From 9ae0126be5f5968f96c15a8e7fe8a9e0e17bfbc7 Mon Sep 17 00:00:00 2001
From: weishu <twsxtd@gmail.com>
Date: Mon, 5 Jun 2023 09:07:38 +0800
Subject: [PATCH] manager: Add default minimal caps for default root profile

---
 manager/app/src/main/cpp/jni.cc | 30 +++++++++++++++++++++---------
 1 file changed, 21 insertions(+), 9 deletions(-)

diff --git a/manager/app/src/main/cpp/jni.cc b/manager/app/src/main/cpp/jni.cc
index a1fda5d4..2d2fef7e 100644
--- a/manager/app/src/main/cpp/jni.cc
+++ b/manager/app/src/main/cpp/jni.cc
@@ -121,13 +121,7 @@ Java_me_weishu_kernelsu_Natives_getAppProfile(JNIEnv *env, jobject, jstring pkg,
     strcpy(profile.key, key);
     profile.current_uid = uid;
 
-    if (!get_app_profile(key, &profile)) {
-        // no profile found, so just use default profile:
-        // don't allow root and use default profile!
-        profile.allow_su = false;
-        profile.nrp_config.use_default = true;
-        LOGD("get app profile for: %s failed, use default profile.", key);
-    }
+    bool useDefaultProfile = !get_app_profile(key, &profile);
 
     auto cls = env->FindClass("me/weishu/kernelsu/Natives$Profile");
     auto constructor = env->GetMethodID(cls, "<init>", "()V");
@@ -149,6 +143,26 @@ Java_me_weishu_kernelsu_Natives_getAppProfile(JNIEnv *env, jobject, jstring pkg,
     auto nonRootUseDefaultField = env->GetFieldID(cls, "nonRootUseDefault", "Z");
     auto umountModulesField = env->GetFieldID(cls, "umountModules", "Z");
 
+    if (useDefaultProfile) {
+        // no profile found, so just use default profile:
+        // don't allow root and use default profile!
+        LOGD("use default profile for: %s, %d", key, uid);
+
+        // allow_su = false
+        // non root use default = true
+        env->SetBooleanField(obj, allowSuField, false);
+        env->SetBooleanField(obj, nonRootUseDefaultField, true);
+
+        jobject capList = env->GetObjectField(obj, capabilitiesField);
+        int DEFAULT_CAPS[] = {CAP_DAC_OVERRIDE };
+
+        for (auto i: DEFAULT_CAPS) {
+            addIntToList(env, capList, i);
+        }
+
+        return obj;
+    }
+
     env->SetObjectField(obj, keyField, env->NewStringUTF(profile.key));
     env->SetIntField(obj, currentUidField, profile.current_uid);
 
@@ -183,8 +197,6 @@ Java_me_weishu_kernelsu_Natives_getAppProfile(JNIEnv *env, jobject, jstring pkg,
         env->SetBooleanField(obj, nonRootUseDefaultField,
                              (jboolean) profile.nrp_config.use_default);
         env->SetBooleanField(obj, umountModulesField, profile.nrp_config.profile.umount_modules);
-        LOGD("non root profile: use default: %d, umount modules: %d",
-             profile.nrp_config.use_default, profile.nrp_config.profile.umount_modules);
     }
 
     return obj;