Fix binary outdated complain

This is the issue that has been haunting since day 1. Root and mounted files randomly disappears, and only an reboot can fix it.
The issue is that Zygote requires some time to isolate the mount namespace for the children it forks (read: most processes), so in rare cases such as the CPU is on heavy load, or CPU is in deep sleep, it takes longer than usual to finish the mount namespace isolation. Magisk Hide kicks in before the isolation is done, and it will switch to Zygote's namespace and do the unmounting. All children will then lose the mounted files, which includes root.
The solution is to first find the namespace id of Zygote, and wait a small period of time and retry if the namespace isn't isolated yet.

.gitattributes

@@ -0,0 +1,17 @@
+# Set the default behavior, in case people don't have core.autocrlf set.
+* text eol=lf
+
+# Explicitly declare text files you want to always be normalized and converted
+# to native line endings on checkout.
+# *.c text
+# *.h text
+
+# Declare files that will always have CRLF line endings on checkout.
+*.cmd text eol=crlf
+
+# Denote all files that are truly binary and should not be modified.
+busybox binary
+futility binary
+*.jar binary
+*.exe binary
+*.apk binary

.gitignore

@@ -11,7 +11,7 @@ uninstaller/arm/*
 uninstaller/arm64/*
 uninstaller/x86/*
 uninstaller/x64/*
-zipsigntools/zipadjust
+ziptools/zipadjust
 
 # Generated scripts
 zip_static/common/magic_mask.sh

.gitmodules

@@ -1,9 +1,12 @@
-[submodule "selinux"]
-	path = selinux
-	url = https://github.com/topjohnwu/selinux
 [submodule "jni/sepolicy-inject"]
 	path = jni/sepolicy-inject
 	url = https://github.com/topjohnwu/sepolicy-inject
 [submodule "jni/resetprop"]
 	path = jni/resetprop
 	url = https://github.com/topjohnwu/resetprop.git
+[submodule "jni/selinux"]
+	path = jni/selinux
+	url = https://github.com/topjohnwu/selinux.git
+[submodule "jni/su"]
+	path = jni/su
+	url = https://github.com/topjohnwu/Superuser.git

README.MD

@@ -3,8 +3,9 @@
 * Busybox: http://forum.xda-developers.com/android/software-hacking/tool-busybox-flashable-archs-t3348543
 
 ###How to build Magisk
-1. Only support MacOS and Linux
-2. Download and install NDK
-3. Add the NDK directory into PATH.  
-To check if success, please try calling `which ndk-build` and see if it returns the NDK directory
-4. Execute `./build.sh`, it will give you further information
+1. Download and install NDK
+2. Add the NDK directory into PATH  
+To check if the PATH is set correctly, try calling `which ndk-build` (`where ndk-build` on Windows) and see if it shows the NDK directory
+3. Unix-like users (e.g. Linux & MacOS) please execute `build.sh` through shell  
+Windows users please execute `build.cmd` through cmd
+4. The scripts will show you further details

