Handle MagiskSU and MagiskHide differently
This commit is contained in:
parent
b4fe4f3d10
commit
0d10b812fe
@ -42,9 +42,10 @@ int hideMagisk() {
|
||||
}
|
||||
}
|
||||
|
||||
// First unmount the dummy skeletons and the cache mounts
|
||||
// First unmount the dummy skeletons, cache mounts, and /sbin links
|
||||
for(i = mount_size - 1; i >= 0; --i) {
|
||||
if (strstr(mount_list[i], "tmpfs /system") || strstr(mount_list[i], "tmpfs /vendor")
|
||||
|| strstr(mount_list[i], "tmpfs /sbin")
|
||||
|| (strstr(mount_list[i], cache_block) && strstr(mount_list[i], "/system/")) ) {
|
||||
sscanf(mount_list[i], "%*s %512s", buffer);
|
||||
lazy_unmount(buffer);
|
||||
|
@ -1 +1 @@
|
||||
Subproject commit ca75dd07283ff5fb9fec32f106ba8c58642742a0
|
||||
Subproject commit 2e6bea23acc073aa9b3890c50342dd4a3dc8e754
|
@ -248,9 +248,11 @@ is_mounted /data && MAGISKBIN=/data/magisk || MAGISKBIN=/cache/data_bin
|
||||
# Copy required files
|
||||
rm -rf $MAGISKBIN 2>/dev/null
|
||||
mkdir -p $MAGISKBIN
|
||||
cp -af $BINDIR/busybox $BINDIR/magiskpolicy $BINDIR/resetprop $BINDIR/magiskboot \
|
||||
$COMMONDIR/ramdisk_patch.sh $COMMONDIR/init.magisk.rc \
|
||||
$COMMONDIR/magic_mask.sh $COMMONDIR/magisk.apk $MAGISKBIN
|
||||
cp -af $BINDIR/. $COMMONDIR/ramdisk_patch.sh $COMMONDIR/magic_mask.sh \
|
||||
$COMMONDIR/init.magisk.rc $COMMONDIR/magisk.apk $MAGISKBIN
|
||||
# Legacy support
|
||||
ln -sf /data/magisk/magiskpolicy $MAGISKBIN/sepolicy-inject
|
||||
|
||||
chmod -R 755 $MAGISKBIN
|
||||
chcon -h u:object_r:system_file:s0 $MAGISKBIN $MAGISKBIN/*
|
||||
|
||||
@ -416,18 +418,10 @@ MAGISKLOOP=$LOOPDEVICE
|
||||
|
||||
# Core folders and scripts
|
||||
mkdir -p $COREDIR/magiskhide $COREDIR/post-fs-data.d $COREDIR/service.d 2>/dev/null
|
||||
cp -af $COMMONDIR/magiskhide/. $BINDIR/magiskhide $COREDIR/magiskhide
|
||||
cp -af $COMMONDIR/magiskhide/. $COREDIR/magiskhide
|
||||
chmod -R 755 $COREDIR/magiskhide $COREDIR/post-fs-data.d $COREDIR/service.d
|
||||
chown -R 0.0 $COREDIR/magiskhide $COREDIR/post-fs-data.d $COREDIR/service.d
|
||||
|
||||
if ! $SUPERSU; then
|
||||
ui_print "- Installing MagiskSU"
|
||||
mkdir -p $COREDIR/su 2>/dev/null
|
||||
cp -af $BINDIR/su $COMMONDIR/magisksu.sh $COREDIR/su
|
||||
chmod -R 755 $COREDIR/su
|
||||
chown -R 0.0 $COREDIR/su
|
||||
fi
|
||||
|
||||
##########################################################################################
|
||||
# Repack and flash
|
||||
##########################################################################################
|
||||
|
@ -3,13 +3,12 @@
|
||||
on post-fs
|
||||
start magisk_pfs
|
||||
wait /dev/.magisk.unblock 20
|
||||
rm /dev/.magisk.unblock
|
||||
|
||||
on post-fs-data
|
||||
rm /dev/.magisk.unblock
|
||||
load_persist_props
|
||||
start magisk_pfsd
|
||||
wait /dev/.magisk.unblock 60
|
||||
rm /dev/.magisk.unblock
