Use app profile

2025-09-06 06:37:01 +00:00 · 2023-06-04 01:31:12 +08:00
parent f6195ddb43
commit 954a712089
6 changed files with 55 additions and 53 deletions
--- a/zygiskd/Cargo.toml
+++ b/zygiskd/Cargo.toml
@@ -6,20 +6,21 @@ edition = "2021"
 rust-version = "1.69"

 [dependencies]
-android_logger = "0.13.0"
-anyhow = { version = "1.0.68", features = ["backtrace"] }
-clap = { version = "4.1.4", features = ["derive"] }
-const_format = "0.2.5"
+android_logger = "0.13"
+anyhow = { version = "1.0", features = ["backtrace"] }
+bitflags = { version = "2.3" }
+clap = { version = "4", features = ["derive"] }
+const_format = "0.2"
 futures = "0.3"
-konst = "0.3.4"
-lazy_static = "1.4.0"
-log = "0.4.17"
-memfd = "0.6.2"
-nix = { version = "0.26.2", features = ["process","poll"] }
-num_enum = "0.5.9"
-once_cell = "1.17.1"
-passfd = "0.1.5"
-rand = "0.8.5"
+konst = "0.3"
+lazy_static = "1.4"
+log = "0.4"
+memfd = "0.6"
+nix = { version = "0.26", features = ["process","poll"] }
+num_enum = "0.5"
+once_cell = "1.17"
+passfd = "0.1"
+rand = "0.8"
 tokio = { version = "1.28", features = ["full"] }

 binder = { git = "https://github.com/Kernel-SU/binder_rs" }
--- a/zygiskd/src/constants.rs
+++ b/zygiskd/src/constants.rs
@@ -1,3 +1,4 @@
+use bitflags::bitflags;
 use const_format::concatcp;
 use konst::primitive::parse_i32;
 use konst::unwrap_ctx;
@@ -46,8 +47,13 @@ pub enum DaemonSocketAction {
 }

 // Zygisk process flags
-pub const PROCESS_GRANTED_ROOT: u32 = 1 << 0;
-pub const PROCESS_ON_DENYLIST: u32 = 1 << 1;
-pub const PROCESS_ROOT_IS_KSU: u32 = 1 << 29;
-pub const PROCESS_ROOT_IS_MAGISK: u32 = 1 << 30;
-pub const PROCESS_IS_SYSUI: u32 = 1 << 31;
+bitflags! {
+    #[derive(Clone, Copy, Debug, PartialEq, Eq, Hash)]
+    pub struct ProcessFlags: u32 {
+        const PROCESS_GRANTED_ROOT = 1 << 0;
+        const PROCESS_ON_DENYLIST = 1 << 1;
+        const PROCESS_ROOT_IS_KSU = 1 << 29;
+        const PROCESS_ROOT_IS_MAGISK = 1 << 30;
+        const PROCESS_IS_SYSUI = 1 << 31;
+    }
+}
--- a/zygiskd/src/root_impl/kernelsu.rs
+++ b/zygiskd/src/root_impl/kernelsu.rs
@@ -4,7 +4,8 @@ use crate::constants::{MIN_KSU_VERSION, MAX_KSU_VERSION};
 const KERNEL_SU_OPTION: i32 = 0xdeadbeefu32 as i32;

 const CMD_GET_VERSION: usize = 2;
-const CMD_GET_ALLOW_LIST: usize = 5;
+const CMD_UID_GRANTED_ROOT: usize = 12;
+const CMD_UID_SHOULD_UMOUNT: usize = 13;

 pub enum Version {
    Supported,
@@ -23,16 +24,14 @@ pub fn get_kernel_su() -> Option<Version> {
    }
 }

-#[inline(never)]
-pub fn uid_on_allowlist(uid: i32) -> bool {
-    let mut size = 1024u32;
-    let mut uids = vec![0; size as usize];
-    unsafe { prctl(KERNEL_SU_OPTION, CMD_GET_ALLOW_LIST, uids.as_mut_ptr(), &mut size as *mut u32) };
-    uids.resize(size as usize, 0);
-    uids.contains(&uid)
+pub fn uid_granted_root(uid: i32) -> bool {
+    let mut granted = false;
+    unsafe { prctl(KERNEL_SU_OPTION, CMD_UID_GRANTED_ROOT, uid, &mut granted as *mut bool) };
+    granted
 }

-#[inline(never)]
-pub fn uid_on_denylist(uid: i32) -> bool {
-    false
+pub fn uid_should_umount(uid: i32) -> bool {
+    let mut umount = false;
+    unsafe { prctl(KERNEL_SU_OPTION, CMD_UID_SHOULD_UMOUNT, uid, &mut umount as *mut bool) };
+    umount
 }
--- a/zygiskd/src/root_impl/magisk.rs
+++ b/zygiskd/src/root_impl/magisk.rs
@@ -23,8 +23,7 @@ pub fn get_magisk() -> Option<Version> {
    })
 }

-#[inline(never)]
-pub fn uid_on_allowlist(uid: i32) -> bool {
+pub fn uid_granted_root(uid: i32) -> bool {
    let output: Option<String> = Command::new("magisk")
        .arg("--sqlite")
        .arg("select uid from policies where policy=2")
@@ -41,8 +40,7 @@ pub fn uid_on_allowlist(uid: i32) -> bool {
    })
 }

-#[inline(never)]
-pub fn uid_on_denylist(uid: i32) -> bool {
-    // TODO: uid_on_denylist
+pub fn uid_should_umount(uid: i32) -> bool {
+    // TODO: uid_should_umount
    return false;
 }
--- a/zygiskd/src/root_impl/mod.rs
+++ b/zygiskd/src/root_impl/mod.rs
@@ -41,21 +41,18 @@ pub fn get_impl() -> &'static RootImpl {
    unsafe { &ROOT_IMPL }
 }

-// FIXME: Without #[inline(never)], this function will lag forever
-#[inline(never)]
-pub fn uid_on_allowlist(uid: i32) -> bool {
+pub fn uid_granted_root(uid: i32) -> bool {
    match get_impl() {
-        RootImpl::KernelSU => kernelsu::uid_on_allowlist(uid),
-        RootImpl::Magisk => magisk::uid_on_allowlist(uid),
+        RootImpl::KernelSU => kernelsu::uid_granted_root(uid),
+        RootImpl::Magisk => magisk::uid_granted_root(uid),
        _ => unreachable!(),
    }
 }

-#[inline(never)]
-pub fn uid_on_denylist(uid: i32) -> bool {
+pub fn uid_should_umount(uid: i32) -> bool {
    match get_impl() {
-        RootImpl::KernelSU => kernelsu::uid_on_denylist(uid),
-        RootImpl::Magisk => magisk::uid_on_denylist(uid),
+        RootImpl::KernelSU => kernelsu::uid_should_umount(uid),
+        RootImpl::Magisk => magisk::uid_should_umount(uid),
        _ => unreachable!(),
    }
 }
--- a/zygiskd/src/zygiskd.rs
+++ b/zygiskd/src/zygiskd.rs
@@ -1,5 +1,5 @@
 use std::ffi::c_void;
-use crate::constants::DaemonSocketAction;
+use crate::constants::{DaemonSocketAction, ProcessFlags};
 use crate::utils::UnixStreamExt;
 use crate::{constants, dl, lp_select, magic, root_impl, utils};
 use anyhow::{bail, Result};
@@ -176,20 +176,21 @@ fn handle_daemon_action(mut stream: UnixStream, context: &Context) -> Result<()>
        }
        DaemonSocketAction::GetProcessFlags => {
            let uid = stream.read_u32()? as i32;
-            let mut flags = 0u32;
-            if root_impl::uid_on_allowlist(uid) {
-                flags |= constants::PROCESS_GRANTED_ROOT;
+            let mut flags = ProcessFlags::empty();
+            if root_impl::uid_granted_root(uid) {
+                flags |= ProcessFlags::PROCESS_GRANTED_ROOT;
            }
-            if root_impl::uid_on_denylist(uid) {
-                flags |= constants::PROCESS_ON_DENYLIST;
+            if root_impl::uid_should_umount(uid) {
+                flags |= ProcessFlags::PROCESS_ON_DENYLIST;
            }
            match root_impl::get_impl() {
-                root_impl::RootImpl::KernelSU => flags |= constants::PROCESS_ROOT_IS_KSU,
-                root_impl::RootImpl::Magisk => flags |= constants::PROCESS_ROOT_IS_MAGISK,
+                root_impl::RootImpl::KernelSU => flags |= ProcessFlags::PROCESS_ROOT_IS_KSU,
+                root_impl::RootImpl::Magisk => flags |= ProcessFlags::PROCESS_ROOT_IS_MAGISK,
                _ => unreachable!(),
            }
-            // TODO: PROCESS_IS_SYSUI?
-            stream.write_u32(flags)?;
+            log::trace!("Uid {} granted root: {}", uid, flags.contains(ProcessFlags::PROCESS_GRANTED_ROOT));
+            log::trace!("Uid {} on denylist: {}", uid, flags.contains(ProcessFlags::PROCESS_ON_DENYLIST));
+            stream.write_u32(flags.bits())?;
        }
        DaemonSocketAction::ReadModules => {
            stream.write_usize(context.modules.len())?;