fix lot (#518)

* refact: use feature subsystem * use 64bit feature * fix * add fixme * add feature max to get_info * use 32bit feature id * allow root to get/set feature * more clean perm_check functions * fix * add feature command to ksud kernel: do not expose perm checker * fix security_task_fix_setuid_handler_pre * add android16-6.12 ci * manager: add kernel_umount switch Co-authored-by: YuKongA <70465933+YuKongA@users.noreply.github.com> * manager: Reinstate the LKM selection function * kernel: add name and print command value - Optimise sulog log display Co-authored-by: Ylarod <me@ylarod.cn> Co-authored-by: ShirkNeko <109797057+ShirkNeko@users.noreply.github.com> * fix * ksud: clippy --------- Co-authored-by: Ylarod <me@ylarod.cn> Co-authored-by: YuKongA <70465933+YuKongA@users.noreply.github.com> Co-authored-by: weishu <twsxtd@gmail.com>
2025-11-03 00:07:36 +08:00
parent 589ac304d3
commit 6b62e897ce
8 changed files with 443 additions and 119 deletions
--- a/kernel/core_hook.c
+++ b/kernel/core_hook.c
@@ -50,6 +50,7 @@
 #include "allowlist.h"
 #include "arch.h"
 #include "core_hook.h"
+#include "feature.h"
 #include "klog.h" // IWYU pragma: keep
 #include "ksu.h"
 #include "ksud.h"
@@ -178,6 +179,29 @@ struct ksu_umount_work {
    struct mnt_namespace *mnt_ns;
 };

+static bool ksu_kernel_umount_enabled = true;
+
+static int kernel_umount_feature_get(u64 *value)
+{
+    *value = ksu_kernel_umount_enabled ? 1 : 0;
+    return 0;
+}
+
+static int kernel_umount_feature_set(u64 value)
+{
+    bool enable = value != 0;
+    ksu_kernel_umount_enabled = enable;
+    pr_info("kernel_umount: set to %d\n", enable);
+    return 0;
+}
+
+static const struct ksu_feature_handler kernel_umount_handler = {
+    .feature_id = KSU_FEATURE_KERNEL_UMOUNT,
+    .name = "kernel_umount",
+    .get_handler = kernel_umount_feature_get,
+    .set_handler = kernel_umount_feature_set,
+};
+
 static inline bool is_allow_su(void)
 {
    if (is_manager()) {
@@ -1007,8 +1031,8 @@ static void do_umount_work(struct work_struct *work)
    try_umount("/apex/com.android.art/bin/dex2oat64", false, MNT_DETACH, uid);
    try_umount("/apex/com.android.art/bin/dex2oat32", false, MNT_DETACH, uid);

+    // fixme: dec refcount
    current->nsproxy->mnt_ns = old_mnt_ns;
-    put_mnt_ns(umount_work->mnt_ns);

    kfree(umount_work);
 }
@@ -1052,6 +1076,10 @@ int ksu_handle_setuid(struct cred *new, const struct cred *old)
        return 0;
    }

+    if (!ksu_kernel_umount_enabled) {
+        return 0;
+    }
+
    // We only interest in process spwaned by zygote
    if (!susfs_is_sid_equal(old->security, susfs_zygote_sid)) {
        return 0;
@@ -1165,6 +1193,10 @@ int ksu_handle_setuid(struct cred *new, const struct cred *old)
        return 0;
    }

+    if (!ksu_kernel_umount_enabled) {
+        return 0;
+    }
+
    if (!ksu_uid_should_umount(new_uid.val)) {
        return 0;
    } else {
@@ -1199,8 +1231,8 @@ int ksu_handle_setuid(struct cred *new, const struct cred *old)
        return 0;
    }

+    // fixme: inc refcount
    umount_work->mnt_ns = current->nsproxy->mnt_ns;
-    get_mnt_ns(umount_work->mnt_ns);

    INIT_WORK(&umount_work->work, do_umount_work);