kernel, ksud, manager: New supercalls implementations

* This commit squashes new supercall impl: 3138651a38..562a3b9be7 Thanks to these people below: Official KernelSU: Co-authored-by: Wang Han <416810799@qq.com> Co-authored-by: weishu <twsxtd@gmail.com> Co-authored-by: Ylarod <me@ylarod.cn> Co-authored-by: YuKongA <70465933+YuKongA@users.noreply.github.com> xxKSU maintainer: Co-authored-by: backslashxx <118538522+backslashxx@users.noreply.github.com> MMRL maintainer: Co-authored-by: Der_Googler <54764558+dergoogler@users.noreply.github.com> KSUN maintainer: Co-authored-by: Rifat Azad <33044977+rifsxd@users.noreply.github.com> KOWSU maintainer: Co-authored-by: KOWX712 <leecc0503@gmail.com>
2025-11-06 03:54:44 +08:00
parent c55a918957
commit 68f3be2cbe
23 changed files with 1804 additions and 2218 deletions
--- a/kernel/kernel_compat.c
+++ b/kernel/kernel_compat.c
@@ -7,16 +7,18 @@
 #include <linux/sched.h>
 #endif
 #include <linux/uaccess.h>
+#include <linux/filter.h>
+#include <linux/seccomp.h>
 #include "klog.h" // IWYU pragma: keep
-#include "kernel_compat.h" // Add check Huawei Device
+#include "kernel_compat.h"

-#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0) || \
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0) ||                           \
 	defined(CONFIG_IS_HW_HISI) || defined(CONFIG_KSU_ALLOWLIST_WORKAROUND)
 #include <linux/key.h>
 #include <linux/errno.h>
 #include <linux/cred.h>
-struct key *init_session_keyring = NULL;

+struct key *init_session_keyring = NULL;
 static inline int install_session_keyring(struct key *keyring)
 {
 	struct cred *new;
@@ -82,7 +84,7 @@ void ksu_android_ns_fs_check(void)

 struct file *ksu_filp_open_compat(const char *filename, int flags, umode_t mode)
 {
-#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0) || \
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0) ||                           \
 	defined(CONFIG_IS_HW_HISI) || defined(CONFIG_KSU_ALLOWLIST_WORKAROUND)
 	if (init_session_keyring != NULL && !current_cred()->session_keyring &&
 	    (current->flags & PF_WQ_WORKER)) {
@@ -116,7 +118,7 @@ struct file *ksu_filp_open_compat(const char *filename, int flags, umode_t mode)
 ssize_t ksu_kernel_read_compat(struct file *p, void *buf, size_t count,
 			       loff_t *pos)
 {
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 14, 0) || \
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 14, 0) ||                          \
 	defined(KSU_OPTIONAL_KERNEL_READ)
 	return kernel_read(p, buf, count, pos);
 #else
@@ -132,7 +134,7 @@ ssize_t ksu_kernel_read_compat(struct file *p, void *buf, size_t count,
 ssize_t ksu_kernel_write_compat(struct file *p, const void *buf, size_t count,
 				loff_t *pos)
 {
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 14, 0) || \
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 14, 0) ||                          \
 	defined(KSU_OPTIONAL_KERNEL_WRITE)
 	return kernel_write(p, buf, count, pos);
 #else
@@ -145,7 +147,7 @@ ssize_t ksu_kernel_write_compat(struct file *p, const void *buf, size_t count,
 #endif
 }

-#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0) || \
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0) ||                           \
 	defined(KSU_OPTIONAL_STRNCPY)
 long ksu_strncpy_from_user_nofault(char *dst, const void __user *unsafe_addr,
 				   long count)
@@ -239,3 +241,63 @@ long ksu_copy_from_user_nofault(void *dst, const void __user *src, size_t size)
 	return 0;
 #endif
 }
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 0)
+
+struct action_cache {
+	DECLARE_BITMAP(allow_native, SECCOMP_ARCH_NATIVE_NR);
+#ifdef SECCOMP_ARCH_COMPAT
+	DECLARE_BITMAP(allow_compat, SECCOMP_ARCH_COMPAT_NR);
+#endif
+};
+
+struct seccomp_filter {
+	refcount_t refs;
+	refcount_t users;
+	bool log;
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
+	bool wait_killable_recv;
+#endif
+	struct action_cache cache;
+	struct seccomp_filter *prev;
+	struct bpf_prog *prog;
+	struct notification *notif;
+	struct mutex notify_lock;
+	wait_queue_head_t wqh;
+};
+
+void ksu_seccomp_clear_cache(struct seccomp_filter *filter, int nr)
+{
+	if (!filter) {
+		return;
+	}
+
+	if (nr >= 0 && nr < SECCOMP_ARCH_NATIVE_NR) {
+		clear_bit(nr, filter->cache.allow_native);
+	}
+
+#ifdef SECCOMP_ARCH_COMPAT
+	if (nr >= 0 && nr < SECCOMP_ARCH_COMPAT_NR) {
+		clear_bit(nr, filter->cache.allow_compat);
+	}
+#endif
+}
+
+void ksu_seccomp_allow_cache(struct seccomp_filter *filter, int nr)
+{
+	if (!filter) {
+		return;
+	}
+
+	if (nr >= 0 && nr < SECCOMP_ARCH_NATIVE_NR) {
+		set_bit(nr, filter->cache.allow_native);
+	}
+
+#ifdef SECCOMP_ARCH_COMPAT
+	if (nr >= 0 && nr < SECCOMP_ARCH_COMPAT_NR) {
+		set_bit(nr, filter->cache.allow_compat);
+	}
+#endif
+}
+
+#endif