Merge branch 'tiann:main' into main

whyakari · Oct 15, 2023 · f1d6a40 · f1d6a40
2 parents 2712e49 + 52f17cd
commit f1d6a40
Show file tree

Hide file tree

Showing 5 changed files with 47 additions and 32 deletions.
diff --git a/.github/workflows/build-kernel-wsa.yml b/.github/workflows/build-kernel-wsa.yml
@@ -18,7 +18,7 @@ jobs:
     strategy:
       matrix:
         arch: [x86_64, arm64]
-        version: ["5.15.94.2", "5.15.104.1", "5.15.104.2", "5.15.104.3"]
+        version: ["5.15.94.2", "5.15.104.1", "5.15.104.2", "5.15.104.3", "5.15.104.4"]
 
     name: Build WSA-Kernel-${{ matrix.version }}-${{ matrix.arch }}
     runs-on: ubuntu-20.04
@@ -29,22 +29,25 @@ jobs:
 
     steps:
       - name: Install Build Tools
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y --no-install-recommends bc bison build-essential ca-certificates flex git gnupg libelf-dev libssl-dev lsb-release software-properties-common wget libncurses-dev binutils-aarch64-linux-gnu gcc-aarch64-linux-gnu nuget gzip
-          export LLVM_VERSION=12
-          wget -q https://apt.llvm.org/llvm.sh
-          sudo bash ./llvm.sh $LLVM_VERSION
-          cd /usr/bin
-          sudo ln -sf clang-$LLVM_VERSION clang
-          sudo ln -sf ld.lld-$LLVM_VERSION ld.lld
-          sudo ln -sf llvm-objdump-$LLVM_VERSION llvm-objdump
-          sudo ln -sf llvm-ar-$LLVM_VERSION llvm-ar
-          sudo ln -sf llvm-nm-$LLVM_VERSION llvm-nm
-          sudo ln -sf llvm-strip-$LLVM_VERSION llvm-strip
-          sudo ln -sf llvm-objcopy-$LLVM_VERSION llvm-objcopy
-          sudo ln -sf llvm-readelf-$LLVM_VERSION llvm-readelf
-          sudo ln -sf clang++-$LLVM_VERSION clang++
+        uses: awalsh128/cache-apt-pkgs-action@v1
+        with:
+          packages: bc bison build-essential flex libelf-dev binutils-aarch64-linux-gnu gcc-aarch64-linux-gnu gzip ccache
+          version: 1.0
+
+      - name: Cache LLVM
+        id: cache-llvm
+        uses: actions/cache@v3
+        with:
+          path: ./llvm
+          key: llvm-12.0.1
+
+      - name: Setup LLVM
+        uses: KyleMayes/install-llvm-action@v1
+        with:
+          version: "12.0.1"
+          force-version: true
+          ubuntu-version: "16.04"
+          cached: ${{ steps.cache-llvm.outputs.cache-hit }}
 
       - name: Checkout KernelSU
         uses: actions/checkout@v4
@@ -88,13 +91,13 @@ jobs:
       - name: Build Kernel
         working-directory: WSA-Linux-Kernel
         run: |
-          declare -A ARCH_MAP=(["x86_64"]="x64" ["arm64"]="arm64")
-          cp configs/wsa/config-wsa-${ARCH_MAP[${{ matrix.arch }}]} .config
-          make olddefconfig
           if [ ! -z ${{ vars.EXPECTED_SIZE }} ] && [ ! -z ${{ vars.EXPECTED_HASH }} ]; then
             export KSU_EXPECTED_SIZE=${{ vars.EXPECTED_SIZE }}
             export KSU_EXPECTED_HASH=${{ vars.EXPECTED_HASH }}
           fi
+          declare -A ARCH_MAP=(["x86_64"]="x64" ["arm64"]="arm64")
+          cp configs/wsa/config-wsa-${ARCH_MAP[${{ matrix.arch }}]} .config
+          make olddefconfig
           declare -A FILE_NAME=(["x86_64"]="bzImage" ["arm64"]="Image")
           make -j`nproc` LLVM=1 ARCH=${{ matrix.arch }} $(if [ "${{ matrix.arch }}" == "arm64" ]; then echo CROSS_COMPILE=aarch64-linux-gnu; fi) ${FILE_NAME[${{ matrix.arch }}]} CCACHE="/usr/bin/ccache"
           declare -A ARCH_MAP_FILE=(["x86_64"]="x86" ["arm64"]="arm64")

diff --git a/kernel/allowlist.c b/kernel/allowlist.c
@@ -441,7 +441,7 @@ void do_load_allow_list(struct work_struct *work)
 	filp_close(fp, 0);
 }
 
