ih8sn profile - Moto G7 Plus Questions & Answers

[edit some uneeded lines in the script removed]
Does anyone have a ih8sn.conf file or could generate one on stock motorola android? I created a bash script, following this site: https://community.e.foundation/t/howto-installing-banking-apps/5875/122?page=7
Bash:
```
#!/bin/bash
add_to_conf()
{
key=$1
prop=$2
value=$(adb shell getprop $prop)
echo "${key}=${value}"
}
add_to_conf BUILD_FINGERPRINT ro.build.fingerprint
add_to_conf BUILD_DESCRIPTION ro.build.description
add_to_conf BUILD_SECURITY_PATCH_DATE ro.build.version.security_patch
add_to_conf BUILD_TAGS ro.vendor.build.tags
add_to_conf BUILD_TYPE ro.vendor.build.type
add_to_conf BUILD_VERSION_RELEASE ro.build.version.release
add_to_conf BUILD_VERSION_RELEASE_OR_CODENAME ro.vendor.build.version.release_or_codename
echo "DEBUGGABLE=0"
add_to_conf MANUFACTURER_NAME ro.product.system.manufacturer
add_to_conf PRODUCT_NAME ro.product.system.name
```
So anyone who has a moto g7 plus on android and is running linux could run this and create the ih8sn file for the moto g7 plus. Basically ih8sn is to make banking and other apps to work on custom android versions like lineageos.

Obviously I could run this myself, but I don't want to wipe out all data on my current system...

Interesting, admin moved this post into the right channel?

