From 99e9b1deedad8b76d7a9f08d7954265d8e2f84eb Mon Sep 17 00:00:00 2001
From: topjohnwu <topjohnwu@gmail.com>
Date: Fri, 25 Feb 2022 05:03:20 -0800
Subject: [PATCH] Multiuser daemon service support

---
 .../topjohnwu/superuser/internal/Utils.java   |  22 ++
 .../topjohnwu/libsuexample/ITestService.aidl  |   2 +-
 example/src/main/cpp/test.cpp                 |  14 --
 .../topjohnwu/libsuexample/AIDLService.java   |  21 +-
 .../topjohnwu/libsuexample/MSGService.java    |  26 +-
 .../topjohnwu/libsuexample/MainActivity.java  | 204 ++++++++-------
 example/src/main/res/layout/activity_main.xml |  12 +-
 .../internal/IRootServiceManager.aidl         |   4 +-
 service/src/main/assets/main.jar              | Bin 2720 -> 2819 bytes
 .../superuser/internal/BinderHolder.java      |  38 +++
 .../superuser/internal/RootServerMain.java    |  61 +++--
 .../internal/RootServiceManager.java          | 235 ++++++++++--------
 .../superuser/internal/RootServiceServer.java | 229 ++++++++++-------
 .../topjohnwu/superuser/ipc/RootService.java  |  10 +
 14 files changed, 519 insertions(+), 359 deletions(-)
 create mode 100644 service/src/main/java/com/topjohnwu/superuser/internal/BinderHolder.java

diff --git a/core/src/main/java/com/topjohnwu/superuser/internal/Utils.java b/core/src/main/java/com/topjohnwu/superuser/internal/Utils.java
index 0355557..4f5e12a 100644
--- a/core/src/main/java/com/topjohnwu/superuser/internal/Utils.java
+++ b/core/src/main/java/com/topjohnwu/superuser/internal/Utils.java
@@ -20,6 +20,8 @@ import android.annotation.SuppressLint;
 import android.content.Context;
 import android.content.ContextWrapper;
 import android.os.Build;
+import android.util.ArrayMap;
+import android.util.ArraySet;
 import android.util.Log;
 
 import androidx.annotation.RestrictTo;
@@ -34,6 +36,10 @@ import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
 import java.util.Collection;
 import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
 
 @RestrictTo(RestrictTo.Scope.LIBRARY)
 public final class Utils {
@@ -117,4 +123,20 @@ public final class Utils {
         }
         return total;
     }
+
+    static <K, V> Map<K, V> newArrayMap() {
+        if (Build.VERSION.SDK_INT >= 19) {
+            return new ArrayMap<>();
+        } else {
+            return new HashMap<>();
+        }
+    }
+
+    static <E> Set<E> newArraySet() {
+        if (Build.VERSION.SDK_INT >= 23) {
+            return new ArraySet<>();
+        } else {
+            return new HashSet<>();
+        }
+    }
 }
diff --git a/example/src/main/aidl/com/topjohnwu/libsuexample/ITestService.aidl b/example/src/main/aidl/com/topjohnwu/libsuexample/ITestService.aidl
index ac95757..cf36fcf 100644
--- a/example/src/main/aidl/com/topjohnwu/libsuexample/ITestService.aidl
+++ b/example/src/main/aidl/com/topjohnwu/libsuexample/ITestService.aidl
@@ -6,5 +6,5 @@ package com.topjohnwu.libsuexample;
 interface ITestService {
     int getPid();
     int getUid();
-    String readCmdline();
+    String getUUID();
 }
diff --git a/example/src/main/cpp/test.cpp b/example/src/main/cpp/test.cpp
index 4ce95c1..3ba3845 100644
--- a/example/src/main/cpp/test.cpp
+++ b/example/src/main/cpp/test.cpp
@@ -16,23 +16,9 @@
 
 #include <jni.h>
 #include <unistd.h>
-#include <fcntl.h>
-#include <sys/types.h>
-#include <sys/stat.h>
 
 extern "C" JNIEXPORT JNICALL
 jint Java_com_topjohnwu_libsuexample_AIDLService_nativeGetUid(
 		JNIEnv *env, jobject instance) {
 	return getuid();
 }
-
-extern "C" JNIEXPORT JNICALL
-jstring Java_com_topjohnwu_libsuexample_AIDLService_nativeReadFile(
-		JNIEnv *env, jobject instance, jstring name) {
-	const char *path = env->GetStringUTFChars(name, nullptr);
-	int fd = open(path, O_RDONLY);
-	env->ReleaseStringUTFChars(name, path);
-	char buf[4096];
-	buf[read(fd, buf, sizeof(buf) - 1)] = 0;
-	return env->NewStringUTF(buf);
-}
diff --git a/example/src/main/java/com/topjohnwu/libsuexample/AIDLService.java b/example/src/main/java/com/topjohnwu/libsuexample/AIDLService.java
index 2568d2d..b40c8bf 100644
--- a/example/src/main/java/com/topjohnwu/libsuexample/AIDLService.java
+++ b/example/src/main/java/com/topjohnwu/libsuexample/AIDLService.java
@@ -16,6 +16,8 @@
 
 package com.topjohnwu.libsuexample;
 
+import static com.topjohnwu.libsuexample.MainActivity.TAG;
+
 import android.content.Intent;
 import android.os.IBinder;
 import android.os.Process;
@@ -25,10 +27,11 @@ import androidx.annotation.NonNull;
 
 import com.topjohnwu.superuser.ipc.RootService;
 
-import static com.topjohnwu.libsuexample.MainActivity.TAG;
+import java.util.UUID;
 
 // Demonstrate RootService using AIDL (daemon mode)
 class AIDLService extends RootService {
+
     static {
         // Only load the library when this class is loaded in a root process.
         // The classloader will load this class (and call this static block) in the non-root
@@ -40,7 +43,6 @@ class AIDLService extends RootService {
 
     // Demonstrate we can also run native code via JNI with RootServices
     native int nativeGetUid();
-    native String nativeReadFile(String file);
 
     class TestIPC extends ITestService.Stub {
         @Override
@@ -54,12 +56,19 @@ class AIDLService extends RootService {
         }
 
         @Override
-        public String readCmdline() {
-            // Normally we cannot read /proc/cmdline without root
-            return nativeReadFile("/proc/cmdline");
+        public String getUUID() {
+            return uuid;
         }
     }
 
+    private String uuid;
+
+    @Override
+    public void onCreate() {
+        uuid = UUID.randomUUID().toString();
+        Log.d(TAG, "AIDLService: onCreate, " + uuid);
+    }
+
     @Override
     public void onRebind(@NonNull Intent intent) {
         // This callback will be called when we are reusing a previously started root process
@@ -75,7 +84,7 @@ class AIDLService extends RootService {
     @Override
     public boolean onUnbind(@NonNull Intent intent) {
         Log.d(TAG, "AIDLService: onUnbind, client process unbound");
-        // We return true here to tell libsu that we want this service to run as a daemon
+        // Return true here so onRebindg will be called
         return true;
     }
 }
diff --git a/example/src/main/java/com/topjohnwu/libsuexample/MSGService.java b/example/src/main/java/com/topjohnwu/libsuexample/MSGService.java
index 6d3c94d..a9c6251 100644
--- a/example/src/main/java/com/topjohnwu/libsuexample/MSGService.java
+++ b/example/src/main/java/com/topjohnwu/libsuexample/MSGService.java
@@ -31,19 +31,24 @@ import android.util.Log;
 
 import androidx.annotation.NonNull;
 
-import com.topjohnwu.superuser.internal.Utils;
 import com.topjohnwu.superuser.ipc.RootService;
 
-import java.io.ByteArrayOutputStream;
-import java.io.FileInputStream;
-import java.io.IOException;
+import java.util.UUID;
 
 // Demonstrate root service using Messengers
 class MSGService extends RootService implements Handler.Callback {
 
     static final int MSG_GETINFO = 1;
     static final int MSG_STOP = 2;
-    static final String CMDLINE_KEY = "cmdline";
+    static final String UUID_KEY = "uuid";
+
+    private String uuid;
+
+    @Override
+    public void onCreate() {
+        uuid = UUID.randomUUID().toString();
+        Log.d(TAG, "MSGService: onCreate, " + uuid);
+    }
 
     @Override
     public IBinder onBind(@NonNull Intent intent) {
@@ -65,15 +70,8 @@ class MSGService extends RootService implements Handler.Callback {
         reply.what = msg.what;
         reply.arg1 = Process.myPid();
         reply.arg2 = Process.myUid();
-        ByteArrayOutputStream out = new ByteArrayOutputStream();
-        try (FileInputStream in = new FileInputStream("/proc/cmdline")) {
-            // libsu internal util method, pumps input to output
-            Utils.pump(in, out);
-        } catch (IOException e) {
-            Log.e(TAG, "IO error", e);
-        }
         Bundle data = new Bundle();
-        data.putString(CMDLINE_KEY, out.toString());
+        data.putString(UUID_KEY, uuid);
         reply.setData(data);
         try {
             msg.replyTo.send(reply);
@@ -86,7 +84,7 @@ class MSGService extends RootService implements Handler.Callback {
     @Override
     public boolean onUnbind(@NonNull Intent intent) {
         Log.d(TAG, "MSGService: onUnbind, client process unbound");
-        // Default returns false, which means NOT daemon mode
+        // Default returns false, which means onRebind will not be called
         return false;
     }
 }
diff --git a/example/src/main/java/com/topjohnwu/libsuexample/MainActivity.java b/example/src/main/java/com/topjohnwu/libsuexample/MainActivity.java
index b7e8057..3a31782 100644
--- a/example/src/main/java/com/topjohnwu/libsuexample/MainActivity.java
+++ b/example/src/main/java/com/topjohnwu/libsuexample/MainActivity.java
@@ -41,7 +41,6 @@ import com.topjohnwu.superuser.ipc.RootService;
 
 import java.io.IOException;
 import java.io.InputStream;
-import java.util.Arrays;
 import java.util.List;
 
 public class MainActivity extends Activity implements Handler.Callback {
@@ -57,15 +56,10 @@ public class MainActivity extends Activity implements Handler.Callback {
         );
     }
 
