kernel: allow GKI kprobes to use LSM hook for ksu_handle_devpts

* Also minor changes on comments

Signed-off-by: rsuntk <rsuntk@yukiprjkt.my.id>

kernel/Makefile

@@ -66,10 +66,13 @@ endif
 KSU_HAS_DEVPTS_INODE := $(shell grep -q "ksu_handle_devpts" $(srctree)/fs/devpts/inode.c; echo $$?)
 KSU_HAS_PTS_UNIX98 := $(shell grep -q "ksu_handle_devpts" $(srctree)/drivers/tty/pty.c; echo $$?)
 
-# It's impossible to have them both! neither KSU_HAS_DEVPTS_INODE/PTS_UNIX98 will detect 1 value!
-# If both of them weren't exist, KSU_HAS_DEVPTS_HANDLER value gonna be 2.
+# Codes:
+# - 0: Both of them exist (impossible)
+# - 1: Neither fs/devpts/inode.c or drivers/tty/pty.c have ksu_handle_devpts
+# - 2: Both of them did not exist
 $(eval KSU_DEVPTS_HANDLER_EXIST=$(shell expr $(KSU_HAS_DEVPTS_INODE) + $(KSU_HAS_PTS_UNIX98)))
 ifeq ($(KSU_DEVPTS_HANDLER_EXIST),1)
+$(info -- KernelSU: Kernel have devpts handler)
 ccflags-y += -DKSU_HAS_DEVPTS_HANDLER
 endif
 

kernel/core_hook.c

@@ -726,13 +726,8 @@ static int ksu_task_fix_setuid(struct cred *new, const struct cred *old,
 	return ksu_handle_setuid(new, old);
 }
 
-/* 
- * Keep in mind, since kprobes already have pre handler, we must
- * guard it with CONFIG_KSU_KPROBES_HOOK, although it is possible to
- * disable kprobes pre handler, but this is way more simple.
- * However, if you wanna use LSM hooks, feel free to fork.
- */
-#if !defined(KSU_HAS_DEVPTS_HANDLER) && !defined(CONFIG_KSU_KPROBES_HOOK)
+#ifndef MODULE
+#ifndef KSU_HAS_DEVPTS_HANDLER
 extern int ksu_handle_devpts(struct inode *inode);
 static int ksu_inode_permission(struct inode *inode, int mask)
 {
@@ -746,12 +741,11 @@ static int ksu_inode_permission(struct inode *inode, int mask)
 }
 #endif
 
-#ifndef MODULE
 static struct security_hook_list ksu_hooks[] = {
 	LSM_HOOK_INIT(task_prctl, ksu_task_prctl),
 	LSM_HOOK_INIT(inode_rename, ksu_inode_rename),
 	LSM_HOOK_INIT(task_fix_setuid, ksu_task_fix_setuid),
-#if !defined(KSU_HAS_DEVPTS_HANDLER) && !defined(CONFIG_KSU_KPROBES_HOOK)
+#ifndef KSU_HAS_DEVPTS_HANDLER
 	LSM_HOOK_INIT(inode_permission, ksu_inode_permission),
 #endif
 #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0) ||	\

kernel/sucompat.c

@@ -263,6 +263,8 @@ static int execve_handler_pre(struct kprobe *p, struct pt_regs *regs)
 					  NULL);
 }
 
+#ifdef MODULE
+static struct kprobe *su_kps[6];
 static int pts_unix98_lookup_pre(struct kprobe *p, struct pt_regs *regs)
 {
 	struct inode *inode;
@@ -275,6 +277,9 @@ static int pts_unix98_lookup_pre(struct kprobe *p, struct pt_regs *regs)
 
 	return ksu_handle_devpts(inode);
 }
+#else
+static struct kprobe *su_kps[5];
+#endif
 
 static struct kprobe *init_kprobe(const char *name,
 				  kprobe_pre_handler_t handler)
@@ -305,8 +310,6 @@ static void destroy_kprobe(struct kprobe **kp_ptr)
 	kfree(kp);
 	*kp_ptr = NULL;
 }
-
-static struct kprobe *su_kps[6];
 #endif
 
 // sucompat: permited process can execute 'su' to gain root access.
@@ -318,7 +321,9 @@ void ksu_sucompat_init()
 	su_kps[2] = init_kprobe(SYS_FACCESSAT_SYMBOL, faccessat_handler_pre);
 	su_kps[3] = init_kprobe(SYS_NEWFSTATAT_SYMBOL, newfstatat_handler_pre);
 	su_kps[4] = init_kprobe(SYS_FSTATAT64_SYMBOL, newfstatat_handler_pre);
+#ifdef MODULE
 	su_kps[5] = init_kprobe("pts_unix98_lookup", pts_unix98_lookup_pre);
+#endif
 #else
 	ksu_sucompat_hook_state = true;
 	pr_info("ksu_sucompat init\n");