android/SukiSU-Ultra
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Attempt to refactor and migrate inode_permission, bprm_check_security, and task_alloc entirely to syscall_hook_manager

Browse Source 
kernel: fix build
This commit is contained in:
ShirkNeko
2025-11-09 04:35:29 +08:00
parent af4b502631
commit 86cd05e206
14 changed files with 237 additions and 303 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
kernel/Makefile
View File

@@ -7,9 +7,8 @@ kernelsu-objs += sucompat.o
kernelsu-objs += syscall_hook_manager.o
kernelsu-objs += throne_tracker.o
kernelsu-objs += pkg_observer.o
kernelsu-objs += umount_manager.o
kernelsu-objs += kprobe_hook_manager.o
kernelsu-objs += setuid_hook.o
kernelsu-objs += kernel_compat.o
kernelsu-objs += kernel_umount.o
kernelsu-objs += supercalls.o
kernelsu-objs += feature.o

2
kernel/app_profile.c
View File

@@ -15,8 +15,6 @@
#include "sucompat.h"
#include "sulog.h"
#include "kprobe_hook_manager.h"
#if LINUX_VERSION_CODE >= KERNEL_VERSION (6, 7, 0)
static struct group_info root_groups = { .usage = REFCOUNT_INIT(2), };

108
kernel/kernel_umount.c
View File

@@ -1,6 +1,7 @@
#include <linux/sched.h>
#include <linux/slab.h>
#include <linux/task_work.h>
#include <linux/version.h>
#include <linux/cred.h>
#include <linux/fs.h>
#include <linux/mount.h>
@@ -10,6 +11,11 @@
#include <linux/printk.h>
#include <linux/types.h>
#ifdef CONFIG_KSU_SUSFS
#include <linux/susfs.h>
#include <linux/susfs_def.h>
#endif // #ifdef CONFIG_KSU_SUSFS
#include "kernel_umount.h"
#include "klog.h" // IWYU pragma: keep
#include "allowlist.h"
@@ -17,6 +23,13 @@
#include "feature.h"
#include "ksud.h"
#ifdef CONFIG_KSU_SUSFS
extern bool susfs_is_mnt_devname_ksu(struct path *path);
#ifdef CONFIG_KSU_SUSFS_ENABLE_LOG
extern bool susfs_is_log_enabled __read_mostly;
#endif // #ifdef CONFIG_KSU_SUSFS_ENABLE_LOG
#endif // #ifdef CONFIG_KSU_SUSFS
static bool ksu_kernel_umount_enabled = true;
static int kernel_umount_feature_get(u64 *value)
@@ -50,27 +63,61 @@ static bool should_umount(struct path *path)
pr_info("ignore global mnt namespace process: %d\n", current_uid().val);
return false;
}
#ifdef CONFIG_KSU_SUSFS
return susfs_is_mnt_devname_ksu(path);
#else
if (path->mnt && path->mnt->mnt_sb && path->mnt->mnt_sb->s_type) {
const char *fstype = path->mnt->mnt_sb->s_type->name;
return strcmp(fstype, "overlay") == 0;
}
return false;
#endif
}
extern int path_umount(struct path *path, int flags);
static void ksu_umount_mnt(struct path *path, int flags)
#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 9, 0) || defined(KSU_HAS_PATH_UMOUNT)
static int ksu_path_umount(struct path *path, int flags)
{
int err = path_umount(path, flags);
if (err) {
pr_info("umount %s failed: %d\n", path->dentry->d_iname, err);
return path_umount(path, flags);
}
#define ksu_umount_mnt(__unused, path, flags) (ksu_path_umount(path, flags))
#else
// TODO: Search a way to make this works without set_fs functions
static int ksu_sys_umount(const char *mnt, int flags)
{
char __user *usermnt = (char __user *)mnt;
mm_segment_t old_fs;
int ret; // although asmlinkage long