build.cmd

@@ -0,0 +1,159 @@
+@ECHO OFF
+SETLOCAL ENABLEEXTENSIONS
+SET me=%~nx0
+SET parent=%~dp0
+SET tab=	
+SET OK=
+
+CD %parent%
+
+call :%~1 "%~2"
+IF NOT DEFINED OK CALL :usage
+
+EXIT /B %ERRORLEVEL%
+
+:usage
+  ECHO %me% all ^<version name^>
+  ECHO %tab%Build binaries, zip, and sign Magisk
+  ECHO %tab%This is equlivant to first ^<build^>, then ^<zip^>
+  ECHO %me% clean
+  ECHO %tab%Cleanup compiled / generated files
+  ECHO %me% build
+  ECHO %tab%Build the binaries with ndk
+  ECHO %me% zip ^<version name^>
+  ECHO %tab%Zip and sign Magisk
+  ECHO %me% uninstaller
+  ECHO %tab%Zip and sign the uninstaller
+  EXIT /B 1
+
+:all
+  SET OK=y
+  IF [%~1] == [] (
+    CALL :error "Missing version number"
+    CALL :usage
+    EXIT /B %ERRORLEVEL%
+  )
+  CALL :build
+  CALL :zip "%~1"
+  EXIT /B %ERRORLEVEL%
+
+:build
+  SET OK=y
+  ECHO ************************
+  ECHO * Building binaries
+  ECHO ************************
+  FOR /F "tokens=* USEBACKQ" %%F IN (`where ndk-build`) DO (
+    IF [%%F] == [] (
+      CALL :error "Please add ndk-build to PATH!"
+      EXIT /B 1
+    )
+  )
+  CALL ndk-build -j4 || CALL :error "Magisk binary tools build failed...."
+  IF %ERRORLEVEL% NEQ 0 EXIT /B %ERRORLEVEL%
+  ECHO ************************
+  ECHO * Copying binaries
+  ECHO ************************
+  COPY /Y libs\armeabi\* zip_static\arm
+  COPY /Y libs\arm64-v8a\* zip_static\arm64
+  COPY /Y libs\x86\* zip_static\x86
+  COPY /Y libs\x86_64\* zip_static\x64
+  CALL :mkcp libs\armeabi\bootimgtools uninstaller\arm
+  CALL :mkcp libs\arm64-v8a\bootimgtools uninstaller\arm64
+  CALL :mkcp libs\x86\bootimgtools uninstaller\x86
+  CALL :mkcp libs\x86_64\bootimgtools uninstaller\x64
+  EXIT /B %ERRORLEVEL%
+
+:clean
+  SET OK=y
+  ECHO ************************
+  ECHO * Cleaning up
+  ECHO ************************
+  CALL ndk-build clean
+  forfiles /P zip_static\arm /C "cmd /C IF NOT @file == \"busybox\" DEL @file"
+  forfiles /P zip_static\arm64 /C "cmd /C IF NOT @file == \"busybox\" DEL @file"
+  forfiles /P zip_static\x86 /C "cmd /C IF NOT @file == \"busybox\" DEL @file"
+  forfiles /P zip_static\x64 /C "cmd /C IF NOT @file == \"busybox\" DEL @file"
+  2>NUL DEL zip_static\META-INF\com\google\android\update-binary
+  2>NUL DEL zip_static\common\magic_mask.sh
+  2>NUL RMDIR /S /Q uninstaller\arm
+  2>NUL RMDIR /S /Q uninstaller\arm64
+  2>NUL RMDIR /S /Q uninstaller\x86
+  2>NUL RMDIR /S /Q uninstaller\x64
+  EXIT /B 0
+
+:zip
+  SET OK=y
+  IF [%~1] == [] (
+    CALL :error "Missing version number"
+    CALL :usage
+    EXIT /B %ERRORLEVEL%
+  )
+  IF NOT EXIST "zip_static\arm\bootimgtools" CALL :error "Missing binaries! Please run '%me% build' before zipping!"
+  IF %ERRORLEVEL% NEQ 0 EXIT /B %ERRORLEVEL%
+  ECHO ************************
+  ECHO * Adding version info
+  ECHO ************************
+  powershell.exe -nologo -noprofile -command "(gc -Raw scripts\flash_script.sh) -replace 'MAGISK_VERSION_STUB', 'Magisk v%~1 Boot Image Patcher' | sc zip_static\META-INF\com\google\android\update-binary"
+  powershell.exe -nologo -noprofile -command "(gc -Raw scripts\magic_mask.sh) -replace 'MAGISK_VERSION_STUB', 'setprop magisk.version \"%~1\"' | sc zip_static\common\magic_mask.sh"
+  ECHO ************************
+  ECHO * Zipping Magisk v%~1
+  ECHO ************************
+  CD zip_static
+  2>NUL DEL "..\Magisk-v%~1.zip"
+  ..\ziptools\win_bin\zip "..\Magisk-v%~1.zip" -r .
+  CD ..\
+  CALL :sign_zip "Magisk-v%~1.zip"
+  EXIT /B %ERRORLEVEL%
+
+:uninstaller
+  SET OK=y
+  IF NOT EXIST "uninstaller\arm\bootimgtools" CALL :error "Missing binaries! Please run '%me% build' before zipping!"
+  IF %ERRORLEVEL% NEQ 0 EXIT /B %ERRORLEVEL%
+  ECHO ************************
+  ECHO * Zipping uninstaller
+  ECHO ************************
+  FOR /F "tokens=* USEBACKQ" %%F IN (`ziptools\win_bin\date "+%%Y%%m%%d"`) DO (set timestamp=%%F)
+  CD uninstaller
+  2>NUL DEL "../Magisk-uninstaller-%timestamp%.zip"
+  ..\ziptools\win_bin\zip "../Magisk-uninstaller-%timestamp%.zip" -r .
+  CD ..\
+  CALL :sign_zip "Magisk-uninstaller-%timestamp%.zip"
+  EXIT /B %ERRORLEVEL%
+
+:sign_zip
+  IF NOT EXIST "ziptools\win_bin\zipadjust.exe" (
+    ECHO ************************
+    ECHO * Compiling ZipAdjust
+    ECHO ************************
+    gcc -o ziptools\win_bin\zipadjust ziptools\src\*.c -lz || CALL :error "ZipAdjust Build failed...."
+    IF %ERRORLEVEL% NEQ 0 EXIT /B %ERRORLEVEL%
+  )
+  SET basename="%~1"
+  SET basename="%basename:.zip=%"
+  ECHO ************************
+  ECHO * First sign %~1
+  ECHO ************************
+  java -jar "ziptools\signapk.jar" "ziptools\test.certificate.x509.pem" "ziptools\test.key.pk8" "%~1" "%basename:"=%-firstsign.zip"
+  ECHO ************************
+  ECHO * Adjusting %~1
+  ECHO ************************
+  ziptools\win_bin\zipadjust "%basename:"=%-firstsign.zip" "%basename:"=%-adjusted.zip"
+  ECHO ************************
+  ECHO * Final sign %~1
+  ECHO ************************
+  java -jar "ziptools\minsignapk.jar" "ziptools\test.certificate.x509.pem" "ziptools\test.key.pk8" "%basename:"=%-adjusted.zip" "%basename:"=%-signed.zip"
+
+  MOVE /Y "%basename:"=%-signed.zip" "%~1"
+  DEL "%basename:"=%-adjusted.zip" "%basename:"=%-firstsign.zip"
+  EXIT /B %ERRORLEVEL%
+
+:mkcp
+  2>NUL MKDIR "%~2"
+  2>NUL COPY /Y "%~1" "%~2"
+  EXIT /B 0
+
+:error
+  ECHO.
+  ECHO ! %~1
+  ECHO.
+  EXIT /B 1

build.sh

@@ -3,7 +3,7 @@
 usage() {
   echo "$0 all <version name>"
   echo -e "\tBuild binaries, zip, and sign Magisk"
-  echo -e "\tThis is equlivant to first --build, then --zip"
+  echo -e "\tThis is equlivant to first <build>, then <zip>"
   echo "$0 clean"
   echo -e "\tCleanup compiled / generated files"
   echo "$0 build"
@@ -37,23 +37,17 @@ mkcp() {
   cp -afv $1 $2
 }
 