|
||||
|
||||
on property:magisk.restart_pfsd=1
|
||||
trigger post-fs-data
|
||||
|
@ -171,7 +171,7 @@ clone_dummy() {
|
||||
cp -afc "$ITEM" "$DUMMDIR$REAL"
|
||||
else
|
||||
if $LINK && [ ! -e "$MOUNTINFO$REAL" ]; then
|
||||
ln -s "$MIRRDIR$REAL" "$DUMMDIR$REAL"
|
||||
ln -sf "$MIRRDIR$REAL" "$DUMMDIR$REAL"
|
||||
else
|
||||
if [ -d "$ITEM" ]; then
|
||||
mkdir -p "$DUMMDIR$REAL"
|
||||
@ -317,7 +317,7 @@ case $1 in
|
||||
# Set up environment
|
||||
mkdir -p $TOOLPATH
|
||||
$BINPATH/busybox --install -s $TOOLPATH
|
||||
ln -s $BINPATH/busybox $TOOLPATH/busybox
|
||||
ln -sf $BINPATH/busybox $TOOLPATH/busybox
|
||||
# Prevent issues
|
||||
rm -f $TOOLPATH/su $TOOLPATH/sh $TOOLPATH/reboot
|
||||
chmod -R 755 $TOOLPATH
|
||||
@ -346,7 +346,7 @@ case $1 in
|
||||
# Remove empty directories, legacy paths, symlinks, old temporary images
|
||||
find $MOUNTPOINT -type d -depth ! -path "*core*" -exec rmdir {} \; 2>/dev/null
|
||||
rm -rf $MOUNTPOINT/zzsupersu $MOUNTPOINT/phh $COREDIR/bin $COREDIR/dummy $COREDIR/mirror \
|
||||
$COREDIR/busybox /data/magisk/*.img /data/busybox 2>/dev/null
|
||||
$COREDIR/busybox $COREDIR/su /data/magisk/*.img /data/busybox 2>/dev/null
|
||||
|
||||
# Remove modules that are labeled to be removed
|
||||
for MOD in $MOUNTPOINT/* ; do
|
||||
@ -374,10 +374,21 @@ case $1 in
|
||||
fi
|
||||
fi
|
||||
|
||||
# Start MagiskSU if no SuperSU
|
||||
export PATH=$OLDPATH
|
||||
[ ! -f /sbin/launch_daemonsu.sh ] && sh $COREDIR/su/magisksu.sh
|
||||
export PATH=$TOOLPATH:$OLDPATH
|
||||
log_print "* Linking binaries to /sbin"
|
||||
mount -o rw,remount rootfs /
|
||||
chmod 755 /sbin
|
||||
ln -sf $BINPATH/magiskpolicy /sbin/magiskpolicy
|
||||
ln -sf $BINPATH/magiskpolicy /sbin/sepolicy-inject
|
||||
ln -sf $BINPATH/resetprop /sbin/resetprop
|
||||
if [ ! -f /sbin/launch_daemonsu.sh ]; then
|
||||
log_print "* Starting MagiskSU"
|
||||
export PATH=$OLDPATH
|
||||
ln -sf $BINPATH/su /sbin/su
|
||||
ln -sf $BINPATH/magiskpolicy /sbin/supolicy
|
||||
/sbin/su --daemon
|
||||
export PATH=$TOOLPATH:$OLDPATH
|
||||
fi
|
||||
mount -o ro,remount rootfs /
|
||||
|
||||
[ -f $DISABLEFILE ] && unblock
|
||||
|
||||
@ -389,7 +400,7 @@ case $1 in
|
||||
# Link vendor if not exist
|
||||
if [ ! -e /vendor ]; then
|
||||
mount -o rw,remount rootfs /
|
||||
ln -s /system/vendor /vendor
|
||||
ln -sf /system/vendor /vendor
|
||||
mount -o ro,remount rootfs /
|
||||
fi
|
||||
|
||||
@ -402,7 +413,7 @@ case $1 in
|
||||
(travel system)
|
||||
rm -f $MOD/vendor 2>/dev/null
|
||||
if [ -d $MOD/system/vendor ]; then
|
||||
ln -s $MOD/system/vendor $MOD/vendor
|
||||
ln -sf $MOD/system/vendor $MOD/vendor
|
||||
(travel vendor)
|
||||
fi
|
||||
fi
|
||||
@ -434,7 +445,7 @@ case $1 in
|
||||
mkdir -p $MIRRDIR/vendor
|
||||
mount -o ro $VENDORBLOCK $MIRRDIR/vendor
|
||||
else
