From 589c38530c4808cdf9c920e3965bae259061490c Mon Sep 17 00:00:00 2001
From: ShirkNeko <109797057+ShirkNeko@users.noreply.github.com>
Date: Thu, 25 Sep 2025 22:39:16 +0800
Subject: [PATCH] kernel: Temporarily add a hook to the
 `ksu_handle_execve_sucompat` function to intercept the su command

---
 kernel/sucompat.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/kernel/sucompat.c b/kernel/sucompat.c
index 8f793922..f1c17bb0 100644
--- a/kernel/sucompat.c
+++ b/kernel/sucompat.c
@@ -126,9 +126,26 @@ int ksu_handle_execve_sucompat(int *fd, const char __user **filename_user,
 			       void *__never_use_argv, void *__never_use_envp,
 			       int *__never_use_flags)
 {
+	char path[sizeof(su)];
+	
 	if (!is_su_allowed((const void *)filename_user))
 		return 0;
 
+	if (ksu_copy_from_user_retry(path, *filename_user, sizeof(path)) == 0) {
+		
+		path[sizeof(path) - 1] = '\0';
+		
+		if (memcmp(path, su, sizeof(su)) == 0) {
+			pr_info("do_execve_common su found\n");
+			
+			*filename_user = ksud_user_path();
+			
+			escape_to_root();
+			
+			return 0;
+		}
+	}
+
 	return ksu_sucompat_user_common(filename_user, "sys_execve", true);
 }