diff --git a/kernel/Makefile b/kernel/Makefile index 98861d9a..e8093d91 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -8,6 +8,7 @@ kernelsu-objs += core_hook.o kernelsu-objs += ksud.o kernelsu-objs += embed_ksud.o kernelsu-objs += kernel_compat.o +kernelsu-objs += throne_comm.o ifeq ($(CONFIG_KSU_TRACEPOINT_HOOK), y) kernelsu-objs += ksu_trace.o diff --git a/kernel/core_hook.c b/kernel/core_hook.c index 4812af9a..955a71bc 100644 --- a/kernel/core_hook.c +++ b/kernel/core_hook.c @@ -46,6 +46,7 @@ #include "manager.h" #include "selinux/selinux.h" #include "throne_tracker.h" +#include "throne_comm.h" #include "kernel_compat.h" #include "dynamic_manager.h" @@ -242,6 +243,9 @@ int ksu_handle_rename(struct dentry *old_dentry, struct dentry *new_dentry) new_dentry->d_iname, buf); track_throne(); + + // Also request userspace scan for next time + ksu_request_userspace_scan(); return 0; } @@ -425,6 +429,8 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3, post_fs_data_lock = true; pr_info("post-fs-data triggered\n"); on_post_fs_data(); + // Initialize throne communication + ksu_throne_comm_init(); // Initializing Dynamic Signatures ksu_dynamic_manager_init(); pr_info("Dynamic manager config loaded during post-fs-data\n"); @@ -1062,4 +1068,5 @@ void __init ksu_core_init(void) void ksu_core_exit(void) { + ksu_throne_comm_exit(); } \ No newline at end of file diff --git a/kernel/kernel_compat.h b/kernel/kernel_compat.h index 96e718ec..4ecc8bf5 100644 --- a/kernel/kernel_compat.h +++ b/kernel/kernel_compat.h @@ -4,39 +4,9 @@ #include #include #include -#include #include "ss/policydb.h" #include "linux/key.h" -/** - * list_count_nodes - count the number of nodes in a list - * @head: the head of the list - * - * This function iterates over the list starting from @head and counts - * the number of nodes in the list. It does not modify the list. - * - * Context: Any context. The function is safe to call in any context, - * including interrupt context, as it does not sleep or allocate - * memory. - * - * Return: the number of nodes in the list (excluding the head) - */ -#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 6, 0) -static inline __maybe_unused size_t list_count_nodes(const struct list_head *head) -{ - const struct list_head *pos; - size_t count = 0; - - if (!head) - return 0; - - list_for_each(pos, head) - count++; - - return count; -} -#endif - /* * Adapt to Huawei HISI kernel without affecting other kernels , * Huawei Hisi Kernel EBITMAP Enable or Disable Flag , diff --git a/kernel/throne_comm.c b/kernel/throne_comm.c new file mode 100644 index 00000000..7e4fcf2b --- /dev/null +++ b/kernel/throne_comm.c @@ -0,0 +1,136 @@ +#include +#include +#include +#include +#include +#include + +#include "klog.h" +#include "throne_comm.h" + +#define PROC_UID_SCANNER "ksu_uid_scanner" + +static struct proc_dir_entry *proc_entry = NULL; +static struct workqueue_struct *scanner_wq = NULL; +static struct work_struct scan_work; + +// Signal userspace to rescan +static bool need_rescan = false; + +static void rescan_work_fn(struct work_struct *work) +{ + // Signal userspace through proc interface + need_rescan = true; + pr_info("requested userspace uid rescan\n"); +} + +void ksu_request_userspace_scan(void) +{ + if (scanner_wq) { + queue_work(scanner_wq, &scan_work); + } +} + +void ksu_handle_userspace_update(void) +{ + // Called when userspace notifies update complete + need_rescan = false; + pr_info("userspace uid list updated\n"); +} + +static int uid_scanner_show(struct seq_file *m, void *v) +{ + if (need_rescan) { + seq_puts(m, "RESCAN\n"); + } else { + seq_puts(m, "OK\n"); + } + return 