+}
+
+mktouch() {
+  mkdir -p ${1%/*} 2>/dev/null
+  if [ -z "$2" ]; then
+    touch "$1" 2>/dev/null
+  else
+    echo "$2" > "$1" 2>/dev/null
+  fi
+}
+
+unblock() {
+  touch /dev/.magisk.unblock
+  exit
+}
+
+run_scripts() {
+  PATH=$OLDPATH
+  BASE=$MOUNTPOINT
+  for MOD in $BASE/* ; do
+    if [ ! -f "$MOD/disable" ]; then
+      if [ -f "$MOD/$1.sh" ]; then
+        chmod 755 $MOD/$1.sh
+        chcon "u:object_r:system_file:s0" "$MOD/$1.sh"
+        log_print "$1: $MOD/$1.sh"
+        sh $MOD/$1.sh
+      fi
+    fi
+  done
+  PATH=$TOOLPATH:$OLDPATH
+}
+
+loopsetup() {
+  LOOPDEVICE=
+  for DEV in $(ls /dev/block/loop*); do
+    if [ `losetup $DEV $1 >/dev/null 2>&1; echo $?` -eq 0 ]; then
+      LOOPDEVICE=$DEV
+      break
+    fi
+  done
+}
+
+target_size_check() {
+  e2fsck -p -f $1
+  curBlocks=`e2fsck -n $1 2>/dev/null | cut -d, -f3 | cut -d\  -f2`;
+  curUsedM=$((`echo "$curBlocks" | cut -d/ -f1` * 4 / 1024));
+  curSizeM=$((`echo "$curBlocks" | cut -d/ -f2` * 4 / 1024));
+  curFreeM=$((curSizeM - curUsedM));
+}
+
+travel() {
+  cd "$1/$2"
+  if [ -f ".replace" ]; then
+    rm -rf "$MOUNTINFO/$2"
+    mktouch "$MOUNTINFO/$2" "$1"
+  else
+    for ITEM in * ; do
+      if [ ! -e "/$2/$ITEM" ]; then
+        # New item found
+        if [ "$2" = "system" ]; then
+          # We cannot add new items to /system root, delete it
+          rm -rf "$ITEM"
+        else
+          # If we are in a higher level, delete the lower levels
+          rm -rf "$MOUNTINFO/dummy/$2"
+          # Mount the dummy parent
+          mktouch "$MOUNTINFO/dummy/$2"
+
+          if [ -d "$ITEM" ]; then
+            # Create new dummy directory and mount it
+            mkdir -p "$DUMMDIR/$2/$ITEM"
+            mktouch "$MOUNTINFO/$2/$ITEM" "$1"
+          elif [ -L "$ITEM" ]; then
+            # Symlinks are small, copy them
+            mkdir -p "$DUMMDIR/$2" 2>/dev/null
+            cp -afc "$ITEM" "$DUMMDIR/$2/$ITEM"
+          else
+            # Create new dummy file and mount it
+            mktouch "$DUMMDIR/$2/$ITEM"
+            mktouch "$MOUNTINFO/$2/$ITEM" "$1"
+          fi
+        fi
+      else
+        if [ -d "$ITEM" ]; then
+          # It's an directory, travel deeper
+          (travel "$1" "$2/$ITEM")
+        elif [ ! -L "$ITEM" ]; then
+          # Mount this file
+          mktouch "$MOUNTINFO/$2/$ITEM" "$1"
+        fi
+      fi
+    done
+  fi
+}
+
+clone_dummy() {
+  for ITEM in "$1/"* ; do
+    if [ -d "$DUMMDIR$ITEM" ]; then
+      (clone_dummy "$ITEM")
+    elif [ ! -e "$DUMMDIR$ITEM" ]; then
+      if [ -d "$ITEM" ]; then
+        # Create dummy directory
+        mkdir -p "$DUMMDIR$ITEM"
+      elif [ -L "$ITEM" ]; then
+        # Symlinks are small, copy them
+        cp -afc "$ITEM" "$DUMMDIR$ITEM"
+      else
+        # Create dummy file
+        mktouch "$DUMMDIR$ITEM"
+      fi
+      chcon -f "u:object_r:system_file:s0" "$DUMMDIR$ITEM"
+    fi
+  done
+}
+
+bind_mount() {
+  if [ -e "$1" -a -e "$2" ]; then
+    mount -o bind $1 $2
+    if [ "$?" -eq "0" ]; then 
+      log_print "Mount: $1"
+    else 
+      log_print "Mount Fail: $1"
+    fi 
+  fi
+}
+
+merge_image() {
+  if [ -f "$1" ]; then
+    log_print "$1 found"
+    if [ -f "$IMG" ]; then
+      log_print "$IMG found, attempt to merge"
+
+      # Handle large images
+      target_size_check $1
+      MERGEUSED=$curUsedM
+      target_size_check $IMG
+      if [ "$MERGEUSED" -gt "$curFreeM" ]; then
+        NEWDATASIZE=$((((MERGEUSED + curUsedM) / 32 + 2) * 32))
+        log_print "Expanding $IMG to ${NEWDATASIZE}M..."
+        resize2fs $IMG ${NEWDATASIZE}M
+      fi
+
+      # Start merging
+      mkdir /cache/data_img
+      mkdir /cache/merge_img
+
+      # setup loop devices
+      loopsetup $IMG
+      LOOPDATA=$LOOPDEVICE
+      log_print "$LOOPDATA $IMG"
+
+      loopsetup $1
+      LOOPMERGE=$LOOPDEVICE
+      log_print "$LOOPMERGE $1"
+
+      if [ ! -z "$LOOPDATA" ]; then
+        if [ ! -z "$LOOPMERGE" ]; then
+          # if loop devices have been setup, mount images
+          OK=true
+
+          if [ `mount -t ext4 -o rw,noatime $LOOPDATA /cache/data_img >/dev/null 2>&1; echo $?` -ne 0 ]; then
+            OK=false
+          fi
+
+          if [ `mount -t ext4 -o rw,noatime $LOOPMERGE /cache/merge_img >/dev/null 2>&1; echo $?` -ne 0 ]; then
+            OK=false
+          fi
+
+          if ($OK); then
+            # Merge (will reserve selinux contexts)
+            cd /cache/merge_img
+            for MOD in *; do
+              if [ "$MOD" != "lost+found" ]; then
+                log_print "Merging: $MOD"
+                rm -rf /cache/data_img/$MOD
+              fi
+            done
+            cp -afc . /cache/data_img
+            log_print "Merge complete"
+            cd /
+          fi
+
+          umount /cache/data_img
+          umount /cache/merge_img
+        fi
+      fi
+
+      losetup -d $LOOPDATA
+      losetup -d $LOOPMERGE
+
+      rmdir /cache/data_img
+      rmdir /cache/merge_img
+    else 
+      log_print "Moving $1 to $IMG "
+      mv $1 $IMG
+    fi
+    rm -f $1
+  fi
+}
+
+case $1 in
+  post-fs )
+    mv $LOGFILE /cache/last_magisk.log
+    touch $LOGFILE
+    chmod 644 $LOGFILE
+
+    # No more cache mods!
+    # Only for multirom!
+
+    log_print "** Magisk post-fs mode running..."
+
+    # Cleanup previous version stuffs...
+    rm -rf /cache/magisk /cache/magisk_merge /cache/magiskhide.log
+
+    if [ -d "/cache/magisk_mount" ]; then
+      log_print "Mounting cache files"
+      find /cache/magisk_mount -type f 2>/dev/null | while read ITEM ; do
+        chmod 644 "$ITEM"
+        chcon "u:object_r:system_file:s0" "$ITEM"
+        TARGET="${ITEM#/cache/magisk_mount}"
+        bind_mount "$ITEM" "$TARGET"
+      done
+    fi
+
+    unblock
+    ;;
+
+  post-fs-data )
+    if [ `mount | grep " /data " >/dev/null 2>&1; echo $?` -ne 0 ]; then
+      # /data not mounted yet, we will be called again later
+      unblock
+    fi
+
+    if [ `mount | grep " /data " | grep "tmpfs" >/dev/null 2>&1; echo $?` -eq 0 ]; then
+      # /data not mounted yet, we will be called again later
+      unblock
+    fi
+
+    # Don't run twice
+    if [ "`getprop magisk.restart_pfsd`" != "1" ]; then
+
+      log_print "** Magisk post-fs-data mode running..."
+
+      # Live patch sepolicy
+      $BINPATH/sepolicy-inject --live -s su
+
+      # Multirom functions should go here, not available right now
+      MULTIROM=false
+
+      # Cache support
+      if [ -d "/cache/data_bin" ]; then
+        rm -rf $BINPATH $TOOLPATH
+        mkdir -p $TOOLPATH
+        mv /cache/data_bin $BINPATH
+        chmod -R 755 $BINPATH $TOOLPATH
+        $BINPATH/busybox --install -s $TOOLPATH
+        ln -s $BINPATH/busybox $TOOLPATH/busybox
+        # Prevent issues
+        rm -f $TOOLPATH/su $TOOLPATH/sh
+      fi
+
+      mv /cache/stock_boot.img /data 2>/dev/null
+
+      find $BINPATH -exec chcon -h "u:object_r:system_file:s0" {} \;
+      find $TOOLPATH -exec chcon -h "u:object_r:system_file:s0" {} \;
