Custom fstab: cannot open file -> Permission denied in Magisk 28001 -> external SD Card not mounted -> new overlay.d process?

[newbit1]

Device: Samsung S10 SM-G973F (beyond1)
Android version: 12
Magisk version name: Canary
Magisk version code: 28001 (070719d)

I am using Magisk 28001 within my custom kernel and a custom fstab file. With v27 everything worked great,
my external SD Card got mounted. But now with 28001 it doesn't. So far the rest of Magisks works.
It is just this custom fstab issue.

If I check the logs, I can see a message like:
vold : [libfs_mgr]ReadFstabFromFile(): cannot open file: '/vendor/etc/fstab.exynos9820': Permission denied

Permissions are:

beyond1:/ # ls -lZ /vendor/etc/fstab.exynos9820
-rw-r--r-- 1 root root u:object_r:vendor_configs_file:s0  2533 2024-10-13 10:01 /vendor/etc/fstab.exynos9820

As a backup function, I also installed the same Magisk Version into my recovery partition. And there is no custom fstab.
And If I boot from there, my external SD Card gets mounted.

The whole custom fstab thing worked well with v27.0.
Is there anything new to the overlay.d mounting process I am not aware of? Could need a little help or pointer
If I have to adjust my custom fstab and the way how I add it into my kernels ramdisk.

This is how I implement it via the initramfs_list:

dir /.backup 0705 0 0
file /init usr/magisk/magiskinit 0755 0 0
file /.backup/.magisk usr/magisk/backup_magisk 0705 0 0
dir /overlay.d 0750 0 0
dir /overlay.d/sbin 0750 0 0
file /overlay.d/sbin/init-ld.xz usr/magisk/init-ld.xz 0644 0 0
file /overlay.d/sbin/magisk.xz usr/magisk/magisk.xz 0644 0 0
file /overlay.d/sbin/stub.xz usr/magisk/stub.xz 0644 0 0
dir /overlay.d/vendor 0755 0 2000
dir /overlay.d/vendor/etc 0755 0 2000
file /overlay.d/vendor/etc/fstab.exynos9820 usr/magisk/fstab.exynos9820 0644 0 0
dir /overlay.d/vendor/etc/init 0755 0 2000
file /overlay.d/vendor/etc/init/init.exynos9820.usb.rc usr/magisk/init.exynos9820.usb.rc 0644 0 0

This is how my fstab.exynos9820 looks like:

# Android fstab file.
#<src>                  <mnt_point>         <type>    <mnt_flags and options>                               <fs_mgr_flags>
# The filesystem that contains the filesystem checker binary (typically /system) cannot
# specify MF_CHECK, and must come before any filesystems that do specify MF_CHECK

#/dev/block/by-name/system	 /system             ext4      ro                                                    wait
#/dev/block/by-name/vendor	 /vendor             ext4      ro                                                    wait
/dev/block/by-name/cache	/cache	ext4	noatime,nosuid,nodev,noauto_da_alloc,discard,journal_checksum,data=ordered,errors=panic	wait,check
# /dev/block/by-name/userdata	/data	ext4	noatime,nosuid,nodev,noauto_da_alloc,discard,journal_checksum,data=ordered,errors=panic	wait,check,fileencryption=ice,quota,reservedsize=128M
/dev/block/by-name/userdata	/data	ext4	noatime,nosuid,nodev,noauto_da_alloc,discard,journal_checksum,data=ordered,errors=panic	wait,check,quota,reservedsize=128M
/dev/block/by-name/efs	/mnt/vendor/efs	ext4	noatime,nosuid,nodev,noauto_da_alloc,discard,journal_checksum,data=ordered,errors=panic	wait,check
#/dev/block/by-name/persistent /mnt/vendor/persist            ext4      noatime,nosuid,nodev,barrier=1,data=ordered,nodelalloc,nomblk_io_submit,errors=panic wait,notrim
/dev/block/by-name/misc	/misc	emmc	defaults	defaults,first_stage_mount
#/dev/block/by-name/recovery  /recovery           emmc      defaults                                               defaults

