From cc0dfc44aca14d3de4cb5c84d056cc0520ce6704 Mon Sep 17 00:00:00 2001 From: 5ec1cff Date: Sat, 8 Nov 2025 17:41:42 +0700 Subject: [PATCH] kernel: fdwrapper: use anon_inode_getfd_secure to make new inode Signed-off-by: Faris --- kernel/supercalls.c | 51 +++++++++++++++++++-------------------------- 1 file changed, 22 insertions(+), 29 deletions(-) diff --git a/kernel/supercalls.c b/kernel/supercalls.c index 71cbce31..995838aa 100644 --- a/kernel/supercalls.c +++ b/kernel/supercalls.c @@ -379,14 +379,18 @@ static int __do_get_wrapper_fd(void __user *arg, const char *anon_name) goto put_orig_file; } - struct file *pf = anon_inode_getfile(anon_name, &data->ops, - data, f->f_flags); - if (IS_ERR(pf)) { - ret = PTR_ERR(pf); - pr_err("fdwrapper: anon_inode_getfile failed: %ld\n", - PTR_ERR(pf)); +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 12, 0) +#define getfd_secure anon_inode_create_getfd +#else +#define getfd_secure anon_inode_getfd_secure +#endif + + ret = getfd_secure(anon_name, &data->ops, data, f->f_flags, NULL); + if (ret < 0) { + pr_err("ksu_fdwrapper: getfd failed: %d\n", ret); goto put_wrapper_data; } + struct file *pf = fget(ret); struct inode *wrapper_inode = file_inode(pf); #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 1, 0) || \ @@ -400,18 +404,6 @@ static int __do_get_wrapper_fd(void __user *arg, const char *anon_name) sec->sid = ksu_file_sid; } - ret = get_unused_fd_flags(cmd.flags); - if (ret < 0) { - pr_err("fdwrapper: get unused fd failed: %d\n", ret); - goto put_wrapper_file; - } - - // pr_info("mksu_fdwrapper: installed wrapper fd for %p %d (flags=%d, mode=%d) to %p %d (flags=%d, mode=%d)", f, cmd.fd, f->f_flags, f->f_mode, pf, ret, pf->f_flags, pf->f_mode); - // pf->f_mode |= FMODE_READ | FMODE_CAN_READ | FMODE_WRITE | FMODE_CAN_WRITE; - fd_install(ret, pf); - goto put_orig_file; - -put_wrapper_file: fput(pf); put_wrapper_data: mksu_delete_file_wrapper(data); @@ -421,6 +413,16 @@ put_orig_file: return ret; } +static int do_get_wrapper_fd_mksu(void __user *arg) +{ + return __do_get_wrapper_fd(arg, "[mksu_fdwrapper]"); +} + +static int do_get_wrapper_fd(void __user *arg) +{ + return __do_get_wrapper_fd(arg, "[ksu_fdwrapper]"); +} + // 100. GET_FULL_VERSION - Get full version string static int do_get_full_version(void __user *arg) { @@ -579,15 +581,6 @@ static int do_enable_uid_scanner(void __user *arg) return 0; } -static int do_get_wrapper_fd(void __user *arg) -{ - return __do_get_wrapper_fd(arg, "[mksu_fdwrapper]"); -} - -static int do_proxy_file(void __user *arg) -{ - return __do_get_wrapper_fd(arg, "[ksu_file_proxy]"); -} // IOCTL handlers mapping table static const struct ksu_ioctl_cmd_map ksu_ioctl_handlers[] = { @@ -605,8 +598,8 @@ static const struct ksu_ioctl_cmd_map ksu_ioctl_handlers[] = { { .cmd = KSU_IOCTL_SET_APP_PROFILE, .name = "SET_APP_PROFILE", .handler = do_set_app_profile, .perm_check = only_manager }, { .cmd = KSU_IOCTL_GET_FEATURE, .name = "GET_FEATURE", .handler = do_get_feature, .perm_check = manager_or_root }, { .cmd = KSU_IOCTL_SET_FEATURE, .name = "SET_FEATURE", .handler = do_set_feature, .perm_check = manager_or_root }, - { .cmd = KSU_IOCTL_GET_WRAPPER_FD, .name = "GET_WRAPPER_FD", .handler = do_get_wrapper_fd, .perm_check = manager_or_root }, - { .cmd = KSU_IOCTL_PROXY_FILE, .name = "PROXY_FILE", .handler = do_proxy_file, .perm_check = manager_or_root }, + { .cmd = KSU_IOCTL_PROXY_FILE, .name = "PROXY_FILE", .handler = do_get_wrapper_fd, .perm_check = manager_or_root }, + { .cmd = KSU_IOCTL_GET_WRAPPER_FD, .name = "GET_WRAPPER_FD", .handler = do_get_wrapper_fd_mksu, .perm_check = manager_or_root }, { .cmd = KSU_IOCTL_GET_FULL_VERSION,.name = "GET_FULL_VERSION", .handler = do_get_full_version, .perm_check = always_allow}, { .cmd = KSU_IOCTL_HOOK_TYPE,.name = "GET_HOOK_TYPE", .handler = do_get_hook_type, .perm_check = manager_or_root}, { .cmd = KSU_IOCTL_ENABLE_KPM, .name = "GET_ENABLE_KPM", .handler = do_enable_kpm, .perm_check = manager_or_root},