old_fs = get_fs();
set_fs(KERNEL_DS);
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0)
ret = ksys_umount(usermnt, flags);
#else
ret = sys_umount(usermnt, flags); // cuz asmlinkage long sys##name
#endif
set_fs(old_fs);
pr_info("%s was called, ret: %d\n", __func__, ret);
return ret;
}
static void try_umount(const char *mnt, bool check_mnt, int flags)
#define ksu_umount_mnt(mnt, __unused, flags) \
({ \
int ret; \
path_put(__unused); \
ret = ksu_sys_umount(mnt, flags); \
ret; \
})
#endif
#ifdef CONFIG_KSU_SUSFS_TRY_UMOUNT
void try_umount(const char *mnt, bool check_mnt, int flags, uid_t uid)
#else
void try_umount(const char *mnt, bool check_mnt, int flags)
#endif
{
struct path path;
int ret;
int err = kern_path(mnt, 0, &path);
if (err) {
return;
@@ -88,8 +135,45 @@ static void try_umount(const char *mnt, bool check_mnt, int flags)
return;
}
ksu_umount_mnt(&path, flags);
#if defined(CONFIG_KSU_SUSFS_TRY_UMOUNT) && defined(CONFIG_KSU_SUSFS_ENABLE_LOG)
if (susfs_is_log_enabled) {
pr_info("susfs: umounting '%s' for uid: %d\n", mnt, uid);
}
#endif
ret = ksu_umount_mnt(mnt, &path, flags);
if (ret) {
#ifdef CONFIG_KSU_DEBUG
pr_info("%s: path: %s, ret: %d\n", __func__, mnt, ret);
#endif
}
}
#ifdef CONFIG_KSU_SUSFS_TRY_UMOUNT
void susfs_try_umount_all(uid_t uid) {
susfs_try_umount(uid);
/* For Legacy KSU only */
try_umount("/odm", true, 0, uid);
try_umount("/system", true, 0, uid);
try_umount("/vendor", true, 0, uid);
try_umount("/product", true, 0, uid);
try_umount("/system_ext", true, 0, uid);
// - For '/data/adb/modules' we pass 'false' here because it is a loop device that we can't determine whether
// its dev_name is KSU or not, and it is safe to just umount it if it is really a mountpoint
try_umount("/data/adb/modules", false, MNT_DETACH, uid);
try_umount("/data/adb/kpm", false, MNT_DETACH, uid);
/* For both Legacy KSU and Magic Mount KSU */
try_umount("/debug_ramdisk", true, MNT_DETACH, uid);
try_umount("/sbin", false, MNT_DETACH, uid);
// try umount hosts file
try_umount("/system/etc/hosts", false, MNT_DETACH, uid);
// try umount lsposed dex2oat bins
try_umount("/apex/com.android.art/bin/dex2oat64", false, MNT_DETACH, uid);
try_umount("/apex/com.android.art/bin/dex2oat32", false, MNT_DETACH, uid);
}
#endif
struct umount_tw {
struct callback_head cb;
@@ -171,6 +255,7 @@ static void umount_tw_func(struct callback_head *cb)
kfree(tw);
}
#endif
static inline bool is_appuid(uid_t uid)
{
@@ -249,11 +334,6 @@ int ksu_handle_umount(uid_t old_uid, uid_t new_uid)
void ksu_kernel_umount_init(void)
{
int rc = 0;
rc = ksu_umount_manager_init();
if (rc) {
pr_err("Failed to initialize umount manager: %d\n", rc);
}
if (ksu_register_feature_handler(&kernel_umount_handler)) {
pr_err("Failed to register kernel_umount feature handler\n");
}

4
kernel/kernel_umount.h
View File

@@ -6,6 +6,10 @@
void ksu_kernel_umount_init(void);
void ksu_kernel_umount_exit(void);
#ifdef CONFIG_KSU_SUSFS_TRY_UMOUNT
void susfs_try_umount_all(uid_t uid);
#endif
// Handler function to be called from setresuid hook
int ksu_handle_umount(uid_t old_uid, uid_t new_uid);

