diff --git a/kernel/Makefile b/kernel/Makefile index 15a96090..280c5a46 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -189,7 +189,7 @@ $(eval SUSFS_VERSION=$(shell cat $(srctree)/include/linux/susfs.h | grep -E '^#d $(info ) $(info -- SUSFS_VERSION: $(SUSFS_VERSION)) else -$(info -- You have not integrated susfs in your kernel yet.) +$(info -- You have not integrate susfs in your kernel.) $(info -- Read: https://gitlab.com/simonpunk/susfs4ksu) endif diff --git a/kernel/core_hook.c b/kernel/core_hook.c index a4d82f99..4c2f5e5f 100644 --- a/kernel/core_hook.c +++ b/kernel/core_hook.c @@ -495,12 +495,12 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3, switch (arg3) { case EVENT_POST_FS_DATA: { static bool post_fs_data_lock = false; - if (!post_fs_data_lock) { - post_fs_data_lock = true; - pr_info("post-fs-data triggered\n"); #ifdef CONFIG_KSU_SUSFS susfs_on_post_fs_data(); #endif + if (!post_fs_data_lock) { + post_fs_data_lock = true; + pr_info("post-fs-data triggered\n"); on_post_fs_data(); // Initialize throne communication ksu_throne_comm_init(); @@ -1135,11 +1135,6 @@ static bool is_non_appuid(kuid_t uid) return appid < FIRST_APPLICATION_UID; } -static inline bool is_some_system_uid(uid_t uid) -{ - return uid >= 1000 && uid < 10000; -} - static bool should_umount(struct path *path) { if (!path) { @@ -1242,11 +1237,11 @@ static void try_umount(const char *mnt, bool check_mnt, int flags) void susfs_try_umount_all(uid_t uid) { susfs_try_umount(uid); /* For Legacy KSU only */ - try_umount("/odm", true, 0, uid); try_umount("/system", true, 0, uid); try_umount("/system_ext", true, 0, uid); try_umount("/vendor", true, 0, uid); try_umount("/product", true, 0, uid); + try_umount("/odm", true, 0, uid); // - For '/data/adb/modules' we pass 'false' here because it is a loop device that we can't determine whether // its dev_name is KSU or not, and it is safe to just umount it if it is really a mountpoint try_umount("/data/adb/modules", false, MNT_DETACH, uid); @@ -1284,16 +1279,50 @@ int ksu_handle_setuid(struct cred *new, const struct cred *old) } #ifdef CONFIG_KSU_SUSFS + // check if current process is zygote bool is_zygote_child = susfs_is_sid_equal(old->security, susfs_zygote_sid); - if (is_some_system_uid(new_uid.val) && is_zygote_child) { - if (ksu_is_allow_uid(new_uid.val)) { - return 0; - } +#endif // #ifdef CONFIG_KSU_SUSFS + if (likely(is_zygote_child)) { + // if spawned process is non user app process + if (unlikely(new_uid.val < 10000 && new_uid.val >= 1000)) { #ifdef CONFIG_KSU_SUSFS_SUS_SU - susfs_set_current_proc_su_not_allowed(); + // set flag if zygote spawned system process is allowed for root access + if (!ksu_is_allow_uid(new_uid.val)) { + task_lock(current); + susfs_set_current_proc_su_not_allowed(); + task_unlock(current); + } #endif // #ifdef CONFIG_KSU_SUSFS_SUS_SU - if (susfs_is_umount_for_zygote_system_process_enabled) { - goto do_umount; +#ifdef CONFIG_KSU_SUSFS_SUS_MOUNT + // umount for the system process if path DATA_ADB_UMOUNT_FOR_ZYGOTE_SYSTEM_PROCESS exists + if (susfs_is_umount_for_zygote_system_process_enabled) { + goto out_try_umount; + } +#endif // #ifdef CONFIG_KSU_SUSFS_SUS_MOUNT + } +#ifdef CONFIG_KSU_SUSFS + // - here we check if uid is a isolated service spawned by zygote directly + // - Apps that do not use "useAppZyogte" to start a isolated service will be directly + // spawned by zygote which KSU will ignore it by default, the only fix for now is to + // force a umount for those uid + // - Therefore make sure your root app doesn't use isolated service for root access + // - Kudos to ThePedroo, the author and maintainer of Rezygisk for finding and reporting + // the detection, really big helps here! + else if (new_uid.val >= 90000 && new_uid.val < 1000000) { + task_lock(current); + susfs_set_current_non_root_user_app_proc(); +#ifdef CONFIG_KSU_SUSFS_SUS_SU + susfs_set_current_proc_su_not_allowed(); +#endif // #ifdef CONFIG_KSU_SUSFS_SUS_SU + task_unlock(current); +#ifdef CONFIG_KSU_SUSFS_SUS_PATH + susfs_run_sus_path_loop(new_uid.val); +#endif // #ifdef CONFIG_KSU_SUSFS_SUS_PATH +#ifdef CONFIG_KSU_SUSFS_SUS_MOUNT + if (susfs_is_umount_for_zygote_iso_service_enabled) { + goto out_susfs_try_umount_all; + } + #endif // #ifdef CONFIG_KSU_SUSFS_SUS_MOUNT } } #endif // #ifdef CONFIG_KSU_SUSFS @@ -1310,26 +1339,32 @@ int ksu_handle_setuid(struct cred *new, const struct cred *old) #ifdef CONFIG_KSU_DEBUG pr_info("handle umount for unsupported application uid: %d\n", new_uid.val); #endif -#ifdef CONFIG_KSU_SUSFS - susfs_set_current_non_root_user_app_proc(); -#endif // #ifdef CONFIG_KSU_SUSFS -#ifdef CONFIG_KSU_SUSFS_SUS_SU - susfs_set_current_proc_su_not_allowed(); -#endif // #ifdef CONFIG_KSU_SUSFS_SUS_SU -#ifdef CONFIG_KSU_SUSFS_SUS_PATH - susfs_run_sus_path_loop(new_uid.val); -#endif // #ifdef CONFIG_KSU_SUSFS_SUS_PATH goto do_umount; } - if (ksu_is_allow_uid(new_uid.val)) { #ifdef CONFIG_KSU_DEBUG pr_info("handle setuid ignore allowed application: %d\n", new_uid.val); #endif return 0; } +#ifdef CONFIG_KSU_SUSFS + else { + task_lock(current); + susfs_set_current_non_root_user_app_proc(); +#ifdef CONFIG_KSU_SUSFS_SUS_SU + susfs_set_current_proc_su_not_allowed(); +#endif // #ifdef CONFIG_KSU_SUSFS_SUS_SU + task_unlock(current); +#ifdef CONFIG_KSU_SUSFS_SUS_PATH + susfs_run_sus_path_loop(new_uid.val); +#endif // #ifdef CONFIG_KSU_SUSFS_SUS_PATH + } +#endif // #ifdef CONFIG_KSU_SUSFS +#ifdef CONFIG_KSU_SUSFS_SUS_MOUNT +out_try_umount: +#endif if (!ksu_uid_should_umount(new_uid.val)) { return 0; } else { @@ -1337,42 +1372,24 @@ int ksu_handle_setuid(struct cred *new, const struct cred *old) pr_info("uid: %d should not umount!\n", current_uid().val); #endif } - do_umount: // check old process's selinux context, if it is not zygote, ignore it! // because some su apps may setuid to untrusted_app but they are in global mount namespace // when we umount for such process, that is a disaster! -#ifdef CONFIG_KSU_SUSFS - if (!is_zygote_child) { -#else if (!is_zygote(old->security)) { -#endif pr_info("handle umount ignore non zygote child: %d\n", current->pid); return 0; } -#ifdef CONFIG_KSU_DEBUG - // umount the target mnt - pr_info("handle umount for uid: %d, pid: %d\n", new_uid.val, - current->pid); -#endif -#ifdef CONFIG_KSU_SUSFS - susfs_set_current_non_root_user_app_proc(); -#endif -#ifdef CONFIG_KSU_SUSFS_SUS_SU - susfs_set_current_proc_su_not_allowed(); -#endif // #ifdef CONFIG_KSU_SUSFS_SUS_SU -#ifdef CONFIG_KSU_SUSFS_SUS_PATH - susfs_run_sus_path_loop(new_uid.val); -#endif // #ifdef CONFIG_KSU_SUSFS_SUS_PATH + #ifdef CONFIG_KSU_SUSFS_TRY_UMOUNT +out_susfs_try_umount_all: // susfs come first, and lastly umount by ksu, make sure umount in reversed order susfs_try_umount_all(new_uid.val); #else // fixme: use `collect_mounts` and `iterate_mount` to iterate all mountpoint and // filter the mountpoint whose target is `/data/adb` - try_umount("/odm", true, 0); try_umount("/system", true, 0); try_umount("/vendor", true, 0); try_umount("/product", true, 0); @@ -1386,7 +1403,7 @@ do_umount: // try umount ksu temp path try_umount("/debug_ramdisk", false, MNT_DETACH); - + // try umount ksu su path try_umount("/sbin", false, MNT_DETACH);