From f2481fbc1d98c1c317bc0b0f9ab5ee21465b01a1 Mon Sep 17 00:00:00 2001 From: Pierre-Hugues Husson Date: Wed, 3 Nov 2021 17:43:25 -0400 Subject: [PATCH] Upgrade securize for metadata + new no exec xbin Use /metadata/phh/secure to store securize status And if securized, remove apk and system/xbin --- phh-securize.sh | 2 ++ rw-system.sh | 17 ++++++++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/phh-securize.sh b/phh-securize.sh index 0b361b5..80b46d7 100644 --- a/phh-securize.sh +++ b/phh-securize.sh @@ -33,4 +33,6 @@ rm -Rf $SYSTEM/{app,priv-app}/me.phh.superuser/ rm -Rf /data/su || true mount -o remount,ro $MOUNTPOINT sync +mkdir /metadata/phh +touch /metadata/phh/secure reboot diff --git a/rw-system.sh b/rw-system.sh index 07da866..5699791 100644 --- a/rw-system.sh +++ b/rw-system.sh @@ -666,7 +666,7 @@ fi setprop ctl.stop console dmesg -n 1 -if [ -f /system/phh/secure ];then +if [ -f /system/phh/secure ] || [ -f /metadata/phh/secure ];then copyprop() { p="$(getprop "$2")" if [ "$p" ]; then @@ -717,6 +717,21 @@ if [ -f /system/phh/secure ];then resetprop_phh ro.adb.secure 1 setprop ctl.restart adbd + + # Hide system/xbin/su + mount /mnt/phh/empty_dir /system/xbin + mount /mnt/phh/empty_dir /system/app/me.phh.superuser + mount /system/phh/empty /system/xbin/phh-su +else + mkdir /mnt/phh/xbin + chmod 0755 /mnt/phh/xbin + chcon u:object_r:system_file:s0 /mnt/phh/xbin + + #phh-su will bind over this empty file to make a real su + touch /mnt/phh/xbin/su + chcon u:object_r:system_file:s0 /mnt/phh/xbin/su + + mount -o bind /mnt/phh/xbin /system/xbin fi for abi in "" 64;do