### Start UID Listener Daemon - `apd uid-listener`

Source: https://context7.com/bmax121/apatch/llms.txt

Command to start the UID listener daemon, which monitors package changes and synchronizes kernel root grants. The internal process involves watching for file renames, revoking/re-granting root based on configuration, and handling app hiding.

```sh
# Start the UID listener daemon (normally called automatically at boot)
apd uid-listener

# What it does internally:
# 1. Watch /data/system/ for packages.list.tmp rename events via inotify
# 2. On event: debounce 1 second, then:
#    a. Read all currently granted UIDs from kernel via supercall SU_LIST
#    b. Revoke root from all non-critical UIDs (skip uid=0 and uid=2000)
#    c. Re-read /data/adb/ap/package_config (APatch's app allow-list)
#    d. Re-grant root to all allowed UIDs with their configured profiles
#    e. Re-apply UID exclusions (app hiding)
# 3. On SIGTERM/SIGINT: do one final refresh then exit
```

--------------------------------

### APatch Shell Scripting Examples

Source: https://context7.com/bmax121/apatch/llms.txt

Shell script snippets for APatch module development, including environment variable access, file permissions, and module installation logic.

```shell
echo "Running on APatch: $APATCH"           # true
echo "APatch version: $APATCH_VER"          # e.g. 10672
echo "APatch version code: $APATCH_VER_CODE"
echo "Kernel version: $KERNEL_VERSION"      # hex, e.g. 50a01 = 5.10.1
echo "KernelPatch version: $KERNELPATCH_VERSION"
echo "Module install path: $MODPATH"
echo "CPU arch: $ARCH"                      # arm64
echo "Android API level: $API"              # e.g. 34
```

```shell
ui_print "Installing my module..."
set_perm "$MODPATH/system/bin/mytool" root root 0755 "u:object_r:system_file:s0"
set_perm_recursive "$MODPATH/system/etc" root root 0755 0644
```

```shell
[ "$API" -lt 31 ] && abort "! Requires Android 12 (API 31) or newer"
```

```shell
REMOVE="
/system/app/Bloatware
/system/priv-app/UnwantedApp
"

REPLACE="
/system/etc/permissions/some_feature.xml
"
```

--------------------------------

### APatch Command-Line Lua Execution

Source: https://context7.com/bmax121/apatch/llms.txt

Command-line examples for interacting with APatch Lua modules, including running specific functions and accessing other modules.

```shell
# Run a specific Lua function from the command line
apd module lua my_module action

# The Lua runtime also has access to other loaded modules via the global table:
# modules["other_module_id"].some_function()
```

--------------------------------

### Get Android System Property

Source: https://context7.com/bmax121/apatch/llms.txt

Reads the value of a specified Android system property.

```sh
apd resetprop ro.build.version.release
```

--------------------------------

### APatch Version Utilities (Kotlin)

Source: https://context7.com/bmax121/apatch/llms.txt

Kotlin code for querying APatch component versions, including the manager app, apd daemon, and KernelPatch. Provides functions to get version names, codes, and build times.

```kotlin
import me.bmax.apatch.util.Version

// Get Android manager app version
val (versionName, versionCode) = Version.getManagerVersion()
println("Manager: $versionName ($versionCode)")
// Manager: a1b2c3d (10872)

// Get the KernelPatch version embedded in the RUNNING kernel (as UInt hex)
val kpVersionUInt: UInt = Version.installedKPVUInt()   // e.g. 0x000D01u
val kpVersionStr: String = Version.installedKPVString() // "0.13.1"

// Get the KernelPatch version bundled WITH this build of the manager
val buildKPV: String = Version.buildKPVString()   // "0.13.1"
val buildKPVUInt: UInt = Version.buildKPVUInt()

// Get the installed apd daemon version code
val apdVersion: Int = Version.installedApdVUInt()  // e.g. 10872

// Get KernelPatch image compile time from the currently installed kpimg
val compileTime: String = Version.getKpImg()
// "Mon Jan  6 12:34:56 UTC 2025"  or "unknown" on failure

// Get build time of the currently RUNNING KernelPatch in kernel
val buildTime: String = Version.installedKPTime()
// "Mon Jan  6 12:34:56 UTC 2025"  or "读取失败" on failure

// Convert hex version uint to dotted string
val str = Version.uInt2String(0x000D01u)  // "0.13.1"
```

