android/SukiSU-Ultra
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
2,328 Commits 11 Branches 15 Tags
157df04c8ba2c7b081d9385b76d3ac7f868b8fd2
Commit Graph

65 Commits

Author SHA1 Message Date
rsuntk
d13233f566 [skip ci] kernel: remove and fmt 
* People who understands kernel, likely the didn't need this.

Signed-off-by: rsuntk <rsuntk@yukiprjkt.my.id>
 2025-06-19 18:22:05 +08:00
ShirkNeko
9d920e7cc5 kernel: added compatibility for non-GKI devices 
Co-authored-by: rsuntk <rsuntk@yukiprjkt.my.id>
Co-authored-by: ShirkNeko <109797057+ShirkNeko@users.noreply.github.com>
Signed-off-by: ShirkNeko <109797057+ShirkNeko@users.noreply.github.com>
 2025-05-10 13:19:30 +08:00
Wang Han
4d37b8735c Set KSU_APP_PROFILE_VER for shell (#2481) 
This reverts commit bd24044ec3.
 2025-03-01 15:59:44 +08:00
Wang Han
eeffecbd1b Allow toggling unmount setting for all apps (#2450) 
This fixes https://github.com/tiann/KernelSU/issues/2416.
 2025-02-18 11:07:52 +08:00
Wang Han
38640ee4a6 Avoid unnecessarily overriding capabilities (#2381) 
Previously all capabilities were overridden with 0xffffffffffffffff,
which is
not what normal processes have. This causes PR_CAPBSET_DROP prctl
fail because it is dropping invalid caps. Fix it.

This fixes
https://gitlab.com/kalilinux/nethunter/apps/kali-nethunter-app/-/issues/378.

Co-Authored-By: 5ec1cff <56485584+5ec1cff@users.noreply.github.com>

Co-authored-by: 5ec1cff <56485584+5ec1cff@users.noreply.github.com>
 2025-01-25 17:29:08 +08:00
LoveSy
bd24044ec3 Revert "ksud: [Fix] grant root to the shell in debug mode" (#1860) 
Reverts tiann/KernelSU#1853
 2024-07-06 19:36:37 +08:00
RobinChen
56c3954524 ksud: [Fix] grant root to the shell in debug mode (#1853) 
Failed to check app_profile version
 2024-07-06 13:37:00 +08:00
Ylarod
898e9d4f8c [1.0] Drop Non-GKI Support (#1483) 
Co-authored-by: weishu <twsxtd@gmail.com>
 2024-06-01 14:50:46 +08:00
weishu
efbc07fde3 kernel: use library import 2024-04-27 09:55:24 +08:00
5ec1cff
fd17e852d0 kernel: no need to umount and mark as root for manager uid (#1549) 
Co-authored-by: LoveSy <shana@zju.edu.cn>
 2024-03-29 09:15:18 +08:00
weishu
32b3ec9844 kernel: truncate allowlist before save 2023-12-29 18:32:45 +08:00
weishu
d6cbda49aa kernel: fix out of bound reading. close #1227 2023-12-27 20:19:21 +08:00
weishu
b1830049f1 kernel: prune allowlist with package name and uid 2023-10-12 15:44:43 +08:00
longhuan1999
54ee400dc5 kernel: Adapt to low version Android init process (#973) 
1. Adapt to low version Android init process
2. Add stop hook output
3. Fix output with missing line breaks
 2023-10-02 12:00:24 +08:00
4qwerty7
c0066b68f5 kernel: support the case that init_task.mnt_ns != zygote.mnt_ns(WSA) (#698) 
Basic support for the case that init_task.mnt_ns != zygote.mnt_ns(WSA),
just copy nsproxy and fs pointers for solve #276.

Note the copy in `apk_sign.c` is not required but suggested for
secure(ensure the checked mnt_ns is what ns android running, not created
by user, although many distributions does not have user ns.).

Tested with latest release on Win10 19045.3086(with WSAPatch).

Further review required for:
- [x] Security of this operation (without locking).
- [x] The impact of these modifications on other Android distributions.
 2023-07-02 00:20:01 +08:00
Ikko Eltociear Ashimine
9b2f907a48 kernel: fix typo in allowlist.c (#663) 
creat -> create
 2023-06-20 11:03:09 +08:00
weishu
ff8c614737 kernel: allow uid 1000(system_uid) to grant root. close #645 2023-06-18 13:00:37 +08:00
Juhyung Park
bd8434f4f4 Hook improvements (take 2) (#563) 
Hi @tiann.

Thanks for the great project, I had great fun playing around with it.

This PR mainly tries to further minimize the possible delays caused by
KernelSU hooking.

There are 3 major changes:
- Processes with 0 < UID < 2000 are blocked straight-up before going
through the allow_list.
I don't see any need for such processes to be interested in root, and
this allows returning early before going through a more expensive
lookup.
If there's an expected breakage due to this change, I'll remove it. Let
me know.
- A page-sized (4K) bitmap is added.
This allows O(1) lookup for UID <= 32767.
This speeds up `ksu_is_allow_uid()` by about 4.8x by sacrificing a 4K
memory. IMHO, a good trade-off.
Most notably, this reduces the 99.999% result previously from worrying
milliseconds scale to microseconds scale.
For UID > 32767, another page-sized (4K) sequential array is used to
cache allow_list.

Compared to the previous PR #557, this new approach gives another nice
25% performance boost in average, 63-96% boost in worst cases.

Benchmark results are available at
https://docs.google.com/spreadsheets/d/1w_tO1zRLPNMFRer49pL1TQfL6ndEhilRrDU1XFIcWXY/edit?usp=sharing

Thanks!

