Integrate sepolicy patching with MagiskSU fixed

2017-04-16 02:42:24 +08:00 · 2017-04-16 02:42:24 +08:00 · dfe4b33f2f
commit dfe4b33f2f
parent 2f7cfa7ab2
12 changed files with 113 additions and 16 deletions
--- a/jni/Android.mk
+++ b/jni/Android.mk
@ -9,6 +9,7 @@ LOCAL_C_INCLUDES := \
 	$(LOCAL_PATH)/utils \
 	$(LOCAL_PATH)/daemon \
 	$(LOCAL_PATH)/resetprop \
+	$(LOCAL_PATH)/magiskpolicy \
 	$(LOCAL_PATH)/selinux/libselinux/include \
 	$(LOCAL_PATH)/selinux/libsepol/include \
 	$(LOCAL_PATH)/sqlite3
@ -21,13 +22,16 @@ LOCAL_SRC_FILES := \
 	daemon/daemon.c \
 	daemon/socket_trans.c \
 	daemon/log_monitor.c \
+	daemon/post_fs.c \
+	daemon/post_fs_data.c \
+	daemon/late_start.c \
 	magiskhide/magiskhide.c \
 	magiskhide/hide_daemon.c \
 	magiskhide/proc_monitor.c \
 	magiskpolicy/magiskpolicy.c \
 	magiskpolicy/rules.c \
 	magiskpolicy/sepolicy.c \
-	magiskpolicy/utils.c \
+	magiskpolicy/api.c \
 	resetprop/resetprop.cpp \
 	resetprop/libc_logging.cpp \
 	resetprop/system_properties.cpp \
@ -58,4 +62,4 @@ include jni/sqlite3/Android.mk
 # include jni/magiskpolicy/Android.mk

 # Build magiskboot
-# include jni/magiskboot/Android.mk
+include jni/magiskboot/Android.mk
--- a/jni/daemon/daemon.c
+++ b/jni/daemon/daemon.c
@ -9,6 +9,7 @@
 #include <fcntl.h>
 #include <string.h>
 #include <errno.h>
+#include <pthread.h>
 #include <sys/un.h>
 #include <sys/types.h>
 #include <sys/socket.h>
@ -18,6 +19,9 @@
 #include "magisk.h"
 #include "utils.h"
 #include "daemon.h"
+#include "magiskpolicy.h"
+
+pthread_t sepol_patch;

 static void request_handler(int client) {
 	client_request req = read_int(client);
@ -48,13 +52,13 @@ static void request_handler(int client) {
 		close(client);
 		break;
 	case POST_FS:
-		// TODO: post-fs
+		post_fs(client);
 		break;
 	case POST_FS_DATA:
-		// TODO: post-fs-data
+		post_fs_data(client);
 		break;
-	case LATE_START_SERVICE:
-		// TODO: late_start service
+	case LATE_START:
+		late_start(client);
 		break;
 	case TEST:
 		s = read_string(client);
@ -82,6 +86,16 @@ static int setup_socket(struct sockaddr_un *sun) {

 static void do_nothing() {}

+static void *large_sepol_patch(void *args) {
+	LOGD("sepol: Starting large patch thread\n");
+	// Patch su to everything
+	sepol_allow("su", ALL, ALL, ALL);
+	dump_policydb("/sys/fs/selinux/load");
+	LOGD("sepol: Large patch done\n");
+	destroy_policydb();
+	return NULL;
+}
+
 void start_daemon() {
 	// Launch the daemon, create new session, set proper context
 	if (getuid() != UID_ROOT || getgid() != UID_ROOT) {
@ -99,6 +113,14 @@ void start_daemon() {
 	xsetsid();
 	xsetcon("u:r:su:s0");

+	// Patch selinux with medium patch, blocking
+	load_policydb("/sys/fs/selinux/policy");
+	sepol_med_rules();
+	dump_policydb("/sys/fs/selinux/load");
+
+	// Continue the larger patch in another thread, will join later
+	pthread_create(&sepol_patch, NULL, large_sepol_patch, NULL);
+
 	struct sockaddr_un sun;
 	int fd = setup_socket(&sun);
 	
@ -114,12 +136,15 @@ void start_daemon() {
 	// Start log monitor
 	monitor_logs();

+	LOGI("Magisk v" xstr(VERSION) " daemon started\n");
+
 	// Unlock all blocks for rw
 	unlock_blocks();

 	// Setup links under /sbin
 	mount(NULL, "/", NULL, MS_REMOUNT, NULL);
 	create_links(NULL, "/sbin");
+	chmod("/sbin", 0755);
 	mount(NULL, "/", NULL, MS_REMOUNT | MS_RDONLY, NULL);

 	// Loop forever to listen to requests
--- a/jni/daemon/daemon.h
+++ b/jni/daemon/daemon.h
@ -4,6 +4,9 @@
 #ifndef _DAEMON_H_
 #define _DAEMON_H_

+#include <pthread.h>
+
+extern pthread_t sepol_patch;

