From 935dc18faace4dfdda79d3f00bf1ed2632a94628 Mon Sep 17 00:00:00 2001
From: 5ec1cff <56485584+5ec1cff@users.noreply.github.com>
Date: Tue, 7 May 2024 19:02:59 +0800
Subject: [PATCH 01/13] su: allocate new pty (#1693)

---
 kernel/selinux/rules.c           |   6 -
 userspace/ksud/src/cli.rs        |   4 +-
 userspace/ksud/src/defs.rs       |   2 +
 userspace/ksud/src/init_event.rs |   6 +
 userspace/ksud/src/main.rs       |   2 +
 userspace/ksud/src/mount.rs      |  19 +++
 userspace/ksud/src/pty.rs        | 192 +++++++++++++++++++++++++++++++
 userspace/ksud/src/su.rs         |  10 ++
 8 files changed, 233 insertions(+), 8 deletions(-)
 create mode 100644 userspace/ksud/src/pty.rs

diff --git a/kernel/selinux/rules.c b/kernel/selinux/rules.c
index 7c3f7b33b212..1ba6d853f2a9 100644
--- a/kernel/selinux/rules.c
+++ b/kernel/selinux/rules.c
@@ -130,12 +130,6 @@ void apply_kernelsu_rules()
 	// Allow all binder transactions
 	ksu_allow(db, ALL, KERNEL_SU_DOMAIN, "binder", ALL);
 
-	// Allow system server devpts
-	ksu_allow(db, "system_server", "untrusted_app_all_devpts", "chr_file",
-		  "read");
-	ksu_allow(db, "system_server", "untrusted_app_all_devpts", "chr_file",
-		  "write");
-
     // Allow system server kill su process
     ksu_allow(db, "system_server", KERNEL_SU_DOMAIN, "process", "getpgid");
     ksu_allow(db, "system_server", KERNEL_SU_DOMAIN, "process", "sigkill");
diff --git a/userspace/ksud/src/cli.rs b/userspace/ksud/src/cli.rs
index cd96a360f346..b3954bd168a8 100644
--- a/userspace/ksud/src/cli.rs
+++ b/userspace/ksud/src/cli.rs
@@ -1,6 +1,6 @@
 use anyhow::{Ok, Result};
 use clap::Parser;
-use std::path::PathBuf;
+use std::path::{Path, PathBuf};
 
 #[cfg(target_os = "android")]
 use android_logger::Config;
@@ -283,7 +283,7 @@ pub fn run() -> Result<()> {
 
     // the kernel executes su with argv[0] = "su" and replace it with us
     let arg0 = std::env::args().next().unwrap_or_default();
-    if arg0 == "su" || arg0 == "/system/bin/su" {
+    if Path::new(&arg0).file_name().and_then(|f| f.to_str()) == Some("su") {
         return crate::su::root_shell();
     }
 
diff --git a/userspace/ksud/src/defs.rs b/userspace/ksud/src/defs.rs
index c4b9fc3f989b..bcde77120ee4 100644
--- a/userspace/ksud/src/defs.rs
+++ b/userspace/ksud/src/defs.rs
@@ -43,3 +43,5 @@ pub const VERSION_NAME: &str = include_str!(concat!(env!("OUT_DIR"), "/VERSION_N
 pub const KSU_BACKUP_DIR: &str = WORKING_DIR;
 pub const KSU_BACKUP_FILE_PREFIX: &str = "ksu_backup_";
 pub const BACKUP_FILENAME: &str = "stock_image.sha1";
+
+pub const PTS_NAME: &str = "pts";
diff --git a/userspace/ksud/src/init_event.rs b/userspace/ksud/src/init_event.rs
index 7107ff74225d..f2334d1bf897 100644
--- a/userspace/ksud/src/init_event.rs
+++ b/userspace/ksud/src/init_event.rs
@@ -2,6 +2,7 @@ use anyhow::{bail, Context, Result};
 use log::{info, warn};
 use std::{collections::HashMap, path::Path};
 
+use crate::defs::PTS_NAME;
 use crate::module::prune_modules;
 use crate::{
     assets, defs, ksucalls, mount, restorecon,
@@ -193,6 +194,11 @@ pub fn on_post_data_fs() -> Result<()> {
     // mount temp dir
     if let Err(e) = mount::mount_tmpfs(utils::get_tmp_path()) {
         warn!("do temp dir mount failed: {}", e);
+    } else {
+        let pts_dir = format!("{}/{PTS_NAME}", utils::get_tmp_path());
+        if let Err(e) = mount::mount_devpts(pts_dir) {
+            warn!("do devpts mount failed: {}", e);
+        }
     }
 
     // exec modules post-fs-data scripts
diff --git a/userspace/ksud/src/main.rs b/userspace/ksud/src/main.rs
index 3b51720557c1..b22de94805bb 100644
--- a/userspace/ksud/src/main.rs
+++ b/userspace/ksud/src/main.rs
@@ -9,6 +9,8 @@ mod ksucalls;
 mod module;
 mod mount;
 mod profile;
+#[cfg(any(target_os = "linux", target_os = "android"))]
+mod pty;
 mod restorecon;
 mod sepolicy;
 mod su;
diff --git a/userspace/ksud/src/mount.rs b/userspace/ksud/src/mount.rs
index 11be898bbeb7..8eb0eb20908d 100644
--- a/userspace/ksud/src/mount.rs
+++ b/userspace/ksud/src/mount.rs
@@ -1,4 +1,5 @@
 use anyhow::{anyhow, bail, Ok, Result};
+use std::fs::create_dir;
 
 #[cfg(any(target_os = "linux", target_os = "android"))]
 use anyhow::Context;
@@ -181,6 +182,19 @@ pub fn mount_tmpfs(dest: impl AsRef<Path>) -> Result<()> {
     Ok(())
 }
 
+#[cfg(any(target_os = "linux", target_os = "android"))]
+pub fn mount_devpts(dest: impl AsRef<Path>) -> Result<()> {
+    create_dir(dest.as_ref())?;
+    mount(
+        KSU_OVERLAY_SOURCE,
+        dest.as_ref(),
+        "devpts",
+        MountFlags::empty(),
+        "newinstance",
+    )?;
+    Ok(())
+}
+
 #[cfg(any(target_os = "linux", target_os = "android"))]
 pub fn bind_mount(from: impl AsRef<Path>, to: impl AsRef<Path>) -> Result<()> {
     info!(
@@ -325,3 +339,8 @@ pub fn mount_overlay(
 pub fn mount_tmpfs(_dest: impl AsRef<Path>) -> Result<()> {
     unimplemented!()
 }
+
+#[cfg(not(any(target_os = "linux", target_os = "android")))]
+pub fn mount_devpts(_dest: impl AsRef<Path>) -> Result<()> {
+    unimplemented!()
+}
diff --git a/userspace/ksud/src/pty.rs b/userspace/ksud/src/pty.rs
new file mode 100644
index 000000000000..80a0d18d81e1
--- /dev/null
+++ b/userspace/ksud/src/pty.rs
@@ -0,0 +1,192 @@
+use std::ffi::c_int;
+use std::fs::File;
+use std::io::{stderr, stdin, stdout, Read, Write};
+use std::mem::MaybeUninit;
+use std::os::fd::{AsFd, AsRawFd, OwnedFd, RawFd};
+use std::process::exit;
+use std::ptr::null_mut;
+use std::thread;
+
+use anyhow::{bail, Ok, Result};
+use libc::{
+    __errno, fork, pthread_sigmask, sigaddset, sigemptyset, sigset_t, sigwait, waitpid, winsize,
+    EINTR, SIGWINCH, SIG_BLOCK, SIG_UNBLOCK, TIOCGWINSZ, TIOCSWINSZ,
+};
+use rustix::fs::{open, Mode, OFlags};
+use rustix::io::dup;
+use rustix::ioctl::{ioctl, Getter, ReadOpcode};
+use rustix::process::setsid;
+use rustix::pty::{grantpt, unlockpt};
+use rustix::stdio::{dup2_stderr, dup2_stdin, dup2_stdout};
+use rustix::termios::{isatty, tcgetattr, tcsetattr, OptionalActions, Termios};
+
+use crate::defs::PTS_NAME;
+use crate::utils::get_tmp_path;
+
+// https://github.com/topjohnwu/Magisk/blob/5627053b7481618adfdf8fa3569b48275589915b/native/src/core/su/pts.cpp
+
+fn get_pty_num<F: AsFd>(fd: F) -> Result<u32> {
+    Ok(unsafe {
+        let tiocgptn = Getter::<ReadOpcode<b'T', 0x30, u32>, u32>::new();
+        ioctl(fd, tiocgptn)?
+    })
+}
+
+static mut OLD_STDIN: Option<Termios> = None;
+
+fn watch_sigwinch_async(slave: RawFd) {
+    let mut winch = MaybeUninit::<sigset_t>::uninit();
+    unsafe {
+        sigemptyset(winch.as_mut_ptr());
+        sigaddset(winch.as_mut_ptr(), SIGWINCH);
+        pthread_sigmask(SIG_BLOCK, winch.as_mut_ptr(), null_mut());
+    }
+
+    thread::spawn(move || unsafe {
+        let mut winch = MaybeUninit::<sigset_t>::uninit();
+        sigemptyset(winch.as_mut_ptr());
+        sigaddset(winch.as_mut_ptr(), SIGWINCH);
+        pthread_sigmask(SIG_UNBLOCK, winch.as_mut_ptr(), null_mut());
+        let mut sig: c_int = 0;
+        loop {
+            let mut w = MaybeUninit::<winsize>::uninit();
+            if libc::ioctl(1, TIOCGWINSZ, w.as_mut_ptr()) < 0 {
+                continue;
+            }
+            libc::ioctl(slave, TIOCSWINSZ, w.as_mut_ptr());
+            if sigwait(winch.as_mut_ptr(), &mut sig) != 0 {
+                break;
+            }
+        }
+    });
+}
+
+fn set_stdin_raw() {
+    let mut termios = match tcgetattr(stdin()) {
+        Result::Ok(termios) => {
+            unsafe {
+                OLD_STDIN = Some(termios.clone());
+            }
+            termios
+        }
+        Err(_) => return,
+    };
+
+    termios.make_raw();
+
+    if tcsetattr(stdin(), OptionalActions::Flush, &termios).is_err() {
+        let _ = tcsetattr(stdin(), OptionalActions::Drain, &termios);
+    }
+}
+
+fn restore_stdin() {
+    let Some(termios) = (unsafe { OLD_STDIN.take() }) else {
+        return;
+    };
+
+    if tcsetattr(stdin(), OptionalActions::Flush, &termios).is_err() {
+        let _ = tcsetattr(stdin(), OptionalActions::Drain, &termios);
+    }
+}
+
+fn pump<R: Read, W: Write>(mut from: R, mut to: W) {
+    let mut buf = [0u8; 4096];
+    loop {
+        match from.read(&mut buf) {
+            Result::Ok(len) => {
+                if len == 0 {
+                    return;
+                }
+                if to.write_all(&buf[0..len]).is_err() {
+                    return;
+                }
+                if to.flush().is_err() {
+                    return;
+                }
+            }
+            Err(_) => {
+                return;
+            }
+        }
+    }
+}
+
+fn pump_stdin_async(mut ptmx: File) {
+    set_stdin_raw();
+
+    thread::spawn(move || {
+        let mut stdin = stdin();
+        pump(&mut stdin, &mut ptmx);
+    });
+}
+
+fn pump_stdout_blocking(mut ptmx: File) {
+    let mut stdout = stdout();
+    pump(&mut ptmx, &mut stdout);
+
+    restore_stdin();
+}
+
+fn create_transfer(ptmx: OwnedFd) -> Result<()> {
+    let pid = unsafe { fork() };
+    match pid {
+        d if d < 0 => bail!("fork"),
+        0 => return Ok(()),
+        _ => {}
+    }
+
+    let ptmx_r = ptmx;
+    let ptmx_w = dup(&ptmx_r).unwrap();
+
+    let ptmx_r = File::from(ptmx_r);
+    let ptmx_w = File::from(ptmx_w);
+
+    watch_sigwinch_async(ptmx_w.as_raw_fd());
+    pump_stdin_async(ptmx_r);
+    pump_stdout_blocking(ptmx_w);
+
+    let mut status: c_int = -1;
+
+    unsafe {
+        loop {
+            if waitpid(pid, &mut status, 0) == -1 && *__errno() != EINTR {
+                continue;
+            }
+            break;
+        }
+    }
+
+    exit(status)
+}
+
+pub fn prepare_pty() -> Result<()> {
+    let tty_in = isatty(stdin());
+    let tty_out = isatty(stdout());
+    let tty_err = isatty(stderr());
+    if !tty_in && !tty_out && !tty_err {
+        return Ok(());
+    }
+
+    let mut pts_path = format!("{}/{}", get_tmp_path(), PTS_NAME);
+    if !std::path::Path::new(&pts_path).exists() {
+        pts_path = "/dev/pts".to_string();
+    }
+    let ptmx_path = format!("{}/ptmx", pts_path);
+    let ptmx_fd = open(ptmx_path, OFlags::RDWR, Mode::empty())?;
+    grantpt(&ptmx_fd)?;
+    unlockpt(&ptmx_fd)?;
+    let pty_num = get_pty_num(&ptmx_fd)?;
+    create_transfer(ptmx_fd)?;
+    setsid()?;
+    let pty_fd = open(format!("{pts_path}/{pty_num}"), OFlags::RDWR, Mode::empty())?;
+    if tty_in {
+        dup2_stdin(&pty_fd)?;
+    }
+    if tty_out {
+        dup2_stdout(&pty_fd)?;
+    }
+    if tty_err {
+        dup2_stderr(&pty_fd)?;
+    }
+    Ok(())
+}
diff --git a/userspace/ksud/src/su.rs b/userspace/ksud/src/su.rs
index b19bf7a21ca1..d97eff49a1f9 100644
--- a/userspace/ksud/src/su.rs
+++ b/userspace/ksud/src/su.rs
@@ -11,6 +11,8 @@ use crate::{
     utils::{self, umask},
 };
 
