From 3dc22db265ca5dcf8ba491d0c69ac6e4496a29a6 Mon Sep 17 00:00:00 2001 From: Shaka Huang Date: Sun, 31 Dec 2017 07:30:56 -0600 Subject: [PATCH] Support loading split sepolicy on non skip_initramfs devices MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit For certain device (e.g ZenFone 4 ZE554KL) there’s no sepolicy under rootfs and no a/b partition (implies no vendor partition) Magisk will failed to patch SELinux policy database and the system won’t boot up. In order to cope with this configuration the status of loading policy db needs to be checked, once it failed we have to mount the system partition and do patch_sepolicy() again. Signed-off-by: Shaka Huang --- core/jni/core/magiskinit.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/core/jni/core/magiskinit.c b/core/jni/core/magiskinit.c index 59c30f25c..df5bd05d0 100644 --- a/core/jni/core/magiskinit.c +++ b/core/jni/core/magiskinit.c @@ -305,16 +305,20 @@ static int verify_precompiled() { return strcmp(sys_sha, ven_sha) == 0; } -static void patch_sepolicy() { +static int patch_sepolicy() { if (access("/sepolicy", R_OK) == 0) load_policydb("/sepolicy"); else if (access(SPLIT_PRECOMPILE, R_OK) == 0 && verify_precompiled()) load_policydb(SPLIT_PRECOMPILE); else if (access(SPLIT_PLAT_CIL, R_OK) == 0) compile_cil(); + else + return 1; sepol_magisk_rules(); dump_policydb("/sepolicy"); + + return 0; } #define BUFSIZE (1 << 20) @@ -508,7 +512,21 @@ int main(int argc, char *argv[]) { mv_dir(overlay, root); patch_ramdisk(root); - patch_sepolicy(); + if (patch_sepolicy()) { + /* Non skip_initramfs devices using separate sepolicy + * Mount /system and try to load again */ + mount("sysfs", "/sys", "sysfs", 0, NULL); + struct device dev; + setup_block(&dev, "system"); + mount(dev.path, "/system", "ext4", MS_RDONLY, NULL); + // We need to mount independent vendor partition + if (setup_block(&dev, "vendor") == 0) + mount(dev.path, "/vendor", "ext4", MS_RDONLY, NULL); + + patch_sepolicy(); + + umount("/system"); + } if (fork_dont_care() == 0) { strcpy(argv[0], "magiskinit");