Originally Magisk required the Denylist to be enforced to access the Denylist.
When enforced, Magisk is unloaded while the processes on the Denylist are called.
Now you can access the Denylist when it is not enforced.
Since Magisk runs normally when not enforced, the Denylist is just a list.
No need to remove 'gms' from the Denylist when it is not enforced.
- I recently discovered `ro.is_ever_orange` on OOS 11, which gets set roughly 32 seconds after boot completed and is equal to the number of times a device has ever been `fastboot oem unlock`ed
- a fresh MSM (i.e. factory locked device) has it set to 0, and using system.prop to set it to 0 earlier in the boot seems to keep it set to 0 instead of the real unlock count
- I haven't seen this exploited anywhere, though I presume it exists for a reason, so probably good to manage it as well
Android 7.x lacks the InMemoryDexClassLoader API, which is necessary for
the module to load Java code, and is unlikely to support hardware
attestation on any production devices anyway.
Fixes#124, #127
- move ro.boot.flash.locked to late props since any earlier appears to break Realme fingerprint readers
Thanks @byxiaorun for finding the problem prop, and @Jowat97 for testing
This ensures that GMS will never start before it's removed from the
DenyList, even if another module's service.sh is blocking our script.
Suggested-by: osm0sis <osm0sis@outlook.com>
Zygisk is now the primary implementation of this module.
NB: The Zygisk module template is in the public domain, so attribution
is no longer needed in the license.
- Ported from Riru implementation
- Limited Java payload to com.google.android.gms.unstable as a fix for
issues caused by model misdetection and flag provisioning
- Root companion process to serve classes.dex over socket
- Forces DenyList unmounting to pass basicIntegrity
- vendor.boot.verifiedbootstate was a "late_prop" in MagiskHide so needs to be set at boot_completed; this works around OnePlus display mode and in-display fingerprint reader breakage when this prop is reset to green earlier in the boot
- tidy up prop groupings and document them a bit more
This functionality has been removed from Magisk:
003fea52b1
Simple properties are set in system.prop, but more advanced overrides
need to be handled by a script.
This is the Riru version of this module, which improves upon the old
solution of replacing the native keystore service:
- Compatible with OEM ROMs that have heavily-modified keystore services
- Doesn't break other uses of key attestation in Google Play Services
