kernel: handle throned UID change if manager is reinstall or changed

drop old UID and throne the new one when the manager is reinstalled or changed - Add dynamic manager lock Co-authored-by: rifsxd <rifat.44.azad.rifs@gmail.com> Co-authored-by: ShirkNeko <109797057+ShirkNeko@users.noreply.github.com> Signed-off-by: ShirkNeko <109797057+ShirkNeko@users.noreply.github.com>
2025-10-01 02:02:46 +06:00
parent 3f4293e69a
commit c02b42d7de
1 changed files with 111 additions and 121 deletions
--- a/kernel/throne_tracker.c
+++ b/kernel/throne_tracker.c
@@ -18,6 +18,8 @@
 #include "throne_comm.h"
 uid_t ksu_manager_uid = KSU_INVALID_UID;
 static uid_t locked_manager_uid = KSU_INVALID_UID;
 static uid_t locked_dynamic_manager_uid = KSU_INVALID_UID;
 #define KSU_UID_LIST_PATH "/data/misc/user_uid/uid_list"
 #define USER_DATA_PATH "/data/user_de/0"
@@ -139,8 +141,7 @@ static int get_pkg_from_apk_path(char *pkg, const char *path)
 	return 0;
 }
-static void crown_manager(const char *apk, struct list_head *uid_data,
+static void crown_manager(const char *apk, struct list_head *uid_data, int signature_index)
 			  int signature_index)
 {
 	char pkg[KSU_MAX_PACKAGE_NAME];
 	if (get_pkg_from_apk_path(pkg, apk) < 0) {
@@ -158,23 +159,41 @@ static void crown_manager(const char *apk, struct list_head *uid_data,
 		return;
 	}
 #endif
 	struct list_head *list = (struct list_head *)uid_data;
 	struct uid_data *np;
-	list_for_each_entry(np, list, list) {
+	list_for_each_entry(np, uid_data, list) {
 		if (strncmp(np->package, pkg, KSU_MAX_PACKAGE_NAME) == 0) {
-			pr_info("Crowning manager: %s(uid=%d, signature_index=%d)\n",
+			bool is_dynamic = (signature_index == DYNAMIC_SIGN_INDEX || signature_index >= 2);
 				pkg, np->uid, signature_index);
-			// Dynamic Sign index (1) or multi-manager signatures (2+)
+			if (is_dynamic) {
-			if (signature_index == DYNAMIC_SIGN_INDEX || signature_index >= 2) {
+				if (locked_dynamic_manager_uid != KSU_INVALID_UID && locked_dynamic_manager_uid != np->uid) {
-				ksu_add_manager(np->uid, signature_index);
+					pr_info("Unlocking previous dynamic manager UID: %d\n", locked_dynamic_manager_uid);
-
+					ksu_remove_manager(locked_dynamic_manager_uid);
-				if (!ksu_is_manager_uid_valid()) {
+					locked_dynamic_manager_uid = KSU_INVALID_UID;
 					ksu_set_manager_uid(np->uid);
 				}
 			} else {
 				if (locked_manager_uid != KSU_INVALID_UID && locked_manager_uid != np->uid) {
 					pr_info("Unlocking previous manager UID: %d\n", locked_manager_uid);
 					ksu_invalidate_manager_uid(); // unlock old one
 					locked_manager_uid = KSU_INVALID_UID;
 				}
 			}
 			pr_info("Crowning %s manager: %s (uid=%d, signature_index=%d)\n",
 			        is_dynamic ? "dynamic" : "traditional", pkg, np->uid, signature_index);
 			if (is_dynamic) {
 				ksu_add_manager(np->uid, signature_index);
 				locked_dynamic_manager_uid = np->uid;
 				// If there is no traditional manager, set it to the current UID
 				if (!ksu_is_manager_uid_valid()) {
 					ksu_set_manager_uid(np->uid);
 					locked_manager_uid = np->uid;
 				}
 			} else {
 				ksu_set_manager_uid(np->uid); // throne new UID
 				locked_manager_uid = np->uid; // store locked UID
 			}
 			break;
 		}
@@ -195,7 +214,7 @@ struct apk_path_hash {
 	struct list_head list;
 };
-static struct list_head apk_path_hash_list;
+static struct list_head apk_path_hash_list = LIST_HEAD_INIT(apk_path_hash_list);
 struct my_dir_context {
 	struct dir_context ctx;
