kernel: nuke creds wrapper

* Little bit complicated, so let's remove it. Signed-off-by: rsuntk <rsuntk@yukiprjkt.my.id>
2025-08-26 23:14:36 +07:00
parent 165558d588
commit f3f2089a13
5 changed files with 25 additions and 69 deletions
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -19,7 +19,6 @@ kernelsu-objs += selinux/rules.o

 ccflags-y += -I$(srctree)/security/selinux -I$(srctree)/security/selinux/include
 ccflags-y += -I$(objtree)/security/selinux -include $(srctree)/include/uapi/asm-generic/errno.h
-ccflags-y += -include $(srctree)/$(src)/include/ksu_creds.h

 obj-$(CONFIG_KSU) += kernelsu.o
 obj-$(CONFIG_KSU_TRACEPOINT_HOOK) += ksu_trace_export.o
--- a/kernel/core_hook.c
+++ b/kernel/core_hook.c
@@ -49,7 +49,6 @@
 #include "selinux/selinux.h"
 #include "throne_tracker.h"
 #include "kernel_compat.h"
-#include "include/ksu_creds.h"
 #include "dynamic_manager.h"

 #ifdef CONFIG_KPM
@@ -63,7 +62,7 @@ bool susfs_is_allow_su(void)
 		// we are manager, allow!
 		return true;
 	}
-	return ksu_is_allow_uid(ksu_current_uid());
+	return ksu_is_allow_uid(current_uid().val);
 }

 extern u32 susfs_zygote_sid;
@@ -145,7 +144,7 @@ static inline bool is_allow_su()
 		// we are manager, allow!
 		return true;
 	}
-	return ksu_is_allow_uid(ksu_current_uid());
+	return ksu_is_allow_uid(current_uid().val);
 }

 static inline bool is_unsupported_uid(uid_t uid)
@@ -237,26 +236,24 @@ void escape_to_root(void)
 		return;
 	}

-	if (ksu_cred_euid(newcreds) == 0) {
+	if (newcreds->euid.val == 0) {
 		pr_warn("Already root, don't escape!\n");
 		abort_creds(newcreds);
 		return;
 	}

 	struct root_profile *profile =
-		ksu_get_root_profile(ksu_cred_uid(newcreds));
+		ksu_get_root_profile(newcreds->uid.val);

-	ksu_cred_uid(newcreds) = profile->uid;
-	ksu_cred_suid(newcreds) = profile->uid;
-	ksu_cred_euid(newcreds) = profile->uid;
-	ksu_cred_fsuid(newcreds) = profile->uid;
+	newcreds->uid.val = profile->uid;
+	newcreds->suid.val = profile->uid;
+	newcreds->euid.val = profile->uid;
+	newcreds->fsuid.val = profile->uid;

-	ksu_cred_gid(newcreds) = profile->gid;
-	ksu_cred_fsgid(newcreds) = profile->gid;
-	ksu_cred_sgid(newcreds) = profile->gid;
-	ksu_cred_egid(newcreds) = profile->gid;
-
-	// no wrapper, ignore it.
+	newcreds->gid.val = profile->gid;
+	newcreds->fsgid.val = profile->gid;
+	newcreds->sgid.val = profile->gid;
+	newcreds->egid.val = profile->gid;
 	newcreds->securebits = 0;

 	BUILD_BUG_ON(sizeof(profile->capabilities.effective) !=
@@ -280,6 +277,7 @@ void escape_to_root(void)
 	spin_lock_irq(&current->sighand->siglock);
 	disable_seccomp(current);
 	spin_unlock_irq(&current->sighand->siglock);
+
 	setup_selinux(profile->selinux_domain);
 }

@@ -290,7 +288,7 @@ int ksu_handle_rename(struct dentry *old_dentry, struct dentry *new_dentry)
 		return 0;
 	}

-	if (ksu_current_uid() != 1000) {
+	if (current_uid().val != 1000) {
 		// skip non system uid
 		return 0;
 	}
@@ -358,14 +356,14 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
 	}

 	// TODO: find it in throne tracker!
-	uid_t current_uid_val = ksu_current_uid();
+	uid_t current_uid_val = current_uid().val;
 	uid_t manager_uid = ksu_get_manager_uid();
 	if (current_uid_val != manager_uid &&
 	    current_uid_val % 100000 == manager_uid) {
 		ksu_set_manager_uid(current_uid_val);
 	}

-	bool from_root = 0 == ksu_current_uid();
+	bool from_root = 0 == current_uid().val;
 	bool from_manager = is_manager();

 	if (!from_root && !from_manager) {
@@ -389,7 +387,7 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,

 	if (arg2 == CMD_GRANT_ROOT) {
 		if (is_allow_su()) {
-			pr_info("allow root for: %d\n", ksu_current_uid());
+			pr_info("allow root for: %d\n", current_uid().val);
 			escape_to_root();
 			if (copy_to_user(result, &reply_ok, sizeof(reply_ok))) {
 				pr_err("grant_root: prctl reply error\n");
@@ -1135,7 +1133,7 @@ static bool should_umount(struct path *path)

 	if (current->nsproxy->mnt_ns == init_nsproxy.mnt_ns) {
 		pr_info("ignore global mnt namespace process: %d\n",
-			ksu_current_uid());
+			current_uid().val);
 		return false;
 	}

@@ -1347,7 +1345,7 @@ out_try_umount:
 		return 0;
 	} else {
 #ifdef CONFIG_KSU_DEBUG
-		pr_info("uid: %d should not umount!\n", ksu_current_uid());
+		pr_info("uid: %d should not umount!\n", current_uid().val);
 #endif
 	}
 #ifndef CONFIG_KSU_SUSFS
--- a/kernel/include/ksu_creds.h
+++ b/kernel/include/ksu_creds.h
@@ -1,39 +0,0 @@
-/*
- * KernelSU creds wrapper
- *
- * Provide a wrapper for a few credentials use (e.g current_uid().val),
- * so it would be easier to maintain
- * some older linux versions.
- */
-
-#ifndef __KSU_H_CREDS
-#define __KSU_H_CREDS
-
-#include <linux/cred.h>
-#include <linux/version.h>
-
-#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3, 5, 0) &&	\
-	defined(CONFIG_UIDGID_STRICT_TYPE_CHECKS)) ||	\
-	LINUX_VERSION_CODE >= KERNEL_VERSION(3, 14, 0)
-#define ksu_cred_uid(x)		((x)->uid.val)
-#define ksu_cred_suid(x)	((x)->suid.val)
-#define ksu_cred_euid(x)	((x)->euid.val)
-#define ksu_cred_fsuid(x)	((x)->fsuid.val)
-#define ksu_cred_gid(x)		((x)->gid.val)
-#define ksu_cred_fsgid(x)	((x)->fsgid.val)
-#define ksu_cred_sgid(x)	((x)->sgid.val)
-#define ksu_cred_egid(x)	((x)->egid.val)
-#define ksu_current_uid()	(current_uid().val)
-#else
-#define ksu_cred_uid(x)		((x)->uid)
-#define ksu_cred_suid(x)	((x)->suid)
-#define ksu_cred_euid(x)	((x)->euid)
-#define ksu_cred_fsuid(x)	((x)->fsuid)
-#define ksu_cred_gid(x)		((x)->gid)
-#define ksu_cred_fsgid(x)	((x)->fsgid)
-#define ksu_cred_sgid(x)	((x)->sgid)
-#define ksu_cred_egid(x)	((x)->egid)
-#define ksu_current_uid()	(current_uid())
-#endif
-
-#endif
--- a/kernel/manager.h
+++ b/kernel/manager.h
@@ -3,7 +3,6 @@

 #include <linux/cred.h>
 #include <linux/types.h>
-#include "include/ksu_creds.h"

 #define KSU_INVALID_UID -1

@@ -21,7 +20,7 @@ static inline bool ksu_is_manager_uid_valid()

 static inline bool is_manager()
 {
-	return unlikely(ksu_is_any_manager(ksu_current_uid()) || ksu_manager_uid == ksu_current_uid());
+	return unlikely(ksu_is_any_manager(current_uid().val) || ksu_manager_uid == current_uid().val);
 }

 static inline uid_t ksu_get_manager_uid()
--- a/kernel/sucompat.c
+++ b/kernel/sucompat.c
@@ -24,7 +24,6 @@
 #include "klog.h" // IWYU pragma: keep
 #include "ksud.h"
 #include "kernel_compat.h"
-#include "include/ksu_creds.h"

 #define SU_PATH "/system/bin/su"
 #define SH_PATH "/system/bin/sh"
@@ -67,7 +66,7 @@ int ksu_handle_faccessat(int *dfd, const char __user **filename_user, int *mode,
 #endif

 #ifndef CONFIG_KSU_SUSFS_SUS_SU
-	if (!ksu_is_allow_uid(ksu_current_uid())) {
+	if (!ksu_is_allow_uid(current_uid().val)) {
 		return 0;
 	}
 #endif
@@ -117,7 +116,7 @@ int ksu_handle_stat(int *dfd, const char __user **filename_user, int *flags)
 #endif

 #ifndef CONFIG_KSU_SUSFS_SUS_SU
-	if (!ksu_is_allow_uid(ksu_current_uid())) {
+	if (!ksu_is_allow_uid(current_uid().val)) {
 		return 0;
 	}
 #endif
@@ -182,7 +181,7 @@ int ksu_handle_execveat_sucompat(int *fd, struct filename **filename_ptr,
 		return 0;

 #ifndef CONFIG_KSU_SUSFS_SUS_SU
-	if (!ksu_is_allow_uid(ksu_current_uid()))
+	if (!ksu_is_allow_uid(current_uid().val))
 		return 0;
 #endif

@@ -232,7 +231,7 @@ int ksu_handle_execve_sucompat(int *fd, const char __user **filename_user,
 	if (likely(memcmp(path, su, sizeof(su))))
 		return 0;

-	if (!ksu_is_allow_uid(ksu_current_uid()))
+	if (!ksu_is_allow_uid(current_uid().val))
 		return 0;

 	pr_info("sys_execve su found\n");
@@ -249,7 +248,7 @@ static int ksu_inline_handle_devpts(struct inode *inode)
 		return 0;
 	}

-	uid_t uid = ksu_current_uid();
+	uid_t uid = current_uid().val;
 	if (uid % 100000 < 10000) {
 		// not untrusted_app, ignore it
 		return 0;