From c307bf561400c2c420845bde34bb4664f95b5dbe Mon Sep 17 00:00:00 2001 From: weishu Date: Sat, 8 Nov 2025 08:31:02 +0000 Subject: [PATCH] kernel: remove ksu_compat_{open,read,write} because we're in the right context now Co-authored-by: weishu --- kernel/allowlist.c | 75 ++++++++++++++------------- kernel/apk_sign.c | 38 +++++++------- kernel/dynamic_manager.c | 20 ++++---- kernel/kernel_compat.c | 108 --------------------------------------- kernel/kernel_compat.h | 33 ------------ kernel/ksud.c | 3 -- kernel/sulog.c | 4 +- kernel/throne_comm.c | 8 +-- kernel/throne_tracker.c | 55 ++++++++++---------- 9 files changed, 103 insertions(+), 241 deletions(-) diff --git a/kernel/allowlist.c b/kernel/allowlist.c index 2a911f94..9eda5e42 100644 --- a/kernel/allowlist.c +++ b/kernel/allowlist.c @@ -31,7 +31,8 @@ static DEFINE_MUTEX(allowlist_mutex); static struct root_profile default_root_profile; static struct non_root_profile default_non_root_profile; -static int allow_list_arr[PAGE_SIZE / sizeof(int)] __read_mostly __aligned(PAGE_SIZE); +static int allow_list_arr[PAGE_SIZE / sizeof(int)] __read_mostly + __aligned(PAGE_SIZE); static int allow_list_pointer __read_mostly = 0; static void remove_uid_from_arr(uid_t uid) @@ -72,7 +73,7 @@ static void init_default_profiles(void) default_root_profile.groups_count = 1; default_root_profile.groups[0] = 0; memcpy(&default_root_profile.capabilities.effective, &full_cap, - sizeof(default_root_profile.capabilities.effective)); + sizeof(default_root_profile.capabilities.effective)); default_root_profile.namespaces = 0; strcpy(default_root_profile.selinux_domain, KSU_DEFAULT_SELINUX_DOMAIN); @@ -100,7 +101,7 @@ void ksu_show_allow_list(void) list_for_each (pos, &allow_list) { p = list_entry(pos, struct perm_data, list); pr_info("uid :%d, allow: %d\n", p->profile.current_uid, - p->profile.allow_su); + p->profile.allow_su); } } @@ -113,7 +114,8 @@ static void ksu_grant_root_to_shell(void) .current_uid = 2000, }; strcpy(profile.key, "com.android.shell"); - strcpy(profile.rp_config.profile.selinux_domain, KSU_DEFAULT_SELINUX_DOMAIN); + strcpy(profile.rp_config.profile.selinux_domain, + KSU_DEFAULT_SELINUX_DOMAIN); ksu_set_app_profile(&profile, false); } #endif @@ -139,9 +141,10 @@ exit: return found; } -static inline bool forbid_system_uid(uid_t uid) { - #define SHELL_UID 2000 - #define SYSTEM_UID 1000 +static inline bool forbid_system_uid(uid_t uid) +{ +#define SHELL_UID 2000 +#define SYSTEM_UID 1000 return uid < SHELL_UID && uid != SYSTEM_UID; } @@ -202,22 +205,24 @@ bool ksu_set_app_profile(struct app_profile *profile, bool persist) memcpy(&p->profile, profile, sizeof(*profile)); if (profile->allow_su) { pr_info("set root profile, key: %s, uid: %d, gid: %d, context: %s\n", - profile->key, profile->current_uid, - profile->rp_config.profile.gid, - profile->rp_config.profile.selinux_domain); + profile->key, profile->current_uid, + profile->rp_config.profile.gid, + profile->rp_config.profile.selinux_domain); } else { pr_info("set app profile, key: %s, uid: %d, umount modules: %d\n", - profile->key, profile->current_uid, - profile->nrp_config.profile.umount_modules); + profile->key, profile->current_uid, + profile->nrp_config.profile.umount_modules); } list_add_tail(&p->list, &allow_list); out: if (profile->current_uid <= BITMAP_UID_MAX) { if (profile->allow_su) - allow_list_bitmap[profile->current_uid / BITS_PER_BYTE] |= 1 << (profile->current_uid % BITS_PER_BYTE); + allow_list_bitmap[profile->current_uid / BITS_PER_BYTE] |= + 1 << (profile->current_uid % BITS_PER_BYTE); else - allow_list_bitmap[profile->current_uid / BITS_PER_BYTE] &= ~(1 << (profile->current_uid % BITS_PER_BYTE)); + allow_list_bitmap[profile->current_uid / BITS_PER_BYTE] &= + ~(1 << (profile->current_uid % BITS_PER_BYTE)); } else { if (profile->allow_su) { /* @@ -264,13 +269,15 @@ bool __ksu_is_allow_uid(uid_t uid) return false; } - if (likely(ksu_is_manager_uid_valid()) && unlikely(ksu_get_manager_uid() == uid)) { + if (likely(ksu_is_manager_uid_valid()) && + unlikely(ksu_get_manager_uid() == uid)) { // manager is always allowed! return true; } if (likely(uid <= BITMAP_UID_MAX)) { - return !!(allow_list_bitmap[uid / BITS_PER_BYTE] & (1 << (uid % BITS_PER_BYTE))); + return !!(allow_list_bitmap[uid / BITS_PER_BYTE] & + (1 << (uid % BITS_PER_BYTE))); } else { for (i = 0; i < allow_list_pointer; i++) { if (allow_list_arr[i] == uid) @@ -293,7 +300,8 @@ bool __ksu_is_allow_uid_for_current(uid_t uid) bool ksu_uid_should_umount(uid_t uid) { struct app_profile profile = { .current_uid = uid }; - if (likely(ksu_is_manager_uid_valid()) && unlikely(ksu_get_manager_uid() == uid)) { + if (likely(ksu_is_manager_uid_valid()) && + unlikely(ksu_get_manager_uid() == uid)) { // we should not umount on manager! return false; } @@ -366,26 +374,22 @@ void persistent_allow_list() } // store magic and version - if (ksu_kernel_write_compat(fp, &magic, sizeof(magic), &off) != - sizeof(magic)) { + if (kernel_write(fp, &magic, sizeof(magic), &off) != sizeof(magic)) { pr_err("save_allow_list write magic failed.\n"); goto exit; } - if (ksu_kernel_write_compat(fp, &version, sizeof(version), &off) != - sizeof(version)) { + if (kernel_write(fp, &version, sizeof(version), &off) != sizeof(version)) { pr_err("save_allow_list write version failed.\n"); goto exit; } list_for_each (pos, &allow_list) { p = list_entry(pos, struct perm_data, list); - pr_info("save allow list, name: %s uid: %d, allow: %d\n", - p->profile.key, p->profile.current_uid, - p->profile.allow_su); + pr_info("save allow list, name: %s uid :%d, allow: %d\n", + p->profile.key, p->profile.current_uid, p->profile.allow_su); - ksu_kernel_write_compat(fp, &p->profile, sizeof(p->profile), - &off); + kernel_write(fp, &p->profile, sizeof(p->profile), &off); } exit: @@ -413,15 +417,13 @@ void ksu_load_allow_list() } // verify magic - if (ksu_kernel_read_compat(fp, &magic, sizeof(magic), &off) != - sizeof(magic) || + if (kernel_read(fp, &magic, sizeof(magic), &off) != sizeof(magic) || magic != FILE_MAGIC) { pr_err("allowlist file invalid: %d!\n", magic); goto exit; } - if (ksu_kernel_read_compat(fp, &version, sizeof(version), &off) != - sizeof(version)) { + if (kernel_read(fp, &version, sizeof(version), &off) != sizeof(version)) { pr_err("allowlist read version: %d failed\n", version); goto exit; } @@ -431,16 +433,15 @@ void ksu_load_allow_list() while (true) { struct app_profile profile; - ret = ksu_kernel_read_compat(fp, &profile, sizeof(profile), - &off); + ret = kernel_read(fp, &profile, sizeof(profile), &off); if (ret <= 0) { pr_info("load_allow_list read err: %zd\n", ret); break; } - pr_info("load_allow_uid, name: %s, uid: %d, allow: %d\n", - profile.key, profile.current_uid, profile.allow_su); + pr_info("load_allow_uid, name: %s, uid: %d, allow: %d\n", profile.key, + profile.current_uid, profile.allow_su); ksu_set_app_profile(&profile, false); } @@ -449,7 +450,8 @@ exit: filp_close(fp, 0); } -void ksu_prune_allowlist(bool (*is_uid_valid)(uid_t, char *, void *), void *data) +void ksu_prune_allowlist(bool (*is_uid_valid)(uid_t, char *, void *), + void *data) { struct perm_data *np = NULL; struct perm_data *n = NULL; @@ -467,7 +469,8 @@ void ksu_prune_allowlist(bool (*is_uid_valid)(uid_t, char *, void *), void *data pr_info("prune uid: %d, package: %s\n", uid, package); list_del(&np->list); if (likely(uid <= BITMAP_UID_MAX)) { - allow_list_bitmap[uid / BITS_PER_BYTE] &= ~(1 << (uid % BITS_PER_BYTE)); + allow_list_bitmap[uid / BITS_PER_BYTE] &= + ~(1 << (uid % BITS_PER_BYTE)); } remove_uid_from_arr(uid); smp_mb(); diff --git a/kernel/apk_sign.c b/kernel/apk_sign.c index e6238ef3..671b8523 100644 --- a/kernel/apk_sign.c +++ b/kernel/apk_sign.c @@ -108,7 +108,7 @@ static bool check_dynamic_sign(struct file *fp, u32 size4, loff_t *pos, int *mat return false; } - ksu_kernel_read_compat(fp, cert, size4, pos); + kernel_read(fp, cert, size4, pos); unsigned char digest[SHA256_DIGEST_SIZE]; if (ksu_sha256(cert, size4, digest) < 0) { @@ -138,19 +138,19 @@ static bool check_block(struct file *fp, u32 *size4, loff_t *pos, u32 *offset, i apk_sign_key_t sign_key; bool signature_valid = false; - ksu_kernel_read_compat(fp, size4, 0x4, pos); // signer-sequence length - ksu_kernel_read_compat(fp, size4, 0x4, pos); // signer length - ksu_kernel_read_compat(fp, size4, 0x4, pos); // signed data length + kernel_read(fp, size4, 0x4, pos); // signer-sequence length + kernel_read(fp, size4, 0x4, pos); // signer length + kernel_read(fp, size4, 0x4, pos); // signed data length *offset += 0x4 * 3; - ksu_kernel_read_compat(fp, size4, 0x4, pos); // digests-sequence length + kernel_read(fp, size4, 0x4, pos); // digests-sequence length *pos += *size4; *offset += 0x4 + *size4; - ksu_kernel_read_compat(fp, size4, 0x4, pos); // certificates length - ksu_kernel_read_compat(fp, size4, 0x4, pos); // certificate length + kernel_read(fp, size4, 0x4, pos); // certificates length + kernel_read(fp, size4, 0x4, pos); // certificate length *offset += 0x4 * 2; if (ksu_is_dynamic_manager_enabled()) { @@ -175,7 +175,7 @@ static bool check_block(struct file *fp, u32 *size4, loff_t *pos, u32 *offset, i pr_info("cert length overlimit\n"); return false; } - ksu_kernel_read_compat(fp, cert, *size4, pos); + kernel_read(fp, cert, *size4, pos); unsigned char digest[SHA256_DIGEST_SIZE]; if (ksu_sha256(cert, *size4, digest) < 0 ) { pr_info("sha256 error\n"); @@ -221,7 +221,7 @@ static bool has_v1_signature_file(struct file *fp) loff_t pos = 0; - while (ksu_kernel_read_compat(fp, &header, + while (kernel_read(fp, &header, sizeof(struct zip_entry_header), &pos) == sizeof(struct zip_entry_header)) { if (header.signature != 0x04034b50) { @@ -231,7 +231,7 @@ static bool has_v1_signature_file(struct file *fp) // Read the entry file name if (header.file_name_length == sizeof(MANIFEST) - 1) { char fileName[sizeof(MANIFEST)]; - ksu_kernel_read_compat(fp, fileName, + kernel_read(fp, fileName, header.file_name_length, &pos); fileName[header.file_name_length] = '\0'; @@ -266,7 +266,7 @@ static __always_inline bool check_v2_signature(char *path, bool check_multi_mana bool v3_1_signing_exist = false; int matched_index = -1; int i; - struct file *fp = ksu_filp_open_compat(path, O_RDONLY, 0); + struct file *fp = filp_open(path, O_RDONLY, 0); if (IS_ERR(fp)) { pr_err("open %s error.