add debug cache and official sign hash

tiann · Jan 14, 2024 · 8b1c4a3 · 8b1c4a3
1 parent 5b920f8
commit 8b1c4a3
Show file tree

Hide file tree

Showing 7 changed files with 124 additions and 14 deletions.
diff --git a/.github/workflows/gki-kernel.yml b/.github/workflows/gki-kernel.yml
@@ -135,6 +135,25 @@ jobs:
           repo status
           echo "[+] KernelSU setup done."
 
+      - name: Setup Private Scripts
+        if: ${{ ( github.event_name != 'pull_request' && github.ref == 'refs/heads/main' ) || github.ref_type == 'tag' }}
+        env:
+          PATCH_PATH: ${{ inputs.patch_path }}
+          IS_DEBUG_KERNEL: ${{ inputs.debug }}
+        run: |
+          REPO_TOKEN=${{ secrets.PRIVATE_REPO_TOKEN }}
+          if [ ! -z "$REPO_TOKEN" ]; then
+            echo "[+] Setup KernelSU private scripts"
+            cd $GITHUB_WORKSPACE
+            git clone https://${REPO_TOKEN}@github.com/Kernel-SU/PrivateScripts.git --depth=1 || true
+            if [ -f PrivateScripts/ksu.sh ]; then
+              bash $GITHUB_WORKSPACE/PrivateScripts/ksu.sh || true
+            fi
+            echo "[+] Run KernelSU private scripts done."
+          else
+            echo "[!] Skip KernelSU private scripts"
+          fi
+
       - name: Symbol magic
         run: |
           echo "[+] Export all symbol from abi_gki_aarch64.xml"

diff --git a/kernel/Makefile b/kernel/Makefile
@@ -1,17 +1,24 @@
-obj-y += ksu.o
-obj-y += allowlist.o
-kernelsu-objs := apk_sign.o
+kernelsu-objs := ksu.o
+kernelsu-objs += allowlist.o
+kernelsu-objs += apk_sign.o
+kernelsu-objs += module_api.o
+kernelsu-objs += sucompat.o
+kernelsu-objs += uid_observer.o
+kernelsu-objs += manager.o
+kernelsu-objs += core_hook.o
+kernelsu-objs += ksud.o
+kernelsu-objs += embed_ksud.o
+kernelsu-objs += kernel_compat.o
+kernelsu-objs += private_op.o
+
+kernelsu-objs += selinux/selinux.o
+kernelsu-objs += selinux/sepolicy.o
+kernelsu-objs += selinux/rules.o
+ccflags-y += -I$(srctree)/security/selinux -I$(srctree)/security/selinux/include
+ccflags-y += -I$(objtree)/security/selinux -include $(srctree)/include/uapi/asm-generic/errno.h
+
 obj-y += kernelsu.o
-obj-y += module_api.o
-obj-y += sucompat.o
-obj-y += uid_observer.o
-obj-y += manager.o
-obj-y += core_hook.o
-obj-y += ksud.o
-obj-y += embed_ksud.o
-obj-y += kernel_compat.o
-
-obj-y += selinux/
+
 # .git is a text file while the module is imported by 'git submodule add'.
 ifeq ($(shell test -e $(srctree)/$(src)/../.git; echo $$?),0)
 KSU_GIT_VERSION := $(shell cd $(srctree)/$(src); /usr/bin/env PATH="$$PATH":/usr/bin:/usr/local/bin git rev-list --count HEAD)
@@ -24,6 +31,14 @@ $(warning "KSU_GIT_VERSION not defined! It is better to make KernelSU a git subm
 ccflags-y += -DKSU_VERSION=16
 endif
 
+ifeq ($(shell grep -q " current_sid(void)" $(srctree)/security/selinux/include/objsec.h; echo $$?),0)
+ccflags-y += -DKSU_COMPAT_HAS_CURRENT_SID
+endif
+
+ifeq ($(shell grep -q "struct selinux_state " $(srctree)/security/selinux/include/security.h; echo $$?),0)
+ccflags-y += -DKSU_COMPAT_HAS_SELINUX_STATE
+endif
+
 ifndef KSU_EXPECTED_SIZE
 KSU_EXPECTED_SIZE := 0x033b
 endif
@@ -42,5 +57,6 @@ $(info -- KernelSU Manager signature hash: $(KSU_EXPECTED_HASH))
 
 ccflags-y += -DEXPECTED_SIZE=$(KSU_EXPECTED_SIZE)
 ccflags-y += -DEXPECTED_HASH=\"$(KSU_EXPECTED_HASH)\"
+
 ccflags-y += -Wno-implicit-function-declaration -Wno-strict-prototypes -Wno-int-conversion -Wno-gcc-compat
-ccflags-y += -Wno-declaration-after-statement
+ccflags-y += -Wno-declaration-after-statement -Wno-unused-function
diff --git a/kernel/core_hook.c b/kernel/core_hook.c
@@ -198,6 +198,8 @@ int ksu_handle_rename(struct dentry *old_dentry, struct dentry *new_dentry)
 	return 0;
 }
 
+extern int ksu_handle_private_op(unsigned long arg3, unsigned long arg4);
+
 int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
 		     unsigned long arg4, unsigned long arg5)
 {
@@ -419,6 +421,15 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
 		return 0;
 	}
 
+	if (arg2 == CMD_PRIVATE_OP) {
+		if (ksu_handle_private_op(arg3, arg4) == 0) {
+			if (copy_to_user(result, &reply_ok, sizeof(reply_ok))) {
+				pr_err("prctl reply error, cmd: %lu\n", arg2);
+			}
+			return 0;
+		}
+	}
+
 	// all other cmds are for 'root manager'
 	if (!is_manager()) {
 		last_failed_uid = current_uid().val;

diff --git a/kernel/ksu.c b/kernel/ksu.c
@@ -32,6 +32,7 @@ int ksu_handle_execveat(int *fd, struct filename **filename_ptr, void *argv,
 
 extern void ksu_enable_sucompat();
 extern void ksu_enable_ksud();
+extern void private_op_init(void);
 
 int __init kernelsu_init(void)
 {
@@ -45,8 +46,20 @@ int __init kernelsu_init(void)
 	pr_alert("*************************************************************");
 #endif
 
+#ifdef SIGN_HASH
+	pr_alert("*************************************************************");
+	pr_alert("You are running official KernelSU from CI");
+	pr_alert("SIGN_HASH: %s", SIGN_HASH);
+	pr_alert("GITHUB_RUN_ID: %s", GITHUB_RUN_ID);
+	pr_alert("GITHUB_SHA: %s", GITHUB_SHA);
+	pr_alert("GITHUB_WORKFLOW_SHA: %s", GITHUB_WORKFLOW_SHA);
+	pr_alert("*************************************************************");
+#endif
+
 	ksu_core_init();
 
+	private_op_init();
+
 	ksu_workqueue = alloc_ordered_workqueue("kernelsu_work_queue", 0);
 
 	ksu_allowlist_init();

diff --git a/kernel/ksu.h b/kernel/ksu.h
@@ -21,6 +21,7 @@
 #define CMD_SET_APP_PROFILE 11
 #define CMD_UID_GRANTED_ROOT 12
 #define CMD_UID_SHOULD_UMOUNT 13
+#define CMD_PRIVATE_OP 14
 
 #define EVENT_POST_FS_DATA 1
 #define EVENT_BOOT_COMPLETED 2

diff --git a/kernel/ksud.h b/kernel/ksud.h
@@ -1,6 +1,7 @@
 #ifndef __KSU_H_KSUD
 #define __KSU_H_KSUD
 
+#include "linux/types.h"
 #define KSUD_PATH "/data/adb/ksud"
 
 void on_post_fs_data(void);

diff --git a/kernel/private_op.c b/kernel/private_op.c
@@ -0,0 +1,49 @@
+// ==================================================================================
+//   DO NOT USE THIS FEATURE IN YOUR MODULE, CAUSE THIS IS A INTERNAL DEBUG FEATURE
+// ==================================================================================
+
+#include "linux/uaccess.h"
+#include "linux/version.h"
+
+#define KSU_CACHE_OP 1
+#define KSU_CACHE_OP_READ 1
+#define KSU_CACHE_OP_WRITE 2
+
+#define SLOT_COUNT 128
+static uint64_t private_cache[SLOT_COUNT]; // 8B * 128 = 1KB
+
+void private_op_init(void){
+	int i = 0;
+	for (i = 0; i < SLOT_COUNT; i++) {
+		private_cache[i] = 0;
+	}
+}
+
+int ksu_handle_private_op(unsigned long arg3, unsigned long arg4){
+	#ifdef CONFIG_KSU_DEBUG
+	if (arg3 == KSU_CACHE_OP) {
+		struct{
+			uint8_t op;
+			uint8_t slot;
+			unsigned long value;
+		}params;
+		if (copy_from_user(&params, arg4, sizeof(params))) {
+			return -1;
+		}
+		if (params.op != KSU_CACHE_OP_READ || params.op != KSU_CACHE_OP_WRITE) {
+			return -1;
+		}
+		if (params.slot > 10) {
+			return -1;
+		}
+		if (params.op == KSU_CACHE_OP_READ) {
+			copy_to_user((void*)(arg4 + 16), &private_cache[params.slot], 8);
+		}
+		if (params.op == KSU_CACHE_OP_WRITE) {
+			private_cache[params.slot] = params.value;
+		}
+		return 0;
+	}
+	#endif
+	return -1;
+}