diff --git a/manager/app/src/main/cpp/CMakeLists.txt b/manager/app/src/main/cpp/CMakeLists.txt index a351e6b7..25682735 100644 --- a/manager/app/src/main/cpp/CMakeLists.txt +++ b/manager/app/src/main/cpp/CMakeLists.txt @@ -14,4 +14,12 @@ add_library(zako find_library(log-lib log) -target_link_libraries(zako ${log-lib}) \ No newline at end of file +if(ANDROID_ABI STREQUAL "arm64-v8a") + set(zakosign-lib ${CMAKE_SOURCE_DIR}/libs/arm64-v8a/libzakosign.so) +endif() + +if(ANDROID_ABI STREQUAL "arm64-v8a") + target_link_libraries(zako ${log-lib} ${zakosign-lib}) +else () + target_link_libraries(zako ${log-lib}) +endif () diff --git a/manager/app/src/main/cpp/jni.c b/manager/app/src/main/cpp/jni.c index 836f74c4..762da1f1 100644 --- a/manager/app/src/main/cpp/jni.c +++ b/manager/app/src/main/cpp/jni.c @@ -413,3 +413,22 @@ NativeBridgeNP(getManagersList, jobject) { LogDebug("getManagersList: count=%d", managerListInfo.count); return obj; } + +NativeBridge(verifyModuleSignature, jboolean, jstring modulePath) { +#if defined(__aarch64__) || defined(_M_ARM64) + if (!modulePath) { + LogDebug("verifyModuleSignature: modulePath is null"); + return false; + } + + const char* cModulePath = GetEnvironment()->GetStringUTFChars(env, modulePath, nullptr); + bool result = verify_module_signature(cModulePath); + GetEnvironment()->ReleaseStringUTFChars(env, modulePath, cModulePath); + + LogDebug("verifyModuleSignature: path=%s, result=%d", cModulePath, result); + return result; +#else + LogDebug("verifyModuleSignature: not supported on non-arm64 architecture"); + return false; +#endif +} \ No newline at end of file diff --git a/manager/app/src/main/cpp/ksu.c b/manager/app/src/main/cpp/ksu.c index 7305c28d..db3fe9d8 100644 --- a/manager/app/src/main/cpp/ksu.c +++ b/manager/app/src/main/cpp/ksu.c @@ -11,6 +11,16 @@ #include "prelude.h" #include "ksu.h" +#if defined(__aarch64__) || defined(_M_ARM64) + +// Zako extern declarations +#define ZAKO_ESV_IMPORTANT_ERROR 1 << 31 +extern int zako_file_open_rw(const char* path); +extern uint32_t zako_file_verify_esig(int fd, uint32_t flags); +extern const char* zako_esign_verrcidx2str(uint8_t index); + +#endif // __aarch64__ || _M_ARM64 + #define KERNEL_SU_OPTION 0xDEADBEEF #define CMD_GRANT_ROOT 0 @@ -182,4 +192,41 @@ bool get_managers_list(struct manager_list_info* info) { } return ksuctl(CMD_GET_MANAGERS, info, NULL); +} + +bool verify_module_signature(const char* input) { +#if defined(__aarch64__) || defined(_M_ARM64) + if (input == NULL) { + return false; + } + + int fd = zako_file_open_rw(input); + uint32_t results = zako_file_verify_esig(fd, 0); + + if (results != 0) { + if ((results & ZAKO_ESV_IMPORTANT_ERROR) != 0) { + } else { + } + } else { + goto exit; + } + + /* Go through all bit fields */ + for (uint8_t i = 0; i < sizeof(uint32_t) * 8; i++) { + if ((results & (1 << i)) == 0) { + continue; + } + + /* Convert error bit field index into human readable string */ + const char* message = zako_esign_verrcidx2str(i); + // Error message: message + } + + exit: + close(fd); + return results == 0; +#else + // 非arm64-v8a架构不支持模块签名验证 + return false; +#endif } \ No newline at end of file diff --git a/manager/app/src/main/cpp/ksu.h b/manager/app/src/main/cpp/ksu.h index 4bed5014..c9c84411 100644 --- a/manager/app/src/main/cpp/ksu.h +++ b/manager/app/src/main/cpp/ksu.h @@ -136,4 +136,6 @@ bool clear_dynamic_sign(); bool get_managers_list(struct manager_list_info* info); +bool verify_module_signature(const char* input); + #endif //KERNELSU_KSU_H \ No newline at end of file diff --git a/manager/app/src/main/cpp/libs/arm64-v8a/libzakosign.so b/manager/app/src/main/cpp/libs/arm64-v8a/libzakosign.so new file mode 100644 index 00000000..05904903 Binary files /dev/null and b/manager/app/src/main/cpp/libs/arm64-v8a/libzakosign.so differ diff --git a/manager/app/src/main/java/com/sukisu/ultra/Natives.kt b/manager/app/src/main/java/com/sukisu/ultra/Natives.kt index 1332c74e..2511a246 100644 --- a/manager/app/src/main/java/com/sukisu/ultra/Natives.kt +++ b/manager/app/src/main/java/com/sukisu/ultra/Natives.kt @@ -52,6 +52,7 @@ object Natives { } init { + System.loadLibrary("zakosign") System.loadLibrary("zako") } @@ -124,6 +125,9 @@ object Natives { */ external fun getManagersList(): ManagersList? + // 模块签名验证 + external fun verifyModuleSignature(modulePath: String): Boolean + private const val NON_ROOT_DEFAULT_PROFILE_KEY = "$" private const val NOBODY_UID = 9999 diff --git a/manager/app/src/main/jniLibs/arm64-v8a/libzakosign.so b/manager/app/src/main/jniLibs/arm64-v8a/libzakosign.so new file mode 100644 index 00000000..05904903 Binary files /dev/null and b/manager/app/src/main/jniLibs/arm64-v8a/libzakosign.so differ diff --git a/website/docs/.vitepress/config.ts b/website/docs/.vitepress/config.ts index b1508588..e2a17ac4 100644 --- a/website/docs/.vitepress/config.ts +++ b/website/docs/.vitepress/config.ts @@ -4,6 +4,7 @@ import { readdir, writeFile } from 'fs/promises' import { resolve } from 'path' export default defineConfig( { + base: '/SukiSU-Ultra/', title: 'KernelSU', locales: locales.locales, head: [