Magisk - The Magic Mask for Android

1,847 posts
Thanks Meter: 60,898
By topjohnwu, Senior Recognized Developer / Recognized Contributor on 3rd October 2016, 06:00 PM
Thread Closed Email Thread
11th January 2017, 12:55 PM |#11  
OP Senior Recognized Developer / Recognized Contributor
Flag Taipei
Thanks Meter: 60,898
Donate to Me
Magisk Manager v3.1

I'm still dealing with my finals (got an exam tomorrow, and 3 more projects to do......), but the online repo is no longer accessible on Magisk Manager, which forces me to push out an update.
Apart from that critical bug fix, it also comes with a lot of updates and improvements, please check the changelog for further info.

Please update your Magisk Manager from Play Store. The direct link is also updated with the new v3.1 version
The Following 254 Users Say Thank You to topjohnwu For This Useful Post: [ View ]
6th February 2017, 12:57 AM |#12  
OP Senior Recognized Developer / Recognized Contributor
Flag Taipei
Thanks Meter: 60,898
Donate to Me
Magisk v11.0
2017.2.6 Magisk v11.0
Came back from Chinese New Year holiday with some significant updates!

Introducing MagiskSU
Magisk officially becomes its own rooting solution!
Initially I just want to add root management features into Magisk Manager, but ended up updating lots of code.
Since the changes are quite significant, and no longer compatible with older versions, I'll just name it MagiskSU instead of phh Superuser.
The code is based on phh's approach to update the CM Superuser. I spent quite some effort to achieve SuperSU standards, so far the functionality should be nearly equivalent, my only concern now is compatibility, which is what I will focus on in future releases.

Please note, Magisk is still fully compatible and functional with the latest SuperSU (tested against v2.79-SR3)

The Fully Re-factored sepolicy-inject tool
To accompany with the fresh new MagiskSU, I also spent a ton of effort re-factoring the tool sepolicy-inject.
The tool now accepts policy statements, you can get more info about it from from this section of @Chainfire 's wonderful How-To SU documentation.
Basically I aimed to follow the same syntax as SuperSU's supolicy tool, as it is straight forward and same as the .te policy sources. I added a few additional features in sepolicy-inject, you can directly execute the binary with no options to refer to the help info.
See all changes in the changelog

(I named it "sepolicy-inject" instead of "supolicy", since it still differs in many ways (e.g the built-in rules) even though the syntax is now nearly identical. Root app developers might want to handle this difference when live patching sepolicies)

Pseudo SELinux Enforce Mode
Thanks to the new sepolicy-tool, pseudo enforced mode is now possible (the status shows enforced, but actually is permissive).
In some versions of Google Play Services, setting SELinux to permissive causes Safety Net to fail; however some custom ROMs require the system to be in permissive to be fully functional (although it should be considered as a bad practice). This shall be the perfect solution.
This will not be as a switchable option within Magisk Manager, since Google has a history of pulling apps from the Play Store when related to SELinux (see the tragic example of developer @flar2 's awesome app, and there are still more incidents).
MagiskHide binary is now updated to detect the permissive state, patch the current sepolicy to pseudo enforced mode, then switch back to enforced.
ROM developers don't have to change anything, just simply set to permissive on boot with a bundled app or a boot script as usual. If a user decided to enable MagiskHide, it will handle everything itself.

General Purpose Boot Scripts
I removed this feature in Magisk v4 and favored the per-module scripts. Now I decided to bring it back again.
The scripts should be placed in /magisk/.core/post-fs-data.d and /magisk/.core/service.d. The directory name should be self-explanatory.
If you have no idea which to choose, the post-fs-data.d will be a nice bet.
So Magisk will now execute script named in each module, and all files within post-fs-data.d. The same applies to service.

