diff --git a/kernel/Makefile b/kernel/Makefile index 7622754c..4b1f9181 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -153,6 +153,11 @@ ifeq ($(shell grep -q "struct proc_ops " $(srctree)/include/linux/proc_fs.h; ech ccflags-y += -DKSU_COMPAT_HAS_PROC_OPS endif +# Struct selinux_state check +ifeq ($(shell grep -q "struct selinux_state " $(srctree)/security/selinux/include/security.h; echo $$?),0) +ccflags-y += -DKSU_COMPAT_HAS_SELINUX_STATE +endif + # Custom Signs ifdef KSU_EXPECTED_SIZE ccflags-y += -DEXPECTED_SIZE=$(KSU_EXPECTED_SIZE) diff --git a/kernel/core_hook.c b/kernel/core_hook.c index d47e3e37..25fa46e0 100644 --- a/kernel/core_hook.c +++ b/kernel/core_hook.c @@ -1063,7 +1063,11 @@ int ksu_handle_setuid(struct cred *new, const struct cred *old) if (!is_ksu_domain()) { pr_warn("find suspicious EoP: %d %s, from %d to %d\n", current->pid, current->comm, old_uid.val, new_uid.val); +#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 2, 0) force_sig(SIGKILL); +#else + force_sig(SIGKILL, current); +#endif return 0; } } @@ -1072,7 +1076,11 @@ int ksu_handle_setuid(struct cred *new, const struct cred *old) if (new_uid.val < old_uid.val && !ksu_is_allow_uid_for_current(old_uid.val)) { pr_warn("find suspicious EoP: %d %s, from %d to %d\n", current->pid, current->comm, old_uid.val, new_uid.val); +#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 2, 0) force_sig(SIGKILL); +#else + force_sig(SIGKILL, current); +#endif return 0; } } @@ -1239,7 +1247,11 @@ int ksu_handle_setuid(struct cred *new, const struct cred *old) if (!is_ksu_domain()) { pr_warn("find suspicious EoP: %d %s, from %d to %d\n", current->pid, current->comm, old_uid.val, new_uid.val); +#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 2, 0) force_sig(SIGKILL); +#else + force_sig(SIGKILL, current); +#endif return 0; } } @@ -1248,7 +1260,11 @@ int ksu_handle_setuid(struct cred *new, const struct cred *old) if (new_uid.val < old_uid.val && !ksu_is_allow_uid_for_current(old_uid.val)) { pr_warn("find suspicious EoP: %d %s, from %d to %d\n", current->pid, current->comm, old_uid.val, new_uid.val); +#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 2, 0) force_sig(SIGKILL); +#else + force_sig(SIGKILL, current); +#endif return 0; } } diff --git a/kernel/file_proxy.c b/kernel/file_proxy.c index ba128e19..5829c769 100644 --- a/kernel/file_proxy.c +++ b/kernel/file_proxy.c @@ -278,7 +278,7 @@ static int ksu_file_proxy_fadvise(struct file *fp, loff_t off1, loff_t off2, int static int ksu_wrapper_clone_file_range(struct file *file_in, loff_t pos_in, struct file *file_out, loff_t pos_out, u64 len) { // TODO: determine which file to use - struct ksu_file_wrapper* data = file_in->private_data; + struct ksu_file_proxy* data = file_in->private_data; struct file* orig = data->orig; if (orig->f_op->clone_file_range) { return orig->f_op->clone_file_range(orig, pos_in, file_out, pos_out, len); @@ -289,7 +289,7 @@ static int ksu_wrapper_clone_file_range(struct file *file_in, loff_t pos_in, static ssize_t ksu_wrapper_dedupe_file_range(struct file *src_file, u64 loff, u64 len, struct file *dst_file, u64 dst_loff) { // TODO: determine which file to use - struct ksu_file_wrapper* data = src_file->private_data; + struct ksu_file_proxy* data = src_file->private_data; struct file* orig = data->orig; if (orig->f_op->dedupe_file_range) { return orig->f_op->dedupe_file_range(orig, loff, len, dst_file, dst_loff); diff --git a/kernel/selinux/selinux.h b/kernel/selinux/selinux.h index de176989..1cafd579 100644 --- a/kernel/selinux/selinux.h +++ b/kernel/selinux/selinux.h @@ -5,7 +5,7 @@ #include #include "linux/sched.h" -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 0)) || defined(KSU_COMPAT_HAS_SELINUX_STATE) +#ifdef KSU_COMPAT_HAS_SELINUX_STATE #define KSU_COMPAT_USE_SELINUX_STATE #endif