c690d9c02c
This migrates ksud execution decision-making to bprm_check_security. This requires passing proper argv and envp to a modified _ksud handler aptly named 'ksu_handle_bprm_ksud'. Introduces: int ksu_handle_bprm_ksud(const char *filename, const char *argv1, const char *envp, size_t envp_len) which is adapted from: int ksu_handle_execveat_ksud(int *fd, struct filename **filename_ptr, struct user_arg_ptr *argv, struct user_arg_ptr *envp, int *flags) ksu_handle_bprm_ksud handles all the decision making, it decides when it is time to apply_kernelsu_rules depending if it sees "second_stage". For LSM hook, turns out we can pull out argv and envp from mm_struct. The code in here explains itself on how to do it. whole blob exists on arg_start to arg_end, so we just pull it out and grab next array after the first null terminator. as for envp, we pass the pointer then hunt for it when needed My reasoning on adding a fallback on usercopy is that on some devices a fault happens, and it copies garbled data. On my creation of this, I actually had to lock that _nofault copy on a spinlock as a way to mimic preempt_disable/enable without actually doing it. As per user reports, no failed _nofault copies anyway but we have-to-have a fallback for resilience. References: - old version16efcd8193e- old version237d5938e66- bad usercopy #21 This now provides a small helper function, ksu_copy_from_user_retry, which explains itself. First we attempt a _nofault copy, if that fails, we try plain. With that, It also provides an inlined copy_from_user_nofault for < 5.8. While using strncpy_from_user_nofault was considered, this wont do, this will only copy up to the first \0. devlog:16e5dce9e7...16c1f5f52128642e60d7...728de0c571References: https://elixir.bootlin.com/linux/v4.14.1/source/include/linux/mm_types.h#L429 https://elixir.bootlin.com/linux/v4.14.1/source/include/linux/lsm_hooks.h Stale: https://github.com/tiann/KernelSU/pull/2653 Signed-off-by: backslashxx <118538522+backslashxx@users.noreply.github.com>
SukiSU Ultra
A kernel-based root solution for Android devices, forked from tiann/KernelSU, and added some interesting changes.
Features
- Kernel-based
suand root access management - Module system based on Magic Mount
- App Profile: Lock up the root power in a cage
- Support non-GKI and GKI 1.0
- KPM Support
- Tweaks to the manager theme and the built-in susfs management tool.
Compatibility Status
-
KernelSU (before v1.0.0) officially supports Android GKI 2.0 devices (kernel 5.10+).
-
Older kernels (4.4+) are also compatible, but the kernel will have to be built manually.
-
With more backports, KernelSU can supports 3.x kernel (3.4-3.18).
-
Currently, only
arm64-v8a,armeabi-v7a (bare)andX86_64(some) are supported.
Installation
Integration
Translation
If you need to submit a translation for the manager, please go to Crowdin.
KPM Support
- Based on KernelPatch, we removed features redundant with KSU and retained only KPM support.
- Work in Progress: Expanding APatch compatibility by integrating additional functions to ensure compatibility across different implementations.
Open-source repository: https://github.com/ShirkNeko/SukiSU_KernelPatch_patch
KPM template: https://github.com/udochina/KPM-Build-Anywhere
Note
- Requires
CONFIG_KPM=y- Non-GKI devices requires
CONFIG_KALLSYMS=yandCONFIG_KALLSYMS_ALL=y- For kernels below
4.19, backporting fromset_memory.hfrom4.19is required.
Troubleshooting
- Device stuck upon manager app uninstallation? Uninstall com.sony.playmemories.mobile
Sponsor
ShirkNeko's sponsorship list
- Ktouls Thanks so much for bringing me support.
- zaoqi123 Thanks for the milk tea.
- wswzgdg Many thanks for supporting this project.
- yspbwx2010 Many thanks.
- DARKWWEE 100 USDT
- Saksham Singla Provide and maintain the website
- OukaroMF Donation of website domain name
License
- The file in the “kernel” directory is under GPL-2.0-only license.
- The images of the files
ic_launcher(?!.*alt.*).*with anime character sticker are copyrighted by 怡子曰曰, the Brand Intellectual Property in the images is owned by 明风 OuO, and the vectorization is done by @MiRinChan. Before using these files, in addition to complying with Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International, you also need to comply with the authorization of the two authors to use these artistic contents. - Except for the files or directories mentioned above, all other parts are under GPL-3.0 or later license.
Credit
- KernelSU: upstream
- MKSU: Magic Mount
- RKSU: support non-GKI
- susfs: An addon root hiding kernel patches and userspace module for KernelSU.
- KernelPatch: KernelPatch is a key part of the APatch implementation of the kernel module
KernelSU's credit
- Kernel-Assisted Superuser: The KernelSU idea.
- Magisk: The powerful root tool.
- genuine: APK v2 signature validation.
- Diamorphine: Some rootkit skills.