Handle MagiskSU and MagiskHide differently

This commit is contained in:
topjohnwu 2017-03-19 05:00:12 +08:00
parent b4fe4f3d10
commit 0d10b812fe
6 changed files with 65 additions and 28 deletions

View File

@ -42,9 +42,10 @@ int hideMagisk() {
} }
} }
// First unmount the dummy skeletons and the cache mounts // First unmount the dummy skeletons, cache mounts, and /sbin links
for(i = mount_size - 1; i >= 0; --i) { for(i = mount_size - 1; i >= 0; --i) {
if (strstr(mount_list[i], "tmpfs /system") || strstr(mount_list[i], "tmpfs /vendor") if (strstr(mount_list[i], "tmpfs /system") || strstr(mount_list[i], "tmpfs /vendor")
|| strstr(mount_list[i], "tmpfs /sbin")
|| (strstr(mount_list[i], cache_block) && strstr(mount_list[i], "/system/")) ) { || (strstr(mount_list[i], cache_block) && strstr(mount_list[i], "/system/")) ) {
sscanf(mount_list[i], "%*s %512s", buffer); sscanf(mount_list[i], "%*s %512s", buffer);
lazy_unmount(buffer); lazy_unmount(buffer);

@ -1 +1 @@
Subproject commit ca75dd07283ff5fb9fec32f106ba8c58642742a0 Subproject commit 2e6bea23acc073aa9b3890c50342dd4a3dc8e754

View File

@ -248,9 +248,11 @@ is_mounted /data && MAGISKBIN=/data/magisk || MAGISKBIN=/cache/data_bin
# Copy required files # Copy required files
rm -rf $MAGISKBIN 2>/dev/null rm -rf $MAGISKBIN 2>/dev/null
mkdir -p $MAGISKBIN mkdir -p $MAGISKBIN
cp -af $BINDIR/busybox $BINDIR/magiskpolicy $BINDIR/resetprop $BINDIR/magiskboot \ cp -af $BINDIR/. $COMMONDIR/ramdisk_patch.sh $COMMONDIR/magic_mask.sh \
$COMMONDIR/ramdisk_patch.sh $COMMONDIR/init.magisk.rc \ $COMMONDIR/init.magisk.rc $COMMONDIR/magisk.apk $MAGISKBIN
$COMMONDIR/magic_mask.sh $COMMONDIR/magisk.apk $MAGISKBIN # Legacy support
ln -sf /data/magisk/magiskpolicy $MAGISKBIN/sepolicy-inject
chmod -R 755 $MAGISKBIN chmod -R 755 $MAGISKBIN
chcon -h u:object_r:system_file:s0 $MAGISKBIN $MAGISKBIN/* chcon -h u:object_r:system_file:s0 $MAGISKBIN $MAGISKBIN/*
@ -416,18 +418,10 @@ MAGISKLOOP=$LOOPDEVICE
# Core folders and scripts # Core folders and scripts
mkdir -p $COREDIR/magiskhide $COREDIR/post-fs-data.d $COREDIR/service.d 2>/dev/null mkdir -p $COREDIR/magiskhide $COREDIR/post-fs-data.d $COREDIR/service.d 2>/dev/null
cp -af $COMMONDIR/magiskhide/. $BINDIR/magiskhide $COREDIR/magiskhide cp -af $COMMONDIR/magiskhide/. $COREDIR/magiskhide
chmod -R 755 $COREDIR/magiskhide $COREDIR/post-fs-data.d $COREDIR/service.d chmod -R 755 $COREDIR/magiskhide $COREDIR/post-fs-data.d $COREDIR/service.d
chown -R 0.0 $COREDIR/magiskhide $COREDIR/post-fs-data.d $COREDIR/service.d chown -R 0.0 $COREDIR/magiskhide $COREDIR/post-fs-data.d $COREDIR/service.d
if ! $SUPERSU; then
ui_print "- Installing MagiskSU"
mkdir -p $COREDIR/su 2>/dev/null
cp -af $BINDIR/su $COMMONDIR/magisksu.sh $COREDIR/su
chmod -R 755 $COREDIR/su
chown -R 0.0 $COREDIR/su
fi
########################################################################################## ##########################################################################################
# Repack and flash # Repack and flash
########################################################################################## ##########################################################################################

View File

@ -3,13 +3,12 @@
on post-fs on post-fs
start magisk_pfs start magisk_pfs
wait /dev/.magisk.unblock 20 wait /dev/.magisk.unblock 20
rm /dev/.magisk.unblock
on post-fs-data on post-fs-data
rm /dev/.magisk.unblock
load_persist_props load_persist_props
start magisk_pfsd start magisk_pfsd
wait /dev/.magisk.unblock 60 wait /dev/.magisk.unblock 60
rm /dev/.magisk.unblock
on property:magisk.restart_pfsd=1 on property:magisk.restart_pfsd=1
trigger post-fs-data trigger post-fs-data