163
kernel/kprobe_hook_manager.c
View File

@@ -1,163 +0,0 @@
#include "kprobe_hook_manager.h"
#include <linux/err.h>
#include <linux/slab.h>
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/kprobes.h>
#include <linux/sched.h>
#include <linux/uidgid.h>
#include "arch.h"
#include "klog.h"
#include "ksud.h"
#ifdef CONFIG_KSU_MANUAL_SU
#include "manual_su.h"
#endif
#ifdef CONFIG_COMPAT
bool ksu_is_compat __read_mostly = false;
#endif
#ifdef CONFIG_KSU_MANUAL_SU
static void ksu_try_escalate_for_uid(uid_t uid)
{
if (!is_pending_root(uid))
return;
pr_info("pending_root: UID=%d temporarily allowed\n", uid);
remove_pending_root(uid);
}
#endif
// inode_permission hook for handling devpts
static int ksu_inode_permission_handler_pre(struct kprobe *p, struct pt_regs *regs)
{
struct inode *inode = (struct inode *)PT_REGS_PARM1(regs);
if (inode && inode->i_sb && unlikely(inode->i_sb->s_magic == DEVPTS_SUPER_MAGIC)) {
// pr_info("%s: handling devpts for: %s \n", __func__, current->comm);
__ksu_handle_devpts(inode);
}
return 0;
}
static struct kprobe ksu_inode_permission_kp = {
.symbol_name = "security_inode_permission",
.pre_handler = ksu_inode_permission_handler_pre,
};
// bprm_check_security hook for handling ksud compatibility
static int ksu_bprm_check_handler_pre(struct kprobe *p, struct pt_regs *regs)
{
struct linux_binprm *bprm = (struct linux_binprm *)PT_REGS_PARM1(regs);
char *filename = (char *)bprm->filename;
if (likely(!ksu_execveat_hook))
return 0;
#ifdef CONFIG_COMPAT
static bool compat_check_done __read_mostly = false;
if (unlikely(!compat_check_done) && unlikely(!strcmp(filename, "/data/adb/ksud"))
&& !memcmp(bprm->buf, "\x7f\x45\x4c\x46", 4)) {
if (bprm->buf[4] == 0x01)
ksu_is_compat = true;
pr_info("%s: %s ELF magic found! ksu_is_compat: %d \n", __func__, filename, ksu_is_compat);
compat_check_done = true;
}
#endif
ksu_handle_pre_ksud(filename);
#ifdef CONFIG_KSU_MANUAL_SU
ksu_try_escalate_for_uid(current_uid().val);
#endif
return 0;
}
static struct kprobe ksu_bprm_check_kp = {
.symbol_name = "security_bprm_check",
.pre_handler = ksu_bprm_check_handler_pre,
};
#ifdef CONFIG_KSU_MANUAL_SU
// task_alloc hook for handling manual su escalation
static int ksu_task_alloc_handler_pre(struct kprobe *p, struct pt_regs *regs)
{
struct task_struct *task = (struct task_struct *)PT_REGS_PARM1(regs);
ksu_try_escalate_for_uid(task_uid(task).val);
return 0;
}
static struct kprobe ksu_task_alloc_kp = {
.symbol_name = "security_task_alloc",
.pre_handler = ksu_task_alloc_handler_pre,
};
#endif
__maybe_unused int ksu_kprobe_init(void)
{
int rc = 0;
// Register inode_permission kprobe
rc = register_kprobe(&ksu_inode_permission_kp);
if (rc) {
pr_err("inode_permission kprobe failed: %d\n", rc);
} else {
pr_info("inode_permission kprobe registered successfully\n");
}
// Register bprm_check_security kprobe
rc = register_kprobe(&ksu_bprm_check_kp);
if (rc) {
pr_err("bprm_check_security kprobe failed: %d\n", rc);
} else {
pr_info("bprm_check_security kprobe registered successfully\n");
}
#ifdef CONFIG_KSU_MANUAL_SU
// Register task_alloc kprobe
rc = register_kprobe(&ksu_task_alloc_kp);
if (rc) {
pr_err("task_alloc kprobe failed: %d\n", rc);
} else {
pr_info("task_alloc kprobe registered successfully\n");
}
#endif
return 0;
}
__maybe_unused int ksu_kprobe_exit(void)
{
unregister_kprobe(&ksu_inode_permission_kp);
unregister_kprobe(&ksu_bprm_check_kp);
#ifdef CONFIG_KSU_MANUAL_SU
unregister_kprobe(&ksu_task_alloc_kp);
#endif
return 0;
}
void ksu_kprobe_hook_init(void)
{
int rc = 0;
#ifdef CONFIG_KPROBES
rc = ksu_kprobe_init();
if (rc) {
pr_err("ksu_kprobe_init failed: %d\n", rc);
}
#endif
}
void ksu_kprobe_hook_exit(void)
{
#ifdef CONFIG_KPROBES
pr_info("ksu_core_exit\n");
ksu_kprobe_exit();
#endif
}

23
kernel/kprobe_hook_manager.h
View File

@@ -1,23 +0,0 @@
#ifndef __KSU_H_KSU_KBROBES_HOOK_MANAGER
#define __KSU_H_KSU_KBROBES_HOOK_MANAGER
#include <linux/init.h>
#include <linux/version.h>
#include <linux/binfmts.h>
#include <linux/tty.h>
#include <linux/fs.h>
#include "selinux/selinux.h"
#include "objsec.h"
#ifndef DEVPTS_SUPER_MAGIC
#define DEVPTS_SUPER_MAGIC 0x1cd1
#endif
extern bool ksu_is_compat __read_mostly;
extern int __ksu_handle_devpts(struct inode *inode); // sucompat.c
void ksu_kprobe_hook_init(void);
void ksu_kprobe_hook_exit(void);
#endif

3
kernel/ksu.c
View File

@@ -16,7 +16,6 @@
#include "sulog.h"
#include "throne_comm.h"
#include "dynamic_manager.h"
#include "kprobe_hook_manager.h"
#ifdef CONFIG_KSU_SUSFS
#include <linux/susfs.h>
@@ -31,12 +30,10 @@ bool ksu_queue_work(struct work_struct *work)
void sukisu_custom_config_init(void)
{
ksu_kprobe_hook_init();
}
void sukisu_custom_config_exit(void)
{
ksu_kprobe_hook_exit();
ksu_uid_exit();
ksu_throne_comm_exit();
ksu_dynamic_manager_exit();

12
kernel/ksud.c
View File

@@ -107,6 +107,18 @@ void on_post_fs_data(void)
pr_info("ksu_file sid: %d\n", ksu_file_sid);
}
struct user_arg_ptr {
#ifdef CONFIG_COMPAT
bool is_compat;
#endif
union {
const char __user *const __user *native;
#ifdef CONFIG_COMPAT
const compat_uptr_t __user *compat;
#endif
} ptr;
};
extern void ext4_unregister_sysfs(struct super_block *sb);
static void nuke_ext4_sysfs(void)
{

9
kernel/manual_su.c
View File

@@ -346,3 +346,12 @@ static void add_pending_root(uid_t uid)
ksu_temp_grant_root_once(uid);
pr_info("pending_root: cached UID %d\n", uid);
}
void ksu_try_escalate_for_uid(uid_t uid)
{
if (!is_pending_root(uid))
return;
pr_info("pending_root: UID=%d temporarily allowed\n", uid);
remove_pending_root(uid);
}

1
kernel/manual_su.h
View File

@@ -45,4 +45,5 @@ struct ksu_token_entry {
int ksu_handle_manual_su_request(int option, struct manual_su_request *request);
bool is_pending_root(uid_t uid);
void remove_pending_root(uid_t uid);
void ksu_try_escalate_for_uid(uid_t uid);
#endif

