kernel: Add functionality to generate and validate authentication tokens for cmd_su

kernel/manual_su.h

@@ -6,40 +6,23 @@
 #include <linux/version.h>
 
 #define KSU_SU_VERIFIED_BIT (1UL << 0)
+#define KSU_TOKEN_LENGTH 32
+#define KSU_TOKEN_ENV_NAME "KSU_AUTH_TOKEN"
+#define KSU_TOKEN_EXPIRE_TIME 30
 
-struct su_request_arg {
-    pid_t target_pid;
-    const char __user *user_password;
+struct ksu_token_entry {
+    char token[KSU_TOKEN_LENGTH + 1];
+    unsigned long expire_time;
+    bool used;
 };
 
-#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0)
-static inline bool ksu_is_current_verified(void)
-{
-    return ((unsigned long)(current->cred->security) & KSU_SU_VERIFIED_BIT) != 0;
-}
-
-static inline void ksu_mark_current_verified(void)
-{
-    current->cred->security = (void *)((unsigned long)(current->cred->security) | KSU_SU_VERIFIED_BIT);
-}
-#else
-static inline bool ksu_is_current_verified(void)
-{
-    return ((unsigned long)(current->security) & KSU_SU_VERIFIED_BIT) != 0;
-}
-
-static inline void ksu_mark_current_verified(void)
-{
-    current->security = (void *)((unsigned long)(current->security) | KSU_SU_VERIFIED_BIT);
-}
-#endif
-
-int ksu_manual_su_escalate(uid_t target_uid, pid_t target_pid,
-                           const char __user *user_password);
-
+int ksu_manual_su_escalate(uid_t target_uid, pid_t target_pid);
 bool is_pending_root(uid_t uid);
 void remove_pending_root(uid_t uid);
 void add_pending_root(uid_t uid);
 bool is_current_verified(void);
+char* ksu_generate_auth_token(void);
+bool ksu_verify_auth_token(const char *token);
+void ksu_cleanup_expired_tokens(void);
 extern bool current_verified;
 #endif