From e41fa8ef6263371ee9d9b5a499dac19ca2555429 Mon Sep 17 00:00:00 2001 From: ShirkNeko <109797057+ShirkNeko@users.noreply.github.com> Date: Mon, 25 Aug 2025 19:29:14 +0800 Subject: [PATCH] Revert renaming symbols in KernelSU driver - In order to reduce the extra patch code and increase the rate of hunk succeed, we do not rename the symbols in KernelSU drvier but instead do it all in kernel/kallsym.c - Make susfs_starts_with() global as it maybe useful in future Co-authored-by: simonpunk --- kernel/Kconfig | 8 +++--- kernel/allowlist.c | 2 +- kernel/apk_sign.c | 2 +- kernel/apk_sign.h | 2 +- kernel/core_hook.c | 54 ++++++++++++++++++++-------------------- kernel/kpm/compact.c | 2 +- kernel/ksu.c | 8 +++--- kernel/ksud.c | 10 ++++---- kernel/ksud.h | 2 +- kernel/manager.h | 2 +- kernel/selinux/rules.c | 8 +++--- kernel/selinux/selinux.c | 10 ++++---- kernel/selinux/selinux.h | 12 ++++----- kernel/sucompat.c | 6 ++--- kernel/throne_tracker.c | 4 +-- kernel/throne_tracker.h | 2 +- 16 files changed, 67 insertions(+), 67 deletions(-) diff --git a/kernel/Kconfig b/kernel/Kconfig index 9ea09c0c..927dcfff 100644 --- a/kernel/Kconfig +++ b/kernel/Kconfig @@ -141,19 +141,19 @@ config KSU_SUSFS_SUS_KSTAT - Effective only on zygote spawned user app process. config KSU_SUSFS_TRY_UMOUNT - bool "Enable to use ksu's ksu_try_umount" + bool "Enable to use ksu's try_umount" depends on KSU_SUSFS default y help - - Allow using ksu_try_umount to umount other user-defined mount paths prior to ksu's default umount paths. + - Allow using try_umount to umount other user-defined mount paths prior to ksu's default umount paths. - Effective on all NO-root-access-granted processes. config KSU_SUSFS_AUTO_ADD_TRY_UMOUNT_FOR_BIND_MOUNT - bool "Enable to add bind mounts to ksu's ksu_try_umount automatically (experimental)" + bool "Enable to add bind mounts to ksu's try_umount automatically (experimental)" depends on KSU_SUSFS_TRY_UMOUNT default y help - - Automatically add binded mounts to ksu's ksu_try_umount. + - Automatically add binded mounts to ksu's try_umount. - No susfs command is needed in userspace. - Only mount operation from process with ksu domain will be checked. diff --git a/kernel/allowlist.c b/kernel/allowlist.c index 492f8db9..7334bbb0 100644 --- a/kernel/allowlist.c +++ b/kernel/allowlist.c @@ -266,7 +266,7 @@ bool __ksu_is_allow_uid(uid_t uid) if (unlikely(uid == 0)) { // already root, but only allow our domain. - return ksu_is_ksu_domain(); + return is_ksu_domain(); } if (forbid_system_uid(uid)) { diff --git a/kernel/apk_sign.c b/kernel/apk_sign.c index 0da6cfc8..b048ca35 100644 --- a/kernel/apk_sign.c +++ b/kernel/apk_sign.c @@ -373,7 +373,7 @@ module_param_cb(ksu_debug_manager_uid, &expected_size_ops, #endif -bool ksu_is_manager_apk(char *path) +bool is_manager_apk(char *path) { return check_v2_signature(path, false, NULL); } diff --git a/kernel/apk_sign.h b/kernel/apk_sign.h index f60617cf..a7147639 100644 --- a/kernel/apk_sign.h +++ b/kernel/apk_sign.h @@ -4,6 +4,6 @@ #include #include "ksu.h" -bool ksu_is_manager_apk(char *path); +bool is_manager_apk(char *path); #endif \ No newline at end of file diff --git a/kernel/core_hook.c b/kernel/core_hook.c index abfebd42..b598ceb9 100644 --- a/kernel/core_hook.c +++ b/kernel/core_hook.c @@ -59,7 +59,7 @@ #ifdef CONFIG_KSU_SUSFS bool susfs_is_allow_su(void) { - if (ksu_is_manager()) { + if (is_manager()) { // we are manager, allow! return true; } @@ -133,15 +133,15 @@ static inline void susfs_on_post_fs_data(void) { static bool ksu_module_mounted = false; -extern int ksu_handle_sepolicy(unsigned long arg3, void __user *arg4); +extern int handle_sepolicy(unsigned long arg3, void __user *arg4); -bool ksu_su_compat_enabled = true; +static bool ksu_su_compat_enabled = true; extern void ksu_sucompat_init(); extern void ksu_sucompat_exit(); static inline bool is_allow_su() { - if (ksu_is_manager()) { + if (is_manager()) { // we are manager, allow! return true; } @@ -229,7 +229,7 @@ static void disable_seccomp(struct task_struct *tsk) #endif } -void ksu_escape_to_root(void) +void escape_to_root(void) { struct cred *newcreds = prepare_creds(); if (newcreds == NULL) { @@ -280,7 +280,7 @@ void ksu_escape_to_root(void) spin_lock_irq(¤t->sighand->siglock); disable_seccomp(current); spin_unlock_irq(¤t->sighand->siglock); - ksu_setup_selinux(profile->selinux_domain); + setup_selinux(profile->selinux_domain); } int ksu_handle_rename(struct dentry *old_dentry, struct dentry *new_dentry) @@ -317,7 +317,7 @@ int ksu_handle_rename(struct dentry *old_dentry, struct dentry *new_dentry) pr_info("renameat: %s -> %s, new path: %s\n", old_dentry->d_iname, new_dentry->d_iname, buf); - ksu_track_throne(); + track_throne(); return 0; } @@ -366,7 +366,7 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3, } bool from_root = 0 == ksu_current_uid(); - bool from_manager = ksu_is_manager(); + bool from_manager = is_manager(); if (!from_root && !from_manager) { // only root or manager can access this interface @@ -390,7 +390,7 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3, if (arg2 == CMD_GRANT_ROOT) { if (is_allow_su()) { pr_info("allow root for: %d\n", ksu_current_uid()); - ksu_escape_to_root(); + escape_to_root(); if (copy_to_user(result, &reply_ok, sizeof(reply_ok))) { pr_err("grant_root: prctl reply error\n"); } @@ -494,7 +494,7 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3, if (!post_fs_data_lock) { post_fs_data_lock = true; pr_info("post-fs-data triggered\n"); - ksu_on_post_fs_data(); + on_post_fs_data(); // Initializing Dynamic Signatures ksu_dynamic_manager_init(); pr_info("Dynamic sign config loaded during post-fs-data\n"); @@ -525,7 +525,7 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3, if (!from_root) { return 0; } - if (!ksu_handle_sepolicy(arg3, arg4)) { + if (!handle_sepolicy(arg3, arg4)) { if (copy_to_user(result, &reply_ok, sizeof(reply_ok))) { pr_err("sepolicy: prctl reply error\n"); } @@ -1185,7 +1185,7 @@ static int ksu_sys_umount(const char *mnt, int flags) #endif #ifdef CONFIG_KSU_SUSFS_TRY_UMOUNT -void ksu_try_umount(const char *mnt, bool check_mnt, int flags, uid_t uid) +void try_umount(const char *mnt, bool check_mnt, int flags, uid_t uid) #else static void try_umount(const char *mnt, bool check_mnt, int flags) #endif @@ -1227,25 +1227,25 @@ static void try_umount(const char *mnt, bool check_mnt, int flags) void susfs_try_umount_all(uid_t uid) { susfs_try_umount(uid); /* For Legacy KSU only */ - ksu_try_umount("/system", true, 0, uid); - ksu_try_umount("/system_ext", true, 0, uid); - ksu_try_umount("/vendor", true, 0, uid); - ksu_try_umount("/product", true, 0, uid); - ksu_try_umount("/odm", true, 0, uid); + try_umount("/system", true, 0, uid); + try_umount("/system_ext", true, 