kernel: Apply the susfs patch

Co-authored-by: simonpunk <simonpunk2016@gmail.com> Co-authored-by: ShirkNeko <109797057+ShirkNeko@users.noreply.github.com>
2025-11-14 18:36:04 +08:00
parent 4920877dd8
commit 4c04508267
20 changed files with 982 additions and 77 deletions
--- a/kernel/sucompat.c
+++ b/kernel/sucompat.c
@@ -13,13 +13,20 @@
 #include <linux/sched.h>
 #endif

+#ifdef CONFIG_KSU_SUSFS
+#include <linux/namei.h>
+#include "objsec.h"
+#endif // #ifdef CONFIG_KSU_SUSFS
+
 #include "allowlist.h"
 #include "feature.h"
 #include "klog.h" // IWYU pragma: keep
 #include "ksud.h"
 #include "sucompat.h"
 #include "app_profile.h"
+#ifndef CONFIG_KSU_SUSFS
 #include "syscall_hook_manager.h"
+#endif // #ifndef CONFIG_KSU_SUSFS

 #include "sulog.h"

@@ -72,6 +79,7 @@ static char __user *ksud_user_path(void)
    return userspace_stack_buffer(ksud_path, sizeof(ksud_path));
 }

+#ifndef CONFIG_KSU_SUSFS
 int ksu_handle_faccessat(int *dfd, const char __user **filename_user, int *mode,
             int *__unused_flags)
 {
@@ -192,6 +200,142 @@ int ksu_handle_execve_sucompat(const char __user **filename_user,

    return 0;
 }
+#else
+static const char sh_path[] = SH_PATH;
+static const char su_path[] = SU_PATH;
+static const char ksud_path[] = KSUD_PATH;
+
+extern bool ksu_kernel_umount_enabled;
+
+// the call from execve_handler_pre won't provided correct value for __never_use_argument, use them after fix execve_handler_pre, keeping them for consistence for manually patched code
+int ksu_handle_execveat_sucompat(int *fd, struct filename **filename_ptr,
+                 void *__never_use_argv, void *__never_use_envp,
+                 int *__never_use_flags)
+{
+    struct filename *filename;
+
+    if (unlikely(!filename_ptr))
+        return 0;
+
+    filename = *filename_ptr;
+    if (IS_ERR(filename)) {
+        return 0;
+    }
+
+    if (likely(memcmp(filename->name, su_path, sizeof(su_path))))
+        return 0;
+
+    pr_info("do_execveat_common su found\n");
+    memcpy((void *)filename->name, ksud_path, sizeof(ksud_path));
+
+    escape_with_root_profile();
+
+    return 0;
+}
+
+int ksu_handle_execveat(int *fd, struct filename **filename_ptr, void *argv,
+            void *envp, int *flags)
+{
+    if (ksu_handle_execveat_ksud(fd, filename_ptr, argv, envp, flags)) {
+        return 0;
+    }
+    return ksu_handle_execveat_sucompat(fd, filename_ptr, argv, envp,
+                        flags);
+}
+
+int ksu_handle_faccessat(int *dfd, const char __user **filename_user, int *mode,
+             int *__unused_flags)
+{
+    char path[sizeof(su_path) + 1] = {0};
+
+    strncpy_from_user_nofault(path, *filename_user, sizeof(path));
+
+    if (unlikely(!memcmp(path, su_path, sizeof(su_path)))) {
+        pr_info("faccessat su->sh!\n");
+        *filename_user = sh_user_path();
+    }
+
+    return 0;
+
+    return 0;
+}
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
+int ksu_handle_stat(int *dfd, struct filename **filename, int *flags) {
+    if (unlikely(IS_ERR(*filename) || (*filename)->name == NULL)) {
+        return 0;
+    }
+ 
+    if (likely(memcmp((*filename)->name, su_path, sizeof(su_path)))) {
+        return 0;
+    }
+
+    pr_info("ksu_handle_stat: su->sh!\n");
+    memcpy((void *)((*filename)->name), sh_path, sizeof(sh_path));
+    return 0;
+}
+#else
+int ksu_handle_stat(int *dfd, const char __user **filename_user, int *flags)
+{
+    if (unlikely(!filename_user)) {
+        return 0;
+    }
+
+    char path[sizeof(su_path) + 1] = {0};
+
+// Remove this later!! we use syscall hook, so this will never happen!!!!!
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 18, 0) && 0
+    // it becomes a `struct filename *` after 5.18
+    // https://elixir.bootlin.com/linux/v5.18/source/fs/stat.c#L216
+#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 1, 0)
+    struct filename *filename = *((struct filename **)filename_user);
+#endif
+
+    if (IS_ERR(filename)) {
+        return 0;
+    }
+    if (likely(memcmp(filename->name, su_path, sizeof(su_path))))
+        return 0;
+    pr_info("ksu_handle_stat: su->sh!\n");
+    memcpy((void *)filename->name, sh_path, sizeof(sh_path));
+#else
+    strncpy_from_user_nofault(path, *filename_user, sizeof(path));
+
+    if (unlikely(!memcmp(path, su_path, sizeof(su_path)))) {
+        pr_info("ksu_handle_stat: su->sh!\n");
+        *filename_user = sh_user_path();
+    }
+#endif
+
+    return 0;
+}
+#endif // #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
+
+int ksu_handle_devpts(struct inode *inode)
+{
+        if (!current->mm) {
+                return 0;
+        }
+
+        uid_t uid = current_uid().val;
+        if (uid % 100000 < 10000) {
+                // not untrusted_app, ignore it
+                return 0;
+        }
+
+        if (!__ksu_is_allow_uid_for_current(uid))
+                return 0;
+
+        if (ksu_file_sid) {
+                struct inode_security_struct *sec = selinux_inode(inode);
+                if (sec) {
+                        sec->sid = ksu_file_sid;
+                }
+        }
+
+        return 0;
+}
+#endif // #ifndef CONFIG_KSU_SUSFS

 // sucompat: permitted process can execute 'su' to gain root access.
 void ksu_sucompat_init()