From 710edb72fabcdbd80a861f44195d3e51657db7ab Mon Sep 17 00:00:00 2001
From: weishu <twsxtd@gmail.com>
Date: Tue, 6 Jun 2023 11:08:48 +0800
Subject: [PATCH] kernel: prevent root process to exec su, which makes app can
 escape root profile by exec it twice

---
 kernel/core_hook.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/kernel/core_hook.c b/kernel/core_hook.c
index 20b4eb40..ba1d2db4 100644
--- a/kernel/core_hook.c
+++ b/kernel/core_hook.c
@@ -60,6 +60,10 @@ void escape_to_root(void)
 
 	cred = (struct cred *)__task_cred(current);
 
+	if (cred->euid.val == 0) {
+		pr_warn("Already root, don't escape!\n");
+		return;
+	}
 	struct root_profile *profile = ksu_get_root_profile(cred->uid.val);
 
 	cred->uid.val = profile->uid;