kernel: support CMD_IS_UID_GRANTED_ROOT and CMD_IS_UID_SHOULD_UMOUNT

kernel/allowlist.c

@@ -73,7 +73,7 @@ static void ksu_grant_root_to_shell()
 }
 #endif
 
-bool ksu_get_app_profile(struct app_profile *profile)
+bool ksu_get_app_profile(struct app_profile *profile, bool query_by_uid)
 {
 	struct perm_data *p = NULL;
 	struct list_head *pos = NULL;
@@ -81,7 +81,10 @@ bool ksu_get_app_profile(struct app_profile *profile)
 
 	list_for_each (pos, &allow_list) {
 		p = list_entry(pos, struct perm_data, list);
-		if (!strcmp(profile->key, p->profile.key)) {
+		bool uid_match =
+			(query_by_uid &&
+			 profile->current_uid == p->profile.current_uid);
+		if (uid_match || !strcmp(profile->key, p->profile.key)) {
 			// found it, override it with ours
 			memcpy(profile, &p->profile, sizeof(*profile));
 			found = true;
@@ -150,6 +153,27 @@ bool ksu_is_allow_uid(uid_t uid)
 	return false;
 }
 
+bool ksu_is_uid_should_umount(uid_t uid)
+{
+	struct app_profile profile = { .current_uid = uid };
+	bool found = ksu_get_app_profile(&profile, true);
+	if (!found) {
+		// no app profile found, it must be non root app
+		return default_non_root_profile.umount_modules;
+	}
+	if (profile.allow_su) {
+		// if found and it is granted to su, we shouldn't umount for it
+		return false;
+	} else {
+		// found an app profile
+		if (profile.nrp_config.use_default) {
+			return default_non_root_profile.umount_modules;
+		} else {
+			return profile.nrp_config.profile.umount_modules;
+		}
+	}
+}
+
 bool ksu_get_allow_list(int *array, int *length, bool allow)
 {
 	struct perm_data *p = NULL;