+error() {
+  echo -e "\n! $1\n"
+  exit 1
+}
+
 build_bin() {
   echo "************************"
   echo "* Building binaries"
   echo "************************"
-  if [ -z `which ndk-build` ]; then
-    echo "!!!!!!!!!!!!!!!!!!!!!!!!"
-    echo "! Please add ndk-build to PATH!"
-    echo "!!!!!!!!!!!!!!!!!!!!!!!!"
-    exit 1
-  fi
-  ndk-build -j4
-  if [ $? -ne 0 ]; then
-    echo "!!!!!!!!!!!!!!!!!!!!!!!!"
-    echo "! Magisk binary tools build failed...."
-    echo "!!!!!!!!!!!!!!!!!!!!!!!!"
-    exit 1
-  fi
+  [ -z `which ndk-build` ] && error "Please add ndk-build to PATH!"
+  ndk-build -j4 || error "Magisk binary tools build failed...."
   echo "************************"
   echo "* Copying binaries"
   echo "************************"
@@ -68,13 +62,7 @@ build_bin() {
 }
 
 zip_package() {
-  if [ ! -f "zip_static/arm/bootimgtools" ]; then
-    echo "!!!!!!!!!!!!!!!!!!!!!!!!"
-    echo "! Missing binaries!!"
-    echo "! Please run \"$0 build\" before zipping"
-    echo "!!!!!!!!!!!!!!!!!!!!!!!!"
-    exit 1
-  fi
+  [ ! -f "zip_static/arm/bootimgtools" ] && error "Missing binaries!! Please run '$0 build' before zipping"
   echo "************************"
   echo "* Adding version info"
   echo "************************"
@@ -93,18 +81,14 @@ zip_package() {
 }
 
 zip_uninstaller() {
-  if [ ! -f "uninstaller/arm/bootimgtools" ]; then
-    echo "! Missing binaries!!"
-    echo "! Please run \"$0 build\" before zipping"
-    exit 1
-  fi
+  [ ! -f "uninstaller/arm/bootimgtools" ] && error "Missing binaries!! Please run '$0 build' before zipping"
   echo "************************"
   echo "* Zipping uninstaller"
   echo "************************"
   cd uninstaller
   find . -type f -exec chmod 644 {} \;
   find . -type d -exec chmod 755 {} \;
-  TIMESTAMP=$(date "+%Y%m%d")
+  TIMESTAMP=`date "+%Y%m%d"`
   rm -rf "../Magisk-uninstaller-$TIMESTAMP.zip"
   zip "../Magisk-uninstaller-$TIMESTAMP.zip" -r .
   cd ../
@@ -112,31 +96,25 @@ zip_uninstaller() {
 }
 
 sign_zip() {
-  if [ ! -f "zipsigntools/zipadjust" ]; then
+  if [ ! -f "ziptools/zipadjust" ]; then
     echo "************************"
     echo "* Compiling ZipAdjust"
     echo "************************"
-    gcc -o zipsigntools/zipadjust zipsigntools/src/*.c -lz
-    if [ $? -ne 0 ]; then
-      echo "!!!!!!!!!!!!!!!!!!!!!!!!"
-      echo "! ZipAdjust Build failed...."
-      echo "!!!!!!!!!!!!!!!!!!!!!!!!"
-      exit 1
-    fi
-    chmod 755 zipsigntools/zipadjust
+    gcc -o ziptools/zipadjust ziptools/src/*.c -lz || error "ZipAdjust Build failed...."
+    chmod 755 ziptools/zipadjust
   fi
   echo "************************"
   echo "* First sign $1"
   echo "************************"
-  java -jar "zipsigntools/signapk.jar" "zipsigntools/test.certificate.x509.pem" "zipsigntools/test.key.pk8" "$1" "${1%.*}-firstsign.zip"
+  java -jar "ziptools/signapk.jar" "ziptools/test.certificate.x509.pem" "ziptools/test.key.pk8" "$1" "${1%.*}-firstsign.zip"
   echo "************************"
   echo "* Adjusting $1"
   echo "************************"
-  zipsigntools/zipadjust "${1%.*}-firstsign.zip" "${1%.*}-adjusted.zip"
+  ziptools/zipadjust "${1%.*}-firstsign.zip" "${1%.*}-adjusted.zip"
   echo "************************"
   echo "* Final sign $1"
   echo "************************"
-  java -jar "zipsigntools/signapk.jar" "zipsigntools/test.certificate.x509.pem" "zipsigntools/test.key.pk8" "${1%.*}-adjusted.zip" "${1%.*}-signed.zip"
+  java -jar "ziptools/minsignapk.jar" "ziptools/test.certificate.x509.pem" "ziptools/test.key.pk8" "${1%.*}-adjusted.zip" "${1%.*}-signed.zip"
 
   mv "${1%.*}-signed.zip" "$1"
   rm "${1%.*}-adjusted.zip" "${1%.*}-firstsign.zip"

jni/Android.mk

@@ -1,35 +1,10 @@
-my_path := $(call my-dir)
+LOCAL_PATH := $(call my-dir)
 
-LOCAL_PATH := $(my_path)
+include jni/bootimgtools/Android.mk
+include jni/magiskhide/Android.mk
+include jni/resetprop/Android.mk
+include jni/sepolicy-inject/Android.mk
+include jni/su/Android.mk
 
-include $(CLEAR_VARS)
-LOCAL_MODULE := magiskhide
-LOCAL_MODULE_TAGS := optional
-LOCAL_SRC_FILES := magiskhide.c
-LOCAL_CFLAGS += -std=gnu11
-include $(BUILD_EXECUTABLE)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := bootimgtools
-LOCAL_MODULE_TAGS := optional
-LOCAL_SRC_FILES := bootimgtools.c extract.c repack.c hexpatch.c
-LOCAL_CFLAGS += -std=gnu11
-include $(BUILD_EXECUTABLE)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := sepolicy-inject
-LOCAL_MODULE_TAGS := optional
-LOCAL_STATIC_LIBRARIES := libsepol
-LOCAL_SRC_FILES := sepolicy-inject/sepolicy-inject.c sepolicy-inject/builtin_rules.c
-LOCAL_C_INCLUDES := selinux/libsepol/include/
-LOCAL_CFLAGS += -std=gnu11
-include $(BUILD_EXECUTABLE)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := resetprop
-LOCAL_MODULE_TAGS := optional
-LOCAL_SRC_FILES := resetprop/resetprop.cpp resetprop/system_properties.cpp resetprop/libc_logging.cpp
-LOCAL_LDLIBS += -latomic
-include $(BUILD_EXECUTABLE)
-
-include selinux/libsepol/Android.mk
+include jni/selinux/libsepol/Android.mk
+include jni/selinux/libselinux/Android.mk

