Deprecated AUTO_ADD_TRY_UMOUNT_FOR_BIND_MOUNT, the leftover add_sus_mount cli and umount_for_zygote_system_process

Reason:
 - AUTO_ADD_TRY_UMOUNT_FOR_BIND_MOUNT is also causing a bit more performance overheads and still it cannot catch all the sus mounts in all situations. Actually it can easily be done in boot-completed.sh, and it should be more accurate, see module templates for more details.

- Official KernelSU also allows ksud to add custom path to try_umount list as well, users can use their own way to add only the desired sus mounts to try_umount list, but remember to disable susfs ADD_TRY_UMOUNT in kernel if users want to use the official one.

- There are less use cases for umount_for_zygote_system_process, and sometimes enabling this may cause bootloop with some modules enabled, instead user can use busybox nsenter to umount the sus mounts for specific process later by themmselves.

Co-authored-by: simonpunk <simonpunk2016@gmail.com>

kernel/Kconfig

@@ -99,16 +99,7 @@ config KSU_SUSFS_TRY_UMOUNT
 	default y
 	help
 		- Allow using try_umount to umount other user-defined mount paths prior to ksu's default umount paths.
-		- Effective on all NO-root-access-granted processes.
+		- Effective only on zygote spawned umounted user app process.
-
-config KSU_SUSFS_AUTO_ADD_TRY_UMOUNT_FOR_BIND_MOUNT
-	bool "Enable to add bind mounts to ksu's try_umount automatically (experimental)"
-	depends on KSU_SUSFS_TRY_UMOUNT
-	default y
-	help
-		- Automatically add binded mounts to ksu's try_umount.
-		- No susfs command is needed in userspace.
-		- Only mount operation from process with ksu domain will be checked.
 
 config KSU_SUSFS_SPOOF_UNAME
 	bool "Enable to spoof uname"

kernel/kernel_umount.c

@@ -55,12 +55,7 @@ static const struct ksu_feature_handler kernel_umount_handler = {
 };
 
 #ifdef CONFIG_KSU_SUSFS
-#if defined(CONFIG_KSU_SUSFS_TRY_UMOUNT) && defined(CONFIG_KSU_SUSFS_ENABLE_LOG)
 extern bool susfs_is_log_enabled;
-#endif // #if defined(CONFIG_KSU_SUSFS_TRY_UMOUNT) && defined(CONFIG_KSU_SUSFS_ENABLE_LOG)
-#ifdef CONFIG_KSU_SUSFS_TRY_UMOUNT
-extern void susfs_try_umount(void);
-#endif // #ifdef CONFIG_KSU_SUSFS_TRY_UMOUNT
 #endif // #ifdef CONFIG_KSU_SUSFS
 
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 9, 0) ||                           \
@@ -116,20 +111,9 @@ void try_umount(const char *mnt, int flags)
 		return;
 	}
 
-#if defined(CONFIG_KSU_SUSFS_TRY_UMOUNT) && defined(CONFIG_KSU_SUSFS_ENABLE_LOG)
-	if (susfs_is_log_enabled) {
-		pr_info("susfs: umounting '%s'\n", mnt);
-	}
-#endif // #if defined(CONFIG_KSU_SUSFS_TRY_UMOUNT) && defined(CONFIG_KSU_SUSFS_ENABLE_LOG)
-
 	ksu_umount_mnt(mnt, &path, flags);
 }
 
-#ifdef CONFIG_KSU_SUSFS_TRY_UMOUNT
-void susfs_try_umount_all(void) {
-	susfs_try_umount();
-}
-#endif // #ifdef CONFIG_KSU_SUSFS_TRY_UMOUNT
 
 #if !defined(CONFIG_KSU_SUSFS) || !defined(CONFIG_KSU_SUSFS_TRY_UMOUNT)
 struct umount_tw {

kernel/setuid_hook.c

@@ -48,12 +48,6 @@
 #include "sulog.h"
 
 #ifdef CONFIG_KSU_SUSFS
-static inline bool is_some_system_uid(uid_t uid)
-{
-	uid %= 100000;
-	return (uid >= 1000 && uid < 10000);
-}
-
 static inline bool is_zygote_isolated_service_uid(uid_t uid)
 {
 	uid %= 100000;
@@ -66,8 +60,6 @@ static inline bool is_zygote_normal_app_uid(uid_t uid)
 	return (uid >= 10000 && uid < 19999);
 }
 
-bool susfs_is_umount_for_zygote_system_process_enabled = false;
-
 extern u32 susfs_zygote_sid;
 #ifdef CONFIG_KSU_SUSFS_SUS_PATH
 extern void susfs_run_sus_path_loop(uid_t uid);
@@ -77,7 +69,7 @@ extern bool susfs_is_umount_for_zygote_iso_service_enabled;
 extern void susfs_reorder_mnt_id(void);
 #endif // #ifdef CONFIG_KSU_SUSFS_SUS_MOUNT
 #ifdef CONFIG_KSU_SUSFS_TRY_UMOUNT
-extern void susfs_try_umount_all(void);
+extern void susfs_try_umount(uid_t uid);
 #endif
 #endif // #ifdef CONFIG_KSU_SUSFS
 
