* Since it's interceptable from LSM Hook,
then we just need to remove ksu_handle_devpts and
make a decoy for it.
Signed-off-by: rsuntk <rsuntk@yukiprjkt.my.id>
Use strscpy()/strlcpy() to populate the version buffer in CMD_GET_FULL_VERSION
instead of relying on uninitialized memory. This ensures the returned string
is null-terminated and avoids exposing garbage data to user space.
Signed-off-by: schqiushui <orochi9999@gmail.com>
`ksu handles devpts with selinux lsm hook` - aviraxp
- no, not yet, but yes we can, thats a good idea.
This change tries to do that, so instead of hooking pts_unix98_lookup or
devpts_get_priv, we just watch security_inode_permission, if its devpts,
pass it along to the original handler.
Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
Co-authored-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
I am repasting here what I posted on the source code originally:
/*
* turns out path_umount backport is completely unneeded
* we copy the trick used on strncpy_from_unsafe_user / strncpy_from_user_nofault
* https://elixir.bootlin.com/linux/v4.4.302/source/mm/maccess.c#L184
* basically
*
* mm_segment_t old_fs = get_fs(); // remember original fs segment
* set_fs(USER_DS); // or KERNEL_DS *
* do_whatever_in_userspace();
* set_fs(old_fs); // restore fs segment
*
* * kernel -> user, KERNEL_DS, user -> kernel, USER_DS
*
* so yes, we can try to straight up call a syscall from kernel space
*
* NOTE: on newer kernels you can use force_uaccess_begin + force_uaccess_end
* ref: https://elixir.bootlin.com/linux/v5.10.237/source/mm/maccess.c#L250
*
*/
path_umount backport now optional — neat trick, werks, what can I say.
Backports? Nah, we’re good.
Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
disabling this removes the need for LSM_HOOK_INIT, security_add_hooks and such,.
furthermore, this will also allow easier integration on pre-4.1 kernels.
Expose this and make it a configurable option.
Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
When the manager is already running, if other programs / kernel toggle
the sucompat enable status,
The manager "Disable SU Compat" toggle button can not work, kmesg print
"cmd enable su but no need to change."
I think we should still return reply_ok when the syscall value is
consistent with the kernel, which would fix the issue.
- When disabling Seccomp, ensure that current->sighand->siglock is held
during the operation.
- Locking to ensure safe access and modification of the `cred` structure
within the `escape_to_root` function.
---
I think this issue described in #2236 may have been caused by concurrent
read-write access without proper locking.
---------
Signed-off-by: SsageParuders<qinqingqing1025@gmail.com>
Signed-off-by: SsageParuders <qinqingqing1025@gmail.com>"
On Android-x86 (or BlissOS) it initialize Android by using switch_root
or chroot, when checking a path with dentry_path_raw() it will show the
whole real path instead of the path that we want.
Relax the checking requirement by using strstr to look for
"/system/packages.list" in the string instead of requiring the path to
be "/system/packages.list"
This fixes#1783
Signed-off-by: hmtheboy154 <buingoc67@gmail.com>
