ksud: support module disable in safemode

2025-02-20 11:43:32 +08:00 · 2023-02-13 23:32:26 +08:00 · 2023-02-13 23:32:26 +08:00 · b268971323
commit b268971323
parent 051fc53a4f
2 changed files with 29 additions and 11 deletions
--- a/userspace/ksud/src/event.rs
+++ b/userspace/ksud/src/event.rs
@ -116,10 +116,23 @@ pub fn on_post_data_fs() -> Result<()> {
        }
    }

+    // If there isn't any image exist, do nothing for module!
+    if !Path::new(target_update_img).exists() {
+        return Ok(());
+    }
+
+    // we should always mount the module.img to module dir
+    // becuase we may need to operate the module dir in safe mode
+    info!("mount module image: {target_update_img} to {module_dir}");
+    mount::AutoMountExt4::try_new(target_update_img, module_dir, false)
+        .with_context(|| "mount module image failed".to_string())?;
+
    // check safe mode first.
    if crate::utils::is_safe_mode() {
-        warn!("safe mode, skip module post-fs-data scripts");
-        // TODO: we should also disable modules
+        warn!("safe mode, skip post-fs-data scripts and disable all modules!");
+        if let Err(e) = crate::module::disable_all_modules() {
+            warn!("disable all modules failed: {}", e);
+        }
        return Ok(());
    }

@ -128,15 +141,6 @@ pub fn on_post_data_fs() -> Result<()> {
        warn!("exec common post-fs-data scripts failed: {}", e);
    }

-    // If there isn't any image exist, do nothing for module!
-    if !Path::new(target_update_img).exists() {
-        return Ok(());
-    }
-
-    info!("mount module image: {target_update_img} to {module_dir}");
-    mount::AutoMountExt4::try_new(target_update_img, module_dir, false)
-        .with_context(|| "mount module image failed".to_string())?;
-
    // load sepolicy.rule
    if crate::module::load_sepolicy_rule().is_err() {
        warn!("load sepolicy.rule failed");
--- a/userspace/ksud/src/module.rs
+++ b/userspace/ksud/src/module.rs
@ -636,6 +636,20 @@ pub fn disable_module(id: &str) -> Result<()> {
    })
 }

+pub fn disable_all_modules() -> Result<()> {
+    // we assume the module dir is already mounted
+    let dir = std::fs::read_dir(defs::MODULE_DIR)?;
+    for entry in dir.flatten() {
+        let path = entry.path();
+        let disable_flag = path.join(defs::DISABLE_FILE_NAME);
+        if let Err(e) = ensure_file_exists(disable_flag) {
+            warn!("Failed to disable module: {}: {}", path.display(), e);
+        }
+    }
+
+    Ok(())
+}
+
 fn _list_modules(path: &str) -> Vec<HashMap<String, String>> {
    // first check enabled modules
    let dir = std::fs::read_dir(path);