Load system.prop; longer waiting time

This is the issue that has been haunting since day 1. Root and mounted files randomly disappears, and only an reboot can fix it.
The issue is that Zygote requires some time to isolate the mount namespace for the children it forks (read: most processes), so in rare cases such as the CPU is on heavy load, or CPU is in deep sleep, it takes longer than usual to finish the mount namespace isolation. Magisk Hide kicks in before the isolation is done, and it will switch to Zygote's namespace and do the unmounting. All children will then lose the mounted files, which includes root.
The solution is to first find the namespace id of Zygote, and wait a small period of time and retry if the namespace isn't isolated yet.

.gitattributes

@@ -0,0 +1,17 @@
+# Set the default behavior, in case people don't have core.autocrlf set.
+* text eol=lf
+
+# Explicitly declare text files you want to always be normalized and converted
+# to native line endings on checkout.
+# *.c text
+# *.h text
+
+# Declare files that will always have CRLF line endings on checkout.
+*.cmd text eol=crlf
+
+# Denote all files that are truly binary and should not be modified.
+busybox binary
+futility binary
+*.jar binary
+*.exe binary
+*.apk binary

.gitignore

@@ -11,7 +11,7 @@ uninstaller/arm/*
 uninstaller/arm64/*
 uninstaller/x86/*
 uninstaller/x64/*
-zipsigntools/zipadjust
+ziptools/zipadjust
 
 # Generated scripts
 zip_static/common/magic_mask.sh

.gitmodules

@@ -1,9 +1,12 @@
-[submodule "selinux"]
-	path = selinux
-	url = https://github.com/topjohnwu/selinux
 [submodule "jni/sepolicy-inject"]
 	path = jni/sepolicy-inject
 	url = https://github.com/topjohnwu/sepolicy-inject
 [submodule "jni/resetprop"]
 	path = jni/resetprop
 	url = https://github.com/topjohnwu/resetprop.git
+[submodule "jni/selinux"]
+	path = jni/selinux
+	url = https://github.com/topjohnwu/selinux.git
+[submodule "jni/su"]
+	path = jni/su
+	url = https://github.com/topjohnwu/Superuser.git

README.MD

@@ -3,8 +3,9 @@
 * Busybox: http://forum.xda-developers.com/android/software-hacking/tool-busybox-flashable-archs-t3348543
 
 ###How to build Magisk
-1. Only support MacOS and Linux
-2. Download and install NDK
-3. Add the NDK directory into PATH.  
-To check if success, please try calling `which ndk-build` and see if it returns the NDK directory
-4. Execute `./build.sh`, it will give you further information
+1. Download and install NDK
+2. Add the NDK directory into PATH  
+To check if the PATH is set correctly, try calling `which ndk-build` (`where ndk-build` on Windows) and see if it shows the NDK directory
+3. Unix-like users (e.g. Linux & MacOS) please execute `build.sh` through shell  
+Windows users please execute `build.cmd` through cmd
+4. The scripts will show you further details

build.cmd

@@ -0,0 +1,159 @@
+@ECHO OFF
+SETLOCAL ENABLEEXTENSIONS
+SET me=%~nx0
+SET parent=%~dp0
+SET tab=	
+SET OK=
+
+CD %parent%
+
+call :%~1 "%~2"
+IF NOT DEFINED OK CALL :usage
+
+EXIT /B %ERRORLEVEL%
+
+:usage
+  ECHO %me% all ^<version name^>
+  ECHO %tab%Build binaries, zip, and sign Magisk
+  ECHO %tab%This is equlivant to first ^<build^>, then ^<zip^>
+  ECHO %me% clean
+  ECHO %tab%Cleanup compiled / generated files
+  ECHO %me% build
+  ECHO %tab%Build the binaries with ndk
+  ECHO %me% zip ^<version name^>
+  ECHO %tab%Zip and sign Magisk
+  ECHO %me% uninstaller
+  ECHO %tab%Zip and sign the uninstaller
+  EXIT /B 1
+
+:all
+  SET OK=y
+  IF [%~1] == [] (
+    CALL :error "Missing version number"
+    CALL :usage
+    EXIT /B %ERRORLEVEL%
+  )
+  CALL :build
+  CALL :zip "%~1"
+  EXIT /B %ERRORLEVEL%
+
+:build
+  SET OK=y
+  ECHO ************************
+  ECHO * Building binaries
+  ECHO ************************
+  FOR /F "tokens=* USEBACKQ" %%F IN (`where ndk-build`) DO (
+    IF [%%F] == [] (
+      CALL :error "Please add ndk-build to PATH!"
+      EXIT /B 1
+    )
+  )
+  CALL ndk-build -j4 || CALL :error "Magisk binary tools build failed...."
+  IF %ERRORLEVEL% NEQ 0 EXIT /B %ERRORLEVEL%
+  ECHO ************************
+  ECHO * Copying binaries
+  ECHO ************************
+  COPY /Y libs\armeabi\* zip_static\arm
+  COPY /Y libs\arm64-v8a\* zip_static\arm64
+  COPY /Y libs\x86\* zip_static\x86
+  COPY /Y libs\x86_64\* zip_static\x64
+  CALL :mkcp libs\armeabi\bootimgtools uninstaller\arm
+  CALL :mkcp libs\arm64-v8a\bootimgtools uninstaller\arm64
+  CALL :mkcp libs\x86\bootimgtools uninstaller\x86
+  CALL :mkcp libs\x86_64\bootimgtools uninstaller\x64
+  EXIT /B %ERRORLEVEL%
+
+:clean
+  SET OK=y
+  ECHO ************************
+  ECHO * Cleaning up
+  ECHO ************************
+  CALL ndk-build clean
+  forfiles /P zip_static\arm /C "cmd /C IF NOT @file == \"busybox\" DEL @file"
+  forfiles /P zip_static\arm64 /C "cmd /C IF NOT @file == \"busybox\" DEL @file"
+  forfiles /P zip_static\x86 /C "cmd /C IF NOT @file == \"busybox\" DEL @file"
+  forfiles /P zip_static\x64 /C "cmd /C IF NOT @file == \"busybox\" DEL @file"
+  2>NUL DEL zip_static\META-INF\com\google\android\update-binary
+  2>NUL DEL zip_static\common\magic_mask.sh
+  2>NUL RMDIR /S /Q uninstaller\arm
+  2>NUL RMDIR /S /Q uninstaller\arm64
+  2>NUL RMDIR /S /Q uninstaller\x86
+  2>NUL RMDIR /S /Q uninstaller\x64
+  EXIT /B 0
+
+:zip
+  SET OK=y
+  IF [%~1] == [] (
+    CALL :error "Missing version number"
+    CALL :usage
+    EXIT /B %ERRORLEVEL%
+  )
+  IF NOT EXIST "zip_static\arm\bootimgtools" CALL :error "Missing binaries! Please run '%me% build' before zipping!"
+  IF %ERRORLEVEL% NEQ 0 EXIT /B %ERRORLEVEL%
+  ECHO ************************
+  ECHO * Adding version info
+  ECHO ************************
+  powershell.exe -nologo -noprofile -command "(gc -Raw scripts\flash_script.sh) -replace 'MAGISK_VERSION_STUB', 'Magisk v%~1 Boot Image Patcher' | sc zip_static\META-INF\com\google\android\update-binary"
+  powershell.exe -nologo -noprofile -command "(gc -Raw scripts\magic_mask.sh) -replace 'MAGISK_VERSION_STUB', 'setprop magisk.version \"%~1\"' | sc zip_static\common\magic_mask.sh"
+  ECHO ************************
+  ECHO * Zipping Magisk v%~1
+  ECHO ************************
+  CD zip_static
+  2>NUL DEL "..\Magisk-v%~1.zip"
+  ..\ziptools\win_bin\zip "..\Magisk-v%~1.zip" -r .
+  CD ..\
+  CALL :sign_zip "Magisk-v%~1.zip"
+  EXIT /B %ERRORLEVEL%
+
+:uninstaller
+  SET OK=y
+  IF NOT EXIST "uninstaller\arm\bootimgtools" CALL :error "Missing binaries! Please run '%me% build' before zipping!"
+  IF %ERRORLEVEL% NEQ 0 EXIT /B %ERRORLEVEL%
+  ECHO ************************
+  ECHO * Zipping uninstaller
+  ECHO ************************
+  FOR /F "tokens=* USEBACKQ" %%F IN (`ziptools\win_bin\date "+%%Y%%m%%d"`) DO (set timestamp=%%F)
+  CD uninstaller
+  2>NUL DEL "../Magisk-uninstaller-%timestamp%.zip"
+  ..\ziptools\win_bin\zip "../Magisk-uninstaller-%timestamp%.zip" -r .
+  CD ..\
+  CALL :sign_zip "Magisk-uninstaller-%timestamp%.zip"
+  EXIT /B %ERRORLEVEL%
+
+:sign_zip
+  IF NOT EXIST "ziptools\win_bin\zipadjust.exe" (
+    ECHO ************************
+    ECHO * Compiling ZipAdjust
+    ECHO ************************
+    gcc -o ziptools\win_bin\zipadjust ziptools\src\*.c -lz || CALL :error "ZipAdjust Build failed...."
+    IF %ERRORLEVEL% NEQ 0 EXIT /B %ERRORLEVEL%
+  )
+  SET basename="%~1"
+  SET basename="%basename:.zip=%"
+  ECHO ************************
+  ECHO * First sign %~1
+  ECHO ************************
+  java -jar "ziptools\signapk.jar" "ziptools\test.certificate.x509.pem" "ziptools\test.key.pk8" "%~1" "%basename:"=%-firstsign.zip"
+  ECHO ************************
+  ECHO * Adjusting %~1
+  ECHO ************************
+  ziptools\win_bin\zipadjust "%basename:"=%-firstsign.zip" "%basename:"=%-adjusted.zip"
+  ECHO ************************
+  ECHO * Final sign %~1
+  ECHO ************************
+  java -jar "ziptools\minsignapk.jar" "ziptools\test.certificate.x509.pem" "ziptools\test.key.pk8" "%basename:"=%-adjusted.zip" "%basename:"=%-signed.zip"
+
+  MOVE /Y "%basename:"=%-signed.zip" "%~1"
+  DEL "%basename:"=%-adjusted.zip" "%basename:"=%-firstsign.zip"
+  EXIT /B %ERRORLEVEL%
+
+:mkcp
+  2>NUL MKDIR "%~2"
+  2>NUL COPY /Y "%~1" "%~2"
+  EXIT /B 0
+
+:error
+  ECHO.
+  ECHO ! %~1
+  ECHO.
+  EXIT /B 1

build.sh

@@ -3,7 +3,7 @@
 usage() {
   echo "$0 all <version name>"
   echo -e "\tBuild binaries, zip, and sign Magisk"
-  echo -e "\tThis is equlivant to first --build, then --zip"
+  echo -e "\tThis is equlivant to first <build>, then <zip>"
   echo "$0 clean"
   echo -e "\tCleanup compiled / generated files"
   echo "$0 build"
@@ -37,23 +37,17 @@ mkcp() {
   cp -afv $1 $2
 }
 
+error() {
+  echo -e "\n! $1\n"
+  exit 1
+}
+
 build_bin() {
   echo "************************"
   echo "* Building binaries"
   echo "************************"
-  if [ -z `which ndk-build` ]; then
-    echo "!!!!!!!!!!!!!!!!!!!!!!!!"
-    echo "! Please add ndk-build to PATH!"
-    echo "!!!!!!!!!!!!!!!!!!!!!!!!"
-    exit 1
-  fi
-  ndk-build -j4
-  if [ $? -ne 0 ]; then
-    echo "!!!!!!!!!!!!!!!!!!!!!!!!"
-    echo "! Magisk binary tools build failed...."
-    echo "!!!!!!!!!!!!!!!!!!!!!!!!"
-    exit 1
-  fi
+  [ -z `which ndk-build` ] && error "Please add ndk-build to PATH!"
+  ndk-build -j4 || error "Magisk binary tools build failed...."
   echo "************************"
   echo "* Copying binaries"
   echo "************************"
@@ -68,13 +62,7 @@ build_bin() {
 }
 
 zip_package() {
-  if [ ! -f "zip_static/arm/bootimgtools" ]; then
-    echo "!!!!!!!!!!!!!!!!!!!!!!!!"
-    echo "! Missing binaries!!"
-    echo "! Please run \"$0 build\" before zipping"
-    echo "!!!!!!!!!!!!!!!!!!!!!!!!"
-    exit 1
-  fi
+  [ ! -f "zip_static/arm/bootimgtools" ] && error "Missing binaries!! Please run '$0 build' before zipping"
   echo "************************"
   echo "* Adding version info"
   echo "************************"
@@ -93,18 +81,14 @@ zip_package() {
 }
 
 zip_uninstaller() {
-  if [ ! -f "uninstaller/arm/bootimgtools" ]; then
-    echo "! Missing binaries!!"
-    echo "! Please run \"$0 build\" before zipping"
-    exit 1
-  fi
+  [ ! -f "uninstaller/arm/bootimgtools" ] && error "Missing binaries!! Please run '$0 build' before zipping"
   echo "************************"
   echo "* Zipping uninstaller"
   echo "************************"
   cd uninstaller
   find . -type f -exec chmod 644 {} \;
   find . -type d -exec chmod 755 {} \;
-  TIMESTAMP=$(date "+%Y%m%d")
+  TIMESTAMP=`date "+%Y%m%d"`
   rm -rf "../Magisk-uninstaller-$TIMESTAMP.zip"
   zip "../Magisk-uninstaller-$TIMESTAMP.zip" -r .
   cd ../
@@ -112,31 +96,25 @@ zip_uninstaller() {
 }
 