@@ -398,8 +417,7 @@ FILLDIR_RETURN_TYPE my_actor(struct dir_context *ctx, const char *name,
 	if (d_type == DT_DIR && my_ctx->depth > 0 &&
 	    (my_ctx->stop && !*my_ctx->stop)) {
-		struct data_path *data =
+		struct data_path *data = kmalloc(sizeof(struct data_path), GFP_ATOMIC);
 			kmalloc(sizeof(struct data_path), GFP_ATOMIC);
 		if (!data) {
 			pr_err("Failed to allocate memory for %s\n", dirpath);
@@ -410,15 +428,12 @@ FILLDIR_RETURN_TYPE my_actor(struct dir_context *ctx, const char *name,
 		data->depth = my_ctx->depth - 1;
 		list_add_tail(&data->list, my_ctx->data_path_list);
 	} else {
-		if ((namelen == 8) &&
+		if ((namelen == 8) && (strncmp(name, "base.apk", namelen) == 0)) {
 		    (strncmp(name, "base.apk", namelen) == 0)) {
 			struct apk_path_hash *pos, *n;
 #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 8, 0)
-			unsigned int hash =
+			unsigned int hash = full_name_hash(dirpath, strlen(dirpath));
 				full_name_hash(dirpath, strlen(dirpath));
 #else
-			unsigned int hash =
+			unsigned int hash = full_name_hash(NULL, dirpath, strlen(dirpath));
 				full_name_hash(NULL, dirpath, strlen(dirpath));
 #endif
 			list_for_each_entry(pos, &apk_path_hash_list, list) {
 				if (hash == pos->hash) {
@@ -433,42 +448,32 @@ FILLDIR_RETURN_TYPE my_actor(struct dir_context *ctx, const char *name,
 			pr_info("Found new base.apk at path: %s, is_multi_manager: %d, signature_index: %d\n",
 				dirpath, is_multi_manager, signature_index);
 			// Check for dynamic sign or multi-manager signatures
-			if (is_multi_manager &&
+			if (is_multi_manager && (signature_index == DYNAMIC_SIGN_INDEX || signature_index >= 2)) {
-			    (signature_index == DYNAMIC_SIGN_INDEX || signature_index >= 2)) {
+				crown_manager(dirpath, my_ctx->private_data, signature_index);
 				crown_manager(dirpath, my_ctx->private_data,
 					      signature_index);
 				struct apk_path_hash *apk_data =
 					kmalloc(sizeof(struct apk_path_hash),
 						GFP_ATOMIC);
 				struct apk_path_hash *apk_data = kmalloc(sizeof(struct apk_path_hash), GFP_ATOMIC);
 				if (apk_data) {
 					apk_data->hash = hash;
 					apk_data->exists = true;
-					list_add_tail(&apk_data->list,
+					list_add_tail(&apk_data->list, &apk_path_hash_list);
 						      &apk_path_hash_list);
 				}
 			} else if (is_manager_apk(dirpath)) {
 				crown_manager(dirpath, my_ctx->private_data, 0);
 				*my_ctx->stop = 1;
 				// Manager found, clear APK cache list
-				list_for_each_entry_safe(
+				list_for_each_entry_safe(pos, n, &apk_path_hash_list, list) {
 					pos, n, &apk_path_hash_list, list) {
 					list_del(&pos->list);
 					kfree(pos);
 				}
 			} else {
-				struct apk_path_hash *apk_data =
+				struct apk_path_hash *apk_data = kmalloc(sizeof(struct apk_path_hash), GFP_ATOMIC);
 					kmalloc(sizeof(struct apk_path_hash),
 						GFP_ATOMIC);
 				if (apk_data) {
 					apk_data->hash = hash;
 					apk_data->exists = true;
-					list_add_tail(&apk_data->list,
+					list_add_tail(&apk_data->list, &apk_path_hash_list);
 						      &apk_path_hash_list);
 				}
 			}
 		}
@@ -482,7 +487,6 @@ void search_manager(const char *path, int depth, struct list_head *uid_data)
 	int i, stop = 0;
 	struct list_head data_path_list;
 	INIT_LIST_HEAD(&data_path_list);
 	INIT_LIST_HEAD(&apk_path_hash_list);
 	unsigned long data_app_magic = 0;
 	// Initialize APK cache list
@@ -501,46 +505,35 @@ void search_manager(const char *path, int depth, struct list_head *uid_data)
 		struct data_path *pos, *n;
