github/Magisk
1
Fork 0
mirror of https://github.com/topjohnwu/Magisk synced 2024-11-14 22:28:37 +01:00
Code Releases Activity

Update documentation

Browse Source
This commit is contained in:
topjohnwu 2022-01-25 02:32:52 -08:00
parent 45483fde74
commit 3b2db56243
4 changed files with 183 additions and 127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
docs/changes.md
View File

@ -1,5 +1,34 @@
# Magisk Changelog
### v24.0
- [General] MagiskHide is removed from Magisk
- [General] Support 64-bit only systems
- [General] Support Android 12
- [General] Update BusyBox to 1.34.1
- [Zygisk] Introduce new feature: Zygisk
- [Zygisk] Introduce DenyList feature to revert Magisk features in user selected processes
- [MagiskBoot] Support patching 32-bit kernel zImages
- [MagiskBoot] Support boot image header v4
- [MagiskBoot] Support patching out `skip_initramfs` from dtb bootargs
- [MagiskBoot] Add new env variable `PATCHVBMETAFLAG` to configure whether vbmeta flags should be patched
- [MagiskInit] Support loading fstab from `/system/etc` (required for Pixel 6)
- [MagiskInit] Support `/proc/bootconfig` for loading boot configurations
- [MagiskInit] Better support for some Meizu devices
- [MagiskInit] Better support for some OnePlus/Oppo/Realme devices
- [MagiskInit] Support `init.real` on some Sony devices
- [MagiskInit] Skip loading Magisk when detecting DSU
- [MagiskPolicy] Load `*_compat_cil_file` from system_ext
- [MagiskSU] Use isolated devpts if the kernel supports it
- [MagiskSU] Fix root shell if isolated mount namespace is set
- [resetprop] Deleted properties are now wiped from memory instead of just unlinking
- [App] Build a single APK for all ABIs
- [App] Switch to use standard bottom navigation bar
- [App] Downloading modules from the centralized Magisk-Modules-Repo is removed
- [App] Support user configuration of boot image vbmeta patching
- [App] Restore the ability to install Magisk on the other slot on some A/B devices
- [App] Allow modules to specify an update URL for in-app update + install
### v23.0
- [App] Update snet extension. This fixes SafetyNet API errors.
@ -115,6 +144,7 @@
- [Scripts] Support Lineage Recovery for Android 10+
### v20.3
- [MagiskBoot] Fix `lz4_legacy` decompression
### v20.2
@ -174,8 +204,8 @@
- [General] Fix bootloops on some devices with tmpfs mounting to /data
- [MagiskInit] Add Kirin hi6250 support
- [MagiskSU] Stop claiming device focus for su logging/notify if feasible.
This fix issues with users locking Magisk Manager with app lock, and prevent
video apps get messed up when an app is requesting root in the background.
This fix issues with users locking Magisk Manager with app lock, and prevent
video apps get messed up when an app is requesting root in the background.
### v19.1
@ -183,7 +213,7 @@ video apps get messed up when an app is requesting root in the background.
- [General] Support Android Q Beta 2
- [MagiskInit] New sbin overlay setup process for better compatibility
- [MagiskInit] Allow long pressing volume up to boot to recovery in recovery mode
- [MagicMount] Use proper system\_root mirror
- [MagicMount] Use proper system_root mirror
- [MagicMount] Use self created device nodes for mirrors
- [MagicMount] Do not allow adding new files/folders in partition root folder (e.g. /system or /vendor)
@ -256,7 +286,7 @@ video apps get messed up when an app is requesting root in the background.
- [General] Bring back install to inactive slot for OTAs on A/B devices
- [Script] Remove system based root in addon.d
- [Script] Add proper addon.d-v2 for preserving Magisk on custom ROMs on A/B devices
- [Script] Enable KEEPVERITY when the device is using system\_root\_image
- [Script] Enable KEEPVERITY when the device is using system_root_image
- [Script] Add hexpatch to remove Samsung defex in new Oreo kernels
- [Daemon] Support non ext4 filesystems for mirrors (system/vendor)
- [MagiskSU] Make pts sockets always run in dev_pts secontext, providing all terminal emulator root shell the same power as adb shells
@ -303,7 +333,7 @@ video apps get messed up when an app is requesting root in the background.
- [MagiskInit] Remove `magiskinit_daemon`, the actual magisk daemon (magiskd) shall handle everything itself
- [Daemon] Remove post-fs stage as it is very limited and also will not work on A/B devices; replaced with simple mount in post-fs-data, which will run ASAP even before the daemon is started
- [General] Remove all 64-bit binaries as there is no point in using them; all binaries are now 32-bit only.
Some weirdly implemented root apps might break (e.g. Tasker, already reported to the developer), but it is not my fault :)
Some weirdly implemented root apps might break (e.g. Tasker, already reported to the developer), but it is not my fault :)
- [resetprop] Add Protobuf encode/decode to support manipulating persist properties on Android P
- [MagiskHide] Include app sub-services as hiding targets. This might significantly increase the amount of apps that could be properly hidden
@ -376,11 +406,11 @@ Some weirdly implemented root apps might break (e.g. Tasker, already reported to
- [Daemon] Rewrite logcat monitor to be more efficient
- [Daemon] Fix a bug where logcat monitor may spawn infinite logcat processes
- [MagiskSU] Update su to work the same as proper Linux implementation:
Initialize window size; all environment variables will be migrated (except HOME, SHELL, USER, LOGNAME, these will be set accordingly),
"--preserve-environment" option will preserve all variables, including those four exceptions.
Check the Linux su manpage for more info
Initialize window size; all environment variables will be migrated (except HOME, SHELL, USER, LOGNAME, these will be set accordingly),
"--preserve-environment" option will preserve all variables, including those four exceptions.
Check the Linux su manpage for more info
- [MagiskBoot] Massive refactor, rewrite all cpio operations and CLI
- [MagiskInit][MagiskBoot] Support ramdisk high compression mode
- [MagiskInit][magiskboot] Support ramdisk high compression mode
### v14.5 (1456)
@ -498,15 +528,15 @@ Check the Linux su manpage for more info
- [General] Move most binaries into magisk.img (Samsung cannot run su daemon in /data)
- [General] Move sepolicy live patch to `late_start` service
This shall fix the long boot times, especially on Samsung devices
This shall fix the long boot times, especially on Samsung devices
- [General] Add Samsung RKP hexpatch back, should now work on Samsung stock kernels
- [General] Fix installation with SuperSU
- [MagiskHide] Support other logcat `am_proc_start` patterns
- [MagiskHide] Change /sys/fs/selinux/enforce(policy) permissions if required
Samsung devices cannot switch selinux states, if running on permissive custom kernel, the users will stuck at permissive
If this scenario is detected, change permissions to hide the permissive state, leads to SafetyNet passes
Samsung devices cannot switch selinux states, if running on permissive custom kernel, the users will stuck at permissive
If this scenario is detected, change permissions to hide the permissive state, leads to SafetyNet passes
- [MagiskHide] Add built in prop rules to fake KNOX status
Samsung apps requiring KNOX status to be 0x0 should now work (Samsung Pay not tested)
Samsung apps requiring KNOX status to be 0x0 should now work (Samsung Pay not tested)
- [MagiskHide] Remove all ro.build props, since they cause more issues than they benefit...
- [MagiskBoot] Add lz4 legacy format support (most linux kernel using lz4 for compression is using this)
- [MagiskBoot] Fix MTK kernels with MTK headers
@ -531,27 +561,27 @@ Samsung apps requiring KNOX status to be 0x0 should now work (Samsung Pay not te
### v11.0
- [Magic Mount] Support replacing symlinks.
Symlinks cannot be a target of a bind mounted, so they are treated the same as new files
Symlinks cannot be a target of a bind mounted, so they are treated the same as new files
- [Magic Mount] Fix the issue when file/folder name contains spaces
- [BusyBox] Updated to v1.26.2. Should fix the black screen issues of FlashFire
- [resetprop] Support reading prop files that contains spaces in prop values
- [MagiskSU] Adapt communication to Magisk Manager; stripped out unused data transfer
- [MagiskSU] Implement SuperUser access option (Disable, APP only, ADB Only, APP & ADB)
phh Superuser app has this option but the feature isn't implemented within the su binary
phh Superuser app has this option but the feature isn't implemented within the su binary
- [MagiskSU] Fixed all issues with su -c "commands" (run commands with root)
This feature is supposed to only allow one single option, but apparently adb shell su -c "command" doesn't work this way, and plenty of root apps don't follow the rule. The su binary will now consider everything after -c as a part of the command.
This feature is supposed to only allow one single option, but apparently adb shell su -c "command" doesn't work this way, and plenty of root apps don't follow the rule. The su binary will now consider everything after -c as a part of the command.
