Bump Magisk Manager version

Previously, if `cpio_vec_insert()` needed to replace a file and the file
already exists as the first entry, then a duplicate entry would get
created.

This fixes the bug I reported at:
https://forum.xda-developers.com/showpost.php?p=75449768&postcount=22647

Signed-off-by: Andrew Gunnerson <andrewgunnerson@gmail.com>

.gitmodules

@@ -1,27 +1,27 @@
-[submodule "jni/selinux"]
-	path = core/jni/external/selinux
+[submodule "selinux"]
+	path = native/jni/external/selinux
 	url = https://github.com/topjohnwu/selinux.git
-[submodule "jni/su"]
-	path = core/jni/su
+[submodule "su"]
+	path = native/jni/su
 	url = https://github.com/topjohnwu/MagiskSU.git
-[submodule "jni/magiskpolicy"]
-	path = core/jni/magiskpolicy
+[submodule "magiskpolicy"]
+	path = native/jni/magiskpolicy
 	url = https://github.com/topjohnwu/magiskpolicy.git
 [submodule "MagiskManager"]
 	path = app
 	url = https://github.com/topjohnwu/MagiskManager.git
-[submodule "jni/busybox"]
-	path = core/jni/external/busybox
+[submodule "busybox"]
+	path = native/jni/external/busybox
 	url = https://github.com/topjohnwu/ndk-busybox.git
-[submodule "jni/external/dtc"]
-	path = core/jni/external/dtc
+[submodule "dtc"]
+	path = native/jni/external/dtc
 	url = https://github.com/dgibson/dtc
-[submodule "jni/external/lz4"]
-	path = core/jni/external/lz4
+[submodule "lz4"]
+	path = native/jni/external/lz4
 	url = https://github.com/lz4/lz4.git
-[submodule "jni/external/bzip2"]
-	path = core/jni/external/bzip2
+[submodule "bzip2"]
+	path = native/jni/external/bzip2
 	url = https://github.com/nemequ/bzip2.git
-[submodule "jni/external/xz"]
-	path = core/jni/external/xz
+[submodule "xz"]
+	path = native/jni/external/xz
 	url = https://github.com/xz-mirror/xz.git

README.MD

@@ -6,17 +6,15 @@
 
 ### Environment Requirements
 
-1. A 64-bit machine: `cmake` for Android is only available in 64-bit
-2. Python 3.5+: run `build.py` script
-3. Java Development Kit (JDK) 8: Compile Magisk Manager and sign zips
-4. Latest Android SDK: `ANDROID_HOME` environment variable should point to the Android SDK folder
-5. Android NDK: Install NDK along with SDK (`$ANDROID_HOME/ndk-bundle`), or specify custom path `ANDROID_NDK`
-6. (Windows Only) Python package Colorama: Install with `pip install colorama`, used for ANSI color codes
-7. (Unix only) C compiler: Build `zipadjust`. Windows users can use the pre-built `zipadjust.exe`
+1. Python 3.5+: run `build.py` script
+2. Java Development Kit (JDK) 8: Compile Magisk Manager and sign zips
+3. Latest Android SDK: `ANDROID_HOME` environment variable should point to the Android SDK folder
+4. Android NDK: Install NDK along with SDK (`$ANDROID_HOME/ndk-bundle`), or specify custom path `ANDROID_NDK`
+5. (Windows Only) Python package Colorama: Install with `pip install colorama`, used for ANSI color codes
 
 ### Instructions and Notes
 1. Magisk can be built with the latest NDK (r16 as of writing), however binaries released officially will be built with NDK r10e due to ELF incompatibilities with the binaries built from the newer NDKs.
-2. The easiest way to setup the environment is by importing this folder as an Android Studio project. The IDE will download required components and construct the environment for you. You still have to set the `ANDROID_HOME` environment variable to point to the SDK path.
+2. The easiest way to setup the environment is by importing the folder as an Android Studio project. The IDE will download required components and construct the environment for you. You still have to set the `ANDROID_HOME` environment variable to point to the SDK path.
 3. Run `build.py` with argument `-h` to see the built-in help message. The `-h` option also works for each supported actions, e.g. `./build.py binary -h`
 4. Build everything with `build.py`, don't directly call `gradlew` or `ndk-build`, since most requires special setup / dependencies.
 5. By default, `build.py` will build binaries and Magisk Manager in debug mode. If you want to build Magisk Manager in release mode (through the flag `--release`), you will need to place a Java Keystore file at `release_signature.jks` to sign Magisk Manager's APK. For more information, check out [Google's Official Documentation](https://developer.android.com/studio/publish/app-signing.html#signing-manually).
@@ -46,7 +44,7 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 * Copyright 2016-2018, John Wu (@topjohnwu)
 * All contributors and translators on Github
 
-**MagiskSU** (`core/jni/su`)
+**MagiskSU** (`native/jni/su`)
 
 * Copyright 2016-2018, John Wu (@topjohnwu)
 * Copyright 2015, Pierre-Hugues Husson (phh@phh.me)
@@ -54,23 +52,23 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 * Copyright 2010, Adam Shanks (@ChainsDD)
 * Copyright 2008, Zinx Verituse (@zinxv)
 
-**MagiskPolicy** (`core/jni/magiskpolicy`)
+**MagiskPolicy** (`native/jni/magiskpolicy`)
 
 * Copyright 2016-2018, John Wu (@topjohnwu)
 * Copyright 2015, Pierre-Hugues Husson (phh@phh.me)
 * Copyright 2015, Joshua Brindle (@joshua_brindle)
 
-**MagiskHide** (`core/jni/magiskhide`)
+**MagiskHide** (`native/jni/magiskhide`)
 
 * Copyright 2016-2018, John Wu (@topjohnwu)
 * Copyright 2016, Pierre-Hugues Husson (phh@phh.me)
 
-**resetprop** (`core/jni/resetprop`)
+**resetprop** (`native/jni/resetprop`)
 
  * Copyright 2016-2018 John Wu (@topjohnwu)
  * Copyright 2016 nkk71 (nkk71x@gmail.com)
 
-**External Dependencies** (`core/jni/external`)
+**External Dependencies** (`native/jni/external`)
 
 * Makefile for busybox, generated by [ndk-busybox-kitchen](https://github.com/topjohnwu/ndk-busybox-kitchen)
 * Each dependencies has its own license/copyright information in each subdirectory.  

build.py

@@ -26,13 +26,6 @@ try:
 except FileNotFoundError:
 	error('Please install Java and make sure \'java\' is available in PATH')
 
-# If not Windows, we need gcc to compile
-if os.name != 'nt':
-	try:
-		subprocess.run(['gcc', '-v'], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
-	except FileNotFoundError:
-		error('Please install C compiler and make sure \'gcc\' is available in PATH')
-
 import argparse
 import multiprocessing
 import zipfile
@@ -89,13 +82,13 @@ def build_binary(args):
 	header('* Building Magisk binaries')
 
 	# Force update logging.h timestamp to trigger recompilation
-	os.utime(os.path.join('core', 'jni', 'include', 'logging.h'))
+	os.utime(os.path.join('native', 'jni', 'include', 'logging.h'))
 
 	debug_flag = '' if args.release else '-DMAGISK_DEBUG'
 	cflag = 'MAGISK_FLAGS=\"-DMAGISK_VERSION=\\\"{}\\\" -DMAGISK_VER_CODE={} {}\"'.format(args.versionString, args.versionCode, debug_flag)
 
 	# Prebuild
-	proc = subprocess.run('{} -C core PRECOMPILE=true {} -j{}'.format(ndk_build, cflag, multiprocessing.cpu_count()), shell=True)
+	proc = subprocess.run('{} -C native PRECOMPILE=true {} -j{}'.format(ndk_build, cflag, multiprocessing.cpu_count()), shell=True)
 	if proc.returncode != 0:
 		error('Build Magisk binary failed!')
 
