kernel: backport to 4.19 (#36)

2023-01-10 23:20:32 +08:00
parent 26f80b7107
commit 0e0a812a9c
4 changed files with 42 additions and 6 deletions
--- a/kernel/ksu.c
+++ b/kernel/ksu.c
@@ -331,5 +331,7 @@ module_exit(kernelsu_exit);
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("weishu");
 MODULE_DESCRIPTION("Android GKI KernelSU");
-MODULE_IMPORT_NS(
+
-	VFS_internal_I_am_really_a_filesystem_and_am_NOT_a_driver); // 5+才需要导出命名空间
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 0, 0)
 MODULE_IMPORT_NS(VFS_internal_I_am_really_a_filesystem_and_am_NOT_a_driver); // 5+才需要导出命名空间
 #endif
--- a/kernel/selinux/rules.c
+++ b/kernel/selinux/rules.c
@@ -1,12 +1,20 @@
 #include <linux/version.h>
 #include "sepolicy.h"
 #include "selinux.h"
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 0)
 #define SELINUX_POLICY_INSTEAD_SELINUX_SS
 #endif
 #ifndef SELINUX_POLICY_INSTEAD_SELINUX_SS
 #include <ss/services.h>
 #endif
 #define KERNEL_SU_DOMAIN "su"
 #define ALL NULL
 void apply_kernelsu_rules()
 {
 	struct selinux_policy *policy;
 	struct policydb *db;
 	if (!getenforce()) {
@@ -15,8 +23,13 @@ void apply_kernelsu_rules()
 	}
 	rcu_read_lock();
-	policy = rcu_dereference(selinux_state.policy);
+#ifdef SELINUX_POLICY_INSTEAD_SELINUX_SS
 	struct selinux_policy *policy = rcu_dereference(selinux_state.policy);
 	db = &policy->policydb;
 #else
 	struct selinux_ss *ss = rcu_dereference(selinux_state.ss);
 	db = &ss->policydb;
 #endif
 	permissive(db, KERNEL_SU_DOMAIN);
 	typeattribute(db, KERNEL_SU_DOMAIN, "mlstrustedsubject");
--- a/kernel/selinux/sepolicy.c
+++ b/kernel/selinux/sepolicy.c
@@ -1,3 +1,4 @@
 #include <linux/version.h>
 #include "sepolicy.h"
 #include "../klog.h"
@@ -9,7 +10,18 @@
 	for (i = 0; i < n_slot; ++i)                                           \
 		for (cur = node_ptr[i]; cur; cur = cur->next)
 // htable is a struct instead of pointer above 5.8.0: https://elixir.bootlin.com/linux/v5.8-rc1/source/security/selinux/ss/symtab.h
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
 #define hashtab_for_each(htab, cur) hash_for_each (htab.htable, htab.size, cur)
 #else
 #define hashtab_for_each(htab, cur) hash_for_each (htab->htable, htab->size, cur)
 #endif
 // symtab_search is introduced on 5.9.0: https://elixir.bootlin.com/linux/v5.9-rc1/source/security/selinux/ss/symtab.h
 #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 9, 0)
 #define symtab_search(s, name) hashtab_search((s)->table, name)
 #endif
 #define avtab_for_each(avtab, cur)                                             \
 	hash_for_each (avtab.htable, avtab.nslot, cur)                         \
@@ -428,8 +440,12 @@ bool set_type_state(struct policydb *db, const char *type_name, bool permissive)
 void add_typeattribute_raw(struct policydb *db, struct type_datum *type,
 			   struct type_datum *attr)
 {
-	ebitmap_set_bit(&db->type_attr_map_array[type->value - 1],
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 1, 0)
-			attr->value - 1, 1);
+	struct ebitmap *sattr = &db->type_attr_map_array[type->value - 1];
 #else
 	struct ebitmap *sattr = flex_array_get(db->type_attr_map_array, type->value -1);
 #endif
 	ebitmap_set_bit(sattr, attr->value - 1, 1);
 	struct hashtab_node *node;
 	struct constraint_node *n;
--- a/kernel/sucompat.c
+++ b/kernel/sucompat.c
@@ -17,6 +17,7 @@
 #include <linux/kernel.h>
 #include <linux/sched/task_stack.h>
 #include <linux/slab.h>
 #include <linux/version.h>
 #include <asm-generic/errno-base.h>
 #include <linux/rcupdate.h>
@@ -245,7 +246,11 @@ static struct kprobe newfstatat_kp = {
 };
 static struct kprobe execve_kp = {
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 9, 0)
 	.symbol_name = "do_execveat_common",
 #else
 	.symbol_name = "__do_execve_file",
 #endif
 	.pre_handler = execve_handler_pre,
 };