From eeffecbd1bd7d49672a1c6bd52d95d28a42acb21 Mon Sep 17 00:00:00 2001
From: Wang Han <416810799@qq.com>
Date: Tue, 18 Feb 2025 11:07:52 +0800
Subject: [PATCH] Allow toggling unmount setting for all apps (#2450)
This fixes https://github.com/tiann/KernelSU/issues/2416.
---
kernel/allowlist.c | 5 -----
.../java/me/weishu/kernelsu/ui/screen/AppProfile.kt | 10 ++++++++--
manager/app/src/main/res/values-zh-rCN/strings.xml | 1 +
manager/app/src/main/res/values/strings.xml | 1 +
4 files changed, 10 insertions(+), 7 deletions(-)
diff --git a/kernel/allowlist.c b/kernel/allowlist.c
index 4c8abe19..2cd47dfc 100644
--- a/kernel/allowlist.c
+++ b/kernel/allowlist.c
@@ -153,11 +153,6 @@ static bool profile_valid(struct app_profile *profile)
return false;
}
- if (forbid_system_uid(profile->current_uid)) {
- pr_err("uid lower than 2000 is unsupported: %d\n", profile->current_uid);
- return false;
- }
-
if (profile->version < KSU_APP_PROFILE_VER) {
pr_info("Unsupported profile version: %d\n", profile->version);
return false;
diff --git a/manager/app/src/main/java/me/weishu/kernelsu/ui/screen/AppProfile.kt b/manager/app/src/main/java/me/weishu/kernelsu/ui/screen/AppProfile.kt
index 30e96e97..278bfc0f 100644
--- a/manager/app/src/main/java/me/weishu/kernelsu/ui/screen/AppProfile.kt
+++ b/manager/app/src/main/java/me/weishu/kernelsu/ui/screen/AppProfile.kt
@@ -95,6 +95,7 @@ fun AppProfileScreen(
val scope = rememberCoroutineScope()
val failToUpdateAppProfile = stringResource(R.string.failed_to_update_app_profile).format(appInfo.label)
val failToUpdateSepolicy = stringResource(R.string.failed_to_update_sepolicy).format(appInfo.label)
+ val suNotAllowed = stringResource(R.string.su_not_allowed).format(appInfo.label)
val packageName = appInfo.packageName
val initialProfile = Natives.getAppProfile(packageName, appInfo.uid)
@@ -143,8 +144,13 @@ fun AppProfileScreen(
},
onProfileChange = {
scope.launch {
- if (it.allowSu && !it.rootUseDefault && it.rules.isNotEmpty()) {
- if (!setSepolicy(profile.name, it.rules)) {
+ if (it.allowSu) {
+ // sync with allowlist.c - forbid_system_uid
+ if (appInfo.uid < 2000 && appInfo.uid != 1000) {
+ snackBarHost.showSnackbar(suNotAllowed)
+ return@launch
+ }
+ if (!it.rootUseDefault && it.rules.isNotEmpty() && !setSepolicy(profile.name, it.rules)) {
snackBarHost.showSnackbar(failToUpdateSepolicy)
return@launch
}
diff --git a/manager/app/src/main/res/values-zh-rCN/strings.xml b/manager/app/src/main/res/values-zh-rCN/strings.xml
index 7c67ad85..77a14370 100644
--- a/manager/app/src/main/res/values-zh-rCN/strings.xml
+++ b/manager/app/src/main/res/values-zh-rCN/strings.xml
@@ -81,6 +81,7 @@
强制停止
重新启动
为:%s 更新翻译失败
+ 不允许授予:%s 超级用户权限
更新日志
App Profile 模版
管理本地和在线的 App Profile 模版
diff --git a/manager/app/src/main/res/values/strings.xml b/manager/app/src/main/res/values/strings.xml
index cf2cec52..a52eec52 100644
--- a/manager/app/src/main/res/values/strings.xml
+++ b/manager/app/src/main/res/values/strings.xml
@@ -83,6 +83,7 @@
Force stop
Restart
Failed to update SELinux rules for %s
+ Granting superuser to %s is not allowed
Changelog
App Profile Template
Manage local and online template of App Profile