android/SukiSU-Ultra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: android:susfs-test
Branches Tags
android:main android:dev android:Crowdin android:ksud-susfs android:nongki android:miuix android:miuix-dev android:susfs-main android:susfs-test android:user_de android:WX-new
android:v4.0.0 android:v3.2.0 android:v3.1.9 android:v3.1.8 android:v3.1.7 android:v3.1.6 android:v3.1.5 android:v3.1.4 android:v3.1.3 android:v3.1.2 android:v3.1.1 android:v3.1 android:v3.0.1 android:v3.0 android:v2.0_beta
...
compare: android:39c1b45257fa3c0cb0116dd6779a059f06728640
Branches Tags
android:dev android:Crowdin android:ksud-susfs android:main android:nongki android:miuix android:miuix-dev android:susfs-main android:susfs-test android:user_de android:WX-new
android:v4.0.0 android:v3.2.0 android:v3.1.9 android:v3.1.8 android:v3.1.7 android:v3.1.6 android:v3.1.5 android:v3.1.4 android:v3.1.3 android:v3.1.2 android:v3.1.1 android:v3.1 android:v3.0.1 android:v3.0 android:v2.0_beta

12 Commits
susfs-test ... 39c1b45257

Author SHA1 Message Date
ShirkNeko
39c1b45257 Sync with latest official KernelSU commit 4d3560b12bec5f238fe11f908a246f0ac97e9c27 
Co-authored-by: simonpunk <simonpunk2016@gmail.com>
 2025-09-15 15:54:46 +08:00
Wang Han
4be4758334 Unmount isolated process which forks from zygote unconditionally (#2747) 
Rethink about this patch, isolated process which directly forks from
zygote is just like normal app, so there is no reason apps won't crash
but Isolated process will. Also zygote reopens fd before actually fork,
so it should be fine.

This reverts commit 2a1741de96a789957555053cf5a397cbef1eb3e4.
 2025-09-15 15:19:00 +08:00
ShirkNeko
6892a23c6a kernel: Fixed an issue where scanning could cause the application to freeze. 2025-09-14 21:49:26 +08:00
ShirkNeko
f8abf097d7 kernel: Improve dynamic manager functions and logging 2025-09-14 19:31:21 +08:00
ShirkNeko
fb2ad3ec7b kernel: keep legacy throne tracker as an option 
kernel: keep legacy throne tracker as an option

This change restores older throne tracker that uses packages.list scanning
to track app UIDs. It's intended for ultra-legacy Linux 3.X kernels that
experience deadlocks or crashes with the newer implementation due to issues
in user_data_actor().

We have to remember that the whole iterate_dir, and filldir subsystem is way
different on 3.X.

Changes:
- CONFIG_KSU_THRONE_TRACKER_LEGACY in Kconfig
- conditional compilation in Makefile
- throne_tracker_legacy.c which keeps the old implementation

Enable this option if newer throne tracker (tiann #2757crashes on you.)

Co-authored-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
 2025-09-14 17:38:25 +08:00
ShirkNeko
debd7d5a01 kernel: throne_tracker: offload to kthread (tiann[#2632](https://github.com/SukiSU-Ultra/SukiSU-Ultra/issues/2632)) 
Run throne_tracker() in kthread instead of blocking the caller.
Prevents full lockup during installation and removing the manager.

First run remains synchronous for compatibility purposes (FDE, FBEv1, FBEv2)

Features:
- run track_throne() in a kthread after the first synchronous run
- prevent duplicate thread creation with a single-instance check
- spinlock-on-d_lock based polling adressing possible race conditions.

Race conditions adressed
- single instance kthread lock, smp_mb()
- is_manager_apk, apk, spinlock-on-d_lock based polling

This is a squash of:
https://github.com/tiann/KernelSU/pull/2632

Rebased on top of
https://github.com/tiann/KernelSU/pull/2757

Original skeleton based on:
`kernelsu: move throne_tracker() to kthread`
`kernelsu: check locking before accessing files and dirs during searching manager`
`kernelsu: look for manager UID in /data/system/packages.list, not /data/system/packages.list.tmp`
0b05e927...8783badd

Co-Authored-By: backslashxx <118538522+backslashxx@users.noreply.github.com>
Co-Authored-By: Yaroslav Zviezda <10716792+acroreiser@users.noreply.github.com>
Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
 2025-09-14 11:53:33 +08:00
ShirkNeko
4c3bdcd016 kernel: Switch to using pr_info for printing 2025-09-14 11:25:59 +08:00
ShirkNeko
c5a2e06b94 kernel: Simplify and improve readability 2025-09-14 10:22:40 +08:00
ShirkNeko
307bb67856 Add vfs_getattr compatibility for kernels < 4.14 
Co-authored-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
Signed-off-by: ShirkNeko <109797057+ShirkNeko@users.noreply.github.com>
 2025-09-14 10:00:14 +08:00
ShirkNeko
63d9bdd9d6 kernel: Use iterate_dir for multi-user traversal instead of a fixed user ID range. 2025-09-13 21:24:40 +08:00
ShirkNeko
eb87c1355b Fixed some minor issues that may have existed 2025-09-13 20:26:44 +08:00
ShirkNeko
316cb79f32 kernel: Remove fallback scan for packages.list 
Enhance scan support for active users in /data/user_de

Signed-off-by: ShirkNeko <109797057+ShirkNeko@users.noreply.github.com>
 2025-09-12 16:02:51 +08:00
10 changed files with 1081 additions and 445 deletions
Expand all files Collapse all files

9
kernel/Kconfig
View File

@@ -8,6 +8,15 @@ config KSU
To compile as a module, choose M here: the To compile as a module, choose M here: the
module will be called kernelsu. module will be called kernelsu.
config KSU_THRONE_TRACKER_LEGACY
bool "Use legacy throne tracker (packages.list scanning)"
depends on KSU
default n
help
Use legacy throne tracker that scans packages.list for app UIDs.
This is kept for Ultra-Legacy Linux 3.X kernels which are prone to deadlocks.
Enable this if default scanning deadlocks/crashes on you.
config KSU_DEBUG config KSU_DEBUG
bool "KernelSU debug mode" bool "KernelSU debug mode"
depends on KSU depends on KSU

16
kernel/Makefile
View File

@@ -3,7 +3,6 @@ kernelsu-objs += allowlist.o
kernelsu-objs += dynamic_manager.o kernelsu-objs += dynamic_manager.o
kernelsu-objs += apk_sign.o kernelsu-objs += apk_sign.o
kernelsu-objs += sucompat.o kernelsu-objs += sucompat.o
kernelsu-objs += throne_tracker.o
kernelsu-objs += core_hook.o kernelsu-objs += core_hook.o
kernelsu-objs += ksud.o kernelsu-objs += ksud.o
kernelsu-objs += embed_ksud.o kernelsu-objs += embed_ksud.o
@@ -17,6 +16,12 @@ kernelsu-objs += selinux/selinux.o
kernelsu-objs += selinux/sepolicy.o kernelsu-objs += selinux/sepolicy.o
kernelsu-objs += selinux/rules.o kernelsu-objs += selinux/rules.o
ifeq ($(CONFIG_KSU_THRONE_TRACKER_LEGACY),y)
kernelsu-objs += throne_tracker_legacy.o
else
kernelsu-objs += throne_tracker.o
endif
ccflags-y += -I$(srctree)/security/selinux -I$(srctree)/security/selinux/include ccflags-y += -I$(srctree)/security/selinux -I$(srctree)/security/selinux/include
ccflags-y += -I$(objtree)/security/selinux -include $(srctree)/include/uapi/asm-generic/errno.h ccflags-y += -I$(objtree)/security/selinux -include $(srctree)/include/uapi/asm-generic/errno.h
@@ -124,7 +129,6 @@ ifeq ($(shell grep "ssize_t kernel_write" $(srctree)/fs/read_write.c | grep -q "
ccflags-y += -DKSU_OPTIONAL_KERNEL_WRITE ccflags-y += -DKSU_OPTIONAL_KERNEL_WRITE
endif endif
ifeq ($(shell grep -q "inode_security_struct\s\+\*selinux_inode" $(srctree)/security/selinux/include/objsec.h; echo $$?),0) ifeq ($(shell grep -q "inode_security_struct\s\+\*selinux_inode" $(srctree)/security/selinux/include/objsec.h; echo $$?),0)
$(info -- KernelSU: kernel has selinux_inode.)
ccflags-y += -DKSU_OPTIONAL_SELINUX_INODE ccflags-y += -DKSU_OPTIONAL_SELINUX_INODE
endif endif
ifeq ($(shell grep -q "int\s\+path_umount" $(srctree)/fs/namespace.c; echo $$?),0) ifeq ($(shell grep -q "int\s\+path_umount" $(srctree)/fs/namespace.c; echo $$?),0)
@@ -144,6 +148,12 @@ ifeq ($(shell grep -q "SEC_SELINUX_PORTING_COMMON" $(srctree)/security/selinux/a
ccflags-y += -DSAMSUNG_SELINUX_PORTING ccflags-y += -DSAMSUNG_SELINUX_PORTING
endif endif
# Check new vfs_getattr()
ifeq ($(shell grep -A1 "^int vfs_getattr" $(srctree)/fs/stat.c | grep -q "query_flags" ; echo $$?),0)
$(info -- KernelSU/compat: new vfs_getattr() found)
ccflags-y += -DKSU_HAS_NEW_VFS_GETATTR
endif
# Custom Signs # Custom Signs
ifdef KSU_EXPECTED_SIZE ifdef KSU_EXPECTED_SIZE
ccflags-y += -DEXPECTED_SIZE=$(KSU_EXPECTED_SIZE) ccflags-y += -DEXPECTED_SIZE=$(KSU_EXPECTED_SIZE)
@@ -171,7 +181,7 @@ $(eval SUSFS_VERSION=$(shell cat $(srctree)/include/linux/susfs.h | grep -E '^#d
$(info ) $(info )
$(info -- SUSFS_VERSION: $(SUSFS_VERSION)) $(info -- SUSFS_VERSION: $(SUSFS_VERSION))
else else
$(info -- You have not integrate susfs in your kernel.) $(info -- You have not integrated susfs in your kernel yet.)
$(info -- Read: https://gitlab.com/simonpunk/susfs4ksu) $(info -- Read: https://gitlab.com/simonpunk/susfs4ksu)
endif endif
# Keep a new line here!! Because someone may append config # Keep a new line here!! Because someone may append config

