android/SukiSU-Ultra
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

kernel: fmt

Browse Source
This commit is contained in:
ShirkNeko
2025-11-18 21:39:31 +08:00
parent aa51ef5c24
commit 118fcf507a
47 changed files with 4241 additions and 4241 deletions
Download Patch File Download Diff File Expand all files Collapse all files

144
kernel/setuid_hook.c
View File

@@ -50,20 +50,20 @@
#ifdef CONFIG_KSU_SUSFS
static inline bool is_some_system_uid(uid_t uid)
{
uid %= 100000;
return (uid >= 1000 && uid < 10000);
uid %= 100000;
return (uid >= 1000 && uid < 10000);
}
static inline bool is_zygote_isolated_service_uid(uid_t uid)
{
uid %= 100000;
return (uid >= 90000 && uid < 100000);
uid %= 100000;
return (uid >= 90000 && uid < 100000);
}
static inline bool is_zygote_normal_app_uid(uid_t uid)
{
uid %= 100000;
return (uid >= 10000 && uid < 19999);
uid %= 100000;
return (uid >= 10000 && uid < 19999);
}
bool susfs_is_umount_for_zygote_system_process_enabled = false;
@@ -148,7 +148,7 @@ int ksu_handle_setresuid(uid_t ruid, uid_t euid, uid_t suid)
// disallow appuid decrease to any other uid if it is not allowed to su
if (is_appuid(old_uid)) {
if (euid < current_euid().val &&
!ksu_is_allow_uid_for_current(old_uid)) {
!ksu_is_allow_uid_for_current(old_uid)) {
pr_warn("find suspicious EoP: %d %s, from %d to %d\n",
current->pid, current->comm, old_uid,
new_uid);
@@ -161,7 +161,7 @@ int ksu_handle_setresuid(uid_t ruid, uid_t euid, uid_t suid)
// if on private space, see if its possibly the manager
if (new_uid > PER_USER_RANGE &&
new_uid % PER_USER_RANGE == ksu_get_manager_uid()) {
new_uid % PER_USER_RANGE == ksu_get_manager_uid()) {
ksu_set_manager_uid(new_uid);
}
@@ -178,7 +178,7 @@ int ksu_handle_setresuid(uid_t ruid, uid_t euid, uid_t suid)
if (ksu_is_allow_uid_for_current(new_uid)) {
if (current->seccomp.mode == SECCOMP_MODE_FILTER &&
current->seccomp.filter) {
current->seccomp.filter) {
spin_lock_irq(&current->sighand->siglock);
ksu_seccomp_allow_cache(current->seccomp.filter,
__NR_reboot);
@@ -213,53 +213,53 @@ int ksu_handle_setresuid(uid_t ruid, uid_t euid, uid_t suid)
extern bool ksu_kernel_umount_enabled;
extern bool ksu_module_mounted;
int ksu_handle_setresuid(uid_t ruid, uid_t euid, uid_t suid){
// we rely on the fact that zygote always call setresuid(3) with same uids
uid_t new_uid = ruid;
uid_t old_uid = current_uid().val;
// we rely on the fact that zygote always call setresuid(3) with same uids
uid_t new_uid = ruid;
uid_t old_uid = current_uid().val;
// if old process is root, ignore it.
if (old_uid != 0 && ksu_enhanced_security_enabled) {
// disallow any non-ksu domain escalation from non-root to root!
// euid is what we care about here as it controls permission
if (unlikely(euid == 0)) {
if (!is_ksu_domain()) {
pr_warn("find suspicious EoP: %d %s, from %d to %d\n",
current->pid, current->comm, old_uid, new_uid);
__force_sig(SIGKILL);
return 0;
}
}
// disallow appuid decrease to any other uid if it is not allowed to su
if (is_appuid(old_uid)) {
if (euid < current_euid().val && !ksu_is_allow_uid_for_current(old_uid)) {
pr_warn("find suspicious EoP: %d %s, from %d to %d\n",
current->pid, current->comm, old_uid, new_uid);
__force_sig(SIGKILL);
return 0;
}
}
return 0;
}
// if old process is root, ignore it.
if (old_uid != 0 && ksu_enhanced_security_enabled) {
// disallow any non-ksu domain escalation from non-root to root!
// euid is what we care about here as it controls permission
if (unlikely(euid == 0)) {
if (!is_ksu_domain()) {
pr_warn("find suspicious EoP: %d %s, from %d to %d\n",
current->pid, current->comm, old_uid, new_uid);
__force_sig(SIGKILL);
return 0;
}
}
// disallow appuid decrease to any other uid if it is not allowed to su
if (is_appuid(old_uid)) {
if (euid < current_euid().val && !ksu_is_allow_uid_for_current(old_uid)) {
pr_warn("find suspicious EoP: %d %s, from %d to %d\n",
current->pid, current->comm, old_uid, new_uid);