 // Commands require connecting to daemon
 typedef enum {
@ -16,7 +19,7 @@ typedef enum {
 	CHECK_VERSION_CODE,
 	POST_FS,
 	POST_FS_DATA,
-	LATE_START_SERVICE,
+	LATE_START,
 	TEST
 } client_request;

@ -38,6 +41,13 @@ void write_string(int fd, const char* val);

 void monitor_logs();

+/***************
+ * Boot Stages *
+ ***************/
+
+void post_fs(int client);
+void post_fs_data(int client);
+void late_start(int client);

 /**************
 * MagiskHide *
--- a/jni/daemon/late_start.c
+++ b/jni/daemon/late_start.c
@ -0,0 +1,17 @@
+/* late_start.c - late_start service actions
+ */
+
+#include <unistd.h>
+#include <pthread.h>
+
+#include "daemon.h"
+
+void late_start(int client) {
+	// ack
+	write_int(client, 0);
+	// TODO: Do something
+	close(client);
+
+	// Wait till the full patch is done
+	pthread_join(sepol_patch, NULL);
+}
--- a/jni/daemon/log_monitor.c
+++ b/jni/daemon/log_monitor.c
@ -16,7 +16,8 @@
 static void *logger_thread(void *args) {
 	char buffer[PATH_MAX];
 	// rename("/cache/magisk.log", "/cache/last_magisk.log");
-	FILE *logfile = xfopen("/cache/magisk_test.log", "w");
+	// FILE *logfile = xfopen("/cache/magisk_test.log", "w");
+	FILE *logfile = xfopen("/cache/magisk.log", "w");
 	// Disable buffering
 	setbuf(logfile, NULL);
 	// Start logcat
--- a/jni/daemon/post_fs.c
+++ b/jni/daemon/post_fs.c
@ -0,0 +1,15 @@
+/* post_fs.c - post-fs actions
+ */
+
+#include <unistd.h>
+
+#include "utils.h"
+#include "daemon.h"
+
+void post_fs(int client) {
+	// ack
+	write_int(client, 0);
+	// TODO: Do something
+	close(client);
+	unblock_boot_process();
+}
--- a/jni/daemon/post_fs_data.c
+++ b/jni/daemon/post_fs_data.c
@ -0,0 +1,15 @@
+/* post_fs_data.c - post-fs-data actions
+ */
+
+#include <unistd.h>
+
+#include "utils.h"
+#include "daemon.h"
+
+void post_fs_data(int client) {
+	// ack
+	write_int(client, 0);
+	// TODO: Do something
+	close(client);
+	unblock_boot_process();
+}
--- a/jni/magiskpolicy
+++ b/jni/magiskpolicy
@ -1 +1 @@
-Subproject commit 7bb8b9039c96278f904e3e7fa07953cd5e5b5113
+Subproject commit a65c7ee2fcb0ecc546603e97384ef49ad6f245d5
--- a/jni/main.c
+++ b/jni/main.c
@ -54,6 +54,7 @@ int main(int argc, char *argv[]) {
 	err_handler = exit_proc;
 	char * arg = strrchr(argv[0], '/');
 	if (arg) ++arg;
+	else arg = argv[0];
 	if (strcmp(arg, "magisk") == 0) {
 		if (argc < 2) usage();
 		if (strcmp(argv[1], "-v") == 0) {
@ -78,14 +79,17 @@ int main(int argc, char *argv[]) {
 				printf("%s\n", applet[i]);
 			return 0;
 		} else if (strcmp(argv[1], "--post-fs") == 0) {
-			// TODO: post-fs mode
-			return 0;
+			int fd = connect_daemon();
+			write_int(fd, POST_FS);
+			return read_int(fd);
 		} else if (strcmp(argv[1], "--post-fs-data") == 0) {
-			// TODO: post-fs-data mode
-			return 0;
+			int fd = connect_daemon();
+			write_int(fd, POST_FS_DATA);
+			return read_int(fd);
 		} else if (strcmp(argv[1], "--service") == 0) {
-			// TODO: late_start service mode
-			return 0;
+			int fd = connect_daemon();
+			write_int(fd, LATE_START);
+			return read_int(fd);
 		} else if (strcmp(argv[1], "--test") == 0) {
 			// Temporary testing entry
 			int fd = connect_daemon();
--- a/jni/su
+++ b/jni/su
@ -1 +1 @@
-Subproject commit c42c44a55254416fc2ccdb89395f42e8a580a67f
+Subproject commit 85b080113f43bccd6764cefe9144d82dc0492426
--- a/jni/utils/misc.c
+++ b/jni/utils/misc.c
@ -178,3 +178,8 @@ void unlock_blocks() {

 	closedir(dir);
 }
+
+void unblock_boot_process() {
+	int fd = open("/dev/.magisk.unblock", O_RDONLY | O_CREAT);
+	close(fd);
+}
--- a/jni/utils/utils.h
+++ b/jni/utils/utils.h
@ -62,5 +62,6 @@ void ps(void (*func)(int));
 void ps_filter_proc_name(const char *filter, void (*func)(int));
 int create_links(const char *bin, const char *path);
 void unlock_blocks();
+void unblock_boot_process();

 #endif