# VOLD:fstab.exynos9820
/devices/platform/13d00000.dwmmc2/mmc_host*    auto    auto    default    voldmanaged=sdcard:auto
/devices/platform/10c00000.usb*                auto    vfat    default    voldmanaged=usb:auto

# Samsung ODE
# /dev/block/platform/13d60000.ufs/by-name/keydata	/keydata	ext4	noatime,nosuid,nodev,noauto_da_alloc,discard,journal_checksum,data=ordered,errors=panic	wait,check,fileencryption=ice,nofail
/dev/block/platform/13d60000.ufs/by-name/keydata	/keydata	ext4	noatime,nosuid,nodev,noauto_da_alloc,discard,journal_checksum,data=ordered,errors=panic	wait,check,nofail
# /dev/block/platform/13d60000.ufs/by-name/keyrefuge	/keyrefuge	ext4	noatime,nosuid,nodev,noauto_da_alloc,discard,journal_checksum,data=ordered,errors=panic	wait,check,fileencryption=ice,nofail
/dev/block/platform/13d60000.ufs/by-name/keyrefuge	/keyrefuge	ext4	noatime,nosuid,nodev,noauto_da_alloc,discard,journal_checksum,data=ordered,errors=panic	wait,check,nofail

# Mount Virtual SD / USB Device on loop7
/devices/*/block/loop7                auto    auto    default    voldmanaged=usbotg:auto

my .magisk file from kernel:

KEEPVERITY=true
KEEPFORCEENCRYPT=true
RECOVERYMODE=false
PREINITDEVICE=userdata

my .magisk file from recovery:

KEEPVERITY=true
KEEPFORCEENCRYPT=true
RECOVERYMODE=true
PREINITDEVICE=userdata
SHA1=f1738fdcc236e7e13304f1119c9c062d9a02e1c8

Thanks
logcat_kernelboot.log
magisk_kernelboot.log
logcat_recoveryboot.log
magisk_recoveryboot.log
fstab_init_magisk-configs.zip

[aviraxp]

A lot of magiskinit stuff changed from 27 to 28, but I didn't find anything specific to overlay.d.

Can you provide dmesg when booting (need to check logs of magiskinit)?

[pndwal]

FWIW @aviraxp, just saw this... Seems some issues here (not sure how many) may be caused by patch creation producing corrupted magiskboot on some devices with 28001:
https://xdaforums.com/t/magisk-general-support-discussion.3432382/post-89756265

May need to confirm, but may help...

[newbit1]

A lot of magiskinit stuff changed from 27 to 28, but I didn't find anything specific to overlay.d.

Can you provide dmesg when booting (need to check logs of magiskinit)?

Thanks for looking into it. I figured they might be a change in the expected permissions of the file.
dmesg_kernelboot.log
dmesg_recoveryboot.log
liveboot_kernelboot.log
liveboot_recoveryboot.log

FWIW @aviraxp, just saw this... Seems some issues (not sure how many) may be caused by patch creation producing corrupted magiskboot on some devices with 28001: https://xdaforums.com/t/magisk-general-support-discussion.3432382/post-89756265

May need to confirm, but may help...

Thanks, in there it says:

The issue seems to be in the patch creation with Canary 28001.
The overlayed magiskboot is corrupted (the first 0xFF0 bytes).
Replacing magiskboot from the apk fixes the issue.
All other files are ok.

This would mean, I should have issues with the recovery boot, because the Magisk App did all the patching and
flashing. And my Kernel Version should be fine, because I extract the magiskboot direct from the apk.

But it is the other way around. But I will check the magiskboot on my recovery partition If I can see that mentioned
byte issue.

[aviraxp]

Dmesg is too late

[newbit1]

Dmesg is too late

Yeah I noticed it too, as I was trying to gather it up to zero, I got a bootloop, again.
So I installed, v27 first, got the kmsgs, upgraded to the 28001 Debug, got those kmsgs too.
And ran again in a bootloop.
first_kmsg_v27_kernelboot.log
first_kmsg_v28-Debug_kernelboot.log
kmsg_v27_kernelboot.log.log
kmsg_v28-Debug_kernelboot.log

[newbit1]

Any new insides with the logs?
I hope they are sufficient now.

