kernel: use sys_enter tracepoint for sucompat (#533)

* use sys_enter tracepoint for sucompat * update sucompat rules * clean tif mark * mark tif after load allow list * clear all tif first, then mark target * Fix shell su * allow when escape * fix bugs * kernel: Resolve logical inconsistencies --------- Co-authored-by: Ylarod <me@ylarod.cn> Co-authored-by: weishu <twsxtd@gmail.com>
2025-11-06 12:45:37 +08:00
parent 0ce7bc2627
commit 5323a500dd
17 changed files with 204 additions and 277 deletions
--- a/kernel/ksud.c
+++ b/kernel/ksud.c
@@ -49,7 +49,7 @@ static void stop_vfs_read_hook();
 static void stop_execve_hook();
 static void stop_input_hook();

-#ifdef CONFIG_KSU_KPROBES_HOOK
+#ifdef KSU_KPROBES_HOOK
 static struct work_struct stop_vfs_read_work;
 static struct work_struct stop_execve_hook_work;
 static struct work_struct stop_input_hook_work;
@@ -74,6 +74,9 @@ void on_post_fs_data(void)
    done = true;
    pr_info("on_post_fs_data!\n");
    ksu_load_allow_list();
+    extern void ksu_mark_running_process(void);
+    pr_info("mark tif for running process\n");
+    ksu_mark_running_process();
    ksu_observer_init();
    // sanity check, this may influence the performance
    stop_input_hook();
@@ -268,7 +271,7 @@ static ssize_t read_iter_proxy(struct kiocb *iocb, struct iov_iter *to)
 int ksu_handle_vfs_read(struct file **file_ptr, char __user **buf_ptr,
            size_t *count_ptr, loff_t **pos)
 {
-#ifndef CONFIG_KSU_KPROBES_HOOK
+#ifndef KSU_KPROBES_HOOK
     if (!ksu_vfs_read_hook) {
         return 0;
     }
@@ -381,7 +384,7 @@ static bool is_volumedown_enough(unsigned int count)
 int ksu_handle_input_handle_event(unsigned int *type, unsigned int *code,
                  int *value)
 {
-#ifndef CONFIG_KSU_KPROBES_HOOK
+#ifndef KSU_KPROBES_HOOK
     if (!ksu_input_hook) {
         return 0;
     }
@@ -423,7 +426,7 @@ bool ksu_is_safe_mode()
    return false;
 }

-#ifdef CONFIG_KSU_KPROBES_HOOK
+#ifdef KSU_KPROBES_HOOK
 static int sys_execve_handler_pre(struct kprobe *p, struct pt_regs *regs)
 {
    /*
@@ -596,7 +599,7 @@ static void do_stop_input_hook(struct work_struct *work)

 static void stop_vfs_read_hook()
 {
-#ifdef CONFIG_KSU_KPROBES_HOOK
+#ifdef KSU_KPROBES_HOOK
    bool ret = schedule_work(&stop_vfs_read_work);
    pr_info("unregister vfs_read kprobe: %d!\n", ret);
 #else
@@ -607,7 +610,7 @@ static void stop_vfs_read_hook()

 static void stop_execve_hook()
 {
-#ifdef CONFIG_KSU_KPROBES_HOOK
+#ifdef KSU_KPROBES_HOOK
    bool ret = schedule_work(&stop_execve_hook_work);
    pr_info("unregister execve kprobe: %d!\n", ret);
 #else
@@ -623,7 +626,7 @@ static void stop_input_hook()
        return;
    }
    input_hook_stopped = true;
-#ifdef CONFIG_KSU_KPROBES_HOOK
+#ifdef KSU_KPROBES_HOOK
    bool ret = schedule_work(&stop_input_hook_work);
    pr_info("unregister input kprobe: %d!\n", ret);
 #else
@@ -635,7 +638,7 @@ static void stop_input_hook()
 // ksud: module support
 void ksu_ksud_init()
 {
-#ifdef CONFIG_KSU_KPROBES_HOOK
+#ifdef KSU_KPROBES_HOOK
    int ret;

    ret = register_kprobe(&execve_kp);
@@ -655,7 +658,7 @@ void ksu_ksud_init()

 void ksu_ksud_exit()
 {
-#ifdef CONFIG_KSU_KPROBES_HOOK
+#ifdef KSU_KPROBES_HOOK
    unregister_kprobe(&execve_kp);
    // this should be done before unregister vfs_read_kp
    // unregister_kprobe(&vfs_read_kp);