From e2ea0138dbd7d1679555edf00f93f567b372939c Mon Sep 17 00:00:00 2001 From: ShirkNeko <109797057+ShirkNeko@users.noreply.github.com> Date: Sun, 10 Aug 2025 16:35:19 +0800 Subject: [PATCH] kernel & KernelSU & ksu_susfs: Temp fix for avc log message being leaked by... kernel & KernelSU & ksu_susfs: Temp fix for avc log message being leaked by logd and added new toggle for enabling or disabling avc log spoofing - See full details: https://android-review.googlesource.com/c/platform/system/logging/+/3725346/2 https://github.com/aviraxp/ZN-AuditPatch - Since spoofing avc log in kernel may make things harder when users trying to debug with some permission issues or selinux issues, so thats why the toggle is created here and this is just a temp fix implemented in kernel side - usage: ksu_susfs enable_avc_log_spoofing <0|1> Co-authored-by: simonpunk --- kernel/core_hook.c | 11 +++++++++++ kernel/selinux/rules.c | 1 + kernel/selinux/selinux.c | 7 +++++++ 3 files changed, 19 insertions(+) diff --git a/kernel/core_hook.c b/kernel/core_hook.c index 7fa351a7..5b81c2da 100644 --- a/kernel/core_hook.c +++ b/kernel/core_hook.c @@ -1010,6 +1010,17 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3, return 0; } #endif // #ifdef CONFIG_KSU_SUSFS_SUS_SU + if (arg2 == CMD_SUSFS_ENABLE_AVC_LOG_SPOOFING) { + int error = 0; + if (arg3 != 0 && arg3 != 1) { + pr_err("susfs: CMD_SUSFS_ENABLE_AVC_LOG_SPOOFING -> arg3 can only be 0 or 1\n"); + return 0; + } + susfs_set_avc_log_spoofing(arg3); + if (copy_to_user((void __user*)arg5, &error, sizeof(error))) + pr_info("susfs: copy_to_user() failed\n"); + return 0; + } } #endif //#ifdef CONFIG_KSU_SUSFS diff --git a/kernel/selinux/rules.c b/kernel/selinux/rules.c index 918ab435..ebf19ff7 100644 --- a/kernel/selinux/rules.c +++ b/kernel/selinux/rules.c @@ -143,6 +143,7 @@ void ksu_apply_kernelsu_rules() #ifdef CONFIG_KSU_SUSFS // Allow umount in zygote process without installing zygisk ksu_allow(db, "zygote", "labeledfs", "filesystem", "unmount"); + susfs_set_kernel_sid(); susfs_set_init_sid(); susfs_set_ksu_sid(); susfs_set_zygote_sid(); diff --git a/kernel/selinux/selinux.c b/kernel/selinux/selinux.c index 5e1a7be6..7e85815b 100644 --- a/kernel/selinux/selinux.c +++ b/kernel/selinux/selinux.c @@ -14,9 +14,11 @@ #ifdef CONFIG_KSU_SUSFS #define KERNEL_INIT_DOMAIN "u:r:init:s0" #define KERNEL_ZYGOTE_DOMAIN "u:r:zygote:s0" +#define KERNEL_KERNEL_DOMAIN "u:r:kernel:s0" u32 susfs_ksu_sid = 0; u32 susfs_init_sid = 0; u32 susfs_zygote_sid = 0; +u32 susfs_kernel_sid = 0; #endif static int transive_to_domain(const char *domain) @@ -235,6 +237,11 @@ void susfs_set_init_sid(void) bool susfs_is_current_init_domain(void) { return unlikely(current_sid() == susfs_init_sid); } + +void susfs_set_kernel_sid(void) +{ + susfs_set_sid(KERNEL_KERNEL_DOMAIN, &susfs_kernel_sid); +} #endif #define DEVPTS_DOMAIN "u:object_r:ksu_file:s0"