kernel: core_hook: intercept devpts via security_inode_permission LSM
`ksu handles devpts with selinux lsm hook` - aviraxp - no, not yet, but yes we can, thats a good idea. This change tries to do that, so instead of hooking pts_unix98_lookup or devpts_get_priv, we just watch security_inode_permission, if its devpts, pass it along to the original handler. EDIT: define devpts super magic if its undefined - yeah I aint gonna include a conditional include of a header just for this - while we can just fully remove the macro and inline, readability loss is bad Co-authored-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
This commit is contained in:
ShirkNeko
@@ -195,8 +195,15 @@ int ksu_handle_execve_sucompat(int *fd, const char __user **filename_user,
|
||||
return 0;
|
||||
}
|
||||
|
||||
// dummified
|
||||
int ksu_handle_devpts(struct inode *inode)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
int __ksu_handle_devpts(struct inode *inode)
|
||||
{
|
||||
|
||||
#ifndef CONFIG_KSU_KPROBES_HOOK
|
||||
if (!ksu_sucompat_hook_state)
|
||||
return 0;
|
||||
@@ -212,15 +219,12 @@ int ksu_handle_devpts(struct inode *inode)
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (!ksu_is_allow_uid(uid))
|
||||
if (likely(!ksu_is_allow_uid(uid)))
|
||||
return 0;
|
||||
|
||||
if (ksu_devpts_sid) {
|
||||
struct inode_security_struct *sec = selinux_inode(inode);
|
||||
if (sec) {
|
||||
sec->sid = ksu_devpts_sid;
|
||||
}
|
||||
}
|
||||
if (ksu_devpts_sid && sec)
|
||||
sec->sid = ksu_devpts_sid;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user