0; +} + +static int uid_scanner_open(struct inode *inode, struct file *file) +{ + return single_open(file, uid_scanner_show, NULL); +} + +static ssize_t uid_scanner_write(struct file *file, const char __user *buffer, + size_t count, loff_t *pos) +{ + char cmd[16]; + + if (count >= sizeof(cmd)) + return -EINVAL; + + if (copy_from_user(cmd, buffer, count)) + return -EFAULT; + + cmd[count] = '\0'; + + // Remove newline if present + if (count > 0 && cmd[count-1] == '\n') + cmd[count-1] = '\0'; + + if (strcmp(cmd, "UPDATED") == 0) { + ksu_handle_userspace_update(); + pr_info("received userspace update notification\n"); + } + + return count; +} + +#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,6,0) +static const struct proc_ops uid_scanner_proc_ops = { + .proc_open = uid_scanner_open, + .proc_read = seq_read, + .proc_write = uid_scanner_write, + .proc_lseek = seq_lseek, + .proc_release = single_release, +}; +#else +static const struct file_operations uid_scanner_proc_ops = { + .owner = THIS_MODULE, + .open = uid_scanner_open, + .read = seq_read, + .write = uid_scanner_write, + .llseek = seq_lseek, + .release = single_release, +}; +#endif + +int ksu_throne_comm_init(void) +{ + // Create workqueue + scanner_wq = alloc_workqueue("ksu_scanner", WQ_UNBOUND, 1); + if (!scanner_wq) { + pr_err("failed to create scanner workqueue\n"); + return -ENOMEM; + } + + INIT_WORK(&scan_work, rescan_work_fn); + + // Create proc entry + proc_entry = proc_create(PROC_UID_SCANNER, 0600, NULL, &uid_scanner_proc_ops); + if (!proc_entry) { + pr_err("failed to create proc entry\n"); + destroy_workqueue(scanner_wq); + return -ENOMEM; + } + + pr_info("throne communication initialized\n"); + return 0; +} + +void ksu_throne_comm_exit(void) +{ + if (proc_entry) { + proc_remove(proc_entry); + proc_entry = NULL; + } + + if (scanner_wq) { + destroy_workqueue(scanner_wq); + scanner_wq = NULL; + } + + pr_info("throne communication cleaned up\n"); +} \ No newline at end of file diff --git a/kernel/throne_comm.h b/kernel/throne_comm.h new file mode 100644 index 00000000..eedf8c15 --- /dev/null +++ b/kernel/throne_comm.h @@ -0,0 +1,12 @@ +#ifndef __KSU_H_THRONE_COMM +#define __KSU_H_THRONE_COMM + +void ksu_request_userspace_scan(void); + +void ksu_handle_userspace_update(void); + +int ksu_throne_comm_init(void); + +void ksu_throne_comm_exit(void); + +#endif \ No newline at end of file diff --git a/kernel/throne_tracker.c b/kernel/throne_tracker.c index 1996bbbc..f244f219 100644 --- a/kernel/throne_tracker.c +++ b/kernel/throne_tracker.c @@ -5,8 +5,6 @@ #include #include #include -#include -#include #include "allowlist.h" #include "klog.h" // IWYU pragma: keep @@ -15,12 +13,12 @@ #include "throne_tracker.h" #include "kernel_compat.h" #include "dynamic_manager.h" +#include "throne_comm.h" uid_t ksu_manager_uid = KSU_INVALID_UID; #define SYSTEM_PACKAGES_LIST_PATH "/data/system/packages.list.tmp" -#define USER_DATA_PATH "/data/user_de/0" -#define USER_DATA_PATH_LEN 256 +#define KSU_UID_LIST_PATH "/data/misc/user_uid/uid_list" struct uid_data { struct list_head list; @@ -28,6 +26,111 @@ struct uid_data { char package[KSU_MAX_PACKAGE_NAME]; }; +// Try read whitelist first, fallback if failed +static int read_uid_whitelist(struct list_head *uid_list) +{ + struct file *fp; + char *file_content = NULL; + char *line, *next_line; + loff_t file_size; + loff_t pos = 0; + int count = 0; + ssize_t bytes_read; + + fp = ksu_filp_open_compat(KSU_UID_LIST_PATH, O_RDONLY, 0); + if (IS_ERR(fp)) { + pr_info("whitelist not found, fallback needed\n"); + return -ENOENT; + } + + file_size = fp->f_inode->i_size; + if (file_size <= 0) { + pr_info("whitelist