kernel: opt allowlist persist and log (#119)
* kernel: persist on need * kernel: opt log for ksu_allow_uid
This commit is contained in:
Ylarod
GitHub
@@ -2,6 +2,7 @@
|
||||
#include "linux/fs.h"
|
||||
#include "linux/kernel.h"
|
||||
#include "linux/list.h"
|
||||
#include "linux/printk.h"
|
||||
#include "linux/slab.h"
|
||||
|
||||
#include "selinux/selinux.h"
|
||||
@@ -26,7 +27,17 @@ static struct work_struct ksu_load_work;
|
||||
|
||||
bool persistent_allow_list(void);
|
||||
|
||||
bool ksu_allow_uid(uid_t uid, bool allow)
|
||||
void ksu_show_allow_list(void){
|
||||
struct perm_data *p = NULL;
|
||||
struct list_head *pos = NULL;
|
||||
pr_info("ksu_show_allow_list");
|
||||
list_for_each (pos, &allow_list) {
|
||||
p = list_entry(pos, struct perm_data, list);
|
||||
pr_info("uid :%d, allow: %d\n", p->uid, p->allow);
|
||||
}
|
||||
}
|
||||
|
||||
bool ksu_allow_uid(uid_t uid, bool allow, bool persist)
|
||||
{
|
||||
// find the node first!
|
||||
struct perm_data *p = NULL;
|
||||
@@ -34,7 +45,6 @@ bool ksu_allow_uid(uid_t uid, bool allow)
|
||||
bool result = false;
|
||||
list_for_each (pos, &allow_list) {
|
||||
p = list_entry(pos, struct perm_data, list);
|
||||
pr_info("ksu_allow_uid :%d, allow: %d\n", p->uid, p->allow);
|
||||
if (uid == p->uid) {
|
||||
p->allow = allow;
|
||||
result = true;
|
||||
@@ -55,8 +65,8 @@ bool ksu_allow_uid(uid_t uid, bool allow)
|
||||
result = true;
|
||||
|
||||
exit:
|
||||
|
||||
persistent_allow_list();
|
||||
if (persist)
|
||||
persistent_allow_list();
|
||||
|
||||
return result;
|
||||
}
|
||||
@@ -169,7 +179,7 @@ void do_load_allow_list(struct work_struct *work)
|
||||
#ifdef CONFIG_KSU_DEBUG
|
||||
int errno = PTR_ERR(fp);
|
||||
if (errno == -ENOENT) {
|
||||
ksu_allow_uid(2000, true); // allow adb shell by default
|
||||
ksu_allow_uid(2000, true, true); // allow adb shell by default
|
||||
} else {
|
||||
pr_err("load_allow_list open file failed: %d\n",
|
||||
PTR_ERR(fp));
|
||||
@@ -207,11 +217,11 @@ void do_load_allow_list(struct work_struct *work)
|
||||
|
||||
pr_info("load_allow_uid: %d, allow: %d\n", uid, allow);
|
||||
|
||||
ksu_allow_uid(uid, allow);
|
||||
ksu_allow_uid(uid, allow, false);
|
||||
}
|
||||
|
||||
exit:
|
||||
|
||||
ksu_show_allow_list();
|
||||
filp_close(fp, 0);
|
||||
}
|
||||
|
||||
|
||||
@@ -9,9 +9,11 @@ void ksu_allowlist_exit(void);
|
||||
|
||||
bool ksu_load_allow_list(void);
|
||||
|
||||
void ksu_show_allow_list(void);
|
||||
|
||||
bool ksu_is_allow_uid(uid_t uid);
|
||||
|
||||
bool ksu_allow_uid(uid_t uid, bool allow);
|
||||
bool ksu_allow_uid(uid_t uid, bool allow, bool persist);
|
||||
|
||||
bool ksu_get_allow_list(int *array, int *length, bool allow);
|
||||
|
||||
|
||||
@@ -184,7 +184,7 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
|
||||
} else {
|
||||
pr_info("deny root for: %d\n", current_uid());
|
||||
// add it to deny list!
|
||||
ksu_allow_uid(current_uid().val, false);
|
||||
ksu_allow_uid(current_uid().val, false, true);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
@@ -211,12 +211,13 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
|
||||
bool allow = arg2 == CMD_ALLOW_SU;
|
||||
bool success = false;
|
||||
uid_t uid = (uid_t)arg3;
|
||||
success = ksu_allow_uid(uid, allow);
|
||||
success = ksu_allow_uid(uid, allow, true);
|
||||
if (success) {
|
||||
if (copy_to_user(result, &reply_ok, sizeof(reply_ok))) {
|
||||
pr_err("prctl reply error, cmd: %d\n", arg2);
|
||||
}
|
||||
}
|
||||
ksu_show_allow_list();
|
||||
} else if (arg2 == CMD_GET_ALLOW_LIST || arg2 == CMD_GET_DENY_LIST) {
|
||||
u32 array[128];
|
||||
u32 array_length;
|
||||
|
||||
Reference in New Issue
Block a user