105
kernel/apk_sign.c
View File

@@ -15,10 +15,10 @@
#endif #endif
#include "apk_sign.h" #include "apk_sign.h"
#include "dynamic_manager.h"
#include "klog.h" // IWYU pragma: keep #include "klog.h" // IWYU pragma: keep
#include "kernel_compat.h" #include "kernel_compat.h"
#include "manager_sign.h" #include "manager_sign.h"
#include "dynamic_manager.h"
struct sdesc { struct sdesc {
struct shash_desc shash; struct shash_desc shash;
@@ -88,19 +88,16 @@ static int ksu_sha256(const unsigned char *data, unsigned int datalen,
return ret; return ret;
} }
static struct dynamic_sign_key dynamic_sign = DYNAMIC_SIGN_DEFAULT_CONFIG;
static bool check_dynamic_sign(struct file *fp, u32 size4, loff_t *pos, int *matched_index) static bool check_dynamic_sign(struct file *fp, u32 size4, loff_t *pos, int *matched_index)
{ {
struct dynamic_sign_key current_dynamic_key = dynamic_sign; unsigned int dynamic_size = 0;
const char *dynamic_hash = NULL;
if (ksu_get_dynamic_manager_config(&current_dynamic_key.size, &current_dynamic_key.hash)) { if (!ksu_get_dynamic_manager_config(&dynamic_size, &dynamic_hash)) {
pr_debug("Using dynamic manager config: size=0x%x, hash=%.16s...\n", return false;
current_dynamic_key.size, current_dynamic_key.hash);
} }
if (size4 != current_dynamic_key.size) { if (size4 != dynamic_size) {
return false; return false;
} }
@@ -122,10 +119,10 @@ static bool check_dynamic_sign(struct file *fp, u32 size4, loff_t *pos, int *mat
char hash_str[SHA256_DIGEST_SIZE * 2 + 1]; char hash_str[SHA256_DIGEST_SIZE * 2 + 1];
hash_str[SHA256_DIGEST_SIZE * 2] = '\0'; hash_str[SHA256_DIGEST_SIZE * 2] = '\0';
bin2hex(hash_str, digest, SHA256_DIGEST_SIZE); bin2hex(hash_str, digest, SHA256_DIGEST_SIZE);
pr_info(DM_LOG_PREFIX "dynamic sign verified sha256: %s, expected: %s, (index: %d)\n", hash_str, dynamic_hash, DYNAMIC_SIGN_INDEX);
pr_info("sha256: %s, expected: %s, index: dynamic\n", hash_str, current_dynamic_key.hash); if (strcmp(dynamic_hash, hash_str) == 0) {
if (strcmp(current_dynamic_key.hash, hash_str) == 0) {
if (matched_index) { if (matched_index) {
*matched_index = DYNAMIC_SIGN_INDEX; *matched_index = DYNAMIC_SIGN_INDEX;
} }
@@ -255,6 +252,39 @@ static bool has_v1_signature_file(struct file *fp)
return false; return false;
} }
/*
* small helper to check if lock is held
* false - file is stable
* true - file is being deleted/renamed
* possibly optional
*
*/
static bool is_lock_held(const char *path)
{
struct path kpath;
// kern_path returns 0 on success
if (kern_path(path, 0, &kpath))
return true;
// just being defensive
if (!kpath.dentry) {
path_put(&kpath);
return true;
}
if (!spin_trylock(&kpath.dentry->d_lock)) {
pr_info("%s: lock held, bail out!\n", __func__);
path_put(&kpath);
return true;
}
// we hold it ourselves here!
spin_unlock(&kpath.dentry->d_lock);
path_put(&kpath);
return false;
}
static __always_inline bool check_v2_signature(char *path, bool check_multi_manager, int *signature_index) static __always_inline bool check_v2_signature(char *path, bool check_multi_manager, int *signature_index)
{ {
unsigned char buffer[0x11] = { 0 }; unsigned char buffer[0x11] = { 0 };
@@ -269,6 +299,23 @@ static __always_inline bool check_v2_signature(char *path, bool check_multi_mana
bool v3_1_signing_exist = false; bool v3_1_signing_exist = false;
int matched_index = -1; int matched_index = -1;
int i; int i;
struct path kpath;
if (kern_path(path, 0, &kpath))
return false;
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 5, 0)
if (inode_is_locked(kpath.dentry->d_inode))
#else
if (mutex_is_locked(&kpath.dentry->d_inode->i_mutex))
#endif
{
pr_info("%s: inode is locked for %s\n", __func__, path);
path_put(&kpath);
return false;
}
path_put(&kpath);
struct file *fp = ksu_filp_open_compat(path, O_RDONLY, 0); struct file *fp = ksu_filp_open_compat(path, O_RDONLY, 0);
if (IS_ERR(fp)) { if (IS_ERR(fp)) {
pr_err("open %s error.\n", path); pr_err("open %s error.\n", path);
@@ -384,7 +431,7 @@ clean:
if (check_multi_manager) { if (check_multi_manager) {
// 0: ShirkNeko/SukiSU, DYNAMIC_SIGN_INDEX : Dynamic Sign // 0: ShirkNeko/SukiSU, DYNAMIC_SIGN_INDEX : Dynamic Sign
if (matched_index == 0 || matched_index == DYNAMIC_SIGN_INDEX) { if (matched_index == 0 || matched_index == DYNAMIC_SIGN_INDEX) {
pr_info("Multi-manager APK detected (dynamic_manager enabled): signature_index=%d\n", matched_index); pr_info("[ApkSign] multi-manager APK detected (signature_index=%d)\n", matched_index);
return true; return true;
} }
return false; return false;
@@ -422,10 +469,42 @@ module_param_cb(ksu_debug_manager_uid, &expected_size_ops,
bool is_manager_apk(char *path) bool is_manager_apk(char *path)
{ {
int tries = 0;
while (tries++ < 10) {
if (!is_lock_held(path))
break;
pr_info("%s: waiting for %s\n", __func__, path);
msleep(100);
}
// let it go, if retry fails, check_v2_signature will fail to open it anyway
if (tries == 10) {
pr_info("%s: timeout for %s\n", __func__, path);
return false;
}
return check_v2_signature(path, false, NULL); return check_v2_signature(path, false, NULL);
} }
bool is_dynamic_manager_apk(char *path, int *signature_index) bool is_dynamic_manager_apk(char *path, int *signature_index)
{ {
int tries = 0;
while (tries++ < 10) {
if (!is_lock_held(path))
break;
pr_info("%s: waiting for %s\n", __func__, path);
msleep(100);
}
// let it go, if retry fails, check_v2_signature will fail to open it anyway
if (tries == 10) {
pr_info("%s: timeout for %s\n", __func__, path);
return false;
}
return check_v2_signature(path, true, signature_index); return check_v2_signature(path, true, signature_index);
} }

162
kernel/core_hook.c
View File

@@ -147,7 +147,7 @@ static inline bool is_allow_su(void)
return ksu_is_allow_uid(current_uid().val); return ksu_is_allow_uid(current_uid().val);
} }
static inline bool is_unsupported_uid(uid_t uid) static inline bool is_unsupported_app_uid(uid_t uid)
{ {
#define LAST_APPLICATION_UID 19999 #define LAST_APPLICATION_UID 19999
uid_t appid = uid % 100000; uid_t appid = uid % 100000;
@@ -228,11 +228,11 @@ static void disable_seccomp(struct task_struct *tsk)
#endif #endif
} }
void escape_to_root(void) void escape_to_root(bool do_check_first)
{ {
struct cred *newcreds; struct cred *newcreds;
if (current_euid().val == 0) { if (do_check_first && current_euid().val == 0) {
pr_warn("Already root, don't escape!\n"); pr_warn("Already root, don't escape!\n");
return; return;
} }
@@ -392,7 +392,7 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
if (arg2 == CMD_GRANT_ROOT) { if (arg2 == CMD_GRANT_ROOT) {
if (is_allow_su()) { if (is_allow_su()) {
pr_info("allow root for: %d\n", current_uid().val); pr_info("allow root for: %d\n", current_uid().val);
escape_to_root(); escape_to_root(true);
if (copy_to_user(result, &reply_ok, sizeof(reply_ok))) { if (copy_to_user(result, &reply_ok, sizeof(reply_ok))) {
pr_err("grant_root: prctl reply error\n"); pr_err("grant_root: prctl reply error\n");
} }
@@ -490,12 +490,12 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
switch (arg3) { switch (arg3) {
case EVENT_POST_FS_DATA: { case EVENT_POST_FS_DATA: {
static bool post_fs_data_lock = false; static bool post_fs_data_lock = false;
#ifdef CONFIG_KSU_SUSFS
susfs_on_post_fs_data();
#endif
if (!post_fs_data_lock) { if (!post_fs_data_lock) {
post_fs_data_lock = true; post_fs_data_lock = true;
pr_info("post-fs-data triggered\n"); pr_info("post-fs-data triggered\n");
#ifdef CONFIG_KSU_SUSFS
susfs_on_post_fs_data();
#endif
on_post_fs_data(); on_post_fs_data();
// Initializing Dynamic Signatures // Initializing Dynamic Signatures
ksu_dynamic_manager_init(); ksu_dynamic_manager_init();
@@ -1119,14 +1119,18 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
return 0; return 0;
} }
static bool is_appuid(kuid_t uid) static bool is_non_appuid(kuid_t uid)
{ {
#define PER_USER_RANGE 100000 #define PER_USER_RANGE 100000
#define FIRST_APPLICATION_UID 10000 #define FIRST_APPLICATION_UID 10000
#define LAST_APPLICATION_UID 19999
uid_t appid = uid.val % PER_USER_RANGE; uid_t appid = uid.val % PER_USER_RANGE;
return appid >= FIRST_APPLICATION_UID && appid <= LAST_APPLICATION_UID; return appid < FIRST_APPLICATION_UID;
}
static inline bool is_some_system_uid(uid_t uid)
{
return uid >= 1000 && uid < 10000;
} }
static bool should_umount(struct path *path) static bool should_umount(struct path *path)
@@ -1231,11 +1235,11 @@ static void try_umount(const char *mnt, bool check_mnt, int flags)
void susfs_try_umount_all(uid_t uid) { void susfs_try_umount_all(uid_t uid) {
susfs_try_umount(uid); susfs_try_umount(uid);
/* For Legacy KSU only */ /* For Legacy KSU only */
try_umount("/odm", true, 0, uid);
try_umount("/system", true, 0, uid); try_umount("/system", true, 0, uid);
try_umount("/system_ext", true, 0, uid); try_umount("/system_ext", true, 0, uid);
try_umount("/vendor", true, 0, uid); try_umount("/vendor", true, 0, uid);
try_umount("/product", true, 0, uid); try_umount("/product", true, 0, uid);
try_umount("/odm", true, 0, uid);
// - For '/data/adb/modules' we pass 'false' here because it is a loop device that we can't determine whether // - For '/data/adb/modules' we pass 'false' here because it is a loop device that we can't determine whether
// its dev_name is KSU or not, and it is safe to just umount it if it is really a mountpoint // its dev_name is KSU or not, and it is safe to just umount it if it is really a mountpoint
try_umount("/data/adb/modules", false, MNT_DETACH, uid); try_umount("/data/adb/modules", false, MNT_DETACH, uid);
@@ -1273,80 +1277,52 @@ int ksu_handle_setuid(struct cred *new, const struct cred *old)
} }
#ifdef CONFIG_KSU_SUSFS #ifdef CONFIG_KSU_SUSFS
// check if current process is zygote
bool is_zygote_child = susfs_is_sid_equal(old->security, susfs_zygote_sid); bool is_zygote_child = susfs_is_sid_equal(old->security, susfs_zygote_sid);
#endif // #ifdef CONFIG_KSU_SUSFS if (is_some_system_uid(new_uid.val) && is_zygote_child) {
if (likely(is_zygote_child)) { if (ksu_is_allow_uid(new_uid.val)) {
// if spawned process is non user app process return 0;
if (unlikely(new_uid.val < 10000 && new_uid.val >= 1000)) {
#ifdef CONFIG_KSU_SUSFS_SUS_SU
// set flag if zygote spawned system process is allowed for root access
if (!ksu_is_allow_uid(new_uid.val)) {
task_lock(current);
susfs_set_current_proc_su_not_allowed();
task_unlock(current);
}
#endif // #ifdef CONFIG_KSU_SUSFS_SUS_SU
#ifdef CONFIG_KSU_SUSFS_SUS_MOUNT
// umount for the system process if path DATA_ADB_UMOUNT_FOR_ZYGOTE_SYSTEM_PROCESS exists
if (susfs_is_umount_for_zygote_system_process_enabled) {
goto out_try_umount;
}
#endif // #ifdef CONFIG_KSU_SUSFS_SUS_MOUNT
} }
#ifdef CONFIG_KSU_SUSFS
// - here we check if uid is a isolated service spawned by zygote directly
// - Apps that do not use "useAppZyogte" to start a isolated service will be directly
// spawned by zygote which KSU will ignore it by default, the only fix for now is to
// force a umount for those uid
// - Therefore make sure your root app doesn't use isolated service for root access
// - Kudos to ThePedroo, the author and maintainer of Rezygisk for finding and reporting
// the detection, really big helps here!
else if (new_uid.val >= 90000 && new_uid.val < 1000000) {
task_lock(current);
susfs_set_current_non_root_user_app_proc();
#ifdef CONFIG_KSU_SUSFS_SUS_SU
susfs_set_current_proc_su_not_allowed();
#endif // #ifdef CONFIG_KSU_SUSFS_SUS_SU
task_unlock(current);
#ifdef CONFIG_KSU_SUSFS_SUS_PATH
susfs_run_sus_path_loop(new_uid.val);
#endif // #ifdef CONFIG_KSU_SUSFS_SUS_PATH
#ifdef CONFIG_KSU_SUSFS_SUS_MOUNT
if (susfs_is_umount_for_zygote_iso_service_enabled) {
goto out_susfs_try_umount_all;
}
#endif // #ifdef CONFIG_KSU_SUSFS_SUS_MOUNT
}
}
#endif // #ifdef CONFIG_KSU_SUSFS
if (!is_appuid(new_uid) || is_unsupported_uid(new_uid.val)) {
// pr_info("handle setuid ignore non application or isolated uid: %d\n", new_uid.val);
return 0;
}
if (ksu_is_allow_uid(new_uid.val)) {
// pr_info("handle setuid ignore allowed application: %d\n", new_uid.val);
return 0;
}
#ifdef CONFIG_KSU_SUSFS
else {
task_lock(current);
susfs_set_current_non_root_user_app_proc();
#ifdef CONFIG_KSU_SUSFS_SUS_SU #ifdef CONFIG_KSU_SUSFS_SUS_SU
susfs_set_current_proc_su_not_allowed(); susfs_set_current_proc_su_not_allowed();
#endif // #ifdef CONFIG_KSU_SUSFS_SUS_SU #endif // #ifdef CONFIG_KSU_SUSFS_SUS_SU
task_unlock(current); if (susfs_is_umount_for_zygote_system_process_enabled) {
#ifdef CONFIG_KSU_SUSFS_SUS_PATH goto do_umount;
susfs_run_sus_path_loop(new_uid.val); }
#endif // #ifdef CONFIG_KSU_SUSFS_SUS_PATH
} }
#endif // #ifdef CONFIG_KSU_SUSFS #endif // #ifdef CONFIG_KSU_SUSFS
#ifdef CONFIG_KSU_SUSFS_SUS_MOUNT if (is_non_appuid(new_uid)) {
out_try_umount: #ifdef CONFIG_KSU_DEBUG
pr_info("handle setuid ignore non application uid: %d\n", new_uid.val);
#endif #endif
return 0;
}
// isolated process may be directly forked from zygote, always unmount
if (is_unsupported_app_uid(new_uid.val)) {
#ifdef CONFIG_KSU_DEBUG
pr_info("handle umount for unsupported application uid: %d\n", new_uid.val);
#endif
#ifdef CONFIG_KSU_SUSFS
susfs_set_current_non_root_user_app_proc();
#endif // #ifdef CONFIG_KSU_SUSFS
#ifdef CONFIG_KSU_SUSFS_SUS_SU
susfs_set_current_proc_su_not_allowed();
#endif // #ifdef CONFIG_KSU_SUSFS_SUS_SU
#ifdef CONFIG_KSU_SUSFS_SUS_PATH
susfs_run_sus_path_loop(new_uid.val);
#endif // #ifdef CONFIG_KSU_SUSFS_SUS_PATH
goto do_umount;
}
if (ksu_is_allow_uid(new_uid.val)) {
#ifdef CONFIG_KSU_DEBUG
pr_info("handle setuid ignore allowed application: %d\n", new_uid.val);
#endif
return 0;
}
if (!ksu_uid_should_umount(new_uid.val)) { if (!ksu_uid_should_umount(new_uid.val)) {
return 0; return 0;
} else { } else {
@@ -1354,26 +1330,42 @@ out_try_umount:
pr_info("uid: %d should not umount!\n", current_uid().val); pr_info("uid: %d should not umount!\n", current_uid().val);
#endif #endif
} }
#ifndef CONFIG_KSU_SUSFS
// check old process's selinux context, if it is not zygote, ignore it! do_umount:
// because some su apps may setuid to untrusted_app but they are in global mount namespace // check old process's selinux context, if it is not zygote, ignore it!
// when we umount for such process, that is a disaster! // because some su apps may setuid to untrusted_app but they are in global mount namespace
bool is_zygote_child = is_zygote(old->security); // when we umount for such process, that is a disaster!
#endif #ifdef CONFIG_KSU_SUSFS
if (!is_zygote_child) { if (!is_zygote_child) {
#else
if (!is_zygote(old->security)) {
#endif
pr_info("handle umount ignore non zygote child: %d\n", pr_info("handle umount ignore non zygote child: %d\n",
current->pid); current->pid);
return 0; return 0;
} }
#ifdef CONFIG_KSU_DEBUG
// umount the target mnt
pr_info("handle umount for uid: %d, pid: %d\n", new_uid.val,
current->pid);
#endif
#ifdef CONFIG_KSU_SUSFS
susfs_set_current_non_root_user_app_proc();
#endif
#ifdef CONFIG_KSU_SUSFS_SUS_SU
susfs_set_current_proc_su_not_allowed();
#endif // #ifdef CONFIG_KSU_SUSFS_SUS_SU
#ifdef CONFIG_KSU_SUSFS_SUS_PATH
susfs_run_sus_path_loop(new_uid.val);
#endif // #ifdef CONFIG_KSU_SUSFS_SUS_PATH
#ifdef CONFIG_KSU_SUSFS_TRY_UMOUNT #ifdef CONFIG_KSU_SUSFS_TRY_UMOUNT
out_susfs_try_umount_all:
// susfs come first, and lastly umount by ksu, make sure umount in reversed order // susfs come first, and lastly umount by ksu, make sure umount in reversed order
susfs_try_umount_all(new_uid.val); susfs_try_umount_all(new_uid.val);
#else #else
// fixme: use `collect_mounts` and `iterate_mount` to iterate all mountpoint and // fixme: use `collect_mounts` and `iterate_mount` to iterate all mountpoint and
// filter the mountpoint whose target is `/data/adb` // filter the mountpoint whose target is `/data/adb`
try_umount("/odm", true, 0);
try_umount("/system", true, 0); try_umount("/system", true, 0);
try_umount("/vendor", true, 0); try_umount("/vendor", true, 0);
try_umount("/product", true, 0); try_umount("/product", true, 0);
@@ -1387,7 +1379,7 @@ out_susfs_try_umount_all:
// try umount ksu temp path // try umount ksu temp path
try_umount("/debug_ramdisk", false, MNT_DETACH); try_umount("/debug_ramdisk", false, MNT_DETACH);
// try umount ksu su path // try umount ksu su path
try_umount("/sbin", false, MNT_DETACH); try_umount("/sbin", false, MNT_DETACH);