@@ -104,7 +97,7 @@ def build_binary(args):
 		mkdir_p(os.path.join('out', arch))
 		with open(os.path.join('out', arch, 'dump.h'), 'w') as dump:
 			dump.write('#include "stdlib.h"\n')
-			mv(os.path.join('core', 'libs', arch, 'magisk'), os.path.join('out', arch, 'magisk'))
+			mv(os.path.join('native', 'libs', arch, 'magisk'), os.path.join('out', arch, 'magisk'))
 			with open(os.path.join('out', arch, 'magisk'), 'rb') as bin:
 				dump.write('const uint8_t magisk_dump[] = "')
 				dump.write(''.join("\\x{:02X}".format(c) for c in lzma.compress(bin.read(), preset=9)))
@@ -112,7 +105,7 @@ def build_binary(args):
 
 	print('')
 
-	proc = subprocess.run('{} -C core {} -j{}'.format(ndk_build, cflag, multiprocessing.cpu_count()), shell=True)
+	proc = subprocess.run('{} -C native {} -j{}'.format(ndk_build, cflag, multiprocessing.cpu_count()), shell=True)
 	if proc.returncode != 0:
 		error('Build Magisk binary failed!')
 
@@ -120,18 +113,13 @@ def build_binary(args):
 	for arch in ['arm64-v8a', 'armeabi-v7a', 'x86', 'x86_64']:
 		for binary in ['magiskinit', 'magiskboot', 'b64xz', 'busybox']:
 			try:
-				mv(os.path.join('core', 'libs', arch, binary), os.path.join('out', arch, binary))
+				mv(os.path.join('native', 'libs', arch, binary), os.path.join('out', arch, binary))
 			except:
 				pass
 
 def build_apk(args):
 	header('* Building Magisk Manager')
 
-	for key in ['public.certificate.x509.pem', 'private.key.pk8']:
-		source = os.path.join('ziptools', key)
-		target = os.path.join('app', 'src', 'main', 'assets', key)
-		cp(source, target)
-
 	for script in ['magisk_uninstaller.sh', 'util_functions.sh']:
 		source = os.path.join('scripts', script)
 		target = os.path.join('app', 'src', 'main', 'assets', script)
@@ -331,51 +319,22 @@ def zip_uninstaller(args):
 	sign_adjust_zip(unsigned, output)
 
 def sign_adjust_zip(unsigned, output):
-	signer_name = 'zipsigner-1.1.jar'
-	jarsigner = os.path.join('crypto', 'build', 'libs', signer_name)
+	signer_name = 'zipsigner-2.1.jar'
+	jarsigner = os.path.join('utils', 'build', 'libs', signer_name)
 
-	if os.name != 'nt' and not os.path.exists(os.path.join('ziptools', 'zipadjust')):
-		header('* Building zipadjust')
-		# Compile zipadjust
-		proc = subprocess.run('gcc -o ziptools/zipadjust ziptools/zipadjust_src/*.c -lz', shell=True)
-		if proc.returncode != 0:
-			error('Build zipadjust failed!')
 	if not os.path.exists(jarsigner):
 		header('* Building ' + signer_name)
-		proc = subprocess.run('{} crypto:shadowJar'.format(os.path.join('.', 'gradlew')), shell=True)
+		proc = subprocess.run('{} utils:shadowJar'.format(os.path.join('.', 'gradlew')), shell=True)
 		if proc.returncode != 0:
 			error('Build {} failed!'.format(signer_name))
 
-	header('* Signing / Adjusting Zip')
-
-	publicKey = os.path.join('ziptools', 'public.certificate.x509.pem')
-	privateKey = os.path.join('ziptools', 'private.key.pk8')
+	header('* Signing Zip')
 
 	signed = tempfile.mkstemp()[1]
 
-	# Unsigned->signed
-	proc = subprocess.run(['java', '-jar', jarsigner,
-		publicKey, privateKey, unsigned, signed])
+	proc = subprocess.run(['java', '-jar', jarsigner, unsigned, output])
 	if proc.returncode != 0:
-		error('First sign flashable zip failed!')
-
-	adjusted = tempfile.mkstemp()[1]
-
-	# Adjust zip
-	proc = subprocess.run([os.path.join('ziptools', 'zipadjust'), signed, adjusted])
-	if proc.returncode != 0:
-		error('Adjust flashable zip failed!')
-
-	# Adjusted -> output
-	proc = subprocess.run(['java', '-jar', jarsigner,
-		"-m", publicKey, privateKey, adjusted, output])
-	if proc.returncode != 0:
-		error('Second sign flashable zip failed!')
-
-	# Cleanup
-	rm(unsigned)
-	rm(signed)
-	rm(adjusted)
+		error('Signing zip failed!')
 
 def cleanup(args):
 	if len(args.target) == 0:
@@ -383,14 +342,14 @@ def cleanup(args):
 
 	if 'binary' in args.target:
 		header('* Cleaning binaries')
-		subprocess.run(ndk_build + ' -C core PRECOMPILE=true clean', shell=True)
-		subprocess.run(ndk_build + ' -C core clean', shell=True)
+		subprocess.run(ndk_build + ' -C native PRECOMPILE=true clean', shell=True)
+		subprocess.run(ndk_build + ' -C native clean', shell=True)
 		for arch in ['arm64-v8a', 'armeabi-v7a', 'x86', 'x86_64']:
 			shutil.rmtree(os.path.join('out', arch), ignore_errors=True)
 
 	if 'java' in args.target:
 		header('* Cleaning java')
-		subprocess.run('{} app:clean snet:clean crypto:clean'.format(os.path.join('.', 'gradlew')), shell=True)
+		subprocess.run('{} app:clean snet:clean utils:clean'.format(os.path.join('.', 'gradlew')), shell=True)
 		for f in os.listdir('out'):
 			if '.apk' in f:
 				rm(os.path.join('out', f))

