kernel: Add optional full-user scanning capability using prctl

kernel/allowlist.c

@@ -20,7 +20,7 @@
 #include "manager.h"
 
 #define FILE_MAGIC 0x7f4b5355 // ' KSU', u32
-#define FILE_FORMAT_VERSION 3 // u32
+#define FILE_FORMAT_VERSION 4 // u32
 
 #define KSU_APP_PROFILE_PRESERVE_UID 9999 // NOBODY_UID
 #define KSU_DEFAULT_SELINUX_DOMAIN "u:r:su:s0"
@@ -34,6 +34,8 @@ static struct non_root_profile default_non_root_profile;
 static int allow_list_arr[PAGE_SIZE / sizeof(int)] __read_mostly __aligned(PAGE_SIZE);
 static int allow_list_pointer __read_mostly = 0;
 
+bool scan_all_users __read_mostly = false;
+
 static void remove_uid_from_arr(uid_t uid)
 {
 	int *temp_arr;
@@ -351,10 +353,27 @@ bool ksu_get_allow_list(int *array, int *length, bool allow)
 	return true;
 }
 
+bool ksu_set_scan_all_users(bool enabled)
+{
+	mutex_lock(&allowlist_mutex);
+	scan_all_users = enabled;
+	mutex_unlock(&allowlist_mutex);
+	
+	pr_info("scan_all_users set to: %d\n", enabled);
+	
+	return persistent_allow_list();
+}
+
+bool ksu_get_scan_all_users(void)
+{
+	return scan_all_users;
+}
+
 static void do_save_allow_list(struct work_struct *work)
 {
 	u32 magic = FILE_MAGIC;
 	u32 version = FILE_FORMAT_VERSION;
+	u32 scan_setting = scan_all_users ? 1 : 0;
 	struct perm_data *p = NULL;
 	struct list_head *pos = NULL;
 	loff_t off = 0;
@@ -379,6 +398,13 @@ static void do_save_allow_list(struct work_struct *work)
 		goto exit;
 	}
 
+	// Save scan_all_users settings
+	if (ksu_kernel_write_compat(fp, &scan_setting, sizeof(scan_setting), &off) !=
+	    sizeof(scan_setting)) {
+		pr_err("save_allow_list write scan_setting failed.\n");
+		goto exit;
+	}
+
 	list_for_each (pos, &allow_list) {
 		p = list_entry(pos, struct perm_data, list);
 		pr_info("save allow list, name: %s uid: %d, allow: %d\n",
@@ -400,6 +426,7 @@ static void do_load_allow_list(struct work_struct *work)
 	struct file *fp = NULL;
 	u32 magic;
 	u32 version;
+	u32 scan_setting = 0;
 
 #ifdef CONFIG_KSU_DEBUG
 	// always allow adb shell by default
@@ -429,6 +456,24 @@ static void do_load_allow_list(struct work_struct *work)
 
 	pr_info("allowlist version: %d\n", version);
 
+	if (version >= 4) {
+		if (ksu_kernel_read_compat(fp, &scan_setting, sizeof(scan_setting), &off) !=
+		    sizeof(scan_setting)) {
+			pr_warn("allowlist read scan_setting failed, using default\n");
+			scan_setting = 0;
+		}
+		
+		mutex_lock(&allowlist_mutex);
+		scan_all_users = (scan_setting != 0);
+		mutex_unlock(&allowlist_mutex);
+		
+		pr_info("loaded scan_all_users: %d\n", scan_all_users);
+	} else {
+		mutex_lock(&allowlist_mutex);
+		scan_all_users = false;
+		mutex_unlock(&allowlist_mutex);
+	}
+
 	while (true) {
 		struct app_profile profile;
 

kernel/allowlist.h

@@ -24,4 +24,9 @@ bool ksu_set_app_profile(struct app_profile *, bool persist);
 
 bool ksu_uid_should_umount(uid_t uid);
 struct root_profile *ksu_get_root_profile(uid_t uid);
+
+bool ksu_set_scan_all_users(bool enabled);
+bool ksu_get_scan_all_users(void);
+
+extern bool scan_all_users __read_mostly;
 #endif

kernel/core_hook.c

@@ -588,6 +588,34 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
 		return 0;
 	}
 
