android/SukiSU-Ultra
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

kernel: Prune allowlist only after boot completed

Browse Source 
For unknown reason, packages.list is not reliable during boot for oplus
devices, so we have to disable pruning and re-run pruning after boot.
This commit is contained in:
Wang Han
2025-11-12 21:43:02 +08:00
committed by ShirkNeko
parent 906c4bdb01
commit 01ac06c3fd
5 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
kernel/allowlist.c
View File

@@ -15,6 +15,7 @@
#endif #endif
#include "klog.h" // IWYU pragma: keep #include "klog.h" // IWYU pragma: keep
#include "ksud.h"
#include "selinux/selinux.h" #include "selinux/selinux.h"
#include "allowlist.h" #include "allowlist.h"
#include "manager.h" #include "manager.h"
@@ -489,6 +490,11 @@ void ksu_prune_allowlist(bool (*is_uid_valid)(uid_t, char *, void *),
struct perm_data *np = NULL; struct perm_data *np = NULL;
struct perm_data *n = NULL; struct perm_data *n = NULL;
if (!ksu_boot_completed) {
pr_info("boot not completed, skip prune\n");
return;
}
bool modified = false; bool modified = false;
// TODO: use RCU! // TODO: use RCU!
mutex_lock(&allowlist_mutex); mutex_lock(&allowlist_mutex);

2
kernel/ksud.c
View File

@@ -24,6 +24,7 @@
#include "ksud.h" #include "ksud.h"
#include "selinux/selinux.h" #include "selinux/selinux.h"
#include "syscall_hook_manager.h" #include "syscall_hook_manager.h"
#include "throne_tracker.h"
bool ksu_module_mounted __read_mostly = false; bool ksu_module_mounted __read_mostly = false;
bool ksu_boot_completed __read_mostly = false; bool ksu_boot_completed __read_mostly = false;
@@ -126,6 +127,7 @@ void on_module_mounted(void){
void on_boot_completed(void){ void on_boot_completed(void){
ksu_boot_completed = true; ksu_boot_completed = true;
pr_info("on_boot_completed!\n"); pr_info("on_boot_completed!\n");
track_throne(true);
// remark process, we don't want to mark other init // remark process, we don't want to mark other init
// forked process excepte zygote and adbd // forked process excepte zygote and adbd
ksu_mark_running_process(); ksu_mark_running_process();

2
kernel/pkg_observer.c
View File

@@ -37,7 +37,7 @@ static int ksu_handle_inode_event(struct fsnotify_mark *mark, u32 mask,
if (ksu_uid_scanner_enabled) { if (ksu_uid_scanner_enabled) {
ksu_request_userspace_scan(); ksu_request_userspace_scan();
} }
track_throne(); track_throne(false);
} }
return 0; return 0;
} }

6
kernel/throne_tracker.c
View File

@@ -427,7 +427,7 @@ static bool is_uid_exist(uid_t uid, char *package, void *data)
return exist; return exist;
} }
void track_throne(void) void track_throne(bool prune_only)
{ {
struct list_head uid_list; struct list_head uid_list;
struct uid_data *np, *n; struct uid_data *np, *n;
@@ -504,6 +504,9 @@ void track_throne(void)
} }
uid_ready: uid_ready:
if (prune_only)
goto prune;
// first, check if manager_uid exist! // first, check if manager_uid exist!
list_for_each_entry(np, &uid_list, list) { list_for_each_entry(np, &uid_list, list) {
if (np->uid == current_manager_uid) { if (np->uid == current_manager_uid) {
@@ -547,6 +550,7 @@ uid_ready:
pr_info("Manager search finished\n"); pr_info("Manager search finished\n");
} }
prune:
// then prune the allowlist // then prune the allowlist
ksu_prune_allowlist(is_uid_exist, &uid_list); ksu_prune_allowlist(is_uid_exist, &uid_list);
out: out:

2
kernel/throne_tracker.h
View File

@@ -5,6 +5,6 @@ void ksu_throne_tracker_init();
void ksu_throne_tracker_exit(); void ksu_throne_tracker_exit();
void track_throne(); void track_throne(bool prune_only);
#endif #endif