core/jni/core/socket.c

@@ -1,152 +0,0 @@
-/* socket.c - All socket related operations
- */
-
-#include <fcntl.h>
-
-#include "daemon.h"
-#include "logging.h"
-#include "utils.h"
-#include "magisk.h"
-
-/* Setup the address and return socket fd */
-int setup_socket(struct sockaddr_un *sun) {
-    int fd = xsocket(AF_LOCAL, SOCK_STREAM | SOCK_CLOEXEC, 0);
-    memset(sun, 0, sizeof(*sun));
-    sun->sun_family = AF_LOCAL;
-    memcpy(sun->sun_path, REQUESTOR_DAEMON_PATH, sizeof(REQUESTOR_DAEMON_PATH) - 1);
-    return fd;
-}
-
-
-/*
- * Receive a file descriptor from a Unix socket.
- * Contributed by @mkasick
- *
- * Returns the file descriptor on success, or -1 if a file
- * descriptor was not actually included in the message
- *
- * On error the function terminates by calling exit(-1)
- */
-int recv_fd(int sockfd) {
-    // Need to receive data from the message, otherwise don't care about it.
-    char iovbuf;
-
-    struct iovec iov = {
-        .iov_base = &iovbuf,
-        .iov_len  = 1,
-    };
-
-    char cmsgbuf[CMSG_SPACE(sizeof(int))];
-
-    struct msghdr msg = {
-        .msg_iov        = &iov,
-        .msg_iovlen     = 1,
-        .msg_control    = cmsgbuf,
-        .msg_controllen = sizeof(cmsgbuf),
-    };
-
-    xrecvmsg(sockfd, &msg, MSG_WAITALL);
-
-    // Was a control message actually sent?
-    switch (msg.msg_controllen) {
-    case 0:
-        // No, so the file descriptor was closed and won't be used.
-        return -1;
-    case sizeof(cmsgbuf):
-        // Yes, grab the file descriptor from it.
-        break;
-    default:
-        goto error;
-    }
-
-    struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg);
-
-    if (cmsg             == NULL                  ||
-        cmsg->cmsg_len   != CMSG_LEN(sizeof(int)) ||
-        cmsg->cmsg_level != SOL_SOCKET            ||
-        cmsg->cmsg_type  != SCM_RIGHTS) {
-error:
-        LOGE("unable to read fd");
-        exit(-1);
-    }
-
-    return *(int *)CMSG_DATA(cmsg);
-}
-
-/*
- * Send a file descriptor through a Unix socket.
- * Contributed by @mkasick
- *
- * On error the function terminates by calling exit(-1)
- *
- * fd may be -1, in which case the dummy data is sent,
- * but no control message with the FD is sent.
- */
-void send_fd(int sockfd, int fd) {
-    // Need to send some data in the message, this will do.
-    struct iovec iov = {
-        .iov_base = "",
-        .iov_len  = 1,
-    };
-
-    struct msghdr msg = {
-        .msg_iov        = &iov,
-        .msg_iovlen     = 1,
-    };
-
-    char cmsgbuf[CMSG_SPACE(sizeof(int))];
-
-    if (fd != -1) {
-        // Is the file descriptor actually open?
-        if (fcntl(fd, F_GETFD) == -1) {
-            if (errno != EBADF) {
-                PLOGE("unable to send fd");
-            }
-            // It's closed, don't send a control message or sendmsg will EBADF.
-        } else {
-            // It's open, send the file descriptor in a control message.
-            msg.msg_control    = cmsgbuf;
-            msg.msg_controllen = sizeof(cmsgbuf);
-
-            struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg);
-
-            cmsg->cmsg_len   = CMSG_LEN(sizeof(int));
-            cmsg->cmsg_level = SOL_SOCKET;
-            cmsg->cmsg_type  = SCM_RIGHTS;
-
-            *(int *)CMSG_DATA(cmsg) = fd;
-        }
-    }
-
-    xsendmsg(sockfd, &msg, 0);
-}
-
-int read_int(int fd) {
-    int val;
-    xxread(fd, &val, sizeof(int));
-    return val;
-}
-
-void write_int(int fd, int val) {
-    if (fd < 0) return;
-    xwrite(fd, &val, sizeof(int));
-}
-
-char* read_string(int fd) {
-    int len = read_int(fd);
-    if (len > PATH_MAX || len < 0) {
-        LOGE("invalid string length %d", len);
-        exit(1);
-    }
-    char* val = xmalloc(sizeof(char) * (len + 1));
-    xxread(fd, val, len);
-    val[len] = '\0';
-    return val;
-}
-
-void write_string(int fd, const char* val) {
-    if (fd < 0) return;
-    int len = strlen(val);
-    write_int(fd, len);
-    xwrite(fd, val, len);
-}

core/jni/magiskboot/bootimg.h

@@ -1,127 +0,0 @@
-/* tools/mkbootimg/bootimg.h
-**
-** Copyright 2007, The Android Open Source Project
-**
-** Licensed under the Apache License, Version 2.0 (the "License");
-** you may not use this file except in compliance with the License.
-** You may obtain a copy of the License at
-**
-**     http://www.apache.org/licenses/LICENSE-2.0
-**
-** Unless required by applicable law or agreed to in writing, software
-** distributed under the License is distributed on an "AS IS" BASIS,
-** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-** See the License for the specific language governing permissions and
-** limitations under the License.
-*/
-
-#include <stdint.h>
-#include "types.h"
-
-#ifndef _BOOT_IMAGE_H_
-#define _BOOT_IMAGE_H_
-
-typedef struct boot_img_hdr boot_img_hdr;
-
-#define BOOT_MAGIC "ANDROID!"
-#define BOOT_MAGIC_SIZE 8
-#define BOOT_NAME_SIZE 16
-#define BOOT_ARGS_SIZE 512
-#define BOOT_EXTRA_ARGS_SIZE 1024
-
-struct boot_img_hdr
-{
-    uint8_t magic[BOOT_MAGIC_SIZE];
-
-    uint32_t kernel_size;  /* size in bytes */
-    uint32_t kernel_addr;  /* physical load addr */
-
-    uint32_t ramdisk_size; /* size in bytes */
-    uint32_t ramdisk_addr; /* physical load addr */
-
-    uint32_t second_size;  /* size in bytes */
-    uint32_t second_addr;  /* physical load addr */
-
-    uint32_t tags_addr;    /* physical addr for kernel tags */
-    uint32_t page_size;    /* flash page size we assume */
-    uint32_t extra_size;   /* extra blob size in bytes */
-
-    /* operating system version and security patch level; for
-     * version "A.B.C" and patch level "Y-M-D":
-     * ver = A << 14 | B << 7 | C         (7 bits for each of A, B, C)
-     * lvl = ((Y - 2000) & 127) << 4 | M  (7 bits for Y, 4 bits for M)
-     * os_version = ver << 11 | lvl */
-    uint32_t os_version;
-
-    uint8_t name[BOOT_NAME_SIZE]; /* asciiz product name */
-
-    uint8_t cmdline[BOOT_ARGS_SIZE];
-
-    uint32_t id[8]; /* timestamp / checksum / sha1 / etc */
-
-    /* Supplemental command line data; kept here to maintain
-     * binary compatibility with older versions of mkbootimg */
-    uint8_t extra_cmdline[BOOT_EXTRA_ARGS_SIZE];
-} __attribute__((packed));
-
-/*
-** +-----------------+
-** | boot header     | 1 page
-** +-----------------+
-** | kernel          | n pages
-** +-----------------+
-** | ramdisk         | m pages
-** +-----------------+
-** | second stage    | o pages
-** +-----------------+
-** | extra blobs     | p pages
-** +-----------------+
-**
-** n = (kernel_size + page_size - 1) / page_size
-** m = (ramdisk_size + page_size - 1) / page_size
-** o = (second_size + page_size - 1) / page_size
-** p = (extra_size + page_size - 1) / page_size
-**
-** 0. all entities are page_size aligned in flash
-** 1. kernel and ramdisk are required (size != 0)
-** 2. second is optional (second_size == 0 -> no second)
-** 3. load each element (kernel, ramdisk, second) at
-**    the specified physical address (kernel_addr, etc)
-** 4. prepare tags at tag_addr.  kernel_args[] is
-**    appended to the kernel commandline in the tags.
-** 5. r0 = 0, r1 = MACHINE_TYPE, r2 = tags_addr
-** 6. if second_size != 0: jump to second_addr
-**    else: jump to kernel_addr
-*/
-
-typedef struct mtk_hdr {
-   uint8_t magic[4];    /* MTK magic */
-   uint32_t size;       /* Size of the content */
-   uint8_t name[32];    /* The type of the header */
-} mtk_hdr;
-
-// Flags
-#define MTK_KERNEL    0x1
-#define MTK_RAMDISK   0x2
-#define CHROMEOS_FLAG 0x4
-
-typedef struct boot_img {
-    size_t map_size;
-    uint32_t dt_size;
-    size_t tail_size;
-    uint8_t flags;
-    file_t kernel_type, ramdisk_type;
-
-    boot_img_hdr hdr;
-    mtk_hdr mtk_kernel_hdr, mtk_ramdisk_hdr;
-
-    void *map_addr;
-    void *kernel;
-    void *dtb;
-    void *ramdisk;
-    void *second;
-    void *extra;
-    void *tail;
-} boot_img;
-
-#endif

