KernelSU Modules
GitHub
Modules / hybrid_mount

Hybrid Mount

META

Next Generation Mounting Metamodule with OverlayFS,Magic Mount and Kasumi.

README

Hybrid Mount

Language Platform License Version

Hybrid Mount is a mount orchestration metamodule for KernelSU and APatch. It merges module files into Android partitions through a unified policy engine backed by three mount backends:

  • OverlayFS — layered mounts for broad compatibility.
  • Magic Mount — bind-mount for direct path replacement or fallback.
  • Kasumi — LKM-backed routing with runtime hide, spoof, and stealth features.

A built-in SolidJS WebUI provides graphical management, live state monitoring, and configuration editing.

Releases are published in three flavors — see Build Flavors for a detailed comparison. Unless noted otherwise, the rest of this README describes the full build.

English   简体中文   繁體中文   日本語   Español   Italiano   Русский   Українська   Tiếng Việt

Table of Contents

Build Flavors

Hybrid Mount is released in three flavors, each targeting a different use case:

Flavor Binary WebUI Daemon / CLI Kasumi LKM Use case
Full Yes Yes Yes Yes Users who need Kasumi-backed routing or hide/spoof capabilities.
Lite Yes Yes Yes No Users who want the WebUI and full policy engine but don’t need LKM-backed stealth features.
Nano Yes No No No Minimalists who just want mount orchestration via config file — no runtime daemon, no WebUI, no CLI.

Full

The full flavor includes all supported mount backends (OverlayFS, Magic Mount, Kasumi), the SolidJS WebUI, the Unix-socket daemon with HTTP/SSE, the CLI, and the Kasumi LKM assets. Use Full when Kasumi-backed routing or auxiliary hide/spoof features are required. Built with Cargo features kasumi (which implies control-plane).

Lite

The lite flavor strips the Kasumi LKM and all Kasumi-related features (hide, spoof, stealth, kstat rules, uname spoofing, etc.) but keeps the WebUI, daemon, CLI, and both OverlayFS and Magic Mount backends. Choose Lite if:

  • Your kernel doesn’t support loading external LKMs.
  • You don’t need runtime hide/spoof capabilities.
  • You want a smaller download while keeping the WebUI and daemon management interface.

Lite builds use the feature set control-plane only (--no-default-features --features control-plane). The WebUI’s Kasumi panel is hidden automatically.

Nano

The nano flavor is a config-only build (--no-default-features — no Cargo features enabled). It strips the WebUI, daemon, CLI, and all control-plane infrastructure. What remains is a minimal binary that reads config.toml, generates a mount plan, and executes it — then exits. Key characteristics:

  • No runtime daemon — no background process, no socket, no WebUI, no CLI subcommands.
  • No WebUI — the webroot/, launcher.png, and service.sh assets are removed from the package.
  • Mount-only operation — the binary runs during boot, mounts everything according to the config, and terminates.
  • Default mode is magic — Nano ships with default_mode = "magic" pre-set in its config, preferring bind mounts when no daemon is available to manage ext4 images.
  • Module mode markers — install-time volume-key selection writes an empty overlay or magic marker in each managed module root, and Nano reads that instead of a whitelist. Marker filenames are matched case-insensitively.
  • No resident Hybrid Mount process — after boot-time mounting completes, the Nano binary exits.

Choose Nano if you want predictable, daemon-free mount orchestration with a smaller runtime surface.

Feature matrix

Feature Full Lite Nano
OverlayFS backend Yes Yes Marker-based
Magic Mount backend Yes Yes Yes (default)
Kasumi backend Yes No No
WebUI Yes Yes No
CLI (hybrid-mount subcommands) Yes Yes No
Daemon (Unix + TCP/SSE) Yes Yes No
Config caching & runtime apply Yes Yes No
Kasumi hide/spoof/stealth Yes No No
LKM autoload Yes No No
Cargo features kasumi (implies control-plane) control-plane only none
ZIP size (approx.) ~4 MB ~2 MB ~1 MB

Features

  • Three backends, one policy engine — assign paths to OverlayFS, Magic Mount, or Kasumi with per-path granularity.
  • Deterministic planning — conflicts are detected at plan time, not discovered randomly at boot.
  • Built-in WebUI — manage modules, edit configuration, monitor runtime state, and control Kasumi features in full builds.
  • Kasumi runtime integration — LKM autoload, mirror routing, mount hiding, maps/statfs spoofing, UID hiding, uname spoofing, and kstat rules.
  • Config caching — runtime config cache with incremental patching and immediate apply support.
  • Recovery-friendly — stale runtime files are cleaned automatically; misconfigurations can be reset via api config-reset.
  • Automation-friendly — JSON-over-Unix-socket daemon protocol + HTTP API for scripting or external controllers.

Quick Start

Installation

  1. Install KernelSU or APatch on your device.
  2. Download the latest Hybrid Mount full, lite, or nano release ZIP from GitHub Releases.
  3. Flash the ZIP through your root manager’s module installer.
  4. Reboot. Hybrid Mount will auto-detect your environment and apply the default overlay policy.

Post-install

# Check runtime status
hybrid-mount daemon status

# List detected modules
hybrid-mount api modules-list

To access the WebUI (Full/Lite flavors), open your root manager app (KernelSU or APatch), find Hybrid Mount in the modules list, and tap it — the manager will launch the WebUI in an embedded WebView.

Changing mount mode for a module

# /data/adb/hybrid-mount/config.toml
[rules.my_module]
default_mode = "magic"

[rules.my_module.paths]
"system/bin/problematic_binary" = "ignore"

Mount Modes

Mode Backend Best for
overlay OverlayFS Modules that add or replace files without conflicts. Default mode.
magic Bind mount Modules that need direct per-file replacement.
kasumi Kasumi LKM Modules requiring explicit mirror routing or runtime hide/spoof features.
ignore Excluding specific paths from any mount processing.