+	if (arg2 == CMD_SCAN_ALL_USERS) {
+		if (!from_root && !from_manager) {
+			return 0;
+		}
+		// Get or Set scan_all_users
+		if (arg3 == 0) {
+			bool current_state = ksu_get_scan_all_users();
+			if (copy_to_user((void __user *)arg4, &current_state, sizeof(current_state))) {
+				pr_err("scan_all_users: copy current state failed\n");
+				return 0;
+			}
+		} else {
+			// Set new state (arg3 = 1: Enable, arg3 = 2: Disable)
+			bool new_state = (arg3 == 1);
+			if (ksu_set_scan_all_users(new_state)) {
+				pr_info("scan_all_users set to: %d\n", new_state);
+			} else {
+				pr_err("Failed to set scan_all_users to: %d\n", new_state);
+				return 0;
+			}
+		}
+		
+		if (copy_to_user(result, &reply_ok, sizeof(reply_ok))) {
+			pr_err("scan_all_users: prctl reply error\n");
+		}
+		return 0;
+	}
+
 #ifdef CONFIG_KPM
 	// ADD: 添加KPM模块控制
 	if(sukisu_is_kpm_control_code(arg2)) {

kernel/ksu.h

@@ -23,6 +23,7 @@
 #define CMD_UID_SHOULD_UMOUNT 13
 #define CMD_IS_SU_ENABLED 14
 #define CMD_ENABLE_SU 15
+#define CMD_SCAN_ALL_USERS 17
 
 #define CMD_GET_FULL_VERSION 0xC0FFEE1A
 

kernel/throne_tracker.c

@@ -25,6 +25,7 @@ uid_t ksu_manager_uid = KSU_INVALID_UID;
 static struct task_struct *throne_thread;
 
 #define USER_DATA_BASE_PATH "/data/user_de"
+#define PRIMARY_USER_PATH "/data/user_de/0"
 #define MAX_SUPPORTED_USERS 32 // Supports up to 32 users
 #define DATA_PATH_LEN 384 // 384 is enough for /data/app/<package>/base.apk and /data/user_de/{userid}/<package>
 
@@ -32,6 +33,7 @@ struct uid_data {
 	struct list_head list;
 	u32 uid;
 	char package[KSU_MAX_PACKAGE_NAME];
+	uid_t user_id;
 };
 
 struct user_scan_ctx {
@@ -76,6 +78,7 @@ struct my_dir_context {
 	int *stop;
 	bool found_dynamic_manager;
 };
+
 // https://docs.kernel.org/filesystems/porting.html
 // filldir_t (readdir callbacks) calling conventions have changed. Instead of returning 0 or -E... it returns bool now. false means "no more" (as -E... used to) and true - "keep going" (as 0 in old calling conventions). Rationale: callers never looked at specific -E... values anyway. -> iterate_shared() instances require no changes at all, all filldir_t ones in the tree converted.
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
@@ -88,6 +91,9 @@ struct my_dir_context {
 #define FILLDIR_ACTOR_STOP -EINVAL
 #endif
 
+FILLDIR_RETURN_TYPE scan_user_packages(struct dir_context *ctx, const char *name,
+                                       int namelen, loff_t off, u64 ino, unsigned int d_type);
+
 static int get_pkg_from_apk_path(char *pkg, const char *path)
 {
 	int len = strlen(path);
@@ -151,13 +157,12 @@ static void crown_manager(const char *apk, struct list_head *uid_data,
 
 	list_for_each_entry(np, list, list) {
 		if (strncmp(np->package, pkg, KSU_MAX_PACKAGE_NAME) == 0) {
-			pr_info("Crowning manager: %s(uid=%d, signature_index=%d)\n",
+			pr_info("Crowning manager: %s(uid=%d, signature_index=%d, user=%u)\n",
-				pkg, np->uid, signature_index);
+				pkg, np->uid, signature_index, np->user_id);
 