crypto/src/main/java/com/topjohnwu/crypto/ZipSigner.java

@@ -1,42 +0,0 @@
-package com.topjohnwu.crypto;
-
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.InputStream;
-import java.security.Security;
-
-public class ZipSigner {
-    public static void main(String[] args) {
-        boolean minSign = false;
-        int argStart = 0;
-
-        if (args.length < 4) {
-            System.err.println("Usage: zipsigner [-m] publickey.x509[.pem] privatekey.pk8 input.jar output.jar");
-            System.exit(2);
-        }
-
-        if (args[0].equals("-m")) {
-            minSign = true;
-            argStart = 1;
-        }
-
-        SignAPK.sBouncyCastleProvider = new BouncyCastleProvider();
-        Security.insertProviderAt(SignAPK.sBouncyCastleProvider, 1);
-
-        File pubKey = new File(args[argStart]);
-        File privKey = new File(args[argStart + 1]);
-        File input = new File(args[argStart + 2]);
-        File output = new File(args[argStart + 3]);
-
-        try (InputStream pub = new FileInputStream(pubKey);
-             InputStream priv = new FileInputStream(privKey);
-             JarMap jar = new JarMap(input, false)) {
-            SignAPK.signZip(pub, priv, jar, output, minSign);
-        } catch (Exception e) {
-            e.printStackTrace();
-            System.exit(1);
-        }
-    }
-}

native/jni/Android.mk

@@ -31,7 +31,7 @@ LOCAL_SHARED_LIBRARIES := libsqlite libselinux
 
 LOCAL_C_INCLUDES := \
 	jni/include \
-	jni/external/include \
+	$(EXT_PATH)/include \
 	$(LIBSELINUX)
 
 LOCAL_SRC_FILES := \
@@ -87,22 +87,21 @@ include $(BUILD_EXECUTABLE)
 # magiskboot
 include $(CLEAR_VARS)
 LOCAL_MODULE := magiskboot
-LOCAL_STATIC_LIBRARIES := liblzma liblz4 libbz2 libfdt
+LOCAL_STATIC_LIBRARIES := libmincrypt liblzma liblz4 libbz2 libfdt
 LOCAL_C_INCLUDES := \
 	jni/include \
-	jni/external/include \
+	$(EXT_PATH)/include \
 	$(LIBLZMA) \
 	$(LIBLZ4) \
 	$(LIBBZ2) \
 	$(LIBFDT)
 
 LOCAL_SRC_FILES := \
-	external/sha1/sha1.c \
 	magiskboot/main.c \
 	magiskboot/bootimg.c \
 	magiskboot/hexpatch.c \
 	magiskboot/compress.c \
-	magiskboot/types.c \
+	magiskboot/format.c \
 	magiskboot/dtb.c \
 	magiskboot/ramdisk.c \
 	$(UTIL_SRC)

native/jni/Application.mk

@@ -2,3 +2,4 @@ APP_ABI := x86 x86_64 armeabi-v7a arm64-v8a
 APP_PLATFORM := android-21
 APP_CFLAGS := $(MAGISK_FLAGS) -std=gnu99
 APP_CPPFLAGS := -std=c++11
+APP_SHORT_COMMANDS := true

native/jni/core/bootstages.c

@@ -51,7 +51,7 @@ struct node_entry {
 static void concat_path(struct node_entry *node) {
 	if (node->parent)
 		concat_path(node->parent);
-	int len = strlen(buf);
+	size_t len = strlen(buf);
 	buf[len] = '/';
 	strcpy(buf + len + 1, node->name);
 }

native/jni/core/daemon.c

@@ -25,7 +25,7 @@ int is_daemon_init = 0, seperate_vendor = 0;
 static void *request_handler(void *args) {
 	int client = *((int *) args);
 	free(args);
-	client_request req = read_int(client);
+	int req = read_int(client);
 
 	struct ucred credential;
 	get_client_cred(client, &credential);
@@ -134,6 +134,7 @@ void daemon_init() {
 	struct dirent *entry;
 	int root, sbin;
 	char buf[PATH_MAX], buf2[PATH_MAX];
+	char magisk_name[10], init_name[10];
 
 	// Setup links under /sbin
 	xmount(NULL, "/", NULL, MS_REMOUNT, NULL);
@@ -141,13 +142,8 @@ void daemon_init() {
 	chmod("/root", 0755);
 	root = xopen("/root", O_RDONLY | O_CLOEXEC);
 	sbin = xopen("/sbin", O_RDONLY | O_CLOEXEC);
-	dir = xfdopendir(sbin);
-	while((entry = xreaddir(dir))) {
-		if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0) continue;
-		linkat(sbin, entry->d_name, root, entry->d_name, 0);
-		if (strcmp(entry->d_name, "magisk") == 0)
-			unlinkat(sbin, entry->d_name, 0);
-	}
+	link_dir(sbin, root);
+	unlink("/sbin/magisk");
 	close(sbin);
 
 	xmount("tmpfs", "/sbin", "tmpfs", 0, NULL);
@@ -160,14 +156,26 @@ void daemon_init() {
 		snprintf(buf2, PATH_MAX, "/sbin/%s", entry->d_name);
 		xsymlink(buf, buf2);
 	}
+
+	gen_rand_str(magisk_name, sizeof(magisk_name));
+	snprintf(buf, PATH_MAX, "/root/%s", magisk_name);
+	unlink("/sbin/magisk");
+	rename("/root/magisk", buf);
+	xsymlink(buf, "/sbin/magisk");
 	for (int i = 0; applet[i]; ++i) {
 		snprintf(buf2, PATH_MAX, "/sbin/%s", applet[i]);
-		xsymlink("/root/magisk", buf2);
+		xsymlink(buf, buf2);
 	}
+
+	gen_rand_str(init_name, sizeof(init_name));
+	snprintf(buf, PATH_MAX, "/root/%s", init_name);
+	unlink("/sbin/magiskinit");
+	rename("/root/magiskinit", buf);
 	for (int i = 0; init_applet[i]; ++i) {
 		snprintf(buf2, PATH_MAX, "/sbin/%s", init_applet[i]);
-		xsymlink("/root/magiskinit", buf2);
+		xsymlink(buf, buf2);
 	}
+
 	close(root);
 
 	// Backward compatibility
@@ -198,7 +206,7 @@ void daemon_init() {
 			xmkdirs(MIRRDIR "/system", 0755);
 			xmount(buf, MIRRDIR "/system", "ext4", MS_RDONLY, NULL);
 			#ifdef MAGISK_DEBUG
-				LOGI("mount: %s -> %s\n", buf, MIRRDIR "/system");
+				LOGI("mount: %s <- %s\n", MIRRDIR "/system", buf);
 			#else
 				LOGI("mount: %s\n", MIRRDIR "/system");
 			#endif
@@ -208,7 +216,7 @@ void daemon_init() {
 			xmkdirs(MIRRDIR "/vendor", 0755);
 			xmount(buf, MIRRDIR "/vendor", "ext4", MS_RDONLY, NULL);
 			#ifdef MAGISK_DEBUG
-				LOGI("mount: %s -> %s\n", buf, MIRRDIR "/vendor");
+				LOGI("mount: %s <- %s\n", MIRRDIR "/vendor", buf);
 			#else
 				LOGI("mount: %s\n", MIRRDIR "/vendor");
 			#endif
@@ -219,7 +227,7 @@ void daemon_init() {
 	if (!seperate_vendor) {
 		xsymlink(MIRRDIR "/system/vendor", MIRRDIR "/vendor");
 		#ifdef MAGISK_DEBUG
-			LOGI("link: %s -> %s\n", MIRRDIR "/system/vendor", MIRRDIR "/vendor");
+			LOGI("link: %s <- %s\n", MIRRDIR "/vendor", MIRRDIR "/system/vendor");
 		#else
 			LOGI("link: %s\n", MIRRDIR "/vendor");
 		#endif
@@ -257,6 +265,9 @@ void start_daemon() {
 		exit(1);
 	xlisten(fd, 10);
 
+	// Start the log monitor
+	monitor_logs();
+
 	if ((is_daemon_init = (access(MAGISKTMP, F_OK) == 0))) {
 		// Restart stuffs if the daemon is restarted
 		exec_command_sync("logcat", "-b", "all", "-c", NULL);
@@ -266,9 +277,6 @@ void start_daemon() {
 		daemon_init();
 	}
 
-	// Start the log monitor
-	monitor_logs();
-
 	LOGI("Magisk v" xstr(MAGISK_VERSION) "(" xstr(MAGISK_VER_CODE) ") daemon started\n");
 
 	// Change process name

native/jni/core/log_monitor.c

@@ -12,8 +12,10 @@
 
 #include "magisk.h"
 #include "utils.h"
+#include "resetprop.h"
 
 extern int is_daemon_init;
+int logd = 0;
 
 static int am_proc_start_filter(const char *log) {
 	return strstr(log, "am_proc_start") != NULL;
@@ -44,9 +46,20 @@ struct log_listener log_events[] = {
 };
 
 #ifdef MAGISK_DEBUG
-static int debug_log_pid, debug_log_fd;
+static int debug_log_pid = -1, debug_log_fd = -1;
 #endif
 
+static void check_logd() {
+	char *prop = getprop("init.svc.logd");
+	if (prop != NULL) {
+		free(prop);
+		logd = 1;
+	} else {
+		LOGD("log_monitor: logd not started, disable logging");
+		logd = 0;
+	}
+}
+
 static void *logger_thread(void *args) {
 	int log_fd = -1, log_pid;
 	char line[4096];
@@ -54,6 +67,15 @@ static void *logger_thread(void *args) {
 	LOGD("log_monitor: logger start");
 
 	while (1) {
+		if (!logd) {
+			// Disable all services
+			for (int i = 0; i < (sizeof(log_events) / sizeof(struct log_listener)); ++i) {
+				close(log_events[i].fd);
+				log_events[i].fd = -1;
+			}
+			return NULL;
+		}
+
 		// Start logcat
 		log_pid = exec_command(0, &log_fd, NULL, "logcat", "-b", "events", "-b", "main", "-v", "threadtime", "-s", "am_proc_start", "-s", "Magisk", NULL);
 		while (fdgets(line, sizeof(line), log_fd)) {
@@ -75,6 +97,8 @@ static void *logger_thread(void *args) {
 
 		// Clear buffer before restart
 		exec_command_sync("logcat", "-b", "events", "-b", "main", "-c", NULL);
+
+		check_logd();
 	}
 
 	// Should never be here, but well...
@@ -139,40 +163,49 @@ static void *debug_magisk_log_thread(void *args) {
 void monitor_logs() {
 	pthread_t thread;
 
-	// Start log file dumper before monitor
-	xpthread_create(&thread, NULL, magisk_log_thread, NULL);
-	pthread_detach(thread);
+	check_logd();
 
-	// Start logcat monitor
-	xpthread_create(&thread, NULL, logger_thread, NULL);
-	pthread_detach(thread);
+	if (logd) {
+		// Start log file dumper before monitor
+		xpthread_create(&thread, NULL, magisk_log_thread, NULL);
+		pthread_detach(thread);
 
+		// Start logcat monitor
+		xpthread_create(&thread, NULL, logger_thread, NULL);
+		pthread_detach(thread);
+	}
 }
 
 void start_debug_full_log() {
 #ifdef MAGISK_DEBUG
-	// Log everything initially
-	debug_log_fd = xopen(DEBUG_LOG, O_WRONLY | O_CREAT | O_CLOEXEC | O_TRUNC, 0644);
-	debug_log_pid = exec_command(0, &debug_log_fd, NULL, "logcat", "-v", "threadtime", NULL);
-	close(debug_log_fd);
+	if (logd) {
+		// Log everything initially
+		debug_log_fd = xopen(DEBUG_LOG, O_WRONLY | O_CREAT | O_CLOEXEC | O_TRUNC, 0644);
+		debug_log_pid = exec_command(0, &debug_log_fd, NULL, "logcat", "-v", "threadtime", NULL);
+		close(debug_log_fd);
+	}
 #endif
 }
 
 void stop_debug_full_log() {
 #ifdef MAGISK_DEBUG
 	// Stop recording the boot logcat after every boot task is done
-	kill(debug_log_pid, SIGTERM);
-	waitpid(debug_log_pid, NULL, 0);
-	// Start debug thread
-	start_debug_log();
+	if (debug_log_pid > 0) {
+		kill(debug_log_pid, SIGTERM);
+		waitpid(debug_log_pid, NULL, 0);
+		// Start debug thread
+		start_debug_log();
+	}
 #endif
 }
 
 void start_debug_log() {
 #ifdef MAGISK_DEBUG
-	pthread_t thread;
-	// Start debug thread
-	xpthread_create(&thread, NULL, debug_magisk_log_thread, NULL);
-	pthread_detach(thread);
+	if (logd) {
+		pthread_t thread;
+		// Start debug thread
+		xpthread_create(&thread, NULL, debug_magisk_log_thread, NULL);
+		pthread_detach(thread);
+	}
 #endif
 }

native/jni/core/magiskinit.c

@@ -56,6 +56,8 @@
 extern policydb_t *policydb;
 int (*init_applet_main[]) (int, char *[]) = { magiskpolicy_main, magiskpolicy_main, NULL };
 static int keepverity = 0, keepencrypt = 0;
+static char RAND_SOCKET_NAME[sizeof(SOCKET_NAME)];
+static int SOCKET_OFF = -1;
 
 struct cmdline {
 	int skip_initramfs;
@@ -152,7 +154,7 @@ static void fstab_patch_cb(int dirfd, struct dirent *entry) {
 		size_t _size;
 		uint32_t size;
 		full_read_at(dirfd, entry->d_name, &buf, &_size);
-		size = _size;  /* Type conversion */
+		size = (uint32_t) _size;  /* Type conversion */
 		if (!keepverity)
 			patch_verity(&buf, &size, 1);
 		if (!keepencrypt)
@@ -203,8 +205,8 @@ static void patch_ramdisk(int root) {
 }
 
 static int strend(const char *s1, const char *s2) {
-	int l1 = strlen(s1);
-	int l2 = strlen(s2);
+	size_t l1 = strlen(s1);
+	size_t l2 = strlen(s2);
 	return strcmp(s1 + l1 - l2, s2);
 }
 
