From 46fefc299c5290ae59394ae2abe936875315f63c Mon Sep 17 00:00:00 2001 From: ShirkNeko <109797057+ShirkNeko@users.noreply.github.com> Date: Tue, 4 Nov 2025 21:28:39 +0800 Subject: [PATCH] kernel: Remove CONFIG_KSU_MANUAL_SU protection --- kernel/Kconfig | 7 ------- kernel/Makefile | 2 -- kernel/allowlist.c | 4 +--- kernel/allowlist.h | 2 -- kernel/core_hook.c | 22 ---------------------- kernel/ksu.h | 2 -- kernel/supercalls.c | 3 --- 7 files changed, 1 insertion(+), 41 deletions(-) diff --git a/kernel/Kconfig b/kernel/Kconfig index d197f65c..7ef3d6e1 100644 --- a/kernel/Kconfig +++ b/kernel/Kconfig @@ -15,13 +15,6 @@ config KSU_DEBUG help Enable KernelSU debug mode. -config KSU_MANUAL_SU - bool "Use manual su" - depends on KSU - default y - help - Use manual su and authorize the corresponding command line and application via prctl - config KPM bool "Enable SukiSU KPM" depends on KSU && 64BIT diff --git a/kernel/Makefile b/kernel/Makefile index e258ff3f..2f922950 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -13,9 +13,7 @@ kernelsu-objs += embed_ksud.o kernelsu-objs += kernel_compat.o kernelsu-objs += throne_comm.o kernelsu-objs += sulog.o -ifeq ($(CONFIG_KSU_MANUAL_SU), y) kernelsu-objs += manual_su.o -endif ifeq ($(CONFIG_KSU_TRACEPOINT_HOOK), y) kernelsu-objs += ksu_trace.o diff --git a/kernel/allowlist.c b/kernel/allowlist.c index 6db149eb..4d34528b 100644 --- a/kernel/allowlist.c +++ b/kernel/allowlist.c @@ -527,7 +527,6 @@ void ksu_allowlist_exit(void) mutex_unlock(&allowlist_mutex); } -#ifdef CONFIG_KSU_MANUAL_SU bool ksu_temp_grant_root_once(uid_t uid) { struct app_profile profile = { @@ -602,5 +601,4 @@ void ksu_temp_revoke_root_once(uid_t uid) ksu_set_app_profile(&profile, false); persistent_allow_list(); pr_info("pending_root: UID=%d removed and persist updated\n", uid); -} -#endif \ No newline at end of file +} \ No newline at end of file diff --git a/kernel/allowlist.h b/kernel/allowlist.h index 69297f84..1b14b0b0 100644 --- a/kernel/allowlist.h +++ b/kernel/allowlist.h @@ -25,8 +25,6 @@ bool ksu_set_app_profile(struct app_profile *, bool persist); bool ksu_uid_should_umount(uid_t uid); struct root_profile *ksu_get_root_profile(uid_t uid); -#ifdef CONFIG_KSU_MANUAL_SU bool ksu_temp_grant_root_once(uid_t uid); void ksu_temp_revoke_root_once(uid_t uid); #endif -#endif diff --git a/kernel/core_hook.c b/kernel/core_hook.c index ae8666ef..fab50114 100644 --- a/kernel/core_hook.c +++ b/kernel/core_hook.c @@ -40,10 +40,7 @@ #include "kernel_compat.h" #include "supercalls.h" #include "sulog.h" - -#ifdef CONFIG_KSU_MANUAL_SU #include "manual_su.h" -#endif bool ksu_module_mounted = false; @@ -57,7 +54,6 @@ bool ksu_is_compat __read_mostly = false; extern int __ksu_handle_devpts(struct inode *inode); // sucompat.c -#ifdef CONFIG_KSU_MANUAL_SU static void ksu_try_escalate_for_uid(uid_t uid) { if (!is_pending_root(uid)) @@ -66,7 +62,6 @@ static void ksu_try_escalate_for_uid(uid_t uid) pr_info("pending_root: UID=%d temporarily allowed\n", uid); remove_pending_root(uid); } -#endif static struct workqueue_struct *ksu_workqueue; @@ -241,8 +236,6 @@ void escape_to_root(void) #endif } -#ifdef CONFIG_KSU_MANUAL_SU - static void disable_seccomp_for_task(struct task_struct *tsk) { if (!tsk->seccomp.filter && tsk->seccomp.mode == SECCOMP_MODE_DISABLED) @@ -265,7 +258,6 @@ static void disable_seccomp_for_task(struct task_struct *tsk) tsk->seccomp.filter = NULL; #endif } -#endif } void escape_to_root_for_cmd_su(uid_t target_uid, pid_t target_pid) @@ -401,11 +393,7 @@ static void sulog_prctl_cmd(uid_t uid, unsigned long cmd) const char *name = NULL; switch (cmd) { - -#ifdef CONFIG_KSU_MANUAL_SU case CMD_MANUAL_SU_REQUEST: name = "prctl_manual_su_request"; break; -#endif - default: name = "prctl_unknown"; break; } @@ -438,7 +426,6 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3, pr_info("option: 0x%x, cmd: %ld\n", option, arg2); #endif -#ifdef CONFIG_KSU_MANUAL_SU if (arg2 == CMD_MANUAL_SU_REQUEST) { struct manual_su_request request; int su_option = (int)arg3; @@ -465,7 +452,6 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3, } return 0; } -#endif return 0; } @@ -779,9 +765,7 @@ static int ksu_bprm_check_handler_pre(struct kprobe *p, struct pt_regs *regs) ksu_handle_pre_ksud(filename); -#ifdef CONFIG_KSU_MANUAL_SU ksu_try_escalate_for_uid(current_uid().val); -#endif return 0; } @@ -791,7 +775,6 @@ static struct kprobe ksu_bprm_check_kp = { .pre_handler = ksu_bprm_check_handler_pre, }; -#ifdef CONFIG_KSU_MANUAL_SU // 6. task_alloc hook for handling manual su escalation static int ksu_task_alloc_handler_pre(struct kprobe *p, struct pt_regs *regs) { @@ -805,7 +788,6 @@ static struct kprobe ksu_task_alloc_kp = { .symbol_name = "security_task_alloc", .pre_handler = ksu_task_alloc_handler_pre, }; -#endif __maybe_unused int ksu_kprobe_init(void) { @@ -852,7 +834,6 @@ __maybe_unused int ksu_kprobe_init(void) pr_info("bprm_check_security kprobe registered successfully\n"); } -#ifdef CONFIG_KSU_MANUAL_SU // Register task_alloc kprobe rc = register_kprobe(&ksu_task_alloc_kp); if (rc) { @@ -860,7 +841,6 @@ __maybe_unused int ksu_kprobe_init(void) } else { pr_info("task_alloc kprobe registered successfully\n"); } -#endif return 0; } @@ -872,9 +852,7 @@ __maybe_unused int ksu_kprobe_exit(void) unregister_kprobe(&prctl_kp); unregister_kprobe(&ksu_inode_permission_kp); unregister_kprobe(&ksu_bprm_check_kp); -#ifdef CONFIG_KSU_MANUAL_SU unregister_kprobe(&ksu_task_alloc_kp); -#endif return 0; } diff --git a/kernel/ksu.h b/kernel/ksu.h index cb36e35a..b12f2c00 100644 --- a/kernel/ksu.h +++ b/kernel/ksu.h @@ -9,9 +9,7 @@ extern bool ksu_uid_scanner_enabled; -#ifdef CONFIG_KSU_MANUAL_SU #define CMD_MANUAL_SU_REQUEST 50 -#endif #define EVENT_POST_FS_DATA 1 #define EVENT_BOOT_COMPLETED 2 diff --git a/kernel/supercalls.c b/kernel/supercalls.c index 35c1629b..0051e85c 100644 --- a/kernel/supercalls.c +++ b/kernel/supercalls.c @@ -20,10 +20,7 @@ #include "kernel_compat.h" #include "throne_comm.h" #include "dynamic_manager.h" - -#ifdef CONFIG_KSU_MANUAL_SU #include "manual_su.h" -#endif // Forward declarations from core_hook.c extern void escape_to_root(void);