Revert "kernel: Remove CONFIG_KSU_MANUAL_SU protection"

This reverts commit fa229b23a4.

kernel/Kconfig

@@ -31,6 +31,13 @@ config KSU_THRONE_TRACKER_LEGACY
       This is kept for Ultra-Legacy Linux 4.4-3.X kernels which are prone to deadlocks.
       Enable this if default scanning deadlocks/crashes on you.
 
+config KSU_MANUAL_SU
+    bool "Use manual su"
+    depends on KSU
+    default y
+    help
+      Use manual su and authorize the corresponding command line and application via prctl
+
 config KSU_ALLOWLIST_WORKAROUND
     bool "KernelSU Session Keyring Init workaround"
     depends on KSU
@@ -62,6 +69,8 @@ choice
     prompt "KernelSU hook type"
     depends on KSU
     default KSU_KPROBES_HOOK
+    help
+      Hook type for KernelSU
 
 config KSU_KPROBES_HOOK
     bool "Hook KernelSU with Kprobes"

kernel/Makefile

@@ -12,7 +12,11 @@ kernelsu-objs += embed_ksud.o
 kernelsu-objs += kernel_compat.o
 kernelsu-objs += throne_comm.o
 kernelsu-objs += sulog.o
+
+ifeq ($(CONFIG_KSU_MANUAL_SU), y)
+ccflags-y += -DCONFIG_KSU_MANUAL_SU
 kernelsu-objs += manual_su.o
+endif
 
 ifeq ($(CONFIG_KSU_TRACEPOINT_HOOK), y)
 kernelsu-objs += ksu_trace.o
@@ -97,10 +101,13 @@ ccflags-y += -DKSU_VERSION_FULL=\"$(KSU_VERSION_FULL)\"
 
 ifeq ($(CONFIG_KSU_KPROBES_HOOK), y)
 $(info -- SukiSU: CONFIG_KSU_KPROBES_HOOK)
+ccflags-y += -DCONFIG_KSU_KPROBES_HOOK
 else ifeq ($(CONFIG_KSU_TRACEPOINT_HOOK), y)
 $(info -- SukiSU: CONFIG_KSU_TRACEPOINT_HOOK)
+ccflags-y += -DCONFIG_KSU_TRACEPOINT_HOOK
 else ifeq ($(CONFIG_KSU_MANUAL_HOOK), y)
 $(info -- SukiSU: CONFIG_KSU_MANUAL_HOOK)
+ccflags-y += -DCONFIG_KSU_MANUAL_HOOK
 endif
 
 KERNEL_VERSION := $(VERSION).$(PATCHLEVEL)

kernel/allowlist.c

@@ -527,6 +527,7 @@ void ksu_allowlist_exit(void)
     mutex_unlock(&allowlist_mutex);
 }
 
+#ifdef CONFIG_KSU_MANUAL_SU
 bool ksu_temp_grant_root_once(uid_t uid)
 {
     struct app_profile profile = {
@@ -602,3 +603,4 @@ void ksu_temp_revoke_root_once(uid_t uid)
     persistent_allow_list();
     pr_info("pending_root: UID=%d removed and persist updated\n", uid);
 }
+#endif

kernel/allowlist.h

@@ -25,6 +25,8 @@ bool ksu_set_app_profile(struct app_profile *, bool persist);
 bool ksu_uid_should_umount(uid_t uid);
 struct root_profile *ksu_get_root_profile(uid_t uid);
 
+#ifdef CONFIG_KSU_MANUAL_SU
 bool ksu_temp_grant_root_once(uid_t uid);
 void ksu_temp_revoke_root_once(uid_t uid);
 #endif
+#endif

kernel/core_hook.c

@@ -60,7 +60,14 @@
 #include "kernel_compat.h"
 #include "supercalls.h"
 #include "sulog.h"
+
+#ifdef CONFIG_KSU_MANUAL_SU
 #include "manual_su.h"
+#endif
+
+#ifdef CONFIG_KPM
+#include "kpm/kpm.h"
+#endif
 
 #ifdef CONFIG_KSU_SUSFS
 bool susfs_is_boot_completed_triggered = false;
@@ -155,6 +162,7 @@ bool ksu_is_compat __read_mostly = false;
 
 extern int __ksu_handle_devpts(struct inode *inode); // sucompat.c
 
+#ifdef CONFIG_KSU_MANUAL_SU
 static void ksu_try_escalate_for_uid(uid_t uid)
 {
     if (!is_pending_root(uid))
@@ -163,6 +171,7 @@ static void ksu_try_escalate_for_uid(uid_t uid)
     pr_info("pending_root: UID=%d temporarily allowed\n", uid);
     remove_pending_root(uid);
 }
+#endif
 
 static bool ksu_kernel_umount_enabled = true;
 
@@ -343,6 +352,8 @@ void escape_to_root(void)
 #endif
 }
 
+#ifdef CONFIG_KSU_MANUAL_SU
+
 static void disable_seccomp_for_task(struct task_struct *tsk)
 {
     if (!tsk->seccomp.filter && tsk->seccomp.mode == SECCOMP_MODE_DISABLED)
@@ -362,6 +373,7 @@ static void disable_seccomp_for_task(struct task_struct *tsk)
         tsk->seccomp.filter = NULL;
 #endif
     }
+#endif
 }
 
 void escape_to_root_for_cmd_su(uid_t target_uid, pid_t target_pid)
@@ -504,7 +516,9 @@ static void sulog_prctl_cmd(uid_t uid, unsigned long cmd)
     const char *name = NULL;
 
     switch (cmd) {
+#ifdef CONFIG_KSU_MANUAL_SU
     case CMD_MANUAL_SU_REQUEST:             name = "prctl_manual_su_request"; break;
+#endif
 
 #ifdef CONFIG_KSU_SUSFS
     case CMD_SUSFS_ADD_SUS_PATH:            name = "prctl_susfs_add_sus_path"; break;
@@ -590,6 +604,19 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
     pr_info("option: 0x%x, cmd: %ld\n", option, arg2);
 #endif
 
+    #ifdef CONFIG_KPM
+    if(sukisu_is_kpm_control_code(arg2)) {
+        int res;
+
+        pr_info("KPM: calling before arg2=%d\n", (int) arg2);
+        
+        res = sukisu_handle_kpm(arg2, arg3, arg4, arg5);
+
+        return 0;
+    }
+#endif
+
+#ifdef CONFIG_KSU_MANUAL_SU
     if (arg2 == CMD_MANUAL_SU_REQUEST) {
         struct manual_su_request request;
         int su_option = (int)arg3;
@@ -616,6 +643,7 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
         }
         return 0;
     }
+#endif
 
 #ifdef CONFIG_KSU_SUSFS
     int susfs_cmd_err = 0;
@@ -1384,7 +1412,9 @@ int ksu_bprm_check(struct linux_binprm *bprm)
 
     ksu_handle_pre_ksud(filename);
 
+#ifdef CONFIG_KSU_MANUAL_SU
     ksu_try_escalate_for_uid(current_uid().val);
+#endif
 
     return 0;
 

kernel/ksu.h

@@ -9,7 +9,9 @@
 
 extern bool ksu_uid_scanner_enabled;
 
+#ifdef CONFIG_KSU_MANUAL_SU
 #define CMD_MANUAL_SU_REQUEST 50
+#endif
 
 #define EVENT_POST_FS_DATA 1
 #define EVENT_BOOT_COMPLETED 2

kernel/supercalls.c

@@ -20,7 +20,10 @@
 #include "kernel_compat.h"
 #include "throne_comm.h"
 #include "dynamic_manager.h"
+
+#ifdef CONFIG_KSU_MANUAL_SU
 #include "manual_su.h"
+#endif
 
 // Forward declarations from core_hook.c
 extern void escape_to_root(void);