Integrate sepolicy patching with MagiskSU fixed
This commit is contained in:
parent
2f7cfa7ab2
commit
dfe4b33f2f
@ -9,6 +9,7 @@ LOCAL_C_INCLUDES := \
|
|||||||
$(LOCAL_PATH)/utils \
|
$(LOCAL_PATH)/utils \
|
||||||
$(LOCAL_PATH)/daemon \
|
$(LOCAL_PATH)/daemon \
|
||||||
$(LOCAL_PATH)/resetprop \
|
$(LOCAL_PATH)/resetprop \
|
||||||
|
$(LOCAL_PATH)/magiskpolicy \
|
||||||
$(LOCAL_PATH)/selinux/libselinux/include \
|
$(LOCAL_PATH)/selinux/libselinux/include \
|
||||||
$(LOCAL_PATH)/selinux/libsepol/include \
|
$(LOCAL_PATH)/selinux/libsepol/include \
|
||||||
$(LOCAL_PATH)/sqlite3
|
$(LOCAL_PATH)/sqlite3
|
||||||
@ -21,13 +22,16 @@ LOCAL_SRC_FILES := \
|
|||||||
daemon/daemon.c \
|
daemon/daemon.c \
|
||||||
daemon/socket_trans.c \
|
daemon/socket_trans.c \
|
||||||
daemon/log_monitor.c \
|
daemon/log_monitor.c \
|
||||||
|
daemon/post_fs.c \
|
||||||
|
daemon/post_fs_data.c \
|
||||||
|
daemon/late_start.c \
|
||||||
magiskhide/magiskhide.c \
|
magiskhide/magiskhide.c \
|
||||||
magiskhide/hide_daemon.c \
|
magiskhide/hide_daemon.c \
|
||||||
magiskhide/proc_monitor.c \
|
magiskhide/proc_monitor.c \
|
||||||
magiskpolicy/magiskpolicy.c \
|
magiskpolicy/magiskpolicy.c \
|
||||||
magiskpolicy/rules.c \
|
magiskpolicy/rules.c \
|
||||||
magiskpolicy/sepolicy.c \
|
magiskpolicy/sepolicy.c \
|
||||||
magiskpolicy/utils.c \
|
magiskpolicy/api.c \
|
||||||
resetprop/resetprop.cpp \
|
resetprop/resetprop.cpp \
|
||||||
resetprop/libc_logging.cpp \
|
resetprop/libc_logging.cpp \
|
||||||
resetprop/system_properties.cpp \
|
resetprop/system_properties.cpp \
|
||||||
@ -58,4 +62,4 @@ include jni/sqlite3/Android.mk
|
|||||||
# include jni/magiskpolicy/Android.mk
|
# include jni/magiskpolicy/Android.mk
|
||||||
|
|
||||||
# Build magiskboot
|
# Build magiskboot
|
||||||
# include jni/magiskboot/Android.mk
|
include jni/magiskboot/Android.mk
|
||||||
|
@ -9,6 +9,7 @@
|
|||||||
#include <fcntl.h>
|
#include <fcntl.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <errno.h>
|
#include <errno.h>
|
||||||
|
#include <pthread.h>
|
||||||
#include <sys/un.h>
|
#include <sys/un.h>
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
#include <sys/socket.h>
|
#include <sys/socket.h>
|
||||||
@ -18,6 +19,9 @@
|
|||||||
#include "magisk.h"
|
#include "magisk.h"
|
||||||
#include "utils.h"
|
#include "utils.h"
|
||||||
#include "daemon.h"
|
#include "daemon.h"
|
||||||
|
#include "magiskpolicy.h"
|
||||||
|
|
||||||
|
pthread_t sepol_patch;
|
||||||
|
|
||||||
static void request_handler(int client) {
|
static void request_handler(int client) {
|
||||||
client_request req = read_int(client);
|
client_request req = read_int(client);
|
||||||
@ -48,13 +52,13 @@ static void request_handler(int client) {
|
|||||||
close(client);
|
close(client);
|
||||||
break;
|
break;
|
||||||
case POST_FS:
|
case POST_FS:
|
||||||
// TODO: post-fs
|
post_fs(client);
|
||||||
break;
|
break;
|
||||||
case POST_FS_DATA:
|
case POST_FS_DATA:
|
||||||
// TODO: post-fs-data
|
post_fs_data(client);
|
||||||
break;
|
break;
|
||||||
case LATE_START_SERVICE:
|
case LATE_START:
|
||||||
// TODO: late_start service
|
late_start(client);
|
||||||
break;
|
break;
|
||||||
case TEST:
|
case TEST:
|
||||||
s = read_string(client);
|
s = read_string(client);
|
||||||
@ -82,6 +86,16 @@ static int setup_socket(struct sockaddr_un *sun) {
|
|||||||
|
|
||||||
static void do_nothing() {}
|
static void do_nothing() {}
|
||||||
|
|
||||||
|
static void *large_sepol_patch(void *args) {
|
||||||
|
LOGD("sepol: Starting large patch thread\n");
|
||||||
|
// Patch su to everything
|
||||||
|
sepol_allow("su", ALL, ALL, ALL);
|
||||||
|
dump_policydb("/sys/fs/selinux/load");
|
||||||
|
LOGD("sepol: Large patch done\n");
|
||||||
|
destroy_policydb();
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
void start_daemon() {
|
void start_daemon() {
|
||||||
// Launch the daemon, create new session, set proper context
|
// Launch the daemon, create new session, set proper context
|
||||||
if (getuid() != UID_ROOT || getgid() != UID_ROOT) {
|
if (getuid() != UID_ROOT || getgid() != UID_ROOT) {
|
||||||
@ -99,6 +113,14 @@ void start_daemon() {
|
|||||||
xsetsid();
|
xsetsid();
|
||||||
xsetcon("u:r:su:s0");
|
xsetcon("u:r:su:s0");
|
||||||
|
|
||||||
|
// Patch selinux with medium patch, blocking
|
||||||
|
load_policydb("/sys/fs/selinux/policy");
|
||||||
|
sepol_med_rules();
|
||||||
|
dump_policydb("/sys/fs/selinux/load");
|
||||||
|
|
||||||
|
// Continue the larger patch in another thread, will join later
|
||||||
|
pthread_create(&sepol_patch, NULL, large_sepol_patch, NULL);
|
||||||
|
|
||||||
struct sockaddr_un sun;
|
struct sockaddr_un sun;
|
||||||
int fd = setup_socket(&sun);
|
int fd = setup_socket(&sun);
|
||||||
|
|
||||||
@ -114,12 +136,15 @@ void start_daemon() {
|
|||||||
// Start log monitor
|
// Start log monitor
|
||||||
monitor_logs();
|
monitor_logs();
|
||||||
|
|
||||||
|
LOGI("Magisk v" xstr(VERSION) " daemon started\n");
|
||||||
|
|
||||||
// Unlock all blocks for rw
|
// Unlock all blocks for rw
|
||||||
unlock_blocks();
|
unlock_blocks();
|
||||||
|
|
||||||
// Setup links under /sbin
|
// Setup links under /sbin
|
||||||
mount(NULL, "/", NULL, MS_REMOUNT, NULL);
|
mount(NULL, "/", NULL, MS_REMOUNT, NULL);
|
||||||
create_links(NULL, "/sbin");
|
create_links(NULL, "/sbin");
|
||||||
|
chmod("/sbin", 0755);
|
||||||
mount(NULL, "/", NULL, MS_REMOUNT | MS_RDONLY, NULL);
|
mount(NULL, "/", NULL, MS_REMOUNT | MS_RDONLY, NULL);
|
||||||
|
|
||||||
// Loop forever to listen to requests
|
// Loop forever to listen to requests
|
||||||
|
@ -4,6 +4,9 @@
|
|||||||
#ifndef _DAEMON_H_
|
#ifndef _DAEMON_H_
|
||||||
#define _DAEMON_H_
|
#define _DAEMON_H_
|
||||||
|
|
||||||
|
#include <pthread.h>
|
||||||
|
|
||||||
|
extern pthread_t sepol_patch;
|
||||||
|
|
||||||
// Commands require connecting to daemon
