From dc0026c10b472dacf45e31adc40469ac1042ed73 Mon Sep 17 00:00:00 2001
From: rsuntk <90097027+rsuntk@users.noreply.github.com>
Date: Wed, 11 Jun 2025 15:03:17 +0000
Subject: [PATCH] [skip ci] kernel: move is_ksu_transition to selinux.c

* SELinux stuff on ksud? Does something like this is offtopic?

Signed-off-by: rsuntk <90097027+rsuntk@users.noreply.github.com>
---
 kernel/ksud.c            | 22 ----------------------
 kernel/selinux/selinux.c | 21 +++++++++++++++++++++
 2 files changed, 21 insertions(+), 22 deletions(-)

diff --git a/kernel/ksud.c b/kernel/ksud.c
index a76607ef..0c325a1a 100644
--- a/kernel/ksud.c
+++ b/kernel/ksud.c
@@ -632,28 +632,6 @@ static void do_stop_input_hook(struct work_struct *work)
  }
 #endif
 
-#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 14, 0)
-#include "objsec.h" // task_security_struct
-bool __maybe_unused is_ksu_transition(const struct task_security_struct *old_tsec,
-			const struct task_security_struct *new_tsec)
-{
-	static u32 ksu_sid;
-	char *secdata;
-	u32 seclen;
-	bool allowed = false;
-
-	if (!ksu_sid)
-		security_secctx_to_secid("u:r:su:s0", strlen("u:r:su:s0"), &ksu_sid);
-
-	if (security_secid_to_secctx(old_tsec->sid, &secdata, &seclen))
-		return false;
-
-	allowed = (!strcmp("u:r:init:s0", secdata) && new_tsec->sid == ksu_sid);
-	security_release_secctx(secdata, seclen);
-	return allowed;
-}
-#endif
-
 static void stop_vfs_read_hook()
 {
 #ifdef CONFIG_KSU_KPROBES_HOOK
diff --git a/kernel/selinux/selinux.c b/kernel/selinux/selinux.c
index e171e010..b4ad7c99 100644
--- a/kernel/selinux/selinux.c
+++ b/kernel/selinux/selinux.c
@@ -45,6 +45,27 @@ static int transive_to_domain(const char *domain)
 	return error;
 }
 
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 14, 0)
+bool __maybe_unused is_ksu_transition(const struct task_security_struct *old_tsec,
+			const struct task_security_struct *new_tsec)
+{
+	static u32 ksu_sid;
+	char *secdata;
+	u32 seclen;
+	bool allowed = false;
+
+	if (!ksu_sid)
+		security_secctx_to_secid("u:r:su:s0", strlen("u:r:su:s0"), &ksu_sid);
+
+	if (security_secid_to_secctx(old_tsec->sid, &secdata, &seclen))
+		return false;
+
+	allowed = (!strcmp("u:r:init:s0", secdata) && new_tsec->sid == ksu_sid);
+	security_release_secctx(secdata, seclen);
+	return allowed;
+}
+#endif
+
 void ksu_setup_selinux(const char *domain)
 {
 	if (transive_to_domain(domain)) {