manager: add module signature verification

fix site base

manager/app/src/main/cpp/CMakeLists.txt

@@ -14,4 +14,12 @@ add_library(zako
 
 find_library(log-lib log)
 
-target_link_libraries(zako ${log-lib})
+if(ANDROID_ABI STREQUAL "arm64-v8a")
+    set(zakosign-lib ${CMAKE_SOURCE_DIR}/libs/arm64-v8a/libzakosign.so)
+endif()
+
+if(ANDROID_ABI STREQUAL "arm64-v8a")
+    target_link_libraries(zako ${log-lib} ${zakosign-lib})
+else ()
+    target_link_libraries(zako ${log-lib})
+endif ()

manager/app/src/main/cpp/jni.c

@@ -413,3 +413,22 @@ NativeBridgeNP(getManagersList, jobject) {
     LogDebug("getManagersList: count=%d", managerListInfo.count);
     return obj;
 }
+
+NativeBridge(verifyModuleSignature, jboolean, jstring modulePath) {
+#if defined(__aarch64__) || defined(_M_ARM64)
+    if (!modulePath) {
+        LogDebug("verifyModuleSignature: modulePath is null");
+        return false;
+    }
+
+    const char* cModulePath = GetEnvironment()->GetStringUTFChars(env, modulePath, nullptr);
+    bool result = verify_module_signature(cModulePath);
+    GetEnvironment()->ReleaseStringUTFChars(env, modulePath, cModulePath);
+
+    LogDebug("verifyModuleSignature: path=%s, result=%d", cModulePath, result);
+    return result;
+#else
+    LogDebug("verifyModuleSignature: not supported on non-arm64 architecture");
+    return false;
+#endif
+}

manager/app/src/main/cpp/ksu.c

@@ -11,6 +11,16 @@
 #include "prelude.h"
 #include "ksu.h"
 
+#if defined(__aarch64__) || defined(_M_ARM64)
+
+// Zako extern declarations
+#define ZAKO_ESV_IMPORTANT_ERROR 1 << 31
+extern int zako_file_open_rw(const char* path);
+extern uint32_t zako_file_verify_esig(int fd, uint32_t flags);
+extern const char* zako_esign_verrcidx2str(uint8_t index);
+
+#endif // __aarch64__ || _M_ARM64
+
 #define KERNEL_SU_OPTION 0xDEADBEEF
 
 #define CMD_GRANT_ROOT 0
@@ -182,4 +192,41 @@ bool get_managers_list(struct manager_list_info* info) {
     }
 
     return ksuctl(CMD_GET_MANAGERS, info, NULL);
+}
+
+bool verify_module_signature(const char* input) {
+#if defined(__aarch64__) || defined(_M_ARM64)
+    if (input == NULL) {
+        return false;
+    }
+
+    int fd = zako_file_open_rw(input);
+    uint32_t results = zako_file_verify_esig(fd, 0);
+
+    if (results != 0) {
+        if ((results & ZAKO_ESV_IMPORTANT_ERROR) != 0) {
+        } else {
+        }
+    } else {
+        goto exit;
+    }
+
+    /* Go through all bit fields */
+    for (uint8_t i = 0; i < sizeof(uint32_t) * 8; i++) {
+        if ((results & (1 << i)) == 0) {
+            continue;
+        }
+
+        /* Convert error bit field index into human readable string */
+        const char* message = zako_esign_verrcidx2str(i);
+        // Error message: message
+    }
+
+    exit:
+    close(fd);
+    return results == 0;
+#else
+    // 非arm64-v8a架构不支持模块签名验证
+    return false;
+#endif
 }

manager/app/src/main/cpp/ksu.h

@@ -136,4 +136,6 @@ bool clear_dynamic_sign();
 
 bool get_managers_list(struct manager_list_info* info);
 
+bool verify_module_signature(const char* input);
+
 #endif //KERNELSU_KSU_H

manager/app/src/main/java/com/sukisu/ultra/Natives.kt

@@ -52,6 +52,7 @@ object Natives {
     }
 
     init {
+        System.loadLibrary("zakosign")
         System.loadLibrary("zako")
     }
 
@@ -124,6 +125,9 @@ object Natives {
      */
     external fun getManagersList(): ManagersList?
 
+    // 模块签名验证
+    external fun verifyModuleSignature(modulePath: String): Boolean
+
     private const val NON_ROOT_DEFAULT_PROFILE_KEY = "$"
     private const val NOBODY_UID = 9999
 

website/docs/.vitepress/config.ts

@@ -4,6 +4,7 @@ import { readdir, writeFile } from 'fs/promises'
 import { resolve } from 'path'
 
 export default defineConfig( {
+    base: '/SukiSU-Ultra/',
     title: 'KernelSU',
     locales: locales.locales,
     head: [