+#[cfg(any(target_os = "linux", target_os = "android"))]
+use crate::pty::prepare_pty;
 #[cfg(any(target_os = "linux", target_os = "android"))]
 use rustix::{
     process::getuid,
@@ -138,6 +140,7 @@ pub fn root_shell() -> Result<()> {
         "Specify a supplementary group. The first specified supplementary group is also used as a primary group if the option -g is not specified.",
         "GROUP",
     );
+    opts.optflag("", "no-pty", "Do not allocate a new pseudo terminal.");
 
     // Replace -cn with -z, -mm with -M for supporting getopt_long
     let args = args
@@ -265,6 +268,13 @@ pub fn root_shell() -> Result<()> {
         command = command.env("ENV", defs::KSURC_PATH);
     }
 
+    #[cfg(target_os = "android")]
+    if !matches.opt_present("no-pty") {
+        if let Err(e) = prepare_pty() {
+            log::error!("failed to prepare pty: {:?}", e);
+        }
+    }
+
     // escape from the current cgroup and become session leader
     // WARNING!!! This cause some root shell hang forever!
     // command = command.process_group(0);

From 2f8323e0a32333a7ec79ca0e6741014065de834d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=EA=B9=80=EB=8F=84=ED=9B=88?= <dohun0310@naver.com>
Date: Tue, 7 May 2024 20:03:16 +0900
Subject: [PATCH 02/13] docs: Add translation in README_KR (#1703)

---
 docs/README.md       |  2 +-
 docs/README_CN.md    |  2 +-
 docs/README_ES.md    |  2 +-
 docs/README_ID.md    |  2 +-
 docs/README_IN.md    |  2 +-
 docs/README_IW.md    |  2 +-
 docs/README_JP.md    |  2 +-
 docs/README_KR.md    | 57 ++++++++++++++++++++++++++++++++++++++++++++
 docs/README_PL.md    |  2 +-
 docs/README_PT-BR.md |  2 +-
 docs/README_RU.md    |  2 +-
 docs/README_TR.md    |  2 +-
 docs/README_TW.md    |  2 +-
 docs/README_VI.md    |  2 +-
 14 files changed, 70 insertions(+), 13 deletions(-)
 create mode 100644 docs/README_KR.md

diff --git a/docs/README.md b/docs/README.md
index 7131a49a951c..0128cd3d221e 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -1,4 +1,4 @@
-**English** | [Español](README_ES.md) | [简体中文](README_CN.md) | [繁體中文](README_TW.md) | [日本語](README_JP.md) | [Polski](README_PL.md) | [Português (Brasil)](README_PT-BR.md) | [Türkçe](README_TR.md) | [Русский](README_RU.md) | [Tiếng Việt](README_VI.md) | [Indonesia](README_ID.md) | [עברית](README_IW.md) | [हिंदी](README_IN.md)
+**English** | [Español](README_ES.md) | [简体中文](README_CN.md) | [繁體中文](README_TW.md) | [日本語](README_JP.md) | [한국어](README_KR.md) | [Polski](README_PL.md) | [Português (Brasil)](README_PT-BR.md) | [Türkçe](README_TR.md) | [Русский](README_RU.md) | [Tiếng Việt](README_VI.md) | [Indonesia](README_ID.md) | [עברית](README_IW.md) | [हिंदी](README_IN.md)
 
 # KernelSU
 
diff --git a/docs/README_CN.md b/docs/README_CN.md
index 50bbd71780ea..dc34b86ab139 100644
--- a/docs/README_CN.md
+++ b/docs/README_CN.md
@@ -1,4 +1,4 @@
-[English](README.md) | [Español](README_ES.md) | **简体中文** | [繁體中文](README_TW.md) | [日本語](README_JP.md) | [Polski](README_PL.md) | [Português (Brasil)](README_PT-BR.md) | [Türkçe](README_TR.md) | [Русский](README_RU.md) | [Tiếng Việt](README_VI.md) | [Indonesia](README_ID.md) | [עברית](README_IW.md) | [हिंदी](README_IN.md)
+[English](README.md) | [Español](README_ES.md) | **简体中文** | [繁體中文](README_TW.md) | [日本語](README_JP.md) | [한국어](README_KR.md) | [Polski](README_PL.md) | [Português (Brasil)](README_PT-BR.md) | [Türkçe](README_TR.md) | [Русский](README_RU.md) | [Tiếng Việt](README_VI.md) | [Indonesia](README_ID.md) | [עברית](README_IW.md) | [हिंदी](README_IN.md)
 
 # KernelSU
 
diff --git a/docs/README_ES.md b/docs/README_ES.md
index 518800989525..ed4f699b791d 100644
--- a/docs/README_ES.md
+++ b/docs/README_ES.md
@@ -1,4 +1,4 @@
-[English](README.md) | **Español** | [简体中文](README_CN.md) | [繁體中文](README_TW.md) | [日本語](README_JP.md) | [Polski](README_PL.md) | [Português (Brasil)](README_PT-BR.md) | [Türkçe](README_TR.md) | [Русский](README_RU.md) | [Tiếng Việt](README_VI.md) | [Indonesia](README_ID.md) | [עברית](README_IW.md) | [हिंदी](README_IN.md)
+[English](README.md) | **Español** | [简体中文](README_CN.md) | [繁體中文](README_TW.md) | [日本語](README_JP.md) | [한국어](README_KR.md) | [Polski](README_PL.md) | [Português (Brasil)](README_PT-BR.md) | [Türkçe](README_TR.md) | [Русский](README_RU.md) | [Tiếng Việt](README_VI.md) | [Indonesia](README_ID.md) | [עברית](README_IW.md) | [हिंदी](README_IN.md)
 
 # KernelSU
 
diff --git a/docs/README_ID.md b/docs/README_ID.md
index 3a077ab910f5..511683a7503d 100644
--- a/docs/README_ID.md
+++ b/docs/README_ID.md
@@ -1,4 +1,4 @@
-[English](README.md) | [Español](README_ES.md) | [简体中文](README_CN.md) | [繁體中文](README_TW.md) | [日本語](README_JP.md) | [Polski](README_PL.md) | [Português (Brasil)](README_PT-BR.md) | [Türkçe](README_TR.md) | [Русский](README_RU.md) | [Tiếng Việt](README_VI.md) | **Indonesia** | [עברית](README_IW.md) | [हिंदी](README_IN.md)
+[English](README.md) | [Español](README_ES.md) | [简体中文](README_CN.md) | [繁體中文](README_TW.md) | [日本語](README_JP.md) | [한국어](README_KR.md) | [Polski](README_PL.md) | [Português (Brasil)](README_PT-BR.md) | [Türkçe](README_TR.md) | [Русский](README_RU.md) | [Tiếng Việt](README_VI.md) | **Indonesia** | [עברית](README_IW.md) | [हिंदी](README_IN.md)
 
 # KernelSU
 
diff --git a/docs/README_IN.md b/docs/README_IN.md
index 33ddde5e55a5..7396ab5c2b10 100644
--- a/docs/README_IN.md
+++ b/docs/README_IN.md
@@ -1,4 +1,4 @@
-[English](README.md) | [Español](README_ES.md) | [简体中文](README_CN.md) | [繁體中文](README_TW.md) | [日本語](README_JP.md) | [Polski](README_PL.md) | [Português (Brasil)](README_PT-BR.md) | [Türkçe](README_TR.md) | [Русский](README_RU.md) | [Tiếng Việt](README_VI.md) | [Indonesia](README_ID.md) | [עברית](README_IW.md) |  **हिंदी**
+[English](README.md) | [Español](README_ES.md) | [简体中文](README_CN.md) | [繁體中文](README_TW.md) | [日本語](README_JP.md) | [한국어](README_KR.md) | [Polski](README_PL.md) | [Português (Brasil)](README_PT-BR.md) | [Türkçe](README_TR.md) | [Русский](README_RU.md) | [Tiếng Việt](README_VI.md) | [Indonesia](README_ID.md) | [עברית](README_IW.md) |  **हिंदी**
 
 # KernelSU
 
diff --git a/docs/README_IW.md b/docs/README_IW.md
index 83bd4f1e3473..5997487e2a08 100644
--- a/docs/README_IW.md
+++ b/docs/README_IW.md
@@ -1,4 +1,4 @@
-[English](README.md) | [Español](README_ES.md) | [简体中文](README_CN.md) | [繁體中文](README_TW.md) | [日本語](README_JP.md) | [Polski](README_PL.md) | [Português (Brasil)](README_PT-BR.md) | [Türkçe](README_TR.md) | [Русский](README_RU.md) | [Tiếng Việt](README_VI.md) | [Indonesia](README_ID.md) | **עברית** | [हिंदी](README_IN.md)
+[English](README.md) | [Español](README_ES.md) | [简体中文](README_CN.md) | [繁體中文](README_TW.md) | [日本語](README_JP.md) | [한국어](README_KR.md) | [Polski](README_PL.md) | [Português (Brasil)](README_PT-BR.md) | [Türkçe](README_TR.md) | [Русский](README_RU.md) | [Tiếng Việt](README_VI.md) | [Indonesia](README_ID.md) | **עברית** | [हिंदी](README_IN.md)
 
 # KernelSU
 
diff --git a/docs/README_JP.md b/docs/README_JP.md
index 60ccf2e8bb60..093618753775 100644
--- a/docs/README_JP.md
+++ b/docs/README_JP.md
@@ -1,4 +1,4 @@
-[English](README.md) | [Español](README_ES.md) | [简体中文](README_CN.md) | [繁體中文](README_TW.md) | **日本語** | [Polski](README_PL.md) | [Português (Brasil)](README_PT-BR.md) | [Türkçe](README_TR.md) | [Русский](README_RU.md) | [Tiếng Việt](README_VI.md) | [Indonesia](README_ID.md) | [עברית](README_IW.md) | [हिंदी](README_IN.md)
+[English](README.md) | [Español](README_ES.md) | [简体中文](README_CN.md) | [繁體中文](README_TW.md) | **日本語** | [한국어](README_KR.md) | [Polski](README_PL.md) | [Português (Brasil)](README_PT-BR.md) | [Türkçe](README_TR.md) | [Русский](README_RU.md) | [Tiếng Việt](README_VI.md) | [Indonesia](README_ID.md) | [עברית](README_IW.md) | [हिंदी](README_IN.md)
 
 # KernelSU
 
diff --git a/docs/README_KR.md b/docs/README_KR.md
new file mode 100644
index 000000000000..3226008920a1
--- /dev/null
+++ b/docs/README_KR.md
@@ -0,0 +1,57 @@
+[English](README.md) | [Español](README_ES.md) | [简体中文](README_CN.md) | [繁體中文](README_TW.md) | [日本語](README_JP.md) | **한국어** | [Polski](README_PL.md) | [Português (Brasil)](README_PT-BR.md) | [Türkçe](README_TR.md) | [Русский](README_RU.md) | [Tiếng Việt](README_VI.md) | [Indonesia](README_ID.md) | [עברית](README_IW.md) | [हिंदी](README_IN.md)
+
+# KernelSU
+
+<img src="https://kernelsu.org/logo.png" style="width: 96px;" alt="logo">
+
+안드로이드 기기에서 사용되는 커널 기반 루팅 솔루션입니다.
+
+[![Latest release](https://img.shields.io/github/v/release/tiann/KernelSU?label=Release&logo=github)](https://github.com/tiann/KernelSU/releases/latest)
+[![Weblate](https://img.shields.io/badge/Localization-Weblate-teal?logo=weblate)](https://hosted.weblate.org/engage/kernelsu)
+[![Channel](https://img.shields.io/badge/Follow-Telegram-blue.svg?logo=telegram)](https://t.me/KernelSU)
+[![License: GPL v2](https://img.shields.io/badge/License-GPL%20v2-orange.svg?logo=gnu)](https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html)
+[![GitHub License](https://img.shields.io/github/license/tiann/KernelSU?logo=gnu)](/LICENSE)
+
+## 기능들
+
+1. 커널 기반 `su` 및 루트 액세스 관리.
+2. [OverlayFS](https://en.wikipedia.org/wiki/OverlayFS) 기반 모듈 시스템.
+3. [App Profile](https://kernelsu.org/guide/app-profile.html): 루트 권한을 케이지에 가둡니다.
+
+## 호환 상태
+
+KernelSU는 공식적으로 안드로이드 GKI 2.0 디바이스(커널 5.10 이상)를 지원합니다. 오래된 커널(4.14 이상)도 사용할 수 있지만, 커널을 수동으로 빌드해야 합니다.
+
+KernelSU는 WSA, ChromeOS, 컨테이너 기반 안드로이드 모두를 지원합니다.
+
+현재는 `arm64-v8a`와 `x86_64`만 지원됩니다.
+
+## 사용 방법
+
+- [설치 방법](https://kernelsu.org/guide/installation.html)
+- [어떻게 빌드하나요?](https://kernelsu.org/guide/how-to-build.html)
+- [공식 웹사이트](https://kernelsu.org/)
+
+## 번역
+
+KernelSU 번역을 돕거나 기존 번역을 개선하려면 [Weblate](https://hosted.weblate.org/engage/kernelsu/)를 이용해 주세요. 매니저의 번역은 Weblate와 충돌할 수 있으므로 더 이상 허용되지 않습니다.
+
+## 토론
+
+- 텔레그램: [@KernelSU](https://t.me/KernelSU)
+
+## 보안
+
+KernelSU의 보안 취약점 보고에 대한 자세한 내용은 [SECURITY.md](/SECURITY.md)를 참조하세요.
+
+## 저작권
+
+- `kernel` 디렉터리 아래의 파일은 [GPL-2.0 전용](https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html)입니다.
+- `kernel` 디렉토리를 제외한 다른 모든 부분은 [GPL-3.0-이상](https://www.gnu.org/licenses/gpl-3.0.html)입니다.
+
+## 크래딧
+
+- [kernel-assisted-superuser](https://git.zx2c4.com/kernel-assisted-superuser/about/): KernelSU의 아이디어.
+- [Magisk](https://github.com/topjohnwu/Magisk): 강력한 루팅 도구.
+- [genuine](https://github.com/brevent/genuine/): apk v2 서명 유효성 검사.
+- [Diamorphine](https://github.com/m0nad/Diamorphine): 일부 rootkit 스킬.
diff --git a/docs/README_PL.md b/docs/README_PL.md
index 69d7fa2ae722..ab9066296dd9 100644
--- a/docs/README_PL.md
+++ b/docs/README_PL.md
@@ -1,4 +1,4 @@
-[English](README.md) | [Español](README_ES.md) | [简体中文](README_CN.md) | [繁體中文](README_TW.md) | [日本語](README_JP.md) | **Polski** | [Português (Brasil)](README_PT-BR.md) | [Türkçe](README_TR.md) | [Русский](README_RU.md) | [Tiếng Việt](README_VI.md) | [Indonesia](README_ID.md) | [עברית](README_IW.md) | [हिंदी](README_IN.md)
+[English](README.md) | [Español](README_ES.md) | [简体中文](README_CN.md) | [繁體中文](README_TW.md) | [日本語](README_JP.md) | [한국어](README_KR.md) | **Polski** | [Português (Brasil)](README_PT-BR.md) | [Türkçe](README_TR.md) | [Русский](README_RU.md) | [Tiếng Việt](README_VI.md) | [Indonesia](README_ID.md) | [עברית](README_IW.md) | [हिंदी](README_IN.md)
 
