andreacavalli/Magisk
1
0
Fork 0
forked from MarcoBuster/Magisk
Code Issues Pull Requests Projects Releases Wiki Activity

Integrate sepolicy patching with MagiskSU fixed

Browse Source
This commit is contained in:
topjohnwu 2017-04-16 02:42:24 +08:00
parent 2f7cfa7ab2
commit dfe4b33f2f
12 changed files with 113 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
jni/Android.mk
View File

@ -9,6 +9,7 @@ LOCAL_C_INCLUDES := \
$(LOCAL_PATH)/utils \ $(LOCAL_PATH)/utils \
$(LOCAL_PATH)/daemon \ $(LOCAL_PATH)/daemon \
$(LOCAL_PATH)/resetprop \ $(LOCAL_PATH)/resetprop \
$(LOCAL_PATH)/magiskpolicy \
$(LOCAL_PATH)/selinux/libselinux/include \ $(LOCAL_PATH)/selinux/libselinux/include \
$(LOCAL_PATH)/selinux/libsepol/include \ $(LOCAL_PATH)/selinux/libsepol/include \
$(LOCAL_PATH)/sqlite3 $(LOCAL_PATH)/sqlite3
@ -21,13 +22,16 @@ LOCAL_SRC_FILES := \
daemon/daemon.c \ daemon/daemon.c \
daemon/socket_trans.c \ daemon/socket_trans.c \
daemon/log_monitor.c \ daemon/log_monitor.c \
daemon/post_fs.c \
daemon/post_fs_data.c \
daemon/late_start.c \
magiskhide/magiskhide.c \ magiskhide/magiskhide.c \
magiskhide/hide_daemon.c \ magiskhide/hide_daemon.c \
magiskhide/proc_monitor.c \ magiskhide/proc_monitor.c \
magiskpolicy/magiskpolicy.c \ magiskpolicy/magiskpolicy.c \
magiskpolicy/rules.c \ magiskpolicy/rules.c \
magiskpolicy/sepolicy.c \ magiskpolicy/sepolicy.c \
magiskpolicy/utils.c \ magiskpolicy/api.c \
resetprop/resetprop.cpp \ resetprop/resetprop.cpp \
resetprop/libc_logging.cpp \ resetprop/libc_logging.cpp \
resetprop/system_properties.cpp \ resetprop/system_properties.cpp \
@ -58,4 +62,4 @@ include jni/sqlite3/Android.mk
# include jni/magiskpolicy/Android.mk # include jni/magiskpolicy/Android.mk
# Build magiskboot # Build magiskboot
# include jni/magiskboot/Android.mk include jni/magiskboot/Android.mk

