android/SukiSU-Ultra
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

kernel: Refactor selinux/selinux.c (#2881)

Browse Source 
Signed-off-by: shadichy <shadichy@blisslabs.org>
Co-authored-by: Wang Han <416810799@qq.com>
This commit is contained in:
Shadichy
2025-11-07 21:18:05 +07:00
committed by ShirkNeko
parent c24ed3b5c4
commit f39d4f0f38
2 changed files with 19 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
kernel/Makefile
View File

@@ -118,14 +118,6 @@ else
$(info -- KPM is disabled)
endif
# SELinux drivers check
ifeq ($(shell grep -q "current_sid(void)" $(srctree)/security/selinux/include/objsec.h; echo $$?),0)
ccflags-y += -DKSU_COMPAT_HAS_CURRENT_SID
endif
ifeq ($(shell grep -q "struct selinux_state " $(srctree)/security/selinux/include/security.h; echo $$?),0)
ccflags-y += -DKSU_COMPAT_HAS_SELINUX_STATE
endif
# Handle optional backports
ifeq ($(shell grep -q "strncpy_from_user_nofault" $(srctree)/include/linux/uaccess.h; echo $$?),0)
ccflags-y += -DKSU_OPTIONAL_STRNCPY

64
kernel/selinux/selinux.c
View File

@@ -90,27 +90,28 @@ bool getenforce(void)
return __is_selinux_enforcing();
}
#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 10, 0)) && \
!defined(KSU_COMPAT_HAS_CURRENT_SID)
/*
* get the subjective security ID of the current task
*/
static inline u32 current_sid(void)
{
const struct task_security_struct *tsec = current_security();
#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 14, 0)
struct lsm_context {
char *context;
u32 len;
};
return tsec->sid;
static int __security_secid_to_secctx(u32 secid, struct lsm_context *cp)
{
return security_secid_to_secctx(secid, &cp->context, &cp->len);
}
static void __security_release_secctx(struct lsm_context *cp)
{
return security_release_secctx(cp->context, cp->len);
}
#else
#define __security_secid_to_secctx security_secid_to_secctx
#define __security_release_secctx security_release_secctx
#endif
bool is_task_ksu_domain(const struct cred* cred)
{
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 14, 0)
struct lsm_context ctx;
#else
char *domain;
u32 seclen;
#endif
bool result;
if (!cred) {
return false;
@@ -119,23 +120,12 @@ bool is_task_ksu_domain(const struct cred* cred)
if (!tsec) {
return false;
}
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 14, 0)
int err = security_secid_to_secctx(tsec->sid, &ctx);
#else
int err = security_secid_to_secctx(tsec->sid, &domain, &seclen);
#endif
int err = __security_secid_to_secctx(tsec->sid, &ctx);
if (err) {
return false;
}
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 14, 0)
result = strncmp(KERNEL_SU_DOMAIN, ctx.context, ctx.len) == 0;
security_release_secctx(&ctx);
#else
result = strncmp(KERNEL_SU_DOMAIN, domain, seclen) == 0;
security_release_secctx(domain, seclen);
#endif
__security_release_secctx(&ctx);
return result;
}
@@ -154,30 +144,14 @@ bool is_zygote(const struct cred* cred)
if (!tsec) {
return false;
}
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 14, 0)
struct lsm_context ctx;
#else
char *domain;
u32 seclen;
#endif
bool result;
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 14, 0)
int err = security_secid_to_secctx(tsec->sid, &ctx);
#else
int err = security_secid_to_secctx(tsec->sid, &domain, &seclen);
#endif
int err = __security_secid_to_secctx(tsec->sid, &ctx);
if (err) {
return false;
}
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 14, 0)
result = strncmp("u:r:zygote:s0", ctx.context, ctx.len) == 0;
security_release_secctx(&ctx);
#else
result = strncmp("u:r:zygote:s0", domain, seclen) == 0;
security_release_secctx(domain, seclen);
#endif
__security_release_secctx(&ctx);
return result;
}