android/SukiSU-Ultra
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
1,437 Commits 11 Branches 15 Tags
d6770467fa4700341d1ba315d8fbce029708ba9b
Commit Graph

51 Commits

Author SHA1 Message Date
backslashxx
b4cfc2f298 Suggest non-gki kernel users to backport path_umount (#1464) 
Most kernel builders have to touch their kernel source code anyway, why
not also tell them to backport path_umount so even non-gki users can
benefit from this?

I know this might be a bit controversial as this will raise the barrier
of entry, but the benefits are just so high.

Idea was from OnlyTomInSecond on KernelSU group chat way back, and it
has been on the discussions for some time

references:
https://t.me/KernelSU_group/27237/176515
https://t.me/KernelSU_group/3249/184908

https://github.com/tiann/KernelSU/discussions/955#discussioncomment-7617166

03d233db8b
https://github.com/tiann/KernelSU/pull/1060 


https://elixir.bootlin.com/linux/v5.9.1/source/fs/namespace.c#L1728
https://elixir.bootlin.com/linux/v5.10.9/source/fs/namespace.c#L1730
https://elixir.bootlin.com/linux/v6.5/source/fs/namespace.c#L1887
https://github.com/tiann/KernelSU/pull/1464#issuecomment-2002492107


Kernel side change examples
5.4
961d978862
4.19
164917f56d
4.14
c07c70a0c5
4.9
195f07593a
4.4
21ea33fe41
https://github.com/tiann/KernelSU/pull/1464#issuecomment-2002424069
ofcourse having someone on 3.18 confirm this will be nice.

**PROS**: umount modules for everyone
**CONS**: barrier of entry +1

---------

Co-authored-by: Christoph Hellwig <hch@lst.de>
Co-authored-by: Fede2782 <78815152+Fede2782@users.noreply.github.com>
Co-authored-by: Tom <31297720+onlytominsecond@users.noreply.github.com>
 2024-03-18 10:27:31 +08:00
Ylarod
7568d55be1 Build KernelSU as LKM (#1254) 
Co-authored-by: weishu <twsxtd@gmail.com>
 2024-03-15 18:53:24 +08:00
Wang Han
3e2de84a81 Guard a few logprint in prctl path with KSU_DEBUG (#1402) 2024-02-29 13:47:22 +08:00
weishu
07e475c5dc kernel: prevent become manager when failed. close #1328 2024-02-03 20:03:26 +08:00
weishu
e9997a07c1 kernel: avoding umount when there isn't any module. close #556 2024-01-08 12:55:08 +08:00
Ylarod
e3e4d2eed4 Try umount /sbin in kernel (#1257) 2024-01-06 08:59:30 +08:00
Nullptr
706cd1e73e Mount temp dir at /debug_ramdisk (#1226) 2023-12-23 21:05:26 +08:00
weishu
344c08bb79 kernel: make compiler happy 2023-10-21 22:43:58 +08:00
weishu
75b5fdfb9d kernel: make su without any capabilities possible 2023-10-21 20:32:28 +08:00
weishu
ce892bc439 kernel: don't umount for non zygote child process. fixes #1054,#1049,#1045 2023-10-19 17:29:10 +08:00
weishu
79951f06ed kernel: ignore path that's not mountpoint 2023-10-12 14:24:41 +08:00
weishu
7747c0e211 kernel: umount modules mnt when needed. fix #991 2023-10-08 14:17:33 +08:00
longhuan1999
54ee400dc5 kernel: Adapt to low version Android init process (#973) 
1. Adapt to low version Android init process
2. Add stop hook output
3. Fix output with missing line breaks
 2023-10-02 12:00:24 +08:00
weishu
cde3e95180 kernel: Fix manager recognize err 2023-08-09 16:28:22 +08:00
weishu
beaa048be3 kernel: don't trigger page fault when become manager. fix #836 2023-08-09 12:33:05 +08:00
4qwerty7
f4d2b0feab Distinguish different PT_REGS_PARM4 under x86 (#711) 
1. `PT_REGS_CCALL_PARM4` 表示存放C调用约定的第4个参数的寄存器
2. `PT_REGS_SYSCALL_PARM4` 表示存放linux syscall调用约定的第4个参数的寄存器
3. 将原有 `PT_REGS_PARM4` 改为上述之一
4. 将原有 `ksu_handle_execveat_ksud` 和 `ksu_handle_execveat_sucompat` 可能被
kprobe 传递错误实参、且不使用的形参标记为 never_used 并传递 `NULL`
5. 为 `ksu_handle_execveat_ksud` 提供正确的 argv 参数用以在 x86 下也能正确识别 `init
second_stage`

