Several improvements

1. Add new trigger "load_magisk_props_action" in init.magisk.rc
2. Patch init*.rc with new trigger
3. Update resetprop to handle prop value with spaces
4. Handle the case when modules contains file/folder names with spaces

.gitattributes

@@ -0,0 +1,17 @@
+# Set the default behavior, in case people don't have core.autocrlf set.
+* text eol=lf
+
+# Explicitly declare text files you want to always be normalized and converted
+# to native line endings on checkout.
+# *.c text
+# *.h text
+
+# Declare files that will always have CRLF line endings on checkout.
+*.cmd text eol=crlf
+
+# Denote all files that are truly binary and should not be modified.
+busybox binary
+futility binary
+*.jar binary
+*.exe binary
+*.apk binary

.gitignore

@@ -11,10 +11,14 @@ uninstaller/arm/*
 uninstaller/arm64/*
 uninstaller/x86/*
 uninstaller/x64/*
-zipsigntools/zipadjust
+ziptools/zipadjust
 
 # Generated scripts
+uninstaller/common/
 zip_static/common/magic_mask.sh
+zip_static/common/magisksu.sh
+zip_static/common/init.magisk.rc
+zip_static/common/custom_ramdisk_patch.sh
 zip_static/META-INF/com/google/android/update-binary
 
 # Leave all busybox!

.gitmodules

@@ -1,9 +1,12 @@
-[submodule "selinux"]
-	path = selinux
-	url = https://github.com/topjohnwu/selinux
 [submodule "jni/sepolicy-inject"]
 	path = jni/sepolicy-inject
 	url = https://github.com/topjohnwu/sepolicy-inject
 [submodule "jni/resetprop"]
 	path = jni/resetprop
 	url = https://github.com/topjohnwu/resetprop.git
+[submodule "jni/selinux"]
+	path = jni/selinux
+	url = https://github.com/topjohnwu/selinux.git
+[submodule "jni/su"]
+	path = jni/su
+	url = https://github.com/topjohnwu/Superuser.git

README.MD

@@ -3,8 +3,9 @@
 * Busybox: http://forum.xda-developers.com/android/software-hacking/tool-busybox-flashable-archs-t3348543
 
 ###How to build Magisk
-1. Only support MacOS and Linux
-2. Download and install NDK
-3. Add the NDK directory into PATH.  
-To check if success, please try calling `which ndk-build` and see if it returns the NDK directory
-4. Execute `./build.sh`, it will give you further information
+1. Download and install NDK
+2. Add the NDK directory into PATH  
+To check if the PATH is set correctly, try calling `which ndk-build` (`where ndk-build` on Windows) and see if it shows the NDK directory
+3. Unix-like users (e.g. Linux & MacOS) please execute `build.sh` through shell  
+Windows users please execute `build.cmd` through cmd
+4. The scripts will show you further details

build.cmd

@@ -0,0 +1,167 @@
+@ECHO OFF
+SETLOCAL ENABLEEXTENSIONS
+SET me=%~nx0
+SET parent=%~dp0
+SET tab=	
+SET OK=
+
+CD %parent%
+
+call :%~1 "%~2"
+IF NOT DEFINED OK CALL :usage
+
+EXIT /B %ERRORLEVEL%
+
+:usage
+  ECHO %me% all ^<version name^>
+  ECHO %tab%Build binaries, zip, and sign Magisk
+  ECHO %tab%This is equlivant to first ^<build^>, then ^<zip^>
+  ECHO %me% clean
+  ECHO %tab%Cleanup compiled / generated files
+  ECHO %me% build
+  ECHO %tab%Build the binaries with ndk
+  ECHO %me% zip ^<version name^>
+  ECHO %tab%Zip and sign Magisk
+  ECHO %me% uninstaller
+  ECHO %tab%Zip and sign the uninstaller
+  EXIT /B 1
+
+:all
+  SET OK=y
+  IF [%~1] == [] (
+    CALL :error "Missing version number"
+    CALL :usage
+    EXIT /B %ERRORLEVEL%
+  )
+  CALL :build
+  CALL :zip "%~1"
+  EXIT /B %ERRORLEVEL%
+
+:build
+  SET OK=y
+  ECHO ************************
+  ECHO * Building binaries
+  ECHO ************************
+  FOR /F "tokens=* USEBACKQ" %%F IN (`where ndk-build`) DO (
+    IF [%%F] == [] (
+      CALL :error "Please add ndk-build to PATH!"
+      EXIT /B 1
+    )
+  )
+  CALL ndk-build -j4 || CALL :error "Magisk binary tools build failed...."
+  IF %ERRORLEVEL% NEQ 0 EXIT /B %ERRORLEVEL%
+  ECHO ************************
+  ECHO * Copying binaries
+  ECHO ************************
+  COPY /Y libs\armeabi-v7a\* zip_static\arm
+  COPY /Y libs\arm64-v8a\* zip_static\arm64
+  COPY /Y libs\x86\* zip_static\x86
+  COPY /Y libs\x86_64\* zip_static\x64
+  CALL :mkcp libs\armeabi-v7a\bootimgtools uninstaller\arm
+  CALL :mkcp libs\arm64-v8a\bootimgtools uninstaller\arm64
+  CALL :mkcp libs\x86\bootimgtools uninstaller\x86
+  CALL :mkcp libs\x86_64\bootimgtools uninstaller\x64
+  EXIT /B %ERRORLEVEL%
+
+:clean
+  SET OK=y
+  ECHO ************************
+  ECHO * Cleaning up
+  ECHO ************************
+  CALL ndk-build clean
+  forfiles /P zip_static\arm /C "cmd /C IF NOT @file == \"busybox\" DEL @file"
+  forfiles /P zip_static\arm64 /C "cmd /C IF NOT @file == \"busybox\" DEL @file"
+  forfiles /P zip_static\x86 /C "cmd /C IF NOT @file == \"busybox\" DEL @file"
+  forfiles /P zip_static\x64 /C "cmd /C IF NOT @file == \"busybox\" DEL @file"
+  2>NUL DEL zip_static\META-INF\com\google\android\update-binary
+  2>NUL DEL zip_static\common\custom_ramdisk_patch.sh
+  2>NUL DEL zip_static\common\magisksu.sh
+  2>NUL DEL zip_static\common\init.magisk.rc
+  2>NUL DEL zip_static\common\magic_mask.sh
+  2>NUL RMDIR /S /Q uninstaller\common
+  2>NUL RMDIR /S /Q uninstaller\arm
+  2>NUL RMDIR /S /Q uninstaller\arm64
+  2>NUL RMDIR /S /Q uninstaller\x86
+  2>NUL RMDIR /S /Q uninstaller\x64
+  EXIT /B 0
+
+:zip
+  SET OK=y
+  IF [%~1] == [] (
+    CALL :error "Missing version number"
+    CALL :usage
+    EXIT /B %ERRORLEVEL%
+  )
+  IF NOT EXIST "zip_static\arm\bootimgtools" CALL :error "Missing binaries! Please run '%me% build' before zipping!"
+  IF %ERRORLEVEL% NEQ 0 EXIT /B %ERRORLEVEL%
+  ECHO ************************
+  ECHO * Adding version info
+  ECHO ************************
+  powershell.exe -nologo -noprofile -command "(gc -Raw scripts\flash_script.sh) -replace 'MAGISK_VERSION_STUB', 'Magisk v%~1 Boot Image Patcher' | sc zip_static\META-INF\com\google\android\update-binary"
+  powershell.exe -nologo -noprofile -command "(gc -Raw scripts\magic_mask.sh) -replace 'MAGISK_VERSION_STUB', 'setprop magisk.version \"%~1\"' | sc zip_static\common\magic_mask.sh"
+  ECHO ************************
+  ECHO * Zipping Magisk v%~1
+  ECHO ************************
+  COPY /Y scripts\custom_ramdisk_patch.sh zip_static\common\custom_ramdisk_patch.sh
+  COPY /Y scripts\magisksu.sh zip_static\common\magisksu.sh
+  COPY /Y scripts\init.magisk.rc zip_static\common\init.magisk.rc
+  CD zip_static
+  2>NUL DEL "..\Magisk-v%~1.zip"
+  ..\ziptools\win_bin\zip "..\Magisk-v%~1.zip" -r .
+  CD ..\
+  CALL :sign_zip "Magisk-v%~1.zip"
+  EXIT /B %ERRORLEVEL%
+
+:uninstaller
+  SET OK=y
+  IF NOT EXIST "uninstaller\arm\bootimgtools" CALL :error "Missing binaries! Please run '%me% build' before zipping!"
+  IF %ERRORLEVEL% NEQ 0 EXIT /B %ERRORLEVEL%
+  ECHO ************************
+  ECHO * Zipping uninstaller
+  ECHO ************************
+  CALL :mkcp scripts\magisk_uninstaller.sh uninstaller\common
+  FOR /F "tokens=* USEBACKQ" %%F IN (`ziptools\win_bin\date "+%%Y%%m%%d"`) DO (set timestamp=%%F)
+  CD uninstaller
+  2>NUL DEL "../Magisk-uninstaller-%timestamp%.zip"
+  ..\ziptools\win_bin\zip "../Magisk-uninstaller-%timestamp%.zip" -r .
+  CD ..\
+  CALL :sign_zip "Magisk-uninstaller-%timestamp%.zip"
+  EXIT /B %ERRORLEVEL%
+
+:sign_zip
+  IF NOT EXIST "ziptools\win_bin\zipadjust.exe" (
+    ECHO ************************
+    ECHO * Compiling ZipAdjust
+    ECHO ************************
+    gcc -o ziptools\win_bin\zipadjust ziptools\src\*.c -lz || CALL :error "ZipAdjust Build failed...."
+    IF %ERRORLEVEL% NEQ 0 EXIT /B %ERRORLEVEL%
+  )
+  SET basename="%~1"
+  SET basename="%basename:.zip=%"
+  ECHO ************************
+  ECHO * First sign %~1
+  ECHO ************************
+  java -jar "ziptools\signapk.jar" "ziptools\test.certificate.x509.pem" "ziptools\test.key.pk8" "%~1" "%basename:"=%-firstsign.zip"
+  ECHO ************************
+  ECHO * Adjusting %~1
+  ECHO ************************
+  ziptools\win_bin\zipadjust "%basename:"=%-firstsign.zip" "%basename:"=%-adjusted.zip"
+  ECHO ************************
+  ECHO * Final sign %~1
+  ECHO ************************
+  java -jar "ziptools\minsignapk.jar" "ziptools\test.certificate.x509.pem" "ziptools\test.key.pk8" "%basename:"=%-adjusted.zip" "%basename:"=%-signed.zip"
+
+  MOVE /Y "%basename:"=%-signed.zip" "%~1"
+  DEL "%basename:"=%-adjusted.zip" "%basename:"=%-firstsign.zip"
+  EXIT /B %ERRORLEVEL%
+
+:mkcp
+  2>NUL MKDIR "%~2"
+  2>NUL COPY /Y "%~1" "%~2"
+  EXIT /B 0
+
+:error
+  ECHO.
+  ECHO ! %~1
+  ECHO.
+  EXIT /B 1

build.sh

@@ -3,7 +3,7 @@
 usage() {
   echo "$0 all <version name>"
   echo -e "\tBuild binaries, zip, and sign Magisk"
-  echo -e "\tThis is equlivant to first --build, then --zip"
+  echo -e "\tThis is equlivant to first <build>, then <zip>"
   echo "$0 clean"
   echo -e "\tCleanup compiled / generated files"
   echo "$0 build"
@@ -24,8 +24,12 @@ cleanup() {
   ls zip_static/arm64/* | grep -v "busybox" | xargs rm -rfv
   ls zip_static/x86/* | grep -v "busybox" | xargs rm -rfv
   ls zip_static/x64/* | grep -v "busybox" | xargs rm -rfv
-  rm -rfv zip_static/META-INF/com/google/android/update-binary 
+  rm -rfv zip_static/META-INF/com/google/android/update-binary
+  rm -rfv zip_static/common/custom_ramdisk_patch.sh
+  rm -rfv zip_static/common/magisksu.sh
+  rm -rfv zip_static/common/init.magisk.rc
   rm -rfv zip_static/common/magic_mask.sh
+  rm -rfv uninstaller/common
   rm -rfv uninstaller/arm
   rm -rfv uninstaller/arm64
   rm -rfv uninstaller/x86
@@ -37,28 +41,22 @@ mkcp() {
   cp -afv $1 $2
 }
 
+error() {
+  echo -e "\n! $1\n"
+  exit 1
+}
+
 build_bin() {
   echo "************************"
   echo "* Building binaries"
   echo "************************"
-  if [ -z `which ndk-build` ]; then
-    echo "!!!!!!!!!!!!!!!!!!!!!!!!"
-    echo "! Please add ndk-build to PATH!"
-    echo "!!!!!!!!!!!!!!!!!!!!!!!!"
-    exit 1
-  fi
-  ndk-build -j4
-  if [ $? -ne 0 ]; then
-    echo "!!!!!!!!!!!!!!!!!!!!!!!!"
-    echo "! Magisk binary tools build failed...."
-    echo "!!!!!!!!!!!!!!!!!!!!!!!!"
-    exit 1
-  fi
+  [ -z `which ndk-build` ] && error "Please add ndk-build to PATH!"
+  ndk-build -j4 || error "Magisk binary tools build failed...."
   echo "************************"
   echo "* Copying binaries"
   echo "************************"
-  mkcp "libs/armeabi/*" zip_static/arm
-  mkcp libs/armeabi/bootimgtools uninstaller/arm
+  mkcp "libs/armeabi-v7a/*" zip_static/arm
+  mkcp libs/armeabi-v7a/bootimgtools uninstaller/arm
   mkcp "libs/arm64-v8a/*" zip_static/arm64
   mkcp libs/arm64-v8a/bootimgtools uninstaller/arm64
   mkcp "libs/x86/*" zip_static/x86
@@ -68,13 +66,7 @@ build_bin() {
 }
 
 zip_package() {
-  if [ ! -f "zip_static/arm/bootimgtools" ]; then
-    echo "!!!!!!!!!!!!!!!!!!!!!!!!"
-    echo "! Missing binaries!!"
-    echo "! Please run \"$0 build\" before zipping"
-    echo "!!!!!!!!!!!!!!!!!!!!!!!!"
-    exit 1
-  fi
+  [ ! -f "zip_static/arm/bootimgtools" ] && error "Missing binaries!! Please run '$0 build' before zipping"
   echo "************************"
   echo "* Adding version info"
   echo "************************"
@@ -83,6 +75,9 @@ zip_package() {
   echo "************************"
   echo "* Zipping Magisk v$1"
   echo "************************"
+  cp -afv scripts/custom_ramdisk_patch.sh zip_static/common/custom_ramdisk_patch.sh
+  cp -afv scripts/magisksu.sh zip_static/common/magisksu.sh
+  cp -afv scripts/init.magisk.rc zip_static/common/init.magisk.rc
   cd zip_static
   find . -type f -exec chmod 644 {} \;
   find . -type d -exec chmod 755 {} \;
@@ -93,18 +88,15 @@ zip_package() {
 }
 
 zip_uninstaller() {
-  if [ ! -f "uninstaller/arm/bootimgtools" ]; then
-    echo "! Missing binaries!!"
-    echo "! Please run \"$0 build\" before zipping"
-    exit 1
-  fi
+  [ ! -f "uninstaller/arm/bootimgtools" ] && error "Missing binaries!! Please run '$0 build' before zipping"
   echo "************************"
   echo "* Zipping uninstaller"
   echo "************************"
+  mkcp scripts/magisk_uninstaller.sh uninstaller/common
   cd uninstaller
   find . -type f -exec chmod 644 {} \;
   find . -type d -exec chmod 755 {} \;
-  TIMESTAMP=$(date "+%Y%m%d")
+  TIMESTAMP=`date "+%Y%m%d"`
   rm -rf "../Magisk-uninstaller-$TIMESTAMP.zip"
   zip "../Magisk-uninstaller-$TIMESTAMP.zip" -r .
   cd ../
@@ -112,31 +104,25 @@ zip_uninstaller() {
 }
 
