* Due to numerous changes on LSM (Linux Security Module) in Linux 6.8+
* This is temporary guard until a working solution exist.
Signed-off-by: rsuntk <rsuntk@yukiprjkt.my.id>
- Error: In the Kirin 970 HarmonyOS2 kernel source code, integrating SukiSU requires disabling the CONFIG_HKIP_SELINUX_PROT configuration option. Disabling this option will enable the use of flex_array. However, in the add_type and add_typeattribute_raw functions in kernel/selinux/sepolicy.c, if a Huawei HISI device is detected, ebitmap not flex_array is used, causing an error.
- Fix: Added conditional checks to the add_type and add_typeattribute_raw functions in kernel/selinux/sepolicy.c. Because the Kirin 970 EMUI10 kernel source code does not use flex_array, an option defined only in the EMUI10 kernel configuration is added to determine the kernel source code version.
Run throne_tracker() in kthread instead of blocking the caller.
Prevents full lockup during installation and removing the manager.
By default, first run remains synchronous for compatibility purposes
(FDE, FBEv1, FBEv2)
Features:
- looks and waits for manager UID in /data/system/packages.list
- run track_throne() in a kthread after the first synchronous run
- prevent duplicate thread creation with a single-instance check
- spinlock-on-d_lock based polling adressing possible race conditions.
Race conditions adressed
- single instance kthread lock, smp_mb()
- track_throne_function, packages.list, spinlock-on-d_lock based polling
- is_manager_apk, apk, spinlock-on-d_lock based polling
This is a squash of:
https://github.com/tiann/KernelSU/pull/2632
Original skeleton based on:
`kernelsu: move throne_tracker() to kthread`
`kernelsu: check locking before accessing files and dirs during searching manager`
`kernelsu: look for manager UID in /data/system/packages.list, not /data/system/packages.list.tmp`
0b05e927...8783badd
Co-Authored-By: backslashxx <118538522+backslashxx@users.noreply.github.com>
Co-Authored-By: Yaroslav Zviezda <10716792+acroreiser@users.noreply.github.com>
Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
`ksu handles devpts with selinux lsm hook` - aviraxp
- no, not yet, but yes we can, thats a good idea.
This change tries to do that, so instead of hooking pts_unix98_lookup or
devpts_get_priv, we just watch security_inode_permission, if its devpts,
pass it along to the original handler.
EDIT: define devpts super magic if its undefined
- yeah I aint gonna include a conditional include of a header just for this
- while we can just fully remove the macro and inline, readability loss is bad
Co-authored-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
Since KernelSU Manager can now be built for 32-bit, theres this problematic
setup where userspace is 32-bit (armeabi-v7a) and kernel is 64bit (aarch64).
On 64-bit kernels with CONFIG_COMPAT=y, 32-bit userspace passes 32-bit pointers.
These values are interpreted as 64-bit pointers without proper casting and that
results in invalid or near-null memory access.
This patch adds proper compat-mode handling with the ff changes:
- introduce a dedicated struct (`sepol_compat_data`) using u32 fields
- use `compat_ptr()` to safely convert 32-bit user pointers to kernel pointers
- adding a runtime `ksu_is_compat` flag to dynamically select between struct layouts
This prevents a near-null pointer dereference when handling SELinux
policy updates from 32-bit ksud in a 64-bit kernel.
Truth table:
kernel 32 + ksud 32, struct is u32, no compat_ptr
kernel 64 + ksud 32, struct is u32, yes compat_ptr
kernel 64 + ksud 64, struct is u64, no compat_ptr
Preprocessor check
64BIT=y COMPAT=y: define both structs, select dynamically
64BIT=y COMPAT=n: struct u64
64BIT=n: struct u32
Co-authored-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
This migrates ksud execution decision-making to bprm_check_security.
This requires passing proper argv and envp to a modified _ksud handler
aptly named 'ksu_handle_bprm_ksud'.
