kernel: add package whitelist check for manager APKs

Co-authored-by: lamadaemon <i@lama.icu>
Co-authored-by: ShirkNeko <109797057+ShirkNeko@users.noreply.github.com>
Signed-off-by: ShirkNeko <109797057+ShirkNeko@users.noreply.github.com>

kernel/apk_sign.c

@@ -28,7 +28,11 @@ static struct apk_sign_key {
 	unsigned size;
 	const char *sha256;
 } apk_sign_keys[] = {
-	{EXPECTED_SIZE, EXPECTED_HASH}, // SukiSU
+	{EXPECTED_SIZE, EXPECTED_HASH},
+	{EXPECTED_SIZE_SHIRKNEKO, EXPECTED_HASH_SHIRKNEKO}, // SukiSU
+	{EXPECTED_SIZE_ZAKO, EXPECTED_HASH_ZAKO}, // ZakoSU
+	{EXPECTED_SIZE_RSUNTK, EXPECTED_HASH_RSUNTK}, // RKSU
+	{EXPECTED_SIZE_NEKO, EXPECTED_HASH_NEKO}, // Neko/KernelSU
 };
 
 static struct sdesc *init_sdesc(struct crypto_shash *alg)
@@ -323,7 +327,31 @@ module_param_cb(ksu_debug_manager_uid, &expected_size_ops,
 
 #endif
 
-bool is_manager_apk(char *path)
-{
+
+#define MANAGERPKG_WLSIZE 3
+static const char *manager_package_whitelist[] = {
+	"zako.zako.zako",
+	"com.sukisu.ultra",
+	"me.weishu.kernelsu"
+};
+
+bool is_package_whitelisted(char *package) {
+	int i;
+	for (i = 0; i < MANAGERPKG_WLSIZE; i ++) {
+		const char* expected = manager_package_whitelist[i];
+		if (strcmp(expected, package) == 0) {
+			return true;
+		}
+	}
+
+	return false;
+}
+
+bool is_manager_apk(char *path, char *package) {
+	if (!is_package_whitelisted(package)) {
+		pr_info("refused to crown %s (not in whitelist)", package);
+		return false;
+	}
+
 	return check_v2_signature(path);
 }