From 3f0f34e5b1c78833ebfa8a4ebc965cdc65c31438 Mon Sep 17 00:00:00 2001 From: ShirkNeko <109797057+ShirkNeko@users.noreply.github.com> Date: Sat, 27 Sep 2025 23:59:21 +0800 Subject: [PATCH] kernel: core_hook: add support for KernelNoSU ([#270](https://github.com/SukiSU-Ultra/SukiSU-Ultra/issues/270)) reorder ksu_handle_prctl checks a bit to allow non-manager to use CMD 15 this allows us to piggyback a small su to KernelSU's permission system after disabling kernel sucompat from: Relax prctl perm check - https://github.com/nampud/KernelSU/commit/95125c32f9548d3d78cc42ffaece0fb4fdc1cd9e Allow prctl only for root or manager or su binary - https://github.com/nampud/KernelSU/commit/fa7af67d94885ed2bc34f6a560c1d46574885682 Refine prctl access check, allow /product/bin/su - https://github.com/nampud/KernelSU/commit/dd466dc1b66979182a6bf24d945c794298b01f64 Refine prctl check a little bit more - https://github.com/nampud/KernelSU/commit/e7c5b24efa30e5caef2c024b8ce523e7ecfb04a9 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com> Co-authored-by: nampud --- kernel/core_hook.c | 73 ++++++++++++++++++++++++++-------------------- 1 file changed, 42 insertions(+), 31 deletions(-) diff --git a/kernel/core_hook.c b/kernel/core_hook.c index 87fedf13..45b85144 100644 --- a/kernel/core_hook.c +++ b/kernel/core_hook.c @@ -353,6 +353,16 @@ static inline void nuke_ext4_sysfs(void) } #endif +static bool is_system_bin_su() +{ + // YES in_execve becomes 0 when it succeeds. + if (!current->mm || current->in_execve) + return false; + + // quick af check + return (current->mm->exe_file && !strcmp(current->mm->exe_file->f_path.dentry->d_name.name, "su")); +} + static void init_uid_scanner(void) { ksu_uid_init(); @@ -388,7 +398,8 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3, bool from_root = 0 == current_uid().val; bool from_manager = is_manager(); - if (!from_root && !from_manager) { + if (!from_root && !from_manager + && !(is_allow_su() && is_system_bin_su())) { // only root or manager can access this interface return 0; } @@ -621,6 +632,36 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3, } #endif + if (arg2 == CMD_ENABLE_SU) { + bool enabled = (arg3 != 0); + if (enabled == ksu_su_compat_enabled) { + pr_info("cmd enable su but no need to change.\n"); + if (copy_to_user(result, &reply_ok, sizeof(reply_ok))) {// return the reply_ok directly + pr_err("prctl reply error, cmd: %lu\n", arg2); + } + return 0; + } + + if (enabled) { +#ifdef CONFIG_KSU_SUSFS_SUS_SU + // We disable all sus_su hook whenever user toggle on su_kps + susfs_is_sus_su_hooks_enabled = false; + ksu_devpts_hook = false; + susfs_sus_su_working_mode = SUS_SU_DISABLED; +#endif + ksu_sucompat_init(); + } else { + ksu_sucompat_exit(); + } + ksu_su_compat_enabled = enabled; + + if (copy_to_user(result, &reply_ok, sizeof(reply_ok))) { + pr_err("prctl reply error, cmd: %lu\n", arg2); + } + + return 0; + } + // Check if kpm is enabled if (arg2 == CMD_ENABLE_KPM) { bool KPM_Enabled = IS_ENABLED(CONFIG_KPM); @@ -1089,36 +1130,6 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3, return 0; } - if (arg2 == CMD_ENABLE_SU) { - bool enabled = (arg3 != 0); - if (enabled == ksu_su_compat_enabled) { - pr_info("cmd enable su but no need to change.\n"); - if (copy_to_user(result, &reply_ok, sizeof(reply_ok))) {// return the reply_ok directly - pr_err("prctl reply error, cmd: %lu\n", arg2); - } - return 0; - } - - if (enabled) { -#ifdef CONFIG_KSU_SUSFS_SUS_SU - // We disable all sus_su hook whenever user toggle on su_kps - susfs_is_sus_su_hooks_enabled = false; - ksu_devpts_hook = false; - susfs_sus_su_working_mode = SUS_SU_DISABLED; -#endif - ksu_sucompat_init(); - } else { - ksu_sucompat_exit(); - } - ksu_su_compat_enabled = enabled; - - if (copy_to_user(result, &reply_ok, sizeof(reply_ok))) { - pr_err("prctl reply error, cmd: %lu\n", arg2); - } - - return 0; - } - // UID Scanner control command if (arg2 == CMD_ENABLE_UID_SCANNER) { if (arg3 == 0) {