Revert "Drop API 17 (Android 4.2) support"

Turns out that we cannot use AndroidKeystore anyways, so we don't
actually need to drop API 17. Revert this change.
This commit is contained in:
topjohnwu 2019-10-20 07:13:03 -04:00
parent 325d9a0b86
commit 75306f658f
6 changed files with 29 additions and 12 deletions

View File

@ -47,7 +47,7 @@ subprojects {
defaultConfig {
if (minSdkVersion == null)
minSdkVersion 18
minSdkVersion 17
targetSdkVersion 28
}

View File

@ -26,7 +26,7 @@ static int (*applet_main[]) (int, char *[]) =
int main(int argc, char *argv[]) {
umask(0);
selinux_builtin_impl();
dload_selinux();
cmdline_logging();
init_argv0(argc, argv);

View File

@ -153,24 +153,25 @@ void SARCompatInit::setup_rootfs() {
}
bool MagiskInit::patch_sepolicy(const char *file) {
bool require_patch = false;
// Mount selinuxfs to communicate with kernel
xmount("selinuxfs", SELINUX_MNT, "selinuxfs", 0, nullptr);
bool patch_init = false;
if (access(SPLIT_PLAT_CIL, R_OK) == 0) {
LOGD("sepol: split policy\n");
load_split_cil();
require_patch = true;
patch_init = true;
} else if (access("/sepolicy", R_OK) == 0) {
LOGD("sepol: monolithic policy\n");
load_policydb("/sepolicy");
} else {
// Fatal error!!
LOGD("sepol: no selinux\n");
return false;
}
// Mount selinuxfs to communicate with kernel
xmount("selinuxfs", SELINUX_MNT, "selinuxfs", 0, nullptr);
if (patch_init)
load_split_cil();
sepol_magisk_rules();
sepol_allow(SEPOL_PROC_DOMAIN, ALL, ALL, ALL);
dump_policydb(file);
@ -181,7 +182,7 @@ bool MagiskInit::patch_sepolicy(const char *file) {
link("/sepolicy", "/sepolicy_debug");
}
return require_patch;
return patch_init;
}
constexpr const char wrapper[] =

View File

@ -20,7 +20,7 @@
__BEGIN_DECLS
#define freecon free
extern void (*freecon)(char *con);
extern int (*setcon)(const char *con);
extern int (*getfilecon)(const char *path, char **con);
extern int (*lgetfilecon)(const char *path, char **con);
@ -32,6 +32,7 @@ void getfilecon_at(int dirfd, const char *name, char **con);
void setfilecon_at(int dirfd, const char *name, const char *con);
void selinux_builtin_impl();
void dload_selinux();
void restorecon();
void restore_rootcon();

View File

@ -38,6 +38,10 @@ static int stub(int, char **ctx) {
// Builtin implementation
static void __freecon(char *s) {
free(s);
}
static int __setcon(const char *ctx) {
int fd = open("/proc/self/attr/current", O_WRONLY | O_CLOEXEC);
if (fd < 0)
@ -110,6 +114,7 @@ static int __fsetfilecon(int fd, const char *ctx) {
// Function pointers
void (*freecon)(char *) = __freecon;
int (*setcon)(const char *) = stub;
int (*getfilecon)(const char *, char **) = stub;
int (*lgetfilecon)(const char *, char **) = stub;
@ -141,6 +146,16 @@ void selinux_builtin_impl() {
fsetfilecon = __fsetfilecon;
}
void dload_selinux() {
if (access("/system/lib/libselinux.so", F_OK))
return;
/* We only check whether libselinux.so exists but don't dlopen.
* For some reason calling symbols returned from dlsym
* will result to SEGV_ACCERR on some devices.
* Always use builtin implementations for SELinux stuffs. */
selinux_builtin_impl();
}
static void restore_syscon(int dirfd) {
struct dirent *entry;
DIR *dir;

View File

@ -53,7 +53,7 @@ ui_print "- Target image: $BOOTIMAGE"
# Detect version and architecture
api_level_arch_detect
[ $API -lt 18 ] && abort "! Magisk is only for Android 4.3 and above"
[ $API -lt 17 ] && abort "! Magisk is only for Android 4.2 and above"
ui_print "- Device platform: $ARCH"