 sign_zip() {
-  if [ ! -f "zipsigntools/zipadjust" ]; then
+  if [ ! -f "ziptools/zipadjust" ]; then
     echo "************************"
     echo "* Compiling ZipAdjust"
     echo "************************"
-    gcc -o zipsigntools/zipadjust zipsigntools/src/*.c -lz
-    if [ $? -ne 0 ]; then
-      echo "!!!!!!!!!!!!!!!!!!!!!!!!"
-      echo "! ZipAdjust Build failed...."
-      echo "!!!!!!!!!!!!!!!!!!!!!!!!"
-      exit 1
-    fi
-    chmod 755 zipsigntools/zipadjust
+    gcc -o ziptools/zipadjust ziptools/src/*.c -lz || error "ZipAdjust Build failed...."
+    chmod 755 ziptools/zipadjust
   fi
   echo "************************"
   echo "* First sign $1"
   echo "************************"
-  java -jar "zipsigntools/signapk.jar" "zipsigntools/test.certificate.x509.pem" "zipsigntools/test.key.pk8" "$1" "${1%.*}-firstsign.zip"
+  java -jar "ziptools/signapk.jar" "ziptools/test.certificate.x509.pem" "ziptools/test.key.pk8" "$1" "${1%.*}-firstsign.zip"
   echo "************************"
   echo "* Adjusting $1"
   echo "************************"
-  zipsigntools/zipadjust "${1%.*}-firstsign.zip" "${1%.*}-adjusted.zip"
+  ziptools/zipadjust "${1%.*}-firstsign.zip" "${1%.*}-adjusted.zip"
   echo "************************"
   echo "* Final sign $1"
   echo "************************"
-  java -jar "zipsigntools/signapk.jar" "zipsigntools/test.certificate.x509.pem" "zipsigntools/test.key.pk8" "${1%.*}-adjusted.zip" "${1%.*}-signed.zip"
+  java -jar "ziptools/minsignapk.jar" "ziptools/test.certificate.x509.pem" "ziptools/test.key.pk8" "${1%.*}-adjusted.zip" "${1%.*}-signed.zip"
 
   mv "${1%.*}-signed.zip" "$1"
   rm "${1%.*}-adjusted.zip" "${1%.*}-firstsign.zip"

jni/Android.mk

@@ -1,35 +1,10 @@
-my_path := $(call my-dir)
+LOCAL_PATH := $(call my-dir)
 
-LOCAL_PATH := $(my_path)
+include jni/bootimgtools/Android.mk
+include jni/magiskhide/Android.mk
+include jni/resetprop/Android.mk
+include jni/sepolicy-inject/Android.mk
+include jni/su/Android.mk
 
-include $(CLEAR_VARS)
-LOCAL_MODULE := magiskhide
-LOCAL_MODULE_TAGS := optional
-LOCAL_SRC_FILES := magiskhide.c
-LOCAL_CFLAGS += -std=gnu11
-include $(BUILD_EXECUTABLE)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := bootimgtools
-LOCAL_MODULE_TAGS := optional
-LOCAL_SRC_FILES := bootimgtools.c extract.c repack.c hexpatch.c
-LOCAL_CFLAGS += -std=gnu11
-include $(BUILD_EXECUTABLE)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := sepolicy-inject
-LOCAL_MODULE_TAGS := optional
-LOCAL_STATIC_LIBRARIES := libsepol
-LOCAL_SRC_FILES := sepolicy-inject/sepolicy-inject.c sepolicy-inject/builtin_rules.c
-LOCAL_C_INCLUDES := selinux/libsepol/include/
-LOCAL_CFLAGS += -std=gnu11
-include $(BUILD_EXECUTABLE)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := resetprop
-LOCAL_MODULE_TAGS := optional
-LOCAL_SRC_FILES := resetprop/resetprop.cpp resetprop/system_properties.cpp resetprop/libc_logging.cpp
-LOCAL_LDLIBS += -latomic
-include $(BUILD_EXECUTABLE)
-
-include selinux/libsepol/Android.mk
+include jni/selinux/libsepol/Android.mk
+include jni/selinux/libselinux/Android.mk

jni/Application.mk

@@ -1,5 +1,4 @@
-APP_ABI := x86 x86_64 armeabi arm64-v8a
+APP_ABI := x86 x86_64 armeabi-v7a arm64-v8a
 APP_PIE = true
 APP_PLATFORM := android-21
 APP_CPPFLAGS += -std=c++11
-# APP_STL := c++_static

jni/bootimgtools/Android.mk

@@ -0,0 +1,8 @@
+LOCAL_PATH := $(call my-dir)
+
+include $(CLEAR_VARS)
+LOCAL_MODULE := bootimgtools
+LOCAL_MODULE_TAGS := optional
+LOCAL_SRC_FILES := main.c extract.c repack.c hexpatch.c
+LOCAL_CFLAGS += -std=gnu11
+include $(BUILD_EXECUTABLE)

jni/bootimgtools/extract.c

@@ -9,7 +9,7 @@
 #include <assert.h>
 #include <string.h>
 
-#include "bootimgtools.h"
+#include "bootimg.h"
 
 void dump(uint8_t *ptr, size_t size, char* filename) {
 	unlink(filename);

jni/bootimgtools/hexpatch.c

@@ -7,7 +7,7 @@
 #include <stdlib.h>
 #include <string.h>
 
-#include "bootimgtools.h"
+#include "bootimg.h"
 
 int hex2int(char c) {
 	int first = c / 16 - 3;

jni/bootimgtools/main.c

@@ -1,7 +1,7 @@
 #include <getopt.h>
 #include <stdio.h>
 
-#include "bootimgtools.h"
+#include "bootimg.h"
 
 /********************
   Patch Boot Image

jni/bootimgtools/repack.c

@@ -9,7 +9,7 @@
 #include <assert.h>
 #include <string.h>
 
-#include "bootimgtools.h"
+#include "bootimg.h"
 
 off_t file_size(char *filename) {
 	struct stat st;

jni/magiskhide.c

@@ -1,256 +0,0 @@
-#define _GNU_SOURCE
-#include <string.h>
-#include <fcntl.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <sched.h>
-#include <pthread.h>
-#include <unistd.h>
-#include <signal.h>
-
-#include <sys/mount.h>
-#include <sys/inotify.h>
-#include <sys/wait.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-
-#define LOGFILE 	"/cache/magisk.log"
-#define HIDELIST 	"/magisk/.core/magiskhide/hidelist"
-
-FILE *logfile;
-int i, list_size;
-char **hide_list = NULL;
-pthread_mutex_t mutex;
-
-char **file_to_str_arr(FILE *fp, int *size) {
-	int allocated = 16;
-	char *line = NULL, **array;
-	size_t len = 0;
-	ssize_t read;
-
-	array = (char **) malloc(sizeof(char*) * allocated);
-
-	*size = 0;
-	while ((read = getline(&line, &len, fp)) != -1) {
-		if (*size >= allocated) {
-			// Double our allocation and re-allocate
-			allocated *= 2;
-			array = (char **) realloc(array, sizeof(char*) * allocated);
-		}
-		// Remove end newline
-		if (line[read - 1] == '\n') {
-			line[read - 1] = '\0';
-		}
-		array[*size] = line;
-		line = NULL;
-		++(*size);
-	}
-	return array;
-}
-
-void lazy_unmount(const char* mountpoint) {
-	if (umount2(mountpoint, MNT_DETACH) != -1)
-		fprintf(logfile, "MagiskHide: Unmounted (%s)\n", mountpoint);
-	else
-		fprintf(logfile, "MagiskHide: Unmount Failed (%s)\n", mountpoint);
-}
-
-//WARNING: Calling this will change our current namespace
-//We don't care because we don't want to run from here anyway
-int hideMagisk(int pid, int uid) {
-	struct stat info;
-	char path[256];
-	// snprintf(path, 256, "/proc/%d", pid);
-	// if (stat(path, &info) == -1) {
-	// 	fprintf(logfile, "MagiskHide: Unable to get info for pid=%d\n", pid);
-	// 	return 1;
-	// }
-	// if (info.st_uid != uid) {
-	// 	fprintf(logfile, "MagiskHide: Incorrect uid=%d, expect uid=%d\n", info.st_uid, uid);
-	// 	return 1;
-	// }
-
-	snprintf(path, 256, "/proc/%d/ns/mnt", pid);
-	int fd = open(path, O_RDONLY);
-	if(fd == -1) return 2; // Maybe process died..
-	if(setns(fd, 0) == -1) {
-		fprintf(logfile, "MagiskHide: Unable to change namespace for pid=%d\n", pid);
-		return 3;
-	}
-
-	snprintf(path, 256, "/proc/%d/mounts", pid);
-	FILE *mount_fp = fopen(path, "r");
-	if (mount_fp == NULL) {
-		fprintf(logfile, "MagiskHide: Error opening mount list!\n");
-		return 4;
-	}
-
-	int mount_size;
-	char **mount_list = file_to_str_arr(mount_fp, &mount_size), mountpoint[256], cache_block[256];
-	fclose(mount_fp);
-
-	// Find the cache block
-	for(i = 0; i < mount_size; ++i) {
-		if (strstr(mount_list[i], "/cache")) {
-			sscanf(mount_list[i], "%256s", cache_block);
-			break;
-		}
-	}
-
-	// Unmount in inverse order
-	for(i = mount_size - 1; i >= 0; --i) {
-		if (strstr(mount_list[i], cache_block) && strstr(mount_list[i], "/system")) {
-			sscanf(mount_list[i], "%256s %256s", mountpoint, mountpoint);
-		} else if (strstr(mount_list[i], "/dev/block/loop")) {
-			if (strstr(mount_list[i], "/dev/magisk")) continue;
-			// Everything from loop mount
-			sscanf(mount_list[i], "%256s %256s", mountpoint, mountpoint);
-		} else if (strstr(mount_list[i], "tmpfs /system/")) {
-			// Directly unmount skeletons
-			sscanf(mount_list[i], "%256s %256s", mountpoint, mountpoint);
-		} else {
-			free(mount_list[i]);
-			continue;
-		}
-		lazy_unmount(mountpoint);
-		free(mount_list[i]);
-	}
-	// Free memory
-	free(mount_list);
-
-	return 0;
-}
-
-void update_list(const char *listpath) {
-	FILE *hide_fp = fopen((char*) listpath, "r");
-	if (hide_fp == NULL) {
-		fprintf(logfile, "MagiskHide: Error opening hide list\n");
-		exit(1);
-	}
-	pthread_mutex_lock(&mutex);
-	if (hide_list) {
-		// Free memory
-		for(i = 0; i < list_size; ++i)
-			free(hide_list[i]);
-		free(hide_list);
-	}
-	hide_list = file_to_str_arr(hide_fp, &list_size);
-	pthread_mutex_unlock(&mutex);
-	fclose(hide_fp);
-	if (list_size) fprintf(logfile, "MagiskHide: Update process/package list:\n");
-	for(i = 0; i < list_size; i++)
-		fprintf(logfile, "MagiskHide: [%s]\n", hide_list[i]);
-}
-
-void quit_pthread(int sig) {
-	// Free memory
-	for(i = 0; i < list_size; ++i)
-		free(hide_list[i]);
-	free(hide_list);
-	pthread_exit(NULL);
-}
-
-void *monitor_list(void *listpath) {
-	signal(SIGQUIT, quit_pthread);
-
-	int inotifyFd = -1;
-	char buffer[512];
-
-	while(1) {
-		if (inotifyFd == -1 || read(inotifyFd, buffer, 512) == -1) {
-			close(inotifyFd);
-			inotifyFd = inotify_init();
-			if (inotifyFd == -1) {
-				fprintf(logfile, "MagiskHide: Unable to watch %s\n", listpath);
-				exit(1);
-			}
-			if (inotify_add_watch(inotifyFd, (char*) listpath, IN_MODIFY) == -1) {
-				fprintf(logfile, "MagiskHide: Unable to watch %s\n", listpath);
-				exit(1);
-			}
-		}
-		update_list((char*) listpath);
-	}
-
-	return NULL;
-}
-
-int main(int argc, char **argv, char **envp) {
-
-	pid_t forkpid = fork();
-
-	if (forkpid < 0)
-		return 1;
-
-	if (forkpid == 0) {
-		if (setsid() < 0)
-			return 1;
-
-		close(STDIN_FILENO);
-		close(STDOUT_FILENO);
-		close(STDERR_FILENO);
-
-		logfile = fopen(LOGFILE, "a+");
-		setbuf(logfile, NULL);
-
-		pthread_t list_monitor;
-
-		pthread_mutex_init(&mutex, NULL);
-		pthread_create(&list_monitor, NULL, monitor_list, HIDELIST);
-
-		char buffer[512];
-		FILE *p = popen("while true; do logcat -b events -v raw -s am_proc_start; sleep 1; done", "r");
-
-		while(!feof(p)) {
-			//Format of am_proc_start is (as of Android 5.1 and 6.0)
-			//UserID, pid, unix uid, processName, hostingType, hostingName
-			fgets(buffer, sizeof(buffer), p);
-
-			char *pos = buffer;
-			while(1) {
-				pos = strchr(pos, ',');
-				if(pos == NULL)
-					break;
-				pos[0] = ' ';
-			}
-
-			int user, pid, uid;
-			char processName[256], hostingType[16], hostingName[256];
-			int ret = sscanf(buffer, "[%d %d %d %256s %16s %256s]",
-					&user, &pid, &uid,
-					processName, hostingType, hostingName);
-
-			if(ret != 6)
-				continue;
-
-			for (i = 0; i < list_size; ++i) {
-				if(strstr(processName, hide_list[i])) {
-					fprintf(logfile, "MagiskHide: Disabling for process=%s, PID=%d, UID=%d\n", processName, pid, uid);
-					forkpid = fork();
-					if (forkpid < 0)
-						break;
-					if (forkpid == 0) {
-						hideMagisk(pid, uid);
-						return 0;
-					}
-					waitpid(forkpid, NULL, 0);
-					kill(forkpid, SIGTERM);
-					break;
-				}
-			}
-		}
-
-		pclose(p);
-
-		pthread_kill(list_monitor, SIGQUIT);
-		pthread_mutex_destroy(&mutex);
-
-		fprintf(logfile, "MagiskHide: Error occurred...\n");
-
-		fclose(logfile);
-
-		return 1;
-	}
-
-	return 0;
-}

jni/magiskhide/Android.mk

@@ -0,0 +1,8 @@
+LOCAL_PATH := $(call my-dir)
+
+include $(CLEAR_VARS)
+LOCAL_MODULE := magiskhide
+LOCAL_MODULE_TAGS := optional
+LOCAL_SRC_FILES := main.c hide.c list_monitor.c proc_monitor.c util.c
+LOCAL_CFLAGS += -std=gnu11 -O3
+include $(BUILD_EXECUTABLE)