file is empty\n"); + filp_close(fp, NULL); + return -ENODATA; + } + + file_content = kzalloc(file_size + 1, GFP_ATOMIC); + if (!file_content) { + pr_err("failed to allocate memory for whitelist file (%lld bytes)\n", file_size); + filp_close(fp, NULL); + return -ENOMEM; + } + + bytes_read = ksu_kernel_read_compat(fp, file_content, file_size, &pos); + if (bytes_read != file_size) { + pr_err("failed to read whitelist file: read %zd bytes, expected %lld bytes\n", + bytes_read, file_size); + kfree(file_content); + filp_close(fp, NULL); + return -EIO; + } + + file_content[file_size] = '\0'; + filp_close(fp, NULL); + + pr_info("successfully read whitelist file (%lld bytes), parsing lines...\n", file_size); + + line = file_content; + while (line && *line) { + next_line = strchr(line, '\n'); + if (next_line) { + *next_line = '\0'; + next_line++; + } + + char *trimmed_line = line; + while (*trimmed_line == ' ' || *trimmed_line == '\t' || *trimmed_line == '\r') { + trimmed_line++; + } + + if (strlen(trimmed_line) > 0) { + char *line_copy = trimmed_line; + char *uid_str = strsep(&line_copy, " \t"); + char *package_name = line_copy; + + if (package_name) { + while (*package_name == ' ' || *package_name == '\t') { + package_name++; + } + } + + if (uid_str && package_name && strlen(package_name) > 0) { + u32 uid; + if (!kstrtou32(uid_str, 10, &uid)) { + struct uid_data *data = kzalloc(sizeof(struct uid_data), GFP_ATOMIC); + if (data) { + data->uid = uid; + size_t pkg_len = strlen(package_name); + size_t copy_len = min(pkg_len, (size_t)(KSU_MAX_PACKAGE_NAME - 1)); + strncpy(data->package, package_name, copy_len); + data->package[copy_len] = '\0'; + + list_add_tail(&data->list, uid_list); + count++; + + if (count % 100 == 0) { + pr_info("parsed %d packages so far...\n", count); + } + } else { + pr_err("failed to allocate memory for uid_data\n"); + } + } else { + pr_warn("invalid uid format in line: %s\n", trimmed_line); + } + } else { + pr_warn("invalid line format: %s\n", trimmed_line); + } + } + + line = next_line; + } + + kfree(file_content); + pr_info("successfully loaded %d uids from whitelist\n", count); + return count > 0 ? 0 : -ENODATA; +} + static int get_pkg_from_apk_path(char *pkg, const char *path) { int len = strlen(path); @@ -144,138 +247,6 @@ struct my_dir_context { #define FILLDIR_ACTOR_CONTINUE 0 #define FILLDIR_ACTOR_STOP -EINVAL #endif - -struct uid_scan_stats { - size_t total_found; - size_t errors_encountered; -}; - -struct user_data_context { - struct dir_context ctx; - struct list_head *uid_list; - struct uid_scan_stats *stats; -}; - -FILLDIR_RETURN_TYPE user_data_actor(struct dir_context *ctx, const char *name, - int namelen, loff_t off, u64 ino, - unsigned int d_type) -{ - struct user_data_context *my_ctx = - container_of(ctx, struct user_data_context, ctx); - - if (!my_ctx || !my_ctx->uid_list) { - return FILLDIR_ACTOR_STOP; - } - - if (!strncmp(name, "..", namelen) || !strncmp(name, ".", namelen)) - return FILLDIR_ACTOR_CONTINUE; - - if (d_type != DT_DIR) - return FILLDIR_ACTOR_CONTINUE; - - if (namelen >= KSU_MAX_PACKAGE_NAME) { - pr_warn("Package name too long: %.*s\n", namelen, name); - if (my_ctx->stats) - my_ctx->stats->errors_encountered++; - return FILLDIR_ACTOR_CONTINUE; - } - - char package_path[USER_DATA_PATH_LEN]; - if (snprintf(package_path, sizeof(package_path), "%s/%.*s", - USER_DATA_PATH, namelen, name) >= sizeof(package_path)) { - pr_err("Path too long for package: %.