-void ksu_prune_allowlist(bool (*is_uid_exist)(uid_t, void *), void *data)
+void ksu_prune_allowlist(bool (*is_uid_valid)(uid_t, char *, void *), void *data)
 {
 	struct perm_data *np = NULL;
 	struct perm_data *n = NULL;
@@ -451,11 +451,12 @@ void ksu_prune_allowlist(bool (*is_uid_exist)(uid_t, void *), void *data)
 	mutex_lock(&allowlist_mutex);
 	list_for_each_entry_safe (np, n, &allow_list, list) {
 		uid_t uid = np->profile.current_uid;
+		char *package = np->profile.key;
 		// we use this uid for special cases, don't prune it!
 		bool is_preserved_uid = uid == KSU_APP_PROFILE_PRESERVE_UID;
-		if (!is_preserved_uid && !is_uid_exist(uid, data)) {
+		if (!is_preserved_uid && !is_uid_valid(uid, package, data)) {
 			modified = true;
-			pr_info("prune uid: %d\n", uid);
+			pr_info("prune uid: %d, package: %s\n", uid, package);
 			list_del(&np->list);
 			allow_list_bitmap[uid / BITS_PER_BYTE] &= ~(1 << (uid % BITS_PER_BYTE));
 			remove_uid_from_arr(uid);

diff --git a/kernel/allowlist.h b/kernel/allowlist.h
@@ -17,7 +17,7 @@ bool __ksu_is_allow_uid(uid_t uid);
 
 bool ksu_get_allow_list(int *array, int *length, bool allow);
 
-void ksu_prune_allowlist(bool (*is_uid_exist)(uid_t, void *), void *data);
+void ksu_prune_allowlist(bool (*is_uid_exist)(uid_t, char *, void *), void *data);
 
 bool ksu_get_app_profile(struct app_profile *);
 bool ksu_set_app_profile(struct app_profile *, bool persist);

diff --git a/kernel/core_hook.c b/kernel/core_hook.c
@@ -233,7 +233,8 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
 		// someone wants to be root manager, just check it!
 		// arg3 should be `/data/user/<userId>/<manager_package_name>`
 		char param[128];
-		if (ksu_strncpy_from_user_nofault(param, arg3, sizeof(param)) == -EFAULT) {
+		if (ksu_strncpy_from_user_nofault(param, arg3, sizeof(param)) ==
+		    -EFAULT) {
 #ifdef CONFIG_KSU_DEBUG
 			pr_err("become_manager: copy param err\n");
 #endif
@@ -483,7 +484,8 @@ static bool should_umount(struct path *path)
 	return false;
 }
 
-static void ksu_umount_mnt(struct path *path, int flags) {
+static void ksu_umount_mnt(struct path *path, int flags)
+{
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 9, 0)
 	int err = path_umount(path, flags);
 	if (err) {
@@ -502,6 +504,11 @@ static void try_umount(const char *mnt, bool check_mnt, int flags)
 		return;
 	}
 
+	if (path.dentry != path.mnt->mnt_root) {
+		// it is not root mountpoint, maybe umounted by others already.
+		return;
+	}
+
 	// we are only interest in some specific mounts
 	if (check_mnt && !should_umount(&path)) {
 		return;

diff --git a/kernel/uid_observer.c b/kernel/uid_observer.c
@@ -20,16 +20,18 @@ static struct work_struct ksu_update_uid_work;
 struct uid_data {
 	struct list_head list;
 	u32 uid;
+	char package[KSU_MAX_PACKAGE_NAME];
 };
 
-static bool is_uid_exist(uid_t uid, void *data)
+static bool is_uid_exist(uid_t uid, char *package, void *data)
 {
 	struct list_head *list = (struct list_head *)data;
 	struct uid_data *np;
 
 	bool exist = false;
 	list_for_each_entry (np, list, list) {
-		if (np->uid == uid % 100000) {
+		if (np->uid == uid % 100000 &&
+		    strncmp(np->package, package, KSU_MAX_PACKAGE_NAME) == 0) {
 			exist = true;
 			break;
 		}
@@ -39,7 +41,8 @@ static bool is_uid_exist(uid_t uid, void *data)
 
 static void do_update_uid(struct work_struct *work)
 {
-	struct file *fp = ksu_filp_open_compat(SYSTEM_PACKAGES_LIST_PATH, O_RDONLY, 0);
+	struct file *fp =
+		ksu_filp_open_compat(SYSTEM_PACKAGES_LIST_PATH, O_RDONLY, 0);
 	if (IS_ERR(fp)) {
 		pr_err("do_update_uid, open " SYSTEM_PACKAGES_LIST_PATH
 		       " failed: %d\n",
@@ -73,10 +76,10 @@ static void do_update_uid(struct work_struct *work)
 
 		char *tmp = buf;
 		const char *delim = " ";
-		strsep(&tmp, delim); // skip package
+		char *package = strsep(&tmp, delim);
 		char *uid = strsep(&tmp, delim);
-		if (!uid) {
-			pr_err("update_uid: uid is NULL!\n");
+		if (!uid || !package) {
+			pr_err("update_uid: package or uid is NULL!\n");
 			continue;
 		}
 
@@ -86,6 +89,7 @@ static void do_update_uid(struct work_struct *work)
 			continue;
 		}
 		data->uid = res;
+		strncpy(data->package, package, KSU_MAX_PACKAGE_NAME);
 		list_add_tail(&data->list, &uid_list);
 		// reset line start
 		line_start = pos;