+      chmod -R 755 $BINPATH $TOOLPATH
+
+      # Image merging
+      chmod 644 $IMG /cache/magisk.img /data/magisk_merge.img 2>/dev/null
+      merge_image /cache/magisk.img
+      merge_image /data/magisk_merge.img
+
+      # Mount magisk.img
+      [ ! -d "$MOUNTPOINT" ] && mkdir -p $MOUNTPOINT
+      if [ `cat /proc/mounts | grep $MOUNTPOINT >/dev/null 2>&1; echo $?` -ne 0 ]; then
+        loopsetup $IMG
+        if [ ! -z "$LOOPDEVICE" ]; then
+          mount -t ext4 -o rw,noatime,suid $LOOPDEVICE $MOUNTPOINT
+        fi
+      fi
+
+      if [ `cat /proc/mounts | grep $MOUNTPOINT >/dev/null 2>&1; echo $?` -ne 0 ]; then
+        log_print "magisk.img mount failed, nothing to do :("
+        unblock
+      fi
+
+      # Remove empty directories, legacy paths and symlinks
+      rm -rf $COREDIR/bin $COREDIR/dummy $COREDIR/mirror
+      find $MOUNTPOINT -type d -depth ! -path "*core*" -exec rmdir {} \; 2>/dev/null
+
+      # Remove modules
+      for MOD in $MOUNTPOINT/* ; do
+        if [ -f "$MOD/remove" ] || [ "$MOD" = "zzsupersu" ]; then
+          log_print "Remove module: $MOD"
+          rm -rf $MOD
+        fi
+      done
+
+      # Unmount, shrink, remount
+      if [ `umount $MOUNTPOINT >/dev/null 2>&1; echo $?` -eq 0 ]; then
+        losetup -d $LOOPDEVICE
+        target_size_check $IMG
+        NEWDATASIZE=$(((curUsedM / 32 + 2) * 32))
+        if [ "$curSizeM" -gt "$NEWDATASIZE" ]; then
+          log_print "Shrinking $IMG to ${NEWDATASIZE}M..."
+          resize2fs $IMG ${NEWDATASIZE}M
+        fi
+        loopsetup $IMG
+        if [ ! -z "$LOOPDEVICE" ]; then
+          mount -t ext4 -o rw,noatime,suid $LOOPDEVICE $MOUNTPOINT
+        fi
+        if [ `cat /proc/mounts | grep $MOUNTPOINT >/dev/null 2>&1; echo $?` -ne 0 ]; then
+          log_print "magisk.img mount failed, nothing to do :("
+          unblock
+        fi
+      fi
+
+      log_print "Preparing modules"
+
+      mkdir -p $DUMMDIR
+      mkdir -p $MIRRDIR/system
+
+      # Travel through all mods, all magic happens here
+      for MOD in $MOUNTPOINT/* ; do
+        if [ -f "$MOD/auto_mount" -a -d "$MOD/system" -a ! -f "$MOD/disable" ]; then
+          (travel $MOD system)
+        fi
+      done
+
+      # Proper permissions for generated items
+      find $TMPDIR -exec chcon -h "u:object_r:system_file:s0" {} \;
+
+      # linker(64), t*box required
+      if [ -f "$MOUNTINFO/dummy/system/bin" ]; then
+        cd /system/bin
+        cp -afc linker* t*box $DUMMDIR/system/bin/
+      fi
+
+      # Some libraries are required
+      LIBS="libc++.so libc.so libcutils.so libm.so libstdc++.so libcrypto.so liblog.so libpcre.so libselinux.so libpackagelistparser.so"
+      if [ -f "$MOUNTINFO/dummy/system/lib" ]; then
+        cd /system/lib
+        cp -afc $LIBS $DUMMDIR/system/lib
+        # Crash prevention!!
+        rm -f $COREDIR/magiskhide/enable 2>/dev/null
+      fi
+      if [ -f "$MOUNTINFO/dummy/system/lib64" ]; then
+        cd /system/lib64
+        cp -afc $LIBS $DUMMDIR/system/lib64
+        # Crash prevention!!
+        rm -f $COREDIR/magiskhide/enable 2>/dev/null
+      fi
+
+      # vendor libraries are device dependent, had no choice but copy them all if needed....
+      if [ -f "$MOUNTINFO/dummy/system/vendor" ]; then
+        cp -afc /system/vendor/lib/. $DUMMDIR/system/vendor/lib
+        [ -d "/system/vendor/lib64" ] && cp -afc /system/vendor/lib64/. $DUMMDIR/system/vendor/lib64
+      fi
+      if [ -f "$MOUNTINFO/dummy/system/vendor/lib" ]; then
+        cp -afc /system/vendor/lib/. $DUMMDIR/system/vendor/lib
+      fi
+      if [ -f "$MOUNTINFO/dummy/system/vendor/lib64" ]; then
+        cp -afc /system/vendor/lib64/. $DUMMDIR/system/vendor/lib64
+      fi
+
+      # Remove crap folder
+      rm -rf $MOUNTPOINT/lost+found
+      
+      # Start doing tasks
+      
+      # Stage 1
+      log_print "Bind mount dummy system"
+      find $MOUNTINFO/dummy -type f 2>/dev/null | while read ITEM ; do
+        TARGET=${ITEM#$MOUNTINFO/dummy}
+        ORIG="$DUMMDIR$TARGET"
+        clone_dummy "$TARGET"
+        bind_mount "$ORIG" "$TARGET"
+      done
+
+      # Stage 2
+      log_print "Bind mount module items"
+      find $MOUNTINFO/system -type f 2>/dev/null | while read ITEM ; do
+        TARGET=${ITEM#$MOUNTINFO}
+        ORIG=`cat $ITEM`$TARGET
+        bind_mount $ORIG $TARGET
+        rm -f $DUMMDIR${TARGET%/*}/.dummy 2>/dev/null
+      done
+
+      # Run scripts
+      run_scripts post-fs-data
+
+      # Bind hosts for Adblock apps
+      if [ -f "$COREDIR/hosts" ]; then
+        log_print "Enabling systemless hosts file support"
+        bind_mount $COREDIR/hosts /system/etc/hosts
+      fi
+
+      # Expose busybox
+      if [ -f "$COREDIR/busybox/enable" ]; then
+        log_print "Enabling BusyBox"
+        cp -afc /data/busybox/. $COREDIR/busybox
+        cp -afc /system/xbin/. $COREDIR/busybox
+        chmod -R 755 $COREDIR/busybox
+        chcon -hR "u:object_r:system_file:s0" $COREDIR/busybox
+        bind_mount $COREDIR/busybox /system/xbin
+      fi
+
+      # Stage 3
+      log_print "Bind mount system mirror"
+      bind_mount /system $MIRRDIR/system
+
+      # Stage 4
+      log_print "Bind mount mirror items"
+      # Find all empty directores and dummy files, they should be mounted by original files in /system
+      TOOLPATH=/data/busybox find $DUMMDIR -type d \
+      -exec sh -c '[ -z "`ls -A $1`" ] && echo $1' -- {} \; \
+      -o \( -type f -size 0 -print \) | \
+      while read ITEM ; do
+        ORIG=${ITEM/dummy/mirror}
+        TARGET=${ITEM#$DUMMDIR}
+        bind_mount $ORIG $TARGET
+      done
+
+      # Restart post-fs-data if necessary (multirom)
+      ($MULTIROM) && setprop magisk.restart_pfsd 1
+
+    fi
+    unblock
+    ;;
+
+  service )
+    # Version info
+    MAGISK_VERSION_STUB
+    log_print "** Magisk late_start service mode running..."
+    run_scripts service
+
+    # Magisk Hide
+    if [ -f "$COREDIR/magiskhide/enable" ]; then
+      log_print "** Removing tampered read-only system props"
+
+      VERIFYBOOT=`getprop ro.boot.verifiedbootstate`
+      FLASHLOCKED=`getprop ro.boot.flash.locked`
+      VERITYMODE=`getprop ro.boot.veritymode`
+
+      [ ! -z "$VERIFYBOOT" -a "$VERIFYBOOT" != "green" ] && log_print "`$BINPATH/resetprop -v -n ro.boot.verifiedbootstate green`"
+      [ ! -z "$FLASHLOCKED" -a "$FLASHLOCKED" != "1" ] && log_print "`$BINPATH/resetprop -v -n ro.boot.flash.locked 1`"
+      [ ! -z "$VERITYMODE" -a "$VERITYMODE" != "enforcing" ] && log_print "`$BINPATH/resetprop -v -n ro.boot.veritymode enforcing`"
+
+      mktouch $COREDIR/magiskhide/hidelist
+      chmod -R 755 $COREDIR/magiskhide
+      # Add Safety Net preset
+      $COREDIR/magiskhide/add com.google.android.gms.unstable
+      log_print "** Starting Magisk Hide"
+      /data/magisk/magiskhide
+    fi
+    ;;
+
+esac
--- a/uninstaller/META-INF/com/google/android/update-binary
+++ b/uninstaller/META-INF/com/google/android/update-binary
@@ -10,6 +10,9 @@

 INSTALLER=/tmp/uninstall

+# Default permissions
+umask 022
+
 ##########################################################################################
 # Flashable update-binary preparation
 ##########################################################################################
@@ -63,14 +66,14 @@ getvar() {
 find_boot_image() {
  if [ -z "$BOOTIMAGE" ]; then
    for PARTITION in kern-a KERN-A android_boot ANDROID_BOOT kernel KERNEL boot BOOT lnx LNX; do
-      BOOTIMAGE=$(readlink /dev/block/by-name/$PARTITION || readlink /dev/block/platform/*/by-name/$PARTITION || readlink /dev/block/platform/*/*/by-name/$PARTITION)
+      BOOTIMAGE=`readlink /dev/block/by-name/$PARTITION || readlink /dev/block/platform/*/by-name/$PARTITION || readlink /dev/block/platform/*/*/by-name/$PARTITION`
      if [ ! -z "$BOOTIMAGE" ]; then break; fi
    done
  fi
  if [ -z "$BOOTIMAGE" ]; then
    FSTAB="/etc/recovery.fstab"
    [ ! -f "$FSTAB" ] && FSTAB="/etc/recovery.fstab.bak"
-    BOOTIMAGE=$(grep -E '\b/boot\b' "$FSTAB" | grep -oE '/dev/[a-zA-Z0-9_./-]*')
+    [ -f "$FSTAB" ] BOOTIMAGE=`grep -E '\b/boot\b' "$FSTAB" | grep -oE '/dev/[a-zA-Z0-9_./-]*'`
  fi
 }

@@ -100,11 +103,6 @@ unpack_boot() {
  cd $UNPACKDIR
  $BINDIR/bootimgtools --extract $1

-  find $TMPDIR/boottmp -type d -exec chmod 755 {} \;
-  find $TMPDIR/boottmp -type f -exec chmod 644 {} \;
-  chmod 755 $(find $TMPDIR/boottmp -type d)
-  chmod 644 $(find $TMPDIR/boottmp -type f)
-
  cd $RAMDISK
  gunzip -c < $UNPACKDIR/ramdisk.gz | cpio -i
 }
@@ -135,22 +133,18 @@ revert_boot() {
  mkdir -p $TMPDIR/boottmp

  CHROMEDIR=$INSTALLER/chromeos
-  ORIGBOOT=$TMPDIR/boottmp/boot.img
  NEWBOOT=$TMPDIR/boottmp/new-boot.img
  UNPACKDIR=$TMPDIR/boottmp/bootunpack
  RAMDISK=$TMPDIR/boottmp/ramdisk

-  chmod 777 $CHROMEDIR/futility $BINDIR/*
-
-  ui_print "- Dumping boot image"
-  dd if=$BOOTIMAGE of=$ORIGBOOT
+  ORIGBOOT=$BOOTIMAGE

  ui_print "- Unpacking boot image"
  unpack_boot $ORIGBOOT

  if [ -d ".backup" ]; then
    ui_print "- Restoring ramdisk with backup"
-    cp -af .backup/* .
+    cp -af .backup/. .
    rm -rf magisk init.magisk.rc sbin/magic_mask.sh 2>/dev/null
    rm -rf .backup
  else
@@ -188,24 +182,28 @@ if [ ! -f '/system/build.prop' ]; then
  exit 1
 fi

+SAMSUNG=false
+SAMSUNG_CHECK=$(cat /system/build.prop | grep "ro.build.fingerprint=" | grep -i "samsung")
+if [ $? -eq 0 ]; then
+  SAMSUNG=true
+fi
+
 API=$(grep_prop ro.build.version.sdk)
 ABI=$(grep_prop ro.product.cpu.abi | cut -c-3)
 ABI2=$(grep_prop ro.product.cpu.abi2 | cut -c-3)
 ABILONG=$(grep_prop ro.product.cpu.abi)

 ARCH=arm
-IS64BIT=
+IS64BIT=false
 if [ "$ABI" = "x86" ]; then ARCH=x86; fi;
 if [ "$ABI2" = "x86" ]; then ARCH=x86; fi;
-if [ "$ABILONG" = "arm64-v8a" ]; then ARCH=arm64; IS64BIT=1; fi;
-if [ "$ABILONG" = "x86_64" ]; then ARCH=x64; IS64BIT=1; fi;
+if [ "$ABILONG" = "arm64-v8a" ]; then ARCH=arm64; IS64BIT=true; fi;
+if [ "$ABILONG" = "x86_64" ]; then ARCH=x64; IS64BIT=true; fi;

 ui_print "- Device platform: $ARCH"

-BINDIR=$INSTALLER/arm
-if [ "$ARCH" = "x86" -o "$ARCH" = "x64" ]; then
-  BINDIR=$INSTALLER/x86
-fi
+BINDIR=$INSTALLER/$ARCH
+chmod -R 755 $CHROMEDIR/futility $BINDIR

 find_boot_image
 if [ -z "$BOOTIMAGE" ]; then
@@ -213,18 +211,10 @@ if [ -z "$BOOTIMAGE" ]; then
  exit 1
 fi

-SAMSUNG=false
-SAMSUNG_CHECK=$(cat /system/build.prop | grep "ro.build.fingerprint=" | grep -i "samsung")
-if [ $? -eq 0 ]; then
-  SAMSUNG=true
-fi
-
 ##########################################################################################
 # Detection all done, start installing
 ##########################################################################################

-umount /magisk 2>/dev/null
-
 if (is_mounted /data); then
  cp -af /data/stock_boot_*.gz /data/stock_boot.img.gz 2>/dev/null
  gzip -d /data/stock_boot.img.gz 2>/dev/null
@@ -237,26 +227,28 @@ if (is_mounted /data); then
    revert_boot
  fi
  ui_print "- Removing Magisk files"
-  rm -rf /cache/magisk /cache/magisk_merge /cache/magisk.log /cache/last_magisk.log /cache/unblock /data/Magisk.apk /data/magisk.img /data/magisk_merge.img /data/busybox /data/magisk 2>/dev/null
+  rm -rf  /cache/magisk.log /cache/last_magisk.log /cache/magiskhide.log \
+          /cache/magisk /cache/magisk_merge /cache/magisk_mount  /cache/unblock \
+          /data/Magisk.apk /data/magisk.img /data/magisk_merge.img \
+          /data/busybox /data/magisk /data/custom_ramdisk_patch.sh 2>/dev/null
 else
  ui_print "! Data unavalible"
  ui_print "! Impossible to restore original boot image"
  ui_print "! Try using ramdisk backup"
  revert_boot
  ui_print "- Removing Magisk files"
-  rm -rf /cache/magisk* /cache/last_magisk.log /cache/unblock 2>/dev/null
+  rm -rf  /cache/magisk.log /cache/last_magisk.log /cache/magiskhide.log \
+          /cache/magisk /cache/magisk_merge /cache/magisk_mount  /cache/unblock 2>/dev/null
  ui_print "*****************************************"
  ui_print "     Magisk is not fully removed yet     "
  ui_print " Please manually remove /data/magisk.img "
  ui_print "*****************************************"
 fi

-if [ -L "$BOOTIMAGE" ]; then
-  ui_print "- Block symlink detected!"
-else
-  dd if=/dev/zero of=$BOOTIMAGE bs=4096 2>/dev/null
-fi
+chmod 644 $NEWBOOT
+
 ui_print "- Flashing reverted image"
+[ ! -L "$BOOTIMAGE" ] && dd if=/dev/zero of=$BOOTIMAGE bs=4096 2>/dev/null
 dd if=$NEWBOOT of=$BOOTIMAGE bs=4096

 umount /system
--- a/uninstaller/arm/bootimgtools
+++ b/uninstaller/arm/bootimgtools
--- a/uninstaller/x86/bootimgtools
+++ b/uninstaller/x86/bootimgtools
--- a/zip_static/arm/bootimgtools
+++ b/zip_static/arm/bootimgtools
--- a/zip_static/arm/magiskhide
+++ b/zip_static/arm/magiskhide
--- a/zip_static/arm/sepolicy-inject
+++ b/zip_static/arm/sepolicy-inject
--- a/zip_static/arm64/busybox
+++ b/zip_static/arm64/busybox
--- a/zip_static/common/init.magisk.rc
+++ b/zip_static/common/init.magisk.rc
@@ -10,8 +10,8 @@ on post-fs-data
    wait /dev/.magisk.unblock 40
    rm /dev/.magisk.unblock

-on property:magisk.hide=1
-    restart magisk_hide
+on property:magisk.restart_pfsd=1
+    trigger post-fs-data

