From c29a9a793676958e07b63172267e5255526ec965 Mon Sep 17 00:00:00 2001 From: frknkrc44 Date: Mon, 19 Jan 2026 15:49:59 +0300 Subject: [PATCH 1/2] Improve app directory checks --- daemon/src/main/jni/denylist.cpp | 43 +++++++++++++++++--------------- 1 file changed, 23 insertions(+), 20 deletions(-) diff --git a/daemon/src/main/jni/denylist.cpp b/daemon/src/main/jni/denylist.cpp index d2c47d388..b858ea035 100644 --- a/daemon/src/main/jni/denylist.cpp +++ b/daemon/src/main/jni/denylist.cpp @@ -397,6 +397,23 @@ bool apatch_uid_should_umount(const char *const process) { return false; } +int get_stat(const char* app_name, struct stat* st) { + char app_data_dir[PATH_MAX]; + snprintf(app_data_dir, sizeof(app_data_dir), "/data/data/%s", app_name); + + if (stat(app_data_dir, st) == -1) { + snprintf(app_data_dir, sizeof(app_data_dir), "/data/user_de/0/%s", app_name); + + if (stat(app_data_dir, st) == -1) { + PLOGE("Failed to stat /data/data/%s and /data/user_de/0/%s", app_name, app_name); + + return -1; + } + } + + return 0; +} + extern "C" JNIEXPORT jboolean JNICALL Java_org_lsposed_lspd_service_DenylistManager_isInDenylist(JNIEnv *env, jclass, jstring appName) { const char *app_name = env->GetStringUTFChars(appName, nullptr); @@ -406,16 +423,6 @@ Java_org_lsposed_lspd_service_DenylistManager_isInDenylist(JNIEnv *env, jclass, return JNI_FALSE; } - char app_data_dir[PATH_MAX]; - snprintf(app_data_dir, sizeof(app_data_dir), "/data/data/%s", app_name); - - struct stat st; - if (stat(app_data_dir, &st) == -1) { - PLOGE("Failed to stat %s", app_data_dir); - - goto app_not_in_denylist; - } - if (root_impl == -1 && !ksu_get_existence() && !magisk_get_existence() && !apatch_get_existence()) { LOGE("No supported root implementation found, skipping denylist check"); @@ -423,6 +430,9 @@ Java_org_lsposed_lspd_service_DenylistManager_isInDenylist(JNIEnv *env, jclass, } if (root_impl == 1) { + struct stat st; + if (get_stat(app_name, &st) == -1) goto app_not_in_denylist; + if (ksu_is_in_denylist(st.st_uid)) { LOGI("App %s is in KernelSU denylist", app_name); @@ -486,16 +496,6 @@ Java_org_lsposed_lspd_service_DenylistManager_isInDenylistFromClasspathDir(JNIEn } env->ReleaseStringUTFChars(classpathDirArg, classpath_dir_arg); - char app_data_dir[1024] = {0}; - snprintf(app_data_dir, sizeof(app_data_dir), "/data/data/%s", app_name); - - struct stat st; - if (stat(app_data_dir, &st) == -1) { - PLOGE("Failed to stat %s", app_data_dir); - - goto app_not_in_denylist; - } - if (root_impl == -1 && !ksu_get_existence() && !magisk_get_existence() && !apatch_get_existence()) { LOGE("No supported root implementation found, skipping denylist check"); @@ -503,6 +503,9 @@ Java_org_lsposed_lspd_service_DenylistManager_isInDenylistFromClasspathDir(JNIEn } if (root_impl == 1) { + struct stat st; + if (get_stat(app_name, &st) == -1) goto app_not_in_denylist; + if (ksu_is_in_denylist(st.st_uid)) { LOGI("App %s is in KernelSU denylist", app_name); From 0e4080deefacb2ad2adb65aafa0fc986252e6a51 Mon Sep 17 00:00:00 2001 From: frknkrc44 Date: Mon, 19 Jan 2026 23:21:08 +0300 Subject: [PATCH 2/2] Ignore sandbox package --- daemon/src/main/jni/denylist.cpp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/daemon/src/main/jni/denylist.cpp b/daemon/src/main/jni/denylist.cpp index b858ea035..daf49a816 100644 --- a/daemon/src/main/jni/denylist.cpp +++ b/daemon/src/main/jni/denylist.cpp @@ -398,6 +398,12 @@ bool apatch_uid_should_umount(const char *const process) { } int get_stat(const char* app_name, struct stat* st) { + // ignore sandbox package + if (strcmp("com.android.sdksandbox", app_name) == 0 || + strcmp("com.google.android.sdksandbox", app_name) == 0) { + return -1; + } + char app_data_dir[PATH_MAX]; snprintf(app_data_dir, sizeof(app_data_dir), "/data/data/%s", app_name);