android/SukiSU-Ultra
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

kernel: Fix task flag marking for root and shell UID

Browse Source 
Signed-off-by: Wang Han <416810799@qq.com>
Co-authored-by: 5ec1cff <56485584+5ec1cff@users.noreply.github.com>
This commit is contained in:
Wang Han
2025-11-11 16:24:55 +08:00
committed by ShirkNeko
parent a7f840d811
commit ded31c2043
3 changed files with 17 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
kernel/allowlist.h
View File

@@ -2,8 +2,13 @@
#define __KSU_H_ALLOWLIST #define __KSU_H_ALLOWLIST
#include <linux/types.h> #include <linux/types.h>
#include <linux/uidgid.h>
#include "app_profile.h" #include "app_profile.h"
#define PER_USER_RANGE 100000
#define FIRST_APPLICATION_UID 10000
#define LAST_APPLICATION_UID 19999
void ksu_allowlist_init(void); void ksu_allowlist_init(void);
void ksu_allowlist_exit(void); void ksu_allowlist_exit(void);
@@ -30,8 +35,15 @@ bool ksu_set_app_profile(struct app_profile *, bool persist);
bool ksu_uid_should_umount(uid_t uid); bool ksu_uid_should_umount(uid_t uid);
struct root_profile *ksu_get_root_profile(uid_t uid); struct root_profile *ksu_get_root_profile(uid_t uid);
static inline bool is_appuid(uid_t uid)
{
uid_t appid = uid % PER_USER_RANGE;
return appid >= FIRST_APPLICATION_UID && appid <= LAST_APPLICATION_UID;
}
#ifdef CONFIG_KSU_MANUAL_SU #ifdef CONFIG_KSU_MANUAL_SU
bool ksu_temp_grant_root_once(uid_t uid); bool ksu_temp_grant_root_once(uid_t uid);
void ksu_temp_revoke_root_once(uid_t uid); void ksu_temp_revoke_root_once(uid_t uid);
#endif #endif
#endif #endif

5
kernel/kernel_umount.c
View File

@@ -133,6 +133,11 @@ int ksu_handle_umount(uid_t old_uid, uid_t new_uid)
return 0; return 0;
} }
// FIXME: isolated process which directly forks from zygote is not handled
if (!is_appuid(new_uid)) {
return 0;
}
if (!ksu_uid_should_umount(new_uid)) { if (!ksu_uid_should_umount(new_uid)) {
return 0; return 0;
} }

21
kernel/setuid_hook.c
View File

@@ -43,10 +43,6 @@
#include "kernel_umount.h" #include "kernel_umount.h"
#include "app_profile.h" #include "app_profile.h"
#define PER_USER_RANGE 100000
#define FIRST_APPLICATION_UID 10000
#define LAST_APPLICATION_UID 19999
static bool ksu_enhanced_security_enabled = false; static bool ksu_enhanced_security_enabled = false;
static int enhanced_security_feature_get(u64 *value) static int enhanced_security_feature_get(u64 *value)
@@ -79,12 +75,6 @@ static inline bool is_allow_su()
return ksu_is_allow_uid_for_current(current_uid().val); return ksu_is_allow_uid_for_current(current_uid().val);
} }
static inline bool is_appuid(uid_t uid)
{
uid_t appid = uid % PER_USER_RANGE;
return appid >= FIRST_APPLICATION_UID && appid <= LAST_APPLICATION_UID;
}
int ksu_handle_setresuid(uid_t ruid, uid_t euid, uid_t suid) int ksu_handle_setresuid(uid_t ruid, uid_t euid, uid_t suid)
{ {
uid_t new_uid = ruid; uid_t new_uid = ruid;
@@ -116,17 +106,6 @@ int ksu_handle_setresuid(uid_t ruid, uid_t euid, uid_t suid)
return 0; return 0;
} }
if (new_uid == 2000) {
ksu_set_task_tracepoint_flag(current);
}
// FIXME: isolated process which directly forks from zygote is not handled
if (!is_appuid(new_uid)) {
pr_info("handle setresuid ignore non application or isolated uid: %d\n", new_uid);
ksu_clear_task_tracepoint_flag(current);
return 0;
}
// if on private space, see if its possibly the manager // if on private space, see if its possibly the manager
if (new_uid > PER_USER_RANGE && new_uid % PER_USER_RANGE == ksu_get_manager_uid()) { if (new_uid > PER_USER_RANGE && new_uid % PER_USER_RANGE == ksu_get_manager_uid()) {
ksu_set_manager_uid(new_uid); ksu_set_manager_uid(new_uid);