|
// Commands require connecting to daemon
|
||||||
typedef enum {
|
typedef enum {
|
||||||
@ -16,7 +19,7 @@ typedef enum {
|
|||||||
CHECK_VERSION_CODE,
|
CHECK_VERSION_CODE,
|
||||||
POST_FS,
|
POST_FS,
|
||||||
POST_FS_DATA,
|
POST_FS_DATA,
|
||||||
LATE_START_SERVICE,
|
LATE_START,
|
||||||
TEST
|
TEST
|
||||||
} client_request;
|
} client_request;
|
||||||
|
|
||||||
@ -38,6 +41,13 @@ void write_string(int fd, const char* val);
|
|||||||
|
|
||||||
void monitor_logs();
|
void monitor_logs();
|
||||||
|
|
||||||
|
/***************
|
||||||
|
* Boot Stages *
|
||||||
|
***************/
|
||||||
|
|
||||||
|
void post_fs(int client);
|
||||||
|
void post_fs_data(int client);
|
||||||
|
void late_start(int client);
|
||||||
|
|
||||||
/**************
|
/**************
|
||||||
* MagiskHide *
|
* MagiskHide *
|
||||||
|
17
jni/daemon/late_start.c
Normal file
17
jni/daemon/late_start.c
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
/* late_start.c - late_start service actions
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <unistd.h>
|
||||||
|
#include <pthread.h>
|
||||||
|
|
||||||
|
#include "daemon.h"
|
||||||
|
|
||||||
|
void late_start(int client) {
|
||||||
|
// ack
|
||||||
|
write_int(client, 0);
|
||||||
|
// TODO: Do something
|
||||||
|
close(client);
|
||||||
|
|
||||||
|
// Wait till the full patch is done
|
||||||
|
pthread_join(sepol_patch, NULL);
|
||||||
|
}
|
@ -16,7 +16,8 @@
|
|||||||
static void *logger_thread(void *args) {
|
static void *logger_thread(void *args) {
|
||||||
char buffer[PATH_MAX];
|
char buffer[PATH_MAX];
|
||||||
// rename("/cache/magisk.log", "/cache/last_magisk.log");
|
// rename("/cache/magisk.log", "/cache/last_magisk.log");
|
||||||
FILE *logfile = xfopen("/cache/magisk_test.log", "w");
|
// FILE *logfile = xfopen("/cache/magisk_test.log", "w");
|
||||||
|
FILE *logfile = xfopen("/cache/magisk.log", "w");
|
||||||
// Disable buffering
|
// Disable buffering
|
||||||
setbuf(logfile, NULL);
|
setbuf(logfile, NULL);
|
||||||
// Start logcat
|
// Start logcat
|
||||||
|
15
jni/daemon/post_fs.c
Normal file
15
jni/daemon/post_fs.c
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
/* post_fs.c - post-fs actions
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <unistd.h>
|
||||||
|
|
||||||
|
#include "utils.h"
|
||||||
|
#include "daemon.h"
|
||||||
|
|
||||||
|
void post_fs(int client) {
|
||||||
|
// ack
|
||||||
|
write_int(client, 0);
|
||||||
|
// TODO: Do something
|
||||||
|
close(client);
|
||||||
|
unblock_boot_process();
|
||||||
|
}
|
15
jni/daemon/post_fs_data.c
Normal file
15
jni/daemon/post_fs_data.c
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
/* post_fs_data.c - post-fs-data actions
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <unistd.h>
|
||||||
|
|
||||||
|
#include "utils.h"
|
||||||
|
#include "daemon.h"
|
||||||
|
|
||||||
|
void post_fs_data(int client) {
|
||||||
