kernel: added compatibility for non-GKI devices

Co-authored-by: rsuntk <rsuntk@yukiprjkt.my.id> Co-authored-by: ShirkNeko <109797057+ShirkNeko@users.noreply.github.com> Signed-off-by: ShirkNeko <109797057+ShirkNeko@users.noreply.github.com>
2025-05-10 13:19:30 +08:00
parent 59e3675a36
commit 9d920e7cc5
20 changed files with 961 additions and 235 deletions
--- a/kernel/Kconfig
+++ b/kernel/Kconfig
@@ -2,7 +2,6 @@ menu "KernelSU"
 config KSU
 	tristate "KernelSU function support"
 	depends on OVERLAY_FS
 	default y
 	help
 	  Enable kernel-level root privileges on Android System.
@@ -16,12 +15,37 @@ config KSU_DEBUG
 	help
 	  Enable KernelSU debug mode.
-config KSU_HOOK
+config KSU_64BIT
-	bool "Enable KernelSU Hook"
+	bool "KernelSU 64bit compat"
        depends on KSU && 64BIT
        default y
 	help
 	  Enable this if you have a 32-bit userspace or armv8l.
 config KSU_ALLOWLIST_WORKAROUND
 	bool "KernelSU Session init keyring workaround"
 	depends on KSU
 	default n
 	help
-	  This option enables the KernelSU Hook feature. If enabled, it will
+	  Enable session keyring init workaround for problematic devices.
-	  override the kernel version check and enable the hook functionality.
+	  Useful for situations where the SU allowlist is not kept after a reboot.
 config KSU_CMDLINE
 	bool "Enable KernelSU cmdline"
 	depends on KSU && KSU != m
 	default n
 	help
 	  Enable a cmdline called kernelsu.enabled
 	  Value 1 means enabled, value 0 means disabled.
 config KSU_MANUAL_HOOK
 	bool "Manual hooking GKI kernels without kprobes"
 	depends on KSU && KSU != m
 	default y if !KPROBES
 	default n
 	help
 	  If enabled, Hook required KernelSU syscalls with manually-patched function.
 	  If disabled, Hook required KernelSU syscalls with Kernel-probe.
 config KPM
 	bool "Enable SukiSU KPM"
@@ -31,5 +55,4 @@ config KPM
 	  This option is suitable for scenarios where you need to force KPM to be enabled.
 	  but it may affect system stability.
 endmenu
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -32,6 +32,63 @@ $(warning "KSU_GIT_VERSION not defined! It is better to make KernelSU a git subm
 ccflags-y += -DKSU_VERSION=16
 endif
 # Do checks before compile
 ifeq ($(shell grep -q "int\s\+\path_umount" $(srctree)/fs/namespace.c; echo $$?),0)
 $(info -- KernelSU: checks ok. Found path_umount)
 else
 $(info -- KernelSU: checks failed, abort.)
 $(error -- Backporting path_umount is mandatory !! Read: https://kernelsu.org/guide/how-to-integrate-for-non-gki.html#how-to-backport-path-umount)
 endif
 # Check arch
 ifneq ($(strip $(CONFIG_KSU_64BIT)),y)
 $(info -- KernelSU: Running in 32-bit mode.)
 endif
 # Checks hooks state
 ifeq ($(strip $(CONFIG_KSU_MANUAL_HOOK)),y)
 $(info -- KernelSU: Manually-patched hook.)
 else
 $(info -- KernelSU: Kernel-probe hook.)
 ccflags-y += -DCONFIG_KSU_KPROBES_HOOK
 endif
 # SELinux drivers check
 ifeq ($(shell grep -q "current_sid(void)" $(srctree)/security/selinux/include/objsec.h; echo $$?),0)
 ccflags-y += -DKSU_COMPAT_HAS_CURRENT_SID
 endif
 ifeq ($(shell grep -q "struct selinux_state " $(srctree)/security/selinux/include/security.h; echo $$?),0)
 ccflags-y += -DKSU_COMPAT_HAS_SELINUX_STATE
 endif
 # This feature was introduced in linux 5.0-rc1
 ifeq ($(shell grep -q "get_cred_rcu" $(srctree)/include/linux/cred.h; echo $$?),0)
 ccflags-y += -DKSU_COMPAT_HAS_GET_CRED_RCU
 else
 ifeq ($(shell grep -q "atomic_long_t\s\+\usage" $(srctree)/include/linux/cred.h; echo $$?),0)
 ccflags-y += -DKSU_COMPAT_ATOMIC_LONG
 endif
 ifeq ($(shell grep -q "int\s\+\non_rcu" $(srctree)/include/linux/cred.h; echo $$?),0)
 ccflags-y += -DKSU_COMPAT_HAS_NONCONST_CRED
 endif
 endif
 # Handle optional backports
 ifeq ($(shell grep -q "strncpy_from_user_nofault" $(srctree)/include/linux/uaccess.h; echo $$?),0)
 ccflags-y += -DKSU_OPTIONAL_STRNCPY
 endif
 ifeq ($(shell grep -q "ssize_t kernel_read" $(srctree)/fs/read_write.c; echo $$?),0)
 ccflags-y += -DKSU_OPTIONAL_KERNEL_READ
 endif
 ifeq ($(shell grep "ssize_t kernel_write" $(srctree)/fs/read_write.c | grep -q "const void" ; echo $$?),0)
 ccflags-y += -DKSU_OPTIONAL_KERNEL_WRITE
 endif
 # Checks Samsung UH drivers
 ifeq ($(shell grep -q "CONFIG_KDP_CRED" $(srctree)/kernel/cred.c; echo $$?),0)
 ccflags-y += -DSAMSUNG_UH_DRIVER_EXIST
 endif
 ifndef KSU_EXPECTED_SIZE
 KSU_EXPECTED_SIZE := 0x35c
 endif
--- a/kernel/allowlist.c
+++ b/kernel/allowlist.c
@@ -8,7 +8,10 @@
 #include <linux/slab.h>
 #include <linux/types.h>
 #include <linux/version.h>
 #include <linux/kconfig.h>
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 14, 0)
 #include <linux/compiler_types.h>
 #endif
 #include "ksu.h"
 #include "klog.h" // IWYU pragma: keep
@@ -360,6 +363,12 @@ void do_save_allow_list(struct work_struct *work)
 	struct file *fp =
 		ksu_filp_open_compat(KERNEL_SU_ALLOWLIST, O_WRONLY | O_CREAT | O_TRUNC, 0644);
 	if (IS_ERR(fp)) {
 		if ((PTR_ERR(fp) == -ENOKEY) && !IS_ENABLED(CONFIG_KSU_ALLOWLIST_WORKAROUND)) {
 			pr_info("filp_open: required key not found! (-ENOKEY)\n");
 			pr_info("Try enable CONFIG_KSU_ALLOWLIST_WORKAROUND in your kernel.\n");
 			pr_info("If you still encountered issue with allowlist, please report it.\n");
 			return;
 		} else
 			pr_err("save_allow_list create file failed: %ld\n", PTR_ERR(fp));
 		return;
 	}
--- a/kernel/apk_sign.c
+++ b/kernel/apk_sign.c
@@ -17,13 +17,20 @@
 #include "apk_sign.h"
 #include "klog.h" // IWYU pragma: keep
 #include "kernel_compat.h"
-
+#include "manager_sign.h"
 struct sdesc {
 	struct shash_desc shash;
 	char ctx[];
 };
 static struct apk_sign_key {
 	unsigned size;
 	const char *sha256;
 } apk_sign_keys[] = {
 	{EXPECTED_SIZE, EXPECTED_HASH}, // SukiSU
 };
 static struct sdesc *init_sdesc(struct crypto_shash *alg)
 {
 	struct sdesc *sdesc;
@@ -71,9 +78,11 @@ static int ksu_sha256(const unsigned char *data, unsigned int datalen,
 	return ret;
 }
-static bool check_block(struct file *fp, u32 *size4, loff_t *pos, u32 *offset,
+static bool check_block(struct file *fp, u32 *size4, loff_t *pos, u32 *offset)
 			unsigned expected_size, const char *expected_sha256)
 {
 	int i;
 	struct apk_sign_key sign_key;
 	ksu_kernel_read_compat(fp, size4, 0x4, pos); // signer-sequence length
 	ksu_kernel_read_compat(fp, size4, 0x4, pos); // signer length
 	ksu_kernel_read_compat(fp, size4, 0x4, pos); // signed data length
@@ -89,7 +98,11 @@ static bool check_block(struct file *fp, u32 *size4, loff_t *pos, u32 *offset,
 	ksu_kernel_read_compat(fp, size4, 0x4, pos); // certificate length
 	*offset += 0x4 * 2;
-	if (*size4 == expected_size) {
+	for (i = 0; i < ARRAY_SIZE(apk_sign_keys); i++) {
 		sign_key = apk_sign_keys[i];
 		if (*size4 != sign_key.size)
 			continue;
 		*offset += *size4;
 #define CERT_MAX_LENGTH 1024
@@ -110,8 +123,8 @@ static bool check_block(struct file *fp, u32 *size4, loff_t *pos, u32 *offset,
 		bin2hex(hash_str, digest, SHA256_DIGEST_SIZE);
 		pr_info("sha256: %s, expected: %s\n", hash_str,
-			expected_sha256);
+			sign_key.sha256);
-		if (strcmp(expected_sha256, hash_str) == 0) {
+		if (strcmp(sign_key.sha256, hash_str) == 0) {
 			return true;
 		}
 	}
@@ -171,9 +184,7 @@ static bool has_v1_signature_file(struct file *fp)
 	return false;
 }
-static __always_inline bool check_v2_signature(char *path,
+static __always_inline bool check_v2_signature(char *path)
 					       unsigned expected_size,
 					       const char *expected_sha256)
