android/SukiSU-Ultra
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

kernel: Remove duplicate disable_seccomp_for_task

Browse Source
This commit is contained in:
ShirkNeko
2025-11-18 22:53:08 +08:00
parent 118fcf507a
commit 7fc075679e
3 changed files with 21 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
kernel/Kconfig
View File

@@ -15,13 +15,6 @@ config KSU_DEBUG
help help
Enable KernelSU debug mode. Enable KernelSU debug mode.
config KSU_MULTI_MANAGER_SUPPORT
bool "Multi KernelSU manager support"
depends on KSU
default n
help
Enable multi KernelSU manager support
config KSU_ALLOWLIST_WORKAROUND config KSU_ALLOWLIST_WORKAROUND
bool "KernelSU Session Keyring Init workaround" bool "KernelSU Session Keyring Init workaround"
depends on KSU depends on KSU
@@ -30,6 +23,20 @@ config KSU_ALLOWLIST_WORKAROUND
Enable session keyring init workaround for problematic devices. Enable session keyring init workaround for problematic devices.
Useful for situations where the SU allowlist is not kept after a reboot Useful for situations where the SU allowlist is not kept after a reboot
config KSU_MANUAL_SU
bool "Use manual su"
depends on KSU
default y
help
Use manual su and authorize the corresponding command line and application via prctl
config KSU_MULTI_MANAGER_SUPPORT
bool "Multi KernelSU manager support"
depends on KSU
default n
help
Enable multi KernelSU manager support
config KPM config KPM
bool "Enable SukiSU KPM" bool "Enable SukiSU KPM"
depends on KSU && 64BIT depends on KSU && 64BIT

1
kernel/Makefile
View File

@@ -20,6 +20,7 @@ kernelsu-objs += seccomp_cache.o
kernelsu-objs += file_wrapper.o kernelsu-objs += file_wrapper.o
kernelsu-objs += throne_comm.o kernelsu-objs += throne_comm.o
kernelsu-objs += sulog.o kernelsu-objs += sulog.o
ifeq ($(CONFIG_KSU_MANUAL_SU), y) ifeq ($(CONFIG_KSU_MANUAL_SU), y)
ccflags-y += -DCONFIG_KSU_MANUAL_SU ccflags-y += -DCONFIG_KSU_MANUAL_SU
kernelsu-objs += manual_su.o kernelsu-objs += manual_su.o

28
kernel/app_profile.c
View File

@@ -16,6 +16,10 @@
#include <linux/thread_info.h> #include <linux/thread_info.h>
#include <linux/uidgid.h> #include <linux/uidgid.h>
#include <linux/syscalls.h> #include <linux/syscalls.h>
#include "objsec.h"
#include <linux/spinlock.h>
#include <linux/tty.h>
#include <linux/security.h>
#include "allowlist.h" #include "allowlist.h"
#include "app_profile.h" #include "app_profile.h"
@@ -223,31 +227,11 @@ static int __manual_su_handle_devpts(struct inode *inode)
return 0; return 0;
} }
static void disable_seccomp_for_task(struct task_struct *tsk)
{
assert_spin_locked(&tsk->sighand->siglock);
#ifdef CONFIG_SECCOMP
if (tsk->seccomp.mode == SECCOMP_MODE_DISABLED && !tsk->seccomp.filter)
return;
#endif
clear_tsk_thread_flag(tsk, TIF_SECCOMP);
#ifdef CONFIG_SECCOMP
tsk->seccomp.mode = SECCOMP_MODE_DISABLED;
if (tsk->seccomp.filter) {
#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 0)
seccomp_filter_release(tsk);
#else
put_seccomp_filter(tsk);
tsk->seccomp.filter = NULL;
#endif
}
#endif
}
void escape_to_root_for_cmd_su(uid_t target_uid, pid_t target_pid) void escape_to_root_for_cmd_su(uid_t target_uid, pid_t target_pid)
{ {
struct cred *newcreds; struct cred *newcreds;
struct task_struct *target_task; struct task_struct *target_task;
unsigned long flags;
pr_info("cmd_su: escape_to_root_for_cmd_su called for UID: %d, PID: %d\n", target_uid, target_pid); pr_info("cmd_su: escape_to_root_for_cmd_su called for UID: %d, PID: %d\n", target_uid, target_pid);
@@ -310,7 +294,7 @@ void escape_to_root_for_cmd_su(uid_t target_uid, pid_t target_pid)
if (target_task->sighand) { if (target_task->sighand) {
spin_lock_irqsave(&target_task->sighand->siglock, flags); spin_lock_irqsave(&target_task->sighand->siglock, flags);
disable_seccomp_for_task(target_task); disable_seccomp(target_task);
spin_unlock_irqrestore(&target_task->sighand->siglock, flags); spin_unlock_irqrestore(&target_task->sighand->siglock, flags);
} }