-    private ITestService testIPC;
-    private Messenger remoteMessenger;
-    private Messenger myMessenger = new Messenger(new Handler(Looper.getMainLooper(), this));
-    private MSGConnection conn = new MSGConnection();
-    private boolean daemonTestQueued = false;
-    private boolean serviceTestQueued = false;
+    private final Messenger me = new Messenger(new Handler(Looper.getMainLooper(), this));
+    private final List<String> consoleList = new AppendCallbackList();
 
     private ActivityMainBinding binding;
-    private List<String> consoleList = new AppendCallbackList();
 
     // Demonstrate Shell.Initializer
     static class ExampleInitializer extends Shell.Initializer {
@@ -79,135 +73,157 @@ public class MainActivity extends Activity implements Handler.Callback {
         }
     }
 
+    private AIDLConnection aidlConn;
+    private AIDLConnection daemonConn;
+
     class AIDLConnection implements ServiceConnection {
+
+        private final boolean isDaemon;
+
+        AIDLConnection(boolean b) {
+            isDaemon = b;
+        }
+
         @Override
         public void onServiceConnected(ComponentName name, IBinder service) {
-            Log.d(TAG, "daemon onServiceConnected");
-            testIPC = ITestService.Stub.asInterface(service);
-            if (daemonTestQueued) {
-                daemonTestQueued = false;
-                testDaemon();
+            Log.d(TAG, "AIDL onServiceConnected");
+            if (isDaemon) daemonConn = this;
+            else aidlConn = this;
+            refreshUI();
+
+            ITestService ipc = ITestService.Stub.asInterface(service);
+            try {
+                consoleList.add("AIDL PID : " + ipc.getPid());
+                consoleList.add("AIDL UID : " + ipc.getUid());
+                consoleList.add("AIDL UUID: " + ipc.getUUID());
+            } catch (RemoteException e) {
+                Log.e(TAG, "Remote error", e);
             }
         }
 
         @Override
         public void onServiceDisconnected(ComponentName name) {
-            Log.d(TAG, "daemon onServiceDisconnected");
-            testIPC = null;
+            Log.d(TAG, "AIDL onServiceDisconnected");
+            if (isDaemon) daemonConn = null;
+            else aidlConn = null;
+            refreshUI();
         }
     }
 
+    private MSGConnection msgConn;
+
     class MSGConnection implements ServiceConnection {
 
+        private Messenger m;
+
         @Override
         public void onServiceConnected(ComponentName name, IBinder service) {
-            Log.d(TAG, "service onServiceConnected");
-            remoteMessenger = new Messenger(service);
-            if (serviceTestQueued) {
-                serviceTestQueued = false;
-                testService();
+            Log.d(TAG, "MSG onServiceConnected");
+            m = new Messenger(service);
+            msgConn = this;
+            refreshUI();
+
+            Message msg = Message.obtain(null, MSGService.MSG_GETINFO);
+            msg.replyTo = me;
+            try {
+                m.send(msg);
+            } catch (RemoteException e) {
+                Log.e(TAG, "Remote error", e);
+            } finally {
+                msg.recycle();
             }
         }
 
         @Override
         public void onServiceDisconnected(ComponentName name) {
-            Log.d(TAG, "service onServiceDisconnected");
-            remoteMessenger = null;
+            Log.d(TAG, "MSG onServiceDisconnected");
+            msgConn = null;
+            refreshUI();
         }
-    }
 
-    private void testDaemon() {
-        try {
-            consoleList.add("Daemon PID: " + testIPC.getPid());
-            consoleList.add("Daemon UID: " + testIPC.getUid());
-            String[] cmds = testIPC.readCmdline().split(" ");
-            if (cmds.length > 5) {
-                cmds = Arrays.copyOf(cmds, 6);
-                cmds[5] = "...";
+        void stop() {
+            if (m == null)
+                return;
+            Message msg = Message.obtain(null, MSGService.MSG_STOP);
+            try {
+                m.send(msg);
+            } catch (RemoteException e) {
+                Log.e(TAG, "Remote error", e);
+            } finally {
+                msg.recycle();
             }
-            consoleList.add("/proc/cmdline:");
-            consoleList.addAll(Arrays.asList(cmds));
-        } catch (RemoteException e) {
-            Log.e(TAG, "Remote error", e);
-        }
-    }
-
-    private void testService() {
-        Message message = Message.obtain(null, MSGService.MSG_GETINFO);
-        message.replyTo = myMessenger;
-        try {
-            remoteMessenger.send(message);
-        } catch (RemoteException e) {
-            Log.e(TAG, "Remote error", e);
         }
     }
 
     @Override
     public boolean handleMessage(@NonNull Message msg) {
-        consoleList.add("Remote PID: " + msg.arg1);
-        consoleList.add("Remote UID: " + msg.arg2);
-        String cmdline = msg.getData().getString(MSGService.CMDLINE_KEY);
-        String[] cmds = cmdline.split(" ");
-        if (cmds.length > 5) {
-            cmds = Arrays.copyOf(cmds, 6);
-            cmds[5] = "...";
-        }
-        consoleList.add("/proc/cmdline:");
-        consoleList.addAll(Arrays.asList(cmds));
+        consoleList.add("MSG PID  : " + msg.arg1);
+        consoleList.add("MSG UID  : " + msg.arg2);
+        String uuid = msg.getData().getString(MSGService.UUID_KEY);
+        consoleList.add("MSG UUID : " + uuid);
         return false;
     }
 
+    private void refreshUI() {
+        binding.aidlSvc.setText(aidlConn == null ? "Bind AIDL" : "Unbind AIDL");
+        binding.msgSvc.setText(msgConn == null ? "Bind MSG" : "Unbind MSG");
+        binding.testDaemon.setText(daemonConn == null ? "Bind Daemon" : "Unbind Daemon");
+    }
+
     @Override
     protected void onCreate(Bundle savedInstanceState) {
         super.onCreate(savedInstanceState);
         binding = ActivityMainBinding.inflate(getLayoutInflater());
         setContentView(binding.getRoot());
 
-        // Bind to a root service; IPC via Messages
-        binding.testSvc.setOnClickListener(v -> {
-            if (remoteMessenger == null) {
-                serviceTestQueued = true;
-                Intent intent = new Intent(this, MSGService.class);
-                RootService.bind(intent, conn);
-                return;
-            }
-            testService();
-        });
-
-        // Unbind service through RootService API
-        binding.unbindSvc.setOnClickListener(v -> RootService.unbind(conn));
-
-        // Send a message to service and ask it to stop itself to demonstrate stopSelf()
-        binding.stopSvc.setOnClickListener(v -> {
-            if (remoteMessenger != null) {
-                Message message = Message.obtain(null, MSGService.MSG_STOP);
-                try {
-                    remoteMessenger.send(message);
-                } catch (RemoteException e) {
-                    Log.e(TAG, "Remote error", e);
-                }
-            }
-        });
-
-        // Bind to a daemon root service; IPC via AIDL
-        binding.testDaemon.setOnClickListener(v -> {
-            if (testIPC == null) {
-                daemonTestQueued = true;
+        // Bind to a root service; IPC via AIDL
+        binding.aidlSvc.setOnClickListener(v -> {
+            if (aidlConn == null) {
                 Intent intent = new Intent(this, AIDLService.class);
-                RootService.bind(intent, new AIDLConnection());
-                return;
+                RootService.bind(intent, new AIDLConnection(false));
+            } else {
+                RootService.unbind(aidlConn);
             }
-            testDaemon();
         });
 
+        // Bind to a root service; IPC via Messages
+        binding.msgSvc.setOnClickListener(v -> {
+            if (msgConn == null) {
+                Intent intent = new Intent(this, MSGService.class);
+                RootService.bind(intent, new MSGConnection());
+            } else {
+                RootService.unbind(msgConn);
+            }
+        });
+
+        // Send a message to service and ask it to stop itself to test stopSelf()
+        binding.selfStop.setOnClickListener(v -> {
+            if (msgConn != null) {
+                msgConn.stop();
+            }
+        });
+
+        // To verify whether the daemon actually works, kill the app and try testing the
+        // daemon again. You should get the same PID as last time (as it was re-using the
+        // previous daemon process), and in AIDLService, onRebind should be called.
+        // Note: re-running the app in Android Studio is not the same as kill + relaunch.
+        // The root process will kill itself when it detects the client APK has updated.
+
+        // Bind to a daemon root service
+        binding.testDaemon.setOnClickListener(v -> {
+            if (daemonConn == null) {
+                Intent intent = new Intent(this, AIDLService.class);
+                intent.addCategory(RootService.CATEGORY_DAEMON_MODE);
+                RootService.bind(intent, new AIDLConnection(true));
+            } else {
+                RootService.unbind(daemonConn);
+            }
+        });
+
+        // Test the stop API
         binding.stopDaemon.setOnClickListener(v -> {
             Intent intent = new Intent(this, AIDLService.class);
-            // Use stop here instead of unbind because AIDLService is running as a daemon.
-            // To verify whether the daemon actually works, kill the app and try testing the
-            // daemon again. You should get the same PID as last time (as it was re-using the
-            // previous daemon process), and in AIDLService, onRebind should be called.
-            // Note: re-running the app in Android Studio is not the same as kill + relaunch.
-            // The root process will kill itself when it detects the client APK has updated.
+            intent.addCategory(RootService.CATEGORY_DAEMON_MODE);
             RootService.stop(intent);
         });
 
diff --git a/example/src/main/res/layout/activity_main.xml b/example/src/main/res/layout/activity_main.xml
index 690b12d..d893a50 100644
--- a/example/src/main/res/layout/activity_main.xml
+++ b/example/src/main/res/layout/activity_main.xml
@@ -72,23 +72,23 @@
         android:orientation="horizontal">
 