 sign_zip() {
-  if [ ! -f "zipsigntools/zipadjust" ]; then
+  if [ ! -f "ziptools/zipadjust" ]; then
     echo "************************"
     echo "* Compiling ZipAdjust"
     echo "************************"
-    gcc -o zipsigntools/zipadjust zipsigntools/src/*.c -lz
-    if [ $? -ne 0 ]; then
-      echo "!!!!!!!!!!!!!!!!!!!!!!!!"
-      echo "! ZipAdjust Build failed...."
-      echo "!!!!!!!!!!!!!!!!!!!!!!!!"
-      exit 1
-    fi
-    chmod 755 zipsigntools/zipadjust
+    gcc -o ziptools/zipadjust ziptools/src/*.c -lz || error "ZipAdjust Build failed...."
+    chmod 755 ziptools/zipadjust
   fi
   echo "************************"
   echo "* First sign $1"
   echo "************************"
-  java -jar "zipsigntools/signapk.jar" "zipsigntools/test.certificate.x509.pem" "zipsigntools/test.key.pk8" "$1" "${1%.*}-firstsign.zip"
+  java -jar "ziptools/signapk.jar" "ziptools/test.certificate.x509.pem" "ziptools/test.key.pk8" "$1" "${1%.*}-firstsign.zip"
   echo "************************"
   echo "* Adjusting $1"
   echo "************************"
-  zipsigntools/zipadjust "${1%.*}-firstsign.zip" "${1%.*}-adjusted.zip"
+  ziptools/zipadjust "${1%.*}-firstsign.zip" "${1%.*}-adjusted.zip"
   echo "************************"
   echo "* Final sign $1"
   echo "************************"
-  java -jar "zipsigntools/signapk.jar" "zipsigntools/test.certificate.x509.pem" "zipsigntools/test.key.pk8" "${1%.*}-adjusted.zip" "${1%.*}-signed.zip"
+  java -jar "ziptools/minsignapk.jar" "ziptools/test.certificate.x509.pem" "ziptools/test.key.pk8" "${1%.*}-adjusted.zip" "${1%.*}-signed.zip"
 
   mv "${1%.*}-signed.zip" "$1"
   rm "${1%.*}-adjusted.zip" "${1%.*}-firstsign.zip"

jni/Android.mk

@@ -1,35 +1,10 @@
-my_path := $(call my-dir)
+LOCAL_PATH := $(call my-dir)
 
-LOCAL_PATH := $(my_path)
+include jni/bootimgtools/Android.mk
+include jni/magiskhide/Android.mk
+include jni/resetprop/Android.mk
+include jni/sepolicy-inject/Android.mk
+include jni/su/Android.mk
 
-include $(CLEAR_VARS)
-LOCAL_MODULE := magiskhide
-LOCAL_MODULE_TAGS := optional
-LOCAL_SRC_FILES := magiskhide.c
-LOCAL_CFLAGS += -std=gnu11
-include $(BUILD_EXECUTABLE)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := bootimgtools
-LOCAL_MODULE_TAGS := optional
-LOCAL_SRC_FILES := bootimgtools.c extract.c repack.c hexpatch.c
-LOCAL_CFLAGS += -std=gnu11
-include $(BUILD_EXECUTABLE)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := sepolicy-inject
-LOCAL_MODULE_TAGS := optional
-LOCAL_STATIC_LIBRARIES := libsepol
-LOCAL_SRC_FILES := sepolicy-inject/sepolicy-inject.c sepolicy-inject/builtin_rules.c
-LOCAL_C_INCLUDES := selinux/libsepol/include/
-LOCAL_CFLAGS += -std=gnu11
-include $(BUILD_EXECUTABLE)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := resetprop
-LOCAL_MODULE_TAGS := optional
-LOCAL_SRC_FILES := resetprop/resetprop.cpp resetprop/system_properties.cpp resetprop/libc_logging.cpp
-LOCAL_LDLIBS += -latomic
-include $(BUILD_EXECUTABLE)
-
-include selinux/libsepol/Android.mk
+include jni/selinux/libsepol/Android.mk
+include jni/selinux/libselinux/Android.mk

jni/Application.mk

@@ -2,4 +2,3 @@ APP_ABI := x86 x86_64 armeabi arm64-v8a
 APP_PIE = true
 APP_PLATFORM := android-21
 APP_CPPFLAGS += -std=c++11
-# APP_STL := c++_static

jni/bootimgtools/Android.mk

@@ -0,0 +1,8 @@
+LOCAL_PATH := $(call my-dir)
+
+include $(CLEAR_VARS)
+LOCAL_MODULE := bootimgtools
+LOCAL_MODULE_TAGS := optional
+LOCAL_SRC_FILES := main.c extract.c repack.c hexpatch.c
+LOCAL_CFLAGS += -std=gnu11
+include $(BUILD_EXECUTABLE)

jni/bootimgtools/extract.c

@@ -9,7 +9,7 @@
 #include <assert.h>
 #include <string.h>
 
-#include "bootimgtools.h"
+#include "bootimg.h"
 
 void dump(uint8_t *ptr, size_t size, char* filename) {
 	unlink(filename);

jni/bootimgtools/hexpatch.c

@@ -7,7 +7,7 @@
 #include <stdlib.h>
 #include <string.h>
 
-#include "bootimgtools.h"
+#include "bootimg.h"
 
 int hex2int(char c) {
 	int first = c / 16 - 3;

jni/bootimgtools/main.c

@@ -1,7 +1,7 @@
 #include <getopt.h>
 #include <stdio.h>
 
-#include "bootimgtools.h"
+#include "bootimg.h"
 
 /********************
   Patch Boot Image

jni/bootimgtools/repack.c

@@ -9,7 +9,7 @@
 #include <assert.h>
 #include <string.h>
 
-#include "bootimgtools.h"
+#include "bootimg.h"
 
 off_t file_size(char *filename) {
 	struct stat st;

jni/magiskhide.c

@@ -1,256 +0,0 @@
-#define _GNU_SOURCE
-#include <string.h>
-#include <fcntl.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <sched.h>
-#include <pthread.h>
-#include <unistd.h>
-#include <signal.h>
-
-#include <sys/mount.h>
-#include <sys/inotify.h>
-#include <sys/wait.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-
-#define LOGFILE 	"/cache/magisk.log"
-#define HIDELIST 	"/magisk/.core/magiskhide/hidelist"
-
-FILE *logfile;
-int i, list_size;
-char **hide_list = NULL;
-pthread_mutex_t mutex;
-
-char **file_to_str_arr(FILE *fp, int *size) {
-	int allocated = 16;
-	char *line = NULL, **array;
-	size_t len = 0;
-	ssize_t read;
-
-	array = (char **) malloc(sizeof(char*) * allocated);
-
-	*size = 0;
-	while ((read = getline(&line, &len, fp)) != -1) {
-		if (*size >= allocated) {
-			// Double our allocation and re-allocate
-			allocated *= 2;
-			array = (char **) realloc(array, sizeof(char*) * allocated);
-		}
-		// Remove end newline
-		if (line[read - 1] == '\n') {
-			line[read - 1] = '\0';
-		}
-		array[*size] = line;
-		line = NULL;
-		++(*size);
-	}
-	return array;
-}
-
-void lazy_unmount(const char* mountpoint) {
-	if (umount2(mountpoint, MNT_DETACH) != -1)
-		fprintf(logfile, "MagiskHide: Unmounted (%s)\n", mountpoint);
-	else
-		fprintf(logfile, "MagiskHide: Unmount Failed (%s)\n", mountpoint);
-}
-
-//WARNING: Calling this will change our current namespace
-//We don't care because we don't want to run from here anyway
-int hideMagisk(int pid, int uid) {
-	struct stat info;
-	char path[256];
-	// snprintf(path, 256, "/proc/%d", pid);
-	// if (stat(path, &info) == -1) {
-	// 	fprintf(logfile, "MagiskHide: Unable to get info for pid=%d\n", pid);
-	// 	return 1;
-	// }
-	// if (info.st_uid != uid) {
-	// 	fprintf(logfile, "MagiskHide: Incorrect uid=%d, expect uid=%d\n", info.st_uid, uid);
-	// 	return 1;
-	// }
-
-	snprintf(path, 256, "/proc/%d/ns/mnt", pid);
-	int fd = open(path, O_RDONLY);
-	if(fd == -1) return 2; // Maybe process died..
-	if(setns(fd, 0) == -1) {
-		fprintf(logfile, "MagiskHide: Unable to change namespace for pid=%d\n", pid);
-		return 3;
-	}
-
-	snprintf(path, 256, "/proc/%d/mounts", pid);
-	FILE *mount_fp = fopen(path, "r");
-	if (mount_fp == NULL) {
-		fprintf(logfile, "MagiskHide: Error opening mount list!\n");
-		return 4;
-	}
-
-	int mount_size;
-	char **mount_list = file_to_str_arr(mount_fp, &mount_size), mountpoint[256], cache_block[256];
-	fclose(mount_fp);
-
-	// Find the cache block
-	for(i = 0; i < mount_size; ++i) {
-		if (strstr(mount_list[i], "/cache")) {
-			sscanf(mount_list[i], "%256s", cache_block);
-			break;
-		}
-	}
-
-	// Unmount in inverse order
-	for(i = mount_size - 1; i >= 0; --i) {
-		if (strstr(mount_list[i], cache_block) && strstr(mount_list[i], "/system")) {
-			sscanf(mount_list[i], "%256s %256s", mountpoint, mountpoint);
-		} else if (strstr(mount_list[i], "/dev/block/loop")) {
-			if (strstr(mount_list[i], "/dev/magisk")) continue;
-			// Everything from loop mount
-			sscanf(mount_list[i], "%256s %256s", mountpoint, mountpoint);
-		} else if (strstr(mount_list[i], "tmpfs /system/")) {
-			// Directly unmount skeletons
-			sscanf(mount_list[i], "%256s %256s", mountpoint, mountpoint);
-		} else {
-			free(mount_list[i]);
-			continue;
-		}
-		lazy_unmount(mountpoint);
-		free(mount_list[i]);
-	}
-	// Free memory
-	free(mount_list);
-
-	return 0;
-}
-
-void update_list(const char *listpath) {
-	FILE *hide_fp = fopen((char*) listpath, "r");
-	if (hide_fp == NULL) {
-		fprintf(logfile, "MagiskHide: Error opening hide list\n");
-		exit(1);
-	}
-	pthread_mutex_lock(&mutex);
-	if (hide_list) {
-		// Free memory
-		for(i = 0; i < list_size; ++i)
-			free(hide_list[i]);
-		free(hide_list);
-	}
-	hide_list = file_to_str_arr(hide_fp, &list_size);
-	pthread_mutex_unlock(&mutex);
-	fclose(hide_fp);
-	if (list_size) fprintf(logfile, "MagiskHide: Update process/package list:\n");
-	for(i = 0; i < list_size; i++)
-		fprintf(logfile, "MagiskHide: [%s]\n", hide_list[i]);
-}
-
-void quit_pthread(int sig) {
-	// Free memory
-	for(i = 0; i < list_size; ++i)
-		free(hide_list[i]);
-	free(hide_list);
-	pthread_exit(NULL);
-}
-
-void *monitor_list(void *listpath) {
-	signal(SIGQUIT, quit_pthread);
-
-	int inotifyFd = -1;
-	char buffer[512];
-
-	while(1) {
-		if (inotifyFd == -1 || read(inotifyFd, buffer, 512) == -1) {
-			close(inotifyFd);
-			inotifyFd = inotify_init();
-			if (inotifyFd == -1) {
-				fprintf(logfile, "MagiskHide: Unable to watch %s\n", listpath);
-				exit(1);
-			}
-			if (inotify_add_watch(inotifyFd, (char*) listpath, IN_MODIFY) == -1) {
-				fprintf(logfile, "MagiskHide: Unable to watch %s\n", listpath);
-				exit(1);
-			}
-		}
-		update_list((char*) listpath);
-	}
-
-	return NULL;
-}
-
-int main(int argc, char **argv, char **envp) {
-
-	pid_t forkpid = fork();
-
-	if (forkpid < 0)
-		return 1;
-
-	if (forkpid == 0) {
-		if (setsid() < 0)
-			return 1;
-
-		close(STDIN_FILENO);
-		close(STDOUT_FILENO);
-		close(STDERR_FILENO);
-
-		logfile = fopen(LOGFILE, "a+");
-		setbuf(logfile, NULL);
-
-		pthread_t list_monitor;
-
-		pthread_mutex_init(&mutex, NULL);
-		pthread_create(&list_monitor, NULL, monitor_list, HIDELIST);
-
-		char buffer[512];
-		FILE *p = popen("while true; do logcat -b events -v raw -s am_proc_start; sleep 1; done", "r");
-
-		while(!feof(p)) {
-			//Format of am_proc_start is (as of Android 5.1 and 6.0)
-			//UserID, pid, unix uid, processName, hostingType, hostingName
-			fgets(buffer, sizeof(buffer), p);
-
-			char *pos = buffer;
-			while(1) {
-				pos = strchr(pos, ',');
-				if(pos == NULL)
-					break;
-				pos[0] = ' ';
-			}
-
-			int user, pid, uid;
-			char processName[256], hostingType[16], hostingName[256];
-			int ret = sscanf(buffer, "[%d %d %d %256s %16s %256s]",
-					&user, &pid, &uid,
-					processName, hostingType, hostingName);
-
-			if(ret != 6)
-				continue;
-
-			for (i = 0; i < list_size; ++i) {
-				if(strstr(processName, hide_list[i])) {
-					fprintf(logfile, "MagiskHide: Disabling for process=%s, PID=%d, UID=%d\n", processName, pid, uid);
-					forkpid = fork();
-					if (forkpid < 0)
-						break;
-					if (forkpid == 0) {
-						hideMagisk(pid, uid);
-						return 0;
-					}
-					waitpid(forkpid, NULL, 0);
-					kill(forkpid, SIGTERM);
-					break;
-				}
-			}
-		}
-
-		pclose(p);
-
-		pthread_kill(list_monitor, SIGQUIT);
-		pthread_mutex_destroy(&mutex);
-
-		fprintf(logfile, "MagiskHide: Error occurred...\n");
-
-		fclose(logfile);
-
-		return 1;
-	}
-
-	return 0;
-}

