feat: Magisk module install

library/src/androidMain/kotlin/app/revanced/library/MagiskUtils.kt

@@ -0,0 +1,305 @@
+package app.revanced.library
+
+import app.revanced.library.installation.installer.Constants
+import app.revanced.library.installation.installer.Constants.invoke
+import com.topjohnwu.superuser.Shell
+import com.topjohnwu.superuser.nio.FileSystemManager
+import java.io.File
+import java.util.zip.ZipFile
+
+object MagiskUtils {
+    const val MODULES_PATH = "/data/adb/modules"
+
+    /*
+    Shell.isAppGrantedRoot() queries libsu's internal state.
+    It returns false until a root shell has actually been built and verified by libsu.
+    */
+    fun hasRootAccess() = Shell.isAppGrantedRoot() ?: false
+
+    /*
+    Checks whether su exists in PATH. Pure filesystem check, no shell needed.
+    Returns true as soon as APatch makes su available, regardless of whether your app was granted root.
+    */
+    fun isDeviceRooted() =
+        System.getenv("PATH")?.split(":")?.any { path -> File(path, "su").canExecute() } ?: false
+
+    /*
+    Shell.getShell().isRoot forces a shell to be built (or returns the cached one) and checks if it came up as root.
+    This is the only reliable "root is usable right now" check.
+     */
+    fun isMagiskInstalled() = Shell.getShell().isRoot
+
+    /*
+    Returns true if root was granted, false if denied.
+    Must be called on a background thread.
+     */
+    fun requestRoot(): Boolean {
+        Shell.getCachedShell()?.takeIf { !it.isRoot }?.close()
+        return Shell.getShell().isRoot
+    }
+
+    fun isInstalled(packageName: String, remoteFS: FileSystemManager) =
+        remoteFS.getFile("$MODULES_PATH/$packageName-revanced").exists()
+
+    fun isInstalledAsMagiskModule(packageName: String, remoteFS: FileSystemManager) =
+        remoteFS.getFile("$MODULES_PATH/revanced_${packageName.replace('.', '_')}").exists()
+
+    /*
+    Bind-mounts the patched APK over the stock APK path using the Magisk mirror when
+    available, ensuring the mount is visible across all process namespaces (required on
+    Zygisk/MIUI).
+    */
+    fun mount(packageName: String, sourceDir: String) {
+        if (Shell.getShell().newJob().add("mount | grep -q \"$sourceDir\"").exec().isSuccess) {
+            unmount(sourceDir)
+        }
+
+        val patchedApkPath = Constants.MOUNTED_APK_PATH(packageName)
+        val fallbackPath = "$MODULES_PATH/$packageName-revanced/$packageName.apk"
+
+        val patchedApk = when {
+            Shell.getShell().newJob().add("[ -f \"$patchedApkPath\" ]").exec().isSuccess -> patchedApkPath
+            Shell.getShell().newJob().add("[ -f \"$fallbackPath\" ]").exec().isSuccess -> fallbackPath
+            else -> throw ShellCommandException("Patched APK not found for $packageName", -1, emptyList(), emptyList())
+        }
+
+        Shell.getShell().newJob().add($$"""
+            MIRROR=""
+            if command -v magisk >/dev/null 2>&1; then
+                if ! MAGISKTMP=$(magisk --path 2>/dev/null); then MAGISKTMP=/sbin; fi
+                MIRROR=${MAGISKTMP}/.magisk/mirror
+                [ -d "${MIRROR}" ] || MIRROR=""
+            fi
+            mount -o bind "${MIRROR}$$patchedApk" "$$sourceDir"
+        """.trimIndent()).exec().assertSuccess("Failed to mount APK")
+    }
+
+    fun unmount(sourceDir: String) {
+        // Skip if not mounted
+        val checkMount = Shell.getShell().newJob().add("mount | grep -q \"$sourceDir\"").exec()
+        if (!checkMount.isSuccess) return
+
+        Shell.getShell().newJob()
+            .add("umount -l \"$sourceDir\"")
+            .exec()
+            .assertSuccess("Failed to unmount APK")
+    }
+
+    fun uninstall(packageName: String, remoteFS: FileSystemManager) {
+        val unifiedPath = Constants.MOUNTED_APK_PATH(packageName).substringBeforeLast("/")
+        remoteFS.getFile(unifiedPath).deleteRecursively()
+
+        remoteFS.getFile("$MODULES_PATH/$packageName-revanced").deleteRecursively()
+            .also { if (!it) throw Exception("Failed to delete files") }
+    }
+
+    fun uninstallMagiskModule(packageName: String, patchedPackageName: String, remoteFS: FileSystemManager) {
+        val unifiedPath = Constants.MOUNTED_APK_PATH(packageName).substringBeforeLast("/")
