Reset SELinux context for module files when necessary

This will not always work since on ROMs with incorrect SELinux rules, the system reset them to the "incorrect" one at the same time
RikkaApps · Jul 27, 2021 · 693aeb6 · 693aeb6
1 parent 435a25b
commit 693aeb6
Show file tree

Hide file tree

Showing 7 changed files with 33 additions and 28 deletions.
diff --git a/rirud/src/main/java/riru/DaemonUtils.java b/rirud/src/main/java/riru/DaemonUtils.java
@@ -106,17 +106,17 @@ public class DaemonUtils {
         File magiskDir = new File(DaemonUtils.getMagiskTmpfsPath(), ".magisk/modules/riru-core");
 
         if (has64Bit()) {
-            fileContext &= isSystemFileContextForChildren(new File(magiskDir, "lib64"));
-            fileContext &= isSystemFileContextForParent(new File(magiskDir, "lib64"), magiskDir);
-            fileContext &= isSystemFileContextForChildren(new File(magiskDir, "system/lib64"));
-            fileContext &= isSystemFileContextForParent(new File(magiskDir, "system/lib64"), magiskDir);
+            fileContext &= checkOrResetContextForChildren(new File(magiskDir, "lib64"));
+            fileContext &= checkOrResetContextForForParent(new File(magiskDir, "lib64"), magiskDir);
+            fileContext &= checkOrResetContextForChildren(new File(magiskDir, "system/lib64"));
+            fileContext &= checkOrResetContextForForParent(new File(magiskDir, "system/lib64"), magiskDir);
         }
 
         if (has32Bit()) {
-            fileContext &= isSystemFileContextForChildren(new File(magiskDir, "lib"));
-            fileContext &= isSystemFileContextForParent(new File(magiskDir, "lib"), magiskDir);
-            fileContext &= isSystemFileContextForChildren(new File(magiskDir, "system/lib"));
-            fileContext &= isSystemFileContextForParent(new File(magiskDir, "system/lib"), magiskDir);
+            fileContext &= checkOrResetContextForChildren(new File(magiskDir, "lib"));
+            fileContext &= checkOrResetContextForForParent(new File(magiskDir, "lib"), magiskDir);
+            fileContext &= checkOrResetContextForChildren(new File(magiskDir, "system/lib"));
+            fileContext &= checkOrResetContextForForParent(new File(magiskDir, "system/lib"), magiskDir);
         }
     }
 
@@ -460,14 +460,20 @@ public static String getDevRandom() {
         return devRandom;
     }
 
-    private static boolean isSystemFileContext(File file) {
+    private static boolean checkAndResetContextForFile(File file) {
         if (!isSELinuxEnforcing) return true;
 
         String path = file.getAbsolutePath();
         try {
             String context = SELinux.getFileContext(path);
             if (!Objects.equals("u:object_r:system_file:s0", context)) {
                 Log.w(TAG, "Context for " + path + " is " + context + " rather than u:object_r:system_file:s0");
+
+                if (SELinux.setFileContext(path, "u:object_r:system_file:s0")) {
+                    Log.i(TAG, path + " -> u:object_r:system_file:s0");
+                } else {
+                    Log.w(TAG, "Failed to reset context.");
+                }
                 return false;
             } else {
                 Log.d(TAG, context + " " + path);
@@ -477,27 +483,30 @@ private static boolean isSystemFileContext(File file) {
         return true;
     }
 
-    private static boolean isSystemFileContextForChildren(File folder) {
+    private static boolean checkOrResetContextForChildren(File folder) {
         if (!isSELinuxEnforcing) return true;
 
+        boolean res = true;
         File[] files = folder.listFiles();
         if (files != null) {
             for (File f : files) {
-                if (!isSystemFileContext(f)) return false;
+                res &= checkAndResetContextForFile(f);
             }
         }
-        return true;
+        return res;
     }
 
-    private static boolean isSystemFileContextForParent(File from, File to) {
+    private static boolean checkOrResetContextForForParent(File from, File to) {
         if (!isSELinuxEnforcing) return true;
 
+        boolean res = true;
+
         do {
-            if (!isSystemFileContext(from)) return false;
+            res &= checkAndResetContextForFile(from);
             from = from.getParentFile();
         } while (from != null && !Objects.equals(from, to));
 
-        return isSystemFileContext(to);
+        return res & checkAndResetContextForFile(to);
     }
 
     private static void collectModules(boolean is64) {
@@ -541,10 +550,10 @@ private static void collectModules(boolean is64) {
                 libs.add(new Pair<>(id, lib.getAbsolutePath()));
                 Log.d(TAG, "Path for " + id + " is " + lib.getAbsolutePath());
 
-                fileContext &= isSystemFileContext(lib);
+                fileContext &= checkAndResetContextForFile(lib);
             }
 