 # KernelSU
 
diff --git a/docs/README_PT-BR.md b/docs/README_PT-BR.md
index c7b2ead64b85..b5421e7f9be0 100644
--- a/docs/README_PT-BR.md
+++ b/docs/README_PT-BR.md
@@ -1,4 +1,4 @@
-[English](README.md) | [Español](README_ES.md) | [简体中文](README_CN.md) | [繁體中文](README_TW.md) | [日本語](README_JP.md) | [Polski](README_PL.md) | **Português (Brasil)** | [Türkçe](README_TR.md) | [Русский](README_RU.md) | [Tiếng Việt](README_VI.md) | [Indonesia](README_ID.md) | [עברית](README_IW.md) | [हिंदी](README_IN.md)
+[English](README.md) | [Español](README_ES.md) | [简体中文](README_CN.md) | [繁體中文](README_TW.md) | [日本語](README_JP.md) | [한국어](README_KR.md) | [Polski](README_PL.md) | **Português (Brasil)** | [Türkçe](README_TR.md) | [Русский](README_RU.md) | [Tiếng Việt](README_VI.md) | [Indonesia](README_ID.md) | [עברית](README_IW.md) | [हिंदी](README_IN.md)
 
 # KernelSU
 
diff --git a/docs/README_RU.md b/docs/README_RU.md
index 7fdb275e40c9..7e50f47adfe5 100644
--- a/docs/README_RU.md
+++ b/docs/README_RU.md
@@ -1,4 +1,4 @@
-[English](README.md) | [Español](README_ES.md) | [简体中文](README_CN.md) | [繁體中文](README_TW.md) | [日本語](README_JP.md) | [Polski](README_PL.md) | [Português (Brasil)](README_PT-BR.md) | [Türkçe](README_TR.md) | **Русский** | [Tiếng Việt](README_VI.md) | [Indonesia](README_ID.md) | [עברית](README_IW.md) | [हिंदी](README_IN.md)
+[English](README.md) | [Español](README_ES.md) | [简体中文](README_CN.md) | [繁體中文](README_TW.md) | [日本語](README_JP.md) | [한국어](README_KR.md) | [Polski](README_PL.md) | [Português (Brasil)](README_PT-BR.md) | [Türkçe](README_TR.md) | **Русский** | [Tiếng Việt](README_VI.md) | [Indonesia](README_ID.md) | [עברית](README_IW.md) | [हिंदी](README_IN.md)
 
 # KernelSU
 
diff --git a/docs/README_TR.md b/docs/README_TR.md
index 41febd9a013e..bc3363e8b490 100644
--- a/docs/README_TR.md
+++ b/docs/README_TR.md
@@ -1,4 +1,4 @@
-[English](README.md) | [Español](README_ES.md) | [简体中文](README_CN.md) | [繁體中文](README_TW.md) | [日本語](README_JP.md) | [Polski](README_PL.md) | [Português (Brasil)](README_PT-BR.md) | **Türkçe** | [Русский](README_RU.md) | [Tiếng Việt](README_VI.md) | [Indonesia](README_ID.md) | [עברית](README_IW.md) | [हिंदी](README_IN.md)
+[English](README.md) | [Español](README_ES.md) | [简体中文](README_CN.md) | [繁體中文](README_TW.md) | [日本語](README_JP.md) | [한국어](README_KR.md) | [Polski](README_PL.md) | [Português (Brasil)](README_PT-BR.md) | **Türkçe** | [Русский](README_RU.md) | [Tiếng Việt](README_VI.md) | [Indonesia](README_ID.md) | [עברית](README_IW.md) | [हिंदी](README_IN.md)
 
 # KernelSU
 
diff --git a/docs/README_TW.md b/docs/README_TW.md
index 262b46dd4a95..d025e1742a67 100644
--- a/docs/README_TW.md
+++ b/docs/README_TW.md
@@ -1,4 +1,4 @@
-[English](README.md) | [Español](README_ES.md) | [简体中文](README_CN.md) | **繁體中文** | [日本語](README_JP.md) | [Polski](README_PL.md) | [Português (Brasil)](README_PT-BR.md) | [Türkçe](README_TR.md) | [Русский](README_RU.md) | [Tiếng Việt](README_VI.md) | [Indonesia](README_ID.md) | [עברית](README_IW.md) | [हिंदी](README_IN.md)
+[English](README.md) | [Español](README_ES.md) | [简体中文](README_CN.md) | **繁體中文** | [日本語](README_JP.md) | [한국어](README_KR.md) | [Polski](README_PL.md) | [Português (Brasil)](README_PT-BR.md) | [Türkçe](README_TR.md) | [Русский](README_RU.md) | [Tiếng Việt](README_VI.md) | [Indonesia](README_ID.md) | [עברית](README_IW.md) | [हिंदी](README_IN.md)
 
 # KernelSU
 
diff --git a/docs/README_VI.md b/docs/README_VI.md
index d2c8be442a9d..7dd3b4227aec 100644
--- a/docs/README_VI.md
+++ b/docs/README_VI.md
@@ -1,4 +1,4 @@
-[English](README.md) | [Español](README_ES.md) | [简体中文](README_CN.md) | [繁體中文](README_TW.md) | [日本語](README_JP.md) | [Polski](README_PL.md) | [Português (Brasil)](README_PT-BR.md) | [Türkçe](README_TR.md) | [Русский](README_RU.md) | **Tiếng Việt** | [Indonesia](README_ID.md) | [עברית](README_IW.md) | [हिंदी](README_IN.md)
+[English](README.md) | [Español](README_ES.md) | [简体中文](README_CN.md) | [繁體中文](README_TW.md) | [日本語](README_JP.md) | [한국어](README_KR.md) | [Polski](README_PL.md) | [Português (Brasil)](README_PT-BR.md) | [Türkçe](README_TR.md) | [Русский](README_RU.md) | **Tiếng Việt** | [Indonesia](README_ID.md) | [עברית](README_IW.md) | [हिंदी](README_IN.md)
 
 # KernelSU
 

From 239989719d093d8920d9f7f31403eec6e798393f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 7 May 2024 19:03:34 +0800
Subject: [PATCH 03/13] build(deps): bump zip from 1.1.3 to 1.1.4 in
 /userspace/ksud (#1701)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [zip](https://github.com/zip-rs/zip2) from 1.1.3 to 1.1.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/zip-rs/zip2/releases">zip's
releases</a>.</em></p>
<blockquote>
<h2>v1.1.4</h2>
<h3><!-- raw HTML omitted -->🐛 Bug Fixes</h3>
<ul>
<li>Rare bug where find_and_parse would give up prematurely on detecting
a false end-of-CDR header</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/zip-rs/zip2/blob/master/CHANGELOG.md">zip's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/zip-rs/zip2/compare/v1.1.3...v1.1.4">1.1.4</a>
- 2024-05-04</h2>
<h3><!-- raw HTML omitted -->🐛 Bug Fixes</h3>
<ul>
<li>Build was failing with bzip2 enabled</li>
<li>use is_dir in more places where Windows paths might be handled
incorrectly</li>
</ul>
<h3><!-- raw HTML omitted -->⚡ Performance</h3>
<ul>
<li>Quick filter for paths that contain &quot;/../&quot; or
&quot;/./&quot; or start with &quot;./&quot; or &quot;../&quot;</li>
<li>Fast handling for separator-free paths</li>
<li>Speed up logic if main separator isn't '/'</li>
<li>Drop <code>normalized_components</code> slightly sooner when not
using it</li>
<li>Speed up <code>path_to_string</code> in cases where the path is
already in the proper format</li>
</ul>
<h3><!-- raw HTML omitted -->⚙️ Miscellaneous Tasks</h3>
<ul>
<li>Refactor: can short-circuit handling of paths that start with
MAIN_SEPARATOR, no matter what MAIN_SEPARATOR is</li>
<li>Bug fix: non-canonical path detection when MAIN_SEPARATOR is not
slash or occurs twice in a row</li>
<li>Bug fix: must recreate if . or .. is a path element</li>
<li>Bug fix</li>
</ul>
<h3><!-- raw HTML omitted -->◀️ Revert</h3>
<ul>
<li><a href="https://redirect.github.com/zip-rs/zip2/pull/58">#58</a>
(partial): <code>bzip2-rs</code> can't replace <code>bzip2</code>
because it's decompress-only</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/zip-rs/zip2/commit/a9482ea8ca3d49bed824a38433160af1aae6aa44"><code>a9482ea</code></a>
Bump version to trigger new release PR</li>
<li><a
href="https://github.com/zip-rs/zip2/commit/52af9ffd238443b47a2a36a5909d64ca04ff8eac"><code>52af9ff</code></a>
Merge pull request <a
href="https://redirect.github.com/zip-rs/zip2/issues/96">#96</a> from
zip-rs/oldpr452</li>
<li><a
href="https://github.com/zip-rs/zip2/commit/3ccaa3cc857ae01f0c0f93b6c4862a0add8b5674"><code>3ccaa3c</code></a>
style: cargo fmt --all &amp; <code>#![allow(dead_code)]</code></li>
<li><a
href="https://github.com/zip-rs/zip2/commit/de95acc543d0f77ea13e860c5713941e2490c16c"><code>de95acc</code></a>
style: allow conditionally-unused variables in write_dir.rs</li>
<li><a
href="https://github.com/zip-rs/zip2/commit/c4906cfd596edc54ec3a5b0d8686927c5e179adc"><code>c4906cf</code></a>
Merge remote-tracking branch 'allilo/add_compression_algo_arg' into
oldpr452</li>
<li><a
href="https://github.com/zip-rs/zip2/commit/629707c0604542c5c2fc7e5f484611981b791f23"><code>629707c</code></a>
Merge pull request <a
href="https://redirect.github.com/zip-rs/zip2/issues/95">#95</a> from
zip-rs/speedup_path_to_string</li>
<li><a
href="https://github.com/zip-rs/zip2/commit/1852e96192927e5cdc873eade213a69e08739c1f"><code>1852e96</code></a>
Prelim changes to write_dir</li>
<li><a
href="https://github.com/zip-rs/zip2/commit/1b2c42b199dcc69a4d4a43004f6030a6e8db02c1"><code>1b2c42b</code></a>
style: cargo fmt --all</li>
<li><a
href="https://github.com/zip-rs/zip2/commit/74e76a94cabefcf506ccc8314be752c64b21e51d"><code>74e76a9</code></a>
chore: Refactor: can short-circuit handling of paths that start with
MAIN_SEP...</li>
<li><a
href="https://github.com/zip-rs/zip2/commit/2adbbccb82ba60f90dd1302f0f6594213ca9abf0"><code>2adbbcc</code></a>
perf: Quick filter for paths that contain &quot;/../&quot; or
&quot;/./&quot; or start with &quot;./&quot; ...</li>
<li>Additional commits viewable in <a
href="https://github.com/zip-rs/zip2/compare/v1.1.3...v1.1.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zip&package-manager=cargo&previous-version=1.1.3&new-version=1.1.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 userspace/ksud/Cargo.lock | 100 ++++++++++++++++++++++++++++++++++++--
 1 file changed, 96 insertions(+), 4 deletions(-)

diff --git a/userspace/ksud/Cargo.lock b/userspace/ksud/Cargo.lock
index 1490e7ad14ff..87b219a09e48 100644
--- a/userspace/ksud/Cargo.lock
+++ b/userspace/ksud/Cargo.lock
@@ -499,6 +499,17 @@ dependencies = [
  "subtle",
 ]
 
+[[package]]
+name = "displaydoc"
+version = "0.2.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "487585f4d0c6655fe74905e2504d8ad6908e4db67f744eb140876906c2f3175d"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.58",
+]
+
 [[package]]
 name = "either"
 version = "1.10.0"
@@ -543,6 +554,12 @@ dependencies = [
  "log",
 ]
 
+[[package]]
+name = "equivalent"
+version = "1.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5"
+
 [[package]]
 name = "errno"
 version = "0.2.8"
@@ -637,6 +654,12 @@ version = "0.28.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4271d37baee1b8c7e4b708028c57d816cf9d2434acb33a549475f78c181f6253"
 
+[[package]]
+name = "hashbrown"
+version = "0.14.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1"
+
 [[package]]
 name = "heck"
 version = "0.5.0"
@@ -746,6 +769,16 @@ dependencies = [
  "proc-macro-hack",
 ]
 
+[[package]]
+name = "indexmap"
+version = "2.2.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "168fb715dda47215e360912c096649d23d58bf392ac62f73919e831745e40f26"
+dependencies = [
+ "equivalent",
+ "hashbrown",
+]
+
 [[package]]
 name = "inout"
 version = "0.1.3"
@@ -844,7 +877,7 @@ dependencies = [
  "sha256",
  "tempdir",
  "which",
- "zip 1.1.3",
+ "zip 1.1.4",
  "zip-extensions",
 ]
 
@@ -963,6 +996,27 @@ dependencies = [
  "autocfg",
 ]
 
+[[package]]
+name = "num_enum"
+version = "0.7.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "02339744ee7253741199f897151b38e72257d13802d4ee837285cc2990a90845"
+dependencies = [
+ "num_enum_derive",
+]
+
+[[package]]
+name = "num_enum_derive"
+version = "0.7.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "681030a937600a36906c185595136d26abfebb4aa9c65701cefcaf8578bb982b"
+dependencies = [
+ "proc-macro-crate",
+ "proc-macro2",
+ "quote",
+ "syn 2.0.58",
+]
+
 [[package]]
 name = "object"
 version = "0.32.2"
@@ -1025,6 +1079,15 @@ version = "0.2.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de"
 
+[[package]]
+name = "proc-macro-crate"
+version = "3.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6d37c51ca738a55da99dc0c4a34860fd675453b8b36209178c2249bb13651284"
+dependencies = [
+ "toml_edit",
+]
+
 [[package]]
 name = "proc-macro-hack"
 version = "0.5.20+deprecated"
@@ -1458,6 +1521,23 @@ dependencies = [
  "pin-project-lite",
 ]
 
+[[package]]
+name = "toml_datetime"
+version = "0.6.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3550f4e9685620ac18a50ed434eb3aec30db8ba93b0287467bca5826ea25baf1"
+
+[[package]]
+name = "toml_edit"
+version = "0.21.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6a8534fd7f78b5405e860340ad6575217ce99f38d4d5c8f2442cb5ecb50090e1"
+dependencies = [
+ "indexmap",
+ "toml_datetime",
+ "winnow",
+]
+
 [[package]]
 name = "typenum"
 version = "1.17.0"
@@ -1682,6 +1762,15 @@ version = "0.52.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "32b752e52a2da0ddfbdbcc6fceadfeede4c939ed16d13e648833a61dfb611ed8"
 
+[[package]]
+name = "winnow"
+version = "0.5.40"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f593a95398737aeed53e489c785df13f3618e41dbcd6718c6addbf1395aa6876"
+dependencies = [
+ "memchr",
+]
+
 [[package]]
 name = "winsafe"
 version = "0.0.19"
@@ -1710,17 +1799,20 @@ dependencies = [
 
 [[package]]
 name = "zip"
-version = "1.1.3"
+version = "1.1.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2e6cb8909b2e8e6733c9ef67d35be1a27105644d362aafb5f8b2ba395727adf6"
+checksum = "9cc23c04387f4da0374be4533ad1208cbb091d5c11d070dfef13676ad6497164"
 dependencies = [
  "arbitrary",
- "byteorder",
  "bzip2",
  "crc32fast",
  "crossbeam-utils",
  "deflate64",
+ "displaydoc",
  "flate2",
+ "indexmap",
+ "num_enum",
+ "thiserror",
  "time",
  "zstd 0.13.1",
 ]

From 0134b27ca7c051587d35f7383d3a46827038b1f2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 7 May 2024 19:03:58 +0800
Subject: [PATCH 04/13] build(deps): bump androidx.webkit:webkit from 1.10.0 to
 1.11.0 in /manager (#1692)

Bumps androidx.webkit:webkit from 1.10.0 to 1.11.0.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=androidx.webkit:webkit&package-manager=gradle&previous-version=1.10.0&new-version=1.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 manager/gradle/libs.versions.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manager/gradle/libs.versions.toml b/manager/gradle/libs.versions.toml
index 0cf1201a985e..cb742a01c070 100644
--- a/manager/gradle/libs.versions.toml
+++ b/manager/gradle/libs.versions.toml
@@ -13,7 +13,7 @@ coil-compose = "2.6.0"
 compose-destination = "1.10.2"
 sheets-compose-dialogs = "1.3.0"
 markdown = "4.6.2"
-webkit = "1.10.0"
+webkit = "1.11.0"
 appiconloader-coil = "1.5.0"
 parcelablelist = "2.0.1"
 libsu = "5.2.2"

From 57b96da9dbeec9c881c2fe81842d07ddb16e6e49 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 7 May 2024 19:04:16 +0800
Subject: [PATCH 05/13] build(deps): bump androidx.compose:compose-bom from
 2024.04.01 to 2024.05.00 in /manager (#1691)

Bumps androidx.compose:compose-bom from 2024.04.01 to 2024.05.00.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=androidx.compose:compose-bom&package-manager=gradle&previous-version=2024.04.01&new-version=2024.05.00)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 manager/gradle/libs.versions.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manager/gradle/libs.versions.toml b/manager/gradle/libs.versions.toml
index cb742a01c070..d031942affd8 100644
--- a/manager/gradle/libs.versions.toml
+++ b/manager/gradle/libs.versions.toml
@@ -3,7 +3,7 @@ agp = "8.3.2"
 kotlin = "1.9.23"
 ksp = "1.9.23-1.0.20"
 compose-compiler = "1.5.11"
-compose-bom = "2024.04.01"
+compose-bom = "2024.05.00"
 lifecycle = "2.7.0"
 accompanist = "0.34.0"
 navigation = "2.7.7"

From fe526cb0294ec08c67169361ece026bad588d8d6 Mon Sep 17 00:00:00 2001
From: weishu <twsxtd@gmail.com>
Date: Wed, 8 May 2024 11:09:27 +0800
Subject: [PATCH 06/13] ksud: Fix compiler error

---
 userspace/ksud/src/pty.rs | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/userspace/ksud/src/pty.rs b/userspace/ksud/src/pty.rs
index 80a0d18d81e1..1a9258d20314 100644
--- a/userspace/ksud/src/pty.rs
+++ b/userspace/ksud/src/pty.rs
@@ -1,6 +1,6 @@
 use std::ffi::c_int;
 use std::fs::File;
-use std::io::{stderr, stdin, stdout, Read, Write};
+use std::io::{stderr, stdin, stdout, Error, ErrorKind, Read, Write};
 use std::mem::MaybeUninit;
 use std::os::fd::{AsFd, AsRawFd, OwnedFd, RawFd};
 use std::process::exit;
@@ -9,8 +9,8 @@ use std::thread;
 
 use anyhow::{bail, Ok, Result};
 use libc::{
-    __errno, fork, pthread_sigmask, sigaddset, sigemptyset, sigset_t, sigwait, waitpid, winsize,
-    EINTR, SIGWINCH, SIG_BLOCK, SIG_UNBLOCK, TIOCGWINSZ, TIOCSWINSZ,
+    fork, pthread_sigmask, sigaddset, sigemptyset, sigset_t, sigwait, waitpid, winsize, SIGWINCH,
+    SIG_BLOCK, SIG_UNBLOCK, TIOCGWINSZ, TIOCSWINSZ,
 };
 use rustix::fs::{open, Mode, OFlags};
 use rustix::io::dup;
@@ -149,8 +149,11 @@ fn create_transfer(ptmx: OwnedFd) -> Result<()> {
 
     unsafe {
         loop {
-            if waitpid(pid, &mut status, 0) == -1 && *__errno() != EINTR {
-                continue;
+            if waitpid(pid, &mut status, 0) == -1 {
+                let last_os_error = Error::last_os_error();
+                if last_os_error.kind() != ErrorKind::Interrupted {
+                    continue;
+                }
             }
             break;
         }

From 21573bbd5b8bf06d2af7bb14defbfe0d3dc602f2 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 8 May 2024 11:10:42 +0800
Subject: [PATCH 07/13] build(deps): bump zip from 1.1.4 to 1.2.1 in
 /userspace/ksud (#1708)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [zip](https://github.com/zip-rs/zip2) from 1.1.4 to 1.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/zip-rs/zip2/releases">zip's
releases</a>.</em></p>
<blockquote>
<h2>v1.2.1</h2>
<h3><!-- raw HTML omitted -->🐛 Bug Fixes</h3>
<ul>
<li>Prevent panic when trying to read a file with an unsupported
compression method</li>
<li>Prevent panic after reading an invalid LZMA file</li>
<li>Make <code>Stored</code> the default compression method if
<code>Deflated</code> isn't available, so that zip files are readable by
as much software as possible</li>
<li>version_needed was wrong when e.g. cfg(bzip2) but current file
wasn't bzip2 (<a
href="https://redirect.github.com/zip-rs/zip2/pull/100">#100</a>)</li>
<li>file paths shouldn't start with slashes (<a
href="https://redirect.github.com/zip-rs/zip2/pull/102">#102</a>)</li>
</ul>
<h3><!-- raw HTML omitted -->🚜 Refactor</h3>
<ul>
<li>Overhaul <code>impl Arbitrary for FileOptions</code></li>
<li>Remove unused <code>atomic</code> module</li>
</ul>
<h2>v1.2.0</h2>
<h3><!-- raw HTML omitted -->🚀 Features</h3>
<ul>
<li>Add method <code>decompressed_size()</code> so non-recursive ZIP
bombs can be detected</li>
</ul>
<h3><!-- raw HTML omitted -->🚜 Refactor</h3>
<ul>
<li>Make <code>ZipWriter::finish()</code> consume the
<code>ZipWriter</code></li>
</ul>
<h3><!-- raw HTML omitted -->⚙️ Miscellaneous Tasks</h3>
<ul>
<li>Use panic! rather than abort to ensure the fuzz harness can process
the failure</li>
<li>Update fuzz_write to use replace_with</li>
<li>Remove a drop that can no longer be explicit</li>
<li>Add <code>#![allow(unexpected_cfgs)]</code> in nightly</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/zip-rs/zip2/blob/master/CHANGELOG.md">zip's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/zip-rs/zip2/compare/v1.2.0...v1.2.1">1.2.1</a>
- 2024-05-06</h2>
<h3><!-- raw HTML omitted -->🐛 Bug Fixes</h3>
<ul>
<li>Prevent panic when trying to read a file with an unsupported
compression method</li>
<li>Prevent panic after reading an invalid LZMA file</li>
<li>Make <code>Stored</code> the default compression method if
<code>Deflated</code> isn't available, so that zip files are readable by
as much software as possible</li>
<li>version_needed was wrong when e.g. cfg(bzip2) but current file
wasn't bzip2 (<a
href="https://redirect.github.com/zip-rs/zip2/pull/100">#100</a>)</li>
<li>file paths shouldn't start with slashes (<a
href="https://redirect.github.com/zip-rs/zip2/pull/102">#102</a>)</li>
</ul>
<h3><!-- raw HTML omitted -->🚜 Refactor</h3>
<ul>
<li>Overhaul <code>impl Arbitrary for FileOptions</code></li>
<li>Remove unused <code>atomic</code> module</li>
</ul>
<h2><a
href="https://github.com/zip-rs/zip2/compare/v1.1.4...v1.2.0">1.2.0</a>
- 2024-05-06</h2>
<h3><!-- raw HTML omitted -->🚀 Features</h3>
<ul>
<li>Add method <code>decompressed_size()</code> so non-recursive ZIP
bombs can be detected</li>
</ul>
<h3><!-- raw HTML omitted -->🚜 Refactor</h3>
<ul>
<li>Make <code>ZipWriter::finish()</code> consume the
<code>ZipWriter</code></li>
</ul>
<h3><!-- raw HTML omitted -->⚙️ Miscellaneous Tasks</h3>
<ul>
<li>Use panic! rather than abort to ensure the fuzz harness can process
the failure</li>
<li>Update fuzz_write to use replace_with</li>
<li>Remove a drop that can no longer be explicit</li>
<li>Add <code>#![allow(unexpected_cfgs)]</code> in nightly</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/zip-rs/zip2/commit/b725303cce4fda36737da2c93d2228581bfd7632"><code>b725303</code></a>
Merge pull request <a
href="https://redirect.github.com/zip-rs/zip2/issues/103">#103</a> from
zip-rs/release-plz-2024-05-06T17-54-03Z</li>
<li><a
href="https://github.com/zip-rs/zip2/commit/a1f239980ebf4e78e36f2e45a1e00705c77adb73"><code>a1f2399</code></a>
chore: release</li>
<li><a
href="https://github.com/zip-rs/zip2/commit/f7ab2ae506f7c6be05a8f9362731397ddd2f2d1d"><code>f7ab2ae</code></a>
fix: Prevent panic when trying to read a file with an unsupported
compression...</li>
<li><a
href="https://github.com/zip-rs/zip2/commit/7f46b77da208648e311a0739a253365b4930c6b1"><code>7f46b77</code></a>
ci: Upload leak reports if fuzz fails</li>
<li><a
href="https://github.com/zip-rs/zip2/commit/d13031cc14738d2c4c0d75e43b039a0e06dcdf15"><code>d13031c</code></a>
fix: Prevent panic after reading an invalid LZMA file</li>
<li><a
href="https://github.com/zip-rs/zip2/commit/8868a11d23976ea5d8d6e1a34e854164b2723d7a"><code>8868a11</code></a>
test(fuzz): Fix a fuzz-read bug when finishing LZMA</li>
<li><a
href="https://github.com/zip-rs/zip2/commit/b277298d7fdddb68e7e2a9f287b49a40e7db35e1"><code>b277298</code></a>
test(fuzz): Fix: need to accept FileNotFound from abort</li>
<li><a
href="https://github.com/zip-rs/zip2/commit/162c9b7281736fb96a17e8cad3b3bf0758384ca7"><code>162c9b7</code></a>
test(fuzz): Fix bugs that were breaking the fuzz test</li>
<li><a
href="https://github.com/zip-rs/zip2/commit/447f9c6e4f84801a859c78d3408b5b3e0738b0a5"><code>447f9c6</code></a>
refactor: Overhaul <code>impl Arbitrary for FileOptions</code></li>
<li><a
href="https://github.com/zip-rs/zip2/commit/845c3ec91f1beff559af8b5da19b5fc3fa332abc"><code>845c3ec</code></a>
refactor: Remove unused <code>atomic</code> module</li>
<li>Additional commits viewable in <a
href="https://github.com/zip-rs/zip2/compare/v1.1.4...v1.2.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zip&package-manager=cargo&previous-version=1.1.4&new-version=1.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 userspace/ksud/Cargo.lock | 6 +++---
 userspace/ksud/Cargo.toml | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/userspace/ksud/Cargo.lock b/userspace/ksud/Cargo.lock
index 87b219a09e48..d3ddd289da25 100644
--- a/userspace/ksud/Cargo.lock
+++ b/userspace/ksud/Cargo.lock
@@ -877,7 +877,7 @@ dependencies = [
  "sha256",
  "tempdir",
  "which",
- "zip 1.1.4",
+ "zip 1.2.1",
  "zip-extensions",
 ]
 