jni/Application.mk

@@ -2,4 +2,3 @@ APP_ABI := x86 x86_64 armeabi arm64-v8a
 APP_PIE = true
 APP_PLATFORM := android-21
 APP_CPPFLAGS += -std=c++11
-# APP_STL := c++_static

jni/bootimgtools/Android.mk

@@ -0,0 +1,8 @@
+LOCAL_PATH := $(call my-dir)
+
+include $(CLEAR_VARS)
+LOCAL_MODULE := bootimgtools
+LOCAL_MODULE_TAGS := optional
+LOCAL_SRC_FILES := main.c extract.c repack.c hexpatch.c
+LOCAL_CFLAGS += -std=gnu11
+include $(BUILD_EXECUTABLE)

jni/bootimgtools/extract.c

@@ -9,7 +9,7 @@
 #include <assert.h>
 #include <string.h>
 
-#include "bootimgtools.h"
+#include "bootimg.h"
 
 void dump(uint8_t *ptr, size_t size, char* filename) {
 	unlink(filename);

jni/bootimgtools/hexpatch.c

@@ -7,7 +7,7 @@
 #include <stdlib.h>
 #include <string.h>
 
-#include "bootimgtools.h"
+#include "bootimg.h"
 
 int hex2int(char c) {
 	int first = c / 16 - 3;

jni/bootimgtools/main.c

@@ -1,7 +1,7 @@
 #include <getopt.h>
 #include <stdio.h>
 
-#include "bootimgtools.h"
+#include "bootimg.h"
 
 /********************
   Patch Boot Image

jni/bootimgtools/repack.c

@@ -9,7 +9,7 @@
 #include <assert.h>
 #include <string.h>
 
-#include "bootimgtools.h"
+#include "bootimg.h"
 
 off_t file_size(char *filename) {
 	struct stat st;

jni/magiskhide/Android.mk

@@ -0,0 +1,8 @@
+LOCAL_PATH := $(call my-dir)
+
+include $(CLEAR_VARS)
+LOCAL_MODULE := magiskhide
+LOCAL_MODULE_TAGS := optional
+LOCAL_SRC_FILES := main.c hide.c list_monitor.c proc_monitor.c util.c
+LOCAL_CFLAGS += -std=gnu11 -O3
+include $(BUILD_EXECUTABLE)

jni/magiskhide/hide.c

@@ -0,0 +1,75 @@
+#include "magiskhide.h"
+
+int hideMagisk() {
+	close(pipefd[1]);
+	
+	int pid, fd;
+	char cache_block[256];
+	cache_block[0] = '\0';
+
+	while(1) {
+		read(pipefd[0], &pid, sizeof(pid));
+		// Termination called
+		if(pid == -1) break;
+
+		snprintf(buffer, sizeof(buffer), "/proc/%d/ns/mnt", pid);
+		if((fd = open(buffer, O_RDONLY)) == -1) continue; // Maybe process died..
+		if(setns(fd, 0) == -1) {
+			fprintf(logfile, "MagiskHide: Unable to change namespace for pid=%d\n", pid);
+			continue;
+		}
+		close(fd);
+
+		snprintf(buffer, sizeof(buffer), "/proc/%d/mounts", pid);
+		FILE *mount_fp = fopen(buffer, "r");
+		if (mount_fp == NULL) {
+			fprintf(logfile, "MagiskHide: Error opening mount list!\n");
+			continue;
+		}
+
+		int mount_size;
+		char **mount_list = file_to_str_arr(mount_fp, &mount_size);
+
+		// Find the cache block name if not found yet
+		if (strlen(cache_block) == 0) {
+			for(i = 0; i < mount_size; ++i) {
+				if (strstr(mount_list[i], " /cache ")) {
+					sscanf(mount_list[i], "%256s", cache_block);
+					break;
+				}
+			}
+		}
+		
+		// First unmount the dummy skeletons and the cache mounts
+		for(i = mount_size - 1; i >= 0; --i) {
+			if (strstr(mount_list[i], "tmpfs /system") || strstr(mount_list[i], "tmpfs /vendor")
+				|| (strstr(mount_list[i], cache_block) && strstr(mount_list[i], "/system")) ) {
+				sscanf(mount_list[i], "%*s %512s", buffer);
+				lazy_unmount(buffer);
+			}
+			free(mount_list[i]);
+		}
+		free(mount_list);
+
+		// Re-read mount infos
+		fseek(mount_fp, 0, SEEK_SET);
+		mount_list = file_to_str_arr(mount_fp, &mount_size);
+		fclose(mount_fp);
+
+		// Unmount loop mounts
+		for(i = mount_size - 1; i >= 0; --i) {
+			if (strstr(mount_list[i], "/dev/block/loop") && !strstr(mount_list[i], DUMMYPATH)) {
+				sscanf(mount_list[i], "%*s %512s", buffer);
+				lazy_unmount(buffer);
+			}
+			free(mount_list[i]);
+		}
+		free(mount_list);
+
+		// Send resume signal
+		kill(pid, SIGCONT);
+	}
+
+	// Should never go here
+	return 1;
+}

