android/SukiSU-Ultra
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
2,887 Commits 11 Branches 15 Tags
05ed1a3714986911a0a3e5b602e6e916c51749be
Commit Graph

683 Commits

Author SHA1 Message Date
Wang Han
3e2de84a81 Guard a few logprint in prctl path with KSU_DEBUG (#1402) 2024-02-29 13:47:22 +08:00
weishu
796f8a448a kernel: fix bazel build 2024-02-26 16:54:14 +08:00
weishu
afe0e691aa kernel: Unshallow the repo in Makefile. close #1365 2024-02-26 12:23:51 +08:00
那年雪落
2820779947 kernel: Add back Makefile new line with posix compatible (#1372) 2024-02-23 16:55:22 +08:00
weishu
01b685ce58 kernel: Allow system_server to kill su process 2024-02-20 18:16:43 +08:00
weishu
07e475c5dc kernel: prevent become manager when failed. close #1328 2024-02-03 20:03:26 +08:00
weishu
e934bfb648 kernel: Add init selinux rules. 2024-01-15 20:28:53 +08:00
Ylarod
5b920f8230 kernel: fix secctx mem leak (#1283) 
Co-authored-by: weishu <twsxtd@gmail.com>
 2024-01-14 11:15:52 +08:00
weishu
e9997a07c1 kernel: avoding umount when there isn't any module. close #556 2024-01-08 12:55:08 +08:00
Ylarod
e3e4d2eed4 Try umount /sbin in kernel (#1257) 2024-01-06 08:59:30 +08:00
Ylarod
f37cc16117 Correctly handle is_ksu_domain, close #972 (#1246) 
fix #972
 2024-01-04 14:14:31 +08:00
weishu
32b3ec9844 kernel: truncate allowlist before save 2023-12-29 18:32:45 +08:00
weishu
d6cbda49aa kernel: fix out of bound reading. close #1227 2023-12-27 20:19:21 +08:00
weishu
fe7f509f9d kernel: optimize uid list reading 2023-12-27 19:33:25 +08:00
Nullptr
706cd1e73e Mount temp dir at /debug_ramdisk (#1226) 2023-12-23 21:05:26 +08:00
The_second_Tom
dcd9d65c92 kernel: adapt to kernel above 6.4 (#1196) 
Above kernel 6.4, there is no struct_avc member in selinux_state.
 2023-12-11 00:13:06 +08:00
weishu
c560d603e6 kernel: Add mitigation to avoid placing manager in lib to bypass check 2023-12-08 14:48:49 +08:00
weishu
b7f937b7f9 kernel: fix su not working in shell for 6.1 kernel 2023-11-13 15:06:25 +08:00
4qwerty7
1b67c1b153 kernel: fix null pointer dereference for some case (#1075) 
#973 __never_use_envp 被改名为 envp 并使用。

这导致 GKI 版本一旦代码运行到
[213](344c08bb79/kernel/ksud.c (L213))
行(或许只有 WSA 等类似情况会跑到这?),就会触发一个空指针解引用。

此PR意在修复此问题,且已在WSA上测试。
 2023-10-24 07:00:52 +08:00
weishu
bf823a29e8 kernel: fix incorrect strcmp 2023-10-23 22:22:47 +08:00
weishu
d24813b2c3 Merge pull request from GHSA-86cp-3prf-pwqq 
* kernel: deny v2 signature blocks with incorrect number

* kernel: reject v1 signature

* kernel: enforce manager package name at compile time

* kernel: don't specific package name in source code, use it in ci
 2023-10-23 12:59:30 +08:00
kevios12
7a1767b4c9 kernel: fix Modules install stuck on kernel 4.4 (#1059) 2023-10-22 23:40:53 +08:00
weishu
344c08bb79 kernel: make compiler happy 2023-10-21 22:43:58 +08:00
weishu
75b5fdfb9d kernel: make su without any capabilities possible 2023-10-21 20:32:28 +08:00
weishu
ce892bc439 kernel: don't umount for non zygote child process. fixes #1054,#1049,#1045 2023-10-19 17:29:10 +08:00
weishu
3408f944e6 kernel: use strncpy and strncmp 2023-10-12 15:52:10 +08:00
weishu
b1830049f1 kernel: prune allowlist with package name and uid 2023-10-12 15:44:43 +08:00
weishu
79951f06ed kernel: ignore path that's not mountpoint 2023-10-12 14:24:41 +08:00
weishu
8828939994 kernel: reject v3 and v3.1 signature scheme for manager verification 2023-10-11 17:06:14 +08:00
weishu
a22959beae kernel: harden the signature check (#1027) 2023-10-11 02:53:11 -05:00
weishu
340595276f kernel: Add selinux rules for module umount 2023-10-09 18:09:54 +08:00
weishu
7747c0e211 kernel: umount modules mnt when needed. fix #991 2023-10-08 14:17:33 +08:00
longhuan1999
54ee400dc5 kernel: Adapt to low version Android init process (#973) 
1. Adapt to low version Android init process
2. Add stop hook output
3. Fix output with missing line breaks
 2023-10-02 12:00:24 +08:00
Levi Zim
cbb98a1de9 Copy one extra byte from userspace filename (#958) 
Otherwise we will rewrite paths for filenames that begins with
`/system/bin/su`.

This fix copies one extra byte from userspace filename so that when we
encounter filenames like `/system/bin/suasf`,
`/system/bin/su\0` gets compared with `/system/bin/sua`, which correctly
prevents the `su -> sh` path rewriting.

Close #957
 2023-09-16 12:23:04 +08:00
weishu
5e893e3d04 kernel: avoding select OVERLAY_FS becuase it may break GKI checks. fix 2023-08-28 01:06:44 +08:00
rhjdvsgsgks
6aeb76a3ef kernel: fix build for gcc (#873) 
current_cred() need this
 2023-08-16 17:55:23 +08:00
Aquarius223
0b1bab5b01 kernel: Fix commit 7bdb8858 in Linux 4.9.y and Linux 4.4.y builds (#841) 
* linux/uaccess.h is also required on 4.4 and 4.9

-- KernelSU version: 11184
-- KernelSU Manager signature size: 0x033b
-- KernelSU Manager signature hash: 0xb0b91415
  CC      drivers/kernelsu/kernel_compat.o
../drivers/kernelsu/kernel_compat.c:159:9: error: use of undeclared
identifier 'USER_DS'
        set_fs(USER_DS);
               ^
1 error generated.
make[4]: ***
[../scripts/Makefile.build:314:drivers/kernelsu/kernel_compat.o] 错误 1
make[3]: *** [../scripts/Makefile.build:599:drivers/kernelsu] 错误 2

Change-Id: I19598c62a3ae901049ea99ef878fa5c1a15201fd

Co-authored-by: stic-server-open <1138705738@qq.com>
 2023-08-09 22:17:56 +08:00
weishu
b52bf53d01 kernel: Fix compile err 2023-08-09 18:51:03 +08:00
weishu
7bdb885816 kernel: fix probe_kernel_read failed to read user addr 2023-08-09 18:37:30 +08:00
weishu
cde3e95180 kernel: Fix manager recognize err 2023-08-09 16:28:22 +08:00
weishu
beaa048be3 kernel: don't trigger page fault when become manager. fix #836 2023-08-09 12:33:05 +08:00
The_second_Tom
a83390b0ec Kernel: fix filp_open in kernel below 4.9 (#822) 
Use current_cred()->session_keyring to check whether session_keyring
installed or not. close #814
 2023-08-01 20:51:32 +08:00
weishu
907bcad1a7 kernel: use ordered work queue to avoid timing issues 2023-08-01 20:47:43 +08:00
セリカ・シルフィル
be413fd147 CI: Support set manager signature size and hash (#757) 
close #739, close #745, close #752
 2023-07-18 12:38:44 +08:00
dabao1955
cd952f5e45 kernel/ksu.c:Fix word mistakes when enabling CONFIG_KSU_DEBUG (#724) 
According to the instructions in Kconfig, when the `CONFIG_KSU_DEBUG`
option is turned on, KernelSU will run in `debug mode` instead of the
`debug version` mentioned in kernel/ksu.c.
 2023-07-08 01:22:06 +08:00
4qwerty7
f4d2b0feab Distinguish different PT_REGS_PARM4 under x86 (#711) 
1. `PT_REGS_CCALL_PARM4` 表示存放C调用约定的第4个参数的寄存器
2. `PT_REGS_SYSCALL_PARM4` 表示存放linux syscall调用约定的第4个参数的寄存器
3. 将原有 `PT_REGS_PARM4` 改为上述之一
4. 将原有 `ksu_handle_execveat_ksud` 和 `ksu_handle_execveat_sucompat` 可能被
kprobe 传递错误实参、且不使用的形参标记为 never_used 并传递 `NULL`
5. 为 `ksu_handle_execveat_ksud` 提供正确的 argv 参数用以在 x86 下也能正确识别 `init
second_stage`

---------

Co-authored-by: weishu <twsxtd@gmail.com>
 2023-07-06 09:01:35 +08:00
weishu
ee5d2f8c84 kernel: fix compile err in old kernel 2023-07-02 19:06:31 +08:00
weishu
dfc2a86e70 kernel: fix compile err and format code. close #706 2023-07-02 14:51:14 +08:00
4qwerty7
c0066b68f5 kernel: support the case that init_task.mnt_ns != zygote.mnt_ns(WSA) (#698) 
Basic support for the case that init_task.mnt_ns != zygote.mnt_ns(WSA),
just copy nsproxy and fs pointers for solve #276.

Note the copy in `apk_sign.c` is not required but suggested for
secure(ensure the checked mnt_ns is what ns android running, not created
by user, although many distributions does not have user ns.).

Tested with latest release on Win10 19045.3086(with WSAPatch).

Further review required for:
- [x] Security of this operation (without locking).
- [x] The impact of these modifications on other Android distributions.
 2023-07-02 00:20:01 +08:00
weishu
e3e77fde78 kernel: authorize the newly type for all roles. refer: http://aospxref.com/kernel-android12-5.10-lts/xref/security/selinux/ss/policydb.c#950 2023-07-01 20:54:13 +08:00