---------

Signed-off-by: Juhyung Park <qkrwngud825@gmail.com>
 2023-06-16 19:53:15 +08:00
weishu
3ad27c5999 kernel: use macro for default domain 2023-06-06 21:07:25 +08:00
weishu
5b27f6c010 kernel: Fix shell permission under KSU_DEBUG 2023-06-06 21:05:37 +08:00
weishu
5db7075432 kernel: bump format version to force clear allowlist, prepare to release a new version 2023-06-06 20:49:39 +08:00
weishu
53be8612c8 kernel: support setting selinux context for profile 2023-06-06 16:35:25 +08:00
weishu
c7f6a7d11b kernel: support settings supplementary groups for profile 2023-06-06 13:19:11 +08:00
weishu
076e5d3655 kernel: make the profile uid, gid, capabilities really work 2023-06-04 17:29:12 +08:00
weishu
8af5a9038b kernel: fix set app profile may override other user's 2023-06-04 13:59:22 +08:00
weishu
990626cf7d kernel: Fixing the issue of a delay in updating the default profile. 2023-06-04 09:47:31 +08:00
weishu
fc77ca989f kernel: use uid instead of package to compare allowlist, fix #580 2023-06-04 09:18:39 +08:00
diphons
2ce3976023 Fixup: build under linux 4.14 (#581) 
Split compiler_types.h from compiler.h only available for linux 4.14
 2023-06-04 09:15:03 +08:00
weishu
63ec531814 kernel: dont prune uid used for app profile 2023-06-04 01:01:39 +08:00
weishu
005404f552 kernel: support load/restore default profiles 2023-06-03 23:57:05 +08:00
weishu
b31fc47197 kernel: support CMD_IS_UID_GRANTED_ROOT and CMD_IS_UID_SHOULD_UMOUNT 2023-06-03 22:44:01 +08:00
weishu
82d5ec3cc1 kernel: fix CMD_GET_ALLOW_LIST error 2023-06-03 19:23:51 +08:00
weishu
89f6cd044e kernel: minor fixes for profiles 2023-06-03 10:18:11 +08:00
weishu
bd3a1291da kernel: don't fill default value for app profile 2023-06-03 00:06:58 +08:00
weishu
3abb7e4ca2 kernel: baby version of profile 2023-06-03 00:01:00 +08:00
weishu
8f3e59803f kernel: fix format warnning 2023-05-22 10:39:54 +08:00
tiann
5504b0dd29 Revert "kernel: don't save allowlist in worker" 
This reverts commit c569d803c5.
 2023-04-18 13:19:49 +08:00
tiann
f0dcddd391 kernel: don't show log when get allowlist 2023-04-18 13:19:49 +08:00
tiann
c569d803c5 kernel: don't save allowlist in worker 2023-04-18 09:18:06 +08:00
tiann
77056a7100 kernel: remove unused poll wait becuase we always call this in post-fs-data, no need to wait for /data mounted 2023-03-08 15:45:56 +08:00
weishu
683ba112aa kernel: add prefix to avoid symbol confliction 2023-02-20 18:51:59 +07:00
f19
0c322a33bc kernel: fix filp_open on older kernel's kworker (#205) 
On older kernel, kworker missing keyring from init process , and this
keyring is related to FBE , which causes filp_open return ENOKEY or
other errors.To fix this,just install init's keyring to per
kworkers.This works on Kernel 4.4 and 4.9.
 2023-02-05 07:14:59 +08:00
f19
4f2b8b7077 kernel: backport to 4.4 (#166) 
These changes make KernelSU work on kernel4.4
[link](https://github.com/F-19-F/android_kernel_oneplus_msm8998).
LINUX_VERSION_CODE macro changes have been vertied on 4.4 4.9 4.14.
For kernel 4.4,just pick two commits
* [introduce
KernelSU](2993524f2f)
* [allow init exec ksud under
nosuid](3df9df42a6)
 2023-02-01 19:48:36 +08:00
skbeh
46913671a8 kernel, ksud: collect binaries into /data/adb/ksu (#161) 2023-02-01 17:58:58 +08:00
Ylarod
db600d5ea0 kernel: precise trigger timing of post-fs-data (#118) 
* kernel: add report_event cmd

* ksud: report event

* kernel: trigger on_post_fs_data

* ksud: comment unused code

* [skip ci] run clang-format

Signed-off-by: Ylarod <me@ylarod.cn>

* ci: use custom key to sign official bootimgs

* format ksud

* reject non root

* remove

Signed-off-by: Ylarod <me@ylarod.cn>
 2023-01-26 11:29:02 +08:00
Ylarod
22b66b6672 kernel: opt allowlist persist and log (#119) 
* kernel: persist on need

* kernel: opt log for ksu_allow_uid
 2023-01-26 08:55:27 +08:00
Ylarod
06aaae1335 kernel: fix missing log tag (#117) 2023-01-25 22:24:00 +08:00
Ylarod
2f970f7ab8 kernel: refact (#113) 
* refact

* sort inlude

* update

* unregister execve kprobe

* update log

* don't unregister if not in kprobe

* opt for no kprobe

* opt for no kprobe

* stop debug

* don't forget to call ksu_uid_observer_exit

* rename core to core_hook

* direct call do_persistent_allow_list

* add prefix

* use getter, add warn

* add wrapper

* run clang-format

clang-format --style="{BasedOnStyle: InheritParentConfig, SortIncludes: true}" -i kernel/**/*.[ch]

* try fix wsa x64 build
 2023-01-25 21:53:19 +08:00
weishu
830c27361e kernel: unify workqueue 2023-01-18 18:37:27 +07:00
weishu
2a1e91cb34 kernel: don't use 0(root uid) as manager init uid 2023-01-17 13:49:30 +07:00