kernel: Apply the SUSFS patch
This commit is contained in:
ShirkNeko
@@ -45,6 +45,11 @@
|
||||
#include <linux/vmalloc.h>
|
||||
#endif
|
||||
|
||||
#ifdef CONFIG_KSU_SUSFS
|
||||
#include <linux/susfs.h>
|
||||
#include <linux/susfs_def.h>
|
||||
#endif // #ifdef CONFIG_KSU_SUSFS
|
||||
|
||||
#include "allowlist.h"
|
||||
#include "setuid_hook.h"
|
||||
#include "feature.h"
|
||||
@@ -58,6 +63,8 @@
|
||||
#include "kernel_umount.h"
|
||||
#include "app_profile.h"
|
||||
|
||||
#include "sulog.h"
|
||||
|
||||
static bool ksu_enhanced_security_enabled = false;
|
||||
|
||||
static int enhanced_security_feature_get(u64 *value)
|
||||
@@ -81,6 +88,28 @@ static const struct ksu_feature_handler enhanced_security_handler = {
|
||||
.set_handler = enhanced_security_feature_set,
|
||||
};
|
||||
|
||||
#ifdef CONFIG_KSU_SUSFS
|
||||
bool susfs_is_boot_completed_triggered = false;
|
||||
#ifdef CONFIG_KSU_SUSFS_SUS_MOUNT
|
||||
static bool susfs_is_umount_for_zygote_system_process_enabled = false;
|
||||
static bool susfs_is_umount_for_zygote_iso_service_enabled = false;
|
||||
extern bool susfs_hide_sus_mnts_for_all_procs;
|
||||
#endif // #ifdef CONFIG_KSU_SUSFS_SUS_MOUNT
|
||||
#ifdef CONFIG_KSU_SUSFS_AUTO_ADD_SUS_BIND_MOUNT
|
||||
extern bool susfs_is_auto_add_sus_bind_mount_enabled;
|
||||
#endif // #ifdef CONFIG_KSU_SUSFS_AUTO_ADD_SUS_BIND_MOUNT
|
||||
#ifdef CONFIG_KSU_SUSFS_AUTO_ADD_SUS_KSU_DEFAULT_MOUNT
|
||||
extern bool susfs_is_auto_add_sus_ksu_default_mount_enabled;
|
||||
#endif // #ifdef CONFIG_KSU_SUSFS_AUTO_ADD_SUS_KSU_DEFAULT_MOUNT
|
||||
#ifdef CONFIG_KSU_SUSFS_AUTO_ADD_TRY_UMOUNT_FOR_BIND_MOUNT
|
||||
extern bool susfs_is_auto_add_try_umount_for_bind_mount_enabled;
|
||||
#endif // #ifdef CONFIG_KSU_SUSFS_AUTO_ADD_TRY_UMOUNT_FOR_BIND_MOUNT
|
||||
#ifdef CONFIG_KSU_SUSFS_SUS_SU
|
||||
extern bool susfs_is_sus_su_ready;
|
||||
#endif // #ifdef CONFIG_KSU_SUSFS_SUS_SU
|
||||
|
||||
#endif // #ifdef CONFIG_KSU_SUSFS
|
||||
|
||||
static inline bool is_allow_su(void)
|
||||
{
|
||||
if (is_manager()) {
|
||||
@@ -107,6 +136,300 @@ static bool is_appuid(uid_t uid)
|
||||
return appid >= FIRST_APPLICATION_UID && appid <= LAST_APPLICATION_UID;
|
||||
}
|
||||
|
||||
#if __SULOG_GATE
|
||||
static void sulog_prctl_cmd(uid_t uid, unsigned long cmd)
|
||||
{
|
||||
const char *name = NULL;
|
||||
|
||||
switch (cmd) {
|
||||
|
||||
#ifdef CONFIG_KSU_SUSFS
|
||||
case CMD_SUSFS_ADD_SUS_PATH: name = "prctl_susfs_add_sus_path"; break;
|
||||
case CMD_SUSFS_ADD_SUS_PATH_LOOP: name = "prctl_susfs_add_sus_path_loop"; break;