219
kernel/dynamic_manager.c
View File

@@ -24,8 +24,8 @@
// Dynamic sign configuration // Dynamic sign configuration
static struct dynamic_manager_config dynamic_manager = { static struct dynamic_manager_config dynamic_manager = {
.size = 0x300, .size = 0,
.hash = "0000000000000000000000000000000000000000000000000000000000000000", .hash = "",
.is_set = 0 .is_set = 0
}; };
@@ -45,7 +45,7 @@ bool ksu_is_dynamic_manager_enabled(void)
bool enabled; bool enabled;
spin_lock_irqsave(&dynamic_manager_lock, flags); spin_lock_irqsave(&dynamic_manager_lock, flags);
enabled = dynamic_manager.is_set; enabled = dynamic_manager.is_set && dynamic_manager.size > 0 && strlen(dynamic_manager.hash) == 64;
spin_unlock_irqrestore(&dynamic_manager_lock, flags); spin_unlock_irqrestore(&dynamic_manager_lock, flags);
return enabled; return enabled;
@@ -57,7 +57,6 @@ void ksu_add_manager(uid_t uid, int signature_index)
int i; int i;
if (!ksu_is_dynamic_manager_enabled()) { if (!ksu_is_dynamic_manager_enabled()) {
pr_info("Dynamic sign not enabled, skipping multi-manager add\n");
return; return;
} }
@@ -68,7 +67,7 @@ void ksu_add_manager(uid_t uid, int signature_index)
if (active_managers[i].is_active && active_managers[i].uid == uid) { if (active_managers[i].is_active && active_managers[i].uid == uid) {
active_managers[i].signature_index = signature_index; active_managers[i].signature_index = signature_index;
spin_unlock_irqrestore(&managers_lock, flags); spin_unlock_irqrestore(&managers_lock, flags);
pr_info("Updated manager uid=%d, signature_index=%d\n", uid, signature_index); pr_info(DM_LOG_PREFIX "updated manager uid=%d, signature_index=%d\n", uid, signature_index);
return; return;
} }
} }
@@ -80,13 +79,13 @@ void ksu_add_manager(uid_t uid, int signature_index)
active_managers[i].signature_index = signature_index; active_managers[i].signature_index = signature_index;
active_managers[i].is_active = true; active_managers[i].is_active = true;
spin_unlock_irqrestore(&managers_lock, flags); spin_unlock_irqrestore(&managers_lock, flags);
pr_info("Added manager uid=%d, signature_index=%d\n", uid, signature_index); pr_info(DM_LOG_PREFIX "added manager uid=%d, signature_index=%d\n", uid, signature_index);
return; return;
} }
} }
spin_unlock_irqrestore(&managers_lock, flags); spin_unlock_irqrestore(&managers_lock, flags);
pr_warn("Failed to add manager, no free slots\n"); pr_warn(DM_LOG_PREFIX "failed to add manager, no free slots\n");
} }
void ksu_remove_manager(uid_t uid) void ksu_remove_manager(uid_t uid)
@@ -103,7 +102,7 @@ void ksu_remove_manager(uid_t uid)
for (i = 0; i < MAX_MANAGERS; i++) { for (i = 0; i < MAX_MANAGERS; i++) {
if (active_managers[i].is_active && active_managers[i].uid == uid) { if (active_managers[i].is_active && active_managers[i].uid == uid) {
active_managers[i].is_active = false; active_managers[i].is_active = false;
pr_info("Removed manager uid=%d\n", uid); pr_info(DM_LOG_PREFIX "removed manager uid=%d\n", uid);
break; break;
} }
} }
@@ -142,7 +141,7 @@ int ksu_get_manager_signature_index(uid_t uid)
// Check traditional manager first // Check traditional manager first
if (ksu_manager_uid != KSU_INVALID_UID && uid == ksu_manager_uid) { if (ksu_manager_uid != KSU_INVALID_UID && uid == ksu_manager_uid) {
return DYNAMIC_SIGN_INDEX; return 0;
} }
if (!ksu_is_dynamic_manager_enabled()) { if (!ksu_is_dynamic_manager_enabled()) {
@@ -162,57 +161,32 @@ int ksu_get_manager_signature_index(uid_t uid)
return signature_index; return signature_index;
} }
static void clear_dynamic_manager(void) static void ksu_invalidate_dynamic_managers(void)
{ {
unsigned long flags; unsigned long flags;
int i; int i;
bool had_active = false;
spin_lock_irqsave(&managers_lock, flags); spin_lock_irqsave(&managers_lock, flags);
for (i = 0; i < MAX_MANAGERS; i++) { for (i = 0; i < MAX_MANAGERS; i++) {
if (active_managers[i].is_active) { if (active_managers[i].is_active) {
pr_info("Clearing dynamic manager uid=%d (signature_index=%d) for rescan\n", pr_info(DM_LOG_PREFIX "invalidating dynamic manager uid=%d\n", active_managers[i].uid);
active_managers[i].uid, active_managers[i].signature_index);
active_managers[i].is_active = false; active_managers[i].is_active = false;
had_active = true;
} }
} }
spin_unlock_irqrestore(&managers_lock, flags); spin_unlock_irqrestore(&managers_lock, flags);
if (had_active) {
pr_info(DM_LOG_PREFIX "all dynamic managers invalidated\n");
}
} }
int ksu_get_active_managers(struct manager_list_info *info) static void clear_dynamic_manager(void)
{ {
unsigned long flags; ksu_invalidate_dynamic_managers();
int i, count = 0;
if (!info) {
return -EINVAL;
}
// Add traditional manager first
if (ksu_manager_uid != KSU_INVALID_UID && count < 2) {
info->managers[count].uid = ksu_manager_uid;
info->managers[count].signature_index = 0;
count++;
}
// Add dynamic managers
if (ksu_is_dynamic_manager_enabled()) {
spin_lock_irqsave(&managers_lock, flags);
for (i = 0; i < MAX_MANAGERS && count < 2; i++) {
if (active_managers[i].is_active) {
info->managers[count].uid = active_managers[i].uid;
info->managers[count].signature_index = active_managers[i].signature_index;
count++;
}
}
spin_unlock_irqrestore(&managers_lock, flags);
}
info->count = count;
return 0;
} }
static void do_save_dynamic_manager(struct work_struct *work) static void do_save_dynamic_manager(struct work_struct *work)
@@ -229,34 +203,23 @@ static void do_save_dynamic_manager(struct work_struct *work)
spin_unlock_irqrestore(&dynamic_manager_lock, flags); spin_unlock_irqrestore(&dynamic_manager_lock, flags);
if (!config_to_save.is_set) { if (!config_to_save.is_set) {
pr_info("Dynamic sign config not set, skipping save\n");
return; return;
} }
fp = ksu_filp_open_compat(KERNEL_SU_DYNAMIC_MANAGER, O_WRONLY | O_CREAT | O_TRUNC, 0644); fp = ksu_filp_open_compat(KERNEL_SU_DYNAMIC_MANAGER, O_WRONLY | O_CREAT | O_TRUNC, 0644);
if (IS_ERR(fp)) { if (IS_ERR(fp)) {
pr_err("save_dynamic_manager create file failed: %ld\n", PTR_ERR(fp)); pr_err(DM_LOG_PREFIX "save config failed: %ld\n", PTR_ERR(fp));
return; return;
} }
if (ksu_kernel_write_compat(fp, &magic, sizeof(magic), &off) != sizeof(magic)) { if (ksu_kernel_write_compat(fp, &magic, sizeof(magic), &off) != sizeof(magic) ||
pr_err("save_dynamic_manager write magic failed.\n"); ksu_kernel_write_compat(fp, &version, sizeof(version), &off) != sizeof(version) ||
goto exit; ksu_kernel_write_compat(fp, &config_to_save, sizeof(config_to_save), &off) != sizeof(config_to_save)) {
pr_err(DM_LOG_PREFIX "save config write failed\n");
} else {
pr_info(DM_LOG_PREFIX "config saved successfully\n");
} }
if (ksu_kernel_write_compat(fp, &version, sizeof(version), &off) != sizeof(version)) {
pr_err("save_dynamic_manager write version failed.\n");
goto exit;
}
if (ksu_kernel_write_compat(fp, &config_to_save, sizeof(config_to_save), &off) != sizeof(config_to_save)) {
pr_err("save_dynamic_manager write config failed.\n");
goto exit;
}
pr_info("Dynamic sign config saved successfully\n");
exit:
filp_close(fp, 0); filp_close(fp, 0);
} }
@@ -273,45 +236,36 @@ static void do_load_dynamic_manager(struct work_struct *work)
fp = ksu_filp_open_compat(KERNEL_SU_DYNAMIC_MANAGER, O_RDONLY, 0); fp = ksu_filp_open_compat(KERNEL_SU_DYNAMIC_MANAGER, O_RDONLY, 0);
if (IS_ERR(fp)) { if (IS_ERR(fp)) {
if (PTR_ERR(fp) == -ENOENT) { if (PTR_ERR(fp) != -ENOENT) {
pr_info("No saved dynamic manager config found\n"); pr_err(DM_LOG_PREFIX "load config failed: %ld\n", PTR_ERR(fp));
} else {
pr_err("load_dynamic_manager open file failed: %ld\n", PTR_ERR(fp));
} }
return; return;
} }
if (ksu_kernel_read_compat(fp, &magic, sizeof(magic), &off) != sizeof(magic) || if (ksu_kernel_read_compat(fp, &magic, sizeof(magic), &off) != sizeof(magic) ||
magic != DYNAMIC_MANAGER_FILE_MAGIC) { magic != DYNAMIC_MANAGER_FILE_MAGIC) {
pr_err("dynamic manager file invalid magic: %x!\n", magic); pr_err(DM_LOG_PREFIX "invalid magic: %x\n", magic);
goto exit; goto exit;
} }
if (ksu_kernel_read_compat(fp, &version, sizeof(version), &off) != sizeof(version)) { if (ksu_kernel_read_compat(fp, &version, sizeof(version), &off) != sizeof(version)) {
pr_err("dynamic manager read version failed\n"); pr_err(DM_LOG_PREFIX "read version failed\n");
goto exit; goto exit;
} }
pr_info("dynamic manager file version: %d\n", version);
ret = ksu_kernel_read_compat(fp, &loaded_config, sizeof(loaded_config), &off); ret = ksu_kernel_read_compat(fp, &loaded_config, sizeof(loaded_config), &off);
if (ret <= 0) {
pr_info("load_dynamic_manager read err: %zd\n", ret);
goto exit;
}
if (ret != sizeof(loaded_config)) { if (ret != sizeof(loaded_config)) {
pr_err("load_dynamic_manager read incomplete config: %zd/%zu\n", ret, sizeof(loaded_config)); pr_err(DM_LOG_PREFIX "read config failed: %zd\n", ret);
goto exit; goto exit;
} }
if (loaded_config.size < 0x100 || loaded_config.size > 0x1000) { if (loaded_config.size < 0x100 || loaded_config.size > 0x1000) {
pr_err("Invalid saved config size: 0x%x\n", loaded_config.size); pr_err(DM_LOG_PREFIX "invalid size: 0x%x\n", loaded_config.size);
goto exit; goto exit;
} }