- [MagiskSU] Removed legacy context hack for TiBack, what it currently does is slowing down the invocation
- [MagiskSU] Preserve the current working directory after invoking su
Previously phh superuser will change the path to /data/data after obtaining root shell. It will now stay in the same directory where you called su
Previously phh superuser will change the path to /data/data after obtaining root shell. It will now stay in the same directory where you called su
- [MagiskSU] Daemon now also runs in u:r:su:s0 context
- [MagiskSU] Removed an unnecessary fork, reduce running processes and speed up the invocation
- [MagiskSU] Add -cn option to the binary
Not sure if this is still relevant, and also not sure if implemented correctly, but hey it's here
Not sure if this is still relevant, and also not sure if implemented correctly, but hey it's here
- [sepolicy-inject] Complete re-write the command-line options, now nearly matches supolicy syntax
- [sepolicy-inject] Support all matching mode for nearly every action (makes pseudo enforced possible)
- [sepolicy-inject] Fixed an ancient bug that allocated memory isn't reset
- [uninstaller] Now works as a independent script that can be executed at boot
Fully support recovery with no /data access, Magisk uninstallation with Magisk Manager
Fully support recovery with no /data access, Magisk uninstallation with Magisk Manager
- [Addition] Busybox, MagiskHide, hosts settings can now be applied instantly; no reboots required
- [Addition] Add post-fs-data.d and service.d
- [Addition] Add option to disable Magisk (MagiskSU will still be started)
@ -646,4 +676,5 @@ Fully support recovery with no /data access, Magisk uninstallation with Magisk M
- Removed Magisk Manager in Magisk patch, it is now included in Magisk phh's superuser only
### v1
- Initial release

10
docs/faq.md
View File

@ -1,17 +1,17 @@
# Frequently Asked Questions
### Q: Why is X app detecting root?
Manually enable MagiskHide in settings (MagiskHide is no longer enabled by default). Also, there are known methods to detect Magisk, so your mileage may vary.
### Q: I installed a module and it bootlooped my device. Help!
If you have USB debugging enabled in developer options, connect your phone to the PC. If your device is detected (check by `adb devices`), enter ADB shell and run the command `magisk --remove-modules`. This will remove all your modules and automatically reboot the device.
If unfortunately you do not have USB debugging enabled, reboot into Safe Mode. Most modern Android devices support pressing a special key combo at boot to enter Safe Mode as an emergency option. Magisk will detect Safe Mode being activated, and all modules will be disabled. Then reboot back to normal mode (the module disable state persists) and manage your modules through the Magisk app.
### Q: Why is X app detecting root?
Magisk no longer handles root hiding. There are plenty of Magisk/Zygisk modules available that specifically provide these functionalities, please search around 😉
### Q: After I hidden the Magisk app, the app icon is broken.
The Magisk app uses a more advanced hiding method that will install a "stub" APK that has nothing in it. The only functionality this stub app has is downloading the full Magisk app APK into its internal storage and dynamically load it. Due to the fact that the APK is literally *empty*, it does not contain the image resource for the app icon.
When hiding the Magisk app, it will install a "stub" APK that has nothing in it. The only functionality this stub app has is downloading the full Magisk app APK into its internal storage and dynamically loading it. Due to the fact that the APK is literally _empty_, it does not contain the image resource for the app icon.
When you open the hidden Magisk app, it will offer you the option to create a shortcut in the homescreen (which has both the correct app name and icon) for your convenience. You can also manually ask the app to create the icon in app settings.

149
docs/guides.md
View File

@ -1,7 +1,8 @@
# Developer Guides
## BusyBox
Magisk ships with a feature complete BusyBox binary (including full SELinux support). The executable is located at `/data/adb/magisk/busybox`. Magisk's BusyBox supports runtime toggle-able "ASH Standalone Shell Mode". What this standalone mode means is that when running in the `ash` shell of BusyBox, every single command will directly use the applet within BusyBox, regardless of what is set as `PATH`. For example, commands like `ls`, `rm`, `chmod` will **NOT** use what is in `PATH` (in the case of Android by default it will be `/system/bin/ls`, `/system/bin/rm`, and `/system/bin/chmod` respectively), but will instead directly call internal BusyBox applets. This makes sure that scripts always run in a predictable environment and always have the full suite of commands no matter which Android version it is running on. To force a command *not* to use BusyBox, you have to call the executable with full paths.
