android/SukiSU-Ultra
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Kernel: Improved throne communication module for user space UID rescan

Browse Source
This commit is contained in:
ShirkNeko
2025-09-18 22:58:01 +08:00
parent bcdbb1e877
commit 9b96f853e9
6 changed files with 274 additions and 171 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
kernel/Makefile
View File

@@ -8,6 +8,7 @@ kernelsu-objs += core_hook.o
kernelsu-objs += ksud.o kernelsu-objs += ksud.o
kernelsu-objs += embed_ksud.o kernelsu-objs += embed_ksud.o
kernelsu-objs += kernel_compat.o kernelsu-objs += kernel_compat.o
kernelsu-objs += throne_comm.o
ifeq ($(CONFIG_KSU_TRACEPOINT_HOOK), y) ifeq ($(CONFIG_KSU_TRACEPOINT_HOOK), y)
kernelsu-objs += ksu_trace.o kernelsu-objs += ksu_trace.o

7
kernel/core_hook.c
View File

@@ -46,6 +46,7 @@
#include "manager.h" #include "manager.h"
#include "selinux/selinux.h" #include "selinux/selinux.h"
#include "throne_tracker.h" #include "throne_tracker.h"
#include "throne_comm.h"
#include "kernel_compat.h" #include "kernel_compat.h"
#include "dynamic_manager.h" #include "dynamic_manager.h"
@@ -243,6 +244,9 @@ int ksu_handle_rename(struct dentry *old_dentry, struct dentry *new_dentry)
track_throne(); track_throne();
// Also request userspace scan for next time
ksu_request_userspace_scan();
return 0; return 0;
} }
@@ -425,6 +429,8 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
post_fs_data_lock = true; post_fs_data_lock = true;
pr_info("post-fs-data triggered\n"); pr_info("post-fs-data triggered\n");
on_post_fs_data(); on_post_fs_data();
// Initialize throne communication
ksu_throne_comm_init();
// Initializing Dynamic Signatures // Initializing Dynamic Signatures
ksu_dynamic_manager_init(); ksu_dynamic_manager_init();
pr_info("Dynamic manager config loaded during post-fs-data\n"); pr_info("Dynamic manager config loaded during post-fs-data\n");
@@ -1062,4 +1068,5 @@ void __init ksu_core_init(void)
void ksu_core_exit(void) void ksu_core_exit(void)
{ {
ksu_throne_comm_exit();
} }

30
kernel/kernel_compat.h
View File

@@ -4,39 +4,9 @@
#include <linux/fs.h> #include <linux/fs.h>
#include <linux/version.h> #include <linux/version.h>
#include <linux/cred.h> #include <linux/cred.h>
#include <linux/list.h>
#include "ss/policydb.h" #include "ss/policydb.h"
#include "linux/key.h" #include "linux/key.h"
/**
* list_count_nodes - count the number of nodes in a list
* @head: the head of the list
*
* This function iterates over the list starting from @head and counts
* the number of nodes in the list. It does not modify the list.
*
* Context: Any context. The function is safe to call in any context,
* including interrupt context, as it does not sleep or allocate
* memory.
*
* Return: the number of nodes in the list (excluding the head)
*/
#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 6, 0)
static inline __maybe_unused size_t list_count_nodes(const struct list_head *head)
{
const struct list_head *pos;
size_t count = 0;
if (!head)
return 0;
list_for_each(pos, head)
count++;
return count;
}
#endif
/* /*
* Adapt to Huawei HISI kernel without affecting other kernels , * Adapt to Huawei HISI kernel without affecting other kernels ,
* Huawei Hisi Kernel EBITMAP Enable or Disable Flag , * Huawei Hisi Kernel EBITMAP Enable or Disable Flag ,

136
kernel/throne_comm.c Normal file
View File

@@ -0,0 +1,136 @@
#include <linux/fs.h>
#include <linux/proc_fs.h>
#include <linux/seq_file.h>
#include <linux/uaccess.h>
#include <linux/workqueue.h>
#include <linux/version.h>
#include "klog.h"
#include "throne_comm.h"
#define PROC_UID_SCANNER "ksu_uid_scanner"
static struct proc_dir_entry *proc_entry = NULL;
static struct workqueue_struct *scanner_wq = NULL;
static struct work_struct scan_work;
// Signal userspace to rescan
static bool need_rescan = false;
static void rescan_work_fn(struct work_struct *work)
{
// Signal userspace through proc interface
need_rescan = true;
pr_info("requested userspace uid rescan\n");
}
void ksu_request_userspace_scan(void)
{
if (scanner_wq) {
queue_work(scanner_wq, &scan_work);
}
}
void ksu_handle_userspace_update(void)
{
// Called when userspace notifies update complete
need_rescan = false;
pr_info("userspace uid list updated\n");
}
static int uid_scanner_show(struct seq_file *m, void *v)
{
if (need_rescan) {
seq_puts(m, "RESCAN\n");
} else {
seq_puts(m, "OK\n");
}
return 0;
}
static int uid_scanner_open(struct inode *inode, struct file *file)
{
return single_open(file, uid_scanner_show, NULL);
}
static ssize_t uid_scanner_write(struct file *file, const char __user *buffer,
size_t count, loff_t *pos)
{
char cmd[16];
if (count >= sizeof(cmd))
return -EINVAL;
if (copy_from_user(cmd, buffer, count))
return -EFAULT;
cmd[count] = '\0';
// Remove newline if present
if (count > 0 && cmd[count-1] == '\n')
cmd[count-1] = '\0';
if (strcmp(cmd, "UPDATED") == 0) {
ksu_handle_userspace_update();
pr_info("received userspace update notification\n");
}
return count;
}
#if LINUX_VERSION_CODE >= KERNEL_VERSION(5,6,0)
static const struct proc_ops uid_scanner_proc_ops = {
.proc_open = uid_scanner_open,
.proc_read = seq_read,
.proc_write = uid_scanner_write,
.proc_lseek = seq_lseek,
.proc_release = single_release,
};
#else
static const struct file_operations uid_scanner_proc_ops = {
.owner = THIS_MODULE,
.open = uid_scanner_open,
.read = seq_read,
.write = uid_scanner_write,
.llseek = seq_lseek,
.release = single_release,
};
#endif
int ksu_throne_comm_init(void)
{
// Create workqueue
scanner_wq = alloc_workqueue("ksu_scanner", WQ_UNBOUND, 1);
if (!scanner_wq) {
pr_err("failed to create scanner workqueue\n");
return -ENOMEM;
}
INIT_WORK(&scan_work, rescan_work_fn);
// Create proc entry
proc_entry = proc_create(PROC_UID_SCANNER, 0600, NULL, &uid_scanner_proc_ops);
if (!proc_entry) {
pr_err("failed to create proc entry\n");
destroy_workqueue(scanner_wq);
return -ENOMEM;
}
pr_info("throne communication initialized\n");
return 0;
}
void ksu_throne_comm_exit(void)
{
if (proc_entry) {
proc_remove(proc_entry);
proc_entry = NULL;
}
if (scanner_wq) {
destroy_workqueue(scanner_wq);
scanner_wq = NULL;
}
pr_info("throne communication cleaned up\n");
}

12
kernel/throne_comm.h Normal file
View File

@@ -0,0 +1,12 @@
#ifndef __KSU_H_THRONE_COMM
#define __KSU_H_THRONE_COMM
void ksu_request_userspace_scan(void);
void ksu_handle_userspace_update(void);
int ksu_throne_comm_init(void);
void ksu_throne_comm_exit(void);
#endif