---------

Co-authored-by: weishu <twsxtd@gmail.com>
 2023-07-06 09:01:35 +08:00
weishu
f5cfb32882 kernel: fix incorrect umount for apps 2023-06-22 15:17:32 +08:00
weishu
08884da423 kernel: don't alloc groups for default groups 2023-06-22 13:42:28 +08:00
weishu
5f1d70dabb Revert "kernel: getname might sleep in kprobe handler (#670)" 
This reverts commit 79bb9813ef.
 2023-06-22 12:54:30 +08:00
weishu
79bb9813ef kernel: getname might sleep in kprobe handler (#670) 2023-06-22 10:54:50 +08:00
Fiqri Ardyansyah
4218aa488f Fix error build when using GCC 12.0.0 (#609) 
Signed-off-by: Fiqri Ardyansyah <fiqri0927936@gmail.com>
 2023-06-09 10:35:16 +08:00
weishu
1408175a35 kernel: fix set groups for kernel 4.9- 2023-06-06 20:45:42 +08:00
weishu
53be8612c8 kernel: support setting selinux context for profile 2023-06-06 16:35:25 +08:00
weishu
c7f6a7d11b kernel: support settings supplementary groups for profile 2023-06-06 13:19:11 +08:00
weishu
710edb72fa kernel: prevent root process to exec su, which makes app can escape root profile by exec it twice 2023-06-06 11:08:57 +08:00
weishu
076e5d3655 kernel: make the profile uid, gid, capabilities really work 2023-06-04 17:29:12 +08:00
weishu
fc77ca989f kernel: use uid instead of package to compare allowlist, fix #580 2023-06-04 09:18:39 +08:00
weishu
63ec531814 kernel: dont prune uid used for app profile 2023-06-04 01:01:39 +08:00
weishu
5980c113fe kernel: respect the app profile's umount modules field for kernel umounting 2023-06-04 00:03:56 +08:00
weishu
b31fc47197 kernel: support CMD_IS_UID_GRANTED_ROOT and CMD_IS_UID_SHOULD_UMOUNT 2023-06-03 22:44:01 +08:00
weishu
de72eedb46 kernel: don't copy profile when not found 2023-06-03 17:26:00 +08:00
weishu
3abb7e4ca2 kernel: baby version of profile 2023-06-03 00:01:00 +08:00
浅秋枫影
2716ec58a0 Revert 67667b6 (#500) 
确实会导致卡住问题,一旦卡住,其他程序就无法正确卸载。
可能是,卸载目录那里一直在等待前面的空闲后再卸载,然后把后面的事件全部阻塞了?
 2023-05-15 23:18:34 +08:00
tiann
294d6fa05e kernel: don't umount for process in global namespace 2023-05-12 12:32:35 +08:00
tiann
67667b6df2 kernel: umount by lazy 2023-05-02 00:12:01 +08:00
tiann
45c229dc9f kernel: fix snprintf 2023-04-18 19:38:58 +08:00
tiann
f35e03d816 kernel: allow manager to be installed in work profile 2023-04-18 18:32:33 +08:00
zhcnUTF8
fabaa61279 kernel: check CONFIG_SECCOMP status (#351) 2023-04-05 19:09:47 +08:00
tiann
62bbee56db kernel: fix incorrect dput 2023-04-03 19:22:05 +08:00
tiann
ec4a233e04 kernel: basicly umount overlayfs in kernel 2023-04-03 19:16:24 +08:00
tiann
814d65cc28 kernel: Fix side channel attack 2023-03-28 12:07:18 +08:00
weishu
09fb118d22 kernel: return early for prctl command 2023-02-22 14:26:53 +07:00
Nullptr
a161c318a1 kernel: allow root processes to get allow/deny list (#256) 2023-02-19 16:09:21 +08:00
weishu
ca950d909b kernel: press KEY_VOLUMEDOWN over 2 seconds will enter safemode and disable all modules 
Co-authored-by: Ylarod <me@ylarod.cn>
 2023-02-13 21:23:28 +07:00
f19
0c322a33bc kernel: fix filp_open on older kernel's kworker (#205) 
On older kernel, kworker missing keyring from init process , and this
keyring is related to FBE , which causes filp_open return ENOKEY or
other errors.To fix this,just install init's keyring to per
kworkers.This works on Kernel 4.4 and 4.9.
 2023-02-05 07:14:59 +08:00
weishu
b9e27621ee kernel: support sepolicy 2023-01-31 18:54:31 +07:00
Ylarod
ee7065bc12 kernel: minor fix (#122) 2023-01-26 14:55:41 +08:00
Ylarod
db600d5ea0 kernel: precise trigger timing of post-fs-data (#118) 
* kernel: add report_event cmd

* ksud: report event

* kernel: trigger on_post_fs_data

* ksud: comment unused code

* [skip ci] run clang-format

Signed-off-by: Ylarod <me@ylarod.cn>

* ci: use custom key to sign official bootimgs

* format ksud

* reject non root

* remove

Signed-off-by: Ylarod <me@ylarod.cn>
 2023-01-26 11:29:02 +08:00
Ylarod
22b66b6672 kernel: opt allowlist persist and log (#119) 
* kernel: persist on need

* kernel: opt log for ksu_allow_uid
 2023-01-26 08:55:27 +08:00
Ylarod
06aaae1335 kernel: fix missing log tag (#117) 2023-01-25 22:24:00 +08:00