Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Hook syscalls and stable symbols #1657

Merged
merged 7 commits into from
Apr 26, 2024
Merged

Hook syscalls and stable symbols #1657

merged 7 commits into from
Apr 26, 2024

Conversation

anotherjin
Copy link
Contributor

  1. Replace do_execveat_common with sys_execve and sys_execveat
  2. Replace input_handle_event with input_event and input_inject_event

Tested on android12-5.10-2024-04, android13-5.15-2024-04. android14-6.1-2024-04

1. Replace `do_execveat_common` with `sys_execve` and `sys_execveat`
2. Replace `input_handle_event` with `input_event` and `input_inject_event`
@tiann
Copy link
Owner

tiann commented Apr 23, 2024

There are generally several scenarios where su is needed:

  1. Call su through shell, i.e. /system/bin/sh
  2. Call Runtime.exec() directly in Java
  3. Call execve directly in jni

Therefore, I think we don't need to handle so many execve calls, because:

  1. The compat_ series is not needed; because we don't support 32-bit ourselves; for the case of "kernel is 64-bit, but system is 32-bit", this situation did exist, but we have never provided a 32-bit manager, so it has never been supported, too.
  2. The execveat series does not need to be handled; because

I think it should work fine to remove those three kprobes.

1. compat syscalls are not used for there is no 32bit manager
2. Android uses execve only
@anotherjin
Copy link
Contributor Author

There are generally several scenarios where su is needed:

  1. Call su through shell, i.e. /system/bin/sh
  2. Call Runtime.exec() directly in Java
  3. Call execve directly in jni

Therefore, I think we don't need to handle so many execve calls, because:

  1. The compat_ series is not needed; because we don't support 32-bit ourselves; for the case of "kernel is 64-bit, but system is 32-bit", this situation did exist, but we have never provided a 32-bit manager, so it has never been supported, too.

  2. The execveat series does not need to be handled; because

I think it should work fine to remove those three kprobes.

In old implemention, hooking do_execveat_common equals hooking those syscalls since they calls this function. I'll remove these hooks you think it useless in a new commit, but I'm not sure about whether it will break any application.

kernel/sucompat.c Outdated Show resolved Hide resolved
kernel/ksud.c Outdated Show resolved Hide resolved
Don't use `__getname` function to avoid memory allocation
@anotherjin
Copy link
Contributor Author

fixed

@anotherjin anotherjin requested a review from tiann April 25, 2024 05:28
kernel/ksud.c Outdated Show resolved Hide resolved
@anotherjin anotherjin requested a review from tiann April 25, 2024 12:44
tiann
tiann previously approved these changes Apr 25, 2024
@tiann
Copy link
Owner

tiann commented Apr 25, 2024

drivers/kernelsu/sucompat.c:278:17: error: use of undeclared identifier 'SYS_EXECVE_SYMBOL'
.symbol_name = SYS_EXECVE_SYMBOL,
^
1 error generated.
make[2]: *** [scripts/Makefile.build:287: drivers/kernelsu/sucompat.o] Error 1
make[1]: *** [scripts/Makefile.build:549: drivers/kernelsu] Error 2
make: *** [Makefile:1957: drivers] Error 2

x86_64 failed

@anotherjin
Copy link
Contributor Author

drivers/kernelsu/sucompat.c:278:17: error: use of undeclared identifier 'SYS_EXECVE_SYMBOL'
.symbol_name = SYS_EXECVE_SYMBOL,
^
1 error generated.
make[2]: *** [scripts/Makefile.build:287: drivers/kernelsu/sucompat.o] Error 1
make[1]: *** [scripts/Makefile.build:549: drivers/kernelsu] Error 2
make: *** [Makefile:1957: drivers] Error 2

x86_64 failed

Fixed in 14def44

@tiann tiann merged commit 2027ac3 into tiann:main Apr 26, 2024
17 checks passed
xeunBin pushed a commit to xeunBin/KernelSU-Next-4.14 that referenced this pull request Jan 19, 2025
1. Replace `do_execveat_common` with `sys_execve` and `sys_execveat`
2. Replace `input_handle_event` with `input_event` and
`input_inject_event`

Tested on android12-5.10-2024-04, android13-5.15-2024-04.
android14-6.1-2024-04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants