From e3e8829e40a45dbf4787c7f5c812822ecfef6bc4 Mon Sep 17 00:00:00 2001 From: Ethan Yonker Date: Wed, 10 Dec 2014 16:17:55 -0600 Subject: Update SuperSU to 2.40 The SuperSU install process is getting rather complicated, so we will modify the install script slightly and use it to install all the things and stop trying to check to see if root permissions have been lost like we used to do. Change-Id: Ibdb64c909d2bd16e12bb35b4f31f572cc29add47 --- prebuilt/99SuperSUDaemon | 0 prebuilt/Android.mk | 79 ++++++++- prebuilt/chattr.pie | Bin 0 -> 9756 bytes prebuilt/install-recovery.sh | 2 +- prebuilt/install-supersu.sh | 405 +++++++++++++++++++++++++++++++++++++++++++ prebuilt/libsupol.so | Bin 0 -> 170232 bytes prebuilt/libsupol.soarm64 | Bin 0 -> 276888 bytes prebuilt/su | Bin 113036 -> 75364 bytes prebuilt/suarm64 | Bin 0 -> 100272 bytes prebuilt/supolicy | Bin 0 -> 29972 bytes prebuilt/supolicyarm64 | Bin 0 -> 30168 bytes twrp-functions.cpp | 159 +---------------- twrp-functions.hpp | 2 - twrp.cpp | 4 - 14 files changed, 481 insertions(+), 170 deletions(-) mode change 100755 => 100644 prebuilt/99SuperSUDaemon create mode 100644 prebuilt/chattr.pie mode change 100755 => 100644 prebuilt/install-recovery.sh create mode 100755 prebuilt/install-supersu.sh create mode 100644 prebuilt/libsupol.so create mode 100644 prebuilt/libsupol.soarm64 mode change 100755 => 100644 prebuilt/su create mode 100644 prebuilt/suarm64 create mode 100644 prebuilt/supolicy create mode 100644 prebuilt/supolicyarm64 diff --git a/prebuilt/99SuperSUDaemon b/prebuilt/99SuperSUDaemon old mode 100755 new mode 100644 diff --git a/prebuilt/Android.mk b/prebuilt/Android.mk index 7d1dceb5e..6d9f12f71 100644 --- a/prebuilt/Android.mk +++ b/prebuilt/Android.mk @@ -278,25 +278,94 @@ ifeq ($(TW_INCLUDE_DUMLOCK), true) endif ifneq ($(TW_EXCLUDE_SUPERSU), true) - #su binary + ifeq ($(TARGET_ARCH), arm) + #chattr.pie + include $(CLEAR_VARS) + LOCAL_MODULE := chattr.pie + LOCAL_MODULE_TAGS := eng + LOCAL_MODULE_CLASS := RECOVERY_EXECUTABLES + LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)/supersu + LOCAL_SRC_FILES := $(LOCAL_MODULE) + include $(BUILD_PREBUILT) + + #libsupol.so + include $(CLEAR_VARS) + LOCAL_MODULE := libsupol.so + LOCAL_MODULE_TAGS := eng + LOCAL_MODULE_CLASS := RECOVERY_EXECUTABLES + LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)/supersu + LOCAL_SRC_FILES := $(LOCAL_MODULE) + include $(BUILD_PREBUILT) + + #su binary + include $(CLEAR_VARS) + LOCAL_MODULE := su + LOCAL_MODULE_TAGS := eng + LOCAL_MODULE_CLASS := RECOVERY_EXECUTABLES + LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)/supersu + LOCAL_SRC_FILES := $(LOCAL_MODULE) + include $(BUILD_PREBUILT) + + #supolicy + include $(CLEAR_VARS) + LOCAL_MODULE := supolicy + LOCAL_MODULE_TAGS := eng + LOCAL_MODULE_CLASS := RECOVERY_EXECUTABLES + LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)/supersu + LOCAL_SRC_FILES := $(LOCAL_MODULE) + include $(BUILD_PREBUILT) + endif + ifeq ($(TARGET_ARCH), arm64) + #libsupol.so + include $(CLEAR_VARS) + LOCAL_MODULE := libsupol.soarm64 + LOCAL_MODULE_STEM := libsupol.so + LOCAL_MODULE_TAGS := eng + LOCAL_MODULE_CLASS := RECOVERY_EXECUTABLES + LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)/supersu + LOCAL_SRC_FILES := $(LOCAL_MODULE) + include $(BUILD_PREBUILT) + + #su binary + include $(CLEAR_VARS) + LOCAL_MODULE := suarm64 + LOCAL_MODULE_STEM := su + LOCAL_MODULE_TAGS := eng + LOCAL_MODULE_CLASS := RECOVERY_EXECUTABLES + LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)/supersu + LOCAL_SRC_FILES := $(LOCAL_MODULE) + include $(BUILD_PREBUILT) + + #supolicy + include $(CLEAR_VARS) + LOCAL_MODULE := supolicyarm64 + LOCAL_MODULE_STEM := supolicy + LOCAL_MODULE_TAGS := eng + LOCAL_MODULE_CLASS := RECOVERY_EXECUTABLES + LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)/supersu + LOCAL_SRC_FILES := $(LOCAL_MODULE) + include $(BUILD_PREBUILT) + endif + + #install-recovery.sh include $(CLEAR_VARS) - LOCAL_MODULE := su + LOCAL_MODULE := install-recovery.sh LOCAL_MODULE_TAGS := eng LOCAL_MODULE_CLASS := RECOVERY_EXECUTABLES LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)/supersu LOCAL_SRC_FILES := $(LOCAL_MODULE) include $(BUILD_PREBUILT) - #install-recovery.sh + #install-supersu.sh include $(CLEAR_VARS) - LOCAL_MODULE := install-recovery.sh + LOCAL_MODULE := install-supersu.sh LOCAL_MODULE_TAGS := eng LOCAL_MODULE_CLASS := RECOVERY_EXECUTABLES LOCAL_MODULE_PATH := $(TARGET_RECOVERY_ROOT_OUT)/supersu LOCAL_SRC_FILES := $(LOCAL_MODULE) include $(BUILD_PREBUILT) - #99SuperSUDaemon + #99SuperSUDaemon include $(CLEAR_VARS) LOCAL_MODULE := 99SuperSUDaemon LOCAL_MODULE_TAGS := eng diff --git a/prebuilt/chattr.pie b/prebuilt/chattr.pie new file mode 100644 index 000000000..47397283b Binary files /dev/null and b/prebuilt/chattr.pie differ diff --git a/prebuilt/install-recovery.sh b/prebuilt/install-recovery.sh old mode 100755 new mode 100644 index 7c65d0ed5..f62cf0b96 --- a/prebuilt/install-recovery.sh +++ b/prebuilt/install-recovery.sh @@ -10,7 +10,7 @@ /system/xbin/daemonsu --auto-daemon & -# Some apps like to run stuff from this script as well, that will +# Some apps like to run stuff from this script as well, that will # obviously break root - in your code, just search this file # for "install-recovery-2.sh", and if present, write there instead. diff --git a/prebuilt/install-supersu.sh b/prebuilt/install-supersu.sh new file mode 100755 index 000000000..2bca4c3c2 --- /dev/null +++ b/prebuilt/install-supersu.sh @@ -0,0 +1,405 @@ +#!/sbin/sh +# +# SuperSU installer ZIP +# Copyright (c) 2012-2014 - Chainfire +# +# To install SuperSU properly, aside from cleaning old versions and +# other superuser-type apps from the system, the following files need to +# be installed: +# +# API source target chmod chcon required +# +# 7-19 common/Superuser.apk /system/app/Superuser.apk 0644 u:object_r:system_file:s0 gui +# 20+ common/Superuser.apk /system/app/SuperSU/SuperSU.apk 0644 u:object_r:system_file:s0 gui +# +# 17+ common/install-recovery.sh /system/etc/install-recovery.sh 0755 *1 required +# 17+ /system/bin/install-recovery.sh (symlink to /system/etc/...) required +# *1: same as /system/bin/toolbox: u:object_r:system_file:s0 if API < 20, u:object_r:toolbox_exec:s0 if API >= 20 +# +# 7+ ARCH/su /system/xbin/su *2 u:object_r:system_file:s0 required +# 7+ /system/bin/.ext/.su *2 u:object_r:system_file:s0 gui +# 17+ /system/xbin/daemonsu 0755 u:object_r:system_file:s0 required +# 17+ /system/xbin/sugote 0755 u:object_r:zygote_exec:s0 required +# *2: 06755 if API < 18, 0755 if API >= 18 +# +# 19+ ARCH/supolicy /system/xbin/supolicy 0755 u:object_r:system_file:s0 required +# 19+ ARCH/libsupol.so /system/lib(64)/libsupol.so 0644 u:object_r:system_file:s0 required +# +# 17+ /system/bin/sh or mksh *3 /system/xbin/sugote-mksh 0755 u:object_r:system_file:s0 required +# *3: which one (or both) are available depends on API +# +# 21+ /system/bin/app_process32 *4 /system/bin/app_process32_original 0755 u:object_r:zygote_exec:s0 required +# 21+ /system/bin/app_process64 *4 /system/bin/app_process64_original 0755 u:object_r:zygote_exec:s0 