|
||||
case CMD_SUSFS_SET_ANDROID_DATA_ROOT_PATH: name = "prctl_susfs_set_android_data_root_path"; break;
|
||||
case CMD_SUSFS_SET_SDCARD_ROOT_PATH: name = "prctl_susfs_set_sdcard_root_path"; break;
|
||||
case CMD_SUSFS_ADD_SUS_MOUNT: name = "prctl_susfs_add_sus_mount"; break;
|
||||
case CMD_SUSFS_HIDE_SUS_MNTS_FOR_ALL_PROCS: name = "prctl_susfs_hide_sus_mnts_for_all_procs"; break;
|
||||
case CMD_SUSFS_UMOUNT_FOR_ZYGOTE_ISO_SERVICE: name = "prctl_susfs_umount_for_zygote_iso_service"; break;
|
||||
case CMD_SUSFS_ADD_SUS_KSTAT: name = "prctl_susfs_add_sus_kstat"; break;
|
||||
case CMD_SUSFS_UPDATE_SUS_KSTAT: name = "prctl_susfs_update_sus_kstat"; break;
|
||||
case CMD_SUSFS_ADD_SUS_KSTAT_STATICALLY: name = "prctl_susfs_add_sus_kstat_statically"; break;
|
||||
case CMD_SUSFS_ADD_TRY_UMOUNT: name = "prctl_susfs_add_try_umount"; break;
|
||||
case CMD_SUSFS_SET_UNAME: name = "prctl_susfs_set_uname"; break;
|
||||
case CMD_SUSFS_ENABLE_LOG: name = "prctl_susfs_enable_log"; break;
|
||||
case CMD_SUSFS_SET_CMDLINE_OR_BOOTCONFIG: name = "prctl_susfs_set_cmdline_or_bootconfig"; break;
|
||||
case CMD_SUSFS_ADD_OPEN_REDIRECT: name = "prctl_susfs_add_open_redirect"; break;
|
||||
case CMD_SUSFS_SHOW_VERSION: name = "prctl_susfs_show_version"; break;
|
||||
case CMD_SUSFS_SHOW_ENABLED_FEATURES: name = "prctl_susfs_show_enabled_features"; break;
|
||||
case CMD_SUSFS_SHOW_VARIANT: name = "prctl_susfs_show_variant"; break;
|
||||
#ifdef CONFIG_KSU_SUSFS_SUS_SU
|
||||
case CMD_SUSFS_SUS_SU: name = "prctl_susfs_sus_su"; break;
|
||||
case CMD_SUSFS_IS_SUS_SU_READY: name = "prctl_susfs_is_sus_su_ready"; break;
|
||||
case CMD_SUSFS_SHOW_SUS_SU_WORKING_MODE: name = "prctl_susfs_show_sus_su_working_mode"; break;
|
||||
#endif
|
||||
case CMD_SUSFS_ADD_SUS_MAP: name = "prctl_susfs_add_sus_map"; break;
|
||||
case CMD_SUSFS_ENABLE_AVC_LOG_SPOOFING: name = "prctl_susfs_enable_avc_log_spoofing"; break;
|
||||
#endif
|
||||
|
||||
default: name = "prctl_unknown"; break;
|
||||
}
|
||||
|
||||
ksu_sulog_report_syscall(uid, NULL, name, NULL);
|
||||
}
|
||||
#endif
|
||||
|
||||
int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
|
||||
unsigned long arg4, unsigned long arg5)
|
||||
{
|
||||
|
||||
|
||||
#ifdef CONFIG_KSU_SUSFS
|
||||
// - We straight up check if process is supposed to be umounted, return 0 if so
|
||||
// - This is to prevent side channel attack as much as possible
|
||||
if (likely(susfs_is_current_proc_umounted()))
|
||||
return 0;
|
||||
#endif
|
||||
|
||||
// if success, we modify the arg5 as result!
|
||||
u32 *result = (u32 *)arg5;
|
||||
u32 reply_ok = KERNEL_SU_OPTION;
|
||||
|
||||
if (KERNEL_SU_OPTION != option) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
bool from_root = 0 == current_uid().val;
|
||||
bool from_manager = is_manager();
|
||||
|
||||
#if __SULOG_GATE
|
||||
sulog_prctl_cmd(current_uid().val, arg2);
|
||||
#endif
|
||||
|
||||
if (!from_root && !from_manager && !is_allow_su()) {
|
||||
// only root or manager can access this interface
|
||||
return 0;
|
||||
}
|
||||
|
||||
#ifdef CONFIG_KSU_DEBUG
|
||||
pr_info("option: 0x%x, cmd: %ld\n", option, arg2);
|
||||
#endif
|
||||
|
||||
#ifdef CONFIG_KSU_SUSFS
|
||||
int susfs_cmd_err = 0;
|
||||
#ifdef CONFIG_KSU_SUSFS_SUS_PATH
|
||||
if (arg2 == CMD_SUSFS_ADD_SUS_PATH) {
|
||||
susfs_cmd_err = susfs_add_sus_path((struct st_susfs_sus_path __user*)arg3);
|
||||
pr_info("susfs: CMD_SUSFS_ADD_SUS_PATH -> ret: %d\n", susfs_cmd_err);
|
||||
if (copy_to_user((void __user*)arg5, &susfs_cmd_err, sizeof(susfs_cmd_err)))
|
||||
pr_info("susfs: copy_to_user() failed\n");
|
||||
return 0;
|
||||
}
|
||||
if (arg2 == CMD_SUSFS_ADD_SUS_PATH_LOOP) {
|
||||
susfs_cmd_err = susfs_add_sus_path_loop((struct st_susfs_sus_path __user*)arg3);
|
||||
pr_info("susfs: CMD_SUSFS_ADD_SUS_PATH_LOOP -> ret: %d\n", susfs_cmd_err);
|
||||
if (copy_to_user((void __user*)arg5, &susfs_cmd_err, sizeof(susfs_cmd_err)))
|
||||
pr_info("susfs: copy_to_user() failed\n");
|
||||
return 0;
|
||||
}
|
||||
if (arg2 == CMD_SUSFS_SET_ANDROID_DATA_ROOT_PATH) {
|
||||
susfs_cmd_err = susfs_set_i_state_on_external_dir((char __user*)arg3, CMD_SUSFS_SET_ANDROID_DATA_ROOT_PATH);
|
||||
pr_info("susfs: CMD_SUSFS_SET_ANDROID_DATA_ROOT_PATH -> ret: %d\n", susfs_cmd_err);
|
||||
if (copy_to_user((void __user*)arg5, &susfs_cmd_err, sizeof(susfs_cmd_err)))
|
||||
pr_info("susfs: copy_to_user() failed\n");
|
||||
return 0;
|
||||
}
|
||||
if (arg2 == CMD_SUSFS_SET_SDCARD_ROOT_PATH) {
|
||||
susfs_cmd_err = susfs_set_i_state_on_external_dir((char __user*)arg3, CMD_SUSFS_SET_SDCARD_ROOT_PATH);
|
||||
pr_info("susfs: CMD_SUSFS_SET_SDCARD_ROOT_PATH -> ret: %d\n", susfs_cmd_err);
|
||||
if (copy_to_user((void __user*)arg5, &susfs_cmd_err, sizeof(susfs_cmd_err)))
|
||||
pr_info("susfs: copy_to_user() failed\n");
|
||||
return 0;
|
||||
}
|
||||
#endif //#ifdef CONFIG_KSU_SUSFS_SUS_PATH
|
||||
#ifdef CONFIG_KSU_SUSFS_SUS_MOUNT
|
||||
if (arg2 == CMD_SUSFS_ADD_SUS_MOUNT) {
|
||||
susfs_cmd_err = susfs_add_sus_mount((struct st_susfs_sus_mount __user*)arg3);
