diff --git a/docs/README_CN.md b/docs/README_CN.md index ebd8252e..9231ef9e 100644 --- a/docs/README_CN.md +++ b/docs/README_CN.md @@ -2,12 +2,21 @@ # KernelSU +logo + 一个 Android 上基于内核的 root 方案。 +[![latest release badge](https://img.shields.io/github/v/release/tiann/KernelSU?label=Release&logo=github)](https://github.com/tiann/KernelSU/releases/latest) +[![weblate](https://img.shields.io/badge/Localization-Weblate-teal?logo=weblate)](https://hosted.weblate.org/engage/kernelsu) +[![Channel](https://img.shields.io/badge/Follow-Telegram-blue.svg?logo=telegram)](https://t.me/KernelSU) +[![License: GPL v2](https://img.shields.io/badge/License-GPL%20v2-orange.svg?logo=gnu)](https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html) +[![GitHub License](https://img.shields.io/github/license/tiann/KernelSU?logo=gnu)](/LICENSE) + + ## 特性 -- 基于内核的 su 和权限管理。 -- 基于 overlayfs 的模块系统。 +- 基于内核的 `su` 和权限管理。 +- 基于 [OverlayFS](https://en.wikipedia.org/wiki/OverlayFS) 的模块系统。 - [App Profile](https://kernelsu.org/guide/app-profile.html): 把 Root 权限关进笼子里。 ## 兼容状态 @@ -22,19 +31,23 @@ WSA, ChromeOS 和运行在容器上的 Android 也可以与 KernelSU 一起工 - [安装教程](https://kernelsu.org/zh_CN/guide/installation.html) - [如何构建?](https://kernelsu.org/zh_CN/guide/how-to-build.html) +- [官方网站](https://kernelsu.org/) ## 参与翻译 -要将 KernelSU 翻译成您的语言,或完善现有的翻译,请使用 [Weblate](https://hosted.weblate.org/engage/kernelsu/)。 +要将 KernelSU 翻译成您的语言,或完善现有的翻译,请使用 [Weblate](https://hosted.weblate.org/engage/kernelsu/)。现已不再接受有关管理器翻译的PR,因为这会与Weblate冲突。 ## 讨论 - Telegram: [@KernelSU](https://t.me/KernelSU) +## 安全性 +有关报告 KernelSU 安全漏洞的信息,请参阅 [SECURITY.md](/SECURITY.md). + ## 许可证 -- 目录 `kernel` 下所有文件为 [GPL-2](https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html) -- 除 `kernel` 目录的其他部分均为 [GPL-3](https://www.gnu.org/licenses/gpl-3.0.html) +- 目录 `kernel` 下所有文件为 [GPL-2.0-only](https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html) +- 除 `kernel` 目录的其他部分均为 [GPL-3.0-or-later](https://www.gnu.org/licenses/gpl-3.0.html) ## 鸣谢 diff --git a/website/docs/.vitepress/locales/zh_CN.ts b/website/docs/.vitepress/locales/zh_CN.ts index 69410f50..cdf67d6f 100644 --- a/website/docs/.vitepress/locales/zh_CN.ts +++ b/website/docs/.vitepress/locales/zh_CN.ts @@ -45,6 +45,7 @@ function sidebarGuide() { text: 'Guide', items: [ { text: '什么是 KernelSU?', link: '/zh_CN/guide/what-is-kernelsu' }, + { text: 'KernelSU 模块与 Magisk 的差异', link: '/zh_CN/guide/difference-with-magisk' }, { text: '安装', link: '/zh_CN/guide/installation' }, { text: '如何构建?', link: '/zh_CN/guide/how-to-build' }, { text: '如何为非GKI设备集成 KernelSU', link: '/zh_CN/guide/how-to-integrate-for-non-gki'}, diff --git a/website/docs/zh_CN/guide/how-to-integrate-for-non-gki.md b/website/docs/zh_CN/guide/how-to-integrate-for-non-gki.md index 40f16c71..b6789503 100644 --- a/website/docs/zh_CN/guide/how-to-integrate-for-non-gki.md +++ b/website/docs/zh_CN/guide/how-to-integrate-for-non-gki.md @@ -62,7 +62,14 @@ CONFIG_KPROBE_EVENTS=y curl -LSs "https://raw.githubusercontent.com/tiann/KernelSU/main/kernel/setup.sh" | bash - ``` -然后,手动修改内核源码,你可以参考下面这个 patch: +请注意,某些设备的defconfig文件可能在`arch/arm64/configs/设备代号_defconfig`或位于`arch/arm64/configs/vendor/设备代号_defconfig`。