From 22b66b66722f1844c3b6f76c56265e6b7eddc190 Mon Sep 17 00:00:00 2001 From: Ylarod Date: Thu, 26 Jan 2023 08:55:27 +0800 Subject: [PATCH] kernel: opt allowlist persist and log (#119) * kernel: persist on need * kernel: opt log for ksu_allow_uid --- kernel/allowlist.c | 24 +++++++++++++++++------- kernel/allowlist.h | 4 +++- kernel/core_hook.c | 5 +++-- 3 files changed, 23 insertions(+), 10 deletions(-) diff --git a/kernel/allowlist.c b/kernel/allowlist.c index 3a0135e9..df1202fe 100644 --- a/kernel/allowlist.c +++ b/kernel/allowlist.c @@ -2,6 +2,7 @@ #include "linux/fs.h" #include "linux/kernel.h" #include "linux/list.h" +#include "linux/printk.h" #include "linux/slab.h" #include "selinux/selinux.h" @@ -26,7 +27,17 @@ static struct work_struct ksu_load_work; bool persistent_allow_list(void); -bool ksu_allow_uid(uid_t uid, bool allow) +void ksu_show_allow_list(void){ + struct perm_data *p = NULL; + struct list_head *pos = NULL; + pr_info("ksu_show_allow_list"); + list_for_each (pos, &allow_list) { + p = list_entry(pos, struct perm_data, list); + pr_info("uid :%d, allow: %d\n", p->uid, p->allow); + } +} + +bool ksu_allow_uid(uid_t uid, bool allow, bool persist) { // find the node first! struct perm_data *p = NULL; @@ -34,7 +45,6 @@ bool ksu_allow_uid(uid_t uid, bool allow) bool result = false; list_for_each (pos, &allow_list) { p = list_entry(pos, struct perm_data, list); - pr_info("ksu_allow_uid :%d, allow: %d\n", p->uid, p->allow); if (uid == p->uid) { p->allow = allow; result = true; @@ -55,8 +65,8 @@ bool ksu_allow_uid(uid_t uid, bool allow) result = true; exit: - - persistent_allow_list(); + if (persist) + persistent_allow_list(); return result; } @@ -169,7 +179,7 @@ void do_load_allow_list(struct work_struct *work) #ifdef CONFIG_KSU_DEBUG int errno = PTR_ERR(fp); if (errno == -ENOENT) { - ksu_allow_uid(2000, true); // allow adb shell by default + ksu_allow_uid(2000, true, true); // allow adb shell by default } else { pr_err("load_allow_list open file failed: %d\n", PTR_ERR(fp)); @@ -207,11 +217,11 @@ void do_load_allow_list(struct work_struct *work) pr_info("load_allow_uid: %d, allow: %d\n", uid, allow); - ksu_allow_uid(uid, allow); + ksu_allow_uid(uid, allow, false); } exit: - + ksu_show_allow_list(); filp_close(fp, 0); } diff --git a/kernel/allowlist.h b/kernel/allowlist.h index feb6e218..8783f2d9 100644 --- a/kernel/allowlist.h +++ b/kernel/allowlist.h @@ -9,9 +9,11 @@ void ksu_allowlist_exit(void); bool ksu_load_allow_list(void); +void ksu_show_allow_list(void); + bool ksu_is_allow_uid(uid_t uid); -bool ksu_allow_uid(uid_t uid, bool allow); +bool ksu_allow_uid(uid_t uid, bool allow, bool persist); bool ksu_get_allow_list(int *array, int *length, bool allow); diff --git a/kernel/core_hook.c b/kernel/core_hook.c index 3e3819d2..e1dd50ba 100644 --- a/kernel/core_hook.c +++ b/kernel/core_hook.c @@ -184,7 +184,7 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3, } else { pr_info("deny root for: %d\n", current_uid()); // add it to deny list! - ksu_allow_uid(current_uid().val, false); + ksu_allow_uid(current_uid().val, false, true); } return 0; } @@ -211,12 +211,13 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3, bool allow = arg2 == CMD_ALLOW_SU; bool success = false; uid_t uid = (uid_t)arg3; - success = ksu_allow_uid(uid, allow); + success = ksu_allow_uid(uid, allow, true); if (success) { if (copy_to_user(result, &reply_ok, sizeof(reply_ok))) { pr_err("prctl reply error, cmd: %d\n", arg2); } } + ksu_show_allow_list(); } else if (arg2 == CMD_GET_ALLOW_LIST || arg2 == CMD_GET_DENY_LIST) { u32 array[128]; u32 array_length;