fix lot (#518)

* refact: use feature subsystem

* use 64bit feature

* fix

* add fixme

* add feature max to get_info

* use 32bit feature id

* allow root to get/set feature

* more clean perm_check functions

* fix

* add feature command to ksud

kernel: do not expose perm checker

* fix security_task_fix_setuid_handler_pre

* add android16-6.12 ci

* manager: add kernel_umount switch

Co-authored-by: YuKongA <70465933+YuKongA@users.noreply.github.com>

* manager: Reinstate the LKM selection function

* kernel: add name and print command value

- Optimise sulog log display

Co-authored-by: Ylarod <me@ylarod.cn>
Co-authored-by: ShirkNeko <109797057+ShirkNeko@users.noreply.github.com>

* fix

* ksud: clippy

---------

Co-authored-by: Ylarod <me@ylarod.cn>
Co-authored-by: YuKongA <70465933+YuKongA@users.noreply.github.com>
Co-authored-by: weishu <twsxtd@gmail.com>

userspace/ksud/src/ksucalls.rs

@@ -8,11 +8,13 @@ const EVENT_POST_FS_DATA: u32 = 1;
 const EVENT_BOOT_COMPLETED: u32 = 2;
 const EVENT_MODULE_MOUNTED: u32 = 3;
 
-const KSU_IOCTL_GRANT_ROOT: u32 = 0x4B01; // _IO('K', 1)
+const KSU_IOCTL_GRANT_ROOT: u32 = 0x00004b01; // _IO('K', 1)
 const KSU_IOCTL_GET_INFO: u32 = 0x80084b02; // _IOR('K', 2, struct ksu_get_info_cmd)
-const KSU_IOCTL_REPORT_EVENT: u32 = 0x40044b03; // _IOW('K', 3, struct ksu_report_event_cmd)
+const KSU_IOCTL_REPORT_EVENT: u32 = 0x40084b03; // _IOW('K', 3, struct ksu_report_event_cmd)
 const KSU_IOCTL_SET_SEPOLICY: u32 = 0xc0104b04; // _IOWR('K', 4, struct ksu_set_sepolicy_cmd)
 const KSU_IOCTL_CHECK_SAFEMODE: u32 = 0x80014b05; // _IOR('K', 5, struct ksu_check_safemode_cmd)
+const KSU_IOCTL_GET_FEATURE: u32 = 0xc00c4b0d; // _IOWR('K', 13, struct ksu_get_feature_cmd)
+const KSU_IOCTL_SET_FEATURE: u32 = 0x40084b0e; // _IOW('K', 14, struct ksu_set_feature_cmd)
 
 #[repr(C)]
 #[derive(Clone, Copy, Default)]
@@ -39,6 +41,21 @@ struct CheckSafemodeCmd {
     in_safe_mode: u8,
 }
 
+#[repr(C)]
+#[derive(Clone, Copy, Default)]
+struct GetFeatureCmd {
+    feature_id: u32,
+    value: u64,
+    supported: u8,
+}
+
+#[repr(C)]
+#[derive(Clone, Copy, Default)]
+struct SetFeatureCmd {
+    feature_id: u32,
+    value: u64,
+}
+
 // Global driver fd cache
 #[cfg(any(target_os = "linux", target_os = "android"))]
 static DRIVER_FD: OnceLock<RawFd> = OnceLock::new();
@@ -183,4 +200,23 @@ pub fn set_sepolicy(cmd: &SetSepolicyCmd) -> std::io::Result<()> {
     let mut ioctl_cmd = *cmd;
     ksuctl(KSU_IOCTL_SET_SEPOLICY, &mut ioctl_cmd as *mut _)?;
     Ok(())
-}
+}
+
+/// Get feature value and support status from kernel
+/// Returns (value, supported)
+pub fn get_feature(feature_id: u32) -> std::io::Result<(u64, bool)> {
+    let mut cmd = GetFeatureCmd {
+        feature_id,
+        value: 0,
+        supported: 0,
+    };
+    ksuctl(KSU_IOCTL_GET_FEATURE, &mut cmd as *mut _)?;
+    Ok((cmd.value, cmd.supported != 0))
+}
+
+/// Set feature value in kernel
+pub fn set_feature(feature_id: u32, value: u64) -> std::io::Result<()> {
+    let mut cmd = SetFeatureCmd { feature_id, value };
+    ksuctl(KSU_IOCTL_SET_FEATURE, &mut cmd as *mut _)?;
+    Ok(())
+}