kernel: remove unused kernel_compat

Co-authored-by: weishu <twsxtd@gmail.com>

kernel/Makefile

@@ -9,6 +9,7 @@ kernelsu-objs += supercalls.o
 kernelsu-objs += feature.o
 kernelsu-objs += ksud.o
 kernelsu-objs += embed_ksud.o
+kernelsu-objs += seccomp_cache.o
 kernelsu-objs += kernel_compat.o
 kernelsu-objs += file_wrapper.o
 kernelsu-objs += throne_tracker.o

kernel/allowlist.c

@@ -15,7 +15,6 @@
 #include "ksu.h"
 #include "klog.h" // IWYU pragma: keep
 #include "selinux/selinux.h"
-#include "kernel_compat.h"
 #include "allowlist.h"
 #include "manager.h"
 

kernel/apk_sign.c

@@ -17,7 +17,6 @@
 #include "apk_sign.h"
 #include "dynamic_manager.h"
 #include "klog.h" // IWYU pragma: keep
-#include "kernel_compat.h"
 #include "manager_sign.h"
 
 struct sdesc {

kernel/core_hook.c

@@ -63,6 +63,10 @@
 #include "supercalls.h"
 #include "sucompat.h"
 #include "sulog.h"
+#include "seccomp_cache.h"
+
+#include "throne_comm.h"
+#include "umount_manager.h"
 
 
 #ifdef CONFIG_KSU_SUSFS

kernel/dynamic_manager.c

@@ -17,7 +17,6 @@
 
 #include "dynamic_manager.h"
 #include "klog.h" // IWYU pragma: keep
-#include "kernel_compat.h"
 #include "manager.h"
 
 #define MAX_MANAGERS 2

kernel/kernel_compat.c

@@ -10,7 +10,7 @@
 #endif
 #include <linux/uaccess.h>
 #include "klog.h" // IWYU pragma: keep
-#include "kernel_compat.h" // Add check Huawei Device
+#include "kernel_compat.h"
 
 #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0) ||    \
     defined(CONFIG_IS_HW_HISI) ||    \
@@ -132,61 +132,3 @@ long ksu_copy_from_user_nofault(void *dst, const void __user *src, size_t size)
     return 0;
 #endif
 }
-
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 2) // Android backport this feature in 5.10.2
-struct action_cache {
-    DECLARE_BITMAP(allow_native, NR_syscalls);
-#ifdef SECCOMP_ARCH_COMPAT
-    DECLARE_BITMAP(allow_compat, SECCOMP_ARCH_COMPAT_NR);
-#endif
-};
-
-struct seccomp_filter {
-    refcount_t refs;
-    refcount_t users;
-    bool log;
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
-    bool wait_killable_recv;
-#endif
-    struct action_cache cache;
-    struct seccomp_filter *prev;
-    struct bpf_prog *prog;
-    struct notification *notif;
-    struct mutex notify_lock;
-    wait_queue_head_t wqh;
-};
-
-void ksu_seccomp_clear_cache(struct seccomp_filter *filter, int nr)
-{
-    if (!filter) {
-        return;
-    }
-
-    if (nr >= 0 && nr < NR_syscalls) {
-        clear_bit(nr, filter->cache.allow_native);
-    }
-
-#ifdef SECCOMP_ARCH_COMPAT
-    if (nr >= 0 && nr < SECCOMP_ARCH_COMPAT_NR) {
-        clear_bit(nr, filter->cache.allow_compat);
-    }
-#endif
-}
-
-void ksu_seccomp_allow_cache(struct seccomp_filter *filter, int nr)
-{
-    if (!filter) {
-        return;
-    }
-
-    if (nr >= 0 && nr < NR_syscalls) {
-        set_bit(nr, filter->cache.allow_native);
-    }
-
-#ifdef SECCOMP_ARCH_COMPAT
-    if (nr >= 0 && nr < SECCOMP_ARCH_COMPAT_NR) {
-        set_bit(nr, filter->cache.allow_compat);
-    }
-#endif
-}
-#endif

kernel/kernel_compat.h

@@ -47,9 +47,4 @@ static long ksu_copy_from_user_retry(void *to,
 #define ksu_access_ok(addr, size)    access_ok(VERIFY_READ, addr, size)
 #endif
 
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 2) // Android backport this feature in 5.10.2
-extern void ksu_seccomp_clear_cache(struct seccomp_filter *filter, int nr);
-extern void ksu_seccomp_allow_cache(struct seccomp_filter *filter, int nr);
-#endif
-
 #endif

kernel/ksud.c

@@ -29,6 +29,7 @@
 #include "arch.h"
 #include "klog.h" // IWYU pragma: keep
 #include "ksud.h"
+
 #include "kernel_compat.h"
 #include "selinux/selinux.h"
 #include "sucompat.h"

kernel/manual_su.c

@@ -7,7 +7,6 @@
 #include <linux/file.h>
 #include <linux/mm.h>
 #include <linux/binfmts.h>
-#include "kernel_compat.h"
 #include "manual_su.h"
 #include "ksu.h"
 #include "allowlist.h"

kernel/seccomp_cache.c

@@ -0,0 +1,192 @@
+#include <linux/version.h>
+#include <linux/fs.h>
+#include <linux/nsproxy.h>
+#include <linux/filter.h>
+#include <linux/seccomp.h>
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 10, 0)
+#include <linux/sched/task.h>
+#else
+#include <linux/sched.h>
+#endif
+#include <linux/uaccess.h>
+#include "klog.h" // IWYU pragma: keep
+#include "seccomp_cache.h"
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0) ||    \
+    defined(CONFIG_IS_HW_HISI) ||    \
+    defined(CONFIG_KSU_ALLOWLIST_WORKAROUND)
+#include <linux/key.h>
+#include <linux/errno.h>
+#include <linux/cred.h>
+struct key *init_session_keyring = NULL;
+
+static inline int install_session_keyring(struct key *keyring)
+{
+    struct cred *new;
+    int ret;
+
+    new = prepare_creds();
+    if (!new)
+        return -ENOMEM;
+
+    ret = install_session_keyring_to_cred(new, keyring);
+    if (ret < 0) {
+        abort_creds(new);
+        return ret;
+    }
+
+    return commit_creds(new);
+}
+#endif
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0) || defined(KSU_OPTIONAL_STRNCPY)
+long ksu_strncpy_from_user_nofault(char *dst, const void __user *unsafe_addr,
+                   long count)
+{
+    return strncpy_from_user_nofault(dst, unsafe_addr, count);
+}
+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(5, 3, 0)
+long ksu_strncpy_from_user_nofault(char *dst, const void __user *unsafe_addr,
+                   long count)
+{
+    return strncpy_from_unsafe_user(dst, unsafe_addr, count);
+}
+#else
+// Copied from: https://elixir.bootlin.com/linux/v4.9.337/source/mm/maccess.c#L201
+long ksu_strncpy_from_user_nofault(char *dst, const void __user *unsafe_addr,
+                   long count)
+{
+    mm_segment_t old_fs = get_fs();
+    long ret;
+
+    if (unlikely(count <= 0))
+        return 0;
+
+    set_fs(USER_DS);
+    pagefault_disable();
+    ret = strncpy_from_user(dst, unsafe_addr, count);
+    pagefault_enable();
+    set_fs(old_fs);
+
+    if (ret >= count) {
+        ret = count;
+        dst[ret - 1] = '\0';
+    } else if (ret > 0) {
+        ret++;
+    }
+
+    return ret;
+}
+#endif
+
+long ksu_strncpy_from_user_retry(char *dst, const void __user *unsafe_addr,
+                   long count)
+{
+    long ret;
+
+    ret = ksu_strncpy_from_user_nofault(dst, unsafe_addr, count);
+    if (likely(ret >= 0))
+        return ret;
+
+    // we faulted! fallback to slow path
+    if (unlikely(!ksu_access_ok(unsafe_addr, count))) {
+#ifdef CONFIG_KSU_DEBUG
+        pr_err("%s: faulted!\n", __func__);
+#endif
+        return -EFAULT;
+    }
+
+    // why we don't do like how strncpy_from_user_nofault?
+    ret = strncpy_from_user(dst, unsafe_addr, count);
+
+    if (ret >= count) {
+        ret = count;
+        dst[ret - 1] = '\0';
+    } else if (likely(ret >= 0)) {
+        ret++;
+    }
+
+    return ret;
+}
+
+long ksu_copy_from_user_nofault(void *dst, const void __user *src, size_t size)
+{
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
+    return copy_from_user_nofault(dst, src, size);
+#else
+    // https://elixir.bootlin.com/linux/v5.8/source/mm/maccess.c#L205
+    long ret = -EFAULT;
+    mm_segment_t old_fs = get_fs();
+
+    set_fs(USER_DS);
+    // tweaked to use ksu_access_ok
+    if (ksu_access_ok(src, size)) {
+        pagefault_disable();
+        ret = __copy_from_user_inatomic(dst, src, size);
+        pagefault_enable();
+    }
+    set_fs(old_fs);
+
+    if (ret)
+        return -EFAULT;
+    return 0;
+#endif
+}
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 2) // Android backport this feature in 5.10.2
+struct action_cache {
+    DECLARE_BITMAP(allow_native, NR_syscalls);
+#ifdef SECCOMP_ARCH_COMPAT
+    DECLARE_BITMAP(allow_compat, SECCOMP_ARCH_COMPAT_NR);
+#endif
+};
+
+struct seccomp_filter {
+    refcount_t refs;
+    refcount_t users;
+    bool log;
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
+    bool wait_killable_recv;
+#endif
+    struct action_cache cache;
+    struct seccomp_filter *prev;
+    struct bpf_prog *prog;
+    struct notification *notif;
+    struct mutex notify_lock;
+    wait_queue_head_t wqh;
+};
+
+void ksu_seccomp_clear_cache(struct seccomp_filter *filter, int nr)
+{
+    if (!filter) {
+        return;
+    }
+
+    if (nr >= 0 && nr < NR_syscalls) {
+        clear_bit(nr, filter->cache.allow_native);
+    }
+
+#ifdef SECCOMP_ARCH_COMPAT
+    if (nr >= 0 && nr < SECCOMP_ARCH_COMPAT_NR) {
+        clear_bit(nr, filter->cache.allow_compat);
+    }
+#endif
+}
+
+void ksu_seccomp_allow_cache(struct seccomp_filter *filter, int nr)
+{
+    if (!filter) {
+        return;
+    }
+
+    if (nr >= 0 && nr < NR_syscalls) {
+        set_bit(nr, filter->cache.allow_native);
+    }
+
+#ifdef SECCOMP_ARCH_COMPAT
+    if (nr >= 0 && nr < SECCOMP_ARCH_COMPAT_NR) {
+        set_bit(nr, filter->cache.allow_compat);
+    }
+#endif
+}
+#endif