--------------------------------

### Get Module Config Value

Source: https://context7.com/bmax121/apatch/llms.txt

Retrieves a configuration value for the current module. Temporary values take precedence over persistent ones if both exist.

```sh
apd module config get server.url
```

--------------------------------

### Get Module Config for Internal Module

Source: https://context7.com/bmax121/apatch/llms.txt

Retrieves a configuration value for a specific internal module by using the `--internal` flag followed by the module name.

```sh
apd module config --internal zygisk get server.url
```

--------------------------------

### APatch Supercall Syscall Constants and Structures

Source: https://context7.com/bmax121/apatch/llms.txt

Defines internal syscall constants and the SuProfile structure used for managing root privileges via the Supercall interface. Usage examples are provided for Kotlin JNI calls.

```rust
// Internal syscall constants (from apd/src/supercall.rs)
const __NR_SUPERCALL: c_long = 45;
const SUPERCALL_SU: c_long = 0x1010;           // escalate process to root
const SUPERCALL_SU_GRANT_UID: c_long = 0x1100; // grant root to a UID
const SUPERCALL_SU_REVOKE_UID: c_long = 0x1101;// revoke root from a UID
const SUPERCALL_SU_LIST: c_long = 0x1103;      // list all rooted UIDs
const SUPERCALL_SU_GET_SAFEMODE: c_long = 0x1112; // query safe mode

// SuProfile grants root with a specific SELinux context
#[repr(C)]
struct SuProfile {
    uid: i32,       // source UID (who is being granted)
    to_uid: i32,    // target UID (0 = root)
    scontext: [u8; 0x60], // SELinux context string, e.g. "u:r:magisk:s0"
}
```

```kotlin
// Usage from Kotlin via JNI (Natives.kt):
// Grant root to a specific app UID
Natives.grantSu(uid = 10123, toUid = 0, scontext = "u:r:magisk:s0")
// Returns 0 on success

// Revoke root from a UID
Natives.revokeSu(uid = 10123)

// Check if APatch kernel is ready (superkey valid)
val ready: Boolean = Natives.nativeReady(APApplication.superKey)

// Get/set the su binary path in the kernel
val currentPath: String = Natives.suPath()
Natives.resetSuPath("/system/bin/su")

// Exclude a UID from root (e.g. for app hiding)
Natives.setUidExclude(uid = 10456, exclude = 1)
val excluded: Int = Natives.isUidExcluded(uid = 10456) // 1 = excluded

// Get the full SuProfile for a rooted UID
val profile: Natives.Profile = Natives.suProfile(uid = 10123)
// profile.uid, profile.toUid, profile.scontext
```

--------------------------------

### KernelPatch Module (KPM) Management — JNI Natives

Source: https://context7.com/bmax121/apatch/llms.txt

Manage KernelPatch Modules (KPMs) loaded directly into the kernel using JNI calls from the Android manager app. Operations include loading, unloading, getting counts, listing names, retrieving info, and sending control messages.

```APIDOC
## KernelPatch Module (KPM) Management — JNI Natives

KPMs are kernel-level modules loaded directly into the running kernel. They run in ring-0 and can hook arbitrary kernel functions. Managed via JNI from the Android manager app.

### Load a KPM from a file path
```kotlin
val rc: Long = Natives.loadKernelPatchModule(
    modulePath = "/data/local/tmp/my_kpm.ko",
    args = "param1=value1 param2=value2"
)
```
`rc == 0` means success; negative values are error codes.

### Unload a KPM by its registered name
```kotlin
val rc: Long = Natives.unloadKernelPatchModule(moduleName = "my_kpm")
```

### Get count of loaded KPMs
```kotlin
val count: Long = Natives.kernelPatchModuleNum()
```

### List all loaded KPMs
```kotlin
val list: String = Natives.kernelPatchModuleList()
// "my_kpm\nanother_kpm\n"
```

### Get detailed info for a specific KPM
```kotlin
val info: String = Natives.kernelPatchModuleInfo(moduleName = "my_kpm")
// [my_kpm]
// version=1.0.0
// license=GPL
// author=dev
```

### Send a control message to a KPM
```kotlin
val result: Natives.KPMCtlRes = Natives.kernelPatchModuleControl(
    moduleName = "my_kpm",
    controlArg = "enable"
)
println("rc=${result.rc}, msg=${result.outMsg}")
```
```

--------------------------------

### List All Module Config Entries

Source: https://context7.com/bmax121/apatch/llms.txt

Lists all configuration entries (both persistent and temporary) for the current module. Each entry is displayed as key=value.

```sh
apd module config list
```

--------------------------------

### Apply Magisk Base SELinux Rules Live

Source: https://context7.com/bmax121/apatch/llms.txt

Loads and applies Magisk base SELinux rules live. This is typically done automatically during boot.

```sh
apd sepolicy --live --magisk
```

--------------------------------

### Apply SELinux Policy Rule File

Source: https://context7.com/bmax121/apatch/llms.txt

Applies SELinux rules from a specified file to the live policy.

```sh
apd sepolicy --apply /data/adb/modules/my_module/sepolicy.rule
```

--------------------------------

### Load Android Properties from File

Source: https://context7.com/bmax121/apatch/llms.txt

Loads and sets Android system properties from a specified file, similar to how `system.prop` works. Use the `-f` flag.

```sh
apd resetprop -f /data/adb/modules/my_module/system.prop
```

--------------------------------

### Apply SELinux Rules Inline

Source: https://context7.com/bmax121/apatch/llms.txt

Applies SELinux rules directly as inline, newline-separated statements using the `--live` flag.

```sh
apd sepolicy --live "allow untrusted_app system_file:file read"
```

--------------------------------

### APM Module Structure and `module.prop`

Source: https://context7.com/bmax121/apatch/llms.txt

Defines the standard directory layout and mandatory `module.prop` file for APatch modules. Includes common script names and flag files.

```plaintext
# module.prop format
id=my_awesome_module        # must match ^[a-zA-Z][a-zA-Z0-9._-]+$
name=My Awesome Module
version=v1.2.3
versionCode=123             # integer, used for update comparison
author=YourName
description=Does something useful

# Full module directory layout
/data/adb/modules/my_awesome_module/
├── module.prop             # required
├── system/                 # overlaid onto /system via overlayfs
│   └── etc/
│       └── custom.conf
├── system.prop             # key=value pairs applied via resetprop
├── sepolicy.rule           # SELinux policy statements (one per line)
├── post-fs-data.sh         # runs blocking at post-fs-data (before Zygote)
├── post-mount.sh           # runs at post-mount
├── service.sh              # runs non-blocking at late_start service
├── boot-completed.sh       # runs non-blocking after ACTION_BOOT_COMPLETED
├── action.sh               # runs when user taps "Action" in manager UI
├── uninstall.sh            # runs when module is removed
├── webroot/                # WebUI static files (served to module WebUI)
├── disable                 # flag file: module is disabled
└── remove                  # flag file: module will be removed on next boot
```

```sh
# customize.sh — available variables and functions during install

```

--------------------------------

### List All Android System Properties

Source: https://context7.com/bmax121/apatch/llms.txt

Lists all currently set Android system properties. The output format shows properties enclosed in brackets.

```sh
apd resetprop
```