|
||||
ln -s $MIRRDIR/system/vendor $MIRRDIR/vendor
|
||||
ln -sf $MIRRDIR/system/vendor $MIRRDIR/vendor
|
||||
fi
|
||||
|
||||
# Since mirrors always exist, we load libraries and binaries from mirrors
|
||||
|
@ -14,11 +14,33 @@ log_print() {
|
||||
# Only enable when isn't started
|
||||
ps | grep "magiskhide --daemon" | grep -v grep >/dev/null 2>&1 && exit
|
||||
|
||||
log_print "Removing tampered read-only system props"
|
||||
if [ ! -d /sbin_orig ]; then
|
||||
log_print "Moving and re-linking /sbin binaries"
|
||||
mount -o rw,remount rootfs /
|
||||
mv -f /sbin /sbin_orig
|
||||
mkdir /sbin
|
||||
mount -o ro,remount rootfs /
|
||||
mkdir -p /dev/sbin_bind
|
||||
chmod 755 /dev/sbin_bind
|
||||
ln -s /sbin_orig/* /dev/sbin_bind
|
||||
chcon -h u:object_r:rootfs:s0 /dev/sbin_bind /dev/sbin_bind/*
|
||||
mount -o bind /dev/sbin_bind /sbin
|
||||
fi
|
||||
|
||||
# Sammy device like these permissions
|
||||
chmod 640 /sys/fs/selinux/enforce
|
||||
chmod 440 /sys/fs/selinux/policy
|
||||
|
||||
log_print "Removing dangerous read-only system props"
|
||||
|
||||
VERIFYBOOT=`getprop ro.boot.verifiedbootstate`
|
||||
FLASHLOCKED=`getprop ro.boot.flash.locked`
|
||||
VERITYMODE=`getprop ro.boot.veritymode`
|
||||
DEBUGGABLE=`getprop ro.debuggable`
|
||||
SECURE=`getprop ro.secure`
|
||||
BUILDTYPE=`getprop ro.build.type`
|
||||
BUILDTAGS=`getprop ro.build.tags`
|
||||
BUILDSELINUX=`getprop ro.build.selinux`
|
||||
|
||||
[ ! -z "$VERIFYBOOT" -a "$VERIFYBOOT" != "green" ] && \
|
||||
log_print "`$BINPATH/resetprop -v -n ro.boot.verifiedbootstate green`"
|
||||
@ -26,6 +48,16 @@ log_print "`$BINPATH/resetprop -v -n ro.boot.verifiedbootstate green`"
|
||||
log_print "`$BINPATH/resetprop -v -n ro.boot.flash.locked 1`"
|
||||
[ ! -z "$VERITYMODE" -a "$VERITYMODE" != "enforcing" ] && \
|
||||
log_print "`$BINPATH/resetprop -v -n ro.boot.veritymode enforcing`"
|
||||
[ ! -z "$DEBUGGABLE" -a "$DEBUGGABLE" != "0" ] && \
|
||||
log_print "`$BINPATH/resetprop -v -n ro.debuggable 0`"
|
||||
[ ! -z "$SECURE" -a "$SECURE" != "1" ] && \
|
||||
log_print "`$BINPATH/resetprop -v -n ro.secure 1`"
|
||||
[ ! -z "$BUILDTYPE" -a "$BUILDTYPE" != "user" ] && \
|
||||
log_print "`$BINPATH/resetprop -v -n ro.build.type user`"
|
||||
[ ! -z "$BUILDTAGS" -a "$BUILDTAGS" != "release-keys" ] && \
|
||||
log_print "`$BINPATH/resetprop -v -n ro.build.tags release-keys`"
|
||||
[ ! -z "$BUILDSELINUX" -a "$BUILDSELINUX" != "0" ] && \
|
||||
log_print "`$BINPATH/resetprop -v -n ro.build.selinux 0`"
|
||||
|
||||
touch $MODDIR/hidelist
|
||||
chmod -R 755 $MODDIR
|
||||
@ -40,4 +72,4 @@ while read PROCESS; do
|
||||
done < $MODDIR/hidelist
|
||||
|
||||
log_print "Starting MagiskHide daemon"
|
||||
$MODDIR/magiskhide --daemon
|
||||
$BINPATH/magiskhide --daemon
|
||||
|
Loading…
x
Reference in New Issue
Block a user