在您的defconfig文件中,将 `CONFIG_KSU`设置为`y`以启用KernelSU,或设置为`n`以禁用。比如在某个defconfig中: +`arch/arm64/configs/...` +```sh ++# KernelSU ++CONFIG_KSU=y +``` + +然后,将 KernelSU 调用添加到内核源代码中,这里有几个补丁可以参考: ::: code-group @@ -74,21 +81,25 @@ index ac59664eaecf..bdd585e1d2cc 100644 @@ -1890,11 +1890,14 @@ static int __do_execve_file(int fd, struct filename *filename, return retval; } - + ++#ifdef CONFIG_KSU +extern bool ksu_execveat_hook __read_mostly; +extern int ksu_handle_execveat(int *fd, struct filename **filename_ptr, void *argv, + void *envp, int *flags); +extern int ksu_handle_execveat_sucompat(int *fd, struct filename **filename_ptr, + void *argv, void *envp, int *flags); ++#endif static int do_execveat_common(int fd, struct filename *filename, struct user_arg_ptr argv, struct user_arg_ptr envp, int flags) { ++ #ifdef CONFIG_KSU + if (unlikely(ksu_execveat_hook)) + ksu_handle_execveat(&fd, &filename, &argv, &envp, &flags); + else + ksu_handle_execveat_sucompat(&fd, &filename, &argv, &envp, &flags); ++ #endif return __do_execve_file(fd, filename, argv, envp, flags, NULL); } ``` @@ -100,9 +111,11 @@ index 05036d819197..965b84d486b8 100644 @@ -348,6 +348,8 @@ SYSCALL_DEFINE4(fallocate, int, fd, int, mode, loff_t, offset, loff_t, len) return ksys_fallocate(fd, mode, offset, len); } - + ++#ifdef CONFIG_KSU +extern int ksu_handle_faccessat(int *dfd, const char __user **filename_user, int *mode, + int *flags); ++#endif /* * access() needs to use the real uid/gid, not the effective uid/gid. * We do this by temporarily clearing all FS-related capabilities and @@ -117,8 +130,9 @@ index 05036d819197..965b84d486b8 100644 struct vfsmount *mnt; int res; unsigned int lookup_flags = LOOKUP_FOLLOW; - ++ #ifdef CONFIG_KSU + ksu_handle_faccessat(&dfd, &filename, &mode, NULL); ++ #endif if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */ return -EINVAL; @@ -131,16 +145,19 @@ index 650fc7e0f3a6..55be193913b6 100644 @@ -434,10 +434,14 @@ ssize_t kernel_read(struct file *file, void *buf, size_t count, loff_t *pos) } EXPORT_SYMBOL(kernel_read); - + ++#ifdef CONFIG_KSU +extern bool ksu_vfs_read_hook __read_mostly; +extern int ksu_handle_vfs_read(struct file **file_ptr, char __user **buf_ptr, + size_t *count_ptr, loff_t **pos); ++#endif ssize_t vfs_read(struct file *file, char __user *buf, size_t count, loff_t *pos) { ssize_t ret; - ++ #ifdef CONFIG_KSU + if (unlikely(ksu_vfs_read_hook)) + ksu_handle_vfs_read(&file, &buf, &count, &pos); ++ #endif + if (!