kernel: backport to 4.19 (#36)

kernel/ksu.c

@@ -331,5 +331,7 @@ module_exit(kernelsu_exit);
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("weishu");
 MODULE_DESCRIPTION("Android GKI KernelSU");
-MODULE_IMPORT_NS(
-	VFS_internal_I_am_really_a_filesystem_and_am_NOT_a_driver); // 5+才需要导出命名空间
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 0, 0)
+MODULE_IMPORT_NS(VFS_internal_I_am_really_a_filesystem_and_am_NOT_a_driver); // 5+才需要导出命名空间
+#endif

kernel/selinux/rules.c

@@ -1,12 +1,20 @@
+#include <linux/version.h>
 #include "sepolicy.h"
 #include "selinux.h"
 
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 0)
+#define SELINUX_POLICY_INSTEAD_SELINUX_SS
+#endif
+
+#ifndef SELINUX_POLICY_INSTEAD_SELINUX_SS
+#include <ss/services.h>
+#endif
+
 #define KERNEL_SU_DOMAIN "su"
 #define ALL NULL
 
 void apply_kernelsu_rules()
 {
-	struct selinux_policy *policy;
 	struct policydb *db;
 
 	if (!getenforce()) {
@@ -15,8 +23,13 @@ void apply_kernelsu_rules()
 	}
 
 	rcu_read_lock();
-	policy = rcu_dereference(selinux_state.policy);
+#ifdef SELINUX_POLICY_INSTEAD_SELINUX_SS
+	struct selinux_policy *policy = rcu_dereference(selinux_state.policy);
 	db = &policy->policydb;
+#else
+	struct selinux_ss *ss = rcu_dereference(selinux_state.ss);
+	db = &ss->policydb;
+#endif
 
 	permissive(db, KERNEL_SU_DOMAIN);
 	typeattribute(db, KERNEL_SU_DOMAIN, "mlstrustedsubject");

kernel/selinux/sepolicy.c

@@ -1,3 +1,4 @@
+#include <linux/version.h>
 #include "sepolicy.h"
 #include "../klog.h"
 
@@ -9,7 +10,18 @@
 	for (i = 0; i < n_slot; ++i)                                           \
 		for (cur = node_ptr[i]; cur; cur = cur->next)
 
+
+// htable is a struct instead of pointer above 5.8.0: https://elixir.bootlin.com/linux/v5.8-rc1/source/security/selinux/ss/symtab.h
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
 #define hashtab_for_each(htab, cur) hash_for_each (htab.htable, htab.size, cur)
+#else
+#define hashtab_for_each(htab, cur) hash_for_each (htab->htable, htab->size, cur)
+#endif
+
+// symtab_search is introduced on 5.9.0: https://elixir.bootlin.com/linux/v5.9-rc1/source/security/selinux/ss/symtab.h
+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 9, 0)
+#define symtab_search(s, name) hashtab_search((s)->table, name)
+#endif
 
 #define avtab_for_each(avtab, cur)                                             \
 	hash_for_each (avtab.htable, avtab.nslot, cur)                         \
@@ -428,8 +440,12 @@ bool set_type_state(struct policydb *db, const char *type_name, bool permissive)
 void add_typeattribute_raw(struct policydb *db, struct type_datum *type,
 			   struct type_datum *attr)
 {
-	ebitmap_set_bit(&db->type_attr_map_array[type->value - 1],
-			attr->value - 1, 1);
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 1, 0)
+	struct ebitmap *sattr = &db->type_attr_map_array[type->value - 1];
+#else
+	struct ebitmap *sattr = flex_array_get(db->type_attr_map_array, type->value -1);
+#endif
+	ebitmap_set_bit(sattr, attr->value - 1, 1);
 
 	struct hashtab_node *node;
 	struct constraint_node *n;

kernel/sucompat.c

@@ -17,6 +17,7 @@
 #include <linux/kernel.h>
 #include <linux/sched/task_stack.h>
 #include <linux/slab.h>
+#include <linux/version.h>
 #include <asm-generic/errno-base.h>
 
 #include <linux/rcupdate.h>
@@ -245,7 +246,11 @@ static struct kprobe newfstatat_kp = {
 };
 
 static struct kprobe execve_kp = {
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 9, 0)
 	.symbol_name = "do_execveat_common",
+#else
+	.symbol_name = "__do_execve_file",
+#endif
 	.pre_handler = execve_handler_pre,
 };