android/SukiSU-Ultra
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

kernel: Handle unmount for isolated process correctly

Browse Source 
Isolated processes can be directly forked from zygote, but current code doesn't handle it well. Fix it by unmounting unconditionally if isolated process is forked from zygote.

Signed-off-by: rsuntk <rsuntk@yukiprjkt.my.id>
This commit is contained in:
Wang Han
2025-08-07 21:23:41 +07:00
committed by ShirkNeko
parent 8727664fa9
commit e0da36d9a9
1 changed files with 19 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
kernel/core_hook.c
View File

@@ -146,7 +146,7 @@ static inline bool is_allow_su()
return ksu_is_allow_uid(current_uid().val); return ksu_is_allow_uid(current_uid().val);
} }
static inline bool is_unsupported_uid(uid_t uid) static inline bool is_unsupported_app_uid(uid_t uid)
{ {
#define LAST_APPLICATION_UID 19999 #define LAST_APPLICATION_UID 19999
uid_t appid = uid % 100000; uid_t appid = uid % 100000;
@@ -1111,14 +1111,13 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
return 0; return 0;
} }
static bool is_appuid(kuid_t uid) static bool is_non_appuid(kuid_t uid)
{ {
#define PER_USER_RANGE 100000 #define PER_USER_RANGE 100000
#define FIRST_APPLICATION_UID 10000 #define FIRST_APPLICATION_UID 10000
#define LAST_APPLICATION_UID 19999
uid_t appid = uid.val % PER_USER_RANGE; uid_t appid = uid.val % PER_USER_RANGE;
return appid >= FIRST_APPLICATION_UID && appid <= LAST_APPLICATION_UID; return appid < FIRST_APPLICATION_UID;
} }
static bool should_umount(struct path *path) static bool should_umount(struct path *path)
@@ -1301,14 +1300,19 @@ int ksu_handle_setuid(struct cred *new, const struct cred *old)
} }
#endif // #ifdef CONFIG_KSU_SUSFS #endif // #ifdef CONFIG_KSU_SUSFS
if (!is_appuid(new_uid) || is_unsupported_uid(new_uid.val)) { if (is_non_appuid(new_uid)) {
// pr_info("handle setuid ignore non application or isolated uid: %d\n", new_uid.val); #ifdef CONFIG_KSU_DEBUG
pr_info("handle setuid ignore non application uid: %d\n", new_uid.val);
#endif
return 0; return 0;
} }
if (ksu_is_allow_uid(new_uid.val)) { // isolated process may be directly forked from zygote, always unmount
// pr_info("handle setuid ignore allowed application: %d\n", new_uid.val); if (is_unsupported_app_uid(new_uid.val)) {
return 0; #ifdef CONFIG_KSU_DEBUG
pr_info("handle umount for unsupported application uid: %d\n", new_uid.val);
#endif
goto do_umount;
} }
#ifdef CONFIG_KSU_SUSFS #ifdef CONFIG_KSU_SUSFS
else { else {
@@ -1327,24 +1331,23 @@ int ksu_handle_setuid(struct cred *new, const struct cred *old)
#ifdef CONFIG_KSU_SUSFS_SUS_MOUNT #ifdef CONFIG_KSU_SUSFS_SUS_MOUNT
out_ksu_try_umount: out_ksu_try_umount:
#endif #endif
if (!ksu_uid_should_umount(new_uid.val)) { if (ksu_is_allow_uid(new_uid.val)) {
return 0;
} else {
#ifdef CONFIG_KSU_DEBUG #ifdef CONFIG_KSU_DEBUG
pr_info("uid: %d should not umount!\n", current_uid().val); pr_info("handle setuid ignore allowed application: %d\n", new_uid.val);
#endif #endif
return 0;
} }
#ifndef CONFIG_KSU_SUSFS #ifndef CONFIG_KSU_SUSFS
do_umount:
// check old process's selinux context, if it is not zygote, ignore it! // check old process's selinux context, if it is not zygote, ignore it!
// because some su apps may setuid to untrusted_app but they are in global mount namespace // because some su apps may setuid to untrusted_app but they are in global mount namespace
// when we umount for such process, that is a disaster! // when we umount for such process, that is a disaster!
bool is_zygote_child = ksu_is_zygote(old->security); if (!ksu_is_zygote(old->security)) {
#endif
if (!is_zygote_child) {
pr_info("handle umount ignore non zygote child: %d\n", pr_info("handle umount ignore non zygote child: %d\n",
current->pid); current->pid);
return 0; return 0;
} }
#endif
#ifdef CONFIG_KSU_SUSFS_TRY_UMOUNT #ifdef CONFIG_KSU_SUSFS_TRY_UMOUNT