Magisk v25.0 introduces a reworked MagiskInit to address SELinux issues

XDA

Magisk v25.0 improves SELinux handling, revises root permission management, and much more

By Skanda Hazarika

Published Jun 7, 2022

The latest update for Magisk (v25.0) has been released with tons of bug fixes and feature improvements. Read on to know more!

At this point, we at XDA are certain that most of you have at least heard of Magisk. Created by John Wu, aka XDA Recognized Developer topjohnwu, the project originally started off as a systemless root method and has gradually evolved into a much more diverse and powerful solution beyond just a plain superuser privilege provider. It goes without saying that the developer and the contributors are always active and working hard to perfect it. The latest major update of Magisk, which corresponds to the twenty-fifth version (v25), has now arrived at the public beta branch. The changelog is subtle yet very important, so let’s dive into it.

Magisk XDA Forums

The first (and probably the most important) thing in this update is the rewritten MagiskInit software. For the unaware, the magiskinit binary is responsible for replacing the stock init process as the first program to run, injecting Magisk services into init.rc, and patching SELinux policy rules. Thanks to the introduction of a brand new sepolicy injection mechanism, the developers have successfully resolved a majority of the SELinux-related incompatibilities. Furthermore, MagiskInit now supports Android 13's Generic Kernel Image (GKI) format.

Last but not least, the new build comes with a handful of security enhancements for the MagiskSU component. The root permission management has been revamped to prevent malicious UID reuse attacks. Magisk now enforces root manager APK signature verification to protect users from modified versions of the Magisk Manager which have been tampered with. Nonetheless, developers can still use their own signing keys while building Magisk from its codebase. You can also opt for official debug builds in case you need to get rid of signature verification for the sake of tinkering.

Here’s the official changelog for Magisk v25.0:

[MagiskInit] Update 2SI implementation, significantly increase device compatibility (e.g. Sony Xperia devices)
[MagiskInit] Introduce new sepolicy injection mechanism
[MagiskInit] Support Oculus Go
[MagiskInit] Support Android 13 GKIs (Pixel 6)
[MagiskBoot] Fix vbmeta extraction implementation
[App] Fix stub app on older Android versions
[App] [MagiskSU] Properly support apps using sharedUserId
[MagiskSU] Fix a possible crash in magiskd
[MagiskSU] Prune unused UIDs as soon as system_server restarts to prevent UID reuse attacks
[MagiskSU] Verify and enforce the installed Magisk app’s certificate to match the distributor’s signature
[MagiskSU] [Zygisk] Proper package management and detection
[Zygisk] Fix function hooking on devices running Android 12 with old kernels
[Zygisk] Fix Zygisk’s self code unloading implementation
[DenyList] Fix DenyList on shared UID apps
[BusyBox] Add workaround for devices running old kernels

You can download the latest release by following the link below. In case you’re not familiar with Magisk, you should check out our in-depth guide on how to root your device using the tool. If you happen to run into any problems with the latest build, make sure to file a bug report on the project’s GitHub repository.

Download Magisk v25.0

Source: John Wu on Twitter