320e08b8fb
* refactor: replace throne tracker with ksud token
* use snprintf
* refactor: new supercall impl
- Import the sukisu command
* disable seccomp for supercall users
* kernel: fmt clear
* kernel: Enable macro protection for sulog
- Only enabled on kernel versions greater than 5.10.245
* kernel: Refactor kprobe hooks and implement LSM hooks for improved security handling
* debug mode
* kernel: Add functionality to generate and validate authentication tokens for cmd_su
* kernel: Simplified manual SU command processing for code
* kernel: replace renameat hook with fsnotify
* Revert "refactor: replace throne tracker with ksud token"
This reverts commit aa2cbbf9cd.
* kernel: fix compile
* kernel: fix compile below 6.0
* Fix compile err; Add become_manager
* kernel: install fd for manager automaticlly
- extend to import the corresponding command
* manager: new supercall impl
* temp changes for ksud
* ksud: fix compile
* fix wrong opcode
* kernel: fix compile
* kernel: Fixed hook type and KPM status retrieval errors
* kernel: Fixed potential null pointer issue with current->mm in kernel version 5.10
When calling get_full_comm() within system call hooks, current->mm may be null (prctl). A fallback mechanism for current->comm must be added beforehand to prevent null pointer dereferences when accessing mm->arg_start/arg_end.
Signed-off-by: ShirkNeko <109797057+ShirkNeko@users.noreply.github.com>
* ksud: fix cargo check
* manager: Fixed an issue where the KSUD release and user-mode scanning switch failed to function correctly.
- kernel: fix spin lock mutual
kernel: Fixed potential null pointer issue with current->mm in kernel version 5.10
When calling get_full_comm() within system call hooks, current->mm may be null (prctl). A fallback mechanism for current->comm must be added beforehand to prevent null pointer dereferences when accessing mm->arg_start/arg_end.
kernel: try introduce like susfs's method to fix prctl delay
* seccomp: allow reboot
* use u32
* update clang-format
* 4 spaces save the world
* ksud: Fix build on macOS
* manager: bump minimal supported kernel.
- When get_hook_type is empty, display “Unknown”.
* Fix ksud build (#2841)
* try fix ksud
* fix for macos
* remove any
* Fix ksud build, take 3
* try fix allowlist
* bring lsm hook back
* fix: a lot again
* Fix ksud build, take 4 (#2846)
Remove init_driver_fd function for non-linux/android targets
* manager: Return to the native method via KSUd installation
* Merge with susfs-mian format
---------
Signed-off-by: ShirkNeko <109797057+ShirkNeko@users.noreply.github.com>
Co-authored-by: Ylarod <me@ylarod.cn>
Co-authored-by: weishu <twsxtd@gmail.com>
Co-authored-by: AlexLiuDev233 <wzylin11@outlook.com>
Co-authored-by: Wang Han <416810799@qq.com>
133 lines
3.1 KiB
C
133 lines
3.1 KiB
C
// SPDX-License-Identifier: GPL-2.0
|
|
#include <linux/module.h>
|
|
#include <linux/fs.h>
|
|
#include <linux/namei.h>
|
|
#include <linux/fsnotify_backend.h>
|
|
#include <linux/slab.h>
|
|
#include <linux/rculist.h>
