android/SukiSU-Ultra
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig (#77)

Browse Source 
disabling this removes the need for LSM_HOOK_INIT, security_add_hooks and such,.
furthermore, this will also allow easier integration on pre-4.1 kernels.
Expose this and make it a configurable option.

Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
This commit is contained in:
backslashxx
2025-05-15 20:28:44 +08:00
committed by GitHub
parent db547eecf1
commit 8d066b9ec5
2 changed files with 26 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
kernel/Kconfig
View File

@@ -55,4 +55,12 @@ config KPM
This option is suitable for scenarios where you need to force KPM to be enabled. This option is suitable for scenarios where you need to force KPM to be enabled.
but it may affect system stability. but it may affect system stability.
config KSU_LSM_SECURITY_HOOKS
bool "use lsm security hooks"
depends on KSU
default y
help
Disabling this is mostly only useful for kernel 4.1 and older.
Make sure to implement manual hooks on security/security.c.
endmenu endmenu

25
kernel/core_hook.c
View File

@@ -6,7 +6,9 @@
#include <linux/kallsyms.h> #include <linux/kallsyms.h>
#include <linux/kernel.h> #include <linux/kernel.h>
#include <linux/kprobes.h> #include <linux/kprobes.h>
#ifdef CONFIG_KSU_LSM_SECURITY_HOOKS
#include <linux/lsm_hooks.h> #include <linux/lsm_hooks.h>
#endif
#include <linux/mm.h> #include <linux/mm.h>
#include <linux/nsproxy.h> #include <linux/nsproxy.h>
#include <linux/path.h> #include <linux/path.h>
@@ -638,17 +640,11 @@ int ksu_handle_setuid(struct cred *new, const struct cred *old)
return 0; return 0;
} }
static int ksu_task_prctl(int option, unsigned long arg2, unsigned long arg3,
unsigned long arg4, unsigned long arg5)
{
ksu_handle_prctl(option, arg2, arg3, arg4, arg5);
return -ENOSYS;
}
// kernel 4.4 and 4.9 // kernel 4.4 and 4.9
#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0) || \ #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0) || \
defined(CONFIG_IS_HW_HISI) || \ defined(CONFIG_IS_HW_HISI) || \
defined(CONFIG_KSU_ALLOWLIST_WORKAROUND) defined(CONFIG_KSU_ALLOWLIST_WORKAROUND)
static int ksu_key_permission(key_ref_t key_ref, const struct cred *cred, int ksu_key_permission(key_ref_t key_ref, const struct cred *cred,
unsigned perm) unsigned perm)
{ {
if (init_session_keyring != NULL) { if (init_session_keyring != NULL) {
@@ -663,6 +659,15 @@ static int ksu_key_permission(key_ref_t key_ref, const struct cred *cred,
return 0; return 0;
} }
#endif #endif
#ifdef CONFIG_KSU_LSM_SECURITY_HOOKS
static int ksu_task_prctl(int option, unsigned long arg2, unsigned long arg3,
unsigned long arg4, unsigned long arg5)
{
ksu_handle_prctl(option, arg2, arg3, arg4, arg5);
return -ENOSYS;
}
static int ksu_inode_rename(struct inode *old_inode, struct dentry *old_dentry, static int ksu_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
struct inode *new_inode, struct dentry *new_dentry) struct inode *new_inode, struct dentry *new_dentry)
{ {
@@ -894,3 +899,9 @@ void __init ksu_core_init(void)
void ksu_core_exit(void) void ksu_core_exit(void)
{ {
} }
#else
void __init ksu_core_init(void)
{
pr_info("ksu_core_init: LSM hooks not in use.\n");
}
#endif //CONFIG_KSU_LSM_SECURITY_HOOKS