@@ -1799,9 +1799,9 @@ dependencies = [
 
 [[package]]
 name = "zip"
-version = "1.1.4"
+version = "1.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9cc23c04387f4da0374be4533ad1208cbb091d5c11d070dfef13676ad6497164"
+checksum = "006d078b7b6fc587bb25e022ad39e7086f44e5c4fef6076964ea601533241beb"
 dependencies = [
  "arbitrary",
  "bzip2",
diff --git a/userspace/ksud/Cargo.toml b/userspace/ksud/Cargo.toml
index 3aaf32d41d32..51bc29789a3b 100644
--- a/userspace/ksud/Cargo.toml
+++ b/userspace/ksud/Cargo.toml
@@ -10,7 +10,7 @@ rust-version = "1.77.2"
 anyhow = "1"
 clap = { version = "4", features = ["derive"] }
 const_format = "0.2"
-zip = { version = "1.1", features = [
+zip = { version = "1.2", features = [
     "deflate",
     "deflate64",
     "bzip2",

From e0267a22f81650f222e275d6383d36e805cf5da1 Mon Sep 17 00:00:00 2001
From: "Weblate (bot)" <hosted@weblate.org>
Date: Wed, 8 May 2024 10:02:12 +0200
Subject: [PATCH 08/13] Translations update from Hosted Weblate (#1662)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Translations update from [Hosted Weblate](https://hosted.weblate.org)
for
[KernelSU/Manager](https://hosted.weblate.org/projects/kernelsu/manager/).



Current translation status:

![Weblate translation
status](https://hosted.weblate.org/widget/kernelsu/manager/horizontal-auto.svg)

---------

Co-authored-by: Fede2782 <78815152+Fede2782@users.noreply.github.com>
Co-authored-by: Ričards L <ricards.lacis18@gmail.com>
Co-authored-by: Pierre GRASSER <pierre.grasser@proton.me>
Co-authored-by: yuztass <inkognito0901@gmail.com>
Co-authored-by: AndroPlus <hosigumayuugi@gmail.com>
Co-authored-by: dabao1955 <dabao1955@163.com>
Co-authored-by: Igor Sorocean <sorocean.igor@gmail.com>
---
 .../app/src/main/res/values-fr/strings.xml    | 11 +++++++
 .../app/src/main/res/values-it/strings.xml    |  2 +-
 .../app/src/main/res/values-ja/strings.xml    |  8 ++---
 .../app/src/main/res/values-lv/strings.xml    | 33 +++++++++++++++++--
 .../app/src/main/res/values-nl/strings.xml    |  6 ++++
 .../app/src/main/res/values-ro/strings.xml    |  3 ++
 .../app/src/main/res/values-ru/strings.xml    |  6 ++--
 7 files changed, 59 insertions(+), 10 deletions(-)

diff --git a/manager/app/src/main/res/values-fr/strings.xml b/manager/app/src/main/res/values-fr/strings.xml
index 163e8b596b22..1c3c3d5b919c 100644
--- a/manager/app/src/main/res/values-fr/strings.xml
+++ b/manager/app/src/main/res/values-fr/strings.xml
@@ -120,4 +120,15 @@
     <string name="select_kmi">Sélectionner une KMI</string>
     <string name="shrink_sparse_image">Minimiser l\'image clairsemée</string>
     <string name="shrink_sparse_image_message">Redimensionne l\'image clairsemée où se trouve le module à sa taille réelle. Notez que cela peut entraîner un dysfonctionnement du module, alors utilisez cette fonctionnalité uniquement lorsque nécessaire (pour la sauvegarde, par exemple)</string>
+    <string name="settings_uninstall">Désinstaller</string>
+    <string name="settings_uninstall_temporary">Désinstaller temporairement</string>
+    <string name="settings_uninstall_permanent">Désinstaller définitivement</string>
+    <string name="settings_restore_stock_image">Restaurer l\'image stock</string>
+    <string name="settings_restore_stock_image_message">Restaurer l\'image stock d\'usine (s\'il en existe une sauvegarde), option généralement utilisée avant une mise à jour OTA ; si vous avez besoin de désinstaller KernelSU, utilisez plutôt l\'option « Désinstaller définitivement ».</string>
+    <string name="flashing">Flash en cours</string>
+    <string name="flash_success">Flash réussi</string>
+    <string name="flash_failed">Échec du flash</string>
+    <string name="selected_lkm">lkm sélectionné : %s</string>
+    <string name="settings_uninstall_permanent_message">Désinstallation complète et permanente de KernelSU (root et tous les modules).</string>
+    <string name="settings_uninstall_temporary_message">Désinstaller KernelSU temporairement et rétablir l\'état original au redémarrage suivant.</string>
 </resources>
\ No newline at end of file
diff --git a/manager/app/src/main/res/values-it/strings.xml b/manager/app/src/main/res/values-it/strings.xml
index bf224c17fd25..885f5d8fdf63 100644
--- a/manager/app/src/main/res/values-it/strings.xml
+++ b/manager/app/src/main/res/values-it/strings.xml
@@ -11,7 +11,7 @@
     <string name="home_unsupported_reason">KernelSU ora supporta solo i kernel GKI</string>
     <string name="home_kernel">Kernel</string>
     <string name="home_manager_version">Versione del manager</string>
-    <string name="home_fingerprint">Impronta</string>
+    <string name="home_fingerprint">Impronta della build di Android</string>
     <string name="home_selinux_status">Stato di SELinux</string>
     <string name="selinux_status_disabled">Disabilitato</string>
     <string name="selinux_status_enforcing">Enforcing</string>
diff --git a/manager/app/src/main/res/values-ja/strings.xml b/manager/app/src/main/res/values-ja/strings.xml
index f1c5c401cd34..d210e0e19df6 100644
--- a/manager/app/src/main/res/values-ja/strings.xml
+++ b/manager/app/src/main/res/values-ja/strings.xml
@@ -118,15 +118,15 @@
 \n続く？</string>
     <string name="direct_install">直接インストール (推奨)</string>
     <string name="select_file">ファイルを選択してください</string>
-    <string name="shrink_sparse_image">まばらな画像を最小限に抑える</string>
-    <string name="shrink_sparse_image_message">モジュールが配置されているスパース イメージのサイズを実際のサイズに変更します。 モジュールが正常に動作しなくなる可能性がありますので、必要な場合（バックアップ等）にのみご使用ください</string>
+    <string name="shrink_sparse_image">スパースイメージを最小化</string>
+    <string name="shrink_sparse_image_message">モジュールが配置されているスパースイメージのサイズを実際のサイズに変更します。 モジュールが正常に動作しなくなる可能性がありますので、必要な場合にのみご使用ください</string>
     <string name="settings_uninstall_permanent">完全にアンインストールする</string>
-    <string name="settings_restore_stock_image">ストック图像を復元</string>
+    <string name="settings_restore_stock_image">ストックイメージを復元</string>
     <string name="settings_uninstall_temporary">一時的にアンインストールする</string>
     <string name="settings_uninstall">アンインストール</string>
     <string name="settings_uninstall_temporary_message">KernelSU を一時的にアンインストールし、次回の再起動後に元の状態に戻します。</string>
     <string name="settings_uninstall_permanent_message">KernelSU (ルートおよびすべてのモジュール) を完全かつ永久にアンインストールします。</string>
-    <string name="settings_restore_stock_image_message">通常、OTA の前に使用される工場出荷時のイメージを復元します (バックアップが存在する場合)。 KernelSUをアンインストールする必要がある場合は、「永久アンインストール」を使用してください。</string>
+    <string name="settings_restore_stock_image_message">バックアップが存在する場合、工場出荷時のイメージを復元できます (OTA の前に使用してください)。KernelSU をアンインストールする必要がある場合は、「完全にアンインストールする」を使用してください。</string>
     <string name="flashing">フラッシュ</string>
     <string name="flash_success">フラッシュ成功</string>
     <string name="flash_failed">フラッシュ失敗</string>
diff --git a/manager/app/src/main/res/values-lv/strings.xml b/manager/app/src/main/res/values-lv/strings.xml
index f185a312b3f3..70c2fe269e87 100644
--- a/manager/app/src/main/res/values-lv/strings.xml
+++ b/manager/app/src/main/res/values-lv/strings.xml
@@ -17,7 +17,7 @@
     <string name="home_superuser_count">Superlietotāji: %d</string>
     <string name="home_module_count">Moduļi: %d</string>
     <string name="home_unsupported">Neatbalstīts</string>
-    <string name="home_unsupported_reason">KernelSU tagad atbalsta tikai GKI kodolus</string>
+    <string name="home_unsupported_reason">KernelSU atbalsta tikai GKI kodolus</string>
     <string name="home_kernel">Kodols</string>
     <string name="home_manager_version">Pārvaldnieka versija</string>
     <string name="home_fingerprint">Pirkstu nospiedums</string>
@@ -51,7 +51,7 @@
     <string name="home_learn_kernelsu_url">https://kernelsu.org/guide/what-is-kernelsu.html</string>
     <string name="home_click_to_learn_kernelsu">Uzzināt, kā instalēt KernelSU un izmantot moduļus</string>
     <string name="home_support_title">Atbalsti mūs</string>
-    <string name="about_source_code">Skatiet avota kodu vietnē %1$s<br/>Pievienojies mūsu %2$s kanālam</string>
+    <string name="about_source_code">Skatiet avota kodu vietnē %1$s<br/> Pievienojies mūsu %2$s kanālam</string>
     <string name="profile_default">Noklusējums</string>
     <string name="profile_template">Veidne</string>
     <string name="profile_custom">Pielāgots</string>
@@ -101,4 +101,33 @@
     <string name="profile_groups">Grupas</string>
     <string name="profile_namespace_global">Globāli</string>
     <string name="require_kernel_version">Pašreizējā KernelSU versija %d ir pārāk zema, lai pārvaldnieks darbotos pareizi. Lūdzu, atjauniniet uz versiju %d vai jaunāku!</string>
+    <string name="enable_web_debugging">Iespējot WebView atkļūdošanu</string>
+    <string name="select_file_tip">Ieteicams %1$s nodalījuma attēls</string>
+    <string name="install_next">Nākamais</string>
+    <string name="profile_namespace_inherited">Mantots</string>
+    <string name="select_file">Izvēlieties failu</string>
+    <string name="install_inactive_slot">Instalēt neaktīvajā slotā (pēc OTA)</string>
+    <string name="install_inactive_slot_warning">Pēc restartēšanas jūsu ierīce tiks **PIESPIESTI** palaista pašreizējā neaktīvajā slotā!
+\nIzmantojiet šo opciju tikai pēc OTA pabeigšanas
+\nTurpināt?</string>
+    <string name="direct_install">Tiešā instalēšana (Ieteicams)</string>
+    <string name="settings_uninstall">Atinstalēt</string>
+    <string name="settings_uninstall_temporary">Pagaidu atinstalēšana</string>
+    <string name="settings_restore_stock_image">Atjaunot oriģinālo attēlu</string>
+    <string name="settings_uninstall_temporary_message">Īslaicīgi atinstalēt KernelSU, pēc nākamās restartēšanas atjaunot sākotnējo stāvokli.</string>
+    <string name="settings_uninstall_permanent_message">KernelSU (saknes un visu moduļu) pilnīga atinstalēšana.</string>
+    <string name="settings_restore_stock_image_message">Atjaunojot rūpnīcas attēlu (ja ir dublējums), ko parasti izmanto pirms OTA; ja nepieciešams atinstalēt KernelSU, lūdzu, izmantojiet \"Neatgriezeniski atinstalēt\".</string>
+    <string name="selected_lkm">Izvēlētais lkm: %s</string>
+    <string name="grant_root_failed">Neizdevās piešķirt sakni!</string>
+    <string name="open">Atvērt</string>
+    <string name="settings_check_update">Pārbaudīt atjauninājumus</string>
+    <string name="settings_check_update_summary">Automātiski pārbaudīt atjauninājumus atverot aplikāciju</string>
+    <string name="enable_web_debugging_summary">Var izmantot WebUI atkļūdošanai, lūdzu, izmantot tikai tad, kad tas ir nepieciešams.</string>
+    <string name="select_kmi">Izvēlieties KMI</string>
+    <string name="settings_uninstall_permanent">Neatgriezeniski atinstalēt</string>
+    <string name="flashing">Instalē</string>
+    <string name="flash_success">Instalēts veiksmīgi</string>
+    <string name="flash_failed">Instalēšana neizdevās</string>
+    <string name="shrink_sparse_image">Samazināt reto attēlu</string>
+    <string name="shrink_sparse_image_message">Mainīt retā attēla izmēru, kurā atrodas modulis, līdz tā faktiskajam izmēram. Ņemiet vērā, ka tas var izraisīt moduļa neparastu darbību, tāpēc, lūdzu, izmantojiet tikai nepieciešamības gadījumā (piemēram, dublēšanai)</string>
 </resources>
\ No newline at end of file
diff --git a/manager/app/src/main/res/values-nl/strings.xml b/manager/app/src/main/res/values-nl/strings.xml
index 8e82e2af05b4..791bf4739cbe 100644
--- a/manager/app/src/main/res/values-nl/strings.xml
+++ b/manager/app/src/main/res/values-nl/strings.xml
@@ -119,4 +119,10 @@
 \nGebruik deze optie alleen nadat OTA is voltooid.
 \nDoorgaan?</string>
     <string name="install_inactive_slot">Installeren in inactief slot (na OTA)</string>
+    <string name="select_kmi">KMI selecteren</string>
+    <string name="settings_uninstall">Desinstalleren</string>
+    <string name="settings_uninstall_temporary">Tijdelijk verwijderen</string>
+    <string name="settings_uninstall_permanent">Permanent verwijderen</string>
+    <string name="settings_restore_stock_image">Herstel stockafbeelding</string>
+    <string name="settings_uninstall_temporary_message">Verwijder KernelSU tijdelijk en herstel het naar de oorspronkelijke staat na de volgende herstart.</string>
 </resources>
\ No newline at end of file
diff --git a/manager/app/src/main/res/values-ro/strings.xml b/manager/app/src/main/res/values-ro/strings.xml
index 933108910714..4a991ef72713 100644
--- a/manager/app/src/main/res/values-ro/strings.xml
+++ b/manager/app/src/main/res/values-ro/strings.xml
@@ -125,4 +125,7 @@
     <string name="settings_uninstall_permanent">Dezinstalează definitiv</string>
     <string name="settings_uninstall_permanent_message">Dezinstalare KernelSU (Root și toate modulele) complet și permanent.</string>
     <string name="settings_restore_stock_image_message">Restaurează imaginea stoc din fabrică (dacă există o copie de rezervă), utilizată de obicei înainte de OTA; dacă trebuie să dezinstalezi KernelSU, utilizează „Dezinstalare permanentă”.</string>
+    <string name="flashing">Instalare</string>
+    <string name="flash_success">Instalare reușită</string>
+    <string name="flash_failed">Instalarea a eșuat</string>
 </resources>
\ No newline at end of file
diff --git a/manager/app/src/main/res/values-ru/strings.xml b/manager/app/src/main/res/values-ru/strings.xml
index b22f275919cc..f07ef3e2eb8c 100644
--- a/manager/app/src/main/res/values-ru/strings.xml
+++ b/manager/app/src/main/res/values-ru/strings.xml
@@ -130,8 +130,8 @@
     <string name="settings_uninstall">Удалить</string>
     <string name="settings_restore_stock_image">Восстановить Сток образ</string>
     <string name="settings_restore_stock_image_message">Восстановить стоковый заводской образ (если существует резервная копия), обычно используется перед OTA; если вам нужно удалить KernelSU, используйте «Удалить Навсегда».</string>
-    <string name="flash_success">Прошивка выполнена</string>
-    <string name="flashing">Прошивка</string>
-    <string name="flash_failed">Прошивка не выполнена</string>
+    <string name="flash_success">Установка выполнена</string>
+    <string name="flashing">Установка</string>
+    <string name="flash_failed">Установка не выполнена</string>
     <string name="selected_lkm">Выбран lkm: %s</string>
 </resources>
\ No newline at end of file