@@ -318,6 +320,12 @@ static int patch_sepolicy() {
 	sepol_magisk_rules();
 	dump_policydb("/sepolicy");
 
+	// Remove the stupid debug sepolicy and use our own
+	if (access("/sepolicy_debug", F_OK) == 0) {
+		unlink("/sepolicy_debug");
+		link("/sepolicy", "/sepolicy_debug");
+	}
+
 	return 0;
 }
 
@@ -327,7 +335,7 @@ static int unxz(const void *buf, size_t size, int fd) {
 	lzma_stream strm = LZMA_STREAM_INIT;
 	if (lzma_auto_decoder(&strm, UINT64_MAX, 0) != LZMA_OK)
 		return 1;
-	lzma_ret ret = 0;
+	lzma_ret ret;
 	void *out = malloc(BUFSIZE);
 	strm.next_in = buf;
 	strm.avail_in = size;
@@ -361,6 +369,23 @@ static int dump_magiskrc(const char *path, mode_t mode) {
 	return 0;
 }
 
+static void patch_socket_name(const char *path) {
+	void *buf;
+	size_t size;
+	mmap_rw(path, &buf, &size);
+	if (SOCKET_OFF < 0) {
+		for (int i = 0; i < size; ++i) {
+			if (memcmp(buf + i, SOCKET_NAME, sizeof(SOCKET_NAME)) == 0) {
+				SOCKET_OFF = i;
+				break;
+			}
+		}
+	}
+	gen_rand_str(RAND_SOCKET_NAME, sizeof(SOCKET_NAME));
+	memcpy(buf + SOCKET_OFF, RAND_SOCKET_NAME, sizeof(SOCKET_NAME));
+	munmap(buf, size);
+}
+
 static void magisk_init_daemon() {
 	setsid();
 
@@ -375,7 +400,8 @@ static void magisk_init_daemon() {
 	dup3(null, STDIN_FILENO, O_CLOEXEC);
 	dup3(null, STDOUT_FILENO, O_CLOEXEC);
 	dup3(null, STDERR_FILENO, O_CLOEXEC);
-	close(null);
+	if (null > STDERR_FILENO)
+		close(null);
 
 	// Transit our context to su (mimic setcon)
 	int fd, crap;
@@ -392,6 +418,7 @@ static void magisk_init_daemon() {
 	while (1) {
 		struct sockaddr_un sun;
 		fd = setup_socket(&sun);
+		memcpy(sun.sun_path + 1, RAND_SOCKET_NAME, sizeof(SOCKET_NAME));
 		while (connect(fd, (struct sockaddr*) &sun, sizeof(sun)))
 			usleep(10000); /* Wait 10 ms after each try */
 
@@ -440,6 +467,7 @@ int main(int argc, char *argv[]) {
 	dump_magisk("/overlay/sbin/magisk", 0755);
 	mkdir("/overlay/root", 0755);
 	link("/init", "/overlay/root/magiskinit");
+	patch_socket_name("/overlay/sbin/magisk");
 
 	struct cmdline cmd;
 	parse_cmdline(&cmd);
@@ -505,10 +533,10 @@ int main(int argc, char *argv[]) {
 		}
 	}
 
-	int overlay = open("/overlay", O_RDONLY | O_CLOEXEC);
 
 	// Only patch rootfs if not intended to run in recovery
 	if (access("/etc/recovery.fstab", F_OK) != 0) {
+		int overlay = open("/overlay", O_RDONLY | O_CLOEXEC);
 		mv_dir(overlay, root);
 
 		patch_ramdisk(root);
@@ -528,16 +556,19 @@ int main(int argc, char *argv[]) {
 			umount("/system");
 		}
 
+		close(overlay);
+		close(STDIN_FILENO);
+		close(STDOUT_FILENO);
+		close(STDERR_FILENO);
+
 		if (fork_dont_care() == 0) {
 			strcpy(argv[0], "magiskinit");
-			close(overlay);
 			close(root);
 			magisk_init_daemon();
 		}
 	}
 
 	// Clean up
-	close(overlay);
 	close(root);
 	umount("/vendor");
 	rmdir("/overlay");