I could find some differences in the kernelboot logs.
A lot of magiskinit messages are shown in v28, but not in v27.
It also shows that the /vendor/etc/fstab.exynos9820 gets mounted. And then later
comes the already mentioned message (not shown in the screenshots):
vold : [libfs_mgr]ReadFstabFromFile(): cannot open file: '/vendor/etc/fstab.exynos9820': Permission denied

Not sure if this is related or just shown because of the debug version.

[topjohnwu]

Maybe it's caused by the more restricted sepolicy rule? b11b811

[topjohnwu]

OK yeah, it is indeed caused by the more restricted sepolicy rule, as vold is not init, zygote, or shell

[newbit1]

Nice, great find, thanks. Can I change something on the sepolicy rules myself, to test this "manually" ?
Or shall I wait for fix?

[aviraxp]

https://filetransfer.io/data-package/bqgFipvy#link try this

[newbit1]

https://filetransfer.io/data-package/bqgFipvy#link try this

Thank you for making this effort, very much appreciated.
I've tested this version, and it seems good, meaning:
The Permission deniedmessage is still there, but some other, positive messages as well.
Plus the actually issues are resolved, the sdcard gets auto-mounted when I boot from Magisk within the kernel.
Also, my virtual drive, which is added via my custom fstab on /devices/*/block/loop7, gets also auto-mounted,
so all good again now, thank you.

<12>[    2.190571]  [7:     magiskinit:    1] magiskinit: Mount [.magisk/rootdir/vendor/etc/fstab.exynos9820] -> [/vendor/etc/fstab.exynos9820]
<11>[    2.683347]  [7:        ueventd: 3547] ueventd: [libfs_mgr]ReadFstabFromFile(): cannot open file: '/vendor/etc/fstab.exynos9820': Permission denied
<14>[    2.683355]  [7:        ueventd: 3547] ueventd: [libfs_mgr]ReadDefaultFstab(): failed to find device default fstab
<14>[    4.065357]  [7:           init:    1] init: Userdata mounted using /vendor/etc/fstab.exynos9820 result : 0
<14>[    4.065386]  [7:           init:    1] init: Userdata mounted using /vendor/etc/fstab.exynos9820 result : 0
<14>[    4.065563]  [7:           init:    1] init: Command 'mount_all /vendor/etc/fstab.exynos9820' action=fs (/vendor/etc/init/init.exynos9820.rc:1002) took 416ms and succeeded

A couple more things, just make this report more complete. I've tried to install the downloaded app-debug.apk,
but it was rejected from the Package installer. And when I opened the installed Magisk app, a toast popped up to reflash
Magisk. I didn't try the recovery boot yet.

first_kmsg_28001-D_a5cad532_sdcardfixed_kernelboot.log

One last thing, do you know what this messages means? Or better, how I can get rid of it?
init: [libfs_mgr]Warning: unknown flag: encryptable
This message is like a gazillion times in my logs.

Thanks

[aviraxp]

To be sumed up: The file overlayed by overlay.d shares tmpfs label but not original label because if of bind mount, so I have to allow vold to access tmpfs file.

That's not an ideal solution to allow all domains to access tmpfile (introduced security issues), so I am planning to clone xattr of target files before doing magic mount.

[newbit1]

To be sumed up: The file overlayed by overlay.d shares tmpfs label but not original label because if of bind mount, so I have to allow vold to access tmpfs file.

That's not an ideal solution to allow all domains to access tmpfile (introduced security issues), so I am planning to clone xattr of target files before doing magic mount.

Understood, sounds like plan. If you want me to do further tests in that matter, with pleasure.

[aviraxp]

try this https://filetransfer.io/data-package/xN2T5ZQ9#link

[newbit1]

try this https://filetransfer.io/data-package/xN2T5ZQ9#link

Nope, this one doesnt work with my custom fstab. The system boots yes, but the sdcard doesnt gets mounted.
first_kmsg_v28-a5cad532_kernelboot.log

[aviraxp]

It seems selinux isn't initalized when overlay.d takes effect. I will try to find other ways.