topjohnwu · vvb2060 · May 13, 2025 · Feb 8, 2026 · Feb 9, 2026 · Feb 9, 2026
diff --git a/app/core/src/main/java/com/topjohnwu/magisk/core/su/SuCallbackHandler.kt b/app/core/src/main/java/com/topjohnwu/magisk/core/su/SuCallbackHandler.kt
@@ -53,10 +53,12 @@ object SuCallbackHandler {
     private fun handleLogging(context: Context, data: Bundle) {
         val fromUid = data.getIntComp("from.uid", -1)
         val notify = data.getBoolean("notify", true)
+        val needLog = data.getBoolean("log", true)
         val policy = data.getIntComp("policy", SuPolicy.ALLOW)
         val toUid = data.getIntComp("to.uid", -1)
         val pid = data.getIntComp("pid", -1)
         val command = data.getString("command", "")
+        val legacyCmd = data.getBoolean("legacy_cmd", false)
         val target = data.getIntComp("target", -1)
         val seContext = data.getString("context", "")
         val gids = data.getString("gids", "")
@@ -70,9 +72,9 @@ object SuCallbackHandler {
         }.getOrNull() ?: createSuLog(fromUid, toUid, pid, command, policy, target, seContext, gids)
 
         if (notify)
-            notify(context, log.action >= SuPolicy.ALLOW, log.appName)
-
-        runBlocking { ServiceLocator.logRepo.insert(log) }
+            notify(context, log.action >= SuPolicy.ALLOW, log.appName, legacyCmd)
+        if (needLog)
+            runBlocking { ServiceLocator.logRepo.insert(log) }
     }
 
     private fun handleNotify(context: Context, data: Bundle) {
@@ -86,17 +88,24 @@ object SuCallbackHandler {
             pm.getPackageInfo(uid, pid)?.applicationInfo?.getLabel(pm)
         }.getOrNull() ?: "[UID] $uid"
 
-        notify(context, policy >= SuPolicy.ALLOW, appName)
+        notify(context, policy >= SuPolicy.ALLOW, appName, false)
     }
 
-    private fun notify(context: Context, granted: Boolean, appName: String) {
+    private fun notify(
+        context: Context, granted: Boolean,
+        appName: String, legacyCmd: Boolean
+    ) {
         if (Config.suNotification == Config.Value.NOTIFICATION_TOAST) {
             val resId = if (granted)
                 R.string.su_allow_toast
             else
                 R.string.su_deny_toast
 
-            context.toast(context.getString(resId, appName), Toast.LENGTH_SHORT)
+            var str = context.getString(resId, appName)
+            if (legacyCmd) {
+                str += "\n${context.getString(R.string.su_legacy_cmd)}"
+            }
+            context.toast(str, Toast.LENGTH_SHORT)
         }
     }
 }
diff --git a/app/core/src/main/res/values-zh-rCN/strings.xml b/app/core/src/main/res/values-zh-rCN/strings.xml
@@ -64,6 +64,7 @@
     <string name="thirtymin">30 分钟</string>
     <string name="sixtymin">60 分钟</string>
     <string name="su_allow_toast">%1$s 已被授予超级用户权限</string>
+    <string name="su_legacy_cmd">警告：检测到不支持的命令行</string>
     <string name="su_deny_toast">%1$s 已被拒绝超级用户权限</string>
     <string name="su_snack_grant">已授予 %1$s 超级用户权限</string>
     <string name="su_snack_deny">已拒绝 %1$s 超级用户权限</string>

diff --git a/app/core/src/main/res/values/strings.xml b/app/core/src/main/res/values/strings.xml
@@ -63,6 +63,7 @@
     <string name="thirtymin">30 mins</string>
     <string name="sixtymin">60 mins</string>
     <string name="su_allow_toast">%1$s was granted Superuser rights</string>
+    <string name="su_legacy_cmd">Warning: Unsupported command line detected</string>
     <string name="su_deny_toast">%1$s was denied Superuser rights</string>
     <string name="su_snack_grant">Superuser rights of %1$s are granted</string>
     <string name="su_snack_deny">Superuser rights of %1$s are denied</string>