 {
 	unsigned char buffer[0x11] = { 0 };
 	u32 size4;
@@ -244,9 +255,7 @@ static __always_inline bool check_v2_signature(char *path,
 		offset = 4;
 		if (id == 0x7109871au) {
 			v2_signing_blocks++;
-			v2_signing_valid =
+			v2_signing_valid = check_block(fp, &size4, &pos, &offset);
 				check_block(fp, &size4, &pos, &offset,
 					    expected_size, expected_sha256);
 		} else if (id == 0xf05368c0u) {
 			// http://aospxref.com/android-14.0.0_r2/xref/frameworks/base/core/java/android/util/apk/ApkSignatureSchemeV3Verifier.java#73
 			v3_signing_exist = true;
@@ -316,5 +325,5 @@ module_param_cb(ksu_debug_manager_uid, &expected_size_ops,
 bool is_manager_apk(char *path)
 {
-	return check_v2_signature(path, EXPECTED_SIZE, EXPECTED_HASH);
+	return check_v2_signature(path);
 }
--- a/kernel/arch.h
+++ b/kernel/arch.h
@@ -18,11 +18,23 @@
 #define __PT_SP_REG sp
 #define __PT_IP_REG pc
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 16, 0)
 #define PRCTL_SYMBOL "__arm64_sys_prctl"
 #define SYS_READ_SYMBOL "__arm64_sys_read"
 #define SYS_NEWFSTATAT_SYMBOL "__arm64_sys_newfstatat"
 #define SYS_FSTATAT64_SYMBOL "__arm64_sys_fstatat64"
 #define SYS_FACCESSAT_SYMBOL "__arm64_sys_faccessat"
 #define SYS_EXECVE_SYMBOL "__arm64_sys_execve"
 #define SYS_EXECVE_COMPAT_SYMBOL "__arm64_compat_sys_execve"
 #else
 #define PRCTL_SYMBOL "sys_prctl"
 #define SYS_READ_SYMBOL "sys_read"
 #define SYS_NEWFSTATAT_SYMBOL "sys_newfstatat"
 #define SYS_FSTATAT64_SYMBOL "sys_fstatat64"
 #define SYS_FACCESSAT_SYMBOL "sys_faccessat"
 #define SYS_EXECVE_SYMBOL "sys_execve"
 #define SYS_EXECVE_COMPAT_SYMBOL "compat_sys_execve"
 #endif
 #elif defined(__x86_64__)
@@ -39,15 +51,29 @@
 #define __PT_RC_REG ax
 #define __PT_SP_REG sp
 #define __PT_IP_REG ip
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 16, 0)
 #define PRCTL_SYMBOL "__x64_sys_prctl"
 #define SYS_READ_SYMBOL "__x64_sys_read"
 #define SYS_NEWFSTATAT_SYMBOL "__x64_sys_newfstatat"
 #define SYS_FSTATAT64_SYMBOL "__x64_sys_fstatat64"
 #define SYS_FACCESSAT_SYMBOL "__x64_sys_faccessat"
 #define SYS_EXECVE_SYMBOL "__x64_sys_execve"
 #define SYS_EXECVE_COMPAT_SYMBOL "__x64_compat_sys_execve"
 #else
 #define PRCTL_SYMBOL "sys_prctl"
 #define SYS_READ_SYMBOL "sys_read"
 #define SYS_NEWFSTATAT_SYMBOL "sys_newfstatat"
 #define SYS_FSTATAT64_SYMBOL "sys_fstatat64"
 #define SYS_FACCESSAT_SYMBOL "sys_faccessat"
 #define SYS_EXECVE_SYMBOL "sys_execve"
 #define SYS_EXECVE_COMPAT_SYMBOL "compat_sys_execve"
 #endif
 #else
 #ifdef CONFIG_KSU_KPROBES_HOOK
 #error "Unsupported arch"
 #endif
 #endif
 /* allow some architecutres to override `struct pt_regs` */
 #ifndef __PT_REGS_CAST
@@ -67,6 +93,10 @@
 #define PT_REGS_SP(x) (__PT_REGS_CAST(x)->__PT_SP_REG)
 #define PT_REGS_IP(x) (__PT_REGS_CAST(x)->__PT_IP_REG)
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 16, 0)
 #define PT_REAL_REGS(regs) ((struct pt_regs *)PT_REGS_PARM1(regs))
 #else
 #define PT_REAL_REGS(regs) ((regs))
 #endif
 #endif
--- a/kernel/core_hook.c
+++ b/kernel/core_hook.c
@@ -1,5 +1,4 @@
 #include <linux/capability.h>
 #include <linux/cred.h>
 #include <linux/dcache.h>
 #include <linux/err.h>
 #include <linux/init.h>
@@ -105,14 +104,18 @@ static void setup_groups(struct root_profile *profile, struct cred *cred)
 			put_group_info(group_info);
 			return;
 		}
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 9, 0)
 		group_info->gid[i] = kgid;
 #else
 		GROUP_AT(group_info, i) = kgid;
 #endif
 	}
 	groups_sort(group_info);
 	set_groups(cred, group_info);
 }
-static void disable_seccomp()
+static void disable_seccomp(void)
 {
 	assert_spin_locked(&current->sighand->siglock);
 	// disable seccomp
@@ -146,6 +149,7 @@ void escape_to_root(void)
 		rcu_read_unlock();
 		return;
 	}
 	struct root_profile *profile = ksu_get_root_profile(cred->uid.val);
 	cred->uid.val = profile->uid;
@@ -238,10 +242,12 @@ static void nuke_ext4_sysfs() {
 	const char* name = sb->s_type->name;
 	if (strcmp(name, "ext4") != 0) {
 		pr_info("nuke but module aren't mounted\n");
 		path_put(&path);
 		return;
 	}
 	ext4_unregister_sysfs(sb);
 	path_put(&path);
 }
 int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
@@ -478,7 +484,6 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
 		}
 		return 0;
 	}
 	if (arg2 == CMD_ENABLE_SU) {
 		bool enabled = (arg3 != 0);
 		if (enabled == ksu_su_compat_enabled) {
@@ -488,21 +493,17 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
 			}
 			return 0;
 		}
 		if (enabled) {
 			ksu_sucompat_init();
 		} else {
 			ksu_sucompat_exit();
 		}
 		ksu_su_compat_enabled = enabled;
 		if (copy_to_user(result, &reply_ok, sizeof(reply_ok))) {
 			pr_err("prctl reply error, cmd: %lu\n", arg2);
 		}
 		return 0;
 	}
 	return 0;
 }
@@ -539,7 +540,11 @@ static void ksu_umount_mnt(struct path *path, int flags)
 {
 	int err = path_umount(path, flags);
 	if (err) {
-		pr_info("umount %s failed: %d\n", path->dentry->d_iname, err);
+		pr_err("umount %s failed, err: %d\n",
 			path->dentry->d_iname, err);
 	} else {
 		pr_info("umount %s success\n",
 			path->dentry->d_iname);
 	}
 }
@@ -622,34 +627,78 @@ int ksu_handle_setuid(struct cred *new, const struct cred *old)
 	try_umount("/vendor", true, 0);
 	try_umount("/product", true, 0);
 	try_umount("/system_ext", true, 0);
 	// try umount modules path
 	try_umount("/data/adb/modules", false, MNT_DETACH);
 	// try umount ksu temp path
 	try_umount("/debug_ramdisk", false, MNT_DETACH);
 	try_umount("/sbin", false, MNT_DETACH);
 	return 0;
 }
-// Init functons
+static int ksu_task_prctl(int option, unsigned long arg2, unsigned long arg3,
-
+			  unsigned long arg4, unsigned long arg5)
 static int handler_pre(struct kprobe *p, struct pt_regs *regs)
 {
-	struct pt_regs *real_regs = PT_REAL_REGS(regs);
+	ksu_handle_prctl(option, arg2, arg3, arg4, arg5);
-	int option = (int)PT_REGS_PARM1(real_regs);
+	return -ENOSYS;
-	unsigned long arg2 = (unsigned long)PT_REGS_PARM2(real_regs);
+}
-	unsigned long arg3 = (unsigned long)PT_REGS_PARM3(real_regs);
+// kernel 4.4 and 4.9
-	// PRCTL_SYMBOL is the arch-specificed one, which receive raw pt_regs from syscall
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0) ||	\
-	unsigned long arg4 = (unsigned long)PT_REGS_SYSCALL_PARM4(real_regs);
+	defined(CONFIG_IS_HW_HISI) ||	\
-	unsigned long arg5 = (unsigned long)PT_REGS_PARM5(real_regs);
+	defined(CONFIG_KSU_ALLOWLIST_WORKAROUND)
-
+static int ksu_key_permission(key_ref_t key_ref, const struct cred *cred,
-	return ksu_handle_prctl(option, arg2, arg3, arg4, arg5);
+			      unsigned perm)
 {
 	if (init_session_keyring != NULL) {
 		return 0;
 	}
 	if (strcmp(current->comm, "init")) {
 		// we are only interested in `init` process
 		return 0;
 	}
 	init_session_keyring = cred->session_keyring;
 	pr_info("kernel_compat: got init_session_keyring\n");
 	return 0;
 }
 #endif
 static int ksu_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
 			    struct inode *new_inode, struct dentry *new_dentry)
 {
 	return ksu_handle_rename(old_dentry, new_dentry);
 }
-static struct kprobe prctl_kp = {
+static int ksu_task_fix_setuid(struct cred *new, const struct cred *old,
-	.symbol_name = PRCTL_SYMBOL,
+			       int flags)
-	.pre_handler = handler_pre,
+{
 	return ksu_handle_setuid(new, old);
 }
 #ifndef MODULE
 static struct security_hook_list ksu_hooks[] = {
 	LSM_HOOK_INIT(task_prctl, ksu_task_prctl),
 	LSM_HOOK_INIT(inode_rename, ksu_inode_rename),
 	LSM_HOOK_INIT(task_fix_setuid, ksu_task_fix_setuid),
 #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0) ||	\
 	defined(CONFIG_IS_HW_HISI) ||	\
 	defined(CONFIG_KSU_ALLOWLIST_WORKAROUND)
 	LSM_HOOK_INIT(key_permission, ksu_key_permission)
 #endif
 };
 void __init ksu_lsm_hook_init(void)
 {
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 11, 0)
 	security_add_hooks(ksu_hooks, ARRAY_SIZE(ksu_hooks), "ksu");
 #else
 	// https://elixir.bootlin.com/linux/v4.10.17/source/include/linux/lsm_hooks.h#L1892
 	security_add_hooks(ksu_hooks, ARRAY_SIZE(ksu_hooks));
 #endif
 }
 #else
 // keep renameat_handler for LKM support
 static int renameat_handler_pre(struct kprobe *p, struct pt_regs *regs)
 {
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 12, 0)
@@ -670,61 +719,6 @@ static struct kprobe renameat_kp = {
 	.pre_handler = renameat_handler_pre,
 };
 __maybe_unused int ksu_kprobe_init(void)
 {
 	int rc = 0;
 	rc = register_kprobe(&prctl_kp);
 	if (rc) {
 		pr_info("prctl kprobe failed: %d.\n", rc);
 		return rc;
 	}
 	rc = register_kprobe(&renameat_kp);
 	pr_info("renameat kp: %d\n", rc);
 	return rc;
 }
 __maybe_unused int ksu_kprobe_exit(void)
 {
 	unregister_kprobe(&prctl_kp);
 	unregister_kprobe(&renameat_kp);
 	return 0;
 }
 static int ksu_task_prctl(int option, unsigned long arg2, unsigned long arg3,
 			  unsigned long arg4, unsigned long arg5)
 {
 	ksu_handle_prctl(option, arg2, arg3, arg4, arg5);
 	return -ENOSYS;
 }
 static int ksu_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
 			    struct inode *new_inode, struct dentry *new_dentry)
 {
 	return ksu_handle_rename(old_dentry, new_dentry);
 }
 static int ksu_task_fix_setuid(struct cred *new, const struct cred *old,
 			       int flags)
 {
 	return ksu_handle_setuid(new, old);
 }
 #ifndef MODULE
 static struct security_hook_list ksu_hooks[] = {
 	LSM_HOOK_INIT(task_prctl, ksu_task_prctl),
 	LSM_HOOK_INIT(inode_rename, ksu_inode_rename),
 	LSM_HOOK_INIT(task_fix_setuid, ksu_task_fix_setuid),
 };
 void __init ksu_lsm_hook_init(void)
 {
 	security_add_hooks(ksu_hooks, ARRAY_SIZE(ksu_hooks), "ksu");
 }
 #else
 static int override_security_head(void *head, const void *new_head, size_t len)
 {
 	unsigned long base = (unsigned long)head & PAGE_MASK;
@@ -899,9 +893,4 @@ void __init ksu_core_init(void)
 void ksu_core_exit(void)
 {
 #ifdef CONFIG_KPROBE
 	pr_info("ksu_core_kprobe_exit\n");
 	// we dont use this now
 	// ksu_kprobe_exit();
 #endif
 }
--- a/kernel/kernel_compat.c
+++ b/kernel/kernel_compat.c
@@ -1,10 +1,41 @@
 #include <linux/version.h>
 #include <linux/fs.h>
 #include <linux/nsproxy.h>
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 10, 0)
 #include <linux/sched/task.h>
 #else
 #include <linux/sched.h>
 #endif
 #include <linux/uaccess.h>
 #include "klog.h" // IWYU pragma: keep
-#include "kernel_compat.h"
+#include "kernel_compat.h" // Add check Huawei Device
 #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0) ||	\
 	defined(CONFIG_IS_HW_HISI) ||	\
 	defined(CONFIG_KSU_ALLOWLIST_WORKAROUND)
 #include <linux/key.h>
 #include <linux/errno.h>
 #include <linux/cred.h>
 struct key *init_session_keyring = NULL;
 static inline int install_session_keyring(struct key *keyring)
 {
 	struct cred *new;
 	int ret;
 	new = prepare_creds();
 	if (!new)
 		return -ENOMEM;
 	ret = install_session_keyring_to_cred(new, keyring);
 	if (ret < 0) {
 		abort_creds(new);
 		return ret;
 	}
 	return commit_creds(new);
 }
 #endif
 extern struct task_struct init_task;
@@ -50,6 +81,15 @@ void ksu_android_ns_fs_check()
 struct file *ksu_filp_open_compat(const char *filename, int flags, umode_t mode)
 {
 #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0) ||	\
 	defined(CONFIG_IS_HW_HISI) ||	\
 	defined(CONFIG_KSU_ALLOWLIST_WORKAROUND)
 	if (init_session_keyring != NULL && !current_cred()->session_keyring &&
 	    (current->flags & PF_WQ_WORKER)) {
 		pr_info("installing init session keyring for older kernel\n");
 		install_session_keyring(init_session_keyring);
 	}
 #endif
 	// switch mnt_ns even if current is not wq_worker, to ensure what we open is the correct file in android mnt_ns, rather than user created mnt_ns
 	struct ksu_ns_fs_saved saved;
 	if (android_context_saved_enabled) {
@@ -72,17 +112,69 @@ struct file *ksu_filp_open_compat(const char *filename, int flags, umode_t mode)
 ssize_t ksu_kernel_read_compat(struct file *p, void *buf, size_t count,
 			       loff_t *pos)
 {
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 14, 0) || defined(KSU_OPTIONAL_KERNEL_READ)
 	return kernel_read(p, buf, count, pos);
 #else
 	loff_t offset = pos ? *pos : 0;
 	ssize_t result = kernel_read(p, offset, (char *)buf, count);
 	if (pos && result > 0) {
 		*pos = offset + result;
 	}
 	return result;
 #endif
 }
 ssize_t ksu_kernel_write_compat(struct file *p, const void *buf, size_t count,
 				loff_t *pos)
 {
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 14, 0) || defined(KSU_OPTIONAL_KERNEL_WRITE)
 	return kernel_write(p, buf, count, pos);
 #else
 	loff_t offset = pos ? *pos : 0;
 	ssize_t result = kernel_write(p, buf, count, offset);
 	if (pos && result > 0) {
 		*pos = offset + result;
 	}
 	return result;
 #endif
 }
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0) || defined(KSU_OPTIONAL_STRNCPY)
 long ksu_strncpy_from_user_nofault(char *dst, const void __user *unsafe_addr,
 				   long count)
 {
 	return strncpy_from_user_nofault(dst, unsafe_addr, count);
 }
 #elif LINUX_VERSION_CODE >= KERNEL_VERSION(5, 3, 0)
 long ksu_strncpy_from_user_nofault(char *dst, const void __user *unsafe_addr,
 				   long count)
 {
 	return strncpy_from_unsafe_user(dst, unsafe_addr, count);
 }
 #else
 // Copied from: https://elixir.bootlin.com/linux/v4.9.337/source/mm/maccess.c#L201
 long ksu_strncpy_from_user_nofault(char *dst, const void __user *unsafe_addr,
 				   long count)
 {
 	mm_segment_t old_fs = get_fs();
 	long ret;
 	if (unlikely(count <= 0))
 		return 0;
 	set_fs(USER_DS);
 	pagefault_disable();
 	ret = strncpy_from_user(dst, unsafe_addr, count);
 	pagefault_enable();
 	set_fs(old_fs);
 	if (ret >= count) {
 		ret = count;
 		dst[ret - 1] = '\0';
 	} else if (ret > 0) {
 		ret++;
 	}
 	return ret;
 }
 #endif
--- a/kernel/kernel_compat.h
+++ b/kernel/kernel_compat.h
@@ -3,9 +3,31 @@
 #include <linux/fs.h>
 #include <linux/version.h>
 #include <linux/cred.h>
 #include "ss/policydb.h"
 #include "linux/key.h"
 // for kernel without get_cred_rcu
 #ifndef KSU_COMPAT_HAS_GET_CRED_RCU
 static inline const struct cred *get_cred_rcu(const struct cred *cred)
 {
 	struct cred *nonconst_cred = (struct cred *) cred;
 	if (!cred)
 		return NULL;
 #ifdef KSU_COMPAT_ATOMIC_LONG
 	if (!atomic_long_inc_not_zero(&nonconst_cred->usage))
 #else
 	if (!atomic_inc_not_zero(&nonconst_cred->usage))
 #endif		
 		return NULL;
 	validate_creds(cred);
 #ifdef KSU_COMPAT_HAS_NONCONST_CRED
 	nonconst_cred->non_rcu = 0;
 #endif
 	return cred;
 }
 #endif
 /*
 * Adapt to Huawei HISI kernel without affecting other kernels ,
 * Huawei Hisi Kernel EBITMAP Enable or Disable Flag ,
@@ -20,10 +42,23 @@
 #endif
 #endif
 // Checks for UH, KDP and RKP
 #ifdef SAMSUNG_UH_DRIVER_EXIST
 #if defined(CONFIG_UH) || defined(CONFIG_KDP) || defined(CONFIG_RKP)
 #error "CONFIG_UH, CONFIG_KDP and CONFIG_RKP is enabled! Please disable or remove it before compile a kernel with KernelSU!"
