ec3705f2ed
Introduce new domain `magisk_client` and new file type `magisk_exec`. Connection to magiskd's always-on socket is restricted to magisk_client only. Whitelisted process domains can transit to magisk_client through executing files labelled magisk_exec. The main magisk binary shall be the only file labelled as magisk_exec throughout the whole system. All processes thus are no longer allowed to connect to magiskd directly without going through the proper magisk binary. Connection failures are silenced from audit logs with dontaudit rules, so crazy processes which traverse through all unix domain sockets to try connection can no longer check logcat to know the actual reason behind EACCES, leaking the denied process policy (which is u:r:magisk:s0). This also allows us to remove many rules that open up holes in untrusted_app domains that were used to make remote shell work properly. Since all processes establishing the remote shell are now restricted to the magisk_client domain, all these rules are moved to magisk_client. This makes Magisk require fewer compromises in Android's security model. Note: as of this commit, requesting new root access via Magisk Manager will stop working as Magisk Manager can no longer communicate with magiskd directly. This will be addressed in a future commit that involves changes in both native and application side. |
||
---|---|---|
app | ||
docs | ||
gradle/wrapper | ||
native | ||
scripts | ||
shared | ||
signing | ||
stub | ||
tools | ||
.gitattributes | ||
.gitignore | ||
.gitmodules | ||
build.gradle | ||
build.py | ||
config.prop.sample | ||
gradle.properties | ||
gradlew | ||
gradlew.bat | ||
LICENSE | ||
README.MD | ||
settings.gradle |
Introduction
Magisk is a suite of open source tools for customizing Android, supporting devices higher than Android 4.2. It covers fundamental parts of Android customization: root, boot scripts, SELinux patches, AVB2.0 / dm-verity / forceencrypt removals etc.
Here are some feature highlights:
- MagiskSU: Provide root access to your device
- Magisk Modules: Modify read-only partitions by installing modules
- MagiskHide: Hide Magisk from root detections / system integrity checks
Download
Useful Links
- Installation Instruction
- OTA Upgrade Guide
- Full Official Docs
- Magisk Troubleshoot Wiki (by @Didgeridoohan)
Android Version Support
- Android 4.2+: MagiskSU and Magisk Modules Only
- Android 4.4+: All core features available
- Android 6.0+: Guaranteed MagiskHide support
- Android 7.0+: Full MagiskHide protection
- Android 9.0+: Magisk Manager stealth mode
Bug Reports
Canary Channels are cutting edge builds for those adventurous. To access canary builds, install either Canary Magisk Manager, switch to a Canary Channel in settings and upgrade.
Only bug reports from Canary DEBUG builds will be accepted.
For installation issues, upload both boot image and install logs.
For Magisk issues, upload boot logcat or dmesg.
For Magisk Manager crashes, record and upload the logcat when the crash occurs.
Building and Development
- Magisk builds on any OS Android Studio supports. Install Android Studio and do the initial setups.
- Clone sources:
git clone --recurse-submodules https://github.com/topjohnwu/Magisk.git
- Install Python 3.6+. For Windows, select 'Add Python to PATH' in installer, and run
pip install colorama
after install. - Configure to use the JDK bundled in Android Studio:
- macOS:
export JAVA_HOME="/Applications/Android Studio.app/Contents/jre/jdk/Contents/Home"
- Linux:
export PATH="/path/to/androidstudio/jre/bin:$PATH"
- Windows: Add
C:\Path\To\Android Studio\jre\bin
to environment variablePATH
- macOS:
- Set environment variable
ANDROID_HOME
to the Android SDK folder (can be found in Android Studio settings) - Run
./build.py ndk
to let the script download and install NDK for you - Set configurations in
config.prop
. A sampleconfig.prop.sample
is provided. - To start building, run
build.py
to see your options. For each action, use-h
to access help (e.g../build.py all -h
) - To start development, open the project in Android Studio. Both app (Kotlin/Java) and native (C++/C) source code can be properly developed using the IDE, but always use
build.py
for building. build.py
builds in debug mode by default. If you want release builds (with-r, --release
), you need a Java Keystore to sign APKs and zips. For more information, check Google's Documentation.
Translation Contributions
Default string resources for Magisk Manager and its stub APK are located here:
app/src/main/res/values/strings.xml
stub/src/main/res/values/strings.xml
Translate each and place them in the respective locations ([module]/src/main/res/values-[lang]/strings.xml
).
License
Magisk, including all git submodules are free software:
you can redistribute it and/or modify it under the terms of the
GNU General Public License as published by the Free Software Foundation,
either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.