Related

[GUIDE][DEBLOB][OP3/3T] Deblob alipay, ifaa and tencent soter

TL; DR HydrogenOS, OxygenOS, LineageOS and most of custom ROMs for oneplus3 has ifaa and soter binary blobs for fingerprint/iris authorization which is used for confirm payment in Alipay and WeChat Pay the most popular mobile payment Apps in mainland China, in case you don't use them, just want to get rid of them, or having privacy or security concern, you can just flash this zip in TWRP to deblob them (require firmware OxygenOS 9.0.2+, system-as-root). You probably need to flash it along with your ROM each time you install a new ROM or update existing one.
IFAA is used by Alipay, Tencent soter is used in WeChat Pay.
Those blobs and proprietary files (including IFAAService and SoterService apk) are used for biometric authentication during confirm payment in Alipay and WeChat Pay (usually by touching fingerprint censor to avoid typing password each time during confirm payment, they are disabled by default in those Apps and password authentication works without them)
This zip remove binary blobs alipay.* and soter.* from modem partition (which comes from NON-HLOS.bin the FAT filesystem image in official OxygenOS zip), IFAAService and SoterService apk and related proprietary libraries.
IFAA Manager (org.ifaa.android.manager) is open source, this zip does not remove IFAA Manager because it's probably included in BOOTCLASSPATH and removing them will cause lags on app start. You may ask ROM maintainers to remove them at compile time to remove them.
faceapp.* in modem and vendor/lib/libmmcamera_facedetection_lib.so in system also looks suspicious, but this zip does not remove it. You can edit it to suit your needs.
Tested on firmware from OxygenOS 9.0.6, LineageOS 17.1 (unofficial), TWRP 3.3.1-0
META-INF/com/google/android/updater-script
Code:
assert(getprop("ro.product.device") == "OnePlus3" || getprop("ro.build.product") == "OnePlus3" ||
getprop("ro.product.device") == "oneplus3" || getprop("ro.build.product") == "oneplus3" ||
getprop("ro.product.device") == "OnePlus3T" || getprop("ro.build.product") == "OnePlus3T" ||
getprop("ro.product.device") == "oneplus3t" || getprop("ro.build.product") == "oneplus3t" || abort("E3004: This package is for device: OnePlus3,oneplus3,OnePlus3T,oneplus3t; this device is " + getprop("ro.product.device") + "."););
assert(op3.verify_modem("2019-05-11 00:00:51") == "1" || abort("This package is for modem firmware from OxygenOS 9.0.2 or newer"););
ui_print(" ");
ui_print("## Deblob alipay ifaa and tencent soter ##");
ui_print("## for OnePlus 3 and OnePlus 3T ##");
ui_print("## this won't remove org.ifaa.android.manager ##");
ui_print("## because it's may included in BOOTCLASSPATH ##");
ui_print("Mounting system and modem...");
run_program("/sbin/toybox", "mount", "/system");
run_program("/sbin/toybox", "mount", "/dev/block/by-name/modem", "/system/system/vendor/firmware_mnt");
ui_print("Deblob alipay from modem...");
delete("/system/system/vendor/firmware_mnt/image/alipay.b00");
delete("/system/system/vendor/firmware_mnt/image/alipay.b01");
delete("/system/system/vendor/firmware_mnt/image/alipay.b02");
delete("/system/system/vendor/firmware_mnt/image/alipay.b03");
delete("/system/system/vendor/firmware_mnt/image/alipay.b04");
delete("/system/system/vendor/firmware_mnt/image/alipay.b05");
delete("/system/system/vendor/firmware_mnt/image/alipay.b06");
delete("/system/system/vendor/firmware_mnt/image/alipay.mdt");
ui_print("Deblob soter from modem...");
delete("/system/system/vendor/firmware_mnt/image/soter64.b00");
delete("/system/system/vendor/firmware_mnt/image/soter64.b01");
delete("/system/system/vendor/firmware_mnt/image/soter64.b02");
delete("/system/system/vendor/firmware_mnt/image/soter64.b03");
delete("/system/system/vendor/firmware_mnt/image/soter64.b04");
delete("/system/system/vendor/firmware_mnt/image/soter64.b05");
delete("/system/system/vendor/firmware_mnt/image/soter64.b06");
delete("/system/system/vendor/firmware_mnt/image/soter64.mdt");
ui_print("Remove proprietary files of ifaa from system...");
delete_recursive("/system/system/priv-app/IFAAService");
delete("/system/system/lib64/[email protected]");
delete("/system/system/vendor/bin/hw/[email protected]");
delete("/system/system/vendor/etc/init/[email protected]");
## removing org.ifaa.android.manager will cause lags on app start if it's included in BOOTCLASSPATH
# run_program("/sbin/sed", "-i", "s#:/system/framework/org.ifaa.android.manager.jar##", "/system/init.environ.rc");
# delete("/system/system/framework/org.ifaa.android.manager.jar");
# delete("/system/system/framework/boot-org.ifaa.android.manager.vdex");
# delete("/system/system/framework/arm/boot-org.ifaa.android.manager.art");
# delete("/system/system/framework/arm/boot-org.ifaa.android.manager.oat");
# delete("/system/system/framework/arm/boot-org.ifaa.android.manager.vdex");
# delete("/system/system/framework/arm64/boot-org.ifaa.android.manager.art");
# delete("/system/system/framework/arm64/boot-org.ifaa.android.manager.oat");
# delete("/system/system/framework/arm64/boot-org.ifaa.android.manager.vdex");
ui_print("Remove proprietary files of soter from system...");
delete_recursive("/system/system/app/SoterService");
delete("/system/system/vendor/bin/hw/[email protected]");
delete("/system/system/vendor/etc/init/[email protected]");
delete("/system/system/vendor/lib64/hw/[email protected]");
delete("/system/system/vendor/lib64/[email protected]");
show_progress(1, 5);
ui_print("Unmounting...");
run_program("/sbin/toybox", "umount", "/system/system/vendor/firmware_mnt");
run_program("/sbin/toybox", "umount", "/system");
ui_print("## Finished deblob alipay ifaa and soter ##");
ui_print(" ");
To check if you have successfully deblob and removed these files, just check if these files are been removed in any file manager with root on Android, or run the following command in a Terminal Emulator App or adb and check the output.
Code:
OnePlus3:/ # find /system -iname "*ifaa*"
/system/framework/arm64/boot-org.ifaa.android.manager.art
/system/framework/arm64/boot-org.ifaa.android.manager.oat
/system/framework/arm64/boot-org.ifaa.android.manager.vdex
/system/framework/org.ifaa.android.manager.jar
/system/framework/arm/boot-org.ifaa.android.manager.art
/system/framework/arm/boot-org.ifaa.android.manager.oat
/system/framework/arm/boot-org.ifaa.android.manager.vdex
/system/framework/boot-org.ifaa.android.manager.vdex
OnePlus3:/ # find /system -iname "*soter*"
OnePlus3:/ #
UPDATE:
Rewrote the post to reduce the mess. Thanks @nvertigo67 for pointing out BOOTCLASSPATH and performance drop issue when ifaa manager was removed.
This is a good idea!
Just some notes:
It only works for system-as-root roms (most - if not all - android 10 source build roms), for all other roms (oos and most - if not all - android 9 and below source build roms) you need to replace "system/system" by "system". For my taste it would be easier to use a shell script instead of the edify interpreter. To tell sar roms from non-sar roms you can use something like this:
Code:
#!/sbin/sh
OUTPUT=/proc/self/fd/$2;
ui_print() {
until [ ! "$1" ]; do
echo -e "ui_print $1\nui_print" >$OUTPUT;
shift;
done;
}
ui_print "***********************************";
ui_print "Settting ";
ui_print "ro.build.version.security_patch to ";
ui_print "2019-04-01 matching OOS 9.0.2";
ui_print "build fingerprint";
ui_print "(c) 2019 [email protected] ";
ui_print "***********************************";
ui_print "mount system";
system_mounted=$(mount | grep "system")
if [ -z "$system_mounted" ]; then
mount -o rw /system;
else
umount /system;
mount -o rw /system;
fi
if [ -e /system/build.prop ]; then
PROPFILE=/system/build.prop
ui_print "using /system/build.prop";
else
if [ -e /system/system/build.prop ]; then
PROPFILE=/system/system/build.prop
ui_print "using /system/system/build.prop";
else
ui_print "Can't locate the build.prop file,";
ui_print "nothing will be changed!";
ui_print "unmounting system";
umount_msg=$(umount /system 2>&1);
if [ -z "$umount_msg" ]; then
ui_print "system unmounted";
else
ui_print "$umount_msg";
fi
exit 1;
fi
fi
Instead of PROPFILE set SYSTEM_PATH to /system/system or /system accordingly, before mounting firmware_mnt, then you can throw away the not needed files with
Code:
find $SYSTEM_PATH -iname \*ifaa\* -o -iname \*soter\* -o -iname \*alipay\* |xargs rm -rf
For some source build roms (at least for all los-16.0 and los-17.1 based roms) deleting the mentioned files is only the first part of the job. The second part is removing "/system/framework/org.ifaa.android.manager.jar:" from "BOOTCLASSPATH" in /init.environ.rc (for non-sar roms; probably /system/init.environ.rc for sar roms). Otherwise boot.art can't be assemled on boot time. The rom works without boot.art in image-less mode, but this is significantly slower causing lags on app start, unlock and many more actions as e.g. opening of Settings.
I guess this is easy for sar roms (just sed /system/init.environ.rc) but is ugly for non-sar roms: you need to unpack the ramdisk from the boot partition change init.environ.rc repack the boot image, resign (for locked bootloaders) and reflash it to the boot partition.
For extracting, changing init.environ.rc and reflashing the boot image you can use @osm0sis' anykernel3 templates (https://forum.xda-developers.com/showthread.php?t=2670512 ); for resigning you may want to use @Chainfire's VerifiedBootSigner (https://forum.xda-developers.com/an...signing-boot-images-android-verified-t3600606 ). I've made one, which uses the oneplus bootloader required aosp keys: https://forum.xda-developers.com/showpost.php?p=78433989&postcount=4
There's also some more cosmetics: to completely remove all traces of ifaa, soter and alipay, from the build I've needed these commits:
https://github.com/nvertigo/android...mmit/2ab32d492f0b8d109b503c86208394c8fa5e7486
https://github.com/nvertigo/proprie...mmit/99a6fdf5dbbc8f5f7a9d2ccf43d139b5eecc08d5
Hope this helps making a final zip.
Johan2020 said:
Could you already share your zip?
I tried the same but ended with a rom which was much slower as mentioned in the link above. Probably the environment.rc issue (luisrom btw, so based on Lineage 17)
Click to expand...
Click to collapse
I've not decided which way to go, so I've no zip currently. For testing I've made a build with the mentioned commits and deleted the fw stuff manually with find and xargs.
On los17 (sar) you should be able to locate init.environ.rc and delete the boot jar entry manually.
Phaech4x said:
