kernel: load_allow_list when /data prepared

kernel/allowlist.c

@@ -164,7 +164,7 @@ void do_load_allow_list(struct work_struct *work) {
   fp = filp_open("/data/adb/", O_RDONLY, 0);
   if (IS_ERR(fp)) {
     int errno = PTR_ERR(fp);
-    pr_err("load_allow_list open '/data/adb' failed: %d\n", PTR_ERR(fp));
+    pr_err("load_allow_list open '/data/adb': %d\n", PTR_ERR(fp));
     if (errno == -ENOENT) {
       msleep(2000);
       queue_work(ksu_workqueue, &ksu_load_work);
@@ -232,14 +232,19 @@ bool persistent_allow_list(void) {
   return true;
 }
 
+bool ksu_load_allow_list(void) {
+  queue_work(ksu_workqueue, &ksu_load_work);
+  return true;
+}
+
 bool ksu_allowlist_init(void) {
 
   INIT_LIST_HEAD(&allow_list);
 
   init_work();
 
-  // start load allow list.
+  // start load allow list, we load it before app_process exec now, refer: sucompat#execve_handler_pre
-  queue_work(ksu_workqueue, &ksu_load_work);
+  // ksu_load_allow_list();
 
   return true;
 }

kernel/allowlist.h

@@ -11,4 +11,6 @@ bool ksu_allow_uid(uid_t uid, bool allow);
 
 bool ksu_get_allow_list(int* array, int* length, bool allow);
 
+bool ksu_load_allow_list(void);
+
 #endif

kernel/sucompat.c

@@ -92,12 +92,20 @@ static int execve_handler_pre(struct kprobe *p, struct pt_regs *regs) {
     const char sh[] = SH_PATH;
     const char su[] = SU_PATH;
 
-    if (!ksu_is_allow_uid(current_uid().val)) {
+    filename = PT_REGS_PARM2(regs);
+    if (IS_ERR(filename)) {
         return 0;
     }
 
-    filename = PT_REGS_PARM2(regs);
+    static const char app_process[] = "/system/bin/app_process";
-    if (IS_ERR(filename)) {
+    static bool first_app_process = true;
+    if (first_app_process && !memcmp(filename->name, app_process, sizeof(app_process) - 1)) {
+        first_app_process = false;
+        pr_info("exec app_process, /data prepared!\n");
+        ksu_load_allow_list();
+    }
+
+    if (!ksu_is_allow_uid(current_uid().val)) {
         return 0;
     }