View File

@ -171,7 +171,7 @@ clone_dummy() {
cp -afc "$ITEM" "$DUMMDIR$REAL" cp -afc "$ITEM" "$DUMMDIR$REAL"
else else
if $LINK && [ ! -e "$MOUNTINFO$REAL" ]; then if $LINK && [ ! -e "$MOUNTINFO$REAL" ]; then
ln -s "$MIRRDIR$REAL" "$DUMMDIR$REAL" ln -sf "$MIRRDIR$REAL" "$DUMMDIR$REAL"
else else
if [ -d "$ITEM" ]; then if [ -d "$ITEM" ]; then
mkdir -p "$DUMMDIR$REAL" mkdir -p "$DUMMDIR$REAL"
@ -317,7 +317,7 @@ case $1 in
# Set up environment # Set up environment
mkdir -p $TOOLPATH mkdir -p $TOOLPATH
$BINPATH/busybox --install -s $TOOLPATH $BINPATH/busybox --install -s $TOOLPATH
ln -s $BINPATH/busybox $TOOLPATH/busybox ln -sf $BINPATH/busybox $TOOLPATH/busybox
# Prevent issues # Prevent issues
rm -f $TOOLPATH/su $TOOLPATH/sh $TOOLPATH/reboot rm -f $TOOLPATH/su $TOOLPATH/sh $TOOLPATH/reboot
chmod -R 755 $TOOLPATH chmod -R 755 $TOOLPATH
@ -346,7 +346,7 @@ case $1 in
# Remove empty directories, legacy paths, symlinks, old temporary images # Remove empty directories, legacy paths, symlinks, old temporary images
find $MOUNTPOINT -type d -depth ! -path "*core*" -exec rmdir {} \; 2>/dev/null find $MOUNTPOINT -type d -depth ! -path "*core*" -exec rmdir {} \; 2>/dev/null
rm -rf $MOUNTPOINT/zzsupersu $MOUNTPOINT/phh $COREDIR/bin $COREDIR/dummy $COREDIR/mirror \ rm -rf $MOUNTPOINT/zzsupersu $MOUNTPOINT/phh $COREDIR/bin $COREDIR/dummy $COREDIR/mirror \
$COREDIR/busybox /data/magisk/*.img /data/busybox 2>/dev/null $COREDIR/busybox $COREDIR/su /data/magisk/*.img /data/busybox 2>/dev/null
# Remove modules that are labeled to be removed # Remove modules that are labeled to be removed
for MOD in $MOUNTPOINT/* ; do for MOD in $MOUNTPOINT/* ; do
@ -374,10 +374,21 @@ case $1 in
fi fi
fi fi
# Start MagiskSU if no SuperSU log_print "* Linking binaries to /sbin"
export PATH=$OLDPATH mount -o rw,remount rootfs /
[ ! -f /sbin/launch_daemonsu.sh ] && sh $COREDIR/su/magisksu.sh chmod 755 /sbin
export PATH=$TOOLPATH:$OLDPATH ln -sf $BINPATH/magiskpolicy /sbin/magiskpolicy
ln -sf $BINPATH/magiskpolicy /sbin/sepolicy-inject
ln -sf $BINPATH/resetprop /sbin/resetprop
if [ ! -f /sbin/launch_daemonsu.sh ]; then
log_print "* Starting MagiskSU"
export PATH=$OLDPATH
ln -sf $BINPATH/su /sbin/su
ln -sf $BINPATH/magiskpolicy /sbin/supolicy
/sbin/su --daemon
export PATH=$TOOLPATH:$OLDPATH
fi
mount -o ro,remount rootfs /
[ -f $DISABLEFILE ] && unblock [ -f $DISABLEFILE ] && unblock
@ -389,7 +400,7 @@ case $1 in
# Link vendor if not exist # Link vendor if not exist
if [ ! -e /vendor ]; then if [ ! -e /vendor ]; then
mount -o rw,remount rootfs / mount -o rw,remount rootfs /
ln -s /system/vendor /vendor ln -sf /system/vendor /vendor
mount -o ro,remount rootfs / mount -o ro,remount rootfs /
fi fi
@ -402,7 +413,7 @@ case $1 in
(travel system) (travel system)
rm -f $MOD/vendor 2>/dev/null rm -f $MOD/vendor 2>/dev/null
if [ -d $MOD/system/vendor ]; then if [ -d $MOD/system/vendor ]; then
ln -s $MOD/system/vendor $MOD/vendor ln -sf $MOD/system/vendor $MOD/vendor
(travel vendor) (travel vendor)
fi fi
fi fi
@ -434,7 +445,7 @@ case $1 in
mkdir -p $MIRRDIR/vendor mkdir -p $MIRRDIR/vendor
mount -o ro $VENDORBLOCK $MIRRDIR/vendor mount -o ro $VENDORBLOCK $MIRRDIR/vendor
else else
ln -s $MIRRDIR/system/vendor $MIRRDIR/vendor ln -sf $MIRRDIR/system/vendor $MIRRDIR/vendor
fi fi
# Since mirrors always exist, we load libraries and binaries from mirrors # Since mirrors always exist, we load libraries and binaries from mirrors