@@ -210,8 +202,6 @@ int ksu_handle_setresuid(uid_t ruid, uid_t euid, uid_t suid)
 	return 0;
 }
 #else
-extern bool ksu_kernel_umount_enabled;
-extern bool ksu_module_mounted;
 int ksu_handle_setresuid(uid_t ruid, uid_t euid, uid_t suid){
 	// we rely on the fact that zygote always call setresuid(3) with same uids
 	uid_t new_uid = ruid;
@@ -302,27 +292,21 @@ int ksu_handle_setresuid(uid_t ruid, uid_t euid, uid_t suid){
 		goto do_umount;
 	}
 
-	// Lastly, Check if spawned process is some system process and needs to be umounted
-	if (unlikely(is_some_system_uid(new_uid) && susfs_is_umount_for_zygote_system_process_enabled)) {
-		goto do_umount;
-	}
-
 	return 0;
 
 do_umount:
+#ifndef CONFIG_KSU_SUSFS_TRY_UMOUNT
 	if (!ksu_kernel_umount_enabled || !ksu_module_mounted) {
-		goto skip_try_umount;
+		goto skip_ksu_handle_umount;
 		
 	}
-#ifdef CONFIG_KSU_SUSFS_TRY_UMOUNT
-	pr_info("susfs: running susfs_try_umount_all() for uid: %u\n", new_uid);
-	susfs_try_umount_all();
-#else
 	// Handle kernel umount
 	ksu_handle_umount(old_uid, new_uid);
-#endif // #ifdef CONFIG_KSU_SUSFS_TRY_UMOUNT
 
-skip_try_umount:
+skip_ksu_handle_umount:
+#else
+    susfs_try_umount(new_uid);
+#endif // #ifndef CONFIG_KSU_SUSFS_TRY_UMOUNT
 
 	get_task_struct(current);
 

kernel/supercalls.c

@@ -12,6 +12,11 @@
 #include <linux/uaccess.h>
 #include <linux/version.h>
 
+#ifdef CONFIG_KSU_SUSFS
+#include <linux/namei.h>
+#include <linux/susfs.h>
+#endif // #ifdef CONFIG_KSU_SUSFS
+
 #include "supercalls.h"
 #include "arch.h"
 #include "allowlist.h"
@@ -36,33 +41,7 @@
 #endif
 
 #ifdef CONFIG_KSU_SUSFS
-#include <linux/namei.h>
-#include <linux/susfs.h>
-
 bool susfs_is_boot_completed_triggered = false;
-
-extern bool susfs_is_umount_for_zygote_system_process_enabled;
-#ifdef CONFIG_KSU_SUSFS_AUTO_ADD_TRY_UMOUNT_FOR_BIND_MOUNT
-extern bool susfs_is_auto_add_try_umount_for_bind_mount_enabled;
-#endif // #ifdef CONFIG_KSU_SUSFS_AUTO_ADD_TRY_UMOUNT_FOR_BIND_MOUNT
-
-static void susfs_on_post_fs_data(void) {
-	struct path path;
-#ifdef CONFIG_KSU_SUSFS_SUS_MOUNT
-	if (!kern_path(DATA_ADB_UMOUNT_FOR_ZYGOTE_SYSTEM_PROCESS, 0, &path)) {
-		susfs_is_umount_for_zygote_system_process_enabled = true;
-		path_put(&path);
-	}
-	pr_info("susfs_is_umount_for_zygote_system_process_enabled: %d\n", susfs_is_umount_for_zygote_system_process_enabled);
-#endif // #ifdef CONFIG_KSU_SUSFS_SUS_MOUNT
-#ifdef CONFIG_KSU_SUSFS_AUTO_ADD_TRY_UMOUNT_FOR_BIND_MOUNT
-	if (!kern_path(DATA_ADB_NO_AUTO_ADD_TRY_UMOUNT_FOR_BIND_MOUNT, 0, &path)) {
-		susfs_is_auto_add_try_umount_for_bind_mount_enabled = false;
-		path_put(&path);
-	}
-	pr_info("susfs_is_auto_add_try_umount_for_bind_mount_enabled: %d\n", susfs_is_auto_add_try_umount_for_bind_mount_enabled);
-#endif // #ifdef CONFIG_KSU_SUSFS_AUTO_ADD_TRY_UMOUNT_FOR_BIND_MOUNT
-}
 #endif // #ifdef CONFIG_KSU_SUSFS
 
 bool ksu_uid_scanner_enabled = false;
@@ -154,10 +133,6 @@ static int do_report_event(void __user *arg)
 		if (!post_fs_data_lock) {
 			post_fs_data_lock = true;
 			pr_info("post-fs-data triggered\n");
-#ifdef CONFIG_KSU_SUSFS
-			susfs_on_post_fs_data();
-			pr_info("susfs_on_post_fs_data triggered\n");
-#endif
 			on_post_fs_data();
 			init_uid_scanner();
 #if __SULOG_GATE