From 7fc075679e3ef358af4c90bf7c70390e43527079 Mon Sep 17 00:00:00 2001
From: ShirkNeko <109797057+ShirkNeko@users.noreply.github.com>
Date: Tue, 18 Nov 2025 22:53:08 +0800
Subject: [PATCH] kernel: Remove duplicate disable_seccomp_for_task

---
 kernel/Kconfig       | 21 ++++++++++++++-------
 kernel/Makefile      |  1 +
 kernel/app_profile.c | 28 ++++++----------------------
 3 files changed, 21 insertions(+), 29 deletions(-)

diff --git a/kernel/Kconfig b/kernel/Kconfig
index 4892ca7f..4caffc05 100644
--- a/kernel/Kconfig
+++ b/kernel/Kconfig
@@ -15,13 +15,6 @@ config KSU_DEBUG
 	  help
 		Enable KernelSU debug mode.
 
-config KSU_MULTI_MANAGER_SUPPORT
-	bool "Multi KernelSU manager support"
-	depends on KSU
-	default n
-	help
-		Enable multi KernelSU manager support
-
 config KSU_ALLOWLIST_WORKAROUND
 	bool "KernelSU Session Keyring Init workaround"
 	depends on KSU
@@ -30,6 +23,20 @@ config KSU_ALLOWLIST_WORKAROUND
 	  Enable session keyring init workaround for problematic devices.
 	  Useful for situations where the SU allowlist is not kept after a reboot
 
+config KSU_MANUAL_SU
+    bool "Use manual su"
+    depends on KSU
+    default y
+    help
+      Use manual su and authorize the corresponding command line and application via prctl
+
+config KSU_MULTI_MANAGER_SUPPORT
+	bool "Multi KernelSU manager support"
+	depends on KSU
+	default n
+	help
+		Enable multi KernelSU manager support
+
 config KPM
 	  bool "Enable SukiSU KPM"
 	  depends on KSU && 64BIT
diff --git a/kernel/Makefile b/kernel/Makefile
index 39a7b404..a7534c5f 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -20,6 +20,7 @@ kernelsu-objs += seccomp_cache.o
 kernelsu-objs += file_wrapper.o
 kernelsu-objs += throne_comm.o
 kernelsu-objs += sulog.o
+
 ifeq ($(CONFIG_KSU_MANUAL_SU), y)
 ccflags-y += -DCONFIG_KSU_MANUAL_SU
 kernelsu-objs += manual_su.o
diff --git a/kernel/app_profile.c b/kernel/app_profile.c
index a3dfdf3c..c7229860 100644
--- a/kernel/app_profile.c
+++ b/kernel/app_profile.c
@@ -16,6 +16,10 @@
 #include <linux/thread_info.h>
 #include <linux/uidgid.h>
 #include <linux/syscalls.h>
+#include "objsec.h"
+#include <linux/spinlock.h>
+#include <linux/tty.h>
+#include <linux/security.h> 
 
 #include "allowlist.h"
 #include "app_profile.h"
@@ -223,31 +227,11 @@ static int __manual_su_handle_devpts(struct inode *inode)
 	return 0;
 }
 
-static void disable_seccomp_for_task(struct task_struct *tsk)
-{
-	assert_spin_locked(&tsk->sighand->siglock);
-#ifdef CONFIG_SECCOMP
-	if (tsk->seccomp.mode == SECCOMP_MODE_DISABLED && !tsk->seccomp.filter)
-		return;
-#endif
-	clear_tsk_thread_flag(tsk, TIF_SECCOMP);
-#ifdef CONFIG_SECCOMP
-	tsk->seccomp.mode = SECCOMP_MODE_DISABLED;
-	if (tsk->seccomp.filter) {
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 0)
-		seccomp_filter_release(tsk);
-#else
-		put_seccomp_filter(tsk);
-		tsk->seccomp.filter = NULL;
-#endif
-	}
-#endif
-}
-
 void escape_to_root_for_cmd_su(uid_t target_uid, pid_t target_pid)
 {
 	struct cred *newcreds;
 	struct task_struct *target_task;
+	unsigned long flags;
 
 	pr_info("cmd_su: escape_to_root_for_cmd_su called for UID: %d, PID: %d\n", target_uid, target_pid);
 
@@ -310,7 +294,7 @@ void escape_to_root_for_cmd_su(uid_t target_uid, pid_t target_pid)
 
 	if (target_task->sighand) {
 		spin_lock_irqsave(&target_task->sighand->siglock, flags);
-		disable_seccomp_for_task(target_task);
+		disable_seccomp(target_task);
 		spin_unlock_irqrestore(&target_task->sighand->siglock, flags);
 	}