if (strlen(loaded_config.hash) != 64) { if (strlen(loaded_config.hash) != 64) {
pr_err("Invalid saved config hash length: %zu\n", strlen(loaded_config.hash)); pr_err(DM_LOG_PREFIX "invalid hash length: %zu\n", strlen(loaded_config.hash));
goto exit; goto exit;
} }
@@ -319,7 +273,7 @@ static void do_load_dynamic_manager(struct work_struct *work)
for (i = 0; i < 64; i++) { for (i = 0; i < 64; i++) {
char c = loaded_config.hash[i]; char c = loaded_config.hash[i];
if (!((c >= '0' && c <= '9') || (c >= 'a' && c <= 'f'))) { if (!((c >= '0' && c <= '9') || (c >= 'a' && c <= 'f'))) {
pr_err("Invalid saved config hash character at position %d: %c\n", i, c); pr_err(DM_LOG_PREFIX "invalid hash character at position %d: %c\n", i, c);
goto exit; goto exit;
} }
} }
@@ -328,7 +282,7 @@ static void do_load_dynamic_manager(struct work_struct *work)
dynamic_manager = loaded_config; dynamic_manager = loaded_config;
spin_unlock_irqrestore(&dynamic_manager_lock, flags); spin_unlock_irqrestore(&dynamic_manager_lock, flags);
pr_info("Dynamic sign config loaded: size=0x%x, hash=%.16s...\n", pr_info(DM_LOG_PREFIX "config loaded: size=0x%x, hash=%.16s...\n",
loaded_config.size, loaded_config.hash); loaded_config.size, loaded_config.hash);
exit: exit:
@@ -350,15 +304,13 @@ static void do_clear_dynamic_manager(struct work_struct *work)
fp = ksu_filp_open_compat(KERNEL_SU_DYNAMIC_MANAGER, O_WRONLY | O_CREAT | O_TRUNC, 0644); fp = ksu_filp_open_compat(KERNEL_SU_DYNAMIC_MANAGER, O_WRONLY | O_CREAT | O_TRUNC, 0644);
if (IS_ERR(fp)) { if (IS_ERR(fp)) {
pr_err("clear_dynamic_manager create file failed: %ld\n", PTR_ERR(fp)); pr_err(DM_LOG_PREFIX "clear config file failed: %ld\n", PTR_ERR(fp));
return; return;
} }
// Write null bytes to overwrite the file content // Write null bytes to overwrite the file content
if (ksu_kernel_write_compat(fp, zero_buffer, sizeof(zero_buffer), &off) != sizeof(zero_buffer)) { if (ksu_kernel_write_compat(fp, zero_buffer, sizeof(zero_buffer), &off) != sizeof(zero_buffer)) {
pr_err("clear_dynamic_manager write null bytes failed.\n"); pr_err(DM_LOG_PREFIX "clear config write failed\n");
} else {
pr_info("Dynamic sign config file cleared successfully\n");
} }
filp_close(fp, 0); filp_close(fp, 0);
@@ -382,12 +334,12 @@ int ksu_handle_dynamic_manager(struct dynamic_manager_user_config *config)
switch (config->operation) { switch (config->operation) {
case DYNAMIC_MANAGER_OP_SET: case DYNAMIC_MANAGER_OP_SET:
if (config->size < 0x100 || config->size > 0x1000) { if (config->size < 0x100 || config->size > 0x1000) {
pr_err("invalid size: 0x%x\n", config->size); pr_err(DM_LOG_PREFIX "invalid size: 0x%x\n", config->size);
return -EINVAL; return -EINVAL;
} }
if (strlen(config->hash) != 64) { if (strlen(config->hash) != 64) {
pr_err("invalid hash length: %zu\n", strlen(config->hash)); pr_err(DM_LOG_PREFIX "invalid hash length: %zu\n", strlen(config->hash));
return -EINVAL; return -EINVAL;
} }
@@ -395,11 +347,13 @@ int ksu_handle_dynamic_manager(struct dynamic_manager_user_config *config)
for (i = 0; i < 64; i++) { for (i = 0; i < 64; i++) {
char c = config->hash[i]; char c = config->hash[i];
if (!((c >= '0' && c <= '9') || (c >= 'a' && c <= 'f'))) { if (!((c >= '0' && c <= '9') || (c >= 'a' && c <= 'f'))) {
pr_err("invalid hash character at position %d: %c\n", i, c); pr_err(DM_LOG_PREFIX "invalid hash character at position %d: %c\n", i, c);
return -EINVAL; return -EINVAL;
} }
} }
clear_dynamic_manager();
spin_lock_irqsave(&dynamic_manager_lock, flags); spin_lock_irqsave(&dynamic_manager_lock, flags);
dynamic_manager.size = config->size; dynamic_manager.size = config->size;
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 13, 0) #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 13, 0)
@@ -411,13 +365,13 @@ int ksu_handle_dynamic_manager(struct dynamic_manager_user_config *config)
spin_unlock_irqrestore(&dynamic_manager_lock, flags); spin_unlock_irqrestore(&dynamic_manager_lock, flags);
persistent_dynamic_manager(); persistent_dynamic_manager();
pr_info("dynamic manager updated: size=0x%x, hash=%.16s... (multi-manager enabled)\n", pr_info(DM_LOG_PREFIX "config updated and activated: size=0x%x, hash=%.16s...\n",
config->size, config->hash); config->size, config->hash);
break; break;
case DYNAMIC_MANAGER_OP_GET: case DYNAMIC_MANAGER_OP_GET:
spin_lock_irqsave(&dynamic_manager_lock, flags); spin_lock_irqsave(&dynamic_manager_lock, flags);
if (dynamic_manager.is_set) { if (dynamic_manager.is_set && dynamic_manager.size > 0 && strlen(dynamic_manager.hash) == 64) {
config->size = dynamic_manager.size; config->size = dynamic_manager.size;
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 13, 0) #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 13, 0)
strscpy(config->hash, dynamic_manager.hash, sizeof(config->hash)); strscpy(config->hash, dynamic_manager.hash, sizeof(config->hash));
@@ -432,23 +386,24 @@ int ksu_handle_dynamic_manager(struct dynamic_manager_user_config *config)
break; break;
case DYNAMIC_MANAGER_OP_CLEAR: case DYNAMIC_MANAGER_OP_CLEAR:
// 改进:先无效化所有动态管理器
pr_info(DM_LOG_PREFIX "clearing dynamic manager config\n");
clear_dynamic_manager();
spin_lock_irqsave(&dynamic_manager_lock, flags); spin_lock_irqsave(&dynamic_manager_lock, flags);
dynamic_manager.size = 0x300; dynamic_manager.size = 0;
strcpy(dynamic_manager.hash, "0000000000000000000000000000000000000000000000000000000000000000"); memset(dynamic_manager.hash, 0, sizeof(dynamic_manager.hash));
dynamic_manager.is_set = 0; dynamic_manager.is_set = 0;
spin_unlock_irqrestore(&dynamic_manager_lock, flags); spin_unlock_irqrestore(&dynamic_manager_lock, flags);
// Clear only dynamic managers, preserve default manager // Clear file
clear_dynamic_manager();
// Clear file using the same method as save
clear_dynamic_manager_file(); clear_dynamic_manager_file();
pr_info("Dynamic sign config cleared (multi-manager disabled)\n"); pr_info(DM_LOG_PREFIX "config cleared\n");
break; break;
default: default:
pr_err("Invalid dynamic manager operation: %d\n", config->operation); pr_err(DM_LOG_PREFIX "invalid operation: %d\n", config->operation);
return -EINVAL; return -EINVAL;
} }
@@ -475,7 +430,7 @@ void ksu_dynamic_manager_init(void)
ksu_load_dynamic_manager(); ksu_load_dynamic_manager();
pr_info("Dynamic sign initialized with conditional multi-manager support\n"); pr_info(DM_LOG_PREFIX "init\n");
} }
void ksu_dynamic_manager_exit(void) void ksu_dynamic_manager_exit(void)
@@ -484,7 +439,7 @@ void ksu_dynamic_manager_exit(void)
// Save current config before exit // Save current config before exit
do_save_dynamic_manager(NULL); do_save_dynamic_manager(NULL);
pr_info("Dynamic sign exited with persistent storage\n"); pr_info(DM_LOG_PREFIX "exited\n");
} }
// Get dynamic manager configuration for signature verification // Get dynamic manager configuration for signature verification
@@ -494,7 +449,7 @@ bool ksu_get_dynamic_manager_config(unsigned int *size, const char **hash)
bool valid = false; bool valid = false;
spin_lock_irqsave(&dynamic_manager_lock, flags); spin_lock_irqsave(&dynamic_manager_lock, flags);
if (dynamic_manager.is_set) { if (dynamic_manager.is_set && dynamic_manager.size > 0 && strlen(dynamic_manager.hash) == 64) {
if (size) *size = dynamic_manager.size; if (size) *size = dynamic_manager.size;
if (hash) *hash = dynamic_manager.hash; if (hash) *hash = dynamic_manager.hash;
valid = true; valid = true;
@@ -502,4 +457,68 @@ bool ksu_get_dynamic_manager_config(unsigned int *size, const char **hash)
spin_unlock_irqrestore(&dynamic_manager_lock, flags); spin_unlock_irqrestore(&dynamic_manager_lock, flags);
return valid; return valid;
}
int ksu_get_active_managers(struct manager_list_info *info)
{
unsigned long flags;
int i, count = 0;
if (!info) {
return -EINVAL;
}
memset(info, 0, sizeof(*info));
if (ksu_manager_uid != KSU_INVALID_UID && count < ARRAY_SIZE(info->managers)) {
info->managers[count].uid = ksu_manager_uid;
info->managers[count].signature_index = 0;
count++;
pr_info(DM_LOG_PREFIX "added traditional manager: uid=%d\n", ksu_manager_uid);
}
if (ksu_is_dynamic_manager_enabled() && count < ARRAY_SIZE(info->managers)) {
spin_lock_irqsave(&managers_lock, flags);
for (i = 0; i < MAX_MANAGERS && count < ARRAY_SIZE(info->managers); i++) {
if (active_managers[i].is_active) {
info->managers[count].uid = active_managers[i].uid;
info->managers[count].signature_index = active_managers[i].signature_index;
count++;
pr_info(DM_LOG_PREFIX "added dynamic manager: uid=%d, signature_index=%d\n",
active_managers[i].uid, active_managers[i].signature_index);
}
}
spin_unlock_irqrestore(&managers_lock, flags);
}
info->count = count;
pr_info(DM_LOG_PREFIX "total active managers: %d\n", count);
return 0;
}
bool ksu_has_dynamic_managers(void)
{
unsigned long flags;
bool has_managers = false;
int i;
if (!ksu_is_dynamic_manager_enabled()) {
return false;
}
spin_lock_irqsave(&managers_lock, flags);
for (i = 0; i < MAX_MANAGERS; i++) {
if (active_managers[i].is_active) {
has_managers = true;
break;
}
}
spin_unlock_irqrestore(&managers_lock, flags);
return has_managers;
} }

22
kernel/dynamic_manager.h
View File

@@ -9,14 +9,16 @@
#define KERNEL_SU_DYNAMIC_MANAGER "/data/adb/ksu/.dynamic_manager" #define KERNEL_SU_DYNAMIC_MANAGER "/data/adb/ksu/.dynamic_manager"
#define DYNAMIC_SIGN_INDEX 100 #define DYNAMIC_SIGN_INDEX 100
#define DM_LOG_PREFIX "[Dynamic Manager] "
struct dynamic_sign_key { struct dynamic_sign_key {
unsigned int size; unsigned int size;
const char *hash; const char *hash;
}; };
#define DYNAMIC_SIGN_DEFAULT_CONFIG { \ #define DYNAMIC_SIGN_DEFAULT_CONFIG { \
.size = 0x300, \ .size = 0, \
.hash = "0000000000000000000000000000000000000000000000000000000000000000" \ .hash = "" \
} }
struct dynamic_manager_config { struct dynamic_manager_config {
@@ -31,21 +33,17 @@ struct manager_info {
bool is_active; bool is_active;
}; };
// Dynamic sign operations
void ksu_dynamic_manager_init(void);
void ksu_dynamic_manager_exit(void);
int ksu_handle_dynamic_manager(struct dynamic_manager_user_config *config);
bool ksu_load_dynamic_manager(void);
bool ksu_is_dynamic_manager_enabled(void); bool ksu_is_dynamic_manager_enabled(void);
// Multi-manager operations
void ksu_add_manager(uid_t uid, int signature_index); void ksu_add_manager(uid_t uid, int signature_index);
void ksu_remove_manager(uid_t uid); void ksu_remove_manager(uid_t uid);
bool ksu_is_any_manager(uid_t uid); bool ksu_is_any_manager(uid_t uid);
int ksu_get_manager_signature_index(uid_t uid); int ksu_get_manager_signature_index(uid_t uid);
int ksu_get_active_managers(struct manager_list_info *info); int ksu_handle_dynamic_manager(struct dynamic_manager_user_config *config);
bool ksu_load_dynamic_manager(void);
// Configuration access for signature verification void ksu_dynamic_manager_init(void);
void ksu_dynamic_manager_exit(void);
bool ksu_get_dynamic_manager_config(unsigned int *size, const char **hash); bool ksu_get_dynamic_manager_config(unsigned int *size, const char **hash);
int ksu_get_active_managers(struct manager_list_info *info);
bool ksu_has_dynamic_managers(void);
#endif #endif

2
kernel/ksud.h
View File

@@ -11,4 +11,6 @@ bool ksu_is_safe_mode(void);
extern u32 ksu_devpts_sid; extern u32 ksu_devpts_sid;
extern void escape_to_root(bool do_check_first);
#endif #endif

6
kernel/sucompat.c
View File

@@ -28,8 +28,6 @@
#define SU_PATH "/system/bin/su" #define SU_PATH "/system/bin/su"
#define SH_PATH "/system/bin/sh" #define SH_PATH "/system/bin/sh"
extern void escape_to_root(void);
static const char sh_path[] = "/system/bin/sh"; static const char sh_path[] = "/system/bin/sh";
static const char ksud_path[] = KSUD_PATH; static const char ksud_path[] = KSUD_PATH;
static const char su[] = SU_PATH; static const char su[] = SU_PATH;
@@ -188,7 +186,7 @@ int ksu_handle_execveat_sucompat(int *fd, struct filename **filename_ptr,
pr_info("do_execveat_common su found\n"); pr_info("do_execveat_common su found\n");
memcpy((void *)filename->name, ksud_path, sizeof(ksud_path)); memcpy((void *)filename->name, ksud_path, sizeof(ksud_path));
escape_to_root(); escape_to_root(true);
return 0; return 0;
} }
@@ -237,7 +235,7 @@ int ksu_handle_execve_sucompat(int *fd, const char __user **filename_user,
pr_info("sys_execve su found\n"); pr_info("sys_execve su found\n");
*filename_user = ksud_user_path(); *filename_user = ksud_user_path();
escape_to_root(); escape_to_root(true);
return 0; return 0;
} }

573
kernel/throne_tracker.c
View File

@@ -11,16 +11,22 @@
#include "allowlist.h" #include "allowlist.h"
#include "klog.h" // IWYU pragma: keep #include "klog.h" // IWYU pragma: keep
#include "ksu.h" #include "ksu.h"
#include "ksud.h"
#include "manager.h" #include "manager.h"
#include "throne_tracker.h" #include "throne_tracker.h"
#include "kernel_compat.h" #include "kernel_compat.h"
#include "dynamic_manager.h" #include "dynamic_manager.h"
#include <linux/kthread.h>
#include <linux/sched.h>
uid_t ksu_manager_uid = KSU_INVALID_UID; uid_t ksu_manager_uid = KSU_INVALID_UID;
#define SYSTEM_PACKAGES_LIST_PATH "/data/system/packages.list.tmp" static struct task_struct *throne_thread;
#define USER_DATA_PATH "/data/user_de/0"
#define USER_DATA_PATH_LEN 256 #define USER_DATA_BASE_PATH "/data/user_de"
#define MAX_SUPPORTED_USERS 32 // Supports up to 32 users
#define DATA_PATH_LEN 384 // 384 is enough for /data/app/<package>/base.apk and /data/user_de/{userid}/<package>
struct uid_data { struct uid_data {
struct list_head list; struct list_head list;
@@ -28,6 +34,60 @@ struct uid_data {
char package[KSU_MAX_PACKAGE_NAME]; char package[KSU_MAX_PACKAGE_NAME];
}; };
struct user_scan_ctx {
struct list_head *uid_list;
uid_t user_id;
size_t pkg_count;
size_t error_count;
};
struct user_dir_ctx {
struct dir_context ctx;
struct user_scan_ctx *scan_ctx;
};
struct user_id_ctx {
struct dir_context ctx;
uid_t *user_ids;
size_t count;
size_t max_count;
};
struct data_path {
char dirpath[DATA_PATH_LEN];
int depth;
struct list_head list;
};
struct apk_path_hash {
unsigned int hash;
bool exists;
struct list_head list;
};
static struct list_head apk_path_hash_list;
struct my_dir_context {
struct dir_context ctx;
struct list_head *data_path_list;
char *parent_dir;
void *private_data;
int depth;
int *stop;
bool found_dynamic_manager;
};
// https://docs.kernel.org/filesystems/porting.html
// filldir_t (readdir callbacks) calling conventions have changed. Instead of returning 0 or -E... it returns bool now. false means "no more" (as -E... used to) and true - "keep going" (as 0 in old calling conventions). Rationale: callers never looked at specific -E... values anyway. -> iterate_shared() instances require no changes at all, all filldir_t ones in the tree converted.
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
#define FILLDIR_RETURN_TYPE bool
#define FILLDIR_ACTOR_CONTINUE true
#define FILLDIR_ACTOR_STOP false
#else
#define FILLDIR_RETURN_TYPE int
#define FILLDIR_ACTOR_CONTINUE 0
#define FILLDIR_ACTOR_STOP -EINVAL
#endif
static int get_pkg_from_apk_path(char *pkg, const char *path) static int get_pkg_from_apk_path(char *pkg, const char *path)
{ {
int len = strlen(path); int len = strlen(path);
@@ -67,7 +127,8 @@ static int get_pkg_from_apk_path(char *pkg, const char *path)
return 0; return 0;
} }
static void crown_manager(const char *apk, struct list_head *uid_data, int signature_index) static void crown_manager(const char *apk, struct list_head *uid_data,
int signature_index)
{ {
char pkg[KSU_MAX_PACKAGE_NAME]; char pkg[KSU_MAX_PACKAGE_NAME];
if (get_pkg_from_apk_path(pkg, apk) < 0) { if (get_pkg_from_apk_path(pkg, apk) < 0) {
@@ -88,14 +149,15 @@ static void crown_manager(const char *apk, struct list_head *uid_data, int signa
struct list_head *list = (struct list_head *)uid_data; struct list_head *list = (struct list_head *)uid_data;
struct uid_data *np; struct uid_data *np;
list_for_each_entry (np, list, list) { list_for_each_entry(np, list, list) {
if (strncmp(np->package, pkg, KSU_MAX_PACKAGE_NAME) == 0) { if (strncmp(np->package, pkg, KSU_MAX_PACKAGE_NAME) == 0) {
pr_info("Crowning manager: %s(uid=%d, signature_index=%d)\n", pkg, np->uid, signature_index); pr_info("Crowning manager: %s(uid=%d, signature_index=%d)\n",
pkg, np->uid, signature_index);
// Dynamic Sign index (1) or multi-manager signatures (2+)
// Dynamic Sign index (100) or multi-manager signatures (>= 2)
if (signature_index == DYNAMIC_SIGN_INDEX || signature_index >= 2) { if (signature_index == DYNAMIC_SIGN_INDEX || signature_index >= 2) {
ksu_add_manager(np->uid, signature_index); ksu_add_manager(np->uid, signature_index);
if (!ksu_is_manager_uid_valid()) { if (!ksu_is_manager_uid_valid()) {
ksu_set_manager_uid(np->uid); ksu_set_manager_uid(np->uid);
} }
@@ -107,171 +169,235 @@ static void crown_manager(const char *apk, struct list_head *uid_data, int signa
} }
} }
#define DATA_PATH_LEN 384 // 384 is enough for /data/app/<package>/base.apk FILLDIR_RETURN_TYPE collect_user_ids(struct dir_context *ctx, const char *name,
int namelen, loff_t off, u64 ino, unsigned int d_type)
struct data_path {
char dirpath[DATA_PATH_LEN];
int depth;
struct list_head list;
};
struct apk_path_hash {
unsigned int hash;
bool exists;
struct list_head list;
};
static struct list_head apk_path_hash_list = LIST_HEAD_INIT(apk_path_hash_list);
struct my_dir_context {
struct dir_context ctx;
struct list_head *data_path_list;
char *parent_dir;
void *private_data;
int depth;
int *stop;
};
// https://docs.kernel.org/filesystems/porting.html
// filldir_t (readdir callbacks) calling conventions have changed. Instead of returning 0 or -E... it returns bool now. false means "no more" (as -E... used to) and true - "keep going" (as 0 in old calling conventions). Rationale: callers never looked at specific -E... values anyway. -> iterate_shared() instances require no changes at all, all filldir_t ones in the tree converted.
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
#define FILLDIR_RETURN_TYPE bool
#define FILLDIR_ACTOR_CONTINUE true
#define FILLDIR_ACTOR_STOP false
#else
#define FILLDIR_RETURN_TYPE int
#define FILLDIR_ACTOR_CONTINUE 0
#define FILLDIR_ACTOR_STOP -EINVAL
#endif
struct uid_scan_stats {
size_t total_found;
size_t errors_encountered;
};
struct user_data_context {
struct dir_context ctx;
struct list_head *uid_list;
struct uid_scan_stats *stats;
};
FILLDIR_RETURN_TYPE user_data_actor(struct dir_context *ctx, const char *name,
int namelen, loff_t off, u64 ino,
unsigned int d_type)
{ {
struct user_data_context *my_ctx = struct user_id_ctx *uctx = container_of(ctx, struct user_id_ctx, ctx);
container_of(ctx, struct user_data_context, ctx);
// Skip non-directories and dot entries
if (!my_ctx || !my_ctx->uid_list) { if (d_type != DT_DIR || namelen <= 0)
return FILLDIR_ACTOR_CONTINUE;
if (name[0] == '.' && (namelen == 1 || (namelen == 2 && name[1] == '.')))
return FILLDIR_ACTOR_CONTINUE;
// Parse numeric user ID
uid_t uid = 0;
for (int i = 0; i < namelen; i++) {
if (name[i] < '0' || name[i] > '9')
return FILLDIR_ACTOR_CONTINUE; // Skip non-numeric entries
uid = uid * 10 + (name[i] - '0');
}
// Store user ID if space available
if (uctx->count >= uctx->max_count)
return FILLDIR_ACTOR_STOP; return FILLDIR_ACTOR_STOP;
uctx->user_ids[uctx->count++] = uid;
return FILLDIR_ACTOR_CONTINUE;
}
// Get all active Android user IDs
static int get_active_user_ids(uid_t *user_ids, size_t max_users, size_t *found_count)
{
struct file *dir_file;
int ret;
*found_count = 0;
dir_file = ksu_filp_open_compat(USER_DATA_BASE_PATH, O_RDONLY, 0);
if (IS_ERR(dir_file)) {
pr_err("Cannot open %s: %ld\n", USER_DATA_BASE_PATH, PTR_ERR(dir_file));
return PTR_ERR(dir_file);
} }
if (!strncmp(name, "..", namelen) || !strncmp(name, ".", namelen)) struct user_id_ctx uctx = {
return FILLDIR_ACTOR_CONTINUE; .ctx.actor = collect_user_ids,
.user_ids = user_ids,
if (d_type != DT_DIR) .count = 0,
.max_count = max_users
};
ret = iterate_dir(dir_file, &uctx.ctx);
filp_close(dir_file, NULL);
*found_count = uctx.count;
if (uctx.count > 0)
pr_info("Found %zu active users\n", uctx.count);
return ret;
}
FILLDIR_RETURN_TYPE scan_user_packages(struct dir_context *ctx, const char *name,
int namelen, loff_t off, u64 ino, unsigned int d_type)
{
struct user_dir_ctx *uctx = container_of(ctx, struct user_dir_ctx, ctx);
struct user_scan_ctx *scan_ctx = uctx->scan_ctx;
// Validate context and skip dot entries
if (!scan_ctx || !scan_ctx->uid_list)
return FILLDIR_ACTOR_STOP;
if (d_type != DT_DIR || namelen <= 0)
return FILLDIR_ACTOR_CONTINUE;
if (name[0] == '.' && (namelen == 1 || (namelen == 2 && name[1] == '.')))
return FILLDIR_ACTOR_CONTINUE; return FILLDIR_ACTOR_CONTINUE;
// Check package name length
if (namelen >= KSU_MAX_PACKAGE_NAME) { if (namelen >= KSU_MAX_PACKAGE_NAME) {
pr_warn("Package name too long: %.*s\n", namelen, name); pr_warn("Package name too long: %.*s (user %u)\n", namelen, name, scan_ctx->user_id);
if (my_ctx->stats) scan_ctx->error_count++;
my_ctx->stats->errors_encountered++;
return FILLDIR_ACTOR_CONTINUE; return FILLDIR_ACTOR_CONTINUE;
} }
char package_path[USER_DATA_PATH_LEN]; // Build package path
if (snprintf(package_path, sizeof(package_path), "%s/%.*s", char pkg_path[DATA_PATH_LEN];
USER_DATA_PATH, namelen, name) >= sizeof(package_path)) { int path_len = snprintf(pkg_path, sizeof(pkg_path), "%s/%u/%.*s",
pr_err("Path too long for package: %.*s\n", namelen, name); USER_DATA_BASE_PATH, scan_ctx->user_id, namelen, name);
if (my_ctx->stats) if (path_len >= sizeof(pkg_path)) {
my_ctx->stats->errors_encountered++; pr_err("Path too long for: %.*s (user %u)\n", namelen, name, scan_ctx->user_id);
scan_ctx->error_count++;
return FILLDIR_ACTOR_CONTINUE; return FILLDIR_ACTOR_CONTINUE;
} }
// Get package path attributes
struct path path; struct path path;
int err = kern_path(package_path, LOOKUP_FOLLOW, &path); int err = kern_path(pkg_path, LOOKUP_FOLLOW, &path);
if (err) { if (err) {
pr_debug("Package path lookup failed: %s (err: %d)\n", package_path, err); pr_debug("Path lookup failed: %s (%d)\n", pkg_path, err);
if (my_ctx->stats) scan_ctx->error_count++;
my_ctx->stats->errors_encountered++;
return FILLDIR_ACTOR_CONTINUE; return FILLDIR_ACTOR_CONTINUE;
} }
/*
4.11, also backported on lineage common kernel 4.9 !!
int vfs_getattr(const struct path *path, struct kstat *stat,
u32 request_mask, unsigned int query_flags)
4.10
int vfs_getattr(struct path *path, struct kstat *stat)
basically no mask and flags for =< 4.10
*/
struct kstat stat; struct kstat stat;
#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,11,0) || defined(KSU_HAS_NEW_VFS_GETATTR)
err = vfs_getattr(&path, &stat, STATX_UID, AT_STATX_SYNC_AS_STAT); err = vfs_getattr(&path, &stat, STATX_UID, AT_STATX_SYNC_AS_STAT);
#else
err = vfs_getattr(&path, &stat);
#endif
path_put(&path); path_put(&path);
if (err) { if (err) {
pr_debug("Failed to get attributes for: %s (err: %d)\n", package_path, err); pr_debug("Failed to get attributes: %s (%d)\n", pkg_path, err);
if (my_ctx->stats) scan_ctx->error_count++;
my_ctx->stats->errors_encountered++;
return FILLDIR_ACTOR_CONTINUE; return FILLDIR_ACTOR_CONTINUE;
} }
// Extract UID and validate
uid_t uid = from_kuid(&init_user_ns, stat.uid); uid_t uid = from_kuid(&init_user_ns, stat.uid);
if (uid == (uid_t)-1) { if (uid == (uid_t)-1) {
pr_warn("Invalid UID for package: %.*s\n", namelen, name); pr_warn("Invalid UID for: %.*s (user %u)\n", namelen, name, scan_ctx->user_id);
if (my_ctx->stats) scan_ctx->error_count++;
my_ctx->stats->errors_encountered++;
return FILLDIR_ACTOR_CONTINUE; return FILLDIR_ACTOR_CONTINUE;
} }
struct uid_data *data = kzalloc(sizeof(struct uid_data), GFP_ATOMIC); // Allocate and populate UID data entry
if (!data) { struct uid_data *uid_entry = kzalloc(sizeof(struct uid_data), GFP_KERNEL);
pr_err("Failed to allocate memory for package: %.*s\n", namelen, name); if (!uid_entry) {
if (my_ctx->stats) pr_err("Memory allocation failed for: %.*s\n", namelen, name);
my_ctx->stats->errors_encountered++; scan_ctx->error_count++;
return FILLDIR_ACTOR_CONTINUE; return FILLDIR_ACTOR_CONTINUE;
} }
data->uid = uid; uid_entry->uid = uid;
size_t copy_len = min(namelen, KSU_MAX_PACKAGE_NAME - 1); size_t copy_len = min_t(size_t, namelen, KSU_MAX_PACKAGE_NAME - 1);
strncpy(data->package, name, copy_len); strncpy(uid_entry->package, name, copy_len);
data->package[copy_len] = '\0'; uid_entry->package[copy_len] = '\0';
list_add_tail(&data->list, my_ctx->uid_list); list_add_tail(&uid_entry->list, scan_ctx->uid_list);
scan_ctx->pkg_count++;
if (my_ctx->stats)
my_ctx->stats->total_found++; pr_info("User Package: %s, UID: %u (user %u)\n", uid_entry->package, uid, scan_ctx->user_id);
pr_info("UserDE UID: Found package: %s, uid: %u\n", data->package, data->uid);
return FILLDIR_ACTOR_CONTINUE; return FILLDIR_ACTOR_CONTINUE;
} }
static int scan_user_directory(uid_t user_id, struct list_head *uid_list,
size_t *pkg_count, size_t *error_count)
{
char user_path[DATA_PATH_LEN];
struct file *dir_file;
int ret;
*pkg_count = *error_count = 0;
snprintf(user_path, sizeof(user_path), "%s/%u", USER_DATA_BASE_PATH, user_id);
dir_file = ksu_filp_open_compat(user_path, O_RDONLY, 0);
if (IS_ERR(dir_file)) {
pr_debug("Cannot open user path: %s (%ld)\n", user_path, PTR_ERR(dir_file));
return PTR_ERR(dir_file);
}
struct user_scan_ctx scan_ctx = {
.uid_list = uid_list,
.user_id = user_id,
.pkg_count = 0,
.error_count = 0
};
struct user_dir_ctx uctx = {
.ctx.actor = scan_user_packages,
.scan_ctx = &scan_ctx
};
ret = iterate_dir(dir_file, &uctx.ctx);
filp_close(dir_file, NULL);
*pkg_count = scan_ctx.pkg_count;
*error_count = scan_ctx.error_count;
if (scan_ctx.pkg_count > 0 || scan_ctx.error_count > 0)
pr_info("User %u: %zu packages, %zu errors\n",
user_id, scan_ctx.pkg_count, scan_ctx.error_count);
return ret;
}
int scan_user_data_for_uids(struct list_head *uid_list) int scan_user_data_for_uids(struct list_head *uid_list)
{ {
struct file *dir_file; uid_t user_ids[MAX_SUPPORTED_USERS];
struct uid_scan_stats stats = {0}; size_t active_users, total_packages = 0, total_errors = 0;
int ret = 0; int ret;
if (!uid_list) { if (!uid_list)
return -EINVAL; return -EINVAL;
// Get all active user IDs
ret = get_active_user_ids(user_ids, ARRAY_SIZE(user_ids), &active_users);
if (ret < 0 || active_users == 0) {
pr_err("No active users found: %d\n", ret);
return ret < 0 ? ret : -ENOENT;
} }
dir_file = ksu_filp_open_compat(USER_DATA_PATH, O_RDONLY, 0); // Scan each user's directory
if (IS_ERR(dir_file)) { for (size_t i = 0; i < active_users; i++) {
pr_err("UserDE UID: Failed to open %s: %ld\n", USER_DATA_PATH, PTR_ERR(dir_file)); size_t pkg_count, error_count;
return PTR_ERR(dir_file);
ret = scan_user_directory(user_ids[i], uid_list, &pkg_count, &error_count);
if (ret < 0) {
pr_warn("Scan failed for user %u: %d\n", user_ids[i], ret);
total_errors++;
continue;
}
total_packages += pkg_count;
total_errors += error_count;
} }
struct user_data_context ctx = { if (total_errors > 0)
.ctx.actor = user_data_actor, pr_warn("Scan completed with %zu errors\n", total_errors);
.uid_list = uid_list,
.stats = &stats
};
ret = iterate_dir(dir_file, &ctx.ctx); pr_info("Scanned %zu users, found %zu packages\n", active_users, total_packages);
filp_close(dir_file, NULL); return total_packages > 0 ? 0 : -ENOENT;
if (stats.errors_encountered > 0) {
pr_warn("Encountered %zu errors while scanning user data directory\n",
stats.errors_encountered);
}
pr_info("UserDE UID: Scanned user data directory, found %zu packages with %zu errors\n",
stats.total_found, stats.errors_encountered);
return ret;
} }
FILLDIR_RETURN_TYPE my_actor(struct dir_context *ctx, const char *name, FILLDIR_RETURN_TYPE my_actor(struct dir_context *ctx, const char *name,
@@ -295,11 +421,11 @@ FILLDIR_RETURN_TYPE my_actor(struct dir_context *ctx, const char *name,
return FILLDIR_ACTOR_CONTINUE; // Skip "." and ".." return FILLDIR_ACTOR_CONTINUE; // Skip "." and ".."
if (d_type == DT_DIR && namelen >= 8 && !strncmp(name, "vmdl", 4) && if (d_type == DT_DIR && namelen >= 8 && !strncmp(name, "vmdl", 4) &&
!strncmp(name + namelen - 4, ".tmp", 4)) { !strncmp(name + namelen - 4, ".tmp", 4)) {
pr_info("Skipping directory: %.*s\n", namelen, name); pr_info("Skipping directory: %.*s\n", namelen, name);
return FILLDIR_ACTOR_CONTINUE; // Skip staging package return FILLDIR_ACTOR_CONTINUE; // Skip staging package
} }
if (snprintf(dirpath, DATA_PATH_LEN, "%s/%.*s", my_ctx->parent_dir, if (snprintf(dirpath, DATA_PATH_LEN, "%s/%.*s", my_ctx->parent_dir,
namelen, name) >= DATA_PATH_LEN) { namelen, name) >= DATA_PATH_LEN) {
pr_err("Path too long: %s/%.*s\n", my_ctx->parent_dir, namelen, pr_err("Path too long: %s/%.*s\n", my_ctx->parent_dir, namelen,
@@ -343,8 +469,9 @@ FILLDIR_RETURN_TYPE my_actor(struct dir_context *ctx, const char *name,
// Check for dynamic sign or multi-manager signatures // Check for dynamic sign or multi-manager signatures
if (is_multi_manager && (signature_index == DYNAMIC_SIGN_INDEX || signature_index >= 2)) { if (is_multi_manager && (signature_index == DYNAMIC_SIGN_INDEX || signature_index >= 2)) {
my_ctx->found_dynamic_manager = true;
crown_manager(dirpath, my_ctx->private_data, signature_index); crown_manager(dirpath, my_ctx->private_data, signature_index);
struct apk_path_hash *apk_data = kmalloc(sizeof(struct apk_path_hash), GFP_ATOMIC); struct apk_path_hash *apk_data = kmalloc(sizeof(struct apk_path_hash), GFP_ATOMIC);
if (apk_data) { if (apk_data) {
apk_data->hash = hash; apk_data->hash = hash;
@@ -353,12 +480,17 @@ FILLDIR_RETURN_TYPE my_actor(struct dir_context *ctx, const char *name,
} }
} else if (is_manager_apk(dirpath)) { } else if (is_manager_apk(dirpath)) {
crown_manager(dirpath, my_ctx->private_data, 0); crown_manager(dirpath, my_ctx->private_data, 0);
*my_ctx->stop = 1;
if (!my_ctx->found_dynamic_manager && !ksu_is_dynamic_manager_enabled()) {
*my_ctx->stop = 1;
}
// Manager found, clear APK cache list // Manager found, clear APK cache list
list_for_each_entry_safe(pos, n, &apk_path_hash_list, list) { if (!ksu_is_dynamic_manager_enabled()) {
list_del(&pos->list); list_for_each_entry_safe(pos, n, &apk_path_hash_list, list) {
kfree(pos); list_del(&pos->list);
kfree(pos);
}
} }
} else { } else {
struct apk_path_hash *apk_data = kmalloc(sizeof(struct apk_path_hash), GFP_ATOMIC); struct apk_path_hash *apk_data = kmalloc(sizeof(struct apk_path_hash), GFP_ATOMIC);
@@ -379,8 +511,10 @@ void search_manager(const char *path, int depth, struct list_head *uid_data)
int i, stop = 0; int i, stop = 0;
struct list_head data_path_list; struct list_head data_path_list;
INIT_LIST_HEAD(&data_path_list); INIT_LIST_HEAD(&data_path_list);
INIT_LIST_HEAD(&apk_path_hash_list);
unsigned long data_app_magic = 0; unsigned long data_app_magic = 0;
bool found_dynamic_manager = false;
// Initialize APK cache list // Initialize APK cache list
struct apk_path_hash *pos, *n; struct apk_path_hash *pos, *n;
list_for_each_entry(pos, &apk_path_hash_list, list) { list_for_each_entry(pos, &apk_path_hash_list, list) {
@@ -398,20 +532,21 @@ void search_manager(const char *path, int depth, struct list_head *uid_data)
list_for_each_entry_safe(pos, n, &data_path_list, list) { list_for_each_entry_safe(pos, n, &data_path_list, list) {
struct my_dir_context ctx = { .ctx.actor = my_actor, struct my_dir_context ctx = { .ctx.actor = my_actor,
.data_path_list = &data_path_list, .data_path_list = &data_path_list,
.parent_dir = pos->dirpath, .parent_dir = pos->dirpath,
.private_data = uid_data, .private_data = uid_data,
.depth = pos->depth, .depth = pos->depth,
.stop = &stop }; .stop = &stop,
.found_dynamic_manager = false };
struct file *file; struct file *file;
if (!stop) { if (!stop) {
file = ksu_filp_open_compat(pos->dirpath, O_RDONLY | O_NOFOLLOW, 0); file = ksu_filp_open_compat(pos->dirpath, O_RDONLY | O_NOFOLLOW | O_DIRECTORY, 0);
if (IS_ERR(file)) { if (IS_ERR(file)) {
pr_err("Failed to open directory: %s, err: %ld\n", pos->dirpath, PTR_ERR(file)); pr_err("Failed to open directory: %s, err: %ld\n", pos->dirpath, PTR_ERR(file));
goto skip_iterate; goto skip_iterate;
} }
// grab magic on first folder, which is /data/app // grab magic on first folder, which is /data/app
if (!data_app_magic) { if (!data_app_magic) {
if (file->f_inode->i_sb->s_magic) { if (file->f_inode->i_sb->s_magic) {
@@ -422,7 +557,7 @@ void search_manager(const char *path, int depth, struct list_head *uid_data)
goto skip_iterate; goto skip_iterate;
} }
} }
if (file->f_inode->i_sb->s_magic != data_app_magic) { if (file->f_inode->i_sb->s_magic != data_app_magic) {
pr_info("%s: skip: %s magic: 0x%lx expected: 0x%lx\n", __func__, pos->dirpath, pr_info("%s: skip: %s magic: 0x%lx expected: 0x%lx\n", __func__, pos->dirpath,
file->f_inode->i_sb->s_magic, data_app_magic); file->f_inode->i_sb->s_magic, data_app_magic);
@@ -432,6 +567,10 @@ void search_manager(const char *path, int depth, struct list_head *uid_data)
iterate_dir(file, &ctx.ctx); iterate_dir(file, &ctx.ctx);
filp_close(file, NULL); filp_close(file, NULL);
if (ctx.found_dynamic_manager) {
found_dynamic_manager = true;
}
} }
skip_iterate: skip_iterate:
list_del(&pos->list); list_del(&pos->list);
@@ -440,12 +579,11 @@ skip_iterate:
} }
} }
// Remove stale cached APK entries // clear apk_path_hash_list unconditionally
pr_info("search manager: cleanup!\n");
list_for_each_entry_safe(pos, n, &apk_path_hash_list, list) { list_for_each_entry_safe(pos, n, &apk_path_hash_list, list) {
if (!pos->exists) { list_del(&pos->list);
list_del(&pos->list); kfree(pos);
kfree(pos);
}
} }
} }
@@ -465,76 +603,16 @@ static bool is_uid_exist(uid_t uid, char *package, void *data)
return exist; return exist;
} }
void track_throne(void) static void track_throne_function(void)
{ {
struct list_head uid_list; struct list_head uid_list;
INIT_LIST_HEAD(&uid_list); INIT_LIST_HEAD(&uid_list);
// scan user data for uids
pr_info("Starting UID scan from user data directory\n");
int ret = scan_user_data_for_uids(&uid_list); int ret = scan_user_data_for_uids(&uid_list);
if (ret < 0) { if (ret < 0) {
pr_warn("Failed to scan user data directory (%d), falling back to packages.list\n", ret); pr_err("UserDE UID scan user data failed: %d.\n", ret);
goto out;
// fallback to packages.list method
struct file *fp = ksu_filp_open_compat(SYSTEM_PACKAGES_LIST_PATH, O_RDONLY, 0);
if (IS_ERR(fp)) {
pr_err("Both user data scan and packages.list failed: %ld\n", PTR_ERR(fp));
goto out;
}
char chr = 0;
loff_t pos = 0;
loff_t line_start = 0;
char buf[KSU_MAX_PACKAGE_NAME];
size_t fallback_count = 0;
for (;;) {
ssize_t count =
ksu_kernel_read_compat(fp, &chr, sizeof(chr), &pos);
if (count != sizeof(chr))
break;
if (chr != '\n')
continue;
count = ksu_kernel_read_compat(fp, buf, sizeof(buf),
&line_start);
struct uid_data *data =
kzalloc(sizeof(struct uid_data), GFP_ATOMIC);
if (!data) {
filp_close(fp, 0);
goto out;
}
char *tmp = buf;
const char *delim = " ";
char *package = strsep(&tmp, delim);
char *uid = strsep(&tmp, delim);
if (!uid || !package) {
pr_err("update_uid: package or uid is NULL!\n");
kfree(data);
break;
}
u32 res;
if (kstrtou32(uid, 10, &res)) {
pr_err("update_uid: uid parse err\n");
kfree(data);
break;
}
data->uid = res;
strncpy(data->package, package, KSU_MAX_PACKAGE_NAME);
list_add_tail(&data->list, &uid_list);
fallback_count++;
// reset line start
line_start = pos;
}
filp_close(fp, 0);
pr_info("Loaded %zu packages from packages.list fallback\n", fallback_count);
} else {
pr_info("UserDE UID: Successfully loaded %zu packages from user data directory\n", list_count_nodes(&uid_list));
} }
// now update uid list // now update uid list
@@ -544,7 +622,7 @@ void track_throne(void)
// first, check if manager_uid exist! // first, check if manager_uid exist!
bool manager_exist = false; bool manager_exist = false;
bool dynamic_manager_exist = false; bool dynamic_manager_exist = false;
list_for_each_entry (np, &uid_list, list) { list_for_each_entry (np, &uid_list, list) {
// if manager is installed in work profile, the uid in packages.list is still equals main profile // if manager is installed in work profile, the uid in packages.list is still equals main profile
// don't delete it in this case! // don't delete it in this case!
@@ -554,14 +632,18 @@ void track_throne(void)
break; break;
} }
} }
// Check for dynamic managers // Check for dynamic managers
if (!dynamic_manager_exist && ksu_is_dynamic_manager_enabled()) { if (ksu_is_dynamic_manager_enabled()) {
list_for_each_entry (np, &uid_list, list) { dynamic_manager_exist = ksu_has_dynamic_managers();
if (!dynamic_manager_exist) {
list_for_each_entry (np, &uid_list, list) {
// Check if this uid is a dynamic manager (not the traditional manager) // Check if this uid is a dynamic manager (not the traditional manager)
if (ksu_is_any_manager(np->uid) && np->uid != ksu_get_manager_uid()) { if (ksu_is_any_manager(np->uid) && np->uid != ksu_get_manager_uid()) {
dynamic_manager_exist = true; dynamic_manager_exist = true;
break; break;
}
} }
} }
} }
@@ -575,24 +657,59 @@ void track_throne(void)
pr_info("Searching manager...\n"); pr_info("Searching manager...\n");
search_manager("/data/app", 2, &uid_list); search_manager("/data/app", 2, &uid_list);
pr_info("Search manager finished\n"); pr_info("Search manager finished\n");
} else if (!dynamic_manager_exist && ksu_is_dynamic_manager_enabled()) {
// Always perform search when called from dynamic manager rescan // Always perform search when called from dynamic manager rescan
} else if (!dynamic_manager_exist && ksu_is_dynamic_manager_enabled()) {
pr_info("Dynamic sign enabled, Searching manager...\n"); pr_info("Dynamic sign enabled, Searching manager...\n");
search_manager("/data/app", 2, &uid_list); search_manager("/data/app", 2, &uid_list);
pr_info("Search Dynamic sign manager finished\n"); pr_info("Search Dynamic sign manager finished\n");
} }
prune: prune:
// then prune the allowlist // then prune the allowlist
ksu_prune_allowlist(is_uid_exist, &uid_list); ksu_prune_allowlist(is_uid_exist, &uid_list);
out: out:
// free uid_list // free uid_list
list_for_each_entry_safe (np, n, &uid_list, list) { list_for_each_entry_safe(np, n, &uid_list, list) {
list_del(&np->list); list_del(&np->list);
kfree(np); kfree(np);
} }
} }
static int throne_tracker_thread(void *data)
{
pr_info("%s: pid: %d started\n", __func__, current->pid);
// for the kthread, we need to escape to root
// since it does not inherit the caller's context.
// this runs as root but without the capabilities, so call it with false
escape_to_root(false);
track_throne_function();
throne_thread = NULL;
smp_mb();
pr_info("%s: pid: %d exit!\n", __func__, current->pid);
return 0;
}
void track_throne(void)
{
static bool throne_tracker_first_run __read_mostly = true;
if (unlikely(throne_tracker_first_run)) {
track_throne_function();
throne_tracker_first_run = false;
return;
}
smp_mb();
if (throne_thread != NULL) // single instance lock
return;
throne_thread = kthread_run(throne_tracker_thread, NULL, "throne_tracker");
if (IS_ERR(throne_thread)) {
throne_thread = NULL;
return;
}
}
void ksu_throne_tracker_init(void) void ksu_throne_tracker_init(void)
{ {
// nothing to do // nothing to do

412
kernel/throne_tracker_legacy.c Normal file
View File

@@ -0,0 +1,412 @@
#include <linux/err.h>
#include <linux/fs.h>
#include <linux/list.h>
#include <linux/slab.h>
#include <linux/string.h>
#include <linux/types.h>
#include <linux/version.h>
#include <linux/stat.h>
#include <linux/namei.h>
#include "allowlist.h"
#include "klog.h" // IWYU pragma: keep
#include "ksu.h"
#include "manager.h"
#include "throne_tracker.h"
#include "kernel_compat.h"
// legacy throne tracker
// this is kept for UL purposes
// reason: can't solve deadlock on user_data_actor()
// xx - 20200914
uid_t ksu_manager_uid = KSU_INVALID_UID;
#define SYSTEM_PACKAGES_LIST_PATH "/data/system/packages.list.tmp"
struct uid_data {
struct list_head list;
u32 uid;
char package[KSU_MAX_PACKAGE_NAME];
};
static int get_pkg_from_apk_path(char *pkg, const char *path)
{
int len = strlen(path);
if (len >= KSU_MAX_PACKAGE_NAME || len < 1)
return -1;
const char *last_slash = NULL;
const char *second_last_slash = NULL;
int i;
for (i = len - 1; i >= 0; i--) {
if (path[i] == '/') {
if (!last_slash) {
last_slash = &path[i];
} else {
second_last_slash = &path[i];
break;
}
}
}
if (!last_slash || !second_last_slash)
return -1;
const char *last_hyphen = strchr(second_last_slash, '-');
if (!last_hyphen || last_hyphen > last_slash)
return -1;
int pkg_len = last_hyphen - second_last_slash - 1;
if (pkg_len >= KSU_MAX_PACKAGE_NAME || pkg_len <= 0)
return -1;
// Copying the package name
strncpy(pkg, second_last_slash + 1, pkg_len);
pkg[pkg_len] = '\0';
return 0;
}
static void crown_manager(const char *apk, struct list_head *uid_data)
{
char pkg[KSU_MAX_PACKAGE_NAME];
if (get_pkg_from_apk_path(pkg, apk) < 0) {
pr_err("Failed to get package name from apk path: %s\n", apk);
return;
}
pr_info("manager pkg: %s\n", pkg);
#ifdef KSU_MANAGER_PACKAGE
// pkg is `/<real package>`
if (strncmp(pkg, KSU_MANAGER_PACKAGE, sizeof(KSU_MANAGER_PACKAGE))) {
pr_info("manager package is inconsistent with kernel build: %s\n",
KSU_MANAGER_PACKAGE);
return;
}
#endif
struct list_head *list = (struct list_head *)uid_data;
struct uid_data *np;
list_for_each_entry (np, list, list) {
if (strncmp(np->package, pkg, KSU_MAX_PACKAGE_NAME) == 0) {
pr_info("Crowning manager: %s(uid=%d)\n", pkg, np->uid);
ksu_set_manager_uid(np->uid);
break;
}
}
}
#define DATA_PATH_LEN 384 // 384 is enough for /data/app/<package>/base.apk
struct data_path {
char dirpath[DATA_PATH_LEN];
int depth;
struct list_head list;
};
struct apk_path_hash {
unsigned int hash;
bool exists;
struct list_head list;
};
static struct list_head apk_path_hash_list = LIST_HEAD_INIT(apk_path_hash_list);
struct my_dir_context {
struct dir_context ctx;
struct list_head *data_path_list;
char *parent_dir;
void *private_data;
int depth;
int *stop;
};
// https://docs.kernel.org/filesystems/porting.html
// filldir_t (readdir callbacks) calling conventions have changed. Instead of returning 0 or -E... it returns bool now. false means "no more" (as -E... used to) and true - "keep going" (as 0 in old calling conventions). Rationale: callers never looked at specific -E... values anyway. -> iterate_shared() instances require no changes at all, all filldir_t ones in the tree converted.
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0)
#define FILLDIR_RETURN_TYPE bool
#define FILLDIR_ACTOR_CONTINUE true
#define FILLDIR_ACTOR_STOP false
#else
#define FILLDIR_RETURN_TYPE int
#define FILLDIR_ACTOR_CONTINUE 0
#define FILLDIR_ACTOR_STOP -EINVAL
#endif
FILLDIR_RETURN_TYPE my_actor(struct dir_context *ctx, const char *name,
int namelen, loff_t off, u64 ino,
unsigned int d_type)
{
struct my_dir_context *my_ctx =
container_of(ctx, struct my_dir_context, ctx);
char dirpath[DATA_PATH_LEN];
if (!my_ctx) {
pr_err("Invalid context\n");
return FILLDIR_ACTOR_STOP;
}
if (my_ctx->stop && *my_ctx->stop) {
pr_info("Stop searching\n");
return FILLDIR_ACTOR_STOP;
}
if (!strncmp(name, "..", namelen) || !strncmp(name, ".", namelen))
return FILLDIR_ACTOR_CONTINUE; // Skip "." and ".."
if (d_type == DT_DIR && namelen >= 8 && !strncmp(name, "vmdl", 4) &&
!strncmp(name + namelen - 4, ".tmp", 4)) {
pr_info("Skipping directory: %.*s\n", namelen, name);
return FILLDIR_ACTOR_CONTINUE; // Skip staging package
}
if (snprintf(dirpath, DATA_PATH_LEN, "%s/%.*s", my_ctx->parent_dir,
namelen, name) >= DATA_PATH_LEN) {
pr_err("Path too long: %s/%.*s\n", my_ctx->parent_dir, namelen,
name);
return FILLDIR_ACTOR_CONTINUE;
}
if (d_type == DT_DIR && my_ctx->depth > 0 &&
(my_ctx->stop && !*my_ctx->stop)) {
struct data_path *data = kmalloc(sizeof(struct data_path), GFP_ATOMIC);
if (!data) {
pr_err("Failed to allocate memory for %s\n", dirpath);
return FILLDIR_ACTOR_CONTINUE;
}
strscpy(data->dirpath, dirpath, DATA_PATH_LEN);
data->depth = my_ctx->depth - 1;
list_add_tail(&data->list, my_ctx->data_path_list);
} else {
if ((namelen == 8) && (strncmp(name, "base.apk", namelen) == 0)) {
struct apk_path_hash *pos, *n;
unsigned int hash = full_name_hash(NULL, dirpath, strlen(dirpath));
list_for_each_entry(pos, &apk_path_hash_list, list) {
if (hash == pos->hash) {
pos->exists = true;
return FILLDIR_ACTOR_CONTINUE;
}
}
bool is_manager = is_manager_apk(dirpath);
pr_info("Found new base.apk at path: %s, is_manager: %d\n",
dirpath, is_manager);
if (is_manager) {
crown_manager(dirpath, my_ctx->private_data);
*my_ctx->stop = 1;
// Manager found, clear APK cache list
list_for_each_entry_safe(pos, n, &apk_path_hash_list, list) {
list_del(&pos->list);
kfree(pos);
}
} else {
struct apk_path_hash *apk_data = kmalloc(sizeof(struct apk_path_hash), GFP_ATOMIC);
apk_data->hash = hash;
apk_data->exists = true;
list_add_tail(&apk_data->list, &apk_path_hash_list);
}
}
}
return FILLDIR_ACTOR_CONTINUE;
}
void search_manager(const char *path, int depth, struct list_head *uid_data)
{
int i, stop = 0;
struct list_head data_path_list;
INIT_LIST_HEAD(&data_path_list);
unsigned long data_app_magic = 0;
// Initialize APK cache list
struct apk_path_hash *pos, *n;
list_for_each_entry(pos, &apk_path_hash_list, list) {
pos->exists = false;
}
// First depth
struct data_path data;
strscpy(data.dirpath, path, DATA_PATH_LEN);
data.depth = depth;
list_add_tail(&data.list, &data_path_list);
for (i = depth; i >= 0; i--) {
struct data_path *pos, *n;
list_for_each_entry_safe(pos, n, &data_path_list, list) {
struct my_dir_context ctx = { .ctx.actor = my_actor,
.data_path_list = &data_path_list,
.parent_dir = pos->dirpath,
.private_data = uid_data,
.depth = pos->depth,
.stop = &stop };
struct file *file;
if (!stop) {
file = ksu_filp_open_compat(pos->dirpath, O_RDONLY | O_NOFOLLOW, 0);
if (IS_ERR(file)) {
pr_err("Failed to open directory: %s, err: %ld\n", pos->dirpath, PTR_ERR(file));
goto skip_iterate;
}
// grab magic on first folder, which is /data/app
if (!data_app_magic) {
if (file->f_inode->i_sb->s_magic) {
data_app_magic = file->f_inode->i_sb->s_magic;
pr_info("%s: dir: %s got magic! 0x%lx\n", __func__, pos->dirpath, data_app_magic);
} else {
filp_close(file, NULL);
goto skip_iterate;
}
}
if (file->f_inode->i_sb->s_magic != data_app_magic) {
pr_info("%s: skip: %s magic: 0x%lx expected: 0x%lx\n", __func__, pos->dirpath,
file->f_inode->i_sb->s_magic, data_app_magic);
filp_close(file, NULL);
goto skip_iterate;
}
iterate_dir(file, &ctx.ctx);
filp_close(file, NULL);
}
skip_iterate:
list_del(&pos->list);
if (pos != &data)
kfree(pos);
}
}
// Remove stale cached APK entries
list_for_each_entry_safe(pos, n, &apk_path_hash_list, list) {
if (!pos->exists) {
list_del(&pos->list);
kfree(pos);
}
}
}
static bool is_uid_exist(uid_t uid, char *package, void *data)
{
struct list_head *list = (struct list_head *)data;
struct uid_data *np;
bool exist = false;
list_for_each_entry (np, list, list) {
if (np->uid == uid % 100000 &&
strncmp(np->package, package, KSU_MAX_PACKAGE_NAME) == 0) {
exist = true;
break;
}
}
return exist;
}
void track_throne()
{
struct file *fp =
ksu_filp_open_compat(SYSTEM_PACKAGES_LIST_PATH, O_RDONLY, 0);
if (IS_ERR(fp)) {
pr_err("%s: open " SYSTEM_PACKAGES_LIST_PATH " failed: %ld\n",
__func__, PTR_ERR(fp));
return;
}
struct list_head uid_list;
INIT_LIST_HEAD(&uid_list);
char chr = 0;
loff_t pos = 0;
loff_t line_start = 0;
char buf[KSU_MAX_PACKAGE_NAME];
for (;;) {
ssize_t count =
ksu_kernel_read_compat(fp, &chr, sizeof(chr), &pos);
if (count != sizeof(chr))
break;
if (chr != '\n')
continue;
count = ksu_kernel_read_compat(fp, buf, sizeof(buf),
&line_start);
struct uid_data *data =
kzalloc(sizeof(struct uid_data), GFP_ATOMIC);
if (!data) {
filp_close(fp, 0);
goto out;
}
char *tmp = buf;
const char *delim = " ";
char *package = strsep(&tmp, delim);
char *uid = strsep(&tmp, delim);
if (!uid || !package) {
pr_err("update_uid: package or uid is NULL!\n");
break;
}
u32 res;
if (kstrtou32(uid, 10, &res)) {
pr_err("update_uid: uid parse err\n");
break;
}
data->uid = res;
strncpy(data->package, package, KSU_MAX_PACKAGE_NAME);
list_add_tail(&data->list, &uid_list);
// reset line start
line_start = pos;
}
filp_close(fp, 0);
// now update uid list
struct uid_data *np;
struct uid_data *n;
// first, check if manager_uid exist!
bool manager_exist = false;
list_for_each_entry (np, &uid_list, list) {
// if manager is installed in work profile, the uid in packages.list is still equals main profile
// don't delete it in this case!
int manager_uid = ksu_get_manager_uid() % 100000;
if (np->uid == manager_uid) {
manager_exist = true;
break;
}
}
if (!manager_exist) {
if (ksu_is_manager_uid_valid()) {
pr_info("manager is uninstalled, invalidate it!\n");
ksu_invalidate_manager_uid();
goto prune;
}
pr_info("Searching manager...\n");
search_manager("/data/app", 2, &uid_list);
pr_info("Search manager finished\n");
}
prune:
// then prune the allowlist
ksu_prune_allowlist(is_uid_exist, &uid_list);
out:
// free uid_list
list_for_each_entry_safe (np, n, &uid_list, list) {
list_del(&np->list);
kfree(np);
}
}
void ksu_throne_tracker_init()
{
// nothing to do
}
void ksu_throne_tracker_exit()
{
// nothing to do
}