jni/magiskhide/hide.c

@@ -0,0 +1,77 @@
+#include "magiskhide.h"
+
+int hideMagisk() {
+	close(pipefd[1]);
+	
+	int pid, fd;
+	char cache_block[256];
+	cache_block[0] = '\0';
+
+	while(1) {
+		read(pipefd[0], &pid, sizeof(pid));
+		// Termination called
+		if(pid == -1) break;
+
+		manage_selinux();
+
+		snprintf(buffer, sizeof(buffer), "/proc/%d/ns/mnt", pid);
+		if((fd = open(buffer, O_RDONLY)) == -1) continue; // Maybe process died..
+		if(setns(fd, 0) == -1) {
+			fprintf(logfile, "MagiskHide: Unable to change namespace for pid=%d\n", pid);
+			continue;
+		}
+		close(fd);
+
+		snprintf(buffer, sizeof(buffer), "/proc/%d/mounts", pid);
+		FILE *mount_fp = fopen(buffer, "r");
+		if (mount_fp == NULL) {
+			fprintf(logfile, "MagiskHide: Error opening mount list!\n");
+			continue;
+		}
+
+		int mount_size;
+		char **mount_list = file_to_str_arr(mount_fp, &mount_size);
+
+		// Find the cache block name if not found yet
+		if (strlen(cache_block) == 0) {
+			for(i = 0; i < mount_size; ++i) {
+				if (strstr(mount_list[i], " /cache ")) {
+					sscanf(mount_list[i], "%256s", cache_block);
+					break;
+				}
+			}
+		}
+		
+		// First unmount the dummy skeletons and the cache mounts
+		for(i = mount_size - 1; i >= 0; --i) {
+			if (strstr(mount_list[i], "tmpfs /system") || strstr(mount_list[i], "tmpfs /vendor")
+				|| (strstr(mount_list[i], cache_block) && strstr(mount_list[i], "/system")) ) {
+				sscanf(mount_list[i], "%*s %512s", buffer);
+				lazy_unmount(buffer);
+			}
+			free(mount_list[i]);
+		}
+		free(mount_list);
+
+		// Re-read mount infos
+		fseek(mount_fp, 0, SEEK_SET);
+		mount_list = file_to_str_arr(mount_fp, &mount_size);
+		fclose(mount_fp);
+
+		// Unmount loop mounts
+		for(i = mount_size - 1; i >= 0; --i) {
+			if (strstr(mount_list[i], "/dev/block/loop") && !strstr(mount_list[i], DUMMYPATH)) {
+				sscanf(mount_list[i], "%*s %512s", buffer);
+				lazy_unmount(buffer);
+			}
+			free(mount_list[i]);
+		}
+		free(mount_list);
+
+		// Send resume signal
+		kill(pid, SIGCONT);
+	}
+
+	// Should never go here
+	return 1;
+}

jni/magiskhide/list_monitor.c

@@ -0,0 +1,56 @@
+#include "magiskhide.h"
+
+void *monitor_list(void *path) {
+	char* listpath = (char*) path;
+	signal(SIGQUIT, quit_pthread);
+
+	int inotifyFd = -1;
+	char str[512];
+
+	while(1) {
+		if (inotifyFd == -1 || read(inotifyFd, str, sizeof(str)) == -1) {
+			close(inotifyFd);
+			inotifyFd = inotify_init();
+			if (inotifyFd == -1) {
+				fprintf(logfile, "MagiskHide: Unable to watch %s\n", listpath);
+				exit(1);
+			}
+			if (inotify_add_watch(inotifyFd, listpath, IN_MODIFY) == -1) {
+				fprintf(logfile, "MagiskHide: Unable to watch %s\n", listpath);
+				exit(1);
+			}
+		}
+		update_list(listpath);
+	}
+
+	return NULL;
+}
+
+void update_list(const char *listpath) {
+	FILE *hide_fp = fopen(listpath, "r");
+	if (hide_fp == NULL) {
+		fprintf(logfile, "MagiskHide: Error opening hide list\n");
+		exit(1);
+	}
+	pthread_mutex_lock(&mutex);
+	if (hide_list) {
+		// Free memory
+		for(i = 0; i < list_size; ++i)
+			free(hide_list[i]);
+		free(hide_list);
+	}
+	hide_list = file_to_str_arr(hide_fp, &list_size);
+	pthread_mutex_unlock(&mutex);
+	fclose(hide_fp);
+	if (list_size) fprintf(logfile, "MagiskHide: Update process/package list:\n");
+	for(i = 0; i < list_size; i++)
+		fprintf(logfile, "MagiskHide: [%s]\n", hide_list[i]);
+}
+
+void quit_pthread(int sig) {
+	// Free memory
+	for(i = 0; i < list_size; ++i)
+		free(hide_list[i]);
+	free(hide_list);
+	pthread_exit(NULL);
+}

jni/magiskhide/magiskhide.h

@@ -0,0 +1,52 @@
+#ifndef MAGISK_HIDE_H
+#define MAGISK_HIDE_H
+
+#define _GNU_SOURCE
+#include <string.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sched.h>
+#include <pthread.h>
+#include <unistd.h>
+#include <signal.h>
+
+#include <sys/mount.h>
+#include <sys/inotify.h>
+#include <sys/wait.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/resource.h>
+
+#define LOGFILE 		"/cache/magisk.log"
+#define HIDELIST 		"/magisk/.core/magiskhide/hidelist"
+#define DUMMYPATH		"/dev/magisk/dummy"
+#define ENFORCE_FILE 	"/sys/fs/selinux/enforce"
+#define SEPOLICY_INJECT "/data/magisk/sepolicy-inject"
+
+// Main thread
+void monitor_proc();
+
+// Forked process for namespace setting
+int hideMagisk();
+
+// List monitor thread
+void update_list(const char *listpath);
+void quit_pthread(int sig);
+void *monitor_list(void *path);
+
+// Util functions
+char **file_to_str_arr(FILE *fp, int *size);
+void read_namespace(const int pid, char* target, const size_t size);
+void lazy_unmount(const char* mountpoint);
+void run_as_daemon();
+void manage_selinux();
+
+// Global variable sharing through process/threads
+extern FILE *logfile;
+extern int i, list_size, pipefd[2];
+extern char **hide_list, buffer[512];
+extern pthread_t list_monitor;
+extern pthread_mutex_t mutex;
+
+#endif

jni/magiskhide/main.c

@@ -0,0 +1,65 @@
+#include "magiskhide.h"
+
+FILE *logfile;
+int i, list_size, pipefd[2];
+char **hide_list = NULL, buffer[512];
+pthread_t list_monitor;
+pthread_mutex_t mutex;
+
+static void terminate(int sig) {
+	// Close the config list monitor
+	pthread_kill(list_monitor, SIGQUIT);
+	pthread_mutex_destroy(&mutex);
+
+	// Terminate our children
+	i = -1;
+	write(pipefd[1], &i, sizeof(i));
+	exit(0);
+}
+
+int main(int argc, char *argv[]) {
+
+	if (argc > 1) {
+		if (strcmp(argv[1], "--daemon") == 0)
+			run_as_daemon();
+		else {
+			fprintf(stderr, "%s (with no options)\n\tRun magiskhide and output to stdout\n", argv[0]);
+			fprintf(stderr, "%s --daemon\n\tRun magiskhide as daemon, output to magisk.log\n", argv[0]);
+			return 1;
+		}
+	} else 
+		logfile = stdout;
+
+
+	// Handle all killing signals
+	signal(SIGINT, terminate);
+	signal(SIGTERM, terminate);
+
+	// Fork a child to handle namespace switches and unmounts
+	pipe(pipefd);
+	switch(fork()) {
+		case -1:
+			exit(-1);
+		case 0:
+			return hideMagisk();
+		default:
+			break; 
+	}
+	close(pipefd[0]);
+
+	// Start a thread to constantly check the hide list
+	pthread_mutex_init(&mutex, NULL);
+	pthread_create(&list_monitor, NULL, monitor_list, HIDELIST);
+
+	// Set main process to the top priority
+	setpriority(PRIO_PROCESS, 0, -20);
+
+	monitor_proc();
+
+	terminate(0);
+
+	fprintf(logfile, "MagiskHide: Cannot monitor am_proc_start, abort...\n");
+	fclose(logfile);
+
+	return 1;
+}

jni/magiskhide/proc_monitor.c

@@ -0,0 +1,82 @@
+#include "magiskhide.h"
+
+void monitor_proc() {
+	int pid, badns, zygote_num = 0;
+	char init_ns[32], zygote_ns[2][32];
+
+	// Get the mount namespace of init
+	read_namespace(1, init_ns, 32);
+
+	printf("%s\n", init_ns);
+
+	// Get the mount namespace of zygote
+	FILE *p = popen("ps | grep zygote | grep -v grep", "r");
+	while(fgets(buffer, sizeof(buffer), p)) {
+		if (zygote_num == 2) break;
+		sscanf(buffer, "%d", &pid);
+		do {
+			usleep(500);
+			read_namespace(pid, zygote_ns[zygote_num], 32);
+		} while (strcmp(zygote_ns[zygote_num], init_ns) == 0);
+		++zygote_num;
+	}
+	pclose(p);
+
+	for (i = 0; i < zygote_num; ++i)
+		fprintf(logfile, "Zygote(%d) ns=%s ", i, zygote_ns[i]);
+	fprintf(logfile, "\n");
+
+	// Monitor am_proc_start
+	p = popen("while true; do logcat -b events -c; logcat -b events -v raw -s am_proc_start; sleep 1; done", "r");
+
+	while(!feof(p)) {
+		//Format of am_proc_start is (as of Android 5.1 and 6.0)
+		//UserID, pid, unix uid, processName, hostingType, hostingName
+		fgets(buffer, sizeof(buffer), p);
+
+		char *pos = buffer;
+		while(1) {
+			pos = strchr(pos, ',');
+			if(pos == NULL)
+				break;
+			pos[0] = ' ';
+		}
+
+		char processName[256];
+		int ret = sscanf(buffer, "[%*d %d %*d %256s", &pid, processName);
+
+		if(ret != 2)
+			continue;
+
+		pthread_mutex_lock(&mutex);
+		for (i = 0; i < list_size; ++i) {
+			if(strcmp(processName, hide_list[i]) == 0) {
+				while(1) {
+					badns = 0;
+					read_namespace(pid, buffer, 32);
+					for (i = 0; i < zygote_num; ++i) {
+						if (strcmp(buffer, zygote_ns[i]) == 0) {
+							usleep(500);
+							badns = 1;
+							break;
+						}
+					}
+					if (!badns) break;
+				}
+
+				// Send pause signal ASAP
+				if (kill(pid, SIGSTOP) == -1) continue;
+
+				fprintf(logfile, "MagiskHide: %s(PID=%d ns=%s)\n", processName, pid, buffer);
+
+				// Unmount start
+				write(pipefd[1], &pid, sizeof(pid));
+				break;
+			}
+		}
+		pthread_mutex_unlock(&mutex);
+	}
+
+	// Close the logcat monitor
+	pclose(p);
+}

jni/magiskhide/util.c

@@ -0,0 +1,91 @@
+#include "magiskhide.h"
+
+char **file_to_str_arr(FILE *fp, int *size) {
+	int allocated = 16;
+	char *line = NULL, **array;
+	size_t len = 0;
+	ssize_t read;
+
+	array = (char **) malloc(sizeof(char*) * allocated);
+
+	*size = 0;
+	while ((read = getline(&line, &len, fp)) != -1) {
+		if (*size >= allocated) {
+			// Double our allocation and re-allocate
+			allocated *= 2;
+			array = (char **) realloc(array, sizeof(char*) * allocated);
+		}
+		// Remove end newline
+		if (line[read - 1] == '\n') {
+			line[read - 1] = '\0';
+		}
+		array[*size] = line;
+		line = NULL;
+		++(*size);
+	}
+	return array;
+}
+
+void read_namespace(const int pid, char* target, const size_t size) {
+	char path[32];
+	snprintf(path, sizeof(path), "/proc/%d/ns/mnt", pid);
+	ssize_t len = readlink(path, target, size);
+	target[len] = '\0';
+}
+
+void lazy_unmount(const char* mountpoint) {
+	if (umount2(mountpoint, MNT_DETACH) != -1)
+		fprintf(logfile, "MagiskHide: Unmounted (%s)\n", mountpoint);
+	else
+		fprintf(logfile, "MagiskHide: Unmount Failed (%s)\n", mountpoint);
+}
+
+void run_as_daemon() {
+	switch(fork()) {
+		case -1:
+			exit(-1);
+		case 0:
+			if (setsid() < 0)
+				exit(-1);
+			close(STDIN_FILENO);
+			close(STDOUT_FILENO);
+			close(STDERR_FILENO);
+			logfile = fopen(LOGFILE, "a+");
+			setbuf(logfile, NULL);
+			break;
+		default:
+			exit(0); 
+	}
+}
+
+void manage_selinux() {
+	char *argv[] = { SEPOLICY_INJECT, "--live", "permissive *", NULL };
+	char str[20];
+	int fd, ret;
+	fd = open(ENFORCE_FILE, O_RDONLY);
+	if (fd < 0)
+		return;
+	ret = read(fd, str, 20);
+	close(fd);
+	if (ret < 1)
+		return;
+	// Permissive
+	if (str[0] == '0') {
+		fprintf(logfile, "MagiskHide: Permissive detected, switching to pseudo enforced\n");
+		fd = open(ENFORCE_FILE, O_RDWR);
+		if (fd < 0)
+			return;
+		ret = write(fd, "1", 1);
+		close(fd);
+		if (ret < 1)
+			return;
+		switch(fork()) {
+			case -1:
+				return;
+			case 0:
+				execvp(argv[0], argv);
+			default:
+				return;
+		}
+	}
+}

scripts/custom_ramdisk_patch.sh

@@ -0,0 +1,70 @@
+#!/system/bin/sh
+
+RAMDISK=$1
+BINDIR=/data/magisk
+[ ! -e $BINDIR ] && BINDIR=/cache/data_bin
+[ ! -e $BINDIR ] && exit
+SYSTEMLIB=/system/lib
+[ -d /system/lib64 ] && SYSTEMLIB=/system/lib64
+
+cpio_add() {
+  LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-add $RAMDISK $RAMDISK $2 $1 $1
+}
+
+cpio_extract() {
+  LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-extract $RAMDISK $1 $1
+}
+
+cpio_mkdir() {
+  LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-mkdir $RAMDISK $RAMDISK $2 $1
+}
+
+# Recursive
+cpio_rm() {
+  if [ "$1" = "-r" ]; then
+    LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-ls $RAMDISK | grep "^$2/" | while read i ; do
+      LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-rm $RAMDISK $RAMDISK $i
+    done
+    LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-rmdir $RAMDISK $RAMDISK $2
+  else
+    LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-rm $RAMDISK $RAMDISK $1
+  fi
+}
+
+file_contain() {
+  grep "$1" "$2" >/dev/null 2>&1
+  return $?
+}
+
+rm -rf /tmp/magisk/ramdisk 2>/dev/null
+mkdir -p /tmp/magisk/ramdisk
+cd /tmp/magisk/ramdisk
+
+cat $RAMDISK | cpio -i
+
+# Cleanup SuperSU backups
+cpio_rm -r .subackup
+
+# Add magisk entrypoint
+for RC in init*.rc; do
+  if file_contain "import /init.environ.rc" $RC && ! file_contain "import /init.magisk.rc" $RC; then
+    sed -i "/import \/init\.environ\.rc/iimport /init.magisk.rc" $RC
+    cpio_add $RC 750
+  fi
+  if file_contain "selinux.reload_policy" $RC; then
+    sed -i "/selinux.reload_policy/d" $RC
+    cpio_add $RC 750
+  fi
+done
+
+# sepolicy patches
+LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/sepolicy-inject --load sepolicy --save sepolicy --minimal
+cpio_add sepolicy 644
+
+# Add new items
+cp -af $BINDIR/init.magisk.rc init.magisk.rc
+cp -af $BINDIR/magic_mask.sh sbin/magic_mask.sh
+
+cpio_mkdir magisk 755
+cpio_add init.magisk.rc 750
+cpio_add sbin/magic_mask.sh 750

scripts/flash_script.sh

@@ -19,6 +19,12 @@ INSTALLER=$TMPDIR/magisk
 
 COREDIR=/magisk/.core
 
+# Boot Image Variables
+CHROMEDIR=$INSTALLER/chromeos
+NEWBOOT=$TMPDIR/boottmp/new-boot.img
+UNPACKDIR=$TMPDIR/boottmp/bootunpack
+RAMDISK=$TMPDIR/boottmp/ramdisk
+
 # Default permissions
 umask 022
 
