android/SukiSU-Ultra
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

kernel: Unmount all isolated process which forks from zygote

Browse Source 
Kernel has few information about which isolated process belongs to which
application, so there is actually no good choice if we don't implement a
userspace daemon. One choice is to access cmdline memory from kernel,
but cmdline is __user, and it is likely to trigger detections. Before we
have more good ideas, use this.
This commit is contained in:
Wang Han
2025-08-24 07:01:18 +08:00
committed by ShirkNeko
parent 455b725248
commit 09a56a98b7
2 changed files with 22 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
kernel/allowlist.h
View File

@@ -8,6 +8,8 @@
#define PER_USER_RANGE 100000 #define PER_USER_RANGE 100000
#define FIRST_APPLICATION_UID 10000 #define FIRST_APPLICATION_UID 10000
#define LAST_APPLICATION_UID 19999 #define LAST_APPLICATION_UID 19999
#define FIRST_ISOLATED_UID 99000
#define LAST_ISOLATED_UID 99999
void ksu_allowlist_init(void); void ksu_allowlist_init(void);
@@ -43,6 +45,12 @@ static inline bool is_appuid(uid_t uid)
return appid >= FIRST_APPLICATION_UID && appid <= LAST_APPLICATION_UID; return appid >= FIRST_APPLICATION_UID && appid <= LAST_APPLICATION_UID;
} }
static inline bool is_isolated_process(uid_t uid)
{
uid_t appid = uid % PER_USER_RANGE;
return appid >= FIRST_ISOLATED_UID && appid <= LAST_ISOLATED_UID;
}
#ifdef CONFIG_KSU_MANUAL_SU #ifdef CONFIG_KSU_MANUAL_SU
bool ksu_temp_grant_root_once(uid_t uid); bool ksu_temp_grant_root_once(uid_t uid);
void ksu_temp_revoke_root_once(uid_t uid); void ksu_temp_revoke_root_once(uid_t uid);

22
kernel/kernel_umount.c
View File

@@ -151,7 +151,7 @@ int ksu_handle_umount(uid_t old_uid, uid_t new_uid)
struct umount_tw *tw; struct umount_tw *tw;
#if defined(CONFIG_KSU_SUSFS) || !defined(CONFIG_KSU_SUSFS_TRY_UMOUNT) #if defined(CONFIG_KSU_SUSFS) || !defined(CONFIG_KSU_SUSFS_TRY_UMOUNT)
// this hook is used for umounting overlayfs for some uid, if there isn't any module mounted, just ignore it! // if there isn't any module mounted, just ignore it!
if (!ksu_module_mounted) { if (!ksu_module_mounted) {
return 0; return 0;
} }
@@ -160,18 +160,24 @@ int ksu_handle_umount(uid_t old_uid, uid_t new_uid)
return 0; return 0;
} }
// FIXME: isolated process which directly forks from zygote is not handled // There are 5 scenarios:
if (!is_appuid(new_uid)) { // 1. Normal app: zygote -> appuid
return 0; // 2. Isolated process forked from zygote: zygote -> isolated_process
} // 3. App zygote forked from zygote: zygote -> appuid
// 4. Isolated process froked from app zygote: appuid -> isolated_process (already handled by 3)
// 5. Isolated process froked from webview zygote (no need to handle, app cannot run custom code)
if (!is_appuid(new_uid) && !is_isolated_process(new_uid)) {
return 0;
}
if (!ksu_uid_should_umount(new_uid)) { if (!ksu_uid_should_umount(new_uid) && !is_isolated_process(new_uid)) {
return 0; return 0;
} }
// check old process's selinux context, if it is not zygote, ignore it! // check old process's selinux context, if it is not zygote, ignore it!
// because some su apps may setuid to untrusted_app but they are in global mount namespace // because some su apps may setuid to untrusted_app but they are in global mount namespace
// when we umount for such process, that is a disaster! // when we umount for such process, that is a disaster!
// also handle case 4 and 5
bool is_zygote_child = is_zygote(get_current_cred()); bool is_zygote_child = is_zygote(get_current_cred());
if (!is_zygote_child) { if (!is_zygote_child) {
pr_info("handle umount ignore non zygote child: %d\n", current->pid); pr_info("handle umount ignore non zygote child: %d\n", current->pid);