required +# 21+ /system/bin/app_processXX *4 /system/bin/app_process_init 0755 u:object_r:system_file:s0 required +# 21+ /system/bin/app_process (symlink to /system/xbin/daemonsu) required +# 21+ *4 /system/bin/app_process32 (symlink to /system/xbin/daemonsu) required +# 21+ *4 /system/bin/app_process64 (symlink to /system/xbin/daemonsu) required +# *4: Only do this for the relevant bits. On a 64 bits system, leave the 32 bits files alone, or dynamic linker errors +# will prevent the system from fully working in subtle ways. The bits of the su binary must also match! +# +# 17+ common/99SuperSUDaemon *5 /system/etc/init.d/99SuperSUDaemon 0755 u:object_r:system_file:s0 optional +# *5: only place this file if /system/etc/init.d is present +# +# 17+ 'echo 1 >' or 'touch' *6 /system/etc/.installed_su_daemon 0644 u:object_r:system_file:s0 optional +# *6: the file just needs to exist or some recoveries will nag you. Even with it there, it may still happen. +# +# It may seem some files are installed multiple times needlessly, but +# it only seems that way. Installing files differently or symlinking +# instead of copying (unless specified) will lead to issues eventually. +# +# The following su binary versions are included in the full package. Each +# should be installed only if the system has the same or newer API level +# as listed. The script may fall back to a different binary on older API +# levels. supolicy are all ndk/pie/19+ for 32 bit, ndk/pie/20+ for 64 bit. +# +# binary ARCH/path build type API +# +# arm-v5te arm aosp static 7+ +# x86 x86 aosp static 7+ +# +# arm-v7a armv7 ndk pie 17+ +# mips mips ndk pie 17+ +# +# arm64-v8a arm64 ndk pie 20+ +# mips64 mips64 ndk pie 20+ +# x86_64 x64 ndk pie 20+ +# +# Note that if SELinux is set to enforcing, the daemonsu binary expects +# to be run at startup (usually from install-recovery.sh, 99SuperSUDaemon, +# or app_process) from u:r:init:s0 or u:r:kernel:s0 contexts. Depending +# on the current policies, it can also deal with u:r:init_shell:s0 and +# u:r:toolbox:s0 contexts. Any other context will lead to issues eventually. +# +# After installation, run '/system/xbin/su --install', which may need to +# perform some additional installation steps. Ideally, at one point, +# a lot of this script will be moved there. +# +# The included chattr(.pie) binaries are used to remove ext2's immutable +# flag on some files. This flag is no longer set by SuperSU's OTA +# survival since API level 18, so there is no need for the 64 bit versions. +# Note that chattr does not need to be installed to the system, it's just +# used by this script, and not supported by the busybox used in older +# recoveries. +# +# Non-static binaries are supported to be PIE (Position Independent +# Executable) from API level 16, and required from API level 20 (which will +# refuse to execute non-static non-PIE). +# +# The script performs serveral actions in various ways, sometimes +# multiple times, due to different recoveries and firmwares behaving +# differently, and it thus being required for the correct result. + +OUTFD=$2 +ZIP=$3 + +SYSTEMLIB=/system/lib + +ui_print() { + echo -n -e "echo $1\n" > /proc/self/fd/$OUTFD + echo -n -e "echo\n" > /proc/self/fd/$OUTFD +} + +ch_con() { + LD_LIBRARY_PATH=$SYSTEMLIB /system/toolbox chcon -h u:object_r:system_file:s0 $1 + LD_LIBRARY_PATH=$SYSTEMLIB /system/bin/toolbox chcon -h u:object_r:system_file:s0 $1 + chcon -h u:object_r:system_file:s0 $1 + LD_LIBRARY_PATH=$SYSTEMLIB /system/toolbox chcon u:object_r:system_file:s0 $1 + LD_LIBRARY_PATH=$SYSTEMLIB /system/bin/toolbox chcon u:object_r:system_file:s0 $1 + chcon u:object_r:system_file:s0 $1 +} + +ch_con_ext() { + LD_LIBRARY_PATH=$SYSTEMLIB /system/toolbox chcon $2 $1 + LD_LIBRARY_PATH=$SYSTEMLIB /system/bin/toolbox chcon $2 $1 + chcon $2 $1 +} + +ln_con() { + LD_LIBRARY_PATH=$SYSTEMLIB /system/toolbox ln -s $1 $2 + LD_LIBRARY_PATH=$SYSTEMLIB /system/bin/toolbox ln -s $1 $2 + ln -s $1 $2 + ch_con $2 +} + +set_perm() { + chown $1.