Refactoring KSU and SELinux related Makefiles to add checks and feature definitions to support new features

2025-04-11 02:55:42 +08:00
parent 3082a9c90b
commit c1d49a4f23
3 changed files with 161 additions and 51 deletions
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -8,14 +8,13 @@ kernelsu-objs += ksud.o
 kernelsu-objs += embed_ksud.o
 kernelsu-objs += kernel_compat.o

-kernelsu-objs += selinux/selinux.o
-kernelsu-objs += selinux/sepolicy.o
-kernelsu-objs += selinux/rules.o
-ccflags-y += -I$(srctree)/security/selinux -I$(srctree)/security/selinux/include
-ccflags-y += -I$(objtree)/security/selinux -include $(srctree)/include/uapi/asm-generic/errno.h
+kernelsu-objs += selinux/

 obj-$(CONFIG_KPM) += kpm/

+obj-$(CONFIG_KSU) += kernelsu.o
+
+obj-y += check/

 # Do checks before compile
 ifneq ($(shell grep -q "int path_umount" $(srctree)/fs/namespace.c; echo $$?),0)
@@ -45,8 +44,6 @@ ccflags-y += -DKSU_HOOK_WITH_KPROBES
 endif
 endif

-obj-$(CONFIG_KSU) += kernelsu.o
-
 # .git is a text file while the module is imported by 'git submodule add'.
 ifeq ($(shell test -e $(srctree)/$(src)/../.git; echo $$?),0)
 $(shell cd $(srctree)/$(src); /usr/bin/env PATH="$$PATH":/usr/bin:/usr/local/bin [ -f ../.git/shallow ] && git fetch --unshallow)
@@ -60,44 +57,6 @@ $(warning "KSU_GIT_VERSION not defined! It is better to make KernelSU a git subm
 ccflags-y += -DKSU_VERSION=12500
 endif

-# SELinux drivers check
-ifeq ($(shell grep -q " current_sid(void)" $(srctree)/security/selinux/include/objsec.h; echo $$?),0)
-ccflags-y += -DKSU_COMPAT_HAS_CURRENT_SID
-endif
-
-ifeq ($(shell grep -q "struct selinux_state " $(srctree)/security/selinux/include/security.h; echo $$?),0)
-ccflags-y += -DKSU_COMPAT_HAS_SELINUX_STATE
-endif
-
-# This feature was introduced in linux 5.0-rc1
-ifeq ($(shell grep -q "get_cred_rcu" $(srctree)/include/linux/cred.h; echo $$?),0)
-ccflags-y += -DKSU_COMPAT_HAS_GET_CRED_RCU
-else
-ifeq ($(shell grep -q "atomic_long_t\s\+\usage" $(srctree)/include/linux/cred.h; echo $$?),0)
-ccflags-y += -DKSU_COMPAT_ATOMIC_LONG
-endif
-ifeq ($(shell grep -q "int\s\+\non_rcu" $(srctree)/include/linux/cred.h; echo $$?),0)
-ccflags-y += -DKSU_COMPAT_HAS_NONCONST_CRED
-endif
-endif
-
-# Handle optional backports
-ifeq ($(shell grep -q "strncpy_from_user_nofault" $(srctree)/include/linux/uaccess.h; echo $$?),0)
-ccflags-y += -DKSU_STRNCPY_FROM_USER_NOFAULT
-endif
-
-ifeq ($(shell grep -q "ssize_t kernel_read" $(srctree)/fs/read_write.c; echo $$?),0)
-ccflags-y += -DKSU_KERNEL_READ
-endif
-
-ifeq ($(shell grep "ssize_t kernel_write" $(srctree)/fs/read_write.c | grep -q "const void" ; echo $$?),0)
-ccflags-y += -DKSU_KERNEL_WRITE
-endif
-# Checks Samsung UH drivers
-ifeq ($(shell grep -q "CONFIG_KDP_CRED" $(srctree)/kernel/cred.c; echo $$?),0)
-ccflags-y += -DSAMSUNG_UH_DRIVER_EXIST
-endif
-
 ifndef KSU_EXPECTED_SIZE
 KSU_EXPECTED_SIZE := 0x35c
 endif
@@ -125,9 +84,6 @@ endif
 ccflags-y += -DEXPECTED_SIZE=$(KSU_EXPECTED_SIZE)
 ccflags-y += -DEXPECTED_HASH=\"$(KSU_EXPECTED_HASH)\"

-ccflags-y += -Wno-implicit-function-declaration -Wno-strict-prototypes -Wno-int-conversion -Wno-gcc-compat
-ccflags-y += -Wno-declaration-after-statement -Wno-unused-function
-
 ## For susfs stuff ##
 ifeq ($(shell test -e $(srctree)/fs/susfs.c; echo $$?),0)
 $(eval SUSFS_VERSION=$(shell cat $(srctree)/include/linux/susfs.h | grep -E '^#define SUSFS_VERSION' | cut -d' ' -f3 | sed 's/"//g'))
@@ -138,4 +94,3 @@ $(info -- You have not integrate susfs in your kernel.)
 $(info -- Read: https://gitlab.com/simonpunk/susfs4ksu)
 endif
 # Keep a new line here!! Because someone may append config
-
--- a/kernel/check/Makefile
+++ b/kernel/check/Makefile
@@ -0,0 +1,154 @@
+# 该功能在 linux 5.0-rc1 中引入
+ifeq ($(shell grep -q "get_cred_rcu" $(srctree)/include/linux/cred.h; echo $$?),0)
+ccflags-y += -DKSU_COMPAT_HAS_GET_CRED_RCU
+else
+ifeq ($(shell grep -q "atomic_long_t\s\+\usage" $(srctree)/include/linux/cred.h; echo $$?),0)
+ccflags-y += -DKSU_COMPAT_ATOMIC_LONG
+endif
+ifeq ($(shell grep -q "int\s\+\non_rcu" $(srctree)/include/linux/cred.h; echo $$?),0)
+ccflags-y += -DKSU_COMPAT_HAS_NONCONST_CRED
+endif
+endif
+
+# 处理可选的backport
+ifeq ($(shell grep -q "strncpy_from_user_nofault" $(srctree)/include/linux/uaccess.h; echo $$?),0)
+ccflags-y += -DKSU_STRNCPY_FROM_USER_NOFAULT
+endif
+
+ifeq ($(shell grep -q "ssize_t kernel_read" $(srctree)/fs/read_write.c; echo $$?),0)
+ccflags-y += -DKSU_KERNEL_READ
+endif
+
+ifeq ($(shell grep "ssize_t kernel_write" $(srctree)/fs/read_write.c | grep -q "const void" ; echo $$?),0)
+ccflags-y += -DKSU_KERNEL_WRITE
+endif
+
+# 检查三星 UH 驱动程序
+ifeq ($(shell grep -q "CONFIG_KDP_CRED" $(srctree)/kernel/cred.c; echo $$?),0)
+ccflags-y += -DSAMSUNG_UH_DRIVER_EXIST
+endif
+
+
+BackPort := $(strip $(shell \
+    if [ "$(VERSION)" -ge "5" -a "$(PATCHLEVEL)" -ge "10" ]; then \
+      echo FALSE; \
+    else \
+      echo TRUE; \
+    fi \
+))
+ifeq ($(BackPort),FALSE)
+define check_file_exists
+    if [ ! -f $(1) ]; then \
+        echo "-- SukiSU: Error: File '$(1)' does not exist"; \
+        exit 1; \
+    fi
+endef
+
+define check_function_exists
+    $(call check_file_exists, $(1))
+    grep -Pq '^\s*static\s+inline\s+const\s+struct\s+cred\s+\*\s+get_cred_rcu\s*\(' $(1)
+endef
+
+define check_code_block
+    $(call check_file_exists, $(1))
+    grep -Fq "$(2)" $(1)
+endef
+
+
+define insert_code_block
+    $(call check_file_exists, $(1))
+    $(call backup_file, $(1))
+    if ! $(call check_code_block, $(1), $(2)); then \
+        echo "-- SukiSU: Inserting code block into $(1)"; \
+        sed -i '/^$(3)/i $(2)' $(1); \
+    else \
+        echo "-- SukiSU: Code block already exists in $(1), skipping"; \
+    fi
+endef
+
+# 检测原子函数
+ifeq ($(shell grep -E 'atomic_inc_not_zero|atomic_long_inc_not_zero' $(srctree)/kernel/cred.c | head -1 | cut -d' ' -f1), atomic_inc_not_zero)
+    ATOMIC_INC_FUNC := atomic_inc_not_zero
+else ifeq ($(shell grep -E 'atomic_inc_not_zero|atomic_long_inc_not_zero' $(srctree)/kernel/cred.c | head -1 | cut -d' ' -f1), atomic_long_inc_not_zero)
+    ATOMIC_INC_FUNC := atomic_long_inc_not_zero
+else
+    $(info -- SukiSU: Neither atomic_inc_not_zero nor atomic_long_inc_not_zero found in kernel/cred.c)
+    $(error Aborting due to unsupported atomic function)
+endif
+
+$(info -- SukiSU: Using $(ATOMIC_INC_FUNC) in get_cred_rcu patch.)
+
+# 定义get_cred_rcu函数
+GET_CRED_RCU := static inline const struct cred *get_cred_rcu(const struct cred *cred)\n\
+{\n\t\
+        struct cred *nonconst_cred = (struct cred *) cred;\n\t\
+        if (!cred)\n\t\t\
+                return NULL;\n\t\
+        if (!$(ATOMIC_INC_FUNC)(&nonconst_cred->usage))\n\t\t\
+                return NULL;\n\t\
+        validate_creds(cred);\n\t\
+        return cred;\n\
+}\n
+
+# 插入get_cred_rcu函数
+ifneq ($(shell $(call check_function_exists, $(srctree)/include/linux/cred.h); echo $$?),0)
+    $(info -- SukiSU: Adding function 'get_cred_rcu' to $(srctree)/include/linux/cred.h)
+    $(call insert_code_block, $(srctree)/include/linux/cred.h, $(GET_CRED_RCU), static inline void put_cred)
+endif
+
+# 修改get_task_cred函数
+$(info -- SukiSU: Modifying 'get_task_cred' function in $(srctree)/kernel/cred.c)
+$(shell sed -i "s/!$(ATOMIC_INC_FUNC)(&((struct cred \*)cred)->usage)/!get_cred_rcu(cred)/g" $(srctree)/kernel/cred.c)
+
+# 定义can_umount函数
+CAN_UMOUNT := static int can_umount(const struct path *path, int flags)\n\
+{\n\t\
+        struct mount *mnt = real_mount(path->mnt);\n\t\
+        if (flags & ~(MNT_FORCE | MNT_DETACH | MNT_EXPIRE | UMOUNT_NOFOLLOW))\n\t\t\
+                return -EINVAL;\n\t\
+        if (!may_mount())\n\t\t\
+                return -EPERM;\n\t\
+        if (path->dentry != path->mnt->mnt_root)\n\t\t\
+                return -EINVAL;\n\t\
+        if (!check_mnt(mnt))\n\t\t\
+                return -EINVAL;\n\t\
+        if (mnt->mnt.mnt_flags & MNT_LOCKED)\n\t\t\
+                return -EINVAL;\n\t\
+        if (flags & MNT_FORCE && !capable(CAP_SYS_ADMIN))\n\t\t\
+                return -EPERM;\n\t\
+        return 0;\n\
+}\n
+
+# 插入can_umount函数
+ifneq ($(shell grep -Pq '^\s*static\s+int\s+can_umount\s*\(' $(srctree)/fs/namespace.c; echo $$?),0)
+    $(info -- SukiSU: Adding function 'can_umount' to $(srctree)/fs/namespace.c)
+    $(call insert_code_block, $(srctree)/fs/namespace.c, $(CAN_UMOUNT), static bool is_mnt_ns_file)
+endif
+
+# 定义path_umount函数
+PATH_UMOUNT := int path_umount(struct path *path, int flags)\n\
+{\n\t\
+        struct mount *mnt = real_mount(path->mnt);\n\t\
+        int ret;\n\t\
+        ret = can_umount(path, flags);\n\t\
+        if (!ret)\n\t\t\
+                ret = do_umount(mnt, flags);\n\t\
+        dput(path->dentry);\n\t\
+        mntput_no_expire(mnt);\n\t\
+        return ret;\n\
+}\n
+
+# 插入path_umount函数
+ifneq ($(shell grep -Pq '^\s*int\s+path_umount\s*\(' $(srctree)/fs/namespace.c; echo $$?),0)
+    $(info -- SukiSU: Adding function 'path_umount' to $(srctree)/fs/namespace.c)
+    $(call insert_code_block, $(srctree)/fs/namespace.c, $(PATH_UMOUNT), static bool is_mnt_ns_file)
+endif
+
+# 插入path_umount声明
+ifneq ($(shell grep -Pq '^\s*int\s+path_umount\s*\(' $(srctree)/fs/internal.h; echo $$?),0)
+    $(info -- SukiSU: Adding 'path_umount' declaration to $(srctree)/fs/internal.h)
+    $(call insert_code_block, $(srctree)/fs/internal.h, "int path_umount(struct path *path, int flags);", extern void __init mnt_init)
+endif
+
+ccflags-y += -DKSU_UMOUNT
+endif
--- a/kernel/selinux/Makefile
+++ b/kernel/selinux/Makefile
@@ -2,6 +2,7 @@ obj-y += selinux.o
 obj-y += sepolicy.o
 obj-y += rules.o

+# SELinux 驱动程序检查
 ifeq ($(shell grep -q " current_sid(void)" $(srctree)/security/selinux/include/objsec.h; echo $$?),0)
 ccflags-y += -DKSU_COMPAT_HAS_CURRENT_SID
 endif