diff --git a/kernel/Makefile b/kernel/Makefile index ec490449..efb48f4c 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -19,7 +19,6 @@ kernelsu-objs += selinux/rules.o ccflags-y += -I$(srctree)/security/selinux -I$(srctree)/security/selinux/include ccflags-y += -I$(objtree)/security/selinux -include $(srctree)/include/uapi/asm-generic/errno.h -ccflags-y += -include $(srctree)/$(src)/include/ksu_creds.h obj-$(CONFIG_KSU) += kernelsu.o obj-$(CONFIG_KSU_TRACEPOINT_HOOK) += ksu_trace_export.o diff --git a/kernel/core_hook.c b/kernel/core_hook.c index 2cf0e630..4c042d73 100644 --- a/kernel/core_hook.c +++ b/kernel/core_hook.c @@ -70,7 +70,7 @@ static inline bool is_allow_su() // we are manager, allow! return true; } - return ksu_is_allow_uid(ksu_current_uid()); + return ksu_is_allow_uid(current_uid().val); } static inline bool is_unsupported_uid(uid_t uid) @@ -162,26 +162,24 @@ void escape_to_root(void) return; } - if (ksu_cred_euid(newcreds) == 0) { + if (newcreds->euid.val == 0) { pr_warn("Already root, don't escape!\n"); abort_creds(newcreds); return; } struct root_profile *profile = - ksu_get_root_profile(ksu_cred_uid(newcreds)); + ksu_get_root_profile(newcreds->uid.val); - ksu_cred_uid(newcreds) = profile->uid; - ksu_cred_suid(newcreds) = profile->uid; - ksu_cred_euid(newcreds) = profile->uid; - ksu_cred_fsuid(newcreds) = profile->uid; + newcreds->uid.val = profile->uid; + newcreds->suid.val = profile->uid; + newcreds->euid.val = profile->uid; + newcreds->fsuid.val = profile->uid; - ksu_cred_gid(newcreds) = profile->gid; - ksu_cred_fsgid(newcreds) = profile->gid; - ksu_cred_sgid(newcreds) = profile->gid; - ksu_cred_egid(newcreds) = profile->gid; - - // no wrapper, ignore it. + newcreds->gid.val = profile->gid; + newcreds->fsgid.val = profile->gid; + newcreds->sgid.val = profile->gid; + newcreds->egid.val = profile->gid; newcreds->securebits = 0; BUILD_BUG_ON(sizeof(profile->capabilities.effective) != @@ -205,6 +203,7 @@ void escape_to_root(void) spin_lock_irq(¤t->sighand->siglock); disable_seccomp(current); spin_unlock_irq(¤t->sighand->siglock); + setup_selinux(profile->selinux_domain); } @@ -215,7 +214,7 @@ int ksu_handle_rename(struct dentry *old_dentry, struct dentry *new_dentry) return 0; } - if (ksu_current_uid() != 1000) { + if (current_uid().val != 1000) { // skip non system uid return 0; } @@ -286,14 +285,14 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3, } // TODO: find it in throne tracker! - uid_t current_uid_val = ksu_current_uid(); + uid_t current_uid_val = current_uid().val; uid_t manager_uid = ksu_get_manager_uid(); if (current_uid_val != manager_uid && current_uid_val % 100000 == manager_uid) { ksu_set_manager_uid(current_uid_val); } - bool from_root = 0 == ksu_current_uid(); + bool from_root = 0 == current_uid().val; bool from_manager = is_manager(); if (!from_root && !from_manager) { @@ -317,7 +316,7 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3, if (arg2 == CMD_GRANT_ROOT) { if (is_allow_su()) { - pr_info("allow root for: %d\n", ksu_current_uid()); + pr_info("allow root for: %d\n", current_uid().val); escape_to_root(); if (copy_to_user(result, &reply_ok, sizeof(reply_ok))) { pr_err("grant_root: prctl reply error\n"); @@ -657,7 +656,7 @@ static bool should_umount(struct path *path) if (current->nsproxy->mnt_ns == init_nsproxy.mnt_ns) { pr_info("ignore global mnt namespace process: %d\n", - ksu_current_uid()); + current_uid().val); return false; } diff --git a/kernel/include/ksu_creds.h b/kernel/include/ksu_creds.h deleted file mode 100644 index 98b71b59..00000000 --- a/kernel/include/ksu_creds.h +++ /dev/null @@ -1,39 +0,0 @@ -/* - * KernelSU creds wrapper - * - * Provide a wrapper for a few credentials use (e.g current_uid().val), - * so it would be easier to maintain - * some older linux versions. - */ - -#ifndef __KSU_H_CREDS -#define __KSU_H_CREDS - -#include -#include - -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 5, 0) && \ - defined(CONFIG_UIDGID_STRICT_TYPE_CHECKS)) || \ - LINUX_VERSION_CODE >= KERNEL_VERSION(3, 14, 0) -#define ksu_cred_uid(x) ((x)->uid.val) -#define ksu_cred_suid(x) ((x)->suid.val) -#define ksu_cred_euid(x) ((x)->euid.val) -#define ksu_cred_fsuid(x) ((x)->fsuid.val) -#define ksu_cred_gid(x) ((x)->gid.val) -#define ksu_cred_fsgid(x) ((x)->fsgid.val) -#define ksu_cred_sgid(x) ((x)->sgid.val) -#define ksu_cred_egid(x) ((x)->egid.val) -#define ksu_current_uid() (current_uid().val) -#else -#define ksu_cred_uid(x) ((x)->uid) -#define ksu_cred_suid(x) ((x)->suid) -#define ksu_cred_euid(x) ((x)->euid) -#define ksu_cred_fsuid(x) ((x)->fsuid) -#define ksu_cred_gid(x) ((x)->gid) -#define ksu_cred_fsgid(x) ((x)->fsgid) -#define ksu_cred_sgid(x) ((x)->sgid) -#define ksu_cred_egid(x) ((x)->egid) -#define ksu_current_uid() (current_uid()) -#endif - -#endif diff --git a/kernel/manager.h b/kernel/manager.h index 53c47879..53bb0790 100644 --- a/kernel/manager.h +++ b/kernel/manager.h @@ -21,8 +21,8 @@ static inline bool ksu_is_manager_uid_valid() static inline bool is_manager() { - return unlikely(ksu_is_any_manager(ksu_current_uid()) || - ksu_manager_uid == ksu_current_uid()); + return unlikely(ksu_is_any_manager(current_uid()) || + ksu_manager_uid == current_uid()); } static inline uid_t ksu_get_manager_uid() diff --git a/kernel/sucompat.c b/kernel/sucompat.c index ecc01137..17bedb0e 100644 --- a/kernel/sucompat.c +++ b/kernel/sucompat.c @@ -59,7 +59,7 @@ static inline bool __is_su_allowed(const void *ptr_to_check) if (!ksu_sucompat_hook_state) return false; #endif - if (likely(!ksu_is_allow_uid(ksu_current_uid()))) + if (likely(!ksu_is_allow_uid(current_uid().val))) return false; if (unlikely(!ptr_to_check)) @@ -150,7 +150,7 @@ static int ksu_inline_handle_devpts(struct inode *inode) return 0; } - uid_t uid = ksu_current_uid(); + uid_t uid = current_uid().val; if (uid % 100000 < 10000) { // not untrusted_app, ignore it return 0;