android/SukiSU-Ultra
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
2,593 Commits 11 Branches 15 Tags
ec6991f98b75d45a9b5905f2cdaa8edc5ab6f3fc
Commit Graph

44 Commits

Author SHA1 Message Date
ShirkNeko
ec6991f98b kernel: refactor apply_kernelsu_rules to use mutex for synchronization 2025-08-15 11:00:34 +08:00
Tashfin Shakeer Rhythm
f6337e2d52 kernel: selinux: rules: Micro-optimize get_policydb() and fix illegal RCU lock usage in handle_sepolicy() (#2695) 
Signed-off-by: Tashfin Shakeer Rhythm <tashfinshakeerrhythm@gmail.com>
 2025-08-15 10:33:05 +08:00
rsuntk
355e1c648a kernel: selinux: dontaudit * su dir getattr 
* Likely a detection point for newer android.

* I am not sure about this, but a module try to address this: https://github.com/aviraxp/ZN-AuditPatch

* Need more testing.

Suggested-by: fatalcoder524 <11532648+fatalcoder524@users.noreply.github.com>
Tested-by: rsuntk <rsuntk@yukiprjkt.my.id>
Signed-off-by: rsuntk <rsuntk@yukiprjkt.my.id>
 2025-08-11 17:18:01 +08:00
backslashxx
842a8aa45a kernel/selinux: fix pointer mismatch with 32-bit ksud on 64-bit kernels 
Since KernelSU Manager can now be built for 32-bit, theres this problematic
setup where userspace is 32-bit (armeabi-v7a) and kernel is 64bit (aarch64).

On 64-bit kernels with CONFIG_COMPAT=y, 32-bit userspace passes 32-bit pointers.
These values are interpreted as 64-bit pointers without proper casting and that
results in invalid or near-null memory access.

This patch adds proper compat-mode handling with the ff changes:
- introduce a dedicated struct (`sepol_compat_data`) using u32 fields
- use `compat_ptr()` to safely convert 32-bit user pointers to kernel pointers
- adding a runtime `ksu_is_compat` flag to dynamically select between struct layouts

This prevents a near-null pointer dereference when handling SELinux
policy updates from 32-bit ksud in a 64-bit kernel.

Truth table:

kernel 32 + ksud 32, struct is u32, no compat_ptr
kernel 64 + ksud 32, struct is u32, yes compat_ptr
kernel 64 + ksud 64, struct is u64, no compat_ptr

Preprocessor check

64BIT=y COMPAT=y: define both structs, select dynamically
64BIT=y COMPAT=n: struct u64
64BIT=n: struct u32

Tested-by: ...
Tested-by: ...
Tested-by: ...
Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
 2025-05-15 17:39:41 +08:00
Ylarod
898e9d4f8c [1.0] Drop Non-GKI Support (#1483) 
Co-authored-by: weishu <twsxtd@gmail.com>
 2024-06-01 14:50:46 +08:00
5ec1cff
935dc18faa su: allocate new pty (#1693) 2024-05-07 19:02:59 +08:00
weishu
efbc07fde3 kernel: use library import 2024-04-27 09:55:24 +08:00
weishu
9a04211051 kernel: Let the kernel choose who is qualified to be the manager. 2024-03-23 21:48:03 +08:00
weishu
01b685ce58 kernel: Allow system_server to kill su process 2024-02-20 18:16:43 +08:00
weishu
e934bfb648 kernel: Add init selinux rules. 2024-01-15 20:28:53 +08:00
The_second_Tom
dcd9d65c92 kernel: adapt to kernel above 6.4 (#1196) 
Above kernel 6.4, there is no struct_avc member in selinux_state.
 2023-12-11 00:13:06 +08:00
kevios12
7a1767b4c9 kernel: fix Modules install stuck on kernel 4.4 (#1059) 2023-10-22 23:40:53 +08:00
weishu
340595276f kernel: Add selinux rules for module umount 2023-10-09 18:09:54 +08:00
longhuan1999
54ee400dc5 kernel: Adapt to low version Android init process (#973) 
1. Adapt to low version Android init process
2. Add stop hook output
3. Fix output with missing line breaks
 2023-10-02 12:00:24 +08:00
weishu
980f1d09bc kernel: allow kernel to mount loop devices. close #514 2023-06-26 19:29:29 +08:00
3452841752 selinux: use grep to check api supports (#402) 
This checks `selinux_state` and `current_sid` supports in a raw way.
Feels more reliable than the version checks.