Introduces:
int ksu_handle_bprm_ksud(const char *filename, const char *argv1,
const char *envp, size_t envp_len)
which is adapted from:
int ksu_handle_execveat_ksud(int *fd, struct filename **filename_ptr,
struct user_arg_ptr *argv,
struct user_arg_ptr *envp,
int *flags)
ksu_handle_bprm_ksud handles all the decision making, it decides when it is
time to apply_kernelsu_rules depending if it sees "second_stage".
For LSM hook, turns out we can pull out argv and envp from mm_struct.
The code in here explains itself on how to do it.
whole blob exists on arg_start to arg_end, so we just pull it out and grab next
array after the first null terminator.
as for envp, we pass the pointer then hunt for it when needed
My reasoning on adding a fallback on usercopy is that on some devices a fault
happens, and it copies garbled data. On my creation of this, I actually had to lock
that _nofault copy on a spinlock as a way to mimic preempt_disable/enable without
actually doing it. As per user reports, no failed _nofault copies anyway but we
have-to-have a fallback for resilience.
References:
- old version1 6efcd8193e
- old version2 37d5938e66
- bad usercopy #21
This now provides a small helper function, ksu_copy_from_user_retry, which explains
itself. First we attempt a _nofault copy, if that fails, we try plain.
With that, It also provides an inlined copy_from_user_nofault for < 5.8.
While using strncpy_from_user_nofault was considered, this wont do, this will
only copy up to the first \0.
devlog:
16e5dce9e7...16c1f5f52128642e60d7...728de0c571
References:
https://elixir.bootlin.com/linux/v4.14.1/source/include/linux/mm_types.h#L429https://elixir.bootlin.com/linux/v4.14.1/source/include/linux/lsm_hooks.h
Stale: https://github.com/tiann/KernelSU/pull/2653
Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
Some kernels (e.g. 5.4 with backports) include proc_ops despite being
older than 5.6.0. Replace hardcoded version check with runtime header
detection to handle these cases.
- Check for "struct proc_ops" in include/linux/proc_fs.h
- Use KSU_COMPAT_HAS_PROC_OPS macro for conditional compilation
- Fixes build failures on kernels with backported proc_ops
Signed-off-by: JackAltman
Prioritize retrieving the application UID from /data/user_de. If this fails, fall back to retrieving it from packages.list.
Fix unstable application UID acquisition
Signed-off-by: ShirkNeko <109797057+ShirkNeko@users.noreply.github.com>
* On newer kernel for some reason -Wno-strict-prototypes still does not fix the errors or warnings.
* To fix it, we just need to add void type.
Signed-off-by: rsuntk <rsuntk@yukiprjkt.my.id>
* kernel: define ksu_core_exit() for <4.1 devices without LSM hooks
Ensure ksu_core_exit() is defined even if CONFIG_KSU_LSM_SECURITY_HOOKS
is disabled, which is mostly relevant for kernels 4.1 and older, preventing
build failures due to missing exit function.
Signed-off-by: Prslc <prslc113@gmail.com>
* kernel: consolidate ksu_core_exit() definition
Move ksu_core_exit() out of the CONFIG_KSU_LSM_SECURITY_HOOKS
conditional branches to remove redundant empty definitions
and ensure the exit function is always available.
Signed-off-by: Prslc <prslc113@gmail.com>
---------
Signed-off-by: Prslc <prslc113@gmail.com>
The 'strip' function is redundant when checking Kconfig variables, as
values from CONFIG options (like CONFIG_KSU_TRACEPOINT_HOOK) are already
trimmed and do not contain leading/trailing whitespace.
Simplify the condition for better readability and maintainability:
- Remove unnecessary $(strip ...)
- Add consistent spacing around the comma
This change aligns with kernel Makefile conventions and improves code clarity
without altering behavior.
Signed-off-by: dabao1955 <dabao1955@163.com>