jni/magiskhide/Android.mk

@@ -0,0 +1,8 @@
+LOCAL_PATH := $(call my-dir)
+
+include $(CLEAR_VARS)
+LOCAL_MODULE := magiskhide
+LOCAL_MODULE_TAGS := optional
+LOCAL_SRC_FILES := main.c hide.c list_monitor.c proc_monitor.c util.c
+LOCAL_CFLAGS += -std=gnu11 -O3
+include $(BUILD_EXECUTABLE)

jni/magiskhide/hide.c

@@ -0,0 +1,75 @@
+#include "magiskhide.h"
+
+int hideMagisk() {
+	close(pipefd[1]);
+	
+	int pid, fd;
+	char cache_block[256];
+	cache_block[0] = '\0';
+
+	while(1) {
+		read(pipefd[0], &pid, sizeof(pid));
+		// Termination called
+		if(pid == -1) break;
+
+		snprintf(buffer, sizeof(buffer), "/proc/%d/ns/mnt", pid);
+		if((fd = open(buffer, O_RDONLY)) == -1) continue; // Maybe process died..
+		if(setns(fd, 0) == -1) {
+			fprintf(logfile, "MagiskHide: Unable to change namespace for pid=%d\n", pid);
+			continue;
+		}
+		close(fd);
+
+		snprintf(buffer, sizeof(buffer), "/proc/%d/mounts", pid);
+		FILE *mount_fp = fopen(buffer, "r");
+		if (mount_fp == NULL) {
+			fprintf(logfile, "MagiskHide: Error opening mount list!\n");
+			continue;
+		}
+
+		int mount_size;
+		char **mount_list = file_to_str_arr(mount_fp, &mount_size);
+
+		// Find the cache block name if not found yet
+		if (strlen(cache_block) == 0) {
+			for(i = 0; i < mount_size; ++i) {
+				if (strstr(mount_list[i], " /cache ")) {
+					sscanf(mount_list[i], "%256s", cache_block);
+					break;
+				}
+			}
+		}
+		
+		// First unmount the dummy skeletons and the cache mounts
+		for(i = mount_size - 1; i >= 0; --i) {
+			if (strstr(mount_list[i], "tmpfs /system") || strstr(mount_list[i], "tmpfs /vendor")
+				|| (strstr(mount_list[i], cache_block) && strstr(mount_list[i], "/system")) ) {
+				sscanf(mount_list[i], "%*s %512s", buffer);
+				lazy_unmount(buffer);
+			}
+			free(mount_list[i]);
+		}
+		free(mount_list);
+
+		// Re-read mount infos
+		fseek(mount_fp, 0, SEEK_SET);
+		mount_list = file_to_str_arr(mount_fp, &mount_size);
+		fclose(mount_fp);
+
+		// Unmount loop mounts
+		for(i = mount_size - 1; i >= 0; --i) {
+			if (strstr(mount_list[i], "/dev/block/loop") && !strstr(mount_list[i], DUMMYPATH)) {
+				sscanf(mount_list[i], "%*s %512s", buffer);
+				lazy_unmount(buffer);
+			}
+			free(mount_list[i]);
+		}
+		free(mount_list);
+
+		// Send resume signal
+		kill(pid, SIGCONT);
+	}
+
+	// Should never go here
+	return 1;
+}

jni/magiskhide/list_monitor.c

@@ -0,0 +1,56 @@
+#include "magiskhide.h"
+
+void *monitor_list(void *path) {
+	char* listpath = (char*) path;
+	signal(SIGQUIT, quit_pthread);
+
+	int inotifyFd = -1;
+	char str[512];
+
+	while(1) {
+		if (inotifyFd == -1 || read(inotifyFd, str, sizeof(str)) == -1) {
+			close(inotifyFd);
+			inotifyFd = inotify_init();
+			if (inotifyFd == -1) {
+				fprintf(logfile, "MagiskHide: Unable to watch %s\n", listpath);
+				exit(1);
+			}
+			if (inotify_add_watch(inotifyFd, listpath, IN_MODIFY) == -1) {
+				fprintf(logfile, "MagiskHide: Unable to watch %s\n", listpath);
+				exit(1);
+			}
+		}
+		update_list(listpath);
+	}
+
+	return NULL;
+}
+
+void update_list(const char *listpath) {
+	FILE *hide_fp = fopen(listpath, "r");
+	if (hide_fp == NULL) {
+		fprintf(logfile, "MagiskHide: Error opening hide list\n");
+		exit(1);
+	}
+	pthread_mutex_lock(&mutex);
+	if (hide_list) {
+		// Free memory
+		for(i = 0; i < list_size; ++i)
+			free(hide_list[i]);
+		free(hide_list);
+	}
+	hide_list = file_to_str_arr(hide_fp, &list_size);
+	pthread_mutex_unlock(&mutex);
+	fclose(hide_fp);
+	if (list_size) fprintf(logfile, "MagiskHide: Update process/package list:\n");
+	for(i = 0; i < list_size; i++)
+		fprintf(logfile, "MagiskHide: [%s]\n", hide_list[i]);
+}
+
+void quit_pthread(int sig) {
+	// Free memory
+	for(i = 0; i < list_size; ++i)
+		free(hide_list[i]);
+	free(hide_list);
+	pthread_exit(NULL);
+}

jni/magiskhide/magiskhide.h

@@ -0,0 +1,49 @@
+#ifndef MAGISK_HIDE_H
+#define MAGISK_HIDE_H
+
+#define _GNU_SOURCE
+#include <string.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sched.h>
+#include <pthread.h>
+#include <unistd.h>
+#include <signal.h>
+
+#include <sys/mount.h>
+#include <sys/inotify.h>
+#include <sys/wait.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/resource.h>
+
+#define LOGFILE 	"/cache/magisk.log"
+#define HIDELIST 	"/magisk/.core/magiskhide/hidelist"
+#define DUMMYPATH	"/dev/magisk/dummy"
+
+// Main thread
+void monitor_proc();
+
+// Forked process for namespace setting
+int hideMagisk();
+
+// List monitor thread
+void update_list(const char *listpath);
+void quit_pthread(int sig);
+void *monitor_list(void *path);
+
+// Util functions
+char **file_to_str_arr(FILE *fp, int *size);
+void read_namespace(const int pid, char* target, const size_t size);
+void lazy_unmount(const char* mountpoint);
+void run_as_daemon();
+
+// Global variable sharing through process/threads
+extern FILE *logfile;
+extern int i, list_size, pipefd[2];
+extern char **hide_list, buffer[512];
+extern pthread_t list_monitor;
+extern pthread_mutex_t mutex;
+
+#endif

jni/magiskhide/main.c

@@ -0,0 +1,65 @@
+#include "magiskhide.h"
+
+FILE *logfile;
+int i, list_size, pipefd[2];
+char **hide_list = NULL, buffer[512];
+pthread_t list_monitor;
+pthread_mutex_t mutex;
+
+static void terminate(int sig) {
+	// Close the config list monitor
+	pthread_kill(list_monitor, SIGQUIT);
+	pthread_mutex_destroy(&mutex);
+
+	// Terminate our children
+	i = -1;
+	write(pipefd[1], &i, sizeof(i));
+	exit(0);
+}
+
+int main(int argc, char *argv[]) {
+
+	if (argc > 1) {
+		if (strcmp(argv[1], "--daemon") == 0)
+			run_as_daemon();
+		else {
+			fprintf(stderr, "%s (with no options)\n\tRun magiskhide and output to stdout\n", argv[0]);
+			fprintf(stderr, "%s --daemon\n\tRun magiskhide as daemon, output to magisk.log\n", argv[0]);
+			return 1;
+		}
+	} else 
+		logfile = stdout;
+
+
+	// Handle all killing signals
+	signal(SIGINT, terminate);
+	signal(SIGTERM, terminate);
+
+	// Fork a child to handle namespace switches and unmounts
+	pipe(pipefd);
+	switch(fork()) {
+		case -1:
+			exit(-1);
+		case 0:
+			return hideMagisk();
+		default:
+			break; 
+	}
+	close(pipefd[0]);
+
+	// Start a thread to constantly check the hide list
+	pthread_mutex_init(&mutex, NULL);
+	pthread_create(&list_monitor, NULL, monitor_list, HIDELIST);
+
+	// Set main process to the top priority
+	setpriority(PRIO_PROCESS, 0, -20);
+
+	monitor_proc();
+
+	terminate(0);
+
+	fprintf(logfile, "MagiskHide: Cannot monitor am_proc_start, abort...\n");
+	fclose(logfile);
+
+	return 1;
+}

jni/magiskhide/proc_monitor.c

@@ -0,0 +1,82 @@
+#include "magiskhide.h"
+
+void monitor_proc() {
+	int pid, badns, zygote_num = 0;
+	char init_ns[32], zygote_ns[2][32];
+
+	// Get the mount namespace of init
+	read_namespace(1, init_ns, 32);
+
+	printf("%s\n", init_ns);
+
+	// Get the mount namespace of zygote
+	FILE *p = popen("/data/busybox/ps | grep zygote | grep -v grep", "r");
+	while(fgets(buffer, sizeof(buffer), p)) {
+		if (zygote_num == 2) break;
+		sscanf(buffer, "%d", &pid);
+		do {
+			usleep(500);
+			read_namespace(pid, zygote_ns[zygote_num], 32);
+		} while (strcmp(zygote_ns[zygote_num], init_ns) == 0);
+		++zygote_num;
+	}
+	pclose(p);
+
+	for (i = 0; i < zygote_num; ++i)
+		fprintf(logfile, "Zygote(%d) ns=%s ", i, zygote_ns[i]);
+	fprintf(logfile, "\n");
+
+	// Monitor am_proc_start
+	p = popen("while true; do logcat -b events -c; logcat -b events -v raw -s am_proc_start; sleep 1; done", "r");
+
+	while(!feof(p)) {
+		//Format of am_proc_start is (as of Android 5.1 and 6.0)
+		//UserID, pid, unix uid, processName, hostingType, hostingName
+		fgets(buffer, sizeof(buffer), p);
+
+		char *pos = buffer;
+		while(1) {
+			pos = strchr(pos, ',');
+			if(pos == NULL)
+				break;
+			pos[0] = ' ';
+		}
+
+		char processName[256];
+		int ret = sscanf(buffer, "[%*d %d %*d %256s", &pid, processName);
+
+		if(ret != 2)
+			continue;
+
+		pthread_mutex_lock(&mutex);
+		for (i = 0; i < list_size; ++i) {
+			if(strcmp(processName, hide_list[i]) == 0) {
+				while(1) {
+					badns = 0;
+					read_namespace(pid, buffer, 32);
+					for (i = 0; i < zygote_num; ++i) {
+						if (strcmp(buffer, zygote_ns[i]) == 0) {
+							usleep(500);
+							badns = 1;
+							break;
+						}
+					}
+					if (!badns) break;
+				}
+
+				// Send pause signal ASAP
+				if (kill(pid, SIGSTOP) == -1) continue;
+
+				fprintf(logfile, "MagiskHide: %s(PID=%d ns=%s)\n", processName, pid, buffer);
+
+				// Unmount start
+				write(pipefd[1], &pid, sizeof(pid));
+				break;
+			}
+		}
+		pthread_mutex_unlock(&mutex);
+	}
+
+	// Close the logcat monitor
+	pclose(p);
+}

jni/magiskhide/util.c

@@ -0,0 +1,59 @@
+#include "magiskhide.h"
+
+char **file_to_str_arr(FILE *fp, int *size) {
+	int allocated = 16;
+	char *line = NULL, **array;
+	size_t len = 0;
+	ssize_t read;
+
+	array = (char **) malloc(sizeof(char*) * allocated);
+
+	*size = 0;
+	while ((read = getline(&line, &len, fp)) != -1) {
+		if (*size >= allocated) {
+			// Double our allocation and re-allocate
+			allocated *= 2;
+			array = (char **) realloc(array, sizeof(char*) * allocated);
+		}
+		// Remove end newline
+		if (line[read - 1] == '\n') {
+			line[read - 1] = '\0';
+		}
+		array[*size] = line;
+		line = NULL;
+		++(*size);
+	}
+	return array;
+}
+
+void read_namespace(const int pid, char* target, const size_t size) {
+	char path[32];
+	snprintf(path, sizeof(path), "/proc/%d/ns/mnt", pid);
+	ssize_t len = readlink(path, target, size);
+	target[len] = '\0';
+}
+
+void lazy_unmount(const char* mountpoint) {
+	if (umount2(mountpoint, MNT_DETACH) != -1)
+		fprintf(logfile, "MagiskHide: Unmounted (%s)\n", mountpoint);
+	else
+		fprintf(logfile, "MagiskHide: Unmount Failed (%s)\n", mountpoint);
+}
+
+void run_as_daemon() {
+	switch(fork()) {
+		case -1:
+			exit(-1);
+		case 0:
+			if (setsid() < 0)
+				exit(-1);
+			close(STDIN_FILENO);
+			close(STDOUT_FILENO);
+			close(STDERR_FILENO);
+			logfile = fopen(LOGFILE, "a+");
+			setbuf(logfile, NULL);
+			break;
+		default:
+			exit(0); 
+	}
+}

scripts/flash_script.sh

@@ -19,6 +19,12 @@ INSTALLER=$TMPDIR/magisk
 
 COREDIR=/magisk/.core
 
+# Boot Image Variables
+CHROMEDIR=$INSTALLER/chromeos
+NEWBOOT=$TMPDIR/boottmp/new-boot.img
+UNPACKDIR=$TMPDIR/boottmp/bootunpack
+RAMDISK=$TMPDIR/boottmp/ramdisk
+
 # Default permissions
 umask 022
 