$2 $4 + chown $1:$2 $4 + chmod $3 $4 + ch_con $4 + ch_con_ext $4 $5 +} + +cp_perm() { + rm $5 + cat $4 > $5 + set_perm $1 $2 $3 $5 $6 +} + +echo "*********************" +echo "SuperSU installer ZIP" +echo "*********************" + +echo "- Mounting /system, /data and rootfs" +mount /system +mount /data +mount -o rw,remount /system +mount -o rw,remount /system /system +mount -o rw,remount / +mount -o rw,remount / / + +cat /system/bin/toolbox > /system/toolbox +chmod 0755 /system/toolbox +ch_con /system/toolbox + +API=$(cat /system/build.prop | grep "ro.build.version.sdk=" | dd bs=1 skip=21 count=2) +ABI=$(cat /system/build.prop /default.prop | grep -m 1 "ro.product.cpu.abi=" | dd bs=1 skip=19 count=3) +ABILONG=$(cat /system/build.prop /default.prop | grep -m 1 "ro.product.cpu.abi=" | dd bs=1 skip=19) +ABI2=$(cat /system/build.prop /default.prop | grep -m 1 "ro.product.cpu.abi2=" | dd bs=1 skip=20 count=3) +SUMOD=06755 +SUGOTE=false +SUPOLICY=false +INSTALL_RECOVERY_CONTEXT=u:object_r:system_file:s0 +MKSH=/system/bin/mksh +PIE= +ARCH=arm +APKFOLDER=false +APKNAME=/system/app/Superuser.apk +APPPROCESS=false +APPPROCESS64=false +if [ "$ABI" = "x86" ]; then ARCH=x86; fi; +if [ "$ABI2" = "x86" ]; then ARCH=x86; fi; +if [ "$API" -eq "$API" ]; then + if [ "$API" -ge "17" ]; then + SUGOTE=true + PIE=.pie + if [ "$ABILONG" = "armeabi-v7a" ]; then ARCH=armv7; fi; + if [ "$ABI" = "mip" ]; then ARCH=mips; fi; + if [ "$ABILONG" = "mips" ]; then ARCH=mips; fi; + fi + if [ "$API" -ge "18" ]; then + SUMOD=0755 + fi + if [ "$API" -ge "20" ]; then + if [ "$ABILONG" = "arm64-v8a" ]; then ARCH=arm64; SYSTEMLIB=/system/lib64; APPPROCESS64=true; fi; + if [ "$ABILONG" = "mips64" ]; then ARCH=mips64; SYSTEMLIB=/system/lib64; APPPROCESS64=true; fi; + if [ "$ABILONG" = "x86_64" ]; then ARCH=x64; SYSTEMLIB=/system/lib64; APPPROCESS64=true; fi; + APKFOLDER=true + APKNAME=/system/app/SuperSU/SuperSU.apk + fi + if [ "$API" -ge "19" ]; then + SUPOLICY=true + if [ "$(LD_LIBRARY_PATH=$SYSTEMLIB /system/toolbox ls -lZ /system/bin/toolbox | grep toolbox_exec > /dev/null; echo $?)" -eq "0" ]; then + INSTALL_RECOVERY_CONTEXT=u:object_r:toolbox_exec:s0 + fi + fi + if [ "$API" -ge "21" ]; then + APPPROCESS=true + fi +fi +if [ ! -f $MKSH ]; then + MKSH=/system/bin/sh +fi + +#echo "DBG [$API] [$ABI] [$ABI2] [$ABILONG] [$ARCH] [$MKSH]" + +# Don't extract in TWRP +#echo "- Extracting files" +#cd /tmp +#mkdir supersu +#cd supersu +#unzip -o "$ZIP" + +BIN=/supersu +COM=/supersu + +echo "- Disabling OTA survival" +chmod 0755 /supersu/chattr$PIE +LD_LIBRARY_PATH=$SYSTEMLIB $BIN/chattr$PIE -i /system/bin/su +LD_LIBRARY_PATH=$SYSTEMLIB $BIN/chattr$PIE -i /system/xbin/su +LD_LIBRARY_PATH=$SYSTEMLIB $BIN/chattr$PIE -i /system/bin/.ext/.su +LD_LIBRARY_PATH=$SYSTEMLIB $BIN/chattr$PIE -i /system/xbin/daemonsu +LD_LIBRARY_PATH=$SYSTEMLIB $BIN/chattr$PIE -i /system/xbin/sugote +LD_LIBRARY_PATH=$SYSTEMLIB $BIN/chattr$PIE -i /system/xbin/sugote_mksh +LD_LIBRARY_PATH=$SYSTEMLIB $BIN/chattr$PIE -i /system/xbin/supolicy +LD_LIBRARY_PATH=$SYSTEMLIB $BIN/chattr$PIE -i /system/lib/libsupol.so +LD_LIBRARY_PATH=$SYSTEMLIB $BIN/chattr$PIE -i /system/lib64/libsupol.so +LD_LIBRARY_PATH=$SYSTEMLIB $BIN/chattr$PIE -i /system/etc/install-recovery.sh +LD_LIBRARY_PATH=$SYSTEMLIB $BIN/chattr$PIE -i /system/bin/install-recovery.sh + +echo "- Removing old files" + +if [ -f "/system/bin/install-recovery.sh" ]; then + if [ ! -f "/system/bin/install-recovery_original.sh" ]; then + mv /system/bin/install-recovery.sh /system/bin/install-recovery_original.sh + ch_con /system/bin/install-recovery_original.sh + fi +fi +if [ -f "/system/etc/install-recovery.sh" ]; then + if [ ! -f "/system/etc/install-recovery_original.sh" ]; then + mv /system/etc/install-recovery.sh /system/etc/install-recovery_original.sh + ch_con /system/etc/install-recovery_original.sh + fi +fi + +rm -f /system/bin/su +rm -f /system/xbin/su +rm -f /system/xbin/daemonsu +rm -f /system/xbin/sugote +rm -f /system/xbin/sugote-mksh +rm -f /system/xbin/supolicy +rm -f /system/lib/libsupol.so +rm -f /system/lib64/libsupol.so +rm -f /system/bin/.ext/.su +rm -f /system/bin/install-recovery.sh +rm -f /system/etc/install-recovery.sh +rm -f /system/etc/init.d/99SuperSUDaemon +rm -f /system/etc/.installed_su_daemon + +rm -f /system/app/Superuser.apk +rm -f /system/app/Superuser.odex +rm -rf /system/app/Superuser +rm -f /system/app/SuperUser.apk +rm -f /system/app/SuperUser.odex +rm -rf /system/app/SuperUser +rm -f /system/app/superuser.apk +rm -f /system/app/superuser.odex +rm -rf /system/app/superuser +rm -f /system/app/Supersu.apk +rm -f /system/app/Supersu.odex +rm -rf /system/app/Supersu +rm -f /system/app/SuperSU.apk +rm -f /system/app/SuperSU.odex +rm -rf /system/app/SuperSU +rm -f /system/app/supersu.apk +rm -f /system/app/supersu.odex +rm -rf /system/app/supersu +rm -f /system/app/VenomSuperUser.apk +rm -f /system/app/VenomSuperUser.odex +rm -rf /system/app/VenomSuperUser +rm -f /data/dalvik-cache/*com.noshufou.android.su* +rm -f /data/dalvik-cache/*/*com.noshufou.android.su* +rm -f /data/dalvik-cache/*com.koushikdutta.superuser* +rm -f /data/dalvik-cache/*/*com.koushikdutta.superuser* +rm -f /data/dalvik-cache/*com.mgyun.shua.su* +rm -f /data/dalvik-cache/*/*com.mgyun.shua.su* +rm -f /data/dalvik-cache/*com.m0narx.su* +rm -f /data/dalvik-cache/*/*com.m0narx.su* +rm -f /data/dalvik-cache/*Superuser.apk* +rm -f /data/dalvik-cache/*/*Superuser.apk* +rm -f /data/dalvik-cache/*SuperUser.apk* +rm -f /data/dalvik-cache/*/*SuperUser.apk* +rm -f /data/dalvik-cache/*superuser.apk* +rm -f /data/dalvik-cache/*/*superuser.apk* +rm -f /data/dalvik-cache/*VenomSuperUser.apk* +rm -f /data/dalvik-cache/*/*VenomSuperUser.apk* +rm -f /data/dalvik-cache/*eu.chainfire.supersu* +rm -f /data/dalvik-cache/*/*eu.chainfire.supersu* +rm -f /data/dalvik-cache/*Supersu.apk* +rm -f /data/dalvik-cache/*/*Supersu.apk* +rm -f /data/dalvik-cache/*SuperSU.apk* +rm -f /data/dalvik-cache/*/*SuperSU.apk* +rm -f /data/dalvik-cache/*supersu.apk* +rm -f /data/dalvik-cache/*/*supersu.apk* +rm -f /data/dalvik-cache/*.oat +rm -f /data/app/com.noshufou.android.su* +rm -f /data/app/com.koushikdutta.superuser* +rm -f /data/app/com.mgyun.shua.su* +rm -f /data/app/com.m0narx.su* +rm -f /data/app/eu.chainfire.supersu-* +rm -f /data/app/eu.chainfire.supersu.apk + +echo "- Creating space" +if ($APKFOLDER); then + cp /system/app/Maps/Maps.apk /Maps.apk + cp /system/app/GMS_Maps/GMS_Maps.apk /GMS_Maps.apk + cp /system/app/YouTube/YouTube.apk /YouTube.apk + rm /system/app/Maps/Maps.apk + rm /system/app/GMS_Maps/GMS_Maps.apk + rm /system/app/YouTube/YouTube.apk +else + cp /system/app/Maps.apk /Maps.apk + cp /system/app/GMS_Maps.apk /GMS_Maps.apk + cp /system/app/YouTube.apk /YouTube.apk + rm /system/app/Maps.apk + rm /system/app/GMS_Maps.apk + rm /system/app/YouTube.apk +fi + +echo "- Placing files" + +mkdir /system/bin/.ext +set_perm 0 0 0777 /system/bin/.ext +cp_perm 0 0 $SUMOD $BIN/su /system/bin/.ext/.su +cp_perm 0 0 $SUMOD $BIN/su /system/xbin/su +cp_perm 0 0 0755 $BIN/su /system/xbin/daemonsu +if ($SUGOTE); then + cp_perm 0 0 0755 $BIN/su /system/xbin/sugote u:object_r:zygote_exec:s0 + cp_perm 0 0 0755 $MKSH /system/xbin/sugote-mksh +fi +if ($SUPOLICY); then + cp_perm 0 0 0755 $BIN/supolicy /system/xbin/supolicy + cp_perm 0 0 0644 $BIN/libsupol.so $SYSTEMLIB/libsupol.so +fi +if ($APKFOLDER); then + mkdir /system/app/SuperSU + set_perm 0 0 0755 /system/app/SuperSU +fi +cp_perm 0 0 0644 $COM/Superuser.apk $APKNAME +cp_perm 0 0 0755 $COM/install-recovery.sh /system/etc/install-recovery.sh +ln_con /system/etc/install-recovery.sh /system/bin/install-recovery.sh +if ($APPPROCESS); then + rm /system/bin/app_process + ln_con /system/xbin/daemonsu /system/bin/app_process + if ($APPPROCESS64); then + if [ ! -f "/system/bin/app_process64_original" ]; then + mv /system/bin/app_process64 /system/bin/app_process64_original + else + rm /system/bin/app_process64 + fi + ln_con /system/xbin/daemonsu /system/bin/app_process64 + if [ ! -f "/system/bin/app_process_init" ]; then + cp_perm 0 2000 0755 /system/bin/app_process64_original /system/bin/app_process_init + fi + else + if [ ! -f "/system/bin/app_process32_original" ]; then + mv /system/bin/app_process32 /system/bin/app_process32_original + else + rm /system/bin/app_process32 + fi + ln_con /system/xbin/daemonsu /system/bin/app_process32 + if [ ! -f "/system/bin/app_process_init" ]; then + cp_perm 0 2000 0755 /system/bin/app_process32_original /system/bin/app_process_init + fi + fi +fi +cp_perm 0 0 0744 $COM/99SuperSUDaemon /system/etc/init.d/99SuperSUDaemon +echo 1 > /system/etc/.installed_su_daemon +set_perm 0 0 0644 /system/etc/.installed_su_daemon + +echo "- Restoring files" +if ($APKFOLDER); then + cp_perm 0 0 0644 /Maps.apk /system/app/Maps/Maps.apk + cp_perm 0 0 0644 /GMS_Maps.apk /system/app/GMS_Maps/GMS_Maps.apk + cp_perm 0 0 0644 /YouTube.apk /system/app/YouTube/YouTube.apk + rm /Maps.apk + rm /GMS_Maps.apk + rm /YouTube.apk +else + cp_perm 0 0 0644 /Maps.apk /system/app/Maps.apk + cp_perm 0 0 0644 /GMS_Maps.apk /system/app/GMS_Maps.apk + cp_perm 0 0 0644 /YouTube.apk /system/app/YouTube.apk + rm /Maps.apk + rm /GMS_Maps.apk + rm /YouTube.apk +fi + +echo "- Post-installation script" +rm /system/toolbox +LD_LIBRARY_PATH=$SYSTEMLIB /system/xbin/su --install + +echo "- Unmounting /system and /data" +umount /system +umount /data + +echo "- Done !" +exit 0 diff --git a/prebuilt/libsupol.so b/prebuilt/libsupol.so new file mode 100644 index 000000000..8a81a155e Binary files /dev/null and b/prebuilt/libsupol.so differ diff --git a/prebuilt/libsupol.soarm64 b/prebuilt/libsupol.soarm64 new file mode 100644 index 000000000..50308069b Binary files /dev/null and b/prebuilt/libsupol.soarm64 differ diff --git a/prebuilt/su b/prebuilt/su old mode 100755 new mode 100644 index 941542798..38679b4ac Binary files a/prebuilt/su and b/prebuilt/su differ diff --git a/prebuilt/suarm64 b/prebuilt/suarm64 new file mode 100644 index 000000000..a2b4dc8bf Binary files /dev/null and b/prebuilt/suarm64 differ diff --git a/prebuilt/supolicy b/prebuilt/supolicy new file mode 100644 index 000000000..55db212a2 Binary files /dev/null and b/prebuilt/supolicy differ diff --git a/prebuilt/supolicyarm64 b/prebuilt/supolicyarm64 new file