Thank you for everyone providing translations to Magisk Manager, and huge thanks to all donated.
I appreciate all the support, and that is my motivation to continue pumping stuffs out!
I will be maintaining MagiskSU continually; support won't end, at least in the near future.
Magic Mount features and better Magisk Module support are also on my list.
I spent zero time on adding more support to devices in v11, all the effort were put in MagiskSU and MagiskManager and major bug fixes.
The whole project is now in the state I consider "feature-packed" enough, most users/developers haven't used the full potential of the features.
I'll stop adding major new features and instead focusing on bringing Magisk to more devices that currently isn't supported.
And yes, that means I will postpone the long planned but never worked on Multi-ROM feature (I barely spent time on it after the POC video)

Hope you all will enjoy the update
(P.S. It's 9 AM here and I haven't slept. I'll update documentations after some sleep)
The Following 396 Users Say Thank You to topjohnwu For This Useful Post: [ View ]
6th February 2017, 10:46 AM |#13  
OP Senior Recognized Developer / Recognized Contributor
Flag Taipei
Thanks Meter: 60,898
Donate to Me
Before I got the in-app guides done, here are some tips for you
Many people seems missing these details
The Following 340 Users Say Thank You to topjohnwu For This Useful Post: [ View ]
19th February 2017, 03:34 AM |#14  
OP Senior Recognized Developer / Recognized Contributor
Flag Taipei
Thanks Meter: 60,898
Donate to Me
2017.2.19 Magisk Manager v4.2
Magisk Manager v4.2 is now live on Play Store. OP direct links are also updated accordingly.
Tons of improvements to the app, check the changelog for more info

Where is the Magisk Update?
I'm aware there are issue in Magisk v11.1 (vendor mount issues, and MagiskSU system rw issue)
I already fixed the system rw MagiskSU issue (so TiBack now 100% functional), you can check the Superuser sources if you're interested into the solution
I'll push an update soon after I fixed all currently known issues, AND add compatibility to more devices.
Please note that I'm only one single man, and also got a real life to deal with, so I can only focus one thing at a time.
I decided to first improve the Magisk Manager application to a point I think it's acceptable. Android application development is quite tedious, I have to put quite some time and effort into it.
After this Magisk Manager update, I will put all my attention on the core Magisk part, so please stay tuned!

New Online Module Info Display
I updated the way Magisk Manager show the details of Online Magisk Modules in the repo.
Previously I let each module include a changelog.txt, donate link, and support link
However, I think it would be better to let module developers to write anything they want
And considering the text rendering needs to be nice and clean, I think Markdown is the best choice here!
You can include links to your thread, links to your donation link, download link for an app required, changelog.... anything!

All Repo Developers Aware!
In Magisk Manager v4.2, the app will read the file within your repo, and render the file properly
The changelog.txt file, support and donate entry within module.prop are no longer read, they can be removed.
Please update your file ASAP to let the new app properly display what your modules do.

Here is an example, I updated the Xposed module's, you can see the results in attachments
This is also a screenshot of what the new UI looks like
Attached Thumbnails
Click image for larger version

Name:	new_module_info.png
Views:	48632
Size:	222.3 KB
ID:	4046444  
The Following 255 Users Say Thank You to topjohnwu For This Useful Post: [ View ]
20th February 2017, 07:59 PM |#15  
OP Senior Recognized Developer / Recognized Contributor
Flag Taipei
Thanks Meter: 60,898
Donate to Me
Magisk Manager v4.2.5 is live!
Hot fix for Samsung crashes (theoretically, no device to test), also did several adjustments here and there
As usual, full changelog in 2nd post, direct links and Play Store (might need to wait a few hours) are also updated

Sorry for the inconvenience!
The Following 177 Users Say Thank You to topjohnwu For This Useful Post: [ View ]
21st February 2017, 09:20 PM |#16  
OP Senior Recognized Developer / Recognized Contributor
Flag Taipei
Thanks Meter: 60,898
Donate to Me
Magisk Manager v4.2.6
Finally got the Samsung crash fixed!! Thank you for everyone reporting giving feedback, really appreciate the community!
As a compensate for the frequent updates and inconvenience, I added another feature that was requested to Magisk Manager - add a setting to disable update notifications
Play Store might take a few hours to update, direct link in OP is updated

