Rethink about this patch, isolated process which directly forks from
zygote is just like normal app, so there is no reason apps won't crash
but Isolated process will. Also zygote reopens fd before actually fork,
so it should be fine.
This reverts commit 2a1741de96a789957555053cf5a397cbef1eb3e4.
kernel: keep legacy throne tracker as an option
This change restores older throne tracker that uses packages.list scanning
to track app UIDs. It's intended for ultra-legacy Linux 3.X kernels that
experience deadlocks or crashes with the newer implementation due to issues
in user_data_actor().
We have to remember that the whole iterate_dir, and filldir subsystem is way
different on 3.X.
Changes:
- CONFIG_KSU_THRONE_TRACKER_LEGACY in Kconfig
- conditional compilation in Makefile
- throne_tracker_legacy.c which keeps the old implementation
Enable this option if newer throne tracker (tiann #2757crashes on you.)
Co-authored-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
Run throne_tracker() in kthread instead of blocking the caller.
Prevents full lockup during installation and removing the manager.
First run remains synchronous for compatibility purposes (FDE, FBEv1, FBEv2)
Features:
- run track_throne() in a kthread after the first synchronous run
- prevent duplicate thread creation with a single-instance check
- spinlock-on-d_lock based polling adressing possible race conditions.
Race conditions adressed
- single instance kthread lock, smp_mb()
- is_manager_apk, apk, spinlock-on-d_lock based polling
This is a squash of:
https://github.com/tiann/KernelSU/pull/2632
Rebased on top of
https://github.com/tiann/KernelSU/pull/2757
Original skeleton based on:
`kernelsu: move throne_tracker() to kthread`
`kernelsu: check locking before accessing files and dirs during searching manager`
`kernelsu: look for manager UID in /data/system/packages.list, not /data/system/packages.list.tmp`
0b05e927...8783badd
Co-Authored-By: backslashxx <118538522+backslashxx@users.noreply.github.com>
Co-Authored-By: Yaroslav Zviezda <10716792+acroreiser@users.noreply.github.com>
Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
Prioritize retrieving the application UID from /data/user_de. If this fails, fall back to retrieving it from packages.list.
Fix unstable application UID acquisition
Signed-off-by: ShirkNeko <109797057+ShirkNeko@users.noreply.github.com>
* On newer kernel for some reason -Wno-strict-prototypes still does not fix the errors or warnings.
* To fix it, we just need to add void type.
Signed-off-by: rsuntk <rsuntk@yukiprjkt.my.id>
- In order to reduce the extra patch code and increase the rate of hunk succeed, we do not rename the symbols in KernelSU drvier but instead do it all in kernel/kallsym.c
- Make susfs_starts_with() global as it maybe useful in future
Co-authored-by: simonpunk <simonpunk2016@gmail.com>
The 'strip' function is redundant when checking Kconfig variables, as
values from CONFIG options (like CONFIG_KSU_TRACEPOINT_HOOK) are already
trimmed and do not contain leading/trailing whitespace.
Simplify the condition for better readability and maintainability:
- Remove unnecessary $(strip ...)
- Add consistent spacing around the comma
This change aligns with kernel Makefile conventions and improves code clarity
without altering behavior.
Signed-off-by: dabao1955 <dabao1955@163.com>
* path_umount pretty much guaranteed to work as is, so it would not need
much logging.
Unlike sys_umount which is an alternative to path_umount for older kernel, so, sys_umount need constant logging.
Signed-off-by: rsuntk <rsuntk@yukiprjkt.my.id>
upstream used IS_ERR to check for negative return and that is int,
so correct it.
This is one headache for old compilers.
Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
* Much cleaner code, although setenforce is not used anymore
* Guard is_ksu_transition only for 4.19 and under.
Signed-off-by: rsuntk <rsuntk@yukiprjkt.my.id>
* Following the advice that was given by member in rksu group, by replacing ALL to untrusted_app.
$ /system/bin/stat /proc/1
Result:
08-15 14:57:54.370 20062 20062 W stat : type=1400 audit(0.0:9564): avc: denied { getattr } for path="/proc/1" dev="proc" ino=12308 scontext=u:r:untrusted_app_27:s0:c27,c258,c512,c768 tcontext=u:r:init:s0 tclass=dir permissive=0 app=com.termux
(issue
438bd5f#commitcomment-163785768)
Test: Checker pass.
* Any issue? Let me know.
