WSABuilds/.github/workflows/magisk.yml

name: Magisk

on:
  push:
  pull_request:
  workflow_dispatch:
    inputs:
      magisk_apk:
        description: 'Download link to magisk apk.'
        required: true
        default: 'https://raw.githubusercontent.com/LSPosed/MagiskOnWSA/main/magisk.apk'
      gapps_variant:
        description: 'Variants of gapps. Should be: [none, aroma, super, stock, full, mini, micro, nano, pico, tvstock, tvmini]'
        required: true
        default: 'none'

jobs:
  build:
    runs-on: ubuntu-20.04
    strategy:
      matrix:
        arch: [x64, arm64]
    steps:
      - name: Dependencies
        run: |
          pip3 install beautifulsoup4 lxml
          sudo apt-get update && sudo apt-get install setools lzip          
      - name: Download AWS
        shell: python
        run: |
          import requests
          from bs4 import BeautifulSoup
          import re
          import zipfile
          import os
          import urllib.request

          res = requests.post("https://store.rg-adguard.net/api/GetFiles", "type=CategoryId&url=858014f3-3934-4abe-8078-4aa193e74ca8&ring=WIS&lang=en-US", headers={
              "content-type": "application/x-www-form-urlencoded"
          })
          html = BeautifulSoup(res.content, "lxml")
          a = html.find("a", string=re.compile("MicrosoftCorporationII\.WindowsSubsystemForAndroid_.*\.msixbundle"))
          link = a["href"]

          print(f"downloading link: {link}", flush=True)

          out_file = "wsa.zip"

          arch = "${{ matrix.arch }}"

          if not os.path.isfile(out_file):
              urllib.request.urlretrieve(link, out_file)

          zip_name = ""
          with zipfile.ZipFile(out_file) as zip:
              for f in zip.filelist:
                  if arch in f.filename.lower():
                      zip_name = f.filename
                      if not os.path.isfile(zip_name):
                          print(f"unzipping to {zip_name}", flush=True)
                          zip.extract(f)
                      break

          with zipfile.ZipFile(zip_name) as zip:
              if not os.path.isdir(arch):
                  print(f"unzipping from {zip_name}", flush=True)
                  zip.extractall(arch)
          print("done", flush=True)          
      - name: Download Magisk
        shell: python
        run: |
          import urllib.request
          import zipfile
          import os

          magisk_apk = """${{ github.event.inputs.magisk_apk }}"""

          if not magisk_apk:
              magisk_apk = """https://raw.githubusercontent.com/LSPosed/MagiskOnWSA/main/magisk.apk"""

          out_file = "magisk.zip"

          arch = "${{ matrix.arch }}"

          abi_map={"x64" : ["x86_64", "x86"], "arm64" : ["arm64-v8a", "armeabi-v7a"]}

          if not os.path.isfile(out_file):
              urllib.request.urlretrieve(magisk_apk, out_file)

          def extract_as(zip, name, as_name, dir):
              info = zip.getinfo(name)
              info.filename = as_name
              zip.extract(info, dir)

          with zipfile.ZipFile(out_file) as zip:
              extract_as(zip, f"lib/{ abi_map[arch][0] }/libmagisk64.so", "magisk64", "magisk")
              extract_as(zip, f"lib/{ abi_map[arch][1] }/libmagisk32.so", "magisk32", "magisk")
              extract_as(zip, f"lib/{ abi_map[arch][0] }/libmagiskinit.so", "magiskinit", "magisk")
              extract_as(zip, f"lib/{ abi_map['x64'][0] }/libmagiskinit.so", "magiskpolicy", "magisk")          
      - name: Download OpenGApps
        if: ${{ github.event.inputs.gapps_variant != 'none' && github.event.inputs.gapps_variant != '' }}
        shell: python
        run: |
          import requests
          import zipfile
          import os
          import urllib.request
          import json

          arch = "${{ matrix.arch }}"
          variant = "${{ github.event.inputs.gapps_variant }}"
          abi_map = {"x64" : "x86_64", "arm64": "arm64"}

          res = requests.get(f"https://api.opengapps.org/list")

          j = json.loads(res.content)

          link = {i["name"]: i for i in j["archs"][abi_map[arch]]["apis"]["11.0"]["variants"]}[variant]["zip"]

          print(f"downloading link: {link}", flush=True)

          out_file = "gapps.zip"

          if not os.path.isfile(out_file):
              urllib.request.urlretrieve(link, out_file)

          out_dir = "gapps"
          with zipfile.ZipFile(out_file) as zip:
              if not os.path.isdir(out_dir):
                  print(f"unzipping from {out_file}", flush=True)
                  zip.extractall(out_dir)
          print("done", flush=True)          
      - name: Expand images
        run: |
          e2fsck -yf ${{ matrix.arch }}/system.img
          resize2fs ${{ matrix.arch }}/system.img 1280M
          e2fsck -yf ${{ matrix.arch }}/vendor.img
          resize2fs ${{ matrix.arch }}/vendor.img 320M
          e2fsck -yf ${{ matrix.arch }}/product.img
          resize2fs ${{ matrix.arch }}/product.img 1024M
          e2fsck -yf ${{ matrix.arch }}/system_ext.img
          resize2fs ${{ matrix.arch }}/system_ext.img 108M          
      - name: Mount images
        run: |
          sudo mkdir system
          sudo mount -o loop ${{ matrix.arch }}/system.img system
          sudo mount -o loop ${{ matrix.arch }}/vendor.img system/vendor
          sudo mount -o loop ${{ matrix.arch }}/product.img system/product
          sudo mount -o loop ${{ matrix.arch }}/system_ext.img system/system_ext          
      - name: Integrate Magisk
        run: |
          sudo mkdir system/sbin
          sudo chcon --reference system/init.environ.rc system/sbin
          sudo chown root:root system/sbin
          sudo chmod 0700 system/sbin
          sudo cp magisk/* system/sbin/
          sudo find system/sbin -type f -exec chmod 0755 {} \;
          sudo find system/sbin -type f -exec chown root:root {} \;
          sudo find system/sbin -type f -exec chcon --reference system/product {} \;
          chmod +x magisk/magiskpolicy
          echo '/dev/wsa-magisk(/.*)?    u:object_r:magisk_file:s0' | sudo tee -a system/vendor/etc/selinux/vendor_file_contexts
          sudo ./magisk/magiskpolicy --load system/vendor/etc/selinux/precompiled_sepolicy --save system/vendor/etc/selinux/precompiled_sepolicy --magisk "allow * magisk_file lnk_file *"
          sudo tee -a system/system/etc/init/hw/init.rc <<EOF

          on post-fs-data
              start logd
              start adbd
              mkdir /dev/wsa-magisk
              mount tmpfs tmpfs /dev/wsa-magisk mode=0755
              copy /sbin/magisk64 /dev/wsa-magisk/magisk64
              chmod 0755 /dev/wsa-magisk/magisk64
              symlink ./magisk64 /dev/wsa-magisk/magisk
              symlink ./magisk64 /dev/wsa-magisk/su
              symlink ./magisk64 /dev/wsa-magisk/resetprop
              copy /sbin/magisk32 /dev/wsa-magisk/magisk32
              chmod 0755 /dev/wsa-magisk/magisk32
              copy /sbin/magiskinit /dev/wsa-magisk/magiskinit
              chmod 0755 /dev/wsa-magisk/magiskinit
              symlink ./magiskinit /dev/wsa-magisk/magiskpolicy
              mkdir /dev/wsa-magisk/.magisk 700
              mkdir /dev/wsa-magisk/.magisk/mirror 700
              mkdir /dev/wsa-magisk/.magisk/block 700
              rm /dev/.magisk_unblock
              start FAhW7H9G5sf
              wait /dev/.magisk_unblock 40
              rm /dev/.magisk_unblock

          service FAhW7H9G5sf /dev/wsa-magisk/magisk --post-fs-data
              user root
              seclabel u:r:magisk:s0
              oneshot

          service HLiFsR1HtIXVN6 /dev/wsa-magisk/magisk --service
              class late_start
              user root
              seclabel u:r:magisk:s0
              oneshot