jni/magiskhide/list_monitor.c

@@ -0,0 +1,56 @@
+#include "magiskhide.h"
+
+void *monitor_list(void *path) {
+	char* listpath = (char*) path;
+	signal(SIGQUIT, quit_pthread);
+
+	int inotifyFd = -1;
+	char str[512];
+
+	while(1) {
+		if (inotifyFd == -1 || read(inotifyFd, str, sizeof(str)) == -1) {
+			close(inotifyFd);
+			inotifyFd = inotify_init();
+			if (inotifyFd == -1) {
+				fprintf(logfile, "MagiskHide: Unable to watch %s\n", listpath);
+				exit(1);
+			}
+			if (inotify_add_watch(inotifyFd, listpath, IN_MODIFY) == -1) {
+				fprintf(logfile, "MagiskHide: Unable to watch %s\n", listpath);
+				exit(1);
+			}
+		}
+		update_list(listpath);
+	}
+
+	return NULL;
+}
+
+void update_list(const char *listpath) {
+	FILE *hide_fp = fopen(listpath, "r");
+	if (hide_fp == NULL) {
+		fprintf(logfile, "MagiskHide: Error opening hide list\n");
+		exit(1);
+	}
+	pthread_mutex_lock(&mutex);
+	if (hide_list) {
+		// Free memory
+		for(i = 0; i < list_size; ++i)
+			free(hide_list[i]);
+		free(hide_list);
+	}
+	hide_list = file_to_str_arr(hide_fp, &list_size);
+	pthread_mutex_unlock(&mutex);
+	fclose(hide_fp);
+	if (list_size) fprintf(logfile, "MagiskHide: Update process/package list:\n");
+	for(i = 0; i < list_size; i++)
+		fprintf(logfile, "MagiskHide: [%s]\n", hide_list[i]);
+}
+
+void quit_pthread(int sig) {
+	// Free memory
+	for(i = 0; i < list_size; ++i)
+		free(hide_list[i]);
+	free(hide_list);
+	pthread_exit(NULL);
+}

jni/magiskhide/magiskhide.h

@@ -0,0 +1,49 @@
+#ifndef MAGISK_HIDE_H
+#define MAGISK_HIDE_H
+
+#define _GNU_SOURCE
+#include <string.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sched.h>
+#include <pthread.h>
+#include <unistd.h>
+#include <signal.h>
+
+#include <sys/mount.h>
+#include <sys/inotify.h>
+#include <sys/wait.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/resource.h>
+
+#define LOGFILE 	"/cache/magisk.log"
+#define HIDELIST 	"/magisk/.core/magiskhide/hidelist"
+#define DUMMYPATH	"/dev/magisk/dummy"
+
+// Main thread
+void monitor_proc();
+
+// Forked process for namespace setting
+int hideMagisk();
+
+// List monitor thread
+void update_list(const char *listpath);
+void quit_pthread(int sig);
+void *monitor_list(void *path);
+
+// Util functions
+char **file_to_str_arr(FILE *fp, int *size);
+void read_namespace(const int pid, char* target, const size_t size);
+void lazy_unmount(const char* mountpoint);
+void run_as_daemon();
+
+// Global variable sharing through process/threads
+extern FILE *logfile;
+extern int i, list_size, pipefd[2];
+extern char **hide_list, buffer[512];
+extern pthread_t list_monitor;
+extern pthread_mutex_t mutex;
+
+#endif

jni/magiskhide/main.c

@@ -0,0 +1,65 @@
+#include "magiskhide.h"
+
+FILE *logfile;
+int i, list_size, pipefd[2];
+char **hide_list = NULL, buffer[512];
+pthread_t list_monitor;
+pthread_mutex_t mutex;
+
+static void terminate(int sig) {
+	// Close the config list monitor
+	pthread_kill(list_monitor, SIGQUIT);
+	pthread_mutex_destroy(&mutex);
+
+	// Terminate our children
+	i = -1;
+	write(pipefd[1], &i, sizeof(i));
+	exit(0);
+}
+
+int main(int argc, char *argv[]) {
+
+	if (argc > 1) {
+		if (strcmp(argv[1], "--daemon") == 0)
+			run_as_daemon();
+		else {
+			fprintf(stderr, "%s (with no options)\n\tRun magiskhide and output to stdout\n", argv[0]);
+			fprintf(stderr, "%s --daemon\n\tRun magiskhide as daemon, output to magisk.log\n", argv[0]);
+			return 1;
+		}
+	} else 
+		logfile = stdout;
+
+
+	// Handle all killing signals
+	signal(SIGINT, terminate);
+	signal(SIGTERM, terminate);
+
+	// Fork a child to handle namespace switches and unmounts
+	pipe(pipefd);
+	switch(fork()) {
+		case -1:
+			exit(-1);
+		case 0:
+			return hideMagisk();
+		default:
+			break; 
+	}
+	close(pipefd[0]);
+
+	// Start a thread to constantly check the hide list
+	pthread_mutex_init(&mutex, NULL);
+	pthread_create(&list_monitor, NULL, monitor_list, HIDELIST);
+
+	// Set main process to the top priority
+	setpriority(PRIO_PROCESS, 0, -20);
+
+	monitor_proc();
+
+	terminate(0);
+
+	fprintf(logfile, "MagiskHide: Cannot monitor am_proc_start, abort...\n");
+	fclose(logfile);
+
+	return 1;
+}

jni/magiskhide/proc_monitor.c

@@ -0,0 +1,82 @@
+#include "magiskhide.h"
+
+void monitor_proc() {
+	int pid, badns, zygote_num = 0;
+	char init_ns[32], zygote_ns[2][32];
+
+	// Get the mount namespace of init
+	read_namespace(1, init_ns, 32);
+
+	printf("%s\n", init_ns);
+
+	// Get the mount namespace of zygote
+	FILE *p = popen("/data/busybox/ps | grep zygote | grep -v grep", "r");
+	while(fgets(buffer, sizeof(buffer), p)) {
+		if (zygote_num == 2) break;
+		sscanf(buffer, "%d", &pid);
+		do {
+			usleep(500);
+			read_namespace(pid, zygote_ns[zygote_num], 32);
+		} while (strcmp(zygote_ns[zygote_num], init_ns) == 0);
+		++zygote_num;
+	}
+	pclose(p);
+
+	for (i = 0; i < zygote_num; ++i)
+		fprintf(logfile, "Zygote(%d) ns=%s ", i, zygote_ns[i]);
+	fprintf(logfile, "\n");
+
+	// Monitor am_proc_start
+	p = popen("while true; do logcat -b events -c; logcat -b events -v raw -s am_proc_start; sleep 1; done", "r");
+
+	while(!feof(p)) {
+		//Format of am_proc_start is (as of Android 5.1 and 6.0)
+		//UserID, pid, unix uid, processName, hostingType, hostingName
+		fgets(buffer, sizeof(buffer), p);
+
+		char *pos = buffer;
+		while(1) {
+			pos = strchr(pos, ',');
+			if(pos == NULL)
+				break;
+			pos[0] = ' ';
+		}
+
+		char processName[256];
+		int ret = sscanf(buffer, "[%*d %d %*d %256s", &pid, processName);
+
+		if(ret != 2)
+			continue;
+
+		pthread_mutex_lock(&mutex);
+		for (i = 0; i < list_size; ++i) {
+			if(strcmp(processName, hide_list[i]) == 0) {
+				while(1) {
+					badns = 0;
+					read_namespace(pid, buffer, 32);
+					for (i = 0; i < zygote_num; ++i) {
+						if (strcmp(buffer, zygote_ns[i]) == 0) {
+							usleep(500);
+							badns = 1;
+							break;
+						}
+					}
+					if (!badns) break;
+				}
+
+				// Send pause signal ASAP
+				if (kill(pid, SIGSTOP) == -1) continue;
+
+				fprintf(logfile, "MagiskHide: %s(PID=%d ns=%s)\n", processName, pid, buffer);
+
+				// Unmount start
+				write(pipefd[1], &pid, sizeof(pid));
+				break;
+			}
+		}
+		pthread_mutex_unlock(&mutex);
+	}
+
+	// Close the logcat monitor
+	pclose(p);
+}