native/jni/core/socket.c

@@ -0,0 +1,153 @@
+/* socket.c - All socket related operations
+ */
+
+#include <fcntl.h>
+
+#include "daemon.h"
+#include "logging.h"
+#include "utils.h"
+#include "magisk.h"
+
+/* Setup the address and return socket fd */
+int setup_socket(struct sockaddr_un *sun) {
+	int fd = xsocket(AF_LOCAL, SOCK_STREAM | SOCK_CLOEXEC, 0);
+	memset(sun, 0, sizeof(*sun));
+	sun->sun_family = AF_LOCAL;
+	sun->sun_path[0] = '\0';
+	memcpy(sun->sun_path + 1, SOCKET_NAME, sizeof(SOCKET_NAME));
+	return fd;
+}
+
+
+/*
+ * Receive a file descriptor from a Unix socket.
+ * Contributed by @mkasick
+ *
+ * Returns the file descriptor on success, or -1 if a file
+ * descriptor was not actually included in the message
+ *
+ * On error the function terminates by calling exit(-1)
+ */
+int recv_fd(int sockfd) {
+	// Need to receive data from the message, otherwise don't care about it.
+	char iovbuf;
+
+	struct iovec iov = {
+		.iov_base = &iovbuf,
+		.iov_len  = 1,
+	};
+
+	char cmsgbuf[CMSG_SPACE(sizeof(int))];
+
+	struct msghdr msg = {
+		.msg_iov        = &iov,
+		.msg_iovlen     = 1,
+		.msg_control    = cmsgbuf,
+		.msg_controllen = sizeof(cmsgbuf),
+	};
+
+	xrecvmsg(sockfd, &msg, MSG_WAITALL);
+
+	// Was a control message actually sent?
+	switch (msg.msg_controllen) {
+	case 0:
+		// No, so the file descriptor was closed and won't be used.
+		return -1;
+	case sizeof(cmsgbuf):
+		// Yes, grab the file descriptor from it.
+		break;
+	default:
+		goto error;
+	}
+
+	struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg);
+
+	if (cmsg             == NULL                  ||
+		cmsg->cmsg_len   != CMSG_LEN(sizeof(int)) ||
+		cmsg->cmsg_level != SOL_SOCKET            ||
+		cmsg->cmsg_type  != SCM_RIGHTS) {
+error:
+		LOGE("unable to read fd");
+		exit(-1);
+	}
+
+	return *(int *)CMSG_DATA(cmsg);
+}
+
+/*
+ * Send a file descriptor through a Unix socket.
+ * Contributed by @mkasick
+ *
+ * On error the function terminates by calling exit(-1)
+ *
+ * fd may be -1, in which case the dummy data is sent,
+ * but no control message with the FD is sent.
+ */
+void send_fd(int sockfd, int fd) {
+	// Need to send some data in the message, this will do.
+	struct iovec iov = {
+		.iov_base = "",
+		.iov_len  = 1,
+	};
+
+	struct msghdr msg = {
+		.msg_iov        = &iov,
+		.msg_iovlen     = 1,
+	};
+
+	char cmsgbuf[CMSG_SPACE(sizeof(int))];
+
+	if (fd != -1) {
+		// Is the file descriptor actually open?
+		if (fcntl(fd, F_GETFD) == -1) {
+			if (errno != EBADF) {
+				PLOGE("unable to send fd");
+			}
+			// It's closed, don't send a control message or sendmsg will EBADF.
+		} else {
+			// It's open, send the file descriptor in a control message.
+			msg.msg_control    = cmsgbuf;
+			msg.msg_controllen = sizeof(cmsgbuf);
+
+			struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg);
+
+			cmsg->cmsg_len   = CMSG_LEN(sizeof(int));
+			cmsg->cmsg_level = SOL_SOCKET;
+			cmsg->cmsg_type  = SCM_RIGHTS;
+
+			*(int *)CMSG_DATA(cmsg) = fd;
+		}
+	}
+
+	xsendmsg(sockfd, &msg, 0);
+}
+
+int read_int(int fd) {
+	int val;
+	xxread(fd, &val, sizeof(int));
+	return val;
+}
+
+void write_int(int fd, int val) {
+	if (fd < 0) return;
+	xwrite(fd, &val, sizeof(int));
+}
+
+char* read_string(int fd) {
+	int len = read_int(fd);
+	if (len > PATH_MAX || len < 0) {
+		LOGE("invalid string length %d", len);
+		exit(1);
+	}
+	char* val = xmalloc(sizeof(char) * (len + 1));
+	xxread(fd, val, len);
+	val[len] = '\0';
+	return val;
+}
+
+void write_string(int fd, const char* val) {
+	if (fd < 0) return;
+	int len = strlen(val);
+	write_int(fd, len);
+	xwrite(fd, val, len);
+}

native/jni/external/Android.mk

@@ -3,7 +3,7 @@ LOCAL_PATH:= $(call my-dir)
 # libsqlite.so (stub)
 include $(CLEAR_VARS)
 LOCAL_MODULE:= libsqlite
-LOCAL_C_INCLUDES := jni/external/include
+LOCAL_C_INCLUDES := $(EXT_PATH)/include
 LOCAL_SRC_FILES := stubs/sqlite3_stub.c
 include $(BUILD_SHARED_LIBRARY)
 
@@ -14,6 +14,20 @@ LOCAL_C_INCLUDES := $(LIBSELINUX)
 LOCAL_SRC_FILES := stubs/selinux_stub.c
 include $(BUILD_SHARED_LIBRARY)
 
+# libmincrypt.a
+include $(CLEAR_VARS)
+LOCAL_MODULE:= libmincrypt
+LOCAL_C_INCLUDES := $(EXT_PATH)/include
+LOCAL_SRC_FILES := \
+	mincrypt/dsa_sig.c \
+	mincrypt/p256.c \
+	mincrypt/p256_ec.c \
+	mincrypt/p256_ecdsa.c \
+	mincrypt/rsa.c \
+	mincrypt/sha.c \
+	mincrypt/sha256.c
+include $(BUILD_STATIC_LIBRARY)
+
 # libfdt.a
 include $(CLEAR_VARS)
 LOCAL_MODULE:= libfdt

native/jni/external/include/mincrypt/dsa_sig.h

@@ -0,0 +1,43 @@
+/*
+ * Copyright 2013 The Android Open Source Project
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *     * Neither the name of Google Inc. nor the names of its contributors may
+ *       be used to endorse or promote products derived from this software
+ *       without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+ * EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef SYSTEM_CORE_INCLUDE_MINCRYPT_DSA_SIG_H_
+#define SYSTEM_CORE_INCLUDE_MINCRYPT_DSA_SIG_H_
+
+#include "mincrypt/p256.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+// Returns 0 if input sig is not a valid ASN.1 sequence
+int dsa_sig_unpack(unsigned char* sig, int sig_len, p256_int* r_int, p256_int* s_int);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* SYSTEM_CORE_INCLUDE_MINCRYPT_DSA_SIG_H_ */

native/jni/external/include/mincrypt/hash-internal.h

@@ -0,0 +1,63 @@
+/*
+ * Copyright 2007 The Android Open Source Project
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *     * Neither the name of Google Inc. nor the names of its contributors may
+ *       be used to endorse or promote products derived from this software
+ *       without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+ * EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef SYSTEM_CORE_INCLUDE_MINCRYPT_HASH_INTERNAL_H_
+#define SYSTEM_CORE_INCLUDE_MINCRYPT_HASH_INTERNAL_H_
+
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif  // __cplusplus
+
+struct HASH_CTX;  // forward decl
+
+typedef struct HASH_VTAB {
+  void (* const init)(struct HASH_CTX*);
+  void (* const update)(struct HASH_CTX*, const void*, int);
+  const uint8_t* (* const final)(struct HASH_CTX*);
+  const uint8_t* (* const hash)(const void*, int, uint8_t*);
+  int size;
+} HASH_VTAB;
+
+typedef struct HASH_CTX {
+  const HASH_VTAB * f;
+  uint64_t count;
+  uint8_t buf[64];
+  uint32_t state[8];  // upto SHA2
+} HASH_CTX;
+
+#define HASH_init(ctx) (ctx)->f->init(ctx)
+#define HASH_update(ctx, data, len) (ctx)->f->update(ctx, data, len)
+#define HASH_final(ctx) (ctx)->f->final(ctx)
+#define HASH_hash(data, len, digest) (ctx)->f->hash(data, len, digest)
+#define HASH_size(ctx) (ctx)->f->size
+
+#ifdef __cplusplus
+}
+#endif  // __cplusplus
+
+#endif  // SYSTEM_CORE_INCLUDE_MINCRYPT_HASH_INTERNAL_H_

