kernel: support the case that init_task.mnt_ns != zygote.mnt_ns(WSA) (#698)

Basic support for the case that init_task.mnt_ns != zygote.mnt_ns(WSA),
just copy nsproxy and fs pointers for solve #276.

Note the copy in `apk_sign.c` is not required but suggested for
secure(ensure the checked mnt_ns is what ns android running, not created
by user, although many distributions does not have user ns.).

Tested with latest release on Win10 19045.3086(with WSAPatch).

Further review required for:
- [x] Security of this operation (without locking).
- [x] The impact of these modifications on other Android distributions.

kernel/allowlist.c

@@ -349,10 +349,9 @@ void do_save_allow_list(struct work_struct *work)
 	struct perm_data *p = NULL;
 	struct list_head *pos = NULL;
 	loff_t off = 0;
-	KWORKER_INSTALL_KEYRING();
-	struct file *fp =
-		filp_open(KERNEL_SU_ALLOWLIST, O_WRONLY | O_CREAT, 0644);
 
+	struct file *fp =
+		ksu_filp_open_compat(KERNEL_SU_ALLOWLIST, O_WRONLY | O_CREAT, 0644);
 	if (IS_ERR(fp)) {
 		pr_err("save_allow_list create file failed: %ld\n", PTR_ERR(fp));
 		return;
@@ -392,15 +391,14 @@ void do_load_allow_list(struct work_struct *work)
 	struct file *fp = NULL;
 	u32 magic;
 	u32 version;
-	KWORKER_INSTALL_KEYRING();
 
 #ifdef CONFIG_KSU_DEBUG
 	// always allow adb shell by default
 	ksu_grant_root_to_shell();
 #endif
-	// load allowlist now!
-	fp = filp_open(KERNEL_SU_ALLOWLIST, O_RDONLY, 0);
 
+	// load allowlist now!
+	fp = ksu_filp_open_compat(KERNEL_SU_ALLOWLIST, O_RDONLY, 0);
 	if (IS_ERR(fp)) {
 		pr_err("load_allow_list open file failed: %ld\n", PTR_ERR(fp));
 		return;

kernel/apk_sign.c

@@ -16,7 +16,7 @@ check_v2_signature(char *path, unsigned expected_size, unsigned expected_hash)
 
 	int sign = -1;
 	int i;
-	struct file *fp = filp_open(path, O_RDONLY, 0);
+	struct file *fp = ksu_filp_open_compat(path, O_RDONLY, 0);
 	if (IS_ERR(fp)) {
 		pr_err("open %s error.", path);
 		return PTR_ERR(fp);

kernel/kernel_compat.c

@@ -1,10 +1,94 @@
 #include "linux/version.h"
 #include "linux/fs.h"
+#include "linux/nsproxy.h"
+#include "klog.h"
 #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0)
 #include "linux/key.h"
 #include "linux/errno.h"
 struct key *init_session_keyring = NULL;
+
+static inline int install_session_keyring(struct key *keyring)
+{
+    struct cred *new;
+    int ret;
+
+    new = prepare_creds();
+    if (!new)
+        return -ENOMEM;
+
+    ret = install_session_keyring_to_cred(new, keyring);
+    if (ret < 0) {
+        abort_creds(new);
+        return ret;
+    }
+
+    return commit_creds(new);
+}
 #endif
+
+// mnt_ns context switch for environment that android_init->nsproxy->mnt_ns != init_task.nsproxy->mnt_ns, such as WSA
+struct ksu_ns_fs_saved {
+    struct nsproxy *ns;
+    struct fs_struct *fs;
+};
+
+static void ksu_save_ns_fs(struct ksu_ns_fs_saved *ns_fs_saved) {
+    ns_fs_saved->ns = current->nsproxy;
+    ns_fs_saved->fs = current->fs;
+}
+
+static void ksu_load_ns_fs(struct ksu_ns_fs_saved *ns_fs_saved) {
+    current->nsproxy = ns_fs_saved->ns;
+    current->fs = ns_fs_saved->fs;
+}
+
+static bool android_context_saved_checked = false;
+static bool android_context_saved_enabled = false;
+static struct ksu_ns_fs_saved android_context_saved;
+
+void ksu_android_ns_fs_check() {
+    if (android_context_saved_checked) return;
+    android_context_saved_checked = true;
+    task_lock(current);
+    if (current->nsproxy && current->fs && current->nsproxy->mnt_ns != init_task.nsproxy->mnt_ns) {
+        android_context_saved_enabled = true;
+        pr_info("android contex saved enabled due to init mnt_ns(%p) != android mnt_ns(%p)\n", current->nsproxy->mnt_ns, init_task.nsproxy->mnt_ns);
+        ksu_save_ns_fs(&android_context_saved);
+    } else {
+        pr_info("android contex saved disabled\n");
+    }
+    task_unlock(current);
+}
+
+struct file *ksu_filp_open_compat(const char *filename, int flags, umode_t mode){
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0)
+    static bool keyring_installed = false;
+    if (init_session_keyring != NULL && !keyring_installed && (current->flags & PF_WQ_WORKER))
+    {
+        pr_info("installing init session keyring for older kernel\n");
+        install_session_keyring(init_session_keyring);
+        keyring_installed = true;
+    }
+#endif
+    // switch mnt_ns even if current is not wq_worker, to ensure what we open is the correct file in android mnt_ns, rather than user created mnt_ns
+    struct ksu_ns_fs_saved saved;
+    if (android_context_saved_enabled) {
+        pr_info("start switch current nsproxy and fs to android context\n");
+        task_lock(current);
+        ksu_save_ns_fs(&saved);
+        ksu_load_ns_fs(&android_context_saved);
+        task_unlock(current);
+    }
+    struct file *fp = filp_open(filename, flags, mode);
+    if (android_context_saved_enabled) {
+        task_lock(current);
+        ksu_load_ns_fs(&saved);
+        task_unlock(current);
+        pr_info("switch current nsproxy and fs back to saved successfully\n");
+    }
+    return fp;
+}
+
 ssize_t ksu_kernel_read_compat(struct file *p, void *buf, size_t count, loff_t *pos){
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 14, 0)
     return kernel_read(p, buf, count, pos);