Finally, I can now focus on the core part, which IMO is much much more important
Device compatibility should be GREATLY improved once the work is done, stay tuned!
For Pixel support though, I'll need to borrow my friend's Pixel XL for a couple of weeks to develop, but this might not happen soon since school is quite busy.
The Following 253 Users Say Thank You to topjohnwu For This Useful Post: [ View ]
20th March 2017, 12:02 AM |#17  
OP Senior Recognized Developer / Recognized Contributor
Flag Taipei
Thanks Meter: 60,898
Donate to Me
2017.3.21 Magisk v11.5/v11.6
It's about time for some Magisk update!!

Magisk Binary Changes
The original tool sepolicy-inject is now renamed to magiskpolicy. However, for backward compatibility, a symlink named sepolicy-inject will be created, which simply just links to magiskpolicy
The original tool bootimgtools is now renamed to magiskboot, which is a complete rewrite of the existing boot image patching tool. More info later.
Starting from this release, magiskpolicy, sepolicy-inject, resetprop, and if MagiskSU is installed, su, and supolicy (this is NOT the SuperSU supolicy, it just links to magiskpolicy, exists for compatibility) are all added to the PATH, which means you can directly call these commands through shell (and apps) without explicitly calling "/data/magisk/XXXXX"
In a nutshell:
/sbin/su -> /data/magisk/su
/sbin/resetprop -> /data/magisk/resetprop
/sbin/magiskpolicy -> /data/magisk/magiskpolicy
/sbin/sepolicy-inject -> /data/magisk/magiskpolicy
/sbin/supolicy -> /data/magisk/magiskpolicy
/data/magisk/sepolicy-inject -> /data/magisk/magiskpolicy
New Boot Image Tool: MagiskBoot
I spent a lot of time rewriting the whole boot image patching tool. For now it shall GREATLY improve the compatibility of Magisk. Key features:
  • Complete rewrite boot image extracting process
  • Proper MTK header support
  • Sony ELF type boot image support
  • Native ramdisk compression method support : gzip, xz, lzma, bzip2, lz4
    This means custom kernel developers can now use a different ramdisk compression method with their custom kernels!
  • Native cpio patching support: auto ramdisk backups, auto ramdisk restores, auto dm-verity patch, auto forencrypt patch, native cpio extract/mkdir/add
    This means boot patching process itself does not require root access anymore (it usually does)
  • Native LG bump and Samsung SEANDROIDENFORCE flag detection
    More Magisk installation methods shall come soon!
I believe some of the features above do not exist in any existing rooting methods, I hope this will bring more users on the Magisk bandwagon

MagiskSU Fixes
In all current open source root methods, a common issue is that some apps (most well-known: Titanium Backup) cannot properly mount /system to read-write. Here I'll only briefly explain the technical details.
After spending very many hours, the victims are narrowed down to programs that directly use the "mount" system calls instead of calling the "mount" command. Also, the issue does not only happens to /system, but instead any read-only partitions. The only way to remount them to rw is through the toybox implementation of the mount command, which should be the default of all devices. This means that any external mount command (e.g. busybox) cannot remount them to rw either. After digging through the AOSP toybox source code and some search through the commits, I finally found the culprit: this commit in AOSP. What that commit does in a nutshell is that all blocks mounted read-only will be locked to read-only.
So starting from this release of MagiskSU, all blocks will be unlocked when the daemon is started (this does NOT break your system integrity, meaning it does not break OTAs), everything should work fine.

