kernel: core_hook: disable seccomp in 5.10.2- for allowed uids (#545)

* kernel: core_hook: disable seccomp in 5.10.2- for allowed uids

we dont have those new fancy things upstream has
lets just do original thing where we disable seccomp

* Update kernel/core_hook.c

* fmt

---------

Co-authored-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
Co-authored-by: Saksham <saksham.mac@icloud.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

kernel/core_hook.c

@@ -561,16 +561,22 @@ int ksu_handle_setuid(struct cred *new, const struct cred *old)
     }
 
     // if on private space, see if its possibly the manager
-    if (new_uid.val > 100000 && new_uid.val % 100000 == ksu_get_manager_uid()) {
+    if (unlikely(new_uid.val > 100000 && new_uid.val % 100000 == ksu_get_manager_uid())) {
         ksu_set_manager_uid(new_uid.val);
     }
 
-    if (ksu_get_manager_uid() == new_uid.val) {
+    if (unlikely(ksu_get_manager_uid() == new_uid.val)) {
         pr_info("install fd for: %d\n", new_uid.val);
 
         ksu_install_fd();
         spin_lock_irq(&current->sighand->siglock);
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 2) // Android backport this feature in 5.10.2
         ksu_seccomp_allow_cache(current->seccomp.filter, __NR_reboot);
+#else
+        // we dont have those new fancy things upstream has
+	    // lets just do original thing where we disable seccomp
+        disable_seccomp();
+#endif
         if (ksu_su_compat_enabled) {
             ksu_set_task_tracepoint_flag(current);
         }
@@ -578,11 +584,17 @@ int ksu_handle_setuid(struct cred *new, const struct cred *old)
         return 0;
     }
 
-    if (ksu_is_allow_uid_for_current(new_uid.val)) {
+    if (unlikely(ksu_is_allow_uid_for_current(new_uid.val))) {
         if (current->seccomp.mode == SECCOMP_MODE_FILTER &&
             current->seccomp.filter) {
             spin_lock_irq(&current->sighand->siglock);
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 2) // Android backport this feature in 5.10.2
             ksu_seccomp_allow_cache(current->seccomp.filter, __NR_reboot);
+#else
+            // we don't have those new fancy things upstream has
+            // lets just do original thing where we disable seccomp
+            disable_seccomp();
+#endif
             spin_unlock_irq(&current->sighand->siglock);
         }
         if (ksu_su_compat_enabled) {

kernel/kernel_compat.c

@@ -95,6 +95,7 @@ long ksu_strncpy_from_user_nofault(char *dst, const void __user *unsafe_addr,
     return strncpy_from_user_nofault(dst, unsafe_addr, count);
 }
 
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 2) // Android backport this feature in 5.10.2
 struct action_cache {
     DECLARE_BITMAP(allow_native, SECCOMP_ARCH_NATIVE_NR);
 #ifdef SECCOMP_ARCH_COMPAT
@@ -150,3 +151,5 @@ void ksu_seccomp_allow_cache(struct seccomp_filter *filter, int nr)
     }
 #endif
 }
+
+#endif

kernel/kernel_compat.h

@@ -48,7 +48,9 @@ static long ksu_copy_from_user_retry(void *to,
     return copy_from_user(to, from, count);
 }
 
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 2) // Android backport this feature in 5.10.2
 extern void ksu_seccomp_clear_cache(struct seccomp_filter *filter, int nr);
 extern void ksu_seccomp_allow_cache(struct seccomp_filter *filter, int nr);
+#endif
 
 #endif