|
|
#include <linux/version.h>
|
|
#include "klog.h" // IWYU pragma: keep
|
|
#include "ksu.h"
|
|
#include "throne_tracker.h"
|
|
#include "throne_comm.h"
|
|
|
|
#define MASK_SYSTEM (FS_CREATE | FS_MOVE | FS_EVENT_ON_CHILD)
|
|
|
|
struct watch_dir {
|
|
const char *path;
|
|
u32 mask;
|
|
struct path kpath;
|
|
struct inode *inode;
|
|
struct fsnotify_mark *mark;
|
|
};
|
|
|
|
static struct fsnotify_group *g;
|
|
|
|
static int ksu_handle_inode_event(struct fsnotify_mark *mark, u32 mask,
|
|
struct inode *inode, struct inode *dir,
|
|
const struct qstr *file_name, u32 cookie)
|
|
{
|
|
if (!file_name)
|
|
return 0;
|
|
if (mask & FS_ISDIR)
|
|
return 0;
|
|
if (file_name->len == 13 &&
|
|
!memcmp(file_name->name, "packages.list", 13)) {
|
|
pr_info("packages.list detected: %d\n", mask);
|
|
if (ksu_uid_scanner_enabled) {
|
|
ksu_request_userspace_scan();
|
|
}
|
|
track_throne();
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
static const struct fsnotify_ops ksu_ops = {
|
|
.handle_inode_event = ksu_handle_inode_event,
|
|
};
|
|
|
|
static int add_mark_on_inode(struct inode *inode, u32 mask,
|
|
struct fsnotify_mark **out)
|
|
{
|
|
struct fsnotify_mark *m;
|
|
|
|
m = kzalloc(sizeof(*m), GFP_KERNEL);
|
|
if (!m)
|
|
return -ENOMEM;
|
|
|
|
fsnotify_init_mark(m, g);
|
|
m->mask = mask;
|
|
|
|
if (fsnotify_add_inode_mark(m, inode, 0)) {
|
|
fsnotify_put_mark(m);
|
|
return -EINVAL;
|
|
}
|
|
*out = m;
|
|
return 0;
|
|
}
|
|
|
|
static int watch_one_dir(struct watch_dir *wd)
|
|
{
|
|
int ret = kern_path(wd->path, LOOKUP_FOLLOW, &wd->kpath);
|
|
if (ret) {
|
|
pr_info("path not ready: %s (%d)\n", wd->path, ret);
|
|
return ret;
|
|
}
|
|
wd->inode = d_inode(wd->kpath.dentry);
|
|
ihold(wd->inode);
|
|
|
|
ret = add_mark_on_inode(wd->inode, wd->mask, &wd->mark);
|
|
if (ret) {
|
|
pr_err("Add mark failed for %s (%d)\n", wd->path, ret);
|
|
path_put(&wd->kpath);
|
|
iput(wd->inode);
|
|
wd->inode = NULL;
|
|
return ret;
|
|
}
|
|
pr_info("watching %s\n", wd->path);
|
|
return 0;
|
|
}
|
|
|
|
static void unwatch_one_dir(struct watch_dir *wd)
|
|
{
|
|
if (wd->mark) {
|
|
fsnotify_destroy_mark(wd->mark, g);
|
|
fsnotify_put_mark(wd->mark);
|
|
wd->mark = NULL;
|
|
}
|
|
if (wd->inode) {
|
|
iput(wd->inode);
|
|
wd->inode = NULL;
|
|
}
|
|
if (wd->kpath.dentry) {
|
|
path_put(&wd->kpath);
|
|
memset(&wd->kpath, 0, sizeof(wd->kpath));
|
|
}
|
|
}
|
|
|
|
static struct watch_dir g_watch = { .path = "/data/system",
|
|
.mask = MASK_SYSTEM };
|
|
|
|
int ksu_observer_init(void)
|
|
{
|
|
int ret = 0;
|
|
|
|
#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 0, 0)
|
|
g = fsnotify_alloc_group(&ksu_ops, 0);
|
|
#else
|
|
g = fsnotify_alloc_group(&ksu_ops);
|
|
#endif
|
|
if (IS_ERR(g))
|
|
return PTR_ERR(g);
|
|
|
|
ret = watch_one_dir(&g_watch);
|
|
pr_info("observer init done\n");
|
|
return 0;
|
|
}
|
|
|
|
void ksu_observer_exit(void)
|
|
{
|
|
unwatch_one_dir(&g_watch);
|
|
fsnotify_put_group(g);
|
|
pr_info("observer exit done\n");
|
|
} |