search

topjohnwu / Magisk

The Magic Mask for Android
GNU General Public License v3.0
48.92k stars 12.57k forks source link

Custom fstab: cannot open file -> Permission denied in Magisk 28001 -> external SD Card not mounted -> new overlay.d process? #8457

Open newbit1 opened 1 month ago

newbit1 commented 1 month ago

Device: Samsung S10 SM-G973F (beyond1) Android version: 12 Magisk version name: Canary Magisk version code: 28001 (070719db)

I am using Magisk 28001 within my custom kernel and a custom fstab file. With v27 everything worked great, my external SD Card got mounted. But now with 28001 it doesn't. So far the rest of Magisks works. It is just this custom fstab issue.

If I check the logs, I can see a message like: vold : [libfs_mgr]ReadFstabFromFile(): cannot open file: '/vendor/etc/fstab.exynos9820': Permission denied

Permissions are:

beyond1:/ # ls -lZ /vendor/etc/fstab.exynos9820
-rw-r--r-- 1 root root u:object_r:vendor_configs_file:s0  2533 2024-10-13 10:01 /vendor/etc/fstab.exynos9820

As a backup function, I also installed the same Magisk Version into my recovery partition. And there is no custom fstab. And If I boot from there, my external SD Card gets mounted.

The whole custom fstab thing worked well with v27.0. Is there anything new to the overlay.d mounting process I am not aware of? Could need a little help or pointer If I have to adjust my custom fstab and the way how I add it into my kernels ramdisk.

This is how I implement it via the initramfs_list:

dir /.backup 0705 0 0
file /init usr/magisk/magiskinit 0755 0 0
file /.backup/.magisk usr/magisk/backup_magisk 0705 0 0
dir /overlay.d 0750 0 0
dir /overlay.d/sbin 0750 0 0
file /overlay.d/sbin/init-ld.xz usr/magisk/init-ld.xz 0644 0 0
file /overlay.d/sbin/magisk.xz usr/magisk/magisk.xz 0644 0 0
file /overlay.d/sbin/stub.xz usr/magisk/stub.xz 0644 0 0
dir /overlay.d/vendor 0755 0 2000
dir /overlay.d/vendor/etc 0755 0 2000
file /overlay.d/vendor/etc/fstab.exynos9820 usr/magisk/fstab.exynos9820 0644 0 0
dir /overlay.d/vendor/etc/init 0755 0 2000
file /overlay.d/vendor/etc/init/init.exynos9820.usb.rc usr/magisk/init.exynos9820.usb.rc 0644 0 0

This is how my fstab.exynos9820 looks like:

# Android fstab file.
#<src>                  <mnt_point>         <type>    <mnt_flags and options>                               <fs_mgr_flags>
# The filesystem that contains the filesystem checker binary (typically /system) cannot
# specify MF_CHECK, and must come before any filesystems that do specify MF_CHECK

#/dev/block/by-name/system   /system             ext4      ro                                                    wait
#/dev/block/by-name/vendor   /vendor             ext4      ro                                                    wait
/dev/block/by-name/cache    /cache  ext4    noatime,nosuid,nodev,noauto_da_alloc,discard,journal_checksum,data=ordered,errors=panic wait,check
# /dev/block/by-name/userdata   /data   ext4    noatime,nosuid,nodev,noauto_da_alloc,discard,journal_checksum,data=ordered,errors=panic wait,check,fileencryption=ice,quota,reservedsize=128M
/dev/block/by-name/userdata /data   ext4    noatime,nosuid,nodev,noauto_da_alloc,discard,journal_checksum,data=ordered,errors=panic wait,check,quota,reservedsize=128M
/dev/block/by-name/efs  /mnt/vendor/efs ext4    noatime,nosuid,nodev,noauto_da_alloc,discard,journal_checksum,data=ordered,errors=panic wait,check
#/dev/block/by-name/persistent /mnt/vendor/persist            ext4      noatime,nosuid,nodev,barrier=1,data=ordered,nodelalloc,nomblk_io_submit,errors=panic wait,notrim
/dev/block/by-name/misc /misc   emmc    defaults    defaults,first_stage_mount
#/dev/block/by-name/recovery  /recovery           emmc      defaults                                               defaults