 			// Dynamic Sign index (100) or multi-manager signatures (>= 2)
 			if (signature_index == DYNAMIC_SIGN_INDEX || signature_index >= 2) {
 				ksu_add_manager(np->uid, signature_index);
-
 				if (!ksu_is_manager_uid_valid()) {
 					ksu_set_manager_uid(np->uid);
 				}
@@ -168,19 +173,56 @@ static void crown_manager(const char *apk, struct list_head *uid_data,
 		}
 	}
 }
+// Scan the primary user
+static int scan_primary_user_apps(struct list_head *uid_list, size_t *pkg_count, size_t *error_count)
+{
+	struct file *dir_file;
+	int ret;
+	
+	*pkg_count = *error_count = 0;
+
+	pr_info("Step 1: Scanning primary user (0) applications in %s\n", PRIMARY_USER_PATH);
+
+	dir_file = ksu_filp_open_compat(PRIMARY_USER_PATH, O_RDONLY, 0);
+	if (IS_ERR(dir_file)) {
+		pr_err("Cannot open primary user path: %s (%ld)\n", PRIMARY_USER_PATH, PTR_ERR(dir_file));
+		return PTR_ERR(dir_file);
+	}
+
+	struct user_scan_ctx scan_ctx = {
+		.uid_list = uid_list,
+		.user_id = 0,
+		.pkg_count = 0,
+		.error_count = 0
+	};
+
+	struct user_dir_ctx uctx = {
+		.ctx.actor = scan_user_packages,
+		.scan_ctx = &scan_ctx
+	};
+
+	ret = iterate_dir(dir_file, &uctx.ctx);
+	filp_close(dir_file, NULL);
+
+	*pkg_count = scan_ctx.pkg_count;
+	*error_count = scan_ctx.error_count;
+
+	pr_info("Primary user scan completed: %zu packages found, %zu errors\n", 
+		scan_ctx.pkg_count, scan_ctx.error_count);
+
+	return ret;
+}
 
 FILLDIR_RETURN_TYPE collect_user_ids(struct dir_context *ctx, const char *name,
 				     int namelen, loff_t off, u64 ino, unsigned int d_type)
 {
 	struct user_id_ctx *uctx = container_of(ctx, struct user_id_ctx, ctx);
 
-	// Skip non-directories and dot entries
 	if (d_type != DT_DIR || namelen <= 0)
 		return FILLDIR_ACTOR_CONTINUE;
 	if (name[0] == '.' && (namelen == 1 || (namelen == 2 && name[1] == '.')))
 		return FILLDIR_ACTOR_CONTINUE;
 
-	// Parse numeric user ID
 	uid_t uid = 0;
 	for (int i = 0; i < namelen; i++) {
 		if (name[i] < '0' || name[i] > '9')
@@ -188,7 +230,6 @@ FILLDIR_RETURN_TYPE collect_user_ids(struct dir_context *ctx, const char *name,
 		uid = uid * 10 + (name[i] - '0');
 	}
 
-	// Store user ID if space available
 	if (uctx->count >= uctx->max_count)
 		return FILLDIR_ACTOR_STOP;
 
@@ -196,8 +237,8 @@ FILLDIR_RETURN_TYPE collect_user_ids(struct dir_context *ctx, const char *name,
 	return FILLDIR_ACTOR_CONTINUE;
 }
 
-// Get all active Android user IDs
+// Retrieve all active users (optional)
-static int get_active_user_ids(uid_t *user_ids, size_t max_users, size_t *found_count)
+static int get_all_active_users(uid_t *user_ids, size_t max_users, size_t *found_count)
 {
 	struct file *dir_file;
 	int ret;
@@ -206,7 +247,7 @@ static int get_active_user_ids(uid_t *user_ids, size_t max_users, size_t *found_
 
 	dir_file = ksu_filp_open_compat(USER_DATA_BASE_PATH, O_RDONLY, 0);
 	if (IS_ERR(dir_file)) {
-		pr_err("Cannot open %s: %ld\n", USER_DATA_BASE_PATH, PTR_ERR(dir_file));
+		pr_err("Cannot open user data base path: %s (%ld)\n", USER_DATA_BASE_PATH, PTR_ERR(dir_file));
 		return PTR_ERR(dir_file);
 	}
 