|
||||
pr_info("susfs: CMD_SUSFS_ADD_SUS_MOUNT -> ret: %d\n", susfs_cmd_err);
|
||||
if (copy_to_user((void __user*)arg5, &susfs_cmd_err, sizeof(susfs_cmd_err)))
|
||||
pr_info("susfs: copy_to_user() failed\n");
|
||||
return 0;
|
||||
}
|
||||
if (arg2 == CMD_SUSFS_HIDE_SUS_MNTS_FOR_ALL_PROCS) {
|
||||
if (arg3 != 0 && arg3 != 1) {
|
||||
pr_err("susfs: CMD_SUSFS_HIDE_SUS_MNTS_FOR_ALL_PROCS -> arg3 can only be 0 or 1\n");
|
||||
return 0;
|
||||
}
|
||||
susfs_hide_sus_mnts_for_all_procs = arg3;
|
||||
pr_info("susfs: CMD_SUSFS_HIDE_SUS_MNTS_FOR_ALL_PROCS -> susfs_hide_sus_mnts_for_all_procs: %lu\n", arg3);
|
||||
if (copy_to_user((void __user*)arg5, &susfs_cmd_err, sizeof(susfs_cmd_err)))
|
||||
pr_info("susfs: copy_to_user() failed\n");
|
||||
return 0;
|
||||
}
|
||||
if (arg2 == CMD_SUSFS_UMOUNT_FOR_ZYGOTE_ISO_SERVICE) {
|
||||
if (arg3 != 0 && arg3 != 1) {
|
||||
pr_err("susfs: CMD_SUSFS_UMOUNT_FOR_ZYGOTE_ISO_SERVICE -> arg3 can only be 0 or 1\n");
|
||||
return 0;
|
||||
}
|
||||
susfs_is_umount_for_zygote_iso_service_enabled = arg3;
|
||||
pr_info("susfs: CMD_SUSFS_UMOUNT_FOR_ZYGOTE_ISO_SERVICE -> susfs_is_umount_for_zygote_iso_service_enabled: %lu\n", arg3);
|
||||
if (copy_to_user((void __user*)arg5, &susfs_cmd_err, sizeof(susfs_cmd_err)))
|
||||
pr_info("susfs: copy_to_user() failed\n");
|
||||
return 0;
|
||||
}
|
||||
#endif //#ifdef CONFIG_KSU_SUSFS_SUS_MOUNT
|
||||
#ifdef CONFIG_KSU_SUSFS_SUS_KSTAT
|
||||
if (arg2 == CMD_SUSFS_ADD_SUS_KSTAT) {
|
||||
susfs_cmd_err = susfs_add_sus_kstat((struct st_susfs_sus_kstat __user*)arg3);
|
||||
pr_info("susfs: CMD_SUSFS_ADD_SUS_KSTAT -> ret: %d\n", susfs_cmd_err);
|
||||
if (copy_to_user((void __user*)arg5, &susfs_cmd_err, sizeof(susfs_cmd_err)))
|
||||
pr_info("susfs: copy_to_user() failed\n");
|
||||
return 0;
|
||||
}
|
||||
if (arg2 == CMD_SUSFS_UPDATE_SUS_KSTAT) {
|
||||
susfs_cmd_err = susfs_update_sus_kstat((struct st_susfs_sus_kstat __user*)arg3);
|
||||
pr_info("susfs: CMD_SUSFS_UPDATE_SUS_KSTAT -> ret: %d\n", susfs_cmd_err);
|
||||
if (copy_to_user((void __user*)arg5, &susfs_cmd_err, sizeof(susfs_cmd_err)))
|
||||
pr_info("susfs: copy_to_user() failed\n");
|
||||
return 0;
|
||||
}
|
||||
if (arg2 == CMD_SUSFS_ADD_SUS_KSTAT_STATICALLY) {
|
||||
susfs_cmd_err = susfs_add_sus_kstat((struct st_susfs_sus_kstat __user*)arg3);
|
||||
pr_info("susfs: CMD_SUSFS_ADD_SUS_KSTAT_STATICALLY -> ret: %d\n", susfs_cmd_err);
|
||||
if (copy_to_user((void __user*)arg5, &susfs_cmd_err, sizeof(susfs_cmd_err)))
|
||||
pr_info("susfs: copy_to_user() failed\n");
|
||||
return 0;
|
||||
}
|
||||
#endif //#ifdef CONFIG_KSU_SUSFS_SUS_KSTAT
|
||||
#ifdef CONFIG_KSU_SUSFS_TRY_UMOUNT
|
||||
if (arg2 == CMD_SUSFS_ADD_TRY_UMOUNT) {
|
||||
susfs_cmd_err = susfs_add_try_umount((struct st_susfs_try_umount __user*)arg3);
|
||||
pr_info("susfs: CMD_SUSFS_ADD_TRY_UMOUNT -> ret: %d\n", susfs_cmd_err);
|
||||
if (copy_to_user((void __user*)arg5, &susfs_cmd_err, sizeof(susfs_cmd_err)))
|
||||
pr_info("susfs: copy_to_user() failed\n");
|
||||
return 0;
|
||||
}
|
||||
#endif //#ifdef CONFIG_KSU_SUSFS_TRY_UMOUNT
|
||||
#ifdef CONFIG_KSU_SUSFS_SPOOF_UNAME
|
||||
if (arg2 == CMD_SUSFS_SET_UNAME) {
|
||||
susfs_cmd_err = susfs_set_uname((struct st_susfs_uname __user*)arg3);
|
||||
pr_info("susfs: CMD_SUSFS_SET_UNAME -> ret: %d\n", susfs_cmd_err);
|
||||
if (copy_to_user((void __user*)arg5, &susfs_cmd_err, sizeof(susfs_cmd_err)))
|
||||
pr_info("susfs: copy_to_user() failed\n");
|
||||
return 0;
|
||||
}
|
||||
#endif //#ifdef CONFIG_KSU_SUSFS_SPOOF_UNAME
|
||||
#ifdef CONFIG_KSU_SUSFS_ENABLE_LOG
|
||||
if (arg2 == CMD_SUSFS_ENABLE_LOG) {
|
||||
if (arg3 != 0 && arg3 != 1) {
|
||||
pr_err("susfs: CMD_SUSFS_ENABLE_LOG -> arg3 can only be 0 or 1\n");
|
||||
return 0;
|
||||
}
|
||||
susfs_set_log(arg3);
|
||||
if (copy_to_user((void __user*)arg5, &susfs_cmd_err, sizeof(susfs_cmd_err)))
|
||||
pr_info("susfs: copy_to_user() failed\n");
|
||||
return 0;
|
||||
}
|
||||
#endif //#ifdef CONFIG_KSU_SUSFS_ENABLE_LOG
|
||||
#ifdef CONFIG_KSU_SUSFS_SPOOF_CMDLINE_OR_BOOTCONFIG
|
||||
if (arg2 == CMD_SUSFS_SET_CMDLINE_OR_BOOTCONFIG) {
|
||||
susfs_cmd_err = susfs_set_cmdline_or_bootconfig((char __user*)arg3);
|
||||
pr_info("susfs: CMD_SUSFS_SET_CMDLINE_OR_BOOTCONFIG -> ret: %d\n", susfs_cmd_err);
|
||||
if (copy_to_user((void __user*)arg5, &susfs_cmd_err, sizeof(susfs_cmd_err)))
|
||||
pr_info("susfs: copy_to_user() failed\n");
|
||||
return 0;
|
||||
}
|
||||
#endif //#ifdef CONFIG_KSU_SUSFS_SPOOF_CMDLINE_OR_BOOTCONFIG
|
||||
#ifdef CONFIG_KSU_SUSFS_OPEN_REDIRECT
|
||||
if (arg2 == CMD_SUSFS_ADD_OPEN_REDIRECT) {
|
||||
susfs_cmd_err = susfs_add_open_redirect((struct st_susfs_open_redirect __user*)arg3);
|
||||
pr_info("susfs: CMD_SUSFS_ADD_OPEN_REDIRECT -> ret: %d\n", susfs_cmd_err);
|
||||
if (copy_to_user((void __user*)arg5, &susfs_cmd_err, sizeof(susfs_cmd_err)))
|
||||
pr_info("susfs: copy_to_user() failed\n");
|
||||
return 0;
|
||||
}
|
||||
#endif //#ifdef CONFIG_KSU_SUSFS_OPEN_REDIRECT
|
||||
#ifdef CONFIG_KSU_SUSFS_SUS_SU
|
||||
if (arg2 == CMD_SUSFS_SUS_SU) {
|
||||
susfs_cmd_err = susfs_sus_su((struct st_sus_su __user*)arg3);
|
||||
pr_info("susfs: CMD_SUSFS_SUS_SU -> ret: %d\n", susfs_cmd_err);
|
||||
if (copy_to_user((void __user*)arg5, &susfs_cmd_err, sizeof(susfs_cmd_err)))
|
||||
pr_info("susfs: copy_to_user() failed\n");
|
||||
return 0;
|
||||
}
|
||||
#endif //#ifdef CONFIG_KSU_SUSFS_SUS_SU
|
||||
if (arg2 == CMD_SUSFS_SHOW_VERSION) {
|
||||
int len_of_susfs_version = strlen(SUSFS_VERSION);
|
||||
char *susfs_version = SUSFS_VERSION;
|
||||
|
||||
susfs_cmd_err = copy_to_user((void __user*)arg3, (void*)susfs_version, len_of_susfs_version+1);
|
||||
pr_info("susfs: CMD_SUSFS_SHOW_VERSION -> ret: %d\n", susfs_cmd_err);
|
||||
if (copy_to_user((void __user*)arg5, &susfs_cmd_err, sizeof(susfs_cmd_err)))
|
||||
pr_info("susfs: copy_to_user() failed\n");
|
||||
return 0;
|
||||
}
|
||||
if (arg2 == CMD_SUSFS_SHOW_ENABLED_FEATURES) {
|
||||
if (arg4 <= 0) {
|
||||
pr_err("susfs: CMD_SUSFS_SHOW_ENABLED_FEATURES -> arg4 cannot be <= 0\n");
|
||||
return 0;
|
||||
}
|
||||
susfs_cmd_err = susfs_get_enabled_features((char __user*)arg3, arg4);
|
||||
pr_info("susfs: CMD_SUSFS_SHOW_ENABLED_FEATURES -> ret: %d\n", susfs_cmd_err);
|
||||
if (copy_to_user((void __user*)arg5, &susfs_cmd_err, sizeof(susfs_cmd_err)))
|
||||
pr_info("susfs: copy_to_user() failed\n");
|
||||
return 0;
|
||||
}
|
||||
if (arg2 == CMD_SUSFS_SHOW_VARIANT) {
|
||||
int len_of_variant = strlen(SUSFS_VARIANT);
|
||||
char *susfs_variant = SUSFS_VARIANT;
|
||||
|
||||
susfs_cmd_err = copy_to_user((void __user*)arg3, (void*)susfs_variant, len_of_variant+1);
|
||||
pr_info("susfs: CMD_SUSFS_SHOW_VARIANT -> ret: %d\n", susfs_cmd_err);
|
||||
if (copy_to_user((void __user*)arg5, &susfs_cmd_err, sizeof(susfs_cmd_err)))
|
||||
pr_info("susfs: copy_to_user() failed\n");
|
||||
return 0;
|
||||
}
|
||||
#ifdef CONFIG_KSU_SUSFS_SUS_SU
|
||||
if (arg2 == CMD_SUSFS_IS_SUS_SU_READY) {
|
||||
susfs_cmd_err = copy_to_user((void __user*)arg3, (void*)&susfs_is_sus_su_ready, sizeof(susfs_is_sus_su_ready));
|
||||
pr_info("susfs: CMD_SUSFS_IS_SUS_SU_READY -> ret: %d\n", susfs_cmd_err);
|
||||
if (copy_to_user((void __user*)arg5, &susfs_cmd_err, sizeof(susfs_cmd_err)))
|
||||
pr_info("susfs: copy_to_user() failed\n");
|
||||
return 0;
|
||||
}
|
||||
if (arg2 == CMD_SUSFS_SHOW_SUS_SU_WORKING_MODE) {
|
||||
int working_mode = susfs_get_sus_su_working_mode();
|
||||
|
||||
susfs_cmd_err = copy_to_user((void __user*)arg3, (void*)&working_mode, sizeof(working_mode));
|
||||
pr_info("susfs: CMD_SUSFS_SHOW_SUS_SU_WORKING_MODE -> ret: %d\n", susfs_cmd_err);
|
||||
if (copy_to_user((void __user*)arg5, &susfs_cmd_err, sizeof(susfs_cmd_err)))
|
||||
pr_info("susfs: copy_to_user() failed\n");
|
||||
return 0;
|
||||
}
|
||||
#endif // #ifdef CONFIG_KSU_SUSFS_SUS_SU
|
||||
#ifdef CONFIG_KSU_SUSFS_SUS_MAP
|
||||
if (arg2 == CMD_SUSFS_ADD_SUS_MAP) {
|
||||
susfs_cmd_err = susfs_add_sus_map((struct st_susfs_sus_map __user*)arg3);
|
||||
pr_info("susfs: CMD_SUSFS_ADD_SUS_MAP -> ret: %d\n", susfs_cmd_err);
|
||||
if (copy_to_user((void __user*)arg5, &susfs_cmd_err, sizeof(susfs_cmd_err)))
|
||||
pr_info("susfs: copy_to_user() failed\n");
|
||||
return 0;
|
||||
}
|
||||
#endif // #ifdef CONFIG_KSU_SUSFS_SUS_MAP
|
||||
if (arg2 == CMD_SUSFS_ENABLE_AVC_LOG_SPOOFING) {
|
||||
if (arg3 != 0 && arg3 != 1) {
|
||||
pr_err("susfs: CMD_SUSFS_ENABLE_AVC_LOG_SPOOFING -> arg3 can only be 0 or 1\n");
|
||||
return 0;
|
||||
}
|
||||
susfs_set_avc_log_spoofing(arg3);
|
||||
if (copy_to_user((void __user*)arg5, &susfs_cmd_err, sizeof(susfs_cmd_err)))
|
||||
pr_info("susfs: copy_to_user() failed\n");
|
||||
return 0;
|
||||
}
|
||||
#endif //#ifdef CONFIG_KSU_SUSFS
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int ksu_handle_setresuid(uid_t ruid, uid_t euid, uid_t suid)
|
||||
{
|
||||
uid_t new_uid = ruid;
|
||||
@@ -197,6 +520,13 @@ int ksu_handle_setresuid(uid_t ruid, uid_t euid, uid_t suid)
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int ksu_task_prctl(int option, unsigned long arg2, unsigned long arg3,
|
||||
unsigned long arg4, unsigned long arg5)
|
||||
{
|
||||
ksu_handle_prctl(option, arg2, arg3, arg4, arg5);
|
||||
return -ENOSYS;
|
||||
}
|
||||
|
||||
// kernel 4.4 and 4.9
|
||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0) || \
|
||||
defined(CONFIG_IS_HW_HISI) || \
|
||||
@@ -219,6 +549,7 @@ static int ksu_key_permission(key_ref_t key_ref, const struct cred *cred,
|
||||
|
||||
#ifndef MODULE
|
||||
static struct security_hook_list ksu_hooks[] = {
|
||||
LSM_HOOK_INIT(task_prctl, ksu_task_prctl),
|
||||
#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0) || \
|
||||
defined(CONFIG_IS_HW_HISI) || defined(CONFIG_KSU_ALLOWLIST_WORKAROUND)
|
||||
LSM_HOOK_INIT(key_permission, ksu_key_permission)
|
||||
|
||||
Reference in New Issue
Block a user