          on property:sys.boot_completed=1
              start YqCTLTppv3ML

          service YqCTLTppv3ML /dev/wsa-magisk/magisk --boot-complete
              user root
              seclabel u:r:magisk:s0
              oneshot
          EOF          
      - name: Integrate GApps
        if: ${{ github.event.inputs.gapps_variant != 'none' && github.event.inputs.gapps_variant != '' }}
        run: |
          mkdir gapps/tmp
          cat gapps/{Core,GApps}/*.lz | tar --lzip -C gapps/tmp -xvf - -i --strip-components=2 --exclude='setupwizardtablet-x86_64' --exclude='packageinstallergoogle-all'

          sudo cp -r gapps/tmp/{app,etc,framework,priv-app} system/system
          sudo cp -r gapps/tmp/product/* system/product/

          sudo find system/system/{app,etc,framework,priv-app} -exec chown root:root {} \;
          sudo find system/product/{app,etc,overlay,priv-app} -exec chown root:root {} \;

          sudo find system/system/{app,etc,framework,priv-app} -type d -exec chmod 0755 {} \;
          sudo find system/product/{app,etc,overlay,priv-app} -type d -exec chmod 0755 {} \;

          sudo find system/system/{app,framework,priv-app} -type f -exec chmod 0644 {} \;
          sudo find system/system/etc/{permissions,default-permissions,preferred-apps,sysconfig} -type f -exec chmod 0644 {} \;
          sudo find system/product/{app,etc,overlay,priv-app} -type f -exec chmod 0644 {} \;

          sudo find system/system/{app,framework,priv-app} -type d -exec chcon --reference=system/system/app {} \;
          sudo find system/product/{app,etc,overlay,priv-app} -type d -exec chcon --reference=system/product/app {} \;
          sudo find system/system/etc/{permissions,default-permissions,preferred-apps,sysconfig} -type d -exec chcon --reference=system/system/etc/permissions {} \;

          sudo find system/system/{app,framework,priv-app} -type f -exec chcon --reference=system/system/framework/ext.jar {} \;
          sudo find system/system/etc/{permissions,default-permissions,preferred-apps,sysconfig} -type f -exec chcon --reference=system/system/etc/permissions {} \;
          sudo find system/product/{app,etc,overlay,priv-app} -type f -exec chcon --reference=system/product/etc/permissions/privapp-permissions-venezia.xml {} \;

          sudo ./magisk/magiskpolicy --load system/vendor/etc/selinux/precompiled_sepolicy --save system/vendor/etc/selinux/precompiled_sepolicy "allow gmscore_app gmscore_app vsock_socket { create connect write read }" "allow gmscore_app device_config_runtime_native_boot_prop file read"

          sudo tee system/product/build.prop <<EOF
          # begin common build properties
          # autogenerated by build/make/tools/buildinfo_common.sh
          ro.product.product.brand=google
          ro.product.product.device=redfin
          ro.product.product.manufacturer=Google
          ro.product.product.model=Pixel 5
          ro.product.product.name=redfin
          ro.product.build.date=Tue Aug 24 22:34:56 UTC 2021
          ro.product.build.date.utc=1629844496
          ro.product.build.fingerprint=google/redfin/redfin:12/SPB5.210812.002/7671067:user/release-keys
          ro.product.build.id=SPB5.210812.002
          ro.product.build.tags=release-keys
          ro.product.build.type=user
          ro.product.build.version.incremental=7671067
          ro.product.build.version.release=11
          ro.product.build.version.release_or_codename=11
          ro.product.build.version.sdk=30
          # end common build properties
          #
          # ADDITIONAL PRODUCT PROPERTIES
          #

          ro.support_one_handed_mode=true
          ro.charger.enable_suspend=true
          ro.opa.eligible_device=true
          ro.com.google.ime.theme_id=5
          ro.com.google.ime.bs_theme=true
          # ro.com.google.ime.system_lm_dir=/product/usr/share/ime/google/d3_lms
          EOF

          sudo tee system/build.prop <<EOF
          # begin common build properties
          # autogenerated by build/make/tools/buildinfo_common.sh
          ro.system.build.date=Tue Aug 24 22:34:56 UTC 2021
          ro.system.build.date.utc=1629844496
          ro.system.build.fingerprint=google/redfin/redfin:12/SPB5.210812.002/7671067:user/release-keys
          ro.system.build.id=SPB5.210812.002
          ro.system.build.tags=release-keys
          ro.system.build.type=user
          ro.system.build.version.incremental=7671067
          ro.system.build.version.release=11
          ro.system.build.version.release_or_codename=11
          ro.system.build.version.sdk=30
          ro.product.system.brand=google
          ro.product.system.device=generic
          ro.product.system.manufacturer=Google
          ro.product.system.model=mainline
          ro.product.system.name=mainline
          # end common build properties
          # begin build properties
          # autogenerated by buildinfo.sh
          ro.build.id=SPB5.210812.002
          ro.build.display.id=SPB5.210812.002
          ro.build.version.incremental=7671067
          ro.build.version.sdk=30
          ro.build.version.preview_sdk=0
          ro.build.version.preview_sdk_fingerprint=REL
          ro.build.version.codename=REL
          ro.build.version.all_codenames=REL
          ro.build.version.release=11
          ro.build.version.release_or_codename=11
          ro.build.version.security_patch=2021-09-05
          ro.build.version.base_os=
          ro.build.version.min_supported_target_sdk=23
          ro.build.date=Tue Aug 24 22:34:56 UTC 2021
          ro.build.date.utc=1629844496
          ro.build.type=user
          ro.build.user=android-build
          ro.build.host=abfarm807
          ro.build.tags=release-keys
          ro.build.flavor=redfin-user
          ro.build.system_root_image=false
          # ro.product.cpu.abi and ro.product.cpu.abi2 are obsolete,
          # use ro.product.cpu.abilist instead.
          ro.product.cpu.abi=x86_64
          ro.product.cpu.abilist=x86_64,x86,arm64-v8a,armeabi-v7a,armeabi
          ro.product.cpu.abilist32=x86,armeabi-v7a,armeabi
          ro.product.cpu.abilist64=x86_64,arm64-v8a
          ro.product.locale=en-US
          ro.wifi.channels=
          # ro.build.product is obsolete; use ro.product.device
          ro.build.product=redfin
          # Do not try to parse description or thumbprint
          ro.build.description=redfin-user 12 SPB5.210812.002 7671067 release-keys
          # end build properties

          #
          # ADDITIONAL_BUILD_PROPERTIES
          #
          ro.treble.enabled=true
          net.bt.name=Android

          ro.build.fingerprint=google/redfin/redfin:12/SPB5.210812.002/7671067:user/release-keys
          ro.product.brand=google
          ro.product.device=redfin
          ro.product.manufacturer=Google
          ro.product.model=Pixel 5
          ro.product.name=redfin
          EOF

          sudo tee system/system/build.prop <<EOF
          # begin common build properties
          # autogenerated by build/make/tools/buildinfo_common.sh
          ro.system.build.date=Tue Aug 24 22:34:56 UTC 2021
          ro.system.build.date.utc=1629844496
          ro.system.build.fingerprint=google/redfin/redfin:12/SPB5.210812.002/7671067:user/release-keys
          ro.system.build.id=SPB5.210812.002
          ro.system.build.tags=release-keys
          ro.system.build.type=user
          ro.system.build.version.incremental=7671067
          ro.system.build.version.release=11
          ro.system.build.version.release_or_codename=11
          ro.system.build.version.sdk=30
          ro.product.system.brand=google
          ro.product.system.device=generic
          ro.product.system.manufacturer=Google
          ro.product.system.model=mainline
          ro.product.system.name=mainline
          # end common build properties
          # begin build properties
          # autogenerated by buildinfo.sh
          ro.build.id=SPB5.210812.002
          ro.build.display.id=SPB5.210812.002
          ro.build.version.incremental=7671067
          ro.build.version.sdk=30
          ro.build.version.preview_sdk=0
          ro.build.version.preview_sdk_fingerprint=REL
          ro.build.version.codename=REL
          ro.build.version.all_codenames=REL
          ro.build.version.release=11
          ro.build.version.release_or_codename=11
          ro.build.version.security_patch=2021-09-05
          ro.build.version.base_os=
          ro.build.version.min_supported_target_sdk=23
          ro.build.date=Tue Aug 24 22:34:56 UTC 2021
          ro.build.date.utc=1629844496
          ro.build.type=user
          ro.build.user=android-build
          ro.build.host=abfarm807
          ro.build.tags=release-keys
          ro.build.flavor=redfin-user
          ro.build.system_root_image=false
          # ro.product.cpu.abi and ro.product.cpu.abi2 are obsolete,
          # use ro.product.cpu.abilist instead.
          ro.product.cpu.abi=x86_64
          ro.product.cpu.abilist=x86_64,x86,arm64-v8a,armeabi-v7a,armeabi
          ro.product.cpu.abilist32=x86,armeabi-v7a,armeabi
          ro.product.cpu.abilist64=x86_64,arm64-v8a
          ro.product.locale=en-US
          ro.wifi.channels=
          # ro.build.product is obsolete; use ro.product.device
          ro.build.product=redfin
          # Do not try to parse description or thumbprint
          ro.build.description=redfin-user 12 SPB5.210812.002 7671067 release-keys
          # end build properties

