diff --git a/scripts/flash_script.sh b/scripts/flash_script.sh index 17ffb0316..420507d7f 100644 --- a/scripts/flash_script.sh +++ b/scripts/flash_script.sh @@ -526,8 +526,8 @@ else rm verity_key 2>/dev/null fi - # sepolicy patches - LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/sepolicy-inject --magisk -P sepolicy + # minimal sepolicy patches + LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/sepolicy-inject --minimal -P sepolicy # Add new items mkdir -p magisk 2>/dev/null diff --git a/scripts/magic_mask.sh b/scripts/magic_mask.sh index 753a8fa58..ec8e3ff8a 100644 --- a/scripts/magic_mask.sh +++ b/scripts/magic_mask.sh @@ -488,29 +488,6 @@ case $1 in MAGISK_VERSION_STUB log_print "** Magisk late_start service mode running..." run_scripts service - - # Magisk Hide - if [ -f $COREDIR/magiskhide/enable ]; then - log_print "* Removing tampered read-only system props" - - VERIFYBOOT=`getprop ro.boot.verifiedbootstate` - FLASHLOCKED=`getprop ro.boot.flash.locked` - VERITYMODE=`getprop ro.boot.veritymode` - - [ ! -z "$VERIFYBOOT" -a "$VERIFYBOOT" != "green" ] && \ - log_print "`$BINPATH/resetprop -v -n ro.boot.verifiedbootstate green`" - [ ! -z "$FLASHLOCKED" -a "$FLASHLOCKED" != "1" ] && \ - log_print "`$BINPATH/resetprop -v -n ro.boot.flash.locked 1`" - [ ! -z "$VERITYMODE" -a "$VERITYMODE" != "enforcing" ] && \ - log_print "`$BINPATH/resetprop -v -n ro.boot.veritymode enforcing`" - - mktouch $COREDIR/magiskhide/hidelist - chmod -R 755 $COREDIR/magiskhide - # Add Safety Net preset - $COREDIR/magiskhide/add com.google.android.gms.unstable - log_print "* Starting Magisk Hide" - /data/magisk/magiskhide --daemon - fi ;; esac diff --git a/zip_static/common/magiskhide/add b/zip_static/common/magiskhide/add index 31feddbda..1a362e317 100644 --- a/zip_static/common/magiskhide/add +++ b/zip_static/common/magiskhide/add @@ -1,11 +1,13 @@ #!/system/bin/sh HIDELIST=/magisk/.core/magiskhide/hidelist +PROCESS=$1 -if [ ! -z "$1" ]; then - if [ $(grep -c "^$1$" $HIDELIST) -eq "0" ]; then - echo "$1" >> $HIDELIST - set `/data/busybox/ps -o pid,args | grep "$1" | grep -v "grep"` - kill "$1" +if [ ! -z "$PROCESS" ]; then + if [ `grep -c "^$PROCESS$" $HIDELIST` -eq "0" ]; then + echo "$PROCESS" >> $HIDELIST + set -- + set `/data/busybox/ps -o pid,args | grep "$PROCESS" | grep -v grep` >/dev/null + [ ! -z "$1" ] && kill "$1" fi fi diff --git a/zip_static/common/magiskhide/disable b/zip_static/common/magiskhide/disable new file mode 100644 index 000000000..a6a068b24 --- /dev/null +++ b/zip_static/common/magiskhide/disable @@ -0,0 +1,22 @@ +#!/system/bin/sh + +MODDIR=/magisk/.core/magiskhide +LOGFILE=/cache/magisk.log + +log_print() { + echo "MagiskHide: $1" + echo "MagiskHide: $1" >> $LOGFILE + log -p i -t Magisk "MagiskHide: $1" +} + +log_print "Stopping MagiskHide daemon" +set -- +set `/data/busybox/ps -o pid,args | grep "magiskhide" | grep -v grep | head -1` >/dev/null +[ ! -z "$1" ] && kill "$1" + +while read PROCESS; do + log_print "Killing $PROCESS" + set -- + set `/data/busybox/ps -o pid,args | grep "$PROCESS" | grep -v grep` >/dev/null + [ ! -z "$1" ] && kill "$1" +done < $MODDIR/hidelist diff --git a/zip_static/common/magiskhide/enable b/zip_static/common/magiskhide/enable new file mode 100644 index 000000000..50ab2a3be --- /dev/null +++ b/zip_static/common/magiskhide/enable @@ -0,0 +1,39 @@ +#!/system/bin/sh + +MODDIR=/magisk/.core/magiskhide +BINPATH=/data/magisk +LOGFILE=/cache/magisk.log + +log_print() { + echo "MagiskHide: $1" + echo "MagiskHide: $1" >> $LOGFILE + log -p i -t Magisk "MagiskHide: $1" +} + +log_print "Removing tampered read-only system props" + +VERIFYBOOT=`getprop ro.boot.verifiedbootstate` +FLASHLOCKED=`getprop ro.boot.flash.locked` +VERITYMODE=`getprop ro.boot.veritymode` + +[ ! -z "$VERIFYBOOT" -a "$VERIFYBOOT" != "green" ] && \ +log_print "`$BINPATH/resetprop -v -n ro.boot.verifiedbootstate green`" +[ ! -z "$FLASHLOCKED" -a "$FLASHLOCKED" != "1" ] && \ +log_print "`$BINPATH/resetprop -v -n ro.boot.flash.locked 1`" +[ ! -z "$VERITYMODE" -a "$VERITYMODE" != "enforcing" ] && \ +log_print "`$BINPATH/resetprop -v -n ro.boot.veritymode enforcing`" + +touch $MODDIR/hidelist +chmod -R 755 $MODDIR +# Add Safety Net preset +$MODDIR/add com.google.android.gms.unstable + +while read PROCESS; do + log_print "Killing $PROCESS" + set -- + set `/data/busybox/ps -o pid,args | grep "$PROCESS" | grep -v grep` >/dev/null + [ ! -z "$1" ] && kill "$1" +done < $MODDIR/hidelist + +log_print "Starting MagiskHide daemon" +$MODDIR/magiskhide --daemon diff --git a/zip_static/common/magiskhide/rm b/zip_static/common/magiskhide/rm index 4ed4eb633..587adc588 100644 --- a/zip_static/common/magiskhide/rm +++ b/zip_static/common/magiskhide/rm @@ -1,11 +1,13 @@ #!/system/bin/sh HIDELIST=/magisk/.core/magiskhide/hidelist +PROCESS=$1 -if [ ! -z "$1" ]; then +if [ ! -z "$PROCESS" ]; then cp -af $HIDELIST $HIDELIST.tmp - cat $HIDELIST.tmp | grep -v "^$1$" > $HIDELIST + cat $HIDELIST.tmp | grep -v "^$PROCESS$" > $HIDELIST rm -f $HIDELIST.tmp - set `/data/busybox/ps -o pid,args | grep "$1" | grep -v "grep"` - kill "$1" + set -- + set `/data/busybox/ps -o pid,args | grep "$PROCESS" | grep -v grep` >/dev/null + [ ! -z "$1" ] && kill "$1" fi