Magisk ships with a feature complete BusyBox binary (including full SELinux support). The executable is located at `/data/adb/magisk/busybox`. Magisk's BusyBox supports runtime toggle-able "ASH Standalone Shell Mode". What this standalone mode means is that when running in the `ash` shell of BusyBox, every single command will directly use the applet within BusyBox, regardless of what is set as `PATH`. For example, commands like `ls`, `rm`, `chmod` will **NOT** use what is in `PATH` (in the case of Android by default it will be `/system/bin/ls`, `/system/bin/rm`, and `/system/bin/chmod` respectively), but will instead directly call internal BusyBox applets. This makes sure that scripts always run in a predictable environment and always have the full suite of commands no matter which Android version it is running on. To force a command _not_ to use BusyBox, you have to call the executable with full paths.
Every single shell script running in the context of Magisk will be executed in BusyBox's `ash` shell with standalone mode enabled. For what is relevant to 3rd party developers, this includes all boot scripts and module installation scripts.
@ -12,8 +13,8 @@ For those who want to use this "Standalone Mode" feature outside of Magisk, ther
To make sure all subsequent `sh` shell executed also runs in standalone mode, option 1 is the preferred method (and this is what Magisk and the Magisk app internally use) as environment variables are inherited down to child processes.
## Magisk Modules
A Magisk module is a folder placed in `/data/adb/modules` with the structure below:
```
@ -25,48 +26,54 @@ A Magisk module is a folder placed in `/data/adb/modules` with the structure bel
│ │
│ │ *** Module Identity ***
│ │
   ├── module.prop <--- This file stores the metadata of the module
├── module.prop <--- This file stores the metadata of the module
│ │
│ │ *** Main Contents ***
│ │
│   ├── system <--- This folder will be mounted if skip_mount does not exist
│   │   ├── ...
│   │   ├── ...
│   │   └── ...
│ ├── system <--- This folder will be mounted if skip_mount does not exist
│ │ ├── ...
│ │ ├── ...
│ │ └── ...
│ │
│ ├── zygisk <--- This folder contains the native libraries to load in zygote
│ │ ├── arm64-v8a.so
│ │ ├── armeabi-v7a.so
│ │ ├── x86.so
│ │ ├── x86_64.so
│ │ └── unloaded <--- If exists, the native libraries are incompatible
│ │
│ │ *** Status Flags ***
│ │
│   ├── skip_mount <--- If exists, Magisk will NOT mount your system folder
│   ├── disable <--- If exists, the module will be disabled
│   ├── remove <--- If exists, the module will be removed next reboot
├── skip_mount <--- If exists, Magisk will NOT mount your system folder
├── disable <--- If exists, the module will be disabled
├── remove <--- If exists, the module will be removed next reboot
│ │
│ │ *** Optional Files ***
│ │
   ├── post-fs-data.sh <--- This script will be executed in post-fs-data
   ├── service.sh <--- This script will be executed in late_start service
├── post-fs-data.sh <--- This script will be executed in post-fs-data
├── service.sh <--- This script will be executed in late_start service
| ├── uninstall.sh <--- This script will be executed when Magisk removes your module
   ├── system.prop <--- Properties in this file will be loaded as system properties by resetprop
   ├── sepolicy.rule <--- Additional custom sepolicy rules
  
├── system.prop <--- Properties in this file will be loaded as system properties by resetprop
├── sepolicy.rule <--- Additional custom sepolicy rules
│ │ *** Auto Generated, DO NOT MANUALLY CREATE OR MODIFY ***
  
   ├── vendor <--- A symlink to $MODID/system/vendor
   ├── product <--- A symlink to $MODID/system/product
   ├── system_ext <--- A symlink to $MODID/system/system_ext
├── vendor <--- A symlink to $MODID/system/vendor
├── product <--- A symlink to $MODID/system/product
├── system_ext <--- A symlink to $MODID/system/system_ext
│ │
│ │ *** Any additional files / folders are allowed ***
│ │
   ├── ...
   └── ...
├── ...
└── ...
|
├── another_module
   ├── .
   └── .
├── .
└── .
├── .
├── .
```
#### module.prop
This is the **strict** format of `module.prop`
@ -78,28 +85,47 @@ version=<string>
versionCode=<int>
author=<string>
description=<string>
updateJson=<url> (optional)
```
- `id` has to match this regular expression: `^[a-zA-Z][a-zA-Z0-9._-]+$`<br>
ex: ✓ `a_module`, ✓ `a.module`, ✓ `module-101`, ✗ `a module`, ✗ `1_module`, ✗ `-a-module`<br>
This is the **unique identifier** of your module. You should not change it once published.
ex: ✓ `a_module`, ✓ `a.module`, ✓ `module-101`, ✗ `a module`, ✗ `1_module`, ✗ `-a-module`<br>
This is the **unique identifier** of your module. You should not change it once published.
- `versionCode` has to be an **integer**. This is used to compare versions
- Others that weren't mentioned above can be any **single line** string.
- Make sure to use the `UNIX (LF)` line break type and not the `Windows (CR+LF)` or `Macintosh (CR)` one.
- `updateJson` should point to a URL that downloads a JSON to provide info so the Magisk app can update the module.
Update JSON format:
```
{
"version": string,
"versionCode": int,
"zipUrl": url,
"changelog": url
}
```
#### Shell scripts (`*.sh`)
Please read the [Boot Scripts](#boot-scripts) section to understand the difference between `post-fs-data.sh` and `service.sh`. For most module developers, `service.sh` should be good enough if you just need to run a boot script.
In all scripts of your module, please use `MODDIR=${0%/*}` to get your module's base directory path; do **NOT** hardcode your module path in scripts.
If Zygisk is enabled, the environment variable `ZYGISK_ENABLED` will be set to `1`.
#### system.prop
This file follows the same format as `build.prop`. Each line comprises of `[key]=[value]`.
#### sepolicy.rule
If your module requires some additional sepolicy patches, please add those rules into this file. The module installer script and Magisk's daemon will make sure this file is copied to somewhere `magiskinit` can read pre-init to ensure these rules are injected properly.
Each line in this file will be treated as a policy statement. For more details about how a policy statement is formatted, please check [magiskpolicy](tools.md#magiskpolicy)'s documentation.
#### The `system` folder
All files you want Magisk to replace/inject for you should be placed in this folder. Please read through the [Magic Mount](details.md#magic-mount) section to understand how Magisk mount your files.
## Magisk Module Installer
@ -115,11 +141,11 @@ By default, `update-binary` will check/setup the environment, load utility funct
module.zip
├── META-INF
   └── com
      └── google
         └── android
            ├── update-binary <--- The module_installer.sh you downloaded
            └── updater-script <--- Should only contain the string "#MAGISK"
└── com
└── google
└── android
├── update-binary <--- The module_installer.sh you downloaded
└── updater-script <--- Should only contain the string "#MAGISK"
├── customize.sh <--- (Optional, more details later)
│ This script will be sourced by update-binary
@ -130,7 +156,7 @@ module.zip
#### Customization
If you need to customize the module installation process, optionally you can create a new script in the installer called `customize.sh`. This script will be *sourced* (not executed!) by `update-binary` after all files are extracted and default permissions and secontext are applied. This is very useful if your module includes different files based on ABI, or you need to set special permissions/secontext for some of your files (e.g. files in `/system/bin`).
If you need to customize the module installation process, optionally you can create a new script in the installer called `customize.sh`. This script will be _sourced_ (not executed!) by `update-binary` after all files are extracted and default permissions and secontext are applied. This is very useful if your module includes different files based on ABI, or you need to set special permissions/secontext for some of your files (e.g. files in `/system/bin`).
If you need even more customization and prefer to do everything on your own, declare `SKIPUNZIP=1` in `customize.sh` to skip the extraction and applying default permissions/secontext steps. Be aware that by doing so, your `customize.sh` will then be responsible to install everything by itself.
@ -139,6 +165,7 @@ If you need even more customization and prefer to do everything on your own, dec
This script will run in Magisk's BusyBox `ash` shell with "Standalone Mode" enabled. The following variables and shell functions are available for convenience:
##### Variables
- `MAGISK_VER` (string): the version string of current installed Magisk (e.g. `v20.0`)
- `MAGISK_VER_CODE` (int): the version code of current installed Magisk (e.g. `20000`)
- `BOOTMODE` (bool): `true` if the module is being installed in the Magisk app
@ -176,6 +203,7 @@ set_perm_recursive <directory> <owner> <group> <dirpermission> <filepermission>
```
##### Easy Replace
You can declare a list of folders you want to directly replace in the variable name `REPLACE`. The module installer script will pickup this variable and create `.replace` files for you. An example declaration:
```
@ -184,6 +212,7 @@ REPLACE="
/system/app/Bloatware
"
```
The list above will result in the following files being created: `$MODPATH/system/app/YouTube/.replace` and `$MODPATH/system/app/Bloatware/.replace`
#### Notes
@ -192,49 +221,41 @@ The list above will result in the following files being created: `$MODPATH/syste
- Due to historical reasons, **DO NOT** add a file named `install.sh` in your module installer. That specific file was previously used and will be treated differently.
- **DO NOT** call `exit` at the end of `customize.sh`. The module installer would want to do finalizations.
