e41fa8ef62
- In order to reduce the extra patch code and increase the rate of hunk succeed, we do not rename the symbols in KernelSU drvier but instead do it all in kernel/kallsym.c - Make susfs_starts_with() global as it maybe useful in future Co-authored-by: simonpunk <simonpunk2016@gmail.com>
215 lines
7.2 KiB
Plaintext
215 lines
7.2 KiB
Plaintext
menu "KernelSU"
|
|
|
|
config KSU
|
|
tristate "KernelSU function support"
|
|
default y
|
|
help
|
|
Enable kernel-level root privileges on Android System.
|
|
To compile as a module, choose M here: the
|
|
module will be called kernelsu.
|
|
|
|
config KSU_DEBUG
|
|
bool "KernelSU debug mode"
|
|
depends on KSU
|
|
default n
|
|
help
|
|
Enable KernelSU debug mode.
|
|
|
|
config KSU_MULTI_MANAGER_SUPPORT
|
|
bool "Multi KernelSU manager support"
|
|
depends on KSU
|
|
default n
|
|
help
|
|
Enable multi KernelSU manager support
|
|
|
|
config KSU_ALLOWLIST_WORKAROUND
|
|
bool "KernelSU Session Keyring Init workaround"
|
|
depends on KSU
|
|
default n
|
|
help
|
|
Enable session keyring init workaround for problematic devices.
|
|
Useful for situations where the SU allowlist is not kept after a reboot
|
|
|
|
config KSU_CMDLINE
|
|
bool "Enable KernelSU cmdline"
|
|
depends on KSU && KSU != m
|
|
default n
|
|
help
|
|
Enable a cmdline called kernelsu.enabled
|
|
Value 1 means enabled, value 0 means disabled.
|
|
|
|
config KPM
|
|
bool "Enable SukiSU KPM"
|
|
depends on KSU && 64BIT
|
|
select KALLSYMS
|
|
select KALLSYMS_ALL
|
|
default n
|
|
help
|
|
Enabling this option will activate the KPM feature of SukiSU.
|
|
This option is suitable for scenarios where you need to force KPM to be enabled.
|
|
but it may affect system stability.
|
|
|
|
choice
|
|
prompt "KernelSU hook type"
|
|
depends on KSU
|
|
default KSU_KPROBES_HOOK
|
|
help
|
|
Hook type for KernelSU
|
|
|
|
config KSU_KPROBES_HOOK
|
|
bool "Hook KernelSU with Kprobes"
|
|
depends on KPROBES
|
|
help
|
|
If enabled, Hook required KernelSU syscalls with Kernel-probe.
|
|
|
|
config KSU_TRACEPOINT_HOOK
|
|
bool "Hook KernelSU with Tracepoint"
|
|
depends on TRACEPOINTS
|
|
help
|
|
If enabled, Hook required KernelSU syscalls with Tracepoint.
|
|
|
|
config KSU_MANUAL_HOOK
|
|
bool "Hook KernelSU manually"
|
|
depends on KSU != m
|
|
help
|
|
If enabled, Hook required KernelSU syscalls with manually-patched function.
|
|
|
|
endchoice
|
|
|
|
menu "KernelSU - SUSFS"
|
|
config KSU_SUSFS
|
|
bool "KernelSU addon - SUSFS"
|
|
depends on KSU
|
|
depends on THREAD_INFO_IN_TASK
|
|
default y
|
|
help
|
|
Patch and Enable SUSFS to kernel with KernelSU.
|
|
|
|
config KSU_SUSFS_HAS_MAGIC_MOUNT
|
|
bool "Say yes if the current KernelSU repo has magic mount implemented (default y)"
|
|
depends on KSU_SUSFS
|
|
default y
|
|
help
|
|
- Enable to indicate that the current SUSFS kernel supports the auto hide features for 5ec1cff's Magic Mount KernelSU
|
|
- Every mounts from /debug_ramdisk/workdir will be treated as magic mount and processed differently by susfs
|
|
|
|
config KSU_SUSFS_SUS_PATH
|
|
bool "Enable to hide suspicious path (NOT recommended)"
|
|
depends on KSU_SUSFS
|
|
default y
|
|
help
|
|
- Allow hiding the user-defined path and all its sub-paths from various system calls.
|
|
- tmpfs filesystem is not allowed to be added.
|
|
- Effective only on zygote spawned user app process.
|
|
- Use with cautious as it may cause performance loss and will be vulnerable to side channel attacks,
|
|
just disable this feature if it doesn't work for you or you don't need it at all.
|
|
|
|
config KSU_SUSFS_SUS_MOUNT
|
|
bool "Enable to hide suspicious mounts"
|
|
depends on KSU_SUSFS
|
|
default y
|
|
help
|
|
- Allow hiding the user-defined mount paths from /proc/self/[mounts|mountinfo|mountstat].
|
|
- Effective on all processes for hiding mount entries.
|
|
- Mounts mounted by process with ksu domain will be forced to be assigned the dev name "KSU".
|
|
- mnt_id and mnt_group_id of the sus mount will be assigned to a much bigger number to solve the issue of id not being contiguous.
|
|
|
|
config KSU_SUSFS_AUTO_ADD_SUS_KSU_DEFAULT_MOUNT
|
|
bool "Enable to hide KSU's default mounts automatically (experimental)"
|
|
depends on KSU_SUSFS_SUS_MOUNT
|
|
default y
|
|
help
|
|
- Automatically add KSU's default mounts to sus_mount.
|
|
- No susfs command is needed in userspace.
|
|
- Only mount operation from process with ksu domain will be checked.
|
|
|
|
config KSU_SUSFS_AUTO_ADD_SUS_BIND_MOUNT
|
|
bool "Enable to hide suspicious bind mounts automatically (experimental)"
|
|
depends on KSU_SUSFS_SUS_MOUNT
|
|
default y
|
|
help
|
|
- Automatically add binded mounts to sus_mount.
|
|
- No susfs command is needed in userspace.
|
|
- Only mount operation from process with ksu domain will be checked.
|
|
|
|
config KSU_SUSFS_SUS_KSTAT
|
|
bool "Enable to spoof suspicious kstat"
|
|
depends on KSU_SUSFS
|
|
default y
|
|
help
|
|
- Allow spoofing the kstat of user-defined file/directory.
|
|
- Effective only on zygote spawned user app process.
|
|
|
|
config KSU_SUSFS_TRY_UMOUNT
|
|
bool "Enable to use ksu's try_umount"
|
|
depends on KSU_SUSFS
|
|
default y
|
|
help
|
|
- Allow using try_umount to umount other user-defined mount paths prior to ksu's default umount paths.
|
|
- Effective on all NO-root-access-granted processes.
|
|
|
|
config KSU_SUSFS_AUTO_ADD_TRY_UMOUNT_FOR_BIND_MOUNT
|
|
bool "Enable to add bind mounts to ksu's try_umount automatically (experimental)"
|
|
depends on KSU_SUSFS_TRY_UMOUNT
|
|
default y
|
|
help
|
|
- Automatically add binded mounts to ksu's try_umount.
|
|
- No susfs command is needed in userspace.
|
|
- Only mount operation from process with ksu domain will be checked.
|
|
|
|
config KSU_SUSFS_SPOOF_UNAME
|
|
bool "Enable to spoof uname"
|
|
depends on KSU_SUSFS
|
|
default y
|
|
help
|
|
- Allow spoofing the string returned by uname syscall to user-defined string.
|
|
- Effective on all processes.
|
|
|
|
config KSU_SUSFS_ENABLE_LOG
|
|
bool "Enable logging susfs log to kernel"
|
|
depends on KSU_SUSFS
|
|
default y
|
|
help
|
|
- Allow logging susfs log to kernel, uncheck it to completely disable all susfs log.
|
|
|
|
config KSU_SUSFS_HIDE_KSU_SUSFS_SYMBOLS
|
|
bool "Enable to automatically hide ksu and susfs symbols from /proc/kallsyms"
|
|
depends on KSU_SUSFS
|
|
default y
|
|
help
|
|
- Automatically hide ksu and susfs symbols from '/proc/kallsyms'.
|
|
- Effective on all processes.
|
|
|
|
config KSU_SUSFS_SPOOF_CMDLINE_OR_BOOTCONFIG
|
|
bool "Enable to spoof /proc/bootconfig (gki) or /proc/cmdline (non-gki)"
|
|
depends on KSU_SUSFS
|
|
default y
|
|
help
|
|
- Spoof the output of /proc/bootconfig (gki) or /proc/cmdline (non-gki) with a user-defined file.
|
|
- Effective on all processes.
|
|
|
|
config KSU_SUSFS_OPEN_REDIRECT
|
|
bool "Enable to redirect a path to be opened with another path (experimental)"
|
|
depends on KSU_SUSFS
|
|
default y
|
|
help
|
|
- Allow redirecting a target path to be opened with another user-defined path.
|
|
- Effective only on processes with uid < 2000.
|
|
- Please be reminded that process with open access to the target and redirected path can be detected.
|
|
|
|
config KSU_SUSFS_SUS_SU
|
|
bool "Enable SUS-SU in runtime temporarily"
|
|
depends on KSU_SUSFS && KPROBES && HAVE_KPROBES && KPROBE_EVENTS
|
|
default y
|
|
help
|
|
- Allow user to enable or disable core ksu kprobes hooks temporarily in runtime. There are 2 working modes for sus_su.
|
|
- Mode 0 (default): Disable sus_su, and enable ksu kprobe hooks for su instead.
|
|
- Mode 1 (deprecated):
|
|
- Mode 2: Enable sus_su, and disable ksu kprobe hooks for su, which means the kernel inline hooks are enabled,
|
|
the same as the su implementaion of non-gki kernel without kprobe supported.
|
|
- Only apps with root access granted by ksu manager are allowed to get root.
|
|
|
|
endmenu
|
|
|
|
endmenu
|