jni/magiskhide/util.c

@@ -0,0 +1,59 @@
+#include "magiskhide.h"
+
+char **file_to_str_arr(FILE *fp, int *size) {
+	int allocated = 16;
+	char *line = NULL, **array;
+	size_t len = 0;
+	ssize_t read;
+
+	array = (char **) malloc(sizeof(char*) * allocated);
+
+	*size = 0;
+	while ((read = getline(&line, &len, fp)) != -1) {
+		if (*size >= allocated) {
+			// Double our allocation and re-allocate
+			allocated *= 2;
+			array = (char **) realloc(array, sizeof(char*) * allocated);
+		}
+		// Remove end newline
+		if (line[read - 1] == '\n') {
+			line[read - 1] = '\0';
+		}
+		array[*size] = line;
+		line = NULL;
+		++(*size);
+	}
+	return array;
+}
+
+void read_namespace(const int pid, char* target, const size_t size) {
+	char path[32];
+	snprintf(path, sizeof(path), "/proc/%d/ns/mnt", pid);
+	ssize_t len = readlink(path, target, size);
+	target[len] = '\0';
+}
+
+void lazy_unmount(const char* mountpoint) {
+	if (umount2(mountpoint, MNT_DETACH) != -1)
+		fprintf(logfile, "MagiskHide: Unmounted (%s)\n", mountpoint);
+	else
+		fprintf(logfile, "MagiskHide: Unmount Failed (%s)\n", mountpoint);
+}
+
+void run_as_daemon() {
+	switch(fork()) {
+		case -1:
+			exit(-1);
+		case 0:
+			if (setsid() < 0)
+				exit(-1);
+			close(STDIN_FILENO);
+			close(STDOUT_FILENO);
+			close(STDERR_FILENO);
+			logfile = fopen(LOGFILE, "a+");
+			setbuf(logfile, NULL);
+			break;
+		default:
+			exit(0); 
+	}
+}

uninstaller/META-INF/com/google/android/update-binary

@@ -10,6 +10,12 @@
 
 INSTALLER=/tmp/uninstall
 
+# Boot Image Variables
+CHROMEDIR=$INSTALLER/chromeos
+NEWBOOT=$TMPDIR/boottmp/new-boot.img
+UNPACKDIR=$TMPDIR/boottmp/bootunpack
+RAMDISK=$TMPDIR/boottmp/ramdisk
+
 # Default permissions
 umask 022
 
@@ -73,7 +79,7 @@ find_boot_image() {
   if [ -z "$BOOTIMAGE" ]; then
     FSTAB="/etc/recovery.fstab"
     [ ! -f "$FSTAB" ] && FSTAB="/etc/recovery.fstab.bak"
-    [ -f "$FSTAB" ] BOOTIMAGE=`grep -E '\b/boot\b' "$FSTAB" | grep -oE '/dev/[a-zA-Z0-9_./-]*'`
+    [ -f "$FSTAB" ] && BOOTIMAGE=`grep -E '\b/boot\b' "$FSTAB" | grep -oE '/dev/[a-zA-Z0-9_./-]*'`
   fi
 }
 
@@ -96,12 +102,46 @@ grep_prop() {
   cat $FILES 2>/dev/null | sed -n $REGEX | head -n 1
 }
 
+mount_image() {
+  if [ ! -d "$2" ]; then
+    mount -o rw,remount rootfs /
+    mkdir -p $2 2>/dev/null
+    ($BOOTMODE) && mount -o ro,remount rootfs /
+    [ ! -d "$2" ] && return 1
+  fi
+  if (! is_mounted $2); then
+    LOOPDEVICE=
+    for LOOP in 0 1 2 3 4 5 6 7; do
+      if (! is_mounted $2); then
+        LOOPDEVICE=/dev/block/loop$LOOP
+        if [ ! -f "$LOOPDEVICE" ]; then
+          mknod $LOOPDEVICE b 7 $LOOP 2>/dev/null
+        fi
+        losetup $LOOPDEVICE $1
+        if [ "$?" -eq "0" ]; then
+          mount -t ext4 -o loop $LOOPDEVICE $2
+          if (! is_mounted $2); then
+            /system/bin/toolbox mount -t ext4 -o loop $LOOPDEVICE $2
+          fi
+          if (! is_mounted $2); then
+            /system/bin/toybox mount -t ext4 -o loop $LOOPDEVICE $2
+          fi
+        fi
+        if (is_mounted $2); then
+          ui_print "- Mounting $1 to $2"
+          break;
+        fi
+      fi
+    done
+  fi
+}
+
 unpack_boot() {
   rm -rf $UNPACKDIR $RAMDISK 2>/dev/null
   mkdir -p $UNPACKDIR
   mkdir -p $RAMDISK
   cd $UNPACKDIR
-  $BINDIR/bootimgtools --extract $1
+  LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/bootimgtools --extract $1
 
