From 954a712089ec67929f7a6a801e17b462f29e9253 Mon Sep 17 00:00:00 2001
From: Nullptr <noreply@nullptr.icu>
Date: Sun, 4 Jun 2023 01:31:12 +0800
Subject: [PATCH] Use app profile

---
 zygiskd/Cargo.toml                | 27 ++++++++++++++-------------
 zygiskd/src/constants.rs          | 16 +++++++++++-----
 zygiskd/src/root_impl/kernelsu.rs | 21 ++++++++++-----------
 zygiskd/src/root_impl/magisk.rs   |  8 +++-----
 zygiskd/src/root_impl/mod.rs      | 15 ++++++---------
 zygiskd/src/zygiskd.rs            | 21 +++++++++++----------
 6 files changed, 55 insertions(+), 53 deletions(-)

diff --git a/zygiskd/Cargo.toml b/zygiskd/Cargo.toml
index 2575853..5a5d18e 100644
--- a/zygiskd/Cargo.toml
+++ b/zygiskd/Cargo.toml
@@ -6,20 +6,21 @@ edition = "2021"
 rust-version = "1.69"
 
 [dependencies]
-android_logger = "0.13.0"
-anyhow = { version = "1.0.68", features = ["backtrace"] }
-clap = { version = "4.1.4", features = ["derive"] }
-const_format = "0.2.5"
+android_logger = "0.13"
+anyhow = { version = "1.0", features = ["backtrace"] }
+bitflags = { version = "2.3" }
+clap = { version = "4", features = ["derive"] }
+const_format = "0.2"
 futures = "0.3"
-konst = "0.3.4"
-lazy_static = "1.4.0"
-log = "0.4.17"
-memfd = "0.6.2"
-nix = { version = "0.26.2", features = ["process","poll"] }
-num_enum = "0.5.9"
-once_cell = "1.17.1"
-passfd = "0.1.5"
-rand = "0.8.5"
+konst = "0.3"
+lazy_static = "1.4"
+log = "0.4"
+memfd = "0.6"
+nix = { version = "0.26", features = ["process","poll"] }
+num_enum = "0.5"
+once_cell = "1.17"
+passfd = "0.1"
+rand = "0.8"
 tokio = { version = "1.28", features = ["full"] }
 
 binder = { git = "https://github.com/Kernel-SU/binder_rs" }
diff --git a/zygiskd/src/constants.rs b/zygiskd/src/constants.rs
index f28073f..70f82e3 100644
--- a/zygiskd/src/constants.rs
+++ b/zygiskd/src/constants.rs
@@ -1,3 +1,4 @@
+use bitflags::bitflags;
 use const_format::concatcp;
 use konst::primitive::parse_i32;
 use konst::unwrap_ctx;
@@ -46,8 +47,13 @@ pub enum DaemonSocketAction {
 }
 
 // Zygisk process flags
-pub const PROCESS_GRANTED_ROOT: u32 = 1 << 0;
-pub const PROCESS_ON_DENYLIST: u32 = 1 << 1;
-pub const PROCESS_ROOT_IS_KSU: u32 = 1 << 29;
-pub const PROCESS_ROOT_IS_MAGISK: u32 = 1 << 30;
-pub const PROCESS_IS_SYSUI: u32 = 1 << 31;
+bitflags! {
+    #[derive(Clone, Copy, Debug, PartialEq, Eq, Hash)]
+    pub struct ProcessFlags: u32 {
+        const PROCESS_GRANTED_ROOT = 1 << 0;
+        const PROCESS_ON_DENYLIST = 1 << 1;
+        const PROCESS_ROOT_IS_KSU = 1 << 29;
+        const PROCESS_ROOT_IS_MAGISK = 1 << 30;
+        const PROCESS_IS_SYSUI = 1 << 31;
+    }
+}
diff --git a/zygiskd/src/root_impl/kernelsu.rs b/zygiskd/src/root_impl/kernelsu.rs
index a0b0240..27069f4 100644
--- a/zygiskd/src/root_impl/kernelsu.rs
+++ b/zygiskd/src/root_impl/kernelsu.rs
@@ -4,7 +4,8 @@ use crate::constants::{MIN_KSU_VERSION, MAX_KSU_VERSION};
 const KERNEL_SU_OPTION: i32 = 0xdeadbeefu32 as i32;
 
 const CMD_GET_VERSION: usize = 2;
-const CMD_GET_ALLOW_LIST: usize = 5;
+const CMD_UID_GRANTED_ROOT: usize = 12;
+const CMD_UID_SHOULD_UMOUNT: usize = 13;
 
 pub enum Version {
     Supported,
@@ -23,16 +24,14 @@ pub fn get_kernel_su() -> Option<Version> {
     }
 }
 
-#[inline(never)]
-pub fn uid_on_allowlist(uid: i32) -> bool {
-    let mut size = 1024u32;
-    let mut uids = vec![0; size as usize];
-    unsafe { prctl(KERNEL_SU_OPTION, CMD_GET_ALLOW_LIST, uids.as_mut_ptr(), &mut size as *mut u32) };
-    uids.resize(size as usize, 0);
-    uids.contains(&uid)
+pub fn uid_granted_root(uid: i32) -> bool {
+    let mut granted = false;
+    unsafe { prctl(KERNEL_SU_OPTION, CMD_UID_GRANTED_ROOT, uid, &mut granted as *mut bool) };
+    granted
 }
 
-#[inline(never)]
-pub fn uid_on_denylist(uid: i32) -> bool {
-    false
+pub fn uid_should_umount(uid: i32) -> bool {
+    let mut umount = false;
+    unsafe { prctl(KERNEL_SU_OPTION, CMD_UID_SHOULD_UMOUNT, uid, &mut umount as *mut bool) };
+    umount
 }
diff --git a/zygiskd/src/root_impl/magisk.rs b/zygiskd/src/root_impl/magisk.rs
index d82efe8..d548461 100644
--- a/zygiskd/src/root_impl/magisk.rs
+++ b/zygiskd/src/root_impl/magisk.rs
@@ -23,8 +23,7 @@ pub fn get_magisk() -> Option<Version> {
     })
 }
 
-#[inline(never)]
-pub fn uid_on_allowlist(uid: i32) -> bool {
+pub fn uid_granted_root(uid: i32) -> bool {
     let output: Option<String> = Command::new("magisk")
         .arg("--sqlite")
         .arg("select uid from policies where policy=2")
@@ -41,8 +40,7 @@ pub fn uid_on_allowlist(uid: i32) -> bool {
     })
 }
 
-#[inline(never)]
-pub fn uid_on_denylist(uid: i32) -> bool {
-    // TODO: uid_on_denylist
+pub fn uid_should_umount(uid: i32) -> bool {
+    // TODO: uid_should_umount
     return false;
 }
diff --git a/zygiskd/src/root_impl/mod.rs b/zygiskd/src/root_impl/mod.rs
index 0ebeb43..d20af6b 100644
--- a/zygiskd/src/root_impl/mod.rs
+++ b/zygiskd/src/root_impl/mod.rs
@@ -41,21 +41,18 @@ pub fn get_impl() -> &'static RootImpl {
     unsafe { &ROOT_IMPL }
 }
 
-// FIXME: Without #[inline(never)], this function will lag forever
-#[inline(never)]
-pub fn uid_on_allowlist(uid: i32) -> bool {
+pub fn uid_granted_root(uid: i32) -> bool {
     match get_impl() {
-        RootImpl::KernelSU => kernelsu::uid_on_allowlist(uid),
-        RootImpl::Magisk => magisk::uid_on_allowlist(uid),
+        RootImpl::KernelSU => kernelsu::uid_granted_root(uid),
+        RootImpl::Magisk => magisk::uid_granted_root(uid),
         _ => unreachable!(),
     }
 }
 
-#[inline(never)]
-pub fn uid_on_denylist(uid: i32) -> bool {
+pub fn uid_should_umount(uid: i32) -> bool {
     match get_impl() {
-        RootImpl::KernelSU => kernelsu::uid_on_denylist(uid),
-        RootImpl::Magisk => magisk::uid_on_denylist(uid),
+        RootImpl::KernelSU => kernelsu::uid_should_umount(uid),
+        RootImpl::Magisk => magisk::uid_should_umount(uid),
         _ => unreachable!(),
     }
 }
diff --git a/zygiskd/src/zygiskd.rs b/zygiskd/src/zygiskd.rs
index ea39d21..27dd4c4 100644
--- a/zygiskd/src/zygiskd.rs
+++ b/zygiskd/src/zygiskd.rs
@@ -1,5 +1,5 @@
 use std::ffi::c_void;
-use crate::constants::DaemonSocketAction;
+use crate::constants::{DaemonSocketAction, ProcessFlags};
 use crate::utils::UnixStreamExt;
 use crate::{constants, dl, lp_select, magic, root_impl, utils};
 use anyhow::{bail, Result};
@@ -176,20 +176,21 @@ fn handle_daemon_action(mut stream: UnixStream, context: &Context) -> Result<()>
         }
         DaemonSocketAction::GetProcessFlags => {
             let uid = stream.read_u32()? as i32;
-            let mut flags = 0u32;
-            if root_impl::uid_on_allowlist(uid) {
-                flags |= constants::PROCESS_GRANTED_ROOT;
+            let mut flags = ProcessFlags::empty();
+            if root_impl::uid_granted_root(uid) {
+                flags |= ProcessFlags::PROCESS_GRANTED_ROOT;
             }
-            if root_impl::uid_on_denylist(uid) {
-                flags |= constants::PROCESS_ON_DENYLIST;
+            if root_impl::uid_should_umount(uid) {
+                flags |= ProcessFlags::PROCESS_ON_DENYLIST;
             }
             match root_impl::get_impl() {
-                root_impl::RootImpl::KernelSU => flags |= constants::PROCESS_ROOT_IS_KSU,
-                root_impl::RootImpl::Magisk => flags |= constants::PROCESS_ROOT_IS_MAGISK,
+                root_impl::RootImpl::KernelSU => flags |= ProcessFlags::PROCESS_ROOT_IS_KSU,
+                root_impl::RootImpl::Magisk => flags |= ProcessFlags::PROCESS_ROOT_IS_MAGISK,
                 _ => unreachable!(),
             }
-            // TODO: PROCESS_IS_SYSUI?
-            stream.write_u32(flags)?;
+            log::trace!("Uid {} granted root: {}", uid, flags.contains(ProcessFlags::PROCESS_GRANTED_ROOT));
+            log::trace!("Uid {} on denylist: {}", uid, flags.contains(ProcessFlags::PROCESS_ON_DENYLIST));
+            stream.write_u32(flags.bits())?;
         }
         DaemonSocketAction::ReadModules => {
             stream.write_usize(context.modules.len())?;