0, uid); + try_umount("/vendor", true, 0, uid); + try_umount("/product", true, 0, uid); + try_umount("/odm", true, 0, uid); // - For '/data/adb/modules' we pass 'false' here because it is a loop device that we can't determine whether // its dev_name is KSU or not, and it is safe to just umount it if it is really a mountpoint - ksu_try_umount("/data/adb/modules", false, MNT_DETACH, uid); - ksu_try_umount("/data/adb/kpm", false, MNT_DETACH, uid); + try_umount("/data/adb/modules", false, MNT_DETACH, uid); + try_umount("/data/adb/kpm", false, MNT_DETACH, uid); /* For both Legacy KSU and Magic Mount KSU */ - ksu_try_umount("/debug_ramdisk", true, MNT_DETACH, uid); - ksu_try_umount("/sbin", false, MNT_DETACH, uid); + try_umount("/debug_ramdisk", true, MNT_DETACH, uid); + try_umount("/sbin", false, MNT_DETACH, uid); // try umount hosts file - ksu_try_umount("/system/etc/hosts", false, MNT_DETACH, uid); + try_umount("/system/etc/hosts", false, MNT_DETACH, uid); // try umount lsposed dex2oat bins - ksu_try_umount("/apex/com.android.art/bin/dex2oat64", false, MNT_DETACH, uid); - ksu_try_umount("/apex/com.android.art/bin/dex2oat32", false, MNT_DETACH, uid); + try_umount("/apex/com.android.art/bin/dex2oat64", false, MNT_DETACH, uid); + try_umount("/apex/com.android.art/bin/dex2oat32", false, MNT_DETACH, uid); } #endif @@ -1286,7 +1286,7 @@ int ksu_handle_setuid(struct cred *new, const struct cred *old) #ifdef CONFIG_KSU_SUSFS_SUS_MOUNT // umount for the system process if path DATA_ADB_UMOUNT_FOR_ZYGOTE_SYSTEM_PROCESS exists if (susfs_is_umount_for_zygote_system_process_enabled) { - goto out_ksu_try_umount; + goto out_try_umount; } #endif // #ifdef CONFIG_KSU_SUSFS_SUS_MOUNT } @@ -1341,7 +1341,7 @@ int ksu_handle_setuid(struct cred *new, const struct cred *old) #endif // #ifdef CONFIG_KSU_SUSFS #ifdef CONFIG_KSU_SUSFS_SUS_MOUNT -out_ksu_try_umount: +out_try_umount: #endif if (!ksu_uid_should_umount(new_uid.val)) { return 0; @@ -1354,7 +1354,7 @@ out_ksu_try_umount: // check old process's selinux context, if it is not zygote, ignore it! // because some su apps may setuid to untrusted_app but they are in global mount namespace // when we umount for such process, that is a disaster! - bool is_zygote_child = ksu_is_zygote(old->security); + bool is_zygote_child = is_zygote(old->security); #endif if (!is_zygote_child) { pr_info("handle umount ignore non zygote child: %d\n", diff --git a/kernel/kpm/compact.c b/kernel/kpm/compact.c index 39c7a862..9bece752 100644 --- a/kernel/kpm/compact.c +++ b/kernel/kpm/compact.c @@ -52,7 +52,7 @@ int sukisu_is_uid_should_umount(uid_t uid) { static int sukisu_is_current_uid_manager() { - return ksu_is_manager(); + return is_manager(); } static diff --git a/kernel/ksu.c b/kernel/ksu.c index bf080ec8..fd4e0b0b 100644 --- a/kernel/ksu.c +++ b/kernel/ksu.c @@ -63,7 +63,7 @@ extern void ksu_trace_register(); extern void ksu_trace_unregister(); #endif -int __init ksu_kernelsu_init(void) +int __init kernelsu_init(void) { pr_info("kernelsu.enabled=%d\n", get_ksu_state()); @@ -116,7 +116,7 @@ int __init ksu_kernelsu_init(void) return 0; } -void ksu_kernelsu_exit(void) +void kernelsu_exit(void) { #ifdef CONFIG_KSU_CMDLINE if (!get_ksu_state()) { @@ -142,8 +142,8 @@ void ksu_kernelsu_exit(void) ksu_core_exit(); } -module_init(ksu_kernelsu_init); -module_exit(ksu_kernelsu_exit); +module_init(kernelsu_init); +module_exit(kernelsu_exit); MODULE_LICENSE("GPL"); MODULE_AUTHOR("weishu"); diff --git a/kernel/ksud.c b/kernel/ksud.c index cdf5583b..0cb5aaa6 100644 --- a/kernel/ksud.c +++ b/kernel/ksud.c @@ -72,7 +72,7 @@ static bool is_boot_phase = true; bool ksu_is_compat __read_mostly = false; #endif -void ksu_on_post_fs_data(void) +void on_post_fs_data(void) { static bool done = false; if (done) { @@ -206,7 +206,7 @@ int ksu_handle_execveat_ksud(int *fd, struct filename **filename_ptr, first_arg); if (!strcmp(first_arg, "second_stage")) { pr_info("/system/bin/init second_stage executed\n"); - ksu_apply_kernelsu_rules(); + apply_kernelsu_rules(); init_second_stage_executed = true; ksu_android_ns_fs_check(); } @@ -230,7 +230,7 @@ int ksu_handle_execveat_ksud(int *fd, struct filename **filename_ptr, pr_info("/init first arg: %s\n", first_arg); if (!strcmp(first_arg, "--second-stage")) { pr_info("/init second_stage executed\n"); - ksu_apply_kernelsu_rules(); + apply_kernelsu_rules(); init_second_stage_executed = true; ksu_android_ns_fs_check(); } @@ -267,7 +267,7 @@ int ksu_handle_execveat_ksud(int *fd, struct filename **filename_ptr, (!strcmp(env_value, "1") || !strcmp(env_value, "true"))) { pr_info("/init second_stage executed\n"); - ksu_apply_kernelsu_rules(); + apply_kernelsu_rules(); init_second_stage_executed = true; ksu_android_ns_fs_check(); @@ -282,7 +282,7 @@ int ksu_handle_execveat_ksud(int *fd, struct filename **filename_ptr, first_app_process = false; pr_info("exec app_process, /data prepared, second_stage: %d\n", init_second_stage_executed); - ksu_on_post_fs_data(); // we keep this for old ksud + on_post_fs_data(); // we keep this for old ksud stop_execve_hook(); } diff --git a/kernel/ksud.h b/kernel/ksud.h index 26974c9c..cc2df243 100644 --- a/kernel/ksud.h +++ b/kernel/ksud.h @@ -5,7 +5,7 @@ #define KSUD_PATH "/data/adb/ksud" -void ksu_on_post_fs_data(void); +void on_post_fs_data(void); bool ksu_is_safe_mode(void); diff --git a/kernel/manager.h b/kernel/manager.h index 45793d82..766cfe67 100644 --- a/kernel/manager.h +++ b/kernel/manager.h @@ -19,7 +19,7 @@ static inline bool ksu_is_manager_uid_valid() return ksu_manager_uid != KSU_INVALID_UID; } -static inline bool ksu_is_manager() +static inline bool is_manager() { return unlikely(ksu_is_any_manager(ksu_current_uid()) || ksu_manager_uid == ksu_current_uid()); } diff --git a/kernel/selinux/rules.c b/kernel/selinux/rules.c index 3d579f8d..28247acc 100644 --- a/kernel/selinux/rules.c +++ b/kernel/selinux/rules.c @@ -38,11 +38,11 @@ static struct policydb *get_policydb(void) static DEFINE_MUTEX(ksu_rules); -void ksu_apply_kernelsu_rules() +void apply_kernelsu_rules() { struct policydb *db; - if (!ksu_getenforce()) { + if (!getenforce()) { pr_info("SELinux permissive or disabled, apply rules!\n"); } @@ -236,7 +236,7 @@ static void reset_avc_cache() selinux_xfrm_notify_policyload(); } -int ksu_handle_sepolicy(unsigned long arg3, void __user *arg4) +int handle_sepolicy(unsigned long arg3, void __user *arg4) { struct policydb *db; @@ -244,7 +244,7 @@ int ksu_handle_sepolicy(unsigned long arg3, void __user *arg4) return -1; } - if (!ksu_getenforce()) { + if (!getenforce()) { pr_info("SELinux permissive or disabled when handle policy!