@@ -221,8 +262,13 @@ static int get_active_user_ids(uid_t *user_ids, size_t max_users, size_t *found_
 	filp_close(dir_file, NULL);
 
 	*found_count = uctx.count;
-	if (uctx.count > 0)
+	if (uctx.count > 0) {
-		pr_info("Found %zu active users\n", uctx.count);
+		pr_info("Found %zu active users: ", uctx.count);
+		for (size_t i = 0; i < uctx.count; i++) {
+			pr_cont("%u ", user_ids[i]);
+		}
+		pr_cont("\n");
+	}
 
 	return ret;
 }
@@ -233,7 +279,6 @@ FILLDIR_RETURN_TYPE scan_user_packages(struct dir_context *ctx, const char *name
 	struct user_dir_ctx *uctx = container_of(ctx, struct user_dir_ctx, ctx);
 	struct user_scan_ctx *scan_ctx = uctx->scan_ctx;
 
-	// Validate context and skip dot entries
 	if (!scan_ctx || !scan_ctx->uid_list)
 		return FILLDIR_ACTOR_STOP;
 	if (d_type != DT_DIR || namelen <= 0)
@@ -241,14 +286,12 @@ FILLDIR_RETURN_TYPE scan_user_packages(struct dir_context *ctx, const char *name
 	if (name[0] == '.' && (namelen == 1 || (namelen == 2 && name[1] == '.')))
 		return FILLDIR_ACTOR_CONTINUE;
 
-	// Check package name length
 	if (namelen >= KSU_MAX_PACKAGE_NAME) {
 		pr_warn("Package name too long: %.*s (user %u)\n", namelen, name, scan_ctx->user_id);
 		scan_ctx->error_count++;
 		return FILLDIR_ACTOR_CONTINUE;
 	}
 
-	// Build package path
 	char pkg_path[DATA_PATH_LEN];
 	int path_len = snprintf(pkg_path, sizeof(pkg_path), "%s/%u/%.*s",
 				USER_DATA_BASE_PATH, scan_ctx->user_id, namelen, name);
@@ -258,7 +301,6 @@ FILLDIR_RETURN_TYPE scan_user_packages(struct dir_context *ctx, const char *name
 		return FILLDIR_ACTOR_CONTINUE;
 	}
 
-	// Get package path attributes
 	struct path path;
 	int err = kern_path(pkg_path, LOOKUP_FOLLOW, &path);
 	if (err) {
@@ -292,7 +334,6 @@ basically no mask and flags for =< 4.10
 		return FILLDIR_ACTOR_CONTINUE;
 	}
 
-	// Extract UID and validate
 	uid_t uid = from_kuid(&init_user_ns, stat.uid);
 	if (uid == (uid_t)-1) {
 		pr_warn("Invalid UID for: %.*s (user %u)\n", namelen, name, scan_ctx->user_id);
@@ -300,7 +341,6 @@ basically no mask and flags for =< 4.10
 		return FILLDIR_ACTOR_CONTINUE;
 	}
 
-	// Allocate and populate UID data entry
 	struct uid_data *uid_entry = kzalloc(sizeof(struct uid_data), GFP_KERNEL);
 	if (!uid_entry) {
 		pr_err("Memory allocation failed for: %.*s\n", namelen, name);
@@ -309,6 +349,7 @@ basically no mask and flags for =< 4.10
 	}
 
 	uid_entry->uid = uid;
+	uid_entry->user_id = scan_ctx->user_id; // Record user ID
 	size_t copy_len = min_t(size_t, namelen, KSU_MAX_PACKAGE_NAME - 1);
 	strncpy(uid_entry->package, name, copy_len);
 	uid_entry->package[copy_len] = '\0';
@@ -316,87 +357,104 @@ basically no mask and flags for =< 4.10
 	list_add_tail(&uid_entry->list, scan_ctx->uid_list);
 	scan_ctx->pkg_count++;
 