@@ -86,7 +92,7 @@ find_boot_image() {
   if [ -z "$BOOTIMAGE" ]; then
     FSTAB="/etc/recovery.fstab"
     [ ! -f "$FSTAB" ] && FSTAB="/etc/recovery.fstab.bak"
-    [ -f "$FSTAB" ] BOOTIMAGE=`grep -E '\b/boot\b' "$FSTAB" | grep -oE '/dev/[a-zA-Z0-9_./-]*'`
+    [ -f "$FSTAB" ] && BOOTIMAGE=`grep -E '\b/boot\b' "$FSTAB" | grep -oE '/dev/[a-zA-Z0-9_./-]*'`
   fi
 }
 
@@ -112,7 +118,7 @@ mount_image() {
       if (! is_mounted $2); then
         LOOPDEVICE=/dev/block/loop$LOOP
         if [ ! -f "$LOOPDEVICE" ]; then
-          mknod $LOOPDEVICE b 7 $LOOP
+          mknod $LOOPDEVICE b 7 $LOOP 2>/dev/null
         fi
         losetup $LOOPDEVICE $1
         if [ "$?" -eq "0" ]; then
@@ -148,21 +154,25 @@ unpack_boot() {
   mkdir -p $UNPACKDIR
   mkdir -p $RAMDISK
   cd $UNPACKDIR
-  $BINDIR/bootimgtools --extract $1
+  LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/bootimgtools --extract $1
+
+  [ ! -f $UNPACKDIR/ramdisk.gz ] && return 1
 
   cd $RAMDISK
   gunzip -c < $UNPACKDIR/ramdisk.gz | cpio -i
 }
 
 repack_boot() {
-  cd $RAMDISK
-  find . | cpio -o -H newc 2>/dev/null | gzip -9 > $UNPACKDIR/ramdisk.gz
+  if (! $SUPERSU); then
+    cd $RAMDISK
+    find . | cpio -o -H newc 2>/dev/null | gzip -9 > $UNPACKDIR/ramdisk.gz
+  fi
   cd $UNPACKDIR
-  $BINDIR/bootimgtools --repack $ORIGBOOT
+  LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/bootimgtools --repack $BOOTIMAGE
   if [ -f chromeos ]; then
     echo " " > config
     echo " " > bootloader
-    $CHROMEDIR/futility vbutil_kernel --pack new-boot.img.signed --keyblock $CHROMEDIR/kernel.keyblock --signprivate $CHROMEDIR/kernel_data_key.vbprivk --version 1 --vmlinuz new-boot.img --config config --arch arm --bootloader bootloader --flags 0x1
+    LD_LIBRARY_PATH=$SYSTEMLIB $CHROMEDIR/futility vbutil_kernel --pack new-boot.img.signed --keyblock $CHROMEDIR/kernel.keyblock --signprivate $CHROMEDIR/kernel_data_key.vbprivk --version 1 --vmlinuz new-boot.img --config config --arch arm --bootloader bootloader --flags 0x1
     rm -f new-boot.img
     mv new-boot.img.signed new-boot.img
   fi
@@ -172,10 +182,37 @@ repack_boot() {
       echo -n "SEANDROIDENFORCE" >> new-boot.img
     fi
   fi
+  if ($LGE_G); then
+    # Prevent secure boot error on LG G2/G3.
+    # Just for know, It's a pattern which bootloader verifies at boot. Thanks to LG hackers.
+    echo -n -e "\x41\xa9\xe4\x67\x74\x4d\x1d\x1b\xa4\x29\xf2\xec\xea\x65\x52\x79" >> new-boot.img
+  fi
   mv new-boot.img $NEWBOOT
-  $BINDIR/bootimgtools --hexpatch $NEWBOOT \
-  49010054011440B93FA00F71E9000054010840B93FA00F7189000054001840B91FA00F7188010054 \
-  A1020054011440B93FA00F7140020054010840B93FA00F71E0010054001840B91FA00F7181010054
+}
+
+remove_system_su() {
+  if [ -f /system/bin/su -o -f /system/xbin/su ] && [ ! -f /su/bin/su ]; then
+    ui_print "! System installed root detected, mount rw :("
+    mount -o rw,remount /system
+    # SuperSU
+    if [ -e /system/bin/.ext/.su ]; then
+      mv -f /system/bin/app_process32_original /system/bin/app_process32 2>/dev/null
+      mv -f /system/bin/app_process64_original /system/bin/app_process64 2>/dev/null
+      mv -f /system/bin/install-recovery_original.sh /system/bin/install-recovery.sh 2>/dev/null
+      cd /system/bin
+      if [ -e app_process64 ]; then
+        ln -sf app_process64 app_process
+      else
+        ln -sf app_process32 app_process
+      fi
+    fi
+    rm -rf /system/.pin /system/bin/.ext /system/etc/.installed_su_daemon /system/etc/.has_su_daemon \
+    /system/xbin/daemonsu /system/xbin/su /system/xbin/sugote /system/xbin/sugote-mksh /system/xbin/supolicy \
+    /system/bin/app_process_init /system/bin/su /cache/su /system/lib/libsupol.so /system/lib64/libsupol.so \
+    /system/su.d /system/etc/install-recovery.sh /system/etc/init.d/99SuperSUDaemon /cache/install-recovery.sh \
+    /system/.supersu /cache/.supersu /data/.supersu \
+    /system/app/Superuser.apk /system/app/SuperSU /cache/Superuser.apk  2>/dev/null
+  fi
 }
 
 ##########################################################################################
@@ -205,7 +242,6 @@ if [ -z "$NOOVERRIDE" ]; then
   # read override variables
   getvar KEEPVERITY
   getvar KEEPFORCEENCRYPT
-  getvar NORESTORE
   getvar BOOTIMAGE
 fi
 
@@ -217,10 +253,9 @@ if [ -z "$KEEPFORCEENCRYPT" ]; then
   # we don't keep forceencrypt by default
   KEEPFORCEENCRYPT=false
 fi
-if [ -z "$NORESTORE" ]; then
-  # we restore ramdisk by default
-  NORESTORE=false
-fi
+
+# Check if system root is installed and remove
+remove_system_su
 
 SAMSUNG=false
 SAMSUNG_CHECK=$(cat /system/build.prop | grep "ro.build.fingerprint=" | grep -i "samsung")
@@ -228,6 +263,19 @@ if [ $? -eq 0 ]; then
   SAMSUNG=true
 fi
 
+LGE_G=false
+RBRAND=$(grep_prop ro.product.brand)
+RMODEL=$(grep_prop ro.product.device)
+if [ "$RBRAND" = "lge" ] || [ "$RBRAND" = "LGE" ];  then 
+  if [ "$RMODEL" = "*D80*" ] || 
+     [ "$RMODEL" = "*S98*" ] || 
+     [ "$RMODEL" = "*D85*" ] ||
+     [ "$RMODEL" = "*F40*" ]; then
+    LGE_G=true
+    ui_print "! Bump device detected"
+  fi
+fi
+
 API=$(grep_prop ro.build.version.sdk)
 ABI=$(grep_prop ro.product.cpu.abi | cut -c-3)
 ABI2=$(grep_prop ro.product.cpu.abi2 | cut -c-3)
@@ -251,6 +299,9 @@ ui_print "- Device platform: $ARCH"
 BINDIR=$INSTALLER/$ARCH
 chmod -R 755 $CHROMEDIR/futility $BINDIR
 
+SYSTEMLIB=/system/lib
+($IS64BIT) && SYSTEMLIB=/system/lib64
+
 find_boot_image
 if [ -z "$BOOTIMAGE" ]; then
   ui_print "! Unable to detect boot image"
@@ -268,18 +319,22 @@ if (is_mounted /data); then
   mkdir -p /data/busybox
   cp -af $BINDIR /data/magisk
   cp -af $INSTALLER/common/init.magisk.rc $INSTALLER/common/magic_mask.sh /data/magisk
+  cp -af $INSTALLER/common/magisk.apk /data/magisk.apk
   /data/magisk/busybox --install -s /data/busybox
   ln -s /data/magisk/busybox /data/busybox/busybox
   # Prevent issues
-  rm -f /data/busybox/su /data/busybox/sh
+  rm -f /data/busybox/su /data/busybox/sh /data/busybox/reboot
   chcon -hR "u:object_r:system_file:s0" /data/magisk /data/busybox
   chmod -R 755 /data/magisk /data/busybox
   PATH=/data/busybox:$PATH
+  BINDIR=/data/magisk
 else
   rm -rf /cache/data_bin 2>/dev/null
-  mkdir -p /cache/data_bin
   cp -af $BINDIR /cache/data_bin
   cp -af $INSTALLER/common/init.magisk.rc $INSTALLER/common/magic_mask.sh /cache/data_bin
+  cp -af $INSTALLER/common/magisk.apk /cache/magisk.apk
+  chmod -R 755 /cache/data_bin
+  BINDIR=/cache/data_bin
 fi
 
 ##########################################################################################
@@ -293,10 +348,10 @@ if (is_mounted /data); then
   IMG=/data/magisk.img
 else
   IMG=/cache/magisk.img
-  ui_print "- Data unavalible, use cache workaround"
+  ui_print "- Data unavailable, use cache workaround"
 fi
 
-if [ -f "$IMG" ]; then
+if [ -f $IMG ]; then
   ui_print "- $IMG detected!"
 else
   ui_print "- Creating $IMG"
@@ -305,7 +360,7 @@ fi
 
 mount_image $IMG /magisk
 if (! is_mounted /magisk); then
-  ui_print "! Image mount failed... abort"
+  ui_print "! Magisk image mount failed..."
   exit 1
 fi
 MAGISKLOOP=$LOOPDEVICE
@@ -322,74 +377,135 @@ ui_print "- Found Boot Image: $BOOTIMAGE"
 rm -rf $TMPDIR/boottmp 2>/dev/null
 mkdir -p $TMPDIR/boottmp
 
-CHROMEDIR=$INSTALLER/chromeos
-NEWBOOT=$TMPDIR/boottmp/new-boot.img
-UNPACKDIR=$TMPDIR/boottmp/bootunpack
-RAMDISK=$TMPDIR/boottmp/ramdisk
-
-ORIGBOOT=$BOOTIMAGE
-
 ui_print "- Unpacking boot image"
-unpack_boot $ORIGBOOT
+unpack_boot $BOOTIMAGE
+if [ $? -ne 0 ]; then
+  ui_print "! Unable to unpack boot image"
+  exit 1;
+fi
 