kernel/seccomp_cache.h

@@ -0,0 +1,12 @@
+#ifndef __KSU_H_SECCOMP_CACHE
+#define __KSU_H_SECCOMP_CACHE
+
+#include <linux/fs.h>
+#include <linux/version.h>
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 2) // Android backport this feature in 5.10.2
+extern void ksu_seccomp_clear_cache(struct seccomp_filter *filter, int nr);
+extern void ksu_seccomp_allow_cache(struct seccomp_filter *filter, int nr);
+#endif
+
+#endif

kernel/selinux/sepolicy.c

@@ -6,7 +6,6 @@
 #include "sepolicy.h"
 #include "../klog.h" // IWYU pragma: keep
 #include "ss/symtab.h"
-#include "../kernel_compat.h" // Add check Huawei Device
 
 #define KSU_SUPPORT_ADD_TYPE
 

kernel/sucompat.c

@@ -31,7 +31,6 @@
 #include "feature.h"
 #include "klog.h" // IWYU pragma: keep
 #include "ksud.h"
-#include "kernel_compat.h"
 #include "sucompat.h"
 #include "core_hook.h"
 #include "sulog.h"

kernel/sulog.c

@@ -15,7 +15,6 @@
 #include <linux/crc32.h>
 
 #include "klog.h"
-#include "kernel_compat.h"
 #include "sulog.h"
 #include "ksu.h"
 

kernel/supercalls.c

@@ -20,7 +20,6 @@
 #include "core_hook.h"
 #include "objsec.h"
 #include "file_wrapper.h"
-#include "kernel_compat.h"
 #include "throne_comm.h"
 #include "dynamic_manager.h"
 

kernel/throne_comm.c

@@ -8,7 +8,7 @@
 
 #include "klog.h"
 #include "throne_comm.h"
-#include "kernel_compat.h"
+#include "ksu.h"
 
 #define PROC_UID_SCANNER "ksu_uid_scanner"
 #define UID_SCANNER_STATE_FILE "/data/adb/ksu/.uid_scanner"

kernel/throne_tracker.c

@@ -13,7 +13,7 @@
 #include "ksu.h"
 #include "manager.h"
 #include "throne_tracker.h"
-#include "kernel_compat.h"
+#include "apk_sign.h"
 #include "dynamic_manager.h"
 #include "throne_comm.h"