Due to the accidental safety>N<et the release build would fail with XLint complaining about a missing default translation. Correcting this to be in line with the actual translation fixes the build error.
Xlint Error in Question:
```res/values-in/strings.xml:106: Error: "safetyNet_api_error" is translated here but not found in default locale [ExtraTranslation]
<string name="safetyNet_api_error">Kesalahan API SafetyNet</string>```
- LOS Recovery can't decrypt or even mount /data, thus the installer can't do everything it needs to do and must abort, so also suggest uninstall via Manager at that point
- fix removal of addon.d script when uninstall is run via Manager on SAR
- fix removal of addon.d with dynamic/logical partitions via mapper
Due to changes in ec3705f2ed, the app can
no longer communicate with the dameon through a socket opened on the
daemon side due to SELinux restrictions. The workaround here is to have
the daemon decide a socket name, send it to the app, have the app create
the socket server, then finally the daemon connects to the app through
the socket.
Introduce new domain `magisk_client` and new file type `magisk_exec`.
Connection to magiskd's always-on socket is restricted to magisk_client
only. Whitelisted process domains can transit to magisk_client through
executing files labelled magisk_exec. The main magisk binary shall be
the only file labelled as magisk_exec throughout the whole system.
All processes thus are no longer allowed to connect to magiskd directly
without going through the proper magisk binary.
Connection failures are silenced from audit logs with dontaudit rules,
so crazy processes which traverse through all unix domain sockets to try
connection can no longer check logcat to know the actual reason behind
EACCES, leaking the denied process policy (which is u:r:magisk:s0).
This also allows us to remove many rules that open up holes in
untrusted_app domains that were used to make remote shell work properly.
Since all processes establishing the remote shell are now restricted to
the magisk_client domain, all these rules are moved to magisk_client.
This makes Magisk require fewer compromises in Android's security model.
Note: as of this commit, requesting new root access via Magisk Manager
will stop working as Magisk Manager can no longer communicate with
magiskd directly. This will be addressed in a future commit that
involves changes in both native and application side.