--------------------------------

### APatch Lua Module Scripting

Source: https://context7.com/bmax121/apatch/llms.txt

Lua script for APatch modules, demonstrating lifecycle hooks like post-fs-data, service, and boot_completed. Uses APatch-specific globals and functions.

```lua
-- File: /data/adb/modules/my_module/my_module.lua
-- The module table must be returned from the script.

local M = {}

-- Called at post-fs-data stage (before Zygote)
function M.post_fs_data(superkey)
    info("post_fs_data called for my_module")

    -- Persist a config value across reboots
    setConfig("last_boot_time", os.time())

    -- Read it back
    local saved = getConfig("last_boot_time")
    info("Last boot time was: " .. tostring(saved))
end

-- Called at service stage (non-blocking, after boot)
function M.service(superkey)
    warn("service stage reached")

    -- Install another module programmatically
    local ok, err = pcall(install_module, "/sdcard/extra_module.zip")
    if not ok then
        warn("Failed to install extra_module: " .. tostring(err))
    end
end

-- Called at boot-completed stage
function M.boot_completed(superkey)
    info("Android boot completed!")
end

-- Called when user taps Action in manager UI
function M.action()
    info("Action triggered by user")
end

return M
```

--------------------------------

### APatch Boot Event Hooks - `event.rs`

Source: https://context7.com/bmax121/apatch/llms.txt

Internal flow for `on_post_data_fs` and `on_boot_completed` hooks, detailing the sequence of operations for module management, SELinux policy application, and script execution. The `report_kernel` function is used to report events back to the kernel.

```rust
// Internal flow (called by `apd post-fs-data --superkey <KEY>`):
//
// on_post_data_fs:
//   1. Apply Magisk base SELinux rules live
//   2. Re-privilege apd process (su to uid=0, context=u:r:magisk:s0)
//   3. Clear all temporary module configs
//   4. If safe mode → disable all modules and return early
//   5. Execute scripts in /data/adb/post-fs-data.d/
//   6. Apply pending module updates (move modules_update/ → modules/)
//   7. Prune modules marked for removal (run uninstall.sh first)
//   8. Restore SELinux contexts (restorecon)
//   9. Load per-module sepolicy.rule files
//  10. Execute metamodule mount script (if any)
//  11. Execute per-module post-fs-data.sh scripts (blocking)
//  12. Execute per-module Lua post_fs_data hooks
//  13. Apply per-module system.prop via resetprop -n
//  14. Run post-mount stage scripts
//
// on_services (called by `apd services`):
//   1. Execute scripts in /data/adb/service.d/
//   2. Execute per-module service.sh (non-blocking)
//   3. Execute per-module Lua service hooks
//
// on_boot_completed (called by `apd boot-completed`):
//   1. Execute scripts in /data/adb/boot-completed.d/
//   2. Execute per-module boot-completed.sh (non-blocking)
//   3. Spawn uid-listener daemon

// Report an event back to kernel (via kpatch truncate syscall trick)
pub fn report_kernel(superkey: Option<String>, event: &str, state: &str) -> Result<()>;
// e.g. report_kernel(Some(key), "post-fs-data", "after")
```

--------------------------------

### Set Module Config from Stdin

Source: https://context7.com/bmax121/apatch/llms.txt

Reads configuration values from standard input, suitable for multi-line or binary data. The data is stored under the specified key.

```sh
echo "line1\nline2" | apd module config set --stdin multiline.data
```

--------------------------------

### Link Libraries and Linker Options

Source: https://github.com/bmax121/apatch/blob/main/app/src/main/cpp/CMakeLists.txt

Links the 'log' library to the project and applies specific linker options for optimization, symbol stripping, and undefined symbol handling.

```cmake
target_link_libraries(${PROJECT_NAME} PRIVATE log)
target_compile_options(${PROJECT_NAME} PRIVATE -flto)
target_link_options(${PROJECT_NAME} PRIVATE "-Wl,--build-id=none" "-Wl,-icf=all,--lto-O3" "-Wl,-s,-x,--gc-sections" "-Wl,--no-undefined")
```

--------------------------------

### Set Android System Property Immediately

Source: https://context7.com/bmax121/apatch/llms.txt

Sets an Android system property, bypassing the property_service for immediate effect. Use the `-n` or `--skip-svc` flag.

```sh
apd resetprop -n ro.debuggable 1
```

--------------------------------

### Add Shared Library and Post-Build Strip Command

Source: https://github.com/bmax121/apatch/blob/main/app/src/main/cpp/CMakeLists.txt

Defines a shared library named 'apjni' from 'apjni.cpp' and adds a post-build command to strip all symbols and specific sections from the resulting executable.

```cmake
add_library(${PROJECT_NAME} SHARED apjni.cpp)
add_custom_command(TARGET ${PROJECT_NAME} POST_BUILD
        COMMAND ${CMAKE_STRIP} --strip-all --remove-section=.note.gnu.build-id --remove-section=.note.android.ident $<TARGET_FILE:${PROJECT_NAME}>)
```

--------------------------------

### Check SELinux Policy Syntax

Source: https://context7.com/bmax121/apatch/llms.txt

Checks the syntax of a given SELinux policy statement without applying it.

```sh
apd sepolicy --check "allow domain file_type:file { read open }"
```

--------------------------------

### Set Temporary Module Config

Source: https://context7.com/bmax121/apatch/llms.txt

Sets a temporary key-value pair that is cleared on the next boot. Useful for session-specific data.

```sh
apd module config set --temp session.token "abc123"
```

--------------------------------

### Set Persistent Module Config

Source: https://context7.com/bmax121/apatch/llms.txt

Sets a persistent key-value pair for the current module. Keys must follow a specific format.

```sh
apd module config set server.url "https://example.com/api"
```

--------------------------------

### KernelPatch Module (KPM) Management via JNI

Source: https://context7.com/bmax121/apatch/llms.txt

Functions for loading, unloading, and querying KernelPatch Modules (KPMs) from the Android manager app. These KPMs run in kernel space and can hook kernel functions.

```kotlin
import me.bmax.apatch.Natives

// Load a KPM from a file path with optional arguments
val rc: Long = Natives.loadKernelPatchModule(
    modulePath = "/data/local/tmp/my_kpm.ko",
    args = "param1=value1 param2=value2"
)
// rc == 0 means success; negative values are error codes

// Unload a KPM by its registered name
val rc: Long = Natives.unloadKernelPatchModule(moduleName = "my_kpm")

// Get count of loaded KPMs
val count: Long = Natives.kernelPatchModuleNum()

// List all loaded KPMs (newline-separated names)
val list: String = Natives.kernelPatchModuleList()
// "my_kpm\nanother_kpm\n"

// Get detailed info for a specific KPM (INI format)
val info: String = Natives.kernelPatchModuleInfo(moduleName = "my_kpm")
// [my_kpm]
// version=1.0.0
// license=GPL
// author=dev

// Send a control message to a KPM
val result: Natives.KPMCtlRes = Natives.kernelPatchModuleControl(
    moduleName = "my_kpm",
    controlArg = "enable"
)
println("rc=${result.rc}, msg=${result.outMsg}")
```

--------------------------------

### Set C++ Standard and Compiler Flags

Source: https://github.com/bmax121/apatch/blob/main/app/src/main/cpp/CMakeLists.txt