-# Restore ramdisk
+ORIGBOOT=
 SUPERSU=false
-if (! $NORESTORE); then
+[ -f sbin/launch_daemonsu.sh ] && SUPERSU=true
+
+if ($SUPERSU); then
+
+  ##############################
+  # SuperSU installation process
+  ##############################
+
+  ui_print "- SuperSU patched boot detected!"
+  ui_print "- Adding auto patch script for SuperSU"
+  cp -af $INSTALLER/common/custom_ramdisk_patch.sh /data/custom_ramdisk_patch.sh
+  if (is_mounted /data); then
+    SUIMG=/data/su.img
+  else
+    SUIMG=/cache/su.img
+  fi
+  mount_image $SUIMG /su
+  if (! is_mounted /su); then
+    ui_print "! SU image mount failed..."
+    ui_print "! Please immediately flash SuperSU now"
+    ui_print "! Installation will complete after flashing SuperSU"
+    exit 1
+  fi
+  SUPERSULOOP=$LOOPDEVICE
+  gunzip -c < $UNPACKDIR/ramdisk.gz > $UNPACKDIR/ramdisk
+  ui_print "- Using sukernel to restore ramdisk"
+  # Restore ramdisk
+  LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-restore $UNPACKDIR/ramdisk $UNPACKDIR/ramdisk.orig
+  if [ $? -ne 0 ]; then
+    LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --restore $UNPACKDIR/ramdisk $TMPDIR/boottmp/stock_boot.img
+    if [ $? -ne 0 ]; then
+      ui_print "! Unable to restore ramdisk"
+      exit 1
+    fi
+    LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --bootimg-extract-ramdisk $TMPDIR/boottmp/stock_boot.img $UNPACKDIR/ramdisk.orig.gz
+    LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --ungzip $UNPACKDIR/ramdisk.orig.gz $UNPACKDIR/ramdisk.orig
+  fi
+  if [ ! -f $UNPACKDIR/ramdisk.orig ]; then
+    ui_print "! Unable to restore ramdisk"
+    exit 1
+  fi
+  rm -f $TMPDIR/boottmp/stock_boot.img $UNPACKDIR/ramdisk.orig.gz $UNPACKDIR/ramdisk.gz 2>/dev/null
+  ui_print "- Patching ramdisk with sukernel"
+  sh /data/custom_ramdisk_patch.sh $UNPACKDIR/ramdisk $BINDIR
+  LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-backup $UNPACKDIR/ramdisk.orig $UNPACKDIR/ramdisk $UNPACKDIR/ramdisk
+  gzip -9 < $UNPACKDIR/ramdisk > $UNPACKDIR/ramdisk.gz
+  rm -f $UNPACKDIR/ramdisk $UNPACKDIR/ramdisk.orig
+
+else
+
+  ##############################
+  # Magisk installation process
+  ##############################
+
+  # Ramdisk restore
   if [ -d ".backup" ]; then
+    # This implies Magisk is already installed, and ramdisk backup exists
     ui_print "- Restoring ramdisk with ramdisk backup"
     cp -af .backup/. .
     rm -rf magisk init.magisk.rc sbin/magic_mask.sh 2>/dev/null
-  else
-    [ -f "sbin/launch_daemonsu.sh" ] && SUPERSU=true
-    if ($SUPERSU); then
-      ui_print "- SuperSU patched boot detected!"
-      ui_print "- Adding auto patch script for SuperSU"
-      cp -af $INSTALLER/common/custom_ramdisk_patch.sh /data/custom_ramdisk_patch.sh
-    fi
-    if [ -d "magisk" ]; then
-      # If Magisk is installed and not SuperSU and no ramdisk backups
-      # Restore previous stock boot image
-      if (! $SUPERSU); then
-        cp -af /data/stock_boot_*.gz /data/stock_boot.img.gz 2>/dev/null
-        gzip -d /data/stock_boot.img.gz 2>/dev/null
-        if [ -f "/data/stock_boot.img" ]; then
-          ui_print "- Restoring boot image with backup"
-          $ORIGBOOT=/data/stock_boot.img
-          unpack_boot $ORIGBOOT
-        fi
-      fi
-      # Removing possible modifications
-      rm -rf magisk init.magisk.rc sbin/magic_mask.sh 2>/dev/null
-      rm -rf init.xposed.rc sbin/mount_xposed.sh 2>/dev/null
+    ORIGBOOT=false
+  elif [ -d "magisk" ]; then
+    mv -f /data/stock_boot_*.gz /data/stock_boot.img.gz 2>/dev/null
+    gzip -d /data/stock_boot.img.gz 2>/dev/null
+    rm -f /data/stock_boot.img.gz 2>/dev/null
+    [ -f /data/stock_boot.img ] && ORIGBOOT=/data/stock_boot.img
+    # If Magisk is installed and no SuperSU and no ramdisk backups,
+    # we restore previous stock boot image backups
+    if [ ! -z $ORIGBOOT ]; then
+      ui_print "- Restoring boot image with backup"
+      unpack_boot $ORIGBOOT
     fi
+    # Removing possible modifications
+    rm -rf magisk init.magisk.rc sbin/magic_mask.sh sbin/su init.xposed.rc sbin/mount_xposed.sh 2>/dev/null
+    ORIGBOOT=false
   fi
-fi
 
-# SuperSU already backup stock boot, no need to do again
-if (! $SUPERSU); then
-  ui_print "- Creating backups"
+  # Backups
+  ui_print "- Creating ramdisk backup"
   mkdir .backup 2>/dev/null
   cp -af *fstab* verity_key sepolicy .backup 2>/dev/null
-  if (is_mounted /data); then
-    [ "$ORIGBOOT" != "/data/stock_boot.img" ] && dd if=$ORIGBOOT of=/data/stock_boot.img
-  else
-    dd if=$ORIGBOOT of=/cache/stock_boot.img
+  if [ -z $ORIGBOOT ]; then
+    ui_print "- Creating boot image backup"
+    if (is_mounted /data); then
+      dd if=$BOOTIMAGE of=/data/stock_boot.img
+    else
+      dd if=$BOOTIMAGE of=/cache/stock_boot.img
+    fi
   fi
-fi
 
-# Patch ramdisk
-ui_print "- Patching ramdisk"
-
-# Add magisk entrypoint
-for INIT in init*.rc; do
-  if [ $(grep -c "import /init.environ.rc" $INIT) -ne "0" ] && [ `grep -c "import /init.magisk.rc" $INIT` -eq "0" ]; then
-    cp $INIT .backup
-    sed -i "/import \/init\.environ\.rc/iimport /init.magisk.rc" $INIT
-    break
+  # Root
+  ROOT=false
+  if [ ! -d /magisk/phh ]; then
+    ui_print "- Installing phh's SuperUser"
+    ROOT=true
+  elif [ `grep_prop versionCode /magisk/phh/module.prop` -lt `grep_prop versionCode $INSTALLER/common/phh/module.prop` ]; then
+    ui_print "- Upgrading phh's SuperUser"
+    ROOT=true
   fi
-done
 
-if (! $SUPERSU); then
+  if ($ROOT); then
+    mkdir -p /magisk/phh/bin 2>/dev/null
+    mkdir -p /magisk/phh/su.d 2>/dev/null
+    cp -af $INSTALLER/common/phh/. /magisk/phh
+    cp -af $BINDIR/su $BINDIR/sepolicy-inject /magisk/phh/bin
+    chmod -R 755 /magisk/phh/bin
+  fi
+
+  # Patch ramdisk
+  ui_print "- Patching ramdisk"
+
+  # Add magisk entrypoint
+  for INIT in init*.rc; do
+    if [ `grep -c "import /init.environ.rc" $INIT` -ne "0" ] && [ `grep -c "import /init.magisk.rc" $INIT` -eq "0" ]; then
+      cp $INIT .backup
+      sed -i "/import \/init\.environ\.rc/iimport /init.magisk.rc" $INIT
+      break
+    fi
+  done
+
   sed -i "/selinux.reload_policy/d" init.rc
   find . -type f -name "*fstab*" 2>/dev/null | while read FSTAB ; do
     if (! $KEEPVERITY); then
@@ -404,23 +520,23 @@ if (! $SUPERSU); then
   if (! $KEEPVERITY); then
     rm verity_key 2>/dev/null
   fi
+
+  # sepolicy patches
+  LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/sepolicy-inject --magisk -P sepolicy
+
+  # Add new items
+  mkdir -p magisk 2>/dev/null
+  cp -af $INSTALLER/common/init.magisk.rc init.magisk.rc
+  cp -af $INSTALLER/common/magic_mask.sh sbin/magic_mask.sh
+
+  chmod 0755 magisk
+  chmod 0750 init.magisk.rc sbin/magic_mask.sh
 fi
 
-# sepolicy patches
-$BINDIR/sepolicy-inject --magisk -P sepolicy
-
-# Add new items
-mkdir -p magisk 2>/dev/null
-cp -af $INSTALLER/common/init.magisk.rc init.magisk.rc
-cp -af $INSTALLER/common/magic_mask.sh sbin/magic_mask.sh
-
-chmod 0755 magisk
-chmod 0750 init.magisk.rc sbin/magic_mask.sh
-
 ui_print "- Repacking boot image"
 repack_boot
 
-BOOTSIZE=`blockdev --getsize64 $BOOTIMAGE`
+BOOTSIZE=`blockdev --getsize64 $BOOTIMAGE 2>/dev/null`
 NEWSIZE=`ls -l $NEWBOOT | awk '{print $5}'`
 if [ "$NEWSIZE" -gt "$BOOTSIZE" ]; then
   ui_print "! Boot partition space insufficient"
@@ -438,15 +554,22 @@ fi
 chmod 644 $NEWBOOT
 
 ui_print "- Flashing new boot image"
-[ ! -L "$BOOTIMAGE" ] && dd if=/dev/zero of=$BOOTIMAGE bs=4096 2>/dev/null
+[ ! -L $BOOTIMAGE ] && dd if=/dev/zero of=$BOOTIMAGE bs=4096 2>/dev/null
 dd if=$NEWBOOT of=$BOOTIMAGE bs=4096
 
+cd /
+
 if (! $BOOTMODE); then
   ui_print "- Unmounting partitions"
   umount /magisk
   losetup -d $MAGISKLOOP
-  umount /system
   rmdir /magisk
+  if ($SUPERSU); then
+    umount /su
+    losetup -d $SUPERSULOOP
+    rmdir /su
+  fi
+  umount /system
 fi
 
 ui_print "- Done"

scripts/magic_mask.sh

@@ -2,6 +2,7 @@
 
 LOGFILE=/cache/magisk.log
 IMG=/data/magisk.img
+WHITELIST="/system/app /system/priv-app /system/bin"
 
 MOUNTPOINT=/magisk
 
@@ -16,13 +17,10 @@ MOUNTINFO=$TMPDIR/mnt
 # e.g. we rely on the option "-c" for cp (reserve contexts), and -exec for find
 TOOLPATH=/data/busybox
 BINPATH=/data/magisk
-OLDPATH=$PATH
-PATH=$TOOLPATH:$OLDPATH
 
 # Default permissions
 umask 022
 
-
 log_print() {
   echo "$1"
   echo "$1" >> $LOGFILE
@@ -38,17 +36,23 @@ mktouch() {
   fi
 }
 
+in_list() {
+  for i in $2; do
+    [ "$1" = "$i" ] && return 0
+  done
+  return 1
+}
+
 unblock() {
   touch /dev/.magisk.unblock
   exit
 }
 
 run_scripts() {
-  PATH=$OLDPATH
   BASE=$MOUNTPOINT
   for MOD in $BASE/* ; do
-    if [ ! -f "$MOD/disable" ]; then
-      if [ -f "$MOD/$1.sh" ]; then
+    if [ ! -f $MOD/disable ]; then
+      if [ -f $MOD/$1.sh ]; then
         chmod 755 $MOD/$1.sh
         chcon "u:object_r:system_file:s0" "$MOD/$1.sh"
         log_print "$1: $MOD/$1.sh"
@@ -56,13 +60,12 @@ run_scripts() {
       fi
     fi
   done
-  PATH=$TOOLPATH:$OLDPATH
 }
 
 loopsetup() {
   LOOPDEVICE=
-  for DEV in $(ls /dev/block/loop*); do
-    if [ `losetup $DEV $1 >/dev/null 2>&1; echo $?` -eq 0 ]; then
+  for DEV in `ls /dev/block/loop*`; do
+    if losetup $DEV $1; then
       LOOPDEVICE=$DEV
       break
     fi
@@ -78,44 +81,42 @@ target_size_check() {
 }
 
 travel() {
-  cd "$1/$2"
-  if [ -f ".replace" ]; then
-    rm -rf "$MOUNTINFO/$2"
-    mktouch "$MOUNTINFO/$2" "$1"
+  # Ignore /system/vendor, we will handle it differently
+  [ "$1" = "system/vendor" ] && return
+
+  cd $TRAVEL_ROOT/$1
+  if [ -f .replace ]; then
+    rm -rf $MOUNTINFO/$1
+    mktouch $MOUNTINFO/$1 $TRAVEL_ROOT
   else
     for ITEM in * ; do
-      if [ ! -e "/$2/$ITEM" ]; then
+      if [ ! -e /$1/$ITEM ]; then
         # New item found
-        if [ "$2" = "system" ]; then
-          # We cannot add new items to /system root, delete it
-          rm -rf "$ITEM"
-        else
-          # If we are in a higher level, delete the lower levels
-          rm -rf "$MOUNTINFO/dummy/$2"
-          # Mount the dummy parent
-          mktouch "$MOUNTINFO/dummy/$2"
+        # If we are in a higher level, delete the lower levels
+        rm -rf $MOUNTINFO/dummy/$1
+        # Mount the dummy parent
+        mktouch $MOUNTINFO/dummy/$1
 
-          if [ -d "$ITEM" ]; then
-            # Create new dummy directory and mount it
-            mkdir -p "$DUMMDIR/$2/$ITEM"
-            mktouch "$MOUNTINFO/$2/$ITEM" "$1"
-          elif [ -L "$ITEM" ]; then
-            # Symlinks are small, copy them
-            mkdir -p "$DUMMDIR/$2" 2>/dev/null
-            cp -afc "$ITEM" "$DUMMDIR/$2/$ITEM"
-          else
-            # Create new dummy file and mount it
-            mktouch "$DUMMDIR/$2/$ITEM"
-            mktouch "$MOUNTINFO/$2/$ITEM" "$1"
-          fi
+        if [ -d $ITEM ]; then
+          # Create new dummy directory and mount it
+          mkdir -p $DUMMDIR/$1/$ITEM
+          mktouch $MOUNTINFO/$1/$ITEM $TRAVEL_ROOT
+        elif [ -L $ITEM ]; then
+          # Symlinks are small, copy them
+          mkdir -p $DUMMDIR/$1 2>/dev/null
+          cp -afc $ITEM $DUMMDIR/$1/$ITEM
+        else
+          # Create new dummy file and mount it
+          mktouch $DUMMDIR/$1/$ITEM
+          mktouch $MOUNTINFO/$1/$ITEM $TRAVEL_ROOT
         fi
       else
-        if [ -d "$ITEM" ]; then
+        if [ -d $ITEM ]; then
           # It's an directory, travel deeper
-          (travel "$1" "$2/$ITEM")
-        elif [ ! -L "$ITEM" ]; then
+          (travel $1/$ITEM)
+        elif [ ! -L $ITEM ]; then
           # Mount this file
-          mktouch "$MOUNTINFO/$2/$ITEM" "$1"
+          mktouch $MOUNTINFO/$1/$ITEM $TRAVEL_ROOT
         fi
       fi
     done
@@ -123,29 +124,39 @@ travel() {
 }
 