From 98757bcdb35ba20a1c11399173ceeab571d64b50 Mon Sep 17 00:00:00 2001
From: weishu <twsxtd@gmail.com>
Date: Wed, 8 May 2024 21:15:41 +0800
Subject: [PATCH 09/13] kernel: transition devpts in kernel

---
 kernel/ksud.c            |  5 +++
 kernel/ksud.h            |  2 +
 kernel/selinux/selinux.c | 13 +++++++
 kernel/selinux/selinux.h |  2 +
 kernel/sucompat.c        | 80 +++++++++++++++++++++++++++++++++-------
 5 files changed, 89 insertions(+), 13 deletions(-)

diff --git a/kernel/ksud.c b/kernel/ksud.c
index efa16398a630..68e473524284 100644
--- a/kernel/ksud.c
+++ b/kernel/ksud.c
@@ -64,6 +64,8 @@ bool ksu_execveat_hook __read_mostly = true;
 bool ksu_input_hook __read_mostly = true;
 #endif
 
+u32 ksu_devpts_sid;
+
 void on_post_fs_data(void)
 {
 	static bool done = false;
@@ -76,6 +78,9 @@ void on_post_fs_data(void)
 	ksu_load_allow_list();
 	// sanity check, this may influence the performance
 	stop_input_hook();
+
+	ksu_devpts_sid = ksu_get_devpts_sid();
+	pr_info("devpts sid: %d\n", ksu_devpts_sid);
 }
 
 #define MAX_ARG_STRINGS 0x7FFFFFFF
diff --git a/kernel/ksud.h b/kernel/ksud.h
index eafb31472f12..cc2df243a8f0 100644
--- a/kernel/ksud.h
+++ b/kernel/ksud.h
@@ -9,4 +9,6 @@ void on_post_fs_data(void);
 
 bool ksu_is_safe_mode(void);
 
+extern u32 ksu_devpts_sid;
+
 #endif
diff --git a/kernel/selinux/selinux.c b/kernel/selinux/selinux.c
index 40a926318a68..c333e8a800e6 100644
--- a/kernel/selinux/selinux.c
+++ b/kernel/selinux/selinux.c
@@ -129,4 +129,17 @@ bool is_zygote(void *sec)
 	result = strncmp("u:r:zygote:s0", domain, seclen) == 0;
 	security_release_secctx(domain, seclen);
 	return result;
+}
+
+#define DEVPTS_DOMAIN "u:object_r:devpts:s0"
+
+u32 ksu_get_devpts_sid()
+{
+	u32 devpts_sid = 0;
+	int err = security_secctx_to_secid(DEVPTS_DOMAIN, strlen(DEVPTS_DOMAIN),
+					   &devpts_sid);
+	if (err) {
+		pr_info("get devpts sid err %d\n", err);
+	}
+	return devpts_sid;
 }
\ No newline at end of file
diff --git a/kernel/selinux/selinux.h b/kernel/selinux/selinux.h
index 0c4978568af7..07120c253268 100644
--- a/kernel/selinux/selinux.h
+++ b/kernel/selinux/selinux.h
@@ -20,4 +20,6 @@ bool is_zygote(void *cred);
 
 void apply_kernelsu_rules();
 
+u32 ksu_get_devpts_sid();
+
 #endif
diff --git a/kernel/sucompat.c b/kernel/sucompat.c
index f43c20633eeb..66f4532a991a 100644
--- a/kernel/sucompat.c
+++ b/kernel/sucompat.c
@@ -1,3 +1,5 @@
+#include <linux/dcache.h>
+#include <linux/security.h>
 #include <asm/current.h>
 #include <linux/cred.h>
 #include <linux/err.h>
@@ -12,6 +14,7 @@
 #include <linux/sched.h>
 #endif
 
+#include "objsec.h"
 #include "allowlist.h"
 #include "arch.h"
 #include "klog.h" // IWYU pragma: keep
@@ -47,7 +50,7 @@ static char __user *ksud_user_path(void)
 }
 
 int ksu_handle_faccessat(int *dfd, const char __user **filename_user, int *mode,
-			 int * __unused_flags)
+			 int *__unused_flags)
 {
 	const char su[] = SU_PATH;
 
@@ -87,7 +90,7 @@ int ksu_handle_stat(int *dfd, const char __user **filename_user, int *flags)
 	// it becomes a `struct filename *` after 5.18
 	// https://elixir.bootlin.com/linux/v5.18/source/fs/stat.c#L216
 	const char sh[] = SH_PATH;
-	struct filename *filename = * ((struct filename **) filename_user);
+	struct filename *filename = *((struct filename **)filename_user);
 	if (IS_ERR(filename)) {
 		return 0;
 	}
@@ -109,7 +112,8 @@ int ksu_handle_stat(int *dfd, const char __user **filename_user, int *flags)
 
 // the call from execve_handler_pre won't provided correct value for __never_use_argument, use them after fix execve_handler_pre, keeping them for consistence for manually patched code
 int ksu_handle_execveat_sucompat(int *fd, struct filename **filename_ptr,
-				 void *__never_use_argv, void *__never_use_envp, int *__never_use_flags)
+				 void *__never_use_argv, void *__never_use_envp,
+				 int *__never_use_flags)
 {
 	struct filename *filename;
 	const char sh[] = KSUD_PATH;
@@ -138,7 +142,8 @@ int ksu_handle_execveat_sucompat(int *fd, struct filename **filename_ptr,
 }
 
 int ksu_handle_execve_sucompat(int *fd, const char __user **filename_user,
-				 void *__never_use_argv, void *__never_use_envp, int *__never_use_flags)
+			       void *__never_use_argv, void *__never_use_envp,
+			       int *__never_use_flags)
 {
 	const char su[] = SU_PATH;
 	char path[sizeof(su) + 1];
@@ -165,7 +170,8 @@ int ksu_handle_execve_sucompat(int *fd, const char __user **filename_user,
 
 #ifdef CONFIG_KPROBES
 
-__maybe_unused static int faccessat_handler_pre(struct kprobe *p, struct pt_regs *regs)
+__maybe_unused static int faccessat_handler_pre(struct kprobe *p,
+						struct pt_regs *regs)
 {
 	int *dfd = (int *)&PT_REGS_PARM1(regs);
 	const char __user **filename_user = (const char **)&PT_REGS_PARM2(regs);
@@ -180,21 +186,23 @@ static int sys_faccessat_handler_pre(struct kprobe *p, struct pt_regs *regs)
 {
 	struct pt_regs *real_regs = PT_REAL_REGS(regs);
 	int *dfd = (int *)&PT_REGS_PARM1(real_regs);
-	const char __user **filename_user = (const char **)&PT_REGS_PARM2(real_regs);
+	const char __user **filename_user =
+		(const char **)&PT_REGS_PARM2(real_regs);
 	int *mode = (int *)&PT_REGS_PARM3(real_regs);
 
 	return ksu_handle_faccessat(dfd, filename_user, mode, NULL);
 }
 
-__maybe_unused static int newfstatat_handler_pre(struct kprobe *p, struct pt_regs *regs)
+__maybe_unused static int newfstatat_handler_pre(struct kprobe *p,
+						 struct pt_regs *regs)
 {
 	int *dfd = (int *)&PT_REGS_PARM1(regs);
 	const char __user **filename_user = (const char **)&PT_REGS_PARM2(regs);
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 11, 0)
-// static int vfs_statx(int dfd, const char __user *filename, int flags, struct kstat *stat, u32 request_mask)
+	// static int vfs_statx(int dfd, const char __user *filename, int flags, struct kstat *stat, u32 request_mask)
 	int *flags = (int *)&PT_REGS_PARM3(regs);
 #else
-// int vfs_fstatat(int dfd, const char __user *filename, struct kstat *stat,int flag)
+	// int vfs_fstatat(int dfd, const char __user *filename, struct kstat *stat,int flag)
 	int *flags = (int *)&PT_REGS_CCALL_PARM4(regs);
 #endif
 
@@ -205,7 +213,8 @@ static int sys_newfstatat_handler_pre(struct kprobe *p, struct pt_regs *regs)
 {
 	struct pt_regs *real_regs = PT_REAL_REGS(regs);
 	int *dfd = (int *)&PT_REGS_PARM1(real_regs);
-	const char __user **filename_user = (const char **)&PT_REGS_PARM2(real_regs);
+	const char __user **filename_user =
+		(const char **)&PT_REGS_PARM2(real_regs);
 	int *flags = (int *)&PT_REGS_SYSCALL_PARM4(real_regs);
 
 	return ksu_handle_stat(dfd, filename_user, flags);
@@ -224,9 +233,11 @@ static int execve_handler_pre(struct kprobe *p, struct pt_regs *regs)
 static int sys_execve_handler_pre(struct kprobe *p, struct pt_regs *regs)
 {
 	struct pt_regs *real_regs = PT_REAL_REGS(regs);
-	const char __user **filename_user = (const char **)&PT_REGS_PARM1(real_regs);
+	const char __user **filename_user =
+		(const char **)&PT_REGS_PARM1(real_regs);
 
-	return ksu_handle_execve_sucompat(AT_FDCWD, filename_user, NULL, NULL, NULL);
+	return ksu_handle_execve_sucompat(AT_FDCWD, filename_user, NULL, NULL,
+					  NULL);
 }
 
 #if 1
@@ -279,6 +290,45 @@ static struct kprobe execve_kp = {
 };
 #endif
 
+static int devpts_get_priv_pre(struct kprobe *p, struct pt_regs *regs)
+{
+	if (!current->mm) {
+		return 0;
+	}
+
+	uid_t uid = current_uid().val;
+	if (uid % 100000 < 10000) {
+		// not untrusted_app, ignore it
+		return 0;
+	}
+
+	if (!ksu_is_allow_uid(uid))
+		return 0;
+
+	struct inode *inode;
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 6, 0)
+	struct dentry *dentry = (struct dentry *)PT_REGS_PARM1(regs);
+	inode = dentry->d_inode;
+#else
+	inode = (struct inode *)PT_REGS_PARM1(real_regs);
+#endif
+
+	if (ksu_devpts_sid) {
+		struct inode_security_struct *sec = selinux_inode(inode);
+		if (sec) {
+			sec->sid = ksu_devpts_sid;
+			inode->i_uid.val = 0;
+			inode->i_gid.val = 0;
+		}
+	}
+
+	return 0;
+}
+
+static struct kprobe devpts_get_priv_kp = { .symbol_name = "devpts_get_priv",
+					    .pre_handler =
+						    devpts_get_priv_pre };
+
 #endif
 
 // sucompat: permited process can execute 'su' to gain root access.
@@ -292,13 +342,17 @@ void ksu_sucompat_init()
 	pr_info("sucompat: newfstatat_kp: %d\n", ret);
 	ret = register_kprobe(&faccessat_kp);
 	pr_info("sucompat: faccessat_kp: %d\n", ret);
+	ret = register_kprobe(&devpts_get_priv_kp);
+	pr_info("sucompat: devpts_kp: %d\n", ret);
 #endif
 }
 
-void ksu_sucompat_exit() {
+void ksu_sucompat_exit()
+{
 #ifdef CONFIG_KPROBES
 	unregister_kprobe(&execve_kp);
 	unregister_kprobe(&newfstatat_kp);
 	unregister_kprobe(&faccessat_kp);
+	unregister_kprobe(&devpts_get_priv_kp);
 #endif
 }

From a3df721b845f288a731916fc7777efeefb033af7 Mon Sep 17 00:00:00 2001
From: weishu <twsxtd@gmail.com>
Date: Wed, 8 May 2024 21:17:24 +0800
Subject: [PATCH 10/13] Revert "su: allocate new pty (#1693)"

This reverts commit 935dc18faace4dfdda79d3f00bf1ed2632a94628.
---
 userspace/ksud/src/cli.rs        |   4 +-
 userspace/ksud/src/defs.rs       |   2 -
 userspace/ksud/src/init_event.rs |   6 -
 userspace/ksud/src/main.rs       |   2 -
 userspace/ksud/src/mount.rs      |  19 ---
 userspace/ksud/src/pty.rs        | 195 -------------------------------
 userspace/ksud/src/su.rs         |  10 --
 7 files changed, 2 insertions(+), 236 deletions(-)
 delete mode 100644 userspace/ksud/src/pty.rs

diff --git a/userspace/ksud/src/cli.rs b/userspace/ksud/src/cli.rs
index b3954bd168a8..cd96a360f346 100644
--- a/userspace/ksud/src/cli.rs
+++ b/userspace/ksud/src/cli.rs
@@ -1,6 +1,6 @@
 use anyhow::{Ok, Result};
 use clap::Parser;
-use std::path::{Path, PathBuf};
+use std::path::PathBuf;
 
 #[cfg(target_os = "android")]
 use android_logger::Config;
@@ -283,7 +283,7 @@ pub fn run() -> Result<()> {
 
     // the kernel executes su with argv[0] = "su" and replace it with us
     let arg0 = std::env::args().next().unwrap_or_default();
-    if Path::new(&arg0).file_name().and_then(|f| f.to_str()) == Some("su") {
+    if arg0 == "su" || arg0 == "/system/bin/su" {
         return crate::su::root_shell();
     }
 
diff --git a/userspace/ksud/src/defs.rs b/userspace/ksud/src/defs.rs
index bcde77120ee4..c4b9fc3f989b 100644
--- a/userspace/ksud/src/defs.rs
+++ b/userspace/ksud/src/defs.rs
@@ -43,5 +43,3 @@ pub const VERSION_NAME: &str = include_str!(concat!(env!("OUT_DIR"), "/VERSION_N
 pub const KSU_BACKUP_DIR: &str = WORKING_DIR;
 pub const KSU_BACKUP_FILE_PREFIX: &str = "ksu_backup_";
 pub const BACKUP_FILENAME: &str = "stock_image.sha1";
-
-pub const PTS_NAME: &str = "pts";
diff --git a/userspace/ksud/src/init_event.rs b/userspace/ksud/src/init_event.rs
index f2334d1bf897..7107ff74225d 100644
--- a/userspace/ksud/src/init_event.rs
+++ b/userspace/ksud/src/init_event.rs
@@ -2,7 +2,6 @@ use anyhow::{bail, Context, Result};
 use log::{info, warn};
 use std::{collections::HashMap, path::Path};
 
-use crate::defs::PTS_NAME;
 use crate::module::prune_modules;
 use crate::{
     assets, defs, ksucalls, mount, restorecon,
@@ -194,11 +193,6 @@ pub fn on_post_data_fs() -> Result<()> {
     // mount temp dir
     if let Err(e) = mount::mount_tmpfs(utils::get_tmp_path()) {
         warn!("do temp dir mount failed: {}", e);
-    } else {
-        let pts_dir = format!("{}/{PTS_NAME}", utils::get_tmp_path());
-        if let Err(e) = mount::mount_devpts(pts_dir) {
-            warn!("do devpts mount failed: {}", e);
-        }
     }
 
     // exec modules post-fs-data scripts
diff --git a/userspace/ksud/src/main.rs b/userspace/ksud/src/main.rs
index b22de94805bb..3b51720557c1 100644
--- a/userspace/ksud/src/main.rs
+++ b/userspace/ksud/src/main.rs
@@ -9,8 +9,6 @@ mod ksucalls;
 mod module;
 mod mount;
 mod profile;
-#[cfg(any(target_os = "linux", target_os = "android"))]
-mod pty;
 mod restorecon;
 mod sepolicy;
 mod su;
diff --git a/userspace/ksud/src/mount.rs b/userspace/ksud/src/mount.rs
index 8eb0eb20908d..11be898bbeb7 100644
--- a/userspace/ksud/src/mount.rs
+++ b/userspace/ksud/src/mount.rs
@@ -1,5 +1,4 @@
 use anyhow::{anyhow, bail, Ok, Result};
-use std::fs::create_dir;
 
 #[cfg(any(target_os = "linux", target_os = "android"))]
 use anyhow::Context;
@@ -182,19 +181,6 @@ pub fn mount_tmpfs(dest: impl AsRef<Path>) -> Result<()> {
     Ok(())
 }
 
-#[cfg(any(target_os = "linux", target_os = "android"))]
-pub fn mount_devpts(dest: impl AsRef<Path>) -> Result<()> {
-    create_dir(dest.as_ref())?;
-    mount(
-        KSU_OVERLAY_SOURCE,
-        dest.as_ref(),
-        "devpts",
-        MountFlags::empty(),
-        "newinstance",
-    )?;
-    Ok(())
-}
-
 #[cfg(any(target_os = "linux", target_os = "android"))]
 pub fn bind_mount(from: impl AsRef<Path>, to: impl AsRef<Path>) -> Result<()> {
     info!(
@@ -339,8 +325,3 @@ pub fn mount_overlay(
 pub fn mount_tmpfs(_dest: impl AsRef<Path>) -> Result<()> {
     unimplemented!()
 }
-
-#[cfg(not(any(target_os = "linux", target_os = "android")))]
-pub fn mount_devpts(_dest: impl AsRef<Path>) -> Result<()> {
-    unimplemented!()
-}
diff --git a/userspace/ksud/src/pty.rs b/userspace/ksud/src/pty.rs
deleted file mode 100644
index 1a9258d20314..000000000000
--- a/userspace/ksud/src/pty.rs
+++ /dev/null
@@ -1,195 +0,0 @@
-use std::ffi::c_int;
-use std::fs::File;
-use std::io::{stderr, stdin, stdout, Error, ErrorKind, Read, Write};
-use std::mem::MaybeUninit;
-use std::os::fd::{AsFd, AsRawFd, OwnedFd, RawFd};
-use std::process::exit;
-use std::ptr::null_mut;
-use std::thread;
-
-use anyhow::{bail, Ok, Result};
-use libc::{
-    fork, pthread_sigmask, sigaddset, sigemptyset, sigset_t, sigwait, waitpid, winsize, SIGWINCH,
-    SIG_BLOCK, SIG_UNBLOCK, TIOCGWINSZ, TIOCSWINSZ,
-};
-use rustix::fs::{open, Mode, OFlags};
-use rustix::io::dup;
-use rustix::ioctl::{ioctl, Getter, ReadOpcode};
-use rustix::process::setsid;
-use rustix::pty::{grantpt, unlockpt};
-use rustix::stdio::{dup2_stderr, dup2_stdin, dup2_stdout};
-use rustix::termios::{isatty, tcgetattr, tcsetattr, OptionalActions, Termios};
-
-use crate::defs::PTS_NAME;
-use crate::utils::get_tmp_path;
-
-// https://github.com/topjohnwu/Magisk/blob/5627053b7481618adfdf8fa3569b48275589915b/native/src/core/su/pts.cpp
-
-fn get_pty_num<F: AsFd>(fd: F) -> Result<u32> {
-    Ok(unsafe {
-        let tiocgptn = Getter::<ReadOpcode<b'T', 0x30, u32>, u32>::new();
-        ioctl(fd, tiocgptn)?
-    })
-}
-
-static mut OLD_STDIN: Option<Termios> = None;
-
-fn watch_sigwinch_async(slave: RawFd) {
-    let mut winch = MaybeUninit::<sigset_t>::uninit();
-    unsafe {
-        sigemptyset(winch.as_mut_ptr());
-        sigaddset(winch.as_mut_ptr(), SIGWINCH);
-        pthread_sigmask(SIG_BLOCK, winch.as_mut_ptr(), null_mut());
-    }
-
-    thread::spawn(move || unsafe {
-        let mut winch = MaybeUninit::<sigset_t>::uninit();
-        sigemptyset(winch.as_mut_ptr());
-        sigaddset(winch.as_mut_ptr(), SIGWINCH);
-        pthread_sigmask(SIG_UNBLOCK, winch.as_mut_ptr(), null_mut());
-        let mut sig: c_int = 0;
-        loop {
-            let mut w = MaybeUninit::<winsize>::uninit();
-            if libc::ioctl(1, TIOCGWINSZ, w.as_mut_ptr()) < 0 {
-                continue;
-            }
-            libc::ioctl(slave, TIOCSWINSZ, w.as_mut_ptr());
-            if sigwait(winch.as_mut_ptr(), &mut sig) != 0 {
-                break;
-            }
-        }
-    });
-}
-
-fn set_stdin_raw() {
-    let mut termios = match tcgetattr(stdin()) {
-        Result::Ok(termios) => {
-            unsafe {
-                OLD_STDIN = Some(termios.clone());
-            }
-            termios
-        }
-        Err(_) => return,
-    };
-
-    termios.make_raw();
-
-    if tcsetattr(stdin(), OptionalActions::Flush, &termios).is_err() {
-        let _ = tcsetattr(stdin(), OptionalActions::Drain, &termios);
-    }
-}
-
-fn restore_stdin() {
-    let Some(termios) = (unsafe { OLD_STDIN.take() }) else {
-        return;
-    };
-
-    if tcsetattr(stdin(), OptionalActions::Flush, &termios).is_err() {
-        let _ = tcsetattr(stdin(), OptionalActions::Drain, &termios);
-    }
-}
-
-fn pump<R: Read, W: Write>(mut from: R, mut to: W) {
-    let mut buf = [0u8; 4096];
-    loop {
-        match from.read(&mut buf) {
-            Result::Ok(len) => {
-                if len == 0 {
-                    return;
-                }
-                if to.write_all(&buf[0..len]).is_err() {
-                    return;
-                }
-                if to.flush().is_err() {
-                    return;
-                }
-            }
-            Err(_) => {
-                return;
-            }
-        }
-    }
-}
-
-fn pump_stdin_async(mut ptmx: File) {
-    set_stdin_raw();
-
-    thread::spawn(move || {
-        let mut stdin = stdin();
-        pump(&mut stdin, &mut ptmx);
-    });
-}
-
-fn pump_stdout_blocking(mut ptmx: File) {
-    let mut stdout = stdout();
-    pump(&mut ptmx, &mut stdout);
-
-    restore_stdin();
-}
-
-fn create_transfer(ptmx: OwnedFd) -> Result<()> {
-    let pid = unsafe { fork() };
-    match pid {
-        d if d < 0 => bail!("fork"),
-        0 => return Ok(()),
-        _ => {}
-    }
-
-    let ptmx_r = ptmx;
-    let ptmx_w = dup(&ptmx_r).unwrap();
-
-    let ptmx_r = File::from(ptmx_r);
-    let ptmx_w = File::from(ptmx_w);
-
-    watch_sigwinch_async(ptmx_w.as_raw_fd());
-    pump_stdin_async(ptmx_r);
-    pump_stdout_blocking(ptmx_w);
-
-    let mut status: c_int = -1;
-
-    unsafe {
-        loop {
-            if waitpid(pid, &mut status, 0) == -1 {
-                let last_os_error = Error::last_os_error();
-                if last_os_error.kind() != ErrorKind::Interrupted {
-                    continue;
-                }
-            }
-            break;
-        }
-    }
-
-    exit(status)
-}
-
-pub fn prepare_pty() -> Result<()> {
-    let tty_in = isatty(stdin());
-    let tty_out = isatty(stdout());
-    let tty_err = isatty(stderr());
-    if !tty_in && !tty_out && !tty_err {
-        return Ok(());
-    }
-
-    let mut pts_path = format!("{}/{}", get_tmp_path(), PTS_NAME);
-    if !std::path::Path::new(&pts_path).exists() {
-        pts_path = "/dev/pts".to_string();
-    }
-    let ptmx_path = format!("{}/ptmx", pts_path);
-    let ptmx_fd = open(ptmx_path, OFlags::RDWR, Mode::empty())?;
-    grantpt(&ptmx_fd)?;
-    unlockpt(&ptmx_fd)?;
-    let pty_num = get_pty_num(&ptmx_fd)?;
-    create_transfer(ptmx_fd)?;
-    setsid()?;
-    let pty_fd = open(format!("{pts_path}/{pty_num}"), OFlags::RDWR, Mode::empty())?;
-    if tty_in {
-        dup2_stdin(&pty_fd)?;
-    }
-    if tty_out {
-        dup2_stdout(&pty_fd)?;
-    }
-    if tty_err {
-        dup2_stderr(&pty_fd)?;
-    }
-    Ok(())
-}
diff --git a/userspace/ksud/src/su.rs b/userspace/ksud/src/su.rs
index d97eff49a1f9..b19bf7a21ca1 100644
--- a/userspace/ksud/src/su.rs
+++ b/userspace/ksud/src/su.rs
@@ -11,8 +11,6 @@ use crate::{
     utils::{self, umask},
 };
 
