From 85bb10341a7f25a4251787390db9128a9e5fcb64 Mon Sep 17 00:00:00 2001 From: ShirkNeko <109797057+ShirkNeko@users.noreply.github.com> Date: Sun, 23 Nov 2025 23:21:26 +0800 Subject: [PATCH] Deprecated ADD_TRY_UMOUNT in favor of official kernel_umount; Synced with the latest commit of official KernelSU main repo - Since official KSU has exposed kernel_umount API and provided meta module for handling mount operations, susfs can finally handover try_umount and auto add_try_umount to KSU and its meta module - Synced with upstream, see https://github.com/tiann/KernelSU/commit/e1e58ed737159bb146742353ec910642eefc885a Co-authored-by: simonpunk --- kernel/Kconfig | 8 -------- kernel/allowlist.h | 2 ++ kernel/kernel_umount.c | 20 ++++++-------------- kernel/kernel_umount.h | 2 -- kernel/selinux/rules.c | 2 +- kernel/setuid_hook.c | 13 ------------- kernel/supercalls.c | 17 ++++++++--------- 7 files changed, 17 insertions(+), 47 deletions(-) diff --git a/kernel/Kconfig b/kernel/Kconfig index a2d6469a..00f0e2cc 100644 --- a/kernel/Kconfig +++ b/kernel/Kconfig @@ -93,14 +93,6 @@ config KSU_SUSFS_SUS_KSTAT - Allow spoofing the kstat of user-defined file/directory. - Effective only on zygote spawned user app process. -config KSU_SUSFS_TRY_UMOUNT - bool "Enable to use ksu's try_umount" - depends on KSU_SUSFS - default y - help - - Allow using try_umount to umount other user-defined mount paths prior to ksu's default umount paths. - - Effective only on zygote spawned umounted user app process. - config KSU_SUSFS_SPOOF_UNAME bool "Enable to spoof uname" depends on KSU_SUSFS diff --git a/kernel/allowlist.h b/kernel/allowlist.h index d6066fd1..cb28b3ce 100644 --- a/kernel/allowlist.h +++ b/kernel/allowlist.h @@ -39,6 +39,7 @@ bool ksu_set_app_profile(struct app_profile *, bool persist); bool ksu_uid_should_umount(uid_t uid); struct root_profile *ksu_get_root_profile(uid_t uid); +#ifndef CONFIG_KSU_SUSFS static inline bool is_appuid(uid_t uid) { uid_t appid = uid % PER_USER_RANGE; @@ -50,6 +51,7 @@ static inline bool is_isolated_process(uid_t uid) uid_t appid = uid % PER_USER_RANGE; return appid >= FIRST_ISOLATED_UID && appid <= LAST_ISOLATED_UID; } +#endif // #ifndef CONFIG_KSU_SUSFS #ifdef CONFIG_KSU_MANUAL_SU bool ksu_temp_grant_root_once(uid_t uid); diff --git a/kernel/kernel_umount.c b/kernel/kernel_umount.c index 57faec8d..793dc2e3 100644 --- a/kernel/kernel_umount.c +++ b/kernel/kernel_umount.c @@ -27,11 +27,7 @@ #include "sulog.h" -#ifndef CONFIG_KSU_SUSFS static bool ksu_kernel_umount_enabled = true; -#else -bool ksu_kernel_umount_enabled = true; -#endif static int kernel_umount_feature_get(u64 *value) { @@ -93,11 +89,7 @@ static void ksu_sys_umount(const char *mnt, int flags) #endif -#ifndef CONFIG_KSU_SUSFS_TRY_UMOUNT static void try_umount(const char *mnt, int flags) -#else -void try_umount(const char *mnt, int flags) -#endif // #ifndef CONFIG_KSU_SUSFS_TRY_UMOUNT { struct path path; int err = kern_path(mnt, 0, &path); @@ -115,7 +107,6 @@ void try_umount(const char *mnt, int flags) } -#if !defined(CONFIG_KSU_SUSFS) || !defined(CONFIG_KSU_SUSFS_TRY_UMOUNT) struct umount_tw { struct callback_head cb; const struct cred *old_cred; @@ -150,7 +141,6 @@ int ksu_handle_umount(uid_t old_uid, uid_t new_uid) { struct umount_tw *tw; -#if defined(CONFIG_KSU_SUSFS) || !defined(CONFIG_KSU_SUSFS_TRY_UMOUNT) // if there isn't any module mounted, just ignore it! if (!ksu_module_mounted) { return 0; @@ -160,6 +150,7 @@ int ksu_handle_umount(uid_t old_uid, uid_t new_uid) return 0; } +#ifndef CONFIG_KSU_SUSFS // There are 5 scenarios: // 1. Normal app: zygote -> appuid // 2. Isolated process forked from zygote: zygote -> isolated_process @@ -183,12 +174,14 @@ int ksu_handle_umount(uid_t old_uid, uid_t new_uid) pr_info("handle umount ignore non zygote child: %d\n", current->pid); return 0; } +#endif // #ifndef CONFIG_KSU_SUSFS + + // umount the target mnt + pr_info("handle umount for uid: %d, pid: %d\n", new_uid, current->pid); + #if __SULOG_GATE ksu_sulog_report_syscall(new_uid, NULL, "setuid", NULL); #endif -#endif // #if defined(CONFIG_KSU_SUSFS) || !defined(CONFIG_KSU_SUSFS_TRY_UMOUNT) - // umount the target mnt - pr_info("handle umount for uid: %d, pid: %d\n", new_uid, current->pid); tw = kzalloc(sizeof(*tw), GFP_ATOMIC); if (!tw) @@ -208,7 +201,6 @@ int ksu_handle_umount(uid_t old_uid, uid_t new_uid) return 0; } -#endif // #if !defined(CONFIG_KSU_SUSFS) || !defined(CONFIG_KSU_SUSFS_TRY_UMOUNT) void ksu_kernel_umount_init(void) { diff --git a/kernel/kernel_umount.h b/kernel/kernel_umount.h index ba37ed59..46486f8e 100644 --- a/kernel/kernel_umount.h +++ b/kernel/kernel_umount.h @@ -8,10 +8,8 @@ void ksu_kernel_umount_init(void); void ksu_kernel_umount_exit(void); -#if !defined(CONFIG_KSU_SUSFS) || !defined(CONFIG_KSU_SUSFS_TRY_UMOUNT) // Handler function to be called from setresuid hook int ksu_handle_umount(uid_t old_uid, uid_t new_uid); -#endif // #if !defined(CONFIG_KSU_SUSFS) || !defined(CONFIG_KSU_SUSFS_TRY_UMOUNT) // for the umount list struct mount_entry { diff --git a/kernel/selinux/rules.c b/kernel/selinux/rules.c index 07a8bee7..530d6309 100644 --- a/kernel/selinux/rules.c +++ b/kernel/selinux/rules.c @@ -141,7 +141,7 @@ void apply_kernelsu_rules(void) #ifdef CONFIG_KSU_SUSFS // Allow umount in zygote process without installing zygisk - ksu_allow(db, "zygote", "labeledfs", "filesystem", "unmount"); + // ksu_allow(db, "zygote", "labeledfs", "filesystem", "unmount"); susfs_set_priv_app_sid(); susfs_set_init_sid(); susfs_set_ksu_sid(); diff --git a/kernel/setuid_hook.c b/kernel/setuid_hook.c index 3aae8043..68a52507 100644 --- a/kernel/setuid_hook.c +++ b/kernel/setuid_hook.c @@ -68,9 +68,6 @@ extern void susfs_run_sus_path_loop(uid_t uid); extern bool susfs_is_umount_for_zygote_iso_service_enabled; extern void susfs_reorder_mnt_id(void); #endif // #ifdef CONFIG_KSU_SUSFS_SUS_MOUNT -#ifdef CONFIG_KSU_SUSFS_TRY_UMOUNT -extern void susfs_try_umount(uid_t uid); -#endif #endif // #ifdef CONFIG_KSU_SUSFS static bool ksu_enhanced_security_enabled = false; @@ -297,19 +294,9 @@ int ksu_handle_setresuid(uid_t ruid, uid_t euid, uid_t suid){ return 0; do_umount: -#ifndef CONFIG_KSU_SUSFS_TRY_UMOUNT - if (!ksu_kernel_umount_enabled || !ksu_module_mounted) { - goto skip_ksu_handle_umount; - - } // Handle kernel umount ksu_handle_umount(old_uid, new_uid); -skip_ksu_handle_umount: -#else - susfs_try_umount(new_uid); -#endif // #ifndef CONFIG_KSU_SUSFS_TRY_UMOUNT - get_task_struct(current); #ifdef CONFIG_KSU_SUSFS_SUS_MOUNT diff --git a/kernel/supercalls.c b/kernel/supercalls.c index cf372291..edecc3b3 100644 --- a/kernel/supercalls.c +++ b/kernel/supercalls.c @@ -470,7 +470,8 @@ static int do_manage_mark(void __user *arg) cmd.result = (u32)ret; break; #else - return -EINVAL; + cmd.result = 0; + break; #endif } case KSU_MARK_MARK: { @@ -486,7 +487,9 @@ static int do_manage_mark(void __user *arg) } } #else - pr_info("susfs: cmd: KSU_MARK_MARK => do nothing\n"); + if (cmd.pid != 0) { + return 0; + } #endif break; } @@ -503,7 +506,9 @@ static int do_manage_mark(void __user *arg) } } #else - pr_info("susfs: cmd: KSU_MARK_UNMARK => do nothing\n"); + if (cmd.pid != 0) { + return 0; + } #endif break; } @@ -1024,12 +1029,6 @@ int ksu_handle_sys_reboot(int magic1, int magic2, unsigned int cmd, void __user return 0; } #endif //#ifdef CONFIG_KSU_SUSFS_SUS_KSTAT -#ifdef CONFIG_KSU_SUSFS_TRY_UMOUNT - if (cmd == CMD_SUSFS_ADD_TRY_UMOUNT) { - susfs_add_try_umount(arg); - return 0; - } -#endif //#ifdef CONFIG_KSU_SUSFS_TRY_UMOUNT #ifdef CONFIG_KSU_SUSFS_SPOOF_UNAME if (cmd == CMD_SUSFS_SET_UNAME) { susfs_set_uname(arg);