          #
          # ADDITIONAL_BUILD_PROPERTIES
          #
          ro.treble.enabled=true
          net.bt.name=Android

          ro.build.fingerprint=google/redfin/redfin:12/SPB5.210812.002/7671067:user/release-keys
          ro.product.brand=google
          ro.product.device=redfin
          ro.product.manufacturer=Google
          ro.product.model=Pixel 5
          ro.product.name=redfin
          EOF

          sudo tee system/system_ext/build.prop <<EOF
          # begin common build properties
          # autogenerated by build/make/tools/buildinfo_common.sh
          ro.system_ext.build.date=Tue Aug 24 22:34:56 UTC 2021
          ro.system_ext.build.date.utc=1629844496
          ro.system_ext.build.fingerprint=google/redfin/redfin:12/SPB5.210812.002/7671067:user/release-keys
          ro.system_ext.build.id=SPB5.210812.002
          ro.system_ext.build.tags=release-keys
          ro.system_ext.build.type=user
          ro.system_ext.build.version.incremental=7671067
          ro.system_ext.build.version.release=11
          ro.system_ext.build.version.release_or_codename=11
          ro.system_ext.build.version.sdk=30
          ro.product.system_ext.brand=google
          ro.product.system_ext.device=redfin
          ro.product.system_ext.manufacturer=Google
          ro.product.system_ext.model=Pixel 5
          ro.product.system_ext.name=redfin
          # end common build properties

          #
          # from build/make/target/board/gsi_system_ext_user.prop
          #
          # GSI always generate dex pre-opt in system image
          ro.cp_system_other_odex=0

          # GSI disables non-AOSP nnapi extensions on product partition
          ro.nnapi.extensions.deny_on_product=true

          # TODO(b/120679683): disable RescueParty before all problem apps solved
          persist.sys.disable_rescue=true

          # TODO(b/78105955): disable privapp_permissions checking before the bug solved
          ro.control_privapp_permissions=disable

          # TODO(b/136212765): the default for LMK
          ro.lmk.kill_timeout_ms=100
          # end of build/make/target/board/gsi_system_ext_user.prop
          #
          # ADDITIONAL SYSTEM_EXT BUILD PROPERTIES
          #
          ro.setupwizard.mode=DISABLED
          EOF
          
