Hi there,
I recently got my OnePlus 9, and am converting the scripts I use to run luks to the new phone. Everything seems fine, losetup creates the node and loads the file as a block device, dmcrypt unlocks it, mount /dev/mapper/<partition-name> mounts it fine, but it's only visible as root (the user that mounted it). I've verified that the Magisk (22100) setting is to use the globalname space and just to make certain I've explicitly run mount within "su -mm", but regardless can only see the unmounted directory (verified by containing a file that isn't present within the encrypted partition).
Dmesg doesn't mention anything about the mount namespace (but I don't know that it would), so I wanted to verify that others have managed to use the su -mm/-M/--mount-master option successfully under android 11 (or, I guess more specifically Oxygen OS 11.2.4.4)?
As a side-note, this same script has been tested and worked with a OnePlus 7 on android 10 with magisk set to use globalnamespaces. Happy to provide further information or run tests if it'll help to get to the bottom of what's going on...
Thanks!
This also occurs in Magisk 23000.
I've discovered this thread:
https://twitter.com/i/web/status/1279508461370269696, however, I'm calling `su -mm` and I've set the mount namespace mode to "All root sessions use the global mount namespace", so I don't think that's relevant.
As best I can tell, once root mounts a directory, any other process running as root can see it (because of the global mount namespace), but normal processes can't access it. This seems to be due to mount namespaces, so the device now needs to be mounted with `-o shared` or `--make-shared`, but unfortunately that gives an unhelpful "invalid argument" message. Trying to change it with `-o remount` seems to succeed but the change to shared appears to be ignored.
When running the command, I get a single log entry that might provide more details:
05-15 03:02:54.184 30090 30090 I su : type=1400 audit(0.0:1523): avc: denied { ioctl } for path="/dev/pts/3" dev="devpts" ino=6 ioctlcmd=0x5404 scontext=u:r:magisk:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file permissive=1
But I can't quite tell what's causing that to be stopped. I don't know whether it's related or not and whether I should be digging into audit/selinux permissions, or figuring out what the ioctlcmd is. Any help would be much appreciated...
Well, I've confirmed that any app that launches root can see the mountpoint, but otherwise can't. The `-o shared` option seems to cause either a parsing error, or at least no success with both the native toybox implementation and with busybox.
I found this excellent article suggesting that `nsenter -t 1 -m <shell-command>` should get me into the pid 1 namespace, which should then be inherited by everyone. I can get in there, and carry out the mount, but I can only get apps to see the mount point if I enter their specific pid namespace and mount the directory I want. This happens if root namespace is both global or inherited (I haven't tried isolated, but I can't see why that would work?). So essentially, even though I seem to be doing all the right things, I'm getting nowhere. Clearly it's possible to mount things so that everyone can see them (because magisk does it when it bind mounts various programs from modules), so could anyone that knows the internals of magisk better shed some light on what might be going wrong and how I could get global mounting working properly? I tried the pid for zygote64 as well (which seemed to be part of `main` which was at the top of the process tree), but again it wasn't seen by the test program.
Any help would be much appreciated...
Related
hi
after searching about Magisk mount details, i need more info about it. Github document is obscure .
i work in low level customization in android and need some feature like system-less in Magisk.
i want to know how Magisk use overly mount and how create it.
why when create file in system folder in module, that not exist in real system partition , it mount all thing from real system partition.
@topjohnwu
Thank you for your great work. If it's possible to give a more professional description of this
no any idea ?
surbiks said:
hi
after searching about Magisk mount details, i need more info about it. Github document is obscure .
i work in low level customization in android and need some feature like system-less in Magisk.
i want to know how Magisk use overly mount and how create it.
why when create file in system folder in module, that not exist in real system partition , it mount all thing from real system partition.
@topjohnwu
Thank you for your great work. If it's possible to give a more professional description of this
Click to expand...
Click to collapse
1) First of all, when a module adds a new file, the first most leaf directory present in the real partition needs to be over-layed by tmpfs, because the new file appearing is coming from that dir, if we don't overlay the dir, we won't know where the file actually exists, and if that exists in the directory we over-layed, the overlay will make the file appear in real system, while the file will actually be in the magisk.img, I'm not a native English speaker, so forgive any bad English.
2) If you need to know how Magic Mount works, you should browse through this source module, all of the Magic Mounting is done in the post-fs-data boot stage, which triggers the void post_fs_data(int client) function, follow the control flow from there on and you will know how that actually works.
*) If you don't understand the "C" language, quote me back with actually what you're trying to accomplish, so that I can help you better.
anybody know how to magisk mount system and data to mmc1p1 and mmc1p2?
[Deleted]
I am new to being rooted with Magisk. What I need to accomplish was super easy on my old phone with SuperSu. On my new phone with Magisk, I simply want to silence the power on and power off tones that are played. I have tracked the ogg files down and find them in /oem/OP/OPEN_US/poweroff/PowerOff.ogg and poweron/PowerOn.ogg. However, I have no luck in my rooted file manager of doing anything with these files. Not sure why.
I have never written a Magisk module or installer. I have seen the developer guide at <https://github.com/topjohnwu/Magisk/blob/master/docs/guides.md>. I figure this is a personal module and so maybe no installer is needed? I know that a module is a folder put in /data/adb/modules and that the folder has at least one required file - module.prop - who's contents seem straight forward.
But I just have no idea how to proceed from there to accomplish what I want. I see the module's system folder is used to modify files. But what I need to process is not in /system so not sure how that might work here. I see mention of something called Root Directory Overlay System that might be helpful in all of this but I have no idea what is meant by "overlay.d folder". I see nothing of the sort.
Can someone please offer some guidance? Thanks very much.
With Magisk you can only replace files in /system, /vendor or /product. Anywhere else you'll have to do it the old-fashioned way. If it isn't possible to mount the partition you want to work with as rw, then you're unfortunately out of luck. I have no way of saying if it is possible to mount that particular partition rw or not, since I have no idea what device we are talking about or what you have tried.
For this particular issue you are much more likely to find proper help in your device's forum though. That's where you find the people that know how to work with your particular device.
Didgeridoohan said:
With Magisk you can only replace files in /system, /vendor or /product. Anywhere else you'll have to do it the old-fashioned way. If it isn't possible to mount the partition you want to work with as rw, then you're unfortunately out of luck. I have no way of saying if it is possible to mount that particular partition rw or not, since I have no idea what device we are talking about or what you have tried.
For this particular issue you are much more likely to find proper help in your device's forum though. That's where you find the people that know how to work with your particular device.
Click to expand...
Click to collapse
Hi and thanks for you help and speedy reply.
By "the old-fashioned way", I presume you mean something like mount -o rw,remount /system?
If I perform mount | grep oem I get:
/dev/block/sda20 on /oem type ext4 (ro,context=ubject_rp_file:s0,nosuid,nodev,noatime,noauto_da_alloc,data=ordered)
/dev/block/dm-0 on /oem/OP type ext4 (ro,context=ubject_rp_file:s0,nosuid,nodev,noatime,noauto_da_alloc,data=ordered)
I tried and can remount both /oem - at least mount now shows:
/dev/block/sda20 on /oem type ext4 (rw,context=ubject_rp_file:s0,nosuid,nodev,noatime,noauto_da_alloc,data=ordered)
. But when I try the same on /oem/OP I get only:
'/dev/block/dm-0' is read-only
And, of course, I cannot manipulate the files at all.
All of this is really way above my pay grade. So I really have no idea what else I might try. Thanks (I have posted to the LG-V40 forum on this too)
I need to replace the vo_config.xml file in /oem ... directory. Editing it the old fashion way does not work as rebooting reverts back all the changes. Can Magisk module accomplish this?
abuchison said:
I need to replace the vo_config.xml file in /oem ... directory. Editing it the old fashion way does not work as rebooting reverts back all the changes. Can Magisk module accomplish this?
Click to expand...
Click to collapse
At least on my device, I could not change anything in OEM.
I found the solution. Verity has to be disabled. You can accomplish that by HEX edit boot_a partition. Look for the verity string and change the value to "0"
abuchison said:
I found the solution. Verity has to be disabled. You can accomplish that by HEX edit boot_a partition. Look for the verity string and change the value to "0"
Click to expand...
Click to collapse
Could you please provide step by step instructions?
Some users of my file manager app have asked me to support systemless root, especially writing to the /system folder.
I told them to just create a Magisk module as described here:
https://topjohnwu.github.io/Magisk/guides.html
However, I was told that other file managers like MiXplorer can write to /system just fine. I can indeed confirm that this works with MiXplorer.
So I did some research, like searching via Google, StackOverflow, on GitHub, and here on XDA, and looking through all threads since 1.1.2019 manually, but couldn't find any definitive answers.
My questions:
1. What's the correct way to detect systemless root versus regular root? This is not about bypassing MagiskHide - my app has been granted root access. For example, should I look for folders like /sbin/.magisk/ or /sbin/.core/ or /data/adb/modules/? Or for one of these entries in /proc/mounts:
tmpfs / tmpfs ro,seclabel,relatime 0 0
/dev/loop0 /system ext4 rw,seclabel,noatime 0 0
/dev/loop0 /sbin/.magisk/mirror/system ext4 rw,seclabel,noatime 0 0
They are probably different for various Magisk versions, that's why I ask for the correct way to do it.
2. Once I know that the device is using systemless root, what's the correct way to write to /system?
a) It works when I mount the root folder "/" for read/write, then I can write to /system just fine, and the files are preserved after a reboot.
b) I can also write to /sbin/.magisk/mirror/system, which is already mounted as read/write, but that path may change between Magisk versions?
Sorry if this has been answered before - please point me to the right page if it has been answered.
It's not about systemless root, but Androids system-as-root. That's what you need to check for.
On a device that uses SAR and doesn't use a completely read-only partition you just need to mount root ("/") rw and you're done (just like you already wrote). I don't have time to go into more details then that at the moment, but that should give you something to start with.
And don't tinker with Magisk's internal paths and files. That will likely just lead to trouble...
Thanks for your reply - you are right, it's better to remount "/" instead of trying to find the internal paths.
However, how do I determine whether a system uses system-as-root as you call it? In my current implementation for older root methods, I look in /proc/mounts where the current path is mounted. For example, when a user tries to write to /system/media, I look in the mounts file for /system/media, then if it isn't found, for /system, and finally for /. This doesn't work with Magisk, because /system is there too. Here the first 2 line from a mounts file with Magisk:
tmpfs / tmpfs ro,seclabel,relatime 0 0
/dev/loop0 /system ext4 rw,seclabel,noatime 0 0
So I see that "/system" is mounted as "rw" and don't ask the user to remount "/". I need a way to detect that Magisk's new root method is used, so I need to ignore /system and remount "/" instead.
What do you mean when you talk about "Magisk's new root method"? MagiskSU shouldn't any effect on this...
Are you talking about how magic mounting deals with SAR? That was changed in Magisk v20. But still, John's just using the standard Android way of dealing with SAR so there's no mystery to it. You'll always find "/system" in proc with Magisk, because of Magisk modules and magic mounting.
If you need to check for a specific Magisk version you can always do that with the Magisk binary, and you can take a look at how Magisk determines if a device is SAR here (if I remember correctly, I'm in no way an expert on Magisk internals).
I mean the difference between older methods (e.g. SuperSU, or Magisk v19) where you would actually write to /system, and the newer method used by Magisk v20, where /system remains untouched and the data is written to overlays (via modules or tmpfs). I need a way to detect what the system uses. In the first case, I need to remount /system as rw and write to it, and in the second case, I need to remount "/" as rw.
Why don't you ask other developers how they've got it working? That would probably be the best approach...
That's why I ask in a developer forum...
chris_g said:
That's why I ask in a developer forum...
Click to expand...
Click to collapse
I've given you a few pointers already on how you can proceed... You have a way of detecting Magisk version and a way of detecting SAR, linked in one of my previous replies. If you need more than that I'm not your guy and you'll have to hope someone else can come along and give you what you want.
But since you say that MiXplorer works, why not ask there how they do it?
I'd like to delete /system/recovery-from-boot.p file on Ulefone Armor 7E, android 9, kernel version 4.9.117 no TWRP yet, Magisk 20.4 installed, root is working. ES Exlplorer or Mixplorer can't delete it however Mixplorer shows RW. Through adb I got read-only file system error (even with insecure adb). If I want to remount as RW I get following errors, mount: '/system' not in /proc/mounts or mount: '/dev/root' not user mountable in fstab.
I also could delete bloatware from /system/priv-app only with Magisk module: [Terminal] Debloater v17.3.2. Can you please help me how can I delete /system/recovery-from-boot.p? I there maybe another Magisk module to delete files from /system?
K_a_m_i said:
I'd like to delete /system/recovery-from-boot.p file on Ulefone Armor 7E, android 9, kernel version 4.9.117 no TWRP yet, Magisk 20.4 installed, root is working. ES Exlplorer or Mixplorer can't delete it however Mixplorer shows RW. Through adb I got read-only file system error (even with insecure adb). If I want to remount as RW I get following errors, mount: '/system' not in /proc/mounts or mount: '/dev/root' not user mountable in fstab.
I also could delete bloatware from /system/priv-app only with Magisk module: [Terminal] Debloater v17.3.2. Can you please help me how can I delete /system/recovery-from-boot.p? I there maybe another Magisk module to delete files from /system?
Click to expand...
Click to collapse
What do you want to achieve by deleting that file? I guess you are on stock?
I guess you could try to remount via a terminal app, or maybe mask it through magisk.
However, this question should be asked first in your device's forum--and please, not in any random unrelated thread. That way somebody with the same problem could find any discussion about it much more easily.
hi!
is there any way to replace the bootanimation binary on samsung devices before it gets loaded? i've dived into the magisk documentary a lot already and tried many methods to make a working module, but in every case the file either got replaced after the boot is done or just didn't get replaced at all.
if someone would please point me to the right direction, i was planning to release this module for other samsung phone owners to use!
Magic mounting often happens too late for the boot animation to successfully be replaced. There used to be an early mount stage, but that was buggy and therefore dropped a long time ago...
The earliest you could get away with is probably if you use a script in post-fs-data.d to bind mount the file from the module directory. Although, it is bad practice for modules to be placing scripts in post-fs-data.d, this could be necessary to get the earliest possible excecution. Just make sure to use the module uninstall.sh to delete the script and also leave in a self-destruct in the script if the module is removed without utilising the uninstall.sh file.
Also, bind mounts can trigger SafetyNet, but that depends a bit on what is actually mounted so keep an eye out for that.
No guarantees the above will work.
Hoo roo,
Am currently trying to install a custom version of BusyBox to get Linux Deploy working. The installation script is slightly buggy, but you can workaround it by changing the .sh script slightly and creating the folder /system/xbin.
However, having a bit of trouble. Using su in Termux and mounting / as rw, then attempting to mkdir /system/xbin softlocks my Boox Max 3. This appears to be as a result of android 9 doing system-as-root. Using TWRP, so bootloader is unlocked, and dm-verity is disabled as well. There's also most definitely enough space on /system, can't even make the folder though.
I'm following the instructions mentioned in this Github issue. To be clear, you need this custom version of busybox to get this working, it's quite strange.
Am so close to getting working Arch Linux on my eink tablet, can anyone point me in the right direction? Thank you in advance