(file->f_mode & FMODE_READ)) return -EBADF; @@ -154,8 +171,10 @@ index 376543199b5a..82adcef03ecc 100644 @@ -148,6 +148,8 @@ int vfs_statx_fd(unsigned int fd, struct kstat *stat, } EXPORT_SYMBOL(vfs_statx_fd); - + ++#ifdef CONFIG_KSU +extern int ksu_handle_stat(int *dfd, const char __user **filename_user, int *flags); ++#endif + /** * vfs_statx - Get basic and extra attributes by filename @@ -163,8 +182,10 @@ index 376543199b5a..82adcef03ecc 100644 @@ -170,6 +172,7 @@ int vfs_statx(int dfd, const char __user *filename, int flags, int error = -EINVAL; unsigned int lookup_flags = LOOKUP_FOLLOW | LOOKUP_AUTOMOUNT; - + ++ #ifdef CONFIG_KSU + ksu_handle_stat(&dfd, &filename, &flags); ++ #endif if ((flags & ~(AT_SYMLINK_NOFOLLOW | AT_NO_AUTOMOUNT | AT_EMPTY_PATH | KSTAT_QUERY_FLAGS)) != 0) return -EINVAL; @@ -179,7 +200,6 @@ index 376543199b5a..82adcef03ecc 100644 4. vfs_statx,通常位于 `fs/stat.c` 如果你的内核没有 `vfs_statx`, 使用 `vfs_fstatat` 来代替它: - ```diff diff --git a/fs/stat.c b/fs/stat.c index 068fdbcc9e26..5348b7bb9db2 100644 @@ -189,7 +209,9 @@ index 068fdbcc9e26..5348b7bb9db2 100644 } EXPORT_SYMBOL(vfs_fstat); ++#ifdef CONFIG_KSU +extern int ksu_handle_stat(int *dfd, const char __user **filename_user, int *flags); ++#endif + int vfs_fstatat(int dfd, const char __user *filename, struct kstat *stat, int flag) @@ -197,8 +219,9 @@ index 068fdbcc9e26..5348b7bb9db2 100644 @@ -94,6 +96,8 @@ int vfs_fstatat(int dfd, const char __user *filename, struct kstat *stat, int error = -EINVAL; unsigned int lookup_flags = 0; - ++ #ifdef CONFIG_KSU + ksu_handle_stat(&dfd, &filename, &flag); ++ #endif + if ((flag & ~(AT_SYMLINK_NOFOLLOW | AT_NO_AUTOMOUNT | AT_EMPTY_PATH)) != 0) @@ -215,9 +238,11 @@ index 2ff887661237..e758d7db7663 100644 @@ -355,6 +355,9 @@ SYSCALL_DEFINE4(fallocate, int, fd, int, mode, loff_t, offset, loff_t, len) return error; } - + ++#ifdef CONFIG_KSU +extern int ksu_handle_faccessat(int *dfd, const char __user **filename_user, int *mode, + int *flags); ++#endif + /* * access() needs to use the real uid/gid, not the effective uid/gid. @@ -225,8 +250,9 @@ index 2ff887661237..e758d7db7663 100644 @@ -370,6 +373,8 @@ SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode) int res; unsigned int lookup_flags = LOOKUP_FOLLOW; - ++ #ifdef CONFIG_KSU + ksu_handle_faccessat(&dfd, &filename, &mode, NULL); ++ #endif + if (mode & ~S_IRWXO) /* where's F_OK, X_OK, W_OK, R_OK? */ return -EINVAL; @@ -246,17 +272,20 @@ index 45306f9ef247..815091ebfca4 100755 @@ -367,10 +367,13 @@ static int input_get_disposition(struct input_dev *dev, return disposition; } - + ++#ifdef CONFIG_KSU +extern bool ksu_input_hook __read_mostly; +extern int ksu_handle_input_handle_event(unsigned int *type, unsigned int *code, int *value); ++#endif + static void input_handle_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) { int disposition = input_get_disposition(dev, type, code, &value); -+ ++ #ifdef CONFIG_KSU + if (unlikely(ksu_input_hook)) + ksu_handle_input_handle_event(&type, &code, &value); ++ #endif if (disposition != INPUT_IGNORE_EVENT && type != EV_SYN) add_input_randomness(type, code, value);