Commit Graph

265 Commits

Author SHA1 Message Date
topjohnwu 9b170f2b4f Switch from deprecated AUDITDENY to DONTAUDIT 2018-11-29 06:42:04 -05:00
topjohnwu 51e9ff59de Temporarily suppress warnings when applying Magisk rules 2018-11-29 06:31:05 -05:00
topjohnwu 2977dbcded Remove all dontaudit in magisk rules 2018-11-29 06:28:37 -05:00
topjohnwu ac60b51035 Support removing redundant avtab nodes 2018-11-29 05:42:08 -05:00
topjohnwu 4c2f33a089 Remove '--install' 2018-11-29 04:35:43 -05:00
topjohnwu 3b071116ac Update magiskpolicy
- Generalize avtab node extraction and insertion
- Add new supported rules: type_change, type_member
- Update help message with official policy language
2018-11-29 03:46:29 -05:00
topjohnwu f723427b8b Add built-in procfs protection on SDK 24+
More information in the Medium Post:
https://medium.com/@topjohnwu/from-anime-game-to-android-system-security-vulnerability-9b955a182f20
2018-11-28 01:27:32 -05:00
topjohnwu f69a004c1c Use raw execve
Some devices have broken libc...
2018-11-28 00:07:57 -05:00
topjohnwu e8cba3524e Kill target processes properly 2018-11-27 03:56:14 -05:00
topjohnwu 29457a1d28 Small adjustments 2018-11-26 03:26:45 -05:00
topjohnwu 731455f164 Update exec functions signatures 2018-11-26 03:06:48 -05:00
topjohnwu b01a8cace6 Always try native accept4 2018-11-26 02:57:34 -05:00
topjohnwu e67965a381 Silent some errors 2018-11-24 15:53:15 -05:00
topjohnwu ec4723096f Prevent file descriptor from unclosed 2018-11-23 21:15:44 -05:00
topjohnwu 762b678d24 Prevent any SELinux issues of root shell streams 2018-11-23 21:08:06 -05:00
topjohnwu 38fcc57bbf Use component name as targets
Services can name their process name arbitrarily, for instance the service in
com.google.android.gms that is responsible for SafetyNet is named
com.google.android.gms.unstable. There are many apps out in the wild use
dedicated services with special names to detect root, and previously the user
is expected to add all of them to the hide list.

In this commit, we change from targeting process names to component names.
On Android, component names are composed of <pkg>/<cls>. When targeting
component names, we can always know what application spawned the new process.
This means that if the user adds a package name to the hidelist, MagiskHide can
now target ALL possible processes of that specific application.

To abide with this change, the default SafetyNet target is now changed from
com.google.android.gms.unstable (process name) to
com.google.android.gms/.droidguard.DroidGuardService (component name)
2018-11-23 15:47:49 -05:00
topjohnwu c8c57c74cc Optimize proc_monitor 2018-11-23 14:32:33 -05:00
topjohnwu 0784448c69 Remove /.backup folder on start 2018-11-20 05:24:40 -05:00
topjohnwu de0064af47 Fix SIGWINCH never followed
Close #786
2018-11-20 04:40:42 -05:00
topjohnwu baae1fc84f Modernize selinux stub 2018-11-20 03:49:44 -05:00
topjohnwu 2ab999f4ca Fix bug in DB query wrapper 2018-11-20 02:20:49 -05:00
topjohnwu c9f390d6e0 Abort upon any error occurred 2018-11-20 02:20:49 -05:00
topjohnwu 3622c49ce1 Update busybox 2018-11-18 15:58:41 -05:00
topjohnwu 0462e9a7d9 Update external dependencies 2018-11-18 03:34:59 -05:00
topjohnwu c3a6091908 Update to 1.29.3 2018-11-18 02:45:21 -05:00
topjohnwu ab5fedda0b Prevent Magisk database race condition
The database should only be accessed by a single process, which is magiskd.
This means 'magisk --sqlite [SQL]' has to be updated to pass the SQL command to the daemon.
In addition, open the database connection with SQLITE_OPEN_FULLMUTEX to support multithread in magiskd.
2018-11-16 03:20:30 -05:00
topjohnwu ba70269398 Directly print output over socket 2018-11-16 01:49:15 -05:00
topjohnwu 77fd5fa7de Do not follow symlink when checking legacy paths 2018-11-16 01:16:25 -05:00
topjohnwu ab74290fe3 Move magiskhide config into database 2018-11-16 01:15:34 -05:00
topjohnwu 3aad9d8166 Add CLI to detect MagiskHide status 2018-11-16 00:37:41 -05:00
topjohnwu 572e078d87 Fully deprecate <mount_point>/.core folder
Symlinks are preserved for backwards compatibility
2018-11-15 22:55:28 -05:00
topjohnwu ee4548230b Disable native systemless hosts, add built-in systemless hosts module 2018-11-15 13:57:41 -05:00
topjohnwu 376e7977f0 Deprecate path /sbin/.core, switch to /sbin/.magisk
Symlink is preserved for backwards compatibility
2018-11-15 01:36:03 -05:00
topjohnwu 83ae66daea Change stock boot image SHA1 backup method 2018-11-15 00:33:20 -05:00
topjohnwu 89e0be0099 Fix a bug causing magiskhide CLI freezing 2018-11-13 02:22:55 -05:00
topjohnwu ef40c1212e Prevent infinite loop if process is killed
Close #761
2018-11-13 02:11:02 -05:00
topjohnwu 3a2a2a4ffa Micro optimizations 2018-11-13 02:07:02 -05:00
topjohnwu 9592a69986 Prevent unmounting non-custom mount points 2018-11-13 01:53:48 -05:00
topjohnwu c61c3ae0e9 Fix su shell environment setup 2018-11-10 02:17:13 -05:00
topjohnwu 3603b7c82b Move cmdline and extra_cmdline to the same line 2018-11-08 20:57:30 -05:00
topjohnwu 5743c72cca Minor cleanup 2018-11-08 15:23:36 -05:00
topjohnwu 4cdd66ceff Fix lowmemorykiller crash hell in Pixel 3 2018-11-08 13:41:03 -05:00
topjohnwu d3947d2cfa Adjust logging in magiskpolicy 2018-11-08 06:43:11 -05:00
topjohnwu 07718b994a Fix magiskinit
The behavior of C and C++ is slightly different, and causes unable to set excl_list
2018-11-08 06:07:52 -05:00
topjohnwu ef9d463bd7 Fix PLOGE 2018-11-08 06:07:02 -05:00
topjohnwu 8745c7884e Rename Array to Vector
Finally get rid of the C style vector, rename the template class to its proper name
2018-11-08 05:03:59 -05:00
topjohnwu b6965105b7 Better parsing logic 2018-11-08 04:57:16 -05:00
topjohnwu 3d269fe8be Migrate MagiskInit to C++ 2018-11-08 04:20:16 -05:00
topjohnwu be5f00aa1a Prevent stack overflow when managing hide list 2018-11-07 22:46:56 -05:00
topjohnwu 59ba350f34 Fix copy and move assigments of Array 2018-11-07 04:09:37 -05:00