Alipay and WeChat Pay works without these stuff but you can use fingerprint payment when you have them (by press on fingerprint censor to confirm a payment instead of typing password).
Click to expand...
Click to collapse
Can somebody confirm the validity of this information, please? With the op-mentioned files removed only the fingerprint authorized payment is lost, but Alipay and WeChatPay is still working with apps installed from playstore.
Thanx in advance.
nvertigo67 said:
I've not decided which way to go, so I've no zip currently. For testing I've made a build with the mentioned commits and deleted the fw stuff manually with find and xargs.
On los17 (sar) you should be able to locate init.environ.rc and delete the boot jar entry manually.
Click to expand...
Click to collapse
I have made a little script to remove some stuff after flashing and it seems this is doing the job, though performance is still dropping, even with modified /system/init.environ.rc.
Since I have limited Android background knowledge, I have no idea where to search to get an idea where the performance drop is coming from.
This is the script:
Code:
# First mount firmware_mnt
mount /dev/block/by-name/modem /system/system/vendor/firmware_mnt
# Remove all files with ifaa, soter and alipay
bloblist="
/system/system/framework/arm/boot-org.ifaa.android.manager.art
/system/system/framework/arm/boot-org.ifaa.android.manager.oat
/system/system/framework/arm/boot-org.ifaa.android.manager.vdex
/system/system/framework/arm64/boot-org.ifaa.android.manager.art
/system/system/framework/arm64/boot-org.ifaa.android.manager.oat
/system/system/framework/arm64/boot-org.ifaa.android.manager.vdex
/system/system/framework/boot-org.ifaa.android.manager.vdex
/system/system/framework/org.ifaa.android.manager.jar
/system/system/lib64/[email protected]
/system/system/vendor/bin/hw/[email protected]
/system/system/vendor/bin/hw/[email protected]
/system/system/vendor/etc/init/[email protected]
/system/system/vendor/etc/init/[email protected]
/system/system/vendor/firmware_mnt/image/alipay.b00
/system/system/vendor/firmware_mnt/image/alipay.b01
/system/system/vendor/firmware_mnt/image/alipay.b02
/system/system/vendor/firmware_mnt/image/alipay.b03
/system/system/vendor/firmware_mnt/image/alipay.b04
/system/system/vendor/firmware_mnt/image/alipay.b05
/system/system/vendor/firmware_mnt/image/alipay.b06
/system/system/vendor/firmware_mnt/image/alipay.mdt
/system/system/vendor/firmware_mnt/image/soter64.b00
/system/system/vendor/firmware_mnt/image/soter64.b01
/system/system/vendor/firmware_mnt/image/soter64.b02
/system/system/vendor/firmware_mnt/image/soter64.b03
/system/system/vendor/firmware_mnt/image/soter64.b04
/system/system/vendor/firmware_mnt/image/soter64.b05
/system/system/vendor/firmware_mnt/image/soter64.b06
/system/system/vendor/firmware_mnt/image/soter64.mdt
/system/system/vendor/lib64/hw/[email protected]
/system/system/vendor/lib64/[email protected]
"
for blobname in $bloblist
do
if [ -d "$blobname" ]; then
chmod -R 777 "$blobname" 2>/dev/null
rm -rf "${blobname:?}"/* 2>/dev/null
else
chmod 777 "$blobname" 2>/dev/null
rm -f "$blobname" 2>/dev/null
fi
done
# Remove org.ifaa.android.manager.jar from environ.rc
sed -i 's/:\/system\/framework\/org.ifaa.android.manager.jar//' /system/init.environ.rc
umount /system/system/vendor/firmware_mnt
And this is init.environ.rc after using sed (org.ifaa.android.manager.jar removed):
Code:
# set up the global environment
on early-init
export ANDROID_BOOTLOGO 1
export ANDROID_ROOT /system
export ANDROID_ASSETS /system/app
export ANDROID_DATA /data
export ANDROID_STORAGE /storage
export ANDROID_RUNTIME_ROOT /apex/com.android.runtime
export ANDROID_TZDATA_ROOT /apex/com.android.tzdata
export EXTERNAL_STORAGE /sdcard
export ASEC_MOUNTPOINT /mnt/asec
export BOOTCLASSPATH /apex/com.android.runtime/javalib/core-oj.jar:/apex/com.android.runtime/javalib/core-libart.jar:/apex/com.android.runtime/javalib/okhttp.jar:/apex/com.android.runtime/javalib/bouncycastle.jar:/apex/com.android.runtime/javalib/apache-xml.jar:/system/framework/framework.jar:/system/framework/ext.jar:/system/framework/telephony-common.jar:/system/framework/voip-common.jar:/system/framework/ims-common.jar:/system/framework/android.test.base.jar:/system/framework/telephony-ext.jar:/system/framework/WfdCommon.jar:/apex/com.android.conscrypt/javalib/conscrypt.jar:/apex/com.android.media/javalib/updatable-media.jar
export DEX2OATBOOTCLASSPATH /apex/com.android.runtime/javalib/core-oj.jar:/apex/com.android.runtime/javalib/core-libart.jar:/apex/com.android.runtime/javalib/okhttp.jar:/apex/com.android.runtime/javalib/bouncycastle.jar:/apex/com.android.runtime/javalib/apache-xml.jar:/system/framework/framework.jar:/system/framework/ext.jar:/system/framework/telephony-common.jar:/system/framework/voip-common.jar:/system/framework/ims-common.jar:/system/framework/android.test.base.jar:/system/framework/telephony-ext.jar:/system/framework/WfdCommon.jar
export SYSTEMSERVERCLASSPATH /system/framework/org.lineageos.platform.jar:/system/framework/services.jar:/system/framework/ethernet-service.jar:/system/framework/wifi-service.jar:/system/framework/com.android.location.provider.jar
I have not used find because I had some issues in the past with find in combination of double astrix (*string*), though searching through /system after boot does not give any positive results on soter, alipay or ifaa so all seems removed. Have the feeling though, somewhere 'things' are linked to removed stuff which is the reason for the performance drop.
@Johan2020
for find: you need to make sure that the wildcards are passed to find and arn't substituted by the shell. If you don't escape the wildcards for the shell, they are only passed if the shell can't expand the expression.
for lag: you need to check the log. Increase the logbuffer size to 1 Mio (at least) to catch the complete boot, reboot and do something like
Code:
adb logcat -d | grep -i -e ifaa -e soter -e ali
nvertigo67 said:
@Johan2020
for find: you need to make sure that the wildcards are passed to find and arn't substituted by the shell. If you don't escape the wildcards for the shell, they are only passed if the shell can't expand the expression.
for lag: you need to check the log. Increase the logbuffer size to 1 Mio (at least) to catch the complete boot, reboot and do something like
Code:
adb logcat -d | grep -i -e ifaa -e soter -e ali
Click to expand...
Click to collapse
I guess I found something:
Code:
03-12 12:58:12.521 1818 1818 E dex2oat : Could not create image space with image file '/system/framework/boot.art'. Attempting to fall back to imageless running. Error was: Unexpected component count in /system/framework/arm64/boot.art, received 14, expected non-zero and <= 13
No output on ifaa, soter or ali though, but seems some checks are done in boot.art which are not correct anymore because of removed blobs?
Edit:
Did a new flash without removing the blobs (script from above) and do not have those errors in logcat.
So seems indeed related to removal.
Let me know if I can help with some other testing...
The number of boot jars seems to be somewhere, if rebooting to twrp and wiping caches doesn't help, I've no idea where to start searching. Maybe google is your friend to start investigating this.
nvertigo67 said:
The number of boot jars seems to be somewhere, if rebooting to twrp and wiping caches doesn't help, I've no idea where to start searching. Maybe google is your friend to start investigating this.
Click to expand...
Click to collapse
Ok, thanks. I always clear caches after new flash; rebooting and wiping did not solve the issue.
I probably have to live with it and keep the Ali, Soter and Ifaa stuff there where it is.
I only tried Alipay and it still works after removing these files. Fingerprint authorization payment for Alipay does not seems works on lineageos-17.1 tho (with official modem and keep these proprietary files), but I remembered it works on lineageos-16.0
I'm a bit curious now about who wrote IFAA Manager (org.ifaa.android.manager), where are these source code from and how was it been adopted by LineageOS. The comment message says IFAA protocol support fingerprint and iris authorization.
@nvertigo67 Thanks for your information, I didn't know removing these files cause lags for app start before. I can also confirm it cause noticeable lag, 1.30s to open settings, but cost 2.10s after remove these files.
@Johan2020 I have update the post and add a link to the updated zip, does not seems lag here after flash the zip which deblobbed the modem and removed IFAAService+SoterService apk but keep ifaa manager and other proprietary files.
This command output every *.odex file in `/system`, {boot,boot-org.ifaa.android.manager}.{oat,art} and org.ifaa.android.manager.jar
Code:
grep -rl org.ifaa.android.manager /system
Maybe this explained why it still lags after removed ifaamanager from init.environ.rc, then the only solution to remove these proprietary files without performance drop is remove them at build stage.
Phaech4x said:
I only tried Alipay and it still works after removing these files. Fingerprint authorization payment for Alipay does not seems works on lineageos-17.1 tho (with official modem and keep these proprietary files), but I remembered it works on lineageos-16.0
Click to expand...
Click to collapse
Thanx! I hate not being able to test something myself.
BTW: Is there any source of current data of WeChatPay usage? Honestly, I havn't known about the existence of WeChatPay until the tencent security/privacy flaw some time back...
Phaech4x said:
I'm a bit curious now about who wrote IFAA Manager (org.ifaa.android.manager), where are these source code from and how was it been adopted by LineageOS. The comment message says IFAA protocol support fingerprint and iris authorization.
Click to expand...
Click to collapse
It's from oss (don't mix with oos): https://github.com/LineageOS/androi...0ee28ea#diff-1eba4e28cf441865f85a2298f9bd8312
The very first version has been reverse engineered: https://github.com/LineageOS/androi...b113b64#diff-1eba4e28cf441865f85a2298f9bd8312
Phaech4x said:
@nvertigo67 Thanks for your information, I didn't know removing these files cause lags for app start before. I can also confirm it cause noticeable lag, 1.30s to open settings, but cost 2.10s after remove these files.
@Johan2020 I have update the post and add a link to the updated zip, does not seems lag here after flash the zip which deblobbed the modem and removed IFAAService+SoterService apk but keep ifaa manager and other proprietary files.
Click to expand...
Click to collapse
I guess it's safe to disable the ifaa daemon service as well, as long as the manager jar is available for assembling the boot jar.
Phaech4x said:
This command output every *.odex file in `/system`, {boot,boot-org.ifaa.android.manager}.{oat,art} and org.ifaa.android.manager.jar
Code:
grep -rl org.ifaa.android.manager /system
Maybe this explained why it still lags after removed ifaamanager from init.environ.rc, then the only solution to remove these proprietary files without performance drop is remove them at build stage.
Click to expand...
Click to collapse
Yep. Removing all ifaa, soter, AliPay stuff at compile time works flawlessly - inspired by your first posting: https://github.com/nvertigo/android...mmit/d8f0471eee92fe608b5e9b0b30d52b63d6d3d79f
JFYI: I've made alipay* and soter* free firmware packages with referenve to this very thread: https://forum.xda-developers.com/showpost.php?p=81997531&postcount=164
I'm running this combination without lag, drain or side effects (so far ). Though I've done it for los-16, I see no reason why it shouldn't work for los-17.1 as well.
What seems to work for removing on existing roms (so not on build stage) is to remove everything except org.ifaa.android.manager related stuff.
What I have removed is IFAAServices, Soterservices and everything related except in /system/system/framework.
This is what I have left:
Code:
/system/system/framework/arm/boot-org.ifaa.android.manager.art
/system/system/framework/arm/boot-org.ifaa.android.manager.oat
/system/system/framework/arm/boot-org.ifaa.android.manager.vdex
/system/system/framework/arm64/boot-org.ifaa.android.manager.art
/system/system/framework/arm64/boot-org.ifaa.android.manager.oat
/system/system/framework/arm64/boot-org.ifaa.android.manager.vdex
/system/system/framework/boot-org.ifaa.android.manager.vdex
/system/system/framework/org.ifaa.android.manager.jar
No delays and no issues in daily usage.
Edit:
Script part I am using now on non-deblobbed rom to remove just the stuff which can be removed (not the ifaa.android.manager files):
Code:
#!/sbin/sh
#
# https://forum.xda-developers.com/oneplus-3/how-to/guide-deblob-alipay-ifaa-tencent-soter-t4064893/
echo -n "Deblob AliPay, Soter & IFAA stuff..."
# First mount firmware_mnt
mount /dev/block/by-name/modem /system/system/vendor/firmware_mnt
# Remove all ifaa, soter and alipay blobs in Firmware
bloblist1="
/system/system/vendor/firmware_mnt/image/alipay.b00
/system/system/vendor/firmware_mnt/image/alipay.b01
/system/system/vendor/firmware_mnt/image/alipay.b02
/system/system/vendor/firmware_mnt/image/alipay.b03
/system/system/vendor/firmware_mnt/image/alipay.b04
/system/system/vendor/firmware_mnt/image/alipay.b05
/system/system/vendor/firmware_mnt/image/alipay.b06
/system/system/vendor/firmware_mnt/image/alipay.mdt
/system/system/vendor/firmware_mnt/image/soter64.b00
/system/system/vendor/firmware_mnt/image/soter64.b01
/system/system/vendor/firmware_mnt/image/soter64.b02
/system/system/vendor/firmware_mnt/image/soter64.b03
/system/system/vendor/firmware_mnt/image/soter64.b04
/system/system/vendor/firmware_mnt/image/soter64.b05
/system/system/vendor/firmware_mnt/image/soter64.b06
/system/system/vendor/firmware_mnt/image/soter64.mdt
"
for blobname in $bloblist1
do
if [ -d "$blobname" ]; then
chmod -R 777 "$blobname" 2>/dev/null
rm -rf "${blobname:?}"/* 2>/dev/null
else
chmod 777 "$blobname" 2>/dev/null
rm -f "$blobname" 2>/dev/null
fi
done
# Remove all ifaa, soter and alipay stuff in vendor and lib
bloblist2="
/system/system/vendor/bin/hw/[email protected]
/system/system/vendor/bin/hw/[email protected]
/system/system/vendor/etc/init/[email protected]
/system/system/vendor/etc/init/[email protected]
/system/system/vendor/lib64/hw/[email protected]
/system/system/vendor/lib64/[email protected]
/system/system/lib64/[email protected]
"
for blobname in $bloblist2
do
if [ -d "$blobname" ]; then
chmod -R 777 "$blobname" 2>/dev/null
rm -rf "${blobname:?}"/* 2>/dev/null
else
chmod 777 "$blobname" 2>/dev/null
rm -f "$blobname" 2>/dev/null
fi
done
# /system/system/framework/arm/boot-org.ifaa.android.manager.art
# /system/system/framework/arm/boot-org.ifaa.android.manager.oat
# /system/system/framework/arm/boot-org.ifaa.android.manager.vdex
# /system/system/framework/arm64/boot-org.ifaa.android.manager.art
# /system/system/framework/arm64/boot-org.ifaa.android.manager.oat
# /system/system/framework/arm64/boot-org.ifaa.android.manager.vdex
# /system/system/framework/boot-org.ifaa.android.manager.vdex
# /system/system/framework/org.ifaa.android.manager.jar
# Remove org.ifaa.android.manager.jar from environ.rc
# sed -i 's/:\/system\/framework\/org.ifaa.android.manager.jar//' /system/init.environ.rc
umount /system/system/vendor/firmware_mnt
echo " done!"
nvertigo67 said:
BTW: Is there any source of current data of WeChatPay usage? Honestly, I havn't known about the existence of WeChatPay until the tencent security/privacy flaw some time back...
I guess it's safe to disable the ifaa daemon service as well, as long as the manager jar is available for assembling the boot jar.
Click to expand...
Click to collapse
Ipsos's Report of Market Share of Third Party Mobile Payment in China (in Simplified Chinese)
Chi*na’s Mo*bile Pay*ments Mar*ket Grows Over 15% in Q3 2019, Ali*pay’s Mar*ket Share Ex*ceed Half | China Banking News (in English) seems the articles is about this report
In mainland China, Alibaba and Tencent own over 90% of mobile payment market, Alipay almost own the whole mobile payment market a few years ago, probably because of Alibaba's Taobao which is one of the most popular online shopping site in China.
Tencent has WeChat Pay, QQ Wallet and Tenpay. these reports which mentioned market share Tencent owned probably include them. WeChat Pay is included in WeChat and QQ Wallet is included in QQ, WeChat and QQ are most most popular instant messaging app in mainland China. imo the main reason WeChat Pay been popular in China is it has Red Envelope (Alipay also has it tho), Chines ppl like social, WeChat and QQ are more like social network than other instant messaging platform. WeChat Pay require fee for withdraw while Alipay is free to withdraw, and lots of Chinese ppl love the Red Envelope thing. It's like almost every smartphone/"internet" user in mainland China has a WeChat account, not only just for communicating with others, they use it to order a takeout, use Mini Program or something.
And Tencent also own the most Gaming Market in mainland China, there is QQ Currency which is usually used to buy items in games.
https://www.scmp.com/lifestyle/gadg...-wechat-pay-and-payme-put-test-find-out-which
According to a 2018 survey conducted by the Hong Kong Productivity Council on brand awareness of e-wallet services, Alipay, WeChat Pay, Apple Pay and PayMe were ranked top among users.
Click to expand...
Click to collapse
In Hong Kong, Apple Pay is the second most frequently used mobile payment in 2019, according to the survey conducted by JD Power, second only to AlipayHK.
Click to expand...
Click to collapse
I think Alipay and WeChat Pay are almost only used in China and Hong Kong. The only reason I can think of those mainland Chinese smartphone manufacturers include ifaa/soter in their international firmware/modem is that Alipay and WeChat Pay is also popular in Hong Kong where people have access to Internet and use GMS, beside they are too lazy to maintain variants of firmware/modem.
Johan2020 said:
What seems to work for removing on existing roms (so not on build stage) is to remove everything except org.ifaa.android.manager related stuff.
No delays and no issues in daily usage.
Click to expand...
Click to collapse
Thanks I have confirmed just keep ifaa manager won't cause lag on app start. In the other words, all of related blobs, proprietary files and related services files are been removed, only keep ifaa manager the open source part.
nvertigo67 said:
Can somebody confirm the validity of this information, please? With the op-mentioned files removed only the fingerprint authorized payment is lost, but Alipay and WeChatPay is still working with apps installed from playstore.
Thanx in advance.
Click to expand...
Click to collapse
Confirmed. Alipay and Wechatpay still works by typing password.
Firware: OP3T-9.0.6-fw-without-ifaa/soter
Rom: nlos-16.0-20200312
PS: It also affects unlocking Alipay using fingerprint which I don't use.
In case anyone is wondering:
I installed this with LineageOS 17.1 and nothing appears to be broken.
I do not use AliPay or any of those services so cannot comment on related effects.
Installed it on Lineageos 17.1 with SAR TWRP and it terminated with success. However, when rebooting to system and cross-checking, I recognised that the Blobs were still there. So I edited the updater script to replace /system with /system_root and voila, after flashing the modified package the Blobs are finally gone.
Ideally we'd have a check in the script if we're on SAR (check fstab?) and change the mount point accordingly, I think I've seen that somewhere here in the forums but lost the reference...
{Deleted, was sleeping I guess, had already answered my question myself....}
FYI, this is how I am removing Soter, Ifaa and Alipay stuff now, which is actually just a one-liner:
Code:
# Set root correctly depending on system as root or not
if [ -e "/system_root/system" ]; then
root="/system_root"
else
root="/system"
fi
# Mount firmware_mnt if not mounted already
if ! mountpoint -q "$root/system/vendor/firmware_mnt"; then
mount /dev/block/by-name/modem $root/system/vendor/firmware_mnt
fi
sleep 0.5
# Find and remove alipay, soter and ifaa stuff except boot-org.ifaa.android.manager
find $root/system ! -name "*manager*" -name "*alipay*" -name "*soter*" -name "*ifaa*" -type f -exec rm -f {} + 2>/dev/null
# Unmount firmware_mnt
umount $root/system/vendor/firmware_mnt
So the line which is removing the stuff is just:
Code:
find $root/system ! -name "*manager*" -name "*alipay*" -name "*soter*" -name "*ifaa*" -type f -exec rm -f {} + 2>/dev/null
Johan2020 said:
FYI, this is how I am removing Soter, Ifaa and Alipay stuff now, which is actually just a one-liner:
So the line which is removing the stuff is just:
Click to expand...
Click to collapse
Can u pls make it a flashable zip?
Adam Hui said:
Can u pls make it a flashable zip?
Click to expand...
Click to collapse
No, you can just make a bash script which you run after flash from TWRP command line
But if you want, feel free ofcourse :good:

How To Guide How to use the Hardware Test App from ASUS on a Zenfone running a CustomROM

How to use the Hardware Test App from ASUS on a Zenfone running a CustomROM
The Hardware Test App from ASUS for the Zenfone 8 can also be used on a ASUS Zenfone 8 running a CustomROM.
But to get the App working on a CustomROM some efforts are neccessary.
The ASUS Hardware Test App needs the permission to modify system settings. To get this permission the app must be signed with the platform certificate used for the running Android OS.
And because these certificates are not available for the public for all public available CustomROMs (for some very good reasons ...) you must compile your own CustomROM for using the ASUS Hardware Test App on a CustomROM.
So -- for those who still want to continue: Here are the steps neccessary to run the Hardware Test App from ASUS for the Zenfone 8 on a phone running a CustomROM :
First copy the apk with the ASUS Hardware Test App from a Zenfone 8 running the original Android 12 from ASUS to your PC.
This is the file
/system/apps/SMMI_TEST/SMMI_TEST.apk
on the phone running the ASUS Android OS.
Now it's neccessary to sign the App with the platform key from your CustomROM:
In the OmniROM (and I assume that's also true for other AOSP based CustomROMs) the neccessary files, platform.pk8 and platform.x509.pem, are in the directory
Code:
./build/make/target/product/security
in your build tree for the CustomROM, e.g.
Code:
[[email protected] /data/develop/android/OmniROM]$ ls -l ./build/make/target/product/security/platform.*
-rw-------. 1 xtrnaw7 xtrnaw7 1219 Jun 25 09:39 ./build/make/target/product/security/platform.pk8
-rw-rw-r--. 1 xtrnaw7 xtrnaw7 1460 Jun 25 09:39 ./build/make/target/product/security/platform.x509.pem
[[email protected] /data/develop/android/OmniROM]$
Now re-sign the apk file using these commands:
Code:
# remove the current certificate files from the apk (probably not neccessary -- but shouldn't harm)
#
zip -d SMMI_TEST.apk META-INF/CERT.SF META-INF/CERT.RSA
# do a zip align for the apk and write the output to SMMI_TEST1.apk
#
# (zipalign is part of the OTA tools)
#
/data/develop/android/otatools/bin/zipalign 4 SMMI_TEST.apk SMMI_TEST1.apk
# test the result (there should be NO output from this command)
#
/data/develop/android/otatools/bin/zipalign -c 4 SMMI_TEST1.ap
# and now sign the apk with the platform key from the development tree for your self compiled CustomROM
# (apksigner.jar is part of the Sdk from Google for Android)
#
java -jar ./Android/Sdk/build-tools/33.0.0/lib/apksigner.jar sign --key platform.pk8 --cert platform.x509.pem SMMI_TEST1.apk
That's it . The re-signed apk file SMMI_TEST1.apk should work on your CustomROM
To test it:
To test the signed apk do:
Copy the signed apk to the phone running your self compiled CustomROM and issue
Code:
ls -l /sdcard/Download/SMMI_TEST1.apk
# 25733396 in the next command is the size of the file /sdcard/Download/SMMI_TEST1.apk in byte
#
cat /sdcard/Download/SMMI_TEST1.apk | pm install -S 25733396
If you get an error like this
Code:
130|ASUS_I006D:/ # ls -l /sdcard/Download/SMMI_TEST1.apk
-rw-rw---- 1 u0_a111 media_rw 25733396 2022-08-04 19:02 /sdcard/Download/SMMI_TEST1.apk
ASUS_I006D:/ #
ASUS_I006D:/ # cat /sdcard/Download/SMMI_TEST1.apk | pm install -S 25733396
Failure [INSTALL_FAILED_SHARED_USER_INCOMPATIBLE: Reconciliation failed...: Reconcile failed: Package com.asus.atd.smmitest has no signatures that match those in shared user android.uid.system; ignoring!]
1|ASUS_I006D:/ #
something went wrong signing the apk. Just do it again.
To install the apk do:
If not already done:
Compile your own CustomROM (using the certificates used to sign the ASUS Hardware Test App!) and install it on the ASUS Zenfone 8. (see How to compile the OmniROM for the ASUS Zenfone 8 for how to compile the OmniROM)
Install Magisk on your phone running the self compiled CustomROM
Simulate a Magisk Module using these commands:
Code:
adb shell su - -c mkdir -p /data/adb/modules/SMMI_TEST/system/app/SMMI_TEST
adb push SMMI_TEST1.apk /sdcard/Download/
adb shell su - -c cp /sdcard/Download/SMMI_TEST1.apk /data/adb/modules/SMMI_TEST/system/app/SMMI_TEST/SMMI_TEST1.apk
adb shell su - -c chmod o+r /data/adb/modules/SMMI_TEST/system/app/SMMI_TEST/SMMI_TEST1.apk
and reboot the phone
Code:
adb reboot
After the reboot the ASUS Hardware Test App should be visible in the directory /system/app, e.g.
Code:
130|ASUS_I006D:/ # find /system/app/SMMI_TEST/
/system/app/SMMI_TEST/
/system/app/SMMI_TEST/SMMI_TEST1.apk
ASUS_I006D:/ #
To execute the ASUS Hardware Test App do
Code:
# open a shell on the ASUS Zenfone 8 (either local or via "adb shell"), become root user
su -
and execute
Code:
# switch SELinux to permissive mode (I currently do not know the neccessary SELinux policies to avoid this step ...)
#
setenforce 0
# and start the ASUS Hardware Test App from within the shell
#
am start -n com.asus.atd.smmitest/com.asus.atd.smmitest.main.MAIN
Do not forget to enable SELinux enforcing mode after the tests are done (or reboot the phone ...)
Code:
# switch SELinux to permissive mode (I currenlty do not know the neccessary SELinux policies to avoid this step ...)
#
setenforce 1
Sample Script to start the ASUS Hardware Test App
Code:
# simple script to start the ASUS Hardware App
CUR_SELINUX_STATUS="$( getenforce )"
CUR_USERID=$( id -u -n )
RESTORE_SELINUX_STATE="false"
if [ "${CUR_SELINUX_STATUS}"x != "Permissive"x ] ; then
if [ "${CUR_USERID}"x != "root"x ] ; then
echo "Either start this script as user \"root\" or set the SELinux mode to \"permissive\" using the command \"setenforce 0\" before starting this script"
exit 1
fi
echo "Setting the SELinux mode to \"Permissive\" ..."
setenforce 0
RESTORE_SELINUX_STATE="true"
else
echo "The SELinux mode is already \"Permissive}\" "
fi
am start -n com.asus.atd.smmitest/com.asus.atd.smmitest.main.MAIN 2>&1 | tee /sdcard/Download/test.out
if [ ${RESTORE_SELINUX_STATE} = true ] ; then
echo "Press return when done with the tests .."
read USER_INPUT
echo "Setting the SElinux mode back to \"Enforcing\" ...."
setenforce 1
else
echo "Do not forget to set the SELinxu mode back to \"Enforcing\" using the command \"setenforce 1\" "
fi
Trouble Shooting
If the boot process of the phone hangs after adding the pseudo Magisk Module for the ASUS Hardware Test App do:
Code:
# connect to the phone via adb (that should work!)
#
adb shell
# become root user
#
su -
# delete the file with the AUS Hardware Test App
#
rm /data/adb/modules/SMMI_TEST/system/app/SMMI_TEST/SMMI_TEST1.apk
# and reboot the phone
#
reboot
Most probably something went wrong signing the app or you did not do the zip align (there should be some messages visible in logcat to find the reason for the boot loop; check the output of logcat before rebooting the phone)
A useful test to find reason for the boot loop is :
Code:
# try to install the apk as root user
#
su -
# and then
#
setenforce 0
pm install /sdcard/Download/SMMI_TEST.apk
If booting the phone works but the App does not start make sure that the SELinux status is permissive.
Update 26.06.2022
The adb commands to create the "simulated" Magisk Module must be executed by the user root - fixed.
Added a sample script to start the ASUS Hardware Test Tool
Update 04.08.2022
Added instructions to to test if signing the apk was successfull
Thank you so much for your guides! This is very detailled documentation with good explanations!

How To Guide How to backup the data from the phone using rsync and ssh (including some hints for using sshd on an Android phone)

How to backup the data from the phone using rsync and ssh (including some hints for using sshd on an Android phone)
Like for all computer it's important to have a backup of the data on the phone.
For those who like me don't like to store their private data in one of the suspicious clouds there is a solution with standard Linux tools:
Use rsync and ssh to backup the data from the phone to your local workstation (see the man page for rsync for details regarding rsync and why it is useful for this task)
The neccessary tools for Android for this method can be installed with the Magisk Module MagiskSSH.
Download the Magisk Module with MagiskSSH from here
https://gitlab.com/d4rcm4rc/MagiskSSH_releases
Copy the ZIP file with the Magisk Module to the phone :
Code:
adb push magisk_ssh_v0.14.zip /sdcard/Download/
and install it via the module installation from within the Magisk App or manuell using :
Code:
adb shell su - -c /data/adb/magisk/magisk64 --install-module /sdcard/Download/magisk_ssh_v0.14.zip
Sample output of the installation:
Code:
ASUS_I006D:/ # /data/adb/magisk/magisk64 --install-module /sdcard/Download/magisk_ssh_v0.14.zip
- Current boot slot: _a
- Device is system-as-root
*******************************
OpenSSH for Android
*******************************
[0/7] Preparing module directory
[1/7] Extracting architecture unspecific module files
[2/7] Extracting libraries and binaries for arm64
[3/7] Configuring library path wrapper
[4/7] Recreating symlinks
[5/7] Creating SSH user directories
[6/7] Found sshd_config, will not copy a default one
[7/7] Cleaning up
- Setting permissions
- Done
ASUS_I006D:/ #
A reboot is required now.
Code:
adb shell reboot
For the next tasks open an adb shell and become root user.
Next create the authorized_keys file for the user root :
Code:
touch /data/ssh/root/.ssh/authorized_keys
chmod 600 /data/ssh/root/.ssh/authorized_keys
and add your public ssh key to the file /data/ssh/root/.ssh/authorized_keys.
To make sure that the keys and other data files for the MagiskSSH module are not removed while deinstalling the module you should create the file /data/ssh/KEEP_ON_UNINSTALL:
Code:
touch /data/ssh/KEEP_ON_UNINSTALL
The MagiskSSH module also installs a service to start sshd after each reboot: to disable this start create the file /data/ssh/no-autostart:
Code:
touch /data/ssh/no-autostart
To manually start or stop the sshd use the script /data/adb/modules/ssh/opensshd.init :
Code:
# start the sshd (as user root)
#
/data/adb/modules/ssh/opensshd.init start
# to stop the sshd (as user root)
#
/data/adb/modules/ssh/opensshd.init stop
Now test the access via ssh from your Linux workstation:
Code:
ssh -l root <phone_ip_address> id
Use this command to retrieve the current IP address of the phone:
Code:
PHONE_IP_ADDRESS=$( adb shell ifconfig wlan0 | grep "inet addr:" | sed -e "s/.*inet addr://g" -e "s/[[:space:]]*Bcast.*//g" )
example :
Code:
[[email protected] ~]$ ssh -l root ${PHONE_IP_ADDRESS} id
uid=0(root) gid=0(root) groups=0(root) context=u:r:magisk:s0
[[email protected] ~]$
Now you can use rsync to backup the data from the phone, e.g. to backup the photos from the phone do :
Code:
# on your local Linux workstation do:
# start the sshd on the phone via adb if not already running
#
adb shell su - -c /data/adb/modules/ssh/opensshd.init start
# retrieve the current IP address from the phone
#
PHONE_IP_ADDRESS=$( adb shell ifconfig wlan0 | grep "inet addr:" | sed -e "s/.*inet addr://g" -e "s/[[:space:]]*Bcast.*//g" )
# backup the new photos from the phone to the Linux workstation (rsync only copies new files from the phone)
# to the local directory /data/backup/ASUS_ZENFONE8/DCIM
#
rsync -av --rsync-path /data/adb/modules/ssh/usr/bin/rsync [email protected]${PHONE_IP_ADDRESS}:/sdcard/DCIM/ /data/backup/ASUS_ZENFONE8/DCIM
# optional stop the sshd on the phone via adb
#
adb shell su - -c /data/adb/modules/ssh/opensshd.init stop
Note: The sshd configuration file used is /data/ssh/sshd_config
Sample Script to backup all data in the directory /sdcard
Code:
##!/bin/bash
#
# simple script to backup the data of an phone using adb, ssh, and rsync
#
# History
# 27.06.2022 /bs
# initial release
#
# for testing
#
#RSYNC_OPTIONS="${RSYNC_OPTIONS} --dry-run"
RSYNC_OPTIONS="${RSYNC_OPTIONS} --del "
# default is to backup the phone connected via adb over LAN
#
[ $# -ne 0 ] && ADB_OPTIONS="$*" || ADB_OPTIONS="-e"
# retrieve the serial number of the attached phone
#
SERIAL_NO="$( adb ${ADB_OPTIONS} shell getprop ro.serialno )"
if [ "${SERIAL_NO}"x = ""x ] ; then
echo "ERROR: Can not read the serial number of the connected phone"
exit 89
fi
VENDOR_MODEL="$( adb ${ADB_OPTIONS} shell getprop ro.product.vendor.model )"
# directory for the backup
#
BACKUP_DIR="/data/backup/ASUS_ZENFONE8/data_backup/${VENDOR_MODEL}_${SERIAL_NO}"
if [ ! -d "${BACKUP_DIR}" ] ; then
echo "ERROR: The directory \"${BACKUP_DIR}\" does not exist"
exit 99
fi
PHONE_IP_ADDRESS="$( adb ${ADB_OPTIONS} shell ifconfig wlan0 | grep "inet addr:" | sed -e "s/.*inet addr://g" -e "s/[[:space:]]*Bcast.*//g" )"
if [ "${PHONE_IP_ADDRESS}"x = ""x ] ; then
echo "ERROR: Can not detect the IP address of the phone"
exit 100
fi
echo "Updating a backup of the data on the phone with the serial number \"${SERIAL_NO}\" and the IP \"${PHONE_IP_ADDRESS}\" to the directory \"${BACKUP_DIR}\" ..."
set -x
# start the sshd if neccessary
#
adb ${ADB_OPTIONS} shell su - -c /data/adb/modules/ssh/opensshd.init start
# do the backup
#
time rsync ${RSYNC_OPTIONS} -av --rsync-path /data/adb/modules/ssh/usr/bin/rsync [email protected]${PHONE_IP_ADDRESS}:/sdcard/ "${BACKUP_DIR}/"
# stop the sshd
#
adb ${ADB_OPTIONS} shell su - -c /data/adb/modules/ssh/opensshd.init stop
set +x
How to enable access via ssh for non-root user
In the standard configuration installed by MagiskSSH ssh access is only allowed as user root because the ssh keys are in the directory /data and all non-root user can not read files in the directory /data. Therefor some efforts are neccessary to add ssh access for non-root user.
e.g. To enable the ssh access for the user shell do:
To configure ssh access for the user shell we must create a .ssh directory for the user shell in a directory tree owned by the user shell. The only directory on the phone owned by the user shell that can be used for this purpose is /storage :
Code:
ASUS_I006D:/ # ls -ld /storage
drwx--x--- 4 shell everybody 80 2022-06-26 18:37 /storage
ASUS_I006D:/ #
But unfortunately all files and directories in this directory are temporary and will be deleted after a reboot of the phone.
Therefor we configure a startup script in Magisk to create this directory tree after each reboot, e.g.
/data/adb/service.d/create_ssh_dir_for_shell.sh:
Code:
# /data/adb/service.d/create_ssh_dir_for_shell.sh
#
mkdir -p /storage/shell/.ssh
chmod -R 700 /storage/shell/
touch /storage/shell/.ssh/authorized_keys
echo "<ssh_public_key>" > /storage/shell/.ssh/authorized_keys
chmod 600 /storage/shell/.ssh/authorized_keys
chown -R shell:shell /storage/shell
Make the script executable:
Code:
su - -c chmod +x data/adb/service.d/create_ssh_dir_for_shell.sh
To test the script just execute it one time manually as user root.
Code:
su - -c sh data/adb/service.d/create_ssh_dir_for_shell.sh
Now create a backup of the sshd config file
Code:
su - -c cp /data/ssh/sshd_config /storage/ssh/sshd_config.org.$$
and add these lines at the end of the file /data/ssh/sshd_config
Code:
Match User shell
AuthorizedKeysFile /storage/shell/.ssh/authorized_keys
Restart the sshd if it's already running
Now test the access as user shell, example:
Code:
[[email protected] ~]$ ssh -l shell 192.168.1.148 id
uid=2000(shell) gid=2000(shell) groups=2000(shell) context=u:r:magisk:s0
[[email protected] ~]$
The reason for this config is the setting "StrictMode yes" in the sshd config file /data/ssh/sshd_config (see the man page for sshd_config for details). So another "solution" is to change this setting:
With the setting "StrictModes no" in the file sshd_config the directory with the authorized_keys file for the non-root users can be anywhere (for example in /sdcard/shell)
Execute as user root:
Code:
sed -i -e "s/.*StrictModes.*//g" -e "s/UsePrivilegeSeparation/StrictModes no\nUsePrivilegeSeparation/g" /data/ssh/sshd_config
and change the entry in the file /data/ssh/sshd_config for the authorized_keys file for the user shell, for example:
Code:
Match User shell
AuthorizedKeysFile /sdcard/shell/.ssh/authorized_keys
Afterwards restart the sshd:
Code:
/data/adb/modules/ssh/opensshd.init stop
/data/adb/modules/ssh/opensshd.init start
Now create the directories and files neccessary for the ssh access (see above) in the directory /sdcard/shell:
Code:
SUS_I006D:/ # find /sdcard/shell -exec ls -ld {} \;
drwxrws--- 3 u0_a118 media_rw 3452 2022-06-26 18:32 /sdcard/shell
drwxrws--- 2 u0_a118 media_rw 3452 2022-06-26 18:32 /sdcard/shell/.ssh
-rw-rw---- 1 u0_a118 media_rw 408 2022-06-26 18:32 /sdcard/shell/.ssh/authorized_keys
ASUS_I006D:/ #
and the access as user shell via ssh should work