 #endif
 #endif
 extern long ksu_strncpy_from_user_nofault(char *dst,
 					  const void __user *unsafe_addr,
 					  long count);
 #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0) ||	\
 	defined(CONFIG_IS_HW_HISI) ||	\
 	defined(CONFIG_KSU_ALLOWLIST_WORKAROUND)
 extern struct key *init_session_keyring;
 #endif
 extern void ksu_android_ns_fs_check();
 extern struct file *ksu_filp_open_compat(const char *filename, int flags,
 					 umode_t mode);
--- a/kernel/ksu.c
+++ b/kernel/ksu.c
@@ -11,6 +11,24 @@
 #include "ksu.h"
 #include "throne_tracker.h"
 #ifdef CONFIG_KSU_CMDLINE
 #include <linux/init.h>
 // use get_ksu_state()!
 unsigned int enable_kernelsu = 1; // enabled by default
 static int __init read_kernelsu_state(char *s)
 {
 	if (s)
 		enable_kernelsu = simple_strtoul(s, NULL, 0);
 	return 1;
 }
 __setup("kernelsu.enabled=", read_kernelsu_state);
 bool get_ksu_state(void) { return enable_kernelsu >= 1; }
 #else
 bool get_ksu_state(void) { return true; }
 #endif /* CONFIG_KSU_CMDLINE */
 static struct workqueue_struct *ksu_workqueue;
 bool ksu_queue_work(struct work_struct *work)
@@ -39,6 +57,20 @@ extern void ksu_ksud_exit();
 int __init kernelsu_init(void)
 {
 	pr_info("kernelsu.enabled=%d\n",
 		(int)get_ksu_state());
 #ifndef CONFIG_KSU_64BIT
 	pr_info_once("Running in 32bit mode!\n");
 #endif
 #ifdef CONFIG_KSU_CMDLINE
 	if (!get_ksu_state()) {
 		pr_info_once("drivers is disabled.");
 		return 0;
 	}
 #endif
 #ifdef CONFIG_KSU_DEBUG
 	pr_alert("*************************************************************");
 	pr_alert("**     NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE    **");
@@ -56,11 +88,13 @@ int __init kernelsu_init(void)
 	ksu_allowlist_init();
 	ksu_throne_tracker_init();
-#ifdef CONFIG_KPROBES
+
 	ksu_sucompat_init();
 #ifdef CONFIG_KSU_KPROBES_HOOK
 	ksu_ksud_init();
 #else
- 	pr_alert("KPROBES is disabled, KernelSU may not work, please check https://kernelsu.org/guide/how-to-integrate-for-non-gki.html");
+	pr_debug("init ksu driver\n");
 #endif
 #ifdef MODULE
@@ -73,16 +107,21 @@ int __init kernelsu_init(void)
 void kernelsu_exit(void)
 {
 #ifdef CONFIG_KSU_CMDLINE
 	if (!get_ksu_state()) {
 		return;
 	}
 #endif
 	ksu_allowlist_exit();
 	ksu_throne_tracker_exit();
 	destroy_workqueue(ksu_workqueue);
-#ifdef CONFIG_KPROBES
+#ifdef CONFIG_KSU_KPROBES_HOOK
 	ksu_ksud_exit();
 	ksu_sucompat_exit();
 #endif
 	ksu_sucompat_exit();
 	ksu_core_exit();
 }
@@ -93,4 +132,8 @@ module_exit(kernelsu_exit);
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("weishu");
 MODULE_DESCRIPTION("Android KernelSU");
 #include <linux/version.h>
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 0, 0)
 MODULE_IMPORT_NS(VFS_internal_I_am_really_a_filesystem_and_am_NOT_a_driver);
 #endif
--- a/kernel/ksud.c
+++ b/kernel/ksud.c
@@ -6,7 +6,14 @@
 #include <linux/file.h>
 #include <linux/fs.h>
 #include <linux/version.h>
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 0)
 #include <linux/input-event-codes.h>
 #else
 #include <uapi/linux/input.h>
 #endif
 #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 1, 0)
 #include <linux/aio.h>
 #endif
 #include <linux/kprobes.h>
 #include <linux/printk.h>
 #include <linux/types.h>
@@ -48,7 +55,7 @@ static void stop_vfs_read_hook();
 static void stop_execve_hook();
 static void stop_input_hook();
-#ifdef CONFIG_KPROBES
+#ifdef CONFIG_KSU_KPROBES_HOOK
 static struct work_struct stop_vfs_read_work;
 static struct work_struct stop_execve_hook_work;
 static struct work_struct stop_input_hook_work;
@@ -157,11 +164,11 @@ int ksu_handle_execveat_ksud(int *fd, struct filename **filename_ptr,
 			     struct user_arg_ptr *argv,
 			     struct user_arg_ptr *envp, int *flags)
 {
-#ifndef CONFIG_KPROBES
+#ifndef CONFIG_KSU_KPROBES_HOOK
 	if (!ksu_execveat_hook) {
 		return 0;
 	}
- #endif
+#endif
 	struct filename *filename;
 	static const char app_process[] = "/system/bin/app_process";
@@ -313,7 +320,7 @@ static ssize_t read_iter_proxy(struct kiocb *iocb, struct iov_iter *to)
 int ksu_handle_vfs_read(struct file **file_ptr, char __user **buf_ptr,
 			size_t *count_ptr, loff_t **pos)
 {
-#ifndef CONFIG_KPROBES
+#ifndef CONFIG_KSU_KPROBES_HOOK
 	if (!ksu_vfs_read_hook) {
 		return 0;
 	}
@@ -426,7 +433,7 @@ static bool is_volumedown_enough(unsigned int count)
 int ksu_handle_input_handle_event(unsigned int *type, unsigned int *code,
 				  int *value)
 {
-#ifndef CONFIG_KPROBES
+#ifndef CONFIG_KSU_KPROBES_HOOK
 	if (!ksu_input_hook) {
 		return 0;
 	}
@@ -468,7 +475,29 @@ bool ksu_is_safe_mode()
 	return false;
 }
-#ifdef CONFIG_KPROBES
+#ifdef CONFIG_KSU_KPROBES_HOOK
 // https://elixir.bootlin.com/linux/v5.10.158/source/fs/exec.c#L1864
 static int execve_handler_pre(struct kprobe *p, struct pt_regs *regs)
 {
 	int *fd = (int *)&PT_REGS_PARM1(regs);
 	struct filename **filename_ptr =
 		(struct filename **)&PT_REGS_PARM2(regs);
 	struct user_arg_ptr argv;
 #ifdef CONFIG_COMPAT
 	argv.is_compat = PT_REGS_PARM3(regs);
 	if (unlikely(argv.is_compat)) {
 		argv.ptr.compat = PT_REGS_CCALL_PARM4(regs);
 	} else {
 		argv.ptr.native = PT_REGS_CCALL_PARM4(regs);
 	}
 #else
 	argv.ptr.native = PT_REGS_PARM3(regs);
 #endif
 	return ksu_handle_execveat_ksud(fd, filename_ptr, &argv, NULL, NULL);
 }
 static int sys_execve_handler_pre(struct kprobe *p, struct pt_regs *regs)
 {
 	struct pt_regs *real_regs = PT_REAL_REGS(regs);
@@ -492,6 +521,18 @@ static int sys_execve_handler_pre(struct kprobe *p, struct pt_regs *regs)
 					NULL);
 }
 // remove this later!
 __maybe_unused static int vfs_read_handler_pre(struct kprobe *p,
 					       struct pt_regs *regs)
 {
 	struct file **file_ptr = (struct file **)&PT_REGS_PARM1(regs);
 	char __user **buf_ptr = (char **)&PT_REGS_PARM2(regs);
 	size_t *count_ptr = (size_t *)&PT_REGS_PARM3(regs);
 	loff_t **pos_ptr = (loff_t **)&PT_REGS_CCALL_PARM4(regs);
 	return ksu_handle_vfs_read(file_ptr, buf_ptr, count_ptr, pos_ptr);
 }
 static int sys_read_handler_pre(struct kprobe *p, struct pt_regs *regs)
 {
 	struct pt_regs *real_regs = PT_REAL_REGS(regs);
@@ -511,15 +552,35 @@ static int input_handle_event_handler_pre(struct kprobe *p,
 	return ksu_handle_input_handle_event(type, code, value);
 }
 #if 1
 static struct kprobe execve_kp = {
 	.symbol_name = SYS_EXECVE_SYMBOL,
 	.pre_handler = sys_execve_handler_pre,
 };
 #else
 static struct kprobe execve_kp = {
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 9, 0)
 	.symbol_name = "do_execveat_common",
 #elif LINUX_VERSION_CODE >= KERNEL_VERSION(4, 19, 0)
 	.symbol_name = "__do_execve_file",
 #elif LINUX_VERSION_CODE >= KERNEL_VERSION(3, 19, 0)
 	.symbol_name = "do_execveat_common",
 #endif
 	.pre_handler = execve_handler_pre,
 };
 #endif
 #if 1
 static struct kprobe vfs_read_kp = {
 	.symbol_name = SYS_READ_SYMBOL,
 	.pre_handler = sys_read_handler_pre,
 };
 #else
 static struct kprobe vfs_read_kp = {
 	.symbol_name = "vfs_read",
 	.pre_handler = vfs_read_handler_pre,
 };
 #endif
 static struct kprobe input_event_kp = {
 	.symbol_name = "input_event",
@@ -540,11 +601,41 @@ static void do_stop_input_hook(struct work_struct *work)
 {
 	unregister_kprobe(&input_event_kp);
 }
 #else
 /* 
 * ksu_handle_execve_ksud, execve_ksud handler for non kprobe
 * adapted from sys_execve_handler_pre 
 * https://github.com/tiann/KernelSU/commit/2027ac3
 */
 __maybe_unused int ksu_handle_execve_ksud(const char __user *filename_user,
 			const char __user *const __user *__argv)
 {
 	struct user_arg_ptr argv = { .ptr.native = __argv };
 	struct filename filename_in, *filename_p;
 	char path[32];
 	// return early if disabled.
