kernel: supercall: allow escalation on ioctl interface (#2862)

Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>

kernel/supercalls.c

@@ -56,6 +56,15 @@ bool always_allow(void)
     return true; // No permission check
 }
 
+bool allowed_for_su(void)
+{
+    bool is_allowed = is_manager() || ksu_is_allow_uid(current_uid().val);
+#if __SULOG_GATE
+	ksu_sulog_report_permission_check(current_uid().val, current->comm, is_allowed);
+#endif
+    return is_allowed;
+}
+
 static void init_uid_scanner(void)
 {
     ksu_uid_init();
@@ -71,16 +80,7 @@ static void init_uid_scanner(void)
 
 static int do_grant_root(void __user *arg)
 {
-    // Check if current UID is allowed
+    // we already check uid above on allowed_for_su()
-    bool is_allowed = is_manager() || ksu_is_allow_uid(current_uid().val);
-
-#if __SULOG_GATE
-	ksu_sulog_report_permission_check(current_uid().val, current->comm, is_allowed);
-#endif
-
-    if (!is_allowed) {
-        return -EPERM;
-    }
 
     pr_info("allow root for: %d\n", current_uid().val);
     escape_to_root();
@@ -522,7 +522,7 @@ static int do_enable_uid_scanner(void __user *arg)
 
 // IOCTL handlers mapping table
 static const struct ksu_ioctl_cmd_map ksu_ioctl_handlers[] = {
-   { .cmd = KSU_IOCTL_GRANT_ROOT, .name = "GRANT_ROOT", .handler = do_grant_root, .perm_check = manager_or_root },
+    { .cmd = KSU_IOCTL_GRANT_ROOT, .name = "GRANT_ROOT", .handler = do_grant_root, .perm_check = allowed_for_su },
     { .cmd = KSU_IOCTL_GET_INFO, .name = "GET_INFO", .handler = do_get_info, .perm_check = always_allow },
     { .cmd = KSU_IOCTL_REPORT_EVENT, .name = "REPORT_EVENT", .handler = do_report_event, .perm_check = only_root },
     { .cmd = KSU_IOCTL_SET_SEPOLICY, .name = "SET_SEPOLICY", .handler = do_set_sepolicy, .perm_check = only_root },