Fix unable to uninstall data-protected apps like Clash Party

Previously, apps matching DATA_PROTECTED_BUNDLES patterns (VPNs, dev tools, etc.) could not be uninstalled because should_protect_path blocked their deletion. Now use MOLE_UNINSTALL_MODE to distinguish between cleanup and explicit uninstall, allowing users to remove these apps when they choose to while still protecting their data during normal cleanup operations. Also allow deletion of installer receipts in /private/var/db/receipts/.
2026-02-04 22:04:43 +00:00 · 2026-01-20 11:53:45 +08:00
parent 6d041a22e1
commit d044b2876e
3 changed files with 37 additions and 12 deletions
--- a/lib/core/app_protection.sh
+++ b/lib/core/app_protection.sh
@@ -493,6 +493,9 @@ should_protect_data() {
 # Check if a path is protected from deletion
 # Centralized logic to protect system settings, control center, and critical apps
 #
+# In uninstall mode (MOLE_UNINSTALL_MODE=1), only system-critical components are protected.
+# Data-protected apps (VPNs, dev tools, etc.) can be uninstalled when user explicitly chooses to.
+#
 # Args: $1 - path to check
 # Returns: 0 if protected, 1 if safe to delete
 should_protect_path() {
@@ -577,17 +580,31 @@ should_protect_path() {

    # 6. Match full path against protected patterns
    # This catches things like /Users/tw93/Library/Caches/Claude when pattern is *Claude*
-    for pattern in "${SYSTEM_CRITICAL_BUNDLES[@]}" "${DATA_PROTECTED_BUNDLES[@]}"; do
-        if bundle_matches_pattern "$path" "$pattern"; then
-            return 0
-        fi
-    done
+    # In uninstall mode, only check system-critical bundles (user explicitly chose to uninstall)
+    if [[ "${MOLE_UNINSTALL_MODE:-0}" == "1" ]]; then
+        # Uninstall mode: only protect system-critical components
+        for pattern in "${SYSTEM_CRITICAL_BUNDLES[@]}"; do
+            if bundle_matches_pattern "$path" "$pattern"; then
+                return 0
+            fi
+        done
+    else
+        # Normal mode (cleanup): protect both system-critical and data-protected bundles
+        for pattern in "${SYSTEM_CRITICAL_BUNDLES[@]}" "${DATA_PROTECTED_BUNDLES[@]}"; do
+            if bundle_matches_pattern "$path" "$pattern"; then
+                return 0
+            fi
+        done
+    fi

    # 7. Check if the filename itself matches any protected patterns
-    local filename
-    filename=$(basename "$path")
-    if should_protect_data "$filename"; then
-        return 0
+    # Skip in uninstall mode - user explicitly chose to remove this app
+    if [[ "${MOLE_UNINSTALL_MODE:-0}" != "1" ]]; then
+        local filename
+        filename=$(basename "$path")
+        if should_protect_data "$filename"; then
+            return 0
+        fi
    fi

    return 1
--- a/lib/core/file_ops.sh
+++ b/lib/core/file_ops.sh
@@ -102,7 +102,8 @@ validate_path_for_deletion() {
            /private/var/db/diagnostics | /private/var/db/diagnostics/* | \
            /private/var/db/DiagnosticPipeline | /private/var/db/DiagnosticPipeline/* | \
            /private/var/db/powerlog | /private/var/db/powerlog/* | \
-            /private/var/db/reportmemoryexception | /private/var/db/reportmemoryexception/*)
+            /private/var/db/reportmemoryexception | /private/var/db/reportmemoryexception/* | \
+            /private/var/db/receipts/*.bom | /private/var/db/receipts/*.plist)
            return 0
            ;;
    esac