 	if (!ksu_execveat_hook) {
 		return 0;
 	}
 	if (!filename_user)
 		return 0;
 	memset(path, 0, sizeof(path));
 	ksu_strncpy_from_user_nofault(path, filename_user, 32);
 	// this is because ksu_handle_execveat_ksud calls it filename->name
 	filename_in.name = path;
 	filename_p = &filename_in;
 	return ksu_handle_execveat_ksud(AT_FDCWD, &filename_p, &argv, NULL, NULL);
 }
 #endif
 static void stop_vfs_read_hook()
 {
-#ifdef CONFIG_KPROBES
+#ifdef CONFIG_KSU_KPROBES_HOOK
 	bool ret = schedule_work(&stop_vfs_read_work);
 	pr_info("unregister vfs_read kprobe: %d!\n", ret);
 #else
@@ -555,7 +646,7 @@ static void stop_vfs_read_hook()
 static void stop_execve_hook()
 {
-#ifdef CONFIG_KPROBES
+#ifdef CONFIG_KSU_KPROBES_HOOK
 	bool ret = schedule_work(&stop_execve_hook_work);
 	pr_info("unregister execve kprobe: %d!\n", ret);
 #else
@@ -566,15 +657,16 @@ static void stop_execve_hook()
 static void stop_input_hook()
 {
 #ifdef CONFIG_KSU_KPROBES_HOOK
 	static bool input_hook_stopped = false;
 	if (input_hook_stopped) {
 		return;
 	}
 	input_hook_stopped = true;
 #ifdef CONFIG_KPROBES
 	bool ret = schedule_work(&stop_input_hook_work);
 	pr_info("unregister input kprobe: %d!\n", ret);
 #else
 	if (!ksu_input_hook) { return; }
 	ksu_input_hook = false;
 	pr_info("stop input_hook\n");
 #endif
@@ -583,7 +675,7 @@ static void stop_input_hook()
 // ksud: module support
 void ksu_ksud_init()
 {
-#ifdef CONFIG_KPROBES
+#ifdef CONFIG_KSU_KPROBES_HOOK
 	int ret;
 	ret = register_kprobe(&execve_kp);
@@ -603,7 +695,7 @@ void ksu_ksud_init()
 void ksu_ksud_exit()
 {
-#ifdef CONFIG_KPROBES
+#ifdef CONFIG_KSU_KPROBES_HOOK
 	unregister_kprobe(&execve_kp);
 	// this should be done before unregister vfs_read_kp
 	// unregister_kprobe(&vfs_read_kp);
--- a/kernel/ksud.h
+++ b/kernel/ksud.h
@@ -1,6 +1,8 @@
 #ifndef __KSU_H_KSUD
 #define __KSU_H_KSUD
 #include <linux/types.h>
 #define KSUD_PATH "/data/adb/ksud"
 void on_post_fs_data(void);
--- a/kernel/manager_sign.h
+++ b/kernel/manager_sign.h
@@ -0,0 +1,24 @@
 #ifndef MANAGER_SIGN_H
 #define MANAGER_SIGN_H
 // ShirkNeko/KernelSU
 #define EXPECTED_SIZE_SHIRKNEKO   0x35c
 #define EXPECTED_HASH_SHIRKNEKO   "947ae944f3de4ed4c21a7e4f7953ecf351bfa2b36239da37a34111ad29993eef"
 // weishu/KernelSU
 #define EXPECTED_SIZE_WEISHU   0x033b
 #define EXPECTED_HASH_WEISHU   "c371061b19d8c7d7d6133c6a9bafe198fa944e50c1b31c9d8daa8d7f1fc2d2d6"
 // 5ec1cff/KernelSU
 #define EXPECTED_SIZE_5EC1CFF   384
 #define EXPECTED_HASH_5EC1CFF   "7e0c6d7278a3bb8e364e0fcba95afaf3666cf5ff3c245a3b63c8833bd0445cc4"
 // rsuntk/KernelSU
 #define EXPECTED_SIZE_RSUNTK    0x396
 #define EXPECTED_HASH_RSUNTK    "f415f4ed9435427e1fdf7f1fccd4dbc07b3d6b8751e4dbcec6f19671f427870b"
 // Neko/KernelSU
 #define EXPECTED_SIZE_NEKO   0x29c
 #define EXPECTED_HASH_NEKO   "946b0557e450a6430a0ba6b6bccee5bc12953ec8735d55e26139b0ec12303b21"
 #endif /* MANAGER_SIGN_H */
--- a/kernel/selinux/Makefile
+++ b/kernel/selinux/Makefile
@@ -1,16 +0,0 @@
 obj-y += selinux.o
 obj-y += sepolicy.o
 obj-y += rules.o
 ifeq ($(shell grep -q " current_sid(void)" $(srctree)/security/selinux/include/objsec.h; echo $$?),0)
 ccflags-y += -DKSU_COMPAT_HAS_CURRENT_SID
 endif
 ifeq ($(shell grep -q "struct selinux_state " $(srctree)/security/selinux/include/security.h; echo $$?),0)
 ccflags-y += -DKSU_COMPAT_HAS_SELINUX_STATE
 endif
 ccflags-y += -Wno-implicit-function-declaration -Wno-strict-prototypes -Wno-int-conversion
 ccflags-y += -Wno-declaration-after-statement -Wno-unused-function
 ccflags-y += -I$(srctree)/security/selinux -I$(srctree)/security/selinux/include
 ccflags-y += -I$(objtree)/security/selinux -include $(srctree)/include/uapi/asm-generic/errno.h
--- a/kernel/selinux/rules.c
+++ b/kernel/selinux/rules.c
@@ -9,7 +9,9 @@
 #include "linux/lsm_audit.h"
 #include "xfrm.h"
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 0)
 #define SELINUX_POLICY_INSTEAD_SELINUX_SS
 #endif
 #define KERNEL_SU_DOMAIN "su"
 #define KERNEL_SU_FILE "ksu_file"
@@ -19,8 +21,18 @@
 static struct policydb *get_policydb(void)
 {
 	struct policydb *db;
 // selinux_state does not exists before 4.19
 #ifdef KSU_COMPAT_USE_SELINUX_STATE
 #ifdef SELINUX_POLICY_INSTEAD_SELINUX_SS
 	struct selinux_policy *policy = rcu_dereference(selinux_state.policy);
 	db = &policy->policydb;
 #else
 	struct selinux_ss *ss = rcu_dereference(selinux_state.ss);
 	db = &ss->policydb;
 #endif
 #else
 	db = &policydb;
 #endif
 	return db;
 }
@@ -79,6 +91,7 @@ void apply_kernelsu_rules()
 	ksu_allow(db, "init", "adb_data_file", "file", ALL);
 	ksu_allow(db, "init", "adb_data_file", "dir", ALL); // #1289
 	ksu_allow(db, "init", KERNEL_SU_DOMAIN, ALL, ALL);
 	// we need to umount modules in zygote
 	ksu_allow(db, "zygote", "adb_data_file", "dir", "search");
@@ -137,16 +150,29 @@ void apply_kernelsu_rules()
 #define CMD_TYPE_CHANGE 8
 #define CMD_GENFSCON 9
 // maximal is 7!!
 #if defined(CONFIG_KSU_64BIT) && defined(CONFIG_64BIT)
 #define usize_val u64
 #else
 #define usize_val u32
 #endif
 #if !defined(CONFIG_KSU_64BIT) && defined(CONFIG_64BIT)
 #define declare_char(a, x) char __user a = compat_ptr(x)
 #else
 #define declare_char(a, x) char __user a = x
 #endif
 struct sepol_data {
 	u32 cmd;
 	u32 subcmd;
-	char __user *sepol1;
+	usize_val sepol1;
-	char __user *sepol2;
+	usize_val sepol2;
-	char __user *sepol3;
+	usize_val sepol3;
-	char __user *sepol4;
+	usize_val sepol4;
-	char __user *sepol5;
+	usize_val sepol5;
-	char __user *sepol6;
+	usize_val sepol6;
-	char __user *sepol7;
+	usize_val sepol7;
 };
 static int get_object(char *buf, char __user *user_object, size_t buf_sz,
@@ -169,7 +195,8 @@ static int get_object(char *buf, char __user *user_object, size_t buf_sz,
 // reset avc cache table, otherwise the new rules will not take effect if already denied
 static void reset_avc_cache()
 {
-#if (LINUX_VERSION_CODE >= KERNEL_VERSION(6, 4, 0))
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 4, 0) ||	\
 	!defined(KSU_COMPAT_USE_SELINUX_STATE)
 	avc_ss_reset(0);
 	selnl_notify_policyload(0);
 	selinux_status_update_policyload(0);
@@ -198,6 +225,14 @@ int handle_sepolicy(unsigned long arg3, void __user *arg4)
 		return -1;
 	}
 	declare_char(*ptr1, data.sepol1);
 	declare_char(*ptr2, data.sepol2);
 	declare_char(*ptr3, data.sepol3);
 	declare_char(*ptr4, data.sepol4);
 	declare_char(*ptr5, data.sepol5);
 	declare_char(*ptr6, data.sepol6);
 	declare_char(*ptr7, data.sepol7);
 	u32 cmd = data.cmd;
 	u32 subcmd = data.subcmd;
@@ -213,22 +248,22 @@ int handle_sepolicy(unsigned long arg3, void __user *arg4)
 		char perm_buf[MAX_SEPOL_LEN];
 		char *s, *t, *c, *p;
-		if (get_object(src_buf, data.sepol1, sizeof(src_buf), &s) < 0) {
+		if (get_object(src_buf, ptr1, sizeof(src_buf), &s) < 0) {
 			pr_err("sepol: copy src failed.\n");
 			goto exit;
 		}
-		if (get_object(tgt_buf, data.sepol2, sizeof(tgt_buf), &t) < 0) {
+		if (get_object(tgt_buf, ptr2, sizeof(tgt_buf), &t) < 0) {
 			pr_err("sepol: copy tgt failed.\n");
 			goto exit;
 		}
-		if (get_object(cls_buf, data.sepol3, sizeof(cls_buf), &c) < 0) {
+		if (get_object(cls_buf, ptr3, sizeof(cls_buf), &c) < 0) {
 			pr_err("sepol: copy cls failed.\n");
 			goto exit;
 		}
-		if (get_object(perm_buf, data.sepol4, sizeof(perm_buf), &p) <
+		if (get_object(perm_buf, ptr4, sizeof(perm_buf), &p) <
 		    0) {
 			pr_err("sepol: copy perm failed.\n");
 			goto exit;
@@ -258,24 +293,24 @@ int handle_sepolicy(unsigned long arg3, void __user *arg4)
 		char perm_set[MAX_SEPOL_LEN];
 		char *s, *t, *c;
-		if (get_object(src_buf, data.sepol1, sizeof(src_buf), &s) < 0) {
+		if (get_object(src_buf, ptr1, sizeof(src_buf), &s) < 0) {
 			pr_err("sepol: copy src failed.\n");
 			goto exit;
 		}
-		if (get_object(tgt_buf, data.sepol2, sizeof(tgt_buf), &t) < 0) {
+		if (get_object(tgt_buf, ptr2, sizeof(tgt_buf), &t) < 0) {
 			pr_err("sepol: copy tgt failed.\n");
 			goto exit;
 		}
-		if (get_object(cls_buf, data.sepol3, sizeof(cls_buf), &c) < 0) {
+		if (get_object(cls_buf, ptr3, sizeof(cls_buf), &c) < 0) {
 			pr_err("sepol: copy cls failed.\n");
 			goto exit;
 		}
-		if (strncpy_from_user(operation, data.sepol4,
+		if (strncpy_from_user(operation, ptr4,
 				      sizeof(operation)) < 0) {
 			pr_err("sepol: copy operation failed.\n");
 			goto exit;
 		}
-		if (strncpy_from_user(perm_set, data.sepol5, sizeof(perm_set)) <