How To Guide How to install packages (apk files) for Android via script

How to install packages (apk files) for Android via script
Sometimes, for example after a reinstallation of the phone from scratch, it's quite useful to install all the apps via an script.
The command on Android to do that is
Code:
pm install [apk_file]
But unfortunately that does not work, neither as user shell (due to missing file access rights) nor as user root:
Code:
ASUS_I006D:/ # id
uid=0(root) gid=0(root) groups=0(root) context=u:r:magisk:s0
ASUS_I006D:/ #
ASUS_I006D:/ # pm install /sdcard/Download/EssentialApps/MiXplorer_v6.58.4-API29_B22020920.apk
avc: denied { read } for scontext=u:r:system_server:s0 tcontext=u:object_r:fuse:s0 tclass=file permissive=0
System server has no access to read file context u:object_r:fuse:s0 (from path /sdcard/Download/EssentialApps/MiXplorer_v6.58.4-API29_B22020920.apk, context u:r:system_server:s0)
Error: Unable to open file: /sdcard/Download/EssentialApps/MiXplorer_v6.58.4-API29_B22020920.apk
Consider using a file under /data/local/tmp/
Error: Can't open file: /sdcard/Download/EssentialApps/MiXplorer_v6.58.4-API29_B22020920.apk
Exception occurred while executing 'install':
java.lang.IllegalArgumentException: Error: Can't open file: /sdcard/Download/EssentialApps/MiXplorer_v6.58.4-API29_B22020920.apk
at com.android.server.pm.PackageManagerShellCommand.setParamsSize(PackageManagerShellCommand.java:572)
at com.android.server.pm.PackageManagerShellCommand.doRunInstall(PackageManagerShellCommand.java:1337)
at com.android.server.pm.PackageManagerShellCommand.runInstall(PackageManagerShellCommand.java:1303)
at com.android.server.pm.PackageManagerShellCommand.onCommand(PackageManagerShellCommand.java:193)
at com.android.modules.utils.BasicShellCommandHandler.exec(BasicShellCommandHandler.java:97)
at android.os.ShellCommand.exec(ShellCommand.java:38)
at com.android.server.pm.PackageManagerService.onShellCommand(PackageManagerService.java:24812)
at android.os.Binder.shellCommand(Binder.java:950)
at android.os.Binder.onTransact(Binder.java:834)
at android.content.pm.IPackageManager$Stub.onTransact(IPackageManager.java:4818)
at com.android.server.pm.PackageManagerService.onTransact(PackageManagerService.java:8887)
at android.os.Binder.execTransactInternal(Binder.java:1184)
at android.os.Binder.execTransact(Binder.java:1143)
255|ASUS_I006D:/ #
After a little searching on the Internet I found a very useful workaround on this page:
https://stackoverflow.com/questions...ling-new-limitations-of-data-local-tmp-folder
pm install also supports the installation of a package piped to stdin, e.g
Code:
cat [package_file] | pm install -S [package_size]
Example:
Code:
127|ASUS_I006D:/sdcard/Download # ls -l OmniStore.apk
-rw-rw---- 1 u0_a120 media_rw 4601419 2022-07-03 16:37 OmniStore.apk
ASUS_I006D:/sdcard/Download #
ASUS_I006D:/sdcard/Download # cat OmniStore.apk | pm install -S 4601419
Success
ASUS_I006D:/sdcard/Download #
Or, from the PC:
Code:
[[email protected] /data/backup/Android]$ adb shell id
uid=2000(shell) gid=2000(shell) groups=2000(shell),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),1078(ext_data_rw),1079(ext_obb_rw),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats),3009(readproc),3011(uhid) context=u:r:shell:s0
[[email protected] /data/backup/Android]$
[[email protected] /data/backup/Android]$ cat EssentialApps/F-Droid.apk | adb shell pm install -S $( ls -l EssentialApps/F-Droid.apk | awk '{ print $5 }' )
Success
[[email protected] /data/backup/Android]$
So I wrote a little script to install one or more packages on an Android phone using this method.
The script can run on a PC with a connected phone with a working adb connection or in a shell on the phone
The usage of the script is:
Code:
#
# Usage on a phone:
#
# install_apk.sh [apk1|dir1 ... apk#|dir#]
#
# Usage on a PC:
#
# install_apk.sh [options_for_adb --] [apk1|dir1 ... apk#|dir#]
#
# apk# is the name of an apk file to install; dir# is a directory with apk files
# If a parameter is a directory the script will install all files with the extension .apk from that directory
#
# The options for adb are optional; the script will not check the options for adb
# the number of apk files or directories is only limited by the maxium parameter supported by the used shell.
#
# Set the variable PM_INSTALL_OPTIONS with additional options for the "pm install" command before starting the
# script if neccessary
#
# Prerequisites
# The packages to install must exist as file either on the PC or on the phone
# A shell on the phone or via adb command is required
# root access is NOT neccessary
#
Sample script output for running on tjhe phone:
Code:
ASUS_I006D:/storage/emulated/0/Download $ sh ./install_apk.sh myapps/ OmniStore.apk
Running on a phone
Directory found in the parameter: Installing all apk files found in the directory "myapps/"
The apks will be installed on the phone model ASUS_I006D with the serial number M6AIB760D0939LX
Installing these apks
myapps//Magisk-25.1_25100.apk
myapps//Magisk-v25.0.apk
myapps//MiXplorer_v6.58.4-API29_B22020920.apk
myapps//Notecase_Pro_1.2.2.apk
myapps//com.keramidas.TitaniumBackupAddon_v1.apk
myapps//com.keramidas.TitaniumBackup_v417.apk
OmniStore.apk
Installing the apk "myapps//Magisk-25.1_25100.apk" ...
Success
"myapps//Magisk-25.1_25100.apk" succcessfully installed
Installing the apk "myapps//Magisk-v25.0.apk" ...
Failure [INSTALL_FAILED_VERSION_DOWNGRADE: Package Verification Result]
ERROR: Error installing the apk "myapps//Magisk-v25.0.apk"
Installing the apk "myapps//MiXplorer_v6.58.4-API29_B22020920.apk" ...
Success
"myapps//MiXplorer_v6.58.4-API29_B22020920.apk" succcessfully installed
Installing the apk "myapps//Notecase_Pro_1.2.2.apk" ...
Success
"myapps//Notecase_Pro_1.2.2.apk" succcessfully installed
Installing the apk "myapps//com.keramidas.TitaniumBackupAddon_v1.apk" ...
Success
"myapps//com.keramidas.TitaniumBackupAddon_v1.apk" succcessfully installed
Installing the apk "myapps//com.keramidas.TitaniumBackup_v417.apk" ...
Success
"myapps//com.keramidas.TitaniumBackup_v417.apk" succcessfully installed
Installing the apk "OmniStore.apk" ...
Success
"OmniStore.apk" succcessfully installed
Installation summary
====================
6 package(s) successfully installed:
myapps//Magisk-25.1_25100.apk
myapps//MiXplorer_v6.58.4-API29_B22020920.apk
myapps//Notecase_Pro_1.2.2.apk
myapps//com.keramidas.TitaniumBackupAddon_v1.apk
myapps//com.keramidas.TitaniumBackup_v417.apk
OmniStore.apk
1 package(s) not installed:
myapps//Magisk-v25.0.apk
ASUS_I006D:/storage/emulated/0/Download $
Sample script output for running on a PC:
Code:
[[email protected] /data/backup/Android/myapps]$ /data/develop/android/install_apk.sh -d -- /data/backup/Android/myapps/ ./Notecase/Notecase_Pro_1.2.1.apk
Running on a PC
Using adb with the options " -d " to install the packages
Directory found in the parameter: Installing all apk files found in the directory "/data/backup/Android/myapps/"
The apks will be installed on the phone model ASUS_I006D with the serial number M6AIB760D0939LX
Installing these apks
/data/backup/Android/myapps//com.android.keepass_196.apk
/data/backup/Android/myapps//com.keramidas.TitaniumBackup_v417.apk
/data/backup/Android/myapps//com.matoski.adbm_v27.apk
/data/backup/Android/myapps//F-Droid.apk
/data/backup/Android/myapps//FoxMagiskModuleManager_0.4.0-rc1.apk
/data/backup/Android/myapps//Magisk-25.1_25100.apk
/data/backup/Android/myapps//MiXplorer_v6.58.4-API29_B22020920.apk
/data/backup/Android/myapps//Notecase_Pro_1.2.2.apk
./Notecase/Notecase_Pro_1.2.1.apk
Installing the apk "/data/backup/Android/myapps//com.android.keepass_196.apk" ...
Success
"/data/backup/Android/myapps//com.android.keepass_196.apk" succcessfully installed
Installing the apk "/data/backup/Android/myapps//com.keramidas.TitaniumBackup_v417.apk" ...
Success
"/data/backup/Android/myapps//com.keramidas.TitaniumBackup_v417.apk" succcessfully installed
Installing the apk "/data/backup/Android/myapps//com.matoski.adbm_v27.apk" ...
Success
"/data/backup/Android/myapps//com.matoski.adbm_v27.apk" succcessfully installed
Installing the apk "/data/backup/Android/myapps//F-Droid.apk" ...
Success
"/data/backup/Android/myapps//F-Droid.apk" succcessfully installed
Installing the apk "/data/backup/Android/myapps//FoxMagiskModuleManager_0.4.0-rc1.apk" ...
Success
"/data/backup/Android/myapps//FoxMagiskModuleManager_0.4.0-rc1.apk" succcessfully installed
Installing the apk "/data/backup/Android/myapps//Magisk-25.1_25100.apk" ...
Success
"/data/backup/Android/myapps//Magisk-25.1_25100.apk" succcessfully installed
Installing the apk "/data/backup/Android/myapps//MiXplorer_v6.58.4-API29_B22020920.apk" ...
Success
"/data/backup/Android/myapps//MiXplorer_v6.58.4-API29_B22020920.apk" succcessfully installed
Installing the apk "/data/backup/Android/myapps//Notecase_Pro_1.2.2.apk" ...
Success
"/data/backup/Android/myapps//Notecase_Pro_1.2.2.apk" succcessfully installed
ERROR: The file "./Notecase/Notecase_Pro_1.2.1.apk" does not exist or is not readable
Installation summary
====================
8 package(s) successfully installed:
/data/backup/Android/myapps//com.android.keepass_196.apk
/data/backup/Android/myapps//com.keramidas.TitaniumBackup_v417.apk
/data/backup/Android/myapps//com.matoski.adbm_v27.apk
/data/backup/Android/myapps//F-Droid.apk
/data/backup/Android/myapps//FoxMagiskModuleManager_0.4.0-rc1.apk
/data/backup/Android/myapps//Magisk-25.1_25100.apk
/data/backup/Android/myapps//MiXplorer_v6.58.4-API29_B22020920.apk
/data/backup/Android/myapps//Notecase_Pro_1.2.2.apk
1 package(s) not found:
./Notecase/Notecase_Pro_1.2.1.apk
[[email protected] /data/backup/Android/myapps]$
Notes:
Another method to install packages via script from an PC is
Code:
adb install [package]
This command copies the file to a temporary location on the phone and installs it then via "pm install".
e.g
Code:
[[email protected] /data/backup/Android/myapps]$ adb install F-Droid.apk
Performing Streamed Install
Success
[[email protected] /data/backup/Android/myapps]$
Another ugly and insecure method on the phone to install an apk file using pm install as root is
Code:
130|ASUS_I006D:/ # id
uid=0(root) gid=0(root) groups=0(root) context=u:r:magisk:s0
ASUS_I006D:/ #
ASUS_I006D:/ # getenforce
Enforcing
ASUS_I006D:/ # setenforce 0
ASUS_I006D:/ #
ASUS_I006D:/ # getenforce
Permissive
ASUS_I006D:/ #
ASUS_I006D:/ # pm install /sdcard/Download/EssentialApps/com.matoski.adbm_v27.apk
avc: denied { read } for scontext=u:r:system_server:s0 tcontext=u:object_r:fuse:s0 tclass=file permissive=1
Success
ASUS_I006D:/ # setenforce 1
ASUS_I006D:/ #
ASUS_I006D:/ # getenforce
Enforcing
ASUS_I006D:/ #
pm install supports a lot of options -- to get the usage help for pm use
Code:
adb shell pm help
or on the phone
Code:
pm help
or see here: https://developer.android.com/studio/command-line/adb#pm (Google Account neccessary) or here: http://adbcommand.com/adbshell/pm
Update 06.07.2022
I attached the script to this entry but I can not see the attachment.
Therefor: The script is also available on my web site:
http://bnsmb.de/files/public/Android/install_apk.sh
Update 09.11.2022
The script is now attached to this post in a ZIP file