Tested-by: rsuntk <rsuntk@yukiprjkt.my.id>
Co-authored-by: rsuntk <rsuntk@yukiprjkt.my.id>
Tracepoint is a predefined hook point in the kernel, compared to Kprobe,
it is more stable and has lower performance overhead, although compatibility
is relatively poor, it is still worth trying
By the way, we have also included the config definitions related to hook types
in Kconfig, to enhance cleanliness
These patches is based on https://github.com/backslashxx/KernelSU/issues/5
Co-authored-by: Cloud_Yun <1770669041@qq.com>
Co-authored-by: Prslc <prslc113@gmail.com>
Isolated processes can be directly forked from zygote, but current code doesn't handle it well. Fix it by unmounting unconditionally if isolated process is forked from zygote.
Signed-off-by: rsuntk <rsuntk@yukiprjkt.my.id>
get_policydb() uses rcu_dereference() to read pointers to selinux_state.policy.
But in the SELinux implementation, these pointers are assigned once during
initialization and never changed with rcu_assign_pointer(), rendering the
rcu_dereference() call in get_policydb() completely useless. This just adds
unwanted overhead and implies concurrency pattern that is not even present in
the kernel.
Therefore, read the pointers directly since it's safe.
* selinux_state.ss needs more context.
Signed-off-by: Tashfin Shakeer Rhythm <tashfinshakeerrhythm@gmail.com>
Currently, handle_sepolicy() holds an RCU read lock across the entire
function including calls to strncpy_from_user() which can sleep, which
is illegal in RCU semantics.
This triggers the following warning when the kernel is compiled with
CONFIG_DEBUG_ATOMIC_SLEEP enabled:
[ 8.526345] BUG: sleeping function called from invalid context at lib/strncpy_from_user.c:40
[ 8.526349] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 683, name: ksud
[ 8.526351] preempt_count: 0, expected: 0
[ 8.526352] RCU nest depth: 1, expected: 0
[ 8.526354] 1 lock held by ksud/683:
[ 8.526355] #0: ffffffe013e1b970 (rcu_read_lock){....}, at: handle_sepolicy+0xe4/0xaa0
[ 8.526365] CPU: 6 PID: 683 Comm: ksud Tainted: G W 5.4.289-Scarlet-v2.2-beta2 #1
[ 8.526366] Hardware name: redwood based Qualcomm Technologies, Inc. SM7325 (DT)
[ 8.526367] Call trace:
[ 8.526371] dump_backtrace+0x0/0x1c0
[ 8.526374] dump_stack+0x90/0xcc
[ 8.526376] __might_sleep+0x1a0/0x200
[ 8.526378] __might_fault+0x28/0x40
[ 8.526381] strncpy_from_user+0xac/0x300
[ 8.526383] handle_sepolicy+0x588/0xaa0
[ 8.526385] ksu_handle_prctl+0x368/0xd60
[ 8.526386] ksu_task_prctl+0xc/0x20
[ 8.526389] security_task_prctl+0x5c/0xa0
[ 8.526391] __arm64_sys_prctl+0x58/0x7e0
[ 8.526393] do_el0_svc+0x68/0x120
[ 8.526394] el0_sync_handler+0x11c/0x1c0
[ 8.526395] el0_sync+0x140/0x180
To fix this, replace the rcu_read_lock() with the `ksu_rules` mutex_lock()
introduced with commit 9014c663d1eb4 ("kernel: selinux: rules: Fix illegal RCU
lock usage in apply_kernelsu_rules()") which allows sleeping.
This mutex_lock() ensures mutual exclusion between threads invoking dynamic
policy modifications via handle_sepolicy() and those applying KernelSU rules
via apply_kernelsu_rules(), both of which access the policydb structure through
get_policydb().
Signed-off-by: Tashfin Shakeer Rhythm <tashfinshakeerrhythm@gmail.com>
* We got a splat related to atomic sleep.
* The trace is from strncpy_from_user and might_fault
Same case:
e47115e009
Signed-off-by: rsuntk <rsuntk@yukiprjkt.my.id>
kernel & KernelSU & ksu_susfs: Temp fix for avc log message being leaked by logd and added new toggle for enabling or disabling avc log spoofing
- See full details:
https://android-review.googlesource.com/c/platform/system/logging/+/3725346/2https://github.com/aviraxp/ZN-AuditPatch
- Since spoofing avc log in kernel may make things harder when users trying to debug with some permission issues or selinux issues, so thats why the toggle is created here and this is just a temp fix implemented in kernel side
- usage: ksu_susfs enable_avc_log_spoofing <0|1>
Co-authored-by: simonpunk <simonpunk2016@gmail.com>