Another subtle change is that the command "-cn" will not do anything starting from now. All root developers can call the "-cn" command on both SuperSU and MagiskSU, it shall work in both cases.
I had tried to add the "-cn" command in the previous release, which only exists in SuperSU, but it was not implemented correctly, and apps depending on it will not work correctly.
However, this "context switch" command is originally added to SuperSU due to the way it managed selinux back in the old days. The way I deal with selinux, starting from Magisk v7 (Chainfire switched to similar method in his latest beta) DOES NOT need any context change, as all root procedures and processes are running in a permissive domain (in Magisk's case it's a domain that allows everything, which is slightly different to permissive. This is because permissive does not work on Sammy)

Magic Mount Vendor Issues
In Magisk v11.1, devices with a separate vendor partition (newer Nexus devices) will fail to properly magic mount files in vendor, the most common issue is using the ViPER4Android Magisk module.
It is now fixed in v11.5

Module Template Update
The Magisk Module Template is now updated. All developers please adapt your modules to the newer version
An entry in module.prop called template now indicates the template version number.
In future Magisk Manager updates, it will only show the modules that are using the latest two versions of the template.
e.g. If the latest template version is v13, only v13 and v12 modules will be showed in the repo
This gives the time for developers to update their modules, but also enforcing them to adapt to newer scripts, so I don't need to support the old template formats.
I apologize that I was busy and didn't add the existing module requests, I'll add them once you have migrated your module to the latest template
Also please note that I will NOT add modules that ONLY change some props using resetprop, as this is a upcoming feature to Magisk Manager in the near future.

What's Next?
Magisk v11.1 got over 500K downloads! Thank you for all the support!
The next short term goal is to add more features into MagiskManager (including the mentioned prop management, and a new installation method)
The long term goal will be migrating the current script-based magic mount to C program, which shall be run as a daemon in the background, combining resetprop, magiskhide etc. all-in-one. This will take some time to finish though.
For the long awaited Pixel support, I think I'll start working on it, but the complexity of that device might take a very long time for me to understand, since I do not own the device. I can only borrow my friend's device for not that long of a period of time, so progress shall be really slow. I'll not get the Pixel device now, because I don't think it is worth the price and the hassle for me to import it into Taiwan, but I'll definitely get the Pixel 2 to replace my current daily driver lol.
The Following 406 Users Say Thank You to topjohnwu For This Useful Post: [ View ]
20th March 2017, 06:10 AM |#18  
OP Senior Recognized Developer / Recognized Contributor
Flag Taipei
Thanks Meter: 60,898
Donate to Me
Magisk v11.6 Hotfix
The issue turns out to be a veeeery minor issue, but causes the whole script unable to run correctly on Samsung devices.
Also, I fixed the incorrect value for selinux prop patching for MagiskHide, so people with selinux issues should now be settled.

I guarantee all future releases will go through serious beta testing, especially Samsung devices. This project is in a scale that these kind of mistakes cannot be tolerated.
I'm sorry for all the inconvenience the previous release gave you, and the mess and headaches for all broken devices.

The Module Template is again updated. This bug will also affect module templates, so please update accordingly, thanks!!

But still, I hope you will enjoy this new release
The Following 398 Users Say Thank You to topjohnwu For This Useful Post: [ View ]
31st March 2017, 12:36 AM |#19  
OP Senior Recognized Developer / Recognized Contributor
Flag Taipei
Thanks Meter: 60,898
Donate to Me
2017.3.31 Magisk V12.0
The major version bump should label this release as a stable release (at least this is what I hope)
This release is thoroughly tested by all my testers, especially focusing on Samsung devices
Unless major issues, the next release should be a complete new redesign, and requires more time, more info later
The FAQ in OP is updated, please check them out!!!

Samsung, Samsung, oh Samsung
My previous release was widely criticized for breaking tons of Samsung devices, the rating on Play Store also reflected this fact
Thanks to helpful testers and developers, we ironed out all the quirks of Sammy, and in addition added more Samsung specific features.
One is adding proper support for Samsung permissive kernels. Another is faking KNOX to 0x0 if MagiskHide enabled.
Is that good enough to compensate my mistakes in the last release?