How To Guide How to run a script at shutdown

How to run a script at shutdown
To define additional startup scripts via Magisk the Magisk directories /data/adb/service.d and /data/adb/post-fs-data.d can be used. Unfortunately there is no equivalent for scripts that should be executed during shutdown.
So we must use other methods to implement these kind of scripts.
Using the overlay feature of Magisk to run a script at shutdown
Introduction
in Android it is possible to define actions that will be executed when certain conditions are satisfied.
These definitions are done in the file init.rc (and other .rc files) using the Android Init Language.
And this feature can be used to execute a command when the phone is shutting down.
Note:
For details about the Android Init Language used for these files see here https://android.googlesource.com/platform/system/core/+/master/init/README.md
The .rc files used by Android are in the directories
/system/etc/init​/vendor/etc/init​/odm/etc/init​
Note: The first .rc file read is /system/etc/init/hw/init.rc
Unfortunately it's useless to change the .rc files in these directories using the Magisk features to change files in the directory /system because these files are processed by the OS before the new files are "created" by Magisk.
Therefor the overlay functionality from Magisk must be used to create additional .rc files (see the section Root Directory Overlay System on this page https://github.com/topjohnwu/Magisk/blob/master/docs/guides.md for details about this Magisk Feature).
Preparation
To be able to restore the original boot partition in case of an error create an image of the original boot partition from the phone on your PC before starting the development:
Code:
CUR_SLOT=$( adb shell getprop ro.boot.slot_suffix )
adb shell su - -c dd if=/dev/block/by-name/boot${CUR_SLOT} | cat >boot${CUR_SLOT}
e.g.
Code:
[ OmniRomDev - [email protected] /data/develop/android/test ] $ CUR_SLOT=$( adb shell getprop ro.boot.slot_suffix )
[ OmniRomDev - [email protected] /data/develop/android/test ] $ echo ${CUR_SLOT}
_b
[ OmniRomDev - [email protected] /data/develop/android/test ] $
[ OmniRomDev - [email protected] /data/develop/android/test ] $ adb shell su - -c dd if=/dev/block/by-name/boot${CUR_SLOT} | cat >boot${CUR_SLOT}.img
196608+0 records in
196608+0 records out
100663296 bytes (96 M) copied, 2.668147 s, 36 M/s
[ OmniRomDev - [email protected] /data/develop/android/test ]
[ OmniRomDev - [email protected] /data/develop/android/test ] $ ls -ltr boot${CUR_SLOT}.img
-rw-r--r--. 1 xtrnaw7 xtrnaw7 100663296 Oct 1 12:13 boot_b.img
[ OmniRomDev - [email protected] /data/develop/android/test ] $
To trouble shoot issues with this approach it is highly recommended to create an Magisk init script in the directory
/data/adb/post-fs-data.d
to fetch and store the Android logs into a persistent file. Use these commands to create the script:
Code:
cat >/data/adb/post-fs-data.d/0002logcatboot <<-EOT
mkdir -p /cache/logs
# backup the OS logs from before the reboot:
#
[ -r /cache/logs/log ] && mv /cache/logs/log /cache/logs/oldlog
/system/bin/logcat -r 102400 -n 9 -v threadTime -f /cache/logs/log >/cache/logs/info.log 2>/cache/logs/err.log &
EOT
chmod 755 /data/adb/post-fs-data.d/0001logcatboot
Using this script the log messages from before the last reboot are stored in the file /cache/logs/oldlog.
To activate the script the phone must be rebooted.
Check the contents of the directory /cache/logs/log after the reboot as user root to be sure that it works.
Code:
[email protected]_I006D:/ $ su - -c ls -ltr /cache/logs
total 205008
-rw-rw-rw- 1 root root 0 1970-01-06 08:16 info.log
-rw-rw-rw- 1 root root 0 1970-01-06 08:16 err.log
-rw-r----- 1 root root 4707523 2022-10-01 17:29 log
[email protected]_I006D:/ $
Details
The trigger in the .rc files for the action that should be done while shutting down is
on shutdown
The trigger can be used more then once; the OS will execute all defined actions for the trigger in the order they are found in the rc files.
The action to run an executable in the .rc file is
exec [ <seclabel> [ <user> [ <group>\* ] ] ] -- <command> [ <argument>\* ]
Fork and execute command with the given arguments. The command starts after “--” so that an optional security context, user, and supplementary groups can be provided. No other commands will be run until this one finishes. seclabel can be a - to denote default. Properties are expanded within argument. Init halts executing commands until the forked process exits.
Click to expand...
Click to collapse
In Android SELinux is enabled by default. Therefor it's neccessary to use the correct SELinux context for the files used.
(Note: The SELinux context for the init process executing the action is u:r:init:0 )
It's quite difficult to find the correct SELinux contexts in Android for this approach therefor it's better to use the general SELinux context defined by Magisk: u:r:magisk:s0 .
Implementation
Note:
All commands must be done as user root in an session on the phone or in an adb session.
So first create the neccessary directories and files:
Code:
mkdir -p /data/init_scripts
mkdir -p /data/init_scripts/log
Create the script to execute on shutdown:
Code:
cat >/data/init_scripts/my_shutdown.sh <<-\EOT
#!/system/bin/sh
SHUTDOWN_LOG="/data/init_scripts/log/myshutdown.$$.log"
echo "$0: Shutdown with parameter \"$*\" started at $( date ) " >>${SHUTDOWN_LOG}
echo "*** id : " >>${SHUTDOWN_LOG} 2>&1
id >>${SHUTDOWN_LOG} 2>&1
# ... add necessary commands ...
EOT
chmod 755 /data/init_scripts/my_shutdown.sh
Correct the SELinux context:
Code:
chcon -R u:r:magisk:s0 /data/init_scripts/
Check the result
Code:
[email protected]_I006D:/ # find /data/init_scripts/ -exec ls -ld {} \;
drwxr-xr-x 3 root root u:r:magisk:s0 3452 2022-10-01 16:12 /data/init_scripts/
-rwxr-xr-x 1 root root u:r:magisk:s0 637 2022-10-01 16:12 /data/init_scripts/my_shutdown.sh
drwxr-xr-x 2 root root u:r:magisk:s0 3452 2022-10-01 16:16 /data/init_scripts/log
[email protected]_I006D:/ #
Create a working directory:
Code:
#
# create a working directory
#
mkdir -p /data/adb/workdir
cd /data/adb/workdir
Now create the additional .rc file:
Code:
#
# change the current directory to the working directory
#
cd /data/adb/workdir
cat >init.custom.rc <<-\EOT
on shutdown
exec u:r:magisk:s0 -- /system/bin/sh /data/init_scripts/my_shutdown.sh 0008
on early-init
setprop my_custom_rc_file loaded
EOT
Note:
The additional trigger for early-init is for testing the new .rc file (see the trouble shooting section below for details). Magisk supports more then one .rc file; the name of the .rc file is meaningless but the extension must be .rc.
And now add the new file to the ramdisk on the boot partition:
Code:
#
# change the current directory to the working directory
#
cd /data/adb/workdir
# get the current active slot
#
CURRENT_SLOT=$( getprop ro.boot.slot_suffix )
echo "The current active slot is: ${CURRENT_SLOT}"
# copy the boot partition from the active slot to a file
#
dd if=/dev/block/by-name/boot${CURRENT_SLOT} of=./boot_root.img
# unpack the image file
#
/data/adb/magisk/magiskboot unpack ./boot_root.img
# add the new dirs and files to the ramdisk from the boot partition
#
/data/adb/magisk/magiskboot cpio ramdisk.cpio \
"mkdir 0700 overlay.d" \
"add 0700 overlay.d/init.custom.rc init.custom.rc"
# recreate the image file for the boot partition
#
/data/adb/magisk/magiskboot repack boot_root.img
# write the corrected image file to the boot partition
#
dd if=./new-boot.img of=/dev/block/by-name/boot${CURRENT_SLOT}
Note:
The commands to unpack and pack the ramdisk manually using the cpio command are (if NOT using the Magisk binary magiskboot):
Code:
RAMDISK=$PWD/ramdisk
mkdir ${RAMDISK}
cd ${RAMDISK}
# unpack the ramdisk
#
cpio -idm <../ramdisk.cpio
# ... do what ever is necessary with the files/dirs in ${RAMDISK}
# pack the ramdisk again
#
cd ${RAMDISK}
find . | cpio -o >../ramdisk.cpio
Now reboot the phone to activate the new .rc config and after the reboot check that the .rc file was processed
Code:
getprop my_custom_rc_file
e.g
Code:
[email protected]_I006D:/ $ getprop my_custom_rc_file
loaded
[email protected]_I006D:/ $
If the property defined in the .rc file, my_custom_rc_file, is not set something went wrong and you should check the OS logs and double check your config.
If the new property is defined you can test the shutdown action by rebooting the phone again.
While doing this reboot the new shutdown script should be executed and after the reboot is done there should be the log file from the shutdown script:
Code:
[email protected]_I006D:/ $ su -
[email protected]_I006D:/ # ls -l /data/init_scripts/log
total 0
-rw------- 1 root root 179 2022-10-01 18:23 myshutdown.4617.log
[email protected]_I006D:/ # cat /data/init_scripts/log/myshutdown.4617.log
/data/init_scripts/my_shutdown.sh: Shutdown with parameter "0008" started at Sat Oct 1 18:23:14 CEST 2022
*** id :
uid=0(root) gid=0(root) groups=0(root) context=u:r:magisk:s0
[email protected]_I006D:/ #
That's it.
Note that you can change the script executed while doing the shutdown without changing the boot image again.
But you should always test the script before rebooting -- an error in your script may stop the reboot.
To change the additional .rc files it's necessary to recreate the ramdisk and boot partition.
The filesystems for /data and for /sdcard are still mounted while executing the actions for the trigger "on shutdown" .
To log the current environment while executing the shutdown script you can add code like this to the script:
Code:
(
echo
echo "*** Environment while executing the shutdown script ..."
echo
echo "*** pwd: "
pwd
echo
echo "*** id: "
id
echo
echo "*** df -h: "
df -h
echo
echo "*** ps -efZ : "
ps -efZ
echo
echo "*** env: "
env
echo
echo "*** set: "
set
echo
) >>/data/init_scripts/log/myshutdown_env.log 2>&1
To create a directory in which other actions from the .rc file (like write) can write with SELinux enabled use one of the SELInux contexts the init process can write to, e.g:
Code:
mkdir /data/system_data
chcon u:object_r:system_data_file:s0 /data/system_data
Now the .rc config
Code:
on shutdown
write /data/system_data/myshutdown.log Shutdown_started\n
will work.
See the file ./plat_file_contexts in the ramdisk from the boot partition for other existing SELinux contexts, e.g.:
Code:
[email protected]_I006D:/data/adb/test # /data/adb/magisk/magiskboot cpio ramdisk.cpio "extract plat_file_contexts plat_file_contexts" <
Loading cpio: [ramdisk.cpio]
Extract [plat_file_contexts] to [plat_file_contexts]
[email protected]_I006D:/data/adb/test # ls -l plat_file_contexts
-rw-r--r-- 1 root root 40490 2022-10-03 16:27 plat_file_contexts
[email protected]_I006D:/data/adb/test #
Please be aware that these changes will be gone after the next OS update. But on the other hand it's quite easy to create a script to re-install the shutdown script without user intervention.
Trouble Shooting
The main reason for problems with this approach are invalid SELinux contexts. Therefor you should test your script in permissive SELinux mode if it does not work like expected. To do that temporary disable SELinux before rebooting (SELinux will be automatically enabled again after the reboot), e.g.:
Code:
# set SELinux to permissive
#
setenforce 0
reboot
and check the log messages in the directory /cache/logs/oldlog for SELinux related messages:
Code:
su - -c grep deny /cache/logs/oldlog
Note that you can not disable SELinux in an action in an .rc file.
To check if your additional .rc file is processed by Magisk add a statement like these to the custom .rc file in the overlay directory:
Code:
on early-init
setprop sys.example.foo bar
If this statement is processed by Magisk and Android the property sys.example.foo should be defined after the reboot, e.g.:
Code:
[email protected]_I006D:/ # getprop sys.example.foo
bar
[email protected]_I006D:/ #
To check if the "on shutdown" trigger is processed use :
Code:
on shutdown
write /sdcard/Download/myshutdown.log Shutdown_started\n
and reboot with disabled SELinux:
Code:
setenforce 0
reboot
If the "on shutdown" trigger in your .rc file is processed there should exist the file
/sdcard/Download/myshutdown.log
after the reboot
If the shutdown of the phone hangs open another adb session to the phone and kill the script (the adb daemon should still run while the shutdown script is running).
If the phone does not boot anymore with the new shutdown script reboot the phone from the TWRP image and fix / delete the new shutdown script. Or reflash the boot partition with the image file created before starting the development.
In general you should carefully check your .rc file for syntax errors -- entries in the file after the first syntax error will be ignored
Useful URLs
I used ideas and code from the web pages listed below for this HowTo:
How to run an executable on boot and keep it running?
How to run an Android init service with superuser SELinux context?
Magisk overlay - execute a script or copy files
History
03.10.2022 /bs
added code about to extract a single file (plat_file_contexts) from the ramdisk cpio image using magiskboot

Categories

Resources