@@ -86,7 +92,7 @@ find_boot_image() {
   if [ -z "$BOOTIMAGE" ]; then
     FSTAB="/etc/recovery.fstab"
     [ ! -f "$FSTAB" ] && FSTAB="/etc/recovery.fstab.bak"
-    [ -f "$FSTAB" ] BOOTIMAGE=`grep -E '\b/boot\b' "$FSTAB" | grep -oE '/dev/[a-zA-Z0-9_./-]*'`
+    [ -f "$FSTAB" ] && BOOTIMAGE=`grep -E '\b/boot\b' "$FSTAB" | grep -oE '/dev/[a-zA-Z0-9_./-]*'`
   fi
 }
 
@@ -112,7 +118,7 @@ mount_image() {
       if (! is_mounted $2); then
         LOOPDEVICE=/dev/block/loop$LOOP
         if [ ! -f "$LOOPDEVICE" ]; then
-          mknod $LOOPDEVICE b 7 $LOOP
+          mknod $LOOPDEVICE b 7 $LOOP 2>/dev/null
         fi
         losetup $LOOPDEVICE $1
         if [ "$?" -eq "0" ]; then
@@ -143,26 +149,36 @@ grep_prop() {
   cat $FILES 2>/dev/null | sed -n $REGEX | head -n 1
 }
 
+file_contain() {
+  grep "$1" "$2" >/dev/null 2>&1
+  return $?
+}
+
 unpack_boot() {
   rm -rf $UNPACKDIR $RAMDISK 2>/dev/null
   mkdir -p $UNPACKDIR
   mkdir -p $RAMDISK
   cd $UNPACKDIR
-  $BINDIR/bootimgtools --extract $1
+  LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/bootimgtools --extract $1
+
+  [ ! -f $UNPACKDIR/ramdisk.gz ] && return 1
 
   cd $RAMDISK
   gunzip -c < $UNPACKDIR/ramdisk.gz | cpio -i
 }
 
 repack_boot() {
-  cd $RAMDISK
-  find . | cpio -o -H newc 2>/dev/null | gzip -9 > $UNPACKDIR/ramdisk.gz
+  if (! $SUPERSU); then
+    cd $RAMDISK
+    find . | cpio -o -H newc 2>/dev/null | gzip -9 > $UNPACKDIR/ramdisk.gz
+  fi
   cd $UNPACKDIR
-  $BINDIR/bootimgtools --repack $ORIGBOOT
+  LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/bootimgtools --repack $BOOTIMAGE
   if [ -f chromeos ]; then
+    cp -af $CHROMEDIR /data/magisk
     echo " " > config
     echo " " > bootloader
-    $CHROMEDIR/futility vbutil_kernel --pack new-boot.img.signed --keyblock $CHROMEDIR/kernel.keyblock --signprivate $CHROMEDIR/kernel_data_key.vbprivk --version 1 --vmlinuz new-boot.img --config config --arch arm --bootloader bootloader --flags 0x1
+    LD_LIBRARY_PATH=$SYSTEMLIB $CHROMEDIR/futility vbutil_kernel --pack new-boot.img.signed --keyblock $CHROMEDIR/kernel.keyblock --signprivate $CHROMEDIR/kernel_data_key.vbprivk --version 1 --vmlinuz new-boot.img --config config --arch arm --bootloader bootloader --flags 0x1
     rm -f new-boot.img
     mv new-boot.img.signed new-boot.img
   fi
@@ -172,10 +188,37 @@ repack_boot() {
       echo -n "SEANDROIDENFORCE" >> new-boot.img
     fi
   fi
+  if ($LGE_G); then
+    # Prevent secure boot error on LG G2/G3.
+    # Just for know, It's a pattern which bootloader verifies at boot. Thanks to LG hackers.
+    echo -n -e "\x41\xa9\xe4\x67\x74\x4d\x1d\x1b\xa4\x29\xf2\xec\xea\x65\x52\x79" >> new-boot.img
+  fi
   mv new-boot.img $NEWBOOT
-  $BINDIR/bootimgtools --hexpatch $NEWBOOT \
-  49010054011440B93FA00F71E9000054010840B93FA00F7189000054001840B91FA00F7188010054 \
-  A1020054011440B93FA00F7140020054010840B93FA00F71E0010054001840B91FA00F7181010054
+}
+
+remove_system_su() {
+  if [ -f /system/bin/su -o -f /system/xbin/su ] && [ ! -f /su/bin/su ]; then
+    ui_print "! System installed root detected, mount rw :("
+    mount -o rw,remount /system
+    # SuperSU
+    if [ -e /system/bin/.ext/.su ]; then
+      mv -f /system/bin/app_process32_original /system/bin/app_process32 2>/dev/null
+      mv -f /system/bin/app_process64_original /system/bin/app_process64 2>/dev/null
+      mv -f /system/bin/install-recovery_original.sh /system/bin/install-recovery.sh 2>/dev/null
+      cd /system/bin
+      if [ -e app_process64 ]; then
+        ln -sf app_process64 app_process
+      else
+        ln -sf app_process32 app_process
+      fi
+    fi
+    rm -rf /system/.pin /system/bin/.ext /system/etc/.installed_su_daemon /system/etc/.has_su_daemon \
+    /system/xbin/daemonsu /system/xbin/su /system/xbin/sugote /system/xbin/sugote-mksh /system/xbin/supolicy \
+    /system/bin/app_process_init /system/bin/su /cache/su /system/lib/libsupol.so /system/lib64/libsupol.so \
+    /system/su.d /system/etc/install-recovery.sh /system/etc/init.d/99SuperSUDaemon /cache/install-recovery.sh \
+    /system/.supersu /cache/.supersu /data/.supersu \
+    /system/app/Superuser.apk /system/app/SuperSU /cache/Superuser.apk  2>/dev/null
+  fi
 }
 
 ##########################################################################################
@@ -205,7 +248,6 @@ if [ -z "$NOOVERRIDE" ]; then
   # read override variables
   getvar KEEPVERITY
   getvar KEEPFORCEENCRYPT
-  getvar NORESTORE
   getvar BOOTIMAGE
 fi
 
@@ -217,10 +259,9 @@ if [ -z "$KEEPFORCEENCRYPT" ]; then
   # we don't keep forceencrypt by default
   KEEPFORCEENCRYPT=false
 fi
-if [ -z "$NORESTORE" ]; then
-  # we restore ramdisk by default
-  NORESTORE=false
-fi
+
+# Check if system root is installed and remove
+remove_system_su
 
 SAMSUNG=false
 SAMSUNG_CHECK=$(cat /system/build.prop | grep "ro.build.fingerprint=" | grep -i "samsung")
@@ -228,6 +269,19 @@ if [ $? -eq 0 ]; then
   SAMSUNG=true
 fi
 
+LGE_G=false
+RBRAND=$(grep_prop ro.product.brand)
+RMODEL=$(grep_prop ro.product.device)
+if [ "$RBRAND" = "lge" ] || [ "$RBRAND" = "LGE" ];  then 
+  if [ "$RMODEL" = "*D80*" ] || 
+     [ "$RMODEL" = "*S98*" ] || 
+     [ "$RMODEL" = "*D85*" ] ||
+     [ "$RMODEL" = "*F40*" ]; then
+    LGE_G=true
+    ui_print "! Bump device detected"
+  fi
+fi
+
 API=$(grep_prop ro.build.version.sdk)
 ABI=$(grep_prop ro.product.cpu.abi | cut -c-3)
 ABI2=$(grep_prop ro.product.cpu.abi2 | cut -c-3)
@@ -251,6 +305,9 @@ ui_print "- Device platform: $ARCH"
 BINDIR=$INSTALLER/$ARCH
 chmod -R 755 $CHROMEDIR/futility $BINDIR
 
+SYSTEMLIB=/system/lib
+($IS64BIT) && SYSTEMLIB=/system/lib64
+
 find_boot_image
 if [ -z "$BOOTIMAGE" ]; then
   ui_print "! Unable to detect boot image"
@@ -264,39 +321,46 @@ fi
 ui_print "- Constructing environment"
 
 if (is_mounted /data); then
-  rm -rf /data/busybox /data/magisk 2>/dev/null
-  mkdir -p /data/busybox
-  cp -af $BINDIR /data/magisk
-  cp -af $INSTALLER/common/init.magisk.rc $INSTALLER/common/magic_mask.sh /data/magisk
-  /data/magisk/busybox --install -s /data/busybox
-  ln -s /data/magisk/busybox /data/busybox/busybox
-  # Prevent issues
-  rm -f /data/busybox/su /data/busybox/sh
-  chcon -hR "u:object_r:system_file:s0" /data/magisk /data/busybox
-  chmod -R 755 /data/magisk /data/busybox
+  rm -rf /data/magisk 2>/dev/null
+  mkdir -p /data/magisk
+  cp -af $BINDIR/busybox $BINDIR/sepolicy-inject $BINDIR/resetprop $BINDIR/bootimgtools \
+         $INSTALLER/common/init.magisk.rc $INSTALLER/common/magic_mask.sh /data/magisk
+  cp -af $INSTALLER/common/magisk.apk /data/magisk.apk
+  chmod -R 755 /data/magisk
+  chcon -h u:object_r:system_file:s0 /data/magisk /data/magisk/*
   PATH=/data/busybox:$PATH
 else
   rm -rf /cache/data_bin 2>/dev/null
   mkdir -p /cache/data_bin
-  cp -af $BINDIR /cache/data_bin
-  cp -af $INSTALLER/common/init.magisk.rc $INSTALLER/common/magic_mask.sh /cache/data_bin
+  cp -af $BINDIR/busybox $BINDIR/sepolicy-inject $BINDIR/resetprop $BINDIR/bootimgtools \
+         $INSTALLER/common/custom_ramdisk_patch.sh $INSTALLER/common/init.magisk.rc \
+         $INSTALLER/common/magic_mask.sh /cache/data_bin
+  cp -af $INSTALLER/common/magisk.apk /cache/magisk.apk
+  chmod -R 755 /cache/data_bin
 fi
 
+# Temporary busybox for installation
+mkdir -p $TMPDIR/busybox
+$BINDIR/busybox --install -s $TMPDIR/busybox
+rm -f $TMPDIR/busybox/su $TMPDIR/busybox/sh $TMPDIR/busybox/reboot
+PATH=$TMPDIR/busybox:$PATH
+
+
 ##########################################################################################
 # Image
 ##########################################################################################
 
 # Fix SuperSU.....
-($BOOTMODE) && $BINDIR/sepolicy-inject -s fsck --live
+($BOOTMODE) && $BINDIR/sepolicy-inject --live "allow fsck * * *"
 
 if (is_mounted /data); then
   IMG=/data/magisk.img
 else
   IMG=/cache/magisk.img
-  ui_print "- Data unavalible, use cache workaround"
+  ui_print "- Data unavailable, use cache workaround"
 fi
 
-if [ -f "$IMG" ]; then
+if [ -f $IMG ]; then
   ui_print "- $IMG detected!"
 else
   ui_print "- Creating $IMG"
@@ -305,13 +369,16 @@ fi
 
 mount_image $IMG /magisk
 if (! is_mounted /magisk); then
-  ui_print "! Image mount failed... abort"
+  ui_print "! Magisk image mount failed..."
   exit 1
 fi
 MAGISKLOOP=$LOOPDEVICE
 
-mkdir -p /magisk/.core/magiskhide 2>/dev/null
-cp -af $INSTALLER/common/magiskhide/. /magisk/.core/magiskhide
+# Core folders and scripts
+mkdir -p $COREDIR/magiskhide $COREDIR/post-fs-data.d $COREDIR/service.d 2>/dev/null
+cp -af $INSTALLER/common/magiskhide/. $BINDIR/magiskhide $COREDIR/magiskhide
+chmod -R 755 $COREDIR/magiskhide $COREDIR/post-fs-data.d $COREDIR/service.d
+chown -R 0.0 $COREDIR/magiskhide $COREDIR/post-fs-data.d $COREDIR/service.d
 
 ##########################################################################################
 # Boot image patch
@@ -322,79 +389,132 @@ ui_print "- Found Boot Image: $BOOTIMAGE"
 rm -rf $TMPDIR/boottmp 2>/dev/null
 mkdir -p $TMPDIR/boottmp
 
-CHROMEDIR=$INSTALLER/chromeos
-NEWBOOT=$TMPDIR/boottmp/new-boot.img
-UNPACKDIR=$TMPDIR/boottmp/bootunpack
-RAMDISK=$TMPDIR/boottmp/ramdisk
-
-ORIGBOOT=$BOOTIMAGE
-
 ui_print "- Unpacking boot image"
-unpack_boot $ORIGBOOT
+unpack_boot $BOOTIMAGE
+if [ $? -ne 0 ]; then
+  ui_print "! Unable to unpack boot image"
+  exit 1;
+fi
 
-# Restore ramdisk
+ORIGBOOT=
 SUPERSU=false
-if (! $NORESTORE); then
+[ -f sbin/launch_daemonsu.sh ] && SUPERSU=true
+
+if ($SUPERSU); then
+
+  ##############################
+  # SuperSU installation process
+  ##############################
+
+  ui_print "- SuperSU patched boot detected!"
+  ui_print "- Adding auto patch script for SuperSU"
+  cp -af $INSTALLER/common/custom_ramdisk_patch.sh /data/custom_ramdisk_patch.sh
+  if (is_mounted /data); then
+    SUIMG=/data/su.img
+  else
+    SUIMG=/cache/su.img
+  fi
+  mount_image $SUIMG /su
+  if (! is_mounted /su); then
+    ui_print "! SU image mount failed..."
+    ui_print "! Please immediately flash SuperSU now"
+    ui_print "! Installation will complete after flashing SuperSU"
+    exit 1
+  fi
+  SUPERSULOOP=$LOOPDEVICE
+  gunzip -c < $UNPACKDIR/ramdisk.gz > $UNPACKDIR/ramdisk
+  ui_print "- Using sukernel to restore ramdisk"
+  # Restore ramdisk
+  LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-restore $UNPACKDIR/ramdisk $UNPACKDIR/ramdisk.orig
+  if [ $? -ne 0 ]; then
+    LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --restore $UNPACKDIR/ramdisk $TMPDIR/boottmp/stock_boot.img
+    if [ $? -ne 0 ]; then
+      ui_print "! Unable to restore ramdisk"
+      exit 1
+    fi
+    LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --bootimg-extract-ramdisk $TMPDIR/boottmp/stock_boot.img $UNPACKDIR/ramdisk.orig.gz
+    LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --ungzip $UNPACKDIR/ramdisk.orig.gz $UNPACKDIR/ramdisk.orig
+  fi
+  if [ ! -f $UNPACKDIR/ramdisk.orig ]; then
+    ui_print "! Unable to restore ramdisk"
+    exit 1
+  fi
+  rm -f $TMPDIR/boottmp/stock_boot.img $UNPACKDIR/ramdisk.orig.gz $UNPACKDIR/ramdisk.gz 2>/dev/null
+  ui_print "- Patching ramdisk with sukernel"
+  sh /data/custom_ramdisk_patch.sh $UNPACKDIR/ramdisk
+  LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-backup $UNPACKDIR/ramdisk.orig $UNPACKDIR/ramdisk $UNPACKDIR/ramdisk
+  gzip -9 < $UNPACKDIR/ramdisk > $UNPACKDIR/ramdisk.gz
+  rm -f $UNPACKDIR/ramdisk $UNPACKDIR/ramdisk.orig
+
+else
+
+  ##############################
+  # Magisk installation process
+  ##############################
+
+  # Ramdisk restore
   if [ -d ".backup" ]; then
+    # This implies Magisk is already installed, and ramdisk backup exists
     ui_print "- Restoring ramdisk with ramdisk backup"
     cp -af .backup/. .
     rm -rf magisk init.magisk.rc sbin/magic_mask.sh 2>/dev/null
-  else
-    [ -f "sbin/launch_daemonsu.sh" ] && SUPERSU=true
-    if ($SUPERSU); then
-      ui_print "- SuperSU patched boot detected!"
-      ui_print "- Adding auto patch script for SuperSU"
-      cp -af $INSTALLER/common/custom_ramdisk_patch.sh /data/custom_ramdisk_patch.sh
-    fi
-    if [ -d "magisk" ]; then
-      # If Magisk is installed and not SuperSU and no ramdisk backups
-      # Restore previous stock boot image
-      if (! $SUPERSU); then
-        cp -af /data/stock_boot_*.gz /data/stock_boot.img.gz 2>/dev/null
-        gzip -d /data/stock_boot.img.gz 2>/dev/null
-        if [ -f "/data/stock_boot.img" ]; then
-          ui_print "- Restoring boot image with backup"
-          $ORIGBOOT=/data/stock_boot.img
-          unpack_boot $ORIGBOOT
-        fi
-      fi
-      # Removing possible modifications
-      rm -rf magisk init.magisk.rc sbin/magic_mask.sh 2>/dev/null
-      rm -rf init.xposed.rc sbin/mount_xposed.sh 2>/dev/null
+    ORIGBOOT=false
+  elif [ -d "magisk" ]; then
+    mv -f /data/stock_boot_*.gz /data/stock_boot.img.gz 2>/dev/null
+    gzip -d /data/stock_boot.img.gz 2>/dev/null
+    rm -f /data/stock_boot.img.gz 2>/dev/null
+    [ -f /data/stock_boot.img ] && ORIGBOOT=/data/stock_boot.img
+    # If Magisk is installed and no SuperSU and no ramdisk backups,
+    # we restore previous stock boot image backups
+    if [ ! -z $ORIGBOOT ]; then
+      ui_print "- Restoring boot image with backup"
+      unpack_boot $ORIGBOOT
     fi
+    # Removing possible modifications
+    rm -rf magisk init.magisk.rc sbin/magic_mask.sh sbin/su init.xposed.rc sbin/mount_xposed.sh 2>/dev/null
+    ORIGBOOT=false
   fi
-fi
 