View File

@ -14,11 +14,33 @@ log_print() {
# Only enable when isn't started # Only enable when isn't started
ps | grep "magiskhide --daemon" | grep -v grep >/dev/null 2>&1 && exit ps | grep "magiskhide --daemon" | grep -v grep >/dev/null 2>&1 && exit
log_print "Removing tampered read-only system props" if [ ! -d /sbin_orig ]; then
log_print "Moving and re-linking /sbin binaries"
mount -o rw,remount rootfs /
mv -f /sbin /sbin_orig
mkdir /sbin
mount -o ro,remount rootfs /
mkdir -p /dev/sbin_bind
chmod 755 /dev/sbin_bind
ln -s /sbin_orig/* /dev/sbin_bind
chcon -h u:object_r:rootfs:s0 /dev/sbin_bind /dev/sbin_bind/*
mount -o bind /dev/sbin_bind /sbin
fi
# Sammy device like these permissions
chmod 640 /sys/fs/selinux/enforce
chmod 440 /sys/fs/selinux/policy
log_print "Removing dangerous read-only system props"
VERIFYBOOT=`getprop ro.boot.verifiedbootstate` VERIFYBOOT=`getprop ro.boot.verifiedbootstate`
FLASHLOCKED=`getprop ro.boot.flash.locked` FLASHLOCKED=`getprop ro.boot.flash.locked`
VERITYMODE=`getprop ro.boot.veritymode` VERITYMODE=`getprop ro.boot.veritymode`
DEBUGGABLE=`getprop ro.debuggable`
SECURE=`getprop ro.secure`
BUILDTYPE=`getprop ro.build.type`
BUILDTAGS=`getprop ro.build.tags`
BUILDSELINUX=`getprop ro.build.selinux`
[ ! -z "$VERIFYBOOT" -a "$VERIFYBOOT" != "green" ] && \ [ ! -z "$VERIFYBOOT" -a "$VERIFYBOOT" != "green" ] && \
log_print "`$BINPATH/resetprop -v -n ro.boot.verifiedbootstate green`" log_print "`$BINPATH/resetprop -v -n ro.boot.verifiedbootstate green`"
@ -26,6 +48,16 @@ log_print "`$BINPATH/resetprop -v -n ro.boot.verifiedbootstate green`"
log_print "`$BINPATH/resetprop -v -n ro.boot.flash.locked 1`" log_print "`$BINPATH/resetprop -v -n ro.boot.flash.locked 1`"
[ ! -z "$VERITYMODE" -a "$VERITYMODE" != "enforcing" ] && \ [ ! -z "$VERITYMODE" -a "$VERITYMODE" != "enforcing" ] && \
log_print "`$BINPATH/resetprop -v -n ro.boot.veritymode enforcing`" log_print "`$BINPATH/resetprop -v -n ro.boot.veritymode enforcing`"
[ ! -z "$DEBUGGABLE" -a "$DEBUGGABLE" != "0" ] && \
log_print "`$BINPATH/resetprop -v -n ro.debuggable 0`"
[ ! -z "$SECURE" -a "$SECURE" != "1" ] && \
log_print "`$BINPATH/resetprop -v -n ro.secure 1`"
[ ! -z "$BUILDTYPE" -a "$BUILDTYPE" != "user" ] && \
log_print "`$BINPATH/resetprop -v -n ro.build.type user`"
[ ! -z "$BUILDTAGS" -a "$BUILDTAGS" != "release-keys" ] && \
log_print "`$BINPATH/resetprop -v -n ro.build.tags release-keys`"
[ ! -z "$BUILDSELINUX" -a "$BUILDSELINUX" != "0" ] && \
log_print "`$BINPATH/resetprop -v -n ro.build.selinux 0`"
touch $MODDIR/hidelist touch $MODDIR/hidelist
chmod -R 755 $MODDIR chmod -R 755 $MODDIR
@ -40,4 +72,4 @@ while read PROCESS; do
done < $MODDIR/hidelist done < $MODDIR/hidelist
log_print "Starting MagiskHide daemon" log_print "Starting MagiskHide daemon"
$MODDIR/magiskhide --daemon $BINPATH/magiskhide --daemon