Configures the C++ standard to 23 and sets various compiler flags including Polly optimization flags, visibility, optimization levels, and link-time optimization.

```cmake
set(CHERISH_POLLY_FLAGS "-mllvm -polly -mllvm -polly-run-dce -mllvm -polly-run-inliner -mllvm -polly-reschedule=1 -mllvm -polly-loopfusion-greedy=1 -mllvm -polly-postopts=1 -mllvm -polly-num-threads=0 -mllvm -polly-omp-backend=LLVM -mllvm -polly-scheduling=dynamic -mllvm -polly-scheduling-chunksize=1 -mllvm -polly-isl-arg=--no-schedule-serialize-sccs -mllvm -polly-ast-use-context -mllvm -polly-detect-keep-going -mllvm -polly-position=before-vectorizer -mllvm -polly-vectorizer=stripmine -mllvm -polly-detect-profitability-min-per-loop-insts=40 -mllvm -polly-invariant-load-hoisting")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${CHERISH_POLLY_FLAGS} -ffunction-sections -fdata-sections -fvisibility=hidden -fvisibility-inlines-hidden -O3 -flto -Wno-vla-cxx-extension")
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${CHERISH_POLLY_FLAGS} -ffunction-sections -fdata-sections -fvisibility=hidden -fvisibility-inlines-hidden -fno-rtti -fno-exceptions -O3 -flto -Wno-vla-cxx-extension")
set(CMAKE_CXX_STANDARD 23)
```

--------------------------------

### Supercall — Kernel Syscall Interface

Source: https://context7.com/bmax121/apatch/llms.txt

The Supercall interface allows direct communication with the KernelPatch-patched kernel via a specific syscall number. It requires a SuperKey and uses command words to specify operations like granting or revoking root privileges, listing rooted UIDs, and managing safe mode.

```APIDOC
## Supercall — Kernel Syscall Interface

The core privilege escalation mechanism. `apd` communicates with the KernelPatch-patched kernel via syscall number `45` (`__NR_SUPERCALL`). All calls require the SuperKey as the first argument encoded as a C string. The command word encodes the protocol version and operation ID.

### Grant root to a specific app UID
```kotlin
Natives.grantSu(uid = 10123, toUid = 0, scontext = "u:r:magisk:s0")
```
Returns 0 on success.

### Revoke root from a UID
```kotlin
Natives.revokeSu(uid = 10123)
```

### Check if APatch kernel is ready
```kotlin
val ready: Boolean = Natives.nativeReady(APApplication.superKey)
```

### Get/set the su binary path in the kernel
```kotlin
val currentPath: String = Natives.suPath()
Natives.resetSuPath("/system/bin/su")
```

### Exclude a UID from root
```kotlin
Natives.setUidExclude(uid = 10456, exclude = 1)
val excluded: Int = Natives.isUidExcluded(uid = 10456) // 1 = excluded
```

### Get the full SuProfile for a rooted UID
```kotlin
val profile: Natives.Profile = Natives.suProfile(uid = 10123)
// profile.uid, profile.toUid, profile.scontext
```
```

--------------------------------

### Clear Module Config Entries

Source: https://context7.com/bmax121/apatch/llms.txt

Clears all configuration entries of a specified type. Use without flags to clear persistent entries, or with `--temp` to clear temporary entries.

```sh
apd module config clear
```

```sh
apd module config clear --temp
```

--------------------------------

### Set Persistent Android System Property

Source: https://context7.com/bmax121/apatch/llms.txt

Sets a persistent Android system property using the `-p` flag. These properties survive reboots.

```sh
apd resetprop -p persist.sys.usb.config mtp,adb
```

--------------------------------

### Wait for Android Property Change

Source: https://context7.com/bmax121/apatch/llms.txt

Waits for a specific Android system property to change to a desired value, with an optional timeout. Returns exit code 0 on match, 2 on timeout.

```sh
apd resetprop --wait --timeout 10 sys.boot_completed 1
```

--------------------------------

### Delete Module Config Entry

Source: https://context7.com/bmax121/apatch/llms.txt

Removes a specific configuration entry for the current module.

```sh
apd module config delete server.url
```

--------------------------------

### Delete Android System Property

Source: https://context7.com/bmax121/apatch/llms.txt

Deletes a specified Android system property using the `-d` flag.

```sh
apd resetprop -d ro.some.property
```

--------------------------------

### Compact Android Property Area

Source: https://context7.com/bmax121/apatch/llms.txt

Reclaims space in the Android property area by compacting it, removing fragmentation caused by deleted properties.

```sh
apd resetprop --compact
```

=== COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.