Sepolicy Live Patch Moved
Another critical update is that the sepolicy live patching is now moved from the post-fs-data mode to the service mode.
This decision is done due to the fact that on some devices (e.g. Samsung), there are too much to patch, which greatly delays the bootup time if the live patching is done in a blocking stage. However, this will require some updates for the minimal sepolicy rules.
The minimal patch is now a little more complete, which requires 20-80KB of ramdisk size (previously 1-4KB). Still not large to be honest.
However, this makes post-fs-data mode NOT completely unrestricted. post-fs-data mode can still do any file related operations, setting system props etc., a lot more than normal users would use. However, service mode would be guaranteed to be executed AFTER the full sepolicy patch is done.
It is recommended to run most scripts in the service mode (service.d/, except a. mounting files; b. patching system props; c. time critical operations

Magisk Core Only Mode
People complain that Magisk has "too many features", they don't want to use such "complete" solution.
Here I introduce Core Only Mode. It can be enabled in the new Magisk Manager.
What will still be started: MagiskSU, post-fs-data.d, service.d, (if enabled: MagiskHide, systemless hosts, systemless busybox)
What will not be started: Cache (post-fs) mounts, magic mount (system mirror etc.), all modules, all module scripts

So it literally limits Magisk to root + boot scripts. MagiskHide is still there for those who want some Mario Run lol.

Say Goodbye to Outdated Modules
This day finally comes. All modules on the repo that aren't using the latest template (v3 for now) are now hidden.
This not only guarantees that the modules are using the latest scripts, but also a nice way to filter out modules that are no longer maintained by the uploader.
You have to add/update template=(ver) in your module.prop. Magisk Manager will not know if you only updated the scripts

Upcoming Features
Here are some planned features (sorted in priority)
  • Magisk Manager resetprop GUI
  • MagiskSU multiuser support
  • Unified Magisk daemon: As stated before, I'm planning to write Magic Mount in code to achieve more efficiency and features.
    All current Magisk features (magiskpolicy, magiskhide, resetprop, superuser, magic mount) will be in a unified daemon
  • Pixel (XL): Some developers has done some progress, I'll contact them and sort things out
  • Android O: I bought a Nexus 5X now, finally got some O love

Some details are changed in v12.0, I'll update the documentation (wiki) soon.
The Following 589 Users Say Thank You to topjohnwu For This Useful Post: [ View ]
14th May 2017, 09:16 PM |#20  
OP Senior Recognized Developer / Recognized Contributor
Flag Taipei
Thanks Meter: 60,898
Donate to Me
Some Recent Updates
I wish I can be more vocal in the forums, so more information can be spread to the community, but being a university student in Taiwan, studying engineering specifically, is not easy.
It has been a while since the last release, I think I would shed some light regarding the next big update.

Unified Binary
First, the most obvious change is that Magisk no longer rely on the overly complicated scripts, but instead replaced with pure C/C++ programs. Along with Magisk's development, more and more features were added, and those cannot be done with scripts are added as binaries (magiskhide, magiskpolicy, resetprop etc.). As a result, in the last build (v12.0) there are tons of binaries scattered, loosely working together with poor communication.
So the first thing to do is to combine everything as a single program, something like busybox, which is a single binary that acts as multiple utilities. This took me quite some time to finish, especially merging the existing superuser with other parts that also requires daemon connection. Another tricky part is to port the spaghetti shell script into proper C code. The good news is that both of them are done (though, some small bugs might exist and I'm currently hunting them down)

No More Busybox!
Second is the decision to remove the bundled busybox. Initially I added busybox into Magisk due to lack of proper commandline tools in native Android environment (e.g. lack of losetup in Android 5.0), and also many selinux specific options for several utilities do not exist in official AOSP toolbox/toybox. The big problem is that the busybox causes more issues than I would ever expect. Many features in v12 are implemented to only work with that specific busybox bundled with Magisk. However due to the variety of configurations of custom roms, the assumption that the target busybox is always there, working as expected obviously isn't true, leading to numerous breakage and headaches. This is one of the reason why tons of issues submitted to Github are not addressed, because all pre-v13 are haunted with the same issue - the environment Magisk is running is a mess.
However, thanks to ditching shell scripts completely, currently I handle everything by natively calling system calls, or by implementing the functions directly into the binary (another tedious task...). So Magisk now works as a complete package itself, no more dependency and requirements in the environment. Due to this change, the Magisk Manager would need to include a busybox in order to provide the environment to install Magisk modules/Magisk updates, which I think many tracking the development on Github would already notice this change.
Those wondering how to add busybox if they want? I'll release a new module in the repo.

