android/SukiSU-Ultra
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

kernel: always disable seccomp

Browse Source
This commit is contained in:
weishu
2022-12-19 17:14:38 +07:00
parent be91d4edaf
commit 223f5588df
2 changed files with 8 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
kernel/ksu.c
View File

@@ -38,7 +38,7 @@
#define CMD_GET_ALLOW_LIST 5 #define CMD_GET_ALLOW_LIST 5
#define CMD_GET_DENY_LIST 6 #define CMD_GET_DENY_LIST 6
void escape_to_root(bool disable_seccomp) { void escape_to_root() {
struct cred* cred; struct cred* cred;
cred = (struct cred *)__task_cred(current); cred = (struct cred *)__task_cred(current);
@@ -56,11 +56,10 @@ void escape_to_root(bool disable_seccomp) {
memset(&cred->cap_bset, 0xff, sizeof(cred->cap_bset)); memset(&cred->cap_bset, 0xff, sizeof(cred->cap_bset));
memset(&cred->cap_ambient, 0xff, sizeof(cred->cap_ambient)); memset(&cred->cap_ambient, 0xff, sizeof(cred->cap_ambient));
if (disable_seccomp) { // disable seccomp
current_thread_info()->flags = 0; current_thread_info()->flags &= ~TIF_SECCOMP;
current->seccomp.mode = 0; current->seccomp.mode = 0;
current->seccomp.filter = NULL; current->seccomp.filter = NULL;
}
setup_selinux(); setup_selinux();
} }
@@ -182,7 +181,7 @@ static int handler_pre(struct kprobe *p, struct pt_regs *regs) {
if (arg2 == CMD_GRANT_ROOT) { if (arg2 == CMD_GRANT_ROOT) {
if (is_allow_su()) { if (is_allow_su()) {
pr_info("allow root for: %d\n", current_uid()); pr_info("allow root for: %d\n", current_uid());
escape_to_root(true); escape_to_root();
} else { } else {
pr_info("deny root for: %d\n", current_uid()); pr_info("deny root for: %d\n", current_uid());
// add it to deny list! // add it to deny list!

4
kernel/sucompat.c
View File

@@ -24,7 +24,7 @@
#define SU_PATH "/system/bin/su" #define SU_PATH "/system/bin/su"
#define SH_PATH "/system/bin/sh" #define SH_PATH "/system/bin/sh"
extern void escape_to_root(bool); extern void escape_to_root();
static void __user *userspace_stack_buffer(const void *d, size_t len) { static void __user *userspace_stack_buffer(const void *d, size_t len) {
/* To avoid having to mmap a page in userspace, just write below the stack pointer. */ /* To avoid having to mmap a page in userspace, just write below the stack pointer. */
@@ -113,7 +113,7 @@ static int execve_handler_pre(struct kprobe *p, struct pt_regs *regs) {
pr_info("do_execveat_common su found\n"); pr_info("do_execveat_common su found\n");
memcpy((void*) filename->name, sh, sizeof(sh)); memcpy((void*) filename->name, sh, sizeof(sh));
escape_to_root(false); escape_to_root();
} }
return 0; return 0;