kernel: intercept devpts via security_inode_permission LSM

* This changes: + Avoid conflicts with other devpts hooks. + We keep pts_unix98_pre for KPROBES for simplifying things. Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> Signed-off-by: rsuntk <rsuntk@yukiprjkt.my.id>
2025-06-16 01:45:08 +07:00
parent d13233f566
commit 2394fc67fc
2 changed files with 33 additions and 0 deletions
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -62,6 +62,17 @@ ifeq ($(shell grep -q "int\s\+path_umount" $(srctree)/fs/namespace.c; echo $$?),
 ccflags-y += -DKSU_HAS_PATH_UMOUNT
 endif

+# we have pts_unix98/devpts_get_priv hook compat !!
+KSU_HAS_DEVPTS_INODE := $(shell grep -q "int\s\+ksu_handle_devpts" $(srctree)/fs/devpts/inode.c; echo $$?)
+KSU_HAS_PTS_UNIX98 := $(shell grep -q "int\s\+ksu_handle_devpts" $(srctree)/drivers/tty/pty.c; echo $$?)
+
+# It's impossible to have them both! neither KSU_HAS_DEVPTS_INODE/PTS_UNIX98 will detect 1 value!
+# If both of them weren't exist, KSU_HAS_DEVPTS_HANDLER value gonna be 2.
+$(eval KSU_DEVPTS_HANDLER_EXIST=$(shell expr $(KSU_HAS_DEVPTS_INODE) + $(KSU_HAS_PTS_UNIX98)))
+ifeq ($(KSU_DEVPTS_HANDLER_EXIST),1)
+ccflags-y += -DKSU_HAS_DEVPTS_HANDLER
+endif
+
 # Checks Samsung UH drivers
 ifeq ($(shell grep -q "CONFIG_KDP_CRED" $(srctree)/kernel/cred.c; echo $$?),0)
 ccflags-y += -DSAMSUNG_UH_DRIVER_EXIST