From 23ed4384e625ac447859cad033c6522aaf9e9d47 Mon Sep 17 00:00:00 2001 From: ShirkNeko <109797057+ShirkNeko@users.noreply.github.com> Date: Thu, 25 Sep 2025 16:13:07 +0800 Subject: [PATCH] Revert "Unmount isolated process which forks from zygote unconditionally (#2747)" This reverts commit 695e749e3e99500fb0ec96f21aab5ce5f516ad79. --- kernel/core_hook.c | 29 +++++++++-------------------- 1 file changed, 9 insertions(+), 20 deletions(-) diff --git a/kernel/core_hook.c b/kernel/core_hook.c index 63c066f9..9387e994 100644 --- a/kernel/core_hook.c +++ b/kernel/core_hook.c @@ -66,7 +66,7 @@ static inline bool is_allow_su() return ksu_is_allow_uid(current_uid().val); } -static inline bool is_unsupported_app_uid(uid_t uid) +static inline bool is_unsupported_uid(uid_t uid) { #define LAST_APPLICATION_UID 19999 uid_t appid = uid % 100000; @@ -628,13 +628,14 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3, return 0; } -static bool is_non_appuid(kuid_t uid) +static bool is_appuid(kuid_t uid) { #define PER_USER_RANGE 100000 #define FIRST_APPLICATION_UID 10000 +#define LAST_APPLICATION_UID 19999 uid_t appid = uid.val % PER_USER_RANGE; - return appid < FIRST_APPLICATION_UID; + return appid >= FIRST_APPLICATION_UID && appid <= LAST_APPLICATION_UID; } static bool should_umount(struct path *path) @@ -706,25 +707,13 @@ int ksu_handle_setuid(struct cred *new, const struct cred *old) return 0; } - if (is_non_appuid(new_uid)) { -#ifdef CONFIG_KSU_DEBUG - pr_info("handle setuid ignore non application uid: %d\n", new_uid.val); -#endif + if (!is_appuid(new_uid) || is_unsupported_uid(new_uid.val)) { + // pr_info("handle setuid ignore non application or isolated uid: %d\n", new_uid.val); return 0; } - // isolated process may be directly forked from zygote, always unmount - if (is_unsupported_app_uid(new_uid.val)) { -#ifdef CONFIG_KSU_DEBUG - pr_info("handle umount for unsupported application uid: %d\n", new_uid.val); -#endif - goto do_umount; - } - if (ksu_is_allow_uid(new_uid.val)) { -#ifdef CONFIG_KSU_DEBUG - pr_info("handle setuid ignore allowed application: %d\n", new_uid.val); -#endif + // pr_info("handle setuid ignore allowed application: %d\n", new_uid.val); return 0; } @@ -736,11 +725,11 @@ int ksu_handle_setuid(struct cred *new, const struct cred *old) #endif } -do_umount: // check old process's selinux context, if it is not zygote, ignore it! // because some su apps may setuid to untrusted_app but they are in global mount namespace // when we umount for such process, that is a disaster! - if (!is_zygote(old->security)) { + bool is_zygote_child = is_zygote(old->security); + if (!is_zygote_child) { pr_info("handle umount ignore non zygote child: %d\n", current->pid); return 0;