-# SuperSU already backup stock boot, no need to do again
-if (! $SUPERSU); then
-  ui_print "- Creating backups"
+  # Backups
+  ui_print "- Creating ramdisk backup"
   mkdir .backup 2>/dev/null
   cp -af *fstab* verity_key sepolicy .backup 2>/dev/null
-  if (is_mounted /data); then
-    [ "$ORIGBOOT" != "/data/stock_boot.img" ] && dd if=$ORIGBOOT of=/data/stock_boot.img
-  else
-    dd if=$ORIGBOOT of=/cache/stock_boot.img
+  if [ -z $ORIGBOOT ]; then
+    ui_print "- Creating boot image backup"
+    if (is_mounted /data); then
+      dd if=$BOOTIMAGE of=/data/stock_boot.img
+    else
+      dd if=$BOOTIMAGE of=/cache/stock_boot.img
+    fi
   fi
-fi
 
-# Patch ramdisk
-ui_print "- Patching ramdisk"
+  # MagiskSU
+  ui_print "- Installing MagiskSU"
+  mkdir -p $COREDIR/su 2>/dev/null
+  cp -af $BINDIR/su $INSTALLER/common/magisksu.sh $COREDIR/su
+  chmod 755 $COREDIR/su/su $COREDIR/su/magisksu.sh
+  chown -R 0.0 $COREDIR/su/su $COREDIR/su/magisksu.sh
 
-# Add magisk entrypoint
-for INIT in init*.rc; do
-  if [ $(grep -c "import /init.environ.rc" $INIT) -ne "0" ] && [ `grep -c "import /init.magisk.rc" $INIT` -eq "0" ]; then
-    cp $INIT .backup
-    sed -i "/import \/init\.environ\.rc/iimport /init.magisk.rc" $INIT
-    break
-  fi
-done
+  # Patch ramdisk
+  ui_print "- Patching ramdisk"
 
-if (! $SUPERSU); then
-  sed -i "/selinux.reload_policy/d" init.rc
-  find . -type f -name "*fstab*" 2>/dev/null | while read FSTAB ; do
+  # Add magisk entrypoints
+  for RC in init*.rc; do
+    if file_contain "import /init.environ.rc" $RC && ! file_contain "import /init.magisk.rc" $RC; then
+      [ ! -f .backup/$RC ] && cp -af $RC .backup
+      sed -i "/import \/init\.environ\.rc/iimport /init.magisk.rc" $RC
+    fi
+    if file_contain "selinux.reload_policy" $RC; then
+      [ ! -f .backup/$RC ] && cp -af $RC .backup
+      sed -i "/selinux.reload_policy/d" $RC
+    fi
+  done
+
+  for FSTAB in *fstab*; do
+    [ -L $FSTAB ] && continue
     if (! $KEEPVERITY); then
       sed -i "s/,support_scfs//g" $FSTAB
-      sed -i 's;,\{0,1\}verify\(=[^,]*\)\{0,1\};;g' $FSTAB
+      sed -i 's/,\{0,1\}verify\(=[^,]*\)\{0,1\}//g' $FSTAB
     fi
     if (! $KEEPFORCEENCRYPT); then
       sed -i "s/forceencrypt/encryptable/g" $FSTAB
@@ -404,23 +524,24 @@ if (! $SUPERSU); then
   if (! $KEEPVERITY); then
     rm verity_key 2>/dev/null
   fi
+
+  # minimal sepolicy patches
+  LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/sepolicy-inject --load sepolicy --save sepolicy --minimal
+
+  # Add new items
+  mkdir -p magisk 2>/dev/null
+  cp -af $INSTALLER/common/init.magisk.rc init.magisk.rc
+  cp -af $INSTALLER/common/magic_mask.sh sbin/magic_mask.sh
+
+  chmod 0755 magisk
+  chmod 0750 init.magisk.rc sbin/magic_mask.sh
+  chown 0.0 magisk init.magisk.rc sbin/magic_mask.sh
 fi
 
-# sepolicy patches
-$BINDIR/sepolicy-inject --magisk -P sepolicy
-
-# Add new items
-mkdir -p magisk 2>/dev/null
-cp -af $INSTALLER/common/init.magisk.rc init.magisk.rc
-cp -af $INSTALLER/common/magic_mask.sh sbin/magic_mask.sh
-
-chmod 0755 magisk
-chmod 0750 init.magisk.rc sbin/magic_mask.sh
-
 ui_print "- Repacking boot image"
 repack_boot
 
-BOOTSIZE=`blockdev --getsize64 $BOOTIMAGE`
+BOOTSIZE=`blockdev --getsize64 $BOOTIMAGE 2>/dev/null`
 NEWSIZE=`ls -l $NEWBOOT | awk '{print $5}'`
 if [ "$NEWSIZE" -gt "$BOOTSIZE" ]; then
   ui_print "! Boot partition space insufficient"
@@ -438,15 +559,22 @@ fi
 chmod 644 $NEWBOOT
 
 ui_print "- Flashing new boot image"
-[ ! -L "$BOOTIMAGE" ] && dd if=/dev/zero of=$BOOTIMAGE bs=4096 2>/dev/null
+[ ! -L $BOOTIMAGE ] && dd if=/dev/zero of=$BOOTIMAGE bs=4096 2>/dev/null
 dd if=$NEWBOOT of=$BOOTIMAGE bs=4096
 
+cd /
+
 if (! $BOOTMODE); then
   ui_print "- Unmounting partitions"
   umount /magisk
   losetup -d $MAGISKLOOP
-  umount /system
   rmdir /magisk
+  if ($SUPERSU); then
+    umount /su
+    losetup -d $SUPERSULOOP
+    rmdir /su
+  fi
+  umount /system
 fi
 
 ui_print "- Done"

scripts/init.magisk.rc

@@ -6,8 +6,9 @@ on post-fs
     rm /dev/.magisk.unblock
 
 on post-fs-data
+    load_persist_props
     start magisk_pfsd
-    wait /dev/.magisk.unblock 40
+    wait /dev/.magisk.unblock 60
     rm /dev/.magisk.unblock
 
 on property:magisk.restart_pfsd=1

scripts/magic_mask.sh

@@ -1,7 +1,10 @@
 #!/system/bin/sh
 
 LOGFILE=/cache/magisk.log
+DISABLEFILE=/cache/.disable_magisk
+UNINSTALLER=/cache/magisk_uninstaller.sh
 IMG=/data/magisk.img
+WHITELIST="/system/bin"
 
 MOUNTPOINT=/magisk
 
@@ -14,15 +17,16 @@ MOUNTINFO=$TMPDIR/mnt
 
 # Use the included busybox for maximum compatibility and reliable results
 # e.g. we rely on the option "-c" for cp (reserve contexts), and -exec for find
-TOOLPATH=/data/busybox
+TOOLPATH=/dev/busybox
 BINPATH=/data/magisk
 OLDPATH=$PATH
-PATH=$TOOLPATH:$OLDPATH
+export PATH=$TOOLPATH:$OLDPATH
+
+APPDIR=/data/data/com.topjohnwu.magisk/files
 
 # Default permissions
 umask 022
 
-
 log_print() {
   echo "$1"
   echo "$1" >> $LOGFILE
@@ -30,7 +34,7 @@ log_print() {
 }
 
 mktouch() {
-  mkdir -p ${1%/*} 2>/dev/null
+  mkdir -p "${1%/*}" 2>/dev/null
   if [ -z "$2" ]; then
     touch "$1" 2>/dev/null
   else
@@ -38,31 +42,45 @@ mktouch() {
   fi
 }
 
+in_list() {
+  for i in $2; do
+    [ "$1" = "$i" ] && return 0
+  done
+  return 1
+}
+
 unblock() {
   touch /dev/.magisk.unblock
+  chcon u:object_r:device:s0 /dev/.magisk.unblock
   exit
 }
 
 run_scripts() {
-  PATH=$OLDPATH
   BASE=$MOUNTPOINT
   for MOD in $BASE/* ; do
-    if [ ! -f "$MOD/disable" ]; then
-      if [ -f "$MOD/$1.sh" ]; then
+    if [ ! -f $MOD/disable ]; then
+      if [ -f $MOD/$1.sh ]; then
         chmod 755 $MOD/$1.sh
-        chcon "u:object_r:system_file:s0" "$MOD/$1.sh"
+        chcon u:object_r:system_file:s0 $MOD/$1.sh
         log_print "$1: $MOD/$1.sh"
         sh $MOD/$1.sh
       fi
     fi
   done
-  PATH=$TOOLPATH:$OLDPATH
+  for SCRIPT in $COREDIR/${1}.d/* ; do
+    if [ -f "$SCRIPT" ]; then
+      chmod 755 $SCRIPT
+      chcon u:object_r:system_file:s0 $SCRIPT
+      log_print "${1}.d: $SCRIPT"
+      sh $SCRIPT
+    fi
+  done
 }
 
 loopsetup() {
   LOOPDEVICE=
-  for DEV in $(ls /dev/block/loop*); do
-    if [ `losetup $DEV $1 >/dev/null 2>&1; echo $?` -eq 0 ]; then
+  for DEV in `ls /dev/block/loop*`; do
+    if losetup $DEV $1; then
       LOOPDEVICE=$DEV
       break
     fi
@@ -70,7 +88,7 @@ loopsetup() {
 }
 
 target_size_check() {
-  e2fsck -p -f $1
+  e2fsck -p -f "$1"
   curBlocks=`e2fsck -n $1 2>/dev/null | cut -d, -f3 | cut -d\  -f2`;
   curUsedM=$((`echo "$curBlocks" | cut -d/ -f1` * 4 / 1024));
   curSizeM=$((`echo "$curBlocks" | cut -d/ -f2` * 4 / 1024));
@@ -78,44 +96,44 @@ target_size_check() {
 }
 
 travel() {
-  cd "$1/$2"
-  if [ -f ".replace" ]; then
-    rm -rf "$MOUNTINFO/$2"
-    mktouch "$MOUNTINFO/$2" "$1"
+  # Ignore /system/vendor, we will handle it differently
+  [ "$1" = "system/vendor" ] && return
+
+  cd "$TRAVEL_ROOT/$1"
+  if [ -f .replace ]; then
+    rm -rf "$MOUNTINFO/$1"
+    mktouch "$MOUNTINFO/$1" "$TRAVEL_ROOT"
   else
     for ITEM in * ; do
-      if [ ! -e "/$2/$ITEM" ]; then
-        # New item found
-        if [ "$2" = "system" ]; then
-          # We cannot add new items to /system root, delete it
-          rm -rf "$ITEM"
-        else
-          # If we are in a higher level, delete the lower levels
-          rm -rf "$MOUNTINFO/dummy/$2"
-          # Mount the dummy parent
-          mktouch "$MOUNTINFO/dummy/$2"
+      # This means it an empty folder (shouldn't happen, but better to be safe)
+      [ "$ITEM" = "*" ] && return;
+      # Target not found or target/file is a symlink
+      if [ ! -e "/$1/$ITEM" -o -L "/$1/$ITEM" -o -L "$ITEM" ]; then
+        # If we are in a higher level, delete the lower levels
+        rm -rf "$MOUNTINFO/dummy/$1" 2>/dev/null
+        # Mount the dummy parent
+        mktouch "$MOUNTINFO/dummy/$1"
 
-          if [ -d "$ITEM" ]; then
-            # Create new dummy directory and mount it
-            mkdir -p "$DUMMDIR/$2/$ITEM"
-            mktouch "$MOUNTINFO/$2/$ITEM" "$1"
-          elif [ -L "$ITEM" ]; then
-            # Symlinks are small, copy them
-            mkdir -p "$DUMMDIR/$2" 2>/dev/null
-            cp -afc "$ITEM" "$DUMMDIR/$2/$ITEM"
-          else
-            # Create new dummy file and mount it
-            mktouch "$DUMMDIR/$2/$ITEM"
-            mktouch "$MOUNTINFO/$2/$ITEM" "$1"
-          fi
+        if [ -d "$ITEM" ]; then
+          # Create new dummy directory and mount it
+          mkdir -p "$DUMMDIR/$1/$ITEM"
+          mktouch "$MOUNTINFO/$1/$ITEM" "$TRAVEL_ROOT"
+        elif [ -L "$ITEM" ]; then
+          # Copy symlinks
+          mkdir -p "$DUMMDIR/$1" 2>/dev/null
+          cp -afc "$ITEM" $"DUMMDIR/$1/$ITEM"
+        else
+          # Create new dummy file and mount it
+          mktouch "$DUMMDIR/$1/$ITEM"
+          mktouch "$MOUNTINFO/$1/$ITEM" "$TRAVEL_ROOT"
         fi
       else
         if [ -d "$ITEM" ]; then
           # It's an directory, travel deeper
-          (travel "$1" "$2/$ITEM")
+          (travel "$1/$ITEM")
         elif [ ! -L "$ITEM" ]; then
           # Mount this file
-          mktouch "$MOUNTINFO/$2/$ITEM" "$1"
+          mktouch "$MOUNTINFO/$1/$ITEM" "$TRAVEL_ROOT"
         fi
       fi
     done
@@ -123,29 +141,40 @@ travel() {
 }
 
 clone_dummy() {
-  for ITEM in "$1/"* ; do
-    if [ -d "$DUMMDIR$ITEM" ]; then
-      (clone_dummy "$ITEM")
-    elif [ ! -e "$DUMMDIR$ITEM" ]; then
-      if [ -d "$ITEM" ]; then
-        # Create dummy directory
-        mkdir -p "$DUMMDIR$ITEM"
-      elif [ -L "$ITEM" ]; then
-        # Symlinks are small, copy them
-        cp -afc "$ITEM" "$DUMMDIR$ITEM"
+  LINK=false
+  in_list "$1" "$WHITELIST" && LINK=true
+
+  for ITEM in $MIRRDIR$1/* ; do
+    REAL="${ITEM#$MIRRDIR}"
+    if [ -d "$MOUNTINFO$REAL" ]; then
+      # Need to clone deeper
+      mkdir -p "$DUMMDIR$REAL"
+      (clone_dummy "$REAL")
+    elif [ ! -f "$DUMMDIR$REAL" ]; then
+      # It's not the file to be added/replaced, clone it
+      if [ -L "$ITEM" ]; then
+        # Copy original symlink
+        cp -afc "$ITEM" "$DUMMDIR$REAL"
       else
-        # Create dummy file
-        mktouch "$DUMMDIR$ITEM"
+        if $LINK && [ ! -e "$MOUNTINFO$REAL" ]; then
+          ln -s "$MIRRDIR$REAL" "$DUMMDIR$REAL"
+        else
+          if [ -d "$ITEM" ]; then
+            mkdir -p "$DUMMDIR$REAL"
+          else
+            mktouch "$DUMMDIR$REAL"
+          fi
+          [ ! -e "$MOUNTINFO$REAL" ] && mktouch "$MOUNTINFO/mirror$REAL"
+        fi
       fi
-      chcon -f "u:object_r:system_file:s0" "$DUMMDIR$ITEM"
     fi
   done
 }
 
 bind_mount() {
   if [ -e "$1" -a -e "$2" ]; then
-    mount -o bind $1 $2
-    if [ "$?" -eq "0" ]; then 
+    mount -o bind "$1" "$2"
+    if [ $? -eq 0 ]; then 
       log_print "Mount: $1"
     else 
       log_print "Mount Fail: $1"
@@ -154,9 +183,9 @@ bind_mount() {
 }
 
 merge_image() {
-  if [ -f "$1" ]; then
+  if [ -f $1 ]; then
     log_print "$1 found"
-    if [ -f "$IMG" ]; then
+    if [ -f $IMG ]; then
       log_print "$IMG found, attempt to merge"
 