kernel/kernel_compat.h

@@ -14,38 +14,13 @@
 #define ksu_strncpy_from_user_nofault strncpy_from_user
 #endif
 
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0)
 extern struct key *init_session_keyring;
+#endif
 
+extern void ksu_android_ns_fs_check();
+extern struct file *ksu_filp_open_compat(const char *filename, int flags, umode_t mode);
 extern ssize_t ksu_kernel_read_compat(struct file *p, void *buf, size_t count, loff_t *pos);
 extern ssize_t ksu_kernel_write_compat(struct file *p, const void *buf, size_t count, loff_t *pos);
 
-#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0)
-static inline int install_session_keyring(struct key *keyring)
-{
-	struct cred *new;
-	int ret;
-
-	new = prepare_creds();
-	if (!new)
-		return -ENOMEM;
-
-	ret = install_session_keyring_to_cred(new, keyring);
-	if (ret < 0) {
-		abort_creds(new);
-		return ret;
-	}
-
-	return commit_creds(new);
-}
-#define KWORKER_INSTALL_KEYRING()                           \
-	static bool keyring_installed = false;                  \
-	if (init_session_keyring != NULL && !keyring_installed) \
-	{                                                       \
-		install_session_keyring(init_session_keyring);      \
-		keyring_installed = true;                           \
-	}
-#else
-#define KWORKER_INSTALL_KEYRING()
-#endif
-
 #endif

kernel/ksud.c

@@ -178,6 +178,7 @@ int ksu_handle_execveat_ksud(int *fd, struct filename **filename_ptr,
 					pr_info("/system/bin/init second_stage executed\n");
 					apply_kernelsu_rules();
 					init_second_stage_executed = true;
+					ksu_android_ns_fs_check();
 				}
 			} else {
 				pr_err("/system/bin/init parse args err!\n");
@@ -194,6 +195,7 @@ int ksu_handle_execveat_ksud(int *fd, struct filename **filename_ptr,
 			// 2: /system/bin/init second_stage
 			pr_info("/system/bin/init second_stage executed\n");
 			apply_kernelsu_rules();
+			ksu_android_ns_fs_check();
 		}
 #endif
 	}

kernel/uid_observer.c

@@ -39,8 +39,7 @@ static bool is_uid_exist(uid_t uid, void *data)
 
 static void do_update_uid(struct work_struct *work)
 {
-	KWORKER_INSTALL_KEYRING();
+	struct file *fp = ksu_filp_open_compat(SYSTEM_PACKAGES_LIST_PATH, O_RDONLY, 0);
-	struct file *fp = filp_open(SYSTEM_PACKAGES_LIST_PATH, O_RDONLY, 0);
 	if (IS_ERR(fp)) {
 		pr_err("do_update_uid, open " SYSTEM_PACKAGES_LIST_PATH
 		       " failed: %d\n",