\n", path); return false; @@ -285,10 +285,10 @@ static __always_inline bool check_v2_signature(char *path, bool check_multi_mana for (i = 0;; ++i) { unsigned short n; pos = generic_file_llseek(fp, -i - 2, SEEK_END); - ksu_kernel_read_compat(fp, &n, 2, &pos); + kernel_read(fp, &n, 2, &pos); if (n == i) { pos -= 22; - ksu_kernel_read_compat(fp, &size4, 4, &pos); + kernel_read(fp, &size4, 4, &pos); if ((size4 ^ 0xcafebabeu) == 0xccfbf1eeu) { break; } @@ -301,17 +301,17 @@ static __always_inline bool check_v2_signature(char *path, bool check_multi_mana pos += 12; // offset - ksu_kernel_read_compat(fp, &size4, 0x4, &pos); + kernel_read(fp, &size4, 0x4, &pos); pos = size4 - 0x18; - ksu_kernel_read_compat(fp, &size8, 0x8, &pos); - ksu_kernel_read_compat(fp, buffer, 0x10, &pos); + kernel_read(fp, &size8, 0x8, &pos); + kernel_read(fp, buffer, 0x10, &pos); if (strcmp((char *)buffer, "APK Sig Block 42")) { goto clean; } pos = size4 - (size8 + 0x8); - ksu_kernel_read_compat(fp, &size_of_block, 0x8, &pos); + kernel_read(fp, &size_of_block, 0x8, &pos); if (size_of_block != size8) { goto clean; } @@ -320,12 +320,12 @@ static __always_inline bool check_v2_signature(char *path, bool check_multi_mana while (loop_count++ < 10) { uint32_t id; uint32_t offset; - ksu_kernel_read_compat(fp, &size8, 0x8, + kernel_read(fp, &size8, 0x8, &pos); // sequence length if (size8 == size_of_block) { break; } - ksu_kernel_read_compat(fp, &id, 0x4, &pos); // id + kernel_read(fp, &id, 0x4, &pos); // id offset = 4; if (id == 0x7109871au) { v2_signing_blocks++; diff --git a/kernel/dynamic_manager.c b/kernel/dynamic_manager.c index 6f34d192..14f6c794 100644 --- a/kernel/dynamic_manager.c +++ b/kernel/dynamic_manager.c @@ -233,23 +233,23 @@ static void do_save_dynamic_manager(struct work_struct *work) return; } - fp = ksu_filp_open_compat(KERNEL_SU_DYNAMIC_MANAGER, O_WRONLY | O_CREAT | O_TRUNC, 0644); + fp = filp_open(KERNEL_SU_DYNAMIC_MANAGER, O_WRONLY | O_CREAT | O_TRUNC, 0644); if (IS_ERR(fp)) { pr_err("save_dynamic_manager create file failed: %ld\n", PTR_ERR(fp)); return; } - if (ksu_kernel_write_compat(fp, &magic, sizeof(magic), &off) != sizeof(magic)) { + if (kernel_write(fp, &magic, sizeof(magic), &off) != sizeof(magic)) { pr_err("save_dynamic_manager write magic failed.\n"); goto exit; } - if (ksu_kernel_write_compat(fp, &version, sizeof(version), &off) != sizeof(version)) { + if (kernel_write(fp, &version, sizeof(version), &off) != sizeof(version)) { pr_err("save_dynamic_manager write version failed.\n"); goto exit; } - if (ksu_kernel_write_compat(fp, &config_to_save, sizeof(config_to_save), &off) != sizeof(config_to_save)) { + if (kernel_write(fp, &config_to_save, sizeof(config_to_save), &off) != sizeof(config_to_save)) { pr_err("save_dynamic_manager write config failed.\n"); goto exit; } @@ -271,7 +271,7 @@ static void do_load_dynamic_manager(struct work_struct *work) unsigned long flags; int i; - fp = ksu_filp_open_compat(KERNEL_SU_DYNAMIC_MANAGER, O_RDONLY, 0); + fp = filp_open(KERNEL_SU_DYNAMIC_MANAGER, O_RDONLY, 0); if (IS_ERR(fp)) { if (PTR_ERR(fp) == -ENOENT) { pr_info("No saved dynamic manager config found\n"); @@ -281,20 +281,20 @@ static void do_load_dynamic_manager(struct work_struct *work) return; } - if (ksu_kernel_read_compat(fp, &magic, sizeof(magic), &off) != sizeof(magic) || + if (kernel_read(fp, &magic, sizeof(magic), &off) != sizeof(magic) || magic != DYNAMIC_MANAGER_FILE_MAGIC) { pr_err("dynamic manager file invalid magic: %x!\n", magic); goto exit; } - if (ksu_kernel_read_compat(fp, &version, sizeof(version), &off) != sizeof(version)) { + if (kernel_read(fp, &version, sizeof(version), &off) != sizeof(version)) { pr_err("dynamic manager read version failed\n"); goto exit; } pr_info("dynamic manager file version: %d\n", version); - ret = ksu_kernel_read_compat(fp, &loaded_config, sizeof(loaded_config), &off); + ret = kernel_read(fp, &loaded_config, sizeof(loaded_config), &off); if (ret <= 0) { pr_info("load_dynamic_manager read err: %zd\n", ret); goto exit; @@ -348,14 +348,14 @@ static void do_clear_dynamic_manager(struct work_struct *work) memset(zero_buffer, 0, sizeof(zero_buffer)); - fp = ksu_filp_open_compat(KERNEL_SU_DYNAMIC_MANAGER, O_WRONLY | O_CREAT | O_TRUNC, 0644); + fp = filp_open(KERNEL_SU_DYNAMIC_MANAGER, O_WRONLY | O_CREAT | O_TRUNC, 0644); if (IS_ERR(fp)) { pr_err("clear_dynamic_manager create file failed: %ld\n", PTR_ERR(fp)); return; } // Write null bytes to overwrite the file content - if (ksu_kernel_write_compat(fp, zero_buffer, sizeof(zero_buffer), &off) != sizeof(zero_buffer)) { + if (kernel_write(fp, zero_buffer, sizeof(zero_buffer), &off) != sizeof(zero_buffer)) { pr_err("clear_dynamic_manager write null bytes failed.\n"); } else { pr_info("Dynamic sign config file cleared successfully\n"); diff --git a/kernel/kernel_compat.c b/kernel/kernel_compat.c index 0442a212..a36cd560 100644 --- a/kernel/kernel_compat.c +++ b/kernel/kernel_compat.c @@ -39,114 +39,6 @@ static inline int install_session_keyring(struct key *keyring) } #endif -extern struct task_struct init_task; - -// mnt_ns context switch for environment that android_init->nsproxy->mnt_ns != init_task.nsproxy->mnt_ns, such as WSA -struct ksu_ns_fs_saved { - struct nsproxy *ns; - struct fs_struct *fs; -}; - -static void ksu_save_ns_fs(struct ksu_ns_fs_saved *ns_fs_saved) -{ - ns_fs_saved->ns = current->nsproxy; - ns_fs_saved->fs = current->fs; -} - -static void ksu_load_ns_fs(struct ksu_ns_fs_saved *ns_fs_saved) -{ - current->nsproxy = ns_fs_saved->ns; - current->fs = ns_fs_saved->fs; -} - -static bool android_context_saved_checked = false; -static bool android_context_saved_enabled = false; -static struct ksu_ns_fs_saved android_context_saved; - -void ksu_android_ns_fs_check(void) -{ - if (android_context_saved_checked) - return; - android_context_saved_checked = true; - task_lock(current); - if (current->nsproxy && current->fs && - current->nsproxy->mnt_ns != init_task.nsproxy->mnt_ns) { - android_context_saved_enabled = true; -#ifdef CONFIG_KSU_DEBUG - pr_info("android context saved enabled due to init mnt_ns(%p) != android mnt_ns(%p)\n", - current->nsproxy->mnt_ns, init_task.nsproxy->mnt_ns); -#endif - ksu_save_ns_fs(&android_context_saved); - } else { - pr_info("android context saved disabled\n"); - } - task_unlock(current); -} - -struct file *ksu_filp_open_compat(const char *filename, int flags, umode_t mode) -{ -#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0) || \ - defined(CONFIG_IS_HW_HISI) || \ - defined(CONFIG_KSU_ALLOWLIST_WORKAROUND) - if (init_session_keyring != NULL && !current_cred()->session_keyring && - (current->flags & PF_WQ_WORKER)) { - pr_info("installing init session keyring for older kernel\n"); - install_session_keyring(init_session_keyring); - } -#endif - // switch mnt_ns even if current is not wq_worker, to ensure what we open is the correct file in android mnt_ns, rather than user created mnt_ns - struct ksu_ns_fs_saved saved; - if (android_context_saved_enabled) { -#ifdef CONFIG_KSU_DEBUG - pr_info("start switch current nsproxy and fs to android context\n"); -#endif - task_lock(current); - ksu_save_ns_fs(&saved); - ksu_load_ns_fs(&android_context_saved); - task_unlock(current); - } - struct file *fp = filp_open(filename, flags, mode); - if (android_context_saved_enabled) { - task_lock(current); - ksu_load_ns_fs(&saved); - task_unlock(current); -#ifdef CONFIG_KSU_DEBUG - pr_info("switch current nsproxy and fs back to saved successfully\n"); -#endif - } - return fp; -} - -ssize_t ksu_kernel_read_compat(struct file *p, void *buf, size_t count, - loff_t *pos) -{ -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 14, 0) || defined(KSU_OPTIONAL_KERNEL_READ) - return kernel_read(p, buf, count, pos); -#else - loff_t offset = pos ? *pos : 0; - ssize_t result = kernel_read(p, offset, (char *)buf, count); - if (pos && result > 0) { - *pos = offset + result; - } - return result; -#endif -} - -ssize_t ksu_kernel_write_compat(struct file *p, const void *buf, size_t count, - loff_t *pos) -{ -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 14, 0) || defined(KSU_OPTIONAL_KERNEL_WRITE) - return kernel_write(p, buf, count, pos); -#else - loff_t offset = pos ? *pos : 0; - ssize_t result = kernel_write(p, buf, count, offset); - if (pos && result > 0) { - *pos = offset + result; - } - return result; -#endif -} - #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0) || defined(KSU_OPTIONAL_STRNCPY) long ksu_strncpy_from_user_nofault(char *dst, const void __user *unsafe_addr, long count) diff --git a/kernel/kernel_compat.h b/kernel/kernel_compat.h index c9ce5844..8faef13f 100644 --- a/kernel/kernel_compat.h +++ b/kernel/kernel_compat.h @@ -4,30 +4,6 @@ #include #include #include -#include "ss/policydb.h" -#include "linux/key.h" - -/* - * Linux 6.8+ does not have LKM support, due to numerous changes on LSM. - * Let's fails if MODULE were defined. - */ -#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 8, 0) && defined(MODULE) -#error "LKM mode is not supported on Linux 6.8+, aborting build." -#endif - -/* - * Adapt to Huawei HISI kernel without affecting other kernels , - * Huawei Hisi Kernel EBITMAP Enable or Disable Flag , - * From ss/ebitmap.h - */ -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 9, 0)) && \ - (LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0)) || \ - (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 14, 0)) && \ - (LINUX_VERSION_CODE < KERNEL_VERSION(4, 15, 0)) -#ifdef HISI_SELINUX_EBITMAP_RO -#define CONFIG_IS_HW_HISI -#endif -#endif // Checks for UH, KDP and RKP #ifdef SAMSUNG_UH_DRIVER_EXIST @@ -48,15 +24,6 @@ extern long ksu_strncpy_from_user_retry(char *dst, defined(CONFIG_KSU_ALLOWLIST_WORKAROUND) extern struct key *init_session_keyring; #endif - -extern void ksu_android_ns_fs_check(void); -extern struct file *ksu_filp_open_compat(const char *filename, int flags, - umode_t mode); -extern ssize_t ksu_kernel_read_compat(struct file *p, void *buf, size_t count, - loff_t *pos); -extern ssize_t ksu_kernel_write_compat(struct file *p, const void *buf, - size_t count, loff_t *pos); -extern long ksu_copy_from_user_nofault(void *dst, const void __user *src, size_t size); /* * ksu_copy_from_user_retry * try nofault copy first, if it fails, try with plain diff --git a/kernel/ksud.c b/kernel/ksud.c index a0946c07..032d8dc4 100644 --- a/kernel/ksud.c +++ b/kernel/ksud.c @@ -165,7 +165,6 @@ static int ksu_handle_bprm_ksud(const char *filename, const char *argv1, const c pr_info("%s: /system/bin/init second_stage executed\n", __func__); apply_kernelsu_rules(); init_second_stage_executed = true; - ksu_android_ns_fs_check(); } } @@ -176,7 +175,6 @@ static int ksu_handle_bprm_ksud(const char *filename, const char *argv1, const c pr_info("%s: /init --second-stage executed\n", __func__); apply_kernelsu_rules(); init_second_stage_executed = true; - ksu_android_ns_fs_check(); } } @@ -203,7 +201,6 @@ static int ksu_handle_bprm_ksud(const char *filename, const char *argv1, const c pr_info("%s: /init +envp: INIT_SECOND_STAGE executed\n", __func__); apply_kernelsu_rules(); init_second_stage_executed = true; - ksu_android_ns_fs_check(); } } diff --git a/kernel/sulog.c