-	pr_info("User Package: %s, UID: %u (user %u)\n", uid_entry->package, uid, scan_ctx->user_id);
+	pr_debug("Package: %s, UID: %u, User: %u\n", uid_entry->package, uid, scan_ctx->user_id);
 	return FILLDIR_ACTOR_CONTINUE;
 }
 
-static int scan_user_directory(uid_t user_id, struct list_head *uid_list,
+// Scan other users' applications (optional)
-			      size_t *pkg_count, size_t *error_count)
+static int scan_secondary_users_apps(struct list_head *uid_list, 
+				     const uid_t *user_ids, size_t user_count,
+				     size_t *total_pkg_count, size_t *total_error_count)
 {
-	char user_path[DATA_PATH_LEN];
+	int ret = 0;
-	struct file *dir_file;
+	*total_pkg_count = *total_error_count = 0;
-	int ret;
 
-	*pkg_count = *error_count = 0;
+	for (size_t i = 0; i < user_count; i++) {
+		// Skip the main user since it was already scanned in the first step.
+		if (user_ids[i] == 0)
+			continue;
 
-	snprintf(user_path, sizeof(user_path), "%s/%u", USER_DATA_BASE_PATH, user_id);
+		char user_path[DATA_PATH_LEN];
+		struct file *dir_file;
 
-	dir_file = ksu_filp_open_compat(user_path, O_RDONLY, 0);
+		snprintf(user_path, sizeof(user_path), "%s/%u", USER_DATA_BASE_PATH, user_ids[i]);
-	if (IS_ERR(dir_file)) {
-		pr_debug("Cannot open user path: %s (%ld)\n", user_path, PTR_ERR(dir_file));
-		return PTR_ERR(dir_file);
-	}
 
-	struct user_scan_ctx scan_ctx = {
+		dir_file = ksu_filp_open_compat(user_path, O_RDONLY, 0);
-		.uid_list = uid_list,
+		if (IS_ERR(dir_file)) {
-		.user_id = user_id,
+			pr_debug("Cannot open user path: %s (%ld)\n", user_path, PTR_ERR(dir_file));
-		.pkg_count = 0,
+			(*total_error_count)++;
-		.error_count = 0
+			continue;
-	};
+		}
 
-	struct user_dir_ctx uctx = {
+		struct user_scan_ctx scan_ctx = {
-		.ctx.actor = scan_user_packages,
+			.uid_list = uid_list,
-		.scan_ctx = &scan_ctx
+			.user_id = user_ids[i],
-	};
+			.pkg_count = 0,
+			.error_count = 0
+		};
 
-	ret = iterate_dir(dir_file, &uctx.ctx);
+		struct user_dir_ctx uctx = {
-	filp_close(dir_file, NULL);
+			.ctx.actor = scan_user_packages,
+			.scan_ctx = &scan_ctx
+		};
 
-	*pkg_count = scan_ctx.pkg_count;
+		ret = iterate_dir(dir_file, &uctx.ctx);
-	*error_count = scan_ctx.error_count;
+		filp_close(dir_file, NULL);
 
-	if (scan_ctx.pkg_count > 0 || scan_ctx.error_count > 0)
+		*total_pkg_count += scan_ctx.pkg_count;
-		pr_info("User %u: %zu packages, %zu errors\n",
+		*total_error_count += scan_ctx.error_count;
-			user_id, scan_ctx.pkg_count, scan_ctx.error_count);
+
+		if (scan_ctx.pkg_count > 0 || scan_ctx.error_count > 0)
+			pr_info("User %u: %zu packages, %zu errors\n",
+				user_ids[i], scan_ctx.pkg_count, scan_ctx.error_count);
+			}
 
 	return ret;
 }
 
-int scan_user_data_for_uids(struct list_head *uid_list)
+int scan_user_data_for_uids(struct list_head *uid_list, bool scan_all_users)
 {
-	uid_t user_ids[MAX_SUPPORTED_USERS];
-	size_t active_users, total_packages = 0, total_errors = 0;
-	int ret;
-
 	if (!uid_list)
 		return -EINVAL;
 
