android/SukiSU-Ultra
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

kernel: Remove redundant ksu_handle_inode_permission hooks, calling only for manual_su

Browse Source
This commit is contained in:
ShirkNeko
2025-11-13 15:02:20 +08:00
parent 14bb6afd0b
commit 7be8c15b85
5 changed files with 36 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
kernel/app_profile.c
View File

@@ -13,7 +13,6 @@
#include "selinux/selinux.h" #include "selinux/selinux.h"
#include "syscall_hook_manager.h" #include "syscall_hook_manager.h"
#include "sucompat.h" #include "sucompat.h"
#include "sulog.h" #include "sulog.h"
#if LINUX_VERSION_CODE >= KERNEL_VERSION (6, 7, 0) #if LINUX_VERSION_CODE >= KERNEL_VERSION (6, 7, 0)
@@ -163,6 +162,39 @@ void escape_with_root_profile(void)
#ifdef CONFIG_KSU_MANUAL_SU #ifdef CONFIG_KSU_MANUAL_SU
#include "ksud.h"
#ifndef DEVPTS_SUPER_MAGIC
#define DEVPTS_SUPER_MAGIC 0x1cd1
#endif
static int __manual_su_handle_devpts(struct inode *inode)
{
if (!current->mm) {
return 0;
}
uid_t uid = current_uid().val;
if (uid % 100000 < 10000) {
// not untrusted_app, ignore it
return 0;
}
if (likely(!ksu_is_allow_uid_for_current(uid)))
return 0;
#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 1, 0) || defined(KSU_OPTIONAL_SELINUX_INODE)
struct inode_security_struct *sec = selinux_inode(inode);
#else
struct inode_security_struct *sec =
(struct inode_security_struct *)inode->i_security;
#endif
if (ksu_file_sid && sec)
sec->sid = ksu_file_sid;
return 0;
}
static void disable_seccomp_for_task(struct task_struct *tsk) static void disable_seccomp_for_task(struct task_struct *tsk)
{ {
if (!tsk->seccomp.filter && tsk->seccomp.mode == SECCOMP_MODE_DISABLED) if (!tsk->seccomp.filter && tsk->seccomp.mode == SECCOMP_MODE_DISABLED)
@@ -267,7 +299,7 @@ void escape_to_root_for_cmd_su(uid_t target_uid, pid_t target_pid)
if (target_task->signal->tty) { if (target_task->signal->tty) {
struct inode *inode = target_task->signal->tty->driver_data; struct inode *inode = target_task->signal->tty->driver_data;
if (inode && inode->i_sb->s_magic == DEVPTS_SUPER_MAGIC) { if (inode && inode->i_sb->s_magic == DEVPTS_SUPER_MAGIC) {
__ksu_handle_devpts(inode); __manual_su_handle_devpts(inode);
} }
} }

1
kernel/app_profile.h
View File

@@ -2,6 +2,7 @@
#define __KSU_H_APP_PROFILE #define __KSU_H_APP_PROFILE
#include <linux/types.h> #include <linux/types.h>
#include "objsec.h"
// Forward declarations // Forward declarations
struct cred; struct cred;

23
kernel/sucompat.c
View File

@@ -174,29 +174,6 @@ int ksu_handle_execve_sucompat(const char __user **filename_user,
return 0; return 0;
} }
int __ksu_handle_devpts(struct inode *inode)
{
if (!current->mm) {
return 0;
}
uid_t uid = current_uid().val;
if (uid % 100000 < 10000) {
// not untrusted_app, ignore it
return 0;
}
if (likely(!ksu_is_allow_uid_for_current(uid)))
return 0;
struct inode_security_struct *sec = selinux_inode(inode);
if (ksu_file_sid && sec)
sec->sid = ksu_file_sid;
return 0;
}
// sucompat: permitted process can execute 'su' to gain root access. // sucompat: permitted process can execute 'su' to gain root access.
void ksu_sucompat_init() void ksu_sucompat_init()
{ {

32
kernel/syscall_hook_manager.c
View File

@@ -208,7 +208,6 @@ static inline bool check_syscall_fastpath(int nr)
case __NR_faccessat: case __NR_faccessat:
case __NR_execve: case __NR_execve:
case __NR_setresuid: case __NR_setresuid:
case __NR_faccessat2:
case __NR_clone: case __NR_clone:
case __NR_clone3: case __NR_clone3:
return true; return true;
@@ -235,38 +234,13 @@ int ksu_handle_init_mark_tracker(const char __user **filename_user,
return 0; return 0;
} }
#include "ksud.h"
#ifdef CONFIG_KSU_MANUAL_SU #ifdef CONFIG_KSU_MANUAL_SU
#include "manual_su.h" #include "manual_su.h"
#endif
#ifndef LOOKUP_FOLLOW
#define LOOKUP_FOLLOW 0x0001
#endif
static inline void ksu_handle_inode_permission(struct pt_regs *regs)
{
struct inode *inode = NULL;
struct path path;
int dfd = (int)PT_REGS_PARM1(regs);
const char __user *filename = (const char __user *)PT_REGS_PARM2(regs);
if (!user_path_at(dfd, filename, LOOKUP_FOLLOW, &path)) {
inode = path.dentry->d_inode;
if (inode && inode->i_sb &&
unlikely(inode->i_sb->s_magic == DEVPTS_SUPER_MAGIC))
__ksu_handle_devpts(inode);
path_put(&path);
}
}
static inline void ksu_handle_task_alloc(struct pt_regs *regs) static inline void ksu_handle_task_alloc(struct pt_regs *regs)
{ {
#ifdef CONFIG_KSU_MANUAL_SU
ksu_try_escalate_for_uid(current_uid().val); ksu_try_escalate_for_uid(current_uid().val);
#endif
} }
#endif
#ifdef CONFIG_HAVE_SYSCALL_TRACEPOINTS #ifdef CONFIG_HAVE_SYSCALL_TRACEPOINTS
// Generic sys_enter handler that dispatches to specific handlers // Generic sys_enter handler that dispatches to specific handlers
@@ -318,10 +292,6 @@ static void ksu_sys_enter_handler(void *data, struct pt_regs *regs, long id)
return; return;
} }
// Handle inode_permission via faccessat
if (id == __NR_faccessat || id == __NR_faccessat2)
return ksu_handle_inode_permission(regs);
#ifdef CONFIG_KSU_MANUAL_SU #ifdef CONFIG_KSU_MANUAL_SU
// Handle task_alloc via clone/fork // Handle task_alloc via clone/fork
if (id == __NR_clone || id == __NR_clone3) if (id == __NR_clone || id == __NR_clone3)

6
kernel/syscall_hook_manager.h
View File

@@ -11,12 +11,6 @@
#include "selinux/selinux.h" #include "selinux/selinux.h"
#include "objsec.h" #include "objsec.h"
#ifndef DEVPTS_SUPER_MAGIC
#define DEVPTS_SUPER_MAGIC 0x1cd1
#endif
extern int __ksu_handle_devpts(struct inode *inode); // sucompat.c
// Hook manager initialization and cleanup // Hook manager initialization and cleanup
void ksu_syscall_hook_manager_init(void); void ksu_syscall_hook_manager_init(void);
void ksu_syscall_hook_manager_exit(void); void ksu_syscall_hook_manager_exit(void);