fix lot (#518)

* refact: use feature subsystem * use 64bit feature * fix * add fixme * add feature max to get_info * use 32bit feature id * allow root to get/set feature * more clean perm_check functions * fix * add feature command to ksud kernel: do not expose perm checker * fix security_task_fix_setuid_handler_pre * add android16-6.12 ci * manager: add kernel_umount switch Co-authored-by: YuKongA <70465933+YuKongA@users.noreply.github.com> * manager: Reinstate the LKM selection function * kernel: add name and print command value - Optimise sulog log display Co-authored-by: Ylarod <me@ylarod.cn> Co-authored-by: ShirkNeko <109797057+ShirkNeko@users.noreply.github.com> * fix * ksud: clippy --------- Co-authored-by: Ylarod <me@ylarod.cn> Co-authored-by: YuKongA <70465933+YuKongA@users.noreply.github.com> Co-authored-by: weishu <twsxtd@gmail.com>
2025-11-02 20:01:24 +08:00
parent 00de4e1c64
commit 47bcc956a3
26 changed files with 963 additions and 852 deletions
--- a/kernel/supercalls.h
+++ b/kernel/supercalls.h
@@ -18,6 +18,7 @@ struct ksu_become_daemon_cmd {
 struct ksu_get_info_cmd {
    __u32 version; // Output: KERNEL_SU_VERSION
    __u32 flags; // Output: flags (bit 0: MODULE mode)
+    __u32 features; // Output: max feature ID supported
 };

 struct ksu_report_event_cmd {
@@ -61,12 +62,15 @@ struct ksu_set_app_profile_cmd {
    struct app_profile profile; // Input: app profile structure
 };

-struct ksu_is_su_enabled_cmd {
-    __u8 enabled; // Output: true if su compat enabled
+struct ksu_get_feature_cmd {
+    __u32 feature_id; // Input: feature ID (enum ksu_feature_id)
+    __u64 value; // Output: feature value/state
+    __u8 supported; // Output: true if feature is supported, false otherwise
 };

-struct ksu_enable_su_cmd {
-    __u8 enable; // Input: true to enable, false to disable
+struct ksu_set_feature_cmd {
+    __u32 feature_id; // Input: feature ID (enum ksu_feature_id)
+    __u64 value; // Input: feature value/state to set
 };

 // Other command structures
@@ -109,8 +113,8 @@ struct ksu_enable_uid_scanner_cmd {
 #define KSU_IOCTL_GET_MANAGER_UID _IOR('K', 10, struct ksu_get_manager_uid_cmd)
 #define KSU_IOCTL_GET_APP_PROFILE _IOWR('K', 11, struct ksu_get_app_profile_cmd)
 #define KSU_IOCTL_SET_APP_PROFILE _IOW('K', 12, struct ksu_set_app_profile_cmd)
-#define KSU_IOCTL_IS_SU_ENABLED _IOR('K', 13, struct ksu_is_su_enabled_cmd)
-#define KSU_IOCTL_ENABLE_SU _IOW('K', 14, struct ksu_enable_su_cmd)
+#define KSU_IOCTL_GET_FEATURE _IOWR('K', 13, struct ksu_get_feature_cmd)
+#define KSU_IOCTL_SET_FEATURE _IOW('K', 14, struct ksu_set_feature_cmd)
 // Other IOCTL command definitions
 #define KSU_IOCTL_GET_FULL_VERSION _IOR('K', 100, struct ksu_get_full_version_cmd)
 #define KSU_IOCTL_HOOK_TYPE _IOR('K', 101, struct ksu_hook_type_cmd)
@@ -123,18 +127,12 @@ struct ksu_enable_uid_scanner_cmd {
 typedef int (*ksu_ioctl_handler_t)(void __user *arg);
 typedef bool (*ksu_perm_check_t)(void);

-// Permission check functions
-bool perm_check_manager(void);
-bool perm_check_root(void);
-bool perm_check_basic(void);
-bool perm_check_all(void);
-
 // IOCTL command mapping
 struct ksu_ioctl_cmd_map {
    unsigned int cmd;
+    const char *name;
    ksu_ioctl_handler_t handler;
    ksu_perm_check_t perm_check; // Permission check function
-    const char *name; // Command name for logging
 };

 // Install KSU fd to current process