-#[cfg(any(target_os = "linux", target_os = "android"))]
-use crate::pty::prepare_pty;
 #[cfg(any(target_os = "linux", target_os = "android"))]
 use rustix::{
     process::getuid,
@@ -140,7 +138,6 @@ pub fn root_shell() -> Result<()> {
         "Specify a supplementary group. The first specified supplementary group is also used as a primary group if the option -g is not specified.",
         "GROUP",
     );
-    opts.optflag("", "no-pty", "Do not allocate a new pseudo terminal.");
 
     // Replace -cn with -z, -mm with -M for supporting getopt_long
     let args = args
@@ -268,13 +265,6 @@ pub fn root_shell() -> Result<()> {
         command = command.env("ENV", defs::KSURC_PATH);
     }
 
-    #[cfg(target_os = "android")]
-    if !matches.opt_present("no-pty") {
-        if let Err(e) = prepare_pty() {
-            log::error!("failed to prepare pty: {:?}", e);
-        }
-    }
-
     // escape from the current cgroup and become session leader
     // WARNING!!! This cause some root shell hang forever!
     // command = command.process_group(0);

From a943528d8203f2bcd524bddb273fb3c00905ea67 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 9 May 2024 10:04:21 +0800
Subject: [PATCH 11/13] build(deps): bump agp from 8.3.2 to 8.4.0 in /manager
 (#1688)

Bumps `agp` from 8.3.2 to 8.4.0.
Updates `com.android.application` from 8.3.2 to 8.4.0

Updates `com.android.library` from 8.3.2 to 8.4.0


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 manager/gradle/libs.versions.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manager/gradle/libs.versions.toml b/manager/gradle/libs.versions.toml
index d031942affd8..5fdfaa014758 100644
--- a/manager/gradle/libs.versions.toml
+++ b/manager/gradle/libs.versions.toml
@@ -1,5 +1,5 @@
 [versions]
-agp = "8.3.2"
+agp = "8.4.0"
 kotlin = "1.9.23"
 ksp = "1.9.23-1.0.20"
 compose-compiler = "1.5.11"

From 109442f8c4c7692af6562bdad6fd9f39dc1f935b Mon Sep 17 00:00:00 2001
From: weishu <twsxtd@gmail.com>
Date: Thu, 9 May 2024 11:47:34 +0800
Subject: [PATCH 12/13] docs: Add devpts description for non gki

---
 kernel/sucompat.c                             | 55 +++++++++++--------
 .../guide/how-to-integrate-for-non-gki.md     | 38 +++++++++++--
 .../guide/how-to-integrate-for-non-gki.md     | 40 ++++++++++++--
 3 files changed, 101 insertions(+), 32 deletions(-)

diff --git a/kernel/sucompat.c b/kernel/sucompat.c
index 66f4532a991a..35417414625a 100644
--- a/kernel/sucompat.c
+++ b/kernel/sucompat.c
@@ -168,6 +168,37 @@ int ksu_handle_execve_sucompat(int *fd, const char __user **filename_user,
 	return 0;
 }
 
+int ksu_handle_devpts(struct inode *inode)
+{
+	if (!current->mm) {
+		return 0;
+	}
+
+	uid_t uid = current_uid().val;
+	if (uid % 100000 < 10000) {
+		// not untrusted_app, ignore it
+		return 0;
+	}
+
+	if (!ksu_is_allow_uid(uid))
+		return 0;
+
+	if (ksu_devpts_sid) {
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 1, 0)
+		struct inode_security_struct *sec = selinux_inode(inode);
+#else
+		struct inode_security_struct *sec = (struct inode_security_struct *) inode->i_security;
+#endif
+		if (sec) {
+			sec->sid = ksu_devpts_sid;
+			inode->i_uid.val = 0;
+			inode->i_gid.val = 0;
+		}
+	}
+
+	return 0;
+}
+
 #ifdef CONFIG_KPROBES
 
 __maybe_unused static int faccessat_handler_pre(struct kprobe *p,
@@ -292,19 +323,6 @@ static struct kprobe execve_kp = {
 
 static int devpts_get_priv_pre(struct kprobe *p, struct pt_regs *regs)
 {
-	if (!current->mm) {
-		return 0;
-	}
-
-	uid_t uid = current_uid().val;
-	if (uid % 100000 < 10000) {
-		// not untrusted_app, ignore it
-		return 0;
-	}
-
-	if (!ksu_is_allow_uid(uid))
-		return 0;
-
 	struct inode *inode;
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 6, 0)
 	struct dentry *dentry = (struct dentry *)PT_REGS_PARM1(regs);
@@ -313,16 +331,7 @@ static int devpts_get_priv_pre(struct kprobe *p, struct pt_regs *regs)
 	inode = (struct inode *)PT_REGS_PARM1(real_regs);
 #endif
 
-	if (ksu_devpts_sid) {
-		struct inode_security_struct *sec = selinux_inode(inode);
-		if (sec) {
-			sec->sid = ksu_devpts_sid;
-			inode->i_uid.val = 0;
-			inode->i_gid.val = 0;
-		}
-	}
-
-	return 0;
+	return ksu_handle_devpts(inode);
 }
 
 static struct kprobe devpts_get_priv_kp = { .symbol_name = "devpts_get_priv",
diff --git a/website/docs/guide/how-to-integrate-for-non-gki.md b/website/docs/guide/how-to-integrate-for-non-gki.md
index 18ba342b837a..69e332093852 100644
--- a/website/docs/guide/how-to-integrate-for-non-gki.md
+++ b/website/docs/guide/how-to-integrate-for-non-gki.md
@@ -264,6 +264,8 @@ index 2ff887661237..e758d7db7663 100644
  		return -EINVAL;
 ```
 
+### Safe Mode
+
 To enable KernelSU's builtin SafeMode, You should also modify `input_handle_event` in `drivers/input/input.c`:
 
 :::tip
@@ -297,6 +299,38 @@ index 45306f9ef247..815091ebfca4 100755
  		add_input_randomness(type, code, value);
 ```
 
+:::info Entering safe mode accidiently?
+If you use manual integration and do not disable `CONFIG_KPROBES`, then the user may trigger safe mode by pressing the volume down button after booting! Therefore if using manual integration you need to disable `CONFIG_KPROBES`!
+:::
+
+### Failed to execute `pm` in terminal?
+
+You should modify `fs/devpts/inode.c`, reference:
+
+```diff
+diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c
+index 32f6f1c68..d69d8eca2 100644
+--- a/fs/devpts/inode.c
++++ b/fs/devpts/inode.c
+@@ -602,6 +602,8 @@ struct dentry *devpts_pty_new(struct pts_fs_info *fsi, int index, void *priv)
+        return dentry;
+ }
+
++extern int ksu_handle_devpts(struct inode*);
++
+ /**
+  * devpts_get_priv -- get private data for a slave
+  * @pts_inode: inode of the slave
+@@ -610,6 +612,7 @@ struct dentry *devpts_pty_new(struct pts_fs_info *fsi, int index, void *priv)
+  */
+ void *devpts_get_priv(struct dentry *dentry)
+ {
++       ksu_handle_devpts(dentry->d_inode);
+        if (dentry->d_sb->s_magic != DEVPTS_SUPER_MAGIC)
+                return NULL;
+        return dentry->d_fsdata;
+```
+
 ### How to backport path_umount
 
 You can get module umount feature working on pre-GKI kernels by manually backporting `path_umount` from 5.9. You can use this patch as reference:
@@ -347,7 +381,3 @@ You can get module umount feature working on pre-GKI kernels by manually backpor
 ```
 
 Finally, build your kernel again, KernelSU should work well.
-
-:::info Entering safe mode accidiently?
-If you use manual integration and do not disable `CONFIG_KPROBES`, then the user may trigger safe mode by pressing the volume down button after booting! Therefore if using manual integration you need to disable `CONFIG_KPROBES`!
-:::
diff --git a/website/docs/zh_CN/guide/how-to-integrate-for-non-gki.md b/website/docs/zh_CN/guide/how-to-integrate-for-non-gki.md
index 4fc98a0883c9..6118756a25f5 100644
--- a/website/docs/zh_CN/guide/how-to-integrate-for-non-gki.md
+++ b/website/docs/zh_CN/guide/how-to-integrate-for-non-gki.md
@@ -258,12 +258,18 @@ index 2ff887661237..e758d7db7663 100644
  		return -EINVAL;
 ```
 
+### 安全模式 
+
 要使用 KernelSU 内置的安全模式，你还需要修改 `drivers/input/input.c` 中的 `input_handle_event` 方法：
 
 :::tip
 强烈建议开启此功能，对用户救砖会非常有帮助！
 :::
 
+:::info 莫名其妙进入安全模式？
+如果你采用手动集成的方式，并且没有禁用`CONFIG_KPROBES`，那么用户在开机之后按音量下，也可能触发安全模式！因此如果使用手动集成，你需要关闭 `CONFIG_KPROBES`！
+:::
+
 ```diff
 diff --git a/drivers/input/input.c b/drivers/input/input.c
 index 45306f9ef247..815091ebfca4 100755
@@ -291,7 +297,35 @@ index 45306f9ef247..815091ebfca4 100755
  		add_input_randomness(type, code, value);
 ```
 
-### 如何backport(向旧版本移植) path_umount {#how-to-backport-path-umount}
+### pm 命令执行失败？
+
+你需要同时修改 `fs/devpts/inode.c`，补丁如下：
+
+```diff
+diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c
+index 32f6f1c68..d69d8eca2 100644
+--- a/fs/devpts/inode.c
++++ b/fs/devpts/inode.c
+@@ -602,6 +602,8 @@ struct dentry *devpts_pty_new(struct pts_fs_info *fsi, int index, void *priv)
+        return dentry;
+ }
+
++extern int ksu_handle_devpts(struct inode*);
++
+ /**
+  * devpts_get_priv -- get private data for a slave
+  * @pts_inode: inode of the slave
+@@ -610,6 +612,7 @@ struct dentry *devpts_pty_new(struct pts_fs_info *fsi, int index, void *priv)
+  */
+ void *devpts_get_priv(struct dentry *dentry)
+ {
++       ksu_handle_devpts(dentry->d_inode);
+        if (dentry->d_sb->s_magic != DEVPTS_SUPER_MAGIC)
+                return NULL;
+        return dentry->d_fsdata;
+```
+
+### path_umount {#how-to-backport-path-umount}
 
 你可以通过从K5.9向旧版本移植`path_umount`，在GKI之前的内核上获得卸载模块的功能。你可以通过以下补丁作为参考:
 
@@ -341,7 +375,3 @@ index 45306f9ef247..815091ebfca4 100755
 ```
 
 改完之后重新编译内核即可。
-
-:::info 莫名其妙进入安全模式？
-如果你采用手动集成的方式，并且没有禁用`CONFIG_KPROBES`，那么用户在开机之后按音量下，也可能触发安全模式！因此如果使用手动集成，你需要关闭 `CONFIG_KPROBES`！
-:::

From 7af4f338e56cce386ba0dccdc0871b687cd697b1 Mon Sep 17 00:00:00 2001
From: weishu <twsxtd@gmail.com>
Date: Fri, 10 May 2024 15:01:05 +0800
Subject: [PATCH 13/13] kernel: Fix compile error on 4.4. close #1720

---
 kernel/sucompat.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel/sucompat.c b/kernel/sucompat.c
index 35417414625a..7dd3a41961f3 100644
--- a/kernel/sucompat.c
+++ b/kernel/sucompat.c
@@ -328,7 +328,7 @@ static int devpts_get_priv_pre(struct kprobe *p, struct pt_regs *regs)
 	struct dentry *dentry = (struct dentry *)PT_REGS_PARM1(regs);
 	inode = dentry->d_inode;
 #else
-	inode = (struct inode *)PT_REGS_PARM1(real_regs);
+	inode = (struct inode *)PT_REGS_PARM1(regs);
 #endif
 
 	return ksu_handle_devpts(inode);