       # Handle large images
@@ -182,36 +211,29 @@ merge_image() {
       LOOPMERGE=$LOOPDEVICE
       log_print "$LOOPMERGE $1"
 
-      if [ ! -z "$LOOPDATA" ]; then
-        if [ ! -z "$LOOPMERGE" ]; then
-          # if loop devices have been setup, mount images
-          OK=true
+      if [ ! -z $LOOPDATA -a ! -z $LOOPMERGE ]; then
+        # if loop devices have been setup, mount images
+        OK=false
+        mount -t ext4 -o rw,noatime $LOOPDATA /cache/data_img && \
+        mount -t ext4 -o rw,noatime $LOOPMERGE /cache/merge_img && \
+        OK=true
 
-          if [ `mount -t ext4 -o rw,noatime $LOOPDATA /cache/data_img >/dev/null 2>&1; echo $?` -ne 0 ]; then
-            OK=false
-          fi
-
-          if [ `mount -t ext4 -o rw,noatime $LOOPMERGE /cache/merge_img >/dev/null 2>&1; echo $?` -ne 0 ]; then
-            OK=false
-          fi
-
-          if ($OK); then
-            # Merge (will reserve selinux contexts)
-            cd /cache/merge_img
-            for MOD in *; do
-              if [ "$MOD" != "lost+found" ]; then
-                log_print "Merging: $MOD"
-                rm -rf /cache/data_img/$MOD
-              fi
-            done
-            cp -afc . /cache/data_img
-            log_print "Merge complete"
-            cd /
-          fi
-
-          umount /cache/data_img
-          umount /cache/merge_img
+        if $OK; then
+          # Merge (will reserve selinux contexts)
+          cd /cache/merge_img
+          for MOD in *; do
+            if [ "$MOD" != "lost+found" ]; then
+              log_print "Merging: $MOD"
+              rm -rf /cache/data_img/$MOD
+            fi
+          done
+          cp -afc . /cache/data_img
+          log_print "Merge complete"
+          cd /
         fi
+
+        umount /cache/data_img
+        umount /cache/merge_img
       fi
 
       losetup -d $LOOPDATA
@@ -238,14 +260,16 @@ case $1 in
 
     log_print "** Magisk post-fs mode running..."
 
-    # Cleanup previous version stuffs...
+    # Cleanup legacy stuffs...
     rm -rf /cache/magisk /cache/magisk_merge /cache/magiskhide.log
 
-    if [ -d "/cache/magisk_mount" ]; then
-      log_print "Mounting cache files"
+    [ -f $DISABLEFILE -o -f $UNINSTALLER ] && unblock
+
+    if [ -d /cache/magisk_mount ]; then
+      log_print "* Mounting cache files"
       find /cache/magisk_mount -type f 2>/dev/null | while read ITEM ; do
         chmod 644 "$ITEM"
-        chcon "u:object_r:system_file:s0" "$ITEM"
+        chcon u:object_r:system_file:s0 "$ITEM"
         TARGET="${ITEM#/cache/magisk_mount}"
         bind_mount "$ITEM" "$TARGET"
       done
@@ -255,79 +279,84 @@ case $1 in
     ;;
 
   post-fs-data )
-    if [ `mount | grep " /data " >/dev/null 2>&1; echo $?` -ne 0 ]; then
-      # /data not mounted yet, we will be called again later
-      unblock
-    fi
-
-    if [ `mount | grep " /data " | grep "tmpfs" >/dev/null 2>&1; echo $?` -eq 0 ]; then
-      # /data not mounted yet, we will be called again later
-      unblock
-    fi
+    # /data not mounted yet
+    ! mount | grep " /data " >/dev/null && unblock
+    mount | grep " /data " | grep "tmpfs" >/dev/null && unblock
 
     # Don't run twice
     if [ "`getprop magisk.restart_pfsd`" != "1" ]; then
 
       log_print "** Magisk post-fs-data mode running..."
 
+      # Cache support
+      mv /cache/stock_boot.img /data/stock_boot.img 2>/dev/null
+      mv /cache/magisk.apk /data/magisk.apk 2>/dev/null
+      mv /cache/custom_ramdisk_patch.sh /data/custom_ramdisk_patch.sh 2>/dev/null
+
+      if [ -d /cache/data_bin ]; then
+        rm -rf $BINPATH
+        mv /cache/data_bin $BINPATH
+      fi
+
+      chmod -R 755 $BINPATH
+      chown -R 0.0 $BINPATH
+
       # Live patch sepolicy
-      $BINPATH/sepolicy-inject --live -s su
+      $BINPATH/sepolicy-inject --live
+
+      if [ -f $UNINSTALLER ]; then
+        touch /dev/.magisk.unblock
+        chcon u:object_r:device:s0 /dev/.magisk.unblock
+        BOOTMODE=true sh $UNINSTALLER
+        exit
+      fi
+
+      # Set up environment
+      mkdir -p $TOOLPATH
+      $BINPATH/busybox --install -s $TOOLPATH
+      ln -s $BINPATH/busybox $TOOLPATH/busybox
+      # Prevent issues
+      rm -f $TOOLPATH/su $TOOLPATH/sh $TOOLPATH/reboot
+      chmod -R 755 $TOOLPATH
+      chown -R 0.0 $TOOLPATH
+      find $BINPATH $TOOLPATH -exec chcon -h u:object_r:system_file:s0 {} \;
 
       # Multirom functions should go here, not available right now
       MULTIROM=false
 
-      # Cache support
-      if [ -d "/cache/data_bin" ]; then
-        rm -rf $BINPATH $TOOLPATH
-        mkdir -p $TOOLPATH
-        mv /cache/data_bin $BINPATH
-        chmod -R 755 $BINPATH $TOOLPATH
-        $BINPATH/busybox --install -s $TOOLPATH
-        ln -s $BINPATH/busybox $TOOLPATH/busybox
-        # Prevent issues
-        rm -f $TOOLPATH/su $TOOLPATH/sh
-      fi
-
-      mv /cache/stock_boot.img /data 2>/dev/null
-
-      find $BINPATH -exec chcon -h "u:object_r:system_file:s0" {} \;
-      find $TOOLPATH -exec chcon -h "u:object_r:system_file:s0" {} \;
-      chmod -R 755 $BINPATH $TOOLPATH
-
       # Image merging
       chmod 644 $IMG /cache/magisk.img /data/magisk_merge.img 2>/dev/null
       merge_image /cache/magisk.img
       merge_image /data/magisk_merge.img
 
       # Mount magisk.img
-      [ ! -d "$MOUNTPOINT" ] && mkdir -p $MOUNTPOINT
-      if [ `cat /proc/mounts | grep $MOUNTPOINT >/dev/null 2>&1; echo $?` -ne 0 ]; then
+      [ ! -d $MOUNTPOINT ] && mkdir -p $MOUNTPOINT
+      if ! mount | grep $MOUNTPOINT; then
         loopsetup $IMG
-        if [ ! -z "$LOOPDEVICE" ]; then
-          mount -t ext4 -o rw,noatime,suid $LOOPDEVICE $MOUNTPOINT
+        [ ! -z $LOOPDEVICE ] && mount -t ext4 -o rw,noatime $LOOPDEVICE $MOUNTPOINT
+        if [ $? -ne 0 ]; then
+          log_print "magisk.img mount failed, nothing to do :("
+          unblock
         fi
       fi
 
-      if [ `cat /proc/mounts | grep $MOUNTPOINT >/dev/null 2>&1; echo $?` -ne 0 ]; then
-        log_print "magisk.img mount failed, nothing to do :("
-        unblock
-      fi
-
-      # Remove empty directories, legacy paths and symlinks
-      rm -rf $COREDIR/bin $COREDIR/dummy $COREDIR/mirror
+      # Remove empty directories, legacy paths, symlinks, old temporary images
       find $MOUNTPOINT -type d -depth ! -path "*core*" -exec rmdir {} \; 2>/dev/null
+      rm -rf $MOUNTPOINT/zzsupersu $MOUNTPOINT/phh $COREDIR/bin $COREDIR/dummy $COREDIR/mirror \
+             $COREDIR/busybox /data/magisk/*.img /data/busybox 2>/dev/null
 
-      # Remove modules
+      # Remove modules that are labeled to be removed
       for MOD in $MOUNTPOINT/* ; do
-        if [ -f "$MOD/remove" ] || [ "$MOD" = "zzsupersu" ]; then
+        rm -f $MOD/system/placeholder 2>/dev/null
+        if [ -f $MOD/remove ]; then
           log_print "Remove module: $MOD"
           rm -rf $MOD
         fi
       done
 
       # Unmount, shrink, remount
-      if [ `umount $MOUNTPOINT >/dev/null 2>&1; echo $?` -eq 0 ]; then
-        losetup -d $LOOPDEVICE
+      if umount $MOUNTPOINT; then
+        losetup -d $LOOPDEVICE 2>/dev/null
         target_size_check $IMG
         NEWDATASIZE=$(((curUsedM / 32 + 2) * 32))
         if [ "$curSizeM" -gt "$NEWDATASIZE" ]; then
@@ -335,153 +364,167 @@ case $1 in
           resize2fs $IMG ${NEWDATASIZE}M
         fi
         loopsetup $IMG
-        if [ ! -z "$LOOPDEVICE" ]; then
-          mount -t ext4 -o rw,noatime,suid $LOOPDEVICE $MOUNTPOINT
-        fi
-        if [ `cat /proc/mounts | grep $MOUNTPOINT >/dev/null 2>&1; echo $?` -ne 0 ]; then
+        [ ! -z $LOOPDEVICE ] && mount -t ext4 -o rw,noatime $LOOPDEVICE $MOUNTPOINT
+        if [ $? -ne 0 ]; then
           log_print "magisk.img mount failed, nothing to do :("
           unblock
         fi
       fi
 
-      log_print "Preparing modules"
+      # Start MagiskSU if no SuperSU
+      export PATH=$OLDPATH
+      [ ! -f /sbin/launch_daemonsu.sh ] && sh $COREDIR/su/magisksu.sh
+      export PATH=$TOOLPATH:$OLDPATH
+
+      [ -f $DISABLEFILE ] && unblock
+
+      log_print "* Preparing modules"
 
       mkdir -p $DUMMDIR
       mkdir -p $MIRRDIR/system
 
-      # Travel through all mods, all magic happens here
+      # Remove crap folder
+      rm -rf $MOUNTPOINT/lost+found
+
+      # Link vendor if not exist
+      if [ ! -e /vendor ]; then
+        mount -o rw,remount rootfs /
+        ln -s /system/vendor /vendor
+        mount -o ro,remount rootfs /
+      fi
+
+      # Travel through all mods
       for MOD in $MOUNTPOINT/* ; do
-        if [ -f "$MOD/auto_mount" -a -d "$MOD/system" -a ! -f "$MOD/disable" ]; then
-          (travel $MOD system)
+        if [ -f $MOD/auto_mount -a -d $MOD/system -a ! -f $MOD/disable ]; then
+          TRAVEL_ROOT=$MOD
+          (travel system)
+          rm -f $MOD/vendor 2>/dev/null
+          if [ -d $MOD/system/vendor ]; then
+            ln -s $MOD/system/vendor $MOD/vendor
+            (travel vendor)
+          fi
         fi
       done
 
       # Proper permissions for generated items
-      find $TMPDIR -exec chcon -h "u:object_r:system_file:s0" {} \;
+      find $TMPDIR -exec chcon -h u:object_r:system_file:s0 {} \;
 
-      # linker(64), t*box required
-      if [ -f "$MOUNTINFO/dummy/system/bin" ]; then
-        cd /system/bin
-        cp -afc linker* t*box $DUMMDIR/system/bin/
+      # linker(64), t*box required for bin
+      if [ -f $MOUNTINFO/dummy/system/bin ]; then
+        cp -afc /system/bin/linker* /system/bin/t*box $DUMMDIR/system/bin/
       fi
 
-      # Some libraries are required
-      LIBS="libc++.so libc.so libcutils.so libm.so libstdc++.so libcrypto.so liblog.so libpcre.so libselinux.so libpackagelistparser.so"
-      if [ -f "$MOUNTINFO/dummy/system/lib" ]; then
-        cd /system/lib
-        cp -afc $LIBS $DUMMDIR/system/lib
-        # Crash prevention!!
-        rm -f $COREDIR/magiskhide/enable 2>/dev/null
-      fi
-      if [ -f "$MOUNTINFO/dummy/system/lib64" ]; then
-        cd /system/lib64
-        cp -afc $LIBS $DUMMDIR/system/lib64
-        # Crash prevention!!
-        rm -f $COREDIR/magiskhide/enable 2>/dev/null
-      fi
-
-      # vendor libraries are device dependent, had no choice but copy them all if needed....
-      if [ -f "$MOUNTINFO/dummy/system/vendor" ]; then
-        cp -afc /system/vendor/lib/. $DUMMDIR/system/vendor/lib
-        [ -d "/system/vendor/lib64" ] && cp -afc /system/vendor/lib64/. $DUMMDIR/system/vendor/lib64
-      fi
-      if [ -f "$MOUNTINFO/dummy/system/vendor/lib" ]; then
-        cp -afc /system/vendor/lib/. $DUMMDIR/system/vendor/lib
-      fi
-      if [ -f "$MOUNTINFO/dummy/system/vendor/lib64" ]; then
-        cp -afc /system/vendor/lib64/. $DUMMDIR/system/vendor/lib64
-      fi
-
-      # Remove crap folder
-      rm -rf $MOUNTPOINT/lost+found
-      
       # Start doing tasks
-      
+
       # Stage 1
-      log_print "Bind mount dummy system"
+      log_print "* Stage 1: Mount system and vendor mirrors"
+      SYSTEMBLOCK=`mount | grep " /system " | awk '{print $1}'`
+      mkdir -p $MIRRDIR/system
+      mount -o ro $SYSTEMBLOCK $MIRRDIR/system
+      if [ `mount | grep -c " /vendor "` -ne 0 ]; then
+        VENDORBLOCK=`mount | grep " /vendor " | awk '{print $1}'`
+        mkdir -p $MIRRDIR/vendor
+        mount -o ro $VENDORBLOCK $MIRRDIR/vendor
+      else
+        ln -s $MIRRDIR/system/vendor $MIRRDIR/vendor
+      fi
+
+      # Since mirrors always exist, we load libraries and binaries from mirrors
+      export LD_LIBRARY_PATH=$MIRRDIR/system/lib:$MIRRDIR/vendor/lib
+      [ -d $MIRRDIR/system/lib64 ] && export LD_LIBRARY_PATH=$MIRRDIR/system/lib64:$MIRRDIR/vendor/lib64
+
+      # Stage 2
+      log_print "* Stage 2: Mount dummy skeletons"
+      # Move /system/vendor to /vendor for consistency
+      mv -f $MOUNTINFO/dummy/system/vendor $MOUNTINFO/dummy/vendor 2>/dev/null
+      mv -f $DUMMDIR/system/vendor $DUMMDIR/vendor 2>/dev/null
       find $MOUNTINFO/dummy -type f 2>/dev/null | while read ITEM ; do
-        TARGET=${ITEM#$MOUNTINFO/dummy}
+        TARGET="${ITEM#$MOUNTINFO/dummy}"
         ORIG="$DUMMDIR$TARGET"
-        clone_dummy "$TARGET"
+        (clone_dummy "$TARGET")
         bind_mount "$ORIG" "$TARGET"
       done
 
