From a8311108167fcb073c2284c7dbeded85eb957ae8 Mon Sep 17 00:00:00 2001
From: topjohnwu <topjohnwu@gmail.com>
Date: Tue, 31 Oct 2017 17:05:24 +0800
Subject: [PATCH] Add boot signing to installation

---
 README.MD                 | 28 +++++++---------------------
 java                      |  2 +-
 scripts/flash_script.sh   |  6 +++++-
 scripts/util_functions.sh |  8 ++++++--
 4 files changed, 19 insertions(+), 25 deletions(-)

diff --git a/README.MD b/README.MD
index e7c460cf5..78204b301 100644
--- a/README.MD
+++ b/README.MD
@@ -2,11 +2,7 @@
 
 ## How to build Magisk
 
-#### Building has been tested on 3 major platforms:
-
-**macOS 10.12**  
-**Ubuntu 17.04 x64**  
-**Windows 10 x64**
+#### Building has been tested on 3 major platforms: macOS, Ubuntu, Windows 10
 
 #### Environment Requirements
 
@@ -14,8 +10,8 @@
 2. Python 3.5+: to run the build script
 3. Java Development Kit (JDK) 8: To compile Magisk Manager and sign zips
 4. C compiler (Unix only): To build `zipadjust`. Windows users can use the pre-built `zipadjust.exe`
-5. Android SDK: `ANDROID_HOME` environment variable should point to the Android SDK folder
-6. Android NDK: Install NDK via `sdkmanager`, or via Android SDK Manager in Android Studio
+5. Latest Android SDK: `ANDROID_HOME` environment variable should point to the Android SDK folder
+6. Latest Android NDK: Install NDK via `sdkmanager`, or via Android SDK Manager in Android Studio
 
 #### Instructions and Notes
 
@@ -29,7 +25,7 @@
 ## License
 
 ```
-Magisk, including all subprojects (git submodule) is free software:
+Magisk, including all git submodules are free software:
 you can redistribute it and/or modify it under the terms of the 
 GNU General Public License as published by the Free Software Foundation, 
 either version 3 of the License, or (at your option) any later version.
@@ -67,29 +63,19 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 **MagiskHide** (`jni/magiskhide`)
 
 * Copyright 2016-2017, John Wu (@topjohnwu)
-* Copyright 2016, Pierre-Hugues Husson (phh@phh.me) (original hidesu)
+* Copyright 2016, Pierre-Hugues Husson (phh@phh.me)
 
 **resetprop** (`jni/resetprop`)
 
  * Copyright 2016-2017 John Wu (@topjohnwu)
  * Copyright 2016 nkk71 (nkk71x@gmail.com)
 
-**SELinux** (`jni/selinux`)
-
-* Makefile for NDK: Copyright 2016-2017, John Wu (@topjohnwu)
-* Maintained by many developers in SELinux project
-
-**ndk-compression** (`jni/ndk-compression`)
-
-* Makefile for NDK: Copyright 2017, John Wu (@topjohnwu)
-* Each library has its own copyright message in corresponding directories
-
-**ndk-busybox** (`jni/busybox`)
+**ndk-busybox** (`jni/external/busybox`)
 
 * Makefile for NDK, generated by [ndk-busybox-kitchen](https://github.com/topjohnwu/ndk-busybox-kitchen): Copyright 2017, John Wu (@topjohnwu)
 * Patches for NDK: Many contributors along the way, all placed in [osm0sis/android-busybox-ndk](https://github.com/osm0sis/android-busybox-ndk)
 * The copyright message for busybox should be included in its own directory
 
-**Others Not Mentioned**
+**Others Not Mentioned** (exclude `jni/external`)
 
 * Copyright 2016-2017, John Wu (@topjohnwu)
diff --git a/java b/java
index 05f41928c..fdd700f3e 160000
--- a/java
+++ b/java
@@ -1 +1 @@
-Subproject commit 05f41928cd0f72ddab557c8db6c2fc11c3fd08e6
+Subproject commit fdd700f3e5c2f9d7688d2434d4dbee8c12524411
diff --git a/scripts/flash_script.sh b/scripts/flash_script.sh
index 4cbf8c993..0bd52fbbc 100644
--- a/scripts/flash_script.sh
+++ b/scripts/flash_script.sh
@@ -22,6 +22,7 @@ TMPDIR=/dev/tmp
 
 INSTALLER=$TMPDIR/install
 COMMONDIR=$INSTALLER/common
+APK=$COMMONDIR/magisk.apk
 CHROMEDIR=$INSTALLER/chromeos
 COREDIR=/magisk/.core
 
@@ -109,7 +110,10 @@ $BOOTMODE || recovery_actions
 
 find_boot_image
 [ -z $BOOTIMAGE ] && abort "! Unable to detect boot image"
-ui_print "- Found Boot Image: $BOOTIMAGE"
+ui_print "- Found boot image: $BOOTIMAGE"
+
+eval $BOOTSIGNER -verify < $BOOTIMAGE && BOOTSIGNED=true
+$BOOTSIGNED && ui_print "- Signed boot image detected"
 
 SOURCEDMODE=true
 cd $MAGISKBIN
diff --git a/scripts/util_functions.sh b/scripts/util_functions.sh
index 0b5770911..c1d8d05df 100644
--- a/scripts/util_functions.sh
+++ b/scripts/util_functions.sh
@@ -13,6 +13,9 @@ SCRIPT_VERSION=$MAGISK_VER_CODE
 # Default location, will override if needed
 MAGISKBIN=/data/magisk
 
+BOOTSIGNER="/system/bin/dalvikvm -Xnodex2oat -Xnoimage-dex2oat -cp \$APK com.topjohnwu.magisk.utils.BootSigner"
+BOOTSIGNED=false
+
 get_outfd() {
   readlink /proc/$$/fd/$OUTFD 2>/dev/null | grep /tmp >/dev/null
   if [ "$?" -eq "0" ]; then
@@ -137,14 +140,15 @@ flash_boot_image() {
     *.gz) COMMAND="gzip -d < \"$1\"";;
     *)    COMMAND="cat \"$1\"";;
   esac
+  $BOOTSIGNED && SIGNCOM="$BOOTSIGNER -sign" || SIGNCOM="cat -"
   case "$2" in
     /dev/block/*)
       ui_print "- Flashing new boot image"
-      eval $COMMAND | cat - /dev/zero | dd of="$2" bs=4096 >/dev/null 2>&1
+      eval $COMMAND | eval $SIGNCOM | cat - /dev/zero | dd of="$2" bs=4096 >/dev/null 2>&1
       ;;
     *)
       ui_print "- Storing new boot image"
-      eval $COMMAND | dd of="$2" bs=4096 >/dev/null 2>&1
+      eval $COMMAND | eval $SIGNCOM | dd of="$2" bs=4096 >/dev/null 2>&1
       ;;
   esac
 }