From e2bcec1ee2178a5e0b5a9b0fe1a26c05412f915c Mon Sep 17 00:00:00 2001
From: ShirkNeko <109797057+ShirkNeko@users.noreply.github.com>
Date: Sun, 16 Nov 2025 14:50:04 +0800
Subject: [PATCH] kernel: Add sulog records for susfs

---
 kernel/setuid_hook.c |  4 ++++
 kernel/sucompat.c    | 18 ++++++++++++------
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/kernel/setuid_hook.c b/kernel/setuid_hook.c
index 9a72c083..ecdc3736 100644
--- a/kernel/setuid_hook.c
+++ b/kernel/setuid_hook.c
@@ -248,6 +248,10 @@ int ksu_handle_setresuid(uid_t ruid, uid_t euid, uid_t suid){
         return 0;
     }
 
+#if __SULOG_GATE
+    ksu_sulog_report_syscall(new_uid, NULL, "setuid", NULL);
+#endif
+
     // Check if spawned process is isolated service first, and force to do umount if so  
     if (is_zygote_isolated_service_uid(new_uid) && susfs_is_umount_for_zygote_iso_service_enabled) {
         goto do_umount;
diff --git a/kernel/sucompat.c b/kernel/sucompat.c
index b6406952..595217c2 100644
--- a/kernel/sucompat.c
+++ b/kernel/sucompat.c
@@ -227,6 +227,12 @@ int ksu_handle_execveat_sucompat(int *fd, struct filename **filename_ptr,
     if (likely(memcmp(filename->name, su_path, sizeof(su_path))))
         return 0;
 
+#if __SULOG_GATE
+    bool is_allowed = ksu_is_allow_uid_for_current(current_uid().val);
+    ksu_sulog_report_syscall(current_uid().val, NULL, "execve", su_path);
+    ksu_sulog_report_su_attempt(current_uid().val, NULL, su_path, is_allowed);
+#endif
+
     pr_info("do_execveat_common su found\n");
     memcpy((void *)filename->name, ksud_path, sizeof(ksud_path));
 
@@ -238,10 +244,6 @@ int ksu_handle_execveat_sucompat(int *fd, struct filename **filename_ptr,
 int ksu_handle_execveat(int *fd, struct filename **filename_ptr, void *argv,
             void *envp, int *flags)
 {
-    if (!ksu_su_compat_enabled){
-        return 0;
-    }
-
     if (ksu_handle_execveat_ksud(fd, filename_ptr, argv, envp, flags)) {
         return 0;
     }
@@ -261,13 +263,14 @@ int ksu_handle_faccessat(int *dfd, const char __user **filename_user, int *mode,
     strncpy_from_user_nofault(path, *filename_user, sizeof(path));
 
     if (unlikely(!memcmp(path, su_path, sizeof(su_path)))) {
+#if __SULOG_GATE
+        ksu_sulog_report_syscall(current_uid().val, NULL, "faccessat", path);
+#endif
         pr_info("faccessat su->sh!\n");
         *filename_user = sh_user_path();
     }
 
     return 0;
-
-    return 0;
 }
 
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
@@ -316,6 +319,9 @@ int ksu_handle_stat(int *dfd, const char __user **filename_user, int *flags)
     strncpy_from_user_nofault(path, *filename_user, sizeof(path));
 
     if (unlikely(!memcmp(path, su_path, sizeof(su_path)))) {
+#if __SULOG_GATE
+        ksu_sulog_report_syscall(current_uid().val, NULL, "newfstatat", path);
+#endif
         pr_info("ksu_handle_stat: su->sh!\n");
         *filename_user = sh_user_path();
     }