-      # Stage 2
-      log_print "Bind mount module items"
-      find $MOUNTINFO/system -type f 2>/dev/null | while read ITEM ; do
-        TARGET=${ITEM#$MOUNTINFO}
-        ORIG=`cat $ITEM`$TARGET
-        bind_mount $ORIG $TARGET
-        rm -f $DUMMDIR${TARGET%/*}/.dummy 2>/dev/null
+      # Check if the dummy /system/bin is empty, it shouldn't
+      [ -e $DUMMDIR/system/bin -a ! -e $DUMMDIR/system/bin/sh ] && clone_dummy /system/bin
+
+      # Stage 3
+      log_print "* Stage 3: Mount module items"
+      find $MOUNTINFO/system $MOUNTINFO/vendor -type f 2>/dev/null | while read ITEM ; do
+        TARGET="${ITEM#$MOUNTINFO}"
+        ORIG="`cat "$ITEM"`$TARGET"
+        bind_mount "$ORIG" "$TARGET"
       done
 
-      # Run scripts
+      # Stage 4
+      log_print "* Stage 4: Execute scripts"
       run_scripts post-fs-data
 
+      # Stage 5
+      log_print "* Stage 5: Mount mirrored items back to dummy"
+      find $MOUNTINFO/mirror -type f 2>/dev/null | while read ITEM ; do
+        TARGET="${ITEM#$MOUNTINFO/mirror}"
+        ORIG="$MIRRDIR$TARGET"
+        bind_mount "$ORIG" "$TARGET"
+      done
+
       # Bind hosts for Adblock apps
-      if [ -f "$COREDIR/hosts" ]; then
-        log_print "Enabling systemless hosts file support"
+      if [ -f $COREDIR/hosts ]; then
+        log_print "* Enabling systemless hosts file support"
         bind_mount $COREDIR/hosts /system/etc/hosts
       fi
 
-      # Expose busybox
-      if [ -f "$COREDIR/busybox/enable" ]; then
-        log_print "Enabling BusyBox"
-        cp -afc /data/busybox/. $COREDIR/busybox
-        cp -afc /system/xbin/. $COREDIR/busybox
-        chmod -R 755 $COREDIR/busybox
-        chcon -hR "u:object_r:system_file:s0" $COREDIR/busybox
-        bind_mount $COREDIR/busybox /system/xbin
+      if [ -f /data/magisk.apk ]; then
+        if [ -z `ls /data/app | grep com.topjohnwu.magisk` ]; then
+          mkdir /data/app/com.topjohnwu.magisk-1
+          cp /data/magisk.apk /data/app/com.topjohnwu.magisk-1/base.apk
+          chown 1000.1000 /data/app/com.topjohnwu.magisk-1
+          chown 1000.1000 /data/app/com.topjohnwu.magisk-1/base.apk
+          chmod 755 /data/app/com.topjohnwu.magisk-1
+          chmod 644 /data/app/com.topjohnwu.magisk-1/base.apk
+          chcon u:object_r:apk_data_file:s0 /data/app/com.topjohnwu.magisk-1
+          chcon u:object_r:apk_data_file:s0 /data/app/com.topjohnwu.magisk-1/base.apk
+        fi
+        rm -f /data/magisk.apk 2>/dev/null
       fi
 
-      # Stage 3
-      log_print "Bind mount system mirror"
-      bind_mount /system $MIRRDIR/system
-
-      # Stage 4
-      log_print "Bind mount mirror items"
-      # Find all empty directores and dummy files, they should be mounted by original files in /system
-      TOOLPATH=/data/busybox find $DUMMDIR -type d \
-      -exec sh -c '[ -z "`ls -A $1`" ] && echo $1' -- {} \; \
-      -o \( -type f -size 0 -print \) | \
-      while read ITEM ; do
-        ORIG=${ITEM/dummy/mirror}
-        TARGET=${ITEM#$DUMMDIR}
-        bind_mount $ORIG $TARGET
+      for MOD in $MOUNTPOINT/* ; do
+        # Read in defined system props
+        if [ -f $MOD/system.prop ]; then
+          log_print "* Reading props from $MOD/system.prop"
+          /data/magisk/resetprop --file $MOD/system.prop
+        fi
       done
 
+      # Expose busybox
+      [ "`getprop persist.magisk.busybox`" = "1" ] && sh /sbin/magic_mask.sh mount_busybox
+
       # Restart post-fs-data if necessary (multirom)
-      ($MULTIROM) && setprop magisk.restart_pfsd 1
+      $MULTIROM && setprop magisk.restart_pfsd 1
 
     fi
     unblock
     ;;
 
+  mount_busybox )
+    log_print "* Enabling BusyBox"
+    cp -afc /system/xbin/. $TOOLPATH
+    umount /system/xbin 2>/dev/null
+    bind_mount $TOOLPATH /system/xbin
+    ;;
+
   service )
     # Version info
     MAGISK_VERSION_STUB
     log_print "** Magisk late_start service mode running..."
-    run_scripts service
-
-    # Magisk Hide
-    if [ -f "$COREDIR/magiskhide/enable" ]; then
-      log_print "** Removing tampered read-only system props"
-
-      VERIFYBOOT=`getprop ro.boot.verifiedbootstate`
-      FLASHLOCKED=`getprop ro.boot.flash.locked`
-      VERITYMODE=`getprop ro.boot.veritymode`
-
-      [ ! -z "$VERIFYBOOT" -a "$VERIFYBOOT" != "green" ] && log_print "`$BINPATH/resetprop -v -n ro.boot.verifiedbootstate green`"
-      [ ! -z "$FLASHLOCKED" -a "$FLASHLOCKED" != "1" ] && log_print "`$BINPATH/resetprop -v -n ro.boot.flash.locked 1`"
-      [ ! -z "$VERITYMODE" -a "$VERITYMODE" != "enforcing" ] && log_print "`$BINPATH/resetprop -v -n ro.boot.veritymode enforcing`"
-
-      mktouch $COREDIR/magiskhide/hidelist
-      chmod -R 755 $COREDIR/magiskhide
-      # Add Safety Net preset
-      $COREDIR/magiskhide/add com.google.android.gms.unstable
-      log_print "** Starting Magisk Hide"
-      /data/magisk/magiskhide
+    if [ -f $DISABLEFILE ]; then
+      setprop ro.magisk.disable 1
+      exit
     fi
+    run_scripts service
+    
+    # Start MagiskHide
+    [ "`getprop persist.magisk.hide`" = "1" ] && sh $COREDIR/magiskhide/enable
     ;;
 
 esac

scripts/magisk_uninstaller.sh

@@ -0,0 +1,150 @@
+#!/system/bin/sh
+
+[ -z $BOOTMODE ] && BOOTMODE=false
+TMPDIR=/tmp
+($BOOTMODE) && TMPDIR=/dev/tmp
+
+BINDIR=/data/magisk
+CHROMEDIR=$BINDIR/chromeos
+
+NEWBOOT=$TMPDIR/boottmp/new-boot.img
+UNPACKDIR=$TMPDIR/boottmp/bootunpack
+RAMDISK=$TMPDIR/boottmp/ramdisk
+
+SYSTEMLIB=/system/lib
+[ -d /system/lib64 ] && SYSTEMLIB=/system/lib64
+
+ui_print() {
+  echo "$1"
+}
+
+grep_prop() {
+  REGEX="s/^$1=//p"
+  shift
+  FILES=$@
+  if [ -z "$FILES" ]; then
+    FILES='/system/build.prop'
+  fi
+  cat $FILES 2>/dev/null | sed -n $REGEX | head -n 1
+}
+
+find_boot_image() {
+  if [ -z "$BOOTIMAGE" ]; then
+    for PARTITION in kern-a KERN-A android_boot ANDROID_BOOT kernel KERNEL boot BOOT lnx LNX; do
+      BOOTIMAGE=`readlink /dev/block/by-name/$PARTITION || readlink /dev/block/platform/*/by-name/$PARTITION || readlink /dev/block/platform/*/*/by-name/$PARTITION`
+      if [ ! -z "$BOOTIMAGE" ]; then break; fi
+    done
+  fi
+  if [ -z "$BOOTIMAGE" ]; then
+    FSTAB="/etc/recovery.fstab"
+    [ ! -f "$FSTAB" ] && FSTAB="/etc/recovery.fstab.bak"
+    [ -f "$FSTAB" ] && BOOTIMAGE=`grep -E '\b/boot\b' "$FSTAB" | grep -oE '/dev/[a-zA-Z0-9_./-]*'`
+  fi
+}
+
+unpack_boot() {
+  rm -rf $UNPACKDIR $RAMDISK 2>/dev/null
+  mkdir -p $UNPACKDIR
+  mkdir -p $RAMDISK
+  cd $UNPACKDIR
+  LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/bootimgtools --extract $1
+
+  cd $RAMDISK
+  $BINDIR/busybox gunzip -c < $UNPACKDIR/ramdisk.gz | cpio -i
+}
+
+repack_boot() {
+  cd $RAMDISK
+  find . | cpio -o -H newc 2>/dev/null | gzip -9 > $UNPACKDIR/ramdisk.gz
+  cd $UNPACKDIR
+  LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/bootimgtools --repack $BOOTIMAGE
+  if [ -f chromeos ]; then
+    echo " " > config
+    echo " " > bootloader
+    LD_LIBRARY_PATH=$SYSTEMLIB $CHROMEDIR/futility vbutil_kernel --pack new-boot.img.signed --keyblock $CHROMEDIR/kernel.keyblock --signprivate $CHROMEDIR/kernel_data_key.vbprivk --version 1 --vmlinuz new-boot.img --config config --arch arm --bootloader bootloader --flags 0x1
+    rm -f new-boot.img
+    mv new-boot.img.signed new-boot.img
+  fi
+  if ($SAMSUNG); then
+    SAMSUNG_CHECK=$(cat new-boot.img | grep SEANDROIDENFORCE)
+    if [ $? -ne 0 ]; then
+      echo -n "SEANDROIDENFORCE" >> new-boot.img
+    fi
+  fi
+  if ($LGE_G); then
+    # Prevent secure boot error on LG G2/G3.
+    # Just for know, It's a pattern which bootloader verifies at boot. Thanks to LG hackers.
+    echo -n -e "\x41\xa9\xe4\x67\x74\x4d\x1d\x1b\xa4\x29\xf2\xec\xea\x65\x52\x79" >> new-boot.img
+  fi
+  mv new-boot.img $NEWBOOT
+}
+
+# Set permissions
+chmod -R 755 $CHROMEDIR/futility $BINDIR
+
+# Find the boot image
+find_boot_image
+if [ -z "$BOOTIMAGE" ]; then
+  ui_print "! Unable to detect boot image"
+  exit 1
+fi
+
+ui_print "- Found Boot Image: $BOOTIMAGE"
+
+# Detect special vendors 
+SAMSUNG=false
+SAMSUNG_CHECK=$(cat /system/build.prop | grep "ro.build.fingerprint=" | grep -i "samsung")
+if [ $? -eq 0 ]; then
+  SAMSUNG=true
+fi
+LGE_G=false
+RBRAND=$(grep_prop ro.product.brand)
+RMODEL=$(grep_prop ro.product.device)
+if [ "$RBRAND" = "lge" ] || [ "$RBRAND" = "LGE" ];  then 
+  if [ "$RMODEL" = "*D80*" ] || 
+     [ "$RMODEL" = "*S98*" ] || 
+     [ "$RMODEL" = "*D85*" ] ||
+     [ "$RMODEL" = "*F40*" ]; then
+    LGE_G=true
+    ui_print "! Bump device detected"
+  fi
+fi
+
+# First unpack the boot image
+unpack_boot $BOOTIMAGE
+
+SUPERSU=false
+[ -f sbin/launch_daemonsu.sh ] && SUPERSU=true
+
+if ($SUPERSU); then
+  ui_print "- SuperSU patched image detected"
+  rm -f magisk sbin/init.magisk.rc sbin/magic_mask.sh
+  repack_boot
+else
+  if [ -f /data/stock_boot.img ]; then
+    ui_print "- Boot image backup found!"
+    NEWBOOT=/data/stock_boot.img
+  else
+    ui_print "! Boot image backup unavailable"
+    if [ -d ".backup" ]; then
+      ui_print "- Restoring ramdisk with backup"
+      cp -af .backup/. .
+    fi
+    rm -f magisk sbin/init.magisk.rc sbin/magic_mask.sh
+    repack_boot
+  fi
+fi
+
+chmod 644 $NEWBOOT
+
+ui_print "- Flashing stock/reverted image"
+[ ! -L "$BOOTIMAGE" ] && dd if=/dev/zero of=$BOOTIMAGE bs=4096 2>/dev/null
+dd if=$NEWBOOT of=$BOOTIMAGE bs=4096
+
+ui_print "- Removing Magisk files"
+rm -rf  /cache/magisk.log /cache/last_magisk.log /cache/magiskhide.log /cache/.disable_magisk \
+        /cache/magisk /cache/magisk_merge /cache/magisk_mount  /cache/unblock /cache/magisk_uninstaller.sh \
+        /data/Magisk.apk /data/magisk.apk /data/magisk.img /data/magisk_merge.img \
+        /data/busybox /data/magisk /data/custom_ramdisk_patch.sh 2>/dev/null
+
+($BOOTMODE) && reboot

scripts/magisksu.sh

@@ -0,0 +1,28 @@
+#!/system/bin/sh
+
+MODDIR=${0%/*}
+LOGFILE=/cache/magisk.log
+
+log_print() {
+  echo "MagiskSU: $1"
+  echo "MagiskSU: $1" >> $LOGFILE
+  log -p i -t Magisk "MagiskSU: $1"
+}
+
+log_print "Moving and linking /sbin binaries"
+mount -o rw,remount rootfs /
+cp -af /sbin /sbin_orig
+mount -o ro,remount rootfs /
+
+log_print "Exposing su binary"
+rm -rf /magisk/.core/bin $MODDIR/sbin_bind
+mkdir -p $MODDIR/sbin_bind
+ln -s /sbin_orig/* $MODDIR/sbin_bind
+chcon -h u:object_r:rootfs:s0 $MODDIR/sbin_bind/*
+chmod 755 $MODDIR/sbin_bind
+ln -s $MODDIR/su $MODDIR/sbin_bind/su
+ln -s /data/magisk/sepolicy-inject $MODDIR/sbin_bind/sepolicy-inject
+mount -o bind $MODDIR/sbin_bind /sbin
+
+log_print "Starting su daemon"
+/sbin/su --daemon

uninstaller/META-INF/com/google/android/update-binary

@@ -63,20 +63,6 @@ getvar() {
   eval $VARNAME=\$VALUE
 }
 
-find_boot_image() {
-  if [ -z "$BOOTIMAGE" ]; then
-    for PARTITION in kern-a KERN-A android_boot ANDROID_BOOT kernel KERNEL boot BOOT lnx LNX; do
-      BOOTIMAGE=`readlink /dev/block/by-name/$PARTITION || readlink /dev/block/platform/*/by-name/$PARTITION || readlink /dev/block/platform/*/*/by-name/$PARTITION`
-      if [ ! -z "$BOOTIMAGE" ]; then break; fi
-    done
-  fi
-  if [ -z "$BOOTIMAGE" ]; then
-    FSTAB="/etc/recovery.fstab"
-    [ ! -f "$FSTAB" ] && FSTAB="/etc/recovery.fstab.bak"
-    [ -f "$FSTAB" ] BOOTIMAGE=`grep -E '\b/boot\b' "$FSTAB" | grep -oE '/dev/[a-zA-Z0-9_./-]*'`
-  fi
-}
-
 is_mounted() {
   if [ ! -z "$2" ]; then
     cat /proc/mounts | grep $1 | grep $2, >/dev/null
@@ -96,69 +82,6 @@ grep_prop() {
   cat $FILES 2>/dev/null | sed -n $REGEX | head -n 1
 }
 
