kernel: opt allowlist persist and log (#119)
* kernel: persist on need * kernel: opt log for ksu_allow_uid
This commit is contained in:
Ylarod
GitHub
@@ -2,6 +2,7 @@
|
|||||||
#include "linux/fs.h"
|
#include "linux/fs.h"
|
||||||
#include "linux/kernel.h"
|
#include "linux/kernel.h"
|
||||||
#include "linux/list.h"
|
#include "linux/list.h"
|
||||||
|
#include "linux/printk.h"
|
||||||
#include "linux/slab.h"
|
#include "linux/slab.h"
|
||||||
|
|
||||||
#include "selinux/selinux.h"
|
#include "selinux/selinux.h"
|
||||||
@@ -26,7 +27,17 @@ static struct work_struct ksu_load_work;
|
|||||||
|
|
||||||
bool persistent_allow_list(void);
|
bool persistent_allow_list(void);
|
||||||
|
|
||||||
bool ksu_allow_uid(uid_t uid, bool allow)
|
void ksu_show_allow_list(void){
|
||||||
|
struct perm_data *p = NULL;
|
||||||
|
struct list_head *pos = NULL;
|
||||||
|
pr_info("ksu_show_allow_list");
|
||||||
|
list_for_each (pos, &allow_list) {
|
||||||
|
p = list_entry(pos, struct perm_data, list);
|
||||||
|
pr_info("uid :%d, allow: %d\n", p->uid, p->allow);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
bool ksu_allow_uid(uid_t uid, bool allow, bool persist)
|
||||||
{
|
{
|
||||||
// find the node first!
|
// find the node first!
|
||||||
struct perm_data *p = NULL;
|
struct perm_data *p = NULL;
|
||||||
@@ -34,7 +45,6 @@ bool ksu_allow_uid(uid_t uid, bool allow)
|
|||||||
bool result = false;
|
bool result = false;
|
||||||
list_for_each (pos, &allow_list) {
|
list_for_each (pos, &allow_list) {
|
||||||
p = list_entry(pos, struct perm_data, list);
|
p = list_entry(pos, struct perm_data, list);
|
||||||
pr_info("ksu_allow_uid :%d, allow: %d\n", p->uid, p->allow);
|
|
||||||
if (uid == p->uid) {
|
if (uid == p->uid) {
|
||||||
p->allow = allow;
|
p->allow = allow;
|
||||||
result = true;
|
result = true;
|
||||||
@@ -55,8 +65,8 @@ bool ksu_allow_uid(uid_t uid, bool allow)
|
|||||||
result = true;
|
result = true;
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
|
if (persist)
|
||||||
persistent_allow_list();
|
persistent_allow_list();
|
||||||
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
@@ -169,7 +179,7 @@ void do_load_allow_list(struct work_struct *work)
|
|||||||
#ifdef CONFIG_KSU_DEBUG
|
#ifdef CONFIG_KSU_DEBUG
|
||||||
int errno = PTR_ERR(fp);
|
int errno = PTR_ERR(fp);
|
||||||
if (errno == -ENOENT) {
|
if (errno == -ENOENT) {
|
||||||
ksu_allow_uid(2000, true); // allow adb shell by default
|
ksu_allow_uid(2000, true, true); // allow adb shell by default
|
||||||
} else {
|
} else {
|
||||||
pr_err("load_allow_list open file failed: %d\n",
|
pr_err("load_allow_list open file failed: %d\n",
|
||||||
PTR_ERR(fp));
|
PTR_ERR(fp));
|
||||||
@@ -207,11 +217,11 @@ void do_load_allow_list(struct work_struct *work)
|
|||||||
|
|
||||||
pr_info("load_allow_uid: %d, allow: %d\n", uid, allow);
|
pr_info("load_allow_uid: %d, allow: %d\n", uid, allow);
|
||||||
|
|
||||||
ksu_allow_uid(uid, allow);
|
ksu_allow_uid(uid, allow, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
|
ksu_show_allow_list();
|
||||||
filp_close(fp, 0);
|
filp_close(fp, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -9,9 +9,11 @@ void ksu_allowlist_exit(void);
|
|||||||
|
|
||||||
bool ksu_load_allow_list(void);
|
bool ksu_load_allow_list(void);
|
||||||
|
|
||||||
|
void ksu_show_allow_list(void);
|
||||||
|
|
||||||
bool ksu_is_allow_uid(uid_t uid);
|
bool ksu_is_allow_uid(uid_t uid);
|
||||||
|
|
||||||
bool ksu_allow_uid(uid_t uid, bool allow);
|
bool ksu_allow_uid(uid_t uid, bool allow, bool persist);
|
||||||
|
|
||||||
bool ksu_get_allow_list(int *array, int *length, bool allow);
|
bool ksu_get_allow_list(int *array, int *length, bool allow);
|
||||||
|
|
||||||
|
|||||||
@@ -184,7 +184,7 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
|
|||||||
} else {
|
} else {
|
||||||
pr_info("deny root for: %d\n", current_uid());
|
pr_info("deny root for: %d\n", current_uid());
|
||||||
// add it to deny list!
|
// add it to deny list!
|
||||||
ksu_allow_uid(current_uid().val, false);
|
ksu_allow_uid(current_uid().val, false, true);
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@@ -211,12 +211,13 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
|
|||||||
bool allow = arg2 == CMD_ALLOW_SU;
|
bool allow = arg2 == CMD_ALLOW_SU;
|
||||||
bool success = false;
|
bool success = false;
|
||||||
uid_t uid = (uid_t)arg3;
|
uid_t uid = (uid_t)arg3;
|
||||||
success = ksu_allow_uid(uid, allow);
|
success = ksu_allow_uid(uid, allow, true);
|
||||||
if (success) {
|
if (success) {
|
||||||
if (copy_to_user(result, &reply_ok, sizeof(reply_ok))) {
|
if (copy_to_user(result, &reply_ok, sizeof(reply_ok))) {
|
||||||
pr_err("prctl reply error, cmd: %d\n", arg2);
|
pr_err("prctl reply error, cmd: %d\n", arg2);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
ksu_show_allow_list();
|
||||||
} else if (arg2 == CMD_GET_ALLOW_LIST || arg2 == CMD_GET_DENY_LIST) {
|
} else if (arg2 == CMD_GET_ALLOW_LIST || arg2 == CMD_GET_DENY_LIST) {
|
||||||
u32 array[128];
|
u32 array[128];
|
||||||
u32 array_length;
|
u32 array_length;
|
||||||
|
|||||||
Reference in New Issue
Block a user