mode 100644 index 000000000..ea8ac203d Binary files /dev/null and b/prebuilt/supolicyarm64 differ diff --git a/twrp-functions.cpp b/twrp-functions.cpp index b51024cf1..4a7b340a5 100644 --- a/twrp-functions.cpp +++ b/twrp-functions.cpp @@ -737,127 +737,6 @@ int TWFunc::drop_caches(void) { return 0; } -int TWFunc::Check_su_Perms(void) { - struct stat st; - int ret = 0; - - if (!PartitionManager.Mount_By_Path("/system", false)) - return 0; - - // Check to ensure that perms are 6755 for all 3 file locations - if (stat("/system/bin/su", &st) == 0) { - if ((st.st_mode & (S_ISUID | S_ISGID | S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH)) != (S_ISUID | S_ISGID | S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH) || st.st_uid != 0 || st.st_gid != 0) { - ret = 1; - } - } - if (stat("/system/xbin/su", &st) == 0) { - if ((st.st_mode & (S_ISUID | S_ISGID | S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH)) != (S_ISUID | S_ISGID | S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH) || st.st_uid != 0 || st.st_gid != 0) { - ret += 2; - } - } - if (stat("/system/bin/.ext/.su", &st) == 0) { - if ((st.st_mode & (S_ISUID | S_ISGID | S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH)) != (S_ISUID | S_ISGID | S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH) || st.st_uid != 0 || st.st_gid != 0) { - ret += 4; - } - } - return ret; -} - -bool TWFunc::Fix_su_Perms(void) { - if (!PartitionManager.Mount_By_Path("/system", true)) - return false; - - string propvalue = System_Property_Get("ro.build.version.sdk"); - string su_perms = "6755"; - if (!propvalue.empty()) { - int sdk_version = atoi(propvalue.c_str()); - if (sdk_version >= 18) - su_perms = "0755"; - } - - string file = "/system/bin/su"; - if (TWFunc::Path_Exists(file)) { - if (chown(file.c_str(), 0, 0) != 0) { - LOGERR("Failed to chown '%s'\n", file.c_str()); - return false; - } - if (tw_chmod(file, su_perms) != 0) { - LOGERR("Failed to chmod '%s'\n", file.c_str()); - return false; - } - } - file = "/system/xbin/su"; - if (TWFunc::Path_Exists(file)) { - if (chown(file.c_str(), 0, 0) != 0) { - LOGERR("Failed to chown '%s'\n", file.c_str()); - return false; - } - if (tw_chmod(file, su_perms) != 0) { - LOGERR("Failed to chmod '%s'\n", file.c_str()); - return false; - } - } - file = "/system/xbin/daemonsu"; - if (TWFunc::Path_Exists(file)) { - if (chown(file.c_str(), 0, 0) != 0) { - LOGERR("Failed to chown '%s'\n", file.c_str()); - return false; - } - if (tw_chmod(file, "0755") != 0) { - LOGERR("Failed to chmod '%s'\n", file.c_str()); - return false; - } - } - file = "/system/bin/.ext/.su"; - if (TWFunc::Path_Exists(file)) { - if (chown(file.c_str(), 0, 0) != 0) { - LOGERR("Failed to chown '%s'\n", file.c_str()); - return false; - } - if (tw_chmod(file, su_perms) != 0) { - LOGERR("Failed to chmod '%s'\n", file.c_str()); - return false; - } - } - file = "/system/etc/install-recovery.sh"; - if (TWFunc::Path_Exists(file)) { - if (chown(file.c_str(), 0, 0) != 0) { - LOGERR("Failed to chown '%s'\n", file.c_str()); - return false; - } - if (tw_chmod(file, "0755") != 0) { - LOGERR("Failed to chmod '%s'\n", file.c_str()); - return false; - } - } - file = "/system/etc/init.d/99SuperSUDaemon"; - if (TWFunc::Path_Exists(file)) { - if (chown(file.c_str(), 0, 0) != 0) { - LOGERR("Failed to chown '%s'\n", file.c_str()); - return false; - } - if (tw_chmod(file, "0755") != 0) { - LOGERR("Failed to chmod '%s'\n", file.c_str()); - return false; - } - } - file = "/system/app/Superuser.apk"; - if (TWFunc::Path_Exists(file)) { - if (chown(file.c_str(), 