   cd $RAMDISK
   gunzip -c < $UNPACKDIR/ramdisk.gz | cpio -i
@@ -111,11 +151,11 @@ repack_boot() {
   cd $RAMDISK
   find . | cpio -o -H newc 2>/dev/null | gzip -9 > $UNPACKDIR/ramdisk.gz
   cd $UNPACKDIR
-  $BINDIR/bootimgtools --repack $ORIGBOOT
+  LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/bootimgtools --repack $BOOTIMAGE
   if [ -f chromeos ]; then
     echo " " > config
     echo " " > bootloader
-    $CHROMEDIR/futility vbutil_kernel --pack new-boot.img.signed --keyblock $CHROMEDIR/kernel.keyblock --signprivate $CHROMEDIR/kernel_data_key.vbprivk --version 1 --vmlinuz new-boot.img --config config --arch arm --bootloader bootloader --flags 0x1
+    LD_LIBRARY_PATH=$SYSTEMLIB $CHROMEDIR/futility vbutil_kernel --pack new-boot.img.signed --keyblock $CHROMEDIR/kernel.keyblock --signprivate $CHROMEDIR/kernel_data_key.vbprivk --version 1 --vmlinuz new-boot.img --config config --arch arm --bootloader bootloader --flags 0x1
     rm -f new-boot.img
     mv new-boot.img.signed new-boot.img
   fi
@@ -125,6 +165,11 @@ repack_boot() {
       echo -n "SEANDROIDENFORCE" >> new-boot.img
     fi
   fi
+  if ($LGE_G); then
+    # Prevent secure boot error on LG G2/G3.
+    # Just for know, It's a pattern which bootloader verifies at boot. Thanks to LG hackers.
+    echo -n -e "\x41\xa9\xe4\x67\x74\x4d\x1d\x1b\xa4\x29\xf2\xec\xea\x65\x52\x79" >> new-boot.img
+  fi
   mv new-boot.img $NEWBOOT
 }
 
@@ -132,29 +177,43 @@ revert_boot() {
   rm -rf $TMPDIR/boottmp 2>/dev/null
   mkdir -p $TMPDIR/boottmp
 
-  CHROMEDIR=$INSTALLER/chromeos
-  NEWBOOT=$TMPDIR/boottmp/new-boot.img
-  UNPACKDIR=$TMPDIR/boottmp/bootunpack
-  RAMDISK=$TMPDIR/boottmp/ramdisk
-
-  ORIGBOOT=$BOOTIMAGE
-
   ui_print "- Unpacking boot image"
-  unpack_boot $ORIGBOOT
+  unpack_boot $BOOTIMAGE
 
-  if [ -d ".backup" ]; then
+  SUPERSU=false
+  [ -f sbin/launch_daemonsu.sh ] && SUPERSU=true
+
+  if ($SUPERSU); then
+    ui_print "- SuperSU patched boot detected!"
+    SUIMG=/data/su.img
+    mount_image $SUIMG /su
+    if (is_mounted /su); then
+      SUPERSULOOP=$LOOPDEVICE
+      gunzip -c < $UNPACKDIR/ramdisk.gz > $UNPACKDIR/ramdisk
+      ui_print "- Using sukernel to restore ramdisk"
+      # Restore ramdisk
+      LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-restore $UNPACKDIR/ramdisk $UNPACKDIR/ramdisk
+      if [ $? -ne 0 ]; then
+        ui_print "! Unable to restore ramdisk"
+        ui_print "! Will still remove Magisk additions"
+      fi
+      rm -rf $RAMDISK
+      mkdir -p $RAMDISK
+      cd $RAMDISK
+      cpio -i < $UNPACKDIR/ramdisk
+      rm -f $UNPACKDIR/ramdisk
+    fi
+  elif [ -d ".backup" ]; then
     ui_print "- Restoring ramdisk with backup"
     cp -af .backup/. .
-    rm -rf magisk init.magisk.rc sbin/magic_mask.sh 2>/dev/null
-    rm -rf .backup
   else
     ui_print "! No ramdisk backup found"
-    ui_print "! Unable to revert completely"
     ui_print "! Will still remove Magisk additions"
-    # Removing boot image modifications
-    rm -rf magisk init.magisk.rc sbin/magic_mask.sh 2>/dev/null
   fi
 
+  # Remove possible boot modifications
+  rm -rf magisk init.magisk.rc sbin/magic_mask.sh .backup 2>/dev/null
+
   ui_print "- Repacking boot image"
   repack_boot
 }
@@ -188,6 +247,19 @@ if [ $? -eq 0 ]; then
   SAMSUNG=true
 fi
 
+LGE_G=false
+RBRAND=$(grep_prop ro.product.brand)
+RMODEL=$(grep_prop ro.product.device)
+if [ "$RBRAND" = "lge" ] || [ "$RBRAND" = "LGE" ];  then 
+  if [ "$RMODEL" = "*D80*" ] || 
+     [ "$RMODEL" = "*S98*" ] || 
+     [ "$RMODEL" = "*D85*" ] ||
+     [ "$RMODEL" = "*F40*" ]; then
+    LGE_G=true
+    ui_print "! Bump device detected"
+  fi
+fi
+
 API=$(grep_prop ro.build.version.sdk)
 ABI=$(grep_prop ro.product.cpu.abi | cut -c-3)
 ABI2=$(grep_prop ro.product.cpu.abi2 | cut -c-3)
@@ -205,6 +277,9 @@ ui_print "- Device platform: $ARCH"
 BINDIR=$INSTALLER/$ARCH
 chmod -R 755 $CHROMEDIR/futility $BINDIR
 
+SYSTEMLIB=/system/lib
+($IS64BIT) && SYSTEMLIB=/system/lib64
+
 find_boot_image
 if [ -z "$BOOTIMAGE" ]; then
   ui_print "! Unable to detect boot image"
@@ -215,11 +290,14 @@ fi
 # Detection all done, start installing
 ##########################################################################################
 
