From 79951f06ed94baad11d2e6a85745311535e6df87 Mon Sep 17 00:00:00 2001 From: weishu Date: Thu, 12 Oct 2023 14:24:41 +0800 Subject: [PATCH 1/4] kernel: ignore path that's not mountpoint --- kernel/core_hook.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/kernel/core_hook.c b/kernel/core_hook.c index 3ab88f572fe7..176a0239db0a 100644 --- a/kernel/core_hook.c +++ b/kernel/core_hook.c @@ -233,7 +233,8 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3, // someone wants to be root manager, just check it! // arg3 should be `/data/user//` char param[128]; - if (ksu_strncpy_from_user_nofault(param, arg3, sizeof(param)) == -EFAULT) { + if (ksu_strncpy_from_user_nofault(param, arg3, sizeof(param)) == + -EFAULT) { #ifdef CONFIG_KSU_DEBUG pr_err("become_manager: copy param err\n"); #endif @@ -483,7 +484,8 @@ static bool should_umount(struct path *path) return false; } -static void ksu_umount_mnt(struct path *path, int flags) { +static void ksu_umount_mnt(struct path *path, int flags) +{ #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 9, 0) int err = path_umount(path, flags); if (err) { @@ -502,6 +504,11 @@ static void try_umount(const char *mnt, bool check_mnt, int flags) return; } + if (path.dentry != path.mnt->mnt_root) { + // it is not root mountpoint, maybe umounted by others already. + return; + } + // we are only interest in some specific mounts if (check_mnt && !should_umount(&path)) { return; From b1830049f12a5b8c35d5fc3a27cd4afc3d24663c Mon Sep 17 00:00:00 2001 From: weishu Date: Thu, 12 Oct 2023 15:44:43 +0800 Subject: [PATCH 2/4] kernel: prune allowlist with package name and uid --- kernel/allowlist.c | 7 ++++--- kernel/allowlist.h | 2 +- kernel/uid_observer.c | 16 ++++++++++------ 3 files changed, 15 insertions(+), 10 deletions(-) diff --git a/kernel/allowlist.c b/kernel/allowlist.c index 4a23e40143d2..f1115eb531bf 100644 --- a/kernel/allowlist.c +++ b/kernel/allowlist.c @@ -441,7 +441,7 @@ void do_load_allow_list(struct work_struct *work) filp_close(fp, 0); } -void ksu_prune_allowlist(bool (*is_uid_exist)(uid_t, void *), void *data) +void ksu_prune_allowlist(bool (*is_uid_valid)(uid_t, char *, void *), void *data) { struct perm_data *np = NULL; struct perm_data *n = NULL; @@ -451,11 +451,12 @@ void ksu_prune_allowlist(bool (*is_uid_exist)(uid_t, void *), void *data) mutex_lock(&allowlist_mutex); list_for_each_entry_safe (np, n, &allow_list, list) { uid_t uid = np->profile.current_uid; + char *package = np->profile.key; // we use this uid for special cases, don't prune it! bool is_preserved_uid = uid == KSU_APP_PROFILE_PRESERVE_UID; - if (!is_preserved_uid && !is_uid_exist(uid, data)) { + if (!is_preserved_uid && !is_uid_valid(uid, package, data)) { modified = true; - pr_info("prune uid: %d\n", uid); + pr_info("prune uid: %d, package: %s\n", uid, package); list_del(&np->list); allow_list_bitmap[uid / BITS_PER_BYTE] &= ~(1 << (uid % BITS_PER_BYTE)); remove_uid_from_arr(uid); diff --git a/kernel/allowlist.h b/kernel/allowlist.h index 04d47fb75b66..298624bca4ee 100644 --- a/kernel/allowlist.h +++ b/kernel/allowlist.h @@ -17,7 +17,7 @@ bool __ksu_is_allow_uid(uid_t uid); bool ksu_get_allow_list(int *array, int *length, bool allow); -void ksu_prune_allowlist(bool (*is_uid_exist)(uid_t, void *), void *data); +void ksu_prune_allowlist(bool (*is_uid_exist)(uid_t, char *, void *), void *data); bool ksu_get_app_profile(struct app_profile *); bool ksu_set_app_profile(struct app_profile *, bool persist); diff --git a/kernel/uid_observer.c b/kernel/uid_observer.c index b12eff11c450..155c5fcc193a 100644 --- a/kernel/uid_observer.c +++ b/kernel/uid_observer.c @@ -20,16 +20,18 @@ static struct work_struct ksu_update_uid_work; struct uid_data { struct list_head list; u32 uid; + char package[KSU_MAX_PACKAGE_NAME]; }; -static bool is_uid_exist(uid_t uid, void *data) +static bool is_uid_exist(uid_t uid, char *package, void *data) { struct list_head *list = (struct list_head *)data; struct uid_data *np; bool exist = false; list_for_each_entry (np, list, list) { - if (np->uid == uid % 100000) { + if (np->uid == uid % 100000 && + strcmp(np->package, package) == 0) { exist = true; break; } @@ -39,7 +41,8 @@ static bool is_uid_exist(uid_t uid, void *data) static void do_update_uid(struct work_struct *work) { - struct file *fp = ksu_filp_open_compat(SYSTEM_PACKAGES_LIST_PATH, O_RDONLY, 0); + struct file *fp = + ksu_filp_open_compat(SYSTEM_PACKAGES_LIST_PATH, O_RDONLY, 0); if (IS_ERR(fp)) { pr_err("do_update_uid, open " SYSTEM_PACKAGES_LIST_PATH " failed: %d\n", @@ -73,10 +76,10 @@ static void do_update_uid(struct work_struct *work) char *tmp = buf; const char *delim = " "; - strsep(&tmp, delim); // skip package + char *package = strsep(&tmp, delim); char *uid = strsep(&tmp, delim); - if (!uid) { - pr_err("update_uid: uid is NULL!\n"); + if (!uid || !package) { + pr_err("update_uid: package or uid is NULL!\n"); continue; } @@ -86,6 +89,7 @@ static void do_update_uid(struct work_struct *work) continue; } data->uid = res; + strcpy(data->package, package); list_add_tail(&data->list, &uid_list); // reset line start line_start = pos; From 3408f944e66153ec9a778782bcd1f26aa676926a Mon Sep 17 00:00:00 2001 From: weishu Date: Thu, 12 Oct 2023 15:52:10 +0800 Subject: [PATCH 3/4] kernel: use strncpy and strncmp --- kernel/uid_observer.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/uid_observer.c b/kernel/uid_observer.c index 155c5fcc193a..09b0d71f6a32 100644 --- a/kernel/uid_observer.c +++ b/kernel/uid_observer.c @@ -31,7 +31,7 @@ static bool is_uid_exist(uid_t uid, char *package, void *data) bool exist = false; list_for_each_entry (np, list, list) { if (np->uid == uid % 100000 && - strcmp(np->package, package) == 0) { + strncmp(np->package, package, KSU_MAX_PACKAGE_NAME) == 0) { exist = true; break; } @@ -89,7 +89,7 @@ static void do_update_uid(struct work_struct *work) continue; } data->uid = res; - strcpy(data->package, package); + strncpy(data->package, package, KSU_MAX_PACKAGE_NAME); list_add_tail(&data->list, &uid_list); // reset line start line_start = pos; From 52f17cde40162b3570e653501d00d864c8ccd982 Mon Sep 17 00:00:00 2001 From: Syuugo Date: Fri, 13 Oct 2023 