+        remoteFS.getFile(unifiedPath).deleteRecursively()
+
+        val formattedPackageName = packageName.replace('.', '_')
+        val handleDisabledScriptPath = Constants.HANDLE_DISABLED_SCRIPT_PATH(formattedPackageName)
+
+        Shell.getShell().newJob()
+            .add("pm uninstall --user 0 \"$patchedPackageName\"")
+            .add("rm -f \"$handleDisabledScriptPath\"")
+            .exec()
+
+        remoteFS.getFile("$MODULES_PATH/revanced_$formattedPackageName").deleteRecursively()
+            .also { if (!it) throw Exception("Failed to delete Magisk module files") }
+    }
+
+    fun extractNativeLibraries(apkFile: File, systemAppPath: String, remoteFS: FileSystemManager) {
+        val libPath = "$systemAppPath/lib"
+        remoteFS.getFile(libPath).apply {
+            if (exists()) deleteRecursively()
+            mkdirs()
+        }
+
+        ZipFile(apkFile).use { zip ->
+            zip.entries().asSequence()
+                .filter { it.name.startsWith("lib/") && it.name.endsWith(".so") }
+                .forEach { entry ->
+                    val parts = entry.name.split("/")
+                    if (parts.size < 3) return@forEach
+
+                    val apkAbi = parts[1]
+                    val libName = parts.last()
+                    val systemAbi = when (apkAbi) {
+                        "arm64-v8a" -> "arm64"
+                        "armeabi-v7a" -> "arm"
+                        "x86_64" -> "x86_64"
+                        "x86" -> "x86"
+                        else -> apkAbi
+                    }
+
+                    val targetDir = "$libPath/$systemAbi"
+                    remoteFS.getFile(targetDir).apply { if (!exists()) mkdirs() }
+
+                    val targetFile = "$targetDir/$libName"
+                    zip.getInputStream(entry).use { inputStream ->
+                        remoteFS.getFile(targetFile).newOutputStream().use { outputStream ->
+                            inputStream.copyTo(outputStream)
+                        }
+                    }
+                }
+        }
+    }
+
+    fun installApk(apkPath: String) =
+        Shell.getShell().newJob()
+            .add("pm install -r -d --user 0 \"$apkPath\"")
+            .exec()
+            .assertSuccess("Failed to install APK: $apkPath")
+
+    fun uninstallKeepData(packageName: String) =
+        Shell.getShell().newJob()
+            .add("pm uninstall -k --user 0 \"$packageName\"")
+            .exec()
+
+    fun provisionMagiskModule(
+        remoteFS: FileSystemManager,
+        packageName: String,
+        patchedPackageName: String,
+        patchedApk: File
+    ) {
+        val formattedPackageName = packageName.replace('.', '_')
+        val modulePath = "$MODULES_PATH/revanced_$formattedPackageName"
+        val unifiedApkPath = Constants.MOUNTED_APK_PATH(packageName)
+        val handleDisabledScriptPath = Constants.HANDLE_DISABLED_SCRIPT_PATH(formattedPackageName)
+
+        // Ensure directories exist
+        val unifiedDir = unifiedApkPath.substringBeforeLast("/")
+        Shell.getShell().newJob()
+            .add("mkdir -p \"$modulePath\"")
+            .add("mkdir -p \"$unifiedDir\"")
+            .exec()
+            .assertSuccess("Failed to create module directories")
+
+        writeModuleFiles(remoteFS, modulePath, packageName, patchedPackageName)
+
+        // Handle-disabled script: uninstalls the patched app when the module is disabled or removed.
+        val handleDisabledSh = Constants.HANDLE_DISABLED_SCRIPT
+            .replace("__PATCHED_PKG__", patchedPackageName)
+            .replace("__FORMATTED_PKG__", formattedPackageName)
+        remoteFS.getFile(handleDisabledScriptPath).newOutputStream().use { it.write(handleDisabledSh.toByteArray()) }
+
+        // Source of truth APK
+        copyApk(remoteFS, patchedApk, unifiedApkPath)
+
+        // Set permissions
+        Shell.getShell().newJob()
+            .add("chmod 644 \"$unifiedApkPath\"")
+            .add("chown system:system \"$unifiedApkPath\"")
+            .add("chcon u:object_r:apk_data_file:s0 \"$unifiedApkPath\"")
+            .add("chmod +x \"$modulePath/service.sh\"")