33
jni/daemon/daemon.c
View File

@ -9,6 +9,7 @@
#include <fcntl.h> #include <fcntl.h>
#include <string.h> #include <string.h>
#include <errno.h> #include <errno.h>
#include <pthread.h>
#include <sys/un.h> #include <sys/un.h>
#include <sys/types.h> #include <sys/types.h>
#include <sys/socket.h> #include <sys/socket.h>
@ -18,6 +19,9 @@
#include "magisk.h" #include "magisk.h"
#include "utils.h" #include "utils.h"
#include "daemon.h" #include "daemon.h"
#include "magiskpolicy.h"
pthread_t sepol_patch;
static void request_handler(int client) { static void request_handler(int client) {
client_request req = read_int(client); client_request req = read_int(client);
@ -48,13 +52,13 @@ static void request_handler(int client) {
close(client); close(client);
break; break;
case POST_FS: case POST_FS:
// TODO: post-fs post_fs(client);
break; break;
case POST_FS_DATA: case POST_FS_DATA:
// TODO: post-fs-data post_fs_data(client);
break; break;
case LATE_START_SERVICE: case LATE_START:
// TODO: late_start service late_start(client);
break; break;
case TEST: case TEST:
s = read_string(client); s = read_string(client);
@ -82,6 +86,16 @@ static int setup_socket(struct sockaddr_un *sun) {
static void do_nothing() {} static void do_nothing() {}
static void *large_sepol_patch(void *args) {
LOGD("sepol: Starting large patch thread\n");
// Patch su to everything
sepol_allow("su", ALL, ALL, ALL);
dump_policydb("/sys/fs/selinux/load");
LOGD("sepol: Large patch done\n");
destroy_policydb();
return NULL;
}
void start_daemon() { void start_daemon() {
// Launch the daemon, create new session, set proper context // Launch the daemon, create new session, set proper context
if (getuid() != UID_ROOT || getgid() != UID_ROOT) { if (getuid() != UID_ROOT || getgid() != UID_ROOT) {
@ -99,6 +113,14 @@ void start_daemon() {
xsetsid(); xsetsid();
xsetcon("u:r:su:s0"); xsetcon("u:r:su:s0");
// Patch selinux with medium patch, blocking
load_policydb("/sys/fs/selinux/policy");
sepol_med_rules();
dump_policydb("/sys/fs/selinux/load");
// Continue the larger patch in another thread, will join later
pthread_create(&sepol_patch, NULL, large_sepol_patch, NULL);
struct sockaddr_un sun; struct sockaddr_un sun;
int fd = setup_socket(&sun); int fd = setup_socket(&sun);
@ -114,12 +136,15 @@ void start_daemon() {
// Start log monitor // Start log monitor
monitor_logs(); monitor_logs();
LOGI("Magisk v" xstr(VERSION) " daemon started\n");
// Unlock all blocks for rw // Unlock all blocks for rw
unlock_blocks(); unlock_blocks();
// Setup links under /sbin // Setup links under /sbin
mount(NULL, "/", NULL, MS_REMOUNT, NULL); mount(NULL, "/", NULL, MS_REMOUNT, NULL);
create_links(NULL, "/sbin"); create_links(NULL, "/sbin");
chmod("/sbin", 0755);
mount(NULL, "/", NULL, MS_REMOUNT | MS_RDONLY, NULL); mount(NULL, "/", NULL, MS_REMOUNT | MS_RDONLY, NULL);
// Loop forever to listen to requests // Loop forever to listen to requests

12
jni/daemon/daemon.h
View File

@ -4,6 +4,9 @@
#ifndef _DAEMON_H_ #ifndef _DAEMON_H_
#define _DAEMON_H_ #define _DAEMON_H_
#include <pthread.h>
extern pthread_t sepol_patch;
// Commands require connecting to daemon // Commands require connecting to daemon
typedef enum { typedef enum {
@ -16,7 +19,7 @@ typedef enum {
CHECK_VERSION_CODE, CHECK_VERSION_CODE,
POST_FS, POST_FS,
POST_FS_DATA, POST_FS_DATA,
LATE_START_SERVICE, LATE_START,
TEST TEST
} client_request; } client_request;
@ -38,6 +41,13 @@ void write_string(int fd, const char* val);
void monitor_logs(); void monitor_logs();
/***************
* Boot Stages *
***************/
void post_fs(int client);
void post_fs_data(int client);
void late_start(int client);
/************** /**************
* MagiskHide * * MagiskHide *

17
jni/daemon/late_start.c Normal file
View File

@ -0,0 +1,17 @@
/* late_start.c - late_start service actions
*/
#include <unistd.h>
#include <pthread.h>
#include "daemon.h"
void late_start(int client) {
// ack
write_int(client, 0);
// TODO: Do something
close(client);
// Wait till the full patch is done
pthread_join(sepol_patch, NULL);
}

3
jni/daemon/log_monitor.c
View File

@ -16,7 +16,8 @@
static void *logger_thread(void *args) { static void *logger_thread(void *args) {
char buffer[PATH_MAX]; char buffer[PATH_MAX];
// rename("/cache/magisk.log", "/cache/last_magisk.log"); // rename("/cache/magisk.log", "/cache/last_magisk.log");
FILE *logfile = xfopen("/cache/magisk_test.log", "w"); // FILE *logfile = xfopen("/cache/magisk_test.log", "w");
FILE *logfile = xfopen("/cache/magisk.log", "w");
// Disable buffering // Disable buffering
setbuf(logfile, NULL); setbuf(logfile, NULL);
// Start logcat // Start logcat