Android O
Finally, Android O support! As expected, Android O has quite some security changes, but since I'm gonna start everything from scratch anyway, things are all quickly sorted out. Also thanks to the arrival of my Nexus 5X, I can finally test things on an actual device, as a result Magisk is now 100% working on Android O DP1. The module template might need some slight updates regarding Android O changes, please stay tuned for the announcement!

Of course, tons of other improvements are also included, I won't list all of them here and will leave them for the release post and changelogs. Updates to Magisk Manager are also work in progress (application development is very tiresome...). There are still tons of features/support bugging in my mind and I would hope I can implement all, but the reality and school prevents me to do so, I am now aiming more towards a stable release rather than rushing out poorly designed features and making me regret in future maintenance lol.
I won't have time to publish lots of informative posts as this one, for those who are interested in the active development of Magisk/Magisk Manager, please keep track of the Github repos. I always keep the development work transparent, anyone curious can spend a little effort to build it themselves and have a sneak peak of what's currently going on. Just keep in mind that the cutting edge master branch does not always work properly
The Following 598 Users Say Thank You to topjohnwu For This Useful Post: [ View ]
1st June 2017, 02:19 PM |#21  
OP Senior Recognized Developer / Recognized Contributor
Flag Taipei
Thanks Meter: 60,898
Donate to Me
Why is Magisk Manager not available on Play Store? Is development abandoned?
This is what I get from Google this morning:

Magisk Manager, com.topjohnwu.magisk, has been suspended and removed from Google Play as a policy strike because it violates the malicious behavior policy.

What is the so-called "malicious behavior"? From what I've suspect, viewing the definition of malicious behavior, most likely I violated the two following policies:

  • Apps that introduce or exploit security vulnerabilities.
  • Apps or SDKs that download executable code, such as dex files or native code, from a source other than Google Play.

For the first policy: Magisk bypasses Google's strict compatibility check - the CTS check on tampered devices (SafetyNet checks CTS status). CTS is what Google judge whether a manufacturer can ship a device with its Google services, so Google is definitely really serious about this issue. Also, Magisk roots your device, patches tons of SELinux policies (all rooting method do) etc, which is also an obvious security breach.

However, I doubt this was the main reason, since many superuser management apps are also on the Play Store. The main reason should be the other one.
The second rule I listed can be translated to: you cannot have anything "market-like" to let users download and run code on your device. Apparently, Magisk's Online Repo is a complete violation against this rule.

Now I have two choices: Remove the online repo from Magisk Manager, and re-release a NEW APP on the store (yes, once your app is pulled down, the package name and app name is permanently banned).
The other way is to simply just distribute the app through places like XDA and third-party markets (just like Xposed Installer).
I prefer the second decision, because I can still use the same package name, also I wouldn't need to remove the online repo feature, which is one of the most precious thing for a development community like XDA. What I really lost is the $25 dollars for Play Store registration lol.

Development is definitely NOT suspended in any way, in fact, I had significant progress lately.
There are still some bugs not sorted out, and I need some feedback from the users, so I decide to start a new thread for public beta testing!
Expect the new thread to be live very soon, but I still need to do some small adjustments to deal with the unfortunate Play Store situation....

So the conclusion is: Yes, Magisk Manager is pulled from Play Store due to policy violation; and no, this is not a sign for the end of development.
In fact, I think Magisk is undergoing the most active development since release!
The Following 1,122 Users Say Thank You to topjohnwu For This Useful Post: [ View ]
Thread Closed Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes