Tracepoint is a predefined hook point in the kernel, compared to Kprobe,
it is more stable and has lower performance overhead, although compatibility
is relatively poor, it is still worth trying
By the way, we have also included the config definitions related to hook types
in Kconfig, to enhance cleanliness
Improve and merge types that do not require hooks
Introducing the hook type prctl
These patches is based on backslashxx/KernelSU#5
Co-authored-by: Cloud_Yun <1770669041@qq.com>
Co-authored-by: Prslc <prslc113@gmail.com>
Co-authored-by: ShirkNeko <109797057+ShirkNeko@users.noreply.github.com>
Signed-off-by: ShirkNeko <109797057+ShirkNeko@users.noreply.github.com>
Isolated processes can be directly forked from zygote, but current code doesn't handle it well. Fix it by unmounting unconditionally if isolated process is forked from zygote.
Signed-off-by: rsuntk <rsuntk@yukiprjkt.my.id>
* Since it's interceptable from LSM Hook,
then we just need to remove ksu_handle_devpts and
make a decoy for it.
Signed-off-by: rsuntk <rsuntk@yukiprjkt.my.id>
Use strscpy()/strlcpy() to populate the version buffer in CMD_GET_FULL_VERSION
instead of relying on uninitialized memory. This ensures the returned string
is null-terminated and avoids exposing garbage data to user space.
Signed-off-by: schqiushui <orochi9999@gmail.com>
`ksu handles devpts with selinux lsm hook` - aviraxp
- no, not yet, but yes we can, thats a good idea.
This change tries to do that, so instead of hooking pts_unix98_lookup or
devpts_get_priv, we just watch security_inode_permission, if its devpts,
pass it along to the original handler.
Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
Co-authored-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
I am repasting here what I posted on the source code originally:
/*
* turns out path_umount backport is completely unneeded
* we copy the trick used on strncpy_from_unsafe_user / strncpy_from_user_nofault
* https://elixir.bootlin.com/linux/v4.4.302/source/mm/maccess.c#L184
* basically
*
* mm_segment_t old_fs = get_fs(); // remember original fs segment
* set_fs(USER_DS); // or KERNEL_DS *
* do_whatever_in_userspace();
* set_fs(old_fs); // restore fs segment
*
* * kernel -> user, KERNEL_DS, user -> kernel, USER_DS
*
* so yes, we can try to straight up call a syscall from kernel space
*
* NOTE: on newer kernels you can use force_uaccess_begin + force_uaccess_end
* ref: https://elixir.bootlin.com/linux/v5.10.237/source/mm/maccess.c#L250
*
*/
path_umount backport now optional — neat trick, werks, what can I say.
Backports? Nah, we’re good.
Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
disabling this removes the need for LSM_HOOK_INIT, security_add_hooks and such,.
furthermore, this will also allow easier integration on pre-4.1 kernels.
Expose this and make it a configurable option.
Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
When the manager is already running, if other programs / kernel toggle
the sucompat enable status,
The manager "Disable SU Compat" toggle button can not work, kmesg print
"cmd enable su but no need to change."
I think we should still return reply_ok when the syscall value is
consistent with the kernel, which would fix the issue.
- When disabling Seccomp, ensure that current->sighand->siglock is held
during the operation.
- Locking to ensure safe access and modification of the `cred` structure
within the `escape_to_root` function.
---
I think this issue described in #2236 may have been caused by concurrent
read-write access without proper locking.
---------
Signed-off-by: SsageParuders<qinqingqing1025@gmail.com>
Signed-off-by: SsageParuders <qinqingqing1025@gmail.com>"
On Android-x86 (or BlissOS) it initialize Android by using switch_root
or chroot, when checking a path with dentry_path_raw() it will show the
whole real path instead of the path that we want.
Relax the checking requirement by using strstr to look for
"/system/packages.list" in the string instead of requiring the path to
be "/system/packages.list"
This fixes#1783
Signed-off-by: hmtheboy154 <buingoc67@gmail.com>
