MarcoBuster/Magisk
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Handle selinux for Samsung in binary

Browse Source
This commit is contained in:
topjohnwu 2017-03-29 02:23:10 +08:00
parent a6427d081e
commit 3f016f785f
3 changed files with 24 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
jni/magiskhide/magiskhide.h
View File

@ -22,6 +22,7 @@
#define HIDELIST "/magisk/.core/magiskhide/hidelist" #define HIDELIST "/magisk/.core/magiskhide/hidelist"
#define DUMMYPATH "/dev/magisk/dummy" #define DUMMYPATH "/dev/magisk/dummy"
#define ENFORCE_FILE "/sys/fs/selinux/enforce" #define ENFORCE_FILE "/sys/fs/selinux/enforce"
#define POLICY_FILE "/sys/fs/selinux/policy"
#define SEPOLICY_INJECT "/data/magisk/magiskpolicy" #define SEPOLICY_INJECT "/data/magisk/magiskpolicy"
// Main thread // Main thread

34
jni/magiskhide/util.c
View File

@ -60,25 +60,37 @@ void run_as_daemon() {
void manage_selinux() { void manage_selinux() {
char *argv[] = { SEPOLICY_INJECT, "--live", "permissive *", NULL }; char *argv[] = { SEPOLICY_INJECT, "--live", "permissive *", NULL };
char str[20]; char val[1];
int fd, ret; int fd, ret;
fd = open(ENFORCE_FILE, O_RDONLY); fd = open(ENFORCE_FILE, O_RDWR);
if (fd < 0) if (fd < 0)
return; return;
ret = read(fd, str, 20); if (read(fd, val, 1) < 1)
close(fd);
if (ret < 1)
return; return;
lseek(fd, 0, SEEK_SET);
// Permissive // Permissive
if (str[0] == '0') { if (val[0] == '0') {
fprintf(logfile, "MagiskHide: Permissive detected, switching to pseudo enforced\n");
fd = open(ENFORCE_FILE, O_RDWR); fprintf(logfile, "MagiskHide: Permissive detected\n");
if (fd < 0)
if (write(fd, "1", 1) < 1)
return; return;
ret = write(fd, "1", 1); lseek(fd, 0, SEEK_SET);
if (read(fd, val, 1) < 1)
return;
lseek(fd, 0, SEEK_SET);
close(fd); close(fd);
if (ret < 1)
if (val[0] == '0') {
fprintf(logfile, "MagiskHide: Unable to set to enforce, hide the state\n");
chmod(ENFORCE_FILE, 0640);
chmod(POLICY_FILE, 0440);
return; return;
}
fprintf(logfile, "MagiskHide: Calling magiskpolicy for pseudo enforce mode\n");
switch(fork()) { switch(fork()) {
case -1: case -1:
return; return;

7
zip_static/common/magiskhide/enable
View File

@ -27,10 +27,6 @@ if [ ! -d /sbin_orig ]; then
mount -o bind /dev/sbin_bind /sbin mount -o bind /dev/sbin_bind /sbin
fi fi
# Sammy device like these permissions
chmod 640 /sys/fs/selinux/enforce
chmod 440 /sys/fs/selinux/policy
log_print "Removing dangerous read-only system props" log_print "Removing dangerous read-only system props"
VERIFYBOOT=`getprop ro.boot.verifiedbootstate` VERIFYBOOT=`getprop ro.boot.verifiedbootstate`
@ -40,7 +36,6 @@ DEBUGGABLE=`getprop ro.debuggable`
SECURE=`getprop ro.secure` SECURE=`getprop ro.secure`
BUILDTYPE=`getprop ro.build.type` BUILDTYPE=`getprop ro.build.type`
BUILDTAGS=`getprop ro.build.tags` BUILDTAGS=`getprop ro.build.tags`
BUILDSELINUX=`getprop ro.build.selinux`
[ ! -z "$VERIFYBOOT" -a "$VERIFYBOOT" != "green" ] && \ [ ! -z "$VERIFYBOOT" -a "$VERIFYBOOT" != "green" ] && \
log_print "`$BINPATH/resetprop -v -n ro.boot.verifiedbootstate green`" log_print "`$BINPATH/resetprop -v -n ro.boot.verifiedbootstate green`"
@ -56,8 +51,6 @@ log_print "`$BINPATH/resetprop -v -n ro.secure 1`"
log_print "`$BINPATH/resetprop -v -n ro.build.type user`" log_print "`$BINPATH/resetprop -v -n ro.build.type user`"
[ ! -z "$BUILDTAGS" -a "$BUILDTAGS" != "release-keys" ] && \ [ ! -z "$BUILDTAGS" -a "$BUILDTAGS" != "release-keys" ] && \
log_print "`$BINPATH/resetprop -v -n ro.build.tags release-keys`" log_print "`$BINPATH/resetprop -v -n ro.build.tags release-keys`"
[ ! -z "$BUILDSELINUX" -a "$BUILDSELINUX" != "1" ] && \
log_print "`$BINPATH/resetprop -v -n ro.build.selinux 1`"
touch $MODDIR/hidelist touch $MODDIR/hidelist
chmod -R 755 $MODDIR chmod -R 755 $MODDIR