 		list_for_each_entry_safe(pos, n, &data_path_list, list) {
-			struct my_dir_context ctx = {
+			struct my_dir_context ctx = { .ctx.actor = my_actor,
 				.ctx.actor = my_actor,
 						      .data_path_list = &data_path_list,
 						      .parent_dir = pos->dirpath,
 						      .private_data = uid_data,
 						      .depth = pos->depth,
-				.stop = &stop
+						      .stop = &stop };
 			};
 			struct file *file;
 			if (!stop) {
-				file = ksu_filp_open_compat(
+				file = ksu_filp_open_compat(pos->dirpath, O_RDONLY | O_NOFOLLOW, 0);
 					pos->dirpath, O_RDONLY | O_NOFOLLOW, 0);
 				if (IS_ERR(file)) {
-					pr_err("Failed to open directory: %s, err: %ld\n",
+					pr_err("Failed to open directory: %s, err: %ld\n", pos->dirpath, PTR_ERR(file));
 					       pos->dirpath, PTR_ERR(file));
 					goto skip_iterate;
 				}
 				// grab magic on first folder, which is /data/app
 				if (!data_app_magic) {
 					if (file->f_inode->i_sb->s_magic) {
-						data_app_magic =
+						data_app_magic = file->f_inode->i_sb->s_magic;
-							file->f_inode->i_sb
+						pr_info("%s: dir: %s got magic! 0x%lx\n", __func__, pos->dirpath, data_app_magic);
 								->s_magic;
 						pr_info("%s: dir: %s got magic! 0x%lx\n",
 							__func__, pos->dirpath,
 							data_app_magic);
 					} else {
 						filp_close(file, NULL);
 						goto skip_iterate;
 					}
 				}
-				if (file->f_inode->i_sb->s_magic !=
+				if (file->f_inode->i_sb->s_magic != data_app_magic) {
-				    data_app_magic) {
+					pr_info("%s: skip: %s magic: 0x%lx expected: 0x%lx\n", __func__, pos->dirpath, 
-					pr_info("%s: skip: %s magic: 0x%lx expected: 0x%lx\n",
+						file->f_inode->i_sb->s_magic, data_app_magic);
 						__func__, pos->dirpath,
 						file->f_inode->i_sb->s_magic,
 						data_app_magic);
 					filp_close(file, NULL);
 					goto skip_iterate;
 				}
@@ -555,13 +548,14 @@ skip_iterate:
 		}
 	}
-	// clear apk_path_hash_list unconditionally
+	// Remove stale cached APK entries
 	pr_info("search manager: cleanup!\n");
 	list_for_each_entry_safe(pos, n, &apk_path_hash_list, list) {
 		if (!pos->exists) {
 			list_del(&pos->list);
 			kfree(pos);
 		}
 	}
 }
 static bool is_uid_exist(uid_t uid, char *package, void *data)
 {
@@ -584,75 +578,71 @@ extern bool ksu_uid_scanner_enabled;
 void track_throne(void)
 {
 	struct list_head uid_list;
 	struct uid_data *np, *n;
 	// init uid list head
 	INIT_LIST_HEAD(&uid_list);
 	if (ksu_uid_scanner_enabled) {
 		pr_info("Scanning %s directory..\n", KSU_UID_LIST_PATH);
 		if (uid_from_um_list(&uid_list) == 0) {
-        	pr_info("loaded uids from %s success\n", KSU_UID_LIST_PATH);
+			pr_info("Loaded UIDs from %s success\n", KSU_UID_LIST_PATH);
 		} else {
 			pr_warn("%s read failed, falling back to %s\n", KSU_UID_LIST_PATH, USER_DATA_PATH);
 			if (scan_user_data_for_uids(&uid_list) < 0)
 				goto out;
        	pr_info("UserDE UID: Scanned %zu packages from user data directory\n", list_count_nodes(&uid_list));
 		}
 	} else {
-		pr_info("User mode scan status is %s, skipping scan %s\n", ksu_uid_scanner_enabled ? "enabled" : "disabled", KSU_UID_LIST_PATH);
+		pr_info("User mode scan disabled, scanning %s\n", USER_DATA_PATH);
 		if (scan_user_data_for_uids(&uid_list) < 0)
 			goto out;
 		pr_info("UserDE UID: Scanned %zu packages from user data directory\n", list_count_nodes(&uid_list));
 	}
-	// now update uid list
+	// check if manager UID exists
 	struct uid_data *np;
 	struct uid_data *n;
 	// first, check if manager_uid exist!