+            .add("chmod +x \"$modulePath/uninstall.sh\"")
+            .add("chmod +x \"$handleDisabledScriptPath\"")
+            .exec()
+            .assertSuccess("Failed to set file permissions")
+    }
+
+    fun provisionRootFolder(
+        remoteFS: FileSystemManager,
+        packageName: String,
+        patchedApk: File
+    ) {
+        val modulePath = "$MODULES_PATH/$packageName-revanced"
+        val unifiedApkPath = Constants.MOUNTED_APK_PATH(packageName)
+
+        // Ensure directories exist
+        val unifiedDir = unifiedApkPath.substringBeforeLast("/")
+        Shell.getShell().newJob()
+            .add("mkdir -p \"$modulePath\"")
+            .add("mkdir -p \"$unifiedDir\"")
+            .exec()
+            .assertSuccess("Failed to create module directories")
+
+        // MOUNT type: patched package name == original package name (bind-mount, no rename)
+        writeModuleFiles(remoteFS, modulePath, packageName, packageName)
+
+        // Source of truth APK
+        copyApk(remoteFS, patchedApk, unifiedApkPath)
+
+        Shell.getShell().newJob()
+            .add("chmod 644 \"$unifiedApkPath\"")
+            .add("chown system:system \"$unifiedApkPath\"")
+            .add("chcon u:object_r:apk_data_file:s0 \"$unifiedApkPath\"")
+            .add("chmod +x \"$modulePath/service.sh\"")
+            .add("chmod +x \"$modulePath/uninstall.sh\"")
+            .exec()
+            .assertSuccess("Failed to set file permissions")
+    }
+
+    private fun writeModuleFiles(
+        remoteFS: FileSystemManager,
+        modulePath: String,
+        packageName: String,
+        patchedPackageName: String,
+    ) {
+        val formattedPackageName = packageName.replace('.', '_')
+
+        val moduleProp = Constants.MAGISK_MODULE_PROP
+            .replace("__FORMATTED_PKG__", formattedPackageName)
+            .replace("__PKG_NAME__", packageName)
+        remoteFS.getFile("$modulePath/module.prop").newOutputStream().use { it.write(moduleProp.toByteArray()) }
+
+        val serviceSh = Constants.MODULE_SERVICE_SCRIPT
+            .replace("__PKG_NAME__", packageName)
+            .replace("__PATCHED_PKG__", patchedPackageName)
+        remoteFS.getFile("$modulePath/service.sh").newOutputStream().use { it.write(serviceSh.toByteArray()) }
+
+        val uninstallSh = Constants.MAGISK_UNINSTALL_SCRIPT
+            .replace("__PKG_NAME__", packageName)
+            .replace("__PATCHED_PKG__", patchedPackageName)
+            .replace("__FORMATTED_PKG__", formattedPackageName)
+        remoteFS.getFile("$modulePath/uninstall.sh").newOutputStream().use { it.write(uninstallSh.toByteArray()) }
+    }
+
+    private fun copyApk(remoteFS: FileSystemManager, source: File, destination: String) {
+        remoteFS.getFile(source.absolutePath)
+            .also { if (!it.exists()) throw Exception("Source APK file doesn't exist: ${source.absolutePath}") }
+            .newInputStream().use { inputStream ->
+                remoteFS.getFile(destination).newOutputStream().use { outputStream ->
+                    inputStream.copyTo(outputStream)
+                }
+            }
+    }
+
+    private fun Shell.Result.assertSuccess(errorMessage: String) {
+        if (!isSuccess) {
+            throw ShellCommandException(errorMessage, code, out, err)
+        }
+    }
+}
+
+class ShellCommandException(
+    val userMessage: String,
+    val exitCode: Int,
+    val stdout: List<String>,
+    val stderr: List<String>
+) : Exception(format(userMessage, exitCode, stdout, stderr)) {
+    companion object {
+        private fun format(
+            message: String,
+            exitCode: Int,
+            stdout: List<String>,
+            stderr: List<String>
+        ): String = buildString {
+            appendLine(message)
+            appendLine("Exit code: $exitCode")
+
+            val output = stdout.filter { it.isNotBlank() }
+            val errors = stderr.filter { it.isNotBlank() }
+
+            if (output.isNotEmpty()) {
+                appendLine("stdout:")
+                output.forEach(::appendLine)
+            }
+            if (errors.isNotEmpty()) {
+                appendLine("stderr:")
+                errors.forEach(::appendLine)
+            }
+        }
+    }
+}

