Kernel: Enhanced temporary record UID functionality and elevated privileges

2025-09-29 04:28:31 +08:00
parent 65d5d6a494
commit a9a10466b3
6 changed files with 210 additions and 13 deletions
--- a/kernel/manual_su.c
+++ b/kernel/manual_su.c
@@ -10,9 +10,23 @@
 #include "ksu.h"
 #include "allowlist.h"
 #include "manager.h"
+#include "allowlist.h"

 static const char *ksu_su_password = "zakozako";
 extern void escape_to_root_for_cmd_su(uid_t, pid_t);
+#define MAX_PENDING 16
+#define REMOVE_DELAY_CALLS 150
+
+struct pending_uid {
+    uid_t uid;
+    int use_count;
+    int remove_calls;
+};
+
+static struct pending_uid pending_uids[MAX_PENDING] = {0};
+static int pending_cnt = 0;
+
+bool current_verified = false;

 int ksu_manual_su_escalate(uid_t target_uid, pid_t target_pid,
                           const char __user *user_password)
@@ -40,6 +54,61 @@ int ksu_manual_su_escalate(uid_t target_uid, pid_t target_pid,
    ksu_mark_current_verified();

 allowed:
+    current_verified = true;
    escape_to_root_for_cmd_su(target_uid, target_pid);
    return 0;
-}
+}
+
+bool is_current_verified(void)
+{
+    return current_verified;
+}
+
+bool is_pending_root(uid_t uid)
+{
+    for (int i = 0; i < pending_cnt; i++) {
+        if (pending_uids[i].uid == uid) {
+            pending_uids[i].use_count++;
+            pending_uids[i].remove_calls++;
+            return true;
+        }
+    }
+    return false;
+}
+
+void remove_pending_root(uid_t uid)
+{
+    for (int i = 0; i < pending_cnt; i++) {
+        if (pending_uids[i].uid == uid) {
+            pending_uids[i].remove_calls++;
+
+            if (pending_uids[i].remove_calls >= REMOVE_DELAY_CALLS) {
+                pending_uids[i] = pending_uids[--pending_cnt];
+                pr_info("pending_root: removed UID %d after %d calls\n", uid, REMOVE_DELAY_CALLS);
+                ksu_temp_revoke_root_once(uid);
+            } else {
+                pr_info("pending_root: UID %d remove_call=%d (<%d)\n",
+                        uid, pending_uids[i].remove_calls, REMOVE_DELAY_CALLS);
+            }
+            return;
+        }
+    }
+}
+
+void add_pending_root(uid_t uid)
+{
+    if (pending_cnt >= MAX_PENDING) {
+        pr_warn("pending_root: cache full\n");
+        return;
+    }
+    for (int i = 0; i < pending_cnt; i++) {
+        if (pending_uids[i].uid == uid) {
+            pending_uids[i].use_count = 0;
+            pending_uids[i].remove_calls = 0;
+            return;
+        }
+    }
+    pending_uids[pending_cnt++] = (struct pending_uid){uid, 0};
+    ksu_temp_grant_root_once(uid);
+    pr_info("pending_root: cached UID %d\n", uid);
+}