 	bool manager_exist = false;
-	bool dynamic_manager_exist = false;
+	int current_manager_uid = ksu_get_manager_uid() % 100000;
 	list_for_each_entry(np, &uid_list, list) {
-		// if manager is installed in work profile, the uid in packages.list is still equals main profile
+		if (np->uid == current_manager_uid) {
 		// don't delete it in this case!
 		int manager_uid = ksu_get_manager_uid() % 100000;
 		if (np->uid == manager_uid) {
 			manager_exist = true;
 			break;
 		}
 	}
-	// Check for dynamic managers
+	if (!manager_exist && locked_manager_uid != KSU_INVALID_UID) {
-	if (!dynamic_manager_exist && ksu_is_dynamic_manager_enabled()) {
+		pr_info("Manager APK removed, unlocking previous UID: %d\n", locked_manager_uid);
 		ksu_invalidate_manager_uid();
 		locked_manager_uid = KSU_INVALID_UID;
 	}
 	// Check if the Dynamic Manager exists (only check locked UIDs)
 	bool dynamic_manager_exist = false;
 	if (ksu_is_dynamic_manager_enabled() && locked_dynamic_manager_uid != KSU_INVALID_UID) {
 		list_for_each_entry(np, &uid_list, list) {
-			// Check if this uid is a dynamic manager (not the traditional manager)
+			if (np->uid == locked_dynamic_manager_uid) {
 			if (ksu_is_any_manager(np->uid) &&
 				 np->uid != ksu_get_manager_uid()) {
 				dynamic_manager_exist = true;
 				break;
 			}
 		}
 		if (!dynamic_manager_exist) {
 			pr_info("Dynamic manager APK removed, unlocking previous UID: %d\n", locked_dynamic_manager_uid);
 			ksu_remove_manager(locked_dynamic_manager_uid);
 			locked_dynamic_manager_uid = KSU_INVALID_UID;
 		}
 	}
-	if (!manager_exist) {
+	bool need_search = !manager_exist;
-		if (ksu_is_manager_uid_valid()) {
+	if (ksu_is_dynamic_manager_enabled() && !dynamic_manager_exist) {
-			pr_info("manager is uninstalled, invalidate it!\n");
+		need_search = true;
-			ksu_invalidate_manager_uid();
+	}
-			goto prune;
+
-		}
+	if (need_search) {
-		pr_info("Searching manager...\n");
+		pr_info("Searching for manager(s)...\n");
-		search_manager("/data/app", 2, &uid_list);
+		search_manager("/data/app", 2, &uid_list);
-		pr_info("Search manager finished\n");
+		pr_info("Manager search finished\n");
 	} else if (!dynamic_manager_exist && ksu_is_dynamic_manager_enabled()) {
 		// Always perform search when called from dynamic manager rescan
 		pr_info("Dynamic sign enabled, Searching manager...\n");
 		search_manager("/data/app", 2, &uid_list);
 		pr_info("Search Dynamic sign manager finished\n");
 	}
 prune:
 	// then prune the allowlist
 	ksu_prune_allowlist(is_uid_exist, &uid_list);
 out: