MarcoBuster/Magisk
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add support for pre-init custom sepolicy patches

Browse Source 
Close #1685
This commit is contained in:
topjohnwu 2019-12-13 06:05:12 -05:00
parent af060b3132
commit 12fda29280
4 changed files with 46 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
native/jni/init/init.h
View File

@ -3,6 +3,8 @@
#include <stdlib.h> #include <stdlib.h>
#include <vector> #include <vector>
#include <magisk.h>
struct cmdline { struct cmdline {
bool skip_initramfs; bool skip_initramfs;
bool force_normal_boot; bool force_normal_boot;
@ -45,7 +47,7 @@ protected:
virtual void cleanup(); virtual void cleanup();
public: public:
BaseInit(char *argv[], cmdline *cmd) : BaseInit(char *argv[], cmdline *cmd) :
cmd(cmd), argv(argv), mount_list{"/sys", "/proc", "/dev"} {} cmd(cmd), argv(argv), mount_list{"/sys", "/proc"} {}
virtual ~BaseInit() = default; virtual ~BaseInit() = default;
virtual void start() = 0; virtual void start() = 0;
}; };
@ -53,6 +55,7 @@ public:
class MagiskInit : public BaseInit { class MagiskInit : public BaseInit {
protected: protected:
raw_data self; raw_data self;
const char *persist_dir;
virtual void early_mount() = 0; virtual void early_mount() = 0;
bool patch_sepolicy(const char *file = "/sepolicy"); bool patch_sepolicy(const char *file = "/sepolicy");
@ -68,7 +71,9 @@ protected:
void backup_files(); void backup_files();
void patch_rootdir(); void patch_rootdir();
public: public:
SARBase(char *argv[], cmdline *cmd) : MagiskInit(argv, cmd) {}; SARBase(char *argv[], cmdline *cmd) : MagiskInit(argv, cmd) {
persist_dir = MIRRDIR "/persist/magisk";
}
void start() override { void start() override {
early_mount(); early_mount();
patch_rootdir(); patch_rootdir();
@ -132,7 +137,9 @@ private:
protected: protected:
void early_mount() override; void early_mount() override;
public: public:
RootFSInit(char *argv[], cmdline *cmd) : MagiskInit(argv, cmd) {}; RootFSInit(char *argv[], cmdline *cmd) : MagiskInit(argv, cmd) {
persist_dir = "/dev/.magisk/mirror/persist/magisk";
}
void start() override { void start() override {
early_mount(); early_mount();

22
native/jni/init/mount.cpp
View File

@ -126,6 +126,13 @@ void RootFSInit::early_mount() {
root = xopen("/", O_RDONLY | O_CLOEXEC); root = xopen("/", O_RDONLY | O_CLOEXEC);
rename("/.backup/init", "/init"); rename("/.backup/init", "/init");
// Mount sbin overlay for persist, but move it and add to cleanup list
mount_sbin();
xmount("/sbin", "/dev", nullptr, MS_MOVE, nullptr);
mount_list.emplace_back("/dev");
mount_list.emplace_back("/dev/.magisk/mirror/persist");
mount_list.emplace_back("/dev/.magisk/mirror/cache");
mount_root(system); mount_root(system);
mount_root(vendor); mount_root(vendor);
mount_root(product); mount_root(product);
@ -169,6 +176,7 @@ void SARInit::early_mount() {
// Make dev writable // Make dev writable
xmkdir("/dev", 0755); xmkdir("/dev", 0755);
xmount("tmpfs", "/dev", "tmpfs", 0, "mode=755"); xmount("tmpfs", "/dev", "tmpfs", 0, "mode=755");
mount_list.emplace_back("/dev");
backup_files(); backup_files();
@ -227,9 +235,11 @@ void SecondStageInit::early_mount() {
void BaseInit::cleanup() { void BaseInit::cleanup() {
// Unmount in reverse order // Unmount in reverse order
for (auto &p : reversed(mount_list)) { for (auto &p : reversed(mount_list)) {
LOGD("Unmount [%s]\n", p.data()); if (xumount(p.data()) == 0)
umount(p.data()); LOGD("Unmount [%s]\n", p.data());
} }
mount_list.clear();
mount_list.shrink_to_fit();
} }
void mount_sbin() { void mount_sbin() {
@ -248,8 +258,12 @@ void mount_sbin() {
// Fallback to cache // Fallback to cache
strcpy(partname, "cache"); strcpy(partname, "cache");
strcpy(block_dev, BLOCKDIR "/cache"); strcpy(block_dev, BLOCKDIR "/cache");
if (setup_block(false) < 0) if (setup_block(false) < 0) {
return; // Try NVIDIA's BS
strcpy(partname, "CAC");
if (setup_block(false) < 0)
return;
}
mnt_point = MIRRDIR "/cache"; mnt_point = MIRRDIR "/cache";
xsymlink("./cache", MIRRDIR "/persist"); xsymlink("./cache", MIRRDIR "/persist");
} }

16
native/jni/init/rootdir.cpp
View File

@ -164,7 +164,23 @@ bool MagiskInit::patch_sepolicy(const char *file) {
sepol_magisk_rules(); sepol_magisk_rules();
sepol_allow(SEPOL_PROC_DOMAIN, ALL, ALL, ALL); sepol_allow(SEPOL_PROC_DOMAIN, ALL, ALL, ALL);
// Custom rules
if (auto dir = xopen_dir(persist_dir); dir) {
char path[4096];
for (dirent *entry; (entry = xreaddir(dir.get()));) {
if (entry->d_name == "."sv || entry->d_name == ".."sv)
continue;
snprintf(path, sizeof(path), "%s/%s/sepolicy.rule", persist_dir, entry->d_name);
if (access(path, R_OK) == 0) {
LOGD("Loading custom sepolicy patch: %s\n", path);
load_rule_file(path);
}
}
}
dump_policydb(file); dump_policydb(file);
destroy_policydb();
// Remove OnePlus stupid debug sepolicy and use our own // Remove OnePlus stupid debug sepolicy and use our own
if (access("/sepolicy_debug", F_OK) == 0) { if (access("/sepolicy_debug", F_OK) == 0) {

3
native/jni/magiskpolicy/policydb.cpp
View File

@ -13,6 +13,7 @@
#include "sepolicy.h" #include "sepolicy.h"
int load_policydb(const char *file) { int load_policydb(const char *file) {
LOGD("Load policy from: %s\n", file);
if (magisk_policydb) if (magisk_policydb)
destroy_policydb(); destroy_policydb();
@ -101,7 +102,7 @@ static void load_cil(struct cil_db *db, const char *file) {
size_t size; size_t size;
mmap_ro(file, addr, size); mmap_ro(file, addr, size);
cil_add_file(db, (char *) file, addr, size); cil_add_file(db, (char *) file, addr, size);
LOGD("cil_add[%s]\n", file); LOGD("cil_add [%s]\n", file);
munmap(addr, size); munmap(addr, size);
} }