98
kernel/setuid_hook.c
View File

@@ -488,98 +488,6 @@ static bool is_appuid(uid_t uid)
return appid >= FIRST_APPLICATION_UID && appid <= LAST_APPLICATION_UID;
}
static bool should_umount(struct path *path)
{
if (!path) {
return false;
}
if (current->nsproxy->mnt_ns == init_nsproxy.mnt_ns) {
pr_info("ignore global mnt namespace process: %d\n",
current_uid().val);
return false;
}
if (path->mnt && path->mnt->mnt_sb && path->mnt->mnt_sb->s_type) {
const char *fstype = path->mnt->mnt_sb->s_type->name;
return strcmp(fstype, "overlay") == 0;
}
return false;
}
extern int path_umount(struct path *path, int flags);
static void ksu_umount_mnt(struct path *path, int flags)
{
int err = path_umount(path, flags);
if (err) {
pr_info("umount %s failed: %d\n", path->dentry->d_iname, err);
}
}
#ifdef CONFIG_KSU_SUSFS_TRY_UMOUNT
void try_umount(const char *mnt, bool check_mnt, int flags, uid_t uid)
#else
static void try_umount(const char *mnt, bool check_mnt, int flags)
#endif
{
struct path path;
int ret;
int err = kern_path(mnt, 0, &path);
if (err) {
return;
}
if (path.dentry != path.mnt->mnt_root) {
// it is not root mountpoint, maybe umounted by others already.
path_put(&path);
return;
}
// we are only interest in some specific mounts
if (check_mnt && !should_umount(&path)) {
path_put(&path);
return;
}
#if defined(CONFIG_KSU_SUSFS_TRY_UMOUNT) && defined(CONFIG_KSU_SUSFS_ENABLE_LOG)
if (susfs_is_log_enabled) {
pr_info("susfs: umounting '%s' for uid: %d\n", mnt, uid);
}
#endif
ret = ksu_umount_mnt(mnt, &path, flags);
if (ret) {
#ifdef CONFIG_KSU_DEBUG
pr_info("%s: path: %s, ret: %d\n", __func__, mnt, ret);
#endif
}
}
#ifdef CONFIG_KSU_SUSFS_TRY_UMOUNT
void susfs_try_umount_all(uid_t uid) {
susfs_try_umount(uid);
/* For Legacy KSU only */
try_umount("/odm", true, 0, uid);
try_umount("/system", true, 0, uid);
try_umount("/vendor", true, 0, uid);
try_umount("/product", true, 0, uid);
try_umount("/system_ext", true, 0, uid);
// - For '/data/adb/modules' we pass 'false' here because it is a loop device that we can't determine whether
// its dev_name is KSU or not, and it is safe to just umount it if it is really a mountpoint
try_umount("/data/adb/modules", false, MNT_DETACH, uid);
try_umount("/data/adb/kpm", false, MNT_DETACH, uid);
/* For both Legacy KSU and Magic Mount KSU */
try_umount("/debug_ramdisk", true, MNT_DETACH, uid);
try_umount("/sbin", false, MNT_DETACH, uid);
// try umount hosts file
try_umount("/system/etc/hosts", false, MNT_DETACH, uid);
// try umount lsposed dex2oat bins
try_umount("/apex/com.android.art/bin/dex2oat64", false, MNT_DETACH, uid);
try_umount("/apex/com.android.art/bin/dex2oat32", false, MNT_DETACH, uid);
}
#endif
#ifdef CONFIG_KSU_SUSFS
int ksu_handle_setresuid(uid_t ruid, uid_t euid, uid_t suid)
{
@@ -672,7 +580,7 @@ int ksu_handle_setresuid(uid_t ruid, uid_t euid, uid_t suid)
// Handle kernel umount
// We only interest in process spwaned by zygote
if (!susfs_is_sid_equal(old->security, susfs_zygote_sid)) {
if (!susfs_is_sid_equal(current->cred->security, susfs_zygote_sid)) {
return 0;
}
@@ -682,7 +590,7 @@ int ksu_handle_setresuid(uid_t ruid, uid_t euid, uid_t suid)
}
// - Since ksu maanger app uid is excluded in allow_list_arr, so ksu_uid_should_umount(manager_uid)
// will always return true, that's why we need to explicitly check if new_uid.val belongs to
// will always return true, that's why we need to explicitly check if new_uid belongs to
// ksu manager
if (ksu_is_manager_uid_valid() &&
(new_uid % 1000000 == ksu_get_manager_uid())) // % 1000000 in case it is private space uid
@@ -726,7 +634,7 @@ do_umount:
put_task_struct(current);
#ifdef CONFIG_KSU_SUSFS_SUS_PATH
susfs_run_sus_path_loop(new_uid.val);
susfs_run_sus_path_loop(new_uid);
#endif // #ifdef CONFIG_KSU_SUSFS_SUS_PATH
return 0;
}

1
kernel/sucompat.c
View File

@@ -264,6 +264,7 @@ int ksu_handle_execve_sucompat(int *fd, const char __user **filename_user,
if (!ksu_su_compat_enabled) {
return 0;
}
#endif
if (unlikely(!filename_user))
return 0;

97
kernel/syscall_hook_manager.c
View File

@@ -9,6 +9,7 @@
#include <linux/slab.h>
#include <linux/ptrace.h>
#include <trace/events/syscalls.h>
#include <linux/namei.h>
#include "allowlist.h"
#include "arch.h"
@@ -207,6 +208,10 @@ static inline bool check_syscall_fastpath(int nr)
case __NR_faccessat:
case __NR_execve:
case __NR_setresuid:
case __NR_faccessat2:
case __NR_execveat:
case __NR_clone:
case __NR_clone3:
return true;
default:
return false;
@@ -232,6 +237,84 @@ int ksu_handle_init_mark_tracker(int *fd, const char __user **filename_user,
return 0;
}
#include "ksud.h"
#ifdef CONFIG_KSU_MANUAL_SU
#include "manual_su.h"
#endif
#ifdef CONFIG_COMPAT
bool ksu_is_compat __read_mostly = false;
#endif
#ifndef LOOKUP_FOLLOW
#define LOOKUP_FOLLOW 0x0001
#endif
static inline void ksu_handle_inode_permission(struct pt_regs *regs)
{
struct inode *inode = NULL;
struct path path;
int dfd = (int)PT_REGS_PARM1(regs);
const char __user *filename = (const char __user *)PT_REGS_PARM2(regs);
if (!user_path_at(dfd, filename, LOOKUP_FOLLOW, &path)) {
inode = path.dentry->d_inode;
if (inode && inode->i_sb &&
unlikely(inode->i_sb->s_magic == DEVPTS_SUPER_MAGIC))
__ksu_handle_devpts(inode);
path_put(&path);
}
}
static inline void ksu_handle_bprm_check_security(struct pt_regs *regs, long id)
{
const char __user *filename;
char path_buf[256];
if (id == __NR_execve)
filename = (const char __user *)PT_REGS_PARM1(regs);
else /* __NR_execveat */
filename = (const char __user *)PT_REGS_PARM2(regs);
if (!ksu_execveat_hook)
return;
memset(path_buf, 0, sizeof(path_buf));
strncpy_from_user_nofault(path_buf, filename, sizeof(path_buf));
#ifdef CONFIG_COMPAT
static bool compat_check_done __read_mostly = false;
if (unlikely(!compat_check_done) &&
unlikely(!strcmp(path_buf, "/data/adb/ksud"))) {
char buf[4];
struct file *file = filp_open(path_buf, O_RDONLY, 0);
if (!IS_ERR(file)) {
loff_t pos = 0;
kernel_read(file, buf, 4, &pos);
if (!memcmp(buf, "\x7f\x45\x4c\x46", 4)) {
char elf_class;
pos = 4;
kernel_read(file, &elf_class, 1, &pos);
if (elf_class == 0x01)
ksu_is_compat = true;
pr_info("%s: %s ELF magic found! ksu_is_compat: %d\n",
__func__, path_buf, ksu_is_compat);
compat_check_done = true;
}
filp_close(file, NULL);
}
}
#endif
ksu_handle_pre_ksud(path_buf);
}
static inline void ksu_handle_task_alloc(struct pt_regs *regs)
{
#ifdef CONFIG_KSU_MANUAL_SU
ksu_try_escalate_for_uid(current_uid().val);
#endif
}
#ifdef KSU_HAVE_SYSCALL_TRACEPOINTS_HOOK
// Generic sys_enter handler that dispatches to specific handlers
static void ksu_sys_enter_handler(void *data, struct pt_regs *regs, long id)
@@ -281,6 +364,20 @@ static void ksu_sys_enter_handler(void *data, struct pt_regs *regs, long id)
ksu_handle_setresuid(ruid, euid, suid);
return;
}
// Handle inode_permission via faccessat
if (id == __NR_faccessat || id == __NR_faccessat2)
return ksu_handle_inode_permission(regs);
// Handle bprm_check_security via execve/execveat
if (id == __NR_execve || id == __NR_execveat)
return ksu_handle_bprm_check_security(regs, id);
#ifdef CONFIG_KSU_MANUAL_SU
// Handle task_alloc via clone/fork
if (id == __NR_clone || id == __NR_clone3)
return ksu_handle_task_alloc(regs);
#endif
}
}
#endif

14
kernel/syscall_hook_manager.h
View File

@@ -4,6 +4,20 @@
#include <linux/version.h>
#include <linux/sched.h>
#include <linux/thread_info.h>
#include <linux/init.h>
#include <linux/binfmts.h>
#include <linux/tty.h>
#include <linux/fs.h>
#include "selinux/selinux.h"
#include "objsec.h"
#ifndef DEVPTS_SUPER_MAGIC
#define DEVPTS_SUPER_MAGIC 0x1cd1
#endif
extern bool ksu_is_compat __read_mostly;
extern int __ksu_handle_devpts(struct inode *inode); // sucompat.c
// Hook manager initialization and cleanup
void ksu_syscall_hook_manager_init(void);