|
// ack
|
||||||
|
write_int(client, 0);
|
||||||
|
// TODO: Do something
|
||||||
|
close(client);
|
||||||
|
unblock_boot_process();
|
||||||
|
}
|
@ -1 +1 @@
|
|||||||
Subproject commit 7bb8b9039c96278f904e3e7fa07953cd5e5b5113
|
Subproject commit a65c7ee2fcb0ecc546603e97384ef49ad6f245d5
|
16
jni/main.c
16
jni/main.c
@ -54,6 +54,7 @@ int main(int argc, char *argv[]) {
|
|||||||
err_handler = exit_proc;
|
err_handler = exit_proc;
|
||||||
char * arg = strrchr(argv[0], '/');
|
char * arg = strrchr(argv[0], '/');
|
||||||
if (arg) ++arg;
|
if (arg) ++arg;
|
||||||
|
else arg = argv[0];
|
||||||
if (strcmp(arg, "magisk") == 0) {
|
if (strcmp(arg, "magisk") == 0) {
|
||||||
if (argc < 2) usage();
|
if (argc < 2) usage();
|
||||||
if (strcmp(argv[1], "-v") == 0) {
|
if (strcmp(argv[1], "-v") == 0) {
|
||||||
@ -78,14 +79,17 @@ int main(int argc, char *argv[]) {
|
|||||||
printf("%s\n", applet[i]);
|
printf("%s\n", applet[i]);
|
||||||
return 0;
|
return 0;
|
||||||
} else if (strcmp(argv[1], "--post-fs") == 0) {
|
} else if (strcmp(argv[1], "--post-fs") == 0) {
|
||||||
// TODO: post-fs mode
|
int fd = connect_daemon();
|
||||||
return 0;
|
write_int(fd, POST_FS);
|
||||||
|
return read_int(fd);
|
||||||
} else if (strcmp(argv[1], "--post-fs-data") == 0) {
|
} else if (strcmp(argv[1], "--post-fs-data") == 0) {
|
||||||
// TODO: post-fs-data mode
|
int fd = connect_daemon();
|
||||||
return 0;
|
write_int(fd, POST_FS_DATA);
|
||||||
|
return read_int(fd);
|
||||||
} else if (strcmp(argv[1], "--service") == 0) {
|
} else if (strcmp(argv[1], "--service") == 0) {
|
||||||
// TODO: late_start service mode
|
int fd = connect_daemon();
|
||||||
return 0;
|
write_int(fd, LATE_START);
|
||||||
|
return read_int(fd);
|
||||||
} else if (strcmp(argv[1], "--test") == 0) {
|
} else if (strcmp(argv[1], "--test") == 0) {
|
||||||
// Temporary testing entry
|
// Temporary testing entry
|
||||||
int fd = connect_daemon();
|
int fd = connect_daemon();
|
||||||
|
2
jni/su
2
jni/su
@ -1 +1 @@
|
|||||||
Subproject commit c42c44a55254416fc2ccdb89395f42e8a580a67f
|
Subproject commit 85b080113f43bccd6764cefe9144d82dc0492426
|
@ -178,3 +178,8 @@ void unlock_blocks() {
|
|||||||
|
|
||||||
closedir(dir);
|
closedir(dir);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void unblock_boot_process() {
|
||||||
|
int fd = open("/dev/.magisk.unblock", O_RDONLY | O_CREAT);
|
||||||
|
close(fd);
|
||||||
|
}
|
||||||
|
@ -62,5 +62,6 @@ void ps(void (*func)(int));
|
|||||||
void ps_filter_proc_name(const char *filter, void (*func)(int));
|
void ps_filter_proc_name(const char *filter, void (*func)(int));
|
||||||
int create_links(const char *bin, const char *path);
|
int create_links(const char *bin, const char *path);
|
||||||
void unlock_blocks();
|
void unlock_blocks();
|
||||||
|
void unblock_boot_process();
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
Loading…
Reference in New Issue
Block a user