          sudo tee system/vendor/build.prop <<EOF
          ro.boot.dynamic_partitions=true
          ro.product.first_api_level=30
          ro.vendor.build.security_patch=
          ro.vendor.product.cpu.abilist=x86_64,x86,arm64-v8a,armeabi-v7a,armeabi
          ro.vendor.product.cpu.abilist32=x86,armeabi-v7a,armeabi
          ro.vendor.product.cpu.abilist64=x86_64,arm64-v8a
          ro.product.board=windows
          ro.board.platform=windows
          ro.hwui.use_vulkan=
          # begin common build properties
          # autogenerated by build/make/tools/buildinfo_common.sh
          ro.vendor.build.date=Tue Aug 24 22:34:56 UTC 2021
          ro.vendor.build.date.utc=1629844496
          ro.vendor.build.fingerprint=google/redfin/redfin:12/SPB5.210812.002/7671067:user/release-keys
          ro.vendor.build.id=SPB5.210812.002
          ro.vendor.build.tags=release-keys
          ro.vendor.build.type=user
          ro.vendor.build.version.incremental=7671067
          ro.vendor.build.version.release=11
          ro.vendor.build.version.release_or_codename=11
          ro.vendor.build.version.sdk=30
          ro.product.vendor.brand=google
          ro.product.vendor.device=redfin
          ro.product.vendor.manufacturer=Google
          ro.product.vendor.model=Pixel 5
          ro.product.vendor.name=redfin
          # end common build properties
          #
          # BOOTIMAGE_BUILD_PROPERTIES
          #
          ro.bootimage.build.date=Tue Aug 24 22:34:56 UTC 2021
          ro.bootimage.build.date.utc=1629844496
          ro.bootimage.build.fingerprint=google/redfin/redfin:12/SPB5.210812.002/7671067:user/release-keys
          #
          # ADDITIONAL VENDOR BUILD PROPERTIES
          #
          init.userspace_reboot.is_supported=true
          ro.virtual_ab.enabled=true
          external_storage.projid.enabled=1
          external_storage.casefold.enabled=1
          external_storage.sdcardfs.enabled=0
          dalvik.vm.heapstartsize=16m
          dalvik.vm.heapgrowthlimit=192m
          dalvik.vm.heapsize=512m
          dalvik.vm.heaptargetutilization=0.75
          dalvik.vm.heapminfree=512k
          dalvik.vm.heapmaxfree=8m
          debug.sf.nobootanimation=1
          ro.opengles.version=196608
          debug.stagefright.ccodec=0
          debug.egl.force_msaa=true
          ro.sf.lcd_density=240
          ro.surface_flinger.running_without_sync_framework=true
          debug.sf.vsync_reactor_ignore_present_fences=true
          ro.hardware.audio.primary=windows
          ro.dalvik.vm.isa.arm=x86
          ro.enable.native.bridge.exec=1
          ro.dalvik.vm.isa.arm64=x86_64
          ro.enable.native.bridge.exec64=1
          EOF

          sudo tee system/vendor/odm/etc/vendor.prop <<EOF
          ro.odm.product.cpu.abilist=x86_64,x86,arm64-v8a,armeabi-v7a,armeabi
          ro.odm.product.cpu.abilist32=x86,armeabi-v7a,armeabi
          ro.odm.product.cpu.abilist64=x86_64,arm64-v8a
          # begin common build properties
          # autogenerated by build/make/tools/buildinfo_common.sh
          ro.odm.build.date=Tue Aug 24 22:34:56 UTC 2021
          ro.odm.build.date.utc=1629844496
          ro.odm.build.fingerprint=google/redfin/redfin:12/SPB5.210812.002/7671067:user/release-keys
          ro.odm.build.id=SPB5.210812.002
          ro.odm.build.tags=release-keys
          ro.odm.build.type=user
          ro.odm.build.version.incremental=7671067
          ro.odm.build.version.release=11
          ro.odm.build.version.release_or_codename=11
          ro.odm.build.version.sdk=30
          ro.product.odm.brand=google
          ro.product.odm.device=redfin
          ro.product.odm.manufacturer=Google
          ro.product.odm.model=Pixel 5
          ro.product.odm.name=redfin
          # end common build properties
          #
          # ADDITIONAL ODM BUILD PROPERTIES
          #
          EOF          
      - name: Umount images
        run: |
          sudo umount system/vendor
          sudo umount system/product
          sudo umount system/system_ext
          sudo umount system          
      - name: Shrink images
        run: |
          e2fsck -yf ${{ matrix.arch }}/system.img
          resize2fs -M ${{ matrix.arch }}/system.img
          e2fsck -yf ${{ matrix.arch }}/vendor.img
          resize2fs -M ${{ matrix.arch }}/vendor.img
          e2fsck -yf ${{ matrix.arch }}/product.img
          resize2fs -M ${{ matrix.arch }}/product.img
          e2fsck -yf ${{ matrix.arch }}/system_ext.img
          resize2fs -M ${{ matrix.arch }}/system_ext.img          
      - name: Remove signature
        run: |
          rm -rf ${{ matrix.arch }}/\[Content_Types\].xml ${{ matrix.arch }}/AppxBlockMap.xml ${{ matrix.arch }}/AppxSignature.p7x ${{ matrix.arch }}/AppxMetadata          
      - name: Upload WSA
        uses: actions/upload-artifact@v2
        with:
          name: WSA-with-Magisk_${{ matrix.arch }}
          path: './${{ matrix.arch }}/*'