-            fileContext &= isSystemFileContextForParent(libDir, magiskDir);
+            fileContext &= checkOrResetContextForForParent(libDir, magiskDir);
         }
     }
 

diff --git a/rirud/src/main/java/riru/Installer.java b/rirud/src/main/java/riru/Installer.java
@@ -23,11 +23,13 @@ private static void checkSELinux() {
         boolean exit = false;
         if (SELinux.checkSELinuxAccess("u:r:init:s0", "u:object_r:system_file:s0", "file", "relabelfrom")) {
             System.out.println("! Your ROM allows init to relabel Magisk module files");
+            System.out.println("- Riru will try to reset the context of modules files, but not guaranteed to always work");
             exit = true;
         }
 
         if (SELinux.checkSELinuxAccess("u:r:init:s0", "u:object_r:system_file:s0", "dir", "relabelfrom")) {
             System.out.println("! Your ROM allows init to relabel Magisk module files");
+            System.out.println("- Riru will try to reset the context of modules files, but not guaranteed to always work");
             exit = true;
         }
 

diff --git a/rirud/src/main/res/values-zh-rCN/strings.xml b/rirud/src/main/res/values-zh-rCN/strings.xml
@@ -7,6 +7,6 @@
     <string name="bad_prop">\u26A0\uFE0F 系统属性错误。请不要使用“优化”模块，因为通过修改属性来优化非常值得怀疑。</string>
     <string name="not_loaded">\u26A0\uFE0F Riru 未被加载，原因未知。</string>
     <string name="loaded">\uD83D\uDE0B Riru 正常工作中。已载入 %1$d 个模块 %2$s。</string>
-    <string name="bad_file_context">\u26A0\uFE0F Riru 和模块文件的 SELinux 上下文不正确，请尝试重新安装 Riru 和所有 Riru 模块。</string>
+    <string name="bad_file_context">\u26A0\uFE0F Riru 和模块文件的 SELinux 上下文不正确。Riru 已尝试重设它们，但您看到了该提示意味着重设没有起作用。这可能是由于您的 ROM 有不正确的 SELinux 规则。请参阅 Riru 在 GitHub 上的 wiki 以了解更多。</string>
     <string name="empty">无</string>
 </resources>
diff --git a/rirud/src/main/res/values-zh-rTW/strings.xml b/rirud/src/main/res/values-zh-rTW/strings.xml
@@ -7,6 +7,6 @@
     <string name="bad_prop">\u26A0\uFE0F 系統屬性錯誤。請不要使用“最佳化”模組，因為透過修改屬性來最佳化非常值得懷疑。</string>
     <string name="not_loaded">\u26A0\uFE0F Riru 未被載入，原因未知。</string>
     <string name="loaded">\uD83D\uDE0B Riru 正常工作中。已載入 %1$d 個模組 %2$s。</string>
-    <string name="bad_file_context">\u26A0\uFE0F Riru 和模組檔案的 SELinux 上下文不正確，請嘗試重新安裝 Riru 和所有 Riru 模組。</string>
+    <string name="bad_file_context">\u26A0\uFE0F Riru 和模組檔案的 SELinux 上下文不正確。Riru 已嘗試重設它們，但您看到了該提示意味著重設沒有起作用。這可能是由於您的 ROM 有不正確的 SELinux 規則。請參閱 Riru 在 GitHub 上的 wiki 以瞭解更多。</string>
     <string name="empty">無</string>
 </resources>
diff --git a/rirud/src/main/res/values/strings.xml b/rirud/src/main/res/values/strings.xml
@@ -7,6 +7,6 @@
     <string name="bad_prop">\u26A0\uFE0F System property is wrong. Please don\'t use \"optimize\" modules since it\'s very questionable to optimize by changing properties.</string>
     <string name="not_loaded">\u26A0\uFE0F Riru is not loaded and the reason in unknown.</string>
     <string name="loaded">\uD83D\uDE0B Riru is working normally. Loaded %1$d modules, %2$s.</string>
-    <string name="bad_file_context">\u26A0\uFE0F SELinux context for Riru and modules files are incorrect, try reinstalling Riru and all Riru modules.</string>
+    <string name="bad_file_context">\u26A0\uFE0F SELinux context for Riru and modules files are incorrect. Riru has tried to reset them, but you see this prompt means the reset did not work. This is may because your ROM have incorrect SELinux rules. See Riru wiki at GitHub for more.</string>
     <string name="empty">none</string>
 </resources>
diff --git a/stub/src/main/java/android/os/SELinux.java b/stub/src/main/java/android/os/SELinux.java
@@ -9,4 +9,6 @@ public class SELinux {
     public static final native boolean checkSELinuxAccess(String scon, String tcon, String tclass, String perm);
 
     public static final native String getFileContext(String path);
+
+    public static final native boolean setFileContext(String path, String context);
 }
diff --git a/template/magisk_module/customize.sh b/template/magisk_module/customize.sh
@@ -107,14 +107,6 @@ set_perm "$MODPATH/rirud.apk" 0 0 0600
 ui_print "- Checking if your ROM has incorrect SELinux rules"
 /system/bin/app_process -Djava.class.path="$MODPATH/rirud.apk" /system/bin --nice-name=riru_installer riru.Installer --check-selinux
 
-if [ $? -eq 1 ]; then
-  ui_print "! Your ROM has incorrect SELinux rules"
-  ui_print "! Open detailed explain page in 5s..."
-  sleep 5
-  /system/bin/am start -a android.intent.action.VIEW -c android.intent.category.BROWSABLE -d "https://github.com/RikkaApps/Riru/wiki/Explanation-about-incorrect-SELinux-rules-from-third-party-ROMs-cause-Riru-not-working"
-  abort
-fi
-
 ui_print "- Removing old files"
 rm -rf /data/adb/riru/bin
 rm /data/adb/riru/native_bridge