# VOLD:fstab.exynos9820
/devices/platform/13d00000.dwmmc2/mmc_host*    auto    auto    default    voldmanaged=sdcard:auto
/devices/platform/10c00000.usb*                auto    vfat    default    voldmanaged=usb:auto

# Samsung ODE
# /dev/block/platform/13d60000.ufs/by-name/keydata  /keydata    ext4    noatime,nosuid,nodev,noauto_da_alloc,discard,journal_checksum,data=ordered,errors=panic wait,check,fileencryption=ice,nofail
/dev/block/platform/13d60000.ufs/by-name/keydata    /keydata    ext4    noatime,nosuid,nodev,noauto_da_alloc,discard,journal_checksum,data=ordered,errors=panic wait,check,nofail
# /dev/block/platform/13d60000.ufs/by-name/keyrefuge    /keyrefuge  ext4    noatime,nosuid,nodev,noauto_da_alloc,discard,journal_checksum,data=ordered,errors=panic wait,check,fileencryption=ice,nofail
/dev/block/platform/13d60000.ufs/by-name/keyrefuge  /keyrefuge  ext4    noatime,nosuid,nodev,noauto_da_alloc,discard,journal_checksum,data=ordered,errors=panic wait,check,nofail

# Mount Virtual SD / USB Device on loop7
/devices/*/block/loop7                auto    auto    default    voldmanaged=usbotg:auto

my .magisk file from kernel:

KEEPVERITY=true
KEEPFORCEENCRYPT=true
RECOVERYMODE=false
PREINITDEVICE=userdata

my .magisk file from recovery:

KEEPVERITY=true
KEEPFORCEENCRYPT=true
RECOVERYMODE=true
PREINITDEVICE=userdata
SHA1=f1738fdcc236e7e13304f1119c9c062d9a02e1c8

Thanks logcat_kernelboot.log magisk_kernelboot.log logcat_recoveryboot.log magisk_recoveryboot.log fstab_init_magisk-configs.zip

aviraxp commented 1 month ago

A lot of magiskinit stuff changed from 27 to 28, but I didn't find anything specific to overlay.d.

Can you provide dmesg when booting (need to check logs of magiskinit)?

pndwal commented 1 month ago

FWIW @aviraxp, just saw this... Seems some issues here (not sure how many) may be caused by patch creation producing corrupted magiskboot on some devices with 28001: https://xdaforums.com/t/magisk-general-support-discussion.3432382/post-89756265

May need to confirm, but may help...

newbit1 commented 1 month ago

A lot of magiskinit stuff changed from 27 to 28, but I didn't find anything specific to overlay.d.

Can you provide dmesg when booting (need to check logs of magiskinit)?

Thanks for looking into it. I figured they might be a change in the expected permissions of the file. dmesg_kernelboot.log dmesg_recoveryboot.log liveboot_kernelboot.log liveboot_recoveryboot.log

FWIW @aviraxp, just saw this... Seems some issues (not sure how many) may be caused by patch creation producing corrupted magiskboot on some devices with 28001: https://xdaforums.com/t/magisk-general-support-discussion.3432382/post-89756265

May need to confirm, but may help...

Thanks, in there it says:

The issue seems to be in the patch creation with Canary 28001.
The overlayed magiskboot is corrupted (the first 0xFF0 bytes).
Replacing magiskboot from the apk fixes the issue.
All other files are ok.

This would mean, I should have issues with the recovery boot, because the Magisk App did all the patching and flashing. And my Kernel Version should be fine, because I extract the magiskboot direct from the apk.

But it is the other way around. But I will check the magiskboot on my recovery partition If I can see that mentioned byte issue.

aviraxp commented 1 month ago

Dmesg is too late

newbit1 commented 1 month ago

Dmesg is too late

Yeah I noticed it too, as I was trying to gather it up to zero, I got a bootloop, again. So I installed, v27 first, got the kmsgs, upgraded to the 28001 Debug, got those kmsgs too. And ran again in a bootloop. first_kmsg_v27_kernelboot.log first_kmsg_v28-Debug_kernelboot.log kmsg_v27_kernelboot.log.log kmsg_v28-Debug_kernelboot.log

newbit1 commented 1 month ago

Any new insides with the logs? I hope they are sufficient now.

I could find some differences in the kernelboot logs. A lot of magiskinit messages are shown in v28, but not in v27. It also shows that the /vendor/etc/fstab.exynos9820 gets mounted. And then later comes the already mentioned message (not shown in the screenshots): vold : [libfs_mgr]ReadFstabFromFile(): cannot open file: '/vendor/etc/fstab.exynos9820': Permission denied

Not sure if this is related or just shown because of the debug version.

Screenshot 2024-10-15 at 20 45 34 Screenshot 2024-10-15 at 20 51 02 Screenshot 2024-10-15 at 20 52 49
topjohnwu commented 1 month ago

Maybe it's caused by the more restricted sepolicy rule? b11b81122a7c2e8ad2d8b7a2e66abf9816ff7796

topjohnwu commented 1 month ago

OK yeah, it is indeed caused by the more restricted sepolicy rule, as vold is not init, zygote, or shell

pndwal commented 1 month ago

General note: So 27004 regression (?)

newbit1 commented 1 month ago

Nice, great find, thanks. Can I change something on the sepolicy rules myself, to test this "manually" ? Or shall I wait for fix?

aviraxp commented 1 month ago

https://filetransfer.io/data-package/bqgFipvy#link try this

newbit1 commented 1 month ago

https://filetransfer.io/data-package/bqgFipvy#link try this

Thank you for making this effort, very much appreciated. I've tested this version, and it seems good, meaning: The Permission deniedmessage is still there, but some other, positive messages as well. Plus the actually issues are resolved, the sdcard gets auto-mounted when I boot from Magisk within the kernel. Also, my virtual drive, which is added via my custom fstab on /devices/*/block/loop7, gets also auto-mounted, so all good again now, thank you.

<12>[    2.190571]  [7:     magiskinit:    1] magiskinit: Mount [.magisk/rootdir/vendor/etc/fstab.exynos9820] -> [/vendor/etc/fstab.exynos9820]
<11>[    2.683347]  [7:        ueventd: 3547] ueventd: [libfs_mgr]ReadFstabFromFile(): cannot open file: '/vendor/etc/fstab.exynos9820': Permission denied
<14>[    2.683355]  [7:        ueventd: 3547] ueventd: [libfs_mgr]ReadDefaultFstab(): failed to find device default fstab
<14>[    4.065357]  [7:           init:    1] init: Userdata mounted using /vendor/etc/fstab.exynos9820 result : 0
<14>[    4.065386]  [7:           init:    1] init: Userdata mounted using /vendor/etc/fstab.exynos9820 result : 0
<14>[    4.065563]  [7:           init:    1] init: Command 'mount_all /vendor/etc/fstab.exynos9820' action=fs (/vendor/etc/init/init.exynos9820.rc:1002) took 416ms and succeeded

A couple more things, just make this report more complete. I've tried to install the downloaded app-debug.apk, but it was rejected from the Package installer. And when I opened the installed Magisk app, a toast popped up to reflash Magisk. I didn't try the recovery boot yet. Screenshot_20241016_214952 Screenshot_20241016_215019_Package installer first_kmsg_28001-D_a5cad532_sdcardfixed_kernelboot.log

One last thing, do you know what this messages means? Or better, how I can get rid of it? init: [libfs_mgr]Warning: unknown flag: encryptable This message is like a gazillion times in my logs.

Thanks

aviraxp commented 1 month ago

To be sumed up: The file overlayed by overlay.d shares tmpfs label but not original label because if of bind mount, so I have to allow vold to access tmpfs file.

That's not an ideal solution to allow all domains to access tmpfile (introduced security issues), so I am planning to clone xattr of target files before doing magic mount.

newbit1 commented 1 month ago

To be sumed up: The file overlayed by overlay.d shares tmpfs label but not original label because if of bind mount, so I have to allow vold to access tmpfs file.

That's not an ideal solution to allow all domains to access tmpfile (introduced security issues), so I am planning to clone xattr of target files before doing magic mount.

Understood, sounds like plan. If you want me to do further tests in that matter, with pleasure.

aviraxp commented 1 month ago

try this https://filetransfer.io/data-package/xN2T5ZQ9#link

newbit1 commented 1 month ago

try this https://filetransfer.io/data-package/xN2T5ZQ9#link

Nope, this one doesnt work with my custom fstab. The system boots yes, but the sdcard doesnt gets mounted. first_kmsg_v28-a5cad532_kernelboot.log

aviraxp commented 1 month ago

It seems selinux isn't initalized when overlay.d takes effect. I will try to find other ways.