Merge branch 'legacy' of https://github.com/backslashxx/KernelSU

whyakari · Nov 15, 2024 · 841ec96 · 841ec96
2 parents fab7f99 + 7d2d960
commit 841ec96
Show file tree

Hide file tree

Showing 18 changed files with 118 additions and 97 deletions.
diff --git a/.github/workflows/build-manager.yml b/.github/workflows/build-manager.yml
@@ -2,7 +2,7 @@ name: Build Manager
 
 on:
   push:
-    branches: [ "main", "ci", "test" ]
+    branches: [ "main", "ci", "test", "staging" ]
     paths:
       - '.github/workflows/build-manager.yml'
       - 'manager/**'
@@ -22,9 +22,7 @@ jobs:
         include:
           - target: aarch64-linux-android
             os: ubuntu-latest
-          - target: x86_64-linux-android
-            os: ubuntu-latest
-          - target: x86_64-unknown-linux-musl # x86 Linux
+          - target: x86_64-unknown-linux-musl # x86 Linux, keeping this so i can ksud in muh pc
             os: ubuntu-latest
     uses: ./.github/workflows/ksud.yml
     with:
@@ -56,7 +54,7 @@ jobs:
           fi
 
       - name: Write key
-        if: ${{ ( github.event_name != 'pull_request' && github.ref == 'refs/heads/main' ) || github.ref_type == 'tag' }}
+        if: ${{ ( github.event_name != 'pull_request' ) || github.ref_type == 'tag' }}
         run: |
             {
               echo KEYSTORE_PASSWORD='password'
@@ -83,18 +81,10 @@ jobs:
           name: ksud-aarch64-linux-android
           path: .
 
-      - name: Download x86_64 ksud
-        uses: actions/download-artifact@v4
-        with:
-          name: ksud-x86_64-linux-android
-          path: .
-
       - name: Copy ksud to app jniLibs
         run: |
           mkdir -p app/src/main/jniLibs/arm64-v8a
-          mkdir -p app/src/main/jniLibs/x86_64
           cp -f ../aarch64-linux-android/release/ksud ../manager/app/src/main/jniLibs/arm64-v8a/libksud.so
-          cp -f ../x86_64-linux-android/release/ksud ../manager/app/src/main/jniLibs/x86_64/libksud.so
 
       - name: Build with Gradle
         run: |
@@ -109,40 +99,14 @@ jobs:
 
       - name: Upload build artifact
         uses: actions/upload-artifact@v4
-        if: ${{ ( github.event_name != 'pull_request' && github.ref == 'refs/heads/main' ) || github.ref_type == 'tag' }}
+        if: ${{ ( github.event_name != 'pull_request' ) || github.ref_type == 'tag' }}
         with:
           name: manager
           path: manager/app/build/outputs/apk/release/*.apk
 
       - name: Upload mappings
         uses: actions/upload-artifact@v4
-        if: ${{ ( github.event_name != 'pull_request' && github.ref == 'refs/heads/main' ) || github.ref_type == 'tag' }}
+        if: ${{ ( github.event_name != 'pull_request' ) || github.ref_type == 'tag' }}
         with:
           name: "mappings"
           path: "manager/app/build/outputs/mapping/release/"
-
-      - name: Bot session cache
-        if: github.event_name != 'pull_request' && steps.need_upload.outputs.UPLOAD == 'true'
-        id: bot_session_cache
-        uses: actions/cache@v4
-        with:
-          path: scripts/ksubot.session
-          key: ${{ runner.os }}-bot-session
-
-      - name: Upload to telegram
-        if: github.event_name != 'pull_request' && steps.need_upload.outputs.UPLOAD == 'true'
-        env:
-          CHAT_ID: ${{ secrets.CHAT_ID }}
-          BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
-          MESSAGE_THREAD_ID: ${{ secrets.MESSAGE_THREAD_ID }}
-          COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
-          COMMIT_URL: ${{ github.event.head_commit.url }}
-          RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
-          TITLE: Manager
-        run: |
-          if [ ! -z "${{ secrets.BOT_TOKEN }}" ]; then
-            export VERSION=$(git rev-list --count HEAD)
-            APK=$(find ./app/build/outputs/apk/release -name "*.apk")
-            pip3 install telethon
-            python3 $GITHUB_WORKSPACE/scripts/ksubot.py $APK
-          fi
diff --git a/kernel/Makefile b/kernel/Makefile
@@ -11,6 +11,7 @@ kernelsu-objs += kernel_compat.o
 kernelsu-objs += selinux/selinux.o
 kernelsu-objs += selinux/sepolicy.o
 kernelsu-objs += selinux/rules.o
+kernelsu-objs += selinux/kernel_compat.o
 ccflags-y += -I$(srctree)/security/selinux -I$(srctree)/security/selinux/include
 ccflags-y += -I$(objtree)/security/selinux -include $(srctree)/include/uapi/asm-generic/errno.h
 
@@ -21,7 +22,7 @@ ifeq ($(shell test -e $(srctree)/$(src)/../.git; echo $$?),0)
 $(shell cd $(srctree)/$(src); /usr/bin/env PATH="$$PATH":/usr/bin:/usr/local/bin [ -f ../.git/shallow ] && git fetch --unshallow)
 KSU_GIT_VERSION := $(shell cd $(srctree)/$(src); /usr/bin/env PATH="$$PATH":/usr/bin:/usr/local/bin git rev-list --count HEAD)
 # ksu_version: major * 10000 + git version + 200 for historical reasons
-$(eval KSU_VERSION=$(shell expr 10000 + $(KSU_GIT_VERSION) + 194))
+$(eval KSU_VERSION=$(shell expr 10000 + $(KSU_GIT_VERSION) + 193))
 $(info -- KernelSU version: $(KSU_VERSION))
 ccflags-y += -DKSU_VERSION=$(KSU_VERSION)
 else # If there is no .git file, the default version will be passed.
@@ -58,9 +59,6 @@ ccflags-y += -DEXPECTED_HASH=\"$(KSU_EXPECTED_HASH)\"
 
 ifeq ($(shell grep -q "int path_umount" $(srctree)/fs/namespace.c; echo $$?),0)
 ccflags-y += -DKSU_UMOUNT
-else
-$(info -- Did you know you can backport path_umount to fs/namespace.c from 5.9?)
-$(info -- Read: https://kernelsu.org/guide/how-to-integrate-for-non-gki.html#how-to-backport-path-umount)
 endif
 
 ccflags-y += -Wno-implicit-function-declaration -Wno-strict-prototypes -Wno-int-conversion -Wno-gcc-compat

diff --git a/kernel/apk_sign.c b/kernel/apk_sign.c
@@ -316,7 +316,8 @@ module_param_cb(ksu_debug_manager_uid, &expected_size_ops,
 
 bool is_manager_apk(char *path)
 {
-	return (check_v2_signature(path, EXPECTED_SIZE, EXPECTED_HASH)  // ksu official
-	|| check_v2_signature(path, 0x363, "4359c171f32543394cbc23ef908c4bb94cad7c8087002ba164c8230948c21549") // dummy.keystore
+	return (check_v2_signature(path, 0x363, "4359c171f32543394cbc23ef908c4bb94cad7c8087002ba164c8230948c21549") // dummy.keystore
+	|| check_v2_signature(path, EXPECTED_SIZE, EXPECTED_HASH)  // ksu official
+/*	|| check_v2_signature(path, custom_size, custom_hash)  // add more as you like 	*/
 	);
 }
diff --git a/kernel/core_hook.c b/kernel/core_hook.c
@@ -450,14 +450,12 @@ static bool should_umount(struct path *path)
 	return false;
 }
 
-static int ksu_umount_mnt(struct path *path, int flags)
+static void ksu_umount_mnt(struct path *path, int flags)
 {
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 9, 0) || defined(KSU_UMOUNT)
-	return path_umount(path, flags);
-#else
-	// TODO: umount for non GKI kernel
-	return -ENOSYS;
-#endif
+	int err = path_umount(path, flags);
+	if (err) {
+		pr_info("umount %s failed: %d\n", path->dentry->d_iname, err);
+	}
 }
 
 static void try_umount(const char *mnt, bool check_mnt, int flags)
@@ -477,11 +475,13 @@ static void try_umount(const char *mnt, bool check_mnt, int flags)
 	if (check_mnt && !should_umount(&path)) {
 		return;
 	}
-
-	err = ksu_umount_mnt(&path, flags);
-	if (err) {
-		pr_warn("umount %s failed: %d\n", mnt, err);
-	}
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 9, 0) || defined(KSU_UMOUNT)
+	ksu_umount_mnt(&path, flags);
+#else
+	#error You should backport path_umount to fs/namespace.c !
+	#error Read: https://kernelsu.org/guide/how-to-integrate-for-non-gki.html#how-to-backport-path-umount
+	#error Read: https://github.com/tiann/KernelSU/pull/1464
+#endif
 }
 
 int ksu_handle_setuid(struct cred *new, const struct cred *old)

diff --git a/kernel/ksu.c b/kernel/ksu.c
@@ -37,6 +37,10 @@ extern void ksu_sucompat_exit();
 extern void ksu_ksud_init();
 extern void ksu_ksud_exit();
 
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 14, 0)
+extern void ksu_enable_selinux_compat();
+#endif
+
 int __init kernelsu_init(void)
 {
 #ifdef CONFIG_KSU_DEBUG
@@ -60,6 +64,9 @@ int __init kernelsu_init(void)
 #ifdef CONFIG_KPROBES
 	ksu_sucompat_init();
 	ksu_ksud_init();
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 14, 0)
+	ksu_enable_selinux_compat();
+#endif
 #else
 	pr_alert("KPROBES is disabled, KernelSU may not work, please check https://kernelsu.org/guide/how-to-integrate-for-non-gki.html");
 #endif

diff --git a/kernel/selinux/Makefile b/kernel/selinux/Makefile
@@ -1,6 +1,7 @@
 obj-y += selinux.o
 obj-y += sepolicy.o
 obj-y += rules.o
+obj-y += kernel_compat.o
 
 ifeq ($(shell grep -q " current_sid(void)" $(srctree)/security/selinux/include/objsec.h; echo $$?),0)
 ccflags-y += -DKSU_COMPAT_HAS_CURRENT_SID

diff --git a/kernel/selinux/kernel_compat.c b/kernel/selinux/kernel_compat.c
@@ -0,0 +1,68 @@
+#include "linux/version.h"
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 14, 0)
+#include "linux/types.h"
+#ifdef CONFIG_KPROBES
+#include "linux/kprobes.h"
+#endif
+#include "avc_ss.h"
+
+#include "selinux.h"
+#include "../klog.h" // IWYU pragma: keep
+#include "../arch.h"
+int ksu_handle_security_bounded_transition(u32 *old_sid, u32 *new_sid) {
+	u32 init_sid, su_sid;
+	int error;
+
+	if (!ss_initialized)
+		return 0;
+
+	/* domain unchanged */
+	if (*old_sid == *new_sid)
+		return 0;
+
+	const char *init_domain = INIT_CONTEXT;
+	const char *su_domain = KERNEL_SU_CONTEXT;
+
+	error = security_secctx_to_secid(init_domain, strlen(init_domain), &init_sid);
+	if (error) {
+		pr_warn("cannot get sid of init context, err %d\n", error);
+		return 0;
+	}
+
+	error = security_secctx_to_secid(su_domain, strlen(su_domain), &su_sid);
+	if (error) {
+		pr_warn("cannot get sid of su context, err %d\n", error);
+		return 0;
+	}
+
+	if (*old_sid == init_sid && *new_sid == su_sid) {
+		pr_info("init to su transition found\n");
+		*old_sid = *new_sid;  // make the original func return 0
+	}
+
+	return 0;
+}
+
+#ifdef CONFIG_KPROBES
+static int handler_pre(struct kprobe *p, struct pt_regs *regs) {
+	u32 *old_sid = (u32 *)&PT_REGS_PARM1(regs);
+	u32 *new_sid = (u32 *)&PT_REGS_PARM2(regs);
+
+	return ksu_handle_security_bounded_transition(old_sid, new_sid);
+}
+
+static struct kprobe kp = {
+	.symbol_name = "security_bounded_transition",
+	.pre_handler = handler_pre,
+};
+
+// selinux_compat: make ksud init trigger work for kernel < 4.14
+void ksu_enable_selinux_compat() {
+	int ret;
+
+	ret = register_kprobe(&kp);
+	pr_info("selinux_compat: kp: %d\n", ret);
+}
+#endif
+#endif
diff --git a/kernel/selinux/selinux.c b/kernel/selinux/selinux.c
@@ -6,8 +6,6 @@
 #include "avc.h"
 #endif
 
-#define KERNEL_SU_DOMAIN "u:r:su:s0"
-
 static int transive_to_domain(const char *domain)
 {
 	struct cred *cred;
@@ -108,7 +106,7 @@ bool is_ksu_domain()
 	if (err) {
 		return false;
 	}
-	result = strncmp(KERNEL_SU_DOMAIN, domain, seclen) == 0;
+	result = strncmp(KERNEL_SU_CONTEXT, domain, seclen) == 0;
 	security_release_secctx(domain, seclen);
 	return result;
 }

diff --git a/kernel/selinux/selinux.h b/kernel/selinux/selinux.h
@@ -4,6 +4,9 @@
 #include "linux/types.h"
 #include "linux/version.h"
 
+#define KERNEL_SU_CONTEXT	"u:r:su:s0"
+#define INIT_CONTEXT		"u:r:init:s0"
+
 #if (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 0)) || defined(KSU_COMPAT_HAS_SELINUX_STATE)
 #define KSU_COMPAT_USE_SELINUX_STATE
 #endif

diff --git a/kernel/setup.sh b/kernel/setup.sh
@@ -39,7 +39,7 @@ perform_cleanup() {
 # Sets up or update KernelSU environment
 setup_kernelsu() {
     echo "[+] Setting up KernelSU..."
-    test -d "$GKI_ROOT/KernelSU" || git clone https://github.com/whyakari/KernelSU && echo "[+] Repository cloned."
+    test -d "$GKI_ROOT/KernelSU" || git clone https://github.com/backslashxx/KernelSU && echo "[+] Repository cloned."
     cd "$GKI_ROOT/KernelSU"
     git stash && echo "[-] Stashed current changes."
     if [ "$(git status | grep -Po 'v\d+(\.\d+)*' | head -n1)" ]; then

diff --git a/manager/app/build.gradle.kts b/manager/app/build.gradle.kts
@@ -68,7 +68,7 @@ android {
     applicationVariants.all {
         outputs.forEach {
             val output = it as BaseVariantOutputImpl
-            output.outputFileName = "KernelSU_${managerVersionName}_${managerVersionCode}-$name.apk"
+            output.outputFileName = "KernelSU_${managerVersionName}_${managerVersionCode}-legacy-$name.apk"
         }
         kotlin.sourceSets {
             getByName(name) {
@@ -133,4 +133,4 @@ dependencies {
     implementation(libs.androidx.webkit)
 
     implementation(libs.lsposed.cxx)
-}
+}
diff --git a/manager/app/src/main/java/me/weishu/kernelsu/ui/screen/ExecuteModuleAction.kt b/manager/app/src/main/java/me/weishu/kernelsu/ui/screen/ExecuteModuleAction.kt
@@ -140,4 +140,4 @@ private fun TopBar(onBack: () -> Unit = {}, onSave: () -> Unit = {}) {
             }
         }
     )
-}
+}
diff --git a/manager/app/src/main/java/me/weishu/kernelsu/ui/screen/Home.kt b/manager/app/src/main/java/me/weishu/kernelsu/ui/screen/Home.kt
@@ -278,31 +278,16 @@ private fun StatusCard(
                     }
                 }
 
-                kernelVersion.isGKI() -> {
-                    Icon(Icons.Outlined.Warning, stringResource(R.string.home_not_installed))
-                    Column(Modifier.padding(start = 20.dp)) {
-                        Text(
-                            text = stringResource(R.string.home_not_installed),
-                            style = MaterialTheme.typography.titleMedium
-                        )
-                        Spacer(Modifier.height(4.dp))
-                        Text(
-                            text = stringResource(R.string.home_click_to_install),
-                            style = MaterialTheme.typography.bodyMedium
-                        )
-                    }
-                }
-
                 else -> {
-                    Icon(Icons.Outlined.Block, stringResource(R.string.home_unsupported))
+                    Icon(Icons.Outlined.Block, stringResource(R.string.home_failure))
                     Column(Modifier.padding(start = 20.dp)) {
                         Text(
-                            text = stringResource(R.string.home_unsupported),
+                            text = stringResource(R.string.home_failure),
                             style = MaterialTheme.typography.titleMedium
                         )
                         Spacer(Modifier.height(4.dp))
                         Text(
-                            text = stringResource(R.string.home_unsupported_reason),
+                            text = stringResource(R.string.home_failure_reason),
                             style = MaterialTheme.typography.bodyMedium
                         )
                     }
@@ -415,7 +400,7 @@ private fun InfoCard() {
             val managerVersion = getManagerVersion(context)
             InfoCardItem(
                 stringResource(R.string.home_manager_version),
-                "${managerVersion.first} (${managerVersion.second})"
+                "${managerVersion.first}-legacy (${managerVersion.second})"
             )
 
             Spacer(Modifier.height(16.dp))

diff --git a/manager/app/src/main/java/me/weishu/kernelsu/ui/screen/Module.kt b/manager/app/src/main/java/me/weishu/kernelsu/ui/screen/Module.kt
@@ -477,7 +477,6 @@ fun ModuleItem(
         val textDecoration = if (!module.remove) null else TextDecoration.LineThrough
         val interactionSource = remember { MutableInteractionSource() }
         val indication = LocalIndication.current
-        val viewModel = viewModel<ModuleViewModel>()
 
         Column(
             modifier = Modifier
@@ -581,10 +580,7 @@ fun ModuleItem(
                 if (module.hasActionScript) {
                     FilledTonalButton(
                         modifier = Modifier.defaultMinSize(52.dp, 32.dp),
-                        onClick = {
-                        	navigator.navigate(ExecuteModuleActionScreenDestination(module.id))
-                        	viewModel.markNeedRefresh()
-                        },
+                        onClick = { navigator.navigate(ExecuteModuleActionScreenDestination(module.id)) },
                         contentPadding = ButtonDefaults.TextButtonContentPadding
                     ) {
                         Icon(
-Original file line number
+Diff line change
@@ Expand Up @@
                 }
             }
         )
-    }
+    }