## Submit Modules
You can submit a module to **Magisk-Module-Repo** so users can download your module directly in the Magisk app.
- Follow the instructions in the previous section to create a valid installer for your module.
- Create `README.md` (filename should be exactly the same) containing all info for your module. If you are not familiar with the Markdown syntax, the [Markdown Cheat Sheet](https://github.com/adam-p/markdown-here/wiki/Markdown-Cheatsheet) will be handy.
- Create a repository with your personal GitHub account, and upload your module installer to the repo
- Create a request for submission via this link: [submission](https://github.com/Magisk-Modules-Repo/submission)
## Module Tricks
#### Remove Files
How to remove a file systemless-ly? To actually make the file *disappear* is complicated (possible, not worth the effort). Replacing it with a dummy file should be good enough! Create an empty file with the same name and place it in the same path within a module, it shall replace your target file with a dummy file.
How to remove a file systemless-ly? To actually make the file _disappear_ is complicated (possible, not worth the effort). Replacing it with a dummy file should be good enough! Create an empty file with the same name and place it in the same path within a module, it shall replace your target file with a dummy file.
#### Remove Folders
Same as mentioned above, actually making the folder *disappear* is not worth the effort. Replacing it with an empty folder should be good enough! A handy trick for module developers is to add the folder you want to remove into the `REPLACE` list within `customize.sh`. If your module doesn't provide a corresponding folder, it will create an empty folder, and automatically add `.replace` into the empty folder so the dummy folder will properly replace the one in `/system`.
Same as mentioned above, actually making the folder _disappear_ is not worth the effort. Replacing it with an empty folder should be good enough! A handy trick for module developers is to add the folder you want to remove into the `REPLACE` list within `customize.sh`. If your module doesn't provide a corresponding folder, it will create an empty folder, and automatically add `.replace` into the empty folder so the dummy folder will properly replace the one in `/system`.
## Boot Scripts
In Magisk, you can run boot scripts in 2 different modes: **post-fs-data** and **late_start service** mode.
- post-fs-data mode
- This stage is BLOCKING. The boot process is paused before execution is done, or 10 seconds have passed.
- Scripts run before any modules are mounted. This allows a module developer to dynamically adjust their modules before it gets mounted.
- This stage happens before Zygote is started, which pretty much means everything in Android
- **Run scripts in this mode only if necessary!**
- This stage is BLOCKING. The boot process is paused before execution is done, or 10 seconds have passed.
- Scripts run before any modules are mounted. This allows a module developer to dynamically adjust their modules before it gets mounted.
- This stage happens before Zygote is started, which pretty much means everything in Android
- **Run scripts in this mode only if necessary!**
- late_start service mode
- This stage is NON-BLOCKING. Your script runs in parallel along with the booting process.
- **This is the recommended stage to run most scripts!**
- This stage is NON-BLOCKING. Your script runs in parallel along with the booting process.
- **This is the recommended stage to run most scripts!**
In Magisk, there are also 2 kinds of scripts: **general scripts** and **module scripts**.
- General Scripts
- Placed in `/data/adb/post-fs-data.d` or `/data/adb/service.d`
- Only executed if the script is executable (execution permissions, `chmod +x script.sh`)
- Scripts in `post-fs-data.d` runs in post-fs-data mode, and scripts in `service.d` runs in late_start service mode.
- Modules should **NOT** add general scripts since it violates encapsulation
- Placed in `/data/adb/post-fs-data.d` or `/data/adb/service.d`
- Only executed if the script is executable (execution permissions, `chmod +x script.sh`)
- Scripts in `post-fs-data.d` runs in post-fs-data mode, and scripts in `service.d` runs in late_start service mode.
- Modules should **NOT** add general scripts since it violates encapsulation
- Module Scripts
- Placed in the folder of the module
- Only executed if the module is enabled
- `post-fs-data.sh` runs in post-fs-data mode, and `service.sh` runs in late_start service mode.
- Modules require boot scripts should **ONLY** use module scripts instead of general scripts
- Placed in the folder of the module
- Only executed if the module is enabled
- `post-fs-data.sh` runs in post-fs-data mode, and `service.sh` runs in late_start service mode.
- Modules require boot scripts should **ONLY** use module scripts instead of general scripts
These scripts will run in Magisk's BusyBox `ash` shell with "Standalone Mode" enabled.
@ -258,16 +279,16 @@ Here is an example of how to setup `overlay.d` with custom `*.rc` script:
ramdisk
├── overlay.d
   ├── sbin
├── sbin
│ │ ├── libfoo.ko <--- These 2 files will be copied
   │   └── myscript.sh <--- to Magisk's tmpfs directory
   ├── custom.rc   <--- This file will be injected into init.rc
   ├── res
   │   └── random.png <--- This file will replace /res/random.png
   └── new_file <--- This file will be ignored because
└── myscript.sh <--- to Magisk's tmpfs directory
├── custom.rc <--- This file will be injected into init.rc
├── res
└── random.png <--- This file will replace /res/random.png
└── new_file <--- This file will be ignored because
│ /new_file does not exist
├── res
   └── random.png <--- This file will be replaced by
└── random.png <--- This file will be replaced by
│ /overlay.d/res/random.png
├── ...
├── ... /* The rest of initramfs files */

82
docs/tools.md
View File

@ -1,4 +1,5 @@
# Magisk Tools
Magisk comes with a huge collections of tools for installation, daemons, and utilities for developers. This documentation covers the 3 binaries and all included applets. The binaries and applets are shown below:
```
@ -15,6 +16,7 @@ su -> magisk
Note: The Magisk zip you download only contains `magiskboot`, `magiskinit`, and `magiskinit64`. The binary `magisk` is compressed and embedded into `magiskinit(64)`. Push `magiskinit(64)` to your device and run `./magiskinit(64) -x magisk <path>` to extract `magisk` out of the binary.
### magiskboot
A tool to unpack / repack boot images, parse / patch / extract cpio, patch dtb, hex patch binaries, and compress / decompress files with multiple algorithms.
`magiskboot` natively supports (which means it does not rely on external tools) common compression formats including `gzip`, `lz4`, `lz4_legacy` ([only used on LG](https://events.static.linuxfound.org/sites/events/files/lcjpcojp13_klee.pdf)), `lzma`, `xz`, and `bzip2`.
@ -22,7 +24,7 @@ A tool to unpack / repack boot images, parse / patch / extract cpio, patch dtb,
The concept of `magiskboot` is to make boot image modification simpler. For unpacking, it parses the header and extracts all sections in the image, decompressing on-the-fly if compression is detected in any sections. For repacking, the original boot image is required so the original headers can be used, changing only the necessary entries such as section sizes and checksum. All sections will be compressed back to the original format if required. The tool also supports many CPIO and DTB operations.
```
Usage: magiskboot <action> [args...]
Usage: ./magiskboot <action> [args...]
Supported actions:
unpack [-n] [-h] <bootimg>
@ -39,8 +41,10 @@ Supported actions:
Repack boot image components from current directory
to [outbootimg], or new-boot.img if not specified.
If '-n' is provided, it will not attempt to recompress ramdisk.cpio,
otherwise it will compress ramdisk.cpio and kernel with the same method
in <origbootimg> if the file provided is not already compressed.
otherwise it will compress ramdisk.cpio and kernel with the same format
as in <origbootimg> if the file provided is not already compressed.
If env variable PATCHVBMETAFLAG is set to true, all disable flags will
be set in the vbmeta header.
hexpatch <file> <hexpattern1> <hexpattern2>
Search <hexpattern1> in <file>, and replace with <hexpattern2>
@ -64,9 +68,9 @@ Supported actions:
extract [ENTRY OUT]
Extract ENTRY to OUT, or extract all entries to current directory
test
Test the current cpio's patch status
Return values:
0:stock 1:Magisk 2:unsupported (phh, SuperSU, Xposed)
Test the current cpio's status
Return value is 0 or bitwise or-ed of following values:
0x1:Magisk 0x2:unsupported 0x4:Sony
patch
Apply ramdisk patches
Configure with env variables: KEEPVERITY KEEPFORCEENCRYPT
@ -97,21 +101,23 @@ Supported actions:
cleanup
Cleanup the current working directory
compress[=method] <infile> [outfile]
Compress <infile> with [method] (default: gzip), optionally to [outfile]
compress[=format] <infile> [outfile]
Compress <infile> with [format] (default: gzip), optionally to [outfile]
<infile>/[outfile] can be '-' to be STDIN/STDOUT
Supported methods: bzip2 gzip lz4 lz4_legacy lz4_lg lzma xz
Supported formats: gzip zopfli xz lzma bzip2 lz4 lz4_legacy lz4_lg
decompress <infile> [outfile]
Detect method and decompress <infile>, optionally to [outfile]
Detect format and decompress <infile>, optionally to [outfile]
<infile>/[outfile] can be '-' to be STDIN/STDOUT
Supported methods: bzip2 gzip lz4 lz4_legacy lz4_lg lzma xz
Supported formats: gzip zopfli xz lzma bzip2 lz4 lz4_legacy lz4_lg
```
### magiskinit
This binary will replace `init` in the ramdisk of a Magisk patched boot image. It is originally created for supporting devices using system-as-root, but the tool is extended to support all devices and became a crucial part of Magisk. More details can be found in the **Pre-Init** section in [Magisk Booting Process](details.md#magisk-booting-process).