Supersedes #401, fixes #280, fixes #400.
 2023-04-20 15:22:03 +08:00
tiann
0c9ecf3abc kernel: always apply sepolicy rules even if selinux is permissive 2023-04-18 14:15:37 +08:00
Dhruv Gera
7be405e4e4 selinux: Update 4.9 to the correct check (#324) 
4.9's last release aka 4.9.337 still needs the same fallbacks as 4.9.212
and breaks otherwise, upgrade this to fix compilation

Tested and working on POCO F1, 4.9.337
 2023-03-27 21:26:37 +08:00
weishu
849164e4de kernel: fix compile err 2023-02-20 20:06:56 +07:00
weishu
83b0aed52a kernel: apply rules should return success when selinux is disabled or permissive 2023-02-20 18:13:53 +07:00
Enes Sastim
8fbdd996de use selinux_state for 4.9.212+ (#245) 
_selinux_state_ is backported to 4.9 kernel with the 4.9.212 release,
use it to fix the build.
many thanks to @reallysnow for figuring this out.
inspired by
d7c2c5f02a
 2023-02-15 11:39:16 +08:00
weishu
20ff530962 kernel: fix sepolicy apply may not work #227 
Co-authored-by: sekaiacg <sekaiacg@gmail.com>
 2023-02-13 09:12:31 +07:00
Aquarius223
6d15cb7e33 kernel: Fix f6967d2c lost parameters after ack-linux 4.14.y (>=163) (#234) 
* [android-4.14-stable tree:
https://github.com/aosp-mirror/kernel_common/commit/5d0939e1]

Change-Id: Ice92dd83df4c4f1ae272156cb57f95998e45819f

Co-authored-by: stic-server-open <1138705738@qq.com>
 2023-02-12 18:11:28 +08:00
weishu
f6967d2cfb kernel: reset avc cache for sepolicy 
Co-authored-by: sekaiacg <sekaiacg@gmail.com>
 2023-02-12 13:09:00 +07:00
f19
4f2b8b7077 kernel: backport to 4.4 (#166) 
These changes make KernelSU work on kernel4.4
[link](https://github.com/F-19-F/android_kernel_oneplus_msm8998).
LINUX_VERSION_CODE macro changes have been vertied on 4.4 4.9 4.14.
For kernel 4.4,just pick two commits
* [introduce
KernelSU](2993524f2f)
* [allow init exec ksud under
nosuid](3df9df42a6)
 2023-02-01 19:48:36 +08:00
skbeh
46913671a8 kernel, ksud: collect binaries into /data/adb/ksu (#161) 2023-02-01 17:58:58 +08:00
weishu
ab6d483c32 kernel: fix sepolicy rule which contains * 2023-01-31 20:51:02 +07:00
weishu
b9e27621ee kernel: support sepolicy 2023-01-31 18:54:31 +07:00
weishu
413a8d0a2f kernel: support selinux state transition 2023-01-26 16:05:14 +07:00
Ylarod
db600d5ea0 kernel: precise trigger timing of post-fs-data (#118) 
* kernel: add report_event cmd

* ksud: report event

* kernel: trigger on_post_fs_data

* ksud: comment unused code

* [skip ci] run clang-format

Signed-off-by: Ylarod <me@ylarod.cn>

* ci: use custom key to sign official bootimgs

* format ksud

* reject non root

* remove

Signed-off-by: Ylarod <me@ylarod.cn>
 2023-01-26 11:29:02 +08:00
Ylarod
06aaae1335 kernel: fix missing log tag (#117) 2023-01-25 22:24:00 +08:00
Ylarod
2f970f7ab8 kernel: refact (#113) 
* refact

* sort inlude

* update

* unregister execve kprobe

* update log

* don't unregister if not in kprobe

* opt for no kprobe

* opt for no kprobe

* stop debug

* don't forget to call ksu_uid_observer_exit

* rename core to core_hook

* direct call do_persistent_allow_list

* add prefix

* use getter, add warn

* add wrapper

* run clang-format

clang-format --style="{BasedOnStyle: InheritParentConfig, SortIncludes: true}" -i kernel/**/*.[ch]

* try fix wsa x64 build
 2023-01-25 21:53:19 +08:00
weishu
e5044b4b6f kernel: selinux support add new type and add builtin unconstrained file type 2023-01-24 19:48:41 +07:00
weishu
ab36e1fa0c kernel: add uid observer, correctly prune uid allowlist when app is installed/uninstalled. 2023-01-17 12:44:38 +07:00
weishu
710b933b08 kernel: fix am/pm error in app's su 2023-01-16 15:48:40 +07:00
Ylarod
177d6dba15 kernel: add prefix for functions in sepolicy (#49) 
* kernel: add prefix for functions in sepolicy

* ci: fix 5.15 compile error
 2023-01-13 20:05:52 +08:00
weishu
0e0a812a9c kernel: backport to 4.19 (#36) 2023-01-10 23:20:32 +08:00
weishu
ae18ab2b5e kernel: inject userspace init events 2023-01-01 23:54:54 +07:00
weishu
b427c86ab3 misc: code format(use kernel code stype: https://www.kernel.org/doc/html/v6.1/process/coding-style.html 2022-12-27 18:21:10 +07:00
weishu
342910771b kernel: support xperms for sepolicy 2022-12-27 17:43:58 +07:00
weishu
33096754dd kernel: fix compile err 2022-12-23 10:46:19 +07:00
weishu
87d1158313 kernel: don't apply rules for permissive/disabled selinux 2022-12-23 08:59:57 +07:00
weishu
fa59434753 kernel: add selinux rules for allowlist 2022-12-23 08:15:35 +07:00
weishu
3196731545 kernel: improve selinux for su context 2022-12-22 22:10:17 +07:00