kernel: minor fixes for profiles
This commit is contained in:
weishu
@@ -18,19 +18,21 @@
|
|||||||
static DEFINE_MUTEX(allowlist_mutex);
|
static DEFINE_MUTEX(allowlist_mutex);
|
||||||
|
|
||||||
// default root identify
|
// default root identify
|
||||||
static struct root_identity default_root_identity;
|
static struct root_profile default_root_profile;
|
||||||
static bool default_umount_modules = true;
|
static struct non_root_profile default_non_root_profile;
|
||||||
|
|
||||||
static void init_root_identity()
|
static void init_default_profiles()
|
||||||
{
|
{
|
||||||
default_root_identity.uid = 0;
|
default_root_profile.uid = 0;
|
||||||
default_root_identity.gid = 0;
|
default_root_profile.gid = 0;
|
||||||
default_root_identity.groups_count = 1;
|
default_root_profile.groups_count = 1;
|
||||||
default_root_identity.groups[0] = 0;
|
default_root_profile.groups[0] = 0;
|
||||||
memset(&default_root_identity.capabilities, 0xff,
|
memset(&default_root_profile.capabilities, 0xff,
|
||||||
sizeof(default_root_identity.capabilities));
|
sizeof(default_root_profile.capabilities));
|
||||||
default_root_identity.namespaces = 0;
|
default_root_profile.namespaces = 0;
|
||||||
strcpy(default_root_identity.selinux_domain, "su");
|
strcpy(default_root_profile.selinux_domain, "su");
|
||||||
|
|
||||||
|
default_non_root_profile.umount_modules = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
struct perm_data {
|
struct perm_data {
|
||||||
@@ -308,8 +310,7 @@ void ksu_allowlist_init(void)
|
|||||||
INIT_WORK(&ksu_save_work, do_save_allow_list);
|
INIT_WORK(&ksu_save_work, do_save_allow_list);
|
||||||
INIT_WORK(&ksu_load_work, do_load_allow_list);
|
INIT_WORK(&ksu_load_work, do_load_allow_list);
|
||||||
|
|
||||||
// init default_root_identity, which is used for root identity when root profile is not set.
|
init_default_profiles();
|
||||||
init_root_identity();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void ksu_allowlist_exit(void)
|
void ksu_allowlist_exit(void)
|
||||||
|
|||||||
15
kernel/ksu.h
15
kernel/ksu.h
@@ -37,7 +37,7 @@
|
|||||||
#define KSU_MAX_GROUPS 32
|
#define KSU_MAX_GROUPS 32
|
||||||
#define KSU_SELINUX_DOMAIN 64
|
#define KSU_SELINUX_DOMAIN 64
|
||||||
|
|
||||||
struct root_identity {
|
struct root_profile {
|
||||||
int32_t uid;
|
int32_t uid;
|
||||||
int32_t gid;
|
int32_t gid;
|
||||||
|
|
||||||
@@ -50,6 +50,10 @@ struct root_identity {
|
|||||||
int32_t namespaces;
|
int32_t namespaces;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
struct non_root_profile {
|
||||||
|
bool umount_modules;
|
||||||
|
};
|
||||||
|
|
||||||
struct app_profile {
|
struct app_profile {
|
||||||
// this is usually the package of the app, but can be other value for special apps
|
// this is usually the package of the app, but can be other value for special apps
|
||||||
char key[KSU_MAX_PACKAGE_NAME];
|
char key[KSU_MAX_PACKAGE_NAME];
|
||||||
@@ -61,13 +65,14 @@ struct app_profile {
|
|||||||
bool use_default;
|
bool use_default;
|
||||||
char template_name[KSU_MAX_PACKAGE_NAME];
|
char template_name[KSU_MAX_PACKAGE_NAME];
|
||||||
|
|
||||||
struct root_identity identity;
|
struct root_profile profile;
|
||||||
} root_profile;
|
} rp_config;
|
||||||
|
|
||||||
struct {
|
struct {
|
||||||
bool use_default;
|
bool use_default;
|
||||||
bool umount_modules;
|
|
||||||
} non_root_profile;
|
struct non_root_profile profile;
|
||||||
|
} nrp_config;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user