### magiskpolicy
(This tool is aliased to `supolicy` for compatibility with SuperSU's sepolicy tool)
An applet of `magiskinit`. This tool could be used for advanced developers to modify SELinux policies. In common scenarios like Linux server admins, they would directly modify the SELinux policy sources (`*.te`) and recompile the `sepolicy` binary, but here on Android we directly patch the binary file (or runtime policies).
@ -119,23 +125,23 @@ An applet of `magiskinit`. This tool could be used for advanced developers to mo
All processes spawned from the Magisk daemon, including root shells and all its forks, are running in the context `u:r:magisk:s0`. The rule used on all Magisk installed systems can be viewed as stock `sepolicy` with these patches: `magiskpolicy --magisk 'allow magisk * * *'`.
```
Usage: magiskpolicy [--options...] [policy statements...]
Usage: ./magiskpolicy [--options...] [policy statements...]
Options:
--help show help message for policy statements
--load FILE load policies from FILE
--load FILE load monolithic sepolicy from FILE
--load-split load from precompiled sepolicy or compile
split policies
split cil policies
--compile-split compile split cil policies
--save FILE save policies to FILE
--live directly apply sepolicy live
--magisk inject built-in rules for a minimal
Magisk selinux environment
--save FILE dump monolithic sepolicy to FILE
--live immediately load sepolicy into the kernel
--magisk apply built-in Magisk sepolicy rules
--apply FILE apply rules from FILE, read and parsed
line by line as policy statements
(multiple --apply are allowed)
If neither --load or --compile-split is specified, it will load
from current live policies (/sys/fs/selinux/policy)
If neither --load, --load-split, nor --compile-split is specified,
it will load from current live policies (/sys/fs/selinux/policy)
One policy statement should be treated as one parameter;
this means each policy statement should be enclosed in quotes.
@ -189,8 +195,8 @@ Supported policy statements:
"genfscon fs_name partial_path fs_context"
```
### magisk
When the magisk binary is called with the name `magisk`, it works as a utility tool with many helper functions and the entry points for several Magisk services.
```
@ -207,6 +213,7 @@ Options:
Advanced Options (Internal APIs):
--daemon manually start magisk daemon
--stop remove all magisk changes and stop daemon
--[init trigger] start service for init trigger
Supported init triggers:
post-fs-data, service, boot-complete
@ -216,12 +223,25 @@ Advanced Options (Internal APIs):
--clone SRC DEST clone SRC to DEST
--sqlite SQL exec SQL commands to Magisk database
--path print Magisk tmpfs mount path
--denylist ARGS denylist config CLI
Available applets:
su, resetprop, magiskhide
su, resetprop
Usage: magisk --denylist [action [arguments...] ]
Actions:
status Return the enforcement status
enable Enable denylist enforcement
disable Disable denylist enforcement
add PKG [PROC] Add a new target to the denylist
rm PKG [PROC] Remove target(s) from the denylist
ls Print the current denylist
exec CMDs... Execute commands in isolated mount
namespace and do all unmounts
```
### su
An applet of `magisk`, the MagiskSU entry point. Good old `su` command.
```
@ -243,6 +263,7 @@ Options:
Note: even though the `-Z, --context` option is not listed above, the option still exists for CLI compatibility with apps designed for SuperSU. However the option is silently ignored since it's no longer relevant.
### resetprop
An applet of `magisk`. An advanced system property manipulation utility. Check the [Resetprop Details](details.md#resetprop) for more background information.
```
@ -263,20 +284,3 @@ Flags:
-p read/write props from/to persistent storage
(this flag only affects getprop and delprop)
```
### magiskhide
An applet of `magisk`, the CLI to control MagiskHide. Use this tool to communicate with the daemon to change MagiskHide settings.
```
Usage: magiskhide [action [arguments...] ]
Actions:
status Return the status of magiskhide
enable Start magiskhide
disable Stop magiskhide
add PKG [PROC] Add a new target to the hide list
rm PKG [PROC] Remove target(s) from the hide list
ls Print the current hide list
exec CMDs... Execute commands in isolated mount
namespace and do all hide unmounts
```