 clone_dummy() {
-  for ITEM in "$1/"* ; do
-    if [ -d "$DUMMDIR$ITEM" ]; then
-      (clone_dummy "$ITEM")
-    elif [ ! -e "$DUMMDIR$ITEM" ]; then
-      if [ -d "$ITEM" ]; then
-        # Create dummy directory
-        mkdir -p "$DUMMDIR$ITEM"
-      elif [ -L "$ITEM" ]; then
-        # Symlinks are small, copy them
-        cp -afc "$ITEM" "$DUMMDIR$ITEM"
+  LINK=false
+  in_list $1 "$WHITELIST" && LINK=true
+
+  for ITEM in $MIRRDIR$1/* ; do
+    REAL=${ITEM#$MIRRDIR}
+    if [ -d $MOUNTINFO$REAL ]; then
+      # Need to clone deeper
+      mkdir -p $DUMMDIR$REAL
+      (clone_dummy $REAL)
+    else
+      if [ -L $ITEM ]; then
+        # Copy original symlink
+        cp -afc $ITEM $DUMMDIR$REAL
       else
-        # Create dummy file
-        mktouch "$DUMMDIR$ITEM"
+        if $LINK && [ ! -e $MOUNTINFO$REAL ]; then
+          ln -s $MIRRDIR$REAL $DUMMDIR$REAL
+        else
+          if [ -d $ITEM ]; then
+            mkdir -p $DUMMDIR$REAL
+          else
+            mktouch $DUMMDIR$REAL
+          fi
+          [ ! -e $MOUNTINFO$REAL ] && mktouch $MOUNTINFO/mirror$REAL
+        fi
       fi
-      chcon -f "u:object_r:system_file:s0" "$DUMMDIR$ITEM"
     fi
   done
 }
 
 bind_mount() {
-  if [ -e "$1" -a -e "$2" ]; then
+  if [ -e $1 -a -e $2 ]; then
     mount -o bind $1 $2
-    if [ "$?" -eq "0" ]; then 
+    if [ $? -eq 0 ]; then 
       log_print "Mount: $1"
     else 
       log_print "Mount Fail: $1"
@@ -154,9 +165,9 @@ bind_mount() {
 }
 
 merge_image() {
-  if [ -f "$1" ]; then
+  if [ -f $1 ]; then
     log_print "$1 found"
-    if [ -f "$IMG" ]; then
+    if [ -f $IMG ]; then
       log_print "$IMG found, attempt to merge"
 
       # Handle large images
@@ -182,36 +193,29 @@ merge_image() {
       LOOPMERGE=$LOOPDEVICE
       log_print "$LOOPMERGE $1"
 
-      if [ ! -z "$LOOPDATA" ]; then
-        if [ ! -z "$LOOPMERGE" ]; then
-          # if loop devices have been setup, mount images
-          OK=true
+      if [ ! -z $LOOPDATA -a ! -z $LOOPMERGE ]; then
+        # if loop devices have been setup, mount images
+        OK=false
+        mount -t ext4 -o rw,noatime $LOOPDATA /cache/data_img && \
+        mount -t ext4 -o rw,noatime $LOOPMERGE /cache/merge_img && \
+        OK=true
 
-          if [ `mount -t ext4 -o rw,noatime $LOOPDATA /cache/data_img >/dev/null 2>&1; echo $?` -ne 0 ]; then
-            OK=false
-          fi
-
-          if [ `mount -t ext4 -o rw,noatime $LOOPMERGE /cache/merge_img >/dev/null 2>&1; echo $?` -ne 0 ]; then
-            OK=false
-          fi
-
-          if ($OK); then
-            # Merge (will reserve selinux contexts)
-            cd /cache/merge_img
-            for MOD in *; do
-              if [ "$MOD" != "lost+found" ]; then
-                log_print "Merging: $MOD"
-                rm -rf /cache/data_img/$MOD
-              fi
-            done
-            cp -afc . /cache/data_img
-            log_print "Merge complete"
-            cd /
-          fi
-
-          umount /cache/data_img
-          umount /cache/merge_img
+        if $OK; then
+          # Merge (will reserve selinux contexts)
+          cd /cache/merge_img
+          for MOD in *; do
+            if [ "$MOD" != "lost+found" ]; then
+              log_print "Merging: $MOD"
+              rm -rf /cache/data_img/$MOD
+            fi
+          done
+          cp -afc . /cache/data_img
+          log_print "Merge complete"
+          cd /
         fi
+
+        umount /cache/data_img
+        umount /cache/merge_img
       fi
 
       losetup -d $LOOPDATA
@@ -238,16 +242,16 @@ case $1 in
 
     log_print "** Magisk post-fs mode running..."
 
-    # Cleanup previous version stuffs...
+    # Cleanup legacy stuffs...
     rm -rf /cache/magisk /cache/magisk_merge /cache/magiskhide.log
 
-    if [ -d "/cache/magisk_mount" ]; then
-      log_print "Mounting cache files"
+    if [ -d /cache/magisk_mount ]; then
+      log_print "* Mounting cache files"
       find /cache/magisk_mount -type f 2>/dev/null | while read ITEM ; do
-        chmod 644 "$ITEM"
-        chcon "u:object_r:system_file:s0" "$ITEM"
-        TARGET="${ITEM#/cache/magisk_mount}"
-        bind_mount "$ITEM" "$TARGET"
+        chmod 644 $ITEM
+        chcon "u:object_r:system_file:s0" $ITEM
+        TARGET=${ITEM#/cache/magisk_mount}
+        bind_mount $ITEM $TARGET
       done
     fi
 
@@ -255,27 +259,18 @@ case $1 in
     ;;
 
   post-fs-data )
-    if [ `mount | grep " /data " >/dev/null 2>&1; echo $?` -ne 0 ]; then
-      # /data not mounted yet, we will be called again later
-      unblock
-    fi
-
-    if [ `mount | grep " /data " | grep "tmpfs" >/dev/null 2>&1; echo $?` -eq 0 ]; then
-      # /data not mounted yet, we will be called again later
-      unblock
-    fi
+    # /data not mounted yet
+    ! mount | grep " /data " >/dev/null && unblock
+    mount | grep " /data " | grep "tmpfs" >/dev/null && unblock
 
     # Don't run twice
     if [ "`getprop magisk.restart_pfsd`" != "1" ]; then
 
+      export OLDPATH=$PATH
+      export PATH=$TOOLPATH:$OLDPATH
+
       log_print "** Magisk post-fs-data mode running..."
 
-      # Live patch sepolicy
-      $BINPATH/sepolicy-inject --live -s su
-
-      # Multirom functions should go here, not available right now
-      MULTIROM=false
-
       # Cache support
       if [ -d "/cache/data_bin" ]; then
         rm -rf $BINPATH $TOOLPATH
@@ -285,48 +280,53 @@ case $1 in
         $BINPATH/busybox --install -s $TOOLPATH
         ln -s $BINPATH/busybox $TOOLPATH/busybox
         # Prevent issues
-        rm -f $TOOLPATH/su $TOOLPATH/sh
+        rm -f $TOOLPATH/su $TOOLPATH/sh $TOOLPATH/reboot
       fi
 
-      mv /cache/stock_boot.img /data 2>/dev/null
+      mv /cache/stock_boot.img /data/stock_boot.img 2>/dev/null
+      mv /cache/magisk.apk /data/magisk.apk 2>/dev/null
 
       find $BINPATH -exec chcon -h "u:object_r:system_file:s0" {} \;
       find $TOOLPATH -exec chcon -h "u:object_r:system_file:s0" {} \;
       chmod -R 755 $BINPATH $TOOLPATH
 
+      # Live patch sepolicy
+      $BINPATH/sepolicy-inject --live -s su
+
+      # Multirom functions should go here, not available right now
+      MULTIROM=false
+
       # Image merging
       chmod 644 $IMG /cache/magisk.img /data/magisk_merge.img 2>/dev/null
       merge_image /cache/magisk.img
       merge_image /data/magisk_merge.img
 
       # Mount magisk.img
-      [ ! -d "$MOUNTPOINT" ] && mkdir -p $MOUNTPOINT
-      if [ `cat /proc/mounts | grep $MOUNTPOINT >/dev/null 2>&1; echo $?` -ne 0 ]; then
+      [ ! -d $MOUNTPOINT ] && mkdir -p $MOUNTPOINT
+      if ! mount | grep $MOUNTPOINT; then
         loopsetup $IMG
-        if [ ! -z "$LOOPDEVICE" ]; then
-          mount -t ext4 -o rw,noatime,suid $LOOPDEVICE $MOUNTPOINT
+        [ ! -z $LOOPDEVICE ] && mount -t ext4 -o rw,noatime $LOOPDEVICE $MOUNTPOINT
+        if [ $? -ne 0 ]; then
+          log_print "magisk.img mount failed, nothing to do :("
+          unblock
         fi
       fi
 
-      if [ `cat /proc/mounts | grep $MOUNTPOINT >/dev/null 2>&1; echo $?` -ne 0 ]; then
-        log_print "magisk.img mount failed, nothing to do :("
-        unblock
-      fi
-
-      # Remove empty directories, legacy paths and symlinks
-      rm -rf $COREDIR/bin $COREDIR/dummy $COREDIR/mirror
+      # Remove empty directories, legacy paths, symlinks, old temporary images
       find $MOUNTPOINT -type d -depth ! -path "*core*" -exec rmdir {} \; 2>/dev/null
+      rm -rf $COREDIR/bin $COREDIR/dummy $COREDIR/mirror /data/magisk/*.img 2>/dev/null
 
-      # Remove modules
+      # Remove modules that is labeled to be removed
       for MOD in $MOUNTPOINT/* ; do
-        if [ -f "$MOD/remove" ] || [ "$MOD" = "zzsupersu" ]; then
+        rm -f $MOD/system/placeholder 2>/dev/null
+        if [ -f $MOD/remove ] || [ $MOD = zzsupersu ]; then
           log_print "Remove module: $MOD"
           rm -rf $MOD
         fi
       done
 
       # Unmount, shrink, remount
-      if [ `umount $MOUNTPOINT >/dev/null 2>&1; echo $?` -eq 0 ]; then
+      if umount $MOUNTPOINT; then
         losetup -d $LOOPDEVICE
         target_size_check $IMG
         NEWDATASIZE=$(((curUsedM / 32 + 2) * 32))
@@ -335,98 +335,125 @@ case $1 in
           resize2fs $IMG ${NEWDATASIZE}M
         fi
         loopsetup $IMG
-        if [ ! -z "$LOOPDEVICE" ]; then
-          mount -t ext4 -o rw,noatime,suid $LOOPDEVICE $MOUNTPOINT
-        fi
-        if [ `cat /proc/mounts | grep $MOUNTPOINT >/dev/null 2>&1; echo $?` -ne 0 ]; then
+        [ ! -z $LOOPDEVICE ] && mount -t ext4 -o rw,noatime $LOOPDEVICE $MOUNTPOINT
+        if [ $? -ne 0 ]; then
           log_print "magisk.img mount failed, nothing to do :("
           unblock
         fi
       fi
 
-      log_print "Preparing modules"
+      log_print "* Preparing modules"
+
+      # Disable phh and Magisk Hide for SuperSU
+      if [ -f /sbin/launch_daemonsu.sh ]; then
+        touch /magisk/phh/disable 2>/dev/null
+        rm -f $COREDIR/magiskhide/enable 2>/dev/null
+      fi
 
       mkdir -p $DUMMDIR
       mkdir -p $MIRRDIR/system
 
-      # Travel through all mods, all magic happens here
+      # Remove crap folder
+      rm -rf $MOUNTPOINT/lost+found
+
+      # Link vendor if not exist
+      if [ ! -e /vendor ]; then
+        mount -o rw,remount rootfs /
+        ln -s /system/vendor /vendor
+        mount -o ro,remount rootfs /
+      fi
+
+      # Travel through all mods
       for MOD in $MOUNTPOINT/* ; do
-        if [ -f "$MOD/auto_mount" -a -d "$MOD/system" -a ! -f "$MOD/disable" ]; then
-          (travel $MOD system)
+        # Read in defined system props
+        [ -f $MOD/system.prop ] && /data/magisk/resetprop --file $MOD/system.prop
+        if [ -f $MOD/auto_mount -a -d $MOD/system -a ! -f $MOD/disable ]; then
+          TRAVEL_ROOT=$MOD
+          (travel system)
+          rm -f $MOD/vendor 2>/dev/null
+          if [ -d $MOD/system/vendor ]; then
+            ln -s $MOD/system/vendor $MOD/vendor
+            (travel vendor)
+          fi
         fi
       done
 
       # Proper permissions for generated items
       find $TMPDIR -exec chcon -h "u:object_r:system_file:s0" {} \;
 
-      # linker(64), t*box required
-      if [ -f "$MOUNTINFO/dummy/system/bin" ]; then
-        cd /system/bin
-        cp -afc linker* t*box $DUMMDIR/system/bin/
+      # linker(64), t*box required for bin
+      if [ -f $MOUNTINFO/dummy/system/bin ]; then
+        cp -afc /system/bin/linker* /system/bin/t*box $DUMMDIR/system/bin/
       fi
 
-      # Some libraries are required
-      LIBS="libc++.so libc.so libcutils.so libm.so libstdc++.so libcrypto.so liblog.so libpcre.so libselinux.so libpackagelistparser.so"
-      if [ -f "$MOUNTINFO/dummy/system/lib" ]; then
-        cd /system/lib
-        cp -afc $LIBS $DUMMDIR/system/lib
-        # Crash prevention!!
-        rm -f $COREDIR/magiskhide/enable 2>/dev/null
-      fi
-      if [ -f "$MOUNTINFO/dummy/system/lib64" ]; then
-        cd /system/lib64
-        cp -afc $LIBS $DUMMDIR/system/lib64
-        # Crash prevention!!
-        rm -f $COREDIR/magiskhide/enable 2>/dev/null
-      fi
-
-      # vendor libraries are device dependent, had no choice but copy them all if needed....
-      if [ -f "$MOUNTINFO/dummy/system/vendor" ]; then
-        cp -afc /system/vendor/lib/. $DUMMDIR/system/vendor/lib
-        [ -d "/system/vendor/lib64" ] && cp -afc /system/vendor/lib64/. $DUMMDIR/system/vendor/lib64
-      fi
-      if [ -f "$MOUNTINFO/dummy/system/vendor/lib" ]; then
-        cp -afc /system/vendor/lib/. $DUMMDIR/system/vendor/lib
-      fi
-      if [ -f "$MOUNTINFO/dummy/system/vendor/lib64" ]; then
-        cp -afc /system/vendor/lib64/. $DUMMDIR/system/vendor/lib64
-      fi
-
-      # Remove crap folder
-      rm -rf $MOUNTPOINT/lost+found
-      
       # Start doing tasks
-      
+
       # Stage 1
-      log_print "Bind mount dummy system"
-      find $MOUNTINFO/dummy -type f 2>/dev/null | while read ITEM ; do
-        TARGET=${ITEM#$MOUNTINFO/dummy}
-        ORIG="$DUMMDIR$TARGET"
-        clone_dummy "$TARGET"
-        bind_mount "$ORIG" "$TARGET"
-      done
+      log_print "* Stage 1: Mount system and vendor mirrors"
+      SYSTEMBLOCK=`mount | grep " /system " | awk '{print $1}'`
+      mkdir -p $MIRRDIR/system
+      mount -o ro $SYSTEMBLOCK $MIRRDIR/system
+      if [ `mount | grep -c " /vendor "` -ne 0 ]; then
+        VENDORBLOCK=`mount | grep " /vendor " | awk '{print $1}'`
+        mkdir -p $MIRRDIR/vendor
+        mount -o ro $VENDORBLOCK $MIRRDIR/vendor
+      else
+        ln -s $MIRRDIR/system/vendor $MIRRDIR/vendor
+      fi
+
+      # Since mirrors always exist, we load libraries and binaries from mirrors
+      export LD_LIBRARY_PATH=$MIRRDIR/system/lib:$MIRRDIR/vendor/lib
+      [ -d $MIRRDIR/system/lib64 ] && export LD_LIBRARY_PATH=$MIRRDIR/system/lib64:$MIRRDIR/vendor/lib64
 
       # Stage 2
-      log_print "Bind mount module items"
+      log_print "* Stage 2: Mount dummy skeletons"
+      # Move /system/vendor to /vendor for consistency
+      mv -f $MOUNTINFO/dummy/system/vendor $MOUNTINFO/dummy/vendor 2>/dev/null
+      mv -f $DUMMDIR/system/vendor $DUMMDIR/vendor 2>/dev/null
+      find $MOUNTINFO/dummy -type f 2>/dev/null | while read ITEM ; do
+        TARGET=${ITEM#$MOUNTINFO/dummy}
+        ORIG=$DUMMDIR$TARGET
+        (clone_dummy $TARGET)
+        bind_mount $ORIG $TARGET
+      done
+
+      # Check if the dummy /system/bin is empty, it shouldn't
+      [ ! -e $DUMMDIR/system/bin/sh ] && clone_dummy /system/bin
+
+      # Stage 3
+      log_print "* Stage 3: Mount module items"
       find $MOUNTINFO/system -type f 2>/dev/null | while read ITEM ; do
         TARGET=${ITEM#$MOUNTINFO}
         ORIG=`cat $ITEM`$TARGET
         bind_mount $ORIG $TARGET
-        rm -f $DUMMDIR${TARGET%/*}/.dummy 2>/dev/null
+      done
+      find $MOUNTINFO/vendor -type f 2>/dev/null | while read ITEM ; do
+        TARGET=${ITEM#$MOUNTINFO}
+        ORIG=`cat $ITEM`$TARGET
+        bind_mount $ORIG $TARGET
       done
 
-      # Run scripts
+      # Stage 4
+      log_print "* Stage 4: Execute module scripts"
       run_scripts post-fs-data
 
+      # Stage 5
+      log_print "* Stage 5: Mount mirrored items back to dummy"
+      find $MOUNTINFO/mirror -type f 2>/dev/null | while read ITEM ; do
+        TARGET=${ITEM#$MOUNTINFO/mirror}
+        ORIG=$MIRRDIR$TARGET
+        bind_mount $ORIG $TARGET
+      done
+
       # Bind hosts for Adblock apps
-      if [ -f "$COREDIR/hosts" ]; then
-        log_print "Enabling systemless hosts file support"
+      if [ -f $COREDIR/hosts ]; then
+        log_print "* Enabling systemless hosts file support"
         bind_mount $COREDIR/hosts /system/etc/hosts
       fi
 
       # Expose busybox
-      if [ -f "$COREDIR/busybox/enable" ]; then
-        log_print "Enabling BusyBox"
+      if [ -f $COREDIR/busybox/enable ]; then
+        log_print "* Enabling BusyBox"
         cp -afc /data/busybox/. $COREDIR/busybox
         cp -afc /system/xbin/. $COREDIR/busybox
         chmod -R 755 $COREDIR/busybox
@@ -434,24 +461,22 @@ case $1 in
         bind_mount $COREDIR/busybox /system/xbin
       fi
 
-      # Stage 3
-      log_print "Bind mount system mirror"
-      bind_mount /system $MIRRDIR/system
-
-      # Stage 4
-      log_print "Bind mount mirror items"
-      # Find all empty directores and dummy files, they should be mounted by original files in /system
-      TOOLPATH=/data/busybox find $DUMMDIR -type d \
-      -exec sh -c '[ -z "`ls -A $1`" ] && echo $1' -- {} \; \
-      -o \( -type f -size 0 -print \) | \
-      while read ITEM ; do
-        ORIG=${ITEM/dummy/mirror}
-        TARGET=${ITEM#$DUMMDIR}
-        bind_mount $ORIG $TARGET
-      done
+      if [ -f /data/magisk.apk ]; then
+        if [ -z `ls /data/app | grep com.topjohnwu.magisk` ]; then
+          mkdir /data/app/com.topjohnwu.magisk-1
+          cp /data/magisk.apk /data/app/com.topjohnwu.magisk-1/base.apk
+          chown 1000.1000 /data/app/com.topjohnwu.magisk-1
+          chown 1000.1000 /data/app/com.topjohnwu.magisk-1/base.apk
+          chmod 755 /data/app/com.topjohnwu.magisk-1
+          chmod 644 /data/app/com.topjohnwu.magisk-1/base.apk
+          chcon u:object_r:apk_data_file:s0 /data/app/com.topjohnwu.magisk-1
+          chcon u:object_r:apk_data_file:s0 /data/app/com.topjohnwu.magisk-1/base.apk
+        fi
+        rm -f /data/magisk.apk 2>/dev/null
+      fi
 
       # Restart post-fs-data if necessary (multirom)
-      ($MULTIROM) && setprop magisk.restart_pfsd 1
+      $MULTIROM && setprop magisk.restart_pfsd 1
 
     fi
     unblock
@@ -464,23 +489,26 @@ case $1 in
     run_scripts service
 
     # Magisk Hide
-    if [ -f "$COREDIR/magiskhide/enable" ]; then
-      log_print "** Removing tampered read-only system props"
+    if [ -f $COREDIR/magiskhide/enable ]; then
+      log_print "* Removing tampered read-only system props"
 
       VERIFYBOOT=`getprop ro.boot.verifiedbootstate`
       FLASHLOCKED=`getprop ro.boot.flash.locked`
       VERITYMODE=`getprop ro.boot.veritymode`
 
-      [ ! -z "$VERIFYBOOT" -a "$VERIFYBOOT" != "green" ] && log_print "`$BINPATH/resetprop -v -n ro.boot.verifiedbootstate green`"
-      [ ! -z "$FLASHLOCKED" -a "$FLASHLOCKED" != "1" ] && log_print "`$BINPATH/resetprop -v -n ro.boot.flash.locked 1`"
-      [ ! -z "$VERITYMODE" -a "$VERITYMODE" != "enforcing" ] && log_print "`$BINPATH/resetprop -v -n ro.boot.veritymode enforcing`"
+      [ ! -z "$VERIFYBOOT" -a "$VERIFYBOOT" != "green" ] && \
+      log_print "`$BINPATH/resetprop -v -n ro.boot.verifiedbootstate green`"
+      [ ! -z "$FLASHLOCKED" -a "$FLASHLOCKED" != "1" ] && \
+      log_print "`$BINPATH/resetprop -v -n ro.boot.flash.locked 1`"
+      [ ! -z "$VERITYMODE" -a "$VERITYMODE" != "enforcing" ] && \
+      log_print "`$BINPATH/resetprop -v -n ro.boot.veritymode enforcing`"
 
       mktouch $COREDIR/magiskhide/hidelist
       chmod -R 755 $COREDIR/magiskhide
       # Add Safety Net preset
       $COREDIR/magiskhide/add com.google.android.gms.unstable
-      log_print "** Starting Magisk Hide"
-      /data/magisk/magiskhide
+      log_print "* Starting Magisk Hide"
+      /data/magisk/magiskhide --daemon
     fi
     ;;
 

uninstaller/META-INF/com/google/android/update-binary

@@ -10,6 +10,12 @@
 
 INSTALLER=/tmp/uninstall
 
+# Boot Image Variables
+CHROMEDIR=$INSTALLER/chromeos
+NEWBOOT=$TMPDIR/boottmp/new-boot.img
+UNPACKDIR=$TMPDIR/boottmp/bootunpack
+RAMDISK=$TMPDIR/boottmp/ramdisk
+
 # Default permissions
 umask 022
 
@@ -73,7 +79,7 @@ find_boot_image() {
   if [ -z "$BOOTIMAGE" ]; then
     FSTAB="/etc/recovery.fstab"
     [ ! -f "$FSTAB" ] && FSTAB="/etc/recovery.fstab.bak"
-    [ -f "$FSTAB" ] BOOTIMAGE=`grep -E '\b/boot\b' "$FSTAB" | grep -oE '/dev/[a-zA-Z0-9_./-]*'`
+    [ -f "$FSTAB" ] && BOOTIMAGE=`grep -E '\b/boot\b' "$FSTAB" | grep -oE '/dev/[a-zA-Z0-9_./-]*'`
   fi
 }
 
@@ -96,12 +102,46 @@ grep_prop() {
   cat $FILES 2>/dev/null | sed -n $REGEX | head -n 1
 }
 
+mount_image() {
+  if [ ! -d "$2" ]; then
+    mount -o rw,remount rootfs /
+    mkdir -p $2 2>/dev/null
+    ($BOOTMODE) && mount -o ro,remount rootfs /
+    [ ! -d "$2" ] && return 1
+  fi
+  if (! is_mounted $2); then
+    LOOPDEVICE=
+    for LOOP in 0 1 2 3 4 5 6 7; do
+      if (! is_mounted $2); then
+        LOOPDEVICE=/dev/block/loop$LOOP
+        if [ ! -f "$LOOPDEVICE" ]; then
+          mknod $LOOPDEVICE b 7 $LOOP 2>/dev/null
+        fi
+        losetup $LOOPDEVICE $1
+        if [ "$?" -eq "0" ]; then
+          mount -t ext4 -o loop $LOOPDEVICE $2
+          if (! is_mounted $2); then
+            /system/bin/toolbox mount -t ext4 -o loop $LOOPDEVICE $2
+          fi
+          if (! is_mounted $2); then
+            /system/bin/toybox mount -t ext4 -o loop $LOOPDEVICE $2
+          fi
+        fi
+        if (is_mounted $2); then
+          ui_print "- Mounting $1 to $2"
+          break;
+        fi
+      fi
+    done
+  fi
+}
+
 unpack_boot() {
   rm -rf $UNPACKDIR $RAMDISK 2>/dev/null
   mkdir -p $UNPACKDIR
   mkdir -p $RAMDISK
   cd $UNPACKDIR
-  $BINDIR/bootimgtools --extract $1
+  LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/bootimgtools --extract $1
 
   cd $RAMDISK
   gunzip -c < $UNPACKDIR/ramdisk.gz | cpio -i
@@ -111,11 +151,11 @@ repack_boot() {
   cd $RAMDISK
   find . | cpio -o -H newc 2>/dev/null | gzip -9 > $UNPACKDIR/ramdisk.gz
   cd $UNPACKDIR
-  $BINDIR/bootimgtools --repack $ORIGBOOT
+  LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/bootimgtools --repack $BOOTIMAGE
   if [ -f chromeos ]; then
     echo " " > config
     echo " " > bootloader
-    $CHROMEDIR/futility vbutil_kernel --pack new-boot.img.signed --keyblock $CHROMEDIR/kernel.keyblock --signprivate $CHROMEDIR/kernel_data_key.vbprivk --version 1 --vmlinuz new-boot.img --config config --arch arm --bootloader bootloader --flags 0x1
+    LD_LIBRARY_PATH=$SYSTEMLIB $CHROMEDIR/futility vbutil_kernel --pack new-boot.img.signed --keyblock $CHROMEDIR/kernel.keyblock --signprivate $CHROMEDIR/kernel_data_key.vbprivk --version 1 --vmlinuz new-boot.img --config config --arch arm --bootloader bootloader --flags 0x1
     rm -f new-boot.img
     mv new-boot.img.signed new-boot.img
   fi
@@ -125,6 +165,11 @@ repack_boot() {
       echo -n "SEANDROIDENFORCE" >> new-boot.img
     fi
   fi
+  if ($LGE_G); then
+    # Prevent secure boot error on LG G2/G3.
+    # Just for know, It's a pattern which bootloader verifies at boot. Thanks to LG hackers.
+    echo -n -e "\x41\xa9\xe4\x67\x74\x4d\x1d\x1b\xa4\x29\xf2\xec\xea\x65\x52\x79" >> new-boot.img
+  fi
   mv new-boot.img $NEWBOOT
 }
 
@@ -132,29 +177,43 @@ revert_boot() {
   rm -rf $TMPDIR/boottmp 2>/dev/null
   mkdir -p $TMPDIR/boottmp
 
-  CHROMEDIR=$INSTALLER/chromeos
-  NEWBOOT=$TMPDIR/boottmp/new-boot.img
-  UNPACKDIR=$TMPDIR/boottmp/bootunpack
-  RAMDISK=$TMPDIR/boottmp/ramdisk
-
-  ORIGBOOT=$BOOTIMAGE
-
   ui_print "- Unpacking boot image"
-  unpack_boot $ORIGBOOT
+  unpack_boot $BOOTIMAGE
 
-  if [ -d ".backup" ]; then
+  SUPERSU=false
+  [ -f sbin/launch_daemonsu.sh ] && SUPERSU=true
+
+  if ($SUPERSU); then
+    ui_print "- SuperSU patched boot detected!"
+    SUIMG=/data/su.img
+    mount_image $SUIMG /su
+    if (is_mounted /su); then
+      SUPERSULOOP=$LOOPDEVICE
+      gunzip -c < $UNPACKDIR/ramdisk.gz > $UNPACKDIR/ramdisk
+      ui_print "- Using sukernel to restore ramdisk"
+      # Restore ramdisk
+      LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-restore $UNPACKDIR/ramdisk $UNPACKDIR/ramdisk
+      if [ $? -ne 0 ]; then
+        ui_print "! Unable to restore ramdisk"
+        ui_print "! Will still remove Magisk additions"
+      fi
+      rm -rf $RAMDISK
+      mkdir -p $RAMDISK
+      cd $RAMDISK
+      cpio -i < $UNPACKDIR/ramdisk
+      rm -f $UNPACKDIR/ramdisk
+    fi
+  elif [ -d ".backup" ]; then
     ui_print "- Restoring ramdisk with backup"
     cp -af .backup/. .
-    rm -rf magisk init.magisk.rc sbin/magic_mask.sh 2>/dev/null
-    rm -rf .backup
   else
     ui_print "! No ramdisk backup found"
-    ui_print "! Unable to revert completely"
     ui_print "! Will still remove Magisk additions"
-    # Removing boot image modifications
-    rm -rf magisk init.magisk.rc sbin/magic_mask.sh 2>/dev/null
   fi
 
+  # Remove possible boot modifications
+  rm -rf magisk init.magisk.rc sbin/magic_mask.sh .backup 2>/dev/null
+
   ui_print "- Repacking boot image"
   repack_boot
 }
@@ -188,6 +247,19 @@ if [ $? -eq 0 ]; then
   SAMSUNG=true
 fi
 
+LGE_G=false
+RBRAND=$(grep_prop ro.product.brand)
+RMODEL=$(grep_prop ro.product.device)
+if [ "$RBRAND" = "lge" ] || [ "$RBRAND" = "LGE" ];  then 
+  if [ "$RMODEL" = "*D80*" ] || 
+     [ "$RMODEL" = "*S98*" ] || 
+     [ "$RMODEL" = "*D85*" ] ||
+     [ "$RMODEL" = "*F40*" ]; then
+    LGE_G=true
+    ui_print "! Bump device detected"
+  fi
+fi
+
 API=$(grep_prop ro.build.version.sdk)
 ABI=$(grep_prop ro.product.cpu.abi | cut -c-3)
 ABI2=$(grep_prop ro.product.cpu.abi2 | cut -c-3)
@@ -205,6 +277,9 @@ ui_print "- Device platform: $ARCH"
 BINDIR=$INSTALLER/$ARCH
 chmod -R 755 $CHROMEDIR/futility $BINDIR
 
+SYSTEMLIB=/system/lib
+($IS64BIT) && SYSTEMLIB=/system/lib64
+
 find_boot_image
 if [ -z "$BOOTIMAGE" ]; then
   ui_print "! Unable to detect boot image"
@@ -215,11 +290,14 @@ fi
 # Detection all done, start installing
 ##########################################################################################
 
+ui_print "- Found Boot Image: $BOOTIMAGE"
+
 if (is_mounted /data); then
-  cp -af /data/stock_boot_*.gz /data/stock_boot.img.gz 2>/dev/null
-  gzip -d /data/stock_boot.img.gz 2>/dev/null
-  rm -rf /data/stock_boot.img.gz 2>/dev/null
-  if [ -f "/data/stock_boot.img" ]; then
+  PATH=/data/busybox:$PATH
+  cp -f /data/stock_boot_*.gz /data/stock_boot.img.gz 2>/dev/null
+  gunzip -d < /data/stock_boot.img.gz > /data/stock_boot.img 2>/dev/null
+  rm -f /data/stock_boot.img.gz 2>/dev/null
+  if [ -f /data/stock_boot.img ]; then
     ui_print "- Boot image backup found!"
     NEWBOOT=/data/stock_boot.img
   else
@@ -229,16 +307,16 @@ if (is_mounted /data); then
   ui_print "- Removing Magisk files"
   rm -rf  /cache/magisk.log /cache/last_magisk.log /cache/magiskhide.log \
           /cache/magisk /cache/magisk_merge /cache/magisk_mount  /cache/unblock \
-          /data/Magisk.apk /data/magisk.img /data/magisk_merge.img \
+          /data/Magisk.apk /data/magisk.apk /data/magisk.img /data/magisk_merge.img \
           /data/busybox /data/magisk /data/custom_ramdisk_patch.sh 2>/dev/null
 else
-  ui_print "! Data unavalible"
+  ui_print "! Data unavailable"
   ui_print "! Impossible to restore original boot image"
   ui_print "! Try using ramdisk backup"
   revert_boot
   ui_print "- Removing Magisk files"
   rm -rf  /cache/magisk.log /cache/last_magisk.log /cache/magiskhide.log \
-          /cache/magisk /cache/magisk_merge /cache/magisk_mount  /cache/unblock 2>/dev/null
+          /cache/magisk /cache/magisk_merge /cache/magisk_mount /cache/unblock 2>/dev/null
   ui_print "*****************************************"
   ui_print "     Magisk is not fully removed yet     "
   ui_print " Please manually remove /data/magisk.img "
@@ -252,6 +330,11 @@ ui_print "- Flashing reverted image"
 dd if=$NEWBOOT of=$BOOTIMAGE bs=4096
 
 umount /system
+if [ ! -z $SUPERSU ]; then
+  umount /su
+  losetup -d $SUPERSULOOP
+  rmdir /su
+fi
 
 ui_print "- Done"
 exit 0

zip_static/common/custom_ramdisk_patch.sh

@@ -1,18 +1,33 @@
 #!/system/bin/sh
 
 RAMDISK=$1
-BINDIR=/data/magisk
+BINDIR=$2
+[ -z $BINDIR ] && BINDIR=/data/magisk
+SYSTEMLIB=/system/lib
+[ -d /system/lib64 ] && SYSTEMLIB=/system/lib64
 
 cpio_add() {
-  /su/bin/sukernel --cpio-add $RAMDISK $RAMDISK $2 $1 $1
+  LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-add $RAMDISK $RAMDISK $2 $1 $1
 }
 
 cpio_extract() {
-  /su/bin/sukernel --cpio-extract $RAMDISK $1 $1
+  LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-extract $RAMDISK $1 $1
 }
 
 cpio_mkdir() {
-  /su/bin/sukernel --cpio-mkdir $RAMDISK $RAMDISK $2 $1
+  LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-mkdir $RAMDISK $RAMDISK $2 $1
+}
+
+# Recursive
+cpio_rm() {
+  if [ "$1" = "-r" ]; then
+    LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-ls $RAMDISK | grep "^$2/" | while read i ; do
+      LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-rm $RAMDISK $RAMDISK $i
+    done
+    LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-rmdir $RAMDISK $RAMDISK $2
+  else
+    LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-rm $RAMDISK $RAMDISK $1
+  fi
 }
 
 rm -rf /tmp/magisk/ramdisk 2>/dev/null
@@ -24,27 +39,23 @@ cat $RAMDISK | cpio -i
 # Patch ramdisk
 echo "- Patching ramdisk"
 
+# Cleanup SuperSU backups
+cpio_rm -r .subackup
+
 # Add magisk entrypoint
 for INIT in init*.rc; do
-  if [ $(grep -c "import /init.environ.rc" $INIT) -ne "0" ] && [ $(grep -c "import /init.magisk.rc" $INIT) -eq "0" ]; then
+  if [ `grep -c "import /init.environ.rc" $INIT` -ne "0" ] && [ `grep -c "import /init.magisk.rc" $INIT` -eq "0" ]; then
     sed -i "/import \/init\.environ\.rc/iimport /init.magisk.rc" $INIT
     cpio_add $INIT 750
     break
   fi
 done
 
-# Add magisk PATH
-if [ $(grep -c "/magisk/.core/busybox" init.environ.rc) -eq "0" ]; then
-  sed -i "/export PATH/ s/\/system\/xbin/\/system\/xbin:\/magisk\/.core\/busybox/g" init.environ.rc
-  cpio_add init.environ.rc 750
-fi
-
 # sepolicy patches
-$BINDIR/sepolicy-inject --magisk -P sepolicy
+LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/sepolicy-inject --magisk -P sepolicy
 cpio_add sepolicy 644
 
 # Add new items
-mkdir -p magisk 2>/dev/null
 cp -af $BINDIR/init.magisk.rc init.magisk.rc
 cp -af $BINDIR/magic_mask.sh sbin/magic_mask.sh
 

zip_static/common/init.magisk.rc

@@ -7,7 +7,7 @@ on post-fs
 
 on post-fs-data
     start magisk_pfsd
-    wait /dev/.magisk.unblock 40
+    wait /dev/.magisk.unblock 60
     rm /dev/.magisk.unblock
 
 on property:magisk.restart_pfsd=1

zip_static/common/phh/module.prop

@@ -0,0 +1,8 @@
+id=phh
+name=phh's SuperUser
+version=topjohnwu r1
+versionCode=6
+author=phhusson & topjohnwu
+description=OpenSource SELinux-capable SuperUser
+support=http://forum.xda-developers.com/showthread.php?t=3216394
+donate=http://forum.xda-developers.com/donatetome.php?u=1915408

zip_static/common/phh/service.sh

@@ -0,0 +1,46 @@
+#!/system/bin/sh
+
+LOGFILE=/cache/magisk.log
+MODDIR=${0%/*}
+
+log_print() {
+  echo $1
+  echo "phh: $1" >> $LOGFILE
+  log -p i -t phh "$1"
+}
+
+# Disable the other root
+[ -d "/magisk/zzsupersu" ] && touch /magisk/zzsupersu/disable
+
+log_print "Live patching sepolicy"
+$MODDIR/bin/sepolicy-inject --live
+
+log_print "Moving and linking /sbin binaries"
+mount -o rw,remount rootfs /
+mv /sbin /sbin_orig
+mkdir /sbin
+chmod 755 /sbin
+ln -s /sbin_orig/* /sbin
+mount -o ro,remount rootfs /
+
+# Expose the root path
+log_print "Mounting supath"
+rm -rf /magisk/.core/bin $MODDIR/sbin_bind
+mkdir -p $MODDIR/sbin_bind 
+/data/busybox/cp -afc /sbin/. $MODDIR/sbin_bind
+chmod 755 $MODDIR/sbin_bind
+ln -s $MODDIR/bin/* $MODDIR/sbin_bind
+mount -o bind $MODDIR/sbin_bind /sbin
+
+# Run su.d
+for script in $MODDIR/su.d/* ; do
+  if [ -f "$script" ]; then
+    chmod 755 $script
+    log_print "su.d: $script"
+    sh $script
+  fi
+done
+
+log_print "Starting su daemon"
+[ ! -z $OLDPATH ] && export PATH=$OLDPATH
+/sbin/su --daemon

ziptools/src/zipadjust.c

@@ -27,6 +27,11 @@
 #include <errno.h>
 #include <zlib.h>
 
+#ifndef O_BINARY
+#define O_BINARY  0
+#define O_TEXT    0
+#endif
+
 #pragma pack(1)
 struct local_header_struct {
 	uint32_t signature;
@@ -194,7 +199,7 @@ static int xdecompress(int fdIn, int fdOut, off_t offsetIn, off_t offsetOut, siz
 int zipadjust(char* filenameIn, char* filenameOut, int decompress) {
 	int ok = 0;
 	
-	int fin = open(filenameIn, O_RDONLY);
+	int fin = open(filenameIn, O_RDONLY | O_BINARY);
 	if (fin > 0) {
 		unsigned int size = lseek(fin, 0, SEEK_END);
 		lseek(fin, 0, SEEK_SET);
@@ -234,7 +239,7 @@ int zipadjust(char* filenameIn, char* filenameOut, int decompress) {
 		memset(central_directory_out, 0, central_directory_in_size);
 
 		unlink(filenameOut);
-		int fout = open(filenameOut, O_CREAT | O_WRONLY, 0644);
+		int fout = open(filenameOut, O_CREAT | O_WRONLY | O_BINARY, 0644);
 		if (fout > 0) {
 
 			uintptr_t central_directory_in_index = 0;