-	// Get all active user IDs
+	//  Scan the primary user (User 0)
-	ret = get_active_user_ids(user_ids, ARRAY_SIZE(user_ids), &active_users);
+	size_t primary_pkg_count, primary_error_count;
+	int ret = scan_primary_user_apps(uid_list, &primary_pkg_count, &primary_error_count);
+	if (ret < 0 && primary_pkg_count == 0) {
+		pr_err("Primary user scan failed completely: %d\n", ret);
+		return ret;
+	}
+
+	// If you don't need to scan all users, stop here.
+	if (!scan_all_users) {
+		pr_info("Scan completed (primary user only): %zu packages, %zu errors\n",
+			primary_pkg_count, primary_error_count);
+		return primary_pkg_count > 0 ? 0 : -ENOENT;
+	}
+
+	// Retrieve all active users
+	uid_t user_ids[MAX_SUPPORTED_USERS];
+	size_t active_users;
+	ret = get_all_active_users(user_ids, ARRAY_SIZE(user_ids), &active_users);
 	if (ret < 0 || active_users == 0) {
-		pr_err("No active users found: %d\n", ret);
+		pr_warn("Failed to get active users, using primary user only: %d\n", ret);
-		return ret < 0 ? ret : -ENOENT;
+		return primary_pkg_count > 0 ? 0 : -ENOENT;
 	}
 
-	// Scan each user's directory
+	// Scan other users' applications
-	for (size_t i = 0; i < active_users; i++) {
+	size_t secondary_pkg_count, secondary_error_count;
-		size_t pkg_count, error_count;
+	ret = scan_secondary_users_apps(uid_list, user_ids, active_users,
+					&secondary_pkg_count, &secondary_error_count);
 
-		ret = scan_user_directory(user_ids[i], uid_list, &pkg_count, &error_count);
+	size_t total_packages = primary_pkg_count + secondary_pkg_count;
-		if (ret < 0) {
+	size_t total_errors = primary_error_count + secondary_error_count;
-			pr_warn("Scan failed for user %u: %d\n", user_ids[i], ret);
-			total_errors++;
-			continue;
-		}
-
-		total_packages += pkg_count;
-		total_errors += error_count;
-	}
 
 	if (total_errors > 0)
 		pr_warn("Scan completed with %zu errors\n", total_errors);
 
-	pr_info("Scanned %zu users, found %zu packages\n", active_users, total_packages);
+	pr_info("Complete scan finished: %zu users, %zu total packages\n", 
+		active_users, total_packages);
+
 	return total_packages > 0 ? 0 : -ENOENT;
 }
 
@@ -537,7 +595,7 @@ void search_manager(const char *path, int depth, struct list_head *uid_data)
 				.private_data = uid_data,
 				.depth = pos->depth,
 				.stop = &stop,
-						.found_dynamic_manager = false };
+				.found_dynamic_manager = false };
 			struct file *file;
 
 			if (!stop) {
@@ -608,10 +666,10 @@ static void track_throne_function(void)
 	struct list_head uid_list;
 	INIT_LIST_HEAD(&uid_list);
 	// scan user data for uids
-	int ret = scan_user_data_for_uids(&uid_list);
+	int ret = scan_user_data_for_uids(&uid_list, scan_all_users);
 	
 	if (ret < 0) {
-		pr_err("UserDE UID scan user data failed: %d.\n", ret);
+		pr_err("Improved UserDE UID scan failed: %d. scan_all_users=%d\n", ret, scan_all_users);
 		goto out;
 	}