From 199f5cc223d410a8024b03d33529cdab0d82425c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=B0=8F=E3=81=95=E3=81=84=E7=8C=AB?= Date: Thu, 2 Feb 2023 23:38:04 +0800 Subject: [PATCH] fix some typos introduced in #166 (#181) Signed-off-by: Ookiineko Co-authored-by: f19 <58457605+F-19-F@users.noreply.github.com> Co-authored-by: Scirese --- kernel/kernel_compat.h | 7 ++++- kernel/ksud.c | 6 ++-- kernel/selinux/selinux.c | 31 ++++++++++++++----- kernel/sucompat.c | 18 ++++------- .../guide/how-to-integrate-for-non-gki.md | 27 ++++++++++++++++ .../guide/how-to-integrate-for-non-gki.md | 27 ++++++++++++++++ 6 files changed, 91 insertions(+), 25 deletions(-) diff --git a/kernel/kernel_compat.h b/kernel/kernel_compat.h index 703586bb..bf8ee9fc 100644 --- a/kernel/kernel_compat.h +++ b/kernel/kernel_compat.h @@ -1,3 +1,8 @@ +#ifndef __KSU_H_KERNEL_COMPAT +#define __KSU_H_KERNEL_COMPAT + #include "linux/fs.h" + extern ssize_t kernel_read_compat(struct file *p, void* buf, size_t count, loff_t *pos); -extern ssize_t kernel_write_compat(struct file *p, const void *buf, size_t count, loff_t *pos); \ No newline at end of file +extern ssize_t kernel_write_compat(struct file *p, const void *buf, size_t count, loff_t *pos); +#endif diff --git a/kernel/ksud.c b/kernel/ksud.c index e84cf493..d55ed1ad 100644 --- a/kernel/ksud.c +++ b/kernel/ksud.c @@ -212,11 +212,9 @@ static int read_handler_pre(struct kprobe *p, struct pt_regs *regs) static struct kprobe execve_kp = { #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 9, 0) .symbol_name = "do_execveat_common", -#elif LINUX_VERSION_CODE >= KERNEL_VERSION(4, 19, 0) && \ - LINUX_VERSION_CODE < KERNEL_VERSION(5, 9, 0) +#elif LINUX_VERSION_CODE >= KERNEL_VERSION(4, 19, 0) .symbol_name = "__do_execve_file", -#elif LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0) && \ - LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) +#elif LINUX_VERSION_CODE >= KERNEL_VERSION(3, 19, 0) .symbol_name = "do_execveat_common", #endif .pre_handler = execve_handler_pre, diff --git a/kernel/selinux/selinux.c b/kernel/selinux/selinux.c index be8a35c0..e7d0c83d 100644 --- a/kernel/selinux/selinux.c +++ b/kernel/selinux/selinux.c @@ -53,36 +53,51 @@ if (!is_domain_permissive) { void setenforce(bool enforce) { -#if LINUX_VERSION_CODE > KERNEL_VERSION(4, 14, 0) #ifdef CONFIG_SECURITY_SELINUX_DEVELOP +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0) selinux_state.enforcing = enforce; -#endif #else - selinux_enabled = enforce; + selinux_enabled = enforce; +#endif #endif } bool getenforce() { -#if LINUX_VERSION_CODE > KERNEL_VERSION(4, 14, 0) #ifdef CONFIG_SECURITY_SELINUX_DISABLE +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0) if (selinux_state.disabled) { +#else + if (selinux_disabled) { +#endif return false; } #endif #ifdef CONFIG_SECURITY_SELINUX_DEVELOP +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0) return selinux_state.enforcing; #else - return false; + return selinux_enabled; #endif #else - return selinux_enabled; + return true; #endif - } +#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 11, 0) +/* + * get the subjective security ID of the current task + */ +static inline u32 current_sid(void) +{ + const struct task_security_struct *tsec = current_security(); + + return tsec->sid; +} +#endif + bool is_ksu_domain() { return ksu_sid && current_sid() == ksu_sid; -} \ No newline at end of file +} diff --git a/kernel/sucompat.c b/kernel/sucompat.c index 22c9fd49..ef294a54 100644 --- a/kernel/sucompat.c +++ b/kernel/sucompat.c @@ -134,16 +134,15 @@ static int faccessat_handler_pre(struct kprobe *p, struct pt_regs *regs) static int newfstatat_handler_pre(struct kprobe *p, struct pt_regs *regs) { -// static int vfs_statx(int dfd, const char __user *filename, int flags,struct kstat *stat, u32 request_mask) int *dfd = (int *)&PT_REGS_PARM1(regs); const char __user **filename_user = (const char **)&PT_REGS_PARM2(regs); -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 14, 0) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 11, 0) +// static int vfs_statx(int dfd, const char __user *filename, int flags, struct kstat *stat, u32 request_mask) int *flags = (int *)&PT_REGS_PARM3(regs); #else // int vfs_fstatat(int dfd, const char __user *filename, struct kstat *stat,int flag) int *flags = (int *)&PT_REGS_PARM4(regs); #endif - return ksu_handle_stat(dfd, filename_user, flags); } @@ -172,10 +171,10 @@ static struct kprobe faccessat_kp = { }; static struct kprobe newfstatat_kp = { -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 14, 0) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 11, 0) .symbol_name = "vfs_statx", #else - .symbol_name = "vfs_fstatat", + .symbol_name = "vfs_fstatat", #endif .pre_handler = newfstatat_handler_pre, }; @@ -183,14 +182,9 @@ static struct kprobe newfstatat_kp = { static struct kprobe execve_kp = { #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 9, 0) .symbol_name = "do_execveat_common", -#elif LINUX_VERSION_CODE >= KERNEL_VERSION(4, 19, 0) && \ - LINUX_VERSION_CODE < KERNEL_VERSION(5, 9, 0) +#elif LINUX_VERSION_CODE >= KERNEL_VERSION(4, 19, 0) .symbol_name = "__do_execve_file", -#elif LINUX_VERSION_CODE >= KERNEL_VERSION(4, 14, 0) && \ - LINUX_VERSION_CODE < KERNEL_VERSION(4, 19, 0) - .symbol_name = "do_execveat_common", -#elif LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0) && \ - LINUX_VERSION_CODE < KERNEL_VERSION(4, 14, 0) +#elif LINUX_VERSION_CODE >= KERNEL_VERSION(3, 19, 0) .symbol_name = "do_execveat_common", #endif .pre_handler = execve_handler_pre, diff --git a/website/docs/guide/how-to-integrate-for-non-gki.md b/website/docs/guide/how-to-integrate-for-non-gki.md index 3e29ce47..8224e0b6 100644 --- a/website/docs/guide/how-to-integrate-for-non-gki.md +++ b/website/docs/guide/how-to-integrate-for-non-gki.md @@ -142,4 +142,31 @@ You should found the four functions in kernel source: 3. vfs_read, usually in `fs/read_write.c` 4. vfs_statx, usually in `fs/stat.c` +If your kernel does not have the `vfs_statx`, use `vfs_fstatat` instead: + +```diff +diff --git a/fs/stat.c b/fs/stat.c +index 068fdbcc9e26..5348b7bb9db2 100644 +--- a/fs/stat.c ++++ b/fs/stat.c +@@ -87,6 +87,8 @@ int vfs_fstat(unsigned int fd, struct kstat *stat) + } + EXPORT_SYMBOL(vfs_fstat); + ++extern int ksu_handle_stat(int *dfd, const char __user **filename_user, int *flags); ++ + int vfs_fstatat(int dfd, const char __user *filename, struct kstat *stat, + int flag) + { +@@ -94,6 +96,8 @@ int vfs_fstatat(int dfd, const char __user *filename, struct kstat *stat, + int error = -EINVAL; + unsigned int lookup_flags = 0; + ++ ksu_handle_stat(&dfd, &filename, &flag); ++ + if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_NO_AUTOMOUNT | + AT_EMPTY_PATH)) != 0) + goto out; +``` + Finally, build your kernel again, KernelSU should works well. diff --git a/website/docs/zh_CN/guide/how-to-integrate-for-non-gki.md b/website/docs/zh_CN/guide/how-to-integrate-for-non-gki.md index 5660bb5a..6002b854 100644 --- a/website/docs/zh_CN/guide/how-to-integrate-for-non-gki.md +++ b/website/docs/zh_CN/guide/how-to-integrate-for-non-gki.md @@ -142,4 +142,31 @@ index 376543199b5a..82adcef03ecc 100644 3. vfs_read,通常位于 `fs/read_write.c` 4. vfs_statx,通常位于 `fs/stat.c` +如果你的内核没有 `vfs_statx`, 使用 `vfs_fstatat` 来代替它: + +```diff +diff --git a/fs/stat.c b/fs/stat.c +index 068fdbcc9e26..5348b7bb9db2 100644 +--- a/fs/stat.c ++++ b/fs/stat.c +@@ -87,6 +87,8 @@ int vfs_fstat(unsigned int fd, struct kstat *stat) + } + EXPORT_SYMBOL(vfs_fstat); + ++extern int ksu_handle_stat(int *dfd, const char __user **filename_user, int *flags); ++ + int vfs_fstatat(int dfd, const char __user *filename, struct kstat *stat, + int flag) + { +@@ -94,6 +96,8 @@ int vfs_fstatat(int dfd, const char __user *filename, struct kstat *stat, + int error = -EINVAL; + unsigned int lookup_flags = 0; + ++ ksu_handle_stat(&dfd, &filename, &flag); ++ + if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_NO_AUTOMOUNT | + AT_EMPTY_PATH)) != 0) + goto out; +``` + 改完之后重新编译内核即可。