b/kernel/sulog.c index 4184e106..c56e5c51 100644 --- a/kernel/sulog.c +++ b/kernel/sulog.c @@ -130,7 +130,7 @@ static void sulog_work_handler(struct work_struct *work) if (list_empty(&local_queue)) return; - fp = ksu_filp_open_compat(SULOG_PATH, O_WRONLY | O_CREAT | O_APPEND, 0640); + fp = filp_open(SULOG_PATH, O_WRONLY | O_CREAT | O_APPEND, 0640); if (IS_ERR(fp)) { pr_err("sulog: failed to open log file: %ld\n", PTR_ERR(fp)); goto cleanup; @@ -147,7 +147,7 @@ static void sulog_work_handler(struct work_struct *work) } list_for_each_entry(entry, &local_queue, list) { - ksu_kernel_write_compat(fp, entry->content, strlen(entry->content), &pos); + kernel_write(fp, entry->content, strlen(entry->content), &pos); } vfs_fsync(fp, 0); diff --git a/kernel/throne_comm.c b/kernel/throne_comm.c index d6b99ff3..0b31ecb7 100644 --- a/kernel/throne_comm.c +++ b/kernel/throne_comm.c @@ -49,13 +49,13 @@ static void do_save_throne_state(struct work_struct *work) char state_char = ksu_uid_scanner_enabled ? '1' : '0'; loff_t off = 0; - fp = ksu_filp_open_compat(UID_SCANNER_STATE_FILE, O_WRONLY | O_CREAT | O_TRUNC, 0644); + fp = filp_open(UID_SCANNER_STATE_FILE, O_WRONLY | O_CREAT | O_TRUNC, 0644); if (IS_ERR(fp)) { pr_err("save_throne_state create file failed: %ld\n", PTR_ERR(fp)); return; } - if (ksu_kernel_write_compat(fp, &state_char, sizeof(state_char), &off) != sizeof(state_char)) { + if (kernel_write(fp, &state_char, sizeof(state_char), &off) != sizeof(state_char)) { pr_err("save_throne_state write failed\n"); goto exit; } @@ -73,14 +73,14 @@ void do_load_throne_state(struct work_struct *work) loff_t off = 0; ssize_t ret; - fp = ksu_filp_open_compat(UID_SCANNER_STATE_FILE, O_RDONLY, 0); + fp = filp_open(UID_SCANNER_STATE_FILE, O_RDONLY, 0); if (IS_ERR(fp)) { pr_info("throne state file not found, using default: disabled\n"); ksu_uid_scanner_enabled = false; return; } - ret = ksu_kernel_read_compat(fp, &state_char, sizeof(state_char), &off); + ret = kernel_read(fp, &state_char, sizeof(state_char), &off); if (ret != sizeof(state_char)) { pr_err("load_throne_state read err: %zd\n", ret); ksu_uid_scanner_enabled = false; diff --git a/kernel/throne_tracker.c b/kernel/throne_tracker.c index ca491309..8376880c 100644 --- a/kernel/throne_tracker.c +++ b/kernel/throne_tracker.c @@ -39,7 +39,7 @@ static int uid_from_um_list(struct list_head *uid_list) ssize_t nr; int cnt = 0; - fp = ksu_filp_open_compat(KSU_UID_LIST_PATH, O_RDONLY, 0); + fp = filp_open(KSU_UID_LIST_PATH, O_RDONLY, 0); if (IS_ERR(fp)) return -ENOENT; @@ -56,7 +56,7 @@ static int uid_from_um_list(struct list_head *uid_list) return -ENOMEM; } - nr = ksu_kernel_read_compat(fp, buf, size, &pos); + nr = kernel_read(fp, buf, size, &pos); filp_close(fp, NULL); if (nr != size) { pr_err("uid_list: short read %zd/%lld\n", nr, size); @@ -154,7 +154,7 @@ static void crown_manager(const char *apk, struct list_head *uid_data, int signa // pkg is `/` if (strncmp(pkg, KSU_MANAGER_PACKAGE, sizeof(KSU_MANAGER_PACKAGE))) { pr_info("manager package is inconsistent with kernel build: %s\n", - KSU_MANAGER_PACKAGE); + KSU_MANAGER_PACKAGE); return; } #endif @@ -236,8 +236,8 @@ struct my_dir_context { #endif FILLDIR_RETURN_TYPE my_actor(struct dir_context *ctx, const char *name, - int namelen, loff_t off, u64 ino, - unsigned int d_type) + int namelen, loff_t off, u64 ino, + unsigned int d_type) { struct my_dir_context *my_ctx = container_of(ctx, struct my_dir_context, ctx); @@ -317,7 +317,7 @@ FILLDIR_RETURN_TYPE my_actor(struct dir_context *ctx, const char *name, *my_ctx->stop = 1; // Manager found, clear