fix: harden manager boot fallback

matsuzaka-yuki · matsuzaka-yuki · commit 798f57e7b84f · 2026-05-15T11:42:23.000+08:00
diff --git a/apd/src/event.rs b/apd/src/event.rs
@@ -424,6 +424,11 @@ pub fn on_boot_completed(superkey: Option<String>) -> Result<()> {
 }
 
 pub fn on_manager_boot_completed(superkey: Option<String>) -> Result<()> {
+    let superkey = superkey.or_else(|| {
+        info!("Manager boot fallback invoked without explicit superkey, defaulting to trusted-manager key 'su'");
+        Some("su".to_string())
+    });
+
     info!("on_manager_boot_completed triggered!");
 
     if Path::new(defs::UTS_SPOOF_BOOT_PENDING).exists() {
diff --git a/app/src/main/java/me/bmax/apatch/receiver/BootCompletedReceiver.kt b/app/src/main/java/me/bmax/apatch/receiver/BootCompletedReceiver.kt
@@ -5,7 +5,8 @@ import android.content.Context
 import android.content.Intent
 import android.util.Log
 import kotlin.concurrent.thread
-import me.bmax.apatch.util.execApd
+import me.bmax.apatch.util.ApdExecResult
+import me.bmax.apatch.util.execApdBootFallback
 
 class BootCompletedReceiver : BroadcastReceiver() {
     override fun onReceive(context: Context, intent: Intent) {
@@ -26,10 +27,27 @@ class BootCompletedReceiver : BroadcastReceiver() {
                         TAG,
                         "Boot fallback attempt ${index + 1}/${retryDelaysMs.size}: triggering manager-boot-completed"
                     )
-                    if (execApd("manager-boot-completed", newShell = true)) {
-                        Log.i(TAG, "Boot fallback succeeded on attempt ${index + 1}")
+                    val result = try {
+                        execApdBootFallback("manager-boot-completed")
+                    } catch (t: Throwable) {
+                        Log.e(TAG, "Boot fallback attempt ${index + 1} crashed before completion", t)
+                        null
+                    }
+
+                    if (result != null && result.success) {
+                        Log.i(
+                            TAG,
+                            "Boot fallback succeeded on attempt ${index + 1}: ${formatResult(result)}"
+                        )
                         return@thread
                     }
+
+                    if (result != null) {
+                        Log.w(
+                            TAG,
+                            "Boot fallback attempt ${index + 1} failed: ${formatResult(result)}"
+                        )
+                    }
                 }
 
                 Log.e(TAG, "Boot fallback failed after all retry attempts")
@@ -46,5 +64,18 @@ class BootCompletedReceiver : BroadcastReceiver() {
 
     companion object {
         private const val TAG = "FPBootReceiver"
+
+        private fun formatResult(result: ApdExecResult): String {
+            val parts = mutableListOf("command=${result.commandLabel}")
+            result.exitCode?.let { parts += "exit=$it" }
+            result.errorMessage?.takeIf { it.isNotBlank() }?.let { parts += "error=$it" }
+            result.output
+                .takeIf { it.isNotBlank() }
+                ?.let { output ->
+                    val compact = output.replace('\n', ' ').take(400)
+                    parts += "output=$compact"
+                }
+            return parts.joinToString(", ")
+        }
     }
 }
diff --git a/app/src/main/java/me/bmax/apatch/util/APatchCli.kt b/app/src/main/java/me/bmax/apatch/util/APatchCli.kt
@@ -28,6 +28,7 @@ import java.io.IOException
 import java.security.MessageDigest
 import java.security.cert.CertificateFactory
 import java.security.cert.X509Certificate
+import java.util.concurrent.TimeUnit
 import java.util.zip.ZipFile
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Dispatchers
@@ -40,6 +41,14 @@ import kotlinx.coroutines.withTimeout
 private const val TAG = "APatchCli"
 private const val SHELL_TIMEOUT_MS = 10_000L
 