+		if (strncpy_from_user(perm_set, ptr5, sizeof(perm_set)) <
 		    0) {
 			pr_err("sepol: copy perm_set failed.\n");
 			goto exit;
@@ -295,7 +330,7 @@ int handle_sepolicy(unsigned long arg3, void __user *arg4)
 	} else if (cmd == CMD_TYPE_STATE) {
 		char src[MAX_SEPOL_LEN];
-		if (strncpy_from_user(src, data.sepol1, sizeof(src)) < 0) {
+		if (strncpy_from_user(src, ptr1, sizeof(src)) < 0) {
 			pr_err("sepol: copy src failed.\n");
 			goto exit;
 		}
@@ -315,11 +350,11 @@ int handle_sepolicy(unsigned long arg3, void __user *arg4)
 		char type[MAX_SEPOL_LEN];
 		char attr[MAX_SEPOL_LEN];
-		if (strncpy_from_user(type, data.sepol1, sizeof(type)) < 0) {
+		if (strncpy_from_user(type, ptr1, sizeof(type)) < 0) {
 			pr_err("sepol: copy type failed.\n");
 			goto exit;
 		}
-		if (strncpy_from_user(attr, data.sepol2, sizeof(attr)) < 0) {
+		if (strncpy_from_user(attr, ptr2, sizeof(attr)) < 0) {
 			pr_err("sepol: copy attr failed.\n");
 			goto exit;
 		}
@@ -339,7 +374,7 @@ int handle_sepolicy(unsigned long arg3, void __user *arg4)
 	} else if (cmd == CMD_ATTR) {
 		char attr[MAX_SEPOL_LEN];
-		if (strncpy_from_user(attr, data.sepol1, sizeof(attr)) < 0) {
+		if (strncpy_from_user(attr, ptr1, sizeof(attr)) < 0) {
 			pr_err("sepol: copy attr failed.\n");
 			goto exit;
 		}
@@ -356,28 +391,28 @@ int handle_sepolicy(unsigned long arg3, void __user *arg4)
 		char default_type[MAX_SEPOL_LEN];
 		char object[MAX_SEPOL_LEN];
-		if (strncpy_from_user(src, data.sepol1, sizeof(src)) < 0) {
+		if (strncpy_from_user(src, ptr1, sizeof(src)) < 0) {
 			pr_err("sepol: copy src failed.\n");
 			goto exit;
 		}
-		if (strncpy_from_user(tgt, data.sepol2, sizeof(tgt)) < 0) {
+		if (strncpy_from_user(tgt, ptr2, sizeof(tgt)) < 0) {
 			pr_err("sepol: copy tgt failed.\n");
 			goto exit;
 		}
-		if (strncpy_from_user(cls, data.sepol3, sizeof(cls)) < 0) {
+		if (strncpy_from_user(cls, ptr3, sizeof(cls)) < 0) {
 			pr_err("sepol: copy cls failed.\n");
 			goto exit;
 		}
-		if (strncpy_from_user(default_type, data.sepol4,
+		if (strncpy_from_user(default_type, ptr4,
 				      sizeof(default_type)) < 0) {
 			pr_err("sepol: copy default_type failed.\n");
 			goto exit;
 		}
 		char *real_object;
-		if (data.sepol5 == NULL) {
+		if (ptr5 == NULL) {
 			real_object = NULL;
 		} else {
-			if (strncpy_from_user(object, data.sepol5,
+			if (strncpy_from_user(object, ptr5,
 					      sizeof(object)) < 0) {
 				pr_err("sepol: copy object failed.\n");
 				goto exit;
@@ -396,19 +431,19 @@ int handle_sepolicy(unsigned long arg3, void __user *arg4)
 		char cls[MAX_SEPOL_LEN];
 		char default_type[MAX_SEPOL_LEN];
-		if (strncpy_from_user(src, data.sepol1, sizeof(src)) < 0) {
+		if (strncpy_from_user(src, ptr1, sizeof(src)) < 0) {
 			pr_err("sepol: copy src failed.\n");
 			goto exit;
 		}
-		if (strncpy_from_user(tgt, data.sepol2, sizeof(tgt)) < 0) {
+		if (strncpy_from_user(tgt, ptr2, sizeof(tgt)) < 0) {
 			pr_err("sepol: copy tgt failed.\n");
 			goto exit;
 		}
-		if (strncpy_from_user(cls, data.sepol3, sizeof(cls)) < 0) {
+		if (strncpy_from_user(cls, ptr3, sizeof(cls)) < 0) {
 			pr_err("sepol: copy cls failed.\n");
 			goto exit;
 		}
-		if (strncpy_from_user(default_type, data.sepol4,
+		if (strncpy_from_user(default_type, ptr4,
 				      sizeof(default_type)) < 0) {
 			pr_err("sepol: copy default_type failed.\n");
 			goto exit;
@@ -429,15 +464,15 @@ int handle_sepolicy(unsigned long arg3, void __user *arg4)
 		char name[MAX_SEPOL_LEN];
 		char path[MAX_SEPOL_LEN];
 		char context[MAX_SEPOL_LEN];
-		if (strncpy_from_user(name, data.sepol1, sizeof(name)) < 0) {
+		if (strncpy_from_user(name, ptr1, sizeof(name)) < 0) {
 			pr_err("sepol: copy name failed.\n");
 			goto exit;
 		}
-		if (strncpy_from_user(path, data.sepol2, sizeof(path)) < 0) {
+		if (strncpy_from_user(path, ptr2, sizeof(path)) < 0) {
 			pr_err("sepol: copy path failed.\n");
 			goto exit;
 		}
-		if (strncpy_from_user(context, data.sepol3, sizeof(context)) <
+		if (strncpy_from_user(context, ptr3, sizeof(context)) <
 		    0) {
 			pr_err("sepol: copy context failed.\n");
 			goto exit;
--- a/kernel/selinux/selinux.c
+++ b/kernel/selinux/selinux.c
@@ -2,6 +2,9 @@
 #include "objsec.h"
 #include "linux/version.h"
 #include "../klog.h" // IWYU pragma: keep
 #ifndef KSU_COMPAT_USE_SELINUX_STATE
 #include "avc.h"
 #endif
 #define KERNEL_SU_DOMAIN "u:r:su:s0"
@@ -52,20 +55,32 @@ if (!is_domain_permissive) {
 void setenforce(bool enforce)
 {
 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
 #ifdef KSU_COMPAT_USE_SELINUX_STATE
 	selinux_state.enforcing = enforce;
 #else
 	selinux_enforcing = enforce;
 #endif
 #endif
 }
 bool getenforce()
 {
 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
 #ifdef KSU_COMPAT_USE_SELINUX_STATE
 	if (selinux_state.disabled) {
 #else
 	if (selinux_disabled) {
 #endif
 		return false;
 	}
 #endif
 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
 #ifdef KSU_COMPAT_USE_SELINUX_STATE
 	return selinux_state.enforcing;
 #else
 	return selinux_enforcing;
 #endif
 #else
 	return true;
 #endif
--- a/kernel/selinux/selinux.h
+++ b/kernel/selinux/selinux.h
@@ -4,6 +4,10 @@
 #include "linux/types.h"
 #include "linux/version.h"
 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 0)) || defined(KSU_COMPAT_HAS_SELINUX_STATE)
 #define KSU_COMPAT_USE_SELINUX_STATE
 #endif
 void setup_selinux(const char *);
 void setenforce(bool);
--- a/kernel/selinux/sepolicy.c
+++ b/kernel/selinux/sepolicy.c
@@ -524,6 +524,7 @@ static bool add_filename_trans(struct policydb *db, const char *s,
 		return false;
 	}
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)
 	struct filename_trans_key key;
 	key.ttype = tgt->value;
 	key.tclass = cls->value;
@@ -531,8 +532,13 @@ static bool add_filename_trans(struct policydb *db, const char *s,
 	struct filename_trans_datum *last = NULL;
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 9, 0)
 	struct filename_trans_datum *trans =
 		policydb_filenametr_search(db, &key);
 #else
 	struct filename_trans_datum *trans =
 		hashtab_search(&db->filename_trans, &key);
 #endif
 	while (trans) {
 		if (ebitmap_get_bit(&trans->stypes, src->value - 1)) {
 			// Duplicate, overwrite existing data and return
@@ -561,6 +567,39 @@ static bool add_filename_trans(struct policydb *db, const char *s,
 	db->compat_filename_trans_count++;
 	return ebitmap_set_bit(&trans->stypes, src->value - 1, 1) == 0;
 #else // < 5.7.0, has no filename_trans_key, but struct filename_trans
 	struct filename_trans key;
 	key.ttype = tgt->value;
 	key.tclass = cls->value;
 	key.name = (char *)o;
 	struct filename_trans_datum *trans =
 		hashtab_search(db->filename_trans, &key);
 	if (trans == NULL) {
 		trans = (struct filename_trans_datum *)kcalloc(sizeof(*trans),
 							       1, GFP_ATOMIC);
 		if (!trans) {
 			pr_err("add_filename_trans: Failed to alloc datum\n");
 			return false;
 		}
 		struct filename_trans *new_key =
 			(struct filename_trans *)kmalloc(sizeof(*new_key),
 							 GFP_ATOMIC);
 		if (!new_key) {
 			pr_err("add_filename_trans: Failed to alloc new_key\n");
 			return false;
 		}
 		*new_key = key;
 		new_key->name = kstrdup(key.name, GFP_ATOMIC);
 		trans->otype = def->value;
 		hashtab_insert(db->filename_trans, new_key, trans);
 	}
 	return ebitmap_set_bit(&db->filename_trans_ttypes, src->value - 1, 1) ==
 	       0;
 #endif
 }
 static bool add_genfscon(struct policydb *db, const char *fs_name,
@@ -587,6 +626,7 @@ static void *ksu_realloc(void *old, size_t new_size, size_t old_size)
 static bool add_type(struct policydb *db, const char *type_name, bool attr)
 {
 #ifdef KSU_SUPPORT_ADD_TYPE
 	struct type_datum *type = symtab_search(&db->p_types, type_name);
 	if (type) {
 		pr_warn("Type %s already exists\n", type_name);
@@ -616,6 +656,7 @@ static bool add_type(struct policydb *db, const char *type_name, bool attr)
 		return false;
 	}
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 1, 0)
 	struct ebitmap *new_type_attr_map_array =
 		ksu_realloc(db->type_attr_map_array,
 			    value * sizeof(struct ebitmap),
@@ -662,6 +703,171 @@ static bool add_type(struct policydb *db, const char *type_name, bool attr)
 	}
 	return true;
 #elif defined(CONFIG_IS_HW_HISI)
 	/*
   * Huawei use type_attr_map and type_val_to_struct.
   * And use ebitmap not flex_array.
   */
 	size_t new_size = sizeof(struct ebitmap) * db->p_types.nprim;
 	struct ebitmap *new_type_attr_map =
 		(krealloc(db->type_attr_map, new_size, GFP_ATOMIC));
 	struct type_datum **new_type_val_to_struct =
 		krealloc(db->type_val_to_struct,
 			 sizeof(*db->type_val_to_struct) * db->p_types.nprim,
 			 GFP_ATOMIC);
 	if (!new_type_attr_map) {
 		pr_err("add_type: alloc type_attr_map failed\n");
 		return false;
 	}
 	if (!new_type_val_to_struct) {
 		pr_err("add_type: alloc type_val_to_struct failed\n");
 		return false;
 	}
 	char **new_val_to_name_types =
 		krealloc(db->sym_val_to_name[SYM_TYPES],
 			 sizeof(char *) * db->symtab[SYM_TYPES].nprim,
 			 GFP_KERNEL);
 	if (!new_val_to_name_types) {
 		pr_err("add_type: alloc val_to_name failed\n");
 		return false;
 	}
 	db->type_attr_map = new_type_attr_map;
 	ebitmap_init(&db->type_attr_map[value - 1], HISI_SELINUX_EBITMAP_RO);
 	ebitmap_set_bit(&db->type_attr_map[value - 1], value - 1, 1);
 	db->type_val_to_struct = new_type_val_to_struct;
 	db->type_val_to_struct[value - 1] = type;
 	db->sym_val_to_name[SYM_TYPES] = new_val_to_name_types;
 	db->sym_val_to_name[SYM_TYPES][value - 1] = key;
 	int i;
 	for (i = 0; i < db->p_roles.nprim; ++i) {
 		ebitmap_set_bit(&db->role_val_to_struct[i]->types, value - 1,
 				1);
 	}
 	return true;
 #else
 	// flex_array is not extensible, we need to create a new bigger one instead
 	struct flex_array *new_type_attr_map_array =
 		flex_array_alloc(sizeof(struct ebitmap), db->p_types.nprim,
 				 GFP_ATOMIC | __GFP_ZERO);
 	struct flex_array *new_type_val_to_struct =
 		flex_array_alloc(sizeof(struct type_datum *), db->p_types.nprim,
 				 GFP_ATOMIC | __GFP_ZERO);
 	struct flex_array *new_val_to_name_types =
 		flex_array_alloc(sizeof(char *), db->symtab[SYM_TYPES].nprim,
 				 GFP_ATOMIC | __GFP_ZERO);
 	if (!new_type_attr_map_array) {
 		pr_err("add_type: alloc type_attr_map_array failed\n");
 		return false;
 	}
 	if (!new_type_val_to_struct) {
 		pr_err("add_type: alloc type_val_to_struct failed\n");
 		return false;
 	}
 	if (!new_val_to_name_types) {
 		pr_err("add_type: alloc val_to_name failed\n");
 		return false;
 	}
 	// preallocate so we don't have to worry about the put ever failing
 	if (flex_array_prealloc(new_type_attr_map_array, 0, db->p_types.nprim,
 				GFP_ATOMIC | __GFP_ZERO)) {
 		pr_err("add_type: prealloc type_attr_map_array failed\n");
 		return false;
 	}
 	if (flex_array_prealloc(new_type_val_to_struct, 0, db->p_types.nprim,
 				GFP_ATOMIC | __GFP_ZERO)) {
 		pr_err("add_type: prealloc type_val_to_struct_array failed\n");
 		return false;
 	}
 	if (flex_array_prealloc(new_val_to_name_types, 0,
 				db->symtab[SYM_TYPES].nprim,
 				GFP_ATOMIC | __GFP_ZERO)) {
 		pr_err("add_type: prealloc val_to_name_types failed\n");
 		return false;
 	}
 	int j;
 	void *old_elem;
 	// copy the old data or pointers to new flex arrays
 	for (j = 0; j < db->type_attr_map_array->total_nr_elements; j++) {
 		old_elem = flex_array_get(db->type_attr_map_array, j);
 		if (old_elem)
 			flex_array_put(new_type_attr_map_array, j, old_elem,
 				       GFP_ATOMIC | __GFP_ZERO);
 	}
 	for (j = 0; j < db->type_val_to_struct_array->total_nr_elements; j++) {
 		old_elem = flex_array_get_ptr(db->type_val_to_struct_array, j);
 		if (old_elem)
 			flex_array_put_ptr(new_type_val_to_struct, j, old_elem,
 					   GFP_ATOMIC | __GFP_ZERO);
 	}
 	for (j = 0; j < db->symtab[SYM_TYPES].nprim; j++) {
 		old_elem =
 			flex_array_get_ptr(db->sym_val_to_name[SYM_TYPES], j);
 		if (old_elem)
 			flex_array_put_ptr(new_val_to_name_types, j, old_elem,
 					   GFP_ATOMIC | __GFP_ZERO);
 	}
 	// store the pointer of old flex arrays first, when assigning new ones we
 	// should free it
 	struct flex_array *old_fa;
 	old_fa = db->type_attr_map_array;
 	db->type_attr_map_array = new_type_attr_map_array;
 	if (old_fa) {
 		flex_array_free(old_fa);
 	}
 	ebitmap_init(flex_array_get(db->type_attr_map_array, value - 1));
 	ebitmap_set_bit(flex_array_get(db->type_attr_map_array, value - 1),
 			value - 1, 1);
 	old_fa = db->type_val_to_struct_array;
 	db->type_val_to_struct_array = new_type_val_to_struct;
 	if (old_fa) {
 		flex_array_free(old_fa);
 	}
 	flex_array_put_ptr(db->type_val_to_struct_array, value - 1, type,
 			   GFP_ATOMIC | __GFP_ZERO);
 	old_fa = db->sym_val_to_name[SYM_TYPES];
 	db->sym_val_to_name[SYM_TYPES] = new_val_to_name_types;
 	if (old_fa) {
 		flex_array_free(old_fa);
 	}
 	flex_array_put_ptr(db->sym_val_to_name[SYM_TYPES], value - 1, key,
 			   GFP_ATOMIC | __GFP_ZERO);
 	int i;
 	for (i = 0; i < db->p_roles.nprim; ++i) {
 		ebitmap_set_bit(&db->role_val_to_struct[i]->types, value - 1,
 				1);
 	}
 	return true;
 #endif
 #else
 	return false;
 #endif
 }
 static bool set_type_state(struct policydb *db, const char *type_name,
@@ -696,7 +902,18 @@ static bool set_type_state(struct policydb *db, const char *type_name,
 static void add_typeattribute_raw(struct policydb *db, struct type_datum *type,
 				  struct type_datum *attr)
 {
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 1, 0)
 	struct ebitmap *sattr = &db->type_attr_map_array[type->value - 1];
 #elif defined(CONFIG_IS_HW_HISI)
 	/*
   *   HISI_SELINUX_EBITMAP_RO is Huawei's unique features.
   */
 	struct ebitmap *sattr = &db->type_attr_map[type->value - 1],
 		       HISI_SELINUX_EBITMAP_RO;
 #else
 	struct ebitmap *sattr =
 		flex_array_get(db->type_attr_map_array, type->value - 1);
 #endif
 	ebitmap_set_bit(sattr, attr->value - 1, 1);
 	struct hashtab_node *node;
--- a/kernel/sucompat.c
+++ b/kernel/sucompat.c
@@ -8,7 +8,14 @@
 #include <linux/types.h>
 #include <linux/uaccess.h>
 #include <linux/version.h>
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 11, 0)
 #include <linux/sched/task_stack.h>
 #else
 #include <linux/sched.h>
 #endif
 /* current_user_stack_pointer */
 #include <linux/ptrace.h>
 #include "objsec.h"
 #include "allowlist.h"
@@ -22,6 +29,8 @@
 extern void escape_to_root();
 bool ksu_sucompat_hook_state __read_mostly = true;
 static void __user *userspace_stack_buffer(const void *d, size_t len)
 {
 	/* To avoid having to mmap a page in userspace, just write below the stack
@@ -48,8 +57,15 @@ static char __user *ksud_user_path(void)
 int ksu_handle_faccessat(int *dfd, const char __user **filename_user, int *mode,
 			 int *__unused_flags)
 {
 	const char su[] = SU_PATH;
 #ifndef CONFIG_KSU_KPROBES_HOOK
 	if (!ksu_sucompat_hook_state) {
 		return 0;
 	}
 #endif
 	if (!ksu_is_allow_uid(current_uid().val)) {
 		return 0;
 	}
@@ -71,6 +87,12 @@ int ksu_handle_stat(int *dfd, const char __user **filename_user, int *flags)
 	// const char sh[] = SH_PATH;
 	const char su[] = SU_PATH;
 #ifndef CONFIG_KSU_KPROBES_HOOK
 	if (!ksu_sucompat_hook_state) {
 		return 0;
 	}
 #endif
 	if (!ksu_is_allow_uid(current_uid().val)) {
 		return 0;
 	}
@@ -81,27 +103,13 @@ int ksu_handle_stat(int *dfd, const char __user **filename_user, int *flags)
 	char path[sizeof(su) + 1];
 	memset(path, 0, sizeof(path));
-// Remove this later!! we use syscall hook, so this will never happen!!!!!
+
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 18, 0) && 0
 	// it becomes a `struct filename *` after 5.18
 	// https://elixir.bootlin.com/linux/v5.18/source/fs/stat.c#L216
 	const char sh[] = SH_PATH;
 	struct filename *filename = *((struct filename **)filename_user);
 	if (IS_ERR(filename)) {
 		return 0;
 	}
 	if (likely(memcmp(filename->name, su, sizeof(su))))
 		return 0;
 	pr_info("vfs_statx su->sh!\n");
 	memcpy((void *)filename->name, sh, sizeof(sh));
 #else
 	ksu_strncpy_from_user_nofault(path, *filename_user, sizeof(path));
 	if (unlikely(!memcmp(path, su, sizeof(su)))) {
 		pr_info("newfstatat su->sh!\n");
 		*filename_user = sh_user_path();
 	}
 #endif
 	return 0;
 }
@@ -115,6 +123,12 @@ int ksu_handle_execveat_sucompat(int *fd, struct filename **filename_ptr,
 	const char sh[] = KSUD_PATH;
 	const char su[] = SU_PATH;
 #ifndef CONFIG_KSU_KPROBES_HOOK
 	if (!ksu_sucompat_hook_state) {
 		return 0;
 	}
 #endif
 	if (unlikely(!filename_ptr))
 		return 0;
@@ -164,7 +178,44 @@ int ksu_handle_execve_sucompat(int *fd, const char __user **filename_user,
 	return 0;
 }
-#ifdef CONFIG_KPROBES
+int ksu_handle_devpts(struct inode *inode)
 {
 #ifndef CONFIG_KSU_KPROBES_HOOK
 	if (!ksu_sucompat_hook_state) {
 		return 0;
 	}
 #endif
 	if (!current->mm) {
 		return 0;
 	}
 	uid_t uid = current_uid().val;
 	if (uid % 100000 < 10000) {
 		// not untrusted_app, ignore it
 		return 0;
 	}
 	if (!ksu_is_allow_uid(uid))
 		return 0;
 	if (ksu_devpts_sid) {
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 1, 0)
 		struct inode_security_struct *sec = selinux_inode(inode);
 #else
 		struct inode_security_struct *sec =
 			(struct inode_security_struct *)inode->i_security;
 #endif
 		if (sec) {
 			sec->sid = ksu_devpts_sid;
 		}
 	}
 	return 0;
 }
 #ifdef CONFIG_KSU_KPROBES_HOOK
 static int faccessat_handler_pre(struct kprobe *p, struct pt_regs *regs)
 {
 	struct pt_regs *real_regs = PT_REAL_REGS(regs);
@@ -197,6 +248,19 @@ static int execve_handler_pre(struct kprobe *p, struct pt_regs *regs)
 					  NULL);
 }
 static int pts_unix98_lookup_pre(struct kprobe *p, struct pt_regs *regs)
 {
 	struct inode *inode;
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 6, 0)
 	struct file *file = (struct file *)PT_REGS_PARM2(regs);
 	inode = file->f_path.dentry->d_inode;
 #else
 	inode = (struct inode *)PT_REGS_PARM2(regs);
 #endif
 	return ksu_handle_devpts(inode);
 }
 static struct kprobe *init_kprobe(const char *name,
 				  kprobe_pre_handler_t handler)
 {
@@ -227,24 +291,34 @@ static void destroy_kprobe(struct kprobe **kp_ptr)
 	*kp_ptr = NULL;
 }
-static struct kprobe *su_kps[3];
+static struct kprobe *su_kps[6];
 #endif
 // sucompat: permited process can execute 'su' to gain root access.
 void ksu_sucompat_init()
 {
-#ifdef CONFIG_KPROBES
+#ifdef CONFIG_KSU_KPROBES_HOOK
 	su_kps[0] = init_kprobe(SYS_EXECVE_SYMBOL, execve_handler_pre);
-	su_kps[1] = init_kprobe(SYS_FACCESSAT_SYMBOL, faccessat_handler_pre);
+	su_kps[1] = init_kprobe(SYS_EXECVE_COMPAT_SYMBOL, execve_handler_pre);
-	su_kps[2] = init_kprobe(SYS_NEWFSTATAT_SYMBOL, newfstatat_handler_pre);
+	su_kps[2] = init_kprobe(SYS_FACCESSAT_SYMBOL, faccessat_handler_pre);
 	su_kps[3] = init_kprobe(SYS_NEWFSTATAT_SYMBOL, newfstatat_handler_pre);
 	su_kps[4] = init_kprobe(SYS_FSTATAT64_SYMBOL, newfstatat_handler_pre);
 	su_kps[5] = init_kprobe("pts_unix98_lookup", pts_unix98_lookup_pre);
 #else
 	ksu_sucompat_hook_state = true;
 	pr_info("ksu_sucompat init\n");
 #endif
 }
 void ksu_sucompat_exit()
 {
-#ifdef CONFIG_KPROBES
+#ifdef CONFIG_KSU_KPROBES_HOOK
-	for (int i = 0; i < ARRAY_SIZE(su_kps); i++) {
+	int i;
 	for (i = 0; i < ARRAY_SIZE(su_kps); i++) {
 		destroy_kprobe(&su_kps[i]);
 	}
 #else
 	ksu_sucompat_hook_state = false;
 	pr_info("ksu_sucompat exit\n");
 #endif
 }
--- a/kernel/throne_tracker.c
+++ b/kernel/throne_tracker.c
@@ -106,7 +106,7 @@ struct apk_path_hash {
 	struct list_head list;
 };
-static struct list_head apk_path_hash_list = LIST_HEAD_INIT(apk_path_hash_list);
+static struct list_head apk_path_hash_list;
 struct my_dir_context {
 	struct dir_context ctx;
@@ -154,7 +154,6 @@ FILLDIR_RETURN_TYPE my_actor(struct dir_context *ctx, const char *name,
 		return FILLDIR_ACTOR_CONTINUE; // Skip staging package
 	}
 	if (snprintf(dirpath, DATA_PATH_LEN, "%s/%.*s", my_ctx->parent_dir,
 		     namelen, name) >= DATA_PATH_LEN) {
 		pr_err("Path too long: %s/%.*s\n", my_ctx->parent_dir, namelen,
@@ -176,8 +175,12 @@ FILLDIR_RETURN_TYPE my_actor(struct dir_context *ctx, const char *name,
 		list_add_tail(&data->list, my_ctx->data_path_list);
 	} else {
 		if ((namelen == 8) && (strncmp(name, "base.apk", namelen) == 0)) {
-			struct apk_path_hash *pos, *n;
+			struct apk_path_hash *pos;
 #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 8, 0)
 			unsigned int hash = full_name_hash(dirpath, strlen(dirpath));
 #else
 			unsigned int hash = full_name_hash(NULL, dirpath, strlen(dirpath));
 #endif
 			list_for_each_entry(pos, &apk_path_hash_list, list) {
 				if (hash == pos->hash) {
 					pos->exists = true;
@@ -191,17 +194,6 @@ FILLDIR_RETURN_TYPE my_actor(struct dir_context *ctx, const char *name,
 			if (is_manager) {
 				crown_manager(dirpath, my_ctx->private_data);
 				*my_ctx->stop = 1;
 				// Manager found, clear APK cache list
 				list_for_each_entry_safe(pos, n, &apk_path_hash_list, list) {
 					list_del(&pos->list);
 					kfree(pos);
 				}
 			} else {
 				struct apk_path_hash *apk_data = kmalloc(sizeof(struct apk_path_hash), GFP_ATOMIC);
 				apk_data->hash = hash;
 				apk_data->exists = true;
 				list_add_tail(&apk_data->list, &apk_path_hash_list);
 			}
 		}
 	}
@@ -214,6 +206,7 @@ void search_manager(const char *path, int depth, struct list_head *uid_data)
 	int i, stop = 0;
 	struct list_head data_path_list;
 	INIT_LIST_HEAD(&data_path_list);
 	INIT_LIST_HEAD(&apk_path_hash_list);
 	// Initialize APK cache list
 	struct apk_path_hash *pos, *n;
@@ -256,13 +249,12 @@ skip_iterate:
 		}
 	}
-	// Remove stale cached APK entries
+	// clear apk_path_hash_list unconditionally
 	pr_info("search manager: cleanup!\n");
 	list_for_each_entry_safe(pos, n, &apk_path_hash_list, list) {
 		if (!pos->exists) {
 		list_del(&pos->list);
 		kfree(pos);
 	}
 	}
 }
 static bool is_uid_exist(uid_t uid, char *package, void *data)
--- a/kernel/throne_tracker.h
+++ b/kernel/throne_tracker.h
@@ -1,5 +1,5 @@
-#ifndef __KSU_H_UID_OBSERVER
+#ifndef __KSU_H_THRONE_TRACKER
-#define __KSU_H_UID_OBSERVER
+#define __KSU_H_THRONE_TRACKER
 void ksu_throne_tracker_init();