android/SukiSU-Ultra
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

kernel: Use CONFIG_KSU_MANUAL_SU to protect MANUAL_SU

Browse Source
This commit is contained in:
ShirkNeko
2025-11-05 16:17:54 +08:00
parent 557e7f8153
commit 994fdfddf2
3 changed files with 15 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
kernel/ksu_netlink.c
View File

@@ -33,10 +33,11 @@ static bool system_uid(uid_t uid)
return caller_uid <= 2000; return caller_uid <= 2000;
} }
#ifdef CONFIG_KSU_MANUAL_SU
// Manual SU // Manual SU
static int handle_manual_su(struct sk_buff *skb, struct nlmsghdr *nlh, void *msg_data) static int handle_manual_su(struct sk_buff *skb, struct nlmsghdr *nlh, void *msg_data)
{ {
struct ksu_netlink_manual_su *msg = (struct ksu_netlink_manual_su *)msg_data; struct netlink_manual_su *msg = (struct netlink_manual_su *)msg_data;
struct manual_su_request request; struct manual_su_request request;
int res; int res;
@@ -61,17 +62,20 @@ static int handle_manual_su(struct sk_buff *skb, struct nlmsghdr *nlh, void *msg
return 0; return 0;
} }
#endif
// Command handlers mapping table // Command handlers mapping table
static const struct ksu_netlink_cmd_handler ksu_netlink_handlers[] = { static const struct ksu_netlink_cmd_handler ksu_netlink_handlers[] = {
#ifdef CONFIG_KSU_MANUAL_SU
{ {
.cmd = KSU_NETLINK_CMD_MANUAL_SU, .cmd = KSU_NETLINK_CMD_MANUAL_SU,
.msg_size = sizeof(struct ksu_netlink_manual_su), .msg_size = sizeof(struct netlink_manual_su),
.name = "MANUAL_SU", .name = "MANUAL_SU",
.handler = handle_manual_su, .handler = handle_manual_su,
.perm_check = system_uid .perm_check = system_uid
}, },
{ .cmd = 0, .name = NULL, .handler = NULL, .perm_check = NULL } #endif
{ .cmd = 0, .msg_size = NULL, .name = NULL, .handler = NULL, .perm_check = NULL }
}; };
static void ksu_netlink_recv_msg(struct sk_buff *skb) static void ksu_netlink_recv_msg(struct sk_buff *skb)

8
kernel/ksu_netlink.h
View File

@@ -15,17 +15,21 @@ struct ksu_netlink_hdr {
int result; // Result code (output) int result; // Result code (output)
}; };
struct ksu_netlink_manual_su { #ifdef CONFIG_KSU_MANUAL_SU
struct netlink_manual_su {
struct ksu_netlink_hdr hdr; struct ksu_netlink_hdr hdr;
int option; int option;
uid_t target_uid; uid_t target_uid;
pid_t target_pid; pid_t target_pid;
char token_buffer[33]; char token_buffer[33];
}; };
#endif
union ksu_netlink_msg { union ksu_netlink_msg {
struct ksu_netlink_hdr hdr; struct ksu_netlink_hdr hdr;
struct ksu_netlink_manual_su manual_su; #ifdef CONFIG_KSU_MANUAL_SU
struct netlink_manual_su manual_su;
#endif
}; };
typedef int (*ksu_netlink_handler_t)(struct sk_buff *skb, struct nlmsghdr *nlh, void *msg_data); typedef int (*ksu_netlink_handler_t)(struct sk_buff *skb, struct nlmsghdr *nlh, void *msg_data);

2
kernel/selinux/rules.c
View File

@@ -127,7 +127,9 @@ void apply_kernelsu_rules()
ksu_allow(db, "system_server", KERNEL_SU_DOMAIN, "process", "getpgid"); ksu_allow(db, "system_server", KERNEL_SU_DOMAIN, "process", "getpgid");
ksu_allow(db, "system_server", KERNEL_SU_DOMAIN, "process", "sigkill"); ksu_allow(db, "system_server", KERNEL_SU_DOMAIN, "process", "sigkill");
#ifdef CONFIG_KSU_MANUAL_SU
ksu_allow(db, "shell", "shell", "netlink_connector_socket", ALL); ksu_allow(db, "shell", "shell", "netlink_connector_socket", ALL);
#endif
// https://android-review.googlesource.com/c/platform/system/logging/+/3725346 // https://android-review.googlesource.com/c/platform/system/logging/+/3725346
ksu_dontaudit(db, "untrusted_app", KERNEL_SU_DOMAIN, "dir", "getattr"); ksu_dontaudit(db, "untrusted_app", KERNEL_SU_DOMAIN, "dir", "getattr");