kernel: support CMD_IS_UID_GRANTED_ROOT and CMD_IS_UID_SHOULD_UMOUNT

kernel/allowlist.c

@@ -73,7 +73,7 @@ static void ksu_grant_root_to_shell()
 }
 #endif
 
-bool ksu_get_app_profile(struct app_profile *profile)
+bool ksu_get_app_profile(struct app_profile *profile, bool query_by_uid)
 {
 	struct perm_data *p = NULL;
 	struct list_head *pos = NULL;
@@ -81,7 +81,10 @@ bool ksu_get_app_profile(struct app_profile *profile)
 
 	list_for_each (pos, &allow_list) {
 		p = list_entry(pos, struct perm_data, list);
-		if (!strcmp(profile->key, p->profile.key)) {
+		bool uid_match =
+			(query_by_uid &&
+			 profile->current_uid == p->profile.current_uid);
+		if (uid_match || !strcmp(profile->key, p->profile.key)) {
 			// found it, override it with ours
 			memcpy(profile, &p->profile, sizeof(*profile));
 			found = true;
@@ -150,6 +153,27 @@ bool ksu_is_allow_uid(uid_t uid)
 	return false;
 }
 
+bool ksu_is_uid_should_umount(uid_t uid)
+{
+	struct app_profile profile = { .current_uid = uid };
+	bool found = ksu_get_app_profile(&profile, true);
+	if (!found) {
+		// no app profile found, it must be non root app
+		return default_non_root_profile.umount_modules;
+	}
+	if (profile.allow_su) {
+		// if found and it is granted to su, we shouldn't umount for it
+		return false;
+	} else {
+		// found an app profile
+		if (profile.nrp_config.use_default) {
+			return default_non_root_profile.umount_modules;
+		} else {
+			return profile.nrp_config.profile.umount_modules;
+		}
+	}
+}
+
 bool ksu_get_allow_list(int *array, int *length, bool allow)
 {
 	struct perm_data *p = NULL;

kernel/allowlist.h

@@ -18,6 +18,8 @@ bool ksu_get_allow_list(int *array, int *length, bool allow);
 
 void ksu_prune_allowlist(bool (*is_uid_exist)(uid_t, void *), void *data);
 
-bool ksu_get_app_profile(struct app_profile *);
+bool ksu_get_app_profile(struct app_profile *, bool query_by_uid);
 bool ksu_set_app_profile(struct app_profile *, bool persist);
+
+bool ksu_is_uid_should_umount(uid_t uid);
 #endif

kernel/core_hook.c

@@ -322,6 +322,31 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
 		return 0;
 	}
 
+	if (arg2 == CMD_IS_UID_GRANTED_ROOT ||
+	    arg2 == CMD_IS_UID_SHOULD_UMOUNT) {
+		if (is_manager() || 0 == current_uid().val) {
+			uid_t target_uid = (uid_t)arg3;
+			bool allow = false;
+			if (arg2 == CMD_IS_UID_GRANTED_ROOT) {
+				allow = ksu_is_allow_uid(target_uid);
+			} else if (arg2 == CMD_IS_UID_SHOULD_UMOUNT) {
+				allow = ksu_is_uid_should_umount(target_uid);
+			} else {
+				pr_err("unknown cmd: %d\n", arg2);
+			}
+			if (!copy_to_user(arg4, &allow, sizeof(allow))) {
+				if (copy_to_user(result, &reply_ok,
+						 sizeof(reply_ok))) {
+					pr_err("prctl reply error, cmd: %d\n",
+					       arg2);
+				}
+			} else {
+				pr_err("prctl copy err, cmd: %d\n", arg2);
+			}
+		}
+		return 0;
+	}
+
 	// all other cmds are for 'root manager'
 	if (!is_manager()) {
 		last_failed_uid = current_uid().val;
@@ -336,7 +361,7 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
 			return 0;
 		}
 
-		bool success = ksu_get_app_profile(&profile);
+		bool success = ksu_get_app_profile(&profile, false);
 		if (success) {
 			if (copy_to_user(arg3, &profile, sizeof(profile))) {
 				pr_err("copy profile failed\n");

kernel/ksu.h

@@ -28,6 +28,8 @@
 #define CMD_CHECK_SAFEMODE 9
 #define CMD_GET_APP_PROFILE 10
 #define CMD_SET_APP_PROFILE 11
+#define CMD_IS_UID_GRANTED_ROOT 12
+#define CMD_IS_UID_SHOULD_UMOUNT 13
 
 #define EVENT_POST_FS_DATA 1
 #define EVENT_BOOT_COMPLETED 2