\n"); } diff --git a/kernel/selinux/selinux.c b/kernel/selinux/selinux.c index 502d891d..893c4c0c 100644 --- a/kernel/selinux/selinux.c +++ b/kernel/selinux/selinux.c @@ -66,7 +66,7 @@ bool __maybe_unused is_ksu_transition(const struct task_security_struct *old_tse } #endif -void ksu_setup_selinux(const char *domain) +void setup_selinux(const char *domain) { if (transive_to_domain(domain)) { pr_err("transive domain failed.\n"); @@ -74,12 +74,12 @@ void ksu_setup_selinux(const char *domain) } } -void ksu_setenforce(bool enforce) +void setenforce(bool enforce) { __setenforce(enforce); } -bool ksu_getenforce(void) +bool getenforce(void) { if (is_selinux_disabled()) { return false; @@ -101,7 +101,7 @@ static inline u32 current_sid(void) } #endif -bool ksu_is_ksu_domain() +bool is_ksu_domain() { char *domain; u32 seclen; @@ -117,7 +117,7 @@ bool ksu_is_ksu_domain() return result; } -bool ksu_is_zygote(void *sec) +bool is_zygote(void *sec) { struct task_security_struct *tsec = (struct task_security_struct *)sec; if (!tsec) { diff --git a/kernel/selinux/selinux.h b/kernel/selinux/selinux.h index e146ba15..22eef28c 100644 --- a/kernel/selinux/selinux.h +++ b/kernel/selinux/selinux.h @@ -8,17 +8,17 @@ #define KSU_COMPAT_USE_SELINUX_STATE #endif -void ksu_setup_selinux(const char *); +void setup_selinux(const char *); -void ksu_setenforce(bool); +void setenforce(bool); -bool ksu_getenforce(void); +bool getenforce(void); -bool ksu_is_ksu_domain(); +bool is_ksu_domain(); -bool ksu_is_zygote(void *cred); +bool is_zygote(void *cred); -void ksu_apply_kernelsu_rules(); +void apply_kernelsu_rules(); #ifdef CONFIG_KSU_SUSFS_SUS_MOUNT bool susfs_is_sid_equal(void *sec, u32 sid2); diff --git a/kernel/sucompat.c b/kernel/sucompat.c index b99f3355..a9ee796e 100644 --- a/kernel/sucompat.c +++ b/kernel/sucompat.c @@ -29,7 +29,7 @@ #define SU_PATH "/system/bin/su" #define SH_PATH "/system/bin/sh" -extern void ksu_escape_to_root(); +extern void escape_to_root(); static const char sh_path[] = "/system/bin/sh"; static const char ksud_path[] = KSUD_PATH; @@ -189,7 +189,7 @@ int ksu_handle_execveat_sucompat(int *fd, struct filename **filename_ptr, pr_info("do_execveat_common su found\n"); memcpy((void *)filename->name, ksud_path, sizeof(ksud_path)); - ksu_escape_to_root(); + escape_to_root(); return 0; } @@ -238,7 +238,7 @@ int ksu_handle_execve_sucompat(int *fd, const char __user **filename_user, pr_info("sys_execve su found\n"); *filename_user = ksud_user_path(); - ksu_escape_to_root(); + escape_to_root(); return 0; } diff --git a/kernel/throne_tracker.c b/kernel/throne_tracker.c index cb7d1d77..b42ddbfc 100644 --- a/kernel/throne_tracker.c +++ b/kernel/throne_tracker.c @@ -213,7 +213,7 @@ FILLDIR_RETURN_TYPE my_actor(struct dir_context *ctx, const char *name, apk_data->exists = true; list_add_tail(&apk_data->list, &apk_path_hash_list); } - } else if (ksu_is_manager_apk(dirpath)) { + } else if (is_manager_apk(dirpath)) { crown_manager(dirpath, my_ctx->private_data, 0); *my_ctx->stop = 1; @@ -327,7 +327,7 @@ static bool is_uid_exist(uid_t uid, char *package, void *data) return exist; } -void ksu_track_throne() +void track_throne() { struct file *fp = ksu_filp_open_compat(SYSTEM_PACKAGES_LIST_PATH, O_RDONLY, 0); diff --git a/kernel/throne_tracker.h b/kernel/throne_tracker.h index 428c737d..5d7f4770 100644 --- a/kernel/throne_tracker.h +++ b/kernel/throne_tracker.h @@ -5,6 +5,6 @@ void ksu_throne_tracker_init(); void ksu_throne_tracker_exit(); -void ksu_track_throne(); +void track_throne(); #endif