library/src/androidMain/kotlin/app/revanced/library/installation/installer/LocalMagiskInstaller.kt

@@ -0,0 +1,43 @@
+package app.revanced.library.installation.installer
+
+import android.content.Context
+import app.revanced.library.installation.command.LocalShellCommandRunner
+import com.topjohnwu.superuser.ipc.RootService
+import java.io.Closeable
+
+/**
+ * [LocalMagiskInstaller] for installing and uninstalling [Apk] files locally with root permissions via Magisk modules.
+ *
+ * @param context The [Context] to use for binding to the [RootService].
+ * @param onReady A callback to be invoked when [LocalMagiskInstaller] is ready to be used.
+ *
+ * @throws NoRootPermissionException If the device does not have root permission.
+ *
+ * @see Installer
+ * @see LocalShellCommandRunner
+ */
+@Suppress("unused")
+class LocalMagiskInstaller private constructor(
+    context: Context,
+    onReady: LocalMagiskInstaller.() -> Unit,
+    private val readyHook: Array<(() -> Unit)?>,
+) : MagiskInstaller(
+    { LocalShellCommandRunner(context) { readyHook[0]?.invoke() } },
+),
+    Closeable {
+
+    constructor(
+        context: Context,
+        onReady: LocalMagiskInstaller.() -> Unit = {},
+    ) : this(context, onReady, arrayOfNulls(1))
+
+    init {
+        // The supplier passed to [MagiskInstaller] runs during super-init, before `this`
+        // exists as a subclass reference, so the ready callback cannot capture it directly.
+        // Instead we route through [readyHook], which is populated here — safe because
+        // [LocalShellCommandRunner.onServiceConnected] fires asynchronously after IPC bind.
+        readyHook[0] = { onReady() }
+    }
+
+    override fun close() = (shellCommandRunner as LocalShellCommandRunner).close()
+}

library/src/androidMain/kotlin/app/revanced/library/installation/installer/LocalRootInstaller.kt

@@ -17,16 +17,27 @@ import java.io.Closeable
  * @see LocalShellCommandRunner
  */
 @Suppress("unused")
-class LocalRootInstaller(
+class LocalRootInstaller private constructor(
     context: Context,
-    onReady: LocalRootInstaller.() -> Unit = {},
+    onReady: LocalRootInstaller.() -> Unit,
+    private val readyHook: Array<(() -> Unit)?>,
 ) : RootInstaller(
-    { installer ->
-        LocalShellCommandRunner(context) {
-            (installer as LocalRootInstaller).onReady()
-        }
-    },
+    { LocalShellCommandRunner(context) { readyHook[0]?.invoke() } },
 ),
     Closeable {
+
+    constructor(
+        context: Context,
+        onReady: LocalRootInstaller.() -> Unit = {},
+    ) : this(context, onReady, arrayOfNulls(1))
+
+    init {
+        // The supplier passed to [RootInstaller] runs during super-init, before `this`
+        // exists as a subclass reference, so the ready callback cannot capture it directly.
+        // Instead we route through [readyHook], which is populated here — safe because
+        // [LocalShellCommandRunner.onServiceConnected] fires asynchronously after IPC bind.
+        readyHook[0] = { onReady() }
+    }
+
     override fun close() = (shellCommandRunner as LocalShellCommandRunner).close()
 }

library/src/commonMain/kotlin/app/revanced/library/ApkUtils.kt

@@ -53,8 +53,9 @@ object ApkUtils {
     fun PatchesResult.applyTo(apkFile: File) {
         ZFile.openReadWrite(apkFile, zFileOptions).use { targetApkZFile ->
             dexFiles.forEach { dexFile ->
-                targetApkZFile.add(dexFile.name, dexFile.stream)
-                dexFile.stream.close()
+                dexFile.stream.use { stream ->
+                    targetApkZFile.add(dexFile.name, stream)
+                }
             }
 
             resources?.let { resources ->