native/jni/external/include/mincrypt/p256.h

@@ -0,0 +1,162 @@
+/*
+ * Copyright 2013 The Android Open Source Project
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *     * Neither the name of Google Inc. nor the names of its contributors may
+ *       be used to endorse or promote products derived from this software
+ *       without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+ * EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef SYSTEM_CORE_INCLUDE_MINCRYPT_LITE_P256_H_
+#define SYSTEM_CORE_INCLUDE_MINCRYPT_LITE_P256_H_
+
+// Collection of routines manipulating 256 bit unsigned integers.
+// Just enough to implement ecdsa-p256 and related algorithms.
+
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define P256_BITSPERDIGIT 32
+#define P256_NDIGITS 8
+#define P256_NBYTES 32
+
+typedef int p256_err;
+typedef uint32_t p256_digit;
+typedef int32_t p256_sdigit;
+typedef uint64_t p256_ddigit;
+typedef int64_t p256_sddigit;
+
+// Defining p256_int as struct to leverage struct assigment.
+typedef struct {
+  p256_digit a[P256_NDIGITS];
+} p256_int;
+
+extern const p256_int SECP256r1_n;  // Curve order
+extern const p256_int SECP256r1_p;  // Curve prime
+extern const p256_int SECP256r1_b;  // Curve param
+
+// Initialize a p256_int to zero.
+void p256_init(p256_int* a);
+
+// Clear a p256_int to zero.
+void p256_clear(p256_int* a);
+
+// Return bit. Index 0 is least significant.
+int p256_get_bit(const p256_int* a, int index);
+
+// b := a % MOD
+void p256_mod(
+    const p256_int* MOD,
+    const p256_int* a,
+    p256_int* b);
+
+// c := a * (top_b | b) % MOD
+void p256_modmul(
+    const p256_int* MOD,
+    const p256_int* a,
+    const p256_digit top_b,
+    const p256_int* b,
+    p256_int* c);
+
+// b := 1 / a % MOD
+// MOD best be SECP256r1_n
+void p256_modinv(
+    const p256_int* MOD,
+    const p256_int* a,
+    p256_int* b);
+
+// b := 1 / a % MOD
+// MOD best be SECP256r1_n
+// Faster than p256_modinv()
+void p256_modinv_vartime(
+    const p256_int* MOD,
+    const p256_int* a,
+    p256_int* b);
+
+// b := a << (n % P256_BITSPERDIGIT)
+// Returns the bits shifted out of most significant digit.
+p256_digit p256_shl(const p256_int* a, int n, p256_int* b);
+
+// b := a >> (n % P256_BITSPERDIGIT)
+void p256_shr(const p256_int* a, int n, p256_int* b);
+
+int p256_is_zero(const p256_int* a);
+int p256_is_odd(const p256_int* a);
+int p256_is_even(const p256_int* a);
+
+// Returns -1, 0 or 1.
+int p256_cmp(const p256_int* a, const p256_int *b);
+
+// c: = a - b
+// Returns -1 on borrow.
+int p256_sub(const p256_int* a, const p256_int* b, p256_int* c);
+
+// c := a + b
+// Returns 1 on carry.
+int p256_add(const p256_int* a, const p256_int* b, p256_int* c);
+
+// c := a + (single digit)b
+// Returns carry 1 on carry.
+int p256_add_d(const p256_int* a, p256_digit b, p256_int* c);
+
+// ec routines.
+
+// {out_x,out_y} := nG
+void p256_base_point_mul(const p256_int *n,
+                         p256_int *out_x,
+                         p256_int *out_y);
+
+// {out_x,out_y} := n{in_x,in_y}
+void p256_point_mul(const p256_int *n,
+                    const p256_int *in_x,
+                    const p256_int *in_y,
+                    p256_int *out_x,
+                    p256_int *out_y);
+
+// {out_x,out_y} := n1G + n2{in_x,in_y}
+void p256_points_mul_vartime(
+    const p256_int *n1, const p256_int *n2,
+    const p256_int *in_x, const p256_int *in_y,
+    p256_int *out_x, p256_int *out_y);
+
+// Return whether point {x,y} is on curve.
+int p256_is_valid_point(const p256_int* x, const p256_int* y);
+
+// Outputs big-endian binary form. No leading zero skips.
+void p256_to_bin(const p256_int* src, uint8_t dst[P256_NBYTES]);
+
+// Reads from big-endian binary form,
+// thus pre-pad with leading zeros if short.
+void p256_from_bin(const uint8_t src[P256_NBYTES], p256_int* dst);
+
+#define P256_DIGITS(x) ((x)->a)
+#define P256_DIGIT(x,y) ((x)->a[y])
+
+#define P256_ZERO {{0}}
+#define P256_ONE {{1}}
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif  // SYSTEM_CORE_INCLUDE_MINCRYPT_LITE_P256_H_

native/jni/external/include/mincrypt/p256_ecdsa.h

@@ -0,0 +1,53 @@
+/*
+ * Copyright 2013 The Android Open Source Project
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
+ *       documentation and/or other materials provided with the distribution.
+ *     * Neither the name of Google Inc. nor the names of its contributors may
+ *       be used to endorse or promote products derived from this software
+ *       without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+ * EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+ * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef SYSTEM_CORE_INCLUDE_MINCRYPT_P256_ECDSA_H_
+#define SYSTEM_CORE_INCLUDE_MINCRYPT_P256_ECDSA_H_
+
+// Using current directory as relative include path here since
+// this code typically gets lifted into a variety of build systems
+// and directory structures.
+#include "p256.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+// Returns 0 if {r,s} is not a signature on message for
+// public key {key_x,key_y}.
+//
+// Note: message is a p256_int.
+// Convert from a binary string using p256_from_bin().
+int p256_ecdsa_verify(const p256_int* key_x,
+                      const p256_int* key_y,
+                      const p256_int* message,
+                      const p256_int* r, const p256_int* s);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif  // SYSTEM_CORE_INCLUDE_MINCRYPT_P256_ECDSA_H_

native/jni/external/include/mincrypt/rsa.h

@@ -0,0 +1,58 @@
+/* rsa.h
+**
+** Copyright 2008, The Android Open Source Project
+**
+** Redistribution and use in source and binary forms, with or without
+** modification, are permitted provided that the following conditions are met:
+**     * Redistributions of source code must retain the above copyright
+**       notice, this list of conditions and the following disclaimer.
+**     * Redistributions in binary form must reproduce the above copyright
+**       notice, this list of conditions and the following disclaimer in the
+**       documentation and/or other materials provided with the distribution.
+**     * Neither the name of Google Inc. nor the names of its contributors may
+**       be used to endorse or promote products derived from this software
+**       without specific prior written permission.
+**
+** THIS SOFTWARE IS PROVIDED BY Google Inc. ``AS IS'' AND ANY EXPRESS OR
+** IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+** MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+** EVENT SHALL Google Inc. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+** SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+** PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+** OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+** WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+** OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+** ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#ifndef SYSTEM_CORE_INCLUDE_MINCRYPT_RSA_H_
+#define SYSTEM_CORE_INCLUDE_MINCRYPT_RSA_H_
+
+#include <inttypes.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define RSANUMBYTES 256           /* 2048 bit key length */
+#define RSANUMWORDS (RSANUMBYTES / sizeof(uint32_t))
+
+typedef struct RSAPublicKey {
+    int len;                  /* Length of n[] in number of uint32_t */
+    uint32_t n0inv;           /* -1 / n[0] mod 2^32 */
+    uint32_t n[RSANUMWORDS];  /* modulus as little endian array */
+    uint32_t rr[RSANUMWORDS]; /* R^2 as little endian array */
+    int exponent;             /* 3 or 65537 */
+} RSAPublicKey;
+
+int RSA_verify(const RSAPublicKey *key,
+               const uint8_t* signature,
+               const int len,
+               const uint8_t* hash,
+               const int hash_len);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // SYSTEM_CORE_INCLUDE_MINCRYPT_RSA_H_