diff --git a/docs/tools.md b/docs/tools.md
@@ -281,25 +281,27 @@ Actions:
 An applet of `magisk`, the MagiskSU entry point. Good old `su` command.
 
 ```
-Usage: su [options] [-] [user [argument...]]
+Usage: su [options] [--] [user [argument...]]
 
 Options:
-  -c, --command COMMAND         Pass COMMAND to the invoked shell
+  -s, --shell SHELL             Use SHELL instead of the default /system/bin/sh
+  -i, --interactive             Force pseudo-terminal allocation when using -c
   -g, --group GROUP             Specify the primary group
-  -G, --supp-group GROUP        Specify a supplementary group.
+  -G, --supp-group GROUP        Specify a supplementary group
                                 The first specified supplementary group is also used
-                                as a primary group if the option -g is not specified.
+                                as a primary group if the option -g is not specified
   -Z, --context CONTEXT         Change SELinux context
   -t, --target PID              PID to take mount namespace from
-  -h, --help                    Display this help message and exit
-  -, -l, --login                Pretend the shell to be a login shell
+                                pid 0 means magisk global mount namespace
   -m, -p,
   --preserve-environment        Preserve the entire environment
-  -s, --shell SHELL             Use SHELL instead of the default /system/bin/sh
   -v, --version                 Display version number and exit
   -V                            Display version code and exit
-  -mm, -M,
-  --mount-master                Force run in the global mount namespace
+  -h, --help                    Display this help message and exit
+
+--: Force stop options parsing, and also stop when an unknown option is found
+User: The user to switch to (default root), it can be name or uid
+Argument: Pass it to the shell as is
 ```
 
 ### resetprop

diff --git a/native/src/core/lib.rs b/native/src/core/lib.rs
@@ -129,11 +129,9 @@ pub mod ffi {
     struct SuRequest {
         target_uid: i32,
         target_pid: i32,
-        login: bool,
         keep_env: bool,
         drop_cap: bool,
-        shell: String,
-        command: String,
+        command: Vec<String>,
         context: String,
         gids: Vec<u32>,
     }

diff --git a/native/src/core/su/connect.rs b/native/src/core/su/connect.rs
@@ -229,30 +229,16 @@ impl SuAppContext<'_> {
         };
     }
 
-    fn app_notify(&self) {
-        let extras = [
-            Extra {
-                key: "from.uid",
-                value: Int(self.cred.uid.as_()),
-            },
-            Extra {
-                key: "pid",
-                value: Int(self.cred.pid.unwrap_or(-1).as_()),
-            },
-            Extra {
-                key: "policy",
-                value: Int(self.settings.policy.repr),
-            },
-        ];
-        self.exec_cmd("notify", &extras, true);
-    }
-
     fn app_log(&self) {
-        let command = if self.request.command.is_empty() {
-            &self.request.shell
-        } else {
-            &self.request.command
-        };
+        let mut command = self.request.command.join(" ");
+        let mut legacy_cmd = false;
+        if self.request.command.len() >= 4
+            && self.request.command[1] == "-c"
+            && !self.request.command[2].contains(b" ")
+        {
+            command = format!("(Syntax Error) {}", command);
+            legacy_cmd = true;
+        }
         let extras = [
             Extra {
                 key: "from.uid",
@@ -284,12 +270,20 @@ impl SuAppContext<'_> {
             },
             Extra {
                 key: "command",
-                value: Str(command),
+                value: Str(&command),
+            },
+            Extra {
+                key: "legacy_cmd",
+                value: Bool(legacy_cmd),
             },
             Extra {
                 key: "notify",
                 value: Bool(self.settings.notify),
             },
+            Extra {
+                key: "log",
+                value: Bool(self.settings.log),
+            },
         ];
         self.exec_cmd("log", &extras, true);
     }
@@ -309,11 +303,7 @@ impl SuAppContext<'_> {
         }
 
         // Notify su usage to application
-        if self.settings.log {
-            self.app_log();
-        } else if self.settings.notify {
-            self.app_notify();
-        }
+        self.app_log();
 
         exit(0);
     }

diff --git a/native/src/core/su/daemon.rs b/native/src/core/su/daemon.rs
@@ -14,18 +14,14 @@ use std::time::{Duration, Instant};
 use std::os::fd::AsRawFd;
 use std::sync::nonpoison::Mutex;
 
-const DEFAULT_SHELL: &str = "/system/bin/sh";
-
 impl Default for SuRequest {
     fn default() -> Self {
         SuRequest {
             target_uid: AID_ROOT,
             target_pid: -1,
-            login: false,
             keep_env: false,
             drop_cap: false,
-            shell: DEFAULT_SHELL.to_string(),
-            command: "".to_string(),
+            command: vec![],
             context: "".to_string(),
             gids: vec![],
         }