+ui_print "- Found Boot Image: $BOOTIMAGE"
+
 if (is_mounted /data); then
-  cp -af /data/stock_boot_*.gz /data/stock_boot.img.gz 2>/dev/null
-  gzip -d /data/stock_boot.img.gz 2>/dev/null
-  rm -rf /data/stock_boot.img.gz 2>/dev/null
-  if [ -f "/data/stock_boot.img" ]; then
+  PATH=/data/busybox:$PATH
+  cp -f /data/stock_boot_*.gz /data/stock_boot.img.gz 2>/dev/null
+  gunzip -d < /data/stock_boot.img.gz > /data/stock_boot.img 2>/dev/null
+  rm -f /data/stock_boot.img.gz 2>/dev/null
+  if [ -f /data/stock_boot.img ]; then
     ui_print "- Boot image backup found!"
     NEWBOOT=/data/stock_boot.img
   else
@@ -229,16 +307,16 @@ if (is_mounted /data); then
   ui_print "- Removing Magisk files"
   rm -rf  /cache/magisk.log /cache/last_magisk.log /cache/magiskhide.log \
           /cache/magisk /cache/magisk_merge /cache/magisk_mount  /cache/unblock \
-          /data/Magisk.apk /data/magisk.img /data/magisk_merge.img \
+          /data/Magisk.apk /data/magisk.apk /data/magisk.img /data/magisk_merge.img \
           /data/busybox /data/magisk /data/custom_ramdisk_patch.sh 2>/dev/null
 else
-  ui_print "! Data unavalible"
+  ui_print "! Data unavailable"
   ui_print "! Impossible to restore original boot image"
   ui_print "! Try using ramdisk backup"
   revert_boot
   ui_print "- Removing Magisk files"
   rm -rf  /cache/magisk.log /cache/last_magisk.log /cache/magiskhide.log \
-          /cache/magisk /cache/magisk_merge /cache/magisk_mount  /cache/unblock 2>/dev/null
+          /cache/magisk /cache/magisk_merge /cache/magisk_mount /cache/unblock 2>/dev/null
   ui_print "*****************************************"
   ui_print "     Magisk is not fully removed yet     "
   ui_print " Please manually remove /data/magisk.img "
@@ -252,6 +330,11 @@ ui_print "- Flashing reverted image"
 dd if=$NEWBOOT of=$BOOTIMAGE bs=4096
 
 umount /system
+if [ ! -z $SUPERSU ]; then
+  umount /su
+  losetup -d $SUPERSULOOP
+  rmdir /su
+fi
 
 ui_print "- Done"
 exit 0

zip_static/common/custom_ramdisk_patch.sh

@@ -1,18 +1,33 @@
 #!/system/bin/sh
 
 RAMDISK=$1
-BINDIR=/data/magisk
+BINDIR=$2
+[ -z $BINDIR ] && BINDIR=/data/magisk
+SYSTEMLIB=/system/lib
+[ -d /system/lib64 ] && SYSTEMLIB=/system/lib64
 
 cpio_add() {
-  /su/bin/sukernel --cpio-add $RAMDISK $RAMDISK $2 $1 $1
+  LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-add $RAMDISK $RAMDISK $2 $1 $1
 }
 
 cpio_extract() {
-  /su/bin/sukernel --cpio-extract $RAMDISK $1 $1
+  LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-extract $RAMDISK $1 $1
 }
 
 cpio_mkdir() {
-  /su/bin/sukernel --cpio-mkdir $RAMDISK $RAMDISK $2 $1
+  LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-mkdir $RAMDISK $RAMDISK $2 $1
+}
+
+# Recursive
+cpio_rm() {
+  if [ "$1" = "-r" ]; then
+    LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-ls $RAMDISK | grep "^$2/" | while read i ; do
+      LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-rm $RAMDISK $RAMDISK $i
+    done
+    LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-rmdir $RAMDISK $RAMDISK $2
+  else
+    LD_LIBRARY_PATH=$SYSTEMLIB /su/bin/sukernel --cpio-rm $RAMDISK $RAMDISK $1
+  fi
 }
 
 rm -rf /tmp/magisk/ramdisk 2>/dev/null
@@ -24,27 +39,23 @@ cat $RAMDISK | cpio -i
 # Patch ramdisk
 echo "- Patching ramdisk"
 
+# Cleanup SuperSU backups
+cpio_rm -r .subackup
+
 # Add magisk entrypoint
 for INIT in init*.rc; do
-  if [ $(grep -c "import /init.environ.rc" $INIT) -ne "0" ] && [ $(grep -c "import /init.magisk.rc" $INIT) -eq "0" ]; then
+  if [ `grep -c "import /init.environ.rc" $INIT` -ne "0" ] && [ `grep -c "import /init.magisk.rc" $INIT` -eq "0" ]; then
     sed -i "/import \/init\.environ\.rc/iimport /init.magisk.rc" $INIT
     cpio_add $INIT 750
     break
   fi
 done
 
-# Add magisk PATH
-if [ $(grep -c "/magisk/.core/busybox" init.environ.rc) -eq "0" ]; then
-  sed -i "/export PATH/ s/\/system\/xbin/\/system\/xbin:\/magisk\/.core\/busybox/g" init.environ.rc
-  cpio_add init.environ.rc 750
-fi
-
 # sepolicy patches
-$BINDIR/sepolicy-inject --magisk -P sepolicy
+LD_LIBRARY_PATH=$SYSTEMLIB $BINDIR/sepolicy-inject --magisk -P sepolicy
 cpio_add sepolicy 644
 
 # Add new items
-mkdir -p magisk 2>/dev/null
 cp -af $BINDIR/init.magisk.rc init.magisk.rc
 cp -af $BINDIR/magic_mask.sh sbin/magic_mask.sh
 

zip_static/common/init.magisk.rc

@@ -7,7 +7,7 @@ on post-fs
 
 on post-fs-data
     start magisk_pfsd
-    wait /dev/.magisk.unblock 40
+    wait /dev/.magisk.unblock 60
     rm /dev/.magisk.unblock
 
 on property:magisk.restart_pfsd=1