15
jni/daemon/post_fs.c Normal file
View File

@ -0,0 +1,15 @@
/* post_fs.c - post-fs actions
*/
#include <unistd.h>
#include "utils.h"
#include "daemon.h"
void post_fs(int client) {
// ack
write_int(client, 0);
// TODO: Do something
close(client);
unblock_boot_process();
}

15
jni/daemon/post_fs_data.c Normal file
View File

@ -0,0 +1,15 @@
/* post_fs_data.c - post-fs-data actions
*/
#include <unistd.h>
#include "utils.h"
#include "daemon.h"
void post_fs_data(int client) {
// ack
write_int(client, 0);
// TODO: Do something
close(client);
unblock_boot_process();
}

2
jni/magiskpolicy

@ -1 +1 @@
Subproject commit 7bb8b9039c96278f904e3e7fa07953cd5e5b5113 Subproject commit a65c7ee2fcb0ecc546603e97384ef49ad6f245d5

16
jni/main.c
View File

@ -54,6 +54,7 @@ int main(int argc, char *argv[]) {
err_handler = exit_proc; err_handler = exit_proc;
char * arg = strrchr(argv[0], '/'); char * arg = strrchr(argv[0], '/');
if (arg) ++arg; if (arg) ++arg;
else arg = argv[0];
if (strcmp(arg, "magisk") == 0) { if (strcmp(arg, "magisk") == 0) {
if (argc < 2) usage(); if (argc < 2) usage();
if (strcmp(argv[1], "-v") == 0) { if (strcmp(argv[1], "-v") == 0) {
@ -78,14 +79,17 @@ int main(int argc, char *argv[]) {
printf("%s\n", applet[i]); printf("%s\n", applet[i]);
return 0; return 0;
} else if (strcmp(argv[1], "--post-fs") == 0) { } else if (strcmp(argv[1], "--post-fs") == 0) {
// TODO: post-fs mode int fd = connect_daemon();
return 0; write_int(fd, POST_FS);
return read_int(fd);
} else if (strcmp(argv[1], "--post-fs-data") == 0) { } else if (strcmp(argv[1], "--post-fs-data") == 0) {
// TODO: post-fs-data mode int fd = connect_daemon();
return 0; write_int(fd, POST_FS_DATA);
return read_int(fd);
} else if (strcmp(argv[1], "--service") == 0) { } else if (strcmp(argv[1], "--service") == 0) {
// TODO: late_start service mode int fd = connect_daemon();
return 0; write_int(fd, LATE_START);
return read_int(fd);
} else if (strcmp(argv[1], "--test") == 0) { } else if (strcmp(argv[1], "--test") == 0) {
// Temporary testing entry // Temporary testing entry
int fd = connect_daemon(); int fd = connect_daemon();

2
jni/su

@ -1 +1 @@
Subproject commit c42c44a55254416fc2ccdb89395f42e8a580a67f Subproject commit 85b080113f43bccd6764cefe9144d82dc0492426

5
jni/utils/misc.c
View File

@ -178,3 +178,8 @@ void unlock_blocks() {
closedir(dir); closedir(dir);
} }
void unblock_boot_process() {
int fd = open("/dev/.magisk.unblock", O_RDONLY | O_CREAT);
close(fd);
}

1
jni/utils/utils.h
View File

@ -62,5 +62,6 @@ void ps(void (*func)(int));
void ps_filter_proc_name(const char *filter, void (*func)(int)); void ps_filter_proc_name(const char *filter, void (*func)(int));
int create_links(const char *bin, const char *path); int create_links(const char *bin, const char *path);
void unlock_blocks(); void unlock_blocks();
void unblock_boot_process();
#endif #endif