20:51:25 +0900 Subject: [PATCH 4/4] Optimize for build WSA kernels (#1025) `5.15.104.4` will not be released, so commit internal changes first. --- .github/workflows/build-kernel-wsa.yml | 43 ++++++++++++++------------ 1 file changed, 23 insertions(+), 20 deletions(-) diff --git a/.github/workflows/build-kernel-wsa.yml b/.github/workflows/build-kernel-wsa.yml index b204e6b0d6b3..d3990c20bf06 100644 --- a/.github/workflows/build-kernel-wsa.yml +++ b/.github/workflows/build-kernel-wsa.yml @@ -18,7 +18,7 @@ jobs: strategy: matrix: arch: [x86_64, arm64] - version: ["5.15.94.2", "5.15.104.1", "5.15.104.2", "5.15.104.3"] + version: ["5.15.94.2", "5.15.104.1", "5.15.104.2", "5.15.104.3", "5.15.104.4"] name: Build WSA-Kernel-${{ matrix.version }}-${{ matrix.arch }} runs-on: ubuntu-20.04 @@ -29,22 +29,25 @@ jobs: steps: - name: Install Build Tools - run: | - sudo apt-get update - sudo apt-get install -y --no-install-recommends bc bison build-essential ca-certificates flex git gnupg libelf-dev libssl-dev lsb-release software-properties-common wget libncurses-dev binutils-aarch64-linux-gnu gcc-aarch64-linux-gnu nuget gzip - export LLVM_VERSION=12 - wget -q https://apt.llvm.org/llvm.sh - sudo bash ./llvm.sh $LLVM_VERSION - cd /usr/bin - sudo ln -sf clang-$LLVM_VERSION clang - sudo ln -sf ld.lld-$LLVM_VERSION ld.lld - sudo ln -sf llvm-objdump-$LLVM_VERSION llvm-objdump - sudo ln -sf llvm-ar-$LLVM_VERSION llvm-ar - sudo ln -sf llvm-nm-$LLVM_VERSION llvm-nm - sudo ln -sf llvm-strip-$LLVM_VERSION llvm-strip - sudo ln -sf llvm-objcopy-$LLVM_VERSION llvm-objcopy - sudo ln -sf llvm-readelf-$LLVM_VERSION llvm-readelf - sudo ln -sf clang++-$LLVM_VERSION clang++ + uses: awalsh128/cache-apt-pkgs-action@v1 + with: + packages: bc bison build-essential flex libelf-dev binutils-aarch64-linux-gnu gcc-aarch64-linux-gnu gzip ccache + version: 1.0 + + - name: Cache LLVM + id: cache-llvm + uses: actions/cache@v3 + with: + path: ./llvm + key: llvm-12.0.1 + + - name: Setup LLVM + uses: KyleMayes/install-llvm-action@v1 + with: + version: "12.0.1" + force-version: true + ubuntu-version: "16.04" + cached: ${{ steps.cache-llvm.outputs.cache-hit }} - name: Checkout KernelSU uses: actions/checkout@v4 @@ -88,13 +91,13 @@ jobs: - name: Build Kernel working-directory: WSA-Linux-Kernel run: | - declare -A ARCH_MAP=(["x86_64"]="x64" ["arm64"]="arm64") - cp configs/wsa/config-wsa-${ARCH_MAP[${{ matrix.arch }}]} .config - make olddefconfig if [ ! -z ${{ vars.EXPECTED_SIZE }} ] && [ ! -z ${{ vars.EXPECTED_HASH }} ]; then export KSU_EXPECTED_SIZE=${{ vars.EXPECTED_SIZE }} export KSU_EXPECTED_HASH=${{ vars.EXPECTED_HASH }} fi + declare -A ARCH_MAP=(["x86_64"]="x64" ["arm64"]="arm64") + cp configs/wsa/config-wsa-${ARCH_MAP[${{ matrix.arch }}]} .config + make olddefconfig declare -A FILE_NAME=(["x86_64"]="bzImage" ["arm64"]="Image") make -j`nproc` LLVM=1 ARCH=${{ matrix.arch }} $(if [ "${{ matrix.arch }}" == "arm64" ]; then echo CROSS_COMPILE=aarch64-linux-gnu; fi) ${FILE_NAME[${{ matrix.arch }}]} CCACHE="/usr/bin/ccache" declare -A ARCH_MAP_FILE=(["x86_64"]="x86" ["arm64"]="arm64")