-unpack_boot() {
-  rm -rf $UNPACKDIR $RAMDISK 2>/dev/null
-  mkdir -p $UNPACKDIR
-  mkdir -p $RAMDISK
-  cd $UNPACKDIR
-  $BINDIR/bootimgtools --extract $1
-
-  cd $RAMDISK
-  gunzip -c < $UNPACKDIR/ramdisk.gz | cpio -i
-}
-
-repack_boot() {
-  cd $RAMDISK
-  find . | cpio -o -H newc 2>/dev/null | gzip -9 > $UNPACKDIR/ramdisk.gz
-  cd $UNPACKDIR
-  $BINDIR/bootimgtools --repack $ORIGBOOT
-  if [ -f chromeos ]; then
-    echo " " > config
-    echo " " > bootloader
-    $CHROMEDIR/futility vbutil_kernel --pack new-boot.img.signed --keyblock $CHROMEDIR/kernel.keyblock --signprivate $CHROMEDIR/kernel_data_key.vbprivk --version 1 --vmlinuz new-boot.img --config config --arch arm --bootloader bootloader --flags 0x1
-    rm -f new-boot.img
-    mv new-boot.img.signed new-boot.img
-  fi
-  if ($SAMSUNG); then
-    SAMSUNG_CHECK=$(cat new-boot.img | grep SEANDROIDENFORCE)
-    if [ $? -ne 0 ]; then
-      echo -n "SEANDROIDENFORCE" >> new-boot.img
-    fi
-  fi
-  mv new-boot.img $NEWBOOT
-}
-
-revert_boot() {
-  rm -rf $TMPDIR/boottmp 2>/dev/null
-  mkdir -p $TMPDIR/boottmp
-
-  CHROMEDIR=$INSTALLER/chromeos
-  NEWBOOT=$TMPDIR/boottmp/new-boot.img
-  UNPACKDIR=$TMPDIR/boottmp/bootunpack
-  RAMDISK=$TMPDIR/boottmp/ramdisk
-
-  ORIGBOOT=$BOOTIMAGE
-
-  ui_print "- Unpacking boot image"
-  unpack_boot $ORIGBOOT
-
-  if [ -d ".backup" ]; then
-    ui_print "- Restoring ramdisk with backup"
-    cp -af .backup/. .
-    rm -rf magisk init.magisk.rc sbin/magic_mask.sh 2>/dev/null
-    rm -rf .backup
-  else
-    ui_print "! No ramdisk backup found"
-    ui_print "! Unable to revert completely"
-    ui_print "! Will still remove Magisk additions"
-    # Removing boot image modifications
-    rm -rf magisk init.magisk.rc sbin/magic_mask.sh 2>/dev/null
-  fi
-
-  ui_print "- Repacking boot image"
-  repack_boot
-}
-
 ##########################################################################################
 # Main
 ##########################################################################################
@@ -182,12 +105,6 @@ if [ ! -f '/system/build.prop' ]; then
   exit 1
 fi
 
-SAMSUNG=false
-SAMSUNG_CHECK=$(cat /system/build.prop | grep "ro.build.fingerprint=" | grep -i "samsung")
-if [ $? -eq 0 ]; then
-  SAMSUNG=true
-fi
-
 API=$(grep_prop ro.build.version.sdk)
 ABI=$(grep_prop ro.product.cpu.abi | cut -c-3)
 ABI2=$(grep_prop ro.product.cpu.abi2 | cut -c-3)
@@ -201,57 +118,34 @@ if [ "$ABILONG" = "arm64-v8a" ]; then ARCH=arm64; IS64BIT=true; fi;
 if [ "$ABILONG" = "x86_64" ]; then ARCH=x64; IS64BIT=true; fi;
 
 ui_print "- Device platform: $ARCH"
-
+CHROMEDIR=$INSTALLER/chromeos
 BINDIR=$INSTALLER/$ARCH
-chmod -R 755 $CHROMEDIR/futility $BINDIR
 
-find_boot_image
-if [ -z "$BOOTIMAGE" ]; then
-  ui_print "! Unable to detect boot image"
-  exit 1
-fi
+# Copy the binaries to /data/magisk
+mkdir -p /data/magisk 2>/dev/null
+cp -af $BINDIR/bootimgtools $CHROMEDIR /data/magisk
 
 ##########################################################################################
 # Detection all done, start installing
 ##########################################################################################
 
+ui_print "- Found Boot Image: $BOOTIMAGE"
+
 if (is_mounted /data); then
-  cp -af /data/stock_boot_*.gz /data/stock_boot.img.gz 2>/dev/null
-  gzip -d /data/stock_boot.img.gz 2>/dev/null
-  rm -rf /data/stock_boot.img.gz 2>/dev/null
-  if [ -f "/data/stock_boot.img" ]; then
-    ui_print "- Boot image backup found!"
-    NEWBOOT=/data/stock_boot.img
-  else
-    ui_print "! Boot image backup unavalible, try using ramdisk backup"
-    revert_boot
-  fi
-  ui_print "- Removing Magisk files"
-  rm -rf  /cache/magisk.log /cache/last_magisk.log /cache/magiskhide.log \
-          /cache/magisk /cache/magisk_merge /cache/magisk_mount  /cache/unblock \
-          /data/Magisk.apk /data/magisk.img /data/magisk_merge.img \
-          /data/busybox /data/magisk /data/custom_ramdisk_patch.sh 2>/dev/null
+  ui_print "- Running uninstaller scripts"
+  sh $INSTALLER/common/magisk_uninstaller.sh
 else
-  ui_print "! Data unavalible"
-  ui_print "! Impossible to restore original boot image"
-  ui_print "! Try using ramdisk backup"
-  revert_boot
-  ui_print "- Removing Magisk files"
-  rm -rf  /cache/magisk.log /cache/last_magisk.log /cache/magiskhide.log \
-          /cache/magisk /cache/magisk_merge /cache/magisk_mount  /cache/unblock 2>/dev/null
-  ui_print "*****************************************"
-  ui_print "     Magisk is not fully removed yet     "
-  ui_print " Please manually remove /data/magisk.img "
-  ui_print "*****************************************"
+  ui_print "! Data unavailable"
+  ui_print "! Placing uninstall script to /cache"
+  ui_print "! The device will reboot multiple times"
+  cp -af $INSTALLER/common/magisk_uninstaller.sh /cache/magisk_uninstaller.sh
+  umount /system
+  sleep 5
+  reboot
 fi
 
 chmod 644 $NEWBOOT
 
-ui_print "- Flashing reverted image"
-[ ! -L "$BOOTIMAGE" ] && dd if=/dev/zero of=$BOOTIMAGE bs=4096 2>/dev/null
-dd if=$NEWBOOT of=$BOOTIMAGE bs=4096
-
 umount /system
-
 ui_print "- Done"
 exit 0

zip_static/common/custom_ramdisk_patch.sh

@@ -1,53 +0,0 @@
-#!/system/bin/sh
-
-RAMDISK=$1
-BINDIR=/data/magisk
-
-cpio_add() {
-  /su/bin/sukernel --cpio-add $RAMDISK $RAMDISK $2 $1 $1
-}
-
-cpio_extract() {
-  /su/bin/sukernel --cpio-extract $RAMDISK $1 $1
-}
-
-cpio_mkdir() {
-  /su/bin/sukernel --cpio-mkdir $RAMDISK $RAMDISK $2 $1
-}
-
-rm -rf /tmp/magisk/ramdisk 2>/dev/null
-mkdir -p /tmp/magisk/ramdisk
-cd /tmp/magisk/ramdisk
-
-cat $RAMDISK | cpio -i
-
-# Patch ramdisk
-echo "- Patching ramdisk"
-
-# Add magisk entrypoint
-for INIT in init*.rc; do
-  if [ $(grep -c "import /init.environ.rc" $INIT) -ne "0" ] && [ $(grep -c "import /init.magisk.rc" $INIT) -eq "0" ]; then
-    sed -i "/import \/init\.environ\.rc/iimport /init.magisk.rc" $INIT
-    cpio_add $INIT 750
-    break
-  fi
-done
-
-# Add magisk PATH
-if [ $(grep -c "/magisk/.core/busybox" init.environ.rc) -eq "0" ]; then
-  sed -i "/export PATH/ s/\/system\/xbin/\/system\/xbin:\/magisk\/.core\/busybox/g" init.environ.rc
-  cpio_add init.environ.rc 750
-fi
-
-# sepolicy patches
-$BINDIR/sepolicy-inject --magisk -P sepolicy
-cpio_add sepolicy 644
-
-# Add new items
-mkdir -p magisk 2>/dev/null
-cp -af $BINDIR/init.magisk.rc init.magisk.rc
-cp -af $BINDIR/magic_mask.sh sbin/magic_mask.sh
-
-cpio_mkdir magisk 755
-cpio_add init.magisk.rc 750
-cpio_add sbin/magic_mask.sh 750

zip_static/common/magiskhide/add

@@ -1,11 +1,14 @@
 #!/system/bin/sh
 
 HIDELIST=/magisk/.core/magiskhide/hidelist
+PROCESS=$1
+TOOLPATH=/dev/busybox
 
-if [ ! -z "$1" ]; then
-  if [ $(grep -c "^$1$" $HIDELIST) -eq "0" ]; then
-    echo "$1" >> $HIDELIST
-    set `/data/busybox/ps -o pid,args | grep "$1" | grep -v "grep"`
-    kill "$1"
+if [ ! -z "$PROCESS" ]; then
+  if [ `grep -c "^$PROCESS$" $HIDELIST` -eq "0" ]; then
+    echo "$PROCESS" >> $HIDELIST
+    set --
+    set `$TOOLPATH/ps -o pid,args | grep "$PROCESS" | grep -v grep` >/dev/null
+    [ ! -z "$1" ] && kill "$1"
   fi
 fi

zip_static/common/magiskhide/disable

@@ -0,0 +1,27 @@
+#!/system/bin/sh
+
+MODDIR=/magisk/.core/magiskhide
+LOGFILE=/cache/magisk.log
+TOOLPATH=/dev/busybox
+
+log_print() {
+  echo "MagiskHide: $1"
+  echo "MagiskHide: $1" >> $LOGFILE
+  log -p i -t Magisk "MagiskHide: $1"
+}
+
+# Only disable when MagiskHide is started
+ps | grep "magiskhide --daemon" | grep -v grep >/dev/null 2>&1 || exit
+
+log_print "Stopping MagiskHide daemon"
+
+set --
+set `$TOOLPATH/ps -o pid,args | grep "magiskhide" | grep -v grep | head -1` >/dev/null
+[ ! -z "$1" ] && kill "$1"
+
+while read PROCESS; do
+  log_print "Killing $PROCESS"
+  set --
+  set `$TOOLPATH/ps -o pid,args | grep "$PROCESS" | grep -v grep` >/dev/null
+  [ ! -z "$1" ] && kill "$1"
+done < $MODDIR/hidelist

zip_static/common/magiskhide/enable

@@ -0,0 +1,43 @@
+#!/system/bin/sh
+
+MODDIR=/magisk/.core/magiskhide
+BINPATH=/data/magisk
+LOGFILE=/cache/magisk.log
+TOOLPATH=/dev/busybox
+
+log_print() {
+  echo "MagiskHide: $1"
+  echo "MagiskHide: $1" >> $LOGFILE
+  log -p i -t Magisk "MagiskHide: $1"
+}
+
+# Only enable when isn't started
+ps | grep "magiskhide --daemon" | grep -v grep >/dev/null 2>&1 && exit
+
+log_print "Removing tampered read-only system props"
+
+VERIFYBOOT=`getprop ro.boot.verifiedbootstate`
+FLASHLOCKED=`getprop ro.boot.flash.locked`
+VERITYMODE=`getprop ro.boot.veritymode`
+
+[ ! -z "$VERIFYBOOT" -a "$VERIFYBOOT" != "green" ] && \
+log_print "`$BINPATH/resetprop -v -n ro.boot.verifiedbootstate green`"
+[ ! -z "$FLASHLOCKED" -a "$FLASHLOCKED" != "1" ] && \
+log_print "`$BINPATH/resetprop -v -n ro.boot.flash.locked 1`"
+[ ! -z "$VERITYMODE" -a "$VERITYMODE" != "enforcing" ] && \
+log_print "`$BINPATH/resetprop -v -n ro.boot.veritymode enforcing`"
+
+touch $MODDIR/hidelist
+chmod -R 755 $MODDIR
+# Add Safety Net preset
+$MODDIR/add com.google.android.gms.unstable
+
+while read PROCESS; do
+  log_print "Killing $PROCESS"
+  set --
+  set `$TOOLPATH/ps -o pid,args | grep "$PROCESS" | grep -v grep` >/dev/null
+  [ ! -z "$1" ] && kill "$1"
+done < $MODDIR/hidelist
+
+log_print "Starting MagiskHide daemon"
+$MODDIR/magiskhide --daemon

zip_static/common/magiskhide/rm

@@ -1,11 +1,14 @@
 #!/system/bin/sh
 
 HIDELIST=/magisk/.core/magiskhide/hidelist
+PROCESS=$1
+TOOLPATH=/dev/busybox
 
-if [ ! -z "$1" ]; then
+if [ ! -z "$PROCESS" ]; then
   cp -af $HIDELIST $HIDELIST.tmp
-  cat $HIDELIST.tmp | grep -v "^$1$" > $HIDELIST
+  cat $HIDELIST.tmp | grep -v "^$PROCESS$" > $HIDELIST
   rm -f $HIDELIST.tmp
-  set `/data/busybox/ps -o pid,args | grep "$1" | grep -v "grep"`
-  kill "$1"
+  set --
+  set `$TOOLPATH/ps -o pid,args | grep "$PROCESS" | grep -v grep` >/dev/null
+  [ ! -z "$1" ] && kill "$1"
 fi

ziptools/src/zipadjust.c

@@ -27,6 +27,11 @@
 #include <errno.h>
 #include <zlib.h>
 
+#ifndef O_BINARY
+#define O_BINARY  0
+#define O_TEXT    0
+#endif
+
 #pragma pack(1)
 struct local_header_struct {
 	uint32_t signature;
@@ -194,7 +199,7 @@ static int xdecompress(int fdIn, int fdOut, off_t offsetIn, off_t offsetOut, siz
 int zipadjust(char* filenameIn, char* filenameOut, int decompress) {
 	int ok = 0;
 	
-	int fin = open(filenameIn, O_RDONLY);
+	int fin = open(filenameIn, O_RDONLY | O_BINARY);
 	if (fin > 0) {
 		unsigned int size = lseek(fin, 0, SEEK_END);
 		lseek(fin, 0, SEEK_SET);
@@ -234,7 +239,7 @@ int zipadjust(char* filenameIn, char* filenameOut, int decompress) {
 		memset(central_directory_out, 0, central_directory_in_size);
 
 		unlink(filenameOut);
-		int fout = open(filenameOut, O_CREAT | O_WRONLY, 0644);
+		int fout = open(filenameOut, O_CREAT | O_WRONLY | O_BINARY, 0644);
 		if (fout > 0) {
 
 			uintptr_t central_directory_in_index = 0;