kernel & KernelSU: Added switch for enabling/disabling umount for zygote spawned isolated service process
- Some modules that overlay sysyem files like framework or other overlay apk may crash when all iso services are umounted by susfs, so a switch is made here for users to switch on/off this funtion at anytime when they need it or want to test it
- By default it is disabled in kernel, run "ksu_susfs umount_for_zygote_iso_service <0|1>" to switch on/off the function in userspace
- Also user can create new file to "/data/adb/susfs_umount_for_zygote_iso_service" to enable it in kernel on each boot
- Alternatively, disable this function and use other modules to handle the umount for iso services until a better solution is found
Co-authored-by: simonpunk <simonpunk2016@gmail.com>
* Since it's interceptable from LSM Hook,
then we just need to remove ksu_handle_devpts and
make a decoy for it.
Signed-off-by: rsuntk <rsuntk@yukiprjkt.my.id>
When kernel is compiled with CONFIG_DEBUG_ATOMIC_SLEEP enabled, it prints
the following splat in dmesg during post boot:
[ 6.739169] init: Opening SELinux policy
[ 6.751520] init: Loading SELinux policy
[ 6.894684] SELinux: policy capability network_peer_controls=1
[ 6.894688] SELinux: policy capability open_perms=1
[ 6.894690] SELinux: policy capability extended_socket_class=1
[ 6.894691] SELinux: policy capability always_check_network=0
[ 6.894693] SELinux: policy capability cgroup_seclabel=0
[ 6.894695] SELinux: policy capability nnp_nosuid_transition=1
[ 7.214323] selinux: SELinux: Loaded file context from:
[ 7.214332] selinux: /system/etc/selinux/plat_file_contexts
[ 7.214339] selinux: /system_ext/etc/selinux/system_ext_file_contexts
[ 7.214345] selinux: /product/etc/selinux/product_file_contexts
[ 7.214350] selinux: /vendor/etc/selinux/vendor_file_contexts
[ 7.214356] selinux: /odm/etc/selinux/odm_file_contexts
[ 7.216398] KernelSU: /system/bin/init argc: 2
[ 7.216401] KernelSU: /system/bin/init first arg: second_stage
[ 7.216403] KernelSU: /system/bin/init second_stage executed
[ 7.216506] BUG: sleeping function called from invalid context at security/selinux/ss/hashtab.c:47
[ 7.216512] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 1, name: init
[ 7.216516] preempt_count: 0, expected: 0
[ 7.216518] RCU nest depth: 1, expected: 0
[ 7.216524] CPU: 6 PID: 1 Comm: init Not tainted 5.4.289-Scarlet-v2.0-beta3 #1
[ 7.216526] Hardware name: redwood based Qualcomm Technologies, Inc. SM7325 (DT)
[ 7.216528] Call trace:
[ 7.216536] dump_backtrace+0x0/0x210
[ 7.216539] show_stack+0x14/0x20
[ 7.216544] dump_stack+0x9c/0xec
[ 7.216548] __might_resched+0x1f0/0x210
[ 7.216552] hashtab_insert+0x38/0x230
[ 7.216557] add_type+0xd4/0x2e0
[ 7.216559] ksu_type+0x24/0x60
[ 7.216562] apply_kernelsu_rules+0xa8/0x650
[ 7.216565] ksu_handle_execveat_ksud+0x2a8/0x460
[ 7.216568] ksu_handle_execveat+0x2c/0x60
[ 7.216571] __arm64_sys_execve+0xe8/0xf0
[ 7.216574] el0_svc_common+0xf4/0x1a0
[ 7.216577] do_el0_svc+0x2c/0x40
[ 7.216579] el0_sync_handler+0x18c/0x200
[ 7.216582] el0_sync+0x140/0x180
This is because apply_kernelsu_rules() uses rcu_read_lock() to protect
SELinux policy modifications. However, cond_resched() from
hashtab_insert() at security/selinux/ss/hashtab.c is internally called
and it sleeps which is illegal under an RCU read-side critical section.
While replacing it with a spinlock would suppress the warning, this is
fundamentally incorrect because sleeping is illegal while holding a
spinlock and spinlock would turn off preemption which isn't an ideal
solution since it intentionally turns off rescheduling, and can lead
to deadlocks.
Instead, replace the RCU lock with a mutex lock. Mutex lock allows
sleeping when necessary, which is appropriate here because
apply_kernelsu_rules() runs in process context, not in atomic or
interrupt context. As apply_kernelsu_rules() is invoked only once during
post boot (SYSTEM_RUNNING), the mutex lock does not introduce any major
runtime performance regression and provides correct synchronization.
Fixes: tiann#2637
Signed-off-by: Tashfin Shakeer Rhythm <tashfinshakeerrhythm@gmail.com>
Use strscpy()/strlcpy() to populate the version buffer in CMD_GET_FULL_VERSION
instead of relying on uninitialized memory. This ensures the returned string
is null-terminated and avoids exposing garbage data to user space.
Signed-off-by: schqiushui <orochi9999@gmail.com>
Fixed function definition and restored missing ksu_try_umount calls that were unintentionally removed in previous commits. This includes unmounts for:
- /debug_ramdisk
- /sbin
- /system/etc/hosts
- /apex/com.android.art/bin/dex2oat64
- /apex/com.android.art/bin/dex2oat32
Fixes: b443b11df9 ("kernel: Refactoring the mount point unloading logic")
Fixes: da7632470d ("kernel: 使用 try_umount 替换 ksu_try_umount 以统一卸载逻辑")
Signed-off-by: schqiushui <orochi9999@gmail.com>
Skip directories that does NOT have the same magic as /data/app.
This is to avoid scanning incfs and any other stacked filesystems.
While this is way dumber, it's way cheaper.
no kern_path(), no missable path_put(), no ref handling.
This supercedes
`throne_tracker: avoid cross fs access
(https://github.com/tiann/KernelSU/pull/2626)`
- upstream
0b6998b474
Signed-off-by: backslashxx
<118538522+backslashxx@users.noreply.github.com>
context: this is known by many as `selinux hook`, `4.9 hook`
add is_ksu_transition check which allows ksud execution under nosuid.
it also eases up integration on 3.X kernels that does not have check_nnp_nosuid.
this also adds a `ksu_execveat_hook` check since this transition is NOT needed
anymore once ksud ran.
Usage:
if (check_ksu_transition(old_tsec, new_tsec))
return 0;
on either check_nnp_nosuid or selinux_bprm_set_creds (after execve sid reset)
reference: dfe003c9fd
taken from:
`allow init exec ksud under nosuid`
- 3df9df42a6
- https://github.com/tiann/KernelSU/pull/166#issue-1565872173
Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
Signed-off-by: rsuntk <rsuntk@yukiprjkt.my.id>
* Some people reports about undefined reference to `sys_umount`
* Since ksys_umount exist on Linux 4.17-rc1, then we gonna use that one.
Rev 2: Use correct int instead of long for ksys_umount
Signed-off-by: rsuntk <90097027+rsuntk@users.noreply.github.com>