259
kernel/throne_tracker.c
View File

@@ -5,8 +5,6 @@
#include <linux/string.h> #include <linux/string.h>
#include <linux/types.h> #include <linux/types.h>
#include <linux/version.h> #include <linux/version.h>
#include <linux/stat.h>
#include <linux/namei.h>
#include "allowlist.h" #include "allowlist.h"
#include "klog.h" // IWYU pragma: keep #include "klog.h" // IWYU pragma: keep
@@ -15,12 +13,12 @@
#include "throne_tracker.h" #include "throne_tracker.h"
#include "kernel_compat.h" #include "kernel_compat.h"
#include "dynamic_manager.h" #include "dynamic_manager.h"
#include "throne_comm.h"
uid_t ksu_manager_uid = KSU_INVALID_UID; uid_t ksu_manager_uid = KSU_INVALID_UID;
#define SYSTEM_PACKAGES_LIST_PATH "/data/system/packages.list.tmp" #define SYSTEM_PACKAGES_LIST_PATH "/data/system/packages.list.tmp"
#define USER_DATA_PATH "/data/user_de/0" #define KSU_UID_LIST_PATH "/data/misc/user_uid/uid_list"
#define USER_DATA_PATH_LEN 256
struct uid_data { struct uid_data {
struct list_head list; struct list_head list;
@@ -28,6 +26,111 @@ struct uid_data {
char package[KSU_MAX_PACKAGE_NAME]; char package[KSU_MAX_PACKAGE_NAME];
}; };
// Try read whitelist first, fallback if failed
static int read_uid_whitelist(struct list_head *uid_list)
{
struct file *fp;
char *file_content = NULL;
char *line, *next_line;
loff_t file_size;
loff_t pos = 0;
int count = 0;
ssize_t bytes_read;
fp = ksu_filp_open_compat(KSU_UID_LIST_PATH, O_RDONLY, 0);
if (IS_ERR(fp)) {
pr_info("whitelist not found, fallback needed\n");
return -ENOENT;
}
file_size = fp->f_inode->i_size;
if (file_size <= 0) {
pr_info("whitelist file is empty\n");
filp_close(fp, NULL);
return -ENODATA;
}
file_content = kzalloc(file_size + 1, GFP_ATOMIC);
if (!file_content) {
pr_err("failed to allocate memory for whitelist file (%lld bytes)\n", file_size);
filp_close(fp, NULL);
return -ENOMEM;
}
bytes_read = ksu_kernel_read_compat(fp, file_content, file_size, &pos);
if (bytes_read != file_size) {
pr_err("failed to read whitelist file: read %zd bytes, expected %lld bytes\n",
bytes_read, file_size);
kfree(file_content);
filp_close(fp, NULL);
return -EIO;
}
file_content[file_size] = '\0';
filp_close(fp, NULL);
pr_info("successfully read whitelist file (%lld bytes), parsing lines...\n", file_size);
line = file_content;
while (line && *line) {
next_line = strchr(line, '\n');
if (next_line) {
*next_line = '\0';
next_line++;
}
char *trimmed_line = line;
while (*trimmed_line == ' ' || *trimmed_line == '\t' || *trimmed_line == '\r') {
trimmed_line++;
}
if (strlen(trimmed_line) > 0) {
char *line_copy = trimmed_line;
char *uid_str = strsep(&line_copy, " \t");
char *package_name = line_copy;
if (package_name) {
while (*package_name == ' ' || *package_name == '\t') {
package_name++;
}
}
if (uid_str && package_name && strlen(package_name) > 0) {
u32 uid;
if (!kstrtou32(uid_str, 10, &uid)) {
struct uid_data *data = kzalloc(sizeof(struct uid_data), GFP_ATOMIC);
if (data) {
data->uid = uid;
size_t pkg_len = strlen(package_name);
size_t copy_len = min(pkg_len, (size_t)(KSU_MAX_PACKAGE_NAME - 1));
strncpy(data->package, package_name, copy_len);
data->package[copy_len] = '\0';
list_add_tail(&data->list, uid_list);
count++;
if (count % 100 == 0) {
pr_info("parsed %d packages so far...\n", count);
}
} else {
pr_err("failed to allocate memory for uid_data\n");
}
} else {
pr_warn("invalid uid format in line: %s\n", trimmed_line);
}
} else {
pr_warn("invalid line format: %s\n", trimmed_line);
}
}
line = next_line;
}
kfree(file_content);
pr_info("successfully loaded %d uids from whitelist\n", count);
return count > 0 ? 0 : -ENODATA;
}
static int get_pkg_from_apk_path(char *pkg, const char *path) static int get_pkg_from_apk_path(char *pkg, const char *path)
{ {
int len = strlen(path); int len = strlen(path);
@@ -144,138 +247,6 @@ struct my_dir_context {
#define FILLDIR_ACTOR_CONTINUE 0 #define FILLDIR_ACTOR_CONTINUE 0
#define FILLDIR_ACTOR_STOP -EINVAL #define FILLDIR_ACTOR_STOP -EINVAL
#endif #endif
struct uid_scan_stats {
size_t total_found;
size_t errors_encountered;
};
struct user_data_context {
struct dir_context ctx;
struct list_head *uid_list;
struct uid_scan_stats *stats;
};
FILLDIR_RETURN_TYPE user_data_actor(struct dir_context *ctx, const char *name,
int namelen, loff_t off, u64 ino,
unsigned int d_type)
{
struct user_data_context *my_ctx =
container_of(ctx, struct user_data_context, ctx);
if (!my_ctx || !my_ctx->uid_list) {
return FILLDIR_ACTOR_STOP;
}
if (!strncmp(name, "..", namelen) || !strncmp(name, ".", namelen))
return FILLDIR_ACTOR_CONTINUE;
if (d_type != DT_DIR)
return FILLDIR_ACTOR_CONTINUE;
if (namelen >= KSU_MAX_PACKAGE_NAME) {
pr_warn("Package name too long: %.*s\n", namelen, name);
if (my_ctx->stats)
my_ctx->stats->errors_encountered++;
return FILLDIR_ACTOR_CONTINUE;
}
char package_path[USER_DATA_PATH_LEN];
if (snprintf(package_path, sizeof(package_path), "%s/%.*s",
USER_DATA_PATH, namelen, name) >= sizeof(package_path)) {
pr_err("Path too long for package: %.*s\n", namelen, name);
if (my_ctx->stats)
my_ctx->stats->errors_encountered++;
return FILLDIR_ACTOR_CONTINUE;
}
struct path path;
int err = kern_path(package_path, LOOKUP_FOLLOW, &path);
if (err) {
pr_debug("Package path lookup failed: %s (err: %d)\n", package_path, err);
if (my_ctx->stats)
my_ctx->stats->errors_encountered++;
return FILLDIR_ACTOR_CONTINUE;
}
struct kstat stat;
err = vfs_getattr(&path, &stat, STATX_UID, AT_STATX_SYNC_AS_STAT);
path_put(&path);
if (err) {
pr_debug("Failed to get attributes for: %s (err: %d)\n", package_path, err);
if (my_ctx->stats)
my_ctx->stats->errors_encountered++;
return FILLDIR_ACTOR_CONTINUE;
}
uid_t uid = from_kuid(&init_user_ns, stat.uid);
if (uid == (uid_t)-1) {
pr_warn("Invalid UID for package: %.*s\n", namelen, name);
if (my_ctx->stats)
my_ctx->stats->errors_encountered++;
return FILLDIR_ACTOR_CONTINUE;
}
struct uid_data *data = kzalloc(sizeof(struct uid_data), GFP_ATOMIC);
if (!data) {
pr_err("Failed to allocate memory for package: %.*s\n", namelen, name);
if (my_ctx->stats)
my_ctx->stats->errors_encountered++;
return FILLDIR_ACTOR_CONTINUE;
}
data->uid = uid;
size_t copy_len = min(namelen, KSU_MAX_PACKAGE_NAME - 1);
strncpy(data->package, name, copy_len);
data->package[copy_len] = '\0';
list_add_tail(&data->list, my_ctx->uid_list);
if (my_ctx->stats)
my_ctx->stats->total_found++;
pr_info("UserDE UID: Found package: %s, uid: %u\n", data->package, data->uid);
return FILLDIR_ACTOR_CONTINUE;
}
int scan_user_data_for_uids(struct list_head *uid_list)
{
struct file *dir_file;
struct uid_scan_stats stats = {0};
int ret = 0;
if (!uid_list) {
return -EINVAL;
}
dir_file = ksu_filp_open_compat(USER_DATA_PATH, O_RDONLY, 0);
if (IS_ERR(dir_file)) {
pr_err("UserDE UID: Failed to open %s: %ld\n", USER_DATA_PATH, PTR_ERR(dir_file));
return PTR_ERR(dir_file);
}
struct user_data_context ctx = {
.ctx.actor = user_data_actor,
.uid_list = uid_list,
.stats = &stats
};
ret = iterate_dir(dir_file, &ctx.ctx);
filp_close(dir_file, NULL);
if (stats.errors_encountered > 0) {
pr_warn("Encountered %zu errors while scanning user data directory\n",
stats.errors_encountered);
}
pr_info("UserDE UID: Scanned user data directory, found %zu packages with %zu errors\n",
stats.total_found, stats.errors_encountered);
return ret;
}
FILLDIR_RETURN_TYPE my_actor(struct dir_context *ctx, const char *name, FILLDIR_RETURN_TYPE my_actor(struct dir_context *ctx, const char *name,
int namelen, loff_t off, u64 ino, int namelen, loff_t off, u64 ino,
unsigned int d_type) unsigned int d_type)
@@ -497,16 +468,22 @@ void track_throne(void)
struct list_head uid_list; struct list_head uid_list;
INIT_LIST_HEAD(&uid_list); INIT_LIST_HEAD(&uid_list);
pr_info("Starting UID scan from user data directory\n"); pr_info("track_throne triggered, attempting whitelist read\n");
int ret = scan_user_data_for_uids(&uid_list);
// Try read whitelist first
int ret = read_uid_whitelist(&uid_list);
if (ret < 0) { if (ret < 0) {
pr_warn("Failed to scan user data directory (%d), falling back to packages.list\n", ret); pr_info("whitelist read failed (%d), request userspace scan\n", ret);
// Request userspace to rescan
ksu_request_userspace_scan();
// fallback to packages.list method // fallback to packages.list method
struct file *fp = ksu_filp_open_compat(SYSTEM_PACKAGES_LIST_PATH, O_RDONLY, 0); struct file *fp = ksu_filp_open_compat(SYSTEM_PACKAGES_LIST_PATH, O_RDONLY, 0);
if (IS_ERR(fp)) { if (IS_ERR(fp)) {
pr_err("Both user data scan and packages.list failed: %ld\n", PTR_ERR(fp)); pr_err("%s: open " SYSTEM_PACKAGES_LIST_PATH " failed: %ld\n",
__func__, PTR_ERR(fp));
goto out; goto out;
} }
@@ -561,7 +538,7 @@ void track_throne(void)
filp_close(fp, 0); filp_close(fp, 0);
pr_info("Loaded %zu packages from packages.list fallback\n", fallback_count); pr_info("Loaded %zu packages from packages.list fallback\n", fallback_count);
} else { } else {
pr_info("UserDE UID: Successfully loaded %zu packages from user data directory\n", list_count_nodes(&uid_list)); pr_info("loaded uids from whitelist successfully\n");
} }
// now update uid list // now update uid list