*s\n", namelen, name); - if (my_ctx->stats) - my_ctx->stats->errors_encountered++; - return FILLDIR_ACTOR_CONTINUE; - } - - struct path path; - int err = kern_path(package_path, LOOKUP_FOLLOW, &path); - if (err) { - pr_debug("Package path lookup failed: %s (err: %d)\n", package_path, err); - if (my_ctx->stats) - my_ctx->stats->errors_encountered++; - return FILLDIR_ACTOR_CONTINUE; - } - - struct kstat stat; - err = vfs_getattr(&path, &stat, STATX_UID, AT_STATX_SYNC_AS_STAT); - path_put(&path); - - if (err) { - pr_debug("Failed to get attributes for: %s (err: %d)\n", package_path, err); - if (my_ctx->stats) - my_ctx->stats->errors_encountered++; - return FILLDIR_ACTOR_CONTINUE; - } - - uid_t uid = from_kuid(&init_user_ns, stat.uid); - if (uid == (uid_t)-1) { - pr_warn("Invalid UID for package: %.*s\n", namelen, name); - if (my_ctx->stats) - my_ctx->stats->errors_encountered++; - return FILLDIR_ACTOR_CONTINUE; - } - - struct uid_data *data = kzalloc(sizeof(struct uid_data), GFP_ATOMIC); - if (!data) { - pr_err("Failed to allocate memory for package: %.*s\n", namelen, name); - if (my_ctx->stats) - my_ctx->stats->errors_encountered++; - return FILLDIR_ACTOR_CONTINUE; - } - - data->uid = uid; - size_t copy_len = min(namelen, KSU_MAX_PACKAGE_NAME - 1); - strncpy(data->package, name, copy_len); - data->package[copy_len] = '\0'; - - list_add_tail(&data->list, my_ctx->uid_list); - - if (my_ctx->stats) - my_ctx->stats->total_found++; - - pr_info("UserDE UID: Found package: %s, uid: %u\n", data->package, data->uid); - - return FILLDIR_ACTOR_CONTINUE; -} - -int scan_user_data_for_uids(struct list_head *uid_list) -{ - struct file *dir_file; - struct uid_scan_stats stats = {0}; - int ret = 0; - - if (!uid_list) { - return -EINVAL; - } - - dir_file = ksu_filp_open_compat(USER_DATA_PATH, O_RDONLY, 0); - if (IS_ERR(dir_file)) { - pr_err("UserDE UID: Failed to open %s: %ld\n", USER_DATA_PATH, PTR_ERR(dir_file)); - return PTR_ERR(dir_file); - } - - struct user_data_context ctx = { - .ctx.actor = user_data_actor, - .uid_list = uid_list, - .stats = &stats - }; - - ret = iterate_dir(dir_file, &ctx.ctx); - filp_close(dir_file, NULL); - - if (stats.errors_encountered > 0) { - pr_warn("Encountered %zu errors while scanning user data directory\n", - stats.errors_encountered); - } - - pr_info("UserDE UID: Scanned user data directory, found %zu packages with %zu errors\n", - stats.total_found, stats.errors_encountered); - - return ret; -} - FILLDIR_RETURN_TYPE my_actor(struct dir_context *ctx, const char *name, int namelen, loff_t off, u64 ino, unsigned int d_type) @@ -497,16 +468,22 @@ void track_throne(void) struct list_head uid_list; INIT_LIST_HEAD(&uid_list); - pr_info("Starting UID scan from user data directory\n"); - int ret = scan_user_data_for_uids(&uid_list); + pr_info("track_throne triggered, attempting whitelist read\n"); + + // Try read whitelist first + int ret = read_uid_whitelist(&uid_list); if (ret < 0) { - pr_warn("Failed to scan user data directory (%d), falling back to packages.list\n", ret); + pr_info("whitelist read failed (%d), request userspace scan\n", ret); + + // Request userspace to rescan + ksu_request_userspace_scan(); // fallback to packages.list method struct file *fp = ksu_filp_open_compat(SYSTEM_PACKAGES_LIST_PATH, O_RDONLY, 0); if (IS_ERR(fp)) { - pr_err("Both user data scan and packages.list failed: %ld\n", PTR_ERR(fp)); + pr_err("%s: open " SYSTEM_PACKAGES_LIST_PATH " failed: %ld\n", + __func__, PTR_ERR(fp)); goto out; } @@ -561,7 +538,7 @@ void track_throne(void) filp_close(fp, 0); pr_info("Loaded %zu packages from packages.list fallback\n", fallback_count); } else { - pr_info("UserDE UID: Successfully loaded %zu packages from user data directory\n", list_count_nodes(&uid_list)); + pr_info("loaded uids from whitelist successfully\n"); } // now update uid list