implement magic mount

kernel/selinux/rules.c

@@ -79,6 +79,10 @@ void apply_kernelsu_rules()
 	ksu_allow(db, "init", "adb_data_file", "file", ALL);
 	ksu_allow(db, "init", "adb_data_file", "dir", ALL); // #1289
 	ksu_allow(db, "init", KERNEL_SU_DOMAIN, ALL, ALL);
+	// https://github.com/topjohnwu/Magisk/blob/c0899f2939a3b27a6173952f2b150b0eb04148c7/native/src/sepolicy/rules.rs#L133
+	// keep /data/adb/* context
+    ksu_deny(db, "init", "adb_data_file", "dir", "search");
+    ksu_deny(db, "vendor_init", "adb_data_file", "dir", "search");
 	// we need to umount modules in zygote
 	ksu_allow(db, "zygote", "adb_data_file", "dir", "search");
 

userspace/ksud/Cargo.toml

@@ -41,7 +41,6 @@ sha256 = "1"
 sha1 = "0.10"
 tempfile = "3.13"
 chrono = "0.4"
-hole-punch = { git = "https://github.com/tiann/hole-punch" }
 regex-lite = "0.1"
 
 [target.'cfg(any(target_os = "android", target_os = "linux"))'.dependencies]

userspace/ksud/src/cli.rs

@@ -161,17 +161,6 @@ enum Debug {
 
     Mount,
 
-    /// Copy sparse file
-    Xcp {
-        /// source file
-        src: String,
-        /// destination file
-        dst: String,
-        /// punch hole
-        #[arg(short, long, default_value = "false")]
-        punch_hole: bool,
-    },
-
     /// For testing
     Test,
 }
@@ -231,9 +220,6 @@ enum Module {
 
     /// list all modules
     List,
-
-    /// Shrink module image size
-    Shrink,
 }
 
 #[derive(clap::Subcommand, Debug)]
@@ -314,7 +300,6 @@ pub fn run() -> Result<()> {
                 Module::Disable { id } => module::disable_module(&id),
                 Module::Action { id } => module::run_action(&id),
                 Module::List => module::list_modules(),
-                Module::Shrink => module::shrink_ksu_images(),
             }
         }
         Commands::Install { magiskboot } => utils::install(magiskboot),
@@ -348,15 +333,7 @@ pub fn run() -> Result<()> {
                 Ok(())
             }
             Debug::Su { global_mnt } => crate::su::grant_root(global_mnt),
-            Debug::Mount => init_event::mount_modules_systemlessly(defs::MODULE_DIR),
-            Debug::Xcp {
-                src,
-                dst,
-                punch_hole,
-            } => {
-                utils::copy_sparse_file(src, dst, punch_hole)?;
-                Ok(())
-            }
+            Debug::Mount => init_event::mount_modules_systemlessly(),
             Debug::Test => assets::ensure_binaries(false),
         },
 

userspace/ksud/src/defs.rs

@@ -10,23 +10,17 @@ pub const PROFILE_SELINUX_DIR: &str = concatcp!(PROFILE_DIR, "selinux/");
 pub const PROFILE_TEMPLATE_DIR: &str = concatcp!(PROFILE_DIR, "templates/");
 
 pub const KSURC_PATH: &str = concatcp!(WORKING_DIR, ".ksurc");
-pub const KSU_OVERLAY_SOURCE: &str = "KSU";
+pub const KSU_MOUNT_SOURCE: &str = "KSU";
 pub const DAEMON_PATH: &str = concatcp!(ADB_DIR, "ksud");
 pub const MAGISKBOOT_PATH: &str = concatcp!(BINARY_DIR, "magiskboot");
 
 #[cfg(target_os = "android")]
 pub const DAEMON_LINK_PATH: &str = concatcp!(BINARY_DIR, "ksud");
 
 pub const MODULE_DIR: &str = concatcp!(ADB_DIR, "modules/");
-pub const MODULE_IMG: &str = concatcp!(WORKING_DIR, "modules.img");
-pub const MODULE_UPDATE_IMG: &str = concatcp!(WORKING_DIR, "modules_update.img");
-
-pub const MODULE_UPDATE_TMP_IMG: &str = concatcp!(WORKING_DIR, "update_tmp.img");
 
 // warning: this directory should not change, or you need to change the code in module_installer.sh!!!
-pub const MODULE_UPDATE_TMP_DIR: &str = concatcp!(ADB_DIR, "modules_update/");
-
-pub const SYSTEM_RW_DIR: &str = concatcp!(MODULE_DIR, ".rw/");
+pub const MODULE_UPDATE_DIR: &str = concatcp!(ADB_DIR, "modules_update/");
 
 pub const TEMP_DIR: &str = "/debug_ramdisk";
 pub const MODULE_WEB_DIR: &str = "webroot";