         <Button
-            android:id="@+id/test_svc"
+            android:id="@+id/aidl_svc"
             style="?android:borderlessButtonStyle"
             android:layout_width="0dp"
             android:layout_height="wrap_content"
             android:layout_weight="1"
-            android:text="Test SVC" />
+            android:text="Bind AIDL" />
 
         <Button
-            android:id="@+id/unbind_svc"
+            android:id="@+id/msg_svc"
             style="?android:borderlessButtonStyle"
             android:layout_width="0dp"
             android:layout_height="wrap_content"
             android:layout_weight="1"
-            android:text="Unbind" />
+            android:text="Bind MSG" />
 
         <Button
-            android:id="@+id/stop_svc"
+            android:id="@+id/self_stop"
             style="?android:borderlessButtonStyle"
             android:layout_width="0dp"
             android:layout_height="wrap_content"
@@ -118,7 +118,7 @@
             android:layout_width="0dp"
             android:layout_height="wrap_content"
             android:layout_weight="1"
-            android:text="Test Daemon" />
+            android:text="Bind Daemon" />
 
         <Button
             android:id="@+id/stop_daemon"
diff --git a/service/src/main/aidl/com/topjohnwu/superuser/internal/IRootServiceManager.aidl b/service/src/main/aidl/com/topjohnwu/superuser/internal/IRootServiceManager.aidl
index 814ab1c..e9a27c8 100644
--- a/service/src/main/aidl/com/topjohnwu/superuser/internal/IRootServiceManager.aidl
+++ b/service/src/main/aidl/com/topjohnwu/superuser/internal/IRootServiceManager.aidl
@@ -5,8 +5,8 @@ package com.topjohnwu.superuser.internal;
 
 interface IRootServiceManager {
     oneway void broadcast(int uid, String action);
-    oneway void stop(in ComponentName name);
-    oneway void connect(in Bundle bundle);
+    oneway void stop(in ComponentName name, int uid, String action);
+    oneway void connect(in IBinder binder, boolean debug);
     IBinder bind(in Intent intent);
     oneway void unbind(in ComponentName name);
 }
diff --git a/service/src/main/assets/main.jar b/service/src/main/assets/main.jar
index a897abf2bb8523c99826675fbb61c7d50a29358a..722330fbfb163b9d1c610f623c83497716f515fc 100644
GIT binary patch
delta 2741
zcmV;m3QF~$6@wO#H-FU?$Im?W<=wH@vwm)zc)aTn6P&e85?IFsg7YATHJHR0NNC7-
zc5F|wJF}jhO`NtsDp65d+I}ddEkbIgKBP)WAhoJ0q*hc=(Qo8KrM~zAQa@Bhf)7Zc
zEmix!ckbGgkg7QO`J8+1o%=ZV+;hiMwKqB@_wFa}%+G#t=6}!hN%Dug>(jS?%N_s5
zKR$WmYv1p?oFi%w(Z<p~oy5=Yq17m~7l9!I$d@5gkmD-R1Y`h-|MY&0s7J#yaiU+R
ziGByJfcL;(!Qa3K;3IGq{0saCs2TJJG*AL_;5@htUI4FvH^HC4RglIQcY-STDtHyV
z1>ON4fMh4pFn`zwj)N8OdGKxUQ}8-?7yKLS=pq^cJHc*H0(-$UI0z1bd%%6*aS(uK
z!E@ld;OF3N@CWcN_y}AD{{)mJN`QmlBv=AxfC(Jnf&e@Lo&nzhKL)=7SHNGu-@#Ro
z>L%(2gJ2Zw29w|*I126si(nOe5qudu4_*X60k4ABz<=A|kKjFU6{y(b98fS_xQ^fw
z5>qEs6AK1}2K9hm&<Fa#02l;$uni1>?O+EOrZ7%MKtaULDA);Z0=vK%xEbsQQ(zz1
z4{oC{me|iIVk0K>@pKq-lCXC`A`GbvJwaRTSev+L!|X|6&xkc0687#$`|e2lcJL>~
znvV;6uYa(og}xx>!}Lc)oBl|j1ESBA@Xy(F_$>3&S~^_!4$=M=p|i2Zh2BVqXN&0@
z(Dw-a>4^Ru^pen@kJv{e`b*F!g?=bv{}J?C#a_J(eXr1eDdu@QUu!?z$>lKJ#pMtk
z5%L)KX^gkiMEgNR&T%16^S$b#c_AO<QYM?rL4P{O_fMh2Ty{`}SPb^_{blkX-_sbK
z;c^F6iTOB34-5G@zDIF7#bu5j=dy=Zxy;j=kPfj}k@$SmJd&B*&c{h(1&2iW5x$-Q
zZqHy>Z|72_JGkuQe(1vUck?((&<c;66y3{ZH{H*rP7esVz+)*zOCpXQ<1)>k>qS2j
zmw!pRkJy>o#>@Ti^F2Iv!ukP>G{a>VS=_HZG{@tqlOE-Ah|cnu(rA&(u$&fg#m;nw
z<yic%^4CRhvokKm!`SVK)VF^!LbCdyNc}6~dA8q@$obLww?w_nXTLRv#cYh9F*#Dh
z&S)dcGQ(*ph8e}sGA3$Su2|=@$WUIIC4blGf+t*~6Ors1S?t+jF-E$ocl!^fD0iqs
znO0OftHhB}!yKk5p|(p=xnCvx8^*4wn`4aMa16a$m)STNZBikX>kE9$v$VJmWA4=B
zY|O>89qP1-G1bVJsu)vcV-E8%cVR?{kN9Cnm<RO9BJ$!1q`dWP0W}#(m*;UX7JsKC
z(siaiG$o^MTUb|MmTuuMMa=y!zSsSj_W`sV;w|&?3DR@LeFo{Vc~WEU<PI89GqNKq
zl$Xn-j~0&@#A=4%14t!oF@#?8(m^WTYS54>)4VG4XR~q!XGg`_OYk~YM+K>m8pckx
zDk;pp``Oy0T)7h^6?}v>UgdG$Fn{9kt1carHEBJ|_B|u(xnruPtY=5iwnKgNO|;v2
zET+Xy{}wC1?U<&;-RvmF$tR9t)SKuD>PSrE`phTHc3GR&;`G>WWYV><xW0W%*0smp
zkm;efWGW|?X*r=#u{?quVVNeADs&7W#&+TS=hF|Nk1=|U|9%lIZiY3Jntx9vC3kWU
zC6bxMa3V%$lX03(s3?#1=99DJ8%cVGGRbl>MaHw8R8GZc7_S#&@j^0#Rrb*aO($bi
z)`~Q?qpT%Sn<4kmAdM}KrMN!XPsd~H+1>C}S<BKGUS7&tj6w^$3AajlZJO_=Mj0)y
zE>p4B!1Kd2AIqr4UaSi<RexiMSM_AHPAm3=b()&dhBdjpe%Msf;u*~~67&wNG2SzK
z>)^G9!OO)gdNQ_$b;dX{?=p6%sH0Eg7TgzTaq9@pXJqcFD>7n1D^M5<SNIB8j$FX}
zU*cysLGn|n7o=|@GCq`e{I}zl-BruTd2Tk(wS>?{CUr@l-EXx0uz$`oSOLEqMh?+8
zrfEtZCm=85WZ<R8Q1l#Ysh}l$4+x*?<oPNV#^g2$nNxy#q*Kauy(<lNNk*4c=#r+o
z!gmPvt|EzZCAD)Rg?G5ZWj}wnk%dj7@P2IPFPZ1Z5ndh<c4M=>!6nm_NWYS(mneK+
zVR}-O^Fp%srSSbHxqn%Qd*TkO=D1F9C&ljwW%j7=d%oeg#@xc;dDC%8nj?9xLh4+l
zQXvIak}4!uU}fbB6ou8ul~XiaG2N=~In@cva|7EACJuY`hUY@N->lm+G<bsskQ>1a
z8UL&5Vc%>tY=4Gwn=QQN#H{01nXxBooNHVAud&XdAAiNP?0@U}sCeF|J6<q-%dXAP
zP}F$Bu6u!fbi=Y6f#bO|q;J-?0;h(aR%d9cVtMt6z-yfI*4&G&iDnDEx0<#;;jjs~
zW^Lkx=LIKi|AOr^*Ur%B|9`~%Os$qbQ!8tRdMoG53+9C5O)U7ZpA3B4tTPvIbIo*D
zCuTjbW}BE@cYnlqxMnt+%(2&*DxS$b-W#ci_$k^i+lE!vR*x7TSUzW40dx13?L^BB
zocguy-m1lv9e0(*()G64mQ$-<KfuXL&A_f-JHf>@-@9lo*ANiH5wmZv)G!$qc+J3X
zS%HVX@;7KOZwG5$b@O2!0*G3x<@-Ev%~~z&U0Nb}34aG<2?t1C!f{!`aZ&M$6;F|L
ziejhc*b$OXRY*VmX@BQV-@sSb7~AfUOzJSJRTf>2Wm8_nX9<U=bhi~a7o6Y{)@_?r
z8f@2j&5~$8Z@MP-hT`n3xm8M<&G0Nyw;2ScwKi)uZE+w;S|-UN)xt6<X4Sl=P5Tgg
zrOntYZGXmIsU3TzxpwSFM(eRKpTJ%)t@9{vc3-7<)x?QI?y)IuueZ!vlN8(cNwqhe
zfD$X7&+-W+SM7j1iaOg`7>|@`mwCHBl#bX|&GhYRWOJ!IVh{I}QZNaX^(m&td+9*A
z?cOZYd1SR`9e3Od-g(To<}5c`dni@IOv1^jHGd=;QtK?6rd|8u9A;p;=q2tg2h6B=
zt$>mZ({I{1B-GvTZ4_*lBf=a-x%HOqU#fWU`DQkwgl}7yteQ<)(+=*oEW6os5O$<C
zu@ltM<n!Y>JQ;XloIvwUw`p1d<y!7a4V!Db$9%6YsuLH?TFZW5g_0M2C*ZTmwY6~6
zMSm<3%iu=wkj4v(UYI&*<H;val)q3|hU*YYg#(4Ey-^r1AVL}r2E>8hQ}?PiDtsG>
zrfH*c&1~+m)@<v1vsG^v4y<6u?eRk0arc-Fr*L3uyx^DHPp!0SH9UeO+C*P4>@7`|
z_D>a_AX!l)Wk4Fh8zTPcU%9Nl-X(qMvVZzcR!)7~(<6P{iMv~g$$ghEt50kF(hoFA
zdOsscPj~Vw`+G)s2X~6QSc=H@_bPU`w!c{^wDsMJ-L36!SL_aMf4_>;);BE42=8U~
z9ZNC7zS#S_lnwtTVt-S~MmQGx&c!-sW3a!klx#SUE9`F}p|kI3{{>J>2MAACqa!eB
v3IG6r6952EO928D02BZS2nYZG03iTRSfem$3IG6r6O&>JI0mZ<00000hA?Dk

delta 2641
zcmV-X3a<5o7N8Z7H-A?Z$Ira><sEw;cI<4Nc)WHVZ4*E8!ihuMJgLLFbsg7D69OI2
zj_pZiXVx>biPQ9vN+5~=iKl2$RaHgeA^M>b@TDq9NZ}<FQK1S^6jYE9^h2rmP^3y!
zD*t=uu02VE=*GXCbI-kVALpEV@9xy?)!f*gee~AU6W{sly?@UhKlkFvZ|ytzgP*@a
zx4Bb(boMVLq9zfo&hLd5f0*V_Y###MGSL9!^N<-<R*6O+=OFP%*EFJM^F+r|MEg64
z?gsaOGvFLB!4hzR4?=JWJPMu!FMywdH^I9ghrWiu1egXFz!Tsb;8)<EpsW)e05iY>
zkAkm*?}JyspMStRAlpf_8SDiQfEDmH@J;Xxcn-V(z6V|eFM%I{m%-1#@4-L7```o6
z(M7Z!904c699RP9K?8)~5%3cDCHM_^6}%4K0B?e~z<VH7Ald@P!68rsr@?s;fJeaR
zz!$++!E@ld;D_KR;Md^K;P2qy;6ET;Br1YUU<@1pM}NU-V1o!Kh#6c+a1UWggsBi7
zB~%ehf-;LS=m8r*FX#gsK?Q6A{a`cLLUC>wU=UPA&J2UCU>n#Dc7WT!7}&#d4D6#g
zf7s{g9FZpU=b>jIC1J-OA@%4*C}~=6$J(Ss8)nZW?8St=o!A+%t{)3~kFa+L{S`4T
z)31p(y?=>5`$V5v;e%Im@w3bqujk_RZ4vEn7djj34xwL%zEkLbOXzPW^mn1}68ihO
zc%Ly{?O1Q~bfSG8_EDjCC))Hw9~ZG1hQ3?qV;ynq_p@iQx{q_&Pj?D=lvrM9yuMSk
z+lcHqA>?Tu7oAQDc`uhTEpXXOOFUKz9pN%VQ-8$rt%t{w$wNGT8lB~GGnvHvT%<W6
z&+s^<=s_-v^eHY&ROfOd*+MQ7%L|E)@%Z)e{_{NQ@jBvij_wlW2l%=+aJ!BS-_NB=
zlU#OlKNRr%-8^^FbPtzZ^hquYR1<QV=Tn+aiClV!%Pd(uZ;HJC4cH|T&z&uFoaaq!
z?|*|w4|1u~!`z=G`UKCVJk4{tiO%tS>Y)3%jLUhEQ*7T}MeIMohn3%nm&^CBl#28A
zsYHGIqYKIEzmll$6dQxZSrTV?vVNPWm-+11=P*}Lxu@ks4cmv!0^9j#(N!m6tAMzc
zodqj=6?v*ihsiU#;7QNu#A)Ce1^9e!NPnf0S}F$jXQ_O5PC1~c^su6lSBTFjU5T~r
zipu>e;oktpl-I`CcFQqJ#gfd%!DwTck34rA<5Wuu8)xfSPCKAs94#@9CdScJ9v?Q&
zAp9cnb=PyTud0a8EH>9lp^BQkG`Cx#=2(dea*_K%5p%kW$FLXkIe@nPylq9kkAF(#
zp}hu`v}sZ`Z)^(<s(IOwWva*@qtfuuF@so5Kh_4R#4Y;KYehOlL%R*?S7n-3W&UhI
z&f~6Du-;wpCRRXIX#+KlVT`t2iqFk`Y#ma0qLc4Tg_g07Kkz(m8Y%dzB%P3TX{Es8
znU_oD6RNJP6xh0R>O<GiZtDq6*MH9bLZZ_C6S|&SNXs-dF$k}*ouAKEbA5>YHte=a
z$1G;DonGeue;X}!z?#oaXETyFwv*DCe0m_Q(Zd;y4y09-cl1;;hbb^J^m)o>CNfzv
zzR*PzS&arVU9=-r&FGkAFRfA~{b}^Nl^&y<KA{(ABGW<XFAwNCtQDM@-hWshO=~NK
z+pyY+Oef9$7MXetd4e8T-5=GsuA)!yXy}yJE9z%xsK-G40G`dOLp@j(=BaAPB6TKN
zrw?_<b-J3@2Xwi;de~IbQ+eGp(sUhGjrZ&oD6TaOULGo-Cu4J5XWW7FW&x2HDxpu~
zcFZ0vb`Rp)j?De^nv6*5Rey>j`5JCec1~t7d!J{xN>}*4N|PdG&r8`WQu%k1$kRCY
z*uAlUdatmFYbl`(j+La+k$r|nu{T!u4OT^;O`{tbv_sdG3R+i?k1O~BVJM|CYpI|m
zyNBbaI{8_m#d)=fl_jXdol?2$uTpoHG~6XsyQJ~1_zq{^6C`m)NPq3~isHLf;j)*1
zuaJeUeWu9#%o^n7L18!6+8JENrva@Y3#kb`v(`_12USG<fROC_O8gxp!`n){ZRU{W
zI-V2VNvT7zEF2F4KQJ86n3_2{Z8{!FQzTE-NS&(HYNWtQQjO#qtgKvvqOh8Qn(5U8
z->HvUz8BeEG<wu;G=F^$+P!AOo}`VpXaKnyO_K4ysvZo?X44KPsl3+04@ZwUUY!}c
zlg6pGwf6?=6#5AkP0PNikDBj)xZ@c!uxxjd`jf_4yWvOn@m0%iMvm`IQfaNW6*(??
zT1s}qZ8N5WzQ=2p-x!Vj=6QeFyVM#DTNttx+QF#9X62dg=zpy5N2l!Iq8%__Ptx%J
zf5iMqtrk8~D{GQ^YUj<1=BVS3&IGWZiUQkgOj0p6yQa4^dek+;kU91yQ_VNI$9obL
z2|tw+W)_Ae*0z)|-nVexwj$>4b=z#qi=4)d?q09O>>O{2<<iZzBQ3|R-#oyn%VA_U
zZk*uUa^PPw7k^wN#6ZFv*o!VE!xAryf|eEe=&N#z2Ge%5?AO;G=HW)xTCE`9iEFxU
z+`BYS@;o-jJT{L!kF7G#w#s~smClfKhO{$NZ1>1#YE(M=VRx6$-ojNk7~9^EOv;({
zI?E%+vZ*3caRhs3<ggVv7oF%bmTjAL+Sso1!x7Pb+JE#+goaXVt9f<Gm|?t?sAxu!
zX)PZyLtE@ek`_p^NVTv^(k#~xZQ6@08(GV;k+m!vX=mBUR6ENPqjg)DPh`)S)&-Q;
zy04RDQ_5axnQlmm9R#G>t4>7eML%H22z4&mQ6l*$-!Ajo4JaM6E!Pa}dLoikOxWW9
zQWhqmvVT6sM0hVbl-tfMFrBASdyXl`yXarQEL~?IZ0(|~i<$5#km}-8A+^Dd%?{7L
zG=&+M9(qan3lTFaek-C((+olzJA#VMz(&Dldp|yqsJzm$gUdA^9$q`TC>_|=Wy`fm
z5AEo%W!YiqAje1z;djb~e180}&P0Bk70?3H3x7>3qH@bybP-D1I}!K|QJubMx-I*@
zMao<XoQTh++}7ez=degDgB!&|Ixo!m@i|GWk3T*;aizKd*CBDL2di~^wYsy4d}ult
z5W9C*!>`+@2yE9z7NK(440l<}wsj$FHNxt_Ma0?OS#3DpF0<)W503Aw1{3Y47F({1
zM}KfQhUg21JtN~I`^Kw}kt{2c+$Z(nD_yDl)K&Fgozjz6)h`v~?AzrY=^DGH6;<xN
zdR4ui?~~rkOVTxPUFSFEGX|~y9-zcM%w+q05W7p;?}QXue=nrc`nw^G*541MX#E|L
zWW;UQdm_b%`(odzr9%9kf&I3Tjd(2f9zTg)_G}FHJ4Y$R^B7~lNrcYcQ~eiEO9u#6
zTwn+W3IG7$5&!^DO928D02BZS2nYZG03iTYTwn+W3IG7$5|hOWI0i@x000002HPn_

diff --git a/service/src/main/java/com/topjohnwu/superuser/internal/BinderHolder.java b/service/src/main/java/com/topjohnwu/superuser/internal/BinderHolder.java
new file mode 100644
index 0000000..3bb2c73
--- /dev/null
+++ b/service/src/main/java/com/topjohnwu/superuser/internal/BinderHolder.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2022 John "topjohnwu" Wu
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.topjohnwu.superuser.internal;
+
+import android.os.IBinder;
+import android.os.RemoteException;
+
+abstract class BinderHolder implements IBinder.DeathRecipient {
+
+    private final IBinder binder;
+
+    BinderHolder(IBinder b) throws RemoteException {
+        binder = b;
+        binder.linkToDeath(this, 0);
+    }
+
+    @Override
+    public final void binderDied() {
+        binder.unlinkToDeath(this, 0);
+        UiThreadHandler.run(this::onBinderDied);
+    }
+
+    protected abstract void onBinderDied();
+}
diff --git a/service/src/main/java/com/topjohnwu/superuser/internal/RootServerMain.java b/service/src/main/java/com/topjohnwu/superuser/internal/RootServerMain.java
index 533ed1d..b3b55af 100644
--- a/service/src/main/java/com/topjohnwu/superuser/internal/RootServerMain.java
+++ b/service/src/main/java/com/topjohnwu/superuser/internal/RootServerMain.java
@@ -24,7 +24,6 @@ import android.os.IBinder;
 import android.os.Looper;
 import android.os.RemoteException;
 import android.util.Log;
-import android.util.Pair;
 
 import java.lang.reflect.Constructor;
 import java.lang.reflect.Method;
@@ -44,12 +43,13 @@ Expected command-line args:
 args[0]: client service component name
 args[1]: client UID
 args[2]: client broadcast receiver intent filter
-args[3]: {@link #CMDLINE_START_SERVICE} or {@link #CMDLINE_STOP_SERVICE}
+args[3]: CMDLINE_START_SERVICE, CMDLINE_START_DAEMON, or CMDLINE_STOP_SERVICE
 */
-class RootServerMain extends ContextWrapper implements Callable<Pair<Integer, String>> {
+class RootServerMain extends ContextWrapper implements Callable<Object[]> {
 
-    static final String CMDLINE_STOP_SERVICE = "stop";
     static final String CMDLINE_START_SERVICE = "start";
+    static final String CMDLINE_START_DAEMON = "daemon";
+    static final String CMDLINE_STOP_SERVICE = "stop";
 
     static final Method getService;
     static final Method addService;
@@ -110,10 +110,15 @@ class RootServerMain extends ContextWrapper implements Callable<Pair<Integer, St
 
     private final int uid;
     private final String filter;
+    private final boolean isDaemon;
 
     @Override
-    public Pair<Integer, String> call() {
-        return new Pair<>(uid, filter);
+    public Object[] call() {
+        Object[] objs = new Object[3];
+        objs[0] = uid;
+        objs[1] = filter;
+        objs[2] = isDaemon;
+        return objs;
     }
 
     public RootServerMain(String[] args) throws Exception {
@@ -123,30 +128,38 @@ class RootServerMain extends ContextWrapper implements Callable<Pair<Integer, St
         uid = Integer.parseInt(args[1]);
         filter = args[2];
         String action = args[3];
+        boolean stop = false;
 
-        // Get existing daemon process
-        Object binder = getService.invoke(null, getServiceName(name.getPackageName()));
-        IRootServiceManager m = IRootServiceManager.Stub.asInterface((IBinder) binder);
-
-        if (action.equals(CMDLINE_STOP_SERVICE)) {
-            if (m != null) {
-                try {
-                    m.stop(name);
-                    // If the process wasn't killed yet, send another broadcast
-                    m.broadcast(uid, filter);
-                } catch (RemoteException ignored) {}
-            }
-            System.exit(0);
+        switch (action) {
+            case CMDLINE_STOP_SERVICE:
+                stop = true;
+                // fallthrough
+            case CMDLINE_START_DAEMON:
+                isDaemon = true;
+                break;
+            default:
+                isDaemon = false;
+                break;
         }
 
-        if (m != null) {
-            try {
+        if (isDaemon) daemon: try {
+            // Get existing daemon process
+            Object binder = getService.invoke(null, getServiceName(name.getPackageName()));
+            IRootServiceManager m = IRootServiceManager.Stub.asInterface((IBinder) binder);
+            if (m == null)
+                break daemon;
+
+            if (stop) {
+                m.stop(name, uid, filter);
+            } else {
                 m.broadcast(uid, filter);
-                // Terminate process if broadcast went through
+                // Terminate process if broadcast went through without exception
                 System.exit(0);
-            } catch (RemoteException ignored) {
-                // Daemon process dead, continue
             }
+        } catch (RemoteException ignored) {
+        } finally {
+            if (stop)
+                System.exit(0);
         }
 
         Context systemContext = getSystemContext();
diff --git a/service/src/main/java/com/topjohnwu/superuser/internal/RootServiceManager.java b/service/src/main/java/com/topjohnwu/superuser/internal/RootServiceManager.java
index a8dc911..ba35f68 100644
--- a/service/src/main/java/com/topjohnwu/superuser/internal/RootServiceManager.java
+++ b/service/src/main/java/com/topjohnwu/superuser/internal/RootServiceManager.java
@@ -16,8 +16,11 @@
 
 package com.topjohnwu.superuser.internal;
 
+import static com.topjohnwu.superuser.internal.RootServerMain.CMDLINE_START_DAEMON;
 import static com.topjohnwu.superuser.internal.RootServerMain.CMDLINE_START_SERVICE;
 import static com.topjohnwu.superuser.internal.RootServerMain.CMDLINE_STOP_SERVICE;
+import static com.topjohnwu.superuser.internal.Utils.newArrayMap;
+import static com.topjohnwu.superuser.ipc.RootService.CATEGORY_DAEMON_MODE;
 
 import android.annotation.SuppressLint;
 import android.content.BroadcastReceiver;
@@ -36,7 +39,6 @@ import android.os.Message;
 import android.os.Messenger;
 import android.os.Process;
 import android.os.RemoteException;
-import android.util.ArrayMap;
 import android.util.Pair;
 
 import androidx.annotation.NonNull;
@@ -51,7 +53,6 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.util.ArrayList;
-import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Locale;
@@ -60,12 +61,11 @@ import java.util.UUID;
 import java.util.concurrent.Executor;
 
 @RestrictTo(RestrictTo.Scope.LIBRARY)
-public class RootServiceManager implements IBinder.DeathRecipient, Handler.Callback {
+public class RootServiceManager implements Handler.Callback {
 
     private static RootServiceManager mInstance;
 
     static final String TAG = "IPC";
-    static final String BUNDLE_DEBUG_KEY = "debug";
     static final String BUNDLE_BINDER_KEY = "binder";
     static final String LOGGING_ENV = "LIBSU_VERBOSE_LOGGING";
 
@@ -74,6 +74,9 @@ public class RootServiceManager implements IBinder.DeathRecipient, Handler.Callb
 
     private static final String INTENT_EXTRA_KEY = "extra.bundle";
 
+    private static final int REMOTE_EN_ROUTE = 1 << 0;
+    private static final int DAEMON_EN_ROUTE = 1 << 1;
+
     public static RootServiceManager getInstance() {
         if (mInstance == null) {
             mInstance = new RootServiceManager();
@@ -98,7 +101,7 @@ public class RootServiceManager implements IBinder.DeathRecipient, Handler.Callb
     }
 