__force_sig(SIGKILL);
return 0;
}
}
return 0;
}
// We only interest in process spwaned by zygote
if (!susfs_is_sid_equal(current_cred()->security, susfs_zygote_sid)) {
return 0;
}
// We only interest in process spwaned by zygote
if (!susfs_is_sid_equal(current_cred()->security, susfs_zygote_sid)) {
return 0;
}
#if __SULOG_GATE
ksu_sulog_report_syscall(new_uid, NULL, "setuid", NULL);
ksu_sulog_report_syscall(new_uid, NULL, "setuid", NULL);
#endif
#ifdef CONFIG_KSU_SUSFS_SUS_MOUNT
// Check if spawned process is isolated service first, and force to do umount if so
if (is_zygote_isolated_service_uid(new_uid) && susfs_is_umount_for_zygote_iso_service_enabled) {
goto do_umount;
}
// Check if spawned process is isolated service first, and force to do umount if so
if (is_zygote_isolated_service_uid(new_uid) && susfs_is_umount_for_zygote_iso_service_enabled) {
goto do_umount;
}
#endif // #ifdef CONFIG_KSU_SUSFS_SUS_MOUNT
// - Since ksu maanger app uid is excluded in allow_list_arr, so ksu_uid_should_umount(manager_uid)
// will always return true, that's why we need to explicitly check if new_uid belongs to
// ksu manager
// - Since ksu maanger app uid is excluded in allow_list_arr, so ksu_uid_should_umount(manager_uid)
// will always return true, that's why we need to explicitly check if new_uid belongs to
// ksu manager
#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 0)
if (ksu_get_manager_uid() == new_uid) {
pr_info("install fd for ksu manager(uid=%d)\n", new_uid);
@@ -272,7 +272,7 @@ int ksu_handle_setresuid(uid_t ruid, uid_t euid, uid_t suid){
if (ksu_is_allow_uid_for_current(new_uid)) {
if (current->seccomp.mode == SECCOMP_MODE_FILTER &&
current->seccomp.filter) {
current->seccomp.filter) {
spin_lock_irq(&current->sighand->siglock);
ksu_seccomp_allow_cache(current->seccomp.filter,
__NR_reboot);
@@ -297,48 +297,48 @@ int ksu_handle_setresuid(uid_t ruid, uid_t euid, uid_t suid){
}
#endif
// Check if spawned process is normal user app and needs to be umounted
if (likely(is_zygote_normal_app_uid(new_uid) && ksu_uid_should_umount(new_uid))) {
goto do_umount;
}
// Check if spawned process is normal user app and needs to be umounted
if (likely(is_zygote_normal_app_uid(new_uid) && ksu_uid_should_umount(new_uid))) {
goto do_umount;
}
// Lastly, Check if spawned process is some system process and needs to be umounted
if (unlikely(is_some_system_uid(new_uid) && susfs_is_umount_for_zygote_system_process_enabled)) {
goto do_umount;
}
// Lastly, Check if spawned process is some system process and needs to be umounted
if (unlikely(is_some_system_uid(new_uid) && susfs_is_umount_for_zygote_system_process_enabled)) {
goto do_umount;
}
return 0;
return 0;
do_umount:
if (!ksu_kernel_umount_enabled || !ksu_module_mounted) {
goto skip_try_umount;
}
if (!ksu_kernel_umount_enabled || !ksu_module_mounted) {
goto skip_try_umount;
}
#ifdef CONFIG_KSU_SUSFS_TRY_UMOUNT
pr_info("susfs: running susfs_try_umount_all() for uid: %u\n", new_uid);
susfs_try_umount_all();
pr_info("susfs: running susfs_try_umount_all() for uid: %u\n", new_uid);
susfs_try_umount_all();
#else
// Handle kernel umount
ksu_handle_umount(old_uid, new_uid);
// Handle kernel umount
ksu_handle_umount(old_uid, new_uid);
#endif // #ifdef CONFIG_KSU_SUSFS_TRY_UMOUNT
skip_try_umount:
get_task_struct(current);
get_task_struct(current);
#ifdef CONFIG_KSU_SUSFS_SUS_MOUNT
// We can reorder the mnt_id now after all sus mounts are umounted
susfs_reorder_mnt_id();
// We can reorder the mnt_id now after all sus mounts are umounted
susfs_reorder_mnt_id();
#endif // #ifdef CONFIG_KSU_SUSFS_SUS_MOUNT
susfs_set_current_proc_umounted();
susfs_set_current_proc_umounted();
put_task_struct(current);
put_task_struct(current);
#ifdef CONFIG_KSU_SUSFS_SUS_PATH
susfs_run_sus_path_loop(new_uid);
susfs_run_sus_path_loop(new_uid);
#endif // #ifdef CONFIG_KSU_SUSFS_SUS_PATH
return 0;
return 0;
}
#endif // #ifndef CONFIG_KSU_SUSFS