+data class ApdExecResult(
+    val success: Boolean,
+    val commandLabel: String,
+    val exitCode: Int? = null,
+    val output: String = "",
+    val errorMessage: String? = null,
+)
+
 private fun getKPatchPath(): String {
     return apApp.applicationInfo.nativeLibraryDir + File.separator + "libkpatch.so"
 }
@@ -191,12 +200,82 @@ fun rootShellForResult(vararg cmds: String): Shell.Result {
 }
 
 fun execApd(args: String, newShell: Boolean = false): Boolean {
-    return if (newShell) {
-        withNewRootShell {
-            ShellUtils.fastCmdResult(this, "${APApplication.APD_PATH} $args")
+    return try {
+        if (newShell) {
+            withNewRootShell {
+                ShellUtils.fastCmdResult(this, "${APApplication.APD_PATH} $args")
+            }
+        } else {
+            ShellUtils.fastCmdResult(getRootShell(), "${APApplication.APD_PATH} $args")
         }
-    } else {
-        ShellUtils.fastCmdResult(getRootShell(), "${APApplication.APD_PATH} $args")
+    } catch (t: Throwable) {
+        Log.e(TAG, "execApd failed: args='$args', newShell=$newShell", t)
+        false
+    }
+}
+
+private fun configureRootProcessEnv(builder: ProcessBuilder) {
+    val basePath = System.getenv("PATH").orEmpty()
+    builder.environment().apply {
+        this["PATH"] = "$basePath:/system_ext/bin:/vendor/bin:${APApplication.APATCH_FOLDER}bin"
+        this["BUSYBOX"] = "${APApplication.APATCH_FOLDER}bin/busybox"
+    }
+}
+
+fun execApdBootFallback(vararg args: String, timeoutMs: Long = SHELL_TIMEOUT_MS): ApdExecResult {
+    val effectiveSuperKey = APApplication.superKey.ifBlank { "su" }
+    val command = mutableListOf(
+        APApplication.SUPERCMD,
+        "su",
+        "-Z",
+        APApplication.MAGISK_SCONTEXT,
+        "exec",
+        APApplication.APD_PATH,
+        "-s",
+        effectiveSuperKey,
+    ).apply {
+        addAll(args)
+    }
+    val commandLabel =
+        "${File(APApplication.SUPERCMD).name} su -Z ${APApplication.MAGISK_SCONTEXT} exec ${APApplication.APD_PATH} -s <superkey> ${args.joinToString(" ")}"
+
+    return try {
+        val builder = ProcessBuilder(command).redirectErrorStream(true)
+        configureRootProcessEnv(builder)
+
+        val process = builder.start()
+        val finished = process.waitFor(timeoutMs, TimeUnit.MILLISECONDS)
+        if (!finished) {
+            process.destroy()
+            if (!process.waitFor(500, TimeUnit.MILLISECONDS)) {
+                process.destroyForcibly()
+            }
+            val output = runCatching {
+                process.inputStream.bufferedReader().use { it.readText().trim() }
+            }.getOrDefault("")
+            ApdExecResult(
+                success = false,
+                commandLabel = commandLabel,
+                output = output,
+                errorMessage = "timed out after ${timeoutMs}ms",
+            )
+        } else {
+            val exitCode = process.exitValue()
+            val output = process.inputStream.bufferedReader().use { it.readText().trim() }
+            ApdExecResult(
+                success = exitCode == 0,
+                commandLabel = commandLabel,
+                exitCode = exitCode,
+                output = output,
+                errorMessage = if (exitCode == 0) null else "exit code $exitCode",
+            )
+        }
+    } catch (t: Throwable) {
+        ApdExecResult(
+            success = false,
+            commandLabel = commandLabel,
+            errorMessage = t.message ?: t.javaClass.simpleName,
+        )
     }
 }
 
