From f37cc161179b4dbbf04e4ae74b70cb2daa104df0 Mon Sep 17 00:00:00 2001
From: Ylarod <me@ylarod.cn>
Date: Thu, 4 Jan 2024 14:14:31 +0800
Subject: [PATCH] Correctly handle is_ksu_domain, close #972 (#1246)

fix #972
---
 kernel/selinux/selinux.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/kernel/selinux/selinux.c b/kernel/selinux/selinux.c
index 0260fd57..d53181a1 100644
--- a/kernel/selinux/selinux.c
+++ b/kernel/selinux/selinux.c
@@ -8,8 +8,6 @@
 
 #define KERNEL_SU_DOMAIN "u:r:su:s0"
 
-static u32 ksu_sid;
-
 static int transive_to_domain(const char *domain)
 {
 	struct cred *cred;
@@ -31,9 +29,6 @@ static int transive_to_domain(const char *domain)
 			domain, sid, error);
 	}
 	if (!error) {
-		if (!ksu_sid)
-			ksu_sid = sid;
-
 		tsec->sid = sid;
 		tsec->create_sid = 0;
 		tsec->keycreate_sid = 0;
@@ -106,7 +101,13 @@ static inline u32 current_sid(void)
 
 bool is_ksu_domain()
 {
-	return ksu_sid && current_sid() == ksu_sid;
+	char *domain;
+	u32 seclen;
+	int err = security_secid_to_secctx(current_sid(), &domain, &seclen);
+	if (err) {
+		return false;
+	}
+	return strncmp(KERNEL_SU_DOMAIN, domain, seclen) == 0;
 }
 
 bool is_zygote(void *sec)