From ff8c61473762ec0034210e68f5ace066c3e82330 Mon Sep 17 00:00:00 2001
From: weishu <twsxtd@gmail.com>
Date: Sun, 18 Jun 2023 13:00:24 +0800
Subject: [PATCH] kernel: allow uid 1000(system_uid) to grant root. close #645

---
 kernel/allowlist.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/kernel/allowlist.c b/kernel/allowlist.c
index 420d23a4..62268fde 100644
--- a/kernel/allowlist.c
+++ b/kernel/allowlist.c
@@ -139,13 +139,19 @@ exit:
 	return found;
 }
 
+static inline bool forbid_system_uid(uid_t uid) {
+	#define SHELL_UID 2000
+	#define SYSTEM_UID 1000
+	return uid < SHELL_UID && uid != SYSTEM_UID;
+}
+
 static bool profile_valid(struct app_profile *profile)
 {
 	if (!profile) {
 		return false;
 	}
 
-	if (profile->current_uid < 2000) {
+	if (forbid_system_uid(profile->current_uid)) {
 		pr_err("uid lower than 2000 is unsupported: %d\n", profile->current_uid);
 		return false;
 	}
@@ -263,7 +269,7 @@ bool __ksu_is_allow_uid(uid_t uid)
 		return is_ksu_domain();
 	}
 
-	if (uid < 2000) {
+	if (forbid_system_uid(uid)) {
 		// do not bother going through the list if it's system
 		return false;
 	}