0, 0) != 0) { - LOGERR("Failed to chown '%s'\n", file.c_str()); - return false; - } - if (tw_chmod(file, "0644") != 0) { - LOGERR("Failed to chmod '%s'\n", file.c_str()); - return false; - } - } - sync(); - if (!PartitionManager.UnMount_By_Path("/system", true)) - return false; - return true; -} - int TWFunc::tw_chmod(const string& fn, const string& mode) { long mask = 0; std::string::size_type n = mode.length(); @@ -978,43 +857,7 @@ bool TWFunc::Install_SuperSU(void) { if (!PartitionManager.Mount_By_Path("/system", true)) return false; - TWFunc::Exec_Cmd("/sbin/chattr -i /system/xbin/su"); - if (copy_file("/supersu/su", "/system/xbin/su", 0755) != 0) { - LOGERR("Failed to copy su binary to /system/bin\n"); - return false; - } - if (!Path_Exists("/system/bin/.ext")) { - mkdir("/system/bin/.ext", 0777); - } - TWFunc::Exec_Cmd("/sbin/chattr -i /system/bin/.ext/su"); - if (copy_file("/supersu/su", "/system/bin/.ext/su", 0755) != 0) { - LOGERR("Failed to copy su binary to /system/bin/.ext/su\n"); - return false; - } - TWFunc::Exec_Cmd("/sbin/chattr -i /system/xbin/daemonsu"); - if (copy_file("/supersu/su", "/system/xbin/daemonsu", 0755) != 0) { - LOGERR("Failed to copy su binary to /system/xbin/daemonsu\n"); - return false; - } - if (Path_Exists("/system/etc/init.d")) { - TWFunc::Exec_Cmd("/sbin/chattr -i /system/etc/init.d/99SuperSUDaemon"); - if (copy_file("/supersu/99SuperSUDaemon", "/system/etc/init.d/99SuperSUDaemon", 0755) != 0) { - LOGERR("Failed to copy 99SuperSUDaemon to /system/etc/init.d/99SuperSUDaemon\n"); - return false; - } - } else { - TWFunc::Exec_Cmd("/sbin/chattr -i /system/etc/install-recovery.sh"); - if (copy_file("/supersu/install-recovery.sh", "/system/etc/install-recovery.sh", 0755) != 0) { - LOGERR("Failed to copy install-recovery.sh to /system/etc/install-recovery.sh\n"); - return false; - } - } - if (copy_file("/supersu/Superuser.apk", "/system/app/Superuser.apk", 0644) != 0) { - LOGERR("Failed to copy Superuser app to /system/app\n"); - return false; - } - if (!Fix_su_Perms()) - return false; + check_and_run_script("/supersu/install-supersu.sh", "SuperSU"); return true; } diff --git a/twrp-functions.hpp b/twrp-functions.hpp index 1cc531c79..36cfff5b8 100644 --- a/twrp-functions.hpp +++ b/twrp-functions.hpp @@ -73,8 +73,6 @@ public: static int read_file(string fn, uint64_t& results); //read from file static int write_file(string fn, string& line); //write from file static int drop_caches(void); //drop linux cache memory - static int Check_su_Perms(void); // check perms and owner of su binary in various locations - static bool Fix_su_Perms(void); // sets proper permissions for su binaries and superuser apk static int tw_chmod(const string& fn, const string& mode); // chmod function that converts a 3 or 4 char string into st_mode automatically static bool Install_SuperSU(void); // Installs su binary and apk and sets proper permissions static bool Try_Decrypting_Backup(string Restore_Path, string Password); // true for success, false for failed to decrypt diff --git a/twrp.cpp b/twrp.cpp index f76ab641d..24a56f18b 100644 --- a/twrp.cpp +++ b/twrp.cpp @@ -346,10 +346,6 @@ int main(int argc, char **argv) { if (gui_startPage("installsu") != 0) { LOGERR("Failed to start SuperSU install page.\n"); } - } else if (TWFunc::Check_su_Perms() > 0) { - // su perms are set incorrectly - LOGINFO("Root permissions appear to be lost... fixing. (This will always happen on 4.3+ ROMs with SELinux.\n"); - TWFunc::Fix_su_Perms(); } sync(); PartitionManager.UnMount_By_Path("/system", false); -- cgit v1.2.3