 # Services

@@ -33,9 +33,3 @@ service magisk_service /sbin/magic_mask.sh service
    user root
    seclabel u:r:su:s0
    oneshot
-
-# launch magisk hide script
-service magisk_hide /sbin/magic_mask.sh hide
-    user root
-    seclabel u:r:su:s0
-    oneshot
--- a/zip_static/common/magic_mask.sh
+++ b/zip_static/common/magic_mask.sh
@@ -1,429 +0,0 @@
-#!/system/bin/sh
-
-LOGFILE=/cache/magisk.log
-HIDELOG=/cache/magiskhide.log
-IMG=/data/magisk.img
-
-export MOUNTPOINT=/magisk
-
-COREDIR=$MOUNTPOINT/.core
-
-DUMMDIR=$COREDIR/dummy
-MIRRDIR=$COREDIR/mirror
-
-TMPDIR=/dev/tmp
-
-# Use the included busybox to do everything for maximum compatibility
-# We also do so because we rely on the option "-c" for cp (reserve contexts)
-
-# Reserve the original PATH
-export OLDPATH=$PATH
-export PATH="/data/busybox:$PATH"
-
-log_print() {
-  echo $1
-  echo $1 >> $LOGFILE
-  log -p i -t Magisk "$1"
-}
-
-mktouch() {
-  mkdir -p ${1%/*} 2>/dev/null
-  if [ -z "$2" ]; then
-    touch $1 2>/dev/null
-  else
-    echo $2 > $1 2>/dev/null
-  fi
-}
-
-unblock() {
-  touch /dev/.magisk.unblock
-  exit
-}
-
-run_scripts() {
-  BASE=$MOUNTPOINT
-  if [ "$1" = "post-fs" ]; then
-    BASE=/cache/magisk
-  fi
-
-  for MOD in $BASE/* ; do
-    if [ ! -f "$MOD/disable" ]; then
-      if [ -f "$MOD/$1.sh" ]; then
-        chmod 755 $MOD/$1.sh
-        chcon 'u:object_r:system_file:s0' $MOD/$1.sh
-        log_print "$1: $MOD/$1.sh"
-        $MOD/$1.sh
-      fi
-    fi
-  done
-}
-
-loopsetup() {
-  LOOPDEVICE=
-  for DEV in $(ls /dev/block/loop*); do
-    if [ `losetup $DEV $1 >/dev/null 2>&1; echo $?` -eq 0 ]; then
-      LOOPDEVICE=$DEV
-      break
-    fi
-  done
-}
-
-target_size_check() {
-  e2fsck -p -f $1
-  curBlocks=`e2fsck -n $1 2>/dev/null | cut -d, -f3 | cut -d\  -f2`;
-  curUsedM=$((`echo "$curBlocks" | cut -d/ -f1` * 4 / 1024));
-  curSizeM=$((`echo "$curBlocks" | cut -d/ -f2` * 4 / 1024));
-  curFreeM=$((curSizeM - curUsedM));
-}
-
-travel() {
-  cd $1/$2
-  if [ -f ".replace" ]; then
-    rm -rf $TMPDIR/$2
-    mktouch $TMPDIR/$2 $1
-  else
-    for ITEM in * ; do
-      if [ ! -e "/$2/$ITEM" ]; then
-        # New item found
-        if [ $2 = "system" ]; then
-          # We cannot add new items to /system root, delete it
-          rm -rf $ITEM
-        else
-          if [ -d "$TMPDIR/dummy/$2" ]; then
-            # We are in a higher level, delete the lower levels
-            rm -rf $TMPDIR/dummy/$2
-          fi
-          # Mount the dummy parent
-          mktouch $TMPDIR/dummy/$2
-
-          mkdir -p $DUMMDIR/$2 2>/dev/null
-          if [ -d "$ITEM" ]; then
-            # Create new dummy directory
-            mkdir -p $DUMMDIR/$2/$ITEM
-          elif [ -L "$ITEM" ]; then
-            # Symlinks are small, copy them
-            cp -afc $ITEM $DUMMDIR/$2/$ITEM
-          else
-            # Create new dummy file
-            mktouch $DUMMDIR/$2/$ITEM
-          fi
-
-          # Clone the original /system structure (depth 1)
-          if [ -e "/$2" ]; then
-            for DUMMY in /$2/* ; do
-              if [ -d "$DUMMY" ]; then
-                # Create dummy directory
-                mkdir -p $DUMMDIR$DUMMY
-              elif [ -L "$DUMMY" ]; then
-                # Symlinks are small, copy them
-                cp -afc $DUMMY $DUMMDIR$DUMMY
-              else
-                # Create dummy file
-                mktouch $DUMMDIR$DUMMY
-              fi
-            done
-          fi
-        fi
-      fi
-
-      if [ -d "$ITEM" ]; then
-        # It's an directory, travel deeper
-        (travel $1 $2/$ITEM)
-      elif [ ! -L "$ITEM" ]; then
-        # Mount this file
-        mktouch $TMPDIR/$2/$ITEM $1
-      fi
-    done
-  fi
-}
-
-bind_mount() {
-  if [ -e "$1" -a -e "$2" ]; then
-    mount -o bind $1 $2
-    if [ "$?" -eq "0" ]; then 
-      log_print "Mount: $1"
-    else 
-      log_print "Mount Fail: $1"
-    fi 
-  fi
-}
-
-merge_image() {
-  if [ -f "$1" ]; then
-    log_print "$1 found"
-    if [ -f "$IMG" ]; then
-      log_print "$IMG found, attempt to merge"
-
-      # Handle large images
-      target_size_check $1
-      MERGEUSED=$curUsedM
-      target_size_check $IMG
-      if [ "$MERGEUSED" -gt "$curFreeM" ]; then
-        NEWDATASIZE=$((((MERGEUSED + curUsedM) / 32 + 2) * 32))
-        log_print "Expanding $IMG to ${NEWDATASIZE}M..."
-        resize2fs $IMG ${NEWDATASIZE}M
-      fi
-
-      # Start merging
-      mkdir /cache/data_img
-      mkdir /cache/merge_img
-
-      # setup loop devices
-      loopsetup $IMG
-      LOOPDATA=$LOOPDEVICE
-      log_print "$LOOPDATA $IMG"
-
-      loopsetup $1
-      LOOPMERGE=$LOOPDEVICE
-      log_print "$LOOPMERGE $1"
-
-      if [ ! -z "$LOOPDATA" ]; then
-        if [ ! -z "$LOOPMERGE" ]; then
-          # if loop devices have been setup, mount images
-          OK=true
-
-          if [ `mount -t ext4 -o rw,noatime $LOOPDATA /cache/data_img >/dev/null 2>&1; echo $?` -ne 0 ]; then
-            OK=false
-          fi
-
-          if [ `mount -t ext4 -o rw,noatime $LOOPMERGE /cache/merge_img >/dev/null 2>&1; echo $?` -ne 0 ]; then
-            OK=false
-          fi
-
-          if ($OK); then
-            # Merge (will reserve selinux contexts)
-            cd /cache/merge_img
-            for MOD in *; do
-              log_print "Merging: $MOD"
-              rm -rf /cache/data_img/$MOD
-              cp -afc $MOD /cache/data_img/
-            done
-            log_print "Merge complete"
-          fi
-
-          umount /cache/data_img
-          umount /cache/merge_img
-        fi
-      fi
-
-      losetup -d $LOOPDATA
-      losetup -d $LOOPMERGE
-
-      rmdir /cache/data_img
-      rmdir /cache/merge_img
-    else 
-      log_print "Moving $1 to $IMG "
-      mv $1 $IMG
-    fi
-    rm -f $1
-  fi
-}
-
-case $1 in
-  post-fs )
-    mv $LOGFILE /cache/last_magisk.log
-    touch $LOGFILE
-    chmod 644 $LOGFILE
-    log_print "Magisk post-fs mode running..."
-
-    if [ -d "/cache/magisk_merge" ]; then
-      cd /cache/magisk_merge
-      for MOD in *; do
-        log_print "Merging: $MOD"
-        rm -rf /cache/magisk/$MOD
-        mv $MOD /cache/magisk/$MOD
-      done 
-      rm -rf /cache/magisk_merge
-    fi
-
-    for MOD in /cache/magisk/* ; do
-      if [ -f "$MOD/remove" ]; then
-        log_print "Remove module: $MOD"
-        rm -rf $MOD
-      elif [ -f "$MOD/auto_mount" -a ! -f "$MOD/disable" ]; then
-        find $MOD/system -type f 2>/dev/null | while read ITEM ; do
-          TARGET=${ITEM#$MOD}
-          bind_mount $ITEM $TARGET
-        done
-      fi
-    done
-
-    run_scripts post-fs
-    unblock
-    ;;
-
-  post-fs-data )
-    if [ `mount | grep " /data " >/dev/null 2>&1; echo $?` -ne 0 ]; then
-      # /data not mounted yet, we will be called again later
-      unblock
-    fi
-
-    if [ `mount | grep " /data " | grep "tmpfs" >/dev/null 2>&1; echo $?` -eq 0 ]; then
-      # /data not mounted yet, we will be called again later
-      unblock
-    fi
-
-    log_print "Magisk post-fs-data mode running..."
-
-    # Live patch sepolicy
-    /data/magisk/sepolicy-inject --live -s su
-
-    [ ! -d "$MOUNTPOINT" ] && mkdir -p $MOUNTPOINT
-
-    # Cache support
-    if [ -d "/cache/data_bin" ]; then
-      rm -rf /data/busybox /data/magisk
-      mkdir -p /data/busybox
-      mv /cache/data_bin /data/magisk
-      chmod 755 /data/busybox /data/magisk /data/magisk/*
-      chcon 'u:object_r:system_file:s0' /data/busybox /data/magisk /data/magisk/*
-      /data/magisk/busybox --install -s /data/busybox
-      # Prevent issues
-      rm -f /data/busybox/su /data/busybox/sh
-    fi
-    mv /cache/stock_boot.img /data 2>/dev/null
-    
-    chmod 644 $IMG /cache/magisk.img /data/magisk_merge.img 2>/dev/null
-
-    # Handle image merging
-    merge_image /cache/magisk.img
-    merge_image /data/magisk_merge.img
-
-    # Mount magisk.img
-    if [ `cat /proc/mounts | grep $MOUNTPOINT >/dev/null 2>&1; echo $?` -ne 0 ]; then
-      loopsetup $IMG
-      if [ ! -z "$LOOPDEVICE" ]; then
-        mount -t ext4 -o rw,noatime $LOOPDEVICE $MOUNTPOINT
-      fi
-    fi
-
-    if [ `cat /proc/mounts | grep $MOUNTPOINT >/dev/null 2>&1; echo $?` -ne 0 ]; then
-      log_print "magisk.img mount failed, nothing to do :("
-      unblock
-    fi
-
-    log_print "Preparing modules"
-    # First do cleanups
-    rm -rf $DUMMDIR
-    rmdir $(find $MOUNTPOINT -type d -depth ! -path "*core*" ) 2>/dev/null
-    rm -rf $COREDIR/bin
-
-    mkdir -p $DUMMDIR
-    mkdir -p $MIRRDIR/system
-
-    # Travel through all mods
-    for MOD in $MOUNTPOINT/* ; do
-      if [ -f "$MOD/remove" ]; then
-        log_print "Remove module: $MOD"
-        rm -rf $MOD
-      elif [ -f "$MOD/auto_mount" -a -d "$MOD/system" -a ! -f "$MOD/disable" ]; then
-        (travel $MOD system)
-      fi
-    done
-
-    # Proper permissions for generated items
-    chmod 755 $(find $COREDIR -type d)
-    chmod 644 $(find $COREDIR -type f)
-    find $COREDIR -type d -exec chmod 755 {} \;
-    find $COREDIR -type f -exec chmod 644 {} \;
-
-    # linker(64), t*box, and app_process* are required if we need to dummy mount bin folder
-    if [ -f "$TMPDIR/dummy/system/bin" ]; then
-      rm -f $DUMMDIR/system/bin/linker* $DUMMDIR/system/bin/t*box $DUMMDIR/system/bin/app_process*
-      cd /system/bin
-      cp -afc linker* t*box app_process* $DUMMDIR/system/bin/
-    fi
-
-    # Unmount, shrink, remount
-    if [ `umount $MOUNTPOINT >/dev/null 2>&1; echo $?` -eq 0 ]; then
-      losetup -d $LOOPDEVICE
-      target_size_check $IMG
-      NEWDATASIZE=$(((curUsedM / 32 + 2) * 32))
-      if [ "$curSizeM" -gt "$NEWDATASIZE" ]; then
-        log_print "Shrinking $IMG to ${NEWDATASIZE}M..."
-        resize2fs $IMG ${NEWDATASIZE}M
-      fi
-      loopsetup $IMG
-      if [ ! -z "$LOOPDEVICE" ]; then
-        mount -t ext4 -o rw,noatime $LOOPDEVICE $MOUNTPOINT
-      fi
-    fi
-
-    if [ `cat /proc/mounts | grep $MOUNTPOINT >/dev/null 2>&1; echo $?` -ne 0 ]; then
-      log_print "magisk.img mount failed, nothing to do :("
-      unblock
-    fi
-
-    # Remove crap folder
-    rm -rf $MOUNTPOINT/lost+found
-    
-    # Start doing tasks
-    
-    # Stage 1
-    log_print "Bind mount dummy system"
-    find $TMPDIR/dummy -type f 2>/dev/null | while read ITEM ; do
-      TARGET=${ITEM#$TMPDIR/dummy}
-      ORIG=$DUMMDIR$TARGET
-      bind_mount $ORIG $TARGET
-    done
-
-    # Stage 2
-    log_print "Bind mount module items"
-    find $TMPDIR/system -type f 2>/dev/null | while read ITEM ; do
-      TARGET=${ITEM#$TMPDIR}
-      ORIG=`cat $ITEM`$TARGET
-      bind_mount $ORIG $TARGET
-      rm -f $DUMMDIR${TARGET%/*}/.dummy 2>/dev/null
-    done
-
-    # Run scripts
-    run_scripts post-fs-data
-
-    # Bind hosts for Adblock apps
-    [ ! -f "$COREDIR/hosts" ] && cp -afc /system/etc/hosts $COREDIR/hosts
-    log_print "Enabling systemless hosts file support"
-    bind_mount $COREDIR/hosts /system/etc/hosts
-
-    # Stage 3
-    log_print "Bind mount system mirror"
-    bind_mount /system $MIRRDIR/system
-
-    # Stage 4
-    log_print "Bind mount mirror items"
-    # Find all empty directores and dummy files, they should be mounted by original files in /system
-    find $DUMMDIR -type d -exec sh -c '[ -z "$(ls -A $1)" ] && echo $1' -- {} \; -o \( -type f -size 0 -print \) | while read ITEM ; do
-      ORIG=${ITEM/dummy/mirror}
-      TARGET=${ITEM#$DUMMDIR}
-      bind_mount $ORIG $TARGET
-    done
-
-    # All done
-    rm -rf $TMPDIR
-
-    unblock
-    ;;
-
-  service )
-    # Version info
-    setprop magisk.version 8
-    log_print "Magisk late_start service mode running..."
-    run_scripts service
-    [ -f "$COREDIR/magiskhide/enable" ] && setprop magisk.hide 1
-    ;;
-
-  hide )
-    # Enable magiskhide
-    [ ! -f "$COREDIR/magiskhide/hidelist" ] && mktouch $COREDIR/magiskhide/hidelist
-    # Add preset for Safety Net
-    if [ $(grep -c "com.google.android.gms.unstable" $COREDIR/magiskhide/hidelist) -eq "0" ]; then
-      mv $COREDIR/magiskhide/hidelist $COREDIR/magiskhide/hidelist.tmp
-      echo "com.google.android.gms.unstable" > $COREDIR/magiskhide/hidelist
-      cat $COREDIR/magiskhide/hidelist.tmp >> $COREDIR/magiskhide/hidelist
-      rm -f $COREDIR/magiskhide/hidelist.tmp
-    fi
-    chmod 755 $COREDIR/magiskhide $COREDIR/magiskhide/*
-    log_print "Starting Magisk Hide"
-    exec /data/magisk/magiskhide $COREDIR/magiskhide/hidelist > $HIDELOG
-    ;;
-
-esac
--- a/zip_static/common/magiskhide/add
+++ b/zip_static/common/magiskhide/add
@@ -1,12 +1,11 @@
 #!/system/bin/sh

-HIDELIST=$MOUNTPOINT/.core/magiskhide/hidelist
+HIDELIST=/magisk/.core/magiskhide/hidelist

 if [ ! -z "$1" ]; then
  if [ $(grep -c "^$1$" $HIDELIST) -eq "0" ]; then
    echo "$1" >> $HIDELIST
+    set `/data/busybox/ps -o pid,args | grep "$1" | grep -v "grep"`
+    kill "$1"
  fi
 fi
-
-# Reload the list
-setprop magisk.hide 1
--- a/zip_static/common/magiskhide/list
+++ b/zip_static/common/magiskhide/list
@@ -1,4 +1,5 @@
 #!/system/bin/sh

-HIDELIST=$MOUNTPOINT/.core/magiskhide/hidelist
+HIDELIST=/magisk/.core/magiskhide/hidelist
+
 cat $HIDELIST
--- a/zip_static/common/magiskhide/rm
+++ b/zip_static/common/magiskhide/rm
@@ -1,12 +1,11 @@
 #!/system/bin/sh

-HIDELIST=$MOUNTPOINT/.core/magiskhide/hidelist
+HIDELIST=/magisk/.core/magiskhide/hidelist

 if [ ! -z "$1" ]; then
-  mv $HIDELIST $HIDELIST.tmp
+  cp -af $HIDELIST $HIDELIST.tmp
  cat $HIDELIST.tmp | grep -v "^$1$" > $HIDELIST
  rm -f $HIDELIST.tmp
+  set `/data/busybox/ps -o pid,args | grep "$1" | grep -v "grep"`
+  kill "$1"
 fi
-
-# Reload the list
-setprop magisk.hide 1
--- a/zip_static/x64/busybox
+++ b/zip_static/x64/busybox
--- a/zip_static/x86/bootimgtools
+++ b/zip_static/x86/bootimgtools
--- a/zip_static/x86/magiskhide
+++ b/zip_static/x86/magiskhide
--- a/zip_static/x86/sepolicy-inject
+++ b/zip_static/x86/sepolicy-inject
--- a/zipsigntools/minsignapk.jar
+++ b/zipsigntools/minsignapk.jar
--- a/zipsigntools/signapk.jar
+++ b/zipsigntools/signapk.jar
--- a/zipsigntools/src/MinSignAPK.java
+++ b/zipsigntools/src/MinSignAPK.java
@@ -0,0 +1,191 @@
+/*
+ * Copyright (C) 2008 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/* This is just a copy/paste/cut job from original SignAPK sources. This 
+ * adaptation adds only the whole-file signature to a ZIP(jar,apk) file, and 
+ * doesn't do any of the per-file signing, creating manifests, etc. This is 
+ * useful when you've changed the structure itself of an existing (signed!) 
+ * ZIP file, but the extracted contents are still identical. Using
+ * the normal SignAPK may re-arrange other things inside the ZIP, which may
+ * be unwanted behavior. This version only changes the ZIP's tail and keeps
+ * the rest the same - CF
+ */
+
+package eu.chainfire.minsignapk;
+
+import java.io.ByteArrayOutputStream;
+import java.io.DataInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.security.GeneralSecurityException;
+import java.security.KeyFactory;
+import java.security.PrivateKey;
+import java.security.Signature;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
+import java.security.spec.PKCS8EncodedKeySpec;
+
+import sun.security.pkcs.ContentInfo;
+import sun.security.pkcs.PKCS7;
+import sun.security.pkcs.SignerInfo;
+import sun.security.x509.AlgorithmId;
+import sun.security.x509.X500Name;
+
+public class MinSignAPK {
+	/** Write a .RSA file with a digital signature. */
+    private static void writeSignatureBlock(Signature signature, X509Certificate publicKey, OutputStream out)
+            throws IOException, GeneralSecurityException {
+        SignerInfo signerInfo = new SignerInfo(new X500Name(publicKey.getIssuerX500Principal().getName()),
+                publicKey.getSerialNumber(), AlgorithmId.get("SHA1"), AlgorithmId.get("RSA"), signature.sign());
+
+        PKCS7 pkcs7 = new PKCS7(new AlgorithmId[] { AlgorithmId.get("SHA1") }, new ContentInfo(ContentInfo.DATA_OID,
+                null), new X509Certificate[] { publicKey }, new SignerInfo[] { signerInfo });
+
+        pkcs7.encodeSignedData(out);
+    }
+    
+	private static void signWholeOutputFile(byte[] zipData, OutputStream outputStream, X509Certificate publicKey,
+            PrivateKey privateKey) throws IOException, GeneralSecurityException {
+
+        // For a zip with no archive comment, the
+        // end-of-central-directory record will be 22 bytes long, so
+        // we expect to find the EOCD marker 22 bytes from the end.
+        if (zipData[zipData.length - 22] != 0x50 || zipData[zipData.length - 21] != 0x4b
+                || zipData[zipData.length - 20] != 0x05 || zipData[zipData.length - 19] != 0x06) {
+            throw new IllegalArgumentException("zip data already has an archive comment");
+        }
+
+        Signature signature = Signature.getInstance("SHA1withRSA");
+        signature.initSign(privateKey);
+        signature.update(zipData, 0, zipData.length - 2);
+
+        ByteArrayOutputStream temp = new ByteArrayOutputStream();
+
+        // put a readable message and a null char at the start of the
+        // archive comment, so that tools that display the comment
+        // (hopefully) show something sensible.
+        // TODO: anything more useful we can put in this message?
+        byte[] message = "signed by SignApk".getBytes("UTF-8");
+        temp.write(message);
+        temp.write(0);
+        writeSignatureBlock(signature, publicKey, temp);
+        int total_size = temp.size() + 6;
+        if (total_size > 0xffff) {
+            throw new IllegalArgumentException("signature is too big for ZIP file comment");
+        }
+        // signature starts this many bytes from the end of the file
+        int signature_start = total_size - message.length - 1;
+        temp.write(signature_start & 0xff);
+        temp.write((signature_start >> 8) & 0xff);
+        // Why the 0xff bytes? In a zip file with no archive comment,
+        // bytes [-6:-2] of the file are the little-endian offset from
+        // the start of the file to the central directory. So for the
+        // two high bytes to be 0xff 0xff, the archive would have to
+        // be nearly 4GB in side. So it's unlikely that a real
+        // commentless archive would have 0xffs here, and lets us tell
+        // an old signed archive from a new one.
+        temp.write(0xff);
+        temp.write(0xff);
+        temp.write(total_size & 0xff);
+        temp.write((total_size >> 8) & 0xff);
+        temp.flush();
+
+        // Signature verification checks that the EOCD header is the
+        // last such sequence in the file (to avoid minzip finding a
+        // fake EOCD appended after the signature in its scan). The
+        // odds of producing this sequence by chance are very low, but
+        // let's catch it here if it does.
+        byte[] b = temp.toByteArray();
+        for (int i = 0; i < b.length - 3; ++i) {
+            if (b[i] == 0x50 && b[i + 1] == 0x4b && b[i + 2] == 0x05 && b[i + 3] == 0x06) {
+                throw new IllegalArgumentException("found spurious EOCD header at " + i);
+            }
+        }
+
+        outputStream.write(zipData, 0, zipData.length - 2);
+        outputStream.write(total_size & 0xff);
+        outputStream.write((total_size >> 8) & 0xff);
+        temp.writeTo(outputStream);
+    }
+	
+	private static PrivateKey readPrivateKey(File file)
+	        throws IOException, GeneralSecurityException {
+		DataInputStream input = new DataInputStream(new FileInputStream(file));
+		try {
+			byte[] bytes = new byte[(int) file.length()];
+			input.read(bytes);
+
+			// dont support encrypted keys atm
+			//KeySpec spec = decryptPrivateKey(bytes, file);
+			//if (spec == null) {
+				KeySpec spec = new PKCS8EncodedKeySpec(bytes);
+			//}
+
+			try {
+				return KeyFactory.getInstance("RSA").generatePrivate(spec);
+			} catch (InvalidKeySpecException ex) {
+				return KeyFactory.getInstance("DSA").generatePrivate(spec);
+			}
+		} finally {
+			input.close();
+		}
+	}
+	
+	private static X509Certificate readPublicKey(File file)
+			throws IOException, GeneralSecurityException {
+		FileInputStream input = new FileInputStream(file);
+		try {
+			CertificateFactory cf = CertificateFactory.getInstance("X.509");
+			return (X509Certificate) cf.generateCertificate(input);
+		} finally {
+			input.close();
+		}
+	}	
+	
+	public static void main(String[] args) {
+		if (args.length < 4) {
+			System.out.println("MinSignAPK pemfile pk8file inzip outzip");
+			System.out.println("- only adds whole-file signature to zip");
+			return;
+		}
+		 
+		String pemFile = args[0];
+		String pk8File = args[1];
+		String inFile = args[2];
+		String outFile = args[3];
+		
+		try {
+			X509Certificate publicKey = readPublicKey(new File(pemFile));
+			PrivateKey privateKey = readPrivateKey(new File(pk8File));
+			
+			InputStream fis = new FileInputStream(inFile);
+			byte[] buffer = new byte[(int)(new File(inFile)).length()];
+			fis.read(buffer);
+			fis.close();
+			
+			OutputStream fos = new FileOutputStream(outFile, false);
+			signWholeOutputFile(buffer, fos, publicKey, privateKey);
+			fos.close();			
+		} catch (Exception e) {
+			e.printStackTrace();
+		}
+	 }
+}
--- a/zipsigntools/src/zipadjust.c
+++ b/zipsigntools/src/zipadjust.c
@@ -0,0 +1,319 @@
+/*
+ * Copyright (C) 2013 Jorrit "Chainfire" Jongma
+ * Copyright (C) 2013 The OmniROM Project
+ */
+/*
+ * This file is part of OpenDelta.
+ *
+ * OpenDelta is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * OpenDelta is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with OpenDelta. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdlib.h>
+#include <stdint.h>
+#include <fcntl.h>
+#include <string.h>
+#include <stdio.h>
+#include <errno.h>
+#include <zlib.h>
+
+#pragma pack(1)
+struct local_header_struct {
+	uint32_t signature;
+	uint16_t extract_version;
+	uint16_t flags;
+	uint16_t compression_method;
+	uint16_t last_modified_time;
+	uint16_t last_modified_date;
+	uint32_t crc32;
+	uint32_t size_compressed;
+	uint32_t size_uncompressed;
+	uint16_t length_filename;
+	uint16_t length_extra;
+	// filename
+	// extra
+};
+typedef struct local_header_struct local_header_t;
+
+#pragma pack(1)
+struct data_descriptor_struct {
+	uint32_t signature;
+	uint32_t crc32;
+	uint32_t size_compressed;
+	uint32_t size_uncompressed;
+};
+typedef struct data_descriptor_struct data_descriptor_t;
+
+#pragma pack(1)
+struct central_header_struct {
+	uint32_t signature;
+	uint16_t version_made;
+	uint16_t version_needed;
+	uint16_t flags;
+	uint16_t compression_method;
+	uint16_t last_modified_time;
+	uint16_t last_modified_date;
+	uint32_t crc32;
+	uint32_t size_compressed;
+	uint32_t size_uncompressed;
+	uint16_t length_filename;
+	uint16_t length_extra;
+	uint16_t length_comment;
+	uint16_t disk_start;
+	uint16_t attr_internal;
+	uint32_t attr_external;
+	uint32_t offset;
+	// filename
+	// extra
+	// comment
+};
+typedef struct central_header_struct central_header_t;
+
+#pragma pack(1)
+struct central_footer_struct {
+	uint32_t signature;
+	uint16_t disk_number;
+	uint16_t disk_number_central_directory;
+	uint16_t central_directory_entries_this_disk;
+	uint16_t central_directory_entries_total;
+	uint32_t central_directory_size;
+	uint32_t central_directory_offset;
+	uint16_t length_comment;
+	// comment
+};
+typedef struct central_footer_struct central_footer_t;
+
+#define MAGIC_LOCAL_HEADER 0x04034b50
+#define MAGIC_DATA_DESCRIPTOR 0x08074b50
+#define MAGIC_CENTRAL_HEADER 0x02014b50
+#define MAGIC_CENTRAL_FOOTER 0x06054b50
+
+static int xerror(char* message) {
+	fprintf(stderr, "%s\n", message);
+	return 0;
+}
+
+static int xseekread(int fd, off_t offset, void* buf, size_t bytes) {
+	if (lseek(fd, offset, SEEK_SET) == (off_t)-1) return xerror("Seek failed");
+	if (read(fd, buf, bytes) != bytes) return xerror("Read failed");
+	return 1;
+}
+
+static int xseekwrite(int fd, off_t offset, void* buf, size_t bytes) {
+	if (lseek(fd, offset, SEEK_SET) == (off_t)-1) return xerror("Seek failed");
+	if (write(fd, buf, bytes) != bytes) return xerror("Write failed");
+	return 1;
+}
+
+static int xfilecopy(int fdIn, int fdOut, off_t offsetIn, off_t offsetOut, size_t bytes) {
+	if ((offsetIn != (off_t)-1) && (lseek(fdIn, offsetIn, SEEK_SET) == (off_t)-1)) return xerror("Seek failed");
+	if ((offsetOut != (off_t)-1) && (lseek(fdOut, offsetOut, SEEK_SET) == (off_t)-1)) return xerror("Seek failed");
+	
+	int CHUNK = 256 * 1024;
+	void* buf = malloc(CHUNK);
+	if (buf == NULL) return xerror("malloc failed");
+	size_t left = bytes;
+	while (left > 0) {
+		size_t wanted = (left < CHUNK) ? left : CHUNK;
+		size_t r = read(fdIn, buf, wanted);
+		if (r <= 0) return xerror("Read failed");
+		if (write(fdOut, buf, r) != r) return xerror("Write failed");
+		left -= r;
+	}
+	free(buf);
+	
+	return 1;
+}
+
+static int xdecompress(int fdIn, int fdOut, off_t offsetIn, off_t offsetOut, size_t bytes) {
+	if ((offsetIn != (off_t)-1) && (lseek(fdIn, offsetIn, SEEK_SET) == (off_t)-1)) return xerror("Seek failed");
+	if ((offsetOut != (off_t)-1) && (lseek(fdOut, offsetOut, SEEK_SET) == (off_t)-1)) return xerror("Seek failed");
+	
+	int CHUNK = 256 * 1024;
+	
+	int ret;
+	unsigned have;
+	z_stream strm;
+	unsigned char in[CHUNK];
+	unsigned char out[CHUNK];
+	
+	strm.zalloc = Z_NULL;
+	strm.zfree = Z_NULL;
+	strm.opaque = Z_NULL;
+	strm.avail_in = 0;
+	strm.next_in = Z_NULL;
+	ret = inflateInit2(&strm, -15);
+	if (ret != Z_OK) return xerror("ret != Z_OK");
+	
+	do {
+		strm.avail_in = read(fdIn, in, CHUNK);
+		if (strm.avail_in < 0) {
+			(void)inflateEnd(&strm);
+			return xerror("Read failed");
+		}
+		if (strm.avail_in == 0) break;
+		strm.next_in = in;
+		
+		do {
+			strm.avail_out = CHUNK;
+			strm.next_out = out;
+			
+			ret = inflate(&strm, Z_NO_FLUSH);
+			if (ret == Z_STREAM_ERROR) return xerror("Stream error");
+			switch (ret) {
+			case Z_NEED_DICT:
+				ret = Z_DATA_ERROR;
+			case Z_DATA_ERROR:
+			case Z_MEM_ERROR:
+				(void)inflateEnd(&strm);
+				return xerror("DICT/DATA/MEM error");
+			}
+			
+			have = CHUNK - strm.avail_out;
+			if (write(fdOut, out, have) != have) {
+				(void)inflateEnd(&strm);
+				return xerror("Write failed");
+			}
+		} while (strm.avail_out == 0);
+	} while (ret != Z_STREAM_END);
+	(void)inflateEnd(&strm);
+	
+	return ret == Z_STREAM_END ? 1 : 0;
+}
+
+int zipadjust(char* filenameIn, char* filenameOut, int decompress) {
+	int ok = 0;
+	
+	int fin = open(filenameIn, O_RDONLY);
+	if (fin > 0) {
+		unsigned int size = lseek(fin, 0, SEEK_END);
+		lseek(fin, 0, SEEK_SET);
+		printf("%d bytes\n", size);
+
+		char filename[1024];
+
+		central_footer_t central_footer;
+		uint32_t central_directory_in_position = 0;
+		uint32_t central_directory_in_size = 0;
+		uint32_t central_directory_out_size = 0;
+
+		int i;
+		for (i = size - 4; i >= 0; i--) {
+			uint32_t magic = 0;
+			if (!xseekread(fin, i, &magic, sizeof(uint32_t))) return 0;
+			if (magic == MAGIC_CENTRAL_FOOTER) {
+				printf("central footer @ %08X\n", i);
+				if (!xseekread(fin, i, &central_footer, sizeof(central_footer_t))) return 0;
+
+				central_header_t central_header;
+				if (!xseekread(fin, central_footer.central_directory_offset, &central_header, sizeof(central_header_t))) return 0;
+				if ( central_header.signature == MAGIC_CENTRAL_HEADER ) {
+					central_directory_in_position = central_footer.central_directory_offset;
+					central_directory_in_size = size - central_footer.central_directory_offset;
+					printf("central header @ %08X (%d)\n", central_footer.central_directory_offset, central_footer.central_directory_size);
+					break;
+				}
+			}
+		}
+
+		if (central_directory_in_position == 0) return 0;
+
+		unsigned char* central_directory_in = (unsigned char*)malloc(central_directory_in_size);
+		unsigned char* central_directory_out = (unsigned char*)malloc(central_directory_in_size);
+		if (!xseekread(fin, central_directory_in_position, central_directory_in, central_directory_in_size)) return 0;
+		memset(central_directory_out, 0, central_directory_in_size);
+
+		unlink(filenameOut);
+		int fout = open(filenameOut, O_CREAT | O_WRONLY, 0644);
+		if (fout > 0) {
+
+			uintptr_t central_directory_in_index = 0;
+			uintptr_t central_directory_out_index = 0;
+
+			central_header_t* central_header = NULL;
+			local_header_t local_header;
+
+			uint32_t out_index = 0;
+
+			while (1) {
+				central_header = (central_header_t*)&central_directory_in[central_directory_in_index];
+				if (central_header->signature != MAGIC_CENTRAL_HEADER) break;
+
+				filename[central_header->length_filename] = (char)0;
+				memcpy(filename, &central_directory_in[central_directory_in_index + sizeof(central_header_t)], central_header->length_filename);
+				printf("%s (%d --> %d) [%08X] (%d)\n", filename, central_header->size_uncompressed, central_header->size_compressed, central_header->crc32, central_header->length_extra + central_header->length_comment);
+
+				local_header_t local_header;
+				if (!xseekread(fin, central_header->offset, &local_header, sizeof(local_header_t))) return 0;
+
+				// save and update to next index before we clobber the data
+				uint16_t compression_method_old = central_header->compression_method;
+				uint32_t size_compressed_old = central_header->size_compressed;
+				uint32_t offset_old = central_header->offset;
+				uint32_t length_extra_old = central_header->length_extra;
+				central_directory_in_index += sizeof(central_header_t) + central_header->length_filename + central_header->length_extra + central_header->length_comment;
+
+				// copying, rewriting, and correcting local and central headers so all the information matches, and no data descriptors are necessary
+				central_header->offset = out_index;
+				central_header->flags = central_header->flags & !8;
+				if (decompress && (compression_method_old == 8)) {
+					central_header->compression_method = 0;
+					central_header->size_compressed = central_header->size_uncompressed;
+				}
+				central_header->length_extra = 0;
+				central_header->length_comment = 0;
+				local_header.compression_method = central_header->compression_method;
+				local_header.flags = central_header->flags;
+				local_header.crc32 = central_header->crc32;
+				local_header.size_uncompressed = central_header->size_uncompressed;
+				local_header.size_compressed = central_header->size_compressed;
+				local_header.length_extra = 0;
+
+				if (!xseekwrite(fout, out_index, &local_header, sizeof(local_header_t))) return 0;
+				out_index += sizeof(local_header_t);
+				if (!xseekwrite(fout, out_index, &filename[0], central_header->length_filename)) return 0;
+				out_index += central_header->length_filename;
+
+				if (decompress && (compression_method_old == 8)) {
+					if (!xdecompress(fin, fout, offset_old + sizeof(local_header_t) + central_header->length_filename + length_extra_old, out_index, size_compressed_old)) return 0;
+				} else {
+					if (!xfilecopy(fin, fout, offset_old + sizeof(local_header_t) + central_header->length_filename + length_extra_old, out_index, size_compressed_old)) return 0;
+				}
+				out_index += local_header.size_compressed;
+
+				memcpy(&central_directory_out[central_directory_out_index], central_header, sizeof(central_header_t) + central_header->length_filename);
+				central_directory_out_index += sizeof(central_header_t) + central_header->length_filename;
+			}
+			
+			central_directory_out_size = central_directory_out_index;
+			central_footer.central_directory_size = central_directory_out_size;
+			central_footer.central_directory_offset = out_index;
+			central_footer.length_comment = 0;
+			if (!xseekwrite(fout, out_index, central_directory_out, central_directory_out_size)) return 0;
+			out_index += central_directory_out_size;
+			if (!xseekwrite(fout, out_index, &central_footer, sizeof(central_footer_t))) return 0;
+
+			printf("central header @ %08X (%d)\n", central_footer.central_directory_offset, central_footer.central_directory_size);
+			printf("central footer @ %08X\n", out_index);
+
+			close(fout);
+			ok = 1;
+		}
+
+		free(central_directory_in);
+		free(central_directory_out);
+		close(fin);
+	}
+	
+	return ok;
+}
--- a/zipsigntools/src/zipadjust.h
+++ b/zipsigntools/src/zipadjust.h
@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) 2013 Jorrit "Chainfire" Jongma
+ * Copyright (C) 2013 The OmniROM Project
+ */
+/*
+ * This file is part of OpenDelta.
+ *
+ * OpenDelta is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * OpenDelta is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with OpenDelta. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __ZIPADJUST_H
+#define __ZIPADJUST_H
+
+int zipadjust(char* filenameIn, char* filenameOut, int decompress);
+
+#endif
--- a/zipsigntools/src/zipadjust_run.c
+++ b/zipsigntools/src/zipadjust_run.c
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2013 Jorrit "Chainfire" Jongma
+ * Copyright (C) 2013 The OmniROM Project
+ */
+/*
+ * This file is part of OpenDelta.
+ *
+ * OpenDelta is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * OpenDelta is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with OpenDelta. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "zipadjust.h"
+
+int main(int argc, char *argv[]) {
+	if (argc >= 3) {
+		if ((argc >= 4) && (strcmp(argv[1], "--decompress") == 0)) {
+			zipadjust(argv[2], argv[3], 1);
+			return 0;
+		} else {
+			zipadjust(argv[1], argv[2], 0);
+			return 0;
+		}
+	}
+	
+	printf("zipadjust - Copyright (c) 2013 Jorrit Jongma (Chainfire)\n");
+	printf("\n");
+	printf("Usage: zipadjust [--decompress] input.zip output.zip\n");
+	printf("\n");
+	printf("Rewrites a zipfile removing all extra fields and comments (this includes the signapk whole-file signature), and synchronizing local headers with the central directory so no data descriptors are needed anymore. Optionally, the output zip is converted to only use STORE.\n");
+	printf("\n");
+	printf("Written to work specifically with Android OTA zip files, and does not cope with all possible zip file features and formats.\n");
+	return 0;
+}
--- a/zipsigntools/test.certificate.x509.pem
+++ b/zipsigntools/test.certificate.x509.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEqDCCA5CgAwIBAgIJAJNurL4H8gHfMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4g
+VmlldzEQMA4GA1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UE
+AxMHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAe
+Fw0wODAyMjkwMTMzNDZaFw0zNTA3MTcwMTMzNDZaMIGUMQswCQYDVQQGEwJVUzET
+MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4G
+A1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9p
+ZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCASAwDQYJKoZI
+hvcNAQEBBQADggENADCCAQgCggEBANaTGQTexgskse3HYuDZ2CU+Ps1s6x3i/waM
+qOi8qM1r03hupwqnbOYOuw+ZNVn/2T53qUPn6D1LZLjk/qLT5lbx4meoG7+yMLV4
+wgRDvkxyGLhG9SEVhvA4oU6Jwr44f46+z4/Kw9oe4zDJ6pPQp8PcSvNQIg1QCAcy
+4ICXF+5qBTNZ5qaU7Cyz8oSgpGbIepTYOzEJOmc3Li9kEsBubULxWBjf/gOBzAzU
+RNps3cO4JFgZSAGzJWQTT7/emMkod0jb9WdqVA2BVMi7yge54kdVMxHEa5r3b97s
+zI5p58ii0I54JiCUP5lyfTwE/nKZHZnfm644oLIXf6MdW2r+6R8CAQOjgfwwgfkw
+HQYDVR0OBBYEFEhZAFY9JyxGrhGGBaR0GawJyowRMIHJBgNVHSMEgcEwgb6AFEhZ
+AFY9JyxGrhGGBaR0GawJyowRoYGapIGXMIGUMQswCQYDVQQGEwJVUzETMBEGA1UE
+CBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4GA1UEChMH
+QW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9pZDEiMCAG
+CSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbYIJAJNurL4H8gHfMAwGA1Ud
+EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAHqvlozrUMRBBVEY0NqrrwFbinZa
+J6cVosK0TyIUFf/azgMJWr+kLfcHCHJsIGnlw27drgQAvilFLAhLwn62oX6snb4Y
+LCBOsVMR9FXYJLZW2+TcIkCRLXWG/oiVHQGo/rWuWkJgU134NDEFJCJGjDbiLCpe
+ZTWHdcwauTJ9pUbo8EvHRkU3cYfGmLaLfgn9gP+pWA7LFQNvXwBnDa6sppCccEX
+31I828XzgXpJ4O+mDL1/dBd+ek8ZPUP0IgdyZm5MTYPhvVqGCHzzTy3sIeJFymwr
+sBbmg2OAUNLEMO6nwmocSdN2ClirfxqCzJOLSDE4QyS9BAH6EhY6UFcOaE0=
+-----END CERTIFICATE-----
--- a/zipsigntools/test.key.pk8
+++ b/zipsigntools/test.key.pk8
Author	SHA1	Message	Date
topjohnwu	30c048723c	Update installer	2016-11-15 04:46:01 +08:00
topjohnwu	85dc669ddf	Mount magisk.img with option suid Should fix #12, hope so :)	2016-11-14 11:00:56 +08:00
topjohnwu	397c1a1c2b	Magisk Hide won't play well with dummy lib	2016-11-14 05:02:57 +08:00
topjohnwu	f1d3e35aac	Proper support for special mounts	2016-11-14 04:30:05 +08:00
topjohnwu	0e69201f05	Remove UID check, not reliable....	2016-11-14 04:27:43 +08:00
topjohnwu	f8fdaf5c1f	Initialize is not needed	2016-11-13 21:22:04 +08:00
topjohnwu	1f3b81338c	Fix Moto DTB issue	2016-11-13 21:03:00 +08:00
topjohnwu	5921d3a42a	Update scripts	2016-11-13 21:02:35 +08:00
topjohnwu	dbbc85719e	MagiskHide: Unmount cache mounts and check UID	2016-11-13 19:27:01 +08:00
topjohnwu	0ddb6c3f10	Various small changes	2016-11-13 16:58:43 +08:00
topjohnwu	e13281726c	Add bootanim, host, busybox	2016-11-09 05:17:14 +08:00
topjohnwu	0ddf4355a1	Update build.sh	2016-11-09 05:16:03 +08:00
topjohnwu	7c8a3ca1a8	Revert to 1.25.0 as 1.25.1 is faulty	2016-11-09 04:41:34 +08:00
topjohnwu	3068738a70	MagiskHide small tweak	2016-11-07 23:57:21 +08:00
topjohnwu	cfa0d8b7c0	gitmodule typo fix	2016-11-06 05:00:58 +08:00
topjohnwu	7ac41652f7	Brand new dummy cloning: No bugs and faster	2016-11-06 04:47:54 +08:00
topjohnwu	24a510bc2e	Kill process after remove from list	2016-11-06 02:43:57 +08:00
topjohnwu	0498540439	Magisk Hide: Unmount dummy skeleton	2016-11-06 02:09:14 +08:00
topjohnwu	da94c2e1e5	Update build.sh to detect failures	2016-11-06 01:33:55 +08:00
topjohnwu	bcdd74514f	Adjust scripts for resetprop	2016-11-05 02:38:10 +08:00
topjohnwu	1d0c36a0ab	Add resetprop to Magisk	2016-11-05 02:38:10 +08:00
topjohnwu	a34ea8f131	Magisk Hide Massive Update	2016-11-01 04:21:43 +08:00
topjohnwu	7fbfa6a52b	Remove custom patch script in uninstaller	2016-10-30 20:09:32 +08:00
topjohnwu	799ef3380d	Update build script	2016-10-30 19:32:36 +08:00
topjohnwu	d5087858ca	Add build scripts Building through the build script will compile all binaries, and generate a properly signed zip Should work on linux and macOS environments	2016-10-30 19:11:26 +08:00
Pierre-Hugues Husson	d9fc5650b8	Oops, MTK rootfs/recovery detection had wrong offset	2016-10-30 06:57:50 +08:00
topjohnwu	9ea028f5ab	Various updates, prepare for Multirom support	2016-10-30 06:50:06 +08:00
topjohnwu	aa309087fd	Update flash script	2016-10-30 06:50:06 +08:00
topjohnwu	57bdd9d3bf	Update busybox to 1.25.1	2016-10-30 06:11:48 +08:00
topjohnwu	dc9871fe5b	Update binaries	2016-10-30 06:11:22 +08:00
topjohnwu	3255ca3ea4	Remove unnecessary statics	2016-10-30 06:08:23 +08:00