     @NonNull
-    private static ComponentName enforceIntent(Intent intent) {
+    private static Pair<ComponentName, Boolean> enforceIntent(Intent intent) {
         ComponentName name = intent.getComponent();
         if (name == null) {
             throw new IllegalArgumentException("The intent does not have a component set");
@@ -106,38 +109,35 @@ public class RootServiceManager implements IBinder.DeathRecipient, Handler.Callb
         if (!name.getPackageName().equals(Utils.getContext().getPackageName())) {
             throw new IllegalArgumentException("RootServices outside of the app are not supported");
         }
-        return name;
+        return new Pair<>(name, intent.hasCategory(CATEGORY_DAEMON_MODE));
     }
 
-    private IRootServiceManager mRM;
-    private List<Runnable> pendingTasks;
+    private static void disconnect(Map.Entry<ServiceConnection, Pair<RemoteService, Executor>> e) {
+        e.getValue().second.execute(() ->
+                e.getKey().onServiceDisconnected(e.getValue().first.key.first));
+    }
+
+    private RemoteProcess mRemote;
+    private RemoteProcess mDaemon;
+
     private String filterAction;
+    private int flags = 0;
 
-    private final Map<ComponentName, RemoteService> services;
-    private final Map<ServiceConnection, Pair<RemoteService, Executor>> connections;
+    private final List<BindTask> pendingTasks = new ArrayList<>();
+    private final Map<Pair<ComponentName, Boolean>, RemoteService> services = newArrayMap();
+    private final Map<ServiceConnection, Pair<RemoteService, Executor>> connections = newArrayMap();
 
-    private RootServiceManager() {
-        if (Build.VERSION.SDK_INT >= 19) {
-            services = new ArrayMap<>();
-            connections = new ArrayMap<>();
-        } else {
-            services = new HashMap<>();
-            connections = new HashMap<>();
-        }
-    }
+    private RootServiceManager() {}
 
     private Runnable createStartRootProcessTask(ComponentName name, String action) {
         Context context = Utils.getContext();
-        Bundle b = null;
+        boolean[] debug = new boolean[1];
         if (filterAction == null) {
             filterAction = UUID.randomUUID().toString();
-            Bundle connectArgs = new Bundle();
-            b = connectArgs;
 
             // Receive ACK and service stop signal
             Handler h = new Handler(Looper.getMainLooper(), this);
             Messenger m = new Messenger(h);
-            connectArgs.putBinder(BUNDLE_BINDER_KEY, m.getBinder());
 
             // Register receiver to receive binder from root process
             IntentFilter filter = new IntentFilter(filterAction);
@@ -150,9 +150,9 @@ public class RootServiceManager implements IBinder.DeathRecipient, Handler.Callb
                     IBinder binder = bundle.getBinder(BUNDLE_BINDER_KEY);
                     if (binder == null)
                         return;
-                    IRootServiceManager m = IRootServiceManager.Stub.asInterface(binder);
+                    IRootServiceManager sm = IRootServiceManager.Stub.asInterface(binder);
                     try {
-                        m.connect(connectArgs);
+                        sm.connect(m.getBinder(), debug[0]);
                     } catch (RemoteException e) {
                         Utils.err(TAG, e);
                     }
@@ -173,9 +173,7 @@ public class RootServiceManager implements IBinder.DeathRecipient, Handler.Callb
 
         // Only support debugging on SDK >= 27
         if (Build.VERSION.SDK_INT >= 27 && Debug.isDebuggerConnected()) {
-            if (b != null) {
-                b.putBoolean(BUNDLE_DEBUG_KEY, true);
-            }
+            debug[0] = true;
             // Reference of the params to start jdwp:
             // https://developer.android.com/ndk/guides/wrap-script#debugging_when_using_wrapsh
             if (Build.VERSION.SDK_INT == 27) {
@@ -208,51 +206,53 @@ public class RootServiceManager implements IBinder.DeathRecipient, Handler.Callb
         };
     }
 
-    private boolean bind(Intent intent, Executor executor, ServiceConnection conn) {
+    // Returns null if binding is done synchronously, or else return key
+    private Pair<ComponentName, Boolean> bindInternal(
+            Intent intent, Executor executor, ServiceConnection conn) {
         enforceMainThread();
 
         // Local cache
-        ComponentName name = enforceIntent(intent);
-        RemoteService s = services.get(name);
+        Pair<ComponentName, Boolean> key = enforceIntent(intent);
+        RemoteService s = services.get(key);
         if (s != null) {
             connections.put(conn, new Pair<>(s, executor));
             s.refCount++;
-            executor.execute(() -> conn.onServiceConnected(name, s.binder));
-            return true;
+            executor.execute(() -> conn.onServiceConnected(key.first, s.binder));
+            return null;
         }
 
-        if (mRM == null)
-            return false;
+        RemoteProcess p = key.second ? mDaemon : mRemote;
+        if (p == null)
+            return key;
 
         try {
-            IBinder binder = mRM.bind(intent);
+            IBinder binder = p.sm.bind(intent);
             if (binder != null) {
-                RemoteService r = new RemoteService(name, binder);
+                RemoteService r = new RemoteService(key, binder, p);
                 connections.put(conn, new Pair<>(r, executor));
-                services.put(name, r);
-                executor.execute(() -> conn.onServiceConnected(name, binder));
+                services.put(key, r);
+                executor.execute(() -> conn.onServiceConnected(key.first, binder));
             } else if (Build.VERSION.SDK_INT >= 28) {
-                executor.execute(() -> conn.onNullBinding(name));
+                executor.execute(() -> conn.onNullBinding(key.first));
             }
         } catch (RemoteException e) {
             Utils.err(TAG, e);
-            mRM = null;
-            return false;
+            p.binderDied();
+            return key;
         }
 
-        return true;
+        return null;
     }
 
     public Runnable createBindTask(Intent intent, Executor executor, ServiceConnection conn) {
-        if (!bind(intent, executor, conn)) {
-            boolean launch = false;
-            if (pendingTasks == null) {
-                pendingTasks = new ArrayList<>();
-                launch = true;
-            }
-            pendingTasks.add(() -> bind(intent, executor, conn));
-            if (launch) {
-                return createStartRootProcessTask(intent.getComponent(), CMDLINE_START_SERVICE);
+        Pair<ComponentName, Boolean> key = bindInternal(intent, executor, conn);
+        if (key != null) {
+            pendingTasks.add(() -> bindInternal(intent, executor, conn) == null);
+            int mask = key.second ? DAEMON_EN_ROUTE : REMOTE_EN_ROUTE;
+            String action = key.second ? CMDLINE_START_DAEMON : CMDLINE_START_SERVICE;
+            if ((flags & mask) == 0) {
+                flags |= mask;
+                return createStartRootProcessTask(key.first, action);
             }
         }
         return null;
@@ -261,18 +261,15 @@ public class RootServiceManager implements IBinder.DeathRecipient, Handler.Callb
     public void unbind(@NonNull ServiceConnection conn) {
         enforceMainThread();
 
-        if (mRM == null)
-            return;
-
         Pair<RemoteService, Executor> p = connections.remove(conn);
         if (p != null) {
             p.first.refCount--;
-            p.second.execute(() -> conn.onServiceDisconnected(p.first.name));
+            p.second.execute(() -> conn.onServiceDisconnected(p.first.key.first));
             if (p.first.refCount == 0) {
                 // Actually close the service
-                services.remove(p.first.name);
+                services.remove(p.first.key);
                 try {
-                    mRM.unbind(p.first.name);
+                    p.first.host.sm.unbind(p.first.key.first);
                 } catch (RemoteException e) {
                     Utils.err(TAG, e);
                 }
@@ -280,10 +277,10 @@ public class RootServiceManager implements IBinder.DeathRecipient, Handler.Callb
         }
     }
 
-    private boolean stopInternal(ComponentName name) {
-        RemoteService s = services.remove(name);
+    private void stopInternal(Pair<ComponentName, Boolean> key) {
+        RemoteService s = services.remove(key);
         if (s == null)
-            return false;
+            return;
 
         // Notify all connections
         Iterator<Map.Entry<ServiceConnection, Pair<RemoteService, Executor>>> it =
@@ -291,52 +288,34 @@ public class RootServiceManager implements IBinder.DeathRecipient, Handler.Callb
         while (it.hasNext()) {
             Map.Entry<ServiceConnection, Pair<RemoteService, Executor>> e = it.next();
             if (e.getValue().first.equals(s)) {
-                e.getValue().second.execute(() -> e.getKey().onServiceDisconnected(name));
+                disconnect(e);
                 it.remove();
             }
         }
-        return true;
     }
 
     public void stop(Intent intent) {
         enforceMainThread();
 
-        ComponentName name = enforceIntent(intent);
-        if (mRM == null) {
-            // Start a new root process
-            Runnable r = createStartRootProcessTask(name, CMDLINE_STOP_SERVICE);
-            Shell.EXECUTOR.execute(r);
+        Pair<ComponentName, Boolean> key = enforceIntent(intent);
+        RemoteProcess p = key.second ? mDaemon : mRemote;
+        if (p == null) {
+            if (key.second) {
+                // Start a new root process to stop daemon
+                Runnable r = createStartRootProcessTask(key.first, CMDLINE_STOP_SERVICE);
+                Shell.EXECUTOR.execute(r);
+            }
             return;
         }
 
-        if (!stopInternal(name))
-            return;
+        stopInternal(key);
         try {
-            mRM.stop(name);
+            p.sm.stop(key.first, -1, null);
         } catch (RemoteException e) {
             Utils.err(TAG, e);
         }
     }
 
-    @Override
-    public void binderDied() {
-        UiThreadHandler.run(() -> {
-            if (mRM != null) {
-                mRM.asBinder().unlinkToDeath(this, 0);
-                mRM = null;
-            }
-
-            // Notify all connections
-            for (Map.Entry<ServiceConnection, Pair<RemoteService, Executor>> e
-                    : connections.entrySet()) {
-                e.getValue().second.execute(() ->
-                        e.getKey().onServiceDisconnected(e.getValue().first.name));
-            }
-            connections.clear();
-            services.clear();
-        });
-    }
-
     @Override
     public boolean handleMessage(@NonNull Message msg) {
         switch (msg.what) {
@@ -344,35 +323,81 @@ public class RootServiceManager implements IBinder.DeathRecipient, Handler.Callb
                 IBinder b = ((Bundle) msg.obj).getBinder(BUNDLE_BINDER_KEY);
                 if (b == null)
                     return false;
+                RemoteProcess p;
                 try {
-                    b.linkToDeath(this, 0);
+                    p = new RemoteProcess(b);
                 } catch (RemoteException e) {
                     return false;
                 }
-                mRM = IRootServiceManager.Stub.asInterface(b);
-                List<Runnable> tasks = pendingTasks;
-                pendingTasks = null;
-                if (tasks != null) {
-                    for (Runnable r : tasks) {
-                        r.run();
+                if (msg.arg1 == 0) {
+                    mRemote = p;
+                    flags &= ~REMOTE_EN_ROUTE;
+                } else {
+                    mDaemon = p;
+                    flags &= ~DAEMON_EN_ROUTE;
+                }
+                for (int i = pendingTasks.size() - 1; i >= 0; --i) {
+                    if (pendingTasks.get(i).run()) {
+                        pendingTasks.remove(i);
                     }
                 }
                 break;
             case MSG_STOP:
-                stopInternal((ComponentName) msg.obj);
+                stopInternal(new Pair<>((ComponentName) msg.obj, msg.arg1 != 0));
                 break;
         }
         return false;
     }
 
-    static class RemoteService {
-        final ComponentName name;
-        final IBinder binder;
-        int refCount = 1;
+    class RemoteProcess extends BinderHolder {
 
-        RemoteService(ComponentName name, IBinder binder) {
-            this.name = name;
-            this.binder = binder;
+        final IRootServiceManager sm;
+
+        RemoteProcess(IBinder b) throws RemoteException {
+            super(b);
+            sm = IRootServiceManager.Stub.asInterface(b);
+        }
+
+        @Override
+        protected void onBinderDied() {
+            if (mRemote == this)
+                mRemote = null;
+            if (mDaemon == this)
+                mDaemon = null;
+
+            Iterator<RemoteService> sit = services.values().iterator();
+            while (sit.hasNext()) {
+                if (sit.next().host == this) {
+                    sit.remove();
+                }
+            }
+
+            Iterator<Map.Entry<ServiceConnection, Pair<RemoteService, Executor>>> it =
+                    connections.entrySet().iterator();
+            while (it.hasNext()) {
+                Map.Entry<ServiceConnection, Pair<RemoteService, Executor>> e = it.next();
+                if (e.getValue().first.host == this) {
+                    disconnect(e);
+                    it.remove();
+                }
+            }
         }
     }
+
+    static class RemoteService {
+        final Pair<ComponentName, Boolean> key;
+        final IBinder binder;
+        final RemoteProcess host;
+        int refCount = 1;
+
+        RemoteService(Pair<ComponentName, Boolean> key, IBinder binder, RemoteProcess host) {
+            this.key = key;
+            this.binder = binder;
+            this.host = host;
+        }
+    }
+
+    interface BindTask {
+        boolean run();
+    }
 }
diff --git a/service/src/main/java/com/topjohnwu/superuser/internal/RootServiceServer.java b/service/src/main/java/com/topjohnwu/superuser/internal/RootServiceServer.java
index a385a62..cc9e3ae 100644
--- a/service/src/main/java/com/topjohnwu/superuser/internal/RootServiceServer.java
+++ b/service/src/main/java/com/topjohnwu/superuser/internal/RootServiceServer.java
@@ -19,12 +19,13 @@ package com.topjohnwu.superuser.internal;
 import static com.topjohnwu.superuser.internal.RootServerMain.attachBaseContext;
 import static com.topjohnwu.superuser.internal.RootServerMain.getServiceName;
 import static com.topjohnwu.superuser.internal.RootServiceManager.BUNDLE_BINDER_KEY;
-import static com.topjohnwu.superuser.internal.RootServiceManager.BUNDLE_DEBUG_KEY;
 import static com.topjohnwu.superuser.internal.RootServiceManager.LOGGING_ENV;
 import static com.topjohnwu.superuser.internal.RootServiceManager.MSG_ACK;
 import static com.topjohnwu.superuser.internal.RootServiceManager.MSG_STOP;
 import static com.topjohnwu.superuser.internal.RootServiceManager.TAG;
 import static com.topjohnwu.superuser.internal.Utils.context;
+import static com.topjohnwu.superuser.internal.Utils.newArrayMap;
+import static com.topjohnwu.superuser.internal.Utils.newArraySet;
 
 import android.annotation.SuppressLint;
 import android.content.ComponentName;
@@ -39,8 +40,7 @@ import android.os.Message;
 import android.os.Messenger;
 import android.os.RemoteException;
 import android.os.UserHandle;
-import android.util.ArrayMap;
-import android.util.Pair;
+import android.util.SparseArray;
 
 import androidx.annotation.Nullable;
 import androidx.annotation.RestrictTo;
@@ -50,66 +50,66 @@ import com.topjohnwu.superuser.ipc.RootService;
 
 import java.io.File;
 import java.lang.reflect.Constructor;
-import java.util.HashMap;
 import java.util.Iterator;
 import java.util.Map;
+import java.util.Set;
 import java.util.concurrent.Callable;
 
 @RestrictTo(RestrictTo.Scope.LIBRARY)
-public class RootServiceServer extends IRootServiceManager.Stub implements IBinder.DeathRecipient {
+public class RootServiceServer extends IRootServiceManager.Stub {
 
     private static RootServiceServer mInstance;
 
-    @SuppressWarnings("rawtypes")
     public static RootServiceServer getInstance(Context context) {
         if (mInstance == null) {
             mInstance = new RootServiceServer(context);
-            if (context instanceof Callable) {
-                try {
-                    Pair p = (Pair) ((Callable) context).call();
-                    mInstance.broadcast((int) p.first, (String) p.second);
-                } catch (Exception ignored) {}
-            }
         }
         return mInstance;
     }
 
     @SuppressWarnings("FieldCanBeLocal")
     private final FileObserver observer;  /* A strong reference is required */
-    private final Map<ComponentName, ServiceContainer> activeServices;
-    private Messenger client;
-    private boolean isDaemon = false;
+    private final Map<ComponentName, ServiceContainer> activeServices = newArrayMap();
+    private final SparseArray<ClientProcess> clients = new SparseArray<>();
+    private final boolean isDaemon;
 
+    @SuppressWarnings("rawtypes")
     private RootServiceServer(Context context) {
         Shell.enableVerboseLogging = System.getenv(LOGGING_ENV) != null;
         Utils.context = Utils.getContextImpl(context);
-        if (Build.VERSION.SDK_INT >= 19) {
-            activeServices = new ArrayMap<>();
-        } else {
-            activeServices = new HashMap<>();
-        }
         observer = new AppObserver(new File(context.getPackageCodePath()));
         observer.startWatching();
+        if (context instanceof Callable) {
+            try {
+                Object[] objs = (Object[]) ((Callable) context).call();
+                broadcast((int) objs[0], (String) objs[1]);
+                isDaemon = (boolean) objs[2];
+                if (isDaemon) {
+                    // Register ourselves as system service
+                    HiddenAPIs.addService(getServiceName(context.getPackageName()), this);
+                }
+            } catch (Exception e) {
+                throw new RuntimeException(e);
+            }
+        } else {
+            throw new IllegalArgumentException("Expected Context to be Callable");
+        }
     }
 
     @Override
-    public void connect(Bundle bundle) {
-        if (client != null)
+    public void connect(IBinder binder, boolean debug) {
+        ClientProcess c = clients.get(getCallingUid());
+        if (c != null)
             return;
 
-        IBinder binder = bundle.getBinder(BUNDLE_BINDER_KEY);
-        if (binder == null)
-            return;
-        final Messenger c;
         try {
-            binder.linkToDeath(this, 0);
-            c = new Messenger(binder);
+            c = new ClientProcess(binder);
         } catch (RemoteException e) {
             Utils.err(TAG, e);
             return;
         }
 
-        if (bundle.getBoolean(BUNDLE_DEBUG_KEY, false)) {
+        if (debug) {
             // ActivityThread.attach(true, 0) will set this to system_process
             HiddenAPIs.setAppName(context.getPackageName() + ":root");
             Utils.log(TAG, "Waiting for debugger to be attached...");
@@ -121,15 +121,18 @@ public class RootServiceServer extends IRootServiceManager.Stub implements IBind
             Utils.log(TAG, "Debugger attached!");
         }
 
+        Bundle bundle = new Bundle();
+        bundle.putBinder(BUNDLE_BINDER_KEY, this);
+
         Message m = Message.obtain();
         m.what = MSG_ACK;
-        bundle = new Bundle();
-        bundle.putBinder(BUNDLE_BINDER_KEY, this);
+        m.arg1 = isDaemon ? 1 : 0;
         m.obj = bundle;
         try {
-            c.send(m);
-            client = c;
-        } catch (RemoteException ignored) {
+            c.m.send(m);
+            clients.put(c.uid, c);
+        } catch (RemoteException e) {
+            Utils.err(TAG, e);
         } finally {
             m.recycle();
         }
@@ -137,6 +140,9 @@ public class RootServiceServer extends IRootServiceManager.Stub implements IBind
 
     @SuppressLint("MissingPermission")
     public void broadcast(int uid, String action) {
+        // Use the UID argument iff caller is root
+        uid = getCallingUid() == 0 ? uid : getCallingUid();
+        Utils.log(TAG, "broadcast to uid=" + uid);
         Intent intent = RootServiceManager.getBroadcastIntent(context, action, this);
         if (Build.VERSION.SDK_INT >= 24) {
             UserHandle h = UserHandle.getUserHandleForUid(uid);
@@ -149,9 +155,10 @@ public class RootServiceServer extends IRootServiceManager.Stub implements IBind
     @Override
     public IBinder bind(Intent intent) {
         IBinder[] b = new IBinder[1];
+        int uid = getCallingUid();
         UiThreadHandler.runAndWait(() -> {
             try {
-                b[0] = bindInternal(intent);
+                b[0] = bindInternal(uid, intent);
             } catch (Exception e) {
                 Utils.err(TAG, e);
             }
@@ -161,47 +168,55 @@ public class RootServiceServer extends IRootServiceManager.Stub implements IBind
 
     @Override
     public void unbind(ComponentName name) {
+        int uid = getCallingUid();
         UiThreadHandler.run(() -> {
             Utils.log(TAG, name.getClassName() + " unbind");
-            stopService(name, false);
+            stopService(uid, name, false);
         });
     }
 
     @Override
-    public void stop(ComponentName name) {
+    public void stop(ComponentName name, int uid, String action) {
+        // Use the UID argument iff caller is root
+        int clientUid = getCallingUid() == 0 ? uid : getCallingUid();
         UiThreadHandler.run(() -> {
             Utils.log(TAG, name.getClassName() + " stop");
-            stopService(name, true);
-        });
-    }
-
-    @Override
-    public void binderDied() {
-        Messenger c = client;
-        client = null;
-        if (c != null)
-            c.getBinder().unlinkToDeath(this, 0);
-        UiThreadHandler.run(() -> {
-            Utils.log(TAG, "Client process terminated");
-            stopAllService(false);
+            stopService(clientUid, name, true);
+            if (action != null) {
+                // If we aren't killed yet, send another broadcast
+                broadcast(clientUid, action);
+            }
         });
     }
 
     public void selfStop(ComponentName name) {
         UiThreadHandler.run(() -> {
+            ServiceContainer s = activeServices.get(name);
+            if (s == null)
+                return;
+
             Utils.log(TAG, name.getClassName() + " selfStop");
-            stopService(name, true);
-            Messenger c = client;
-            if (c != null) {
-                Message m = Message.obtain();
-                m.what = MSG_STOP;
-                m.obj = name;
+
+            // Backup all users as we need to notify them
+            Integer[] users = s.users.toArray(new Integer[0]);
+            s.users.clear();
+            stopService(-1, name, true);
+
+            // Notify all users
+            for (int uid : users) {
+                ClientProcess c = clients.get(uid);
+                if (c == null)
+                    continue;
+                Message msg = Message.obtain();
+                msg.what = MSG_STOP;
+                msg.arg1 = isDaemon ? 1 : 0;
+                msg.obj = name;
                 try {
-                    c.send(m);
+                    c.m.send(msg);
                 } catch (RemoteException e) {
                     Utils.err(TAG, e);
                 } finally {
-                    m.recycle();
+                    msg.recycle();
                 }
             }
         });
@@ -213,51 +228,51 @@ public class RootServiceServer extends IRootServiceManager.Stub implements IBind
         activeServices.put(service.getComponentName(), c);
     }
 
-    private IBinder bindInternal(Intent intent) throws Exception {
+    private IBinder bindInternal(int uid, Intent intent) throws Exception {
+        ClientProcess c = clients.get(uid);
+        if (c == null)
+            return null;
+
         ComponentName name = intent.getComponent();
 
-        ServiceContainer c = activeServices.get(name);
-        if (c == null) {
+        ServiceContainer s = activeServices.get(name);
+        if (s == null) {
             Class<?> clz = Class.forName(name.getClassName());
             Constructor<?> ctor = clz.getDeclaredConstructor();
             ctor.setAccessible(true);
             attachBaseContext.invoke(ctor.newInstance(), context);
 
             // RootService should be registered after attachBaseContext
-            c = activeServices.get(name);
-            if (c == null) {
+            s = activeServices.get(name);
+            if (s == null) {
                 return null;
             }
         }
 
-        if (c.binder != null) {
+        if (s.binder != null) {
             Utils.log(TAG, name.getClassName() + " rebind");
-            c.service.onRebind(c.intent);
+            if (s.rebind)
+                s.service.onRebind(s.intent);
         } else {
             Utils.log(TAG, name.getClassName() + " bind");
-            c.binder = c.service.onBind(intent);
-            c.intent = intent.cloneFilter();
+            s.binder = s.service.onBind(intent);
+            s.intent = intent.cloneFilter();
         }
+        s.users.add(uid);
 
-        return c.binder;
+        return s.binder;
     }
 
-    private void setAsDaemon() {
-        if (!isDaemon) {
-            // Register ourselves as system service
-            HiddenAPIs.addService(getServiceName(context.getPackageName()), this);
-            isDaemon = true;
-        }
-    }
-
-    private void stopService(ComponentName className, boolean force) {
-        ServiceContainer c = activeServices.get(className);
-        if (c != null) {
-            if (!c.service.onUnbind(c.intent) || force) {
-                c.service.onDestroy();
-                activeServices.remove(className);
-            } else {
-                setAsDaemon();
+    private void stopService(int uid, ComponentName name, boolean destroy) {
+        ServiceContainer s = activeServices.get(name);
+        if (s != null) {
+            s.users.remove(uid);
+            if (s.users.isEmpty()) {
+                s.rebind = s.service.onUnbind(s.intent);
+                if (destroy || !isDaemon) {
+                    s.service.onDestroy();
+                    activeServices.remove(name);
+                }
             }
         }
         if (activeServices.isEmpty()) {
@@ -266,19 +281,25 @@ public class RootServiceServer extends IRootServiceManager.Stub implements IBind
         }
     }
 
-    private void stopAllService(boolean force) {
+    private void stopServices(int uid) {
         Iterator<Map.Entry<ComponentName, ServiceContainer>> it =
                 activeServices.entrySet().iterator();
         while (it.hasNext()) {
-            ServiceContainer c = it.next().getValue();
-            if (!c.service.onUnbind(c.intent) || force) {
-                c.service.onDestroy();
-                it.remove();
-            } else {
-                setAsDaemon();
+            ServiceContainer s = it.next().getValue();
+            if (uid < 0)
+                s.users.clear();
+            else
+                s.users.remove(uid);
+
+            if (s.users.isEmpty()) {
+                s.rebind = s.service.onUnbind(s.intent);
+                if (uid < 0 || !isDaemon) {
+                    s.service.onDestroy();
+                    it.remove();
+                }
             }
         }
-        if (force || activeServices.isEmpty()) {
+        if (activeServices.isEmpty()) {
             // Terminate root process
             System.exit(0);
         }
@@ -300,15 +321,37 @@ public class RootServiceServer extends IRootServiceManager.Stub implements IBind
             if (event == DELETE_SELF || name.equals(path)) {
                 UiThreadHandler.run(() -> {
                     Utils.log(TAG, "App updated, terminate");
-                    stopAllService(true);
+                    stopServices(-1);
+                    System.exit(0);
                 });
             }
         }
     }
 
+    class ClientProcess extends BinderHolder {
+
+        final Messenger m;
+        final int uid;
+
+        ClientProcess(IBinder b) throws RemoteException {
+            super(b);
+            m = new Messenger(b);
+            uid = getCallingUid();
+        }
+
+        @Override
+        protected void onBinderDied() {
+            Utils.log(TAG, "Client process terminated");
+            clients.remove(uid);
+            stopServices(uid);
+        }
+    }
+
     static class ServiceContainer {
         RootService service;
         Intent intent;
         IBinder binder;
+        boolean rebind;
+        final Set<Integer> users = newArraySet();
     }
 }
diff --git a/service/src/main/java/com/topjohnwu/superuser/ipc/RootService.java b/service/src/main/java/com/topjohnwu/superuser/ipc/RootService.java
index 5f4edef..a5111a1 100644
--- a/service/src/main/java/com/topjohnwu/superuser/ipc/RootService.java
+++ b/service/src/main/java/com/topjohnwu/superuser/ipc/RootService.java
@@ -80,6 +80,16 @@ import java.util.concurrent.Executor;
  */
 public abstract class RootService extends ContextWrapper {
 
+    /**
+     * Launch the service in "Daemon Mode".
+     * <p>
+     * Add this category in the intents passed to {@link #bind(Intent, ServiceConnection)},
+     * {@link #bind(Intent, Executor, ServiceConnection)}, or
+     * {@link #createBindTask(Intent, Executor, ServiceConnection)}
+     * to have the service launched in "Daemon Mode".
+     */
+    public static final String CATEGORY_DAEMON_MODE = "com.topjohnwu.superuser.DAEMON_MODE";
+
     /**
      * Connect to a root service, creating it if needed.
      * @param intent identifies the service to connect to.