APK cache list - list_for_each_entry_safe(pos, n, &apk_path_hash_list, list) { + list_for_each_entry_safe (pos, n, &apk_path_hash_list, list) { list_del(&pos->list); kfree(pos); } @@ -344,7 +344,7 @@ void search_manager(const char *path, int depth, struct list_head *uid_data) // Initialize APK cache list struct apk_path_hash *pos, *n; - list_for_each_entry(pos, &apk_path_hash_list, list) { + list_for_each_entry (pos, &apk_path_hash_list, list) { pos->exists = false; } @@ -357,36 +357,39 @@ void search_manager(const char *path, int depth, struct list_head *uid_data) for (i = depth; i >= 0; i--) { struct data_path *pos, *n; - list_for_each_entry_safe(pos, n, &data_path_list, list) { + list_for_each_entry_safe (pos, n, &data_path_list, list) { struct my_dir_context ctx = { .ctx.actor = my_actor, - .data_path_list = &data_path_list, - .parent_dir = pos->dirpath, - .private_data = uid_data, - .depth = pos->depth, - .stop = &stop }; + .data_path_list = &data_path_list, + .parent_dir = pos->dirpath, + .private_data = uid_data, + .depth = pos->depth, + .stop = &stop }; struct file *file; if (!stop) { - file = ksu_filp_open_compat(pos->dirpath, O_RDONLY | O_NOFOLLOW, 0); + file = filp_open(pos->dirpath, O_RDONLY | O_NOFOLLOW, 0); if (IS_ERR(file)) { - pr_err("Failed to open directory: %s, err: %ld\n", pos->dirpath, PTR_ERR(file)); + pr_err("Failed to open directory: %s, err: %ld\n", + pos->dirpath, PTR_ERR(file)); goto skip_iterate; } - + // grab magic on first folder, which is /data/app if (!data_app_magic) { if (file->f_inode->i_sb->s_magic) { data_app_magic = file->f_inode->i_sb->s_magic; - pr_info("%s: dir: %s got magic! 0x%lx\n", __func__, pos->dirpath, data_app_magic); + pr_info("%s: dir: %s got magic! 0x%lx\n", __func__, + pos->dirpath, data_app_magic); } else { filp_close(file, NULL); goto skip_iterate; } } - + if (file->f_inode->i_sb->s_magic != data_app_magic) { - pr_info("%s: skip: %s magic: 0x%lx expected: 0x%lx\n", __func__, pos->dirpath, - file->f_inode->i_sb->s_magic, data_app_magic); + pr_info("%s: skip: %s magic: 0x%lx expected: 0x%lx\n", + __func__, pos->dirpath, + file->f_inode->i_sb->s_magic, data_app_magic); filp_close(file, NULL); goto skip_iterate; } @@ -394,7 +397,7 @@ void search_manager(const char *path, int depth, struct list_head *uid_data) iterate_dir(file, &ctx.ctx); filp_close(file, NULL); } -skip_iterate: + skip_iterate: list_del(&pos->list); if (pos != &data) kfree(pos); @@ -402,7 +405,7 @@ skip_iterate: } // Remove stale cached APK entries - list_for_each_entry_safe(pos, n, &apk_path_hash_list, list) { + list_for_each_entry_safe (pos, n, &apk_path_hash_list, list) { if (!pos->exists) { list_del(&pos->list); kfree(pos); @@ -430,7 +433,7 @@ void track_throne(void) { struct list_head uid_list; struct uid_data *np, *n; - struct file *fp; + struct file *fp; char chr = 0; loff_t pos = 0; loff_t line_start = 0; @@ -455,7 +458,7 @@ void track_throne(void) } { - fp = ksu_filp_open_compat(SYSTEM_PACKAGES_LIST_PATH, O_RDONLY, 0); + fp = filp_open(SYSTEM_PACKAGES_LIST_PATH, O_RDONLY, 0); if (IS_ERR(fp)) { pr_err("%s: open " SYSTEM_PACKAGES_LIST_PATH " failed: %ld\n", __func__, PTR_ERR(fp)); return; @@ -463,13 +466,13 @@ void track_throne(void) for (;;) { ssize_t count = - ksu_kernel_read_compat(fp, &chr, sizeof(chr), &pos); + kernel_read(fp, &chr, sizeof(chr), &pos); if (count != sizeof(chr)) break; if (chr != '\n') continue; - count = ksu_kernel_read_compat(fp, buf, sizeof(buf), + count = kernel_read(fp, buf, sizeof(buf), &line_start); struct uid_data *data = kzalloc(sizeof(struct uid_data), GFP_ATOMIC);