android/SukiSU-Ultra
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Revert "kernel: Remove CONFIG_KSU_MANUAL_SU protection"

Browse Source 
This reverts commit fa229b23a4.
This commit is contained in:
ShirkNeko
2025-11-05 01:50:00 +08:00
parent 1e0590aeb2
commit ab3ff2699c
7 changed files with 55 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
kernel/Kconfig
View File

@@ -31,6 +31,13 @@ config KSU_THRONE_TRACKER_LEGACY
This is kept for Ultra-Legacy Linux 4.4-3.X kernels which are prone to deadlocks. This is kept for Ultra-Legacy Linux 4.4-3.X kernels which are prone to deadlocks.
Enable this if default scanning deadlocks/crashes on you. Enable this if default scanning deadlocks/crashes on you.
config KSU_MANUAL_SU
bool "Use manual su"
depends on KSU
default y
help
Use manual su and authorize the corresponding command line and application via prctl
config KSU_ALLOWLIST_WORKAROUND config KSU_ALLOWLIST_WORKAROUND
bool "KernelSU Session Keyring Init workaround" bool "KernelSU Session Keyring Init workaround"
depends on KSU depends on KSU
@@ -62,6 +69,8 @@ choice
prompt "KernelSU hook type" prompt "KernelSU hook type"
depends on KSU depends on KSU
default KSU_KPROBES_HOOK default KSU_KPROBES_HOOK
help
Hook type for KernelSU
config KSU_KPROBES_HOOK config KSU_KPROBES_HOOK
bool "Hook KernelSU with Kprobes" bool "Hook KernelSU with Kprobes"

7
kernel/Makefile
View File

@@ -12,7 +12,11 @@ kernelsu-objs += embed_ksud.o
kernelsu-objs += kernel_compat.o kernelsu-objs += kernel_compat.o
kernelsu-objs += throne_comm.o kernelsu-objs += throne_comm.o
kernelsu-objs += sulog.o kernelsu-objs += sulog.o
ifeq ($(CONFIG_KSU_MANUAL_SU), y)
ccflags-y += -DCONFIG_KSU_MANUAL_SU
kernelsu-objs += manual_su.o kernelsu-objs += manual_su.o
endif
ifeq ($(CONFIG_KSU_TRACEPOINT_HOOK), y) ifeq ($(CONFIG_KSU_TRACEPOINT_HOOK), y)
kernelsu-objs += ksu_trace.o kernelsu-objs += ksu_trace.o
@@ -97,10 +101,13 @@ ccflags-y += -DKSU_VERSION_FULL=\"$(KSU_VERSION_FULL)\"
ifeq ($(CONFIG_KSU_KPROBES_HOOK), y) ifeq ($(CONFIG_KSU_KPROBES_HOOK), y)
$(info -- SukiSU: CONFIG_KSU_KPROBES_HOOK) $(info -- SukiSU: CONFIG_KSU_KPROBES_HOOK)
ccflags-y += -DCONFIG_KSU_KPROBES_HOOK
else ifeq ($(CONFIG_KSU_TRACEPOINT_HOOK), y) else ifeq ($(CONFIG_KSU_TRACEPOINT_HOOK), y)
$(info -- SukiSU: CONFIG_KSU_TRACEPOINT_HOOK) $(info -- SukiSU: CONFIG_KSU_TRACEPOINT_HOOK)
ccflags-y += -DCONFIG_KSU_TRACEPOINT_HOOK
else ifeq ($(CONFIG_KSU_MANUAL_HOOK), y) else ifeq ($(CONFIG_KSU_MANUAL_HOOK), y)
$(info -- SukiSU: CONFIG_KSU_MANUAL_HOOK) $(info -- SukiSU: CONFIG_KSU_MANUAL_HOOK)
ccflags-y += -DCONFIG_KSU_MANUAL_HOOK
endif endif
KERNEL_VERSION := $(VERSION).$(PATCHLEVEL) KERNEL_VERSION := $(VERSION).$(PATCHLEVEL)

2
kernel/allowlist.c
View File

@@ -527,6 +527,7 @@ void ksu_allowlist_exit(void)
mutex_unlock(&allowlist_mutex); mutex_unlock(&allowlist_mutex);
} }
#ifdef CONFIG_KSU_MANUAL_SU
bool ksu_temp_grant_root_once(uid_t uid) bool ksu_temp_grant_root_once(uid_t uid)
{ {
struct app_profile profile = { struct app_profile profile = {
@@ -602,3 +603,4 @@ void ksu_temp_revoke_root_once(uid_t uid)
persistent_allow_list(); persistent_allow_list();
pr_info("pending_root: UID=%d removed and persist updated\n", uid); pr_info("pending_root: UID=%d removed and persist updated\n", uid);
} }
#endif

2
kernel/allowlist.h
View File

@@ -25,6 +25,8 @@ bool ksu_set_app_profile(struct app_profile *, bool persist);
bool ksu_uid_should_umount(uid_t uid); bool ksu_uid_should_umount(uid_t uid);
struct root_profile *ksu_get_root_profile(uid_t uid); struct root_profile *ksu_get_root_profile(uid_t uid);
#ifdef CONFIG_KSU_MANUAL_SU
bool ksu_temp_grant_root_once(uid_t uid); bool ksu_temp_grant_root_once(uid_t uid);
void ksu_temp_revoke_root_once(uid_t uid); void ksu_temp_revoke_root_once(uid_t uid);
#endif #endif
#endif

30
kernel/core_hook.c
View File

@@ -60,7 +60,14 @@
#include "kernel_compat.h" #include "kernel_compat.h"
#include "supercalls.h" #include "supercalls.h"
#include "sulog.h" #include "sulog.h"
#ifdef CONFIG_KSU_MANUAL_SU
#include "manual_su.h" #include "manual_su.h"
#endif
#ifdef CONFIG_KPM
#include "kpm/kpm.h"
#endif
#ifdef CONFIG_KSU_SUSFS #ifdef CONFIG_KSU_SUSFS
bool susfs_is_boot_completed_triggered = false; bool susfs_is_boot_completed_triggered = false;
@@ -155,6 +162,7 @@ bool ksu_is_compat __read_mostly = false;
extern int __ksu_handle_devpts(struct inode *inode); // sucompat.c extern int __ksu_handle_devpts(struct inode *inode); // sucompat.c
#ifdef CONFIG_KSU_MANUAL_SU
static void ksu_try_escalate_for_uid(uid_t uid) static void ksu_try_escalate_for_uid(uid_t uid)
{ {
if (!is_pending_root(uid)) if (!is_pending_root(uid))
@@ -163,6 +171,7 @@ static void ksu_try_escalate_for_uid(uid_t uid)
pr_info("pending_root: UID=%d temporarily allowed\n", uid); pr_info("pending_root: UID=%d temporarily allowed\n", uid);
remove_pending_root(uid); remove_pending_root(uid);
} }
#endif
static bool ksu_kernel_umount_enabled = true; static bool ksu_kernel_umount_enabled = true;
@@ -343,6 +352,8 @@ void escape_to_root(void)
#endif #endif
} }
#ifdef CONFIG_KSU_MANUAL_SU
static void disable_seccomp_for_task(struct task_struct *tsk) static void disable_seccomp_for_task(struct task_struct *tsk)
{ {
if (!tsk->seccomp.filter && tsk->seccomp.mode == SECCOMP_MODE_DISABLED) if (!tsk->seccomp.filter && tsk->seccomp.mode == SECCOMP_MODE_DISABLED)
@@ -362,6 +373,7 @@ static void disable_seccomp_for_task(struct task_struct *tsk)
tsk->seccomp.filter = NULL; tsk->seccomp.filter = NULL;
#endif #endif
} }
#endif
} }
void escape_to_root_for_cmd_su(uid_t target_uid, pid_t target_pid) void escape_to_root_for_cmd_su(uid_t target_uid, pid_t target_pid)
@@ -504,7 +516,9 @@ static void sulog_prctl_cmd(uid_t uid, unsigned long cmd)
const char *name = NULL; const char *name = NULL;
switch (cmd) { switch (cmd) {
#ifdef CONFIG_KSU_MANUAL_SU
case CMD_MANUAL_SU_REQUEST: name = "prctl_manual_su_request"; break; case CMD_MANUAL_SU_REQUEST: name = "prctl_manual_su_request"; break;
#endif
#ifdef CONFIG_KSU_SUSFS #ifdef CONFIG_KSU_SUSFS
case CMD_SUSFS_ADD_SUS_PATH: name = "prctl_susfs_add_sus_path"; break; case CMD_SUSFS_ADD_SUS_PATH: name = "prctl_susfs_add_sus_path"; break;
@@ -590,6 +604,19 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
pr_info("option: 0x%x, cmd: %ld\n", option, arg2); pr_info("option: 0x%x, cmd: %ld\n", option, arg2);
#endif #endif
#ifdef CONFIG_KPM
if(sukisu_is_kpm_control_code(arg2)) {
int res;
pr_info("KPM: calling before arg2=%d\n", (int) arg2);
res = sukisu_handle_kpm(arg2, arg3, arg4, arg5);
return 0;
}
#endif
#ifdef CONFIG_KSU_MANUAL_SU
if (arg2 == CMD_MANUAL_SU_REQUEST) { if (arg2 == CMD_MANUAL_SU_REQUEST) {
struct manual_su_request request; struct manual_su_request request;
int su_option = (int)arg3; int su_option = (int)arg3;
@@ -616,6 +643,7 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
} }
return 0; return 0;
} }
#endif
#ifdef CONFIG_KSU_SUSFS #ifdef CONFIG_KSU_SUSFS
int susfs_cmd_err = 0; int susfs_cmd_err = 0;
@@ -1384,7 +1412,9 @@ int ksu_bprm_check(struct linux_binprm *bprm)
ksu_handle_pre_ksud(filename); ksu_handle_pre_ksud(filename);
#ifdef CONFIG_KSU_MANUAL_SU
ksu_try_escalate_for_uid(current_uid().val); ksu_try_escalate_for_uid(current_uid().val);
#endif
return 0; return 0;

2
kernel/ksu.h
View File

@@ -9,7 +9,9 @@
extern bool ksu_uid_scanner_enabled; extern bool ksu_uid_scanner_enabled;
#ifdef CONFIG_KSU_MANUAL_SU
#define CMD_MANUAL_SU_REQUEST 50 #define CMD_MANUAL_SU_REQUEST 50
#endif
#define EVENT_POST_FS_DATA 1 #define EVENT_POST_FS_DATA 1
#define EVENT_BOOT_COMPLETED 2 #define EVENT_BOOT_COMPLETED 2

3
kernel/supercalls.c
View File

@@ -20,7 +20,10 @@
#include "kernel_compat.h" #include "kernel_compat.h"
#include "throne_comm.h" #include "throne_comm.h"
#include "dynamic_manager.h" #include "dynamic_manager.h"
#ifdef CONFIG_KSU_MANUAL_SU
#include "manual_su.h" #include "manual_su.h"
#endif
// Forward declarations from core_hook.c // Forward declarations from core_hook.c
extern void escape_to_root(void); extern void escape_to_root(void);