OverlayFS storage modes

The OverlayFS backend supports two storage strategies for the upper/work layers:

  • ext4 (default) — creates an ext4 disk image. Persists across reboots, supports xattr.
  • tmpfs — uses a tmpfs mount. Volatile, lighter weight, but lost on reboot.
overlay_mode = "ext4"

WebUI

Hybrid Mount includes a SolidJS-based WebUI served by the daemon over a local TCP socket (HTTP/SSE). CLI and automation clients communicate over a Unix socket. The daemon prints the WebUI access URL to logcat on startup.

The WebUI is designed to be opened directly from your root manager app (KernelSU or APatch manager) — tap the module entry and the manager will launch the WebUI in an embedded WebView. No external browser is required on-device.

Capabilities

  • Status dashboard — live mount statistics, active partitions, storage mode, daemon health.
  • Module management — list all detected modules with their effective mount modes; apply mode changes interactively.
  • Configuration editor — full config.toml editing with validation, including per-module path rules.
  • Kasumi control panel — LKM status, rule listing, feature toggles, uname configuration, maps/kstat rules (Full flavor only).

Language Support

The WebUI currently ships with these locales:

  • English (en-US, default)
  • Español (es-ES)
  • Italiano (it-IT)
  • 日本語 (ja-JP)
  • Русский (ru-RU)
  • Українська (uk-UA)
  • Tiếng Việt (vi-VN)
  • 简体中文 (zh-CN)
  • 繁體中文 (zh-TW)

README documentation is available in English, Simplified Chinese, Traditional Chinese, Japanese, Spanish, Italian, Russian, Ukrainian, and Vietnamese.

Access

The WebUI runs on http://127.0.0.1:<random-port> with a cryptographic access token. The daemon manages the lifecycle — no separate web server needed. On-device, open through your root manager’s WebView; remotely, forward the port via ADB.

Configuration

Default path: /data/adb/hybrid-mount/config.toml.

Top-level fields

Key Type Default Description
moduledir string /data/adb/modules Module source directory.
mountsource string auto-detect Runtime source tag (KSU, APatch).
overlay_mode ext4 | tmpfs ext4 Overlay upper/work storage mode.
disable_umount bool false Skip umount operations (debug only).
default_mode overlay | magic | kasumi overlay Global default mount policy.
daemon_startup_mode on-demand | persistent on-demand Daemon startup behavior.
rules map {} Per-module and per-path mount policies.

Example

moduledir = "/data/adb/modules"
overlay_mode = "ext4"
default_mode = "overlay"
daemon_startup_mode = "on-demand"

[rules.viper4android]
default_mode = "magic"

[rules.viper4android.paths]
"system/etc/audio_policy.conf" = "overlay"

[rules.sensitive_module]
default_mode = "kasumi"

[rules.sensitive_module.paths]
"system/bin/helper" = "kasumi"
"system/etc/placeholder" = "ignore"

Kasumi

Kasumi is the LKM-backed backend. Beyond mount routing, it provides a suite of runtime hide and spoof capabilities.

Activation

Setting kasumi.enabled = true makes the backend available. The Kasumi runtime is actually enabled when at least one of these conditions is met:

  • The mount plan contains a Kasumi-managed module or path.
  • An auxiliary feature is configured (hidexattr, mount hide, maps spoof, statfs spoof, UID hiding, uname spoof, cmdline replacement, kstat rules, or user hide rules).

Key config fields

Field Purpose
kasumi.enabled Master switch for Kasumi integration.
kasumi.lkm_autoload Auto-load the Kasumi LKM during startup.
kasumi.lkm_dir LKM search directory.
kasumi.lkm_kmi_override Optional KMI version override for LKM selection.
kasumi.mirror_path Mirror root used by Kasumi rules (default /dev/kasumi_mirror).
kasumi.enable_kernel_debug Toggle kernel-side debug logging.
kasumi.enable_stealth Explicit stealth mode.
kasumi.enable_hidexattr Compatibility umbrella — enables stealth, mount hide, maps spoof, and statfs spoof together.
kasumi.enable_mount_hide Hide mounts globally or by path pattern.
kasumi.mount_hide.path_pattern Path pattern for mount hiding.
kasumi.enable_maps_spoof Enable /proc/<pid>/maps spoofing.
kasumi.maps_rules Per-inode/device maps rewrite rules.
kasumi.enable_statfs_spoof Enable statfs spoofing.
kasumi.statfs_spoof.path / .spoof_f_type Path-scoped statfs spoof configuration.
kasumi.hide_uids UIDs to hide from Kasumi-aware queries.
kasumi.uname_mode Uname spoof mode: scoped (per-process) or global.
kasumi.uname.* Structured uname spoof (sysname, nodename, release, version, machine, domainname).
kasumi.cmdline_value Replacement /proc/cmdline content.
kasumi.kstat_rules Per-target stat metadata spoof rules.

Commands

# Status and diagnostics
hybrid-mount kasumi status
hybrid-mount kasumi version
hybrid-mount kasumi features
hybrid-mount kasumi hooks
hybrid-mount kasumi list          # list active rules
hybrid-mount lkm status

# Runtime control
hybrid-mount kasumi apply-config-runtime
hybrid-mount kasumi clear
hybrid-mount kasumi release-connection
hybrid-mount kasumi invalidate-cache
hybrid-mount kasumi fix-mounts

# Uname spoofing (scoped or global)
hybrid-mount kasumi set-uname --mode scoped <release> <version>
hybrid-mount kasumi clear-uname --mode scoped
hybrid-mount kasumi restore-uname-global

# Rule management
hybrid-mount kasumi rule add --target /system/bin/tool --source /data/adb/modules/my_module/system/bin/tool
hybrid-mount kasumi rule merge --target /system/lib64 --source /data/adb/modules/my_module/system/lib64
hybrid-mount kasumi rule hide --path /system/bin/su
hybrid-mount kasumi rule delete --path /system/bin/old_tool
hybrid-mount kasumi rule add-dir --target-base /system/lib64 --source-dir /data/adb/modules/my_module/system/lib64
hybrid-mount kasumi rule remove-dir --target-base /system/lib64 --source-dir /data/adb/modules/my_module/system/lib64

Policy Reference

Precedence

When multiple policies could apply to a path, evaluation order is:

  1. Path-level overriderules.<module>.paths["<path>"]
  2. Module-level defaultrules.<module>.default_mode
  3. Global defaultdefault_mode

Behavior matrix

Rule result Backend available? Effective behavior
overlay Yes Mount with OverlayFS.
overlay No Skip and report as failed.
magic n/a Mount with Magic Mount.
kasumi Yes Route through Kasumi.
kasumi No Skip Kasumi mapping.
ignore n/a Do not mount.

Module marker files

Hybrid Mount also recognizes marker files in module directories. These markers are expected to be regular files; only the filename is used. Marker filenames are matched case-insensitively for ASCII letters, so DISABLE, Disable, and disable are treated as the same marker.

Marker Location Effect
disable Module root Excludes the module from mount planning and reports it as disabled.
remove Module root Excludes the module from mount planning; normally created by the root manager during removal.
skip_mount Module root Excludes the module from mount processing and records it in the runtime skip list.
mount_error Module root Marks a module that was skipped after a mount failure. Recovery and daemon commands may create or clear it.
overlay / magic Module root, Nano builds Selects the module default mount backend for Nano builds. Full and Lite builds use config rules instead.
.replace Inside a module directory Applies replacement semantics to the containing directory. The marker itself is not copied as normal module content; prepared overlay layers preserve the directory and set overlay opaque metadata where supported.

If multiple case variants of the same marker exist in one directory, cleanup operations remove all matching variants.

Practical recipes

  • One problematic binary on bind mount, rest on overlay: set module default to overlay, override the binary path to magic.
  • Temporarily exclude a conflicting file: set the path to ignore.

CLI

hybrid-mount [OPTIONS] [COMMAND]

Global options

Flag Description
-c, --config <PATH> Custom config file path.

Subcommands

Command Description
gen-config Generate a default config file.
logs Print recent daemon logs.
api storage Query storage mode (ext4/tmpfs).
api mount-stats Print mount statistics.
api mount-topology Print mount topology tree.
api partitions List managed partitions.
api system-info Print system information.
api version Print daemon version.
api config-get Print effective config as JSON.
api config-set --config <JSON> Replace full config.
api config-patch --patch <JSON> Merge patch into config.
api config-reset Reset config to defaults.
api modules-list List detected modules.
api modules-apply --modules <JSON> Apply module mode changes.
api lkm Query LKM status.
api features List supported features.
api hooks List Kasumi hooks status.
api kernel-uname Print kernel uname.
api open-url --url <URL> Open URL on device.
api reboot Reboot the device.
api kasumi-maps-add --rule <JSON> Add a Kasumi maps spoof rule.
api kasumi-maps-clear Clear all Kasumi maps spoof rules.
daemon launch Start daemon in foreground.
daemon serve Start daemon (service mode).
daemon ping Check daemon liveness.
daemon webui-start Start WebUI only.
daemon stop Stop the daemon.
daemon status Query daemon runtime state.
kasumi ... Kasumi management (see Kasumi).
lkm load / unload / status LKM lifecycle management.
hide list / add / remove / apply User hide rule management.

Architecture

┌─────────────────────────────────────────────┐
│                  config.toml                  │
└──────────────────┬──────────────────────────┘
                   ▼
┌─────────────────────────────────────────────┐
│              Inventory Discovery              │
│         Scan module tree, classify entries    │
└──────────────────┬──────────────────────────┘
                   ▼
┌─────────────────────────────────────────────┐
│              Mount Planner                    │
│    Evaluate rules (path > module > global)    │
│    Generate overlay / magic / kasumi plan     │
└──────────────────┬──────────────────────────┘
                   ▼
┌─────────────────────────────────────────────┐
│              Executors                        │
│  ┌──────────┐ ┌──────────┐ ┌──────────────┐ │
│  │ OverlayFS│ │  Magic   │ │   Kasumi     │ │
│  │ executor │ │  Mount   │ │   executor   │ │
│  └──────────┘ └──────────┘ └──────────────┘ │
└──────────────────┬──────────────────────────┘
                   ▼
┌─────────────────────────────────────────────┐
│            Runtime State + Daemon             │
│   Persist state → Unix socket → WebUI/CLI     │
└─────────────────────────────────────────────┘

The executor is driven by a typestate state machine (src/core/controller.rs): MountController<Init> → StorageReady → Planned → Executed. Each transition represents one pipeline stage, ensuring the mount process is always in a well-defined state.

Source layout

src/
├── conf/          Config schema, TOML loader, CLI definition, handlers
├── domain/        Core types: MountMode, ModuleRules, path matching
├── partitions/    Managed partition auto-discovery
├── core/
│   ├── inventory/ Module discovery and listing
│   ├── ops/       Mount plan generation and per-backend execution
│   ├── daemon/    Unix + TCP dual-protocol daemon (CLI + WebUI/SSE)
│   ├── api/       Payload builders for WebUI endpoints
│   ├── startup/   Boot sequence, recovery, retry logic
│   ├── storage/   Shared storage helpers (ext4 image, tmpfs)
│   └── runtime_state/ Daemon state persistence
├── mount/
│   ├── overlayfs/ OverlayFS backend (ext4 image / tmpfs)
│   ├── magic_mount/ Bind-mount backend
│   └── kasumi/    Kasumi rule compilation, runtime, status
├── sys/           Low-level: mount syscalls, LKM load/unload, Kasumi UAPI
└── utils/         Logging, path utilities, validation

webui/
├── src/
│   ├── routes/    Page components (Status, Config, Modules, Kasumi, Info)
│   ├── components/ Shared UI components (NavBar, Toast, Skeleton)
│   ├── lib/       API bridge, stores, codecs, i18n
│   └── locales/   9-language internationalization

xtask/             Build and release automation
module/            Module packaging scripts and static assets

Build

Prerequisites

  • Rust nightly (from rust-toolchain.toml)
  • Android NDK r27+ and cargo-ndk
  • Node.js 20+ and pnpm (for WebUI)

Commands

# Full release package (binary + WebUI + Kasumi) → output/
cargo run -p xtask -- build --release --flavor full

# Lite release package (binary + WebUI, no Kasumi) → output/
cargo run -p xtask -- build --release --flavor lite

# Nano release package (config-only, no WebUI/CLI/daemon) → output/
cargo run -p xtask -- build --release --flavor nano

# Binary only (skip WebUI)
cargo run -p xtask -- build --release --skip-webui

# Local arm64 debug build
./scripts/build-local.sh

# Local lite debug build
./scripts/build-local.sh --lite

# Local nano debug build
./scripts/build-local.sh --nano

# Local build with prebuilt Kasumi LKM .ko assets (full only)
./scripts/build-local.sh --release --kasumi-lkm-dir /path/to/kasumi-lkm

# WebUI dev server (hot reload)
cd webui && pnpm install && pnpm dev

# Lint everything
cargo run -p xtask -- lint
cd webui && pnpm lint

# Run tests
cargo +nightly test
cd webui && pnpm test

Release profile

The release profile uses opt-level = 3, lto = "fat", codegen-units = 1, strip = true, and panic = "abort" to reduce binary size.

CI gates and feature flag linting

Every change must pass the following CI checks (defined in .github/workflows/):

  • cargo fmt --all -- --check
  • cargo clippy --all-targets -- -D warnings (warnings are errors)
  • cargo test --all-targets --workspace
  • WebUI: pnpm lint + pnpm test
  • License header check on all source files

cargo clippy --all-features (what xtask lint runs) only checks the full flavor. When making changes, also verify that the lite (--no-default-features --features control-plane) and nano (--no-default-features) flavor combinations compile. Code touching Kasumi must be behind #[cfg(feature = "kasumi")]; code touching the daemon/CLI/WebUI API must be behind #[cfg(feature = "control-plane")].

Operational Notes

  • Mount source auto-detection: fresh installs detect the runtime environment automatically. Only set mountsource explicitly if auto-detection fails.
  • Recovery from bad config: run hybrid-mount api config-reset to reset to defaults, then reapply rules incrementally. Use gen-config to regenerate a fresh config file.
  • Config caching: the runtime maintains a cached config. Use api config-patch --apply-runtime to apply changes immediately, or restart the daemon.
  • Kasumi LKM (full builds only): the LKM must match the running kernel. Use lkm_kmi_override if the auto-detected KMI is incorrect.
  • kasumi clear: clears runtime state and releases kernel connection. Existing kernel-side rules may persist until LKM reload.
  • Binary size: prefer dependency feature trimming and profile tuning before invasive refactoring.

License

Licensed under Apache-2.0.

Release History

v4.1.3

Pre-release
Published on May 27, 2026
Download

v4.1.3

Features

  • Update build and release workflows, remove WebUI build steps, and enhance kasumi feature handling

  • Enhance module validation and improve overlayfs staging cleanup

  • Enhance backup path handling, improve error logging, and update kernel config checks

  • Enhance Kasumi feature support with kernel compatibility checks

  • Add tmpfs xattr support checks and enhance Kasumi status handling

  • Implement module blacklist functionality and enhance module handling

  • Suggest ignore mode when mount_error modules contain shell mount commands Scan .sh files in modules with mount errors for mount/mkdir/touch/bind commands and display a hint in the WebUI suggesting the user set the module to "ignore" mode to avoid conflicts.

  • Add issue template for module blacklist requests and implement auto PR creation workflow

Fixes

  • Update kernel status checks to reflect compatibility changes

  • Enhance kasumi feature handling and update version in Cargo.toml

  • Kasumi Fix redirecting and hiding This is a empty commit to get the latest kasumi ko

  • Update version code calculation in release workflow

  • Improve error logging for status loading, config loading, and ksu bridge initialization

  • Make cargo clippy happy

  • Make cargo clippy happy again

  • Correct typo in partition ignore constants

Refactors

  • Clean up dead code, improve mount point collection, and enhance logging initialization

  • Simplify mode retrieval and enhance module display logic

Documentation

  • Add AGENTS.md guide for AI coding agents

  • Update README files to include Cargo features and CI checks for all flavors

  • Move README files to docs/ and use absolute URLs Move all 9 language README variants into docs/ directory. Replace all cross-file relative links with absolute GitHub URLs to ensure links work correctly from any context. Update Cargo.toml and AGENTS.md to reflect the new paths. Co-Authored-By: Claude Opus 4.7 noreply@anthropic.com

CI / Tooling

  • Only auto-close bug reports missing attachments, add URL detection

Other

  • Add files via upload Indonesian Language

  • Add Indonesian to language selector (#336) ### Motivation - The WebUI included a locale file webui/src/locales/id-ID.json but id-ID was not present in the availableLanguages list, so Bahasa Indonesia could not be chosen in the language dialog. ### Description - Inserted { code: "id-ID", name: "Bahasa Indonesia" } into the availableLanguages array in webui/src/lib/stores/uiStore.ts so the Indonesian locale becomes selectable. ### Testing - Verified the change and locale presence using git diff -- webui/src/lib/stores/uiStore.ts and nl -ba webui/src/locales/id-ID.json, then committed the update with git commit (commands succeeded). ------ Codex Task

  • Update api.mock.ts to suit new feature

v4.1.2

Pre-release
Published on May 22, 2026
Download

v4.1.2

Fixes

  • Update zip file naming conventions for consistency in package detection

  • Remove tree filter in release checkout and sync missing locale keys - Remove filter: 'tree:0' from release job checkout to fix git-cliff changelog generation error - Add 19 missing i18n keys across es-ES, it-IT, ja-JP, ru-RU, uk-UA, vi-VN, zh-TW locale files (kasumi uname, cmdline, unload warning, etc.)

  • Make clippy happy

Refactors

  • Move build.rs module.prop to OUT_DIR and split KasumiTab into sub-components - build.rs: write module.prop to OUT_DIR instead of source tree; replace rerun-if-changed on .git directory with .git/HEAD; consolidate imports - KasumiTab: decompose 1332-line single component into index.tsx orchestrator and 6 focused section components (Lkm, Runtime, Identity, UserHide, Maps, Features), plus HeroCard, SectionShell, types, and utils

  • Replace catch (e: any) with unknown and add .catch() to void calls - Add getErrorMessage() helper to safely extract messages from unknown - Replace all 12 catch (e: any) with catch (e: unknown) using the helper - Add .catch() handlers to 3 void async calls in App.tsx that lacked them

  • Improve caption handling by introducing truncation functions

  • Streamline configuration structs by removing redundant serde defaults

Documentation

  • Replace hardcoded version badge with dynamic latest-tag badge Use shields.io github/v/tag endpoint instead of hardcoded 4.0.5 so the version badge always reflects the latest release tag automatically.

Maintenance

  • Remove overlay fallback feature and related configurations - Eliminated the enable_overlay_fallback option from configuration files and documentation across multiple languages. - Removed associated fallback logic from the codebase, including functions and references in the executor and magic mount modules. - Updated README files in various languages to reflect the removal of the overlay fallback feature. - Adjusted WebUI components and localization files to remove references to the overlay fallback option.

v4.1.0

Published on May 16, 2026
Download

v4.1.0

Features

  • Update summary in module.json to include 'Kasumi'

  • Update version in README files to 4.0.5

  • 添加对浅层覆盖的支持,优化挂载计划处理

Fixes

  • Scope SELinux Guard to app zygote (#27) Kasumi Fix

  • umount Skip pairip-protected lib partitions to avoid SIGSEGV KSU detaching the overlay over /system/lib*, /vendor/lib* mid-flight crashes pairip-protected APKs in libpairipcore.so. Filter those paths out of the umount queue and dedupe via HashSet::insert so repeat calls are no-ops.

  • Handle module markers case-insensitively

  • Make clippy happy

  • 更新文档以更准确地描述构建版本的用途和功能

Refactors

  • notify 重构 Telegram 通知消息排版 - 文件组不再附带独立 caption,三个文件干净排列 - 文件组后独立发送文字消息,包含标题、分支、产物数、commit 和日志链接 - 移除产物大小统计行

  • nano 用 marker 机制替换 OverlayFS 白名单 - 移除 overlay_whitelist 配置项和 NANO_OVERLAY_WHITELIST 常量 - Nano 改用模块目录下的 overlay/magic marker 文件来判断挂载模式 - metainstall.sh 增加 nano 检测、mode marker 写入和分区列表扩展 - 更新 README 文档说明 marker-based 模式 - inventory 模块增加 module_mount_mode_marker 及测试

  • notify 合并文件和文字为单条消息 Media group 第一个文件附带共享 caption,其余文件无独立文字

  • 重构模块规则和处理逻辑,添加后代规则前缀支持

Documentation

  • readme List supported languages

  • readme Link available readme translations

  • readme Add localized readme translations

Other

  • Add Telegram notification helper for Hybrid Mount build artifacts - Introduced a new notify tool to send notifications via Telegram for build artifacts. - Implemented functionality to find ZIP files in the output directory and send notifications with details such as branch name, commit message, and artifact sizes. - Created a NotifyRequest struct to encapsulate notification parameters. - Added command-line interface to allow specifying a topic ID and event label. - Included tests for the ZIP file detection functionality.

  • notify Apply cargo fmt

v4.0.5

Pre-release
Published on May 12, 2026
Download

v4.0.5

Refactors

  • tests Improve test function names for clarity and consistency

  • Reorganize imports for better clarity in main.rs

v4.0.1

Published on May 10, 2026
Download

v4.0.1

Features

  • Enhance daemon and web UI with system info and runtime validation - Refactor server handling to use poll for improved performance. - Introduce system_info in API responses and update related interfaces. - Add URL validation to prevent malformed requests. - Improve error handling in config and kasumi stores with warnings for missing data. - Update App initialization to load UI and daemon concurrently.

  • App Enhance app initialization phase tracking and loading UI

  • daemon Add daemon_startup_mode config with persistent boot and webui toggle Add a daemon_startup_mode config option (on-demand / persistent) that controls whether the daemon starts on-demand via KSU exec or persists at boot via service.sh. Includes ping-first bridge optimization for faster reconnection. Co-Authored-By: Claude Opus 4.7 noreply@anthropic.com

  • Update TopBar to provide default app name and language title; add preconnect and styles in index.html

  • Add clear mount errors functionality and UI updates - Implemented clearMountErrors API method in both mock and real API. - Updated AppAPI interface to include clearMountErrors. - Added clear-mount-errors command to the daemon command payload. - Enhanced Module interface to include mount_error property. - Added localization strings for mount error messages in multiple languages. - Introduced error indicators and banners in the ModulesTab component to display mount errors. - Added a button to clear mount errors, with loading state management.

  • Enhance mount error handling and add clear mount errors functionality

Fixes

  • schema Replace manual Default impl with derive macro for DaemonStartupMode

  • nuke Skip nuke execution if KSU is not loaded

Maintenance

  • Revert "feat(App): enhance app initialization phase tracking and loading UI" This reverts commit 08534f6.

v4.0.0

Published on May 10, 2026
Download

v4.0.0

Features

  • Enhance ksu handling in module loading and add fallback check

  • daemon Implement command handling and HTTP server for WebUI - Added commands.rs to handle various daemon commands including status, configuration, and Kasumi operations. - Introduced http.rs to manage the HTTP server for WebUI interactions, including session management and SSE support. - Implemented request validation and response formatting for daemon commands. - Created validation schemas in validation.ts for structured error handling and response parsing in the WebUI.

  • App Ensure status is loaded during app initialization

Fixes

  • Review and harden frontend-backend interaction - saveConfigToFile now includes kasumi and rules fields (was silently dropping) - Replace fastrand token generation with /dev/urandom CSPRNG - Use {err} instead of {err:#} in HTTP responses to avoid leaking filesystem paths - Remove Access-Control-Allow-Private-Network CORS header - Add /proc//cmdline verification to PID file cleanup - Add config.toml.bak backup before overwriting config - Remove duplicate KasumiUnameMode enum, reuse schema::KasumiUnameMode - Replace inverted bool return with ConnectionAction enum in HTTP handler - Add typed DaemonCommandPayload discriminated union matching Rust serde tags - Add runDaemonCommand() bypassing JSON-in-shell-string round-trip - Preserve first error in bridge retry for debugging - Fix clearKasumiUname transaction order (clear runtime before config) - Fix ensureDaemonAwake TOCTOU race - Add proper types to RuntimeStatePayload stable fields - Rename parseHybridMountJsonOutput to parseDaemonJsonOutput - Clarify extractConfig fallback logic with comment

Refactors

  • Remove module metadata from runtime entries and tests for cleaner payload handling

  • runtime_state Simplify conditional check in save method

  • sysStore Remove redundant systemInfo updates in handleSseUpdate

Maintenance

  • Update .gitignore to include CLAUDE.md

  • Pnpm format

  • Make clippy happy

Other

  • Refactor inventory discovery and planner modules for improved directory handling and performance

v3.6.1

Published on May 6, 2026
Download

v3.6.1

Features

  • Add jq installation to Dockerfile and ensure jq is available in release workflow

v3.5.6

Published on April 26, 2026
Download

v3.5.6

Features

  • kasumi Rename hymo -> kasumi

  • Add nuke functionality before cleanup for ext4 storage mode

  • Enhance module status update with kasumi_enabled flag

Fixes

  • Update git remote URL for HymoFS source to Kasumi repository

  • Enhance module build process to handle multiple .ko files

  • ci Generate webui files before lint

Refactors

Maintenance

  • Revert "refactor: update build workflow to trigger on workflow_run and simplify conditions" This reverts commit 736332d.

Other

  • Make cargo clippy happy

v3.5.5

Published on April 25, 2026
Download

v3.5.5

Features

  • Enhance kptools command handling and error reporting in nuke module

  • Add mount topology command and handler for API

  • Implement SaveConfigPatch struct and related functionality for config updates

  • Enhance APatch KPM loading mechanism and improve error handling

  • Refactor configuration handling to use ConfigSession for improved session management and patch application

  • Add fast allocator feature and optimize release build settings for smaller binaries

  • Refactor magic_mount to use MagicMountOptions for improved parameter handling

  • config Refactor config loading to use load_default_config for improved error handling

  • cli Add command to save all module rules and improve error logging

  • tests Add unit tests for configuration and validation functions

  • Add ModuleModeStats struct and integrate mode statistics into RuntimeState

Fixes

  • Refactor config initialization in tests for clarity and consistency

  • core Tighten config loading and module visibility Fail fast when the default config file exists but cannot be parsed, include blocked modules in the WebUI module list without affecting active mount scanning, and generate complete built-in partition metadata for the bundled WebUI.

  • config Fail on invalid default config

  • Fix clippy warnings

  • Code quality improvements across multiple modules - Unify versionCode formula between build.rs and xtask (major100000+minor1000+patch) - Replace unwrap_or(0) with proper error propagation in xtask versionCode - Add Copy derive to MountMode, remove unnecessary .clone() calls - Add "type": "error" discriminator to ErrorPayload for robust frontend detection - Clean up unreachable code in conf/store.rs (bail! instead of read+unreachable!) - Add collision detection in get_mnt() with exists() check loop - Make init_logging() error handling explicit with .ok() - Add sync comments for cal_git_code between build.rs and xtask - Update webui submodule to b56861d

  • Fix cargo fmt and clippy issues

  • Update metadata URL to point to the correct repository

  • Update default_mode in config.toml using sed for better configuration management

  • Remove modules.img during ext4 cleanup Ensure finalize cleanup also deletes modules.img after tempdir removal when storage mode is ext4, so stale ext4 image files are not left behind. Co-Authored-By: Claude Sonnet 4.6 noreply@anthropic.com

  • Update read_c_buf to use iter().map for better clarity

Refactors

  • Remove ignoreProtocolMismatch functionality and related UI elements

  • Remove unused test cases and improve error handling in nuke and mount modules

  • core Move dynamic partition discovery into runtime Extract partition discovery into a dedicated module, switch managed partition decisions to a shared runtime-driven source across sync, planning, hymofs, magic mount, topology, and system APIs, and update the bundled webui submodule pointer to the pushed runtime-driven partition display changes.

  • Remove mimalloc dependency and update log handling for Android

  • Simplify config update handling and improve logging for HymoFS

  • api Replace serde_json::Value with typed structs, add structured error output and save-full-config - Replace json!() macros with typed Serialize structs: FeatureInfo, LkmPayload, MountStatsPayload, HymofsVersionPayload, SystemPayload, HymofsStatusPayload, MountTopologyPayload - Add ErrorPayload + print_json_error() for structured JSON error output on API commands, so frontend can parse errors from stdout - Add save-full-config CLI command that deserializes full Config instead of partial ConfigPatch, catching missing fields early - Add active_mounts and tmpfs_xattr_supported to SystemPayload - Remove unused paths from xtask generation: MODE_CONFIG, IMAGE_MNT, DAEMON_LOG - Add Clone derive to HymoFsRuntimeInfo, Serialize derive to LkmStatus

  • Refactor update desc APatch was supported module config(bmax121/APatch@05984a6), so we can directly using apd/ksud module set

  • Replace println! with scoped_log! for better logging in overlayfs utils

  • Refactor update desc only using write file

  • Update storage mode handling to use enum for clarity and type safety

  • Replace hardcoded managed partitions with constant from defs

  • Enhance error handling and logging in API and configuration loading functions

  • Remove unnecessary blank line in RuntimeState implementation

CI / Tooling

  • android Drop armv7 and x86_64 support

  • Cache hymofs lkm builds

  • Minimized size (#316) minimized size

Maintenance

  • Update license headers to Apache License 2.0 across multiple files - Changed license information from GNU General Public License to Apache License 2.0 in the following files: - src/mount/hymofs/common.rs - src/mount/hymofs/compile.rs - src/mount/hymofs/mod.rs - src/mount/hymofs/runtime.rs - src/mount/hymofs/status.rs - src/mount/magic_mount/mod.rs - src/mount/magic_mount/utils.rs - src/mount/mod.rs - src/mount/node.rs - src/mount/overlayfs/mod.rs - src/mount/overlayfs/overlayfs.rs - src/mount/overlayfs/utils.rs - src/mount/umount_mgr.rs - src/sys/fs/file.rs - src/sys/fs/mod.rs - src/sys/fs/xattr.rs - src/sys/hymofs.rs - src/sys/lkm.rs - src/sys/mod.rs - src/sys/mount.rs - src/sys/nuke.rs - src/utils/mod.rs - src/utils/path.rs - src/utils/validation.rs - xtask/Cargo.toml - xtask/src/main.rs - xtask/src/zip_ext.rs

  • Revert "feat: add fast allocator feature and optimize release build settings for smaller binaries" This reverts commit d4ded05.

  • Run license header workflow weekly

  • Fix typos, remove cert/key files, optimize string allocations, and standardize NDK version - build.rs: fix variable name typos (manjor→major, conut→count) - main.rs: replace panic!() with clean eprintln! + process::exit(1) - Remove cert.pem and private.enc from repository - Replace .to_string_lossy().to_string() with .into_owned() across 12 call sites - Standardize NDK version to r29 in release.yml (matching build.yml) Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com

  • Add .claude/settings.local.json and .claude/ to .gitignore

  • Format code for better readability in extract_module_id function

  • Revert "refactor: refactor update desc" it will cause description no update This reverts commit f8c7b90.

Other

  • Panic on KernelSU late-load mode in rust entrypoint

  • Make clippy happy

v3.5.1

Published on April 19, 2026
Download

v3.5.1

Features

  • Implement SELinux context and ownership cloning for file operations

v3.5.0

Published on April 19, 2026
Download

v3.5.0

Features

  • lkm Fallback to ksud insmod when finit_module fails on KernelSU When finit_module fails and the runtime environment is KernelSU, retry loading the HymoFS LKM via ksud debug insmod. Falls back through /data/adb/ksud then $PATH, and surfaces both failures on error.

  • nuke Add strict verification for apatch nuke execution

  • xattr Add support for legacy system file context in firmware paths

  • xattr Refactor path resolution and context handling for managed partitions

  • xattr Add function to determine if live context should apply to managed partitions

Fixes

  • lkm Use 'ksud insmod' instead of 'ksud debug insmod'

  • Improve live SELinux context application

  • Collapse xattr let-chains for clippy

  • Try fix GPU driver selinux is error

  • Fix xattr

Refactors

  • xattr Clean up formatting and improve readability in path resolution functions

  • Improve code formatting and readability across multiple files

  • Separate domain models and hymofs orchestration

  • Enhance cleanup logic and add mounted path check

  • Remove unused LiveContextCache and related functions

  • core Simplify runtime state finalization

  • xattr Remove unused lgetxattr import

Maintenance

  • Remove unused test modules and associated test cases across various files - Deleted test modules and their corresponding tests from user_hide_rules.rs, mod.rs, compile.rs, mod.rs, runtime.rs, tests.rs, utils.rs, file.rs, hymofs.rs, lkm.rs, and node.rs. - Cleaned up code by removing commented-out test code and unnecessary imports. - This cleanup improves code readability and maintainability by eliminating redundant test cases that are no longer needed.

  • Revert "Speed up CI by skipping hymofs LKM builds by default" This reverts commit 58e8b20.

Other

  • Switch to GPLv2 licence

  • Using hawkeye to manage licence

  • Refactor sync and runtime finalization logic - Updated perform_sync to use defs::managed_partition_names for managed partitions. - Removed the build_managed_partitions function from sync.rs and replaced its usage. - Modified build_runtime_state to accept ExecutionResult instead of MountPlan. - Changed collect_active_mounts to use ExecutionResult for active mounts collection. - Introduced managed_partition_names and managed_partition_set in defs.rs for better partition management. - Refactored build_managed_partitions in hymofs/common.rs to utilize the new managed_partition_set. - Enhanced collect_module_files in magic_mount/utils.rs to accept magic_modules and use_hymofs parameters. - Implemented path normalization functions in hymofs/compile.rs for better path handling. - Updated sync_dir in file.rs to use a live context cache for improved performance. - Refined extended attribute handling in xattr.rs with better error logging and caching. - Removed deprecated functions in hymofs.rs to streamline the codebase.

  • Simplify LiveContextSourceKind display

  • Opt TMPFS_XATTR_SUPPORTED lock using AtomicBool, instead of OnceLock

  • Refactor CLI handlers and remove legacy hymofs compatibility

  • Split core API payload builders by domain

  • Speed up CI by skipping hymofs LKM builds by default

v3.4.7

Published on April 16, 2026
Download

v3.4.7

Features

  • hymofs Integrate HymoFS as third mount mode - New hymofs executor that drives the HymoFS LKM via ioctl rules (ADD_RULE / ADD_MERGE_RULE / HIDE_RULE / ADD_MAPS_RULE / HIDE_OVERLAY_XATTRS), with bidirectional src/resolved_src matching to keep module-side paths like /system/product working alongside the kernel's canonical form. - LKM lifecycle management: autoload/unload, KMI override, runtime probe via /proc/modules, and packaging of per-KMI hymofs_lkm.ko under module/hymofs_lkm/ via xtask (HYBRID_MOUNT_HYMOFS_LKM_DIR). - New CLI surface: hybrid-mount hymofs {status,list,enable,disable, stealth,hidexattr,maps,hide-uids,mount-hide,statfs-spoof,uname, cmdline,fix-mounts,clear,release-connection,invalidate-cache} and hybrid-mount lkm {status,load,unload,set-autoload,set-kmi, clear-kmi}, plus user-hide persistence (hide add/remove/list/apply). - Planner / controller / runtime-state / finalization updated to treat hymofs as a first-class mount mode alongside overlay/magic. - Config schema extends with HymofsConfig (flags, uname/cmdline spoof, hide_uids, maps_rules, kstat_rules, mount_hide, statfs_spoof) and persists to /data/adb/hybrid-mount/hymofs.toml. - WebUI: new HymoFS tab with LKM card, runtime toggles, identity spoof, user-hide list, maps rules, and capability summary. Bottom-nav snowflake icon. hymofsStore uses /proc/modules as a fast probe: on LKM unloaded it synthesizes a fallback status that preserves the previous real config so the master toggle never flips off on unload. - CI: build.yml and release.yml now call build-hymofs-lkm.yml (matrix: 7 KMIs x arm64), download the .ko artifacts, and stage them via HYBRID_MOUNT_HYMOFS_LKM_DIR before xtask build. - scripts/build-local.sh: local build helper with --hymofs-lkm-dir for dev iterations.

Fixes

  • hymofs Drop redundant u64 casts in statvfs math to satisfy clippy

  • hymofs Stabilise statvfs and default-config unit tests - statvfs_usage: widen via u64::from and silence the per-platform unnecessary_cast / useless_conversion lints instead of carrying target-gated code just for this helper. - hymofs_runtime_requires_mapping_or_explicit_feature: Config::default() turns stealth on; clear all auxiliary feature flags in the test so it actually exercises the 'no mapping, no feature' path.

  • hymofs Remove redundant imports in compile and runtime modules

  • action Update download-artifact action to v8

  • planner Handle symlinks and improve error logging in generate_with_root function feat(utils): enhance collect_module_files to maintain partition structure fix(node): update symlink handling in Node implementation and add tests

  • module_status Improve status description formatting in update_description function

  • hymofs Align cmdline sync/clear behavior with upstream semantics

  • hymofs Isolate runtime sync and harden compat

  • storage Align tmpfs and ext4 selinux context

Refactors

  • hymofs Unify config and tighten runtime behavior

  • hymofs Reorganize use statements for better readability

  • build Remove setup-build-env action and integrate KPM setup directly in workflows

Other

  • Add HymoFS module with runtime and status management - Introduced a new HymoFS module in src/mount/hymofs/mod.rs to encapsulate functionality related to the HymoFS file system. - Implemented runtime management in src/mount/hymofs/runtime.rs, including feature toggles, runtime configuration synchronization, and application of mount rules. - Created a status management module in src/mount/hymofs/status.rs to handle operational checks and runtime information collection. - Added comprehensive tests in src/mount/hymofs/tests.rs to validate runtime behavior, feature toggles, and rule compilation. - Ensured proper logging and error handling throughout the module for better debugging and operational visibility.

v3.4.6

Published on April 9, 2026
Download

v3.4.6

Features

  • xtask Call notify crate directly

Maintenance

  • Split notify into separate repository

v3.4.5

Published on April 6, 2026
Download

v3.4.5

Features

  • Add ext4 probe and post-check for APatch nuke flow

  • Finalize APatch nuke KPM support

  • Enhance ext4 sysfs handling by using function pointers for dynamic symbol resolution

Fixes

  • Fix late mode check Signed-off-by: Tools-app localhost.hutao@gmail.com

  • Fix panic

  • Make kpm module compile in CI toolchain headers

  • Collapse nested if to satisfy clippy

  • Use APatch kptools for kpm nuke calls

  • Only extract kpm assets on APatch

Performance

  • sync Reduce repeated module tree traversal

Maintenance

  • Remove extra kpm README and related doc entries

v3.4.2

Published on April 3, 2026
Download

v3.4.2

Other

  • Fix installer notice confirmation blocking

  • Improve mount planning diagnostics

  • Refactor magic mount stats into context

  • Make node traversal deterministic

  • Polish executor naming and diagnostics text

  • Unify logging format across runtime

v3.4.1

Published on April 2, 2026
Download

v3.4.1

Fixes

  • core Resolve naming refactor build errors

  • recovery Avoid state borrow conflict

  • planner Split configured extra partitions

  • planner Preserve real partition names for symlink targets

  • umount Restore queued try-umount commit

Refactors

  • core Split boot and command entrypoints

  • executor Split overlay and magic handlers

  • storage Split backends and ext4 setup

  • recovery Split retry state and markers

  • core Extract finalization workflow

  • core Separate module description updates

  • inventory Separate module presentation

  • core Clarify controller and runtime names

  • startup Rename boot recovery modules

  • naming Rename entry, inventory, and fallback modules

  • naming Rename status and finalization modules

  • umount Drop extra /mnt cleanup and unify wording

Tests

  • planner Add mount plan scenarios

CI / Tooling

  • submodule Track webui on configured branch

  • release Generate changelog with git-cliff

Other

  • .github/workflows/update_webui_submodule.yml

v3.3.1

Published on March 29, 2026
Download

v3.3.1

Changes since v3.3.0:

  • ci(release): install armv7 android rust target

v3.2.2

Published on March 24, 2026
Download

v3.2.2

Changes since v3.2.1:

  • build: pin nightly toolchain for rustfmt consistency
  • chore(submodule): update webui [skip ci]
  • ci: restrict webui updater workflow to dev branch
  • fix: make cargo clippy happy
  • metainstall: add support for hot install
  • feat(core): auto detect manual mount scripts to prevent conflicts
  • chore: update license headers [skip ci]
  • chore(release): sync version v3.2.1 [skip ci]

v3.2.1

Published on March 22, 2026
Download

v3.2.1

Changes since v3.2.0:

  • chore: remove unused update_desc
  • Revert "ci: promote only latest prereleases"
  • Revert "ci(workflow): fix unrecognized 'secrets' context in if conditions"
  • sync: sync magic mount updates from upstream
  • adj: removed normalize_module_layout
  • chore(deps): bump the crates group with 2 updates
  • chore(tools): update notify binary [skip ci]
  • chore(deps): bump rustls-webpki
  • chore: bump webui submodule
  • Update dependabot.yml
  • Remove leftover EROFS module tool
  • refactor: Fixed the issue with the size of the statistics
  • BREAKING CHANGE: feat: The erofs is marked as deprecated
  • ci: add caches to compilation workflows
  • xtask: adj: adj target platform(Tools-cx-app/meta-magic_mount-rs#31)
  • Fix EROFS magic fallback and logging
  • Fix EROFS empty remount handling
  • ci(workflow): fix unrecognized 'secrets' context in if conditions

Module Details

Module ID
hybrid_mount
1172
Stars
19
Releases
Source Code

Latest Version

v4.1.3
Released 5/27/2026
Download Now